2 * SPDX-License-Identifier: BSD-2-Clause-FreeBSD
4 * Copyright (c) 1997, 1998, 2000 Justin T. Gibbs.
5 * Copyright (c) 1997, 1998, 1999 Kenneth D. Merry.
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions, and the following disclaimer,
13 * without modification, immediately at the beginning of the file.
14 * 2. The name of the author may not be used to endorse or promote products
15 * derived from this software without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR
21 * ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30 #include <sys/cdefs.h>
31 __FBSDID("$FreeBSD$");
33 #include <sys/param.h>
34 #include <sys/systm.h>
35 #include <sys/kernel.h>
37 #include <sys/types.h>
40 #include <sys/devicestat.h>
41 #include <sys/errno.h>
42 #include <sys/fcntl.h>
43 #include <sys/malloc.h>
46 #include <sys/selinfo.h>
48 #include <sys/sysent.h>
49 #include <sys/taskqueue.h>
52 #include <vm/vm_extern.h>
54 #include <machine/bus.h>
57 #include <cam/cam_ccb.h>
58 #include <cam/cam_periph.h>
59 #include <cam/cam_queue.h>
60 #include <cam/cam_xpt.h>
61 #include <cam/cam_xpt_periph.h>
62 #include <cam/cam_debug.h>
63 #include <cam/cam_compat.h>
64 #include <cam/cam_xpt_periph.h>
66 #include <cam/scsi/scsi_all.h>
67 #include <cam/scsi/scsi_pass.h>
70 PASS_FLAG_OPEN = 0x01,
71 PASS_FLAG_LOCKED = 0x02,
72 PASS_FLAG_INVALID = 0x04,
73 PASS_FLAG_INITIAL_PHYSPATH = 0x08,
74 PASS_FLAG_ZONE_INPROG = 0x10,
75 PASS_FLAG_ZONE_VALID = 0x20,
76 PASS_FLAG_UNMAPPED_CAPABLE = 0x40,
77 PASS_FLAG_ABANDONED_REF_SET = 0x80
89 #define ccb_type ppriv_field0
90 #define ccb_ioreq ppriv_ptr1
93 * The maximum number of memory segments we preallocate.
95 #define PASS_MAX_SEGS 16
99 PASS_IO_USER_SEG_MALLOC = 0x01,
100 PASS_IO_KERN_SEG_MALLOC = 0x02,
101 PASS_IO_ABANDONED = 0x04
106 union ccb *alloced_ccb;
107 union ccb *user_ccb_ptr;
108 camq_entry user_periph_links;
109 ccb_ppriv_area user_periph_priv;
110 struct cam_periph_map_info mapinfo;
112 ccb_flags data_flags;
114 bus_dma_segment_t user_segs[PASS_MAX_SEGS];
116 bus_dma_segment_t kern_segs[PASS_MAX_SEGS];
117 bus_dma_segment_t *user_segptr;
118 bus_dma_segment_t *kern_segptr;
120 uint32_t dirs[CAM_PERIPH_MAXMAPS];
121 uint32_t lengths[CAM_PERIPH_MAXMAPS];
122 uint8_t *user_bufs[CAM_PERIPH_MAXMAPS];
123 uint8_t *kern_bufs[CAM_PERIPH_MAXMAPS];
124 struct bintime start_time;
125 TAILQ_ENTRY(pass_io_req) links;
134 struct devstat *device_stats;
136 struct cdev *alias_dev;
137 struct task add_physpath_task;
138 struct task shutdown_kqueue_task;
139 struct selinfo read_select;
140 TAILQ_HEAD(, pass_io_req) incoming_queue;
141 TAILQ_HEAD(, pass_io_req) active_queue;
142 TAILQ_HEAD(, pass_io_req) abandoned_queue;
143 TAILQ_HEAD(, pass_io_req) done_queue;
144 struct cam_periph *periph;
146 char io_zone_name[12];
147 uma_zone_t pass_zone;
148 uma_zone_t pass_io_zone;
152 static d_open_t passopen;
153 static d_close_t passclose;
154 static d_ioctl_t passioctl;
155 static d_ioctl_t passdoioctl;
156 static d_poll_t passpoll;
157 static d_kqfilter_t passkqfilter;
158 static void passreadfiltdetach(struct knote *kn);
159 static int passreadfilt(struct knote *kn, long hint);
161 static periph_init_t passinit;
162 static periph_ctor_t passregister;
163 static periph_oninv_t passoninvalidate;
164 static periph_dtor_t passcleanup;
165 static periph_start_t passstart;
166 static void pass_shutdown_kqueue(void *context, int pending);
167 static void pass_add_physpath(void *context, int pending);
168 static void passasync(void *callback_arg, u_int32_t code,
169 struct cam_path *path, void *arg);
170 static void passdone(struct cam_periph *periph,
171 union ccb *done_ccb);
172 static int passcreatezone(struct cam_periph *periph);
173 static void passiocleanup(struct pass_softc *softc,
174 struct pass_io_req *io_req);
175 static int passcopysglist(struct cam_periph *periph,
176 struct pass_io_req *io_req,
177 ccb_flags direction);
178 static int passmemsetup(struct cam_periph *periph,
179 struct pass_io_req *io_req);
180 static int passmemdone(struct cam_periph *periph,
181 struct pass_io_req *io_req);
182 static int passerror(union ccb *ccb, u_int32_t cam_flags,
183 u_int32_t sense_flags);
184 static int passsendccb(struct cam_periph *periph, union ccb *ccb,
187 static struct periph_driver passdriver =
190 TAILQ_HEAD_INITIALIZER(passdriver.units), /* generation */ 0
193 PERIPHDRIVER_DECLARE(pass, passdriver);
195 static struct cdevsw pass_cdevsw = {
196 .d_version = D_VERSION,
197 .d_flags = D_TRACKCLOSE,
199 .d_close = passclose,
200 .d_ioctl = passioctl,
202 .d_kqfilter = passkqfilter,
206 static struct filterops passread_filtops = {
208 .f_detach = passreadfiltdetach,
209 .f_event = passreadfilt
212 static MALLOC_DEFINE(M_SCSIPASS, "scsi_pass", "scsi passthrough buffers");
220 * Install a global async callback. This callback will
221 * receive async callbacks like "new device found".
223 status = xpt_register_async(AC_FOUND_DEVICE, passasync, NULL, NULL);
225 if (status != CAM_REQ_CMP) {
226 printf("pass: Failed to attach master async callback "
227 "due to status 0x%x!\n", status);
233 passrejectios(struct cam_periph *periph)
235 struct pass_io_req *io_req, *io_req2;
236 struct pass_softc *softc;
238 softc = (struct pass_softc *)periph->softc;
241 * The user can no longer get status for I/O on the done queue, so
242 * clean up all outstanding I/O on the done queue.
244 TAILQ_FOREACH_SAFE(io_req, &softc->done_queue, links, io_req2) {
245 TAILQ_REMOVE(&softc->done_queue, io_req, links);
246 passiocleanup(softc, io_req);
247 uma_zfree(softc->pass_zone, io_req);
251 * The underlying device is gone, so we can't issue these I/Os.
252 * The devfs node has been shut down, so we can't return status to
253 * the user. Free any I/O left on the incoming queue.
255 TAILQ_FOREACH_SAFE(io_req, &softc->incoming_queue, links, io_req2) {
256 TAILQ_REMOVE(&softc->incoming_queue, io_req, links);
257 passiocleanup(softc, io_req);
258 uma_zfree(softc->pass_zone, io_req);
262 * Normally we would put I/Os on the abandoned queue and acquire a
263 * reference when we saw the final close. But, the device went
264 * away and devfs may have moved everything off to deadfs by the
265 * time the I/O done callback is called; as a result, we won't see
266 * any more closes. So, if we have any active I/Os, we need to put
267 * them on the abandoned queue. When the abandoned queue is empty,
268 * we'll release the remaining reference (see below) to the peripheral.
270 TAILQ_FOREACH_SAFE(io_req, &softc->active_queue, links, io_req2) {
271 TAILQ_REMOVE(&softc->active_queue, io_req, links);
272 io_req->flags |= PASS_IO_ABANDONED;
273 TAILQ_INSERT_TAIL(&softc->abandoned_queue, io_req, links);
277 * If we put any I/O on the abandoned queue, acquire a reference.
279 if ((!TAILQ_EMPTY(&softc->abandoned_queue))
280 && ((softc->flags & PASS_FLAG_ABANDONED_REF_SET) == 0)) {
281 cam_periph_doacquire(periph);
282 softc->flags |= PASS_FLAG_ABANDONED_REF_SET;
287 passdevgonecb(void *arg)
289 struct cam_periph *periph;
291 struct pass_softc *softc;
294 periph = (struct cam_periph *)arg;
295 mtx = cam_periph_mtx(periph);
298 softc = (struct pass_softc *)periph->softc;
299 KASSERT(softc->open_count >= 0, ("Negative open count %d",
303 * When we get this callback, we will get no more close calls from
304 * devfs. So if we have any dangling opens, we need to release the
305 * reference held for that particular context.
307 for (i = 0; i < softc->open_count; i++)
308 cam_periph_release_locked(periph);
310 softc->open_count = 0;
313 * Release the reference held for the device node, it is gone now.
314 * Accordingly, inform all queued I/Os of their fate.
316 cam_periph_release_locked(periph);
317 passrejectios(periph);
320 * We reference the SIM lock directly here, instead of using
321 * cam_periph_unlock(). The reason is that the final call to
322 * cam_periph_release_locked() above could result in the periph
323 * getting freed. If that is the case, dereferencing the periph
324 * with a cam_periph_unlock() call would cause a page fault.
329 * We have to remove our kqueue context from a thread because it
330 * may sleep. It would be nice if we could get a callback from
331 * kqueue when it is done cleaning up resources.
333 taskqueue_enqueue(taskqueue_thread, &softc->shutdown_kqueue_task);
337 passoninvalidate(struct cam_periph *periph)
339 struct pass_softc *softc;
341 softc = (struct pass_softc *)periph->softc;
344 * De-register any async callbacks.
346 xpt_register_async(0, passasync, periph, periph->path);
348 softc->flags |= PASS_FLAG_INVALID;
351 * Tell devfs this device has gone away, and ask for a callback
352 * when it has cleaned up its state.
354 destroy_dev_sched_cb(softc->dev, passdevgonecb, periph);
358 passcleanup(struct cam_periph *periph)
360 struct pass_softc *softc;
362 softc = (struct pass_softc *)periph->softc;
364 cam_periph_assert(periph, MA_OWNED);
365 KASSERT(TAILQ_EMPTY(&softc->active_queue),
366 ("%s called when there are commands on the active queue!\n",
368 KASSERT(TAILQ_EMPTY(&softc->abandoned_queue),
369 ("%s called when there are commands on the abandoned queue!\n",
371 KASSERT(TAILQ_EMPTY(&softc->incoming_queue),
372 ("%s called when there are commands on the incoming queue!\n",
374 KASSERT(TAILQ_EMPTY(&softc->done_queue),
375 ("%s called when there are commands on the done queue!\n",
378 devstat_remove_entry(softc->device_stats);
380 cam_periph_unlock(periph);
383 * We call taskqueue_drain() for the physpath task to make sure it
384 * is complete. We drop the lock because this can potentially
385 * sleep. XXX KDM that is bad. Need a way to get a callback when
386 * a taskqueue is drained.
388 * Note that we don't drain the kqueue shutdown task queue. This
389 * is because we hold a reference on the periph for kqueue, and
390 * release that reference from the kqueue shutdown task queue. So
391 * we cannot come into this routine unless we've released that
392 * reference. Also, because that could be the last reference, we
393 * could be called from the cam_periph_release() call in
394 * pass_shutdown_kqueue(). In that case, the taskqueue_drain()
395 * would deadlock. It would be preferable if we had a way to
396 * get a callback when a taskqueue is done.
398 taskqueue_drain(taskqueue_thread, &softc->add_physpath_task);
400 cam_periph_lock(periph);
402 free(softc, M_DEVBUF);
406 pass_shutdown_kqueue(void *context, int pending)
408 struct cam_periph *periph;
409 struct pass_softc *softc;
412 softc = periph->softc;
414 knlist_clear(&softc->read_select.si_note, /*is_locked*/ 0);
415 knlist_destroy(&softc->read_select.si_note);
418 * Release the reference we held for kqueue.
420 cam_periph_release(periph);
424 pass_add_physpath(void *context, int pending)
426 struct cam_periph *periph;
427 struct pass_softc *softc;
432 * If we have one, create a devfs alias for our
436 softc = periph->softc;
437 physpath = malloc(MAXPATHLEN, M_DEVBUF, M_WAITOK);
438 mtx = cam_periph_mtx(periph);
441 if (periph->flags & CAM_PERIPH_INVALID)
444 if (xpt_getattr(physpath, MAXPATHLEN,
445 "GEOM::physpath", periph->path) == 0
446 && strlen(physpath) != 0) {
448 make_dev_physpath_alias(MAKEDEV_WAITOK, &softc->alias_dev,
449 softc->dev, softc->alias_dev, physpath);
455 * Now that we've made our alias, we no longer have to have a
456 * reference to the device.
458 if ((softc->flags & PASS_FLAG_INITIAL_PHYSPATH) == 0)
459 softc->flags |= PASS_FLAG_INITIAL_PHYSPATH;
462 * We always acquire a reference to the periph before queueing this
463 * task queue function, so it won't go away before we run.
465 while (pending-- > 0)
466 cam_periph_release_locked(periph);
469 free(physpath, M_DEVBUF);
473 passasync(void *callback_arg, u_int32_t code,
474 struct cam_path *path, void *arg)
476 struct cam_periph *periph;
478 periph = (struct cam_periph *)callback_arg;
481 case AC_FOUND_DEVICE:
483 struct ccb_getdev *cgd;
486 cgd = (struct ccb_getdev *)arg;
491 * Allocate a peripheral instance for
492 * this device and start the probe
495 status = cam_periph_alloc(passregister, passoninvalidate,
496 passcleanup, passstart, "pass",
497 CAM_PERIPH_BIO, path,
498 passasync, AC_FOUND_DEVICE, cgd);
500 if (status != CAM_REQ_CMP
501 && status != CAM_REQ_INPROG) {
502 const struct cam_status_entry *entry;
504 entry = cam_fetch_status_entry(status);
506 printf("passasync: Unable to attach new device "
507 "due to status %#x: %s\n", status, entry ?
508 entry->status_text : "Unknown");
513 case AC_ADVINFO_CHANGED:
517 buftype = (uintptr_t)arg;
518 if (buftype == CDAI_TYPE_PHYS_PATH) {
519 struct pass_softc *softc;
521 softc = (struct pass_softc *)periph->softc;
523 * Acquire a reference to the periph before we
524 * start the taskqueue, so that we don't run into
525 * a situation where the periph goes away before
526 * the task queue has a chance to run.
528 if (cam_periph_acquire(periph) != 0)
531 taskqueue_enqueue(taskqueue_thread,
532 &softc->add_physpath_task);
537 cam_periph_async(periph, code, path, arg);
543 passregister(struct cam_periph *periph, void *arg)
545 struct pass_softc *softc;
546 struct ccb_getdev *cgd;
547 struct ccb_pathinq cpi;
548 struct make_dev_args args;
551 cgd = (struct ccb_getdev *)arg;
553 printf("%s: no getdev CCB, can't register device\n", __func__);
554 return(CAM_REQ_CMP_ERR);
557 softc = (struct pass_softc *)malloc(sizeof(*softc),
561 printf("%s: Unable to probe new device. "
562 "Unable to allocate softc\n", __func__);
563 return(CAM_REQ_CMP_ERR);
566 bzero(softc, sizeof(*softc));
567 softc->state = PASS_STATE_NORMAL;
568 if (cgd->protocol == PROTO_SCSI || cgd->protocol == PROTO_ATAPI)
569 softc->pd_type = SID_TYPE(&cgd->inq_data);
570 else if (cgd->protocol == PROTO_SATAPM)
571 softc->pd_type = T_ENCLOSURE;
573 softc->pd_type = T_DIRECT;
575 periph->softc = softc;
576 softc->periph = periph;
577 TAILQ_INIT(&softc->incoming_queue);
578 TAILQ_INIT(&softc->active_queue);
579 TAILQ_INIT(&softc->abandoned_queue);
580 TAILQ_INIT(&softc->done_queue);
581 snprintf(softc->zone_name, sizeof(softc->zone_name), "%s%d",
582 periph->periph_name, periph->unit_number);
583 snprintf(softc->io_zone_name, sizeof(softc->io_zone_name), "%s%dIO",
584 periph->periph_name, periph->unit_number);
585 softc->io_zone_size = maxphys;
586 knlist_init_mtx(&softc->read_select.si_note, cam_periph_mtx(periph));
588 xpt_path_inq(&cpi, periph->path);
591 softc->maxio = DFLTPHYS; /* traditional default */
592 else if (cpi.maxio > maxphys)
593 softc->maxio = maxphys; /* for safety */
595 softc->maxio = cpi.maxio; /* real value */
597 if (cpi.hba_misc & PIM_UNMAPPED)
598 softc->flags |= PASS_FLAG_UNMAPPED_CAPABLE;
601 * We pass in 0 for a blocksize, since we don't
602 * know what the blocksize of this device is, if
603 * it even has a blocksize.
605 cam_periph_unlock(periph);
606 no_tags = (cgd->inq_data.flags & SID_CmdQue) == 0;
607 softc->device_stats = devstat_new_entry("pass",
608 periph->unit_number, 0,
610 | (no_tags ? DEVSTAT_NO_ORDERED_TAGS : 0),
612 XPORT_DEVSTAT_TYPE(cpi.transport) |
614 DEVSTAT_PRIORITY_PASS);
617 * Initialize the taskqueue handler for shutting down kqueue.
619 TASK_INIT(&softc->shutdown_kqueue_task, /*priority*/ 0,
620 pass_shutdown_kqueue, periph);
623 * Acquire a reference to the periph that we can release once we've
624 * cleaned up the kqueue.
626 if (cam_periph_acquire(periph) != 0) {
627 xpt_print(periph->path, "%s: lost periph during "
628 "registration!\n", __func__);
629 cam_periph_lock(periph);
630 return (CAM_REQ_CMP_ERR);
634 * Acquire a reference to the periph before we create the devfs
635 * instance for it. We'll release this reference once the devfs
636 * instance has been freed.
638 if (cam_periph_acquire(periph) != 0) {
639 xpt_print(periph->path, "%s: lost periph during "
640 "registration!\n", __func__);
641 cam_periph_lock(periph);
642 return (CAM_REQ_CMP_ERR);
645 /* Register the device */
646 make_dev_args_init(&args);
647 args.mda_devsw = &pass_cdevsw;
648 args.mda_unit = periph->unit_number;
649 args.mda_uid = UID_ROOT;
650 args.mda_gid = GID_OPERATOR;
651 args.mda_mode = 0600;
652 args.mda_si_drv1 = periph;
653 args.mda_flags = MAKEDEV_NOWAIT;
654 error = make_dev_s(&args, &softc->dev, "%s%d", periph->periph_name,
655 periph->unit_number);
657 cam_periph_lock(periph);
658 cam_periph_release_locked(periph);
659 return (CAM_REQ_CMP_ERR);
663 * Hold a reference to the periph before we create the physical
664 * path alias so it can't go away.
666 if (cam_periph_acquire(periph) != 0) {
667 xpt_print(periph->path, "%s: lost periph during "
668 "registration!\n", __func__);
669 cam_periph_lock(periph);
670 return (CAM_REQ_CMP_ERR);
673 cam_periph_lock(periph);
675 TASK_INIT(&softc->add_physpath_task, /*priority*/0,
676 pass_add_physpath, periph);
679 * See if physical path information is already available.
681 taskqueue_enqueue(taskqueue_thread, &softc->add_physpath_task);
684 * Add an async callback so that we get notified if
685 * this device goes away or its physical path
686 * (stored in the advanced info data of the EDT) has
689 xpt_register_async(AC_LOST_DEVICE | AC_ADVINFO_CHANGED,
690 passasync, periph, periph->path);
693 xpt_announce_periph(periph, NULL);
699 passopen(struct cdev *dev, int flags, int fmt, struct thread *td)
701 struct cam_periph *periph;
702 struct pass_softc *softc;
705 periph = (struct cam_periph *)dev->si_drv1;
706 if (cam_periph_acquire(periph) != 0)
709 cam_periph_lock(periph);
711 softc = (struct pass_softc *)periph->softc;
713 if (softc->flags & PASS_FLAG_INVALID) {
714 cam_periph_release_locked(periph);
715 cam_periph_unlock(periph);
720 * Don't allow access when we're running at a high securelevel.
722 error = securelevel_gt(td->td_ucred, 1);
724 cam_periph_release_locked(periph);
725 cam_periph_unlock(periph);
730 * Only allow read-write access.
732 if (((flags & FWRITE) == 0) || ((flags & FREAD) == 0)) {
733 cam_periph_release_locked(periph);
734 cam_periph_unlock(periph);
739 * We don't allow nonblocking access.
741 if ((flags & O_NONBLOCK) != 0) {
742 xpt_print(periph->path, "can't do nonblocking access\n");
743 cam_periph_release_locked(periph);
744 cam_periph_unlock(periph);
750 cam_periph_unlock(periph);
756 passclose(struct cdev *dev, int flag, int fmt, struct thread *td)
758 struct cam_periph *periph;
759 struct pass_softc *softc;
762 periph = (struct cam_periph *)dev->si_drv1;
763 mtx = cam_periph_mtx(periph);
766 softc = periph->softc;
769 if (softc->open_count == 0) {
770 struct pass_io_req *io_req, *io_req2;
772 TAILQ_FOREACH_SAFE(io_req, &softc->done_queue, links, io_req2) {
773 TAILQ_REMOVE(&softc->done_queue, io_req, links);
774 passiocleanup(softc, io_req);
775 uma_zfree(softc->pass_zone, io_req);
778 TAILQ_FOREACH_SAFE(io_req, &softc->incoming_queue, links,
780 TAILQ_REMOVE(&softc->incoming_queue, io_req, links);
781 passiocleanup(softc, io_req);
782 uma_zfree(softc->pass_zone, io_req);
786 * If there are any active I/Os, we need to forcibly acquire a
787 * reference to the peripheral so that we don't go away
788 * before they complete. We'll release the reference when
789 * the abandoned queue is empty.
791 io_req = TAILQ_FIRST(&softc->active_queue);
793 && (softc->flags & PASS_FLAG_ABANDONED_REF_SET) == 0) {
794 cam_periph_doacquire(periph);
795 softc->flags |= PASS_FLAG_ABANDONED_REF_SET;
799 * Since the I/O in the active queue is not under our
800 * control, just set a flag so that we can clean it up when
801 * it completes and put it on the abandoned queue. This
802 * will prevent our sending spurious completions in the
803 * event that the device is opened again before these I/Os
806 TAILQ_FOREACH_SAFE(io_req, &softc->active_queue, links,
808 TAILQ_REMOVE(&softc->active_queue, io_req, links);
809 io_req->flags |= PASS_IO_ABANDONED;
810 TAILQ_INSERT_TAIL(&softc->abandoned_queue, io_req,
815 cam_periph_release_locked(periph);
818 * We reference the lock directly here, instead of using
819 * cam_periph_unlock(). The reason is that the call to
820 * cam_periph_release_locked() above could result in the periph
821 * getting freed. If that is the case, dereferencing the periph
822 * with a cam_periph_unlock() call would cause a page fault.
824 * cam_periph_release() avoids this problem using the same method,
825 * but we're manually acquiring and dropping the lock here to
826 * protect the open count and avoid another lock acquisition and
835 passstart(struct cam_periph *periph, union ccb *start_ccb)
837 struct pass_softc *softc;
839 softc = (struct pass_softc *)periph->softc;
841 switch (softc->state) {
842 case PASS_STATE_NORMAL: {
843 struct pass_io_req *io_req;
846 * Check for any queued I/O requests that require an
849 io_req = TAILQ_FIRST(&softc->incoming_queue);
850 if (io_req == NULL) {
851 xpt_release_ccb(start_ccb);
854 TAILQ_REMOVE(&softc->incoming_queue, io_req, links);
855 TAILQ_INSERT_TAIL(&softc->active_queue, io_req, links);
857 * Merge the user's CCB into the allocated CCB.
859 xpt_merge_ccb(start_ccb, &io_req->ccb);
860 start_ccb->ccb_h.ccb_type = PASS_CCB_QUEUED_IO;
861 start_ccb->ccb_h.ccb_ioreq = io_req;
862 start_ccb->ccb_h.cbfcnp = passdone;
863 io_req->alloced_ccb = start_ccb;
864 binuptime(&io_req->start_time);
865 devstat_start_transaction(softc->device_stats,
866 &io_req->start_time);
868 xpt_action(start_ccb);
871 * If we have any more I/O waiting, schedule ourselves again.
873 if (!TAILQ_EMPTY(&softc->incoming_queue))
874 xpt_schedule(periph, CAM_PRIORITY_NORMAL);
883 passdone(struct cam_periph *periph, union ccb *done_ccb)
885 struct pass_softc *softc;
886 struct ccb_scsiio *csio;
888 softc = (struct pass_softc *)periph->softc;
890 cam_periph_assert(periph, MA_OWNED);
892 csio = &done_ccb->csio;
893 switch (csio->ccb_h.ccb_type) {
894 case PASS_CCB_QUEUED_IO: {
895 struct pass_io_req *io_req;
897 io_req = done_ccb->ccb_h.ccb_ioreq;
899 xpt_print(periph->path, "%s: called for user CCB %p\n",
900 __func__, io_req->user_ccb_ptr);
902 if (((done_ccb->ccb_h.status & CAM_STATUS_MASK) != CAM_REQ_CMP)
903 && (done_ccb->ccb_h.flags & CAM_PASS_ERR_RECOVER)
904 && ((io_req->flags & PASS_IO_ABANDONED) == 0)) {
907 error = passerror(done_ccb, CAM_RETRY_SELTO,
908 SF_RETRY_UA | SF_NO_PRINT);
910 if (error == ERESTART) {
912 * A retry was scheduled, so
920 * Copy the allocated CCB contents back to the malloced CCB
921 * so we can give status back to the user when he requests it.
923 bcopy(done_ccb, &io_req->ccb, sizeof(*done_ccb));
926 * Log data/transaction completion with devstat(9).
928 switch (done_ccb->ccb_h.func_code) {
930 devstat_end_transaction(softc->device_stats,
931 done_ccb->csio.dxfer_len - done_ccb->csio.resid,
932 done_ccb->csio.tag_action & 0x3,
933 ((done_ccb->ccb_h.flags & CAM_DIR_MASK) ==
934 CAM_DIR_NONE) ? DEVSTAT_NO_DATA :
935 (done_ccb->ccb_h.flags & CAM_DIR_OUT) ?
936 DEVSTAT_WRITE : DEVSTAT_READ, NULL,
937 &io_req->start_time);
940 devstat_end_transaction(softc->device_stats,
941 done_ccb->ataio.dxfer_len - done_ccb->ataio.resid,
942 0, /* Not used in ATA */
943 ((done_ccb->ccb_h.flags & CAM_DIR_MASK) ==
944 CAM_DIR_NONE) ? DEVSTAT_NO_DATA :
945 (done_ccb->ccb_h.flags & CAM_DIR_OUT) ?
946 DEVSTAT_WRITE : DEVSTAT_READ, NULL,
947 &io_req->start_time);
951 * XXX KDM this isn't quite right, but there isn't
952 * currently an easy way to represent a bidirectional
953 * transfer in devstat. The only way to do it
954 * and have the byte counts come out right would
955 * mean that we would have to record two
956 * transactions, one for the request and one for the
957 * response. For now, so that we report something,
958 * just treat the entire thing as a read.
960 devstat_end_transaction(softc->device_stats,
961 done_ccb->smpio.smp_request_len +
962 done_ccb->smpio.smp_response_len,
963 DEVSTAT_TAG_SIMPLE, DEVSTAT_READ, NULL,
964 &io_req->start_time);
967 devstat_end_transaction(softc->device_stats, 0,
968 DEVSTAT_TAG_NONE, DEVSTAT_NO_DATA, NULL,
969 &io_req->start_time);
974 * In the normal case, take the completed I/O off of the
975 * active queue and put it on the done queue. Notitfy the
976 * user that we have a completed I/O.
978 if ((io_req->flags & PASS_IO_ABANDONED) == 0) {
979 TAILQ_REMOVE(&softc->active_queue, io_req, links);
980 TAILQ_INSERT_TAIL(&softc->done_queue, io_req, links);
981 selwakeuppri(&softc->read_select, PRIBIO);
982 KNOTE_LOCKED(&softc->read_select.si_note, 0);
985 * In the case of an abandoned I/O (final close
986 * without fetching the I/O), take it off of the
987 * abandoned queue and free it.
989 TAILQ_REMOVE(&softc->abandoned_queue, io_req, links);
990 passiocleanup(softc, io_req);
991 uma_zfree(softc->pass_zone, io_req);
994 * Release the done_ccb here, since we may wind up
995 * freeing the peripheral when we decrement the
996 * reference count below.
998 xpt_release_ccb(done_ccb);
1001 * If the abandoned queue is empty, we can release
1002 * our reference to the periph since we won't have
1003 * any more completions coming.
1005 if ((TAILQ_EMPTY(&softc->abandoned_queue))
1006 && (softc->flags & PASS_FLAG_ABANDONED_REF_SET)) {
1007 softc->flags &= ~PASS_FLAG_ABANDONED_REF_SET;
1008 cam_periph_release_locked(periph);
1012 * We have already released the CCB, so we can
1020 xpt_release_ccb(done_ccb);
1024 passcreatezone(struct cam_periph *periph)
1026 struct pass_softc *softc;
1030 softc = (struct pass_softc *)periph->softc;
1032 cam_periph_assert(periph, MA_OWNED);
1033 KASSERT(((softc->flags & PASS_FLAG_ZONE_VALID) == 0),
1034 ("%s called when the pass(4) zone is valid!\n", __func__));
1035 KASSERT((softc->pass_zone == NULL),
1036 ("%s called when the pass(4) zone is allocated!\n", __func__));
1038 if ((softc->flags & PASS_FLAG_ZONE_INPROG) == 0) {
1040 * We're the first context through, so we need to create
1041 * the pass(4) UMA zone for I/O requests.
1043 softc->flags |= PASS_FLAG_ZONE_INPROG;
1046 * uma_zcreate() does a blocking (M_WAITOK) allocation,
1047 * so we cannot hold a mutex while we call it.
1049 cam_periph_unlock(periph);
1051 softc->pass_zone = uma_zcreate(softc->zone_name,
1052 sizeof(struct pass_io_req), NULL, NULL, NULL, NULL,
1053 /*align*/ 0, /*flags*/ 0);
1055 softc->pass_io_zone = uma_zcreate(softc->io_zone_name,
1056 softc->io_zone_size, NULL, NULL, NULL, NULL,
1057 /*align*/ 0, /*flags*/ 0);
1059 cam_periph_lock(periph);
1061 if ((softc->pass_zone == NULL)
1062 || (softc->pass_io_zone == NULL)) {
1063 if (softc->pass_zone == NULL)
1064 xpt_print(periph->path, "unable to allocate "
1065 "IO Req UMA zone\n");
1067 xpt_print(periph->path, "unable to allocate "
1069 softc->flags &= ~PASS_FLAG_ZONE_INPROG;
1074 * Set the flags appropriately and notify any other waiters.
1076 softc->flags &= PASS_FLAG_ZONE_INPROG;
1077 softc->flags |= PASS_FLAG_ZONE_VALID;
1078 wakeup(&softc->pass_zone);
1081 * In this case, the UMA zone has not yet been created, but
1082 * another context is in the process of creating it. We
1083 * need to sleep until the creation is either done or has
1086 while ((softc->flags & PASS_FLAG_ZONE_INPROG)
1087 && ((softc->flags & PASS_FLAG_ZONE_VALID) == 0)) {
1088 error = msleep(&softc->pass_zone,
1089 cam_periph_mtx(periph), PRIBIO,
1095 * If the zone creation failed, no luck for the user.
1097 if ((softc->flags & PASS_FLAG_ZONE_VALID) == 0){
1107 passiocleanup(struct pass_softc *softc, struct pass_io_req *io_req)
1110 u_int8_t **data_ptrs[CAM_PERIPH_MAXMAPS];
1115 switch (ccb->ccb_h.func_code) {
1117 numbufs = min(io_req->num_bufs, 2);
1120 data_ptrs[0] = (u_int8_t **)&ccb->cdm.matches;
1122 data_ptrs[0] = (u_int8_t **)&ccb->cdm.patterns;
1123 data_ptrs[1] = (u_int8_t **)&ccb->cdm.matches;
1127 case XPT_CONT_TARGET_IO:
1128 data_ptrs[0] = &ccb->csio.data_ptr;
1129 numbufs = min(io_req->num_bufs, 1);
1132 data_ptrs[0] = &ccb->ataio.data_ptr;
1133 numbufs = min(io_req->num_bufs, 1);
1136 numbufs = min(io_req->num_bufs, 2);
1137 data_ptrs[0] = &ccb->smpio.smp_request;
1138 data_ptrs[1] = &ccb->smpio.smp_response;
1140 case XPT_DEV_ADVINFO:
1141 numbufs = min(io_req->num_bufs, 1);
1142 data_ptrs[0] = (uint8_t **)&ccb->cdai.buf;
1145 case XPT_NVME_ADMIN:
1146 data_ptrs[0] = &ccb->nvmeio.data_ptr;
1147 numbufs = min(io_req->num_bufs, 1);
1150 /* allow ourselves to be swapped once again */
1152 break; /* NOTREACHED */
1155 if (io_req->flags & PASS_IO_USER_SEG_MALLOC) {
1156 free(io_req->user_segptr, M_SCSIPASS);
1157 io_req->user_segptr = NULL;
1161 * We only want to free memory we malloced.
1163 if (io_req->data_flags == CAM_DATA_VADDR) {
1164 for (i = 0; i < io_req->num_bufs; i++) {
1165 if (io_req->kern_bufs[i] == NULL)
1168 free(io_req->kern_bufs[i], M_SCSIPASS);
1169 io_req->kern_bufs[i] = NULL;
1171 } else if (io_req->data_flags == CAM_DATA_SG) {
1172 for (i = 0; i < io_req->num_kern_segs; i++) {
1173 if ((uint8_t *)(uintptr_t)
1174 io_req->kern_segptr[i].ds_addr == NULL)
1177 uma_zfree(softc->pass_io_zone, (uint8_t *)(uintptr_t)
1178 io_req->kern_segptr[i].ds_addr);
1179 io_req->kern_segptr[i].ds_addr = 0;
1183 if (io_req->flags & PASS_IO_KERN_SEG_MALLOC) {
1184 free(io_req->kern_segptr, M_SCSIPASS);
1185 io_req->kern_segptr = NULL;
1188 if (io_req->data_flags != CAM_DATA_PADDR) {
1189 for (i = 0; i < numbufs; i++) {
1191 * Restore the user's buffer pointers to their
1194 if (io_req->user_bufs[i] != NULL)
1195 *data_ptrs[i] = io_req->user_bufs[i];
1202 passcopysglist(struct cam_periph *periph, struct pass_io_req *io_req,
1203 ccb_flags direction)
1205 bus_size_t kern_watermark, user_watermark, len_copied, len_to_copy;
1206 bus_dma_segment_t *user_sglist, *kern_sglist;
1214 user_sglist = io_req->user_segptr;
1215 kern_sglist = io_req->kern_segptr;
1217 for (i = 0, j = 0; i < io_req->num_user_segs &&
1218 j < io_req->num_kern_segs;) {
1219 uint8_t *user_ptr, *kern_ptr;
1221 len_to_copy = min(user_sglist[i].ds_len -user_watermark,
1222 kern_sglist[j].ds_len - kern_watermark);
1224 user_ptr = (uint8_t *)(uintptr_t)user_sglist[i].ds_addr;
1225 user_ptr = user_ptr + user_watermark;
1226 kern_ptr = (uint8_t *)(uintptr_t)kern_sglist[j].ds_addr;
1227 kern_ptr = kern_ptr + kern_watermark;
1229 user_watermark += len_to_copy;
1230 kern_watermark += len_to_copy;
1232 if (direction == CAM_DIR_IN) {
1233 error = copyout(kern_ptr, user_ptr, len_to_copy);
1235 xpt_print(periph->path, "%s: copyout of %u "
1236 "bytes from %p to %p failed with "
1237 "error %d\n", __func__, len_to_copy,
1238 kern_ptr, user_ptr, error);
1242 error = copyin(user_ptr, kern_ptr, len_to_copy);
1244 xpt_print(periph->path, "%s: copyin of %u "
1245 "bytes from %p to %p failed with "
1246 "error %d\n", __func__, len_to_copy,
1247 user_ptr, kern_ptr, error);
1252 len_copied += len_to_copy;
1254 if (user_sglist[i].ds_len == user_watermark) {
1259 if (kern_sglist[j].ds_len == kern_watermark) {
1271 passmemsetup(struct cam_periph *periph, struct pass_io_req *io_req)
1274 struct pass_softc *softc;
1276 uint8_t **data_ptrs[CAM_PERIPH_MAXMAPS];
1277 uint32_t lengths[CAM_PERIPH_MAXMAPS];
1278 uint32_t dirs[CAM_PERIPH_MAXMAPS];
1280 uint16_t *seg_cnt_ptr;
1284 cam_periph_assert(periph, MA_NOTOWNED);
1286 softc = periph->softc;
1294 switch(ccb->ccb_h.func_code) {
1296 if (ccb->cdm.match_buf_len == 0) {
1297 printf("%s: invalid match buffer length 0\n", __func__);
1300 if (ccb->cdm.pattern_buf_len > 0) {
1301 data_ptrs[0] = (u_int8_t **)&ccb->cdm.patterns;
1302 lengths[0] = ccb->cdm.pattern_buf_len;
1303 dirs[0] = CAM_DIR_OUT;
1304 data_ptrs[1] = (u_int8_t **)&ccb->cdm.matches;
1305 lengths[1] = ccb->cdm.match_buf_len;
1306 dirs[1] = CAM_DIR_IN;
1309 data_ptrs[0] = (u_int8_t **)&ccb->cdm.matches;
1310 lengths[0] = ccb->cdm.match_buf_len;
1311 dirs[0] = CAM_DIR_IN;
1314 io_req->data_flags = CAM_DATA_VADDR;
1317 case XPT_CONT_TARGET_IO:
1318 if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE)
1322 * The user shouldn't be able to supply a bio.
1324 if ((ccb->ccb_h.flags & CAM_DATA_MASK) == CAM_DATA_BIO)
1327 io_req->data_flags = ccb->ccb_h.flags & CAM_DATA_MASK;
1329 data_ptrs[0] = &ccb->csio.data_ptr;
1330 lengths[0] = ccb->csio.dxfer_len;
1331 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
1332 num_segs = ccb->csio.sglist_cnt;
1333 seg_cnt_ptr = &ccb->csio.sglist_cnt;
1335 maxmap = softc->maxio;
1338 if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE)
1342 * We only support a single virtual address for ATA I/O.
1344 if ((ccb->ccb_h.flags & CAM_DATA_MASK) != CAM_DATA_VADDR)
1347 io_req->data_flags = CAM_DATA_VADDR;
1349 data_ptrs[0] = &ccb->ataio.data_ptr;
1350 lengths[0] = ccb->ataio.dxfer_len;
1351 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
1353 maxmap = softc->maxio;
1356 io_req->data_flags = CAM_DATA_VADDR;
1358 data_ptrs[0] = &ccb->smpio.smp_request;
1359 lengths[0] = ccb->smpio.smp_request_len;
1360 dirs[0] = CAM_DIR_OUT;
1361 data_ptrs[1] = &ccb->smpio.smp_response;
1362 lengths[1] = ccb->smpio.smp_response_len;
1363 dirs[1] = CAM_DIR_IN;
1365 maxmap = softc->maxio;
1367 case XPT_DEV_ADVINFO:
1368 if (ccb->cdai.bufsiz == 0)
1371 io_req->data_flags = CAM_DATA_VADDR;
1373 data_ptrs[0] = (uint8_t **)&ccb->cdai.buf;
1374 lengths[0] = ccb->cdai.bufsiz;
1375 dirs[0] = CAM_DIR_IN;
1378 case XPT_NVME_ADMIN:
1380 if ((ccb->ccb_h.flags & CAM_DIR_MASK) == CAM_DIR_NONE)
1383 io_req->data_flags = ccb->ccb_h.flags & CAM_DATA_MASK;
1385 data_ptrs[0] = &ccb->nvmeio.data_ptr;
1386 lengths[0] = ccb->nvmeio.dxfer_len;
1387 dirs[0] = ccb->ccb_h.flags & CAM_DIR_MASK;
1388 num_segs = ccb->nvmeio.sglist_cnt;
1389 seg_cnt_ptr = &ccb->nvmeio.sglist_cnt;
1391 maxmap = softc->maxio;
1395 break; /* NOTREACHED */
1398 io_req->num_bufs = numbufs;
1401 * If there is a maximum, check to make sure that the user's
1402 * request fits within the limit. In general, we should only have
1403 * a maximum length for requests that go to hardware. Otherwise it
1404 * is whatever we're able to malloc.
1406 for (i = 0; i < numbufs; i++) {
1407 io_req->user_bufs[i] = *data_ptrs[i];
1408 io_req->dirs[i] = dirs[i];
1409 io_req->lengths[i] = lengths[i];
1414 if (lengths[i] <= maxmap)
1417 xpt_print(periph->path, "%s: data length %u > max allowed %u "
1418 "bytes\n", __func__, lengths[i], maxmap);
1423 switch (io_req->data_flags) {
1424 case CAM_DATA_VADDR:
1425 /* Map or copy the buffer into kernel address space */
1426 for (i = 0; i < numbufs; i++) {
1430 * If for some reason no length is specified, we
1431 * don't need to allocate anything.
1433 if (io_req->lengths[i] == 0)
1436 tmp_buf = malloc(lengths[i], M_SCSIPASS,
1438 io_req->kern_bufs[i] = tmp_buf;
1439 *data_ptrs[i] = tmp_buf;
1442 xpt_print(periph->path, "%s: malloced %p len %u, user "
1443 "buffer %p, operation: %s\n", __func__,
1444 tmp_buf, lengths[i], io_req->user_bufs[i],
1445 (dirs[i] == CAM_DIR_IN) ? "read" : "write");
1448 * We only need to copy in if the user is writing.
1450 if (dirs[i] != CAM_DIR_OUT)
1453 error = copyin(io_req->user_bufs[i],
1454 io_req->kern_bufs[i], lengths[i]);
1456 xpt_print(periph->path, "%s: copy of user "
1457 "buffer from %p to %p failed with "
1458 "error %d\n", __func__,
1459 io_req->user_bufs[i],
1460 io_req->kern_bufs[i], error);
1465 case CAM_DATA_PADDR:
1466 /* Pass down the pointer as-is */
1469 size_t sg_length, size_to_go, alloc_size;
1470 uint32_t num_segs_needed;
1473 * Copy the user S/G list in, and then copy in the
1474 * individual segments.
1477 * We shouldn't see this, but check just in case.
1480 xpt_print(periph->path, "%s: cannot currently handle "
1481 "more than one S/G list per CCB\n", __func__);
1487 * We have to have at least one segment.
1489 if (num_segs == 0) {
1490 xpt_print(periph->path, "%s: CAM_DATA_SG flag set, "
1491 "but sglist_cnt=0!\n", __func__);
1497 * Make sure the user specified the total length and didn't
1498 * just leave it to us to decode the S/G list.
1500 if (lengths[0] == 0) {
1501 xpt_print(periph->path, "%s: no dxfer_len specified, "
1502 "but CAM_DATA_SG flag is set!\n", __func__);
1508 * We allocate buffers in io_zone_size increments for an
1509 * S/G list. This will generally be maxphys.
1511 if (lengths[0] <= softc->io_zone_size)
1512 num_segs_needed = 1;
1514 num_segs_needed = lengths[0] / softc->io_zone_size;
1515 if ((lengths[0] % softc->io_zone_size) != 0)
1519 /* Figure out the size of the S/G list */
1520 sg_length = num_segs * sizeof(bus_dma_segment_t);
1521 io_req->num_user_segs = num_segs;
1522 io_req->num_kern_segs = num_segs_needed;
1524 /* Save the user's S/G list pointer for later restoration */
1525 io_req->user_bufs[0] = *data_ptrs[0];
1528 * If we have enough segments allocated by default to handle
1529 * the length of the user's S/G list,
1531 if (num_segs > PASS_MAX_SEGS) {
1532 io_req->user_segptr = malloc(sizeof(bus_dma_segment_t) *
1533 num_segs, M_SCSIPASS, M_WAITOK | M_ZERO);
1534 io_req->flags |= PASS_IO_USER_SEG_MALLOC;
1536 io_req->user_segptr = io_req->user_segs;
1538 error = copyin(*data_ptrs[0], io_req->user_segptr, sg_length);
1540 xpt_print(periph->path, "%s: copy of user S/G list "
1541 "from %p to %p failed with error %d\n",
1542 __func__, *data_ptrs[0], io_req->user_segptr,
1547 if (num_segs_needed > PASS_MAX_SEGS) {
1548 io_req->kern_segptr = malloc(sizeof(bus_dma_segment_t) *
1549 num_segs_needed, M_SCSIPASS, M_WAITOK | M_ZERO);
1550 io_req->flags |= PASS_IO_KERN_SEG_MALLOC;
1552 io_req->kern_segptr = io_req->kern_segs;
1556 * Allocate the kernel S/G list.
1558 for (size_to_go = lengths[0], i = 0;
1559 size_to_go > 0 && i < num_segs_needed;
1560 i++, size_to_go -= alloc_size) {
1563 alloc_size = min(size_to_go, softc->io_zone_size);
1564 kern_ptr = uma_zalloc(softc->pass_io_zone, M_WAITOK);
1565 io_req->kern_segptr[i].ds_addr =
1566 (bus_addr_t)(uintptr_t)kern_ptr;
1567 io_req->kern_segptr[i].ds_len = alloc_size;
1569 if (size_to_go > 0) {
1570 printf("%s: size_to_go = %zu, software error!\n",
1571 __func__, size_to_go);
1576 *data_ptrs[0] = (uint8_t *)io_req->kern_segptr;
1577 *seg_cnt_ptr = io_req->num_kern_segs;
1580 * We only need to copy data here if the user is writing.
1582 if (dirs[0] == CAM_DIR_OUT)
1583 error = passcopysglist(periph, io_req, dirs[0]);
1586 case CAM_DATA_SG_PADDR: {
1590 * We shouldn't see this, but check just in case.
1593 printf("%s: cannot currently handle more than one "
1594 "S/G list per CCB\n", __func__);
1600 * We have to have at least one segment.
1602 if (num_segs == 0) {
1603 xpt_print(periph->path, "%s: CAM_DATA_SG_PADDR flag "
1604 "set, but sglist_cnt=0!\n", __func__);
1610 * Make sure the user specified the total length and didn't
1611 * just leave it to us to decode the S/G list.
1613 if (lengths[0] == 0) {
1614 xpt_print(periph->path, "%s: no dxfer_len specified, "
1615 "but CAM_DATA_SG flag is set!\n", __func__);
1620 /* Figure out the size of the S/G list */
1621 sg_length = num_segs * sizeof(bus_dma_segment_t);
1622 io_req->num_user_segs = num_segs;
1623 io_req->num_kern_segs = io_req->num_user_segs;
1625 /* Save the user's S/G list pointer for later restoration */
1626 io_req->user_bufs[0] = *data_ptrs[0];
1628 if (num_segs > PASS_MAX_SEGS) {
1629 io_req->user_segptr = malloc(sizeof(bus_dma_segment_t) *
1630 num_segs, M_SCSIPASS, M_WAITOK | M_ZERO);
1631 io_req->flags |= PASS_IO_USER_SEG_MALLOC;
1633 io_req->user_segptr = io_req->user_segs;
1635 io_req->kern_segptr = io_req->user_segptr;
1637 error = copyin(*data_ptrs[0], io_req->user_segptr, sg_length);
1639 xpt_print(periph->path, "%s: copy of user S/G list "
1640 "from %p to %p failed with error %d\n",
1641 __func__, *data_ptrs[0], io_req->user_segptr,
1650 * A user shouldn't be attaching a bio to the CCB. It
1651 * isn't a user-accessible structure.
1659 passiocleanup(softc, io_req);
1665 passmemdone(struct cam_periph *periph, struct pass_io_req *io_req)
1667 struct pass_softc *softc;
1672 softc = (struct pass_softc *)periph->softc;
1674 switch (io_req->data_flags) {
1675 case CAM_DATA_VADDR:
1677 * Copy back to the user buffer if this was a read.
1679 for (i = 0; i < io_req->num_bufs; i++) {
1680 if (io_req->dirs[i] != CAM_DIR_IN)
1683 error = copyout(io_req->kern_bufs[i],
1684 io_req->user_bufs[i], io_req->lengths[i]);
1686 xpt_print(periph->path, "Unable to copy %u "
1687 "bytes from %p to user address %p\n",
1689 io_req->kern_bufs[i],
1690 io_req->user_bufs[i]);
1695 case CAM_DATA_PADDR:
1696 /* Do nothing. The pointer is a physical address already */
1700 * Copy back to the user buffer if this was a read.
1701 * Restore the user's S/G list buffer pointer.
1703 if (io_req->dirs[0] == CAM_DIR_IN)
1704 error = passcopysglist(periph, io_req, io_req->dirs[0]);
1706 case CAM_DATA_SG_PADDR:
1708 * Restore the user's S/G list buffer pointer. No need to
1720 * Reset the user's pointers to their original values and free
1723 passiocleanup(softc, io_req);
1729 passioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td)
1733 if ((error = passdoioctl(dev, cmd, addr, flag, td)) == ENOTTY) {
1734 error = cam_compat_ioctl(dev, cmd, addr, flag, td, passdoioctl);
1740 passdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td)
1742 struct cam_periph *periph;
1743 struct pass_softc *softc;
1747 periph = (struct cam_periph *)dev->si_drv1;
1748 cam_periph_lock(periph);
1749 softc = (struct pass_softc *)periph->softc;
1760 inccb = (union ccb *)addr;
1761 #if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
1762 if (inccb->ccb_h.func_code == XPT_SCSI_IO)
1763 inccb->csio.bio = NULL;
1766 if (inccb->ccb_h.flags & CAM_UNLOCKED) {
1772 * Some CCB types, like scan bus and scan lun can only go
1773 * through the transport layer device.
1775 if (inccb->ccb_h.func_code & XPT_FC_XPT_ONLY) {
1776 xpt_print(periph->path, "CCB function code %#x is "
1777 "restricted to the XPT device\n",
1778 inccb->ccb_h.func_code);
1783 /* Compatibility for RL/priority-unaware code. */
1784 priority = inccb->ccb_h.pinfo.priority;
1785 if (priority <= CAM_PRIORITY_OOB)
1786 priority += CAM_PRIORITY_OOB + 1;
1789 * Non-immediate CCBs need a CCB from the per-device pool
1790 * of CCBs, which is scheduled by the transport layer.
1791 * Immediate CCBs and user-supplied CCBs should just be
1794 if ((inccb->ccb_h.func_code & XPT_FC_QUEUED)
1795 && ((inccb->ccb_h.func_code & XPT_FC_USER_CCB) == 0)) {
1796 ccb = cam_periph_getccb(periph, priority);
1799 ccb = xpt_alloc_ccb_nowait();
1802 xpt_setup_ccb(&ccb->ccb_h, periph->path,
1808 xpt_print(periph->path, "unable to allocate CCB\n");
1813 error = passsendccb(periph, ccb, inccb);
1818 xpt_release_ccb(ccb);
1824 struct pass_io_req *io_req;
1825 union ccb **user_ccb, *ccb;
1828 #ifdef COMPAT_FREEBSD32
1829 if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
1834 if ((softc->flags & PASS_FLAG_ZONE_VALID) == 0) {
1835 error = passcreatezone(periph);
1841 * We're going to do a blocking allocation for this I/O
1842 * request, so we have to drop the lock.
1844 cam_periph_unlock(periph);
1846 io_req = uma_zalloc(softc->pass_zone, M_WAITOK | M_ZERO);
1848 user_ccb = (union ccb **)addr;
1851 * Unlike the CAMIOCOMMAND ioctl above, we only have a
1852 * pointer to the user's CCB, so we have to copy the whole
1853 * thing in to a buffer we have allocated (above) instead
1854 * of allowing the ioctl code to malloc a buffer and copy
1857 * This is an advantage for this asynchronous interface,
1858 * since we don't want the memory to get freed while the
1859 * CCB is outstanding.
1862 xpt_print(periph->path, "Copying user CCB %p to "
1863 "kernel address %p\n", *user_ccb, ccb);
1865 error = copyin(*user_ccb, ccb, sizeof(*ccb));
1867 xpt_print(periph->path, "Copy of user CCB %p to "
1868 "kernel address %p failed with error %d\n",
1869 *user_ccb, ccb, error);
1870 goto camioqueue_error;
1872 #if defined(BUF_TRACKING) || defined(FULL_BUF_TRACKING)
1873 if (ccb->ccb_h.func_code == XPT_SCSI_IO)
1874 ccb->csio.bio = NULL;
1877 if (ccb->ccb_h.flags & CAM_UNLOCKED) {
1879 goto camioqueue_error;
1882 if (ccb->ccb_h.flags & CAM_CDB_POINTER) {
1883 if (ccb->csio.cdb_len > IOCDBLEN) {
1885 goto camioqueue_error;
1887 error = copyin(ccb->csio.cdb_io.cdb_ptr,
1888 ccb->csio.cdb_io.cdb_bytes, ccb->csio.cdb_len);
1890 goto camioqueue_error;
1891 ccb->ccb_h.flags &= ~CAM_CDB_POINTER;
1895 * Some CCB types, like scan bus and scan lun can only go
1896 * through the transport layer device.
1898 if (ccb->ccb_h.func_code & XPT_FC_XPT_ONLY) {
1899 xpt_print(periph->path, "CCB function code %#x is "
1900 "restricted to the XPT device\n",
1901 ccb->ccb_h.func_code);
1903 goto camioqueue_error;
1907 * Save the user's CCB pointer as well as his linked list
1908 * pointers and peripheral private area so that we can
1909 * restore these later.
1911 io_req->user_ccb_ptr = *user_ccb;
1912 io_req->user_periph_links = ccb->ccb_h.periph_links;
1913 io_req->user_periph_priv = ccb->ccb_h.periph_priv;
1916 * Now that we've saved the user's values, we can set our
1917 * own peripheral private entry.
1919 ccb->ccb_h.ccb_ioreq = io_req;
1921 /* Compatibility for RL/priority-unaware code. */
1922 priority = ccb->ccb_h.pinfo.priority;
1923 if (priority <= CAM_PRIORITY_OOB)
1924 priority += CAM_PRIORITY_OOB + 1;
1927 * Setup fields in the CCB like the path and the priority.
1928 * The path in particular cannot be done in userland, since
1929 * it is a pointer to a kernel data structure.
1931 xpt_setup_ccb_flags(&ccb->ccb_h, periph->path, priority,
1935 * Setup our done routine. There is no way for the user to
1936 * have a valid pointer here.
1938 ccb->ccb_h.cbfcnp = passdone;
1940 fc = ccb->ccb_h.func_code;
1942 * If this function code has memory that can be mapped in
1943 * or out, we need to call passmemsetup().
1945 if ((fc == XPT_SCSI_IO) || (fc == XPT_ATA_IO)
1946 || (fc == XPT_SMP_IO) || (fc == XPT_DEV_MATCH)
1947 || (fc == XPT_DEV_ADVINFO)
1948 || (fc == XPT_NVME_ADMIN) || (fc == XPT_NVME_IO)) {
1949 error = passmemsetup(periph, io_req);
1951 goto camioqueue_error;
1953 io_req->mapinfo.num_bufs_used = 0;
1955 cam_periph_lock(periph);
1958 * Everything goes on the incoming queue initially.
1960 TAILQ_INSERT_TAIL(&softc->incoming_queue, io_req, links);
1963 * If the CCB is queued, and is not a user CCB, then
1964 * we need to allocate a slot for it. Call xpt_schedule()
1965 * so that our start routine will get called when a CCB is
1968 if ((fc & XPT_FC_QUEUED)
1969 && ((fc & XPT_FC_USER_CCB) == 0)) {
1970 xpt_schedule(periph, priority);
1975 * At this point, the CCB in question is either an
1976 * immediate CCB (like XPT_DEV_ADVINFO) or it is a user CCB
1977 * and therefore should be malloced, not allocated via a slot.
1978 * Remove the CCB from the incoming queue and add it to the
1981 TAILQ_REMOVE(&softc->incoming_queue, io_req, links);
1982 TAILQ_INSERT_TAIL(&softc->active_queue, io_req, links);
1987 * If this is not a queued CCB (i.e. it is an immediate CCB),
1988 * then it is already done. We need to put it on the done
1989 * queue for the user to fetch.
1991 if ((fc & XPT_FC_QUEUED) == 0) {
1992 TAILQ_REMOVE(&softc->active_queue, io_req, links);
1993 TAILQ_INSERT_TAIL(&softc->done_queue, io_req, links);
1998 uma_zfree(softc->pass_zone, io_req);
1999 cam_periph_lock(periph);
2004 union ccb **user_ccb;
2005 struct pass_io_req *io_req;
2008 #ifdef COMPAT_FREEBSD32
2009 if (SV_PROC_FLAG(td->td_proc, SV_ILP32)) {
2014 user_ccb = (union ccb **)addr;
2017 io_req = TAILQ_FIRST(&softc->done_queue);
2018 if (io_req == NULL) {
2024 * Remove the I/O from the done queue.
2026 TAILQ_REMOVE(&softc->done_queue, io_req, links);
2029 * We have to drop the lock during the copyout because the
2030 * copyout can result in VM faults that require sleeping.
2032 cam_periph_unlock(periph);
2035 * Do any needed copies (e.g. for reads) and revert the
2036 * pointers in the CCB back to the user's pointers.
2038 error = passmemdone(periph, io_req);
2042 io_req->ccb.ccb_h.periph_links = io_req->user_periph_links;
2043 io_req->ccb.ccb_h.periph_priv = io_req->user_periph_priv;
2046 xpt_print(periph->path, "Copying to user CCB %p from "
2047 "kernel address %p\n", *user_ccb, &io_req->ccb);
2050 error = copyout(&io_req->ccb, *user_ccb, sizeof(union ccb));
2052 xpt_print(periph->path, "Copy to user CCB %p from "
2053 "kernel address %p failed with error %d\n",
2054 *user_ccb, &io_req->ccb, error);
2058 * Prefer the first error we got back, and make sure we
2059 * don't overwrite bad status with good.
2064 cam_periph_lock(periph);
2067 * At this point, if there was an error, we could potentially
2068 * re-queue the I/O and try again. But why? The error
2069 * would almost certainly happen again. We might as well
2072 uma_zfree(softc->pass_zone, io_req);
2076 error = cam_periph_ioctl(periph, cmd, addr, passerror);
2081 cam_periph_unlock(periph);
2087 passpoll(struct cdev *dev, int poll_events, struct thread *td)
2089 struct cam_periph *periph;
2090 struct pass_softc *softc;
2093 periph = (struct cam_periph *)dev->si_drv1;
2094 softc = (struct pass_softc *)periph->softc;
2096 revents = poll_events & (POLLOUT | POLLWRNORM);
2097 if ((poll_events & (POLLIN | POLLRDNORM)) != 0) {
2098 cam_periph_lock(periph);
2100 if (!TAILQ_EMPTY(&softc->done_queue)) {
2101 revents |= poll_events & (POLLIN | POLLRDNORM);
2103 cam_periph_unlock(periph);
2105 selrecord(td, &softc->read_select);
2112 passkqfilter(struct cdev *dev, struct knote *kn)
2114 struct cam_periph *periph;
2115 struct pass_softc *softc;
2117 periph = (struct cam_periph *)dev->si_drv1;
2118 softc = (struct pass_softc *)periph->softc;
2120 kn->kn_hook = (caddr_t)periph;
2121 kn->kn_fop = &passread_filtops;
2122 knlist_add(&softc->read_select.si_note, kn, 0);
2128 passreadfiltdetach(struct knote *kn)
2130 struct cam_periph *periph;
2131 struct pass_softc *softc;
2133 periph = (struct cam_periph *)kn->kn_hook;
2134 softc = (struct pass_softc *)periph->softc;
2136 knlist_remove(&softc->read_select.si_note, kn, 0);
2140 passreadfilt(struct knote *kn, long hint)
2142 struct cam_periph *periph;
2143 struct pass_softc *softc;
2146 periph = (struct cam_periph *)kn->kn_hook;
2147 softc = (struct pass_softc *)periph->softc;
2149 cam_periph_assert(periph, MA_OWNED);
2151 if (TAILQ_EMPTY(&softc->done_queue))
2160 * Generally, "ccb" should be the CCB supplied by the kernel. "inccb"
2161 * should be the CCB that is copied in from the user.
2164 passsendccb(struct cam_periph *periph, union ccb *ccb, union ccb *inccb)
2166 struct pass_softc *softc;
2167 struct cam_periph_map_info mapinfo;
2172 softc = (struct pass_softc *)periph->softc;
2175 * There are some fields in the CCB header that need to be
2176 * preserved, the rest we get from the user.
2178 xpt_merge_ccb(ccb, inccb);
2180 if (ccb->ccb_h.flags & CAM_CDB_POINTER) {
2181 cmd = __builtin_alloca(ccb->csio.cdb_len);
2182 error = copyin(ccb->csio.cdb_io.cdb_ptr, cmd, ccb->csio.cdb_len);
2185 ccb->csio.cdb_io.cdb_ptr = cmd;
2189 * Let cam_periph_mapmem do a sanity check on the data pointer format.
2190 * Even if no data transfer is needed, it's a cheap check and it
2191 * simplifies the code.
2193 fc = ccb->ccb_h.func_code;
2194 if ((fc == XPT_SCSI_IO) || (fc == XPT_ATA_IO) || (fc == XPT_SMP_IO)
2195 || (fc == XPT_DEV_MATCH) || (fc == XPT_DEV_ADVINFO) || (fc == XPT_MMC_IO)
2196 || (fc == XPT_NVME_ADMIN) || (fc == XPT_NVME_IO)) {
2197 bzero(&mapinfo, sizeof(mapinfo));
2200 * cam_periph_mapmem calls into proc and vm functions that can
2201 * sleep as well as trigger I/O, so we can't hold the lock.
2202 * Dropping it here is reasonably safe.
2204 cam_periph_unlock(periph);
2205 error = cam_periph_mapmem(ccb, &mapinfo, softc->maxio);
2206 cam_periph_lock(periph);
2209 * cam_periph_mapmem returned an error, we can't continue.
2210 * Return the error to the user.
2215 /* Ensure that the unmap call later on is a no-op. */
2216 mapinfo.num_bufs_used = 0;
2219 * If the user wants us to perform any error recovery, then honor
2220 * that request. Otherwise, it's up to the user to perform any
2223 cam_periph_runccb(ccb, (ccb->ccb_h.flags & CAM_PASS_ERR_RECOVER) ?
2224 passerror : NULL, /* cam_flags */ CAM_RETRY_SELTO,
2225 /* sense_flags */ SF_RETRY_UA | SF_NO_PRINT,
2226 softc->device_stats);
2228 cam_periph_unlock(periph);
2229 cam_periph_unmapmem(ccb, &mapinfo);
2230 cam_periph_lock(periph);
2232 ccb->ccb_h.cbfcnp = NULL;
2233 ccb->ccb_h.periph_priv = inccb->ccb_h.periph_priv;
2234 bcopy(ccb, inccb, sizeof(union ccb));
2240 passerror(union ccb *ccb, u_int32_t cam_flags, u_int32_t sense_flags)
2242 struct cam_periph *periph;
2243 struct pass_softc *softc;
2245 periph = xpt_path_periph(ccb->ccb_h.path);
2246 softc = (struct pass_softc *)periph->softc;
2248 return(cam_periph_error(ccb, cam_flags, sense_flags));
projects / FreeBSD / FreeBSD.git / blob