2 * SBP2 driver (SCSI over IEEE1394)
4 * Copyright (C) 2005-2007 Kristian Hoegsberg <krh@bitplanet.net>
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
16 * You should have received a copy of the GNU General Public License
17 * along with this program; if not, write to the Free Software Foundation,
18 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22 * The basic structure of this driver is based on the old storage driver,
23 * drivers/ieee1394/sbp2.c, originally written by
24 * James Goodwin <jamesg@filanet.com>
25 * with later contributions and ongoing maintenance from
26 * Ben Collins <bcollins@debian.org>,
27 * Stefan Richter <stefanr@s5r6.in-berlin.de>
31 #include <linux/kernel.h>
32 #include <linux/module.h>
33 #include <linux/moduleparam.h>
34 #include <linux/mod_devicetable.h>
35 #include <linux/delay.h>
36 #include <linux/device.h>
37 #include <linux/scatterlist.h>
38 #include <linux/dma-mapping.h>
39 #include <linux/blkdev.h>
40 #include <linux/string.h>
41 #include <linux/stringify.h>
42 #include <linux/timer.h>
43 #include <linux/workqueue.h>
44 #include <asm/system.h>
46 #include <scsi/scsi.h>
47 #include <scsi/scsi_cmnd.h>
48 #include <scsi/scsi_device.h>
49 #include <scsi/scsi_host.h>
51 #include "fw-transaction.h"
52 #include "fw-topology.h"
53 #include "fw-device.h"
56 * So far only bridges from Oxford Semiconductor are known to support
57 * concurrent logins. Depending on firmware, four or two concurrent logins
58 * are possible on OXFW911 and newer Oxsemi bridges.
60 * Concurrent logins are useful together with cluster filesystems.
62 static int sbp2_param_exclusive_login = 1;
63 module_param_named(exclusive_login, sbp2_param_exclusive_login, bool, 0644);
64 MODULE_PARM_DESC(exclusive_login, "Exclusive login to sbp2 device "
65 "(default = Y, use N for concurrent initiators)");
68 * Flags for firmware oddities
70 * - 128kB max transfer
71 * Limit transfer size. Necessary for some old bridges.
74 * When scsi_mod probes the device, let the inquiry command look like that
78 * Suppress sending of mode_sense for mode page 8 if the device pretends to
79 * support the SCSI Primary Block commands instead of Reduced Block Commands.
82 * Tell sd_mod to correct the last sector number reported by read_capacity.
83 * Avoids access beyond actual disk limits on devices with an off-by-one bug.
84 * Don't use this with devices which don't have this bug.
87 * Wait extra SBP2_INQUIRY_DELAY seconds after login before SCSI inquiry.
89 * - override internal blacklist
90 * Instead of adding to the built-in blacklist, use only the workarounds
91 * specified in the module load parameter.
92 * Useful if a blacklist entry interfered with a non-broken device.
94 #define SBP2_WORKAROUND_128K_MAX_TRANS 0x1
95 #define SBP2_WORKAROUND_INQUIRY_36 0x2
96 #define SBP2_WORKAROUND_MODE_SENSE_8 0x4
97 #define SBP2_WORKAROUND_FIX_CAPACITY 0x8
98 #define SBP2_WORKAROUND_DELAY_INQUIRY 0x10
99 #define SBP2_INQUIRY_DELAY 12
100 #define SBP2_WORKAROUND_OVERRIDE 0x100
102 static int sbp2_param_workarounds;
103 module_param_named(workarounds, sbp2_param_workarounds, int, 0644);
104 MODULE_PARM_DESC(workarounds, "Work around device bugs (default = 0"
105 ", 128kB max transfer = " __stringify(SBP2_WORKAROUND_128K_MAX_TRANS)
106 ", 36 byte inquiry = " __stringify(SBP2_WORKAROUND_INQUIRY_36)
107 ", skip mode page 8 = " __stringify(SBP2_WORKAROUND_MODE_SENSE_8)
108 ", fix capacity = " __stringify(SBP2_WORKAROUND_FIX_CAPACITY)
109 ", delay inquiry = " __stringify(SBP2_WORKAROUND_DELAY_INQUIRY)
110 ", override internal blacklist = " __stringify(SBP2_WORKAROUND_OVERRIDE)
111 ", or a combination)");
113 /* I don't know why the SCSI stack doesn't define something like this... */
114 typedef void (*scsi_done_fn_t)(struct scsi_cmnd *);
116 static const char sbp2_driver_name[] = "sbp2";
119 * We create one struct sbp2_logical_unit per SBP-2 Logical Unit Number Entry
120 * and one struct scsi_device per sbp2_logical_unit.
122 struct sbp2_logical_unit {
123 struct sbp2_target *tgt;
124 struct list_head link;
125 struct scsi_device *sdev;
126 struct fw_address_handler address_handler;
127 struct list_head orb_list;
129 u64 command_block_agent_address;
134 * The generation is updated once we've logged in or reconnected
135 * to the logical unit. Thus, I/O to the device will automatically
136 * fail and get retried if it happens in a window where the device
137 * is not ready, e.g. after a bus reset but before we reconnect.
141 struct delayed_work work;
145 * We create one struct sbp2_target per IEEE 1212 Unit Directory
146 * and one struct Scsi_Host per sbp2_target.
150 struct fw_unit *unit;
151 struct list_head lu_list;
153 u64 management_agent_address;
157 unsigned int workarounds;
158 unsigned int mgt_orb_timeout;
162 * Per section 7.4.8 of the SBP-2 spec, a mgt_ORB_timeout value can be
163 * provided in the config rom. Most devices do provide a value, which
164 * we'll use for login management orbs, but with some sane limits.
166 #define SBP2_MIN_LOGIN_ORB_TIMEOUT 5000U /* Timeout in ms */
167 #define SBP2_MAX_LOGIN_ORB_TIMEOUT 40000U /* Timeout in ms */
168 #define SBP2_ORB_TIMEOUT 2000U /* Timeout in ms */
169 #define SBP2_ORB_NULL 0x80000000
170 #define SBP2_MAX_SG_ELEMENT_LENGTH 0xf000
172 #define SBP2_DIRECTION_TO_MEDIA 0x0
173 #define SBP2_DIRECTION_FROM_MEDIA 0x1
175 /* Unit directory keys */
176 #define SBP2_CSR_UNIT_CHARACTERISTICS 0x3a
177 #define SBP2_CSR_FIRMWARE_REVISION 0x3c
178 #define SBP2_CSR_LOGICAL_UNIT_NUMBER 0x14
179 #define SBP2_CSR_LOGICAL_UNIT_DIRECTORY 0xd4
181 /* Management orb opcodes */
182 #define SBP2_LOGIN_REQUEST 0x0
183 #define SBP2_QUERY_LOGINS_REQUEST 0x1
184 #define SBP2_RECONNECT_REQUEST 0x3
185 #define SBP2_SET_PASSWORD_REQUEST 0x4
186 #define SBP2_LOGOUT_REQUEST 0x7
187 #define SBP2_ABORT_TASK_REQUEST 0xb
188 #define SBP2_ABORT_TASK_SET 0xc
189 #define SBP2_LOGICAL_UNIT_RESET 0xe
190 #define SBP2_TARGET_RESET_REQUEST 0xf
192 /* Offsets for command block agent registers */
193 #define SBP2_AGENT_STATE 0x00
194 #define SBP2_AGENT_RESET 0x04
195 #define SBP2_ORB_POINTER 0x08
196 #define SBP2_DOORBELL 0x10
197 #define SBP2_UNSOLICITED_STATUS_ENABLE 0x14
199 /* Status write response codes */
200 #define SBP2_STATUS_REQUEST_COMPLETE 0x0
201 #define SBP2_STATUS_TRANSPORT_FAILURE 0x1
202 #define SBP2_STATUS_ILLEGAL_REQUEST 0x2
203 #define SBP2_STATUS_VENDOR_DEPENDENT 0x3
205 #define STATUS_GET_ORB_HIGH(v) ((v).status & 0xffff)
206 #define STATUS_GET_SBP_STATUS(v) (((v).status >> 16) & 0xff)
207 #define STATUS_GET_LEN(v) (((v).status >> 24) & 0x07)
208 #define STATUS_GET_DEAD(v) (((v).status >> 27) & 0x01)
209 #define STATUS_GET_RESPONSE(v) (((v).status >> 28) & 0x03)
210 #define STATUS_GET_SOURCE(v) (((v).status >> 30) & 0x03)
211 #define STATUS_GET_ORB_LOW(v) ((v).orb_low)
212 #define STATUS_GET_DATA(v) ((v).data)
220 struct sbp2_pointer {
226 struct fw_transaction t;
228 dma_addr_t request_bus;
230 struct sbp2_pointer pointer;
231 void (*callback)(struct sbp2_orb * orb, struct sbp2_status * status);
232 struct list_head link;
235 #define MANAGEMENT_ORB_LUN(v) ((v))
236 #define MANAGEMENT_ORB_FUNCTION(v) ((v) << 16)
237 #define MANAGEMENT_ORB_RECONNECT(v) ((v) << 20)
238 #define MANAGEMENT_ORB_EXCLUSIVE(v) ((v) ? 1 << 28 : 0)
239 #define MANAGEMENT_ORB_REQUEST_FORMAT(v) ((v) << 29)
240 #define MANAGEMENT_ORB_NOTIFY ((1) << 31)
242 #define MANAGEMENT_ORB_RESPONSE_LENGTH(v) ((v))
243 #define MANAGEMENT_ORB_PASSWORD_LENGTH(v) ((v) << 16)
245 struct sbp2_management_orb {
246 struct sbp2_orb base;
248 struct sbp2_pointer password;
249 struct sbp2_pointer response;
252 struct sbp2_pointer status_fifo;
255 dma_addr_t response_bus;
256 struct completion done;
257 struct sbp2_status status;
260 #define LOGIN_RESPONSE_GET_LOGIN_ID(v) ((v).misc & 0xffff)
261 #define LOGIN_RESPONSE_GET_LENGTH(v) (((v).misc >> 16) & 0xffff)
263 struct sbp2_login_response {
265 struct sbp2_pointer command_block_agent;
268 #define COMMAND_ORB_DATA_SIZE(v) ((v))
269 #define COMMAND_ORB_PAGE_SIZE(v) ((v) << 16)
270 #define COMMAND_ORB_PAGE_TABLE_PRESENT ((1) << 19)
271 #define COMMAND_ORB_MAX_PAYLOAD(v) ((v) << 20)
272 #define COMMAND_ORB_SPEED(v) ((v) << 24)
273 #define COMMAND_ORB_DIRECTION(v) ((v) << 27)
274 #define COMMAND_ORB_REQUEST_FORMAT(v) ((v) << 29)
275 #define COMMAND_ORB_NOTIFY ((1) << 31)
277 struct sbp2_command_orb {
278 struct sbp2_orb base;
280 struct sbp2_pointer next;
281 struct sbp2_pointer data_descriptor;
283 u8 command_block[12];
285 struct scsi_cmnd *cmd;
287 struct sbp2_logical_unit *lu;
289 struct sbp2_pointer page_table[SG_ALL] __attribute__((aligned(8)));
290 dma_addr_t page_table_bus;
294 * List of devices with known bugs.
296 * The firmware_revision field, masked with 0xffff00, is the best
297 * indicator for the type of bridge chip of a device. It yields a few
298 * false positives but this did not break correctly behaving devices
299 * so far. We use ~0 as a wildcard, since the 24 bit values we get
300 * from the config rom can never match that.
302 static const struct {
303 u32 firmware_revision;
305 unsigned int workarounds;
306 } sbp2_workarounds_table[] = {
307 /* DViCO Momobay CX-1 with TSB42AA9 bridge */ {
308 .firmware_revision = 0x002800,
310 .workarounds = SBP2_WORKAROUND_INQUIRY_36 |
311 SBP2_WORKAROUND_MODE_SENSE_8,
313 /* DViCO Momobay FX-3A with TSB42AA9A bridge */ {
314 .firmware_revision = 0x002800,
316 .workarounds = SBP2_WORKAROUND_DELAY_INQUIRY,
318 /* Initio bridges, actually only needed for some older ones */ {
319 .firmware_revision = 0x000200,
321 .workarounds = SBP2_WORKAROUND_INQUIRY_36,
323 /* Symbios bridge */ {
324 .firmware_revision = 0xa0b800,
326 .workarounds = SBP2_WORKAROUND_128K_MAX_TRANS,
330 * There are iPods (2nd gen, 3rd gen) with model_id == 0, but
331 * these iPods do not feature the read_capacity bug according
332 * to one report. Read_capacity behaviour as well as model_id
333 * could change due to Apple-supplied firmware updates though.
336 /* iPod 4th generation. */ {
337 .firmware_revision = 0x0a2700,
339 .workarounds = SBP2_WORKAROUND_FIX_CAPACITY,
342 .firmware_revision = 0x0a2700,
344 .workarounds = SBP2_WORKAROUND_FIX_CAPACITY,
347 .firmware_revision = 0x0a2700,
349 .workarounds = SBP2_WORKAROUND_FIX_CAPACITY,
354 free_orb(struct kref *kref)
356 struct sbp2_orb *orb = container_of(kref, struct sbp2_orb, kref);
362 sbp2_status_write(struct fw_card *card, struct fw_request *request,
363 int tcode, int destination, int source,
364 int generation, int speed,
365 unsigned long long offset,
366 void *payload, size_t length, void *callback_data)
368 struct sbp2_logical_unit *lu = callback_data;
369 struct sbp2_orb *orb;
370 struct sbp2_status status;
374 if (tcode != TCODE_WRITE_BLOCK_REQUEST ||
375 length == 0 || length > sizeof(status)) {
376 fw_send_response(card, request, RCODE_TYPE_ERROR);
380 header_size = min(length, 2 * sizeof(u32));
381 fw_memcpy_from_be32(&status, payload, header_size);
382 if (length > header_size)
383 memcpy(status.data, payload + 8, length - header_size);
384 if (STATUS_GET_SOURCE(status) == 2 || STATUS_GET_SOURCE(status) == 3) {
385 fw_notify("non-orb related status write, not handled\n");
386 fw_send_response(card, request, RCODE_COMPLETE);
390 /* Lookup the orb corresponding to this status write. */
391 spin_lock_irqsave(&card->lock, flags);
392 list_for_each_entry(orb, &lu->orb_list, link) {
393 if (STATUS_GET_ORB_HIGH(status) == 0 &&
394 STATUS_GET_ORB_LOW(status) == orb->request_bus) {
395 orb->rcode = RCODE_COMPLETE;
396 list_del(&orb->link);
400 spin_unlock_irqrestore(&card->lock, flags);
402 if (&orb->link != &lu->orb_list)
403 orb->callback(orb, &status);
405 fw_error("status write for unknown orb\n");
407 kref_put(&orb->kref, free_orb);
409 fw_send_response(card, request, RCODE_COMPLETE);
413 complete_transaction(struct fw_card *card, int rcode,
414 void *payload, size_t length, void *data)
416 struct sbp2_orb *orb = data;
420 * This is a little tricky. We can get the status write for
421 * the orb before we get this callback. The status write
422 * handler above will assume the orb pointer transaction was
423 * successful and set the rcode to RCODE_COMPLETE for the orb.
424 * So this callback only sets the rcode if it hasn't already
425 * been set and only does the cleanup if the transaction
426 * failed and we didn't already get a status write.
428 spin_lock_irqsave(&card->lock, flags);
430 if (orb->rcode == -1)
432 if (orb->rcode != RCODE_COMPLETE) {
433 list_del(&orb->link);
434 spin_unlock_irqrestore(&card->lock, flags);
435 orb->callback(orb, NULL);
437 spin_unlock_irqrestore(&card->lock, flags);
440 kref_put(&orb->kref, free_orb);
444 sbp2_send_orb(struct sbp2_orb *orb, struct sbp2_logical_unit *lu,
445 int node_id, int generation, u64 offset)
447 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
450 orb->pointer.high = 0;
451 orb->pointer.low = orb->request_bus;
452 fw_memcpy_to_be32(&orb->pointer, &orb->pointer, sizeof(orb->pointer));
454 spin_lock_irqsave(&device->card->lock, flags);
455 list_add_tail(&orb->link, &lu->orb_list);
456 spin_unlock_irqrestore(&device->card->lock, flags);
458 /* Take a ref for the orb list and for the transaction callback. */
459 kref_get(&orb->kref);
460 kref_get(&orb->kref);
462 fw_send_request(device->card, &orb->t, TCODE_WRITE_BLOCK_REQUEST,
463 node_id, generation, device->max_speed, offset,
464 &orb->pointer, sizeof(orb->pointer),
465 complete_transaction, orb);
468 static int sbp2_cancel_orbs(struct sbp2_logical_unit *lu)
470 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
471 struct sbp2_orb *orb, *next;
472 struct list_head list;
474 int retval = -ENOENT;
476 INIT_LIST_HEAD(&list);
477 spin_lock_irqsave(&device->card->lock, flags);
478 list_splice_init(&lu->orb_list, &list);
479 spin_unlock_irqrestore(&device->card->lock, flags);
481 list_for_each_entry_safe(orb, next, &list, link) {
483 if (fw_cancel_transaction(device->card, &orb->t) == 0)
486 orb->rcode = RCODE_CANCELLED;
487 orb->callback(orb, NULL);
494 complete_management_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
496 struct sbp2_management_orb *orb =
497 container_of(base_orb, struct sbp2_management_orb, base);
500 memcpy(&orb->status, status, sizeof(*status));
501 complete(&orb->done);
505 sbp2_send_management_orb(struct sbp2_logical_unit *lu, int node_id,
506 int generation, int function, int lun_or_login_id,
509 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
510 struct sbp2_management_orb *orb;
511 unsigned int timeout;
512 int retval = -ENOMEM;
514 if (function == SBP2_LOGOUT_REQUEST && fw_device_is_shutdown(device))
517 orb = kzalloc(sizeof(*orb), GFP_ATOMIC);
521 kref_init(&orb->base.kref);
523 dma_map_single(device->card->device, &orb->response,
524 sizeof(orb->response), DMA_FROM_DEVICE);
525 if (dma_mapping_error(orb->response_bus))
526 goto fail_mapping_response;
528 orb->request.response.high = 0;
529 orb->request.response.low = orb->response_bus;
532 MANAGEMENT_ORB_NOTIFY |
533 MANAGEMENT_ORB_FUNCTION(function) |
534 MANAGEMENT_ORB_LUN(lun_or_login_id);
535 orb->request.length =
536 MANAGEMENT_ORB_RESPONSE_LENGTH(sizeof(orb->response));
538 orb->request.status_fifo.high = lu->address_handler.offset >> 32;
539 orb->request.status_fifo.low = lu->address_handler.offset;
541 if (function == SBP2_LOGIN_REQUEST) {
542 /* Ask for 2^2 == 4 seconds reconnect grace period */
544 MANAGEMENT_ORB_RECONNECT(2) |
545 MANAGEMENT_ORB_EXCLUSIVE(sbp2_param_exclusive_login);
546 timeout = lu->tgt->mgt_orb_timeout;
548 timeout = SBP2_ORB_TIMEOUT;
551 fw_memcpy_to_be32(&orb->request, &orb->request, sizeof(orb->request));
553 init_completion(&orb->done);
554 orb->base.callback = complete_management_orb;
556 orb->base.request_bus =
557 dma_map_single(device->card->device, &orb->request,
558 sizeof(orb->request), DMA_TO_DEVICE);
559 if (dma_mapping_error(orb->base.request_bus))
560 goto fail_mapping_request;
562 sbp2_send_orb(&orb->base, lu, node_id, generation,
563 lu->tgt->management_agent_address);
565 wait_for_completion_timeout(&orb->done, msecs_to_jiffies(timeout));
568 if (sbp2_cancel_orbs(lu) == 0) {
569 fw_error("orb reply timed out, rcode=0x%02x\n",
574 if (orb->base.rcode != RCODE_COMPLETE) {
575 fw_error("management write failed, rcode 0x%02x\n",
580 if (STATUS_GET_RESPONSE(orb->status) != 0 ||
581 STATUS_GET_SBP_STATUS(orb->status) != 0) {
582 fw_error("error status: %d:%d\n",
583 STATUS_GET_RESPONSE(orb->status),
584 STATUS_GET_SBP_STATUS(orb->status));
590 dma_unmap_single(device->card->device, orb->base.request_bus,
591 sizeof(orb->request), DMA_TO_DEVICE);
592 fail_mapping_request:
593 dma_unmap_single(device->card->device, orb->response_bus,
594 sizeof(orb->response), DMA_FROM_DEVICE);
595 fail_mapping_response:
597 fw_memcpy_from_be32(response,
598 orb->response, sizeof(orb->response));
599 kref_put(&orb->base.kref, free_orb);
605 complete_agent_reset_write(struct fw_card *card, int rcode,
606 void *payload, size_t length, void *data)
608 struct fw_transaction *t = data;
613 static int sbp2_agent_reset(struct sbp2_logical_unit *lu)
615 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
616 struct fw_transaction *t;
619 t = kzalloc(sizeof(*t), GFP_ATOMIC);
623 fw_send_request(device->card, t, TCODE_WRITE_QUADLET_REQUEST,
624 lu->tgt->node_id, lu->generation, device->max_speed,
625 lu->command_block_agent_address + SBP2_AGENT_RESET,
626 &zero, sizeof(zero), complete_agent_reset_write, t);
631 static void sbp2_release_target(struct kref *kref)
633 struct sbp2_target *tgt = container_of(kref, struct sbp2_target, kref);
634 struct sbp2_logical_unit *lu, *next;
635 struct Scsi_Host *shost =
636 container_of((void *)tgt, struct Scsi_Host, hostdata[0]);
638 list_for_each_entry_safe(lu, next, &tgt->lu_list, link) {
640 scsi_remove_device(lu->sdev);
642 sbp2_send_management_orb(lu, tgt->node_id, lu->generation,
643 SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
645 fw_core_remove_address_handler(&lu->address_handler);
649 scsi_remove_host(shost);
650 fw_notify("released %s\n", tgt->unit->device.bus_id);
652 put_device(&tgt->unit->device);
653 scsi_host_put(shost);
656 static struct workqueue_struct *sbp2_wq;
659 * Always get the target's kref when scheduling work on one its units.
660 * Each workqueue job is responsible to call sbp2_target_put() upon return.
662 static void sbp2_queue_work(struct sbp2_logical_unit *lu, unsigned long delay)
664 if (queue_delayed_work(sbp2_wq, &lu->work, delay))
665 kref_get(&lu->tgt->kref);
668 static void sbp2_target_put(struct sbp2_target *tgt)
670 kref_put(&tgt->kref, sbp2_release_target);
673 static void sbp2_reconnect(struct work_struct *work);
675 static void sbp2_login(struct work_struct *work)
677 struct sbp2_logical_unit *lu =
678 container_of(work, struct sbp2_logical_unit, work.work);
679 struct Scsi_Host *shost =
680 container_of((void *)lu->tgt, struct Scsi_Host, hostdata[0]);
681 struct scsi_device *sdev;
682 struct scsi_lun eight_bytes_lun;
683 struct fw_unit *unit = lu->tgt->unit;
684 struct fw_device *device = fw_device(unit->device.parent);
685 struct sbp2_login_response response;
686 int generation, node_id, local_node_id;
688 if (fw_device_is_shutdown(device))
691 generation = device->generation;
692 smp_rmb(); /* node_id must not be older than generation */
693 node_id = device->node_id;
694 local_node_id = device->card->node_id;
696 if (sbp2_send_management_orb(lu, node_id, generation,
697 SBP2_LOGIN_REQUEST, lu->lun, &response) < 0) {
698 if (lu->retries++ < 5)
699 sbp2_queue_work(lu, DIV_ROUND_UP(HZ, 5));
701 fw_error("failed to login to %s LUN %04x\n",
702 unit->device.bus_id, lu->lun);
706 lu->generation = generation;
707 lu->tgt->node_id = node_id;
708 lu->tgt->address_high = local_node_id << 16;
710 /* Get command block agent offset and login id. */
711 lu->command_block_agent_address =
712 ((u64) (response.command_block_agent.high & 0xffff) << 32) |
713 response.command_block_agent.low;
714 lu->login_id = LOGIN_RESPONSE_GET_LOGIN_ID(response);
716 fw_notify("logged in to %s LUN %04x (%d retries)\n",
717 unit->device.bus_id, lu->lun, lu->retries);
720 /* FIXME: The linux1394 sbp2 does this last step. */
721 sbp2_set_busy_timeout(scsi_id);
724 PREPARE_DELAYED_WORK(&lu->work, sbp2_reconnect);
725 sbp2_agent_reset(lu);
727 if (lu->tgt->workarounds & SBP2_WORKAROUND_DELAY_INQUIRY)
728 ssleep(SBP2_INQUIRY_DELAY);
730 memset(&eight_bytes_lun, 0, sizeof(eight_bytes_lun));
731 eight_bytes_lun.scsi_lun[0] = (lu->lun >> 8) & 0xff;
732 eight_bytes_lun.scsi_lun[1] = lu->lun & 0xff;
734 sdev = __scsi_add_device(shost, 0, 0,
735 scsilun_to_int(&eight_bytes_lun), lu);
737 smp_rmb(); /* generation may have changed */
738 generation = device->generation;
739 smp_rmb(); /* node_id must not be older than generation */
741 sbp2_send_management_orb(lu, device->node_id, generation,
742 SBP2_LOGOUT_REQUEST, lu->login_id, NULL);
744 * Set this back to sbp2_login so we fall back and
745 * retry login on bus reset.
747 PREPARE_DELAYED_WORK(&lu->work, sbp2_login);
750 scsi_device_put(sdev);
753 sbp2_target_put(lu->tgt);
756 static int sbp2_add_logical_unit(struct sbp2_target *tgt, int lun_entry)
758 struct sbp2_logical_unit *lu;
760 lu = kmalloc(sizeof(*lu), GFP_KERNEL);
764 lu->address_handler.length = 0x100;
765 lu->address_handler.address_callback = sbp2_status_write;
766 lu->address_handler.callback_data = lu;
768 if (fw_core_add_address_handler(&lu->address_handler,
769 &fw_high_memory_region) < 0) {
776 lu->lun = lun_entry & 0xffff;
778 INIT_LIST_HEAD(&lu->orb_list);
779 INIT_DELAYED_WORK(&lu->work, sbp2_login);
781 list_add_tail(&lu->link, &tgt->lu_list);
785 static int sbp2_scan_logical_unit_dir(struct sbp2_target *tgt, u32 *directory)
787 struct fw_csr_iterator ci;
790 fw_csr_iterator_init(&ci, directory);
791 while (fw_csr_iterator_next(&ci, &key, &value))
792 if (key == SBP2_CSR_LOGICAL_UNIT_NUMBER &&
793 sbp2_add_logical_unit(tgt, value) < 0)
798 static int sbp2_scan_unit_dir(struct sbp2_target *tgt, u32 *directory,
799 u32 *model, u32 *firmware_revision)
801 struct fw_csr_iterator ci;
803 unsigned int timeout;
805 fw_csr_iterator_init(&ci, directory);
806 while (fw_csr_iterator_next(&ci, &key, &value)) {
809 case CSR_DEPENDENT_INFO | CSR_OFFSET:
810 tgt->management_agent_address =
811 CSR_REGISTER_BASE + 4 * value;
814 case CSR_DIRECTORY_ID:
815 tgt->directory_id = value;
822 case SBP2_CSR_FIRMWARE_REVISION:
823 *firmware_revision = value;
826 case SBP2_CSR_UNIT_CHARACTERISTICS:
827 /* the timeout value is stored in 500ms units */
828 timeout = ((unsigned int) value >> 8 & 0xff) * 500;
829 timeout = max(timeout, SBP2_MIN_LOGIN_ORB_TIMEOUT);
830 tgt->mgt_orb_timeout =
831 min(timeout, SBP2_MAX_LOGIN_ORB_TIMEOUT);
833 if (timeout > tgt->mgt_orb_timeout)
834 fw_notify("%s: config rom contains %ds "
835 "management ORB timeout, limiting "
836 "to %ds\n", tgt->unit->device.bus_id,
838 tgt->mgt_orb_timeout / 1000);
841 case SBP2_CSR_LOGICAL_UNIT_NUMBER:
842 if (sbp2_add_logical_unit(tgt, value) < 0)
846 case SBP2_CSR_LOGICAL_UNIT_DIRECTORY:
847 if (sbp2_scan_logical_unit_dir(tgt, ci.p + value) < 0)
855 static void sbp2_init_workarounds(struct sbp2_target *tgt, u32 model,
856 u32 firmware_revision)
859 unsigned int w = sbp2_param_workarounds;
862 fw_notify("Please notify linux1394-devel@lists.sourceforge.net "
863 "if you need the workarounds parameter for %s\n",
864 tgt->unit->device.bus_id);
866 if (w & SBP2_WORKAROUND_OVERRIDE)
869 for (i = 0; i < ARRAY_SIZE(sbp2_workarounds_table); i++) {
871 if (sbp2_workarounds_table[i].firmware_revision !=
872 (firmware_revision & 0xffffff00))
875 if (sbp2_workarounds_table[i].model != model &&
876 sbp2_workarounds_table[i].model != ~0)
879 w |= sbp2_workarounds_table[i].workarounds;
884 fw_notify("Workarounds for %s: 0x%x "
885 "(firmware_revision 0x%06x, model_id 0x%06x)\n",
886 tgt->unit->device.bus_id,
887 w, firmware_revision, model);
888 tgt->workarounds = w;
891 static struct scsi_host_template scsi_driver_template;
893 static int sbp2_probe(struct device *dev)
895 struct fw_unit *unit = fw_unit(dev);
896 struct fw_device *device = fw_device(unit->device.parent);
897 struct sbp2_target *tgt;
898 struct sbp2_logical_unit *lu;
899 struct Scsi_Host *shost;
900 u32 model, firmware_revision;
902 shost = scsi_host_alloc(&scsi_driver_template, sizeof(*tgt));
906 tgt = (struct sbp2_target *)shost->hostdata;
907 unit->device.driver_data = tgt;
909 kref_init(&tgt->kref);
910 INIT_LIST_HEAD(&tgt->lu_list);
912 if (fw_device_enable_phys_dma(device) < 0)
915 if (scsi_add_host(shost, &unit->device) < 0)
918 /* Initialize to values that won't match anything in our table. */
919 firmware_revision = 0xff000000;
922 /* implicit directory ID */
923 tgt->directory_id = ((unit->directory - device->config_rom) * 4
924 + CSR_CONFIG_ROM) & 0xffffff;
926 if (sbp2_scan_unit_dir(tgt, unit->directory, &model,
927 &firmware_revision) < 0)
930 sbp2_init_workarounds(tgt, model, firmware_revision);
932 get_device(&unit->device);
934 /* Do the login in a workqueue so we can easily reschedule retries. */
935 list_for_each_entry(lu, &tgt->lu_list, link)
936 sbp2_queue_work(lu, 0);
940 sbp2_target_put(tgt);
944 scsi_host_put(shost);
948 static int sbp2_remove(struct device *dev)
950 struct fw_unit *unit = fw_unit(dev);
951 struct sbp2_target *tgt = unit->device.driver_data;
953 sbp2_target_put(tgt);
957 static void sbp2_reconnect(struct work_struct *work)
959 struct sbp2_logical_unit *lu =
960 container_of(work, struct sbp2_logical_unit, work.work);
961 struct fw_unit *unit = lu->tgt->unit;
962 struct fw_device *device = fw_device(unit->device.parent);
963 int generation, node_id, local_node_id;
965 if (fw_device_is_shutdown(device))
968 generation = device->generation;
969 smp_rmb(); /* node_id must not be older than generation */
970 node_id = device->node_id;
971 local_node_id = device->card->node_id;
973 if (sbp2_send_management_orb(lu, node_id, generation,
974 SBP2_RECONNECT_REQUEST,
975 lu->login_id, NULL) < 0) {
976 if (lu->retries++ >= 5) {
977 fw_error("failed to reconnect to %s\n",
978 unit->device.bus_id);
979 /* Fall back and try to log in again. */
981 PREPARE_DELAYED_WORK(&lu->work, sbp2_login);
983 sbp2_queue_work(lu, DIV_ROUND_UP(HZ, 5));
987 lu->generation = generation;
988 lu->tgt->node_id = node_id;
989 lu->tgt->address_high = local_node_id << 16;
991 fw_notify("reconnected to %s LUN %04x (%d retries)\n",
992 unit->device.bus_id, lu->lun, lu->retries);
994 sbp2_agent_reset(lu);
995 sbp2_cancel_orbs(lu);
997 sbp2_target_put(lu->tgt);
1000 static void sbp2_update(struct fw_unit *unit)
1002 struct sbp2_target *tgt = unit->device.driver_data;
1003 struct sbp2_logical_unit *lu;
1005 fw_device_enable_phys_dma(fw_device(unit->device.parent));
1008 * Fw-core serializes sbp2_update() against sbp2_remove().
1009 * Iteration over tgt->lu_list is therefore safe here.
1011 list_for_each_entry(lu, &tgt->lu_list, link) {
1013 sbp2_queue_work(lu, 0);
1017 #define SBP2_UNIT_SPEC_ID_ENTRY 0x0000609e
1018 #define SBP2_SW_VERSION_ENTRY 0x00010483
1020 static const struct fw_device_id sbp2_id_table[] = {
1022 .match_flags = FW_MATCH_SPECIFIER_ID | FW_MATCH_VERSION,
1023 .specifier_id = SBP2_UNIT_SPEC_ID_ENTRY,
1024 .version = SBP2_SW_VERSION_ENTRY,
1029 static struct fw_driver sbp2_driver = {
1031 .owner = THIS_MODULE,
1032 .name = sbp2_driver_name,
1033 .bus = &fw_bus_type,
1034 .probe = sbp2_probe,
1035 .remove = sbp2_remove,
1037 .update = sbp2_update,
1038 .id_table = sbp2_id_table,
1042 sbp2_status_to_sense_data(u8 *sbp2_status, u8 *sense_data)
1046 sense_data[0] = 0x70;
1047 sense_data[1] = 0x0;
1048 sense_data[2] = sbp2_status[1];
1049 sense_data[3] = sbp2_status[4];
1050 sense_data[4] = sbp2_status[5];
1051 sense_data[5] = sbp2_status[6];
1052 sense_data[6] = sbp2_status[7];
1054 sense_data[8] = sbp2_status[8];
1055 sense_data[9] = sbp2_status[9];
1056 sense_data[10] = sbp2_status[10];
1057 sense_data[11] = sbp2_status[11];
1058 sense_data[12] = sbp2_status[2];
1059 sense_data[13] = sbp2_status[3];
1060 sense_data[14] = sbp2_status[12];
1061 sense_data[15] = sbp2_status[13];
1063 sam_status = sbp2_status[0] & 0x3f;
1065 switch (sam_status) {
1067 case SAM_STAT_CHECK_CONDITION:
1068 case SAM_STAT_CONDITION_MET:
1070 case SAM_STAT_RESERVATION_CONFLICT:
1071 case SAM_STAT_COMMAND_TERMINATED:
1072 return DID_OK << 16 | sam_status;
1075 return DID_ERROR << 16;
1080 complete_command_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
1082 struct sbp2_command_orb *orb =
1083 container_of(base_orb, struct sbp2_command_orb, base);
1084 struct fw_device *device = fw_device(orb->lu->tgt->unit->device.parent);
1087 if (status != NULL) {
1088 if (STATUS_GET_DEAD(*status))
1089 sbp2_agent_reset(orb->lu);
1091 switch (STATUS_GET_RESPONSE(*status)) {
1092 case SBP2_STATUS_REQUEST_COMPLETE:
1093 result = DID_OK << 16;
1095 case SBP2_STATUS_TRANSPORT_FAILURE:
1096 result = DID_BUS_BUSY << 16;
1098 case SBP2_STATUS_ILLEGAL_REQUEST:
1099 case SBP2_STATUS_VENDOR_DEPENDENT:
1101 result = DID_ERROR << 16;
1105 if (result == DID_OK << 16 && STATUS_GET_LEN(*status) > 1)
1106 result = sbp2_status_to_sense_data(STATUS_GET_DATA(*status),
1107 orb->cmd->sense_buffer);
1110 * If the orb completes with status == NULL, something
1111 * went wrong, typically a bus reset happened mid-orb
1112 * or when sending the write (less likely).
1114 result = DID_BUS_BUSY << 16;
1117 dma_unmap_single(device->card->device, orb->base.request_bus,
1118 sizeof(orb->request), DMA_TO_DEVICE);
1120 if (scsi_sg_count(orb->cmd) > 0)
1121 dma_unmap_sg(device->card->device, scsi_sglist(orb->cmd),
1122 scsi_sg_count(orb->cmd),
1123 orb->cmd->sc_data_direction);
1125 if (orb->page_table_bus != 0)
1126 dma_unmap_single(device->card->device, orb->page_table_bus,
1127 sizeof(orb->page_table), DMA_TO_DEVICE);
1129 orb->cmd->result = result;
1130 orb->done(orb->cmd);
1134 sbp2_map_scatterlist(struct sbp2_command_orb *orb, struct fw_device *device,
1135 struct sbp2_logical_unit *lu)
1137 struct scatterlist *sg;
1138 int sg_len, l, i, j, count;
1141 sg = scsi_sglist(orb->cmd);
1142 count = dma_map_sg(device->card->device, sg, scsi_sg_count(orb->cmd),
1143 orb->cmd->sc_data_direction);
1148 * Handle the special case where there is only one element in
1149 * the scatter list by converting it to an immediate block
1150 * request. This is also a workaround for broken devices such
1151 * as the second generation iPod which doesn't support page
1154 if (count == 1 && sg_dma_len(sg) < SBP2_MAX_SG_ELEMENT_LENGTH) {
1155 orb->request.data_descriptor.high = lu->tgt->address_high;
1156 orb->request.data_descriptor.low = sg_dma_address(sg);
1157 orb->request.misc |= COMMAND_ORB_DATA_SIZE(sg_dma_len(sg));
1162 * Convert the scatterlist to an sbp2 page table. If any
1163 * scatterlist entries are too big for sbp2, we split them as we
1164 * go. Even if we ask the block I/O layer to not give us sg
1165 * elements larger than 65535 bytes, some IOMMUs may merge sg elements
1166 * during DMA mapping, and Linux currently doesn't prevent this.
1168 for (i = 0, j = 0; i < count; i++, sg = sg_next(sg)) {
1169 sg_len = sg_dma_len(sg);
1170 sg_addr = sg_dma_address(sg);
1172 /* FIXME: This won't get us out of the pinch. */
1173 if (unlikely(j >= ARRAY_SIZE(orb->page_table))) {
1174 fw_error("page table overflow\n");
1175 goto fail_page_table;
1177 l = min(sg_len, SBP2_MAX_SG_ELEMENT_LENGTH);
1178 orb->page_table[j].low = sg_addr;
1179 orb->page_table[j].high = (l << 16);
1186 fw_memcpy_to_be32(orb->page_table, orb->page_table,
1187 sizeof(orb->page_table[0]) * j);
1188 orb->page_table_bus =
1189 dma_map_single(device->card->device, orb->page_table,
1190 sizeof(orb->page_table), DMA_TO_DEVICE);
1191 if (dma_mapping_error(orb->page_table_bus))
1192 goto fail_page_table;
1195 * The data_descriptor pointer is the one case where we need
1196 * to fill in the node ID part of the address. All other
1197 * pointers assume that the data referenced reside on the
1198 * initiator (i.e. us), but data_descriptor can refer to data
1199 * on other nodes so we need to put our ID in descriptor.high.
1201 orb->request.data_descriptor.high = lu->tgt->address_high;
1202 orb->request.data_descriptor.low = orb->page_table_bus;
1203 orb->request.misc |=
1204 COMMAND_ORB_PAGE_TABLE_PRESENT |
1205 COMMAND_ORB_DATA_SIZE(j);
1210 dma_unmap_sg(device->card->device, sg, scsi_sg_count(orb->cmd),
1211 orb->cmd->sc_data_direction);
1216 /* SCSI stack integration */
1218 static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
1220 struct sbp2_logical_unit *lu = cmd->device->hostdata;
1221 struct fw_device *device = fw_device(lu->tgt->unit->device.parent);
1222 struct sbp2_command_orb *orb;
1223 unsigned int max_payload;
1224 int retval = SCSI_MLQUEUE_HOST_BUSY;
1227 * Bidirectional commands are not yet implemented, and unknown
1228 * transfer direction not handled.
1230 if (cmd->sc_data_direction == DMA_BIDIRECTIONAL) {
1231 fw_error("Can't handle DMA_BIDIRECTIONAL, rejecting command\n");
1232 cmd->result = DID_ERROR << 16;
1237 orb = kzalloc(sizeof(*orb), GFP_ATOMIC);
1239 fw_notify("failed to alloc orb\n");
1240 return SCSI_MLQUEUE_HOST_BUSY;
1243 /* Initialize rcode to something not RCODE_COMPLETE. */
1244 orb->base.rcode = -1;
1245 kref_init(&orb->base.kref);
1251 orb->request.next.high = SBP2_ORB_NULL;
1252 orb->request.next.low = 0x0;
1254 * At speed 100 we can do 512 bytes per packet, at speed 200,
1255 * 1024 bytes per packet etc. The SBP-2 max_payload field
1256 * specifies the max payload size as 2 ^ (max_payload + 2), so
1257 * if we set this to max_speed + 7, we get the right value.
1259 max_payload = min(device->max_speed + 7,
1260 device->card->max_receive - 1);
1262 COMMAND_ORB_MAX_PAYLOAD(max_payload) |
1263 COMMAND_ORB_SPEED(device->max_speed) |
1266 if (cmd->sc_data_direction == DMA_FROM_DEVICE)
1267 orb->request.misc |=
1268 COMMAND_ORB_DIRECTION(SBP2_DIRECTION_FROM_MEDIA);
1269 else if (cmd->sc_data_direction == DMA_TO_DEVICE)
1270 orb->request.misc |=
1271 COMMAND_ORB_DIRECTION(SBP2_DIRECTION_TO_MEDIA);
1273 if (scsi_sg_count(cmd) && sbp2_map_scatterlist(orb, device, lu) < 0)
1276 fw_memcpy_to_be32(&orb->request, &orb->request, sizeof(orb->request));
1278 memset(orb->request.command_block,
1279 0, sizeof(orb->request.command_block));
1280 memcpy(orb->request.command_block, cmd->cmnd, COMMAND_SIZE(*cmd->cmnd));
1282 orb->base.callback = complete_command_orb;
1283 orb->base.request_bus =
1284 dma_map_single(device->card->device, &orb->request,
1285 sizeof(orb->request), DMA_TO_DEVICE);
1286 if (dma_mapping_error(orb->base.request_bus))
1289 sbp2_send_orb(&orb->base, lu, lu->tgt->node_id, lu->generation,
1290 lu->command_block_agent_address + SBP2_ORB_POINTER);
1293 kref_put(&orb->base.kref, free_orb);
1297 static int sbp2_scsi_slave_alloc(struct scsi_device *sdev)
1299 struct sbp2_logical_unit *lu = sdev->hostdata;
1301 sdev->allow_restart = 1;
1304 * Update the dma alignment (minimum alignment requirements for
1305 * start and end of DMA transfers) to be a sector
1307 blk_queue_update_dma_alignment(sdev->request_queue, 511);
1309 if (lu->tgt->workarounds & SBP2_WORKAROUND_INQUIRY_36)
1310 sdev->inquiry_len = 36;
1315 static int sbp2_scsi_slave_configure(struct scsi_device *sdev)
1317 struct sbp2_logical_unit *lu = sdev->hostdata;
1319 sdev->use_10_for_rw = 1;
1321 if (sdev->type == TYPE_ROM)
1322 sdev->use_10_for_ms = 1;
1324 if (sdev->type == TYPE_DISK &&
1325 lu->tgt->workarounds & SBP2_WORKAROUND_MODE_SENSE_8)
1326 sdev->skip_ms_page_8 = 1;
1328 if (lu->tgt->workarounds & SBP2_WORKAROUND_FIX_CAPACITY)
1329 sdev->fix_capacity = 1;
1331 if (lu->tgt->workarounds & SBP2_WORKAROUND_128K_MAX_TRANS)
1332 blk_queue_max_sectors(sdev->request_queue, 128 * 1024 / 512);
1338 * Called by scsi stack when something has really gone wrong. Usually
1339 * called when a command has timed-out for some reason.
1341 static int sbp2_scsi_abort(struct scsi_cmnd *cmd)
1343 struct sbp2_logical_unit *lu = cmd->device->hostdata;
1345 fw_notify("sbp2_scsi_abort\n");
1346 sbp2_agent_reset(lu);
1347 sbp2_cancel_orbs(lu);
1353 * Format of /sys/bus/scsi/devices/.../ieee1394_id:
1354 * u64 EUI-64 : u24 directory_ID : u16 LUN (all printed in hexadecimal)
1356 * This is the concatenation of target port identifier and logical unit
1357 * identifier as per SAM-2...SAM-4 annex A.
1360 sbp2_sysfs_ieee1394_id_show(struct device *dev, struct device_attribute *attr,
1363 struct scsi_device *sdev = to_scsi_device(dev);
1364 struct sbp2_logical_unit *lu;
1365 struct fw_device *device;
1370 lu = sdev->hostdata;
1371 device = fw_device(lu->tgt->unit->device.parent);
1373 return sprintf(buf, "%08x%08x:%06x:%04x\n",
1374 device->config_rom[3], device->config_rom[4],
1375 lu->tgt->directory_id, lu->lun);
1378 static DEVICE_ATTR(ieee1394_id, S_IRUGO, sbp2_sysfs_ieee1394_id_show, NULL);
1380 static struct device_attribute *sbp2_scsi_sysfs_attrs[] = {
1381 &dev_attr_ieee1394_id,
1385 static struct scsi_host_template scsi_driver_template = {
1386 .module = THIS_MODULE,
1387 .name = "SBP-2 IEEE-1394",
1388 .proc_name = sbp2_driver_name,
1389 .queuecommand = sbp2_scsi_queuecommand,
1390 .slave_alloc = sbp2_scsi_slave_alloc,
1391 .slave_configure = sbp2_scsi_slave_configure,
1392 .eh_abort_handler = sbp2_scsi_abort,
1394 .sg_tablesize = SG_ALL,
1395 .use_clustering = ENABLE_CLUSTERING,
1398 .sdev_attrs = sbp2_scsi_sysfs_attrs,
1401 MODULE_AUTHOR("Kristian Hoegsberg <krh@bitplanet.net>");
1402 MODULE_DESCRIPTION("SCSI over IEEE1394");
1403 MODULE_LICENSE("GPL");
1404 MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);
1406 /* Provide a module alias so root-on-sbp2 initrds don't break. */
1407 #ifndef CONFIG_IEEE1394_SBP2_MODULE
1408 MODULE_ALIAS("sbp2");
1411 static int __init sbp2_init(void)
1413 sbp2_wq = create_singlethread_workqueue(KBUILD_MODNAME);
1417 return driver_register(&sbp2_driver.driver);
1420 static void __exit sbp2_cleanup(void)
1422 driver_unregister(&sbp2_driver.driver);
1423 destroy_workqueue(sbp2_wq);
1426 module_init(sbp2_init);
1427 module_exit(sbp2_cleanup);