2 * Common functions for CAM "type" (peripheral) drivers.
4 * SPDX-License-Identifier: BSD-2-Clause
6 * Copyright (c) 1997, 1998 Justin T. Gibbs.
7 * Copyright (c) 1997, 1998, 1999, 2000 Kenneth D. Merry.
10 * Redistribution and use in source and binary forms, with or without
11 * modification, are permitted provided that the following conditions
13 * 1. Redistributions of source code must retain the above copyright
14 * notice, this list of conditions, and the following disclaimer,
15 * without modification, immediately at the beginning of the file.
16 * 2. The name of the author may not be used to endorse or promote products
17 * derived from this software without specific prior written permission.
19 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
20 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
22 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
23 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
24 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
25 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
26 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
27 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
28 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
32 #include <sys/cdefs.h>
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/types.h>
36 #include <sys/malloc.h>
37 #include <sys/kernel.h>
40 #include <sys/devctl.h>
42 #include <sys/mutex.h>
45 #include <sys/devicestat.h>
47 #include <sys/sysctl.h>
49 #include <vm/vm_extern.h>
52 #include <cam/cam_ccb.h>
53 #include <cam/cam_compat.h>
54 #include <cam/cam_queue.h>
55 #include <cam/cam_xpt_periph.h>
56 #include <cam/cam_xpt_internal.h>
57 #include <cam/cam_periph.h>
58 #include <cam/cam_debug.h>
59 #include <cam/cam_sim.h>
61 #include <cam/scsi/scsi_all.h>
62 #include <cam/scsi/scsi_message.h>
63 #include <cam/scsi/scsi_pass.h>
65 static u_int camperiphnextunit(struct periph_driver *p_drv,
66 u_int newunit, bool wired,
67 path_id_t pathid, target_id_t target,
69 static u_int camperiphunit(struct periph_driver *p_drv,
70 path_id_t pathid, target_id_t target,
73 static void camperiphdone(struct cam_periph *periph,
75 static void camperiphfree(struct cam_periph *periph);
76 static int camperiphscsistatuserror(union ccb *ccb,
81 uint32_t *relsim_flags,
84 const char **action_string);
85 static int camperiphscsisenseerror(union ccb *ccb,
90 uint32_t *relsim_flags,
93 const char **action_string);
94 static void cam_periph_devctl_notify(union ccb *ccb);
96 static int nperiph_drivers;
97 static int initialized = 0;
98 struct periph_driver **periph_drivers;
100 static MALLOC_DEFINE(M_CAMPERIPH, "CAM periph", "CAM peripheral buffers");
102 static int periph_selto_delay = 1000;
103 TUNABLE_INT("kern.cam.periph_selto_delay", &periph_selto_delay);
104 static int periph_noresrc_delay = 500;
105 TUNABLE_INT("kern.cam.periph_noresrc_delay", &periph_noresrc_delay);
106 static int periph_busy_delay = 500;
107 TUNABLE_INT("kern.cam.periph_busy_delay", &periph_busy_delay);
109 static u_int periph_mapmem_thresh = 65536;
110 SYSCTL_UINT(_kern_cam, OID_AUTO, mapmem_thresh, CTLFLAG_RWTUN,
111 &periph_mapmem_thresh, 0, "Threshold for user-space buffer mapping");
114 periphdriver_register(void *data)
116 struct periph_driver *drv = (struct periph_driver *)data;
117 struct periph_driver **newdrivers, **old;
121 ndrivers = nperiph_drivers + 2;
122 newdrivers = malloc(sizeof(*newdrivers) * ndrivers, M_CAMPERIPH,
125 if (ndrivers != nperiph_drivers + 2) {
127 * Lost race against itself; go around.
130 free(newdrivers, M_CAMPERIPH);
134 bcopy(periph_drivers, newdrivers,
135 sizeof(*newdrivers) * nperiph_drivers);
136 newdrivers[nperiph_drivers] = drv;
137 newdrivers[nperiph_drivers + 1] = NULL;
138 old = periph_drivers;
139 periph_drivers = newdrivers;
143 free(old, M_CAMPERIPH);
144 /* If driver marked as early or it is late now, initialize it. */
145 if (((drv->flags & CAM_PERIPH_DRV_EARLY) != 0 && initialized > 0) ||
151 periphdriver_unregister(void *data)
153 struct periph_driver *drv = (struct periph_driver *)data;
156 /* If driver marked as early or it is late now, deinitialize it. */
157 if (((drv->flags & CAM_PERIPH_DRV_EARLY) != 0 && initialized > 0) ||
159 if (drv->deinit == NULL) {
160 printf("CAM periph driver '%s' doesn't have deinit.\n",
164 error = drv->deinit();
170 for (n = 0; n < nperiph_drivers && periph_drivers[n] != drv; n++)
172 KASSERT(n < nperiph_drivers,
173 ("Periph driver '%s' was not registered", drv->driver_name));
174 for (; n + 1 < nperiph_drivers; n++)
175 periph_drivers[n] = periph_drivers[n + 1];
176 periph_drivers[n + 1] = NULL;
183 periphdriver_init(int level)
187 initialized = max(initialized, level);
188 for (i = 0; periph_drivers[i] != NULL; i++) {
189 early = (periph_drivers[i]->flags & CAM_PERIPH_DRV_EARLY) ? 1 : 2;
190 if (early == initialized)
191 (*periph_drivers[i]->init)();
196 cam_periph_alloc(periph_ctor_t *periph_ctor,
197 periph_oninv_t *periph_oninvalidate,
198 periph_dtor_t *periph_dtor, periph_start_t *periph_start,
199 char *name, cam_periph_type type, struct cam_path *path,
200 ac_callback_t *ac_callback, ac_code code, void *arg)
202 struct periph_driver **p_drv;
204 struct cam_periph *periph;
205 struct cam_periph *cur_periph;
207 target_id_t target_id;
214 * Handle Hot-Plug scenarios. If there is already a peripheral
215 * of our type assigned to this path, we are likely waiting for
216 * final close on an old, invalidated, peripheral. If this is
217 * the case, queue up a deferred call to the peripheral's async
218 * handler. If it looks like a mistaken re-allocation, complain.
220 if ((periph = cam_periph_find(path, name)) != NULL) {
221 if ((periph->flags & CAM_PERIPH_INVALID) != 0
222 && (periph->flags & CAM_PERIPH_NEW_DEV_FOUND) == 0) {
223 periph->flags |= CAM_PERIPH_NEW_DEV_FOUND;
224 periph->deferred_callback = ac_callback;
225 periph->deferred_ac = code;
226 return (CAM_REQ_INPROG);
228 printf("cam_periph_alloc: attempt to re-allocate "
229 "valid device %s%d rejected flags %#x "
230 "refcount %d\n", periph->periph_name,
231 periph->unit_number, periph->flags,
234 return (CAM_REQ_INVALID);
237 periph = (struct cam_periph *)malloc(sizeof(*periph), M_CAMPERIPH,
241 return (CAM_RESRC_UNAVAIL);
245 sim = xpt_path_sim(path);
246 path_id = xpt_path_path_id(path);
247 target_id = xpt_path_target_id(path);
248 lun_id = xpt_path_lun_id(path);
249 periph->periph_start = periph_start;
250 periph->periph_dtor = periph_dtor;
251 periph->periph_oninval = periph_oninvalidate;
253 periph->periph_name = name;
254 periph->scheduled_priority = CAM_PRIORITY_NONE;
255 periph->immediate_priority = CAM_PRIORITY_NONE;
256 periph->refcount = 1; /* Dropped by invalidation. */
258 SLIST_INIT(&periph->ccb_list);
259 status = xpt_create_path(&path, periph, path_id, target_id, lun_id);
260 if (status != CAM_REQ_CMP)
265 for (p_drv = periph_drivers; *p_drv != NULL; p_drv++) {
266 if (strcmp((*p_drv)->driver_name, name) == 0)
269 if (*p_drv == NULL) {
270 printf("cam_periph_alloc: invalid periph name '%s'\n", name);
272 xpt_free_path(periph->path);
273 free(periph, M_CAMPERIPH);
274 return (CAM_REQ_INVALID);
276 periph->unit_number = camperiphunit(*p_drv, path_id, target_id, lun_id,
277 path->device->serial_num);
278 cur_periph = TAILQ_FIRST(&(*p_drv)->units);
279 while (cur_periph != NULL
280 && cur_periph->unit_number < periph->unit_number)
281 cur_periph = TAILQ_NEXT(cur_periph, unit_links);
282 if (cur_periph != NULL) {
283 KASSERT(cur_periph->unit_number != periph->unit_number,
284 ("duplicate units on periph list"));
285 TAILQ_INSERT_BEFORE(cur_periph, periph, unit_links);
287 TAILQ_INSERT_TAIL(&(*p_drv)->units, periph, unit_links);
288 (*p_drv)->generation++;
294 status = xpt_add_periph(periph);
295 if (status != CAM_REQ_CMP)
299 CAM_DEBUG(periph->path, CAM_DEBUG_INFO, ("Periph created\n"));
301 status = periph_ctor(periph, arg);
303 if (status == CAM_REQ_CMP)
307 switch (init_level) {
309 /* Initialized successfully */
312 CAM_DEBUG(periph->path, CAM_DEBUG_INFO, ("Periph destroyed\n"));
313 xpt_remove_periph(periph);
317 TAILQ_REMOVE(&(*p_drv)->units, periph, unit_links);
319 xpt_free_path(periph->path);
322 free(periph, M_CAMPERIPH);
325 /* No cleanup to perform. */
328 panic("%s: Unknown init level", __func__);
334 * Find a peripheral structure with the specified path, target, lun,
335 * and (optionally) type. If the name is NULL, this function will return
336 * the first peripheral driver that matches the specified path.
339 cam_periph_find(struct cam_path *path, char *name)
341 struct periph_driver **p_drv;
342 struct cam_periph *periph;
345 for (p_drv = periph_drivers; *p_drv != NULL; p_drv++) {
346 if (name != NULL && (strcmp((*p_drv)->driver_name, name) != 0))
349 TAILQ_FOREACH(periph, &(*p_drv)->units, unit_links) {
350 if (xpt_path_comp(periph->path, path) == 0) {
352 cam_periph_assert(periph, MA_OWNED);
366 * Find peripheral driver instances attached to the specified path.
369 cam_periph_list(struct cam_path *path, struct sbuf *sb)
371 struct sbuf local_sb;
372 struct periph_driver **p_drv;
373 struct cam_periph *periph;
379 sbuf_new(&local_sb, NULL, sbuf_alloc_len, SBUF_FIXEDLEN);
382 for (p_drv = periph_drivers; *p_drv != NULL; p_drv++) {
383 TAILQ_FOREACH(periph, &(*p_drv)->units, unit_links) {
384 if (xpt_path_comp(periph->path, path) != 0)
387 if (sbuf_len(&local_sb) != 0)
388 sbuf_cat(&local_sb, ",");
390 sbuf_printf(&local_sb, "%s%d", periph->periph_name,
391 periph->unit_number);
393 if (sbuf_error(&local_sb) == ENOMEM) {
396 sbuf_delete(&local_sb);
403 sbuf_finish(&local_sb);
404 if (sbuf_len(sb) != 0)
406 sbuf_cat(sb, sbuf_data(&local_sb));
407 sbuf_delete(&local_sb);
412 cam_periph_acquire(struct cam_periph *periph)
421 if ((periph->flags & CAM_PERIPH_INVALID) == 0) {
431 cam_periph_doacquire(struct cam_periph *periph)
435 KASSERT(periph->refcount >= 1,
436 ("cam_periph_doacquire() with refcount == %d", periph->refcount));
442 cam_periph_release_locked_buses(struct cam_periph *periph)
445 cam_periph_assert(periph, MA_OWNED);
446 KASSERT(periph->refcount >= 1, ("periph->refcount >= 1"));
447 if (--periph->refcount == 0)
448 camperiphfree(periph);
452 cam_periph_release_locked(struct cam_periph *periph)
459 cam_periph_release_locked_buses(periph);
464 cam_periph_release(struct cam_periph *periph)
471 cam_periph_assert(periph, MA_NOTOWNED);
472 mtx = cam_periph_mtx(periph);
474 cam_periph_release_locked(periph);
479 * hold/unhold act as mutual exclusion for sections of the code that
480 * need to sleep and want to make sure that other sections that
481 * will interfere are held off. This only protects exclusive sections
485 cam_periph_hold(struct cam_periph *periph, int priority)
490 * Increment the reference count on the peripheral
491 * while we wait for our lock attempt to succeed
492 * to ensure the peripheral doesn't disappear out
493 * from user us while we sleep.
496 if (cam_periph_acquire(periph) != 0)
499 cam_periph_assert(periph, MA_OWNED);
500 while ((periph->flags & CAM_PERIPH_LOCKED) != 0) {
501 periph->flags |= CAM_PERIPH_LOCK_WANTED;
502 if ((error = cam_periph_sleep(periph, periph, priority,
503 "caplck", 0)) != 0) {
504 cam_periph_release_locked(periph);
507 if (periph->flags & CAM_PERIPH_INVALID) {
508 cam_periph_release_locked(periph);
513 periph->flags |= CAM_PERIPH_LOCKED;
518 cam_periph_unhold(struct cam_periph *periph)
521 cam_periph_assert(periph, MA_OWNED);
523 periph->flags &= ~CAM_PERIPH_LOCKED;
524 if ((periph->flags & CAM_PERIPH_LOCK_WANTED) != 0) {
525 periph->flags &= ~CAM_PERIPH_LOCK_WANTED;
529 cam_periph_release_locked(periph);
533 cam_periph_hold_boot(struct cam_periph *periph)
536 root_mount_hold_token(periph->periph_name, &periph->periph_rootmount);
540 cam_periph_release_boot(struct cam_periph *periph)
543 root_mount_rel(&periph->periph_rootmount);
547 * Look for the next unit number that is not currently in use for this
548 * peripheral type starting at "newunit". Also exclude unit numbers that
549 * are reserved by for future "hardwiring" unless we already know that this
550 * is a potential wired device. Only assume that the device is "wired" the
551 * first time through the loop since after that we'll be looking at unit
552 * numbers that did not match a wiring entry.
555 camperiphnextunit(struct periph_driver *p_drv, u_int newunit, bool wired,
556 path_id_t pathid, target_id_t target, lun_id_t lun)
558 struct cam_periph *periph;
560 int i, val, dunit, r;
561 const char *dname, *strval;
563 periph_name = p_drv->driver_name;
565 for (periph = TAILQ_FIRST(&p_drv->units);
566 periph != NULL && periph->unit_number != newunit;
567 periph = TAILQ_NEXT(periph, unit_links))
570 if (periph != NULL && periph->unit_number == newunit) {
572 xpt_print(periph->path, "Duplicate Wired "
574 xpt_print(periph->path, "Second device (%s "
575 "device at scbus%d target %d lun %d) will "
576 "not be wired\n", periph_name, pathid,
586 * Don't allow the mere presence of any attributes of a device
587 * means that it is for a wired down entry. Instead, insist that
588 * one of the matching criteria from camperiphunit be present
594 r = resource_find_dev(&i, dname, &dunit, NULL, NULL);
598 if (newunit != dunit)
600 if (resource_string_value(dname, dunit, "sn", &strval) == 0 ||
601 resource_int_value(dname, dunit, "lun", &val) == 0 ||
602 resource_int_value(dname, dunit, "target", &val) == 0 ||
603 resource_string_value(dname, dunit, "at", &strval) == 0)
613 camperiphunit(struct periph_driver *p_drv, path_id_t pathid,
614 target_id_t target, lun_id_t lun, const char *sn)
619 const char *dname, *strval;
620 char pathbuf[32], *periph_name;
622 periph_name = p_drv->driver_name;
623 snprintf(pathbuf, sizeof(pathbuf), "scbus%d", pathid);
628 for (wired = false; resource_find_dev(&i, dname, &dunit, NULL, NULL) == 0;
630 if (resource_string_value(dname, dunit, "at", &strval) == 0) {
631 if (strcmp(strval, pathbuf) != 0)
635 if (resource_int_value(dname, dunit, "target", &val) == 0) {
640 if (resource_int_value(dname, dunit, "lun", &val) == 0) {
645 if (resource_string_value(dname, dunit, "sn", &strval) == 0) {
646 if (sn == NULL || strcmp(strval, sn) != 0)
657 * Either start from 0 looking for the next unit or from
658 * the unit number given in the resource config. This way,
659 * if we have wildcard matches, we don't return the same
662 unit = camperiphnextunit(p_drv, unit, wired, pathid, target, lun);
668 cam_periph_invalidate(struct cam_periph *periph)
671 cam_periph_assert(periph, MA_OWNED);
673 * We only tear down the device the first time a peripheral is
676 if ((periph->flags & CAM_PERIPH_INVALID) != 0)
679 CAM_DEBUG(periph->path, CAM_DEBUG_INFO, ("Periph invalidated\n"));
680 if ((periph->flags & CAM_PERIPH_ANNOUNCED) && !rebooting) {
684 sbuf_new(&sb, buffer, 160, SBUF_FIXEDLEN);
685 xpt_denounce_periph_sbuf(periph, &sb);
689 periph->flags |= CAM_PERIPH_INVALID;
690 periph->flags &= ~CAM_PERIPH_NEW_DEV_FOUND;
691 if (periph->periph_oninval != NULL)
692 periph->periph_oninval(periph);
693 cam_periph_release_locked(periph);
697 camperiphfree(struct cam_periph *periph)
699 struct periph_driver **p_drv;
700 struct periph_driver *drv;
702 cam_periph_assert(periph, MA_OWNED);
703 KASSERT(periph->periph_allocating == 0, ("%s%d: freed while allocating",
704 periph->periph_name, periph->unit_number));
705 for (p_drv = periph_drivers; *p_drv != NULL; p_drv++) {
706 if (strcmp((*p_drv)->driver_name, periph->periph_name) == 0)
709 if (*p_drv == NULL) {
710 printf("camperiphfree: attempt to free non-existant periph\n");
714 * Cache a pointer to the periph_driver structure. If a
715 * periph_driver is added or removed from the array (see
716 * periphdriver_register()) while we drop the toplogy lock
717 * below, p_drv may change. This doesn't protect against this
718 * particular periph_driver going away. That will require full
719 * reference counting in the periph_driver infrastructure.
724 * We need to set this flag before dropping the topology lock, to
725 * let anyone who is traversing the list that this peripheral is
726 * about to be freed, and there will be no more reference count
729 periph->flags |= CAM_PERIPH_FREE;
732 * The peripheral destructor semantics dictate calling with only the
733 * SIM mutex held. Since it might sleep, it should not be called
734 * with the topology lock held.
739 * We need to call the peripheral destructor prior to removing the
740 * peripheral from the list. Otherwise, we risk running into a
741 * scenario where the peripheral unit number may get reused
742 * (because it has been removed from the list), but some resources
743 * used by the peripheral are still hanging around. In particular,
744 * the devfs nodes used by some peripherals like the pass(4) driver
745 * aren't fully cleaned up until the destructor is run. If the
746 * unit number is reused before the devfs instance is fully gone,
749 if (periph->periph_dtor != NULL)
750 periph->periph_dtor(periph);
753 * The peripheral list is protected by the topology lock. We have to
754 * remove the periph from the drv list before we call deferred_ac. The
755 * AC_FOUND_DEVICE callback won't create a new periph if it's still there.
759 TAILQ_REMOVE(&drv->units, periph, unit_links);
762 xpt_remove_periph(periph);
765 if ((periph->flags & CAM_PERIPH_ANNOUNCED) && !rebooting)
766 xpt_print(periph->path, "Periph destroyed\n");
768 CAM_DEBUG(periph->path, CAM_DEBUG_INFO, ("Periph destroyed\n"));
770 if (periph->flags & CAM_PERIPH_NEW_DEV_FOUND) {
774 memset(&ccb, 0, sizeof(ccb));
775 switch (periph->deferred_ac) {
776 case AC_FOUND_DEVICE:
777 ccb.ccb_h.func_code = XPT_GDEV_TYPE;
778 xpt_setup_ccb(&ccb.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
782 case AC_PATH_REGISTERED:
783 xpt_path_inq(&ccb.cpi, periph->path);
790 periph->deferred_callback(NULL, periph->deferred_ac,
793 xpt_free_path(periph->path);
794 free(periph, M_CAMPERIPH);
799 * Map user virtual pointers into kernel virtual address space, so we can
800 * access the memory. This is now a generic function that centralizes most
801 * of the sanity checks on the data flags, if any.
802 * This also only works for up to maxphys memory. Since we use
803 * buffers to map stuff in and out, we're limited to the buffer size.
806 cam_periph_mapmem(union ccb *ccb, struct cam_periph_map_info *mapinfo,
810 uint8_t **data_ptrs[CAM_PERIPH_MAXMAPS];
811 uint32_t lengths[CAM_PERIPH_MAXMAPS];
812 uint32_t dirs[CAM_PERIPH_MAXMAPS];
814 bzero(mapinfo, sizeof(*mapinfo));
816 maxmap = DFLTPHYS; /* traditional default */
817 else if (maxmap > maxphys)
818 maxmap = maxphys; /* for safety */
819 switch(ccb->ccb_h.func_code) {
821 if (ccb->cdm.match_buf_len == 0) {
822 printf("cam_periph_mapmem: invalid match buffer "
826 if (ccb->cdm.pattern_buf_len > 0) {
827 data_ptrs[0] = (uint8_t **)&ccb->cdm.patterns;
828 lengths[0] = ccb->cdm.pattern_buf_len;
829 dirs[0] = CAM_DIR_OUT;
830 data_ptrs[1] = (uint8_t **)&ccb->cdm.matches;
831 lengths[1] = ccb->cdm.match_buf_len;
832 dirs[1] = CAM_DIR_IN;
835 data_ptrs[0] = (uint8_t **)&ccb->cdm.matches;
836 lengths[0] = ccb->cdm.match_buf_len;
837 dirs[0] = CAM_DIR_IN;
841 * This request will not go to the hardware, no reason
842 * to be so strict. vmapbuf() is able to map up to maxphys.
847 case XPT_CONT_TARGET_IO:
848 if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE)
850 if ((ccb->ccb_h.flags & CAM_DATA_MASK) != CAM_DATA_VADDR)
852 data_ptrs[0] = &ccb->csio.data_ptr;
853 lengths[0] = ccb->csio.dxfer_len;
854 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
858 if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE)
860 if ((ccb->ccb_h.flags & CAM_DATA_MASK) != CAM_DATA_VADDR)
862 data_ptrs[0] = &ccb->ataio.data_ptr;
863 lengths[0] = ccb->ataio.dxfer_len;
864 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
868 if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE)
870 /* Two mappings: one for cmd->data and one for cmd->data->data */
871 data_ptrs[0] = (unsigned char **)&ccb->mmcio.cmd.data;
872 lengths[0] = sizeof(struct mmc_data *);
873 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
874 data_ptrs[1] = (unsigned char **)&ccb->mmcio.cmd.data->data;
875 lengths[1] = ccb->mmcio.cmd.data->len;
876 dirs[1] = ccb->ccb_h.flags & CAM_DIR_MASK;
880 data_ptrs[0] = &ccb->smpio.smp_request;
881 lengths[0] = ccb->smpio.smp_request_len;
882 dirs[0] = CAM_DIR_OUT;
883 data_ptrs[1] = &ccb->smpio.smp_response;
884 lengths[1] = ccb->smpio.smp_response_len;
885 dirs[1] = CAM_DIR_IN;
890 if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE)
892 if ((ccb->ccb_h.flags & CAM_DATA_MASK) != CAM_DATA_VADDR)
894 data_ptrs[0] = &ccb->nvmeio.data_ptr;
895 lengths[0] = ccb->nvmeio.dxfer_len;
896 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
899 case XPT_DEV_ADVINFO:
900 if (ccb->cdai.bufsiz == 0)
903 data_ptrs[0] = (uint8_t **)&ccb->cdai.buf;
904 lengths[0] = ccb->cdai.bufsiz;
905 dirs[0] = CAM_DIR_IN;
909 * This request will not go to the hardware, no reason
910 * to be so strict. vmapbuf() is able to map up to maxphys.
916 break; /* NOTREACHED */
920 * Check the transfer length and permissions first, so we don't
921 * have to unmap any previously mapped buffers.
923 for (i = 0; i < numbufs; i++) {
924 if (lengths[i] > maxmap) {
925 printf("cam_periph_mapmem: attempt to map %lu bytes, "
926 "which is greater than %lu\n",
927 (long)(lengths[i]), (u_long)maxmap);
933 * This keeps the kernel stack of current thread from getting
934 * swapped. In low-memory situations where the kernel stack might
935 * otherwise get swapped out, this holds it and allows the thread
936 * to make progress and release the kernel mapped pages sooner.
938 * XXX KDM should I use P_NOSWAP instead?
942 for (i = 0; i < numbufs; i++) {
943 /* Save the user's data address. */
944 mapinfo->orig[i] = *data_ptrs[i];
947 * For small buffers use malloc+copyin/copyout instead of
948 * mapping to KVA to avoid expensive TLB shootdowns. For
949 * small allocations malloc is backed by UMA, and so much
950 * cheaper on SMP systems.
952 if (lengths[i] <= periph_mapmem_thresh &&
953 ccb->ccb_h.func_code != XPT_MMC_IO) {
954 *data_ptrs[i] = malloc(lengths[i], M_CAMPERIPH,
956 if (dirs[i] != CAM_DIR_IN) {
957 if (copyin(mapinfo->orig[i], *data_ptrs[i],
959 free(*data_ptrs[i], M_CAMPERIPH);
960 *data_ptrs[i] = mapinfo->orig[i];
964 bzero(*data_ptrs[i], lengths[i]);
971 mapinfo->bp[i] = uma_zalloc(pbuf_zone, M_WAITOK);
973 /* set the direction */
974 mapinfo->bp[i]->b_iocmd = (dirs[i] == CAM_DIR_OUT) ?
975 BIO_WRITE : BIO_READ;
977 /* Map the buffer into kernel memory. */
978 if (vmapbuf(mapinfo->bp[i], *data_ptrs[i], lengths[i], 1) < 0) {
979 uma_zfree(pbuf_zone, mapinfo->bp[i]);
983 /* set our pointer to the new mapped area */
984 *data_ptrs[i] = mapinfo->bp[i]->b_data;
988 * Now that we've gotten this far, change ownership to the kernel
989 * of the buffers so that we don't run afoul of returning to user
990 * space with locks (on the buffer) held.
992 for (i = 0; i < numbufs; i++) {
994 BUF_KERNPROC(mapinfo->bp[i]);
997 mapinfo->num_bufs_used = numbufs;
1001 for (i--; i >= 0; i--) {
1002 if (mapinfo->bp[i]) {
1003 vunmapbuf(mapinfo->bp[i]);
1004 uma_zfree(pbuf_zone, mapinfo->bp[i]);
1006 free(*data_ptrs[i], M_CAMPERIPH);
1007 *data_ptrs[i] = mapinfo->orig[i];
1014 * Unmap memory segments mapped into kernel virtual address space by
1015 * cam_periph_mapmem().
1018 cam_periph_unmapmem(union ccb *ccb, struct cam_periph_map_info *mapinfo)
1021 uint8_t **data_ptrs[CAM_PERIPH_MAXMAPS];
1022 uint32_t lengths[CAM_PERIPH_MAXMAPS];
1023 uint32_t dirs[CAM_PERIPH_MAXMAPS];
1025 if (mapinfo->num_bufs_used <= 0) {
1026 /* nothing to free and the process wasn't held. */
1030 switch (ccb->ccb_h.func_code) {
1032 if (ccb->cdm.pattern_buf_len > 0) {
1033 data_ptrs[0] = (uint8_t **)&ccb->cdm.patterns;
1034 lengths[0] = ccb->cdm.pattern_buf_len;
1035 dirs[0] = CAM_DIR_OUT;
1036 data_ptrs[1] = (uint8_t **)&ccb->cdm.matches;
1037 lengths[1] = ccb->cdm.match_buf_len;
1038 dirs[1] = CAM_DIR_IN;
1041 data_ptrs[0] = (uint8_t **)&ccb->cdm.matches;
1042 lengths[0] = ccb->cdm.match_buf_len;
1043 dirs[0] = CAM_DIR_IN;
1048 case XPT_CONT_TARGET_IO:
1049 data_ptrs[0] = &ccb->csio.data_ptr;
1050 lengths[0] = ccb->csio.dxfer_len;
1051 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
1055 data_ptrs[0] = &ccb->ataio.data_ptr;
1056 lengths[0] = ccb->ataio.dxfer_len;
1057 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
1061 data_ptrs[0] = (uint8_t **)&ccb->mmcio.cmd.data;
1062 lengths[0] = sizeof(struct mmc_data *);
1063 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
1064 data_ptrs[1] = (uint8_t **)&ccb->mmcio.cmd.data->data;
1065 lengths[1] = ccb->mmcio.cmd.data->len;
1066 dirs[1] = ccb->ccb_h.flags & CAM_DIR_MASK;
1070 data_ptrs[0] = &ccb->smpio.smp_request;
1071 lengths[0] = ccb->smpio.smp_request_len;
1072 dirs[0] = CAM_DIR_OUT;
1073 data_ptrs[1] = &ccb->smpio.smp_response;
1074 lengths[1] = ccb->smpio.smp_response_len;
1075 dirs[1] = CAM_DIR_IN;
1079 case XPT_NVME_ADMIN:
1080 data_ptrs[0] = &ccb->nvmeio.data_ptr;
1081 lengths[0] = ccb->nvmeio.dxfer_len;
1082 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
1085 case XPT_DEV_ADVINFO:
1086 data_ptrs[0] = (uint8_t **)&ccb->cdai.buf;
1087 lengths[0] = ccb->cdai.bufsiz;
1088 dirs[0] = CAM_DIR_IN;
1092 /* allow ourselves to be swapped once again */
1095 break; /* NOTREACHED */
1098 for (i = 0; i < numbufs; i++) {
1099 if (mapinfo->bp[i]) {
1100 /* unmap the buffer */
1101 vunmapbuf(mapinfo->bp[i]);
1103 /* release the buffer */
1104 uma_zfree(pbuf_zone, mapinfo->bp[i]);
1106 if (dirs[i] != CAM_DIR_OUT) {
1107 copyout(*data_ptrs[i], mapinfo->orig[i],
1110 free(*data_ptrs[i], M_CAMPERIPH);
1113 /* Set the user's pointer back to the original value */
1114 *data_ptrs[i] = mapinfo->orig[i];
1117 /* allow ourselves to be swapped once again */
1122 cam_periph_ioctl(struct cam_periph *periph, u_long cmd, caddr_t addr,
1123 int (*error_routine)(union ccb *ccb,
1125 uint32_t sense_flags))
1134 case CAMGETPASSTHRU_0x19:
1135 case CAMGETPASSTHRU:
1136 ccb = cam_periph_getccb(periph, CAM_PRIORITY_NORMAL);
1137 xpt_setup_ccb(&ccb->ccb_h,
1139 CAM_PRIORITY_NORMAL);
1140 ccb->ccb_h.func_code = XPT_GDEVLIST;
1143 * Basically, the point of this is that we go through
1144 * getting the list of devices, until we find a passthrough
1145 * device. In the current version of the CAM code, the
1146 * only way to determine what type of device we're dealing
1147 * with is by its name.
1149 while (found == 0) {
1150 ccb->cgdl.index = 0;
1151 ccb->cgdl.status = CAM_GDEVLIST_MORE_DEVS;
1152 while (ccb->cgdl.status == CAM_GDEVLIST_MORE_DEVS) {
1153 /* we want the next device in the list */
1155 if (strncmp(ccb->cgdl.periph_name,
1161 if ((ccb->cgdl.status == CAM_GDEVLIST_LAST_DEVICE) &&
1163 ccb->cgdl.periph_name[0] = '\0';
1164 ccb->cgdl.unit_number = 0;
1169 /* copy the result back out */
1170 bcopy(ccb, addr, sizeof(union ccb));
1172 /* and release the ccb */
1173 xpt_release_ccb(ccb);
1184 cam_periph_done_panic(struct cam_periph *periph, union ccb *done_ccb)
1187 panic("%s: already done with ccb %p", __func__, done_ccb);
1191 cam_periph_done(struct cam_periph *periph, union ccb *done_ccb)
1194 /* Caller will release the CCB */
1195 xpt_path_assert(done_ccb->ccb_h.path, MA_OWNED);
1196 done_ccb->ccb_h.cbfcnp = cam_periph_done_panic;
1197 wakeup(&done_ccb->ccb_h.cbfcnp);
1201 cam_periph_ccbwait(union ccb *ccb)
1204 if ((ccb->ccb_h.func_code & XPT_FC_QUEUED) != 0) {
1205 while (ccb->ccb_h.cbfcnp != cam_periph_done_panic)
1206 xpt_path_sleep(ccb->ccb_h.path, &ccb->ccb_h.cbfcnp,
1207 PRIBIO, "cbwait", 0);
1209 KASSERT(ccb->ccb_h.pinfo.index == CAM_UNQUEUED_INDEX &&
1210 (ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_INPROG,
1211 ("%s: proceeding with incomplete ccb: ccb=%p, func_code=%#x, "
1212 "status=%#x, index=%d", __func__, ccb, ccb->ccb_h.func_code,
1213 ccb->ccb_h.status, ccb->ccb_h.pinfo.index));
1217 * Dispatch a CCB and wait for it to complete. If the CCB has set a
1218 * callback function (ccb->ccb_h.cbfcnp), it will be overwritten and lost.
1221 cam_periph_runccb(union ccb *ccb,
1222 int (*error_routine)(union ccb *ccb,
1224 uint32_t sense_flags),
1225 cam_flags camflags, uint32_t sense_flags,
1228 struct bintime *starttime;
1229 struct bintime ltime;
1232 uint32_t timeout = 1;
1235 xpt_path_assert(ccb->ccb_h.path, MA_OWNED);
1236 KASSERT((ccb->ccb_h.flags & CAM_UNLOCKED) == 0,
1237 ("%s: ccb=%p, func_code=%#x, flags=%#x", __func__, ccb,
1238 ccb->ccb_h.func_code, ccb->ccb_h.flags));
1241 * If the user has supplied a stats structure, and if we understand
1242 * this particular type of ccb, record the transaction start.
1245 (ccb->ccb_h.func_code == XPT_SCSI_IO ||
1246 ccb->ccb_h.func_code == XPT_ATA_IO ||
1247 ccb->ccb_h.func_code == XPT_NVME_IO)) {
1249 binuptime(starttime);
1250 devstat_start_transaction(ds, starttime);
1254 * We must poll the I/O while we're dumping. The scheduler is normally
1255 * stopped for dumping, except when we call doadump from ddb. While the
1256 * scheduler is running in this case, we still need to poll the I/O to
1257 * avoid sleeping waiting for the ccb to complete.
1259 * A panic triggered dump stops the scheduler, any callback from the
1260 * shutdown_post_sync event will run with the scheduler stopped, but
1261 * before we're officially dumping. To avoid hanging in adashutdown
1262 * initiated commands (or other similar situations), we have to test for
1263 * either dumping or SCHEDULER_STOPPED() here.
1265 * To avoid locking problems, dumping/polling callers must call
1266 * without a periph lock held.
1268 must_poll = dumping || SCHEDULER_STOPPED();
1269 ccb->ccb_h.cbfcnp = cam_periph_done;
1272 * If we're polling, then we need to ensure that we have ample resources
1273 * in the periph. cam_periph_error can reschedule the ccb by calling
1274 * xpt_action and returning ERESTART, so we have to effect the polling
1275 * in the do loop below.
1278 if (cam_sim_pollable(ccb->ccb_h.path->bus->sim))
1279 timeout = xpt_poll_setup(ccb);
1285 ccb->ccb_h.status = CAM_RESRC_UNAVAIL;
1291 xpt_pollwait(ccb, timeout);
1292 timeout = ccb->ccb_h.timeout * 10;
1294 cam_periph_ccbwait(ccb);
1296 if ((ccb->ccb_h.status & CAM_STATUS_MASK) == CAM_REQ_CMP)
1298 else if (error_routine != NULL) {
1300 * cbfcnp is modified by cam_periph_ccbwait so
1301 * reset it before we call the error routine
1302 * which may call xpt_done.
1304 ccb->ccb_h.cbfcnp = cam_periph_done;
1305 error = (*error_routine)(ccb, camflags, sense_flags);
1308 } while (error == ERESTART);
1311 if ((ccb->ccb_h.status & CAM_DEV_QFRZN) != 0) {
1312 cam_release_devq(ccb->ccb_h.path,
1313 /* relsim_flags */0,
1316 /* getcount_only */ FALSE);
1317 ccb->ccb_h.status &= ~CAM_DEV_QFRZN;
1322 devstat_tag_type tag;
1325 if (ccb->ccb_h.func_code == XPT_SCSI_IO) {
1326 bytes = ccb->csio.dxfer_len - ccb->csio.resid;
1327 tag = (devstat_tag_type)(ccb->csio.tag_action & 0x3);
1328 } else if (ccb->ccb_h.func_code == XPT_ATA_IO) {
1329 bytes = ccb->ataio.dxfer_len - ccb->ataio.resid;
1330 tag = (devstat_tag_type)0;
1331 } else if (ccb->ccb_h.func_code == XPT_NVME_IO) {
1332 bytes = ccb->nvmeio.dxfer_len; /* NB: resid no possible */
1333 tag = (devstat_tag_type)0;
1338 devstat_end_transaction(ds, bytes, tag,
1339 ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE) ?
1340 DEVSTAT_NO_DATA : (ccb->ccb_h.flags & CAM_DIR_OUT) ?
1341 DEVSTAT_WRITE : DEVSTAT_READ, NULL, starttime);
1348 cam_freeze_devq(struct cam_path *path)
1350 struct ccb_hdr ccb_h;
1352 CAM_DEBUG(path, CAM_DEBUG_TRACE, ("cam_freeze_devq\n"));
1353 memset(&ccb_h, 0, sizeof(ccb_h));
1354 xpt_setup_ccb(&ccb_h, path, /*priority*/1);
1355 ccb_h.func_code = XPT_NOOP;
1356 ccb_h.flags = CAM_DEV_QFREEZE;
1357 xpt_action((union ccb *)&ccb_h);
1361 cam_release_devq(struct cam_path *path, uint32_t relsim_flags,
1362 uint32_t openings, uint32_t arg,
1365 struct ccb_relsim crs;
1367 CAM_DEBUG(path, CAM_DEBUG_TRACE, ("cam_release_devq(%u, %u, %u, %d)\n",
1368 relsim_flags, openings, arg, getcount_only));
1369 memset(&crs, 0, sizeof(crs));
1370 xpt_setup_ccb(&crs.ccb_h, path, CAM_PRIORITY_NORMAL);
1371 crs.ccb_h.func_code = XPT_REL_SIMQ;
1372 crs.ccb_h.flags = getcount_only ? CAM_DEV_QFREEZE : 0;
1373 crs.release_flags = relsim_flags;
1374 crs.openings = openings;
1375 crs.release_timeout = arg;
1376 xpt_action((union ccb *)&crs);
1377 return (crs.qfrozen_cnt);
1380 #define saved_ccb_ptr ppriv_ptr0
1382 camperiphdone(struct cam_periph *periph, union ccb *done_ccb)
1384 union ccb *saved_ccb;
1386 struct scsi_start_stop_unit *scsi_cmd;
1387 int error = 0, error_code, sense_key, asc, ascq;
1388 uint16_t done_flags;
1390 scsi_cmd = (struct scsi_start_stop_unit *)
1391 &done_ccb->csio.cdb_io.cdb_bytes;
1392 status = done_ccb->ccb_h.status;
1394 if ((status & CAM_STATUS_MASK) != CAM_REQ_CMP) {
1395 if (scsi_extract_sense_ccb(done_ccb,
1396 &error_code, &sense_key, &asc, &ascq)) {
1398 * If the error is "invalid field in CDB",
1399 * and the load/eject flag is set, turn the
1400 * flag off and try again. This is just in
1401 * case the drive in question barfs on the
1402 * load eject flag. The CAM code should set
1403 * the load/eject flag by default for
1406 if ((scsi_cmd->opcode == START_STOP_UNIT) &&
1407 ((scsi_cmd->how & SSS_LOEJ) != 0) &&
1408 (asc == 0x24) && (ascq == 0x00)) {
1409 scsi_cmd->how &= ~SSS_LOEJ;
1410 if (status & CAM_DEV_QFRZN) {
1411 cam_release_devq(done_ccb->ccb_h.path,
1413 done_ccb->ccb_h.status &=
1416 xpt_action(done_ccb);
1420 error = cam_periph_error(done_ccb, 0,
1421 SF_RETRY_UA | SF_NO_PRINT);
1422 if (error == ERESTART)
1424 if (done_ccb->ccb_h.status & CAM_DEV_QFRZN) {
1425 cam_release_devq(done_ccb->ccb_h.path, 0, 0, 0, 0);
1426 done_ccb->ccb_h.status &= ~CAM_DEV_QFRZN;
1430 * If we have successfully taken a device from the not
1431 * ready to ready state, re-scan the device and re-get
1432 * the inquiry information. Many devices (mostly disks)
1433 * don't properly report their inquiry information unless
1436 if (scsi_cmd->opcode == START_STOP_UNIT)
1437 xpt_async(AC_INQ_CHANGED, done_ccb->ccb_h.path, NULL);
1440 /* If we tried long wait and still failed, remember that. */
1441 if ((periph->flags & CAM_PERIPH_RECOVERY_WAIT) &&
1442 (done_ccb->csio.cdb_io.cdb_bytes[0] == TEST_UNIT_READY)) {
1443 periph->flags &= ~CAM_PERIPH_RECOVERY_WAIT;
1444 if (error != 0 && done_ccb->ccb_h.retry_count == 0)
1445 periph->flags |= CAM_PERIPH_RECOVERY_WAIT_FAILED;
1449 * After recovery action(s) completed, return to the original CCB.
1450 * If the recovery CCB has failed, considering its own possible
1451 * retries and recovery, assume we are back in state where we have
1452 * been originally, but without recovery hopes left. In such case,
1453 * after the final attempt below, we cancel any further retries,
1454 * blocking by that also any new recovery attempts for this CCB,
1455 * and the result will be the final one returned to the CCB owher.
1457 saved_ccb = (union ccb *)done_ccb->ccb_h.saved_ccb_ptr;
1458 KASSERT(saved_ccb->ccb_h.func_code == XPT_SCSI_IO,
1459 ("%s: saved_ccb func_code %#x != XPT_SCSI_IO",
1460 __func__, saved_ccb->ccb_h.func_code));
1461 KASSERT(done_ccb->ccb_h.func_code == XPT_SCSI_IO,
1462 ("%s: done_ccb func_code %#x != XPT_SCSI_IO",
1463 __func__, done_ccb->ccb_h.func_code));
1464 saved_ccb->ccb_h.periph_links = done_ccb->ccb_h.periph_links;
1465 done_flags = done_ccb->ccb_h.alloc_flags;
1466 bcopy(saved_ccb, done_ccb, sizeof(struct ccb_scsiio));
1467 done_ccb->ccb_h.alloc_flags = done_flags;
1468 xpt_free_ccb(saved_ccb);
1469 if (done_ccb->ccb_h.cbfcnp != camperiphdone)
1470 periph->flags &= ~CAM_PERIPH_RECOVERY_INPROG;
1472 done_ccb->ccb_h.retry_count = 0;
1473 xpt_action(done_ccb);
1476 /* Drop freeze taken due to CAM_DEV_QFREEZE flag set. */
1477 cam_release_devq(done_ccb->ccb_h.path, 0, 0, 0, 0);
1481 * Generic Async Event handler. Peripheral drivers usually
1482 * filter out the events that require personal attention,
1483 * and leave the rest to this function.
1486 cam_periph_async(struct cam_periph *periph, uint32_t code,
1487 struct cam_path *path, void *arg)
1490 case AC_LOST_DEVICE:
1491 cam_periph_invalidate(periph);
1499 cam_periph_bus_settle(struct cam_periph *periph, u_int bus_settle)
1501 struct ccb_getdevstats cgds;
1503 memset(&cgds, 0, sizeof(cgds));
1504 xpt_setup_ccb(&cgds.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
1505 cgds.ccb_h.func_code = XPT_GDEV_STATS;
1506 xpt_action((union ccb *)&cgds);
1507 cam_periph_freeze_after_event(periph, &cgds.last_reset, bus_settle);
1511 cam_periph_freeze_after_event(struct cam_periph *periph,
1512 struct timeval* event_time, u_int duration_ms)
1514 struct timeval delta;
1515 struct timeval duration_tv;
1517 if (!timevalisset(event_time))
1521 timevalsub(&delta, event_time);
1522 duration_tv.tv_sec = duration_ms / 1000;
1523 duration_tv.tv_usec = (duration_ms % 1000) * 1000;
1524 if (timevalcmp(&delta, &duration_tv, <)) {
1525 timevalsub(&duration_tv, &delta);
1527 duration_ms = duration_tv.tv_sec * 1000;
1528 duration_ms += duration_tv.tv_usec / 1000;
1529 cam_freeze_devq(periph->path);
1530 cam_release_devq(periph->path,
1531 RELSIM_RELEASE_AFTER_TIMEOUT,
1533 /*timeout*/duration_ms,
1534 /*getcount_only*/0);
1540 camperiphscsistatuserror(union ccb *ccb, union ccb **orig_ccb,
1541 cam_flags camflags, uint32_t sense_flags,
1542 int *openings, uint32_t *relsim_flags,
1543 uint32_t *timeout, uint32_t *action, const char **action_string)
1545 struct cam_periph *periph;
1548 switch (ccb->csio.scsi_status) {
1549 case SCSI_STATUS_OK:
1550 case SCSI_STATUS_COND_MET:
1551 case SCSI_STATUS_INTERMED:
1552 case SCSI_STATUS_INTERMED_COND_MET:
1555 case SCSI_STATUS_CMD_TERMINATED:
1556 case SCSI_STATUS_CHECK_COND:
1557 error = camperiphscsisenseerror(ccb, orig_ccb,
1566 case SCSI_STATUS_QUEUE_FULL:
1569 struct ccb_getdevstats cgds;
1572 * First off, find out what the current
1573 * transaction counts are.
1575 memset(&cgds, 0, sizeof(cgds));
1576 xpt_setup_ccb(&cgds.ccb_h,
1578 CAM_PRIORITY_NORMAL);
1579 cgds.ccb_h.func_code = XPT_GDEV_STATS;
1580 xpt_action((union ccb *)&cgds);
1583 * If we were the only transaction active, treat
1584 * the QUEUE FULL as if it were a BUSY condition.
1586 if (cgds.dev_active != 0) {
1590 * Reduce the number of openings to
1591 * be 1 less than the amount it took
1592 * to get a queue full bounded by the
1593 * minimum allowed tag count for this
1596 total_openings = cgds.dev_active + cgds.dev_openings;
1597 *openings = cgds.dev_active;
1598 if (*openings < cgds.mintags)
1599 *openings = cgds.mintags;
1600 if (*openings < total_openings)
1601 *relsim_flags = RELSIM_ADJUST_OPENINGS;
1604 * Some devices report queue full for
1605 * temporary resource shortages. For
1606 * this reason, we allow a minimum
1607 * tag count to be entered via a
1608 * quirk entry to prevent the queue
1609 * count on these devices from falling
1610 * to a pessimisticly low value. We
1611 * still wait for the next successful
1612 * completion, however, before queueing
1613 * more transactions to the device.
1615 *relsim_flags = RELSIM_RELEASE_AFTER_CMDCMPLT;
1619 *action &= ~SSQ_PRINT_SENSE;
1624 case SCSI_STATUS_BUSY:
1626 * Restart the queue after either another
1627 * command completes or a 1 second timeout.
1629 periph = xpt_path_periph(ccb->ccb_h.path);
1630 if (periph->flags & CAM_PERIPH_INVALID) {
1632 *action_string = "Periph was invalidated";
1633 } else if ((sense_flags & SF_RETRY_BUSY) != 0 ||
1634 ccb->ccb_h.retry_count > 0) {
1635 if ((sense_flags & SF_RETRY_BUSY) == 0)
1636 ccb->ccb_h.retry_count--;
1638 *relsim_flags = RELSIM_RELEASE_AFTER_TIMEOUT
1639 | RELSIM_RELEASE_AFTER_CMDCMPLT;
1643 *action_string = "Retries exhausted";
1646 case SCSI_STATUS_RESERV_CONFLICT:
1655 camperiphscsisenseerror(union ccb *ccb, union ccb **orig,
1656 cam_flags camflags, uint32_t sense_flags,
1657 int *openings, uint32_t *relsim_flags,
1658 uint32_t *timeout, uint32_t *action, const char **action_string)
1660 struct cam_periph *periph;
1661 union ccb *orig_ccb = ccb;
1662 int error, recoveryccb;
1665 #if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
1666 if (ccb->ccb_h.func_code == XPT_SCSI_IO && ccb->csio.bio != NULL)
1667 biotrack(ccb->csio.bio, __func__);
1670 periph = xpt_path_periph(ccb->ccb_h.path);
1671 recoveryccb = (ccb->ccb_h.cbfcnp == camperiphdone);
1672 if ((periph->flags & CAM_PERIPH_RECOVERY_INPROG) && !recoveryccb) {
1674 * If error recovery is already in progress, don't attempt
1675 * to process this error, but requeue it unconditionally
1676 * and attempt to process it once error recovery has
1677 * completed. This failed command is probably related to
1678 * the error that caused the currently active error recovery
1679 * action so our current recovery efforts should also
1680 * address this command. Be aware that the error recovery
1681 * code assumes that only one recovery action is in progress
1682 * on a particular peripheral instance at any given time
1683 * (e.g. only one saved CCB for error recovery) so it is
1684 * imperitive that we don't violate this assumption.
1687 *action &= ~SSQ_PRINT_SENSE;
1689 scsi_sense_action err_action;
1690 struct ccb_getdev cgd;
1693 * Grab the inquiry data for this device.
1695 memset(&cgd, 0, sizeof(cgd));
1696 xpt_setup_ccb(&cgd.ccb_h, ccb->ccb_h.path, CAM_PRIORITY_NORMAL);
1697 cgd.ccb_h.func_code = XPT_GDEV_TYPE;
1698 xpt_action((union ccb *)&cgd);
1700 err_action = scsi_error_action(&ccb->csio, &cgd.inq_data,
1702 error = err_action & SS_ERRMASK;
1705 * Do not autostart sequential access devices
1706 * to avoid unexpected tape loading.
1708 if ((err_action & SS_MASK) == SS_START &&
1709 SID_TYPE(&cgd.inq_data) == T_SEQUENTIAL) {
1710 *action_string = "Will not autostart a "
1711 "sequential access device";
1712 goto sense_error_done;
1716 * Avoid recovery recursion if recovery action is the same.
1718 if ((err_action & SS_MASK) >= SS_START && recoveryccb) {
1719 if (((err_action & SS_MASK) == SS_START &&
1720 ccb->csio.cdb_io.cdb_bytes[0] == START_STOP_UNIT) ||
1721 ((err_action & SS_MASK) == SS_TUR &&
1722 (ccb->csio.cdb_io.cdb_bytes[0] == TEST_UNIT_READY))) {
1723 err_action = SS_RETRY|SSQ_DECREMENT_COUNT|EIO;
1724 *relsim_flags = RELSIM_RELEASE_AFTER_TIMEOUT;
1730 * If the recovery action will consume a retry,
1731 * make sure we actually have retries available.
1733 if ((err_action & SSQ_DECREMENT_COUNT) != 0) {
1734 if (ccb->ccb_h.retry_count > 0 &&
1735 (periph->flags & CAM_PERIPH_INVALID) == 0)
1736 ccb->ccb_h.retry_count--;
1738 *action_string = "Retries exhausted";
1739 goto sense_error_done;
1743 if ((err_action & SS_MASK) >= SS_START) {
1745 * Do common portions of commands that
1746 * use recovery CCBs.
1748 orig_ccb = xpt_alloc_ccb_nowait();
1749 if (orig_ccb == NULL) {
1750 *action_string = "Can't allocate recovery CCB";
1751 goto sense_error_done;
1754 * Clear freeze flag for original request here, as
1755 * this freeze will be dropped as part of ERESTART.
1757 ccb->ccb_h.status &= ~CAM_DEV_QFRZN;
1759 KASSERT(ccb->ccb_h.func_code == XPT_SCSI_IO,
1760 ("%s: ccb func_code %#x != XPT_SCSI_IO",
1761 __func__, ccb->ccb_h.func_code));
1762 flags = orig_ccb->ccb_h.alloc_flags;
1763 bcopy(ccb, orig_ccb, sizeof(struct ccb_scsiio));
1764 orig_ccb->ccb_h.alloc_flags = flags;
1767 switch (err_action & SS_MASK) {
1769 *action_string = "No recovery action needed";
1773 *action_string = "Retrying command (per sense data)";
1777 *action_string = "Unretryable error";
1784 * Send a start unit command to the device, and
1785 * then retry the command.
1787 *action_string = "Attempting to start unit";
1788 periph->flags |= CAM_PERIPH_RECOVERY_INPROG;
1791 * Check for removable media and set
1792 * load/eject flag appropriately.
1794 if (SID_IS_REMOVABLE(&cgd.inq_data))
1799 scsi_start_stop(&ccb->csio,
1813 * Send a Test Unit Ready to the device.
1814 * If the 'many' flag is set, we send 120
1815 * test unit ready commands, one every half
1816 * second. Otherwise, we just send one TUR.
1817 * We only want to do this if the retry
1818 * count has not been exhausted.
1822 if ((err_action & SSQ_MANY) != 0 && (periph->flags &
1823 CAM_PERIPH_RECOVERY_WAIT_FAILED) == 0) {
1824 periph->flags |= CAM_PERIPH_RECOVERY_WAIT;
1825 *action_string = "Polling device for readiness";
1828 *action_string = "Testing device for readiness";
1831 periph->flags |= CAM_PERIPH_RECOVERY_INPROG;
1832 scsi_test_unit_ready(&ccb->csio,
1840 * Accomplish our 500ms delay by deferring
1841 * the release of our device queue appropriately.
1843 *relsim_flags = RELSIM_RELEASE_AFTER_TIMEOUT;
1848 panic("Unhandled error action %x", err_action);
1851 if ((err_action & SS_MASK) >= SS_START) {
1853 * Drop the priority, so that the recovery
1854 * CCB is the first to execute. Freeze the queue
1855 * after this command is sent so that we can
1856 * restore the old csio and have it queued in
1857 * the proper order before we release normal
1858 * transactions to the device.
1860 ccb->ccb_h.pinfo.priority--;
1861 ccb->ccb_h.flags |= CAM_DEV_QFREEZE;
1862 ccb->ccb_h.saved_ccb_ptr = orig_ccb;
1868 *action = err_action;
1874 * Generic error handler. Peripheral drivers usually filter
1875 * out the errors that they handle in a unique manner, then
1876 * call this function.
1879 cam_periph_error(union ccb *ccb, cam_flags camflags,
1880 uint32_t sense_flags)
1882 struct cam_path *newpath;
1883 union ccb *orig_ccb, *scan_ccb;
1884 struct cam_periph *periph;
1885 const char *action_string;
1887 int frozen, error, openings, devctl_err;
1888 uint32_t action, relsim_flags, timeout;
1890 action = SSQ_PRINT_SENSE;
1891 periph = xpt_path_periph(ccb->ccb_h.path);
1892 action_string = NULL;
1893 status = ccb->ccb_h.status;
1894 frozen = (status & CAM_DEV_QFRZN) != 0;
1895 status &= CAM_STATUS_MASK;
1896 devctl_err = openings = relsim_flags = timeout = 0;
1899 /* Filter the errors that should be reported via devctl */
1900 switch (ccb->ccb_h.status & CAM_STATUS_MASK) {
1901 case CAM_CMD_TIMEOUT:
1902 case CAM_REQ_ABORTED:
1903 case CAM_REQ_CMP_ERR:
1904 case CAM_REQ_TERMIO:
1905 case CAM_UNREC_HBA_ERROR:
1906 case CAM_DATA_RUN_ERR:
1907 case CAM_SCSI_STATUS_ERROR:
1908 case CAM_ATA_STATUS_ERROR:
1909 case CAM_SMP_STATUS_ERROR:
1910 case CAM_DEV_NOT_THERE:
1911 case CAM_NVME_STATUS_ERROR:
1921 action &= ~SSQ_PRINT_SENSE;
1923 case CAM_SCSI_STATUS_ERROR:
1924 error = camperiphscsistatuserror(ccb, &orig_ccb,
1925 camflags, sense_flags, &openings, &relsim_flags,
1926 &timeout, &action, &action_string);
1928 case CAM_AUTOSENSE_FAIL:
1929 error = EIO; /* we have to kill the command */
1933 case CAM_MSG_REJECT_REC:
1934 /* XXX Don't know that these are correct */
1937 case CAM_SEL_TIMEOUT:
1938 if ((camflags & CAM_RETRY_SELTO) != 0) {
1939 if (ccb->ccb_h.retry_count > 0 &&
1940 (periph->flags & CAM_PERIPH_INVALID) == 0) {
1941 ccb->ccb_h.retry_count--;
1945 * Wait a bit to give the device
1946 * time to recover before we try again.
1948 relsim_flags = RELSIM_RELEASE_AFTER_TIMEOUT;
1949 timeout = periph_selto_delay;
1952 action_string = "Retries exhausted";
1955 case CAM_DEV_NOT_THERE:
1959 case CAM_REQ_INVALID:
1960 case CAM_PATH_INVALID:
1962 case CAM_PROVIDE_FAIL:
1963 case CAM_REQ_TOO_BIG:
1964 case CAM_LUN_INVALID:
1965 case CAM_TID_INVALID:
1966 case CAM_FUNC_NOTAVAIL:
1969 case CAM_SCSI_BUS_RESET:
1972 * Commands that repeatedly timeout and cause these
1973 * kinds of error recovery actions, should return
1974 * CAM_CMD_TIMEOUT, which allows us to safely assume
1975 * that this command was an innocent bystander to
1976 * these events and should be unconditionally
1979 case CAM_REQUEUE_REQ:
1980 /* Unconditional requeue if device is still there */
1981 if (periph->flags & CAM_PERIPH_INVALID) {
1982 action_string = "Periph was invalidated";
1984 } else if (sense_flags & SF_NO_RETRY) {
1986 action_string = "Retry was blocked";
1989 action &= ~SSQ_PRINT_SENSE;
1992 case CAM_RESRC_UNAVAIL:
1993 /* Wait a bit for the resource shortage to abate. */
1994 timeout = periph_noresrc_delay;
1998 /* Wait a bit for the busy condition to abate. */
1999 timeout = periph_busy_delay;
2001 relsim_flags = RELSIM_RELEASE_AFTER_TIMEOUT;
2003 case CAM_ATA_STATUS_ERROR:
2004 case CAM_NVME_STATUS_ERROR:
2005 case CAM_SMP_STATUS_ERROR:
2006 case CAM_REQ_CMP_ERR:
2007 case CAM_CMD_TIMEOUT:
2008 case CAM_UNEXP_BUSFREE:
2009 case CAM_UNCOR_PARITY:
2010 case CAM_DATA_RUN_ERR:
2012 if (periph->flags & CAM_PERIPH_INVALID) {
2014 action_string = "Periph was invalidated";
2015 } else if (ccb->ccb_h.retry_count == 0) {
2017 action_string = "Retries exhausted";
2018 } else if (sense_flags & SF_NO_RETRY) {
2020 action_string = "Retry was blocked";
2022 ccb->ccb_h.retry_count--;
2028 if ((sense_flags & SF_PRINT_ALWAYS) ||
2029 CAM_DEBUGGED(ccb->ccb_h.path, CAM_DEBUG_INFO))
2030 action |= SSQ_PRINT_SENSE;
2031 else if (sense_flags & SF_NO_PRINT)
2032 action &= ~SSQ_PRINT_SENSE;
2033 if ((action & SSQ_PRINT_SENSE) != 0)
2034 cam_error_print(orig_ccb, CAM_ESF_ALL, CAM_EPF_ALL);
2035 if (error != 0 && (action & SSQ_PRINT_SENSE) != 0) {
2036 if (error != ERESTART) {
2037 if (action_string == NULL)
2038 action_string = "Unretryable error";
2039 xpt_print(ccb->ccb_h.path, "Error %d, %s\n",
2040 error, action_string);
2041 } else if (action_string != NULL)
2042 xpt_print(ccb->ccb_h.path, "%s\n", action_string);
2044 xpt_print(ccb->ccb_h.path,
2045 "Retrying command, %d more tries remain\n",
2046 ccb->ccb_h.retry_count);
2050 if (devctl_err && (error != 0 || (action & SSQ_PRINT_SENSE) != 0))
2051 cam_periph_devctl_notify(orig_ccb);
2053 if ((action & SSQ_LOST) != 0) {
2057 * For a selection timeout, we consider all of the LUNs on
2058 * the target to be gone. If the status is CAM_DEV_NOT_THERE,
2059 * then we only get rid of the device(s) specified by the
2060 * path in the original CCB.
2062 if (status == CAM_SEL_TIMEOUT)
2063 lun_id = CAM_LUN_WILDCARD;
2065 lun_id = xpt_path_lun_id(ccb->ccb_h.path);
2067 /* Should we do more if we can't create the path?? */
2068 if (xpt_create_path(&newpath, periph,
2069 xpt_path_path_id(ccb->ccb_h.path),
2070 xpt_path_target_id(ccb->ccb_h.path),
2071 lun_id) == CAM_REQ_CMP) {
2073 * Let peripheral drivers know that this
2074 * device has gone away.
2076 xpt_async(AC_LOST_DEVICE, newpath, NULL);
2077 xpt_free_path(newpath);
2081 /* Broadcast UNIT ATTENTIONs to all periphs. */
2082 if ((action & SSQ_UA) != 0)
2083 xpt_async(AC_UNIT_ATTENTION, orig_ccb->ccb_h.path, orig_ccb);
2085 /* Rescan target on "Reported LUNs data has changed" */
2086 if ((action & SSQ_RESCAN) != 0) {
2087 if (xpt_create_path(&newpath, NULL,
2088 xpt_path_path_id(ccb->ccb_h.path),
2089 xpt_path_target_id(ccb->ccb_h.path),
2090 CAM_LUN_WILDCARD) == CAM_REQ_CMP) {
2091 scan_ccb = xpt_alloc_ccb_nowait();
2092 if (scan_ccb != NULL) {
2093 scan_ccb->ccb_h.path = newpath;
2094 scan_ccb->ccb_h.func_code = XPT_SCAN_TGT;
2095 scan_ccb->crcn.flags = 0;
2096 xpt_rescan(scan_ccb);
2099 "Can't allocate CCB to rescan target\n");
2100 xpt_free_path(newpath);
2105 /* Attempt a retry */
2106 if (error == ERESTART || error == 0) {
2108 ccb->ccb_h.status &= ~CAM_DEV_QFRZN;
2109 if (error == ERESTART)
2112 cam_release_devq(ccb->ccb_h.path,
2116 /*getcount_only*/0);
2122 #define CAM_PERIPH_DEVD_MSG_SIZE 256
2125 cam_periph_devctl_notify(union ccb *ccb)
2127 struct cam_periph *periph;
2128 struct ccb_getdev *cgd;
2130 int serr, sk, asc, ascq;
2133 sbmsg = malloc(CAM_PERIPH_DEVD_MSG_SIZE, M_CAMPERIPH, M_NOWAIT);
2137 sbuf_new(&sb, sbmsg, CAM_PERIPH_DEVD_MSG_SIZE, SBUF_FIXEDLEN);
2139 periph = xpt_path_periph(ccb->ccb_h.path);
2140 sbuf_printf(&sb, "device=%s%d ", periph->periph_name,
2141 periph->unit_number);
2143 sbuf_printf(&sb, "serial=\"");
2144 if ((cgd = (struct ccb_getdev *)xpt_alloc_ccb_nowait()) != NULL) {
2145 xpt_setup_ccb(&cgd->ccb_h, ccb->ccb_h.path,
2146 CAM_PRIORITY_NORMAL);
2147 cgd->ccb_h.func_code = XPT_GDEV_TYPE;
2148 xpt_action((union ccb *)cgd);
2150 if (cgd->ccb_h.status == CAM_REQ_CMP)
2151 sbuf_bcat(&sb, cgd->serial_num, cgd->serial_num_len);
2152 xpt_free_ccb((union ccb *)cgd);
2154 sbuf_printf(&sb, "\" ");
2155 sbuf_printf(&sb, "cam_status=\"0x%x\" ", ccb->ccb_h.status);
2157 switch (ccb->ccb_h.status & CAM_STATUS_MASK) {
2158 case CAM_CMD_TIMEOUT:
2159 sbuf_printf(&sb, "timeout=%d ", ccb->ccb_h.timeout);
2162 case CAM_SCSI_STATUS_ERROR:
2163 sbuf_printf(&sb, "scsi_status=%d ", ccb->csio.scsi_status);
2164 if (scsi_extract_sense_ccb(ccb, &serr, &sk, &asc, &ascq))
2165 sbuf_printf(&sb, "scsi_sense=\"%02x %02x %02x %02x\" ",
2166 serr, sk, asc, ascq);
2169 case CAM_ATA_STATUS_ERROR:
2170 sbuf_printf(&sb, "RES=\"");
2171 ata_res_sbuf(&ccb->ataio.res, &sb);
2172 sbuf_printf(&sb, "\" ");
2180 if (ccb->ccb_h.func_code == XPT_SCSI_IO) {
2181 sbuf_printf(&sb, "CDB=\"");
2182 scsi_cdb_sbuf(scsiio_cdb_ptr(&ccb->csio), &sb);
2183 sbuf_printf(&sb, "\" ");
2184 } else if (ccb->ccb_h.func_code == XPT_ATA_IO) {
2185 sbuf_printf(&sb, "ACB=\"");
2186 ata_cmd_sbuf(&ccb->ataio.cmd, &sb);
2187 sbuf_printf(&sb, "\" ");
2190 if (sbuf_finish(&sb) == 0)
2191 devctl_notify("CAM", "periph", type, sbuf_data(&sb));
2193 free(sbmsg, M_CAMPERIPH);
2197 * Sysctl to force an invalidation of the drive right now. Can be
2198 * called with CTLFLAG_MPSAFE since we take periph lock.
2201 cam_periph_invalidate_sysctl(SYSCTL_HANDLER_ARGS)
2203 struct cam_periph *periph;
2208 error = sysctl_handle_int(oidp, &value, 0, req);
2209 if (error != 0 || req->newptr == NULL || value != 1)
2212 cam_periph_lock(periph);
2213 cam_periph_invalidate(periph);
2214 cam_periph_unlock(periph);