2 * QEMU LSI SAS1068 Host Bus Adapter emulation
3 * Based on the QEMU Megaraid emulator
5 * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
6 * Copyright (c) 2012 Verizon, Inc.
7 * Copyright (c) 2016 Red Hat, Inc.
9 * Authors: Don Slutz, Paolo Bonzini
11 * This library is free software; you can redistribute it and/or
12 * modify it under the terms of the GNU Lesser General Public
13 * License as published by the Free Software Foundation; either
14 * version 2 of the License, or (at your option) any later version.
16 * This library is distributed in the hope that it will be useful,
17 * but WITHOUT ANY WARRANTY; without even the implied warranty of
18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
19 * Lesser General Public License for more details.
21 * You should have received a copy of the GNU Lesser General Public
22 * License along with this library; if not, see <http://www.gnu.org/licenses/>.
25 #include "qemu/osdep.h"
26 #include "hw/pci/pci.h"
27 #include "hw/qdev-properties.h"
28 #include "sysemu/dma.h"
29 #include "hw/pci/msi.h"
31 #include "qemu/main-loop.h"
32 #include "qemu/module.h"
33 #include "hw/scsi/scsi.h"
34 #include "scsi/constants.h"
36 #include "qapi/error.h"
38 #include "migration/qemu-file-types.h"
39 #include "migration/vmstate.h"
42 #define NAA_LOCALLY_ASSIGNED_ID 0x3ULL
43 #define IEEE_COMPANY_LOCALLY_ASSIGNED 0x525400
45 #define TYPE_MPTSAS1068 "mptsas1068"
47 #define MPT_SAS(obj) \
48 OBJECT_CHECK(MPTSASState, (obj), TYPE_MPTSAS1068)
50 #define MPTSAS1068_PRODUCT_ID \
51 (MPI_FW_HEADER_PID_FAMILY_1068_SAS | \
52 MPI_FW_HEADER_PID_PROD_INITIATOR_SCSI | \
53 MPI_FW_HEADER_PID_TYPE_SAS)
55 struct MPTSASRequest
{
56 MPIMsgSCSIIORequest scsi_io
;
61 QTAILQ_ENTRY(MPTSASRequest
) next
;
64 static void mptsas_update_interrupt(MPTSASState
*s
)
66 PCIDevice
*pci
= (PCIDevice
*) s
;
67 uint32_t state
= s
->intr_status
& ~(s
->intr_mask
| MPI_HIS_IOP_DOORBELL_STATUS
);
69 if (msi_enabled(pci
)) {
71 trace_mptsas_irq_msi(s
);
76 trace_mptsas_irq_intx(s
, !!state
);
77 pci_set_irq(pci
, !!state
);
80 static void mptsas_set_fault(MPTSASState
*s
, uint32_t code
)
82 if ((s
->state
& MPI_IOC_STATE_FAULT
) == 0) {
83 s
->state
= MPI_IOC_STATE_FAULT
| code
;
87 #define MPTSAS_FIFO_INVALID(s, name) \
88 ((s)->name##_head > ARRAY_SIZE((s)->name) || \
89 (s)->name##_tail > ARRAY_SIZE((s)->name))
91 #define MPTSAS_FIFO_EMPTY(s, name) \
92 ((s)->name##_head == (s)->name##_tail)
94 #define MPTSAS_FIFO_FULL(s, name) \
95 ((s)->name##_head == ((s)->name##_tail + 1) % ARRAY_SIZE((s)->name))
97 #define MPTSAS_FIFO_GET(s, name) ({ \
98 uint32_t _val = (s)->name[(s)->name##_head++]; \
99 (s)->name##_head %= ARRAY_SIZE((s)->name); \
103 #define MPTSAS_FIFO_PUT(s, name, val) do { \
104 (s)->name[(s)->name##_tail++] = (val); \
105 (s)->name##_tail %= ARRAY_SIZE((s)->name); \
108 static void mptsas_post_reply(MPTSASState
*s
, MPIDefaultReply
*reply
)
110 PCIDevice
*pci
= (PCIDevice
*) s
;
113 if (MPTSAS_FIFO_EMPTY(s
, reply_free
) || MPTSAS_FIFO_FULL(s
, reply_post
)) {
114 mptsas_set_fault(s
, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES
);
118 addr_lo
= MPTSAS_FIFO_GET(s
, reply_free
);
120 pci_dma_write(pci
, addr_lo
| s
->host_mfa_high_addr
, reply
,
121 MIN(s
->reply_frame_size
, 4 * reply
->MsgLength
));
123 MPTSAS_FIFO_PUT(s
, reply_post
, MPI_ADDRESS_REPLY_A_BIT
| (addr_lo
>> 1));
125 s
->intr_status
|= MPI_HIS_REPLY_MESSAGE_INTERRUPT
;
126 if (s
->doorbell_state
== DOORBELL_WRITE
) {
127 s
->doorbell_state
= DOORBELL_NONE
;
128 s
->intr_status
|= MPI_HIS_DOORBELL_INTERRUPT
;
130 mptsas_update_interrupt(s
);
133 void mptsas_reply(MPTSASState
*s
, MPIDefaultReply
*reply
)
135 if (s
->doorbell_state
== DOORBELL_WRITE
) {
136 /* The reply is sent out in 16 bit chunks, while the size
137 * in the reply is in 32 bit units.
139 s
->doorbell_state
= DOORBELL_READ
;
140 s
->doorbell_reply_idx
= 0;
141 s
->doorbell_reply_size
= reply
->MsgLength
* 2;
142 memcpy(s
->doorbell_reply
, reply
, s
->doorbell_reply_size
* 2);
143 s
->intr_status
|= MPI_HIS_DOORBELL_INTERRUPT
;
144 mptsas_update_interrupt(s
);
146 mptsas_post_reply(s
, reply
);
150 static void mptsas_turbo_reply(MPTSASState
*s
, uint32_t msgctx
)
152 if (MPTSAS_FIFO_FULL(s
, reply_post
)) {
153 mptsas_set_fault(s
, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES
);
157 /* The reply is just the message context ID (bit 31 = clear). */
158 MPTSAS_FIFO_PUT(s
, reply_post
, msgctx
);
160 s
->intr_status
|= MPI_HIS_REPLY_MESSAGE_INTERRUPT
;
161 mptsas_update_interrupt(s
);
164 #define MPTSAS_MAX_REQUEST_SIZE 52
166 static const int mpi_request_sizes
[] = {
167 [MPI_FUNCTION_SCSI_IO_REQUEST
] = sizeof(MPIMsgSCSIIORequest
),
168 [MPI_FUNCTION_SCSI_TASK_MGMT
] = sizeof(MPIMsgSCSITaskMgmt
),
169 [MPI_FUNCTION_IOC_INIT
] = sizeof(MPIMsgIOCInit
),
170 [MPI_FUNCTION_IOC_FACTS
] = sizeof(MPIMsgIOCFacts
),
171 [MPI_FUNCTION_CONFIG
] = sizeof(MPIMsgConfig
),
172 [MPI_FUNCTION_PORT_FACTS
] = sizeof(MPIMsgPortFacts
),
173 [MPI_FUNCTION_PORT_ENABLE
] = sizeof(MPIMsgPortEnable
),
174 [MPI_FUNCTION_EVENT_NOTIFICATION
] = sizeof(MPIMsgEventNotify
),
177 static dma_addr_t
mptsas_ld_sg_base(MPTSASState
*s
, uint32_t flags_and_length
,
180 PCIDevice
*pci
= (PCIDevice
*) s
;
183 if (flags_and_length
& MPI_SGE_FLAGS_64_BIT_ADDRESSING
) {
184 addr
= ldq_le_pci_dma(pci
, *sgaddr
+ 4);
187 addr
= ldl_le_pci_dma(pci
, *sgaddr
+ 4);
193 static int mptsas_build_sgl(MPTSASState
*s
, MPTSASRequest
*req
, hwaddr addr
)
195 PCIDevice
*pci
= (PCIDevice
*) s
;
196 hwaddr next_chain_addr
;
199 uint32_t chain_offset
;
201 chain_offset
= req
->scsi_io
.ChainOffset
;
202 next_chain_addr
= addr
+ chain_offset
* sizeof(uint32_t);
203 sgaddr
= addr
+ sizeof(MPIMsgSCSIIORequest
);
204 pci_dma_sglist_init(&req
->qsg
, pci
, 4);
205 left
= req
->scsi_io
.DataLength
;
208 dma_addr_t addr
, len
;
209 uint32_t flags_and_length
;
211 flags_and_length
= ldl_le_pci_dma(pci
, sgaddr
);
212 len
= flags_and_length
& MPI_SGE_LENGTH_MASK
;
213 if ((flags_and_length
& MPI_SGE_FLAGS_ELEMENT_TYPE_MASK
)
214 != MPI_SGE_FLAGS_SIMPLE_ELEMENT
||
216 !(flags_and_length
& MPI_SGE_FLAGS_END_OF_LIST
) &&
217 !(flags_and_length
& MPI_SGE_FLAGS_END_OF_BUFFER
))) {
218 return MPI_IOCSTATUS_INVALID_SGL
;
221 len
= MIN(len
, left
);
223 /* We reached the desired transfer length, ignore extra
224 * elements of the s/g list.
229 addr
= mptsas_ld_sg_base(s
, flags_and_length
, &sgaddr
);
230 qemu_sglist_add(&req
->qsg
, addr
, len
);
233 if (flags_and_length
& MPI_SGE_FLAGS_END_OF_LIST
) {
237 if (flags_and_length
& MPI_SGE_FLAGS_LAST_ELEMENT
) {
242 flags_and_length
= ldl_le_pci_dma(pci
, next_chain_addr
);
243 if ((flags_and_length
& MPI_SGE_FLAGS_ELEMENT_TYPE_MASK
)
244 != MPI_SGE_FLAGS_CHAIN_ELEMENT
) {
245 return MPI_IOCSTATUS_INVALID_SGL
;
248 sgaddr
= mptsas_ld_sg_base(s
, flags_and_length
, &next_chain_addr
);
250 (flags_and_length
& MPI_SGE_CHAIN_OFFSET_MASK
) >> MPI_SGE_CHAIN_OFFSET_SHIFT
;
251 next_chain_addr
= sgaddr
+ chain_offset
* sizeof(uint32_t);
257 static void mptsas_free_request(MPTSASRequest
*req
)
259 MPTSASState
*s
= req
->dev
;
261 if (req
->sreq
!= NULL
) {
262 req
->sreq
->hba_private
= NULL
;
263 scsi_req_unref(req
->sreq
);
265 QTAILQ_REMOVE(&s
->pending
, req
, next
);
267 qemu_sglist_destroy(&req
->qsg
);
271 static int mptsas_scsi_device_find(MPTSASState
*s
, int bus
, int target
,
272 uint8_t *lun
, SCSIDevice
**sdev
)
275 return MPI_IOCSTATUS_SCSI_INVALID_BUS
;
278 if (target
>= s
->max_devices
) {
279 return MPI_IOCSTATUS_SCSI_INVALID_TARGETID
;
282 *sdev
= scsi_device_find(&s
->bus
, bus
, target
, lun
[1]);
284 return MPI_IOCSTATUS_SCSI_DEVICE_NOT_THERE
;
290 static int mptsas_process_scsi_io_request(MPTSASState
*s
,
291 MPIMsgSCSIIORequest
*scsi_io
,
295 MPIMsgSCSIIOReply reply
;
299 mptsas_fix_scsi_io_endianness(scsi_io
);
301 trace_mptsas_process_scsi_io_request(s
, scsi_io
->Bus
, scsi_io
->TargetID
,
302 scsi_io
->LUN
[1], scsi_io
->DataLength
);
304 status
= mptsas_scsi_device_find(s
, scsi_io
->Bus
, scsi_io
->TargetID
,
305 scsi_io
->LUN
, &sdev
);
310 req
= g_new0(MPTSASRequest
, 1);
311 QTAILQ_INSERT_TAIL(&s
->pending
, req
, next
);
312 req
->scsi_io
= *scsi_io
;
315 status
= mptsas_build_sgl(s
, req
, addr
);
320 if (req
->qsg
.size
< scsi_io
->DataLength
) {
321 trace_mptsas_sgl_overflow(s
, scsi_io
->MsgContext
, scsi_io
->DataLength
,
323 status
= MPI_IOCSTATUS_INVALID_SGL
;
327 req
->sreq
= scsi_req_new(sdev
, scsi_io
->MsgContext
,
328 scsi_io
->LUN
[1], scsi_io
->CDB
, req
);
330 if (req
->sreq
->cmd
.xfer
> scsi_io
->DataLength
) {
333 switch (scsi_io
->Control
& MPI_SCSIIO_CONTROL_DATADIRECTION_MASK
) {
334 case MPI_SCSIIO_CONTROL_NODATATRANSFER
:
335 if (req
->sreq
->cmd
.mode
!= SCSI_XFER_NONE
) {
340 case MPI_SCSIIO_CONTROL_WRITE
:
341 if (req
->sreq
->cmd
.mode
!= SCSI_XFER_TO_DEV
) {
346 case MPI_SCSIIO_CONTROL_READ
:
347 if (req
->sreq
->cmd
.mode
!= SCSI_XFER_FROM_DEV
) {
353 if (scsi_req_enqueue(req
->sreq
)) {
354 scsi_req_continue(req
->sreq
);
359 trace_mptsas_scsi_overflow(s
, scsi_io
->MsgContext
, req
->sreq
->cmd
.xfer
,
360 scsi_io
->DataLength
);
361 status
= MPI_IOCSTATUS_SCSI_DATA_OVERRUN
;
363 mptsas_free_request(req
);
365 memset(&reply
, 0, sizeof(reply
));
366 reply
.TargetID
= scsi_io
->TargetID
;
367 reply
.Bus
= scsi_io
->Bus
;
368 reply
.MsgLength
= sizeof(reply
) / 4;
369 reply
.Function
= scsi_io
->Function
;
370 reply
.CDBLength
= scsi_io
->CDBLength
;
371 reply
.SenseBufferLength
= scsi_io
->SenseBufferLength
;
372 reply
.MsgContext
= scsi_io
->MsgContext
;
373 reply
.SCSIState
= MPI_SCSI_STATE_NO_SCSI_STATUS
;
374 reply
.IOCStatus
= status
;
376 mptsas_fix_scsi_io_reply_endianness(&reply
);
377 mptsas_reply(s
, (MPIDefaultReply
*)&reply
);
385 MPIMsgSCSITaskMgmtReply
*reply
;
386 } MPTSASCancelNotifier
;
388 static void mptsas_cancel_notify(Notifier
*notifier
, void *data
)
390 MPTSASCancelNotifier
*n
= container_of(notifier
,
391 MPTSASCancelNotifier
,
394 /* Abusing IOCLogInfo to store the expected number of requests... */
395 if (++n
->reply
->TerminationCount
== n
->reply
->IOCLogInfo
) {
396 n
->reply
->IOCLogInfo
= 0;
397 mptsas_fix_scsi_task_mgmt_reply_endianness(n
->reply
);
398 mptsas_post_reply(n
->s
, (MPIDefaultReply
*)n
->reply
);
404 static void mptsas_process_scsi_task_mgmt(MPTSASState
*s
, MPIMsgSCSITaskMgmt
*req
)
406 MPIMsgSCSITaskMgmtReply reply
;
407 MPIMsgSCSITaskMgmtReply
*reply_async
;
410 SCSIRequest
*r
, *next
;
413 mptsas_fix_scsi_task_mgmt_endianness(req
);
415 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE
< sizeof(*req
));
416 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_msg
) < sizeof(*req
));
417 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_reply
) < sizeof(reply
));
419 memset(&reply
, 0, sizeof(reply
));
420 reply
.TargetID
= req
->TargetID
;
421 reply
.Bus
= req
->Bus
;
422 reply
.MsgLength
= sizeof(reply
) / 4;
423 reply
.Function
= req
->Function
;
424 reply
.TaskType
= req
->TaskType
;
425 reply
.MsgContext
= req
->MsgContext
;
427 switch (req
->TaskType
) {
428 case MPI_SCSITASKMGMT_TASKTYPE_ABORT_TASK
:
429 case MPI_SCSITASKMGMT_TASKTYPE_QUERY_TASK
:
430 status
= mptsas_scsi_device_find(s
, req
->Bus
, req
->TargetID
,
433 reply
.IOCStatus
= status
;
436 if (sdev
->lun
!= req
->LUN
[1]) {
437 reply
.ResponseCode
= MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN
;
441 QTAILQ_FOREACH_SAFE(r
, &sdev
->requests
, next
, next
) {
442 MPTSASRequest
*cmd_req
= r
->hba_private
;
443 if (cmd_req
&& cmd_req
->scsi_io
.MsgContext
== req
->TaskMsgContext
) {
449 * Assert that the request has not been completed yet, we
450 * check for it in the loop above.
452 assert(r
->hba_private
);
453 if (req
->TaskType
== MPI_SCSITASKMGMT_TASKTYPE_QUERY_TASK
) {
454 /* "If the specified command is present in the task set, then
455 * return a service response set to FUNCTION SUCCEEDED".
457 reply
.ResponseCode
= MPI_SCSITASKMGMT_RSP_TM_SUCCEEDED
;
459 MPTSASCancelNotifier
*notifier
;
461 reply_async
= g_memdup(&reply
, sizeof(MPIMsgSCSITaskMgmtReply
));
462 reply_async
->IOCLogInfo
= INT_MAX
;
465 notifier
= g_new(MPTSASCancelNotifier
, 1);
467 notifier
->reply
= reply_async
;
468 notifier
->notifier
.notify
= mptsas_cancel_notify
;
469 scsi_req_cancel_async(r
, ¬ifier
->notifier
);
470 goto reply_maybe_async
;
475 case MPI_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET
:
476 case MPI_SCSITASKMGMT_TASKTYPE_CLEAR_TASK_SET
:
477 status
= mptsas_scsi_device_find(s
, req
->Bus
, req
->TargetID
,
480 reply
.IOCStatus
= status
;
483 if (sdev
->lun
!= req
->LUN
[1]) {
484 reply
.ResponseCode
= MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN
;
488 reply_async
= g_memdup(&reply
, sizeof(MPIMsgSCSITaskMgmtReply
));
489 reply_async
->IOCLogInfo
= INT_MAX
;
492 QTAILQ_FOREACH_SAFE(r
, &sdev
->requests
, next
, next
) {
493 if (r
->hba_private
) {
494 MPTSASCancelNotifier
*notifier
;
497 notifier
= g_new(MPTSASCancelNotifier
, 1);
499 notifier
->reply
= reply_async
;
500 notifier
->notifier
.notify
= mptsas_cancel_notify
;
501 scsi_req_cancel_async(r
, ¬ifier
->notifier
);
506 if (reply_async
->TerminationCount
< count
) {
507 reply_async
->IOCLogInfo
= count
;
511 reply
.TerminationCount
= count
;
514 case MPI_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET
:
515 status
= mptsas_scsi_device_find(s
, req
->Bus
, req
->TargetID
,
518 reply
.IOCStatus
= status
;
521 if (sdev
->lun
!= req
->LUN
[1]) {
522 reply
.ResponseCode
= MPI_SCSITASKMGMT_RSP_TM_INVALID_LUN
;
525 qdev_reset_all(&sdev
->qdev
);
528 case MPI_SCSITASKMGMT_TASKTYPE_TARGET_RESET
:
530 reply
.IOCStatus
= MPI_IOCSTATUS_SCSI_INVALID_BUS
;
533 if (req
->TargetID
> s
->max_devices
) {
534 reply
.IOCStatus
= MPI_IOCSTATUS_SCSI_INVALID_TARGETID
;
538 QTAILQ_FOREACH(kid
, &s
->bus
.qbus
.children
, sibling
) {
539 sdev
= SCSI_DEVICE(kid
->child
);
540 if (sdev
->channel
== 0 && sdev
->id
== req
->TargetID
) {
541 qdev_reset_all(kid
->child
);
546 case MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS
:
547 qbus_reset_all(BUS(&s
->bus
));
551 reply
.ResponseCode
= MPI_SCSITASKMGMT_RSP_TM_NOT_SUPPORTED
;
556 mptsas_fix_scsi_task_mgmt_reply_endianness(&reply
);
557 mptsas_post_reply(s
, (MPIDefaultReply
*)&reply
);
560 static void mptsas_process_ioc_init(MPTSASState
*s
, MPIMsgIOCInit
*req
)
562 MPIMsgIOCInitReply reply
;
564 mptsas_fix_ioc_init_endianness(req
);
566 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE
< sizeof(*req
));
567 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_msg
) < sizeof(*req
));
568 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_reply
) < sizeof(reply
));
570 s
->who_init
= req
->WhoInit
;
571 s
->reply_frame_size
= req
->ReplyFrameSize
;
572 s
->max_buses
= req
->MaxBuses
;
573 s
->max_devices
= req
->MaxDevices
? req
->MaxDevices
: 256;
574 s
->host_mfa_high_addr
= (hwaddr
)req
->HostMfaHighAddr
<< 32;
575 s
->sense_buffer_high_addr
= (hwaddr
)req
->SenseBufferHighAddr
<< 32;
577 if (s
->state
== MPI_IOC_STATE_READY
) {
578 s
->state
= MPI_IOC_STATE_OPERATIONAL
;
581 memset(&reply
, 0, sizeof(reply
));
582 reply
.WhoInit
= s
->who_init
;
583 reply
.MsgLength
= sizeof(reply
) / 4;
584 reply
.Function
= req
->Function
;
585 reply
.MaxDevices
= s
->max_devices
;
586 reply
.MaxBuses
= s
->max_buses
;
587 reply
.MsgContext
= req
->MsgContext
;
589 mptsas_fix_ioc_init_reply_endianness(&reply
);
590 mptsas_reply(s
, (MPIDefaultReply
*)&reply
);
593 static void mptsas_process_ioc_facts(MPTSASState
*s
,
596 MPIMsgIOCFactsReply reply
;
598 mptsas_fix_ioc_facts_endianness(req
);
600 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE
< sizeof(*req
));
601 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_msg
) < sizeof(*req
));
602 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_reply
) < sizeof(reply
));
604 memset(&reply
, 0, sizeof(reply
));
605 reply
.MsgVersion
= 0x0105;
606 reply
.MsgLength
= sizeof(reply
) / 4;
607 reply
.Function
= req
->Function
;
608 reply
.MsgContext
= req
->MsgContext
;
609 reply
.MaxChainDepth
= MPTSAS_MAXIMUM_CHAIN_DEPTH
;
610 reply
.WhoInit
= s
->who_init
;
611 reply
.BlockSize
= MPTSAS_MAX_REQUEST_SIZE
/ sizeof(uint32_t);
612 reply
.ReplyQueueDepth
= ARRAY_SIZE(s
->reply_post
) - 1;
613 QEMU_BUILD_BUG_ON(ARRAY_SIZE(s
->reply_post
) != ARRAY_SIZE(s
->reply_free
));
615 reply
.RequestFrameSize
= 128;
616 reply
.ProductID
= MPTSAS1068_PRODUCT_ID
;
617 reply
.CurrentHostMfaHighAddr
= s
->host_mfa_high_addr
>> 32;
618 reply
.GlobalCredits
= ARRAY_SIZE(s
->request_post
) - 1;
619 reply
.NumberOfPorts
= MPTSAS_NUM_PORTS
;
620 reply
.CurrentSenseBufferHighAddr
= s
->sense_buffer_high_addr
>> 32;
621 reply
.CurReplyFrameSize
= s
->reply_frame_size
;
622 reply
.MaxDevices
= s
->max_devices
;
623 reply
.MaxBuses
= s
->max_buses
;
624 reply
.FWVersionDev
= 0;
625 reply
.FWVersionUnit
= 0x92;
626 reply
.FWVersionMinor
= 0x32;
627 reply
.FWVersionMajor
= 0x1;
629 mptsas_fix_ioc_facts_reply_endianness(&reply
);
630 mptsas_reply(s
, (MPIDefaultReply
*)&reply
);
633 static void mptsas_process_port_facts(MPTSASState
*s
,
634 MPIMsgPortFacts
*req
)
636 MPIMsgPortFactsReply reply
;
638 mptsas_fix_port_facts_endianness(req
);
640 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE
< sizeof(*req
));
641 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_msg
) < sizeof(*req
));
642 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_reply
) < sizeof(reply
));
644 memset(&reply
, 0, sizeof(reply
));
645 reply
.MsgLength
= sizeof(reply
) / 4;
646 reply
.Function
= req
->Function
;
647 reply
.PortNumber
= req
->PortNumber
;
648 reply
.MsgContext
= req
->MsgContext
;
650 if (req
->PortNumber
< MPTSAS_NUM_PORTS
) {
651 reply
.PortType
= MPI_PORTFACTS_PORTTYPE_SAS
;
652 reply
.MaxDevices
= MPTSAS_NUM_PORTS
;
653 reply
.PortSCSIID
= MPTSAS_NUM_PORTS
;
654 reply
.ProtocolFlags
= MPI_PORTFACTS_PROTOCOL_LOGBUSADDR
| MPI_PORTFACTS_PROTOCOL_INITIATOR
;
657 mptsas_fix_port_facts_reply_endianness(&reply
);
658 mptsas_reply(s
, (MPIDefaultReply
*)&reply
);
661 static void mptsas_process_port_enable(MPTSASState
*s
,
662 MPIMsgPortEnable
*req
)
664 MPIMsgPortEnableReply reply
;
666 mptsas_fix_port_enable_endianness(req
);
668 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE
< sizeof(*req
));
669 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_msg
) < sizeof(*req
));
670 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_reply
) < sizeof(reply
));
672 memset(&reply
, 0, sizeof(reply
));
673 reply
.MsgLength
= sizeof(reply
) / 4;
674 reply
.PortNumber
= req
->PortNumber
;
675 reply
.Function
= req
->Function
;
676 reply
.MsgContext
= req
->MsgContext
;
678 mptsas_fix_port_enable_reply_endianness(&reply
);
679 mptsas_reply(s
, (MPIDefaultReply
*)&reply
);
682 static void mptsas_process_event_notification(MPTSASState
*s
,
683 MPIMsgEventNotify
*req
)
685 MPIMsgEventNotifyReply reply
;
687 mptsas_fix_event_notification_endianness(req
);
689 QEMU_BUILD_BUG_ON(MPTSAS_MAX_REQUEST_SIZE
< sizeof(*req
));
690 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_msg
) < sizeof(*req
));
691 QEMU_BUILD_BUG_ON(sizeof(s
->doorbell_reply
) < sizeof(reply
));
693 /* Don't even bother storing whether event notification is enabled,
694 * since it is not accessible.
697 memset(&reply
, 0, sizeof(reply
));
698 reply
.EventDataLength
= sizeof(reply
.Data
) / 4;
699 reply
.MsgLength
= sizeof(reply
) / 4;
700 reply
.Function
= req
->Function
;
702 /* This is set because events are sent through the reply FIFOs. */
703 reply
.MsgFlags
= MPI_MSGFLAGS_CONTINUATION_REPLY
;
705 reply
.MsgContext
= req
->MsgContext
;
706 reply
.Event
= MPI_EVENT_EVENT_CHANGE
;
707 reply
.Data
[0] = !!req
->Switch
;
709 mptsas_fix_event_notification_reply_endianness(&reply
);
710 mptsas_reply(s
, (MPIDefaultReply
*)&reply
);
713 static void mptsas_process_message(MPTSASState
*s
, MPIRequestHeader
*req
)
715 trace_mptsas_process_message(s
, req
->Function
, req
->MsgContext
);
716 switch (req
->Function
) {
717 case MPI_FUNCTION_SCSI_TASK_MGMT
:
718 mptsas_process_scsi_task_mgmt(s
, (MPIMsgSCSITaskMgmt
*)req
);
721 case MPI_FUNCTION_IOC_INIT
:
722 mptsas_process_ioc_init(s
, (MPIMsgIOCInit
*)req
);
725 case MPI_FUNCTION_IOC_FACTS
:
726 mptsas_process_ioc_facts(s
, (MPIMsgIOCFacts
*)req
);
729 case MPI_FUNCTION_PORT_FACTS
:
730 mptsas_process_port_facts(s
, (MPIMsgPortFacts
*)req
);
733 case MPI_FUNCTION_PORT_ENABLE
:
734 mptsas_process_port_enable(s
, (MPIMsgPortEnable
*)req
);
737 case MPI_FUNCTION_EVENT_NOTIFICATION
:
738 mptsas_process_event_notification(s
, (MPIMsgEventNotify
*)req
);
741 case MPI_FUNCTION_CONFIG
:
742 mptsas_process_config(s
, (MPIMsgConfig
*)req
);
746 trace_mptsas_unhandled_cmd(s
, req
->Function
, 0);
747 mptsas_set_fault(s
, MPI_IOCSTATUS_INVALID_FUNCTION
);
752 static void mptsas_fetch_request(MPTSASState
*s
)
754 PCIDevice
*pci
= (PCIDevice
*) s
;
755 char req
[MPTSAS_MAX_REQUEST_SIZE
];
756 MPIRequestHeader
*hdr
= (MPIRequestHeader
*)req
;
760 /* Read the message header from the guest first. */
761 addr
= s
->host_mfa_high_addr
| MPTSAS_FIFO_GET(s
, request_post
);
762 pci_dma_read(pci
, addr
, req
, sizeof(*hdr
));
764 if (hdr
->Function
< ARRAY_SIZE(mpi_request_sizes
) &&
765 mpi_request_sizes
[hdr
->Function
]) {
766 /* Read the rest of the request based on the type. Do not
767 * reread everything, as that could cause a TOC/TOU mismatch
768 * and leak data from the QEMU stack.
770 size
= mpi_request_sizes
[hdr
->Function
];
771 assert(size
<= MPTSAS_MAX_REQUEST_SIZE
);
772 pci_dma_read(pci
, addr
+ sizeof(*hdr
), &req
[sizeof(*hdr
)],
773 size
- sizeof(*hdr
));
776 if (hdr
->Function
== MPI_FUNCTION_SCSI_IO_REQUEST
) {
777 /* SCSI I/O requests are separate from mptsas_process_message
778 * because they cannot be sent through the doorbell yet.
780 mptsas_process_scsi_io_request(s
, (MPIMsgSCSIIORequest
*)req
, addr
);
782 mptsas_process_message(s
, (MPIRequestHeader
*)req
);
786 static void mptsas_fetch_requests(void *opaque
)
788 MPTSASState
*s
= opaque
;
790 if (s
->state
!= MPI_IOC_STATE_OPERATIONAL
) {
791 mptsas_set_fault(s
, MPI_IOCSTATUS_INVALID_STATE
);
794 while (!MPTSAS_FIFO_EMPTY(s
, request_post
)) {
795 mptsas_fetch_request(s
);
799 static void mptsas_soft_reset(MPTSASState
*s
)
803 trace_mptsas_reset(s
);
805 /* Temporarily disable interrupts */
806 save_mask
= s
->intr_mask
;
807 s
->intr_mask
= MPI_HIM_DIM
| MPI_HIM_RIM
;
808 mptsas_update_interrupt(s
);
810 qbus_reset_all(BUS(&s
->bus
));
812 s
->intr_mask
= save_mask
;
814 s
->reply_free_tail
= 0;
815 s
->reply_free_head
= 0;
816 s
->reply_post_tail
= 0;
817 s
->reply_post_head
= 0;
818 s
->request_post_tail
= 0;
819 s
->request_post_head
= 0;
820 qemu_bh_cancel(s
->request_bh
);
822 s
->state
= MPI_IOC_STATE_READY
;
825 static uint32_t mptsas_doorbell_read(MPTSASState
*s
)
829 ret
= (s
->who_init
<< MPI_DOORBELL_WHO_INIT_SHIFT
) & MPI_DOORBELL_WHO_INIT_MASK
;
831 switch (s
->doorbell_state
) {
836 ret
|= MPI_DOORBELL_ACTIVE
;
840 /* Get rid of the IOC fault code. */
841 ret
&= ~MPI_DOORBELL_DATA_MASK
;
843 assert(s
->intr_status
& MPI_HIS_DOORBELL_INTERRUPT
);
844 assert(s
->doorbell_reply_idx
<= s
->doorbell_reply_size
);
846 ret
|= MPI_DOORBELL_ACTIVE
;
847 if (s
->doorbell_reply_idx
< s
->doorbell_reply_size
) {
848 /* For more information about this endian switch, see the
849 * commit message for commit 36b62ae ("fw_cfg: fix endianness in
850 * fw_cfg_data_mem_read() / _write()", 2015-01-16).
852 ret
|= le16_to_cpu(s
->doorbell_reply
[s
->doorbell_reply_idx
++]);
863 static void mptsas_doorbell_write(MPTSASState
*s
, uint32_t val
)
865 if (s
->doorbell_state
== DOORBELL_WRITE
) {
866 if (s
->doorbell_idx
< s
->doorbell_cnt
) {
867 /* For more information about this endian switch, see the
868 * commit message for commit 36b62ae ("fw_cfg: fix endianness in
869 * fw_cfg_data_mem_read() / _write()", 2015-01-16).
871 s
->doorbell_msg
[s
->doorbell_idx
++] = cpu_to_le32(val
);
872 if (s
->doorbell_idx
== s
->doorbell_cnt
) {
873 mptsas_process_message(s
, (MPIRequestHeader
*)s
->doorbell_msg
);
879 switch ((val
& MPI_DOORBELL_FUNCTION_MASK
) >> MPI_DOORBELL_FUNCTION_SHIFT
) {
880 case MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
:
881 mptsas_soft_reset(s
);
883 case MPI_FUNCTION_IO_UNIT_RESET
:
885 case MPI_FUNCTION_HANDSHAKE
:
886 s
->doorbell_state
= DOORBELL_WRITE
;
888 s
->doorbell_cnt
= (val
& MPI_DOORBELL_ADD_DWORDS_MASK
)
889 >> MPI_DOORBELL_ADD_DWORDS_SHIFT
;
890 s
->intr_status
|= MPI_HIS_DOORBELL_INTERRUPT
;
891 mptsas_update_interrupt(s
);
894 trace_mptsas_unhandled_doorbell_cmd(s
, val
);
899 static void mptsas_write_sequence_write(MPTSASState
*s
, uint32_t val
)
901 /* If the diagnostic register is enabled, any write to this register
902 * will disable it. Otherwise, the guest has to do a magic five-write
905 if (s
->diagnostic
& MPI_DIAG_DRWE
) {
909 switch (s
->diagnostic_idx
) {
911 if ((val
& MPI_WRSEQ_KEY_VALUE_MASK
) != MPI_WRSEQ_1ST_KEY_VALUE
) {
916 if ((val
& MPI_WRSEQ_KEY_VALUE_MASK
) != MPI_WRSEQ_2ND_KEY_VALUE
) {
921 if ((val
& MPI_WRSEQ_KEY_VALUE_MASK
) != MPI_WRSEQ_3RD_KEY_VALUE
) {
926 if ((val
& MPI_WRSEQ_KEY_VALUE_MASK
) != MPI_WRSEQ_4TH_KEY_VALUE
) {
931 if ((val
& MPI_WRSEQ_KEY_VALUE_MASK
) != MPI_WRSEQ_5TH_KEY_VALUE
) {
934 /* Prepare Spaceball One for departure, and change the
935 * combination on my luggage!
937 s
->diagnostic
|= MPI_DIAG_DRWE
;
944 s
->diagnostic
&= ~MPI_DIAG_DRWE
;
945 s
->diagnostic_idx
= 0;
948 static int mptsas_hard_reset(MPTSASState
*s
)
950 mptsas_soft_reset(s
);
952 s
->intr_mask
= MPI_HIM_DIM
| MPI_HIM_RIM
;
954 s
->host_mfa_high_addr
= 0;
955 s
->sense_buffer_high_addr
= 0;
956 s
->reply_frame_size
= 0;
957 s
->max_devices
= MPTSAS_NUM_PORTS
;
963 static void mptsas_interrupt_status_write(MPTSASState
*s
)
965 switch (s
->doorbell_state
) {
968 s
->intr_status
&= ~MPI_HIS_DOORBELL_INTERRUPT
;
972 /* The reply can be read continuously, so leave the interrupt up. */
973 assert(s
->intr_status
& MPI_HIS_DOORBELL_INTERRUPT
);
974 if (s
->doorbell_reply_idx
== s
->doorbell_reply_size
) {
975 s
->doorbell_state
= DOORBELL_NONE
;
982 mptsas_update_interrupt(s
);
985 static uint32_t mptsas_reply_post_read(MPTSASState
*s
)
989 if (!MPTSAS_FIFO_EMPTY(s
, reply_post
)) {
990 ret
= MPTSAS_FIFO_GET(s
, reply_post
);
993 s
->intr_status
&= ~MPI_HIS_REPLY_MESSAGE_INTERRUPT
;
994 mptsas_update_interrupt(s
);
1000 static uint64_t mptsas_mmio_read(void *opaque
, hwaddr addr
,
1003 MPTSASState
*s
= opaque
;
1006 switch (addr
& ~3) {
1007 case MPI_DOORBELL_OFFSET
:
1008 ret
= mptsas_doorbell_read(s
);
1011 case MPI_DIAGNOSTIC_OFFSET
:
1012 ret
= s
->diagnostic
;
1015 case MPI_HOST_INTERRUPT_STATUS_OFFSET
:
1016 ret
= s
->intr_status
;
1019 case MPI_HOST_INTERRUPT_MASK_OFFSET
:
1023 case MPI_REPLY_POST_FIFO_OFFSET
:
1024 ret
= mptsas_reply_post_read(s
);
1028 trace_mptsas_mmio_unhandled_read(s
, addr
);
1031 trace_mptsas_mmio_read(s
, addr
, ret
);
1035 static void mptsas_mmio_write(void *opaque
, hwaddr addr
,
1036 uint64_t val
, unsigned size
)
1038 MPTSASState
*s
= opaque
;
1040 trace_mptsas_mmio_write(s
, addr
, val
);
1042 case MPI_DOORBELL_OFFSET
:
1043 mptsas_doorbell_write(s
, val
);
1046 case MPI_WRITE_SEQUENCE_OFFSET
:
1047 mptsas_write_sequence_write(s
, val
);
1050 case MPI_DIAGNOSTIC_OFFSET
:
1051 if (val
& MPI_DIAG_RESET_ADAPTER
) {
1052 mptsas_hard_reset(s
);
1056 case MPI_HOST_INTERRUPT_STATUS_OFFSET
:
1057 mptsas_interrupt_status_write(s
);
1060 case MPI_HOST_INTERRUPT_MASK_OFFSET
:
1061 s
->intr_mask
= val
& (MPI_HIM_RIM
| MPI_HIM_DIM
);
1062 mptsas_update_interrupt(s
);
1065 case MPI_REQUEST_POST_FIFO_OFFSET
:
1066 if (MPTSAS_FIFO_FULL(s
, request_post
)) {
1067 mptsas_set_fault(s
, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES
);
1069 MPTSAS_FIFO_PUT(s
, request_post
, val
& ~0x03);
1070 qemu_bh_schedule(s
->request_bh
);
1074 case MPI_REPLY_FREE_FIFO_OFFSET
:
1075 if (MPTSAS_FIFO_FULL(s
, reply_free
)) {
1076 mptsas_set_fault(s
, MPI_IOCSTATUS_INSUFFICIENT_RESOURCES
);
1078 MPTSAS_FIFO_PUT(s
, reply_free
, val
);
1083 trace_mptsas_mmio_unhandled_write(s
, addr
, val
);
1088 static const MemoryRegionOps mptsas_mmio_ops
= {
1089 .read
= mptsas_mmio_read
,
1090 .write
= mptsas_mmio_write
,
1091 .endianness
= DEVICE_LITTLE_ENDIAN
,
1093 .min_access_size
= 4,
1094 .max_access_size
= 4,
1098 static const MemoryRegionOps mptsas_port_ops
= {
1099 .read
= mptsas_mmio_read
,
1100 .write
= mptsas_mmio_write
,
1101 .endianness
= DEVICE_LITTLE_ENDIAN
,
1103 .min_access_size
= 4,
1104 .max_access_size
= 4,
1108 static uint64_t mptsas_diag_read(void *opaque
, hwaddr addr
,
1111 MPTSASState
*s
= opaque
;
1112 trace_mptsas_diag_read(s
, addr
, 0);
1116 static void mptsas_diag_write(void *opaque
, hwaddr addr
,
1117 uint64_t val
, unsigned size
)
1119 MPTSASState
*s
= opaque
;
1120 trace_mptsas_diag_write(s
, addr
, val
);
1123 static const MemoryRegionOps mptsas_diag_ops
= {
1124 .read
= mptsas_diag_read
,
1125 .write
= mptsas_diag_write
,
1126 .endianness
= DEVICE_LITTLE_ENDIAN
,
1128 .min_access_size
= 4,
1129 .max_access_size
= 4,
1133 static QEMUSGList
*mptsas_get_sg_list(SCSIRequest
*sreq
)
1135 MPTSASRequest
*req
= sreq
->hba_private
;
1140 static void mptsas_command_complete(SCSIRequest
*sreq
,
1141 uint32_t status
, size_t resid
)
1143 MPTSASRequest
*req
= sreq
->hba_private
;
1144 MPTSASState
*s
= req
->dev
;
1145 uint8_t sense_buf
[SCSI_SENSE_BUF_SIZE
];
1148 hwaddr sense_buffer_addr
= req
->dev
->sense_buffer_high_addr
|
1149 req
->scsi_io
.SenseBufferLowAddr
;
1151 trace_mptsas_command_complete(s
, req
->scsi_io
.MsgContext
, status
, resid
);
1153 sense_len
= scsi_req_get_sense(sreq
, sense_buf
, SCSI_SENSE_BUF_SIZE
);
1154 if (sense_len
> 0) {
1155 pci_dma_write(PCI_DEVICE(s
), sense_buffer_addr
, sense_buf
,
1156 MIN(req
->scsi_io
.SenseBufferLength
, sense_len
));
1159 if (sreq
->status
!= GOOD
|| resid
||
1160 req
->dev
->doorbell_state
== DOORBELL_WRITE
) {
1161 MPIMsgSCSIIOReply reply
;
1163 memset(&reply
, 0, sizeof(reply
));
1164 reply
.TargetID
= req
->scsi_io
.TargetID
;
1165 reply
.Bus
= req
->scsi_io
.Bus
;
1166 reply
.MsgLength
= sizeof(reply
) / 4;
1167 reply
.Function
= req
->scsi_io
.Function
;
1168 reply
.CDBLength
= req
->scsi_io
.CDBLength
;
1169 reply
.SenseBufferLength
= req
->scsi_io
.SenseBufferLength
;
1170 reply
.MsgFlags
= req
->scsi_io
.MsgFlags
;
1171 reply
.MsgContext
= req
->scsi_io
.MsgContext
;
1172 reply
.SCSIStatus
= sreq
->status
;
1173 if (sreq
->status
== GOOD
) {
1174 reply
.TransferCount
= req
->scsi_io
.DataLength
- resid
;
1176 reply
.IOCStatus
= MPI_IOCSTATUS_SCSI_DATA_UNDERRUN
;
1179 reply
.SCSIState
= MPI_SCSI_STATE_AUTOSENSE_VALID
;
1180 reply
.SenseCount
= sense_len
;
1181 reply
.IOCStatus
= MPI_IOCSTATUS_SCSI_DATA_UNDERRUN
;
1184 mptsas_fix_scsi_io_reply_endianness(&reply
);
1185 mptsas_post_reply(req
->dev
, (MPIDefaultReply
*)&reply
);
1187 mptsas_turbo_reply(req
->dev
, req
->scsi_io
.MsgContext
);
1190 mptsas_free_request(req
);
1193 static void mptsas_request_cancelled(SCSIRequest
*sreq
)
1195 MPTSASRequest
*req
= sreq
->hba_private
;
1196 MPIMsgSCSIIOReply reply
;
1198 memset(&reply
, 0, sizeof(reply
));
1199 reply
.TargetID
= req
->scsi_io
.TargetID
;
1200 reply
.Bus
= req
->scsi_io
.Bus
;
1201 reply
.MsgLength
= sizeof(reply
) / 4;
1202 reply
.Function
= req
->scsi_io
.Function
;
1203 reply
.CDBLength
= req
->scsi_io
.CDBLength
;
1204 reply
.SenseBufferLength
= req
->scsi_io
.SenseBufferLength
;
1205 reply
.MsgFlags
= req
->scsi_io
.MsgFlags
;
1206 reply
.MsgContext
= req
->scsi_io
.MsgContext
;
1207 reply
.SCSIState
= MPI_SCSI_STATE_NO_SCSI_STATUS
;
1208 reply
.IOCStatus
= MPI_IOCSTATUS_SCSI_TASK_TERMINATED
;
1210 mptsas_fix_scsi_io_reply_endianness(&reply
);
1211 mptsas_post_reply(req
->dev
, (MPIDefaultReply
*)&reply
);
1212 mptsas_free_request(req
);
1215 static void mptsas_save_request(QEMUFile
*f
, SCSIRequest
*sreq
)
1217 MPTSASRequest
*req
= sreq
->hba_private
;
1220 qemu_put_buffer(f
, (unsigned char *)&req
->scsi_io
, sizeof(req
->scsi_io
));
1221 qemu_put_be32(f
, req
->qsg
.nsg
);
1222 for (i
= 0; i
< req
->qsg
.nsg
; i
++) {
1223 qemu_put_be64(f
, req
->qsg
.sg
[i
].base
);
1224 qemu_put_be64(f
, req
->qsg
.sg
[i
].len
);
1228 static void *mptsas_load_request(QEMUFile
*f
, SCSIRequest
*sreq
)
1230 SCSIBus
*bus
= sreq
->bus
;
1231 MPTSASState
*s
= container_of(bus
, MPTSASState
, bus
);
1232 PCIDevice
*pci
= PCI_DEVICE(s
);
1236 req
= g_new(MPTSASRequest
, 1);
1237 qemu_get_buffer(f
, (unsigned char *)&req
->scsi_io
, sizeof(req
->scsi_io
));
1239 n
= qemu_get_be32(f
);
1240 /* TODO: add a way for SCSIBusInfo's load_request to fail,
1241 * and fail migration instead of asserting here.
1242 * This is just one thing (there are probably more) that must be
1243 * fixed before we can allow NDEBUG compilation.
1247 pci_dma_sglist_init(&req
->qsg
, pci
, n
);
1248 for (i
= 0; i
< n
; i
++) {
1249 uint64_t base
= qemu_get_be64(f
);
1250 uint64_t len
= qemu_get_be64(f
);
1251 qemu_sglist_add(&req
->qsg
, base
, len
);
1261 static const struct SCSIBusInfo mptsas_scsi_info
= {
1263 .max_target
= MPTSAS_NUM_PORTS
,
1266 .get_sg_list
= mptsas_get_sg_list
,
1267 .complete
= mptsas_command_complete
,
1268 .cancel
= mptsas_request_cancelled
,
1269 .save_request
= mptsas_save_request
,
1270 .load_request
= mptsas_load_request
,
1273 static void mptsas_scsi_realize(PCIDevice
*dev
, Error
**errp
)
1275 MPTSASState
*s
= MPT_SAS(dev
);
1279 dev
->config
[PCI_LATENCY_TIMER
] = 0;
1280 dev
->config
[PCI_INTERRUPT_PIN
] = 0x01;
1282 if (s
->msi
!= ON_OFF_AUTO_OFF
) {
1283 ret
= msi_init(dev
, 0, 1, true, false, &err
);
1284 /* Any error other than -ENOTSUP(board's MSI support is broken)
1285 * is a programming error */
1286 assert(!ret
|| ret
== -ENOTSUP
);
1287 if (ret
&& s
->msi
== ON_OFF_AUTO_ON
) {
1288 /* Can't satisfy user's explicit msi=on request, fail */
1289 error_append_hint(&err
, "You have to use msi=auto (default) or "
1290 "msi=off with this machine type.\n");
1291 error_propagate(errp
, err
);
1294 assert(!err
|| s
->msi
== ON_OFF_AUTO_AUTO
);
1295 /* With msi=auto, we fall back to MSI off silently */
1298 /* Only used for migration. */
1299 s
->msi_in_use
= (ret
== 0);
1302 memory_region_init_io(&s
->mmio_io
, OBJECT(s
), &mptsas_mmio_ops
, s
,
1303 "mptsas-mmio", 0x4000);
1304 memory_region_init_io(&s
->port_io
, OBJECT(s
), &mptsas_port_ops
, s
,
1306 memory_region_init_io(&s
->diag_io
, OBJECT(s
), &mptsas_diag_ops
, s
,
1307 "mptsas-diag", 0x10000);
1309 pci_register_bar(dev
, 0, PCI_BASE_ADDRESS_SPACE_IO
, &s
->port_io
);
1310 pci_register_bar(dev
, 1, PCI_BASE_ADDRESS_SPACE_MEMORY
|
1311 PCI_BASE_ADDRESS_MEM_TYPE_32
, &s
->mmio_io
);
1312 pci_register_bar(dev
, 2, PCI_BASE_ADDRESS_SPACE_MEMORY
|
1313 PCI_BASE_ADDRESS_MEM_TYPE_32
, &s
->diag_io
);
1316 s
->sas_addr
= ((NAA_LOCALLY_ASSIGNED_ID
<< 24) |
1317 IEEE_COMPANY_LOCALLY_ASSIGNED
) << 36;
1318 s
->sas_addr
|= (pci_dev_bus_num(dev
) << 16);
1319 s
->sas_addr
|= (PCI_SLOT(dev
->devfn
) << 8);
1320 s
->sas_addr
|= PCI_FUNC(dev
->devfn
);
1322 s
->max_devices
= MPTSAS_NUM_PORTS
;
1324 s
->request_bh
= qemu_bh_new(mptsas_fetch_requests
, s
);
1326 QTAILQ_INIT(&s
->pending
);
1328 scsi_bus_new(&s
->bus
, sizeof(s
->bus
), &dev
->qdev
, &mptsas_scsi_info
, NULL
);
1331 static void mptsas_scsi_uninit(PCIDevice
*dev
)
1333 MPTSASState
*s
= MPT_SAS(dev
);
1335 qemu_bh_delete(s
->request_bh
);
1339 static void mptsas_reset(DeviceState
*dev
)
1341 MPTSASState
*s
= MPT_SAS(dev
);
1343 mptsas_hard_reset(s
);
1346 static int mptsas_post_load(void *opaque
, int version_id
)
1348 MPTSASState
*s
= opaque
;
1350 if (s
->doorbell_idx
> s
->doorbell_cnt
||
1351 s
->doorbell_cnt
> ARRAY_SIZE(s
->doorbell_msg
) ||
1352 s
->doorbell_reply_idx
> s
->doorbell_reply_size
||
1353 s
->doorbell_reply_size
> ARRAY_SIZE(s
->doorbell_reply
) ||
1354 MPTSAS_FIFO_INVALID(s
, request_post
) ||
1355 MPTSAS_FIFO_INVALID(s
, reply_post
) ||
1356 MPTSAS_FIFO_INVALID(s
, reply_free
) ||
1357 s
->diagnostic_idx
> 4) {
1364 static const VMStateDescription vmstate_mptsas
= {
1367 .minimum_version_id
= 0,
1368 .minimum_version_id_old
= 0,
1369 .post_load
= mptsas_post_load
,
1370 .fields
= (VMStateField
[]) {
1371 VMSTATE_PCI_DEVICE(dev
, MPTSASState
),
1372 VMSTATE_BOOL(msi_in_use
, MPTSASState
),
1373 VMSTATE_UINT32(state
, MPTSASState
),
1374 VMSTATE_UINT8(who_init
, MPTSASState
),
1375 VMSTATE_UINT8(doorbell_state
, MPTSASState
),
1376 VMSTATE_UINT32_ARRAY(doorbell_msg
, MPTSASState
, 256),
1377 VMSTATE_INT32(doorbell_idx
, MPTSASState
),
1378 VMSTATE_INT32(doorbell_cnt
, MPTSASState
),
1380 VMSTATE_UINT16_ARRAY(doorbell_reply
, MPTSASState
, 256),
1381 VMSTATE_INT32(doorbell_reply_idx
, MPTSASState
),
1382 VMSTATE_INT32(doorbell_reply_size
, MPTSASState
),
1384 VMSTATE_UINT32(diagnostic
, MPTSASState
),
1385 VMSTATE_UINT8(diagnostic_idx
, MPTSASState
),
1387 VMSTATE_UINT32(intr_status
, MPTSASState
),
1388 VMSTATE_UINT32(intr_mask
, MPTSASState
),
1390 VMSTATE_UINT32_ARRAY(request_post
, MPTSASState
,
1391 MPTSAS_REQUEST_QUEUE_DEPTH
+ 1),
1392 VMSTATE_UINT16(request_post_head
, MPTSASState
),
1393 VMSTATE_UINT16(request_post_tail
, MPTSASState
),
1395 VMSTATE_UINT32_ARRAY(reply_post
, MPTSASState
,
1396 MPTSAS_REPLY_QUEUE_DEPTH
+ 1),
1397 VMSTATE_UINT16(reply_post_head
, MPTSASState
),
1398 VMSTATE_UINT16(reply_post_tail
, MPTSASState
),
1400 VMSTATE_UINT32_ARRAY(reply_free
, MPTSASState
,
1401 MPTSAS_REPLY_QUEUE_DEPTH
+ 1),
1402 VMSTATE_UINT16(reply_free_head
, MPTSASState
),
1403 VMSTATE_UINT16(reply_free_tail
, MPTSASState
),
1405 VMSTATE_UINT16(max_buses
, MPTSASState
),
1406 VMSTATE_UINT16(max_devices
, MPTSASState
),
1407 VMSTATE_UINT16(reply_frame_size
, MPTSASState
),
1408 VMSTATE_UINT64(host_mfa_high_addr
, MPTSASState
),
1409 VMSTATE_UINT64(sense_buffer_high_addr
, MPTSASState
),
1410 VMSTATE_END_OF_LIST()
1414 static Property mptsas_properties
[] = {
1415 DEFINE_PROP_UINT64("sas_address", MPTSASState
, sas_addr
, 0),
1416 /* TODO: test MSI support under Windows */
1417 DEFINE_PROP_ON_OFF_AUTO("msi", MPTSASState
, msi
, ON_OFF_AUTO_AUTO
),
1418 DEFINE_PROP_END_OF_LIST(),
1421 static void mptsas1068_class_init(ObjectClass
*oc
, void *data
)
1423 DeviceClass
*dc
= DEVICE_CLASS(oc
);
1424 PCIDeviceClass
*pc
= PCI_DEVICE_CLASS(oc
);
1426 pc
->realize
= mptsas_scsi_realize
;
1427 pc
->exit
= mptsas_scsi_uninit
;
1429 pc
->vendor_id
= PCI_VENDOR_ID_LSI_LOGIC
;
1430 pc
->device_id
= PCI_DEVICE_ID_LSI_SAS1068
;
1431 pc
->subsystem_vendor_id
= PCI_VENDOR_ID_LSI_LOGIC
;
1432 pc
->subsystem_id
= 0x8000;
1433 pc
->class_id
= PCI_CLASS_STORAGE_SCSI
;
1434 dc
->props
= mptsas_properties
;
1435 dc
->reset
= mptsas_reset
;
1436 dc
->vmsd
= &vmstate_mptsas
;
1437 dc
->desc
= "LSI SAS 1068";
1438 set_bit(DEVICE_CATEGORY_STORAGE
, dc
->categories
);
1441 static const TypeInfo mptsas_info
= {
1442 .name
= TYPE_MPTSAS1068
,
1443 .parent
= TYPE_PCI_DEVICE
,
1444 .instance_size
= sizeof(MPTSASState
),
1445 .class_init
= mptsas1068_class_init
,
1446 .interfaces
= (InterfaceInfo
[]) {
1447 { INTERFACE_CONVENTIONAL_PCI_DEVICE
},
1452 static void mptsas_register_types(void)
1454 type_register(&mptsas_info
);
1457 type_init(mptsas_register_types
)