xref: /onnv-gate/usr/src/uts/common/io/scsi/adapters/mpt_sas/mptsas.c (revision 11920:4618932f3ed5) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright 2010 Sun Microsystems, Inc.  All rights reserved.
24  * Use is subject to license terms.
25  */
26 
27 /*
28  * Copyright (c) 2000 to 2010, LSI Corporation.
29  * All rights reserved.
30  *
31  * Redistribution and use in source and binary forms of all code within
32  * this file that is exclusively owned by LSI, with or without
33  * modification, is permitted provided that, in addition to the CDDL 1.0
34  * License requirements, the following conditions are met:
35  *
36  *    Neither the name of the author nor the names of its contributors may be
37  *    used to endorse or promote products derived from this software without
38  *    specific prior written permission.
39  *
40  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
41  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
42  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
43  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
44  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
45  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
46  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
47  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
48  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
49  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
50  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
51  * DAMAGE.
52  */
53 
54 /*
55  * mptsas - This is a driver based on LSI Logic's MPT2.0 interface.
56  *
57  */
58 
59 #if defined(lint) || defined(DEBUG)
60 #define	MPTSAS_DEBUG
61 #endif
62 
63 /*
64  * standard header files.
65  */
66 #include <sys/note.h>
67 #include <sys/scsi/scsi.h>
68 #include <sys/pci.h>
69 #include <sys/file.h>
70 #include <sys/policy.h>
71 #include <sys/sysevent.h>
72 #include <sys/sysevent/eventdefs.h>
73 #include <sys/sysevent/dr.h>
74 #include <sys/sata/sata_defs.h>
75 
76 #pragma pack(1)
77 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_type.h>
78 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2.h>
79 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_cnfg.h>
80 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_init.h>
81 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_ioc.h>
82 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_sas.h>
83 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_tool.h>
84 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_raid.h>
85 #pragma pack()
86 
87 /*
88  * private header files.
89  *
90  */
91 #include <sys/scsi/impl/scsi_reset_notify.h>
92 #include <sys/scsi/adapters/mpt_sas/mptsas_var.h>
93 #include <sys/scsi/adapters/mpt_sas/mptsas_ioctl.h>
94 #include <sys/raidioctl.h>
95 
96 #include <sys/fs/dv_node.h>	/* devfs_clean */
97 
98 /*
99  * FMA header files
100  */
101 #include <sys/ddifm.h>
102 #include <sys/fm/protocol.h>
103 #include <sys/fm/util.h>
104 #include <sys/fm/io/ddi.h>
105 
106 /*
107  * autoconfiguration data and routines.
108  */
109 static int mptsas_attach(dev_info_t *dip, ddi_attach_cmd_t cmd);
110 static int mptsas_detach(dev_info_t *devi, ddi_detach_cmd_t cmd);
111 static int mptsas_power(dev_info_t *dip, int component, int level);
112 
113 /*
114  * cb_ops function
115  */
116 static int mptsas_ioctl(dev_t dev, int cmd, intptr_t data, int mode,
117 	cred_t *credp, int *rval);
118 #ifdef __sparc
119 static int mptsas_reset(dev_info_t *devi, ddi_reset_cmd_t cmd);
120 #else  /* __sparc */
121 static int mptsas_quiesce(dev_info_t *devi);
122 #endif	/* __sparc */
123 
124 /*
125  * Resource initilaization for hardware
126  */
127 static void mptsas_setup_cmd_reg(mptsas_t *mpt);
128 static void mptsas_disable_bus_master(mptsas_t *mpt);
129 static void mptsas_hba_fini(mptsas_t *mpt);
130 static void mptsas_cfg_fini(mptsas_t *mptsas_blkp);
131 static int mptsas_alloc_request_frames(mptsas_t *mpt);
132 static int mptsas_alloc_reply_frames(mptsas_t *mpt);
133 static int mptsas_alloc_free_queue(mptsas_t *mpt);
134 static int mptsas_alloc_post_queue(mptsas_t *mpt);
135 static int mptsas_alloc_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd);
136 static void mptsas_free_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd);
137 
138 /*
139  * SCSA function prototypes
140  */
141 static int mptsas_scsi_start(struct scsi_address *ap, struct scsi_pkt *pkt);
142 static int mptsas_scsi_reset(struct scsi_address *ap, int level);
143 static int mptsas_scsi_abort(struct scsi_address *ap, struct scsi_pkt *pkt);
144 static int mptsas_scsi_getcap(struct scsi_address *ap, char *cap, int tgtonly);
145 static int mptsas_scsi_setcap(struct scsi_address *ap, char *cap, int value,
146     int tgtonly);
147 static void mptsas_scsi_dmafree(struct scsi_address *ap, struct scsi_pkt *pkt);
148 static struct scsi_pkt *mptsas_scsi_init_pkt(struct scsi_address *ap,
149     struct scsi_pkt *pkt, struct buf *bp, int cmdlen, int statuslen,
150 	int tgtlen, int flags, int (*callback)(), caddr_t arg);
151 static void mptsas_scsi_sync_pkt(struct scsi_address *ap, struct scsi_pkt *pkt);
152 static void mptsas_scsi_destroy_pkt(struct scsi_address *ap,
153     struct scsi_pkt *pkt);
154 static int mptsas_scsi_tgt_init(dev_info_t *hba_dip, dev_info_t *tgt_dip,
155     scsi_hba_tran_t *hba_tran, struct scsi_device *sd);
156 static void mptsas_scsi_tgt_free(dev_info_t *hba_dip, dev_info_t *tgt_dip,
157     scsi_hba_tran_t *hba_tran, struct scsi_device *sd);
158 static int mptsas_scsi_reset_notify(struct scsi_address *ap, int flag,
159     void (*callback)(caddr_t), caddr_t arg);
160 static int mptsas_get_name(struct scsi_device *sd, char *name, int len);
161 static int mptsas_get_bus_addr(struct scsi_device *sd, char *name, int len);
162 static int mptsas_scsi_quiesce(dev_info_t *dip);
163 static int mptsas_scsi_unquiesce(dev_info_t *dip);
164 static int mptsas_bus_config(dev_info_t *pdip, uint_t flags,
165     ddi_bus_config_op_t op, void *arg, dev_info_t **childp);
166 
167 /*
168  * SMP functions
169  */
170 static int mptsas_smp_start(struct smp_pkt *smp_pkt);
171 
172 /*
173  * internal function prototypes.
174  */
175 static int mptsas_quiesce_bus(mptsas_t *mpt);
176 static int mptsas_unquiesce_bus(mptsas_t *mpt);
177 
178 static int mptsas_alloc_handshake_msg(mptsas_t *mpt, size_t alloc_size);
179 static void mptsas_free_handshake_msg(mptsas_t *mpt);
180 
181 static void mptsas_ncmds_checkdrain(void *arg);
182 
183 static int mptsas_prepare_pkt(mptsas_cmd_t *cmd);
184 static int mptsas_accept_pkt(mptsas_t *mpt, mptsas_cmd_t *sp);
185 static int mptsas_accept_txwq_and_pkt(mptsas_t *mpt, mptsas_cmd_t *sp);
186 static void mptsas_accept_tx_waitq(mptsas_t *mpt);
187 
188 static int mptsas_do_detach(dev_info_t *dev);
189 static int mptsas_do_scsi_reset(mptsas_t *mpt, uint16_t devhdl);
190 static int mptsas_do_scsi_abort(mptsas_t *mpt, int target, int lun,
191     struct scsi_pkt *pkt);
192 static int mptsas_scsi_capchk(char *cap, int tgtonly, int *cidxp);
193 
194 static void mptsas_handle_qfull(mptsas_t *mpt, mptsas_cmd_t *cmd);
195 static void mptsas_handle_event(void *args);
196 static int mptsas_handle_event_sync(void *args);
197 static void mptsas_handle_dr(void *args);
198 static void mptsas_handle_topo_change(mptsas_topo_change_list_t *topo_node,
199     dev_info_t *pdip);
200 
201 static void mptsas_restart_cmd(void *);
202 
203 static void mptsas_flush_hba(mptsas_t *mpt);
204 static void mptsas_flush_target(mptsas_t *mpt, ushort_t target, int lun,
205 	uint8_t tasktype);
206 static void mptsas_set_pkt_reason(mptsas_t *mpt, mptsas_cmd_t *cmd,
207     uchar_t reason, uint_t stat);
208 
209 static uint_t mptsas_intr(caddr_t arg1, caddr_t arg2);
210 static void mptsas_process_intr(mptsas_t *mpt,
211     pMpi2ReplyDescriptorsUnion_t reply_desc_union);
212 static void mptsas_handle_scsi_io_success(mptsas_t *mpt,
213     pMpi2ReplyDescriptorsUnion_t reply_desc);
214 static void mptsas_handle_address_reply(mptsas_t *mpt,
215     pMpi2ReplyDescriptorsUnion_t reply_desc);
216 static int mptsas_wait_intr(mptsas_t *mpt, int polltime);
217 static void mptsas_sge_setup(mptsas_t *mpt, mptsas_cmd_t *cmd,
218     uint32_t *control, pMpi2SCSIIORequest_t frame, ddi_acc_handle_t acc_hdl);
219 
220 static void mptsas_watch(void *arg);
221 static void mptsas_watchsubr(mptsas_t *mpt);
222 static void mptsas_cmd_timeout(mptsas_t *mpt, uint16_t devhdl);
223 
224 static void mptsas_start_passthru(mptsas_t *mpt, mptsas_cmd_t *cmd);
225 static int mptsas_do_passthru(mptsas_t *mpt, uint8_t *request, uint8_t *reply,
226     uint8_t *data, uint32_t request_size, uint32_t reply_size,
227     uint32_t data_size, uint32_t direction, uint8_t *dataout,
228     uint32_t dataout_size, short timeout, int mode);
229 static int mptsas_free_devhdl(mptsas_t *mpt, uint16_t devhdl);
230 
231 static uint8_t mptsas_get_fw_diag_buffer_number(mptsas_t *mpt,
232     uint32_t unique_id);
233 static void mptsas_start_diag(mptsas_t *mpt, mptsas_cmd_t *cmd);
234 static int mptsas_post_fw_diag_buffer(mptsas_t *mpt,
235     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code);
236 static int mptsas_release_fw_diag_buffer(mptsas_t *mpt,
237     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code,
238     uint32_t diag_type);
239 static int mptsas_diag_register(mptsas_t *mpt,
240     mptsas_fw_diag_register_t *diag_register, uint32_t *return_code);
241 static int mptsas_diag_unregister(mptsas_t *mpt,
242     mptsas_fw_diag_unregister_t *diag_unregister, uint32_t *return_code);
243 static int mptsas_diag_query(mptsas_t *mpt, mptsas_fw_diag_query_t *diag_query,
244     uint32_t *return_code);
245 static int mptsas_diag_read_buffer(mptsas_t *mpt,
246     mptsas_diag_read_buffer_t *diag_read_buffer, uint8_t *ioctl_buf,
247     uint32_t *return_code, int ioctl_mode);
248 static int mptsas_diag_release(mptsas_t *mpt,
249     mptsas_fw_diag_release_t *diag_release, uint32_t *return_code);
250 static int mptsas_do_diag_action(mptsas_t *mpt, uint32_t action,
251     uint8_t *diag_action, uint32_t length, uint32_t *return_code,
252     int ioctl_mode);
253 static int mptsas_diag_action(mptsas_t *mpt, mptsas_diag_action_t *data,
254     int mode);
255 
256 static int mptsas_pkt_alloc_extern(mptsas_t *mpt, mptsas_cmd_t *cmd,
257     int cmdlen, int tgtlen, int statuslen, int kf);
258 static void mptsas_pkt_destroy_extern(mptsas_t *mpt, mptsas_cmd_t *cmd);
259 
260 static int mptsas_kmem_cache_constructor(void *buf, void *cdrarg, int kmflags);
261 static void mptsas_kmem_cache_destructor(void *buf, void *cdrarg);
262 
263 static int mptsas_cache_frames_constructor(void *buf, void *cdrarg,
264     int kmflags);
265 static void mptsas_cache_frames_destructor(void *buf, void *cdrarg);
266 
267 static void mptsas_check_scsi_io_error(mptsas_t *mpt, pMpi2SCSIIOReply_t reply,
268     mptsas_cmd_t *cmd);
269 static void mptsas_check_task_mgt(mptsas_t *mpt,
270     pMpi2SCSIManagementReply_t reply, mptsas_cmd_t *cmd);
271 static int mptsas_send_scsi_cmd(mptsas_t *mpt, struct scsi_address *ap,
272     mptsas_target_t *ptgt, uchar_t *cdb, int cdblen, struct buf *data_bp,
273     int *resid);
274 
275 static int mptsas_alloc_active_slots(mptsas_t *mpt, int flag);
276 static int mptsas_start_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd);
277 
278 static void mptsas_restart_hba(mptsas_t *mpt);
279 static void mptsas_restart_waitq(mptsas_t *mpt);
280 
281 static void mptsas_deliver_doneq_thread(mptsas_t *mpt);
282 static void mptsas_doneq_add(mptsas_t *mpt, mptsas_cmd_t *cmd);
283 static void mptsas_doneq_mv(mptsas_t *mpt, uint64_t t);
284 
285 static mptsas_cmd_t *mptsas_doneq_thread_rm(mptsas_t *mpt, uint64_t t);
286 static void mptsas_doneq_empty(mptsas_t *mpt);
287 static void mptsas_doneq_thread(mptsas_doneq_thread_arg_t *arg);
288 
289 static mptsas_cmd_t *mptsas_waitq_rm(mptsas_t *mpt);
290 static void mptsas_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd);
291 static mptsas_cmd_t *mptsas_tx_waitq_rm(mptsas_t *mpt);
292 static void mptsas_tx_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd);
293 
294 
295 static void mptsas_start_watch_reset_delay();
296 static void mptsas_setup_bus_reset_delay(mptsas_t *mpt);
297 static void mptsas_watch_reset_delay(void *arg);
298 static int mptsas_watch_reset_delay_subr(mptsas_t *mpt);
299 
300 /*
301  * helper functions
302  */
303 static void mptsas_dump_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd);
304 
305 static dev_info_t *mptsas_find_child(dev_info_t *pdip, char *name);
306 static dev_info_t *mptsas_find_child_phy(dev_info_t *pdip, uint8_t phy);
307 static dev_info_t *mptsas_find_child_addr(dev_info_t *pdip, uint64_t sasaddr,
308     int lun);
309 static mdi_pathinfo_t *mptsas_find_path_addr(dev_info_t *pdip, uint64_t sasaddr,
310     int lun);
311 static mdi_pathinfo_t *mptsas_find_path_phy(dev_info_t *pdip, uint8_t phy);
312 static dev_info_t *mptsas_find_smp_child(dev_info_t *pdip, char *str_wwn);
313 
314 static int mptsas_parse_address(char *name, uint64_t *wwid, uint8_t *phy,
315     int *lun);
316 static int mptsas_parse_smp_name(char *name, uint64_t *wwn);
317 
318 static mptsas_target_t *mptsas_phy_to_tgt(dev_info_t *pdip, uint8_t phy);
319 static mptsas_target_t *mptsas_wwid_to_ptgt(mptsas_t *mpt, int port,
320     uint64_t wwid);
321 static mptsas_smp_t *mptsas_wwid_to_psmp(mptsas_t *mpt, int port,
322     uint64_t wwid);
323 
324 static int mptsas_inquiry(mptsas_t *mpt, mptsas_target_t *ptgt, int lun,
325     uchar_t page, unsigned char *buf, int len, int *rlen, uchar_t evpd);
326 
327 static int mptsas_get_target_device_info(mptsas_t *mpt, uint32_t page_address,
328     uint16_t *handle, mptsas_target_t **pptgt);
329 static void mptsas_update_phymask(mptsas_t *mpt);
330 
331 /*
332  * Enumeration / DR functions
333  */
334 static void mptsas_config_all(dev_info_t *pdip);
335 static int mptsas_config_one_addr(dev_info_t *pdip, uint64_t sasaddr, int lun,
336     dev_info_t **lundip);
337 static int mptsas_config_one_phy(dev_info_t *pdip, uint8_t phy, int lun,
338     dev_info_t **lundip);
339 
340 static int mptsas_config_target(dev_info_t *pdip, mptsas_target_t *ptgt);
341 static int mptsas_offline_target(dev_info_t *pdip, char *name);
342 
343 static int mptsas_config_raid(dev_info_t *pdip, uint16_t target,
344     dev_info_t **dip);
345 
346 static int mptsas_config_luns(dev_info_t *pdip, mptsas_target_t *ptgt);
347 static int mptsas_probe_lun(dev_info_t *pdip, int lun,
348     dev_info_t **dip, mptsas_target_t *ptgt);
349 
350 static int mptsas_create_lun(dev_info_t *pdip, struct scsi_inquiry *sd_inq,
351     dev_info_t **dip, mptsas_target_t *ptgt, int lun);
352 
353 static int mptsas_create_phys_lun(dev_info_t *pdip, struct scsi_inquiry *sd,
354     char *guid, dev_info_t **dip, mptsas_target_t *ptgt, int lun);
355 static int mptsas_create_virt_lun(dev_info_t *pdip, struct scsi_inquiry *sd,
356     char *guid, dev_info_t **dip, mdi_pathinfo_t **pip, mptsas_target_t *ptgt,
357     int lun);
358 
359 static void mptsas_offline_missed_luns(dev_info_t *pdip,
360     uint16_t *repluns, int lun_cnt, mptsas_target_t *ptgt);
361 static int mptsas_offline_lun(dev_info_t *pdip, dev_info_t *rdip,
362     mdi_pathinfo_t *rpip, uint_t flags);
363 
364 static int mptsas_config_smp(dev_info_t *pdip, uint64_t sas_wwn,
365     dev_info_t **smp_dip);
366 static int mptsas_offline_smp(dev_info_t *pdip, mptsas_smp_t *smp_node,
367     uint_t flags);
368 
369 static int mptsas_event_query(mptsas_t *mpt, mptsas_event_query_t *data,
370     int mode, int *rval);
371 static int mptsas_event_enable(mptsas_t *mpt, mptsas_event_enable_t *data,
372     int mode, int *rval);
373 static int mptsas_event_report(mptsas_t *mpt, mptsas_event_report_t *data,
374     int mode, int *rval);
375 static void mptsas_record_event(void *args);
376 static int mptsas_reg_access(mptsas_t *mpt, mptsas_reg_access_t *data,
377     int mode);
378 
379 static void mptsas_hash_init(mptsas_hash_table_t *hashtab);
380 static void mptsas_hash_uninit(mptsas_hash_table_t *hashtab, size_t datalen);
381 static void mptsas_hash_add(mptsas_hash_table_t *hashtab, void *data);
382 static void * mptsas_hash_rem(mptsas_hash_table_t *hashtab, uint64_t key1,
383     uint8_t key2);
384 static void * mptsas_hash_search(mptsas_hash_table_t *hashtab, uint64_t key1,
385     uint8_t key2);
386 static void * mptsas_hash_traverse(mptsas_hash_table_t *hashtab, int pos);
387 
388 mptsas_target_t *mptsas_tgt_alloc(mptsas_hash_table_t *, uint16_t, uint64_t,
389     uint32_t, uint8_t, uint8_t);
390 static mptsas_smp_t *mptsas_smp_alloc(mptsas_hash_table_t *hashtab,
391     mptsas_smp_t *data);
392 static void mptsas_smp_free(mptsas_hash_table_t *hashtab, uint64_t wwid,
393     uint8_t physport);
394 static void mptsas_tgt_free(mptsas_hash_table_t *, uint64_t, uint8_t);
395 static void * mptsas_search_by_devhdl(mptsas_hash_table_t *, uint16_t);
396 static int mptsas_online_smp(dev_info_t *pdip, mptsas_smp_t *smp_node,
397     dev_info_t **smp_dip);
398 
399 /*
400  * Power management functions
401  */
402 static void mptsas_idle_pm(void *arg);
403 static int mptsas_init_pm(mptsas_t *mpt);
404 
405 /*
406  * MPT MSI tunable:
407  *
408  * By default MSI is enabled on all supported platforms.
409  */
410 boolean_t mptsas_enable_msi = B_TRUE;
411 
412 static int mptsas_add_intrs(mptsas_t *, int);
413 static void mptsas_rem_intrs(mptsas_t *);
414 
415 /*
416  * FMA Prototypes
417  */
418 static void mptsas_fm_init(mptsas_t *mpt);
419 static void mptsas_fm_fini(mptsas_t *mpt);
420 static int mptsas_fm_error_cb(dev_info_t *, ddi_fm_error_t *, const void *);
421 
422 extern pri_t minclsyspri, maxclsyspri;
423 
424 /*
425  * This device is created by the SCSI pseudo nexus driver (SCSI vHCI).  It is
426  * under this device that the paths to a physical device are created when
427  * MPxIO is used.
428  */
429 extern dev_info_t	*scsi_vhci_dip;
430 
431 /*
432  * Tunable timeout value for Inquiry VPD page 0x83
433  * By default the value is 30 seconds.
434  */
435 int mptsas_inq83_retry_timeout = 30;
436 
437 /*
438  * This is used to allocate memory for message frame storage, not for
439  * data I/O DMA. All message frames must be stored in the first 4G of
440  * physical memory.
441  */
442 ddi_dma_attr_t mptsas_dma_attrs = {
443 	DMA_ATTR_V0,	/* attribute layout version		*/
444 	0x0ull,		/* address low - should be 0 (longlong)	*/
445 	0xffffffffull,	/* address high - 32-bit max range	*/
446 	0x00ffffffull,	/* count max - max DMA object size	*/
447 	4,		/* allocation alignment requirements	*/
448 	0x78,		/* burstsizes - binary encoded values	*/
449 	1,		/* minxfer - gran. of DMA engine	*/
450 	0x00ffffffull,	/* maxxfer - gran. of DMA engine	*/
451 	0xffffffffull,	/* max segment size (DMA boundary)	*/
452 	MPTSAS_MAX_DMA_SEGS, /* scatter/gather list length	*/
453 	512,		/* granularity - device transfer size	*/
454 	0		/* flags, set to 0			*/
455 };
456 
457 /*
458  * This is used for data I/O DMA memory allocation. (full 64-bit DMA
459  * physical addresses are supported.)
460  */
461 ddi_dma_attr_t mptsas_dma_attrs64 = {
462 	DMA_ATTR_V0,	/* attribute layout version		*/
463 	0x0ull,		/* address low - should be 0 (longlong)	*/
464 	0xffffffffffffffffull,	/* address high - 64-bit max	*/
465 	0x00ffffffull,	/* count max - max DMA object size	*/
466 	4,		/* allocation alignment requirements	*/
467 	0x78,		/* burstsizes - binary encoded values	*/
468 	1,		/* minxfer - gran. of DMA engine	*/
469 	0x00ffffffull,	/* maxxfer - gran. of DMA engine	*/
470 	0xffffffffull,	/* max segment size (DMA boundary)	*/
471 	MPTSAS_MAX_DMA_SEGS, /* scatter/gather list length	*/
472 	512,		/* granularity - device transfer size	*/
473 	DDI_DMA_RELAXED_ORDERING	/* flags, enable relaxed ordering */
474 };
475 
476 ddi_device_acc_attr_t mptsas_dev_attr = {
477 	DDI_DEVICE_ATTR_V1,
478 	DDI_STRUCTURE_LE_ACC,
479 	DDI_STRICTORDER_ACC,
480 	DDI_DEFAULT_ACC
481 };
482 
483 static struct cb_ops mptsas_cb_ops = {
484 	scsi_hba_open,		/* open */
485 	scsi_hba_close,		/* close */
486 	nodev,			/* strategy */
487 	nodev,			/* print */
488 	nodev,			/* dump */
489 	nodev,			/* read */
490 	nodev,			/* write */
491 	mptsas_ioctl,		/* ioctl */
492 	nodev,			/* devmap */
493 	nodev,			/* mmap */
494 	nodev,			/* segmap */
495 	nochpoll,		/* chpoll */
496 	ddi_prop_op,		/* cb_prop_op */
497 	NULL,			/* streamtab */
498 	D_MP,			/* cb_flag */
499 	CB_REV,			/* rev */
500 	nodev,			/* aread */
501 	nodev			/* awrite */
502 };
503 
504 static struct dev_ops mptsas_ops = {
505 	DEVO_REV,		/* devo_rev, */
506 	0,			/* refcnt  */
507 	ddi_no_info,		/* info */
508 	nulldev,		/* identify */
509 	nulldev,		/* probe */
510 	mptsas_attach,		/* attach */
511 	mptsas_detach,		/* detach */
512 #ifdef  __sparc
513 	mptsas_reset,
514 #else
515 	nodev,			/* reset */
516 #endif  /* __sparc */
517 	&mptsas_cb_ops,		/* driver operations */
518 	NULL,			/* bus operations */
519 	mptsas_power,		/* power management */
520 #ifdef	__sparc
521 	ddi_quiesce_not_needed
522 #else
523 	mptsas_quiesce		/* quiesce */
524 #endif	/* __sparc */
525 };
526 
527 
528 #define	MPTSAS_MOD_STRING "MPTSAS HBA Driver 00.00.00.22"
529 
530 static struct modldrv modldrv = {
531 	&mod_driverops,	/* Type of module. This one is a driver */
532 	MPTSAS_MOD_STRING, /* Name of the module. */
533 	&mptsas_ops,	/* driver ops */
534 };
535 
536 static struct modlinkage modlinkage = {
537 	MODREV_1, &modldrv, NULL
538 };
539 #define	TARGET_PROP	"target"
540 #define	LUN_PROP	"lun"
541 #define	SAS_PROP	"sas-mpt"
542 #define	MDI_GUID	"wwn"
543 #define	NDI_GUID	"guid"
544 #define	MPTSAS_DEV_GONE	"mptsas_dev_gone"
545 
546 /*
547  * Local static data
548  */
549 #if defined(MPTSAS_DEBUG)
550 uint32_t mptsas_debug_flags = 0;
551 #endif	/* defined(MPTSAS_DEBUG) */
552 uint32_t mptsas_debug_resets = 0;
553 
554 static kmutex_t		mptsas_global_mutex;
555 static void		*mptsas_state;		/* soft	state ptr */
556 static krwlock_t	mptsas_global_rwlock;
557 
558 static kmutex_t		mptsas_log_mutex;
559 static char		mptsas_log_buf[256];
560 _NOTE(MUTEX_PROTECTS_DATA(mptsas_log_mutex, mptsas_log_buf))
561 
562 static mptsas_t *mptsas_head, *mptsas_tail;
563 static clock_t mptsas_scsi_watchdog_tick;
564 static clock_t mptsas_tick;
565 static timeout_id_t mptsas_reset_watch;
566 static timeout_id_t mptsas_timeout_id;
567 static int mptsas_timeouts_enabled = 0;
568 
569 /*
570  * warlock directives
571  */
572 _NOTE(SCHEME_PROTECTS_DATA("unique per pkt", scsi_pkt \
573 	mptsas_cmd NcrTableIndirect buf scsi_cdb scsi_status))
574 _NOTE(SCHEME_PROTECTS_DATA("unique per pkt", smp_pkt))
575 _NOTE(SCHEME_PROTECTS_DATA("stable data", scsi_device scsi_address))
576 _NOTE(SCHEME_PROTECTS_DATA("No Mutex Needed", mptsas_tgt_private))
577 _NOTE(SCHEME_PROTECTS_DATA("No Mutex Needed", scsi_hba_tran::tran_tgt_private))
578 
579 #ifdef MPTSAS_DEBUG
580 void debug_enter(char *);
581 #endif
582 
583 /*
584  * Notes:
585  *	- scsi_hba_init(9F) initializes SCSI HBA modules
586  *	- must call scsi_hba_fini(9F) if modload() fails
587  */
588 int
589 _init(void)
590 {
591 	int status;
592 	/* CONSTCOND */
593 	ASSERT(NO_COMPETING_THREADS);
594 
595 	NDBG0(("_init"));
596 
597 	status = ddi_soft_state_init(&mptsas_state, MPTSAS_SIZE,
598 	    MPTSAS_INITIAL_SOFT_SPACE);
599 	if (status != 0) {
600 		return (status);
601 	}
602 
603 	if ((status = scsi_hba_init(&modlinkage)) != 0) {
604 		ddi_soft_state_fini(&mptsas_state);
605 		return (status);
606 	}
607 
608 	mutex_init(&mptsas_global_mutex, NULL, MUTEX_DRIVER, NULL);
609 	rw_init(&mptsas_global_rwlock, NULL, RW_DRIVER, NULL);
610 	mutex_init(&mptsas_log_mutex, NULL, MUTEX_DRIVER, NULL);
611 
612 	if ((status = mod_install(&modlinkage)) != 0) {
613 		mutex_destroy(&mptsas_log_mutex);
614 		rw_destroy(&mptsas_global_rwlock);
615 		mutex_destroy(&mptsas_global_mutex);
616 		ddi_soft_state_fini(&mptsas_state);
617 		scsi_hba_fini(&modlinkage);
618 	}
619 
620 	return (status);
621 }
622 
623 /*
624  * Notes:
625  *	- scsi_hba_fini(9F) uninitializes SCSI HBA modules
626  */
627 int
628 _fini(void)
629 {
630 	int	status;
631 	/* CONSTCOND */
632 	ASSERT(NO_COMPETING_THREADS);
633 
634 	NDBG0(("_fini"));
635 
636 	if ((status = mod_remove(&modlinkage)) == 0) {
637 		ddi_soft_state_fini(&mptsas_state);
638 		scsi_hba_fini(&modlinkage);
639 		mutex_destroy(&mptsas_global_mutex);
640 		rw_destroy(&mptsas_global_rwlock);
641 		mutex_destroy(&mptsas_log_mutex);
642 	}
643 	return (status);
644 }
645 
646 /*
647  * The loadable-module _info(9E) entry point
648  */
649 int
650 _info(struct modinfo *modinfop)
651 {
652 	/* CONSTCOND */
653 	ASSERT(NO_COMPETING_THREADS);
654 	NDBG0(("mptsas _info"));
655 
656 	return (mod_info(&modlinkage, modinfop));
657 }
658 
659 
660 static int
661 mptsas_iport_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
662 {
663 	dev_info_t		*pdip;
664 	mptsas_t		*mpt;
665 	scsi_hba_tran_t		*hba_tran;
666 	char			*iport = NULL;
667 	char			phymask[8];
668 	uint8_t			phy_mask = 0;
669 	int			physport = -1;
670 	int			dynamic_port = 0;
671 	uint32_t		page_address;
672 	char			initiator_wwnstr[MPTSAS_WWN_STRLEN];
673 	int			rval = DDI_FAILURE;
674 	int			i = 0;
675 	uint64_t		wwid = 0;
676 	uint8_t			portwidth = 0;
677 
678 	/* CONSTCOND */
679 	ASSERT(NO_COMPETING_THREADS);
680 
681 	switch (cmd) {
682 	case DDI_ATTACH:
683 		break;
684 
685 	case DDI_RESUME:
686 		/*
687 		 * If this a scsi-iport node, nothing to do here.
688 		 */
689 		return (DDI_SUCCESS);
690 
691 	default:
692 		return (DDI_FAILURE);
693 	}
694 
695 	pdip = ddi_get_parent(dip);
696 
697 	if ((hba_tran = ndi_flavorv_get(pdip, SCSA_FLAVOR_SCSI_DEVICE)) ==
698 	    NULL) {
699 		cmn_err(CE_WARN, "Failed attach iport because fail to "
700 		    "get tran vector for the HBA node");
701 		return (DDI_FAILURE);
702 	}
703 
704 	mpt = TRAN2MPT(hba_tran);
705 	ASSERT(mpt != NULL);
706 	if (mpt == NULL)
707 		return (DDI_FAILURE);
708 
709 	if ((hba_tran = ndi_flavorv_get(dip, SCSA_FLAVOR_SCSI_DEVICE)) ==
710 	    NULL) {
711 		mptsas_log(mpt, CE_WARN, "Failed attach iport because fail to "
712 		    "get tran vector for the iport node");
713 		return (DDI_FAILURE);
714 	}
715 
716 	/*
717 	 * Overwrite parent's tran_hba_private to iport's tran vector
718 	 */
719 	hba_tran->tran_hba_private = mpt;
720 
721 	ddi_report_dev(dip);
722 
723 	/*
724 	 * Get SAS address for initiator port according dev_handle
725 	 */
726 	iport = ddi_get_name_addr(dip);
727 	if (iport && strncmp(iport, "v0", 2) == 0) {
728 		return (DDI_SUCCESS);
729 	}
730 
731 	mutex_enter(&mpt->m_mutex);
732 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
733 		bzero(phymask, sizeof (phymask));
734 		(void) sprintf(phymask, "%x", mpt->m_phy_info[i].phy_mask);
735 		if (strcmp(phymask, iport) == 0) {
736 			break;
737 		}
738 	}
739 
740 	if (i == MPTSAS_MAX_PHYS) {
741 		mptsas_log(mpt, CE_WARN, "Failed attach port %s because port"
742 		    "seems not exist", iport);
743 		mutex_exit(&mpt->m_mutex);
744 		return (DDI_FAILURE);
745 	}
746 
747 	phy_mask = mpt->m_phy_info[i].phy_mask;
748 	physport = mpt->m_phy_info[i].port_num;
749 
750 	if (mpt->m_phy_info[i].port_flags & AUTO_PORT_CONFIGURATION)
751 		dynamic_port = 1;
752 	else
753 		dynamic_port = 0;
754 
755 	page_address = (MPI2_SASPORT_PGAD_FORM_PORT_NUM |
756 	    (MPI2_SASPORT_PGAD_PORTNUMBER_MASK & physport));
757 
758 	rval = mptsas_get_sas_port_page0(mpt, page_address, &wwid, &portwidth);
759 	if (rval != DDI_SUCCESS) {
760 		mptsas_log(mpt, CE_WARN, "Failed attach port %s because get"
761 		    "SAS address of initiator failed!", iport);
762 		mutex_exit(&mpt->m_mutex);
763 		return (DDI_FAILURE);
764 	}
765 	mutex_exit(&mpt->m_mutex);
766 
767 	bzero(initiator_wwnstr, sizeof (initiator_wwnstr));
768 	(void) sprintf(initiator_wwnstr, "%016"PRIx64,
769 	    wwid);
770 
771 	if (ddi_prop_update_string(DDI_DEV_T_NONE, dip,
772 	    "initiator-port", initiator_wwnstr) !=
773 	    DDI_PROP_SUCCESS) {
774 		(void) ddi_prop_remove(DDI_DEV_T_NONE, dip, "initiator-port");
775 		return (DDI_FAILURE);
776 	}
777 
778 	if (ddi_prop_update_int(DDI_DEV_T_NONE, dip,
779 	    "phymask", phy_mask) !=
780 	    DDI_PROP_SUCCESS) {
781 		(void) ddi_prop_remove(DDI_DEV_T_NONE, dip, "phymask");
782 		return (DDI_FAILURE);
783 	}
784 
785 	if (ddi_prop_update_int(DDI_DEV_T_NONE, dip,
786 	    "dynamic-port", dynamic_port) !=
787 	    DDI_PROP_SUCCESS) {
788 		(void) ddi_prop_remove(DDI_DEV_T_NONE, dip, "dynamic-port");
789 		return (DDI_FAILURE);
790 	}
791 	/*
792 	 * register sas hba iport with mdi (MPxIO/vhci)
793 	 */
794 	if (mdi_phci_register(MDI_HCI_CLASS_SCSI,
795 	    dip, 0) == MDI_SUCCESS) {
796 		mpt->m_mpxio_enable = TRUE;
797 	}
798 	return (DDI_SUCCESS);
799 }
800 
801 /*
802  * Notes:
803  *	Set up all device state and allocate data structures,
804  *	mutexes, condition variables, etc. for device operation.
805  *	Add interrupts needed.
806  *	Return DDI_SUCCESS if device is ready, else return DDI_FAILURE.
807  */
808 static int
809 mptsas_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
810 {
811 	mptsas_t		*mpt = NULL;
812 	int			instance, i, j;
813 	int			doneq_thread_num;
814 	char			buf[64];
815 	char			intr_added = 0;
816 	char			map_setup = 0;
817 	char			config_setup = 0;
818 	char			hba_attach_setup = 0;
819 	char			smp_attach_setup = 0;
820 	char			mutex_init_done = 0;
821 	char			event_taskq_create = 0;
822 	char			dr_taskq_create = 0;
823 	char			doneq_thread_create = 0;
824 	scsi_hba_tran_t		*hba_tran;
825 	int			intr_types;
826 	uint_t			mem_bar = MEM_SPACE;
827 	uint8_t			mask = 0x0;
828 	int			tran_flags = 0;
829 	int			rval = DDI_FAILURE;
830 
831 	/* CONSTCOND */
832 	ASSERT(NO_COMPETING_THREADS);
833 
834 	if (scsi_hba_iport_unit_address(dip)) {
835 		return (mptsas_iport_attach(dip, cmd));
836 	}
837 
838 	switch (cmd) {
839 	case DDI_ATTACH:
840 		break;
841 
842 	case DDI_RESUME:
843 		if ((hba_tran = ddi_get_driver_private(dip)) == NULL)
844 			return (DDI_FAILURE);
845 
846 		mpt = TRAN2MPT(hba_tran);
847 
848 		if (!mpt) {
849 			return (DDI_FAILURE);
850 		}
851 
852 		/*
853 		 * Reset hardware and softc to "no outstanding commands"
854 		 * Note	that a check condition can result on first command
855 		 * to a	target.
856 		 */
857 		mutex_enter(&mpt->m_mutex);
858 
859 		/*
860 		 * raise power.
861 		 */
862 		if (mpt->m_options & MPTSAS_OPT_PM) {
863 			mutex_exit(&mpt->m_mutex);
864 			(void) pm_busy_component(dip, 0);
865 			if (mpt->m_power_level != PM_LEVEL_D0) {
866 				rval = pm_raise_power(dip, 0, PM_LEVEL_D0);
867 			} else {
868 				rval = pm_power_has_changed(dip, 0,
869 				    PM_LEVEL_D0);
870 			}
871 			if (rval == DDI_SUCCESS) {
872 				mutex_enter(&mpt->m_mutex);
873 			} else {
874 				/*
875 				 * The pm_raise_power() call above failed,
876 				 * and that can only occur if we were unable
877 				 * to reset the hardware.  This is probably
878 				 * due to unhealty hardware, and because
879 				 * important filesystems(such as the root
880 				 * filesystem) could be on the attached disks,
881 				 * it would not be a good idea to continue,
882 				 * as we won't be entirely certain we are
883 				 * writing correct data.  So we panic() here
884 				 * to not only prevent possible data corruption,
885 				 * but to give developers or end users a hope
886 				 * of identifying and correcting any problems.
887 				 */
888 				fm_panic("mptsas could not reset hardware "
889 				    "during resume");
890 			}
891 		}
892 
893 		mpt->m_suspended = 0;
894 
895 		/*
896 		 * Reinitialize ioc
897 		 */
898 		if (mptsas_init_chip(mpt, FALSE) == DDI_FAILURE) {
899 			mutex_exit(&mpt->m_mutex);
900 			if (mpt->m_options & MPTSAS_OPT_PM) {
901 				(void) pm_idle_component(dip, 0);
902 			}
903 			fm_panic("mptsas init chip fail during resume");
904 		}
905 		/*
906 		 * mptsas_update_driver_data needs interrupts so enable them
907 		 * first.
908 		 */
909 		MPTSAS_ENABLE_INTR(mpt);
910 		mptsas_update_driver_data(mpt);
911 
912 		/* start requests, if possible */
913 		mptsas_restart_hba(mpt);
914 
915 		mutex_exit(&mpt->m_mutex);
916 
917 		/*
918 		 * Restart watch thread
919 		 */
920 		mutex_enter(&mptsas_global_mutex);
921 		if (mptsas_timeout_id == 0) {
922 			mptsas_timeout_id = timeout(mptsas_watch, NULL,
923 			    mptsas_tick);
924 			mptsas_timeouts_enabled = 1;
925 		}
926 		mutex_exit(&mptsas_global_mutex);
927 
928 		/* report idle status to pm framework */
929 		if (mpt->m_options & MPTSAS_OPT_PM) {
930 			(void) pm_idle_component(dip, 0);
931 		}
932 
933 		return (DDI_SUCCESS);
934 
935 	default:
936 		return (DDI_FAILURE);
937 
938 	}
939 
940 	instance = ddi_get_instance(dip);
941 
942 	/*
943 	 * Allocate softc information.
944 	 */
945 	if (ddi_soft_state_zalloc(mptsas_state, instance) != DDI_SUCCESS) {
946 		mptsas_log(NULL, CE_WARN,
947 		    "mptsas%d: cannot allocate soft state", instance);
948 		goto fail;
949 	}
950 
951 	mpt = ddi_get_soft_state(mptsas_state, instance);
952 
953 	if (mpt == NULL) {
954 		mptsas_log(NULL, CE_WARN,
955 		    "mptsas%d: cannot get soft state", instance);
956 		goto fail;
957 	}
958 
959 	/* Allocate a transport structure */
960 	hba_tran = mpt->m_tran = scsi_hba_tran_alloc(dip, SCSI_HBA_CANSLEEP);
961 	ASSERT(mpt->m_tran != NULL);
962 
963 	/* Indicate that we are 'sizeof (scsi_*(9S))' clean. */
964 	scsi_size_clean(dip);
965 
966 	mpt->m_dip = dip;
967 	mpt->m_instance = instance;
968 
969 	/* Make a per-instance copy of the structures */
970 	mpt->m_io_dma_attr = mptsas_dma_attrs64;
971 	mpt->m_msg_dma_attr = mptsas_dma_attrs;
972 	mpt->m_reg_acc_attr = mptsas_dev_attr;
973 	mpt->m_dev_acc_attr = mptsas_dev_attr;
974 
975 	/*
976 	 * Initialize FMA
977 	 */
978 	mpt->m_fm_capabilities = ddi_getprop(DDI_DEV_T_ANY, mpt->m_dip,
979 	    DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "fm-capable",
980 	    DDI_FM_EREPORT_CAPABLE | DDI_FM_ACCCHK_CAPABLE |
981 	    DDI_FM_DMACHK_CAPABLE | DDI_FM_ERRCB_CAPABLE);
982 
983 	mptsas_fm_init(mpt);
984 
985 	if (pci_config_setup(mpt->m_dip,
986 	    &mpt->m_config_handle) != DDI_SUCCESS) {
987 		mptsas_log(mpt, CE_WARN, "cannot map configuration space.");
988 		goto fail;
989 	}
990 	config_setup++;
991 
992 	if (mptsas_alloc_handshake_msg(mpt,
993 	    sizeof (Mpi2SCSITaskManagementRequest_t)) == DDI_FAILURE) {
994 		mptsas_log(mpt, CE_WARN, "cannot initialize handshake msg.");
995 		goto fail;
996 	}
997 
998 	/*
999 	 * This is a workaround for a XMITS ASIC bug which does not
1000 	 * drive the CBE upper bits.
1001 	 */
1002 	if (pci_config_get16(mpt->m_config_handle, PCI_CONF_STAT) &
1003 	    PCI_STAT_PERROR) {
1004 		pci_config_put16(mpt->m_config_handle, PCI_CONF_STAT,
1005 		    PCI_STAT_PERROR);
1006 	}
1007 
1008 	/*
1009 	 * Setup configuration space
1010 	 */
1011 	if (mptsas_config_space_init(mpt) == FALSE) {
1012 		mptsas_log(mpt, CE_WARN, "mptsas_config_space_init failed");
1013 		goto fail;
1014 	}
1015 
1016 	if (ddi_regs_map_setup(dip, mem_bar, (caddr_t *)&mpt->m_reg,
1017 	    0, 0, &mpt->m_reg_acc_attr, &mpt->m_datap) != DDI_SUCCESS) {
1018 		mptsas_log(mpt, CE_WARN, "map setup failed");
1019 		goto fail;
1020 	}
1021 	map_setup++;
1022 
1023 	/*
1024 	 * A taskq is created for dealing with the event handler
1025 	 */
1026 	if ((mpt->m_event_taskq = ddi_taskq_create(dip, "mptsas_event_taskq",
1027 	    1, TASKQ_DEFAULTPRI, 0)) == NULL) {
1028 		mptsas_log(mpt, CE_NOTE, "ddi_taskq_create failed");
1029 		goto fail;
1030 	}
1031 	event_taskq_create++;
1032 
1033 	/*
1034 	 * A taskq is created for dealing with dr events
1035 	 */
1036 	if ((mpt->m_dr_taskq = ddi_taskq_create(dip,
1037 	    "mptsas_dr_taskq",
1038 	    1, TASKQ_DEFAULTPRI, 0)) == NULL) {
1039 		mptsas_log(mpt, CE_NOTE, "ddi_taskq_create for discovery "
1040 		    "failed");
1041 		goto fail;
1042 	}
1043 	dr_taskq_create++;
1044 
1045 	mpt->m_doneq_thread_threshold = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1046 	    0, "mptsas_doneq_thread_threshold_prop", 10);
1047 	mpt->m_doneq_length_threshold = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1048 	    0, "mptsas_doneq_length_threshold_prop", 8);
1049 	mpt->m_doneq_thread_n = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1050 	    0, "mptsas_doneq_thread_n_prop", 8);
1051 
1052 	if (mpt->m_doneq_thread_n) {
1053 		cv_init(&mpt->m_doneq_thread_cv, NULL, CV_DRIVER, NULL);
1054 		mutex_init(&mpt->m_doneq_mutex, NULL, MUTEX_DRIVER, NULL);
1055 
1056 		mutex_enter(&mpt->m_doneq_mutex);
1057 		mpt->m_doneq_thread_id =
1058 		    kmem_zalloc(sizeof (mptsas_doneq_thread_list_t)
1059 		    * mpt->m_doneq_thread_n, KM_SLEEP);
1060 
1061 		for (j = 0; j < mpt->m_doneq_thread_n; j++) {
1062 			cv_init(&mpt->m_doneq_thread_id[j].cv, NULL,
1063 			    CV_DRIVER, NULL);
1064 			mutex_init(&mpt->m_doneq_thread_id[j].mutex, NULL,
1065 			    MUTEX_DRIVER, NULL);
1066 			mutex_enter(&mpt->m_doneq_thread_id[j].mutex);
1067 			mpt->m_doneq_thread_id[j].flag |=
1068 			    MPTSAS_DONEQ_THREAD_ACTIVE;
1069 			mpt->m_doneq_thread_id[j].arg.mpt = mpt;
1070 			mpt->m_doneq_thread_id[j].arg.t = j;
1071 			mpt->m_doneq_thread_id[j].threadp =
1072 			    thread_create(NULL, 0, mptsas_doneq_thread,
1073 			    &mpt->m_doneq_thread_id[j].arg,
1074 			    0, &p0, TS_RUN, minclsyspri);
1075 			mpt->m_doneq_thread_id[j].donetail =
1076 			    &mpt->m_doneq_thread_id[j].doneq;
1077 			mutex_exit(&mpt->m_doneq_thread_id[j].mutex);
1078 		}
1079 		mutex_exit(&mpt->m_doneq_mutex);
1080 		doneq_thread_create++;
1081 	}
1082 
1083 	/* Get supported interrupt types */
1084 	if (ddi_intr_get_supported_types(dip, &intr_types) != DDI_SUCCESS) {
1085 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_supported_types "
1086 		    "failed\n");
1087 		goto fail;
1088 	}
1089 
1090 	NDBG6(("ddi_intr_get_supported_types() returned: 0x%x", intr_types));
1091 
1092 	if (mptsas_enable_msi && (intr_types & DDI_INTR_TYPE_MSI)) {
1093 		/*
1094 		 * Try MSI, but fall back to FIXED
1095 		 */
1096 		if (mptsas_add_intrs(mpt, DDI_INTR_TYPE_MSI) == DDI_SUCCESS) {
1097 			NDBG0(("Using MSI interrupt type"));
1098 			mpt->m_intr_type = DDI_INTR_TYPE_MSI;
1099 			goto intr_done;
1100 		}
1101 	}
1102 
1103 	if (intr_types & DDI_INTR_TYPE_FIXED) {
1104 
1105 		if (mptsas_add_intrs(mpt, DDI_INTR_TYPE_FIXED) == DDI_SUCCESS) {
1106 			NDBG0(("Using FIXED interrupt type"));
1107 			mpt->m_intr_type = DDI_INTR_TYPE_FIXED;
1108 
1109 			goto intr_done;
1110 		}
1111 
1112 		NDBG0(("FIXED interrupt registration failed"));
1113 	}
1114 
1115 	goto fail;
1116 
1117 intr_done:
1118 	intr_added++;
1119 
1120 	/* Initialize mutex used in interrupt handler */
1121 	mutex_init(&mpt->m_mutex, NULL, MUTEX_DRIVER,
1122 	    DDI_INTR_PRI(mpt->m_intr_pri));
1123 	mutex_init(&mpt->m_tx_waitq_mutex, NULL, MUTEX_DRIVER,
1124 	    DDI_INTR_PRI(mpt->m_intr_pri));
1125 	cv_init(&mpt->m_cv, NULL, CV_DRIVER, NULL);
1126 	cv_init(&mpt->m_passthru_cv, NULL, CV_DRIVER, NULL);
1127 	cv_init(&mpt->m_fw_cv, NULL, CV_DRIVER, NULL);
1128 	cv_init(&mpt->m_config_cv, NULL, CV_DRIVER, NULL);
1129 	cv_init(&mpt->m_fw_diag_cv, NULL, CV_DRIVER, NULL);
1130 	mutex_init_done++;
1131 
1132 	/*
1133 	 * Disable hardware interrupt since we're not ready to
1134 	 * handle it yet.
1135 	 */
1136 	MPTSAS_DISABLE_INTR(mpt);
1137 
1138 	/*
1139 	 * Enable interrupts
1140 	 */
1141 	if (mpt->m_intr_cap & DDI_INTR_FLAG_BLOCK) {
1142 		/* Call ddi_intr_block_enable() for MSI interrupts */
1143 		(void) ddi_intr_block_enable(mpt->m_htable, mpt->m_intr_cnt);
1144 	} else {
1145 		/* Call ddi_intr_enable for MSI or FIXED interrupts */
1146 		for (i = 0; i < mpt->m_intr_cnt; i++) {
1147 			(void) ddi_intr_enable(mpt->m_htable[i]);
1148 		}
1149 	}
1150 
1151 	mutex_enter(&mpt->m_mutex);
1152 	/*
1153 	 * Initialize power management component
1154 	 */
1155 	if (mpt->m_options & MPTSAS_OPT_PM) {
1156 		if (mptsas_init_pm(mpt)) {
1157 			mutex_exit(&mpt->m_mutex);
1158 			mptsas_log(mpt, CE_WARN, "mptsas pm initialization "
1159 			    "failed");
1160 			goto fail;
1161 		}
1162 	}
1163 
1164 	/*
1165 	 * Initialize chip
1166 	 */
1167 	if (mptsas_init_chip(mpt, TRUE) == DDI_FAILURE) {
1168 		mutex_exit(&mpt->m_mutex);
1169 		mptsas_log(mpt, CE_WARN, "mptsas chip initialization failed");
1170 		goto fail;
1171 	}
1172 	mutex_exit(&mpt->m_mutex);
1173 
1174 	/*
1175 	 * initialize SCSI HBA transport structure
1176 	 */
1177 	hba_tran->tran_hba_private	= mpt;
1178 	hba_tran->tran_tgt_private	= NULL;
1179 
1180 	hba_tran->tran_tgt_init		= mptsas_scsi_tgt_init;
1181 	hba_tran->tran_tgt_free		= mptsas_scsi_tgt_free;
1182 
1183 	hba_tran->tran_start		= mptsas_scsi_start;
1184 	hba_tran->tran_reset		= mptsas_scsi_reset;
1185 	hba_tran->tran_abort		= mptsas_scsi_abort;
1186 	hba_tran->tran_getcap		= mptsas_scsi_getcap;
1187 	hba_tran->tran_setcap		= mptsas_scsi_setcap;
1188 	hba_tran->tran_init_pkt		= mptsas_scsi_init_pkt;
1189 	hba_tran->tran_destroy_pkt	= mptsas_scsi_destroy_pkt;
1190 
1191 	hba_tran->tran_dmafree		= mptsas_scsi_dmafree;
1192 	hba_tran->tran_sync_pkt		= mptsas_scsi_sync_pkt;
1193 	hba_tran->tran_reset_notify	= mptsas_scsi_reset_notify;
1194 
1195 	hba_tran->tran_get_bus_addr	= mptsas_get_bus_addr;
1196 	hba_tran->tran_get_name		= mptsas_get_name;
1197 
1198 	hba_tran->tran_quiesce		= mptsas_scsi_quiesce;
1199 	hba_tran->tran_unquiesce	= mptsas_scsi_unquiesce;
1200 	hba_tran->tran_bus_reset	= NULL;
1201 
1202 	hba_tran->tran_add_eventcall	= NULL;
1203 	hba_tran->tran_get_eventcookie	= NULL;
1204 	hba_tran->tran_post_event	= NULL;
1205 	hba_tran->tran_remove_eventcall	= NULL;
1206 
1207 	hba_tran->tran_bus_config	= mptsas_bus_config;
1208 
1209 	hba_tran->tran_interconnect_type = INTERCONNECT_SAS;
1210 
1211 	if (mptsas_alloc_active_slots(mpt, KM_SLEEP)) {
1212 		goto fail;
1213 	}
1214 
1215 	/*
1216 	 * Register the iport for multiple port HBA
1217 	 */
1218 	/*
1219 	 * initial value of mask is 0
1220 	 */
1221 	mutex_enter(&mpt->m_mutex);
1222 	for (i = 0; i < mpt->m_num_phys; i++) {
1223 		uint8_t	phy_mask = 0x00;
1224 		char phy_mask_name[8];
1225 		uint8_t current_port;
1226 
1227 		if (mpt->m_phy_info[i].attached_devhdl == 0)
1228 			continue;
1229 
1230 		bzero(phy_mask_name, sizeof (phy_mask_name));
1231 
1232 		current_port = mpt->m_phy_info[i].port_num;
1233 
1234 		if ((mask & (1 << i)) != 0)
1235 			continue;
1236 
1237 		for (j = 0; j < mpt->m_num_phys; j++) {
1238 			if (mpt->m_phy_info[j].attached_devhdl &&
1239 			    (mpt->m_phy_info[j].port_num == current_port)) {
1240 				phy_mask |= (1 << j);
1241 			}
1242 		}
1243 		mask = mask | phy_mask;
1244 
1245 		for (j = 0; j < mpt->m_num_phys; j++) {
1246 			if ((phy_mask >> j) & 0x01) {
1247 				mpt->m_phy_info[j].phy_mask = phy_mask;
1248 			}
1249 		}
1250 
1251 		(void) sprintf(phy_mask_name, "%x", phy_mask);
1252 
1253 		mutex_exit(&mpt->m_mutex);
1254 		/*
1255 		 * register a iport
1256 		 */
1257 		(void) scsi_hba_iport_register(dip, phy_mask_name);
1258 		mutex_enter(&mpt->m_mutex);
1259 	}
1260 	mutex_exit(&mpt->m_mutex);
1261 	/*
1262 	 * register a virtual port for RAID volume always
1263 	 */
1264 	(void) scsi_hba_iport_register(dip, "v0");
1265 	/*
1266 	 * All children of the HBA are iports. We need tran was cloned.
1267 	 * So we pass the flags to SCSA. SCSI_HBA_TRAN_CLONE will be
1268 	 * inherited to iport's tran vector.
1269 	 */
1270 	tran_flags = (SCSI_HBA_HBA | SCSI_HBA_TRAN_CLONE);
1271 
1272 	if (scsi_hba_attach_setup(dip, &mpt->m_msg_dma_attr,
1273 	    hba_tran, tran_flags) != DDI_SUCCESS) {
1274 		mptsas_log(mpt, CE_WARN, "hba attach setup failed");
1275 		goto fail;
1276 	}
1277 	hba_attach_setup++;
1278 
1279 	mpt->m_smptran = smp_hba_tran_alloc(dip);
1280 	ASSERT(mpt->m_smptran != NULL);
1281 	mpt->m_smptran->smp_tran_hba_private = mpt;
1282 	mpt->m_smptran->smp_tran_start = mptsas_smp_start;
1283 	if (smp_hba_attach_setup(dip, mpt->m_smptran) != DDI_SUCCESS) {
1284 		mptsas_log(mpt, CE_WARN, "smp attach setup failed");
1285 		goto fail;
1286 	}
1287 	smp_attach_setup++;
1288 
1289 	/*
1290 	 * Initialize smp hash table
1291 	 */
1292 	mptsas_hash_init(&mpt->m_active->m_smptbl);
1293 	mpt->m_smp_devhdl = 0xFFFF;
1294 
1295 	/*
1296 	 * create kmem cache for packets
1297 	 */
1298 	(void) sprintf(buf, "mptsas%d_cache", instance);
1299 	mpt->m_kmem_cache = kmem_cache_create(buf,
1300 	    sizeof (struct mptsas_cmd) + scsi_pkt_size(), 8,
1301 	    mptsas_kmem_cache_constructor, mptsas_kmem_cache_destructor,
1302 	    NULL, (void *)mpt, NULL, 0);
1303 
1304 	if (mpt->m_kmem_cache == NULL) {
1305 		mptsas_log(mpt, CE_WARN, "creating kmem cache failed");
1306 		goto fail;
1307 	}
1308 
1309 	/*
1310 	 * create kmem cache for extra SGL frames if SGL cannot
1311 	 * be accomodated into main request frame.
1312 	 */
1313 	(void) sprintf(buf, "mptsas%d_cache_frames", instance);
1314 	mpt->m_cache_frames = kmem_cache_create(buf,
1315 	    sizeof (mptsas_cache_frames_t), 8,
1316 	    mptsas_cache_frames_constructor, mptsas_cache_frames_destructor,
1317 	    NULL, (void *)mpt, NULL, 0);
1318 
1319 	if (mpt->m_cache_frames == NULL) {
1320 		mptsas_log(mpt, CE_WARN, "creating cache for frames failed");
1321 		goto fail;
1322 	}
1323 
1324 	mpt->m_scsi_reset_delay	= ddi_prop_get_int(DDI_DEV_T_ANY,
1325 	    dip, 0, "scsi-reset-delay",	SCSI_DEFAULT_RESET_DELAY);
1326 	if (mpt->m_scsi_reset_delay == 0) {
1327 		mptsas_log(mpt, CE_NOTE,
1328 		    "scsi_reset_delay of 0 is not recommended,"
1329 		    " resetting to SCSI_DEFAULT_RESET_DELAY\n");
1330 		mpt->m_scsi_reset_delay = SCSI_DEFAULT_RESET_DELAY;
1331 	}
1332 
1333 	/*
1334 	 * Initialize the wait and done FIFO queue
1335 	 */
1336 	mpt->m_donetail = &mpt->m_doneq;
1337 	mpt->m_waitqtail = &mpt->m_waitq;
1338 
1339 	mpt->m_tx_waitqtail = &mpt->m_tx_waitq;
1340 	mpt->m_tx_draining = 0;
1341 
1342 	/*
1343 	 * ioc cmd queue initialize
1344 	 */
1345 	mpt->m_ioc_event_cmdtail = &mpt->m_ioc_event_cmdq;
1346 
1347 	mpt->m_dev_handle = 0xFFFF;
1348 
1349 	MPTSAS_ENABLE_INTR(mpt);
1350 
1351 	/*
1352 	 * enable event notification
1353 	 */
1354 	mutex_enter(&mpt->m_mutex);
1355 	if (mptsas_ioc_enable_event_notification(mpt)) {
1356 		mutex_exit(&mpt->m_mutex);
1357 		goto fail;
1358 	}
1359 	mutex_exit(&mpt->m_mutex);
1360 
1361 
1362 	/* Check all dma handles allocated in attach */
1363 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl)
1364 	    != DDI_SUCCESS) ||
1365 	    (mptsas_check_dma_handle(mpt->m_dma_reply_frame_hdl)
1366 	    != DDI_SUCCESS) ||
1367 	    (mptsas_check_dma_handle(mpt->m_dma_free_queue_hdl)
1368 	    != DDI_SUCCESS) ||
1369 	    (mptsas_check_dma_handle(mpt->m_dma_post_queue_hdl)
1370 	    != DDI_SUCCESS) ||
1371 	    (mptsas_check_dma_handle(mpt->m_hshk_dma_hdl)
1372 	    != DDI_SUCCESS)) {
1373 		goto fail;
1374 	}
1375 
1376 	/* Check all acc handles allocated in attach */
1377 	if ((mptsas_check_acc_handle(mpt->m_datap) != DDI_SUCCESS) ||
1378 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl)
1379 	    != DDI_SUCCESS) ||
1380 	    (mptsas_check_acc_handle(mpt->m_acc_reply_frame_hdl)
1381 	    != DDI_SUCCESS) ||
1382 	    (mptsas_check_acc_handle(mpt->m_acc_free_queue_hdl)
1383 	    != DDI_SUCCESS) ||
1384 	    (mptsas_check_acc_handle(mpt->m_acc_post_queue_hdl)
1385 	    != DDI_SUCCESS) ||
1386 	    (mptsas_check_acc_handle(mpt->m_hshk_acc_hdl)
1387 	    != DDI_SUCCESS) ||
1388 	    (mptsas_check_acc_handle(mpt->m_config_handle)
1389 	    != DDI_SUCCESS)) {
1390 		goto fail;
1391 	}
1392 
1393 	/*
1394 	 * After this point, we are not going to fail the attach.
1395 	 */
1396 	/*
1397 	 * used for mptsas_watch
1398 	 */
1399 	rw_enter(&mptsas_global_rwlock, RW_WRITER);
1400 	if (mptsas_head == NULL) {
1401 		mptsas_head = mpt;
1402 	} else {
1403 		mptsas_tail->m_next = mpt;
1404 	}
1405 	mptsas_tail = mpt;
1406 	rw_exit(&mptsas_global_rwlock);
1407 
1408 	mutex_enter(&mptsas_global_mutex);
1409 	if (mptsas_timeouts_enabled == 0) {
1410 		mptsas_scsi_watchdog_tick = ddi_prop_get_int(DDI_DEV_T_ANY,
1411 		    dip, 0, "scsi-watchdog-tick", DEFAULT_WD_TICK);
1412 
1413 		mptsas_tick = mptsas_scsi_watchdog_tick *
1414 		    drv_usectohz((clock_t)1000000);
1415 
1416 		mptsas_timeout_id = timeout(mptsas_watch, NULL, mptsas_tick);
1417 		mptsas_timeouts_enabled = 1;
1418 	}
1419 	mutex_exit(&mptsas_global_mutex);
1420 
1421 	/* Print message of HBA present */
1422 	ddi_report_dev(dip);
1423 
1424 	/* report idle status to pm framework */
1425 	if (mpt->m_options & MPTSAS_OPT_PM) {
1426 		(void) pm_idle_component(dip, 0);
1427 	}
1428 
1429 	return (DDI_SUCCESS);
1430 
1431 fail:
1432 	mptsas_log(mpt, CE_WARN, "attach failed");
1433 	mptsas_fm_ereport(mpt, DDI_FM_DEVICE_NO_RESPONSE);
1434 	ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_LOST);
1435 	if (mpt) {
1436 		mutex_enter(&mptsas_global_mutex);
1437 
1438 		if (mptsas_timeout_id && (mptsas_head == NULL)) {
1439 			timeout_id_t tid = mptsas_timeout_id;
1440 			mptsas_timeouts_enabled = 0;
1441 			mptsas_timeout_id = 0;
1442 			mutex_exit(&mptsas_global_mutex);
1443 			(void) untimeout(tid);
1444 			mutex_enter(&mptsas_global_mutex);
1445 		}
1446 		mutex_exit(&mptsas_global_mutex);
1447 		/* deallocate in reverse order */
1448 		if (mpt->m_cache_frames) {
1449 			kmem_cache_destroy(mpt->m_cache_frames);
1450 		}
1451 		if (mpt->m_kmem_cache) {
1452 			kmem_cache_destroy(mpt->m_kmem_cache);
1453 		}
1454 		if (hba_attach_setup) {
1455 			(void) scsi_hba_detach(dip);
1456 		}
1457 		if (smp_attach_setup) {
1458 			(void) smp_hba_detach(dip);
1459 		}
1460 		if (intr_added) {
1461 			mptsas_rem_intrs(mpt);
1462 		}
1463 		if (doneq_thread_create) {
1464 			mutex_enter(&mpt->m_doneq_mutex);
1465 			doneq_thread_num = mpt->m_doneq_thread_n;
1466 			for (j = 0; j < mpt->m_doneq_thread_n; j++) {
1467 				mutex_enter(&mpt->m_doneq_thread_id[j].mutex);
1468 				mpt->m_doneq_thread_id[j].flag &=
1469 				    (~MPTSAS_DONEQ_THREAD_ACTIVE);
1470 				cv_signal(&mpt->m_doneq_thread_id[j].cv);
1471 				mutex_exit(&mpt->m_doneq_thread_id[j].mutex);
1472 			}
1473 			while (mpt->m_doneq_thread_n) {
1474 				cv_wait(&mpt->m_doneq_thread_cv,
1475 				    &mpt->m_doneq_mutex);
1476 			}
1477 			for (j = 0; j < doneq_thread_num; j++) {
1478 				cv_destroy(&mpt->m_doneq_thread_id[j].cv);
1479 				mutex_destroy(&mpt->m_doneq_thread_id[j].mutex);
1480 			}
1481 			kmem_free(mpt->m_doneq_thread_id,
1482 			    sizeof (mptsas_doneq_thread_list_t)
1483 			    * doneq_thread_num);
1484 			mutex_exit(&mpt->m_doneq_mutex);
1485 			cv_destroy(&mpt->m_doneq_thread_cv);
1486 			mutex_destroy(&mpt->m_doneq_mutex);
1487 		}
1488 		if (event_taskq_create) {
1489 			ddi_taskq_destroy(mpt->m_event_taskq);
1490 		}
1491 		if (dr_taskq_create) {
1492 			ddi_taskq_destroy(mpt->m_dr_taskq);
1493 		}
1494 		if (mutex_init_done) {
1495 			mutex_destroy(&mpt->m_tx_waitq_mutex);
1496 			mutex_destroy(&mpt->m_mutex);
1497 			cv_destroy(&mpt->m_cv);
1498 			cv_destroy(&mpt->m_passthru_cv);
1499 			cv_destroy(&mpt->m_fw_cv);
1500 			cv_destroy(&mpt->m_config_cv);
1501 			cv_destroy(&mpt->m_fw_diag_cv);
1502 		}
1503 		mptsas_free_handshake_msg(mpt);
1504 		mptsas_hba_fini(mpt);
1505 		if (map_setup) {
1506 			mptsas_cfg_fini(mpt);
1507 		}
1508 		if (config_setup) {
1509 			pci_config_teardown(&mpt->m_config_handle);
1510 		}
1511 		if (mpt->m_tran) {
1512 			scsi_hba_tran_free(mpt->m_tran);
1513 			mpt->m_tran = NULL;
1514 		}
1515 		if (mpt->m_smptran) {
1516 			smp_hba_tran_free(mpt->m_smptran);
1517 			mpt->m_smptran = NULL;
1518 		}
1519 		mptsas_fm_fini(mpt);
1520 		ddi_soft_state_free(mptsas_state, instance);
1521 		ddi_prop_remove_all(dip);
1522 	}
1523 	return (DDI_FAILURE);
1524 }
1525 
1526 static int
1527 mptsas_suspend(dev_info_t *devi)
1528 {
1529 	mptsas_t	*mpt, *g;
1530 	scsi_hba_tran_t	*tran;
1531 
1532 	if (scsi_hba_iport_unit_address(devi)) {
1533 		return (DDI_SUCCESS);
1534 	}
1535 
1536 	if ((tran = ddi_get_driver_private(devi)) == NULL)
1537 		return (DDI_SUCCESS);
1538 
1539 	mpt = TRAN2MPT(tran);
1540 	if (!mpt) {
1541 		return (DDI_SUCCESS);
1542 	}
1543 
1544 	mutex_enter(&mpt->m_mutex);
1545 
1546 	if (mpt->m_suspended++) {
1547 		mutex_exit(&mpt->m_mutex);
1548 		return (DDI_SUCCESS);
1549 	}
1550 
1551 	/*
1552 	 * Cancel timeout threads for this mpt
1553 	 */
1554 	if (mpt->m_quiesce_timeid) {
1555 		timeout_id_t tid = mpt->m_quiesce_timeid;
1556 		mpt->m_quiesce_timeid = 0;
1557 		mutex_exit(&mpt->m_mutex);
1558 		(void) untimeout(tid);
1559 		mutex_enter(&mpt->m_mutex);
1560 	}
1561 
1562 	if (mpt->m_restart_cmd_timeid) {
1563 		timeout_id_t tid = mpt->m_restart_cmd_timeid;
1564 		mpt->m_restart_cmd_timeid = 0;
1565 		mutex_exit(&mpt->m_mutex);
1566 		(void) untimeout(tid);
1567 		mutex_enter(&mpt->m_mutex);
1568 	}
1569 
1570 	if (mpt->m_pm_timeid != 0) {
1571 		timeout_id_t tid = mpt->m_pm_timeid;
1572 		mpt->m_pm_timeid = 0;
1573 		mutex_exit(&mpt->m_mutex);
1574 		(void) untimeout(tid);
1575 		/*
1576 		 * Report idle status for last ioctl since
1577 		 * calls to pm_busy_component(9F) are stacked.
1578 		 */
1579 		(void) pm_idle_component(mpt->m_dip, 0);
1580 		mutex_enter(&mpt->m_mutex);
1581 	}
1582 	mutex_exit(&mpt->m_mutex);
1583 
1584 	/*
1585 	 * Cancel watch threads if all mpts suspended
1586 	 */
1587 	rw_enter(&mptsas_global_rwlock, RW_WRITER);
1588 	for (g = mptsas_head; g != NULL; g = g->m_next) {
1589 		if (!g->m_suspended)
1590 			break;
1591 	}
1592 	rw_exit(&mptsas_global_rwlock);
1593 
1594 	mutex_enter(&mptsas_global_mutex);
1595 	if (g == NULL) {
1596 		timeout_id_t tid;
1597 
1598 		mptsas_timeouts_enabled = 0;
1599 		if (mptsas_timeout_id) {
1600 			tid = mptsas_timeout_id;
1601 			mptsas_timeout_id = 0;
1602 			mutex_exit(&mptsas_global_mutex);
1603 			(void) untimeout(tid);
1604 			mutex_enter(&mptsas_global_mutex);
1605 		}
1606 		if (mptsas_reset_watch) {
1607 			tid = mptsas_reset_watch;
1608 			mptsas_reset_watch = 0;
1609 			mutex_exit(&mptsas_global_mutex);
1610 			(void) untimeout(tid);
1611 			mutex_enter(&mptsas_global_mutex);
1612 		}
1613 	}
1614 	mutex_exit(&mptsas_global_mutex);
1615 
1616 	mutex_enter(&mpt->m_mutex);
1617 
1618 	/*
1619 	 * If this mpt is not in full power(PM_LEVEL_D0), just return.
1620 	 */
1621 	if ((mpt->m_options & MPTSAS_OPT_PM) &&
1622 	    (mpt->m_power_level != PM_LEVEL_D0)) {
1623 		mutex_exit(&mpt->m_mutex);
1624 		return (DDI_SUCCESS);
1625 	}
1626 
1627 	/* Disable HBA interrupts in hardware */
1628 	MPTSAS_DISABLE_INTR(mpt);
1629 	/*
1630 	 * Send RAID action system shutdown to sync IR
1631 	 */
1632 	mptsas_raid_action_system_shutdown(mpt);
1633 
1634 	mutex_exit(&mpt->m_mutex);
1635 
1636 	/* drain the taskq */
1637 	ddi_taskq_wait(mpt->m_event_taskq);
1638 	ddi_taskq_wait(mpt->m_dr_taskq);
1639 
1640 	return (DDI_SUCCESS);
1641 }
1642 
1643 #ifdef	__sparc
1644 /*ARGSUSED*/
1645 static int
1646 mptsas_reset(dev_info_t *devi, ddi_reset_cmd_t cmd)
1647 {
1648 	mptsas_t	*mpt;
1649 	scsi_hba_tran_t *tran;
1650 
1651 	/*
1652 	 * If this call is for iport, just return.
1653 	 */
1654 	if (scsi_hba_iport_unit_address(devi))
1655 		return (DDI_SUCCESS);
1656 
1657 	if ((tran = ddi_get_driver_private(devi)) == NULL)
1658 		return (DDI_SUCCESS);
1659 
1660 	if ((mpt = TRAN2MPT(tran)) == NULL)
1661 		return (DDI_SUCCESS);
1662 
1663 	/*
1664 	 * Send RAID action system shutdown to sync IR.  Disable HBA
1665 	 * interrupts in hardware first.
1666 	 */
1667 	MPTSAS_DISABLE_INTR(mpt);
1668 	mptsas_raid_action_system_shutdown(mpt);
1669 
1670 	return (DDI_SUCCESS);
1671 }
1672 #else /* __sparc */
1673 /*
1674  * quiesce(9E) entry point.
1675  *
1676  * This function is called when the system is single-threaded at high
1677  * PIL with preemption disabled. Therefore, this function must not be
1678  * blocked.
1679  *
1680  * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure.
1681  * DDI_FAILURE indicates an error condition and should almost never happen.
1682  */
1683 static int
1684 mptsas_quiesce(dev_info_t *devi)
1685 {
1686 	mptsas_t	*mpt;
1687 	scsi_hba_tran_t *tran;
1688 
1689 	/*
1690 	 * If this call is for iport, just return.
1691 	 */
1692 	if (scsi_hba_iport_unit_address(devi))
1693 		return (DDI_SUCCESS);
1694 
1695 	if ((tran = ddi_get_driver_private(devi)) == NULL)
1696 		return (DDI_SUCCESS);
1697 
1698 	if ((mpt = TRAN2MPT(tran)) == NULL)
1699 		return (DDI_SUCCESS);
1700 
1701 	/* Disable HBA interrupts in hardware */
1702 	MPTSAS_DISABLE_INTR(mpt);
1703 	/* Send RAID action system shutdonw to sync IR */
1704 	mptsas_raid_action_system_shutdown(mpt);
1705 
1706 	return (DDI_SUCCESS);
1707 }
1708 #endif	/* __sparc */
1709 
1710 /*
1711  * detach(9E).	Remove all device allocations and system resources;
1712  * disable device interrupts.
1713  * Return DDI_SUCCESS if done; DDI_FAILURE if there's a problem.
1714  */
1715 static int
1716 mptsas_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
1717 {
1718 	/* CONSTCOND */
1719 	ASSERT(NO_COMPETING_THREADS);
1720 	NDBG0(("mptsas_detach: dip=0x%p cmd=0x%p", (void *)devi, (void *)cmd));
1721 
1722 	switch (cmd) {
1723 	case DDI_DETACH:
1724 		return (mptsas_do_detach(devi));
1725 
1726 	case DDI_SUSPEND:
1727 		return (mptsas_suspend(devi));
1728 
1729 	default:
1730 		return (DDI_FAILURE);
1731 	}
1732 	/* NOTREACHED */
1733 }
1734 
1735 static int
1736 mptsas_do_detach(dev_info_t *dip)
1737 {
1738 	mptsas_t	*mpt, *m;
1739 	scsi_hba_tran_t	*tran;
1740 	mptsas_slots_t	*active;
1741 	int		circ = 0;
1742 	int		circ1 = 0;
1743 	mdi_pathinfo_t	*pip = NULL;
1744 	int		i;
1745 	int		doneq_thread_num = 0;
1746 
1747 	NDBG0(("mptsas_do_detach: dip=0x%p", (void *)dip));
1748 
1749 	if ((tran = ndi_flavorv_get(dip, SCSA_FLAVOR_SCSI_DEVICE)) == NULL)
1750 		return (DDI_FAILURE);
1751 
1752 	mpt = TRAN2MPT(tran);
1753 	if (!mpt) {
1754 		return (DDI_FAILURE);
1755 	}
1756 	/*
1757 	 * Still have pathinfo child, should not detach mpt driver
1758 	 */
1759 	if (scsi_hba_iport_unit_address(dip)) {
1760 		if (mpt->m_mpxio_enable) {
1761 			/*
1762 			 * MPxIO enabled for the iport
1763 			 */
1764 			ndi_devi_enter(scsi_vhci_dip, &circ1);
1765 			ndi_devi_enter(dip, &circ);
1766 			while (pip = mdi_get_next_client_path(dip, NULL)) {
1767 				if (mdi_pi_free(pip, 0) == MDI_SUCCESS) {
1768 					continue;
1769 				}
1770 				ndi_devi_exit(dip, circ);
1771 				ndi_devi_exit(scsi_vhci_dip, circ1);
1772 				NDBG12(("detach failed because of "
1773 				    "outstanding path info"));
1774 				return (DDI_FAILURE);
1775 			}
1776 			ndi_devi_exit(dip, circ);
1777 			ndi_devi_exit(scsi_vhci_dip, circ1);
1778 			(void) mdi_phci_unregister(dip, 0);
1779 		}
1780 
1781 		ddi_prop_remove_all(dip);
1782 
1783 		return (DDI_SUCCESS);
1784 	}
1785 
1786 	/* Make sure power level is D0 before accessing registers */
1787 	if (mpt->m_options & MPTSAS_OPT_PM) {
1788 		(void) pm_busy_component(dip, 0);
1789 		if (mpt->m_power_level != PM_LEVEL_D0) {
1790 			if (pm_raise_power(dip, 0, PM_LEVEL_D0) !=
1791 			    DDI_SUCCESS) {
1792 				mptsas_log(mpt, CE_WARN,
1793 				    "mptsas%d: Raise power request failed.",
1794 				    mpt->m_instance);
1795 				(void) pm_idle_component(dip, 0);
1796 				return (DDI_FAILURE);
1797 			}
1798 		}
1799 	}
1800 
1801 	mutex_enter(&mpt->m_mutex);
1802 	MPTSAS_DISABLE_INTR(mpt);
1803 	mutex_exit(&mpt->m_mutex);
1804 	mptsas_rem_intrs(mpt);
1805 	ddi_taskq_destroy(mpt->m_event_taskq);
1806 	ddi_taskq_destroy(mpt->m_dr_taskq);
1807 
1808 	if (mpt->m_doneq_thread_n) {
1809 		mutex_enter(&mpt->m_doneq_mutex);
1810 		doneq_thread_num = mpt->m_doneq_thread_n;
1811 		for (i = 0; i < mpt->m_doneq_thread_n; i++) {
1812 			mutex_enter(&mpt->m_doneq_thread_id[i].mutex);
1813 			mpt->m_doneq_thread_id[i].flag &=
1814 			    (~MPTSAS_DONEQ_THREAD_ACTIVE);
1815 			cv_signal(&mpt->m_doneq_thread_id[i].cv);
1816 			mutex_exit(&mpt->m_doneq_thread_id[i].mutex);
1817 		}
1818 		while (mpt->m_doneq_thread_n) {
1819 			cv_wait(&mpt->m_doneq_thread_cv,
1820 			    &mpt->m_doneq_mutex);
1821 		}
1822 		for (i = 0;  i < doneq_thread_num; i++) {
1823 			cv_destroy(&mpt->m_doneq_thread_id[i].cv);
1824 			mutex_destroy(&mpt->m_doneq_thread_id[i].mutex);
1825 		}
1826 		kmem_free(mpt->m_doneq_thread_id,
1827 		    sizeof (mptsas_doneq_thread_list_t)
1828 		    * doneq_thread_num);
1829 		mutex_exit(&mpt->m_doneq_mutex);
1830 		cv_destroy(&mpt->m_doneq_thread_cv);
1831 		mutex_destroy(&mpt->m_doneq_mutex);
1832 	}
1833 
1834 	scsi_hba_reset_notify_tear_down(mpt->m_reset_notify_listf);
1835 
1836 	/*
1837 	 * Remove device instance from the global linked list
1838 	 */
1839 	rw_enter(&mptsas_global_rwlock, RW_WRITER);
1840 	if (mptsas_head == mpt) {
1841 		m = mptsas_head = mpt->m_next;
1842 	} else {
1843 		for (m = mptsas_head; m != NULL; m = m->m_next) {
1844 			if (m->m_next == mpt) {
1845 				m->m_next = mpt->m_next;
1846 				break;
1847 			}
1848 		}
1849 		if (m == NULL) {
1850 			mptsas_log(mpt, CE_PANIC, "Not in softc list!");
1851 		}
1852 	}
1853 
1854 	if (mptsas_tail == mpt) {
1855 		mptsas_tail = m;
1856 	}
1857 	rw_exit(&mptsas_global_rwlock);
1858 
1859 	/*
1860 	 * Cancel timeout threads for this mpt
1861 	 */
1862 	mutex_enter(&mpt->m_mutex);
1863 	if (mpt->m_quiesce_timeid) {
1864 		timeout_id_t tid = mpt->m_quiesce_timeid;
1865 		mpt->m_quiesce_timeid = 0;
1866 		mutex_exit(&mpt->m_mutex);
1867 		(void) untimeout(tid);
1868 		mutex_enter(&mpt->m_mutex);
1869 	}
1870 
1871 	if (mpt->m_restart_cmd_timeid) {
1872 		timeout_id_t tid = mpt->m_restart_cmd_timeid;
1873 		mpt->m_restart_cmd_timeid = 0;
1874 		mutex_exit(&mpt->m_mutex);
1875 		(void) untimeout(tid);
1876 		mutex_enter(&mpt->m_mutex);
1877 	}
1878 
1879 	if (mpt->m_pm_timeid != 0) {
1880 		timeout_id_t tid = mpt->m_pm_timeid;
1881 		mpt->m_pm_timeid = 0;
1882 		mutex_exit(&mpt->m_mutex);
1883 		(void) untimeout(tid);
1884 		/*
1885 		 * Report idle status for last ioctl since
1886 		 * calls to pm_busy_component(9F) are stacked.
1887 		 */
1888 		(void) pm_idle_component(mpt->m_dip, 0);
1889 		mutex_enter(&mpt->m_mutex);
1890 	}
1891 	mutex_exit(&mpt->m_mutex);
1892 
1893 	/*
1894 	 * last mpt? ... if active, CANCEL watch threads.
1895 	 */
1896 	mutex_enter(&mptsas_global_mutex);
1897 	if (mptsas_head == NULL) {
1898 		timeout_id_t tid;
1899 		/*
1900 		 * Clear mptsas_timeouts_enable so that the watch thread
1901 		 * gets restarted on DDI_ATTACH
1902 		 */
1903 		mptsas_timeouts_enabled = 0;
1904 		if (mptsas_timeout_id) {
1905 			tid = mptsas_timeout_id;
1906 			mptsas_timeout_id = 0;
1907 			mutex_exit(&mptsas_global_mutex);
1908 			(void) untimeout(tid);
1909 			mutex_enter(&mptsas_global_mutex);
1910 		}
1911 		if (mptsas_reset_watch) {
1912 			tid = mptsas_reset_watch;
1913 			mptsas_reset_watch = 0;
1914 			mutex_exit(&mptsas_global_mutex);
1915 			(void) untimeout(tid);
1916 			mutex_enter(&mptsas_global_mutex);
1917 		}
1918 	}
1919 	mutex_exit(&mptsas_global_mutex);
1920 
1921 	/*
1922 	 * Delete nt_active.
1923 	 */
1924 	active = mpt->m_active;
1925 	mutex_enter(&mpt->m_mutex);
1926 	mptsas_hash_uninit(&active->m_smptbl, sizeof (mptsas_smp_t));
1927 	mutex_exit(&mpt->m_mutex);
1928 
1929 	if (active) {
1930 		kmem_free(active, active->m_size);
1931 		mpt->m_active = NULL;
1932 	}
1933 
1934 	/* deallocate everything that was allocated in mptsas_attach */
1935 	mptsas_fm_fini(mpt);
1936 	kmem_cache_destroy(mpt->m_cache_frames);
1937 	kmem_cache_destroy(mpt->m_kmem_cache);
1938 
1939 	(void) scsi_hba_detach(dip);
1940 	(void) smp_hba_detach(dip);
1941 	mptsas_free_handshake_msg(mpt);
1942 	mptsas_hba_fini(mpt);
1943 	mptsas_cfg_fini(mpt);
1944 
1945 	/* Lower the power informing PM Framework */
1946 	if (mpt->m_options & MPTSAS_OPT_PM) {
1947 		if (pm_lower_power(dip, 0, PM_LEVEL_D3) != DDI_SUCCESS)
1948 			mptsas_log(mpt, CE_WARN,
1949 			    "!mptsas%d: Lower power request failed "
1950 			    "during detach, ignoring.",
1951 			    mpt->m_instance);
1952 	}
1953 
1954 	mutex_destroy(&mpt->m_tx_waitq_mutex);
1955 	mutex_destroy(&mpt->m_mutex);
1956 	cv_destroy(&mpt->m_cv);
1957 	cv_destroy(&mpt->m_passthru_cv);
1958 	cv_destroy(&mpt->m_fw_cv);
1959 	cv_destroy(&mpt->m_config_cv);
1960 	cv_destroy(&mpt->m_fw_diag_cv);
1961 
1962 	pci_config_teardown(&mpt->m_config_handle);
1963 	if (mpt->m_tran) {
1964 		scsi_hba_tran_free(mpt->m_tran);
1965 		mpt->m_tran = NULL;
1966 	}
1967 
1968 	if (mpt->m_smptran) {
1969 		smp_hba_tran_free(mpt->m_smptran);
1970 		mpt->m_smptran = NULL;
1971 	}
1972 
1973 	ddi_soft_state_free(mptsas_state, ddi_get_instance(dip));
1974 	ddi_prop_remove_all(dip);
1975 
1976 	return (DDI_SUCCESS);
1977 }
1978 
1979 static int
1980 mptsas_alloc_handshake_msg(mptsas_t *mpt, size_t alloc_size)
1981 {
1982 	ddi_dma_attr_t		task_dma_attrs;
1983 	ddi_dma_cookie_t	tmp_dma_cookie;
1984 	size_t			alloc_len;
1985 	uint_t			ncookie;
1986 
1987 	/* allocate Task Management ddi_dma resources */
1988 	task_dma_attrs = mpt->m_msg_dma_attr;
1989 	task_dma_attrs.dma_attr_sgllen = 1;
1990 	task_dma_attrs.dma_attr_granular = (uint32_t)(alloc_size);
1991 
1992 	if (ddi_dma_alloc_handle(mpt->m_dip, &task_dma_attrs,
1993 	    DDI_DMA_SLEEP, NULL, &mpt->m_hshk_dma_hdl) != DDI_SUCCESS) {
1994 		mpt->m_hshk_dma_hdl = NULL;
1995 		return (DDI_FAILURE);
1996 	}
1997 
1998 	if (ddi_dma_mem_alloc(mpt->m_hshk_dma_hdl, alloc_size,
1999 	    &mpt->m_dev_acc_attr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL,
2000 	    &mpt->m_hshk_memp, &alloc_len, &mpt->m_hshk_acc_hdl)
2001 	    != DDI_SUCCESS) {
2002 		ddi_dma_free_handle(&mpt->m_hshk_dma_hdl);
2003 		mpt->m_hshk_dma_hdl = NULL;
2004 		return (DDI_FAILURE);
2005 	}
2006 
2007 	if (ddi_dma_addr_bind_handle(mpt->m_hshk_dma_hdl, NULL,
2008 	    mpt->m_hshk_memp, alloc_len, (DDI_DMA_RDWR | DDI_DMA_CONSISTENT),
2009 	    DDI_DMA_SLEEP, NULL, &tmp_dma_cookie, &ncookie)
2010 	    != DDI_DMA_MAPPED) {
2011 		(void) ddi_dma_mem_free(&mpt->m_hshk_acc_hdl);
2012 		ddi_dma_free_handle(&mpt->m_hshk_dma_hdl);
2013 		mpt->m_hshk_dma_hdl = NULL;
2014 		return (DDI_FAILURE);
2015 	}
2016 	mpt->m_hshk_dma_size = alloc_size;
2017 	return (DDI_SUCCESS);
2018 }
2019 
2020 static void
2021 mptsas_free_handshake_msg(mptsas_t *mpt)
2022 {
2023 	if (mpt->m_hshk_dma_hdl != NULL) {
2024 		(void) ddi_dma_unbind_handle(mpt->m_hshk_dma_hdl);
2025 		(void) ddi_dma_mem_free(&mpt->m_hshk_acc_hdl);
2026 		ddi_dma_free_handle(&mpt->m_hshk_dma_hdl);
2027 		mpt->m_hshk_dma_hdl = NULL;
2028 		mpt->m_hshk_dma_size = 0;
2029 	}
2030 }
2031 
2032 static int
2033 mptsas_power(dev_info_t *dip, int component, int level)
2034 {
2035 #ifndef __lock_lint
2036 	_NOTE(ARGUNUSED(component))
2037 #endif
2038 	mptsas_t	*mpt;
2039 	int		rval = DDI_SUCCESS;
2040 	int		polls = 0;
2041 	uint32_t	ioc_status;
2042 
2043 	if (scsi_hba_iport_unit_address(dip) != 0)
2044 		return (DDI_SUCCESS);
2045 
2046 	mpt = ddi_get_soft_state(mptsas_state, ddi_get_instance(dip));
2047 	if (mpt == NULL) {
2048 		return (DDI_FAILURE);
2049 	}
2050 
2051 	mutex_enter(&mpt->m_mutex);
2052 
2053 	/*
2054 	 * If the device is busy, don't lower its power level
2055 	 */
2056 	if (mpt->m_busy && (mpt->m_power_level > level)) {
2057 		mutex_exit(&mpt->m_mutex);
2058 		return (DDI_FAILURE);
2059 	}
2060 
2061 	switch (level) {
2062 	case PM_LEVEL_D0:
2063 		NDBG11(("mptsas%d: turning power ON.", mpt->m_instance));
2064 		MPTSAS_POWER_ON(mpt);
2065 		/*
2066 		 * Wait up to 30 seconds for IOC to come out of reset.
2067 		 */
2068 		while (((ioc_status = ddi_get32(mpt->m_datap,
2069 		    &mpt->m_reg->Doorbell)) &
2070 		    MPI2_IOC_STATE_MASK) == MPI2_IOC_STATE_RESET) {
2071 			if (polls++ > 3000) {
2072 				break;
2073 			}
2074 			delay(drv_usectohz(10000));
2075 		}
2076 		/*
2077 		 * If IOC is not in operational state, try to hard reset it.
2078 		 */
2079 		if ((ioc_status & MPI2_IOC_STATE_MASK) !=
2080 		    MPI2_IOC_STATE_OPERATIONAL) {
2081 			if (mptsas_restart_ioc(mpt) == DDI_FAILURE) {
2082 				mptsas_log(mpt, CE_WARN,
2083 				    "mptsas_power: hard reset failed");
2084 				mutex_exit(&mpt->m_mutex);
2085 				return (DDI_FAILURE);
2086 			}
2087 		}
2088 		mpt->m_power_level = PM_LEVEL_D0;
2089 		break;
2090 	case PM_LEVEL_D3:
2091 		NDBG11(("mptsas%d: turning power OFF.", mpt->m_instance));
2092 		MPTSAS_POWER_OFF(mpt);
2093 		break;
2094 	default:
2095 		mptsas_log(mpt, CE_WARN, "mptsas%d: unknown power level <%x>.",
2096 		    mpt->m_instance, level);
2097 		rval = DDI_FAILURE;
2098 		break;
2099 	}
2100 	mutex_exit(&mpt->m_mutex);
2101 	return (rval);
2102 }
2103 
2104 /*
2105  * Initialize configuration space and figure out which
2106  * chip and revison of the chip the mpt driver is using.
2107  */
2108 int
2109 mptsas_config_space_init(mptsas_t *mpt)
2110 {
2111 	ushort_t	caps_ptr, cap, cap_count;
2112 
2113 	NDBG0(("mptsas_config_space_init"));
2114 
2115 	mptsas_setup_cmd_reg(mpt);
2116 
2117 	/*
2118 	 * Get the chip device id:
2119 	 */
2120 	mpt->m_devid = pci_config_get16(mpt->m_config_handle, PCI_CONF_DEVID);
2121 
2122 	/*
2123 	 * Save the revision.
2124 	 */
2125 	mpt->m_revid = pci_config_get8(mpt->m_config_handle, PCI_CONF_REVID);
2126 
2127 	/*
2128 	 * Save the SubSystem Vendor and Device IDs
2129 	 */
2130 	mpt->m_svid = pci_config_get16(mpt->m_config_handle, PCI_CONF_SUBVENID);
2131 	mpt->m_ssid = pci_config_get16(mpt->m_config_handle, PCI_CONF_SUBSYSID);
2132 
2133 	/*
2134 	 * Set the latency timer to 0x40 as specified by the upa -> pci
2135 	 * bridge chip design team.  This may be done by the sparc pci
2136 	 * bus nexus driver, but the driver should make sure the latency
2137 	 * timer is correct for performance reasons.
2138 	 */
2139 	pci_config_put8(mpt->m_config_handle, PCI_CONF_LATENCY_TIMER,
2140 	    MPTSAS_LATENCY_TIMER);
2141 
2142 	/*
2143 	 * Check if capabilities list is supported and if so,
2144 	 * get initial capabilities pointer and clear bits 0,1.
2145 	 */
2146 	if (pci_config_get16(mpt->m_config_handle, PCI_CONF_STAT)
2147 	    & PCI_STAT_CAP) {
2148 		caps_ptr = P2ALIGN(pci_config_get8(mpt->m_config_handle,
2149 		    PCI_CONF_CAP_PTR), 4);
2150 	} else {
2151 		caps_ptr = PCI_CAP_NEXT_PTR_NULL;
2152 	}
2153 
2154 	/*
2155 	 * Walk capabilities if supported.
2156 	 */
2157 	for (cap_count = 0; caps_ptr != PCI_CAP_NEXT_PTR_NULL; ) {
2158 
2159 		/*
2160 		 * Check that we haven't exceeded the maximum number of
2161 		 * capabilities and that the pointer is in a valid range.
2162 		 */
2163 		if (++cap_count > 48) {
2164 			mptsas_log(mpt, CE_WARN,
2165 			    "too many device capabilities.\n");
2166 			return (FALSE);
2167 		}
2168 		if (caps_ptr < 64) {
2169 			mptsas_log(mpt, CE_WARN,
2170 			    "capabilities pointer 0x%x out of range.\n",
2171 			    caps_ptr);
2172 			return (FALSE);
2173 		}
2174 
2175 		/*
2176 		 * Get next capability and check that it is valid.
2177 		 * For now, we only support power management.
2178 		 */
2179 		cap = pci_config_get8(mpt->m_config_handle, caps_ptr);
2180 		switch (cap) {
2181 			case PCI_CAP_ID_PM:
2182 				mptsas_log(mpt, CE_NOTE,
2183 				    "?mptsas%d supports power management.\n",
2184 				    mpt->m_instance);
2185 				mpt->m_options |= MPTSAS_OPT_PM;
2186 
2187 				/* Save PMCSR offset */
2188 				mpt->m_pmcsr_offset = caps_ptr + PCI_PMCSR;
2189 				break;
2190 
2191 			/*
2192 			 * 0x5 is Message signaled interrupts and 0x7
2193 			 * is pci-x capable.  Both are unsupported for now
2194 			 * but supported by the 1030 chip so we don't
2195 			 * need to keep printing out the notice.
2196 			 * 0x10 is PCI-E support (1064E/1068E)
2197 			 * 0x11 is MSIX supported by the 1064/1068
2198 			 */
2199 			case 0x5:
2200 			case 0x7:
2201 			case 0x10:
2202 			case 0x11:
2203 				break;
2204 			default:
2205 				mptsas_log(mpt, CE_NOTE,
2206 				    "?mptsas%d unrecognized capability "
2207 				    "0x%x.\n", mpt->m_instance, cap);
2208 			break;
2209 		}
2210 
2211 		/*
2212 		 * Get next capabilities pointer and clear bits 0,1.
2213 		 */
2214 		caps_ptr = P2ALIGN(pci_config_get8(mpt->m_config_handle,
2215 		    (caps_ptr + PCI_CAP_NEXT_PTR)), 4);
2216 	}
2217 
2218 	return (TRUE);
2219 }
2220 
2221 static void
2222 mptsas_setup_cmd_reg(mptsas_t *mpt)
2223 {
2224 	ushort_t	cmdreg;
2225 
2226 	/*
2227 	 * Set the command register to the needed values.
2228 	 */
2229 	cmdreg = pci_config_get16(mpt->m_config_handle, PCI_CONF_COMM);
2230 	cmdreg |= (PCI_COMM_ME | PCI_COMM_SERR_ENABLE |
2231 	    PCI_COMM_PARITY_DETECT | PCI_COMM_MAE);
2232 	cmdreg &= ~PCI_COMM_IO;
2233 	pci_config_put16(mpt->m_config_handle, PCI_CONF_COMM, cmdreg);
2234 }
2235 
2236 static void
2237 mptsas_disable_bus_master(mptsas_t *mpt)
2238 {
2239 	ushort_t	cmdreg;
2240 
2241 	/*
2242 	 * Clear the master enable bit in the PCI command register.
2243 	 * This prevents any bus mastering activity like DMA.
2244 	 */
2245 	cmdreg = pci_config_get16(mpt->m_config_handle, PCI_CONF_COMM);
2246 	cmdreg &= ~PCI_COMM_ME;
2247 	pci_config_put16(mpt->m_config_handle, PCI_CONF_COMM, cmdreg);
2248 }
2249 
2250 int
2251 mptsas_dma_alloc(mptsas_t *mpt, mptsas_dma_alloc_state_t *dma_statep)
2252 {
2253 	ddi_dma_attr_t	attrs;
2254 	uint_t		ncookie;
2255 	size_t		alloc_len;
2256 
2257 	attrs = mpt->m_io_dma_attr;
2258 	attrs.dma_attr_sgllen = 1;
2259 
2260 	ASSERT(dma_statep != NULL);
2261 
2262 	if (ddi_dma_alloc_handle(mpt->m_dip, &attrs,
2263 	    DDI_DMA_SLEEP, NULL, &dma_statep->handle) != DDI_SUCCESS) {
2264 		mptsas_log(mpt, CE_WARN,
2265 		    "unable to allocate dma handle.");
2266 		return (DDI_FAILURE);
2267 	}
2268 
2269 	if (ddi_dma_mem_alloc(dma_statep->handle, dma_statep->size,
2270 	    &mpt->m_dev_acc_attr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL,
2271 	    &dma_statep->memp, &alloc_len, &dma_statep->accessp) !=
2272 	    DDI_SUCCESS) {
2273 		ddi_dma_free_handle(&dma_statep->handle);
2274 		dma_statep->handle = NULL;
2275 		mptsas_log(mpt, CE_WARN,
2276 		    "unable to allocate memory for dma xfer.");
2277 		return (DDI_FAILURE);
2278 	}
2279 
2280 	if (ddi_dma_addr_bind_handle(dma_statep->handle, NULL, dma_statep->memp,
2281 	    alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT, DDI_DMA_SLEEP,
2282 	    NULL, &dma_statep->cookie, &ncookie) != DDI_DMA_MAPPED) {
2283 		ddi_dma_mem_free(&dma_statep->accessp);
2284 		dma_statep->accessp = NULL;
2285 		ddi_dma_free_handle(&dma_statep->handle);
2286 		dma_statep->handle = NULL;
2287 		mptsas_log(mpt, CE_WARN, "unable to bind DMA resources.");
2288 		return (DDI_FAILURE);
2289 	}
2290 	return (DDI_SUCCESS);
2291 }
2292 
2293 void
2294 mptsas_dma_free(mptsas_dma_alloc_state_t *dma_statep)
2295 {
2296 	ASSERT(dma_statep != NULL);
2297 	if (dma_statep->handle != NULL) {
2298 		(void) ddi_dma_unbind_handle(dma_statep->handle);
2299 		(void) ddi_dma_mem_free(&dma_statep->accessp);
2300 		ddi_dma_free_handle(&dma_statep->handle);
2301 	}
2302 }
2303 
2304 int
2305 mptsas_do_dma(mptsas_t *mpt, uint32_t size, int var, int (*callback)())
2306 {
2307 	ddi_dma_attr_t		attrs;
2308 	ddi_dma_handle_t	dma_handle;
2309 	caddr_t			memp;
2310 	uint_t			ncookie;
2311 	ddi_dma_cookie_t	cookie;
2312 	ddi_acc_handle_t	accessp;
2313 	size_t			alloc_len;
2314 	int			rval;
2315 
2316 	ASSERT(mutex_owned(&mpt->m_mutex));
2317 
2318 	attrs = mpt->m_msg_dma_attr;
2319 	attrs.dma_attr_sgllen = 1;
2320 	attrs.dma_attr_granular = size;
2321 
2322 	if (ddi_dma_alloc_handle(mpt->m_dip, &attrs,
2323 	    DDI_DMA_SLEEP, NULL, &dma_handle) != DDI_SUCCESS) {
2324 		mptsas_log(mpt, CE_WARN,
2325 		    "unable to allocate dma handle.");
2326 		return (DDI_FAILURE);
2327 	}
2328 
2329 	if (ddi_dma_mem_alloc(dma_handle, size,
2330 	    &mpt->m_dev_acc_attr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL,
2331 	    &memp, &alloc_len, &accessp) != DDI_SUCCESS) {
2332 		ddi_dma_free_handle(&dma_handle);
2333 		mptsas_log(mpt, CE_WARN,
2334 		    "unable to allocate request structure.");
2335 		return (DDI_FAILURE);
2336 	}
2337 
2338 	if (ddi_dma_addr_bind_handle(dma_handle, NULL, memp,
2339 	    alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT, DDI_DMA_SLEEP,
2340 	    NULL, &cookie, &ncookie) != DDI_DMA_MAPPED) {
2341 		(void) ddi_dma_mem_free(&accessp);
2342 		ddi_dma_free_handle(&dma_handle);
2343 		mptsas_log(mpt, CE_WARN, "unable to bind DMA resources.");
2344 		return (DDI_FAILURE);
2345 	}
2346 
2347 	rval = (*callback) (mpt, memp, var, accessp);
2348 
2349 	if ((mptsas_check_dma_handle(dma_handle) != DDI_SUCCESS) ||
2350 	    (mptsas_check_acc_handle(accessp) != DDI_SUCCESS)) {
2351 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
2352 		rval = DDI_FAILURE;
2353 	}
2354 
2355 	if (dma_handle != NULL) {
2356 		(void) ddi_dma_unbind_handle(dma_handle);
2357 		(void) ddi_dma_mem_free(&accessp);
2358 		ddi_dma_free_handle(&dma_handle);
2359 	}
2360 
2361 	return (rval);
2362 
2363 }
2364 
2365 static int
2366 mptsas_alloc_request_frames(mptsas_t *mpt)
2367 {
2368 	ddi_dma_attr_t		frame_dma_attrs;
2369 	caddr_t			memp;
2370 	uint_t			ncookie;
2371 	ddi_dma_cookie_t	cookie;
2372 	size_t			alloc_len;
2373 	size_t			mem_size;
2374 
2375 	/*
2376 	 * The size of the request frame pool is:
2377 	 *   Number of Request Frames * Request Frame Size
2378 	 */
2379 	mem_size = mpt->m_max_requests * mpt->m_req_frame_size;
2380 
2381 	/*
2382 	 * set the DMA attributes.  System Request Message Frames must be
2383 	 * aligned on a 16-byte boundry.
2384 	 */
2385 	frame_dma_attrs = mpt->m_msg_dma_attr;
2386 	frame_dma_attrs.dma_attr_align = 16;
2387 	frame_dma_attrs.dma_attr_sgllen = 1;
2388 
2389 	/*
2390 	 * allocate the request frame pool.
2391 	 */
2392 	if (ddi_dma_alloc_handle(mpt->m_dip, &frame_dma_attrs,
2393 	    DDI_DMA_SLEEP, NULL, &mpt->m_dma_req_frame_hdl) != DDI_SUCCESS) {
2394 		mptsas_log(mpt, CE_WARN,
2395 		    "Unable to allocate dma handle.");
2396 		return (DDI_FAILURE);
2397 	}
2398 
2399 	if (ddi_dma_mem_alloc(mpt->m_dma_req_frame_hdl,
2400 	    mem_size, &mpt->m_dev_acc_attr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP,
2401 	    NULL, (caddr_t *)&memp, &alloc_len, &mpt->m_acc_req_frame_hdl)
2402 	    != DDI_SUCCESS) {
2403 		ddi_dma_free_handle(&mpt->m_dma_req_frame_hdl);
2404 		mpt->m_dma_req_frame_hdl = NULL;
2405 		mptsas_log(mpt, CE_WARN,
2406 		    "Unable to allocate request frames.");
2407 		return (DDI_FAILURE);
2408 	}
2409 
2410 	if (ddi_dma_addr_bind_handle(mpt->m_dma_req_frame_hdl, NULL,
2411 	    memp, alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
2412 	    DDI_DMA_SLEEP, NULL, &cookie, &ncookie) != DDI_DMA_MAPPED) {
2413 		(void) ddi_dma_mem_free(&mpt->m_acc_req_frame_hdl);
2414 		ddi_dma_free_handle(&mpt->m_dma_req_frame_hdl);
2415 		mpt->m_dma_req_frame_hdl = NULL;
2416 		mptsas_log(mpt, CE_WARN, "Unable to bind DMA resources.");
2417 		return (DDI_FAILURE);
2418 	}
2419 
2420 	/*
2421 	 * Store the request frame memory address.  This chip uses this
2422 	 * address to dma to and from the driver's frame.  The second
2423 	 * address is the address mpt uses to fill in the frame.
2424 	 */
2425 	mpt->m_req_frame_dma_addr = cookie.dmac_laddress;
2426 	mpt->m_req_frame = memp;
2427 
2428 	/*
2429 	 * Clear the request frame pool.
2430 	 */
2431 	bzero(mpt->m_req_frame, alloc_len);
2432 
2433 	return (DDI_SUCCESS);
2434 }
2435 
2436 static int
2437 mptsas_alloc_reply_frames(mptsas_t *mpt)
2438 {
2439 	ddi_dma_attr_t		frame_dma_attrs;
2440 	caddr_t			memp;
2441 	uint_t			ncookie;
2442 	ddi_dma_cookie_t	cookie;
2443 	size_t			alloc_len;
2444 	size_t			mem_size;
2445 
2446 	/*
2447 	 * The size of the reply frame pool is:
2448 	 *   Number of Reply Frames * Reply Frame Size
2449 	 */
2450 	mem_size = mpt->m_max_replies * mpt->m_reply_frame_size;
2451 
2452 	/*
2453 	 * set the DMA attributes.   System Reply Message Frames must be
2454 	 * aligned on a 4-byte boundry.  This is the default.
2455 	 */
2456 	frame_dma_attrs = mpt->m_msg_dma_attr;
2457 	frame_dma_attrs.dma_attr_sgllen = 1;
2458 
2459 	/*
2460 	 * allocate the reply frame pool
2461 	 */
2462 	if (ddi_dma_alloc_handle(mpt->m_dip, &frame_dma_attrs,
2463 	    DDI_DMA_SLEEP, NULL, &mpt->m_dma_reply_frame_hdl) != DDI_SUCCESS) {
2464 		mptsas_log(mpt, CE_WARN,
2465 		    "Unable to allocate dma handle.");
2466 		return (DDI_FAILURE);
2467 	}
2468 
2469 	if (ddi_dma_mem_alloc(mpt->m_dma_reply_frame_hdl,
2470 	    mem_size, &mpt->m_dev_acc_attr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP,
2471 	    NULL, (caddr_t *)&memp, &alloc_len, &mpt->m_acc_reply_frame_hdl)
2472 	    != DDI_SUCCESS) {
2473 		ddi_dma_free_handle(&mpt->m_dma_reply_frame_hdl);
2474 		mpt->m_dma_reply_frame_hdl = NULL;
2475 		mptsas_log(mpt, CE_WARN,
2476 		    "Unable to allocate reply frames.");
2477 		return (DDI_FAILURE);
2478 	}
2479 
2480 	if (ddi_dma_addr_bind_handle(mpt->m_dma_reply_frame_hdl, NULL,
2481 	    memp, alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
2482 	    DDI_DMA_SLEEP, NULL, &cookie, &ncookie) != DDI_DMA_MAPPED) {
2483 		(void) ddi_dma_mem_free(&mpt->m_acc_reply_frame_hdl);
2484 		ddi_dma_free_handle(&mpt->m_dma_reply_frame_hdl);
2485 		mpt->m_dma_reply_frame_hdl = NULL;
2486 		mptsas_log(mpt, CE_WARN, "Unable to bind DMA resources.");
2487 		return (DDI_FAILURE);
2488 	}
2489 
2490 	/*
2491 	 * Store the reply frame memory address.  This chip uses this
2492 	 * address to dma to and from the driver's frame.  The second
2493 	 * address is the address mpt uses to process the frame.
2494 	 */
2495 	mpt->m_reply_frame_dma_addr = cookie.dmac_laddress;
2496 	mpt->m_reply_frame = memp;
2497 
2498 	/*
2499 	 * Clear the reply frame pool.
2500 	 */
2501 	bzero(mpt->m_reply_frame, alloc_len);
2502 
2503 	return (DDI_SUCCESS);
2504 }
2505 
2506 static int
2507 mptsas_alloc_free_queue(mptsas_t *mpt)
2508 {
2509 	ddi_dma_attr_t		frame_dma_attrs;
2510 	caddr_t			memp;
2511 	uint_t			ncookie;
2512 	ddi_dma_cookie_t	cookie;
2513 	size_t			alloc_len;
2514 	size_t			mem_size;
2515 
2516 	/*
2517 	 * The reply free queue size is:
2518 	 *   Reply Free Queue Depth * 4
2519 	 * The "4" is the size of one 32 bit address (low part of 64-bit
2520 	 *   address)
2521 	 */
2522 	mem_size = mpt->m_free_queue_depth * 4;
2523 
2524 	/*
2525 	 * set the DMA attributes  The Reply Free Queue must be aligned on a
2526 	 * 16-byte boundry.
2527 	 */
2528 	frame_dma_attrs = mpt->m_msg_dma_attr;
2529 	frame_dma_attrs.dma_attr_align = 16;
2530 	frame_dma_attrs.dma_attr_sgllen = 1;
2531 
2532 	/*
2533 	 * allocate the reply free queue
2534 	 */
2535 	if (ddi_dma_alloc_handle(mpt->m_dip, &frame_dma_attrs,
2536 	    DDI_DMA_SLEEP, NULL, &mpt->m_dma_free_queue_hdl) != DDI_SUCCESS) {
2537 		mptsas_log(mpt, CE_WARN,
2538 		    "Unable to allocate dma handle.");
2539 		return (DDI_FAILURE);
2540 	}
2541 
2542 	if (ddi_dma_mem_alloc(mpt->m_dma_free_queue_hdl,
2543 	    mem_size, &mpt->m_dev_acc_attr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP,
2544 	    NULL, (caddr_t *)&memp, &alloc_len, &mpt->m_acc_free_queue_hdl)
2545 	    != DDI_SUCCESS) {
2546 		ddi_dma_free_handle(&mpt->m_dma_free_queue_hdl);
2547 		mpt->m_dma_free_queue_hdl = NULL;
2548 		mptsas_log(mpt, CE_WARN,
2549 		    "Unable to allocate free queue.");
2550 		return (DDI_FAILURE);
2551 	}
2552 
2553 	if (ddi_dma_addr_bind_handle(mpt->m_dma_free_queue_hdl, NULL,
2554 	    memp, alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
2555 	    DDI_DMA_SLEEP, NULL, &cookie, &ncookie) != DDI_DMA_MAPPED) {
2556 		(void) ddi_dma_mem_free(&mpt->m_acc_free_queue_hdl);
2557 		ddi_dma_free_handle(&mpt->m_dma_free_queue_hdl);
2558 		mpt->m_dma_free_queue_hdl = NULL;
2559 		mptsas_log(mpt, CE_WARN, "Unable to bind DMA resources.");
2560 		return (DDI_FAILURE);
2561 	}
2562 
2563 	/*
2564 	 * Store the reply free queue memory address.  This chip uses this
2565 	 * address to read from the reply free queue.  The second address
2566 	 * is the address mpt uses to manage the queue.
2567 	 */
2568 	mpt->m_free_queue_dma_addr = cookie.dmac_laddress;
2569 	mpt->m_free_queue = memp;
2570 
2571 	/*
2572 	 * Clear the reply free queue memory.
2573 	 */
2574 	bzero(mpt->m_free_queue, alloc_len);
2575 
2576 	return (DDI_SUCCESS);
2577 }
2578 
2579 static int
2580 mptsas_alloc_post_queue(mptsas_t *mpt)
2581 {
2582 	ddi_dma_attr_t		frame_dma_attrs;
2583 	caddr_t			memp;
2584 	uint_t			ncookie;
2585 	ddi_dma_cookie_t	cookie;
2586 	size_t			alloc_len;
2587 	size_t			mem_size;
2588 
2589 	/*
2590 	 * The reply descriptor post queue size is:
2591 	 *   Reply Descriptor Post Queue Depth * 8
2592 	 * The "8" is the size of each descriptor (8 bytes or 64 bits).
2593 	 */
2594 	mem_size = mpt->m_post_queue_depth * 8;
2595 
2596 	/*
2597 	 * set the DMA attributes.  The Reply Descriptor Post Queue must be
2598 	 * aligned on a 16-byte boundry.
2599 	 */
2600 	frame_dma_attrs = mpt->m_msg_dma_attr;
2601 	frame_dma_attrs.dma_attr_align = 16;
2602 	frame_dma_attrs.dma_attr_sgllen = 1;
2603 
2604 	/*
2605 	 * allocate the reply post queue
2606 	 */
2607 	if (ddi_dma_alloc_handle(mpt->m_dip, &frame_dma_attrs,
2608 	    DDI_DMA_SLEEP, NULL, &mpt->m_dma_post_queue_hdl) != DDI_SUCCESS) {
2609 		mptsas_log(mpt, CE_WARN,
2610 		    "Unable to allocate dma handle.");
2611 		return (DDI_FAILURE);
2612 	}
2613 
2614 	if (ddi_dma_mem_alloc(mpt->m_dma_post_queue_hdl,
2615 	    mem_size, &mpt->m_dev_acc_attr, DDI_DMA_CONSISTENT, DDI_DMA_SLEEP,
2616 	    NULL, (caddr_t *)&memp, &alloc_len, &mpt->m_acc_post_queue_hdl)
2617 	    != DDI_SUCCESS) {
2618 		ddi_dma_free_handle(&mpt->m_dma_post_queue_hdl);
2619 		mpt->m_dma_post_queue_hdl = NULL;
2620 		mptsas_log(mpt, CE_WARN,
2621 		    "Unable to allocate post queue.");
2622 		return (DDI_FAILURE);
2623 	}
2624 
2625 	if (ddi_dma_addr_bind_handle(mpt->m_dma_post_queue_hdl, NULL,
2626 	    memp, alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT,
2627 	    DDI_DMA_SLEEP, NULL, &cookie, &ncookie) != DDI_DMA_MAPPED) {
2628 		(void) ddi_dma_mem_free(&mpt->m_acc_post_queue_hdl);
2629 		ddi_dma_free_handle(&mpt->m_dma_post_queue_hdl);
2630 		mpt->m_dma_post_queue_hdl = NULL;
2631 		mptsas_log(mpt, CE_WARN, "Unable to bind DMA resources.");
2632 		return (DDI_FAILURE);
2633 	}
2634 
2635 	/*
2636 	 * Store the reply descriptor post queue memory address.  This chip
2637 	 * uses this address to write to the reply descriptor post queue.  The
2638 	 * second address is the address mpt uses to manage the queue.
2639 	 */
2640 	mpt->m_post_queue_dma_addr = cookie.dmac_laddress;
2641 	mpt->m_post_queue = memp;
2642 
2643 	/*
2644 	 * Clear the reply post queue memory.
2645 	 */
2646 	bzero(mpt->m_post_queue, alloc_len);
2647 
2648 	return (DDI_SUCCESS);
2649 }
2650 
2651 static int
2652 mptsas_alloc_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd)
2653 {
2654 	mptsas_cache_frames_t	*frames = NULL;
2655 	if (cmd->cmd_extra_frames == NULL) {
2656 		frames = kmem_cache_alloc(mpt->m_cache_frames, KM_NOSLEEP);
2657 		if (frames == NULL) {
2658 			return (DDI_FAILURE);
2659 		}
2660 		cmd->cmd_extra_frames = frames;
2661 	}
2662 	return (DDI_SUCCESS);
2663 }
2664 
2665 static void
2666 mptsas_free_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd)
2667 {
2668 	if (cmd->cmd_extra_frames) {
2669 		kmem_cache_free(mpt->m_cache_frames,
2670 		    (void *)cmd->cmd_extra_frames);
2671 		cmd->cmd_extra_frames = NULL;
2672 	}
2673 }
2674 
2675 static void
2676 mptsas_cfg_fini(mptsas_t *mpt)
2677 {
2678 	NDBG0(("mptsas_cfg_fini"));
2679 	ddi_regs_map_free(&mpt->m_datap);
2680 }
2681 
2682 static void
2683 mptsas_hba_fini(mptsas_t *mpt)
2684 {
2685 	NDBG0(("mptsas_hba_fini"));
2686 
2687 	/*
2688 	 * Disable any bus mastering ability (i.e: DMA) prior to freeing any
2689 	 * allocated DMA resources.
2690 	 */
2691 	if (mpt->m_config_handle != NULL)
2692 		mptsas_disable_bus_master(mpt);
2693 
2694 	/*
2695 	 * Free up any allocated memory
2696 	 */
2697 	if (mpt->m_dma_req_frame_hdl != NULL) {
2698 		(void) ddi_dma_unbind_handle(mpt->m_dma_req_frame_hdl);
2699 		ddi_dma_mem_free(&mpt->m_acc_req_frame_hdl);
2700 		ddi_dma_free_handle(&mpt->m_dma_req_frame_hdl);
2701 		mpt->m_dma_req_frame_hdl = NULL;
2702 	}
2703 
2704 	if (mpt->m_dma_reply_frame_hdl != NULL) {
2705 		(void) ddi_dma_unbind_handle(mpt->m_dma_reply_frame_hdl);
2706 		ddi_dma_mem_free(&mpt->m_acc_reply_frame_hdl);
2707 		ddi_dma_free_handle(&mpt->m_dma_reply_frame_hdl);
2708 		mpt->m_dma_reply_frame_hdl = NULL;
2709 	}
2710 
2711 	if (mpt->m_dma_free_queue_hdl != NULL) {
2712 		(void) ddi_dma_unbind_handle(mpt->m_dma_free_queue_hdl);
2713 		ddi_dma_mem_free(&mpt->m_acc_free_queue_hdl);
2714 		ddi_dma_free_handle(&mpt->m_dma_free_queue_hdl);
2715 		mpt->m_dma_free_queue_hdl = NULL;
2716 	}
2717 
2718 	if (mpt->m_dma_post_queue_hdl != NULL) {
2719 		(void) ddi_dma_unbind_handle(mpt->m_dma_post_queue_hdl);
2720 		ddi_dma_mem_free(&mpt->m_acc_post_queue_hdl);
2721 		ddi_dma_free_handle(&mpt->m_dma_post_queue_hdl);
2722 		mpt->m_dma_post_queue_hdl = NULL;
2723 	}
2724 
2725 	if (mpt->m_replyh_args != NULL) {
2726 		kmem_free(mpt->m_replyh_args, sizeof (m_replyh_arg_t)
2727 		    * mpt->m_max_replies);
2728 	}
2729 }
2730 
2731 static int
2732 mptsas_name_child(dev_info_t *lun_dip, char *name, int len)
2733 {
2734 	int		lun = 0;
2735 	char		*sas_wwn = NULL;
2736 	int		phynum = -1;
2737 	int		reallen = 0;
2738 
2739 	/* Get the target num */
2740 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, lun_dip, DDI_PROP_DONTPASS,
2741 	    LUN_PROP, 0);
2742 
2743 	if (ddi_prop_lookup_string(DDI_DEV_T_ANY, lun_dip, DDI_PROP_DONTPASS,
2744 	    SCSI_ADDR_PROP_TARGET_PORT, &sas_wwn) == DDI_PROP_SUCCESS) {
2745 		/*
2746 		 * Stick in the address of the form "wWWN,LUN"
2747 		 */
2748 		reallen = snprintf(name, len, "w%s,%x", sas_wwn, lun);
2749 		ddi_prop_free(sas_wwn);
2750 	} else if ((phynum = ddi_prop_get_int(DDI_DEV_T_ANY, lun_dip,
2751 	    DDI_PROP_DONTPASS, "sata-phy", -1)) != -1) {
2752 		/*
2753 		 * Stick in the address of form "pPHY,LUN"
2754 		 */
2755 		reallen = snprintf(name, len, "p%x,%x", phynum, lun);
2756 	} else {
2757 		return (DDI_FAILURE);
2758 	}
2759 
2760 	ASSERT(reallen < len);
2761 	if (reallen >= len) {
2762 		mptsas_log(0, CE_WARN, "!mptsas_get_name: name parameter "
2763 		    "length too small, it needs to be %d bytes", reallen + 1);
2764 	}
2765 	return (DDI_SUCCESS);
2766 }
2767 
2768 /*
2769  * tran_tgt_init(9E) - target device instance initialization
2770  */
2771 static int
2772 mptsas_scsi_tgt_init(dev_info_t *hba_dip, dev_info_t *tgt_dip,
2773     scsi_hba_tran_t *hba_tran, struct scsi_device *sd)
2774 {
2775 #ifndef __lock_lint
2776 	_NOTE(ARGUNUSED(hba_tran))
2777 #endif
2778 
2779 	/*
2780 	 * At this point, the scsi_device structure already exists
2781 	 * and has been initialized.
2782 	 *
2783 	 * Use this function to allocate target-private data structures,
2784 	 * if needed by this HBA.  Add revised flow-control and queue
2785 	 * properties for child here, if desired and if you can tell they
2786 	 * support tagged queueing by now.
2787 	 */
2788 	mptsas_t		*mpt;
2789 	int			lun = sd->sd_address.a_lun;
2790 	mdi_pathinfo_t		*pip = NULL;
2791 	mptsas_tgt_private_t	*tgt_private = NULL;
2792 	mptsas_target_t		*ptgt = NULL;
2793 	char			*psas_wwn = NULL;
2794 	int			phymask = 0;
2795 	uint64_t		sas_wwn = 0;
2796 	mpt = SDEV2MPT(sd);
2797 
2798 	ASSERT(scsi_hba_iport_unit_address(hba_dip) != 0);
2799 
2800 	NDBG0(("mptsas_scsi_tgt_init: hbadip=0x%p tgtdip=0x%p lun=%d",
2801 	    (void *)hba_dip, (void *)tgt_dip, lun));
2802 
2803 	if (ndi_dev_is_persistent_node(tgt_dip) == 0) {
2804 		(void) ndi_merge_node(tgt_dip, mptsas_name_child);
2805 		ddi_set_name_addr(tgt_dip, NULL);
2806 		return (DDI_FAILURE);
2807 	}
2808 	/*
2809 	 * phymask is 0 means the virtual port for RAID
2810 	 */
2811 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, hba_dip, 0,
2812 	    "phymask", 0);
2813 	if (mdi_component_is_client(tgt_dip, NULL) == MDI_SUCCESS) {
2814 		if ((pip = (void *)(sd->sd_private)) == NULL) {
2815 			/*
2816 			 * Very bad news if this occurs. Somehow scsi_vhci has
2817 			 * lost the pathinfo node for this target.
2818 			 */
2819 			return (DDI_NOT_WELL_FORMED);
2820 		}
2821 
2822 		if (mdi_prop_lookup_int(pip, LUN_PROP, &lun) !=
2823 		    DDI_PROP_SUCCESS) {
2824 			mptsas_log(mpt, CE_WARN, "Get lun property failed\n");
2825 			return (DDI_FAILURE);
2826 		}
2827 
2828 		if (mdi_prop_lookup_string(pip, SCSI_ADDR_PROP_TARGET_PORT,
2829 		    &psas_wwn) == MDI_SUCCESS) {
2830 			if (scsi_wwnstr_to_wwn(psas_wwn, &sas_wwn)) {
2831 				sas_wwn = 0;
2832 			}
2833 			(void) mdi_prop_free(psas_wwn);
2834 		}
2835 	} else {
2836 		lun = ddi_prop_get_int(DDI_DEV_T_ANY, tgt_dip,
2837 		    DDI_PROP_DONTPASS, LUN_PROP, 0);
2838 		if (ddi_prop_lookup_string(DDI_DEV_T_ANY, tgt_dip,
2839 		    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_TARGET_PORT, &psas_wwn) ==
2840 		    DDI_PROP_SUCCESS) {
2841 			if (scsi_wwnstr_to_wwn(psas_wwn, &sas_wwn)) {
2842 				sas_wwn = 0;
2843 			}
2844 			ddi_prop_free(psas_wwn);
2845 		} else {
2846 			sas_wwn = 0;
2847 		}
2848 	}
2849 	ASSERT((sas_wwn != 0) || (phymask != 0));
2850 	mutex_enter(&mpt->m_mutex);
2851 	ptgt = mptsas_hash_search(&mpt->m_active->m_tgttbl, sas_wwn, phymask);
2852 	mutex_exit(&mpt->m_mutex);
2853 	if (ptgt == NULL) {
2854 		mptsas_log(mpt, CE_WARN, "!tgt_init: target doesn't exist or "
2855 		    "gone already! phymask:%x, saswwn %"PRIx64, phymask,
2856 		    sas_wwn);
2857 		return (DDI_FAILURE);
2858 	}
2859 	if (hba_tran->tran_tgt_private == NULL) {
2860 		tgt_private = kmem_zalloc(sizeof (mptsas_tgt_private_t),
2861 		    KM_SLEEP);
2862 		tgt_private->t_lun = lun;
2863 		tgt_private->t_private = ptgt;
2864 		hba_tran->tran_tgt_private = tgt_private;
2865 	}
2866 
2867 	if (mdi_component_is_client(tgt_dip, NULL) == MDI_SUCCESS) {
2868 		return (DDI_SUCCESS);
2869 	}
2870 	mutex_enter(&mpt->m_mutex);
2871 
2872 	if (ptgt->m_deviceinfo &
2873 	    (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
2874 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
2875 		uchar_t *inq89 = NULL;
2876 		int inq89_len = 0x238;
2877 		int reallen = 0;
2878 		int rval = 0;
2879 		struct sata_id *sid = NULL;
2880 		char model[SATA_ID_MODEL_LEN + 1];
2881 		char fw[SATA_ID_FW_LEN + 1];
2882 		char *vid, *pid;
2883 		int i;
2884 
2885 		mutex_exit(&mpt->m_mutex);
2886 		/*
2887 		 * According SCSI/ATA Translation -2 (SAT-2) revision 01a
2888 		 * chapter 12.4.2 VPD page 89h includes 512 bytes ATA IDENTIFY
2889 		 * DEVICE data or ATA IDENTIFY PACKET DEVICE data.
2890 		 */
2891 		inq89 = kmem_zalloc(inq89_len, KM_SLEEP);
2892 		rval = mptsas_inquiry(mpt, ptgt, 0, 0x89,
2893 		    inq89, inq89_len, &reallen, 1);
2894 
2895 		if (rval != 0) {
2896 			if (inq89 != NULL) {
2897 				kmem_free(inq89, inq89_len);
2898 			}
2899 
2900 			mptsas_log(mpt, CE_WARN, "!mptsas request inquiry page "
2901 			    "0x89 for SATA target:%x failed!", ptgt->m_devhdl);
2902 			return (DDI_SUCCESS);
2903 		}
2904 		sid = (void *)(&inq89[60]);
2905 
2906 		swab(sid->ai_model, model, SATA_ID_MODEL_LEN);
2907 		swab(sid->ai_fw, fw, SATA_ID_FW_LEN);
2908 
2909 		model[SATA_ID_MODEL_LEN] = 0;
2910 		fw[SATA_ID_FW_LEN] = 0;
2911 
2912 		/*
2913 		 * split model into into vid/pid
2914 		 */
2915 		for (i = 0, pid = model; i < SATA_ID_MODEL_LEN; i++, pid++)
2916 			if ((*pid == ' ') || (*pid == '\t'))
2917 				break;
2918 		if (i < SATA_ID_MODEL_LEN) {
2919 			vid = model;
2920 			/*
2921 			 * terminate vid, establish pid
2922 			 */
2923 			*pid++ = 0;
2924 		} else {
2925 			/*
2926 			 * vid will stay "ATA     ", the rule is same
2927 			 * as sata framework implementation.
2928 			 */
2929 			vid = NULL;
2930 			/*
2931 			 * model is all pid
2932 			 */
2933 			pid = model;
2934 		}
2935 
2936 		/*
2937 		 * override SCSA "inquiry-*" properties
2938 		 */
2939 		if (vid)
2940 			(void) scsi_device_prop_update_inqstring(sd,
2941 			    INQUIRY_VENDOR_ID, vid, strlen(vid));
2942 		if (pid)
2943 			(void) scsi_device_prop_update_inqstring(sd,
2944 			    INQUIRY_PRODUCT_ID, pid, strlen(pid));
2945 		(void) scsi_device_prop_update_inqstring(sd,
2946 		    INQUIRY_REVISION_ID, fw, strlen(fw));
2947 
2948 		if (inq89 != NULL) {
2949 			kmem_free(inq89, inq89_len);
2950 		}
2951 	} else {
2952 		mutex_exit(&mpt->m_mutex);
2953 	}
2954 
2955 	return (DDI_SUCCESS);
2956 }
2957 /*
2958  * tran_tgt_free(9E) - target device instance deallocation
2959  */
2960 static void
2961 mptsas_scsi_tgt_free(dev_info_t *hba_dip, dev_info_t *tgt_dip,
2962     scsi_hba_tran_t *hba_tran, struct scsi_device *sd)
2963 {
2964 #ifndef __lock_lint
2965 	_NOTE(ARGUNUSED(hba_dip, tgt_dip, hba_tran, sd))
2966 #endif
2967 
2968 	mptsas_tgt_private_t	*tgt_private = hba_tran->tran_tgt_private;
2969 
2970 	if (tgt_private != NULL) {
2971 		kmem_free(tgt_private, sizeof (mptsas_tgt_private_t));
2972 		hba_tran->tran_tgt_private = NULL;
2973 	}
2974 }
2975 
2976 /*
2977  * scsi_pkt handling
2978  *
2979  * Visible to the external world via the transport structure.
2980  */
2981 
2982 /*
2983  * Notes:
2984  *	- transport the command to the addressed SCSI target/lun device
2985  *	- normal operation is to schedule the command to be transported,
2986  *	  and return TRAN_ACCEPT if this is successful.
2987  *	- if NO_INTR, tran_start must poll device for command completion
2988  */
2989 static int
2990 mptsas_scsi_start(struct scsi_address *ap, struct scsi_pkt *pkt)
2991 {
2992 #ifndef __lock_lint
2993 	_NOTE(ARGUNUSED(ap))
2994 #endif
2995 	mptsas_t	*mpt = PKT2MPT(pkt);
2996 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
2997 	int		rval;
2998 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
2999 
3000 	NDBG1(("mptsas_scsi_start: pkt=0x%p", (void *)pkt));
3001 	ASSERT(ptgt);
3002 	if (ptgt == NULL)
3003 		return (TRAN_FATAL_ERROR);
3004 
3005 	/*
3006 	 * prepare the pkt before taking mutex.
3007 	 */
3008 	rval = mptsas_prepare_pkt(cmd);
3009 	if (rval != TRAN_ACCEPT) {
3010 		return (rval);
3011 	}
3012 
3013 	/*
3014 	 * Send the command to target/lun, however your HBA requires it.
3015 	 * If busy, return TRAN_BUSY; if there's some other formatting error
3016 	 * in the packet, return TRAN_BADPKT; otherwise, fall through to the
3017 	 * return of TRAN_ACCEPT.
3018 	 *
3019 	 * Remember that access to shared resources, including the mptsas_t
3020 	 * data structure and the HBA hardware registers, must be protected
3021 	 * with mutexes, here and everywhere.
3022 	 *
3023 	 * Also remember that at interrupt time, you'll get an argument
3024 	 * to the interrupt handler which is a pointer to your mptsas_t
3025 	 * structure; you'll have to remember which commands are outstanding
3026 	 * and which scsi_pkt is the currently-running command so the
3027 	 * interrupt handler can refer to the pkt to set completion
3028 	 * status, call the target driver back through pkt_comp, etc.
3029 	 *
3030 	 * If the instance lock is held by other thread, don't spin to wait
3031 	 * for it. Instead, queue the cmd and next time when the instance lock
3032 	 * is not held, accept all the queued cmd. A extra tx_waitq is
3033 	 * introduced to protect the queue.
3034 	 *
3035 	 * The polled cmd will not be queud and accepted as usual.
3036 	 *
3037 	 * Under the tx_waitq mutex, record whether a thread is draining
3038 	 * the tx_waitq.  An IO requesting thread that finds the instance
3039 	 * mutex contended appends to the tx_waitq and while holding the
3040 	 * tx_wait mutex, if the draining flag is not set, sets it and then
3041 	 * proceeds to spin for the instance mutex. This scheme ensures that
3042 	 * the last cmd in a burst be processed.
3043 	 *
3044 	 * we enable this feature only when the helper threads are enabled,
3045 	 * at which we think the loads are heavy.
3046 	 *
3047 	 * per instance mutex m_tx_waitq_mutex is introduced to protect the
3048 	 * m_tx_waitqtail, m_tx_waitq, m_tx_draining.
3049 	 */
3050 
3051 	if (mpt->m_doneq_thread_n) {
3052 		if (mutex_tryenter(&mpt->m_mutex) != 0) {
3053 			rval = mptsas_accept_txwq_and_pkt(mpt, cmd);
3054 			mutex_exit(&mpt->m_mutex);
3055 		} else if (cmd->cmd_pkt_flags & FLAG_NOINTR) {
3056 			mutex_enter(&mpt->m_mutex);
3057 			rval = mptsas_accept_txwq_and_pkt(mpt, cmd);
3058 			mutex_exit(&mpt->m_mutex);
3059 		} else {
3060 			mutex_enter(&mpt->m_tx_waitq_mutex);
3061 			/*
3062 			 * ptgt->m_dr_flag is protected by m_mutex or
3063 			 * m_tx_waitq_mutex. In this case, m_tx_waitq_mutex
3064 			 * is acquired.
3065 			 */
3066 			if (ptgt->m_dr_flag == MPTSAS_DR_INTRANSITION) {
3067 				if (cmd->cmd_pkt_flags & FLAG_NOQUEUE) {
3068 					/*
3069 					 * The command should be allowed to
3070 					 * retry by returning TRAN_BUSY to
3071 					 * to stall the I/O's which come from
3072 					 * scsi_vhci since the device/path is
3073 					 * in unstable state now.
3074 					 */
3075 					mutex_exit(&mpt->m_tx_waitq_mutex);
3076 					return (TRAN_BUSY);
3077 				} else {
3078 					/*
3079 					 * The device is offline, just fail the
3080 					 * command by returning
3081 					 * TRAN_FATAL_ERROR.
3082 					 */
3083 					mutex_exit(&mpt->m_tx_waitq_mutex);
3084 					return (TRAN_FATAL_ERROR);
3085 				}
3086 			}
3087 			if (mpt->m_tx_draining) {
3088 				cmd->cmd_flags |= CFLAG_TXQ;
3089 				*mpt->m_tx_waitqtail = cmd;
3090 				mpt->m_tx_waitqtail = &cmd->cmd_linkp;
3091 				mutex_exit(&mpt->m_tx_waitq_mutex);
3092 			} else { /* drain the queue */
3093 				mpt->m_tx_draining = 1;
3094 				mutex_exit(&mpt->m_tx_waitq_mutex);
3095 				mutex_enter(&mpt->m_mutex);
3096 				rval = mptsas_accept_txwq_and_pkt(mpt, cmd);
3097 				mutex_exit(&mpt->m_mutex);
3098 			}
3099 		}
3100 	} else {
3101 		mutex_enter(&mpt->m_mutex);
3102 		/*
3103 		 * ptgt->m_dr_flag is protected by m_mutex or m_tx_waitq_mutex
3104 		 * in this case, m_mutex is acquired.
3105 		 */
3106 		if (ptgt->m_dr_flag == MPTSAS_DR_INTRANSITION) {
3107 			if (cmd->cmd_pkt_flags & FLAG_NOQUEUE) {
3108 				/*
3109 				 * commands should be allowed to retry by
3110 				 * returning TRAN_BUSY to stall the I/O's
3111 				 * which come from scsi_vhci since the device/
3112 				 * path is in unstable state now.
3113 				 */
3114 				mutex_exit(&mpt->m_mutex);
3115 				return (TRAN_BUSY);
3116 			} else {
3117 				/*
3118 				 * The device is offline, just fail the
3119 				 * command by returning TRAN_FATAL_ERROR.
3120 				 */
3121 				mutex_exit(&mpt->m_mutex);
3122 				return (TRAN_FATAL_ERROR);
3123 			}
3124 		}
3125 		rval = mptsas_accept_pkt(mpt, cmd);
3126 		mutex_exit(&mpt->m_mutex);
3127 	}
3128 
3129 	return (rval);
3130 }
3131 
3132 /*
3133  * Accept all the queued cmds(if any) before accept the current one.
3134  */
3135 static int
3136 mptsas_accept_txwq_and_pkt(mptsas_t *mpt, mptsas_cmd_t *cmd)
3137 {
3138 	int rval;
3139 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
3140 
3141 	ASSERT(mutex_owned(&mpt->m_mutex));
3142 	/*
3143 	 * The call to mptsas_accept_tx_waitq() must always be performed
3144 	 * because that is where mpt->m_tx_draining is cleared.
3145 	 */
3146 	mutex_enter(&mpt->m_tx_waitq_mutex);
3147 	mptsas_accept_tx_waitq(mpt);
3148 	mutex_exit(&mpt->m_tx_waitq_mutex);
3149 	/*
3150 	 * ptgt->m_dr_flag is protected by m_mutex or m_tx_waitq_mutex
3151 	 * in this case, m_mutex is acquired.
3152 	 */
3153 	if (ptgt->m_dr_flag == MPTSAS_DR_INTRANSITION) {
3154 		if (cmd->cmd_pkt_flags & FLAG_NOQUEUE) {
3155 			/*
3156 			 * The command should be allowed to retry by returning
3157 			 * TRAN_BUSY to stall the I/O's which come from
3158 			 * scsi_vhci since the device/path is in unstable state
3159 			 * now.
3160 			 */
3161 			return (TRAN_BUSY);
3162 		} else {
3163 			/*
3164 			 * The device is offline, just fail the command by
3165 			 * return TRAN_FATAL_ERROR.
3166 			 */
3167 			return (TRAN_FATAL_ERROR);
3168 		}
3169 	}
3170 	rval = mptsas_accept_pkt(mpt, cmd);
3171 
3172 	return (rval);
3173 }
3174 
3175 static int
3176 mptsas_accept_pkt(mptsas_t *mpt, mptsas_cmd_t *cmd)
3177 {
3178 	int		rval = TRAN_ACCEPT;
3179 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
3180 
3181 	NDBG1(("mptsas_accept_pkt: cmd=0x%p", (void *)cmd));
3182 
3183 	ASSERT(mutex_owned(&mpt->m_mutex));
3184 
3185 	if ((cmd->cmd_flags & CFLAG_PREPARED) == 0) {
3186 		rval = mptsas_prepare_pkt(cmd);
3187 		if (rval != TRAN_ACCEPT) {
3188 			cmd->cmd_flags &= ~CFLAG_TRANFLAG;
3189 			return (rval);
3190 		}
3191 	}
3192 
3193 	/*
3194 	 * reset the throttle if we were draining
3195 	 */
3196 	if ((ptgt->m_t_ncmds == 0) &&
3197 	    (ptgt->m_t_throttle == DRAIN_THROTTLE)) {
3198 		NDBG23(("reset throttle"));
3199 		ASSERT(ptgt->m_reset_delay == 0);
3200 		mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
3201 	}
3202 
3203 	/*
3204 	 * If HBA is being reset, the DevHandles are being re-initialized,
3205 	 * which means that they could be invalid even if the target is still
3206 	 * attached.  Check if being reset and if DevHandle is being
3207 	 * re-initialized.  If this is the case, return BUSY so the I/O can be
3208 	 * retried later.
3209 	 */
3210 	if ((ptgt->m_devhdl == MPTSAS_INVALID_DEVHDL) && mpt->m_in_reset) {
3211 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
3212 		if (cmd->cmd_flags & CFLAG_TXQ) {
3213 			mptsas_doneq_add(mpt, cmd);
3214 			mptsas_doneq_empty(mpt);
3215 			return (rval);
3216 		} else {
3217 			return (TRAN_BUSY);
3218 		}
3219 	}
3220 
3221 	/*
3222 	 * If device handle has already been invalidated, just
3223 	 * fail the command. In theory, command from scsi_vhci
3224 	 * client is impossible send down command with invalid
3225 	 * devhdl since devhdl is set after path offline, target
3226 	 * driver is not suppose to select a offlined path.
3227 	 */
3228 	if (ptgt->m_devhdl == MPTSAS_INVALID_DEVHDL) {
3229 		NDBG20(("rejecting command, it might because invalid devhdl "
3230 		    "request."));
3231 		mptsas_set_pkt_reason(mpt, cmd, CMD_DEV_GONE, STAT_TERMINATED);
3232 		if (cmd->cmd_flags & CFLAG_TXQ) {
3233 			mptsas_doneq_add(mpt, cmd);
3234 			mptsas_doneq_empty(mpt);
3235 			return (rval);
3236 		} else {
3237 			return (TRAN_FATAL_ERROR);
3238 		}
3239 	}
3240 	/*
3241 	 * The first case is the normal case.  mpt gets a command from the
3242 	 * target driver and starts it.
3243 	 * Since SMID 0 is reserved and the TM slot is reserved, the actual max
3244 	 * commands is m_max_requests - 2.
3245 	 */
3246 	if ((mpt->m_ncmds <= (mpt->m_max_requests - 2)) &&
3247 	    (ptgt->m_t_throttle > HOLD_THROTTLE) &&
3248 	    (ptgt->m_t_ncmds < ptgt->m_t_throttle) &&
3249 	    (ptgt->m_reset_delay == 0) &&
3250 	    (ptgt->m_t_nwait == 0) &&
3251 	    ((cmd->cmd_pkt_flags & FLAG_NOINTR) == 0)) {
3252 		if (mptsas_save_cmd(mpt, cmd) == TRUE) {
3253 			(void) mptsas_start_cmd(mpt, cmd);
3254 		} else {
3255 			mptsas_waitq_add(mpt, cmd);
3256 		}
3257 	} else {
3258 		/*
3259 		 * Add this pkt to the work queue
3260 		 */
3261 		mptsas_waitq_add(mpt, cmd);
3262 
3263 		if (cmd->cmd_pkt_flags & FLAG_NOINTR) {
3264 			(void) mptsas_poll(mpt, cmd, MPTSAS_POLL_TIME);
3265 
3266 			/*
3267 			 * Only flush the doneq if this is not a TM
3268 			 * cmd.  For TM cmds the flushing of the
3269 			 * doneq will be done in those routines.
3270 			 */
3271 			if ((cmd->cmd_flags & CFLAG_TM_CMD) == 0) {
3272 				mptsas_doneq_empty(mpt);
3273 			}
3274 		}
3275 	}
3276 	return (rval);
3277 }
3278 
3279 int
3280 mptsas_save_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
3281 {
3282 	mptsas_slots_t	*slots;
3283 	int		slot;
3284 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
3285 
3286 	ASSERT(mutex_owned(&mpt->m_mutex));
3287 	slots = mpt->m_active;
3288 
3289 	/*
3290 	 * Account for reserved TM request slot and reserved SMID of 0.
3291 	 */
3292 	ASSERT(slots->m_n_slots == (mpt->m_max_requests - 2));
3293 
3294 	/*
3295 	 * m_tags is equivalent to the SMID when sending requests.  Since the
3296 	 * SMID cannot be 0, start out at one if rolling over past the size
3297 	 * of the request queue depth.  Also, don't use the last SMID, which is
3298 	 * reserved for TM requests.
3299 	 */
3300 	slot = (slots->m_tags)++;
3301 	if (slots->m_tags > slots->m_n_slots) {
3302 		slots->m_tags = 1;
3303 	}
3304 
3305 alloc_tag:
3306 	/* Validate tag, should never fail. */
3307 	if (slots->m_slot[slot] == NULL) {
3308 		/*
3309 		 * Make sure SMID is not using reserved value of 0
3310 		 * and the TM request slot.
3311 		 */
3312 		ASSERT((slot > 0) && (slot <= slots->m_n_slots));
3313 		cmd->cmd_slot = slot;
3314 		slots->m_slot[slot] = cmd;
3315 		mpt->m_ncmds++;
3316 
3317 		/*
3318 		 * only increment per target ncmds if this is not a
3319 		 * command that has no target associated with it (i.e. a
3320 		 * event acknoledgment)
3321 		 */
3322 		if ((cmd->cmd_flags & CFLAG_CMDIOC) == 0) {
3323 			ptgt->m_t_ncmds++;
3324 		}
3325 		cmd->cmd_active_timeout = cmd->cmd_pkt->pkt_time;
3326 
3327 		/*
3328 		 * If initial timout is less than or equal to one tick, bump
3329 		 * the timeout by a tick so that command doesn't timeout before
3330 		 * its allotted time.
3331 		 */
3332 		if (cmd->cmd_active_timeout <= mptsas_scsi_watchdog_tick) {
3333 			cmd->cmd_active_timeout += mptsas_scsi_watchdog_tick;
3334 		}
3335 		return (TRUE);
3336 	} else {
3337 		int i;
3338 
3339 		/*
3340 		 * If slot in use, scan until a free one is found. Don't use 0
3341 		 * or final slot, which is reserved for TM requests.
3342 		 */
3343 		for (i = 0; i < slots->m_n_slots; i++) {
3344 			slot = slots->m_tags;
3345 			if (++(slots->m_tags) > slots->m_n_slots) {
3346 				slots->m_tags = 1;
3347 			}
3348 			if (slots->m_slot[slot] == NULL) {
3349 				NDBG22(("found free slot %d", slot));
3350 				goto alloc_tag;
3351 			}
3352 		}
3353 	}
3354 	return (FALSE);
3355 }
3356 
3357 /*
3358  * prepare the pkt:
3359  * the pkt may have been resubmitted or just reused so
3360  * initialize some fields and do some checks.
3361  */
3362 static int
3363 mptsas_prepare_pkt(mptsas_cmd_t *cmd)
3364 {
3365 	struct scsi_pkt	*pkt = CMD2PKT(cmd);
3366 
3367 	NDBG1(("mptsas_prepare_pkt: cmd=0x%p", (void *)cmd));
3368 
3369 	/*
3370 	 * Reinitialize some fields that need it; the packet may
3371 	 * have been resubmitted
3372 	 */
3373 	pkt->pkt_reason = CMD_CMPLT;
3374 	pkt->pkt_state = 0;
3375 	pkt->pkt_statistics = 0;
3376 	pkt->pkt_resid = 0;
3377 	cmd->cmd_age = 0;
3378 	cmd->cmd_pkt_flags = pkt->pkt_flags;
3379 
3380 	/*
3381 	 * zero status byte.
3382 	 */
3383 	*(pkt->pkt_scbp) = 0;
3384 
3385 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
3386 		pkt->pkt_resid = cmd->cmd_dmacount;
3387 
3388 		/*
3389 		 * consistent packets need to be sync'ed first
3390 		 * (only for data going out)
3391 		 */
3392 		if ((cmd->cmd_flags & CFLAG_CMDIOPB) &&
3393 		    (cmd->cmd_flags & CFLAG_DMASEND)) {
3394 			(void) ddi_dma_sync(cmd->cmd_dmahandle, 0, 0,
3395 			    DDI_DMA_SYNC_FORDEV);
3396 		}
3397 	}
3398 
3399 	cmd->cmd_flags =
3400 	    (cmd->cmd_flags & ~(CFLAG_TRANFLAG)) |
3401 	    CFLAG_PREPARED | CFLAG_IN_TRANSPORT;
3402 
3403 	return (TRAN_ACCEPT);
3404 }
3405 
3406 /*
3407  * tran_init_pkt(9E) - allocate scsi_pkt(9S) for command
3408  *
3409  * One of three possibilities:
3410  *	- allocate scsi_pkt
3411  *	- allocate scsi_pkt and DMA resources
3412  *	- allocate DMA resources to an already-allocated pkt
3413  */
3414 static struct scsi_pkt *
3415 mptsas_scsi_init_pkt(struct scsi_address *ap, struct scsi_pkt *pkt,
3416     struct buf *bp, int cmdlen, int statuslen, int tgtlen, int flags,
3417     int (*callback)(), caddr_t arg)
3418 {
3419 	mptsas_cmd_t		*cmd, *new_cmd;
3420 	mptsas_t		*mpt = ADDR2MPT(ap);
3421 	int			failure = 1;
3422 	uint_t			oldcookiec;
3423 	mptsas_target_t		*ptgt = NULL;
3424 	int			rval;
3425 	mptsas_tgt_private_t	*tgt_private;
3426 	int			kf;
3427 
3428 	kf = (callback == SLEEP_FUNC)? KM_SLEEP: KM_NOSLEEP;
3429 
3430 	tgt_private = (mptsas_tgt_private_t *)ap->a_hba_tran->
3431 	    tran_tgt_private;
3432 	ASSERT(tgt_private != NULL);
3433 	if (tgt_private == NULL) {
3434 		return (NULL);
3435 	}
3436 	ptgt = tgt_private->t_private;
3437 	ASSERT(ptgt != NULL);
3438 	if (ptgt == NULL)
3439 		return (NULL);
3440 	ap->a_target = ptgt->m_devhdl;
3441 	ap->a_lun = tgt_private->t_lun;
3442 
3443 	ASSERT(callback == NULL_FUNC || callback == SLEEP_FUNC);
3444 #ifdef MPTSAS_TEST_EXTRN_ALLOC
3445 	statuslen *= 100; tgtlen *= 4;
3446 #endif
3447 	NDBG3(("mptsas_scsi_init_pkt:\n"
3448 	    "\ttgt=%d in=0x%p bp=0x%p clen=%d slen=%d tlen=%d flags=%x",
3449 	    ap->a_target, (void *)pkt, (void *)bp,
3450 	    cmdlen, statuslen, tgtlen, flags));
3451 
3452 	/*
3453 	 * Allocate the new packet.
3454 	 */
3455 	if (pkt == NULL) {
3456 		ddi_dma_handle_t	save_dma_handle;
3457 		ddi_dma_handle_t	save_arq_dma_handle;
3458 		struct buf		*save_arq_bp;
3459 		ddi_dma_cookie_t	save_arqcookie;
3460 
3461 		cmd = kmem_cache_alloc(mpt->m_kmem_cache, kf);
3462 
3463 		if (cmd) {
3464 			save_dma_handle = cmd->cmd_dmahandle;
3465 			save_arq_dma_handle = cmd->cmd_arqhandle;
3466 			save_arq_bp = cmd->cmd_arq_buf;
3467 			save_arqcookie = cmd->cmd_arqcookie;
3468 			bzero(cmd, sizeof (*cmd) + scsi_pkt_size());
3469 			cmd->cmd_dmahandle = save_dma_handle;
3470 			cmd->cmd_arqhandle = save_arq_dma_handle;
3471 			cmd->cmd_arq_buf = save_arq_bp;
3472 			cmd->cmd_arqcookie = save_arqcookie;
3473 
3474 			pkt = (void *)((uchar_t *)cmd +
3475 			    sizeof (struct mptsas_cmd));
3476 			pkt->pkt_ha_private = (opaque_t)cmd;
3477 			pkt->pkt_address = *ap;
3478 			pkt->pkt_private = (opaque_t)cmd->cmd_pkt_private;
3479 			pkt->pkt_scbp = (opaque_t)&cmd->cmd_scb;
3480 			pkt->pkt_cdbp = (opaque_t)&cmd->cmd_cdb;
3481 			cmd->cmd_pkt = (struct scsi_pkt *)pkt;
3482 			cmd->cmd_cdblen = (uchar_t)cmdlen;
3483 			cmd->cmd_scblen = statuslen;
3484 			cmd->cmd_rqslen = SENSE_LENGTH;
3485 			cmd->cmd_tgt_addr = ptgt;
3486 			failure = 0;
3487 		}
3488 
3489 		if (failure || (cmdlen > sizeof (cmd->cmd_cdb)) ||
3490 		    (tgtlen > PKT_PRIV_LEN) ||
3491 		    (statuslen > EXTCMDS_STATUS_SIZE)) {
3492 			if (failure == 0) {
3493 				/*
3494 				 * if extern alloc fails, all will be
3495 				 * deallocated, including cmd
3496 				 */
3497 				failure = mptsas_pkt_alloc_extern(mpt, cmd,
3498 				    cmdlen, tgtlen, statuslen, kf);
3499 			}
3500 			if (failure) {
3501 				/*
3502 				 * if extern allocation fails, it will
3503 				 * deallocate the new pkt as well
3504 				 */
3505 				return (NULL);
3506 			}
3507 		}
3508 		new_cmd = cmd;
3509 
3510 	} else {
3511 		cmd = PKT2CMD(pkt);
3512 		new_cmd = NULL;
3513 	}
3514 
3515 
3516 	/* grab cmd->cmd_cookiec here as oldcookiec */
3517 
3518 	oldcookiec = cmd->cmd_cookiec;
3519 
3520 	/*
3521 	 * If the dma was broken up into PARTIAL transfers cmd_nwin will be
3522 	 * greater than 0 and we'll need to grab the next dma window
3523 	 */
3524 	/*
3525 	 * SLM-not doing extra command frame right now; may add later
3526 	 */
3527 
3528 	if (cmd->cmd_nwin > 0) {
3529 
3530 		/*
3531 		 * Make sure we havn't gone past the the total number
3532 		 * of windows
3533 		 */
3534 		if (++cmd->cmd_winindex >= cmd->cmd_nwin) {
3535 			return (NULL);
3536 		}
3537 		if (ddi_dma_getwin(cmd->cmd_dmahandle, cmd->cmd_winindex,
3538 		    &cmd->cmd_dma_offset, &cmd->cmd_dma_len,
3539 		    &cmd->cmd_cookie, &cmd->cmd_cookiec) == DDI_FAILURE) {
3540 			return (NULL);
3541 		}
3542 		goto get_dma_cookies;
3543 	}
3544 
3545 
3546 	if (flags & PKT_XARQ) {
3547 		cmd->cmd_flags |= CFLAG_XARQ;
3548 	}
3549 
3550 	/*
3551 	 * DMA resource allocation.  This version assumes your
3552 	 * HBA has some sort of bus-mastering or onboard DMA capability, with a
3553 	 * scatter-gather list of length MPTSAS_MAX_DMA_SEGS, as given in the
3554 	 * ddi_dma_attr_t structure and passed to scsi_impl_dmaget.
3555 	 */
3556 	if (bp && (bp->b_bcount != 0) &&
3557 	    (cmd->cmd_flags & CFLAG_DMAVALID) == 0) {
3558 
3559 		int	cnt, dma_flags;
3560 		mptti_t	*dmap;		/* ptr to the S/G list */
3561 
3562 		/*
3563 		 * Set up DMA memory and position to the next DMA segment.
3564 		 */
3565 		ASSERT(cmd->cmd_dmahandle != NULL);
3566 
3567 		if (bp->b_flags & B_READ) {
3568 			dma_flags = DDI_DMA_READ;
3569 			cmd->cmd_flags &= ~CFLAG_DMASEND;
3570 		} else {
3571 			dma_flags = DDI_DMA_WRITE;
3572 			cmd->cmd_flags |= CFLAG_DMASEND;
3573 		}
3574 		if (flags & PKT_CONSISTENT) {
3575 			cmd->cmd_flags |= CFLAG_CMDIOPB;
3576 			dma_flags |= DDI_DMA_CONSISTENT;
3577 		}
3578 
3579 		if (flags & PKT_DMA_PARTIAL) {
3580 			dma_flags |= DDI_DMA_PARTIAL;
3581 		}
3582 
3583 		/*
3584 		 * workaround for byte hole issue on psycho and
3585 		 * schizo pre 2.1
3586 		 */
3587 		if ((bp->b_flags & B_READ) && ((bp->b_flags &
3588 		    (B_PAGEIO|B_REMAPPED)) != B_PAGEIO) &&
3589 		    ((uintptr_t)bp->b_un.b_addr & 0x7)) {
3590 			dma_flags |= DDI_DMA_CONSISTENT;
3591 		}
3592 
3593 		rval = ddi_dma_buf_bind_handle(cmd->cmd_dmahandle, bp,
3594 		    dma_flags, callback, arg,
3595 		    &cmd->cmd_cookie, &cmd->cmd_cookiec);
3596 		if (rval == DDI_DMA_PARTIAL_MAP) {
3597 			(void) ddi_dma_numwin(cmd->cmd_dmahandle,
3598 			    &cmd->cmd_nwin);
3599 			cmd->cmd_winindex = 0;
3600 			(void) ddi_dma_getwin(cmd->cmd_dmahandle,
3601 			    cmd->cmd_winindex, &cmd->cmd_dma_offset,
3602 			    &cmd->cmd_dma_len, &cmd->cmd_cookie,
3603 			    &cmd->cmd_cookiec);
3604 		} else if (rval && (rval != DDI_DMA_MAPPED)) {
3605 			switch (rval) {
3606 			case DDI_DMA_NORESOURCES:
3607 				bioerror(bp, 0);
3608 				break;
3609 			case DDI_DMA_BADATTR:
3610 			case DDI_DMA_NOMAPPING:
3611 				bioerror(bp, EFAULT);
3612 				break;
3613 			case DDI_DMA_TOOBIG:
3614 			default:
3615 				bioerror(bp, EINVAL);
3616 				break;
3617 			}
3618 			cmd->cmd_flags &= ~CFLAG_DMAVALID;
3619 			if (new_cmd) {
3620 				mptsas_scsi_destroy_pkt(ap, pkt);
3621 			}
3622 			return ((struct scsi_pkt *)NULL);
3623 		}
3624 
3625 get_dma_cookies:
3626 		cmd->cmd_flags |= CFLAG_DMAVALID;
3627 		ASSERT(cmd->cmd_cookiec > 0);
3628 
3629 		if (cmd->cmd_cookiec > MPTSAS_MAX_CMD_SEGS) {
3630 			mptsas_log(mpt, CE_NOTE, "large cookiec received %d\n",
3631 			    cmd->cmd_cookiec);
3632 			bioerror(bp, EINVAL);
3633 			if (new_cmd) {
3634 				mptsas_scsi_destroy_pkt(ap, pkt);
3635 			}
3636 			return ((struct scsi_pkt *)NULL);
3637 		}
3638 
3639 		/*
3640 		 * Allocate extra SGL buffer if needed.
3641 		 */
3642 		if ((cmd->cmd_cookiec > MPTSAS_MAX_FRAME_SGES64(mpt)) &&
3643 		    (cmd->cmd_extra_frames == NULL)) {
3644 			if (mptsas_alloc_extra_sgl_frame(mpt, cmd) ==
3645 			    DDI_FAILURE) {
3646 				mptsas_log(mpt, CE_WARN, "MPT SGL mem alloc "
3647 				    "failed");
3648 				bioerror(bp, ENOMEM);
3649 				if (new_cmd) {
3650 					mptsas_scsi_destroy_pkt(ap, pkt);
3651 				}
3652 				return ((struct scsi_pkt *)NULL);
3653 			}
3654 		}
3655 
3656 		/*
3657 		 * Always use scatter-gather transfer
3658 		 * Use the loop below to store physical addresses of
3659 		 * DMA segments, from the DMA cookies, into your HBA's
3660 		 * scatter-gather list.
3661 		 * We need to ensure we have enough kmem alloc'd
3662 		 * for the sg entries since we are no longer using an
3663 		 * array inside mptsas_cmd_t.
3664 		 *
3665 		 * We check cmd->cmd_cookiec against oldcookiec so
3666 		 * the scatter-gather list is correctly allocated
3667 		 */
3668 
3669 		if (oldcookiec != cmd->cmd_cookiec) {
3670 			if (cmd->cmd_sg != (mptti_t *)NULL) {
3671 				kmem_free(cmd->cmd_sg, sizeof (mptti_t) *
3672 				    oldcookiec);
3673 				cmd->cmd_sg = NULL;
3674 			}
3675 		}
3676 
3677 		if (cmd->cmd_sg == (mptti_t *)NULL) {
3678 			cmd->cmd_sg = kmem_alloc((size_t)(sizeof (mptti_t)*
3679 			    cmd->cmd_cookiec), kf);
3680 
3681 			if (cmd->cmd_sg == (mptti_t *)NULL) {
3682 				mptsas_log(mpt, CE_WARN,
3683 				    "unable to kmem_alloc enough memory "
3684 				    "for scatter/gather list");
3685 		/*
3686 		 * if we have an ENOMEM condition we need to behave
3687 		 * the same way as the rest of this routine
3688 		 */
3689 
3690 				bioerror(bp, ENOMEM);
3691 				if (new_cmd) {
3692 					mptsas_scsi_destroy_pkt(ap, pkt);
3693 				}
3694 				return ((struct scsi_pkt *)NULL);
3695 			}
3696 		}
3697 
3698 		dmap = cmd->cmd_sg;
3699 
3700 		ASSERT(cmd->cmd_cookie.dmac_size != 0);
3701 
3702 		/*
3703 		 * store the first segment into the S/G list
3704 		 */
3705 		dmap->count = cmd->cmd_cookie.dmac_size;
3706 		dmap->addr.address64.Low = (uint32_t)
3707 		    (cmd->cmd_cookie.dmac_laddress & 0xffffffffull);
3708 		dmap->addr.address64.High = (uint32_t)
3709 		    (cmd->cmd_cookie.dmac_laddress >> 32);
3710 
3711 		/*
3712 		 * dmacount counts the size of the dma for this window
3713 		 * (if partial dma is being used).  totaldmacount
3714 		 * keeps track of the total amount of dma we have
3715 		 * transferred for all the windows (needed to calculate
3716 		 * the resid value below).
3717 		 */
3718 		cmd->cmd_dmacount = cmd->cmd_cookie.dmac_size;
3719 		cmd->cmd_totaldmacount += cmd->cmd_cookie.dmac_size;
3720 
3721 		/*
3722 		 * We already stored the first DMA scatter gather segment,
3723 		 * start at 1 if we need to store more.
3724 		 */
3725 		for (cnt = 1; cnt < cmd->cmd_cookiec; cnt++) {
3726 			/*
3727 			 * Get next DMA cookie
3728 			 */
3729 			ddi_dma_nextcookie(cmd->cmd_dmahandle,
3730 			    &cmd->cmd_cookie);
3731 			dmap++;
3732 
3733 			cmd->cmd_dmacount += cmd->cmd_cookie.dmac_size;
3734 			cmd->cmd_totaldmacount += cmd->cmd_cookie.dmac_size;
3735 
3736 			/*
3737 			 * store the segment parms into the S/G list
3738 			 */
3739 			dmap->count = cmd->cmd_cookie.dmac_size;
3740 			dmap->addr.address64.Low = (uint32_t)
3741 			    (cmd->cmd_cookie.dmac_laddress & 0xffffffffull);
3742 			dmap->addr.address64.High = (uint32_t)
3743 			    (cmd->cmd_cookie.dmac_laddress >> 32);
3744 		}
3745 
3746 		/*
3747 		 * If this was partially allocated we set the resid
3748 		 * the amount of data NOT transferred in this window
3749 		 * If there is only one window, the resid will be 0
3750 		 */
3751 		pkt->pkt_resid = (bp->b_bcount - cmd->cmd_totaldmacount);
3752 		NDBG16(("mptsas_dmaget: cmd_dmacount=%d.", cmd->cmd_dmacount));
3753 	}
3754 	return (pkt);
3755 }
3756 
3757 /*
3758  * tran_destroy_pkt(9E) - scsi_pkt(9s) deallocation
3759  *
3760  * Notes:
3761  *	- also frees DMA resources if allocated
3762  *	- implicit DMA synchonization
3763  */
3764 static void
3765 mptsas_scsi_destroy_pkt(struct scsi_address *ap, struct scsi_pkt *pkt)
3766 {
3767 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
3768 	mptsas_t	*mpt = ADDR2MPT(ap);
3769 
3770 	NDBG3(("mptsas_scsi_destroy_pkt: target=%d pkt=0x%p",
3771 	    ap->a_target, (void *)pkt));
3772 
3773 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
3774 		(void) ddi_dma_unbind_handle(cmd->cmd_dmahandle);
3775 		cmd->cmd_flags &= ~CFLAG_DMAVALID;
3776 	}
3777 
3778 	if (cmd->cmd_sg) {
3779 		kmem_free(cmd->cmd_sg, sizeof (mptti_t) * cmd->cmd_cookiec);
3780 		cmd->cmd_sg = NULL;
3781 	}
3782 
3783 	mptsas_free_extra_sgl_frame(mpt, cmd);
3784 
3785 	if ((cmd->cmd_flags &
3786 	    (CFLAG_FREE | CFLAG_CDBEXTERN | CFLAG_PRIVEXTERN |
3787 	    CFLAG_SCBEXTERN)) == 0) {
3788 		cmd->cmd_flags = CFLAG_FREE;
3789 		kmem_cache_free(mpt->m_kmem_cache, (void *)cmd);
3790 	} else {
3791 		mptsas_pkt_destroy_extern(mpt, cmd);
3792 	}
3793 }
3794 
3795 /*
3796  * kmem cache constructor and destructor:
3797  * When constructing, we bzero the cmd and allocate the dma handle
3798  * When destructing, just free the dma handle
3799  */
3800 static int
3801 mptsas_kmem_cache_constructor(void *buf, void *cdrarg, int kmflags)
3802 {
3803 	mptsas_cmd_t		*cmd = buf;
3804 	mptsas_t		*mpt  = cdrarg;
3805 	struct scsi_address	ap;
3806 	uint_t			cookiec;
3807 	ddi_dma_attr_t		arq_dma_attr;
3808 	int			(*callback)(caddr_t);
3809 
3810 	callback = (kmflags == KM_SLEEP)? DDI_DMA_SLEEP: DDI_DMA_DONTWAIT;
3811 
3812 	NDBG4(("mptsas_kmem_cache_constructor"));
3813 
3814 	ap.a_hba_tran = mpt->m_tran;
3815 	ap.a_target = 0;
3816 	ap.a_lun = 0;
3817 
3818 	/*
3819 	 * allocate a dma handle
3820 	 */
3821 	if ((ddi_dma_alloc_handle(mpt->m_dip, &mpt->m_io_dma_attr, callback,
3822 	    NULL, &cmd->cmd_dmahandle)) != DDI_SUCCESS) {
3823 		cmd->cmd_dmahandle = NULL;
3824 		return (-1);
3825 	}
3826 
3827 	cmd->cmd_arq_buf = scsi_alloc_consistent_buf(&ap, (struct buf *)NULL,
3828 	    SENSE_LENGTH, B_READ, callback, NULL);
3829 	if (cmd->cmd_arq_buf == NULL) {
3830 		ddi_dma_free_handle(&cmd->cmd_dmahandle);
3831 		cmd->cmd_dmahandle = NULL;
3832 		return (-1);
3833 	}
3834 
3835 	/*
3836 	 * allocate a arq handle
3837 	 */
3838 	arq_dma_attr = mpt->m_msg_dma_attr;
3839 	arq_dma_attr.dma_attr_sgllen = 1;
3840 	if ((ddi_dma_alloc_handle(mpt->m_dip, &arq_dma_attr, callback,
3841 	    NULL, &cmd->cmd_arqhandle)) != DDI_SUCCESS) {
3842 		ddi_dma_free_handle(&cmd->cmd_dmahandle);
3843 		scsi_free_consistent_buf(cmd->cmd_arq_buf);
3844 		cmd->cmd_dmahandle = NULL;
3845 		cmd->cmd_arqhandle = NULL;
3846 		return (-1);
3847 	}
3848 
3849 	if (ddi_dma_buf_bind_handle(cmd->cmd_arqhandle,
3850 	    cmd->cmd_arq_buf, (DDI_DMA_READ | DDI_DMA_CONSISTENT),
3851 	    callback, NULL, &cmd->cmd_arqcookie, &cookiec) != DDI_SUCCESS) {
3852 		ddi_dma_free_handle(&cmd->cmd_dmahandle);
3853 		ddi_dma_free_handle(&cmd->cmd_arqhandle);
3854 		scsi_free_consistent_buf(cmd->cmd_arq_buf);
3855 		cmd->cmd_dmahandle = NULL;
3856 		cmd->cmd_arqhandle = NULL;
3857 		cmd->cmd_arq_buf = NULL;
3858 		return (-1);
3859 	}
3860 
3861 	return (0);
3862 }
3863 
3864 static void
3865 mptsas_kmem_cache_destructor(void *buf, void *cdrarg)
3866 {
3867 #ifndef __lock_lint
3868 	_NOTE(ARGUNUSED(cdrarg))
3869 #endif
3870 	mptsas_cmd_t	*cmd = buf;
3871 
3872 	NDBG4(("mptsas_kmem_cache_destructor"));
3873 
3874 	if (cmd->cmd_arqhandle) {
3875 		(void) ddi_dma_unbind_handle(cmd->cmd_arqhandle);
3876 		ddi_dma_free_handle(&cmd->cmd_arqhandle);
3877 		cmd->cmd_arqhandle = NULL;
3878 	}
3879 	if (cmd->cmd_arq_buf) {
3880 		scsi_free_consistent_buf(cmd->cmd_arq_buf);
3881 		cmd->cmd_arq_buf = NULL;
3882 	}
3883 	if (cmd->cmd_dmahandle) {
3884 		ddi_dma_free_handle(&cmd->cmd_dmahandle);
3885 		cmd->cmd_dmahandle = NULL;
3886 	}
3887 }
3888 
3889 static int
3890 mptsas_cache_frames_constructor(void *buf, void *cdrarg, int kmflags)
3891 {
3892 	mptsas_cache_frames_t	*p = buf;
3893 	mptsas_t		*mpt = cdrarg;
3894 	ddi_dma_attr_t		frame_dma_attr;
3895 	size_t			mem_size, alloc_len;
3896 	ddi_dma_cookie_t	cookie;
3897 	uint_t			ncookie;
3898 	int (*callback)(caddr_t) = (kmflags == KM_SLEEP)
3899 	    ? DDI_DMA_SLEEP: DDI_DMA_DONTWAIT;
3900 
3901 	frame_dma_attr = mpt->m_msg_dma_attr;
3902 	frame_dma_attr.dma_attr_align = 0x10;
3903 	frame_dma_attr.dma_attr_sgllen = 1;
3904 
3905 	if (ddi_dma_alloc_handle(mpt->m_dip, &frame_dma_attr, callback, NULL,
3906 	    &p->m_dma_hdl) != DDI_SUCCESS) {
3907 		mptsas_log(mpt, CE_WARN, "Unable to allocate dma handle for"
3908 		    " extra SGL.");
3909 		return (DDI_FAILURE);
3910 	}
3911 
3912 	mem_size = (mpt->m_max_request_frames - 1) * mpt->m_req_frame_size;
3913 
3914 	if (ddi_dma_mem_alloc(p->m_dma_hdl, mem_size, &mpt->m_dev_acc_attr,
3915 	    DDI_DMA_CONSISTENT, callback, NULL, (caddr_t *)&p->m_frames_addr,
3916 	    &alloc_len, &p->m_acc_hdl) != DDI_SUCCESS) {
3917 		ddi_dma_free_handle(&p->m_dma_hdl);
3918 		p->m_dma_hdl = NULL;
3919 		mptsas_log(mpt, CE_WARN, "Unable to allocate dma memory for"
3920 		    " extra SGL.");
3921 		return (DDI_FAILURE);
3922 	}
3923 
3924 	if (ddi_dma_addr_bind_handle(p->m_dma_hdl, NULL, p->m_frames_addr,
3925 	    alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT, callback, NULL,
3926 	    &cookie, &ncookie) != DDI_DMA_MAPPED) {
3927 		(void) ddi_dma_mem_free(&p->m_acc_hdl);
3928 		ddi_dma_free_handle(&p->m_dma_hdl);
3929 		p->m_dma_hdl = NULL;
3930 		mptsas_log(mpt, CE_WARN, "Unable to bind DMA resources for"
3931 		    " extra SGL");
3932 		return (DDI_FAILURE);
3933 	}
3934 
3935 	/*
3936 	 * Store the SGL memory address.  This chip uses this
3937 	 * address to dma to and from the driver.  The second
3938 	 * address is the address mpt uses to fill in the SGL.
3939 	 */
3940 	p->m_phys_addr = cookie.dmac_address;
3941 
3942 	return (DDI_SUCCESS);
3943 }
3944 
3945 static void
3946 mptsas_cache_frames_destructor(void *buf, void *cdrarg)
3947 {
3948 #ifndef __lock_lint
3949 	_NOTE(ARGUNUSED(cdrarg))
3950 #endif
3951 	mptsas_cache_frames_t	*p = buf;
3952 	if (p->m_dma_hdl != NULL) {
3953 		(void) ddi_dma_unbind_handle(p->m_dma_hdl);
3954 		(void) ddi_dma_mem_free(&p->m_acc_hdl);
3955 		ddi_dma_free_handle(&p->m_dma_hdl);
3956 		p->m_phys_addr = NULL;
3957 		p->m_frames_addr = NULL;
3958 		p->m_dma_hdl = NULL;
3959 		p->m_acc_hdl = NULL;
3960 	}
3961 
3962 }
3963 
3964 /*
3965  * allocate and deallocate external pkt space (ie. not part of mptsas_cmd)
3966  * for non-standard length cdb, pkt_private, status areas
3967  * if allocation fails, then deallocate all external space and the pkt
3968  */
3969 /* ARGSUSED */
3970 static int
3971 mptsas_pkt_alloc_extern(mptsas_t *mpt, mptsas_cmd_t *cmd,
3972     int cmdlen, int tgtlen, int statuslen, int kf)
3973 {
3974 	caddr_t			cdbp, scbp, tgt;
3975 	int			(*callback)(caddr_t) = (kf == KM_SLEEP) ?
3976 	    DDI_DMA_SLEEP : DDI_DMA_DONTWAIT;
3977 	struct scsi_address	ap;
3978 	size_t			senselength;
3979 	ddi_dma_attr_t		ext_arq_dma_attr;
3980 	uint_t			cookiec;
3981 
3982 	NDBG3(("mptsas_pkt_alloc_extern: "
3983 	    "cmd=0x%p cmdlen=%d tgtlen=%d statuslen=%d kf=%x",
3984 	    (void *)cmd, cmdlen, tgtlen, statuslen, kf));
3985 
3986 	tgt = cdbp = scbp = NULL;
3987 	cmd->cmd_scblen		= statuslen;
3988 	cmd->cmd_privlen	= (uchar_t)tgtlen;
3989 
3990 	if (cmdlen > sizeof (cmd->cmd_cdb)) {
3991 		if ((cdbp = kmem_zalloc((size_t)cmdlen, kf)) == NULL) {
3992 			goto fail;
3993 		}
3994 		cmd->cmd_pkt->pkt_cdbp = (opaque_t)cdbp;
3995 		cmd->cmd_flags |= CFLAG_CDBEXTERN;
3996 	}
3997 	if (tgtlen > PKT_PRIV_LEN) {
3998 		if ((tgt = kmem_zalloc((size_t)tgtlen, kf)) == NULL) {
3999 			goto fail;
4000 		}
4001 		cmd->cmd_flags |= CFLAG_PRIVEXTERN;
4002 		cmd->cmd_pkt->pkt_private = tgt;
4003 	}
4004 	if (statuslen > EXTCMDS_STATUS_SIZE) {
4005 		if ((scbp = kmem_zalloc((size_t)statuslen, kf)) == NULL) {
4006 			goto fail;
4007 		}
4008 		cmd->cmd_flags |= CFLAG_SCBEXTERN;
4009 		cmd->cmd_pkt->pkt_scbp = (opaque_t)scbp;
4010 
4011 		/* allocate sense data buf for DMA */
4012 
4013 		senselength = statuslen - MPTSAS_GET_ITEM_OFF(
4014 		    struct scsi_arq_status, sts_sensedata);
4015 		cmd->cmd_rqslen = (uchar_t)senselength;
4016 
4017 		ap.a_hba_tran = mpt->m_tran;
4018 		ap.a_target = 0;
4019 		ap.a_lun = 0;
4020 
4021 		cmd->cmd_ext_arq_buf = scsi_alloc_consistent_buf(&ap,
4022 		    (struct buf *)NULL, senselength, B_READ,
4023 		    callback, NULL);
4024 
4025 		if (cmd->cmd_ext_arq_buf == NULL) {
4026 			goto fail;
4027 		}
4028 		/*
4029 		 * allocate a extern arq handle and bind the buf
4030 		 */
4031 		ext_arq_dma_attr = mpt->m_msg_dma_attr;
4032 		ext_arq_dma_attr.dma_attr_sgllen = 1;
4033 		if ((ddi_dma_alloc_handle(mpt->m_dip,
4034 		    &ext_arq_dma_attr, callback,
4035 		    NULL, &cmd->cmd_ext_arqhandle)) != DDI_SUCCESS) {
4036 			goto fail;
4037 		}
4038 
4039 		if (ddi_dma_buf_bind_handle(cmd->cmd_ext_arqhandle,
4040 		    cmd->cmd_ext_arq_buf, (DDI_DMA_READ | DDI_DMA_CONSISTENT),
4041 		    callback, NULL, &cmd->cmd_ext_arqcookie,
4042 		    &cookiec)
4043 		    != DDI_SUCCESS) {
4044 			goto fail;
4045 		}
4046 		cmd->cmd_flags |= CFLAG_EXTARQBUFVALID;
4047 	}
4048 	return (0);
4049 fail:
4050 	mptsas_pkt_destroy_extern(mpt, cmd);
4051 	return (1);
4052 }
4053 
4054 /*
4055  * deallocate external pkt space and deallocate the pkt
4056  */
4057 static void
4058 mptsas_pkt_destroy_extern(mptsas_t *mpt, mptsas_cmd_t *cmd)
4059 {
4060 	NDBG3(("mptsas_pkt_destroy_extern: cmd=0x%p", (void *)cmd));
4061 
4062 	if (cmd->cmd_flags & CFLAG_FREE) {
4063 		mptsas_log(mpt, CE_PANIC,
4064 		    "mptsas_pkt_destroy_extern: freeing free packet");
4065 		_NOTE(NOT_REACHED)
4066 		/* NOTREACHED */
4067 	}
4068 	if (cmd->cmd_flags & CFLAG_CDBEXTERN) {
4069 		kmem_free(cmd->cmd_pkt->pkt_cdbp, (size_t)cmd->cmd_cdblen);
4070 	}
4071 	if (cmd->cmd_flags & CFLAG_SCBEXTERN) {
4072 		kmem_free(cmd->cmd_pkt->pkt_scbp, (size_t)cmd->cmd_scblen);
4073 		if (cmd->cmd_flags & CFLAG_EXTARQBUFVALID) {
4074 			(void) ddi_dma_unbind_handle(cmd->cmd_ext_arqhandle);
4075 		}
4076 		if (cmd->cmd_ext_arqhandle) {
4077 			ddi_dma_free_handle(&cmd->cmd_ext_arqhandle);
4078 			cmd->cmd_ext_arqhandle = NULL;
4079 		}
4080 		if (cmd->cmd_ext_arq_buf)
4081 			scsi_free_consistent_buf(cmd->cmd_ext_arq_buf);
4082 	}
4083 	if (cmd->cmd_flags & CFLAG_PRIVEXTERN) {
4084 		kmem_free(cmd->cmd_pkt->pkt_private, (size_t)cmd->cmd_privlen);
4085 	}
4086 	cmd->cmd_flags = CFLAG_FREE;
4087 	kmem_cache_free(mpt->m_kmem_cache, (void *)cmd);
4088 }
4089 
4090 /*
4091  * tran_sync_pkt(9E) - explicit DMA synchronization
4092  */
4093 /*ARGSUSED*/
4094 static void
4095 mptsas_scsi_sync_pkt(struct scsi_address *ap, struct scsi_pkt *pkt)
4096 {
4097 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
4098 
4099 	NDBG3(("mptsas_scsi_sync_pkt: target=%d, pkt=0x%p",
4100 	    ap->a_target, (void *)pkt));
4101 
4102 	if (cmd->cmd_dmahandle) {
4103 		(void) ddi_dma_sync(cmd->cmd_dmahandle, 0, 0,
4104 		    (cmd->cmd_flags & CFLAG_DMASEND) ?
4105 		    DDI_DMA_SYNC_FORDEV : DDI_DMA_SYNC_FORCPU);
4106 	}
4107 }
4108 
4109 /*
4110  * tran_dmafree(9E) - deallocate DMA resources allocated for command
4111  */
4112 /*ARGSUSED*/
4113 static void
4114 mptsas_scsi_dmafree(struct scsi_address *ap, struct scsi_pkt *pkt)
4115 {
4116 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
4117 	mptsas_t	*mpt = ADDR2MPT(ap);
4118 
4119 	NDBG3(("mptsas_scsi_dmafree: target=%d pkt=0x%p",
4120 	    ap->a_target, (void *)pkt));
4121 
4122 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
4123 		(void) ddi_dma_unbind_handle(cmd->cmd_dmahandle);
4124 		cmd->cmd_flags &= ~CFLAG_DMAVALID;
4125 	}
4126 
4127 	if (cmd->cmd_flags & CFLAG_EXTARQBUFVALID) {
4128 		(void) ddi_dma_unbind_handle(cmd->cmd_ext_arqhandle);
4129 		cmd->cmd_flags &= ~CFLAG_EXTARQBUFVALID;
4130 	}
4131 
4132 	mptsas_free_extra_sgl_frame(mpt, cmd);
4133 }
4134 
4135 static void
4136 mptsas_pkt_comp(struct scsi_pkt *pkt, mptsas_cmd_t *cmd)
4137 {
4138 	if ((cmd->cmd_flags & CFLAG_CMDIOPB) &&
4139 	    (!(cmd->cmd_flags & CFLAG_DMASEND))) {
4140 		(void) ddi_dma_sync(cmd->cmd_dmahandle, 0, 0,
4141 		    DDI_DMA_SYNC_FORCPU);
4142 	}
4143 	(*pkt->pkt_comp)(pkt);
4144 }
4145 
4146 static void
4147 mptsas_sge_setup(mptsas_t *mpt, mptsas_cmd_t *cmd, uint32_t *control,
4148 	pMpi2SCSIIORequest_t frame, ddi_acc_handle_t acc_hdl)
4149 {
4150 	uint_t			cookiec;
4151 	mptti_t			*dmap;
4152 	uint32_t		flags;
4153 	pMpi2SGESimple64_t	sge;
4154 	pMpi2SGEChain64_t	sgechain;
4155 	ASSERT(cmd->cmd_flags & CFLAG_DMAVALID);
4156 
4157 	/*
4158 	 * Save the number of entries in the DMA
4159 	 * Scatter/Gather list
4160 	 */
4161 	cookiec = cmd->cmd_cookiec;
4162 
4163 	NDBG1(("mptsas_sge_setup: cookiec=%d", cookiec));
4164 
4165 	/*
4166 	 * Set read/write bit in control.
4167 	 */
4168 	if (cmd->cmd_flags & CFLAG_DMASEND) {
4169 		*control |= MPI2_SCSIIO_CONTROL_WRITE;
4170 	} else {
4171 		*control |= MPI2_SCSIIO_CONTROL_READ;
4172 	}
4173 
4174 	ddi_put32(acc_hdl, &frame->DataLength, cmd->cmd_dmacount);
4175 
4176 	/*
4177 	 * We have 2 cases here.  First where we can fit all the
4178 	 * SG elements into the main frame, and the case
4179 	 * where we can't.
4180 	 * If we have more cookies than we can attach to a frame
4181 	 * we will need to use a chain element to point
4182 	 * a location of memory where the rest of the S/G
4183 	 * elements reside.
4184 	 */
4185 	if (cookiec <= MPTSAS_MAX_FRAME_SGES64(mpt)) {
4186 		dmap = cmd->cmd_sg;
4187 		sge = (pMpi2SGESimple64_t)(&frame->SGL);
4188 		while (cookiec--) {
4189 			ddi_put32(acc_hdl,
4190 			    &sge->Address.Low, dmap->addr.address64.Low);
4191 			ddi_put32(acc_hdl,
4192 			    &sge->Address.High, dmap->addr.address64.High);
4193 			ddi_put32(acc_hdl, &sge->FlagsLength,
4194 			    dmap->count);
4195 			flags = ddi_get32(acc_hdl, &sge->FlagsLength);
4196 			flags |= ((uint32_t)
4197 			    (MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
4198 			    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4199 			    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
4200 			    MPI2_SGE_FLAGS_SHIFT);
4201 
4202 			/*
4203 			 * If this is the last cookie, we set the flags
4204 			 * to indicate so
4205 			 */
4206 			if (cookiec == 0) {
4207 				flags |=
4208 				    ((uint32_t)(MPI2_SGE_FLAGS_LAST_ELEMENT
4209 				    | MPI2_SGE_FLAGS_END_OF_BUFFER
4210 				    | MPI2_SGE_FLAGS_END_OF_LIST) <<
4211 				    MPI2_SGE_FLAGS_SHIFT);
4212 			}
4213 			if (cmd->cmd_flags & CFLAG_DMASEND) {
4214 				flags |= (MPI2_SGE_FLAGS_HOST_TO_IOC <<
4215 				    MPI2_SGE_FLAGS_SHIFT);
4216 			} else {
4217 				flags |= (MPI2_SGE_FLAGS_IOC_TO_HOST <<
4218 				    MPI2_SGE_FLAGS_SHIFT);
4219 			}
4220 			ddi_put32(acc_hdl, &sge->FlagsLength, flags);
4221 			dmap++;
4222 			sge++;
4223 		}
4224 	} else {
4225 		/*
4226 		 * Hereby we start to deal with multiple frames.
4227 		 * The process is as follows:
4228 		 * 1. Determine how many frames are needed for SGL element
4229 		 *    storage; Note that all frames are stored in contiguous
4230 		 *    memory space and in 64-bit DMA mode each element is
4231 		 *    3 double-words (12 bytes) long.
4232 		 * 2. Fill up the main frame. We need to do this separately
4233 		 *    since it contains the SCSI IO request header and needs
4234 		 *    dedicated processing. Note that the last 4 double-words
4235 		 *    of the SCSI IO header is for SGL element storage
4236 		 *    (MPI2_SGE_IO_UNION).
4237 		 * 3. Fill the chain element in the main frame, so the DMA
4238 		 *    engine can use the following frames.
4239 		 * 4. Enter a loop to fill the remaining frames. Note that the
4240 		 *    last frame contains no chain element.  The remaining
4241 		 *    frames go into the mpt SGL buffer allocated on the fly,
4242 		 *    not immediately following the main message frame, as in
4243 		 *    Gen1.
4244 		 * Some restrictions:
4245 		 * 1. For 64-bit DMA, the simple element and chain element
4246 		 *    are both of 3 double-words (12 bytes) in size, even
4247 		 *    though all frames are stored in the first 4G of mem
4248 		 *    range and the higher 32-bits of the address are always 0.
4249 		 * 2. On some controllers (like the 1064/1068), a frame can
4250 		 *    hold SGL elements with the last 1 or 2 double-words
4251 		 *    (4 or 8 bytes) un-used. On these controllers, we should
4252 		 *    recognize that there's not enough room for another SGL
4253 		 *    element and move the sge pointer to the next frame.
4254 		 */
4255 		int		i, j, k, l, frames, sgemax;
4256 		int		temp;
4257 		uint8_t		chainflags;
4258 		uint16_t	chainlength;
4259 		mptsas_cache_frames_t *p;
4260 
4261 		/*
4262 		 * Sgemax is the number of SGE's that will fit
4263 		 * each extra frame and frames is total
4264 		 * number of frames we'll need.  1 sge entry per
4265 		 * frame is reseverd for the chain element thus the -1 below.
4266 		 */
4267 		sgemax = ((mpt->m_req_frame_size / sizeof (MPI2_SGE_SIMPLE64))
4268 		    - 1);
4269 		temp = (cookiec - (MPTSAS_MAX_FRAME_SGES64(mpt) - 1)) / sgemax;
4270 
4271 		/*
4272 		 * A little check to see if we need to round up the number
4273 		 * of frames we need
4274 		 */
4275 		if ((cookiec - (MPTSAS_MAX_FRAME_SGES64(mpt) - 1)) - (temp *
4276 		    sgemax) > 1) {
4277 			frames = (temp + 1);
4278 		} else {
4279 			frames = temp;
4280 		}
4281 		dmap = cmd->cmd_sg;
4282 		sge = (pMpi2SGESimple64_t)(&frame->SGL);
4283 
4284 		/*
4285 		 * First fill in the main frame
4286 		 */
4287 		for (j = 1; j < MPTSAS_MAX_FRAME_SGES64(mpt); j++) {
4288 			ddi_put32(acc_hdl, &sge->Address.Low,
4289 			    dmap->addr.address64.Low);
4290 			ddi_put32(acc_hdl, &sge->Address.High,
4291 			    dmap->addr.address64.High);
4292 			ddi_put32(acc_hdl, &sge->FlagsLength, dmap->count);
4293 			flags = ddi_get32(acc_hdl, &sge->FlagsLength);
4294 			flags |= ((uint32_t)(MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
4295 			    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4296 			    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
4297 			    MPI2_SGE_FLAGS_SHIFT);
4298 
4299 			/*
4300 			 * If this is the last SGE of this frame
4301 			 * we set the end of list flag
4302 			 */
4303 			if (j == (MPTSAS_MAX_FRAME_SGES64(mpt) - 1)) {
4304 				flags |= ((uint32_t)
4305 				    (MPI2_SGE_FLAGS_LAST_ELEMENT) <<
4306 				    MPI2_SGE_FLAGS_SHIFT);
4307 			}
4308 			if (cmd->cmd_flags & CFLAG_DMASEND) {
4309 				flags |=
4310 				    (MPI2_SGE_FLAGS_HOST_TO_IOC <<
4311 				    MPI2_SGE_FLAGS_SHIFT);
4312 			} else {
4313 				flags |=
4314 				    (MPI2_SGE_FLAGS_IOC_TO_HOST <<
4315 				    MPI2_SGE_FLAGS_SHIFT);
4316 			}
4317 			ddi_put32(acc_hdl, &sge->FlagsLength, flags);
4318 			dmap++;
4319 			sge++;
4320 		}
4321 
4322 		/*
4323 		 * Fill in the chain element in the main frame.
4324 		 * About calculation on ChainOffset:
4325 		 * 1. Struct msg_scsi_io_request has 4 double-words (16 bytes)
4326 		 *    in the end reserved for SGL element storage
4327 		 *    (MPI2_SGE_IO_UNION); we should count it in our
4328 		 *    calculation.  See its definition in the header file.
4329 		 * 2. Constant j is the counter of the current SGL element
4330 		 *    that will be processed, and (j - 1) is the number of
4331 		 *    SGL elements that have been processed (stored in the
4332 		 *    main frame).
4333 		 * 3. ChainOffset value should be in units of double-words (4
4334 		 *    bytes) so the last value should be divided by 4.
4335 		 */
4336 		ddi_put8(acc_hdl, &frame->ChainOffset,
4337 		    (sizeof (MPI2_SCSI_IO_REQUEST) -
4338 		    sizeof (MPI2_SGE_IO_UNION) +
4339 		    (j - 1) * sizeof (MPI2_SGE_SIMPLE64)) >> 2);
4340 		sgechain = (pMpi2SGEChain64_t)sge;
4341 		chainflags = (MPI2_SGE_FLAGS_CHAIN_ELEMENT |
4342 		    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4343 		    MPI2_SGE_FLAGS_64_BIT_ADDRESSING);
4344 		ddi_put8(acc_hdl, &sgechain->Flags, chainflags);
4345 
4346 		/*
4347 		 * The size of the next frame is the accurate size of space
4348 		 * (in bytes) used to store the SGL elements. j is the counter
4349 		 * of SGL elements. (j - 1) is the number of SGL elements that
4350 		 * have been processed (stored in frames).
4351 		 */
4352 		if (frames >= 2) {
4353 			chainlength = mpt->m_req_frame_size /
4354 			    sizeof (MPI2_SGE_SIMPLE64) *
4355 			    sizeof (MPI2_SGE_SIMPLE64);
4356 		} else {
4357 			chainlength = ((cookiec - (j - 1)) *
4358 			    sizeof (MPI2_SGE_SIMPLE64));
4359 		}
4360 
4361 		p = cmd->cmd_extra_frames;
4362 
4363 		ddi_put16(acc_hdl, &sgechain->Length, chainlength);
4364 		ddi_put32(acc_hdl, &sgechain->Address.Low,
4365 		    p->m_phys_addr);
4366 		/* SGL is allocated in the first 4G mem range */
4367 		ddi_put32(acc_hdl, &sgechain->Address.High, 0);
4368 
4369 		/*
4370 		 * If there are more than 2 frames left we have to
4371 		 * fill in the next chain offset to the location of
4372 		 * the chain element in the next frame.
4373 		 * sgemax is the number of simple elements in an extra
4374 		 * frame. Note that the value NextChainOffset should be
4375 		 * in double-words (4 bytes).
4376 		 */
4377 		if (frames >= 2) {
4378 			ddi_put8(acc_hdl, &sgechain->NextChainOffset,
4379 			    (sgemax * sizeof (MPI2_SGE_SIMPLE64)) >> 2);
4380 		} else {
4381 			ddi_put8(acc_hdl, &sgechain->NextChainOffset, 0);
4382 		}
4383 
4384 		/*
4385 		 * Jump to next frame;
4386 		 * Starting here, chain buffers go into the per command SGL.
4387 		 * This buffer is allocated when chain buffers are needed.
4388 		 */
4389 		sge = (pMpi2SGESimple64_t)p->m_frames_addr;
4390 		i = cookiec;
4391 
4392 		/*
4393 		 * Start filling in frames with SGE's.  If we
4394 		 * reach the end of frame and still have SGE's
4395 		 * to fill we need to add a chain element and
4396 		 * use another frame.  j will be our counter
4397 		 * for what cookie we are at and i will be
4398 		 * the total cookiec. k is the current frame
4399 		 */
4400 		for (k = 1; k <= frames; k++) {
4401 			for (l = 1; (l <= (sgemax + 1)) && (j <= i); j++, l++) {
4402 
4403 				/*
4404 				 * If we have reached the end of frame
4405 				 * and we have more SGE's to fill in
4406 				 * we have to fill the final entry
4407 				 * with a chain element and then
4408 				 * continue to the next frame
4409 				 */
4410 				if ((l == (sgemax + 1)) && (k != frames)) {
4411 					sgechain = (pMpi2SGEChain64_t)sge;
4412 					j--;
4413 					chainflags = (
4414 					    MPI2_SGE_FLAGS_CHAIN_ELEMENT |
4415 					    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4416 					    MPI2_SGE_FLAGS_64_BIT_ADDRESSING);
4417 					ddi_put8(p->m_acc_hdl,
4418 					    &sgechain->Flags, chainflags);
4419 					/*
4420 					 * k is the frame counter and (k + 1)
4421 					 * is the number of the next frame.
4422 					 * Note that frames are in contiguous
4423 					 * memory space.
4424 					 */
4425 					ddi_put32(p->m_acc_hdl,
4426 					    &sgechain->Address.Low,
4427 					    (p->m_phys_addr +
4428 					    (mpt->m_req_frame_size * k)));
4429 					ddi_put32(p->m_acc_hdl,
4430 					    &sgechain->Address.High, 0);
4431 
4432 					/*
4433 					 * If there are more than 2 frames left
4434 					 * we have to next chain offset to
4435 					 * the location of the chain element
4436 					 * in the next frame and fill in the
4437 					 * length of the next chain
4438 					 */
4439 					if ((frames - k) >= 2) {
4440 						ddi_put8(p->m_acc_hdl,
4441 						    &sgechain->NextChainOffset,
4442 						    (sgemax *
4443 						    sizeof (MPI2_SGE_SIMPLE64))
4444 						    >> 2);
4445 						ddi_put16(p->m_acc_hdl,
4446 						    &sgechain->Length,
4447 						    mpt->m_req_frame_size /
4448 						    sizeof (MPI2_SGE_SIMPLE64) *
4449 						    sizeof (MPI2_SGE_SIMPLE64));
4450 					} else {
4451 						/*
4452 						 * This is the last frame. Set
4453 						 * the NextChainOffset to 0 and
4454 						 * Length is the total size of
4455 						 * all remaining simple elements
4456 						 */
4457 						ddi_put8(p->m_acc_hdl,
4458 						    &sgechain->NextChainOffset,
4459 						    0);
4460 						ddi_put16(p->m_acc_hdl,
4461 						    &sgechain->Length,
4462 						    (cookiec - j) *
4463 						    sizeof (MPI2_SGE_SIMPLE64));
4464 					}
4465 
4466 					/* Jump to the next frame */
4467 					sge = (pMpi2SGESimple64_t)
4468 					    ((char *)p->m_frames_addr +
4469 					    (int)mpt->m_req_frame_size * k);
4470 
4471 					continue;
4472 				}
4473 
4474 				ddi_put32(p->m_acc_hdl,
4475 				    &sge->Address.Low,
4476 				    dmap->addr.address64.Low);
4477 				ddi_put32(p->m_acc_hdl,
4478 				    &sge->Address.High,
4479 				    dmap->addr.address64.High);
4480 				ddi_put32(p->m_acc_hdl,
4481 				    &sge->FlagsLength, dmap->count);
4482 				flags = ddi_get32(p->m_acc_hdl,
4483 				    &sge->FlagsLength);
4484 				flags |= ((uint32_t)(
4485 				    MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
4486 				    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4487 				    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
4488 				    MPI2_SGE_FLAGS_SHIFT);
4489 
4490 				/*
4491 				 * If we are at the end of the frame and
4492 				 * there is another frame to fill in
4493 				 * we set the last simple element as last
4494 				 * element
4495 				 */
4496 				if ((l == sgemax) && (k != frames)) {
4497 					flags |= ((uint32_t)
4498 					    (MPI2_SGE_FLAGS_LAST_ELEMENT) <<
4499 					    MPI2_SGE_FLAGS_SHIFT);
4500 				}
4501 
4502 				/*
4503 				 * If this is the final cookie we
4504 				 * indicate it by setting the flags
4505 				 */
4506 				if (j == i) {
4507 					flags |= ((uint32_t)
4508 					    (MPI2_SGE_FLAGS_LAST_ELEMENT |
4509 					    MPI2_SGE_FLAGS_END_OF_BUFFER |
4510 					    MPI2_SGE_FLAGS_END_OF_LIST) <<
4511 					    MPI2_SGE_FLAGS_SHIFT);
4512 				}
4513 				if (cmd->cmd_flags & CFLAG_DMASEND) {
4514 					flags |=
4515 					    (MPI2_SGE_FLAGS_HOST_TO_IOC <<
4516 					    MPI2_SGE_FLAGS_SHIFT);
4517 				} else {
4518 					flags |=
4519 					    (MPI2_SGE_FLAGS_IOC_TO_HOST <<
4520 					    MPI2_SGE_FLAGS_SHIFT);
4521 				}
4522 				ddi_put32(p->m_acc_hdl,
4523 				    &sge->FlagsLength, flags);
4524 				dmap++;
4525 				sge++;
4526 			}
4527 		}
4528 
4529 		/*
4530 		 * Sync DMA with the chain buffers that were just created
4531 		 */
4532 		(void) ddi_dma_sync(p->m_dma_hdl, 0, 0, DDI_DMA_SYNC_FORDEV);
4533 	}
4534 }
4535 
4536 /*
4537  * Interrupt handling
4538  * Utility routine.  Poll for status of a command sent to HBA
4539  * without interrupts (a FLAG_NOINTR command).
4540  */
4541 int
4542 mptsas_poll(mptsas_t *mpt, mptsas_cmd_t *poll_cmd, int polltime)
4543 {
4544 	int	rval = TRUE;
4545 
4546 	NDBG5(("mptsas_poll: cmd=0x%p", (void *)poll_cmd));
4547 
4548 	if ((poll_cmd->cmd_flags & CFLAG_TM_CMD) == 0) {
4549 		mptsas_restart_hba(mpt);
4550 	}
4551 
4552 	/*
4553 	 * Wait, using drv_usecwait(), long enough for the command to
4554 	 * reasonably return from the target if the target isn't
4555 	 * "dead".  A polled command may well be sent from scsi_poll, and
4556 	 * there are retries built in to scsi_poll if the transport
4557 	 * accepted the packet (TRAN_ACCEPT).  scsi_poll waits 1 second
4558 	 * and retries the transport up to scsi_poll_busycnt times
4559 	 * (currently 60) if
4560 	 * 1. pkt_reason is CMD_INCOMPLETE and pkt_state is 0, or
4561 	 * 2. pkt_reason is CMD_CMPLT and *pkt_scbp has STATUS_BUSY
4562 	 *
4563 	 * limit the waiting to avoid a hang in the event that the
4564 	 * cmd never gets started but we are still receiving interrupts
4565 	 */
4566 	while (!(poll_cmd->cmd_flags & CFLAG_FINISHED)) {
4567 		if (mptsas_wait_intr(mpt, polltime) == FALSE) {
4568 			NDBG5(("mptsas_poll: command incomplete"));
4569 			rval = FALSE;
4570 			break;
4571 		}
4572 	}
4573 
4574 	if (rval == FALSE) {
4575 
4576 		/*
4577 		 * this isn't supposed to happen, the hba must be wedged
4578 		 * Mark this cmd as a timeout.
4579 		 */
4580 		mptsas_set_pkt_reason(mpt, poll_cmd, CMD_TIMEOUT,
4581 		    (STAT_TIMEOUT|STAT_ABORTED));
4582 
4583 		if (poll_cmd->cmd_queued == FALSE) {
4584 
4585 			NDBG5(("mptsas_poll: not on waitq"));
4586 
4587 			poll_cmd->cmd_pkt->pkt_state |=
4588 			    (STATE_GOT_BUS|STATE_GOT_TARGET|STATE_SENT_CMD);
4589 		} else {
4590 
4591 			/* find and remove it from the waitq */
4592 			NDBG5(("mptsas_poll: delete from waitq"));
4593 			mptsas_waitq_delete(mpt, poll_cmd);
4594 		}
4595 
4596 	}
4597 	mptsas_fma_check(mpt, poll_cmd);
4598 	NDBG5(("mptsas_poll: done"));
4599 	return (rval);
4600 }
4601 
4602 /*
4603  * Used for polling cmds and TM function
4604  */
4605 static int
4606 mptsas_wait_intr(mptsas_t *mpt, int polltime)
4607 {
4608 	int				cnt;
4609 	pMpi2ReplyDescriptorsUnion_t	reply_desc_union;
4610 	uint32_t			int_mask;
4611 
4612 	NDBG5(("mptsas_wait_intr"));
4613 
4614 	mpt->m_polled_intr = 1;
4615 
4616 	/*
4617 	 * Get the current interrupt mask and disable interrupts.  When
4618 	 * re-enabling ints, set mask to saved value.
4619 	 */
4620 	int_mask = ddi_get32(mpt->m_datap, &mpt->m_reg->HostInterruptMask);
4621 	MPTSAS_DISABLE_INTR(mpt);
4622 
4623 	/*
4624 	 * Keep polling for at least (polltime * 1000) seconds
4625 	 */
4626 	for (cnt = 0; cnt < polltime; cnt++) {
4627 		(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
4628 		    DDI_DMA_SYNC_FORCPU);
4629 
4630 		reply_desc_union = (pMpi2ReplyDescriptorsUnion_t)
4631 		    MPTSAS_GET_NEXT_REPLY(mpt, mpt->m_post_index);
4632 
4633 		if (ddi_get32(mpt->m_acc_post_queue_hdl,
4634 		    &reply_desc_union->Words.Low) == 0xFFFFFFFF ||
4635 		    ddi_get32(mpt->m_acc_post_queue_hdl,
4636 		    &reply_desc_union->Words.High) == 0xFFFFFFFF) {
4637 			drv_usecwait(1000);
4638 			continue;
4639 		}
4640 
4641 		/*
4642 		 * The reply is valid, process it according to its
4643 		 * type.
4644 		 */
4645 		mptsas_process_intr(mpt, reply_desc_union);
4646 
4647 		if (++mpt->m_post_index == mpt->m_post_queue_depth) {
4648 			mpt->m_post_index = 0;
4649 		}
4650 
4651 		/*
4652 		 * Update the global reply index
4653 		 */
4654 		ddi_put32(mpt->m_datap,
4655 		    &mpt->m_reg->ReplyPostHostIndex, mpt->m_post_index);
4656 		mpt->m_polled_intr = 0;
4657 
4658 		/*
4659 		 * Re-enable interrupts and quit.
4660 		 */
4661 		ddi_put32(mpt->m_datap, &mpt->m_reg->HostInterruptMask,
4662 		    int_mask);
4663 		return (TRUE);
4664 
4665 	}
4666 
4667 	/*
4668 	 * Clear polling flag, re-enable interrupts and quit.
4669 	 */
4670 	mpt->m_polled_intr = 0;
4671 	ddi_put32(mpt->m_datap, &mpt->m_reg->HostInterruptMask, int_mask);
4672 	return (FALSE);
4673 }
4674 
4675 static void
4676 mptsas_handle_scsi_io_success(mptsas_t *mpt,
4677     pMpi2ReplyDescriptorsUnion_t reply_desc)
4678 {
4679 	pMpi2SCSIIOSuccessReplyDescriptor_t	scsi_io_success;
4680 	uint16_t				SMID;
4681 	mptsas_slots_t				*slots = mpt->m_active;
4682 	mptsas_cmd_t				*cmd = NULL;
4683 	struct scsi_pkt				*pkt;
4684 
4685 	ASSERT(mutex_owned(&mpt->m_mutex));
4686 
4687 	scsi_io_success = (pMpi2SCSIIOSuccessReplyDescriptor_t)reply_desc;
4688 	SMID = ddi_get16(mpt->m_acc_post_queue_hdl, &scsi_io_success->SMID);
4689 
4690 	/*
4691 	 * This is a success reply so just complete the IO.  First, do a sanity
4692 	 * check on the SMID.  The final slot is used for TM requests, which
4693 	 * would not come into this reply handler.
4694 	 */
4695 	if ((SMID == 0) || (SMID > slots->m_n_slots)) {
4696 		mptsas_log(mpt, CE_WARN, "?Received invalid SMID of %d\n",
4697 		    SMID);
4698 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
4699 		return;
4700 	}
4701 
4702 	cmd = slots->m_slot[SMID];
4703 
4704 	/*
4705 	 * print warning and return if the slot is empty
4706 	 */
4707 	if (cmd == NULL) {
4708 		mptsas_log(mpt, CE_WARN, "?NULL command for successful SCSI IO "
4709 		    "in slot %d", SMID);
4710 		return;
4711 	}
4712 
4713 	pkt = CMD2PKT(cmd);
4714 	pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET | STATE_SENT_CMD |
4715 	    STATE_GOT_STATUS);
4716 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
4717 		pkt->pkt_state |= STATE_XFERRED_DATA;
4718 	}
4719 	pkt->pkt_resid = 0;
4720 
4721 	if (cmd->cmd_flags & CFLAG_PASSTHRU) {
4722 		cmd->cmd_flags |= CFLAG_FINISHED;
4723 		cv_broadcast(&mpt->m_passthru_cv);
4724 		return;
4725 	} else {
4726 		mptsas_remove_cmd(mpt, cmd);
4727 	}
4728 
4729 	if (cmd->cmd_flags & CFLAG_RETRY) {
4730 		/*
4731 		 * The target returned QFULL or busy, do not add tihs
4732 		 * pkt to the doneq since the hba will retry
4733 		 * this cmd.
4734 		 *
4735 		 * The pkt has already been resubmitted in
4736 		 * mptsas_handle_qfull() or in mptsas_check_scsi_io_error().
4737 		 * Remove this cmd_flag here.
4738 		 */
4739 		cmd->cmd_flags &= ~CFLAG_RETRY;
4740 	} else {
4741 		mptsas_doneq_add(mpt, cmd);
4742 	}
4743 }
4744 
4745 static void
4746 mptsas_handle_address_reply(mptsas_t *mpt,
4747     pMpi2ReplyDescriptorsUnion_t reply_desc)
4748 {
4749 	pMpi2AddressReplyDescriptor_t	address_reply;
4750 	pMPI2DefaultReply_t		reply;
4751 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
4752 	uint32_t			reply_addr;
4753 	uint16_t			SMID, iocstatus;
4754 	mptsas_slots_t			*slots = mpt->m_active;
4755 	mptsas_cmd_t			*cmd = NULL;
4756 	uint8_t				function, buffer_type;
4757 	m_replyh_arg_t			*args;
4758 	int				reply_frame_no;
4759 
4760 	ASSERT(mutex_owned(&mpt->m_mutex));
4761 
4762 	address_reply = (pMpi2AddressReplyDescriptor_t)reply_desc;
4763 	reply_addr = ddi_get32(mpt->m_acc_post_queue_hdl,
4764 	    &address_reply->ReplyFrameAddress);
4765 	SMID = ddi_get16(mpt->m_acc_post_queue_hdl, &address_reply->SMID);
4766 
4767 	/*
4768 	 * If reply frame is not in the proper range we should ignore this
4769 	 * message and exit the interrupt handler.
4770 	 */
4771 	if ((reply_addr < mpt->m_reply_frame_dma_addr) ||
4772 	    (reply_addr >= (mpt->m_reply_frame_dma_addr +
4773 	    (mpt->m_reply_frame_size * mpt->m_max_replies))) ||
4774 	    ((reply_addr - mpt->m_reply_frame_dma_addr) %
4775 	    mpt->m_reply_frame_size != 0)) {
4776 		mptsas_log(mpt, CE_WARN, "?Received invalid reply frame "
4777 		    "address 0x%x\n", reply_addr);
4778 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
4779 		return;
4780 	}
4781 
4782 	(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
4783 	    DDI_DMA_SYNC_FORCPU);
4784 	reply = (pMPI2DefaultReply_t)(mpt->m_reply_frame + (reply_addr -
4785 	    mpt->m_reply_frame_dma_addr));
4786 	function = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->Function);
4787 
4788 	/*
4789 	 * don't get slot information and command for events since these values
4790 	 * don't exist
4791 	 */
4792 	if ((function != MPI2_FUNCTION_EVENT_NOTIFICATION) &&
4793 	    (function != MPI2_FUNCTION_DIAG_BUFFER_POST)) {
4794 		/*
4795 		 * This could be a TM reply, which use the last allocated SMID,
4796 		 * so allow for that.
4797 		 */
4798 		if ((SMID == 0) || (SMID > (slots->m_n_slots + 1))) {
4799 			mptsas_log(mpt, CE_WARN, "?Received invalid SMID of "
4800 			    "%d\n", SMID);
4801 			ddi_fm_service_impact(mpt->m_dip,
4802 			    DDI_SERVICE_UNAFFECTED);
4803 			return;
4804 		}
4805 
4806 		cmd = slots->m_slot[SMID];
4807 
4808 		/*
4809 		 * print warning and return if the slot is empty
4810 		 */
4811 		if (cmd == NULL) {
4812 			mptsas_log(mpt, CE_WARN, "?NULL command for address "
4813 			    "reply in slot %d", SMID);
4814 			return;
4815 		}
4816 		if ((cmd->cmd_flags & CFLAG_PASSTHRU) ||
4817 		    (cmd->cmd_flags & CFLAG_CONFIG) ||
4818 		    (cmd->cmd_flags & CFLAG_FW_DIAG)) {
4819 			cmd->cmd_rfm = reply_addr;
4820 			cmd->cmd_flags |= CFLAG_FINISHED;
4821 			cv_broadcast(&mpt->m_passthru_cv);
4822 			cv_broadcast(&mpt->m_config_cv);
4823 			cv_broadcast(&mpt->m_fw_diag_cv);
4824 			return;
4825 		} else if (!(cmd->cmd_flags & CFLAG_FW_CMD)) {
4826 			mptsas_remove_cmd(mpt, cmd);
4827 		}
4828 		NDBG31(("\t\tmptsas_process_intr: slot=%d", SMID));
4829 	}
4830 	/*
4831 	 * Depending on the function, we need to handle
4832 	 * the reply frame (and cmd) differently.
4833 	 */
4834 	switch (function) {
4835 	case MPI2_FUNCTION_SCSI_IO_REQUEST:
4836 		mptsas_check_scsi_io_error(mpt, (pMpi2SCSIIOReply_t)reply, cmd);
4837 		break;
4838 	case MPI2_FUNCTION_SCSI_TASK_MGMT:
4839 		cmd->cmd_rfm = reply_addr;
4840 		mptsas_check_task_mgt(mpt, (pMpi2SCSIManagementReply_t)reply,
4841 		    cmd);
4842 		break;
4843 	case MPI2_FUNCTION_FW_DOWNLOAD:
4844 		cmd->cmd_flags |= CFLAG_FINISHED;
4845 		cv_signal(&mpt->m_fw_cv);
4846 		break;
4847 	case MPI2_FUNCTION_EVENT_NOTIFICATION:
4848 		reply_frame_no = (reply_addr - mpt->m_reply_frame_dma_addr) /
4849 		    mpt->m_reply_frame_size;
4850 		args = &mpt->m_replyh_args[reply_frame_no];
4851 		args->mpt = (void *)mpt;
4852 		args->rfm = reply_addr;
4853 
4854 		/*
4855 		 * Record the event if its type is enabled in
4856 		 * this mpt instance by ioctl.
4857 		 */
4858 		mptsas_record_event(args);
4859 
4860 		/*
4861 		 * Handle time critical events
4862 		 * NOT_RESPONDING/ADDED only now
4863 		 */
4864 		if (mptsas_handle_event_sync(args) == DDI_SUCCESS) {
4865 			/*
4866 			 * Would not return main process,
4867 			 * just let taskq resolve ack action
4868 			 * and ack would be sent in taskq thread
4869 			 */
4870 			NDBG20(("send mptsas_handle_event_sync success"));
4871 		}
4872 		if ((ddi_taskq_dispatch(mpt->m_event_taskq, mptsas_handle_event,
4873 		    (void *)args, DDI_NOSLEEP)) != DDI_SUCCESS) {
4874 			mptsas_log(mpt, CE_WARN, "No memory available"
4875 			"for dispatch taskq");
4876 			/*
4877 			 * Return the reply frame to the free queue.
4878 			 */
4879 			ddi_put32(mpt->m_acc_free_queue_hdl,
4880 			    &((uint32_t *)(void *)
4881 			    mpt->m_free_queue)[mpt->m_free_index], reply_addr);
4882 			(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
4883 			    DDI_DMA_SYNC_FORDEV);
4884 			if (++mpt->m_free_index == mpt->m_free_queue_depth) {
4885 				mpt->m_free_index = 0;
4886 			}
4887 
4888 			ddi_put32(mpt->m_datap,
4889 			    &mpt->m_reg->ReplyFreeHostIndex, mpt->m_free_index);
4890 		}
4891 		return;
4892 	case MPI2_FUNCTION_DIAG_BUFFER_POST:
4893 		/*
4894 		 * If SMID is 0, this implies that the reply is due to a
4895 		 * release function with a status that the buffer has been
4896 		 * released.  Set the buffer flags accordingly.
4897 		 */
4898 		if (SMID == 0) {
4899 			iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
4900 			    &reply->IOCStatus);
4901 			buffer_type = ddi_get8(mpt->m_acc_reply_frame_hdl,
4902 			    &(((pMpi2DiagBufferPostReply_t)reply)->BufferType));
4903 			if (iocstatus == MPI2_IOCSTATUS_DIAGNOSTIC_RELEASED) {
4904 				pBuffer =
4905 				    &mpt->m_fw_diag_buffer_list[buffer_type];
4906 				pBuffer->valid_data = TRUE;
4907 				pBuffer->owned_by_firmware = FALSE;
4908 				pBuffer->immediate = FALSE;
4909 			}
4910 		} else {
4911 			/*
4912 			 * Normal handling of diag post reply with SMID.
4913 			 */
4914 			cmd = slots->m_slot[SMID];
4915 
4916 			/*
4917 			 * print warning and return if the slot is empty
4918 			 */
4919 			if (cmd == NULL) {
4920 				mptsas_log(mpt, CE_WARN, "?NULL command for "
4921 				    "address reply in slot %d", SMID);
4922 				return;
4923 			}
4924 			cmd->cmd_rfm = reply_addr;
4925 			cmd->cmd_flags |= CFLAG_FINISHED;
4926 			cv_broadcast(&mpt->m_fw_diag_cv);
4927 		}
4928 		return;
4929 	default:
4930 		mptsas_log(mpt, CE_WARN, "Unknown function 0x%x ", function);
4931 		break;
4932 	}
4933 
4934 	/*
4935 	 * Return the reply frame to the free queue.
4936 	 */
4937 	ddi_put32(mpt->m_acc_free_queue_hdl,
4938 	    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
4939 	    reply_addr);
4940 	(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
4941 	    DDI_DMA_SYNC_FORDEV);
4942 	if (++mpt->m_free_index == mpt->m_free_queue_depth) {
4943 		mpt->m_free_index = 0;
4944 	}
4945 	ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
4946 	    mpt->m_free_index);
4947 
4948 	if (cmd->cmd_flags & CFLAG_FW_CMD)
4949 		return;
4950 
4951 	if (cmd->cmd_flags & CFLAG_RETRY) {
4952 		/*
4953 		 * The target returned QFULL or busy, do not add tihs
4954 		 * pkt to the doneq since the hba will retry
4955 		 * this cmd.
4956 		 *
4957 		 * The pkt has already been resubmitted in
4958 		 * mptsas_handle_qfull() or in mptsas_check_scsi_io_error().
4959 		 * Remove this cmd_flag here.
4960 		 */
4961 		cmd->cmd_flags &= ~CFLAG_RETRY;
4962 	} else {
4963 		mptsas_doneq_add(mpt, cmd);
4964 	}
4965 }
4966 
4967 static void
4968 mptsas_check_scsi_io_error(mptsas_t *mpt, pMpi2SCSIIOReply_t reply,
4969     mptsas_cmd_t *cmd)
4970 {
4971 	uint8_t			scsi_status, scsi_state;
4972 	uint16_t		ioc_status;
4973 	uint32_t		xferred, sensecount, responsedata, loginfo = 0;
4974 	struct scsi_pkt		*pkt;
4975 	struct scsi_arq_status	*arqstat;
4976 	struct buf		*bp;
4977 	mptsas_target_t		*ptgt = cmd->cmd_tgt_addr;
4978 	uint8_t			*sensedata = NULL;
4979 
4980 	if ((cmd->cmd_flags & (CFLAG_SCBEXTERN | CFLAG_EXTARQBUFVALID)) ==
4981 	    (CFLAG_SCBEXTERN | CFLAG_EXTARQBUFVALID)) {
4982 		bp = cmd->cmd_ext_arq_buf;
4983 	} else {
4984 		bp = cmd->cmd_arq_buf;
4985 	}
4986 
4987 	scsi_status = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->SCSIStatus);
4988 	ioc_status = ddi_get16(mpt->m_acc_reply_frame_hdl, &reply->IOCStatus);
4989 	scsi_state = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->SCSIState);
4990 	xferred = ddi_get32(mpt->m_acc_reply_frame_hdl, &reply->TransferCount);
4991 	sensecount = ddi_get32(mpt->m_acc_reply_frame_hdl, &reply->SenseCount);
4992 	responsedata = ddi_get32(mpt->m_acc_reply_frame_hdl,
4993 	    &reply->ResponseInfo);
4994 
4995 	if (ioc_status & MPI2_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
4996 		loginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
4997 		    &reply->IOCLogInfo);
4998 		mptsas_log(mpt, CE_NOTE,
4999 		    "?Log info 0x%x received for target %d.\n"
5000 		    "\tscsi_status=0x%x, ioc_status=0x%x, scsi_state=0x%x",
5001 		    loginfo, Tgt(cmd), scsi_status, ioc_status,
5002 		    scsi_state);
5003 	}
5004 
5005 	NDBG31(("\t\tscsi_status=0x%x, ioc_status=0x%x, scsi_state=0x%x",
5006 	    scsi_status, ioc_status, scsi_state));
5007 
5008 	pkt = CMD2PKT(cmd);
5009 	*(pkt->pkt_scbp) = scsi_status;
5010 
5011 	if (loginfo == 0x31170000) {
5012 		/*
5013 		 * if loginfo PL_LOGINFO_CODE_IO_DEVICE_MISSING_DELAY_RETRY
5014 		 * 0x31170000 comes, that means the device missing delay
5015 		 * is in progressing, the command need retry later.
5016 		 */
5017 		*(pkt->pkt_scbp) = STATUS_BUSY;
5018 		return;
5019 	}
5020 
5021 	if ((scsi_state & MPI2_SCSI_STATE_NO_SCSI_STATUS) &&
5022 	    ((ioc_status & MPI2_IOCSTATUS_MASK) ==
5023 	    MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE)) {
5024 		pkt->pkt_reason = CMD_INCOMPLETE;
5025 		pkt->pkt_state |= STATE_GOT_BUS;
5026 		if (ptgt->m_reset_delay == 0) {
5027 			mptsas_set_throttle(mpt, ptgt,
5028 			    DRAIN_THROTTLE);
5029 		}
5030 		return;
5031 	}
5032 
5033 	if (scsi_state & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) {
5034 		responsedata &= 0x000000FF;
5035 		if (responsedata & MPTSAS_SCSI_RESPONSE_CODE_TLR_OFF) {
5036 			mptsas_log(mpt, CE_NOTE, "Do not support the TLR\n");
5037 			pkt->pkt_reason = CMD_TLR_OFF;
5038 			return;
5039 		}
5040 	}
5041 
5042 
5043 	switch (scsi_status) {
5044 	case MPI2_SCSI_STATUS_CHECK_CONDITION:
5045 		pkt->pkt_resid = (cmd->cmd_dmacount - xferred);
5046 		arqstat = (void*)(pkt->pkt_scbp);
5047 		arqstat->sts_rqpkt_status = *((struct scsi_status *)
5048 		    (pkt->pkt_scbp));
5049 		pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET |
5050 		    STATE_SENT_CMD | STATE_GOT_STATUS | STATE_ARQ_DONE);
5051 		if (cmd->cmd_flags & CFLAG_XARQ) {
5052 			pkt->pkt_state |= STATE_XARQ_DONE;
5053 		}
5054 		if (pkt->pkt_resid != cmd->cmd_dmacount) {
5055 			pkt->pkt_state |= STATE_XFERRED_DATA;
5056 		}
5057 		arqstat->sts_rqpkt_reason = pkt->pkt_reason;
5058 		arqstat->sts_rqpkt_state  = pkt->pkt_state;
5059 		arqstat->sts_rqpkt_state |= STATE_XFERRED_DATA;
5060 		arqstat->sts_rqpkt_statistics = pkt->pkt_statistics;
5061 		sensedata = (uint8_t *)&arqstat->sts_sensedata;
5062 
5063 		bcopy((uchar_t *)bp->b_un.b_addr, sensedata,
5064 		    ((cmd->cmd_rqslen >= sensecount) ? sensecount :
5065 		    cmd->cmd_rqslen));
5066 		arqstat->sts_rqpkt_resid = (cmd->cmd_rqslen - sensecount);
5067 		cmd->cmd_flags |= CFLAG_CMDARQ;
5068 		/*
5069 		 * Set proper status for pkt if autosense was valid
5070 		 */
5071 		if (scsi_state & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
5072 			struct scsi_status zero_status = { 0 };
5073 			arqstat->sts_rqpkt_status = zero_status;
5074 		}
5075 
5076 		/*
5077 		 * ASC=0x47 is parity error
5078 		 * ASC=0x48 is initiator detected error received
5079 		 */
5080 		if ((scsi_sense_key(sensedata) == KEY_ABORTED_COMMAND) &&
5081 		    ((scsi_sense_asc(sensedata) == 0x47) ||
5082 		    (scsi_sense_asc(sensedata) == 0x48))) {
5083 			mptsas_log(mpt, CE_NOTE, "Aborted_command!");
5084 		}
5085 
5086 		/*
5087 		 * ASC/ASCQ=0x3F/0x0E means report_luns data changed
5088 		 * ASC/ASCQ=0x25/0x00 means invalid lun
5089 		 */
5090 		if (((scsi_sense_key(sensedata) == KEY_UNIT_ATTENTION) &&
5091 		    (scsi_sense_asc(sensedata) == 0x3F) &&
5092 		    (scsi_sense_ascq(sensedata) == 0x0E)) ||
5093 		    ((scsi_sense_key(sensedata) == KEY_ILLEGAL_REQUEST) &&
5094 		    (scsi_sense_asc(sensedata) == 0x25) &&
5095 		    (scsi_sense_ascq(sensedata) == 0x00))) {
5096 			mptsas_topo_change_list_t *topo_node = NULL;
5097 
5098 			topo_node = kmem_zalloc(
5099 			    sizeof (mptsas_topo_change_list_t),
5100 			    KM_NOSLEEP);
5101 			if (topo_node == NULL) {
5102 				mptsas_log(mpt, CE_NOTE, "No memory"
5103 				    "resource for handle SAS dynamic"
5104 				    "reconfigure.\n");
5105 				break;
5106 			}
5107 			topo_node->mpt = mpt;
5108 			topo_node->event = MPTSAS_DR_EVENT_RECONFIG_TARGET;
5109 			topo_node->un.phymask = ptgt->m_phymask;
5110 			topo_node->devhdl = ptgt->m_devhdl;
5111 			topo_node->object = (void *)ptgt;
5112 			topo_node->flags = MPTSAS_TOPO_FLAG_LUN_ASSOCIATED;
5113 
5114 			if ((ddi_taskq_dispatch(mpt->m_dr_taskq,
5115 			    mptsas_handle_dr,
5116 			    (void *)topo_node,
5117 			    DDI_NOSLEEP)) != DDI_SUCCESS) {
5118 				mptsas_log(mpt, CE_NOTE, "mptsas start taskq"
5119 				    "for handle SAS dynamic reconfigure"
5120 				    "failed. \n");
5121 			}
5122 		}
5123 		break;
5124 	case MPI2_SCSI_STATUS_GOOD:
5125 		switch (ioc_status & MPI2_IOCSTATUS_MASK) {
5126 		case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
5127 			pkt->pkt_reason = CMD_DEV_GONE;
5128 			pkt->pkt_state |= STATE_GOT_BUS;
5129 			if (ptgt->m_reset_delay == 0) {
5130 				mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
5131 			}
5132 			NDBG31(("lost disk for target%d, command:%x",
5133 			    Tgt(cmd), pkt->pkt_cdbp[0]));
5134 			break;
5135 		case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN:
5136 			NDBG31(("data overrun: xferred=%d", xferred));
5137 			NDBG31(("dmacount=%d", cmd->cmd_dmacount));
5138 			pkt->pkt_reason = CMD_DATA_OVR;
5139 			pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET
5140 			    | STATE_SENT_CMD | STATE_GOT_STATUS
5141 			    | STATE_XFERRED_DATA);
5142 			pkt->pkt_resid = 0;
5143 			break;
5144 		case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
5145 		case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN:
5146 			NDBG31(("data underrun: xferred=%d", xferred));
5147 			NDBG31(("dmacount=%d", cmd->cmd_dmacount));
5148 			pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET
5149 			    | STATE_SENT_CMD | STATE_GOT_STATUS);
5150 			pkt->pkt_resid = (cmd->cmd_dmacount - xferred);
5151 			if (pkt->pkt_resid != cmd->cmd_dmacount) {
5152 				pkt->pkt_state |= STATE_XFERRED_DATA;
5153 			}
5154 			break;
5155 		case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED:
5156 			mptsas_set_pkt_reason(mpt,
5157 			    cmd, CMD_RESET, STAT_BUS_RESET);
5158 			break;
5159 		case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED:
5160 		case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED:
5161 			mptsas_set_pkt_reason(mpt,
5162 			    cmd, CMD_RESET, STAT_DEV_RESET);
5163 			break;
5164 		case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR:
5165 		case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR:
5166 			pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET);
5167 			mptsas_set_pkt_reason(mpt,
5168 			    cmd, CMD_TERMINATED, STAT_TERMINATED);
5169 			break;
5170 		case MPI2_IOCSTATUS_INSUFFICIENT_RESOURCES:
5171 		case MPI2_IOCSTATUS_BUSY:
5172 			/*
5173 			 * set throttles to drain
5174 			 */
5175 			ptgt = (mptsas_target_t *)mptsas_hash_traverse(
5176 			    &mpt->m_active->m_tgttbl, MPTSAS_HASH_FIRST);
5177 			while (ptgt != NULL) {
5178 				mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
5179 
5180 				ptgt = (mptsas_target_t *)mptsas_hash_traverse(
5181 				    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
5182 			}
5183 
5184 			/*
5185 			 * retry command
5186 			 */
5187 			cmd->cmd_flags |= CFLAG_RETRY;
5188 			cmd->cmd_pkt_flags |= FLAG_HEAD;
5189 
5190 			(void) mptsas_accept_pkt(mpt, cmd);
5191 			break;
5192 		default:
5193 			mptsas_log(mpt, CE_WARN,
5194 			    "unknown ioc_status = %x\n", ioc_status);
5195 			mptsas_log(mpt, CE_CONT, "scsi_state = %x, transfer "
5196 			    "count = %x, scsi_status = %x", scsi_state,
5197 			    xferred, scsi_status);
5198 			break;
5199 		}
5200 		break;
5201 	case MPI2_SCSI_STATUS_TASK_SET_FULL:
5202 		mptsas_handle_qfull(mpt, cmd);
5203 		break;
5204 	case MPI2_SCSI_STATUS_BUSY:
5205 		NDBG31(("scsi_status busy received"));
5206 		break;
5207 	case MPI2_SCSI_STATUS_RESERVATION_CONFLICT:
5208 		NDBG31(("scsi_status reservation conflict received"));
5209 		break;
5210 	default:
5211 		mptsas_log(mpt, CE_WARN, "scsi_status=%x, ioc_status=%x\n",
5212 		    scsi_status, ioc_status);
5213 		mptsas_log(mpt, CE_WARN,
5214 		    "mptsas_process_intr: invalid scsi status\n");
5215 		break;
5216 	}
5217 }
5218 
5219 static void
5220 mptsas_check_task_mgt(mptsas_t *mpt, pMpi2SCSIManagementReply_t reply,
5221 	mptsas_cmd_t *cmd)
5222 {
5223 	uint8_t		task_type;
5224 	uint16_t	ioc_status;
5225 	uint32_t	log_info;
5226 	uint16_t	dev_handle;
5227 	struct scsi_pkt *pkt = CMD2PKT(cmd);
5228 
5229 	task_type = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->TaskType);
5230 	ioc_status = ddi_get16(mpt->m_acc_reply_frame_hdl, &reply->IOCStatus);
5231 	log_info = ddi_get32(mpt->m_acc_reply_frame_hdl, &reply->IOCLogInfo);
5232 	dev_handle = ddi_get16(mpt->m_acc_reply_frame_hdl, &reply->DevHandle);
5233 
5234 	if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
5235 		mptsas_log(mpt, CE_WARN, "mptsas_check_task_mgt: Task 0x%x "
5236 		    "failed. IOCStatus=0x%x IOCLogInfo=0x%x target=%d\n",
5237 		    task_type, ioc_status, log_info, dev_handle);
5238 		pkt->pkt_reason = CMD_INCOMPLETE;
5239 		return;
5240 	}
5241 
5242 	switch (task_type) {
5243 	case MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK:
5244 	case MPI2_SCSITASKMGMT_TASKTYPE_CLEAR_TASK_SET:
5245 	case MPI2_SCSITASKMGMT_TASKTYPE_QUERY_TASK:
5246 	case MPI2_SCSITASKMGMT_TASKTYPE_CLR_ACA:
5247 	case MPI2_SCSITASKMGMT_TASKTYPE_QRY_TASK_SET:
5248 	case MPI2_SCSITASKMGMT_TASKTYPE_QRY_UNIT_ATTENTION:
5249 		break;
5250 	case MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET:
5251 	case MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET:
5252 	case MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET:
5253 		mptsas_flush_target(mpt, dev_handle, Lun(cmd), task_type);
5254 		break;
5255 	default:
5256 		mptsas_log(mpt, CE_WARN, "Unknown task management type %d.",
5257 		    task_type);
5258 		mptsas_log(mpt, CE_WARN, "ioc status = %x", ioc_status);
5259 		break;
5260 	}
5261 }
5262 
5263 static void
5264 mptsas_doneq_thread(mptsas_doneq_thread_arg_t *arg)
5265 {
5266 	mptsas_t			*mpt = arg->mpt;
5267 	uint64_t			t = arg->t;
5268 	mptsas_cmd_t			*cmd;
5269 	struct scsi_pkt			*pkt;
5270 	mptsas_doneq_thread_list_t	*item = &mpt->m_doneq_thread_id[t];
5271 
5272 	mutex_enter(&item->mutex);
5273 	while (item->flag & MPTSAS_DONEQ_THREAD_ACTIVE) {
5274 		if (!item->doneq) {
5275 			cv_wait(&item->cv, &item->mutex);
5276 		}
5277 		pkt = NULL;
5278 		if ((cmd = mptsas_doneq_thread_rm(mpt, t)) != NULL) {
5279 			cmd->cmd_flags |= CFLAG_COMPLETED;
5280 			pkt = CMD2PKT(cmd);
5281 		}
5282 		mutex_exit(&item->mutex);
5283 		if (pkt) {
5284 			mptsas_pkt_comp(pkt, cmd);
5285 		}
5286 		mutex_enter(&item->mutex);
5287 	}
5288 	mutex_exit(&item->mutex);
5289 	mutex_enter(&mpt->m_doneq_mutex);
5290 	mpt->m_doneq_thread_n--;
5291 	cv_broadcast(&mpt->m_doneq_thread_cv);
5292 	mutex_exit(&mpt->m_doneq_mutex);
5293 }
5294 
5295 
5296 /*
5297  * mpt interrupt handler.
5298  */
5299 static uint_t
5300 mptsas_intr(caddr_t arg1, caddr_t arg2)
5301 {
5302 	mptsas_t			*mpt = (void *)arg1;
5303 	pMpi2ReplyDescriptorsUnion_t	reply_desc_union;
5304 	uchar_t				did_reply = FALSE;
5305 
5306 	NDBG1(("mptsas_intr: arg1 0x%p arg2 0x%p", (void *)arg1, (void *)arg2));
5307 
5308 	mutex_enter(&mpt->m_mutex);
5309 
5310 	/*
5311 	 * If interrupts are shared by two channels then check whether this
5312 	 * interrupt is genuinely for this channel by making sure first the
5313 	 * chip is in high power state.
5314 	 */
5315 	if ((mpt->m_options & MPTSAS_OPT_PM) &&
5316 	    (mpt->m_power_level != PM_LEVEL_D0)) {
5317 		mutex_exit(&mpt->m_mutex);
5318 		return (DDI_INTR_UNCLAIMED);
5319 	}
5320 
5321 	/*
5322 	 * If polling, interrupt was triggered by some shared interrupt because
5323 	 * IOC interrupts are disabled during polling, so polling routine will
5324 	 * handle any replies.  Considering this, if polling is happening,
5325 	 * return with interrupt unclaimed.
5326 	 */
5327 	if (mpt->m_polled_intr) {
5328 		mutex_exit(&mpt->m_mutex);
5329 		mptsas_log(mpt, CE_WARN, "mpt_sas: Unclaimed interrupt");
5330 		return (DDI_INTR_UNCLAIMED);
5331 	}
5332 
5333 	/*
5334 	 * Read the istat register.
5335 	 */
5336 	if ((INTPENDING(mpt)) != 0) {
5337 		/*
5338 		 * read fifo until empty.
5339 		 */
5340 #ifndef __lock_lint
5341 		_NOTE(CONSTCOND)
5342 #endif
5343 		while (TRUE) {
5344 			(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
5345 			    DDI_DMA_SYNC_FORCPU);
5346 			reply_desc_union = (pMpi2ReplyDescriptorsUnion_t)
5347 			    MPTSAS_GET_NEXT_REPLY(mpt, mpt->m_post_index);
5348 
5349 			if (ddi_get32(mpt->m_acc_post_queue_hdl,
5350 			    &reply_desc_union->Words.Low) == 0xFFFFFFFF ||
5351 			    ddi_get32(mpt->m_acc_post_queue_hdl,
5352 			    &reply_desc_union->Words.High) == 0xFFFFFFFF) {
5353 				break;
5354 			}
5355 
5356 			/*
5357 			 * The reply is valid, process it according to its
5358 			 * type.  Also, set a flag for updating the reply index
5359 			 * after they've all been processed.
5360 			 */
5361 			did_reply = TRUE;
5362 
5363 			mptsas_process_intr(mpt, reply_desc_union);
5364 
5365 			/*
5366 			 * Increment post index and roll over if needed.
5367 			 */
5368 			if (++mpt->m_post_index == mpt->m_post_queue_depth) {
5369 				mpt->m_post_index = 0;
5370 			}
5371 		}
5372 
5373 		/*
5374 		 * Update the global reply index if at least one reply was
5375 		 * processed.
5376 		 */
5377 		if (did_reply) {
5378 			ddi_put32(mpt->m_datap,
5379 			    &mpt->m_reg->ReplyPostHostIndex, mpt->m_post_index);
5380 		}
5381 	} else {
5382 		mutex_exit(&mpt->m_mutex);
5383 		return (DDI_INTR_UNCLAIMED);
5384 	}
5385 	NDBG1(("mptsas_intr complete"));
5386 
5387 	/*
5388 	 * If no helper threads are created, process the doneq in ISR. If
5389 	 * helpers are created, use the doneq length as a metric to measure the
5390 	 * load on the interrupt CPU. If it is long enough, which indicates the
5391 	 * load is heavy, then we deliver the IO completions to the helpers.
5392 	 * This measurement has some limitations, although it is simple and
5393 	 * straightforward and works well for most of the cases at present.
5394 	 */
5395 	if (!mpt->m_doneq_thread_n ||
5396 	    (mpt->m_doneq_len <= mpt->m_doneq_length_threshold)) {
5397 		mptsas_doneq_empty(mpt);
5398 	} else {
5399 		mptsas_deliver_doneq_thread(mpt);
5400 	}
5401 
5402 	/*
5403 	 * If there are queued cmd, start them now.
5404 	 */
5405 	if (mpt->m_waitq != NULL) {
5406 		mptsas_restart_waitq(mpt);
5407 	}
5408 
5409 	mutex_exit(&mpt->m_mutex);
5410 	return (DDI_INTR_CLAIMED);
5411 }
5412 
5413 static void
5414 mptsas_process_intr(mptsas_t *mpt,
5415     pMpi2ReplyDescriptorsUnion_t reply_desc_union)
5416 {
5417 	uint8_t	reply_type;
5418 
5419 	ASSERT(mutex_owned(&mpt->m_mutex));
5420 
5421 	/*
5422 	 * The reply is valid, process it according to its
5423 	 * type.  Also, set a flag for updated the reply index
5424 	 * after they've all been processed.
5425 	 */
5426 	reply_type = ddi_get8(mpt->m_acc_post_queue_hdl,
5427 	    &reply_desc_union->Default.ReplyFlags);
5428 	reply_type &= MPI2_RPY_DESCRIPT_FLAGS_TYPE_MASK;
5429 	if (reply_type == MPI2_RPY_DESCRIPT_FLAGS_SCSI_IO_SUCCESS) {
5430 		mptsas_handle_scsi_io_success(mpt, reply_desc_union);
5431 	} else if (reply_type == MPI2_RPY_DESCRIPT_FLAGS_ADDRESS_REPLY) {
5432 		mptsas_handle_address_reply(mpt, reply_desc_union);
5433 	} else {
5434 		mptsas_log(mpt, CE_WARN, "?Bad reply type %x", reply_type);
5435 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
5436 	}
5437 
5438 	/*
5439 	 * Clear the reply descriptor for re-use and increment
5440 	 * index.
5441 	 */
5442 	ddi_put64(mpt->m_acc_post_queue_hdl,
5443 	    &((uint64_t *)(void *)mpt->m_post_queue)[mpt->m_post_index],
5444 	    0xFFFFFFFFFFFFFFFF);
5445 	(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
5446 	    DDI_DMA_SYNC_FORDEV);
5447 }
5448 
5449 /*
5450  * handle qfull condition
5451  */
5452 static void
5453 mptsas_handle_qfull(mptsas_t *mpt, mptsas_cmd_t *cmd)
5454 {
5455 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
5456 
5457 	if ((++cmd->cmd_qfull_retries > ptgt->m_qfull_retries) ||
5458 	    (ptgt->m_qfull_retries == 0)) {
5459 		/*
5460 		 * We have exhausted the retries on QFULL, or,
5461 		 * the target driver has indicated that it
5462 		 * wants to handle QFULL itself by setting
5463 		 * qfull-retries capability to 0. In either case
5464 		 * we want the target driver's QFULL handling
5465 		 * to kick in. We do this by having pkt_reason
5466 		 * as CMD_CMPLT and pkt_scbp as STATUS_QFULL.
5467 		 */
5468 		mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
5469 	} else {
5470 		if (ptgt->m_reset_delay == 0) {
5471 			ptgt->m_t_throttle =
5472 			    max((ptgt->m_t_ncmds - 2), 0);
5473 		}
5474 
5475 		cmd->cmd_pkt_flags |= FLAG_HEAD;
5476 		cmd->cmd_flags &= ~(CFLAG_TRANFLAG);
5477 		cmd->cmd_flags |= CFLAG_RETRY;
5478 
5479 		(void) mptsas_accept_pkt(mpt, cmd);
5480 
5481 		/*
5482 		 * when target gives queue full status with no commands
5483 		 * outstanding (m_t_ncmds == 0), throttle is set to 0
5484 		 * (HOLD_THROTTLE), and the queue full handling start
5485 		 * (see psarc/1994/313); if there are commands outstanding,
5486 		 * throttle is set to (m_t_ncmds - 2)
5487 		 */
5488 		if (ptgt->m_t_throttle == HOLD_THROTTLE) {
5489 			/*
5490 			 * By setting throttle to QFULL_THROTTLE, we
5491 			 * avoid submitting new commands and in
5492 			 * mptsas_restart_cmd find out slots which need
5493 			 * their throttles to be cleared.
5494 			 */
5495 			mptsas_set_throttle(mpt, ptgt, QFULL_THROTTLE);
5496 			if (mpt->m_restart_cmd_timeid == 0) {
5497 				mpt->m_restart_cmd_timeid =
5498 				    timeout(mptsas_restart_cmd, mpt,
5499 				    ptgt->m_qfull_retry_interval);
5500 			}
5501 		}
5502 	}
5503 }
5504 
5505 uint8_t
5506 mptsas_phymask_to_physport(mptsas_t *mpt, uint8_t phymask)
5507 {
5508 	int i;
5509 
5510 	/*
5511 	 * RAID doesn't have valid phymask and physport so we use phymask == 0
5512 	 * and physport == 0xff to indicate that it's RAID.
5513 	 */
5514 	if (phymask == 0) {
5515 		return (0xff);
5516 	}
5517 	for (i = 0; i < 8; i++) {
5518 		if (phymask & (1 << i)) {
5519 			break;
5520 		}
5521 	}
5522 	return (mpt->m_phy_info[i].port_num);
5523 }
5524 uint8_t
5525 mptsas_physport_to_phymask(mptsas_t *mpt, uint8_t physport)
5526 {
5527 	uint8_t		phy_mask = 0;
5528 	uint8_t		i = 0;
5529 
5530 	NDBG20(("mptsas%d physport_to_phymask enter", mpt->m_instance));
5531 
5532 	ASSERT(mutex_owned(&mpt->m_mutex));
5533 
5534 	/*
5535 	 * If physport is 0xFF, this is a RAID volume.  Use phymask of 0.
5536 	 */
5537 	if (physport == 0xFF) {
5538 		return (0);
5539 	}
5540 
5541 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
5542 		if (mpt->m_phy_info[i].attached_devhdl &&
5543 		    (mpt->m_phy_info[i].phy_mask != 0) &&
5544 		    (mpt->m_phy_info[i].port_num == physport)) {
5545 			phy_mask = mpt->m_phy_info[i].phy_mask;
5546 			break;
5547 		}
5548 	}
5549 	NDBG20(("mptsas%d physport_to_phymask:physport :%x phymask :%x, ",
5550 	    mpt->m_instance, physport, phy_mask));
5551 	return (phy_mask);
5552 }
5553 
5554 /*
5555  * mpt free device handle after device gone, by use of passthrough
5556  */
5557 static int
5558 mptsas_free_devhdl(mptsas_t *mpt, uint16_t devhdl)
5559 {
5560 	Mpi2SasIoUnitControlRequest_t	req;
5561 	Mpi2SasIoUnitControlReply_t	rep;
5562 	int				ret;
5563 
5564 	ASSERT(mutex_owned(&mpt->m_mutex));
5565 
5566 	/*
5567 	 * Need to compose a SAS IO Unit Control request message
5568 	 * and call mptsas_do_passthru() function
5569 	 */
5570 	bzero(&req, sizeof (req));
5571 	bzero(&rep, sizeof (rep));
5572 
5573 	req.Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
5574 	req.Operation = MPI2_SAS_OP_REMOVE_DEVICE;
5575 	req.DevHandle = LE_16(devhdl);
5576 
5577 	ret = mptsas_do_passthru(mpt, (uint8_t *)&req, (uint8_t *)&rep, NULL,
5578 	    sizeof (req), sizeof (rep), NULL, 0, NULL, 0, 60, FKIOCTL);
5579 	if (ret != 0) {
5580 		cmn_err(CE_WARN, "mptsas_free_devhdl: passthru SAS IO Unit "
5581 		    "Control error %d", ret);
5582 		return (DDI_FAILURE);
5583 	}
5584 
5585 	/* do passthrough success, check the ioc status */
5586 	if (LE_16(rep.IOCStatus) != MPI2_IOCSTATUS_SUCCESS) {
5587 		cmn_err(CE_WARN, "mptsas_free_devhdl: passthru SAS IO Unit "
5588 		    "Control IOCStatus %d", LE_16(rep.IOCStatus));
5589 		return (DDI_FAILURE);
5590 	}
5591 
5592 	return (DDI_SUCCESS);
5593 }
5594 
5595 static void
5596 mptsas_update_phymask(mptsas_t *mpt)
5597 {
5598 	uint8_t	mask = 0, phy_mask;
5599 	char	*phy_mask_name;
5600 	uint8_t current_port;
5601 	int	i, j;
5602 
5603 	NDBG20(("mptsas%d update phymask ", mpt->m_instance));
5604 
5605 	ASSERT(mutex_owned(&mpt->m_mutex));
5606 
5607 	(void) mptsas_get_sas_io_unit_page(mpt);
5608 
5609 	phy_mask_name = kmem_zalloc(8, KM_SLEEP);
5610 
5611 	for (i = 0; i < mpt->m_num_phys; i++) {
5612 		phy_mask = 0x00;
5613 
5614 		if (mpt->m_phy_info[i].attached_devhdl == 0)
5615 			continue;
5616 
5617 		bzero(phy_mask_name, sizeof (phy_mask_name));
5618 
5619 		current_port = mpt->m_phy_info[i].port_num;
5620 
5621 		if ((mask & (1 << i)) != 0)
5622 			continue;
5623 
5624 		for (j = 0; j < mpt->m_num_phys; j++) {
5625 			if (mpt->m_phy_info[j].attached_devhdl &&
5626 			    (mpt->m_phy_info[j].port_num == current_port)) {
5627 				phy_mask |= (1 << j);
5628 			}
5629 		}
5630 		mask = mask | phy_mask;
5631 
5632 		for (j = 0; j < mpt->m_num_phys; j++) {
5633 			if ((phy_mask >> j) & 0x01) {
5634 				mpt->m_phy_info[j].phy_mask = phy_mask;
5635 			}
5636 		}
5637 
5638 		(void) sprintf(phy_mask_name, "%x", phy_mask);
5639 
5640 		mutex_exit(&mpt->m_mutex);
5641 		/*
5642 		 * register a iport, if the port has already been existed
5643 		 * SCSA will do nothing and just return.
5644 		 */
5645 		(void) scsi_hba_iport_register(mpt->m_dip, phy_mask_name);
5646 		mutex_enter(&mpt->m_mutex);
5647 	}
5648 	kmem_free(phy_mask_name, 8);
5649 	NDBG20(("mptsas%d update phymask return", mpt->m_instance));
5650 }
5651 
5652 /*
5653  * mptsas_handle_dr is a task handler for DR, the DR action includes:
5654  * 1. Directly attched Device Added/Removed.
5655  * 2. Expander Device Added/Removed.
5656  * 3. Indirectly Attached Device Added/Expander.
5657  * 4. LUNs of a existing device status change.
5658  * 5. RAID volume created/deleted.
5659  * 6. Member of RAID volume is released because of RAID deletion.
5660  * 7. Physical disks are removed because of RAID creation.
5661  */
5662 static void
5663 mptsas_handle_dr(void *args) {
5664 	mptsas_topo_change_list_t	*topo_node = NULL;
5665 	mptsas_topo_change_list_t	*save_node = NULL;
5666 	mptsas_t			*mpt;
5667 	dev_info_t			*parent = NULL;
5668 	uint8_t				phymask = 0;
5669 	char				*phy_mask_name;
5670 	uint8_t				flags = 0, physport = 0xff;
5671 	uint8_t				port_update = 0;
5672 	uint_t				event;
5673 
5674 	topo_node = (mptsas_topo_change_list_t *)args;
5675 
5676 	mpt = topo_node->mpt;
5677 	event = topo_node->event;
5678 	flags = topo_node->flags;
5679 
5680 	phy_mask_name = kmem_zalloc(8, KM_SLEEP);
5681 
5682 	NDBG20(("mptsas%d handle_dr enter", mpt->m_instance));
5683 
5684 	switch (event) {
5685 	case MPTSAS_DR_EVENT_RECONFIG_TARGET:
5686 		if ((flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) ||
5687 		    (flags == MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE) ||
5688 		    (flags == MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED)) {
5689 			/*
5690 			 * Direct attached or expander attached device added
5691 			 * into system or a Phys Disk that is being unhidden.
5692 			 */
5693 			port_update = 1;
5694 		}
5695 		break;
5696 	case MPTSAS_DR_EVENT_RECONFIG_SMP:
5697 		/*
5698 		 * New expander added into system, it must be the head
5699 		 * of topo_change_list_t
5700 		 */
5701 		port_update = 1;
5702 		break;
5703 	default:
5704 		port_update = 0;
5705 		break;
5706 	}
5707 	/*
5708 	 * All cases port_update == 1 may cause initiator port form change
5709 	 */
5710 	mutex_enter(&mpt->m_mutex);
5711 	if (mpt->m_port_chng && port_update) {
5712 		/*
5713 		 * mpt->m_port_chng flag indicates some PHYs of initiator
5714 		 * port have changed to online. So when expander added or
5715 		 * directly attached device online event come, we force to
5716 		 * update port information by issueing SAS IO Unit Page and
5717 		 * update PHYMASKs.
5718 		 */
5719 		(void) mptsas_update_phymask(mpt);
5720 		mpt->m_port_chng = 0;
5721 
5722 	}
5723 	mutex_exit(&mpt->m_mutex);
5724 	while (topo_node) {
5725 		phymask = 0;
5726 		if (parent == NULL) {
5727 			physport = topo_node->un.physport;
5728 			event = topo_node->event;
5729 			flags = topo_node->flags;
5730 			if (event & (MPTSAS_DR_EVENT_OFFLINE_TARGET |
5731 			    MPTSAS_DR_EVENT_OFFLINE_SMP)) {
5732 				/*
5733 				 * For all offline events, phymask is known
5734 				 */
5735 				phymask = topo_node->un.phymask;
5736 				goto find_parent;
5737 			}
5738 			if (event & MPTSAS_TOPO_FLAG_REMOVE_HANDLE) {
5739 				goto handle_topo_change;
5740 			}
5741 			if (flags & MPTSAS_TOPO_FLAG_LUN_ASSOCIATED) {
5742 				phymask = topo_node->un.phymask;
5743 				goto find_parent;
5744 			}
5745 
5746 			if ((flags ==
5747 			    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED) &&
5748 			    (event == MPTSAS_DR_EVENT_RECONFIG_TARGET)) {
5749 				/*
5750 				 * There is no any field in IR_CONFIG_CHANGE
5751 				 * event indicate physport/phynum, let's get
5752 				 * parent after SAS Device Page0 request.
5753 				 */
5754 				goto handle_topo_change;
5755 			}
5756 
5757 			mutex_enter(&mpt->m_mutex);
5758 			if (flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) {
5759 				/*
5760 				 * If the direct attached device added or a
5761 				 * phys disk is being unhidden, argument
5762 				 * physport actually is PHY#, so we have to get
5763 				 * phymask according PHY#.
5764 				 */
5765 				physport = mpt->m_phy_info[physport].port_num;
5766 			}
5767 
5768 			/*
5769 			 * Translate physport to phymask so that we can search
5770 			 * parent dip.
5771 			 */
5772 			phymask = mptsas_physport_to_phymask(mpt,
5773 			    physport);
5774 			mutex_exit(&mpt->m_mutex);
5775 
5776 find_parent:
5777 			bzero(phy_mask_name, 8);
5778 			/*
5779 			 * For RAID topology change node, write the iport name
5780 			 * as v0.
5781 			 */
5782 			if (flags & MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) {
5783 				(void) sprintf(phy_mask_name, "v0");
5784 			} else {
5785 				/*
5786 				 * phymask can bo 0 if the drive has been
5787 				 * pulled by the time an add event is
5788 				 * processed.  If phymask is 0, just skip this
5789 				 * event and continue.
5790 				 */
5791 				if (phymask == 0) {
5792 					mutex_enter(&mpt->m_mutex);
5793 					save_node = topo_node;
5794 					topo_node = topo_node->next;
5795 					ASSERT(save_node);
5796 					kmem_free(save_node,
5797 					    sizeof (mptsas_topo_change_list_t));
5798 					mutex_exit(&mpt->m_mutex);
5799 
5800 					parent = NULL;
5801 					continue;
5802 				}
5803 				(void) sprintf(phy_mask_name, "%x", phymask);
5804 			}
5805 			parent = scsi_hba_iport_find(mpt->m_dip,
5806 			    phy_mask_name);
5807 			if (parent == NULL) {
5808 				mptsas_log(mpt, CE_WARN, "Failed to find an "
5809 				    "iport, should not happen!");
5810 				goto out;
5811 			}
5812 
5813 		}
5814 		ASSERT(parent);
5815 handle_topo_change:
5816 
5817 		mutex_enter(&mpt->m_mutex);
5818 
5819 		mptsas_handle_topo_change(topo_node, parent);
5820 		save_node = topo_node;
5821 		topo_node = topo_node->next;
5822 		ASSERT(save_node);
5823 		kmem_free(save_node, sizeof (mptsas_topo_change_list_t));
5824 		mutex_exit(&mpt->m_mutex);
5825 
5826 		if ((flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) ||
5827 		    (flags == MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED) ||
5828 		    (flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED)) {
5829 			/*
5830 			 * If direct attached device associated, make sure
5831 			 * reset the parent before start the next one. But
5832 			 * all devices associated with expander shares the
5833 			 * parent.  Also, reset parent if this is for RAID.
5834 			 */
5835 			parent = NULL;
5836 		}
5837 	}
5838 out:
5839 	kmem_free(phy_mask_name, 8);
5840 }
5841 
5842 static void
5843 mptsas_handle_topo_change(mptsas_topo_change_list_t *topo_node,
5844     dev_info_t *parent)
5845 {
5846 	mptsas_target_t	*ptgt = NULL;
5847 	mptsas_smp_t	*psmp = NULL;
5848 	mptsas_t	*mpt = (void *)topo_node->mpt;
5849 	uint16_t	devhdl;
5850 	uint64_t	sas_wwn = 0;
5851 	int		rval = 0;
5852 	uint32_t	page_address;
5853 	uint8_t		phy, flags;
5854 	char		*addr = NULL;
5855 	dev_info_t	*lundip;
5856 	int		circ = 0, circ1 = 0;
5857 
5858 	NDBG20(("mptsas%d handle_topo_change enter", mpt->m_instance));
5859 
5860 	ASSERT(mutex_owned(&mpt->m_mutex));
5861 
5862 	switch (topo_node->event) {
5863 	case MPTSAS_DR_EVENT_RECONFIG_TARGET:
5864 	{
5865 		char *phy_mask_name;
5866 		uint8_t phymask = 0;
5867 
5868 		if (topo_node->flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) {
5869 			/*
5870 			 * Get latest RAID info.
5871 			 */
5872 			(void) mptsas_get_raid_info(mpt);
5873 			ptgt = mptsas_search_by_devhdl(
5874 			    &mpt->m_active->m_tgttbl, topo_node->devhdl);
5875 			if (ptgt == NULL)
5876 				break;
5877 		} else {
5878 			ptgt = (void *)topo_node->object;
5879 		}
5880 
5881 		if (ptgt == NULL) {
5882 			/*
5883 			 * If a Phys Disk was deleted, RAID info needs to be
5884 			 * updated to reflect the new topology.
5885 			 */
5886 			(void) mptsas_get_raid_info(mpt);
5887 
5888 			/*
5889 			 * Get sas device page 0 by DevHandle to make sure if
5890 			 * SSP/SATA end device exist.
5891 			 */
5892 			page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
5893 			    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
5894 			    topo_node->devhdl;
5895 
5896 			rval = mptsas_get_target_device_info(mpt, page_address,
5897 			    &devhdl, &ptgt);
5898 			if (rval == DEV_INFO_WRONG_DEVICE_TYPE) {
5899 				mptsas_log(mpt, CE_NOTE,
5900 				    "mptsas_handle_topo_change: target %d is "
5901 				    "not a SAS/SATA device. \n",
5902 				    topo_node->devhdl);
5903 			} else if (rval == DEV_INFO_FAIL_ALLOC) {
5904 				mptsas_log(mpt, CE_NOTE,
5905 				    "mptsas_handle_topo_change: could not "
5906 				    "allocate memory. \n");
5907 			}
5908 			/*
5909 			 * If rval is DEV_INFO_PHYS_DISK than there is nothing
5910 			 * else to do, just leave.
5911 			 */
5912 			if (rval != DEV_INFO_SUCCESS) {
5913 				return;
5914 			}
5915 		}
5916 
5917 		ASSERT(ptgt->m_devhdl == topo_node->devhdl);
5918 
5919 		mutex_exit(&mpt->m_mutex);
5920 		flags = topo_node->flags;
5921 
5922 		if (flags == MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED) {
5923 			phymask = ptgt->m_phymask;
5924 			phy_mask_name = kmem_zalloc(8, KM_SLEEP);
5925 			(void) sprintf(phy_mask_name, "%x", phymask);
5926 			parent = scsi_hba_iport_find(mpt->m_dip,
5927 			    phy_mask_name);
5928 			kmem_free(phy_mask_name, 8);
5929 			if (parent == NULL) {
5930 				mptsas_log(mpt, CE_WARN, "Failed to find a "
5931 				    "iport for PD, should not happen!");
5932 				mutex_enter(&mpt->m_mutex);
5933 				break;
5934 			}
5935 		}
5936 
5937 		if (flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) {
5938 			ndi_devi_enter(parent, &circ1);
5939 			(void) mptsas_config_raid(parent, topo_node->devhdl,
5940 			    &lundip);
5941 			ndi_devi_exit(parent, circ1);
5942 		} else {
5943 			/*
5944 			 * hold nexus for bus configure
5945 			 */
5946 			ndi_devi_enter(scsi_vhci_dip, &circ);
5947 			ndi_devi_enter(parent, &circ1);
5948 			rval = mptsas_config_target(parent, ptgt);
5949 			/*
5950 			 * release nexus for bus configure
5951 			 */
5952 			ndi_devi_exit(parent, circ1);
5953 			ndi_devi_exit(scsi_vhci_dip, circ);
5954 
5955 		}
5956 		mutex_enter(&mpt->m_mutex);
5957 
5958 		NDBG20(("mptsas%d handle_topo_change to online devhdl:%x, "
5959 		    "phymask:%x.", mpt->m_instance, ptgt->m_devhdl,
5960 		    ptgt->m_phymask));
5961 		break;
5962 	}
5963 	case MPTSAS_DR_EVENT_OFFLINE_TARGET:
5964 	{
5965 		mptsas_hash_table_t *tgttbl = &mpt->m_active->m_tgttbl;
5966 		devhdl = topo_node->devhdl;
5967 		ptgt = mptsas_search_by_devhdl(tgttbl, devhdl);
5968 		if (ptgt == NULL)
5969 			break;
5970 
5971 		sas_wwn = ptgt->m_sas_wwn;
5972 		phy = ptgt->m_phynum;
5973 
5974 		addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
5975 
5976 		if (sas_wwn) {
5977 			(void) sprintf(addr, "w%016"PRIx64, sas_wwn);
5978 		} else {
5979 			(void) sprintf(addr, "p%x", phy);
5980 		}
5981 		ASSERT(ptgt->m_devhdl == devhdl);
5982 
5983 		if ((topo_node->flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) ||
5984 		    (topo_node->flags ==
5985 		    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED)) {
5986 			/*
5987 			 * Get latest RAID info if RAID volume status changes
5988 			 * or Phys Disk status changes
5989 			 */
5990 			(void) mptsas_get_raid_info(mpt);
5991 		}
5992 		/*
5993 		 * Abort all outstanding command on the device
5994 		 */
5995 		rval = mptsas_do_scsi_reset(mpt, devhdl);
5996 		if (rval) {
5997 			NDBG20(("mptsas%d handle_topo_change to reset target "
5998 			    "before offline devhdl:%x, phymask:%x, rval:%x",
5999 			    mpt->m_instance, ptgt->m_devhdl, ptgt->m_phymask,
6000 			    rval));
6001 		}
6002 
6003 		mutex_exit(&mpt->m_mutex);
6004 
6005 		ndi_devi_enter(scsi_vhci_dip, &circ);
6006 		ndi_devi_enter(parent, &circ1);
6007 		rval = mptsas_offline_target(parent, addr);
6008 		ndi_devi_exit(parent, circ1);
6009 		ndi_devi_exit(scsi_vhci_dip, circ);
6010 		NDBG20(("mptsas%d handle_topo_change to offline devhdl:%x, "
6011 		    "phymask:%x, rval:%x", mpt->m_instance,
6012 		    ptgt->m_devhdl, ptgt->m_phymask, rval));
6013 
6014 		kmem_free(addr, SCSI_MAXNAMELEN);
6015 
6016 		mutex_enter(&mpt->m_mutex);
6017 		if (rval == DDI_SUCCESS) {
6018 			mptsas_tgt_free(&mpt->m_active->m_tgttbl,
6019 			    ptgt->m_sas_wwn, ptgt->m_phymask);
6020 			ptgt = NULL;
6021 		} else {
6022 			/*
6023 			 * clean DR_INTRANSITION flag to allow I/O down to
6024 			 * PHCI driver since failover finished.
6025 			 * Invalidate the devhdl
6026 			 */
6027 			ptgt->m_devhdl = MPTSAS_INVALID_DEVHDL;
6028 			mutex_enter(&mpt->m_tx_waitq_mutex);
6029 			ptgt->m_dr_flag = MPTSAS_DR_INACTIVE;
6030 			mutex_exit(&mpt->m_tx_waitq_mutex);
6031 		}
6032 
6033 		/*
6034 		 * Send SAS IO Unit Control to free the dev handle
6035 		 */
6036 		flags = topo_node->flags;
6037 		if ((flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) ||
6038 		    (flags == MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE)) {
6039 			rval = mptsas_free_devhdl(mpt, devhdl);
6040 
6041 			NDBG20(("mptsas%d handle_topo_change to remove "
6042 			    "devhdl:%x, rval:%x", mpt->m_instance, devhdl,
6043 			    rval));
6044 		}
6045 		break;
6046 	}
6047 	case MPTSAS_TOPO_FLAG_REMOVE_HANDLE:
6048 	{
6049 		devhdl = topo_node->devhdl;
6050 		/*
6051 		 * If this is the remove handle event, do a reset first.
6052 		 */
6053 		if (topo_node->event == MPTSAS_TOPO_FLAG_REMOVE_HANDLE) {
6054 			rval = mptsas_do_scsi_reset(mpt, devhdl);
6055 			if (rval) {
6056 				NDBG20(("mpt%d reset target before remove "
6057 				    "devhdl:%x, rval:%x", mpt->m_instance,
6058 				    devhdl, rval));
6059 			}
6060 		}
6061 
6062 		/*
6063 		 * Send SAS IO Unit Control to free the dev handle
6064 		 */
6065 		rval = mptsas_free_devhdl(mpt, devhdl);
6066 		NDBG20(("mptsas%d handle_topo_change to remove "
6067 		    "devhdl:%x, rval:%x", mpt->m_instance, devhdl,
6068 		    rval));
6069 		break;
6070 	}
6071 	case MPTSAS_DR_EVENT_RECONFIG_SMP:
6072 	{
6073 		mptsas_smp_t smp;
6074 		dev_info_t *smpdip;
6075 		mptsas_hash_table_t *smptbl = &mpt->m_active->m_smptbl;
6076 
6077 		devhdl = topo_node->devhdl;
6078 
6079 		page_address = (MPI2_SAS_EXPAND_PGAD_FORM_HNDL &
6080 		    MPI2_SAS_EXPAND_PGAD_FORM_MASK) | (uint32_t)devhdl;
6081 		rval = mptsas_get_sas_expander_page0(mpt, page_address, &smp);
6082 		if (rval != DDI_SUCCESS) {
6083 			mptsas_log(mpt, CE_WARN, "failed to online smp, "
6084 			    "handle %x", devhdl);
6085 			return;
6086 		}
6087 
6088 		psmp = mptsas_smp_alloc(smptbl, &smp);
6089 		if (psmp == NULL) {
6090 			return;
6091 		}
6092 
6093 		mutex_exit(&mpt->m_mutex);
6094 		ndi_devi_enter(parent, &circ1);
6095 		(void) mptsas_online_smp(parent, psmp, &smpdip);
6096 		ndi_devi_exit(parent, circ1);
6097 		mutex_enter(&mpt->m_mutex);
6098 		break;
6099 	}
6100 	case MPTSAS_DR_EVENT_OFFLINE_SMP:
6101 	{
6102 		mptsas_hash_table_t *smptbl = &mpt->m_active->m_smptbl;
6103 		devhdl = topo_node->devhdl;
6104 		psmp = mptsas_search_by_devhdl(smptbl, devhdl);
6105 		if (psmp == NULL)
6106 			break;
6107 		/*
6108 		 * The mptsas_smp_t data is released only if the dip is offlined
6109 		 * successfully.
6110 		 */
6111 		mutex_exit(&mpt->m_mutex);
6112 		ndi_devi_enter(parent, &circ1);
6113 		rval = mptsas_offline_smp(parent, psmp, NDI_DEVI_REMOVE);
6114 		ndi_devi_exit(parent, circ1);
6115 		mutex_enter(&mpt->m_mutex);
6116 		NDBG20(("mptsas%d handle_topo_change to remove devhdl:%x, "
6117 		    "rval:%x", mpt->m_instance, psmp->m_devhdl, rval));
6118 		if (rval == DDI_SUCCESS) {
6119 			mptsas_smp_free(smptbl, psmp->m_sasaddr,
6120 			    psmp->m_phymask);
6121 		} else {
6122 			psmp->m_devhdl = MPTSAS_INVALID_DEVHDL;
6123 		}
6124 		break;
6125 	}
6126 	default:
6127 		return;
6128 	}
6129 }
6130 
6131 /*
6132  * Record the event if its type is enabled in mpt instance by ioctl.
6133  */
6134 static void
6135 mptsas_record_event(void *args)
6136 {
6137 	m_replyh_arg_t			*replyh_arg;
6138 	pMpi2EventNotificationReply_t	eventreply;
6139 	uint32_t			event, rfm;
6140 	mptsas_t			*mpt;
6141 	int				i, j;
6142 	uint16_t			event_data_len;
6143 	boolean_t			sendAEN = FALSE;
6144 
6145 	replyh_arg = (m_replyh_arg_t *)args;
6146 	rfm = replyh_arg->rfm;
6147 	mpt = replyh_arg->mpt;
6148 
6149 	eventreply = (pMpi2EventNotificationReply_t)
6150 	    (mpt->m_reply_frame + (rfm - mpt->m_reply_frame_dma_addr));
6151 	event = ddi_get16(mpt->m_acc_reply_frame_hdl, &eventreply->Event);
6152 
6153 
6154 	/*
6155 	 * Generate a system event to let anyone who cares know that a
6156 	 * LOG_ENTRY_ADDED event has occurred.  This is sent no matter what the
6157 	 * event mask is set to.
6158 	 */
6159 	if (event == MPI2_EVENT_LOG_ENTRY_ADDED) {
6160 		sendAEN = TRUE;
6161 	}
6162 
6163 	/*
6164 	 * Record the event only if it is not masked.  Determine which dword
6165 	 * and bit of event mask to test.
6166 	 */
6167 	i = (uint8_t)(event / 32);
6168 	j = (uint8_t)(event % 32);
6169 	if ((i < 4) && ((1 << j) & mpt->m_event_mask[i])) {
6170 		i = mpt->m_event_index;
6171 		mpt->m_events[i].Type = event;
6172 		mpt->m_events[i].Number = ++mpt->m_event_number;
6173 		bzero(mpt->m_events[i].Data, MPTSAS_MAX_EVENT_DATA_LENGTH * 4);
6174 		event_data_len = ddi_get16(mpt->m_acc_reply_frame_hdl,
6175 		    &eventreply->EventDataLength);
6176 
6177 		if (event_data_len > 0) {
6178 			/*
6179 			 * Limit data to size in m_event entry
6180 			 */
6181 			if (event_data_len > MPTSAS_MAX_EVENT_DATA_LENGTH) {
6182 				event_data_len = MPTSAS_MAX_EVENT_DATA_LENGTH;
6183 			}
6184 			for (j = 0; j < event_data_len; j++) {
6185 				mpt->m_events[i].Data[j] =
6186 				    ddi_get32(mpt->m_acc_reply_frame_hdl,
6187 				    &(eventreply->EventData[j]));
6188 			}
6189 
6190 			/*
6191 			 * check for index wrap-around
6192 			 */
6193 			if (++i == MPTSAS_EVENT_QUEUE_SIZE) {
6194 				i = 0;
6195 			}
6196 			mpt->m_event_index = (uint8_t)i;
6197 
6198 			/*
6199 			 * Set flag to send the event.
6200 			 */
6201 			sendAEN = TRUE;
6202 		}
6203 	}
6204 
6205 	/*
6206 	 * Generate a system event if flag is set to let anyone who cares know
6207 	 * that an event has occurred.
6208 	 */
6209 	if (sendAEN) {
6210 		(void) ddi_log_sysevent(mpt->m_dip, DDI_VENDOR_LSI, "MPT_SAS",
6211 		    "SAS", NULL, NULL, DDI_NOSLEEP);
6212 	}
6213 }
6214 
6215 #define	SMP_RESET_IN_PROGRESS MPI2_EVENT_SAS_TOPO_LR_SMP_RESET_IN_PROGRESS
6216 /*
6217  * handle sync events from ioc in interrupt
6218  * return value:
6219  * DDI_SUCCESS: The event is handled by this func
6220  * DDI_FAILURE: Event is not handled
6221  */
6222 static int
6223 mptsas_handle_event_sync(void *args)
6224 {
6225 	m_replyh_arg_t			*replyh_arg;
6226 	pMpi2EventNotificationReply_t	eventreply;
6227 	uint32_t			event, rfm;
6228 	mptsas_t			*mpt;
6229 	uint_t				iocstatus;
6230 
6231 	replyh_arg = (m_replyh_arg_t *)args;
6232 	rfm = replyh_arg->rfm;
6233 	mpt = replyh_arg->mpt;
6234 
6235 	ASSERT(mutex_owned(&mpt->m_mutex));
6236 
6237 	eventreply = (pMpi2EventNotificationReply_t)
6238 	    (mpt->m_reply_frame + (rfm - mpt->m_reply_frame_dma_addr));
6239 	event = ddi_get16(mpt->m_acc_reply_frame_hdl, &eventreply->Event);
6240 
6241 	if (iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
6242 	    &eventreply->IOCStatus)) {
6243 		if (iocstatus == MPI2_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
6244 			mptsas_log(mpt, CE_WARN,
6245 			    "!mptsas_handle_event_sync: IOCStatus=0x%x, "
6246 			    "IOCLogInfo=0x%x", iocstatus,
6247 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
6248 			    &eventreply->IOCLogInfo));
6249 		} else {
6250 			mptsas_log(mpt, CE_WARN,
6251 			    "mptsas_handle_event_sync: IOCStatus=0x%x, "
6252 			    "IOCLogInfo=0x%x", iocstatus,
6253 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
6254 			    &eventreply->IOCLogInfo));
6255 		}
6256 	}
6257 
6258 	/*
6259 	 * figure out what kind of event we got and handle accordingly
6260 	 */
6261 	switch (event) {
6262 	case MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST:
6263 	{
6264 		pMpi2EventDataSasTopologyChangeList_t	sas_topo_change_list;
6265 		uint8_t				num_entries, expstatus, phy;
6266 		uint8_t				phystatus, physport, state, i;
6267 		uint8_t				start_phy_num, link_rate;
6268 		uint16_t			dev_handle, reason_code;
6269 		uint16_t			enc_handle, expd_handle;
6270 		char				string[80], curr[80], prev[80];
6271 		mptsas_topo_change_list_t	*topo_head = NULL;
6272 		mptsas_topo_change_list_t	*topo_tail = NULL;
6273 		mptsas_topo_change_list_t	*topo_node = NULL;
6274 		mptsas_target_t			*ptgt;
6275 		mptsas_smp_t			*psmp;
6276 		mptsas_hash_table_t		*tgttbl, *smptbl;
6277 		uint8_t				flags = 0, exp_flag;
6278 
6279 		NDBG20(("mptsas_handle_event_sync: SAS topology change"));
6280 
6281 		tgttbl = &mpt->m_active->m_tgttbl;
6282 		smptbl = &mpt->m_active->m_smptbl;
6283 
6284 		sas_topo_change_list = (pMpi2EventDataSasTopologyChangeList_t)
6285 		    eventreply->EventData;
6286 
6287 		enc_handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6288 		    &sas_topo_change_list->EnclosureHandle);
6289 		expd_handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6290 		    &sas_topo_change_list->ExpanderDevHandle);
6291 		num_entries = ddi_get8(mpt->m_acc_reply_frame_hdl,
6292 		    &sas_topo_change_list->NumEntries);
6293 		start_phy_num = ddi_get8(mpt->m_acc_reply_frame_hdl,
6294 		    &sas_topo_change_list->StartPhyNum);
6295 		expstatus = ddi_get8(mpt->m_acc_reply_frame_hdl,
6296 		    &sas_topo_change_list->ExpStatus);
6297 		physport = ddi_get8(mpt->m_acc_reply_frame_hdl,
6298 		    &sas_topo_change_list->PhysicalPort);
6299 
6300 		string[0] = 0;
6301 		if (expd_handle) {
6302 			flags = MPTSAS_TOPO_FLAG_EXPANDER_ASSOCIATED;
6303 			switch (expstatus) {
6304 			case MPI2_EVENT_SAS_TOPO_ES_ADDED:
6305 				(void) sprintf(string, " added");
6306 				/*
6307 				 * New expander device added
6308 				 */
6309 				mpt->m_port_chng = 1;
6310 				topo_node = kmem_zalloc(
6311 				    sizeof (mptsas_topo_change_list_t),
6312 				    KM_SLEEP);
6313 				topo_node->mpt = mpt;
6314 				topo_node->event = MPTSAS_DR_EVENT_RECONFIG_SMP;
6315 				topo_node->un.physport = physport;
6316 				topo_node->devhdl = expd_handle;
6317 				topo_node->flags = flags;
6318 				topo_node->object = NULL;
6319 				if (topo_head == NULL) {
6320 					topo_head = topo_tail = topo_node;
6321 				} else {
6322 					topo_tail->next = topo_node;
6323 					topo_tail = topo_node;
6324 				}
6325 				break;
6326 			case MPI2_EVENT_SAS_TOPO_ES_NOT_RESPONDING:
6327 				(void) sprintf(string, " not responding, "
6328 				    "removed");
6329 				psmp = mptsas_search_by_devhdl(smptbl,
6330 				    expd_handle);
6331 				if (psmp == NULL)
6332 					break;
6333 
6334 				topo_node = kmem_zalloc(
6335 				    sizeof (mptsas_topo_change_list_t),
6336 				    KM_SLEEP);
6337 				topo_node->mpt = mpt;
6338 				topo_node->un.phymask = psmp->m_phymask;
6339 				topo_node->event = MPTSAS_DR_EVENT_OFFLINE_SMP;
6340 				topo_node->devhdl = expd_handle;
6341 				topo_node->flags = flags;
6342 				topo_node->object = NULL;
6343 				if (topo_head == NULL) {
6344 					topo_head = topo_tail = topo_node;
6345 				} else {
6346 					topo_tail->next = topo_node;
6347 					topo_tail = topo_node;
6348 				}
6349 				break;
6350 			case MPI2_EVENT_SAS_TOPO_ES_RESPONDING:
6351 				break;
6352 			case MPI2_EVENT_SAS_TOPO_ES_DELAY_NOT_RESPONDING:
6353 				(void) sprintf(string, " not responding, "
6354 				    "delaying removal");
6355 				break;
6356 			default:
6357 				break;
6358 			}
6359 		} else {
6360 			flags = MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE;
6361 		}
6362 
6363 		NDBG20(("SAS TOPOLOGY CHANGE for enclosure %x expander %x%s\n",
6364 		    enc_handle, expd_handle, string));
6365 		for (i = 0; i < num_entries; i++) {
6366 			phy = i + start_phy_num;
6367 			phystatus = ddi_get8(mpt->m_acc_reply_frame_hdl,
6368 			    &sas_topo_change_list->PHY[i].PhyStatus);
6369 			dev_handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6370 			    &sas_topo_change_list->PHY[i].AttachedDevHandle);
6371 			reason_code = phystatus & MPI2_EVENT_SAS_TOPO_RC_MASK;
6372 			/*
6373 			 * Filter out processing of Phy Vacant Status unless
6374 			 * the reason code is "Not Responding".  Process all
6375 			 * other combinations of Phy Status and Reason Codes.
6376 			 */
6377 			if ((phystatus &
6378 			    MPI2_EVENT_SAS_TOPO_PHYSTATUS_VACANT) &&
6379 			    (reason_code !=
6380 			    MPI2_EVENT_SAS_TOPO_RC_TARG_NOT_RESPONDING)) {
6381 				continue;
6382 			}
6383 			curr[0] = 0;
6384 			prev[0] = 0;
6385 			string[0] = 0;
6386 			switch (reason_code) {
6387 			case MPI2_EVENT_SAS_TOPO_RC_TARG_ADDED:
6388 			{
6389 				NDBG20(("mptsas%d phy %d physical_port %d "
6390 				    "dev_handle %d added", mpt->m_instance, phy,
6391 				    physport, dev_handle));
6392 				link_rate = ddi_get8(mpt->m_acc_reply_frame_hdl,
6393 				    &sas_topo_change_list->PHY[i].LinkRate);
6394 				state = (link_rate &
6395 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_MASK) >>
6396 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_SHIFT;
6397 				switch (state) {
6398 				case MPI2_EVENT_SAS_TOPO_LR_PHY_DISABLED:
6399 					(void) sprintf(curr, "is disabled");
6400 					break;
6401 				case MPI2_EVENT_SAS_TOPO_LR_NEGOTIATION_FAILED:
6402 					(void) sprintf(curr, "is offline, "
6403 					    "failed speed negotiation");
6404 					break;
6405 				case MPI2_EVENT_SAS_TOPO_LR_SATA_OOB_COMPLETE:
6406 					(void) sprintf(curr, "SATA OOB "
6407 					    "complete");
6408 					break;
6409 				case SMP_RESET_IN_PROGRESS:
6410 					(void) sprintf(curr, "SMP reset in "
6411 					    "progress");
6412 					break;
6413 				case MPI2_EVENT_SAS_TOPO_LR_RATE_1_5:
6414 					(void) sprintf(curr, "is online at "
6415 					    "1.5 Gbps");
6416 					break;
6417 				case MPI2_EVENT_SAS_TOPO_LR_RATE_3_0:
6418 					(void) sprintf(curr, "is online at 3.0 "
6419 					    "Gbps");
6420 					break;
6421 				case MPI2_EVENT_SAS_TOPO_LR_RATE_6_0:
6422 					(void) sprintf(curr, "is online at 6.0 "
6423 					    "Gbps");
6424 					break;
6425 				default:
6426 					(void) sprintf(curr, "state is "
6427 					    "unknown");
6428 					break;
6429 				}
6430 				/*
6431 				 * New target device added into the system.
6432 				 * Set association flag according to if an
6433 				 * expander is used or not.
6434 				 */
6435 				exp_flag =
6436 				    MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE;
6437 				if (flags ==
6438 				    MPTSAS_TOPO_FLAG_EXPANDER_ASSOCIATED) {
6439 					flags = exp_flag;
6440 				}
6441 				topo_node = kmem_zalloc(
6442 				    sizeof (mptsas_topo_change_list_t),
6443 				    KM_SLEEP);
6444 				topo_node->mpt = mpt;
6445 				topo_node->event =
6446 				    MPTSAS_DR_EVENT_RECONFIG_TARGET;
6447 				if (expd_handle == 0) {
6448 					/*
6449 					 * Per MPI 2, if expander dev handle
6450 					 * is 0, it's a directly attached
6451 					 * device. So driver use PHY to decide
6452 					 * which iport is associated
6453 					 */
6454 					physport = phy;
6455 					mpt->m_port_chng = 1;
6456 				}
6457 				topo_node->un.physport = physport;
6458 				topo_node->devhdl = dev_handle;
6459 				topo_node->flags = flags;
6460 				topo_node->object = NULL;
6461 				if (topo_head == NULL) {
6462 					topo_head = topo_tail = topo_node;
6463 				} else {
6464 					topo_tail->next = topo_node;
6465 					topo_tail = topo_node;
6466 				}
6467 				break;
6468 			}
6469 			case MPI2_EVENT_SAS_TOPO_RC_TARG_NOT_RESPONDING:
6470 			{
6471 				NDBG20(("mptsas%d phy %d physical_port %d "
6472 				    "dev_handle %d removed", mpt->m_instance,
6473 				    phy, physport, dev_handle));
6474 				/*
6475 				 * Set association flag according to if an
6476 				 * expander is used or not.
6477 				 */
6478 				exp_flag =
6479 				    MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE;
6480 				if (flags ==
6481 				    MPTSAS_TOPO_FLAG_EXPANDER_ASSOCIATED) {
6482 					flags = exp_flag;
6483 				}
6484 				/*
6485 				 * Target device is removed from the system
6486 				 * Before the device is really offline from
6487 				 * from system.
6488 				 */
6489 				ptgt = mptsas_search_by_devhdl(tgttbl,
6490 				    dev_handle);
6491 				/*
6492 				 * If ptgt is NULL here, it means that the
6493 				 * DevHandle is not in the hash table.  This is
6494 				 * reasonable sometimes.  For example, if a
6495 				 * disk was pulled, then added, then pulled
6496 				 * again, the disk will not have been put into
6497 				 * the hash table because the add event will
6498 				 * have an invalid phymask.  BUT, this does not
6499 				 * mean that the DevHandle is invalid.  The
6500 				 * controller will still have a valid DevHandle
6501 				 * that must be removed.  To do this, use the
6502 				 * MPTSAS_TOPO_FLAG_REMOVE_HANDLE event.
6503 				 */
6504 				if (ptgt == NULL) {
6505 					topo_node = kmem_zalloc(
6506 					    sizeof (mptsas_topo_change_list_t),
6507 					    KM_SLEEP);
6508 					topo_node->mpt = mpt;
6509 					topo_node->un.phymask = 0;
6510 					topo_node->event =
6511 					    MPTSAS_TOPO_FLAG_REMOVE_HANDLE;
6512 					topo_node->devhdl = dev_handle;
6513 					topo_node->flags = flags;
6514 					topo_node->object = NULL;
6515 					if (topo_head == NULL) {
6516 						topo_head = topo_tail =
6517 						    topo_node;
6518 					} else {
6519 						topo_tail->next = topo_node;
6520 						topo_tail = topo_node;
6521 					}
6522 					break;
6523 				}
6524 
6525 				/*
6526 				 * Update DR flag immediately avoid I/O failure
6527 				 * before failover finish. Pay attention to the
6528 				 * mutex protect, we need grab m_tx_waitq_mutex
6529 				 * during set m_dr_flag because we won't add
6530 				 * the following command into waitq, instead,
6531 				 * we need return TRAN_BUSY in the tran_start
6532 				 * context.
6533 				 */
6534 				mutex_enter(&mpt->m_tx_waitq_mutex);
6535 				ptgt->m_dr_flag = MPTSAS_DR_INTRANSITION;
6536 				mutex_exit(&mpt->m_tx_waitq_mutex);
6537 
6538 				topo_node = kmem_zalloc(
6539 				    sizeof (mptsas_topo_change_list_t),
6540 				    KM_SLEEP);
6541 				topo_node->mpt = mpt;
6542 				topo_node->un.phymask = ptgt->m_phymask;
6543 				topo_node->event =
6544 				    MPTSAS_DR_EVENT_OFFLINE_TARGET;
6545 				topo_node->devhdl = dev_handle;
6546 				topo_node->flags = flags;
6547 				topo_node->object = NULL;
6548 				if (topo_head == NULL) {
6549 					topo_head = topo_tail = topo_node;
6550 				} else {
6551 					topo_tail->next = topo_node;
6552 					topo_tail = topo_node;
6553 				}
6554 
6555 				break;
6556 			}
6557 			case MPI2_EVENT_SAS_TOPO_RC_PHY_CHANGED:
6558 				link_rate = ddi_get8(mpt->m_acc_reply_frame_hdl,
6559 				    &sas_topo_change_list->PHY[i].LinkRate);
6560 				state = (link_rate &
6561 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_MASK) >>
6562 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_SHIFT;
6563 				switch (state) {
6564 				case MPI2_EVENT_SAS_TOPO_LR_PHY_DISABLED:
6565 					(void) sprintf(curr, "is disabled");
6566 					break;
6567 				case MPI2_EVENT_SAS_TOPO_LR_NEGOTIATION_FAILED:
6568 					(void) sprintf(curr, "is offline, "
6569 					    "failed speed negotiation");
6570 					break;
6571 				case MPI2_EVENT_SAS_TOPO_LR_SATA_OOB_COMPLETE:
6572 					(void) sprintf(curr, "SATA OOB "
6573 					    "complete");
6574 					break;
6575 				case SMP_RESET_IN_PROGRESS:
6576 					(void) sprintf(curr, "SMP reset in "
6577 					    "progress");
6578 					break;
6579 				case MPI2_EVENT_SAS_TOPO_LR_RATE_1_5:
6580 					(void) sprintf(curr, "is online at "
6581 					    "1.5 Gbps");
6582 					if ((expd_handle == 0) &&
6583 					    (enc_handle == 1)) {
6584 						mpt->m_port_chng = 1;
6585 					}
6586 					break;
6587 				case MPI2_EVENT_SAS_TOPO_LR_RATE_3_0:
6588 					(void) sprintf(curr, "is online at 3.0 "
6589 					    "Gbps");
6590 					if ((expd_handle == 0) &&
6591 					    (enc_handle == 1)) {
6592 						mpt->m_port_chng = 1;
6593 					}
6594 					break;
6595 				case MPI2_EVENT_SAS_TOPO_LR_RATE_6_0:
6596 					(void) sprintf(curr, "is online at "
6597 					    "6.0 Gbps");
6598 					if ((expd_handle == 0) &&
6599 					    (enc_handle == 1)) {
6600 						mpt->m_port_chng = 1;
6601 					}
6602 					break;
6603 				default:
6604 					(void) sprintf(curr, "state is "
6605 					    "unknown");
6606 					break;
6607 				}
6608 
6609 				state = (link_rate &
6610 				    MPI2_EVENT_SAS_TOPO_LR_PREV_MASK) >>
6611 				    MPI2_EVENT_SAS_TOPO_LR_PREV_SHIFT;
6612 				switch (state) {
6613 				case MPI2_EVENT_SAS_TOPO_LR_PHY_DISABLED:
6614 					(void) sprintf(prev, ", was disabled");
6615 					break;
6616 				case MPI2_EVENT_SAS_TOPO_LR_NEGOTIATION_FAILED:
6617 					(void) sprintf(prev, ", was offline, "
6618 					    "failed speed negotiation");
6619 					break;
6620 				case MPI2_EVENT_SAS_TOPO_LR_SATA_OOB_COMPLETE:
6621 					(void) sprintf(prev, ", was SATA OOB "
6622 					    "complete");
6623 					break;
6624 				case SMP_RESET_IN_PROGRESS:
6625 					(void) sprintf(prev, ", was SMP reset "
6626 					    "in progress");
6627 					break;
6628 				case MPI2_EVENT_SAS_TOPO_LR_RATE_1_5:
6629 					(void) sprintf(prev, ", was online at "
6630 					    "1.5 Gbps");
6631 					break;
6632 				case MPI2_EVENT_SAS_TOPO_LR_RATE_3_0:
6633 					(void) sprintf(prev, ", was online at "
6634 					    "3.0 Gbps");
6635 					break;
6636 				case MPI2_EVENT_SAS_TOPO_LR_RATE_6_0:
6637 					(void) sprintf(prev, ", was online at "
6638 					    "6.0 Gbps");
6639 					break;
6640 				default:
6641 				break;
6642 				}
6643 				(void) sprintf(&string[strlen(string)], "link "
6644 				    "changed, ");
6645 				break;
6646 			case MPI2_EVENT_SAS_TOPO_RC_NO_CHANGE:
6647 				continue;
6648 			case MPI2_EVENT_SAS_TOPO_RC_DELAY_NOT_RESPONDING:
6649 				(void) sprintf(&string[strlen(string)],
6650 				    "target not responding, delaying "
6651 				    "removal");
6652 				break;
6653 			}
6654 			NDBG20(("mptsas%d phy %d DevHandle %x, %s%s%s\n",
6655 			    mpt->m_instance, phy, dev_handle, string, curr,
6656 			    prev));
6657 		}
6658 		if (topo_head != NULL) {
6659 			/*
6660 			 * Launch DR taskq to handle topology change
6661 			 */
6662 			if ((ddi_taskq_dispatch(mpt->m_dr_taskq,
6663 			    mptsas_handle_dr, (void *)topo_head,
6664 			    DDI_NOSLEEP)) != DDI_SUCCESS) {
6665 				mptsas_log(mpt, CE_NOTE, "mptsas start taskq "
6666 				    "for handle SAS DR event failed. \n");
6667 			}
6668 		}
6669 		break;
6670 	}
6671 	case MPI2_EVENT_IR_CONFIGURATION_CHANGE_LIST:
6672 	{
6673 		Mpi2EventDataIrConfigChangeList_t	*irChangeList;
6674 		mptsas_topo_change_list_t		*topo_head = NULL;
6675 		mptsas_topo_change_list_t		*topo_tail = NULL;
6676 		mptsas_topo_change_list_t		*topo_node = NULL;
6677 		mptsas_target_t				*ptgt;
6678 		mptsas_hash_table_t			*tgttbl;
6679 		uint8_t					num_entries, i, reason;
6680 		uint16_t				volhandle, diskhandle;
6681 
6682 		irChangeList = (pMpi2EventDataIrConfigChangeList_t)
6683 		    eventreply->EventData;
6684 		num_entries = ddi_get8(mpt->m_acc_reply_frame_hdl,
6685 		    &irChangeList->NumElements);
6686 
6687 		tgttbl = &mpt->m_active->m_tgttbl;
6688 
6689 		NDBG20(("mptsas%d IR_CONFIGURATION_CHANGE_LIST event received",
6690 		    mpt->m_instance));
6691 
6692 		for (i = 0; i < num_entries; i++) {
6693 			reason = ddi_get8(mpt->m_acc_reply_frame_hdl,
6694 			    &irChangeList->ConfigElement[i].ReasonCode);
6695 			volhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6696 			    &irChangeList->ConfigElement[i].VolDevHandle);
6697 			diskhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6698 			    &irChangeList->ConfigElement[i].PhysDiskDevHandle);
6699 
6700 			switch (reason) {
6701 			case MPI2_EVENT_IR_CHANGE_RC_ADDED:
6702 			case MPI2_EVENT_IR_CHANGE_RC_VOLUME_CREATED:
6703 			{
6704 				NDBG20(("mptsas %d volume added\n",
6705 				    mpt->m_instance));
6706 
6707 				topo_node = kmem_zalloc(
6708 				    sizeof (mptsas_topo_change_list_t),
6709 				    KM_SLEEP);
6710 
6711 				topo_node->mpt = mpt;
6712 				topo_node->event =
6713 				    MPTSAS_DR_EVENT_RECONFIG_TARGET;
6714 				topo_node->un.physport = 0xff;
6715 				topo_node->devhdl = volhandle;
6716 				topo_node->flags =
6717 				    MPTSAS_TOPO_FLAG_RAID_ASSOCIATED;
6718 				topo_node->object = NULL;
6719 				if (topo_head == NULL) {
6720 					topo_head = topo_tail = topo_node;
6721 				} else {
6722 					topo_tail->next = topo_node;
6723 					topo_tail = topo_node;
6724 				}
6725 				break;
6726 			}
6727 			case MPI2_EVENT_IR_CHANGE_RC_REMOVED:
6728 			case MPI2_EVENT_IR_CHANGE_RC_VOLUME_DELETED:
6729 			{
6730 				NDBG20(("mptsas %d volume deleted\n",
6731 				    mpt->m_instance));
6732 				ptgt = mptsas_search_by_devhdl(tgttbl,
6733 				    volhandle);
6734 				if (ptgt == NULL)
6735 					break;
6736 
6737 				/*
6738 				 * Clear any flags related to volume
6739 				 */
6740 				(void) mptsas_delete_volume(mpt, volhandle);
6741 
6742 				/*
6743 				 * Update DR flag immediately avoid I/O failure
6744 				 */
6745 				mutex_enter(&mpt->m_tx_waitq_mutex);
6746 				ptgt->m_dr_flag = MPTSAS_DR_INTRANSITION;
6747 				mutex_exit(&mpt->m_tx_waitq_mutex);
6748 
6749 				topo_node = kmem_zalloc(
6750 				    sizeof (mptsas_topo_change_list_t),
6751 				    KM_SLEEP);
6752 				topo_node->mpt = mpt;
6753 				topo_node->un.phymask = ptgt->m_phymask;
6754 				topo_node->event =
6755 				    MPTSAS_DR_EVENT_OFFLINE_TARGET;
6756 				topo_node->devhdl = volhandle;
6757 				topo_node->flags =
6758 				    MPTSAS_TOPO_FLAG_RAID_ASSOCIATED;
6759 				topo_node->object = (void *)ptgt;
6760 				if (topo_head == NULL) {
6761 					topo_head = topo_tail = topo_node;
6762 				} else {
6763 					topo_tail->next = topo_node;
6764 					topo_tail = topo_node;
6765 				}
6766 				break;
6767 			}
6768 			case MPI2_EVENT_IR_CHANGE_RC_PD_CREATED:
6769 			case MPI2_EVENT_IR_CHANGE_RC_HIDE:
6770 			{
6771 				ptgt = mptsas_search_by_devhdl(tgttbl,
6772 				    diskhandle);
6773 				if (ptgt == NULL)
6774 					break;
6775 
6776 				/*
6777 				 * Update DR flag immediately avoid I/O failure
6778 				 */
6779 				mutex_enter(&mpt->m_tx_waitq_mutex);
6780 				ptgt->m_dr_flag = MPTSAS_DR_INTRANSITION;
6781 				mutex_exit(&mpt->m_tx_waitq_mutex);
6782 
6783 				topo_node = kmem_zalloc(
6784 				    sizeof (mptsas_topo_change_list_t),
6785 				    KM_SLEEP);
6786 				topo_node->mpt = mpt;
6787 				topo_node->un.phymask = ptgt->m_phymask;
6788 				topo_node->event =
6789 				    MPTSAS_DR_EVENT_OFFLINE_TARGET;
6790 				topo_node->devhdl = diskhandle;
6791 				topo_node->flags =
6792 				    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED;
6793 				topo_node->object = (void *)ptgt;
6794 				if (topo_head == NULL) {
6795 					topo_head = topo_tail = topo_node;
6796 				} else {
6797 					topo_tail->next = topo_node;
6798 					topo_tail = topo_node;
6799 				}
6800 				break;
6801 			}
6802 			case MPI2_EVENT_IR_CHANGE_RC_UNHIDE:
6803 			case MPI2_EVENT_IR_CHANGE_RC_PD_DELETED:
6804 			{
6805 				/*
6806 				 * The physical drive is released by a IR
6807 				 * volume. But we cannot get the the physport
6808 				 * or phynum from the event data, so we only
6809 				 * can get the physport/phynum after SAS
6810 				 * Device Page0 request for the devhdl.
6811 				 */
6812 				topo_node = kmem_zalloc(
6813 				    sizeof (mptsas_topo_change_list_t),
6814 				    KM_SLEEP);
6815 				topo_node->mpt = mpt;
6816 				topo_node->un.phymask = 0;
6817 				topo_node->event =
6818 				    MPTSAS_DR_EVENT_RECONFIG_TARGET;
6819 				topo_node->devhdl = diskhandle;
6820 				topo_node->flags =
6821 				    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED;
6822 				topo_node->object = NULL;
6823 				mpt->m_port_chng = 1;
6824 				if (topo_head == NULL) {
6825 					topo_head = topo_tail = topo_node;
6826 				} else {
6827 					topo_tail->next = topo_node;
6828 					topo_tail = topo_node;
6829 				}
6830 				break;
6831 			}
6832 			default:
6833 				break;
6834 			}
6835 		}
6836 
6837 		if (topo_head != NULL) {
6838 			/*
6839 			 * Launch DR taskq to handle topology change
6840 			 */
6841 			if ((ddi_taskq_dispatch(mpt->m_dr_taskq,
6842 			    mptsas_handle_dr, (void *)topo_head,
6843 			    DDI_NOSLEEP)) != DDI_SUCCESS) {
6844 				mptsas_log(mpt, CE_NOTE, "mptsas start taskq "
6845 				    "for handle SAS DR event failed. \n");
6846 			}
6847 		}
6848 		break;
6849 	}
6850 	default:
6851 		return (DDI_FAILURE);
6852 	}
6853 
6854 	return (DDI_SUCCESS);
6855 }
6856 
6857 /*
6858  * handle events from ioc
6859  */
6860 static void
6861 mptsas_handle_event(void *args)
6862 {
6863 	m_replyh_arg_t			*replyh_arg;
6864 	pMpi2EventNotificationReply_t	eventreply;
6865 	uint32_t			event, iocloginfo, rfm;
6866 	uint32_t			status;
6867 	uint8_t				port;
6868 	mptsas_t			*mpt;
6869 	uint_t				iocstatus;
6870 
6871 	replyh_arg = (m_replyh_arg_t *)args;
6872 	rfm = replyh_arg->rfm;
6873 	mpt = replyh_arg->mpt;
6874 
6875 	mutex_enter(&mpt->m_mutex);
6876 
6877 	eventreply = (pMpi2EventNotificationReply_t)
6878 	    (mpt->m_reply_frame + (rfm - mpt->m_reply_frame_dma_addr));
6879 	event = ddi_get16(mpt->m_acc_reply_frame_hdl, &eventreply->Event);
6880 
6881 	if (iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
6882 	    &eventreply->IOCStatus)) {
6883 		if (iocstatus == MPI2_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
6884 			mptsas_log(mpt, CE_WARN,
6885 			    "!mptsas_handle_event: IOCStatus=0x%x, "
6886 			    "IOCLogInfo=0x%x", iocstatus,
6887 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
6888 			    &eventreply->IOCLogInfo));
6889 		} else {
6890 			mptsas_log(mpt, CE_WARN,
6891 			    "mptsas_handle_event: IOCStatus=0x%x, "
6892 			    "IOCLogInfo=0x%x", iocstatus,
6893 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
6894 			    &eventreply->IOCLogInfo));
6895 		}
6896 	}
6897 
6898 	/*
6899 	 * figure out what kind of event we got and handle accordingly
6900 	 */
6901 	switch (event) {
6902 	case MPI2_EVENT_LOG_ENTRY_ADDED:
6903 		break;
6904 	case MPI2_EVENT_LOG_DATA:
6905 		iocloginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
6906 		    &eventreply->IOCLogInfo);
6907 		NDBG20(("mptsas %d log info %x received.\n", mpt->m_instance,
6908 		    iocloginfo));
6909 		break;
6910 	case MPI2_EVENT_STATE_CHANGE:
6911 		NDBG20(("mptsas%d state change.", mpt->m_instance));
6912 		break;
6913 	case MPI2_EVENT_HARD_RESET_RECEIVED:
6914 		NDBG20(("mptsas%d event change.", mpt->m_instance));
6915 		break;
6916 	case MPI2_EVENT_SAS_DISCOVERY:
6917 	{
6918 		MPI2_EVENT_DATA_SAS_DISCOVERY	*sasdiscovery;
6919 		char				string[80];
6920 		uint8_t				rc;
6921 
6922 		sasdiscovery =
6923 		    (pMpi2EventDataSasDiscovery_t)eventreply->EventData;
6924 
6925 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
6926 		    &sasdiscovery->ReasonCode);
6927 		port = ddi_get8(mpt->m_acc_reply_frame_hdl,
6928 		    &sasdiscovery->PhysicalPort);
6929 		status = ddi_get32(mpt->m_acc_reply_frame_hdl,
6930 		    &sasdiscovery->DiscoveryStatus);
6931 
6932 		string[0] = 0;
6933 		switch (rc) {
6934 		case MPI2_EVENT_SAS_DISC_RC_STARTED:
6935 			(void) sprintf(string, "STARTING");
6936 			break;
6937 		case MPI2_EVENT_SAS_DISC_RC_COMPLETED:
6938 			(void) sprintf(string, "COMPLETED");
6939 			break;
6940 		default:
6941 			(void) sprintf(string, "UNKNOWN");
6942 			break;
6943 		}
6944 
6945 		NDBG20(("SAS DISCOVERY is %s for port %d, status %x", string,
6946 		    port, status));
6947 
6948 		break;
6949 	}
6950 	case MPI2_EVENT_EVENT_CHANGE:
6951 		NDBG20(("mptsas%d event change.", mpt->m_instance));
6952 		break;
6953 	case MPI2_EVENT_TASK_SET_FULL:
6954 	{
6955 		pMpi2EventDataTaskSetFull_t	taskfull;
6956 
6957 		taskfull = (pMpi2EventDataTaskSetFull_t)eventreply->EventData;
6958 
6959 		NDBG20(("TASK_SET_FULL received for mptsas%d, depth %d\n",
6960 		    mpt->m_instance,  ddi_get16(mpt->m_acc_reply_frame_hdl,
6961 		    &taskfull->CurrentDepth)));
6962 		break;
6963 	}
6964 	case MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST:
6965 	{
6966 		/*
6967 		 * SAS TOPOLOGY CHANGE LIST Event has already been handled
6968 		 * in mptsas_handle_event_sync() of interrupt context
6969 		 */
6970 		break;
6971 	}
6972 	case MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE:
6973 	{
6974 		pMpi2EventDataSasEnclDevStatusChange_t	encstatus;
6975 		uint8_t					rc;
6976 		char					string[80];
6977 
6978 		encstatus = (pMpi2EventDataSasEnclDevStatusChange_t)
6979 		    eventreply->EventData;
6980 
6981 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
6982 		    &encstatus->ReasonCode);
6983 		switch (rc) {
6984 		case MPI2_EVENT_SAS_ENCL_RC_ADDED:
6985 			(void) sprintf(string, "added");
6986 			break;
6987 		case MPI2_EVENT_SAS_ENCL_RC_NOT_RESPONDING:
6988 			(void) sprintf(string, ", not responding");
6989 			break;
6990 		default:
6991 		break;
6992 		}
6993 		NDBG20(("mptsas%d ENCLOSURE STATUS CHANGE for enclosure %x%s\n",
6994 		    mpt->m_instance, ddi_get16(mpt->m_acc_reply_frame_hdl,
6995 		    &encstatus->EnclosureHandle), string));
6996 		break;
6997 	}
6998 
6999 	/*
7000 	 * MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE is handled by
7001 	 * mptsas_handle_event_sync,in here just send ack message.
7002 	 */
7003 	case MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE:
7004 	{
7005 		pMpi2EventDataSasDeviceStatusChange_t	statuschange;
7006 		uint8_t					rc;
7007 		uint16_t				devhdl;
7008 		uint64_t				wwn = 0;
7009 		uint32_t				wwn_lo, wwn_hi;
7010 
7011 		statuschange = (pMpi2EventDataSasDeviceStatusChange_t)
7012 		    eventreply->EventData;
7013 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
7014 		    &statuschange->ReasonCode);
7015 		wwn_lo = ddi_get32(mpt->m_acc_reply_frame_hdl,
7016 		    (uint32_t *)(void *)&statuschange->SASAddress);
7017 		wwn_hi = ddi_get32(mpt->m_acc_reply_frame_hdl,
7018 		    (uint32_t *)(void *)&statuschange->SASAddress + 1);
7019 		wwn = ((uint64_t)wwn_hi << 32) | wwn_lo;
7020 		devhdl =  ddi_get16(mpt->m_acc_reply_frame_hdl,
7021 		    &statuschange->DevHandle);
7022 
7023 		NDBG13(("MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE wwn is %"PRIx64,
7024 		    wwn));
7025 
7026 		switch (rc) {
7027 		case MPI2_EVENT_SAS_DEV_STAT_RC_SMART_DATA:
7028 			NDBG20(("SMART data received, ASC/ASCQ = %02x/%02x",
7029 			    ddi_get8(mpt->m_acc_reply_frame_hdl,
7030 			    &statuschange->ASC),
7031 			    ddi_get8(mpt->m_acc_reply_frame_hdl,
7032 			    &statuschange->ASCQ)));
7033 			break;
7034 
7035 		case MPI2_EVENT_SAS_DEV_STAT_RC_UNSUPPORTED:
7036 			NDBG20(("Device not supported"));
7037 			break;
7038 
7039 		case MPI2_EVENT_SAS_DEV_STAT_RC_INTERNAL_DEVICE_RESET:
7040 			NDBG20(("IOC internally generated the Target Reset "
7041 			    "for devhdl:%x", devhdl));
7042 			break;
7043 
7044 		case MPI2_EVENT_SAS_DEV_STAT_RC_CMP_INTERNAL_DEV_RESET:
7045 			NDBG20(("IOC's internally generated Target Reset "
7046 			    "completed for devhdl:%x", devhdl));
7047 			break;
7048 
7049 		case MPI2_EVENT_SAS_DEV_STAT_RC_TASK_ABORT_INTERNAL:
7050 			NDBG20(("IOC internally generated Abort Task"));
7051 			break;
7052 
7053 		case MPI2_EVENT_SAS_DEV_STAT_RC_CMP_TASK_ABORT_INTERNAL:
7054 			NDBG20(("IOC's internally generated Abort Task "
7055 			    "completed"));
7056 			break;
7057 
7058 		case MPI2_EVENT_SAS_DEV_STAT_RC_ABORT_TASK_SET_INTERNAL:
7059 			NDBG20(("IOC internally generated Abort Task Set"));
7060 			break;
7061 
7062 		case MPI2_EVENT_SAS_DEV_STAT_RC_CLEAR_TASK_SET_INTERNAL:
7063 			NDBG20(("IOC internally generated Clear Task Set"));
7064 			break;
7065 
7066 		case MPI2_EVENT_SAS_DEV_STAT_RC_QUERY_TASK_INTERNAL:
7067 			NDBG20(("IOC internally generated Query Task"));
7068 			break;
7069 
7070 		case MPI2_EVENT_SAS_DEV_STAT_RC_ASYNC_NOTIFICATION:
7071 			NDBG20(("Device sent an Asynchronous Notification"));
7072 			break;
7073 
7074 		default:
7075 			break;
7076 		}
7077 		break;
7078 	}
7079 	case MPI2_EVENT_IR_CONFIGURATION_CHANGE_LIST:
7080 	{
7081 		/*
7082 		 * IR TOPOLOGY CHANGE LIST Event has already been handled
7083 		 * in mpt_handle_event_sync() of interrupt context
7084 		 */
7085 		break;
7086 	}
7087 	case MPI2_EVENT_IR_OPERATION_STATUS:
7088 	{
7089 		Mpi2EventDataIrOperationStatus_t	*irOpStatus;
7090 		char					reason_str[80];
7091 		uint8_t					rc, percent;
7092 		uint16_t				handle;
7093 
7094 		irOpStatus = (pMpi2EventDataIrOperationStatus_t)
7095 		    eventreply->EventData;
7096 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
7097 		    &irOpStatus->RAIDOperation);
7098 		percent = ddi_get8(mpt->m_acc_reply_frame_hdl,
7099 		    &irOpStatus->PercentComplete);
7100 		handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7101 		    &irOpStatus->VolDevHandle);
7102 
7103 		switch (rc) {
7104 			case MPI2_EVENT_IR_RAIDOP_RESYNC:
7105 				(void) sprintf(reason_str, "resync");
7106 				break;
7107 			case MPI2_EVENT_IR_RAIDOP_ONLINE_CAP_EXPANSION:
7108 				(void) sprintf(reason_str, "online capacity "
7109 				    "expansion");
7110 				break;
7111 			case MPI2_EVENT_IR_RAIDOP_CONSISTENCY_CHECK:
7112 				(void) sprintf(reason_str, "consistency check");
7113 				break;
7114 			default:
7115 				(void) sprintf(reason_str, "unknown reason %x",
7116 				    rc);
7117 		}
7118 
7119 		NDBG20(("mptsas%d raid operational status: (%s)"
7120 		    "\thandle(0x%04x), percent complete(%d)\n",
7121 		    mpt->m_instance, reason_str, handle, percent));
7122 		break;
7123 	}
7124 	case MPI2_EVENT_IR_VOLUME:
7125 	{
7126 		Mpi2EventDataIrVolume_t		*irVolume;
7127 		uint16_t			devhandle;
7128 		uint32_t			state;
7129 		int				config, vol;
7130 		mptsas_slots_t			*slots = mpt->m_active;
7131 		uint8_t				found = FALSE;
7132 
7133 		irVolume = (pMpi2EventDataIrVolume_t)eventreply->EventData;
7134 		state = ddi_get32(mpt->m_acc_reply_frame_hdl,
7135 		    &irVolume->NewValue);
7136 		devhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7137 		    &irVolume->VolDevHandle);
7138 
7139 		NDBG20(("EVENT_IR_VOLUME event is received"));
7140 
7141 		/*
7142 		 * Get latest RAID info and then find the DevHandle for this
7143 		 * event in the configuration.  If the DevHandle is not found
7144 		 * just exit the event.
7145 		 */
7146 		(void) mptsas_get_raid_info(mpt);
7147 		for (config = 0; (config < slots->m_num_raid_configs) &&
7148 		    (!found); config++) {
7149 			for (vol = 0; vol < MPTSAS_MAX_RAIDVOLS; vol++) {
7150 				if (slots->m_raidconfig[config].m_raidvol[vol].
7151 				    m_raidhandle == devhandle) {
7152 					found = TRUE;
7153 					break;
7154 				}
7155 			}
7156 		}
7157 		if (!found) {
7158 			break;
7159 		}
7160 
7161 		switch (irVolume->ReasonCode) {
7162 		case MPI2_EVENT_IR_VOLUME_RC_SETTINGS_CHANGED:
7163 		{
7164 			uint32_t i;
7165 			slots->m_raidconfig[config].m_raidvol[vol].m_settings =
7166 			    state;
7167 
7168 			i = state & MPI2_RAIDVOL0_SETTING_MASK_WRITE_CACHING;
7169 			mptsas_log(mpt, CE_NOTE, " Volume %d settings changed"
7170 			    ", auto-config of hot-swap drives is %s"
7171 			    ", write caching is %s"
7172 			    ", hot-spare pool mask is %02x\n",
7173 			    vol, state &
7174 			    MPI2_RAIDVOL0_SETTING_AUTO_CONFIG_HSWAP_DISABLE
7175 			    ? "disabled" : "enabled",
7176 			    i == MPI2_RAIDVOL0_SETTING_UNCHANGED
7177 			    ? "controlled by member disks" :
7178 			    i == MPI2_RAIDVOL0_SETTING_DISABLE_WRITE_CACHING
7179 			    ? "disabled" :
7180 			    i == MPI2_RAIDVOL0_SETTING_ENABLE_WRITE_CACHING
7181 			    ? "enabled" :
7182 			    "incorrectly set",
7183 			    (state >> 16) & 0xff);
7184 				break;
7185 		}
7186 		case MPI2_EVENT_IR_VOLUME_RC_STATE_CHANGED:
7187 		{
7188 			slots->m_raidconfig[config].m_raidvol[vol].m_state =
7189 			    (uint8_t)state;
7190 
7191 			mptsas_log(mpt, CE_NOTE,
7192 			    "Volume %d is now %s\n", vol,
7193 			    state == MPI2_RAID_VOL_STATE_OPTIMAL
7194 			    ? "optimal" :
7195 			    state == MPI2_RAID_VOL_STATE_DEGRADED
7196 			    ? "degraded" :
7197 			    state == MPI2_RAID_VOL_STATE_ONLINE
7198 			    ? "online" :
7199 			    state == MPI2_RAID_VOL_STATE_INITIALIZING
7200 			    ? "initializing" :
7201 			    state == MPI2_RAID_VOL_STATE_FAILED
7202 			    ? "failed" :
7203 			    state == MPI2_RAID_VOL_STATE_MISSING
7204 			    ? "missing" :
7205 			    "state unknown");
7206 			break;
7207 		}
7208 		case MPI2_EVENT_IR_VOLUME_RC_STATUS_FLAGS_CHANGED:
7209 		{
7210 			slots->m_raidconfig[config].m_raidvol[vol].
7211 			    m_statusflags = state;
7212 
7213 			mptsas_log(mpt, CE_NOTE,
7214 			    " Volume %d is now %s%s%s%s%s%s%s%s%s\n",
7215 			    vol,
7216 			    state & MPI2_RAIDVOL0_STATUS_FLAG_ENABLED
7217 			    ? ", enabled" : ", disabled",
7218 			    state & MPI2_RAIDVOL0_STATUS_FLAG_QUIESCED
7219 			    ? ", quiesced" : "",
7220 			    state & MPI2_RAIDVOL0_STATUS_FLAG_VOLUME_INACTIVE
7221 			    ? ", inactive" : ", active",
7222 			    state &
7223 			    MPI2_RAIDVOL0_STATUS_FLAG_BAD_BLOCK_TABLE_FULL
7224 			    ? ", bad block table is full" : "",
7225 			    state &
7226 			    MPI2_RAIDVOL0_STATUS_FLAG_RESYNC_IN_PROGRESS
7227 			    ? ", resync in progress" : "",
7228 			    state & MPI2_RAIDVOL0_STATUS_FLAG_BACKGROUND_INIT
7229 			    ? ", background initialization in progress" : "",
7230 			    state &
7231 			    MPI2_RAIDVOL0_STATUS_FLAG_CAPACITY_EXPANSION
7232 			    ? ", capacity expansion in progress" : "",
7233 			    state &
7234 			    MPI2_RAIDVOL0_STATUS_FLAG_CONSISTENCY_CHECK
7235 			    ? ", consistency check in progress" : "",
7236 			    state & MPI2_RAIDVOL0_STATUS_FLAG_DATA_SCRUB
7237 			    ? ", data scrub in progress" : "");
7238 			break;
7239 		}
7240 		default:
7241 			break;
7242 		}
7243 		break;
7244 	}
7245 	case MPI2_EVENT_IR_PHYSICAL_DISK:
7246 	{
7247 		Mpi2EventDataIrPhysicalDisk_t	*irPhysDisk;
7248 		uint16_t			devhandle, enchandle, slot;
7249 		uint32_t			status, state;
7250 		uint8_t				physdisknum, reason;
7251 
7252 		irPhysDisk = (Mpi2EventDataIrPhysicalDisk_t *)
7253 		    eventreply->EventData;
7254 		physdisknum = ddi_get8(mpt->m_acc_reply_frame_hdl,
7255 		    &irPhysDisk->PhysDiskNum);
7256 		devhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7257 		    &irPhysDisk->PhysDiskDevHandle);
7258 		enchandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7259 		    &irPhysDisk->EnclosureHandle);
7260 		slot = ddi_get16(mpt->m_acc_reply_frame_hdl,
7261 		    &irPhysDisk->Slot);
7262 		state = ddi_get32(mpt->m_acc_reply_frame_hdl,
7263 		    &irPhysDisk->NewValue);
7264 		reason = ddi_get8(mpt->m_acc_reply_frame_hdl,
7265 		    &irPhysDisk->ReasonCode);
7266 
7267 		NDBG20(("EVENT_IR_PHYSICAL_DISK event is received"));
7268 
7269 		switch (reason) {
7270 		case MPI2_EVENT_IR_PHYSDISK_RC_SETTINGS_CHANGED:
7271 			mptsas_log(mpt, CE_NOTE,
7272 			    " PhysDiskNum %d with DevHandle 0x%x in slot %d "
7273 			    "for enclosure with handle 0x%x is now in hot "
7274 			    "spare pool %d",
7275 			    physdisknum, devhandle, slot, enchandle,
7276 			    (state >> 16) & 0xff);
7277 			break;
7278 
7279 		case MPI2_EVENT_IR_PHYSDISK_RC_STATUS_FLAGS_CHANGED:
7280 			status = state;
7281 			mptsas_log(mpt, CE_NOTE,
7282 			    " PhysDiskNum %d with DevHandle 0x%x in slot %d "
7283 			    "for enclosure with handle 0x%x is now "
7284 			    "%s%s%s%s%s\n", physdisknum, devhandle, slot,
7285 			    enchandle,
7286 			    status & MPI2_PHYSDISK0_STATUS_FLAG_INACTIVE_VOLUME
7287 			    ? ", inactive" : ", active",
7288 			    status & MPI2_PHYSDISK0_STATUS_FLAG_OUT_OF_SYNC
7289 			    ? ", out of sync" : "",
7290 			    status & MPI2_PHYSDISK0_STATUS_FLAG_QUIESCED
7291 			    ? ", quiesced" : "",
7292 			    status &
7293 			    MPI2_PHYSDISK0_STATUS_FLAG_WRITE_CACHE_ENABLED
7294 			    ? ", write cache enabled" : "",
7295 			    status & MPI2_PHYSDISK0_STATUS_FLAG_OCE_TARGET
7296 			    ? ", capacity expansion target" : "");
7297 			break;
7298 
7299 		case MPI2_EVENT_IR_PHYSDISK_RC_STATE_CHANGED:
7300 			mptsas_log(mpt, CE_NOTE,
7301 			    " PhysDiskNum %d with DevHandle 0x%x in slot %d "
7302 			    "for enclosure with handle 0x%x is now %s\n",
7303 			    physdisknum, devhandle, slot, enchandle,
7304 			    state == MPI2_RAID_PD_STATE_OPTIMAL
7305 			    ? "optimal" :
7306 			    state == MPI2_RAID_PD_STATE_REBUILDING
7307 			    ? "rebuilding" :
7308 			    state == MPI2_RAID_PD_STATE_DEGRADED
7309 			    ? "degraded" :
7310 			    state == MPI2_RAID_PD_STATE_HOT_SPARE
7311 			    ? "a hot spare" :
7312 			    state == MPI2_RAID_PD_STATE_ONLINE
7313 			    ? "online" :
7314 			    state == MPI2_RAID_PD_STATE_OFFLINE
7315 			    ? "offline" :
7316 			    state == MPI2_RAID_PD_STATE_NOT_COMPATIBLE
7317 			    ? "not compatible" :
7318 			    state == MPI2_RAID_PD_STATE_NOT_CONFIGURED
7319 			    ? "not configured" :
7320 			    "state unknown");
7321 			break;
7322 		}
7323 		break;
7324 	}
7325 	default:
7326 		NDBG20(("mptsas%d: unknown event %x received",
7327 		    mpt->m_instance, event));
7328 		break;
7329 	}
7330 
7331 	/*
7332 	 * Return the reply frame to the free queue.
7333 	 */
7334 	ddi_put32(mpt->m_acc_free_queue_hdl,
7335 	    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index], rfm);
7336 	(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
7337 	    DDI_DMA_SYNC_FORDEV);
7338 	if (++mpt->m_free_index == mpt->m_free_queue_depth) {
7339 		mpt->m_free_index = 0;
7340 	}
7341 	ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
7342 	    mpt->m_free_index);
7343 	mutex_exit(&mpt->m_mutex);
7344 }
7345 
7346 /*
7347  * invoked from timeout() to restart qfull cmds with throttle == 0
7348  */
7349 static void
7350 mptsas_restart_cmd(void *arg)
7351 {
7352 	mptsas_t	*mpt = arg;
7353 	mptsas_target_t	*ptgt = NULL;
7354 
7355 	mutex_enter(&mpt->m_mutex);
7356 
7357 	mpt->m_restart_cmd_timeid = 0;
7358 
7359 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
7360 	    MPTSAS_HASH_FIRST);
7361 	while (ptgt != NULL) {
7362 		if (ptgt->m_reset_delay == 0) {
7363 			if (ptgt->m_t_throttle == QFULL_THROTTLE) {
7364 				mptsas_set_throttle(mpt, ptgt,
7365 				    MAX_THROTTLE);
7366 			}
7367 		}
7368 
7369 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
7370 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
7371 	}
7372 	mptsas_restart_hba(mpt);
7373 	mutex_exit(&mpt->m_mutex);
7374 }
7375 
7376 void
7377 mptsas_remove_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
7378 {
7379 	int		slot;
7380 	mptsas_slots_t	*slots = mpt->m_active;
7381 	int		t;
7382 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
7383 
7384 	ASSERT(cmd != NULL);
7385 	ASSERT(cmd->cmd_queued == FALSE);
7386 
7387 	/*
7388 	 * Task Management cmds are removed in their own routines.  Also,
7389 	 * we don't want to modify timeout based on TM cmds.
7390 	 */
7391 	if (cmd->cmd_flags & CFLAG_TM_CMD) {
7392 		return;
7393 	}
7394 
7395 	t = Tgt(cmd);
7396 	slot = cmd->cmd_slot;
7397 
7398 	/*
7399 	 * remove the cmd.
7400 	 */
7401 	if (cmd == slots->m_slot[slot]) {
7402 		NDBG31(("mptsas_remove_cmd: removing cmd=0x%p", (void *)cmd));
7403 		slots->m_slot[slot] = NULL;
7404 		mpt->m_ncmds--;
7405 
7406 		/*
7407 		 * only decrement per target ncmds if command
7408 		 * has a target associated with it.
7409 		 */
7410 		if ((cmd->cmd_flags & CFLAG_CMDIOC) == 0) {
7411 			ptgt->m_t_ncmds--;
7412 			/*
7413 			 * reset throttle if we just ran an untagged command
7414 			 * to a tagged target
7415 			 */
7416 			if ((ptgt->m_t_ncmds == 0) &&
7417 			    ((cmd->cmd_pkt_flags & FLAG_TAGMASK) == 0)) {
7418 				mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
7419 			}
7420 		}
7421 
7422 	}
7423 
7424 	/*
7425 	 * This is all we need to do for ioc commands.
7426 	 */
7427 	if (cmd->cmd_flags & CFLAG_CMDIOC) {
7428 		mptsas_return_to_pool(mpt, cmd);
7429 		return;
7430 	}
7431 
7432 	/*
7433 	 * Figure out what to set tag Q timeout for...
7434 	 *
7435 	 * Optimize: If we have duplicate's of same timeout
7436 	 * we're using, then we'll use it again until we run
7437 	 * out of duplicates.  This should be the normal case
7438 	 * for block and raw I/O.
7439 	 * If no duplicates, we have to scan through tag que and
7440 	 * find the longest timeout value and use it.  This is
7441 	 * going to take a while...
7442 	 * Add 1 to m_n_slots to account for TM request.
7443 	 */
7444 	if (cmd->cmd_pkt->pkt_time == ptgt->m_timebase) {
7445 		if (--(ptgt->m_dups) == 0) {
7446 			if (ptgt->m_t_ncmds) {
7447 				mptsas_cmd_t *ssp;
7448 				uint_t n = 0;
7449 				ushort_t nslots = (slots->m_n_slots + 1);
7450 				ushort_t i;
7451 				/*
7452 				 * This crude check assumes we don't do
7453 				 * this too often which seems reasonable
7454 				 * for block and raw I/O.
7455 				 */
7456 				for (i = 0; i < nslots; i++) {
7457 					ssp = slots->m_slot[i];
7458 					if (ssp && (Tgt(ssp) == t) &&
7459 					    (ssp->cmd_pkt->pkt_time > n)) {
7460 						n = ssp->cmd_pkt->pkt_time;
7461 						ptgt->m_dups = 1;
7462 					} else if (ssp && (Tgt(ssp) == t) &&
7463 					    (ssp->cmd_pkt->pkt_time == n)) {
7464 						ptgt->m_dups++;
7465 					}
7466 				}
7467 				ptgt->m_timebase = n;
7468 			} else {
7469 				ptgt->m_dups = 0;
7470 				ptgt->m_timebase = 0;
7471 			}
7472 		}
7473 	}
7474 	ptgt->m_timeout = ptgt->m_timebase;
7475 
7476 	ASSERT(cmd != slots->m_slot[cmd->cmd_slot]);
7477 }
7478 
7479 /*
7480  * accept all cmds on the tx_waitq if any and then
7481  * start a fresh request from the top of the device queue.
7482  *
7483  * since there are always cmds queued on the tx_waitq, and rare cmds on
7484  * the instance waitq, so this function should not be invoked in the ISR,
7485  * the mptsas_restart_waitq() is invoked in the ISR instead. otherwise, the
7486  * burden belongs to the IO dispatch CPUs is moved the interrupt CPU.
7487  */
7488 static void
7489 mptsas_restart_hba(mptsas_t *mpt)
7490 {
7491 	ASSERT(mutex_owned(&mpt->m_mutex));
7492 
7493 	mutex_enter(&mpt->m_tx_waitq_mutex);
7494 	if (mpt->m_tx_waitq) {
7495 		mptsas_accept_tx_waitq(mpt);
7496 	}
7497 	mutex_exit(&mpt->m_tx_waitq_mutex);
7498 	mptsas_restart_waitq(mpt);
7499 }
7500 
7501 /*
7502  * start a fresh request from the top of the device queue
7503  */
7504 static void
7505 mptsas_restart_waitq(mptsas_t *mpt)
7506 {
7507 	mptsas_cmd_t	*cmd, *next_cmd;
7508 	mptsas_target_t *ptgt = NULL;
7509 
7510 	NDBG1(("mptsas_restart_waitq: mpt=0x%p", (void *)mpt));
7511 
7512 	ASSERT(mutex_owned(&mpt->m_mutex));
7513 
7514 	/*
7515 	 * If there is a reset delay, don't start any cmds.  Otherwise, start
7516 	 * as many cmds as possible.
7517 	 * Since SMID 0 is reserved and the TM slot is reserved, the actual max
7518 	 * commands is m_max_requests - 2.
7519 	 */
7520 	cmd = mpt->m_waitq;
7521 
7522 	while (cmd != NULL) {
7523 		next_cmd = cmd->cmd_linkp;
7524 		if (cmd->cmd_flags & CFLAG_PASSTHRU) {
7525 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
7526 				/*
7527 				 * passthru command get slot need
7528 				 * set CFLAG_PREPARED.
7529 				 */
7530 				cmd->cmd_flags |= CFLAG_PREPARED;
7531 				mptsas_waitq_delete(mpt, cmd);
7532 				mptsas_start_passthru(mpt, cmd);
7533 			}
7534 			cmd = next_cmd;
7535 			continue;
7536 		}
7537 		if (cmd->cmd_flags & CFLAG_CONFIG) {
7538 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
7539 				/*
7540 				 * Send the config page request and delete it
7541 				 * from the waitq.
7542 				 */
7543 				cmd->cmd_flags |= CFLAG_PREPARED;
7544 				mptsas_waitq_delete(mpt, cmd);
7545 				mptsas_start_config_page_access(mpt, cmd);
7546 			}
7547 			cmd = next_cmd;
7548 			continue;
7549 		}
7550 		if (cmd->cmd_flags & CFLAG_FW_DIAG) {
7551 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
7552 				/*
7553 				 * Send the FW Diag request and delete if from
7554 				 * the waitq.
7555 				 */
7556 				cmd->cmd_flags |= CFLAG_PREPARED;
7557 				mptsas_waitq_delete(mpt, cmd);
7558 				mptsas_start_diag(mpt, cmd);
7559 			}
7560 			cmd = next_cmd;
7561 			continue;
7562 		}
7563 
7564 		ptgt = cmd->cmd_tgt_addr;
7565 		if (ptgt && (ptgt->m_t_throttle == DRAIN_THROTTLE) &&
7566 		    (ptgt->m_t_ncmds == 0)) {
7567 			mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
7568 		}
7569 		if ((mpt->m_ncmds <= (mpt->m_max_requests - 2)) &&
7570 		    (ptgt && (ptgt->m_reset_delay == 0)) &&
7571 		    (ptgt && (ptgt->m_t_ncmds <
7572 		    ptgt->m_t_throttle))) {
7573 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
7574 				mptsas_waitq_delete(mpt, cmd);
7575 				(void) mptsas_start_cmd(mpt, cmd);
7576 			}
7577 		}
7578 		cmd = next_cmd;
7579 	}
7580 }
7581 /*
7582  * Cmds are queued if tran_start() doesn't get the m_mutexlock(no wait).
7583  * Accept all those queued cmds before new cmd is accept so that the
7584  * cmds are sent in order.
7585  */
7586 static void
7587 mptsas_accept_tx_waitq(mptsas_t *mpt)
7588 {
7589 	mptsas_cmd_t *cmd;
7590 
7591 	ASSERT(mutex_owned(&mpt->m_mutex));
7592 	ASSERT(mutex_owned(&mpt->m_tx_waitq_mutex));
7593 
7594 	/*
7595 	 * A Bus Reset could occur at any time and flush the tx_waitq,
7596 	 * so we cannot count on the tx_waitq to contain even one cmd.
7597 	 * And when the m_tx_waitq_mutex is released and run
7598 	 * mptsas_accept_pkt(), the tx_waitq may be flushed.
7599 	 */
7600 	cmd = mpt->m_tx_waitq;
7601 	for (;;) {
7602 		if ((cmd = mpt->m_tx_waitq) == NULL) {
7603 			mpt->m_tx_draining = 0;
7604 			break;
7605 		}
7606 		if ((mpt->m_tx_waitq = cmd->cmd_linkp) == NULL) {
7607 			mpt->m_tx_waitqtail = &mpt->m_tx_waitq;
7608 		}
7609 		cmd->cmd_linkp = NULL;
7610 		mutex_exit(&mpt->m_tx_waitq_mutex);
7611 		if (mptsas_accept_pkt(mpt, cmd) != TRAN_ACCEPT)
7612 			cmn_err(CE_WARN, "mpt: mptsas_accept_tx_waitq: failed "
7613 			    "to accept cmd on queue\n");
7614 		mutex_enter(&mpt->m_tx_waitq_mutex);
7615 	}
7616 }
7617 
7618 
7619 /*
7620  * mpt tag type lookup
7621  */
7622 static char mptsas_tag_lookup[] =
7623 	{0, MSG_HEAD_QTAG, MSG_ORDERED_QTAG, 0, MSG_SIMPLE_QTAG};
7624 
7625 static int
7626 mptsas_start_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
7627 {
7628 	struct scsi_pkt		*pkt = CMD2PKT(cmd);
7629 	uint32_t		control = 0;
7630 	int			n;
7631 	caddr_t			mem;
7632 	pMpi2SCSIIORequest_t	io_request;
7633 	ddi_dma_handle_t	dma_hdl = mpt->m_dma_req_frame_hdl;
7634 	ddi_acc_handle_t	acc_hdl = mpt->m_acc_req_frame_hdl;
7635 	mptsas_target_t		*ptgt = cmd->cmd_tgt_addr;
7636 	uint16_t		SMID, io_flags = 0;
7637 	uint32_t		request_desc_low, request_desc_high;
7638 
7639 	NDBG1(("mptsas_start_cmd: cmd=0x%p", (void *)cmd));
7640 
7641 	/*
7642 	 * Set SMID and increment index.  Rollover to 1 instead of 0 if index
7643 	 * is at the max.  0 is an invalid SMID, so we call the first index 1.
7644 	 */
7645 	SMID = cmd->cmd_slot;
7646 
7647 	/*
7648 	 * It is possible for back to back device reset to
7649 	 * happen before the reset delay has expired.  That's
7650 	 * ok, just let the device reset go out on the bus.
7651 	 */
7652 	if ((cmd->cmd_pkt_flags & FLAG_NOINTR) == 0) {
7653 		ASSERT(ptgt->m_reset_delay == 0);
7654 	}
7655 
7656 	/*
7657 	 * if a non-tagged cmd is submitted to an active tagged target
7658 	 * then drain before submitting this cmd; SCSI-2 allows RQSENSE
7659 	 * to be untagged
7660 	 */
7661 	if (((cmd->cmd_pkt_flags & FLAG_TAGMASK) == 0) &&
7662 	    (ptgt->m_t_ncmds > 1) &&
7663 	    ((cmd->cmd_flags & CFLAG_TM_CMD) == 0) &&
7664 	    (*(cmd->cmd_pkt->pkt_cdbp) != SCMD_REQUEST_SENSE)) {
7665 		if ((cmd->cmd_pkt_flags & FLAG_NOINTR) == 0) {
7666 			NDBG23(("target=%d, untagged cmd, start draining\n",
7667 			    ptgt->m_devhdl));
7668 
7669 			if (ptgt->m_reset_delay == 0) {
7670 				mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
7671 			}
7672 
7673 			mptsas_remove_cmd(mpt, cmd);
7674 			cmd->cmd_pkt_flags |= FLAG_HEAD;
7675 			mptsas_waitq_add(mpt, cmd);
7676 		}
7677 		return (DDI_FAILURE);
7678 	}
7679 
7680 	/*
7681 	 * Set correct tag bits.
7682 	 */
7683 	if (cmd->cmd_pkt_flags & FLAG_TAGMASK) {
7684 		switch (mptsas_tag_lookup[((cmd->cmd_pkt_flags &
7685 		    FLAG_TAGMASK) >> 12)]) {
7686 		case MSG_SIMPLE_QTAG:
7687 			control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
7688 			break;
7689 		case MSG_HEAD_QTAG:
7690 			control |= MPI2_SCSIIO_CONTROL_HEADOFQ;
7691 			break;
7692 		case MSG_ORDERED_QTAG:
7693 			control |= MPI2_SCSIIO_CONTROL_ORDEREDQ;
7694 			break;
7695 		default:
7696 			mptsas_log(mpt, CE_WARN, "mpt: Invalid tag type\n");
7697 			break;
7698 		}
7699 	} else {
7700 		if (*(cmd->cmd_pkt->pkt_cdbp) != SCMD_REQUEST_SENSE) {
7701 				ptgt->m_t_throttle = 1;
7702 		}
7703 		control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
7704 	}
7705 
7706 	if (cmd->cmd_pkt_flags & FLAG_TLR) {
7707 		control |= MPI2_SCSIIO_CONTROL_TLR_ON;
7708 	}
7709 
7710 	mem = mpt->m_req_frame + (mpt->m_req_frame_size * SMID);
7711 	io_request = (pMpi2SCSIIORequest_t)mem;
7712 
7713 	bzero(io_request, sizeof (Mpi2SCSIIORequest_t));
7714 	ddi_put8(acc_hdl, &io_request->SGLOffset0, offsetof
7715 	    (MPI2_SCSI_IO_REQUEST, SGL) / 4);
7716 	mptsas_init_std_hdr(acc_hdl, io_request, ptgt->m_devhdl, Lun(cmd), 0,
7717 	    MPI2_FUNCTION_SCSI_IO_REQUEST);
7718 
7719 	(void) ddi_rep_put8(acc_hdl, (uint8_t *)pkt->pkt_cdbp,
7720 	    io_request->CDB.CDB32, cmd->cmd_cdblen, DDI_DEV_AUTOINCR);
7721 
7722 	io_flags = cmd->cmd_cdblen;
7723 	ddi_put16(acc_hdl, &io_request->IoFlags, io_flags);
7724 	/*
7725 	 * setup the Scatter/Gather DMA list for this request
7726 	 */
7727 	if (cmd->cmd_cookiec > 0) {
7728 		mptsas_sge_setup(mpt, cmd, &control, io_request, acc_hdl);
7729 	} else {
7730 		ddi_put32(acc_hdl, &io_request->SGL.MpiSimple.FlagsLength,
7731 		    ((uint32_t)MPI2_SGE_FLAGS_LAST_ELEMENT |
7732 		    MPI2_SGE_FLAGS_END_OF_BUFFER |
7733 		    MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
7734 		    MPI2_SGE_FLAGS_END_OF_LIST) << MPI2_SGE_FLAGS_SHIFT);
7735 	}
7736 
7737 	/*
7738 	 * save ARQ information
7739 	 */
7740 	ddi_put8(acc_hdl, &io_request->SenseBufferLength, cmd->cmd_rqslen);
7741 	if ((cmd->cmd_flags & (CFLAG_SCBEXTERN | CFLAG_EXTARQBUFVALID)) ==
7742 	    (CFLAG_SCBEXTERN | CFLAG_EXTARQBUFVALID)) {
7743 		ddi_put32(acc_hdl, &io_request->SenseBufferLowAddress,
7744 		    cmd->cmd_ext_arqcookie.dmac_address);
7745 	} else {
7746 		ddi_put32(acc_hdl, &io_request->SenseBufferLowAddress,
7747 		    cmd->cmd_arqcookie.dmac_address);
7748 	}
7749 
7750 	ddi_put32(acc_hdl, &io_request->Control, control);
7751 
7752 	NDBG31(("starting message=0x%p, with cmd=0x%p",
7753 	    (void *)(uintptr_t)mpt->m_req_frame_dma_addr, (void *)cmd));
7754 
7755 	(void) ddi_dma_sync(dma_hdl, 0, 0, DDI_DMA_SYNC_FORDEV);
7756 
7757 	/*
7758 	 * Build request descriptor and write it to the request desc post reg.
7759 	 */
7760 	request_desc_low = (SMID << 16) + MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
7761 	request_desc_high = ptgt->m_devhdl << 16;
7762 	MPTSAS_START_CMD(mpt, request_desc_low, request_desc_high);
7763 
7764 	/*
7765 	 * Start timeout.
7766 	 */
7767 #ifdef MPTSAS_TEST
7768 	/*
7769 	 * Temporarily set timebase = 0;  needed for
7770 	 * timeout torture test.
7771 	 */
7772 	if (mptsas_test_timeouts) {
7773 		ptgt->m_timebase = 0;
7774 	}
7775 #endif
7776 	n = pkt->pkt_time - ptgt->m_timebase;
7777 
7778 	if (n == 0) {
7779 		(ptgt->m_dups)++;
7780 		ptgt->m_timeout = ptgt->m_timebase;
7781 	} else if (n > 0) {
7782 		ptgt->m_timeout =
7783 		    ptgt->m_timebase = pkt->pkt_time;
7784 		ptgt->m_dups = 1;
7785 	} else if (n < 0) {
7786 		ptgt->m_timeout = ptgt->m_timebase;
7787 	}
7788 #ifdef MPTSAS_TEST
7789 	/*
7790 	 * Set back to a number higher than
7791 	 * mptsas_scsi_watchdog_tick
7792 	 * so timeouts will happen in mptsas_watchsubr
7793 	 */
7794 	if (mptsas_test_timeouts) {
7795 		ptgt->m_timebase = 60;
7796 	}
7797 #endif
7798 
7799 	if ((mptsas_check_dma_handle(dma_hdl) != DDI_SUCCESS) ||
7800 	    (mptsas_check_acc_handle(acc_hdl) != DDI_SUCCESS)) {
7801 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
7802 		return (DDI_FAILURE);
7803 	}
7804 	return (DDI_SUCCESS);
7805 }
7806 
7807 /*
7808  * Select a helper thread to handle current doneq
7809  */
7810 static void
7811 mptsas_deliver_doneq_thread(mptsas_t *mpt)
7812 {
7813 	uint64_t			t, i;
7814 	uint32_t			min = 0xffffffff;
7815 	mptsas_doneq_thread_list_t	*item;
7816 
7817 	for (i = 0; i < mpt->m_doneq_thread_n; i++) {
7818 		item = &mpt->m_doneq_thread_id[i];
7819 		/*
7820 		 * If the completed command on help thread[i] less than
7821 		 * doneq_thread_threshold, then pick the thread[i]. Otherwise
7822 		 * pick a thread which has least completed command.
7823 		 */
7824 
7825 		mutex_enter(&item->mutex);
7826 		if (item->len < mpt->m_doneq_thread_threshold) {
7827 			t = i;
7828 			mutex_exit(&item->mutex);
7829 			break;
7830 		}
7831 		if (item->len < min) {
7832 			min = item->len;
7833 			t = i;
7834 		}
7835 		mutex_exit(&item->mutex);
7836 	}
7837 	mutex_enter(&mpt->m_doneq_thread_id[t].mutex);
7838 	mptsas_doneq_mv(mpt, t);
7839 	cv_signal(&mpt->m_doneq_thread_id[t].cv);
7840 	mutex_exit(&mpt->m_doneq_thread_id[t].mutex);
7841 }
7842 
7843 /*
7844  * move the current global doneq to the doneq of thead[t]
7845  */
7846 static void
7847 mptsas_doneq_mv(mptsas_t *mpt, uint64_t t)
7848 {
7849 	mptsas_cmd_t			*cmd;
7850 	mptsas_doneq_thread_list_t	*item = &mpt->m_doneq_thread_id[t];
7851 
7852 	ASSERT(mutex_owned(&item->mutex));
7853 	while ((cmd = mpt->m_doneq) != NULL) {
7854 		if ((mpt->m_doneq = cmd->cmd_linkp) == NULL) {
7855 			mpt->m_donetail = &mpt->m_doneq;
7856 		}
7857 		cmd->cmd_linkp = NULL;
7858 		*item->donetail = cmd;
7859 		item->donetail = &cmd->cmd_linkp;
7860 		mpt->m_doneq_len--;
7861 		item->len++;
7862 	}
7863 }
7864 
7865 void
7866 mptsas_fma_check(mptsas_t *mpt, mptsas_cmd_t *cmd)
7867 {
7868 	struct scsi_pkt	*pkt = CMD2PKT(cmd);
7869 
7870 	/* Check all acc and dma handles */
7871 	if ((mptsas_check_acc_handle(mpt->m_datap) !=
7872 	    DDI_SUCCESS) ||
7873 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl) !=
7874 	    DDI_SUCCESS) ||
7875 	    (mptsas_check_acc_handle(mpt->m_acc_reply_frame_hdl) !=
7876 	    DDI_SUCCESS) ||
7877 	    (mptsas_check_acc_handle(mpt->m_acc_free_queue_hdl) !=
7878 	    DDI_SUCCESS) ||
7879 	    (mptsas_check_acc_handle(mpt->m_acc_post_queue_hdl) !=
7880 	    DDI_SUCCESS) ||
7881 	    (mptsas_check_acc_handle(mpt->m_hshk_acc_hdl) !=
7882 	    DDI_SUCCESS) ||
7883 	    (mptsas_check_acc_handle(mpt->m_config_handle) !=
7884 	    DDI_SUCCESS)) {
7885 		ddi_fm_service_impact(mpt->m_dip,
7886 		    DDI_SERVICE_UNAFFECTED);
7887 		ddi_fm_acc_err_clear(mpt->m_config_handle,
7888 		    DDI_FME_VER0);
7889 		pkt->pkt_reason = CMD_TRAN_ERR;
7890 		pkt->pkt_statistics = 0;
7891 	}
7892 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl) !=
7893 	    DDI_SUCCESS) ||
7894 	    (mptsas_check_dma_handle(mpt->m_dma_reply_frame_hdl) !=
7895 	    DDI_SUCCESS) ||
7896 	    (mptsas_check_dma_handle(mpt->m_dma_free_queue_hdl) !=
7897 	    DDI_SUCCESS) ||
7898 	    (mptsas_check_dma_handle(mpt->m_dma_post_queue_hdl) !=
7899 	    DDI_SUCCESS) ||
7900 	    (mptsas_check_dma_handle(mpt->m_hshk_dma_hdl) !=
7901 	    DDI_SUCCESS)) {
7902 		ddi_fm_service_impact(mpt->m_dip,
7903 		    DDI_SERVICE_UNAFFECTED);
7904 		pkt->pkt_reason = CMD_TRAN_ERR;
7905 		pkt->pkt_statistics = 0;
7906 	}
7907 	if (cmd->cmd_dmahandle &&
7908 	    (mptsas_check_dma_handle(cmd->cmd_dmahandle) != DDI_SUCCESS)) {
7909 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
7910 		pkt->pkt_reason = CMD_TRAN_ERR;
7911 		pkt->pkt_statistics = 0;
7912 	}
7913 	if ((cmd->cmd_extra_frames &&
7914 	    ((mptsas_check_dma_handle(cmd->cmd_extra_frames->m_dma_hdl) !=
7915 	    DDI_SUCCESS) ||
7916 	    (mptsas_check_acc_handle(cmd->cmd_extra_frames->m_acc_hdl) !=
7917 	    DDI_SUCCESS)))) {
7918 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
7919 		pkt->pkt_reason = CMD_TRAN_ERR;
7920 		pkt->pkt_statistics = 0;
7921 	}
7922 	if (cmd->cmd_arqhandle &&
7923 	    (mptsas_check_dma_handle(cmd->cmd_arqhandle) != DDI_SUCCESS)) {
7924 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
7925 		pkt->pkt_reason = CMD_TRAN_ERR;
7926 		pkt->pkt_statistics = 0;
7927 	}
7928 	if (cmd->cmd_ext_arqhandle &&
7929 	    (mptsas_check_dma_handle(cmd->cmd_ext_arqhandle) != DDI_SUCCESS)) {
7930 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
7931 		pkt->pkt_reason = CMD_TRAN_ERR;
7932 		pkt->pkt_statistics = 0;
7933 	}
7934 }
7935 
7936 /*
7937  * These routines manipulate the queue of commands that
7938  * are waiting for their completion routines to be called.
7939  * The queue is usually in FIFO order but on an MP system
7940  * it's possible for the completion routines to get out
7941  * of order. If that's a problem you need to add a global
7942  * mutex around the code that calls the completion routine
7943  * in the interrupt handler.
7944  */
7945 static void
7946 mptsas_doneq_add(mptsas_t *mpt, mptsas_cmd_t *cmd)
7947 {
7948 	struct scsi_pkt	*pkt = CMD2PKT(cmd);
7949 
7950 	NDBG31(("mptsas_doneq_add: cmd=0x%p", (void *)cmd));
7951 
7952 	ASSERT((cmd->cmd_flags & CFLAG_COMPLETED) == 0);
7953 	cmd->cmd_linkp = NULL;
7954 	cmd->cmd_flags |= CFLAG_FINISHED;
7955 	cmd->cmd_flags &= ~CFLAG_IN_TRANSPORT;
7956 
7957 	mptsas_fma_check(mpt, cmd);
7958 
7959 	/*
7960 	 * only add scsi pkts that have completion routines to
7961 	 * the doneq.  no intr cmds do not have callbacks.
7962 	 */
7963 	if (pkt && (pkt->pkt_comp)) {
7964 		*mpt->m_donetail = cmd;
7965 		mpt->m_donetail = &cmd->cmd_linkp;
7966 		mpt->m_doneq_len++;
7967 	}
7968 }
7969 
7970 static mptsas_cmd_t *
7971 mptsas_doneq_thread_rm(mptsas_t *mpt, uint64_t t)
7972 {
7973 	mptsas_cmd_t			*cmd;
7974 	mptsas_doneq_thread_list_t	*item = &mpt->m_doneq_thread_id[t];
7975 
7976 	/* pop one off the done queue */
7977 	if ((cmd = item->doneq) != NULL) {
7978 		/* if the queue is now empty fix the tail pointer */
7979 		NDBG31(("mptsas_doneq_thread_rm: cmd=0x%p", (void *)cmd));
7980 		if ((item->doneq = cmd->cmd_linkp) == NULL) {
7981 			item->donetail = &item->doneq;
7982 		}
7983 		cmd->cmd_linkp = NULL;
7984 		item->len--;
7985 	}
7986 	return (cmd);
7987 }
7988 
7989 static void
7990 mptsas_doneq_empty(mptsas_t *mpt)
7991 {
7992 	if (mpt->m_doneq && !mpt->m_in_callback) {
7993 		mptsas_cmd_t	*cmd, *next;
7994 		struct scsi_pkt *pkt;
7995 
7996 		mpt->m_in_callback = 1;
7997 		cmd = mpt->m_doneq;
7998 		mpt->m_doneq = NULL;
7999 		mpt->m_donetail = &mpt->m_doneq;
8000 		mpt->m_doneq_len = 0;
8001 
8002 		mutex_exit(&mpt->m_mutex);
8003 		/*
8004 		 * run the completion routines of all the
8005 		 * completed commands
8006 		 */
8007 		while (cmd != NULL) {
8008 			next = cmd->cmd_linkp;
8009 			cmd->cmd_linkp = NULL;
8010 			/* run this command's completion routine */
8011 			cmd->cmd_flags |= CFLAG_COMPLETED;
8012 			pkt = CMD2PKT(cmd);
8013 			mptsas_pkt_comp(pkt, cmd);
8014 			cmd = next;
8015 		}
8016 		mutex_enter(&mpt->m_mutex);
8017 		mpt->m_in_callback = 0;
8018 	}
8019 }
8020 
8021 /*
8022  * These routines manipulate the target's queue of pending requests
8023  */
8024 void
8025 mptsas_waitq_add(mptsas_t *mpt, mptsas_cmd_t *cmd)
8026 {
8027 	NDBG7(("mptsas_waitq_add: cmd=0x%p", (void *)cmd));
8028 	mptsas_target_t *ptgt = cmd->cmd_tgt_addr;
8029 	cmd->cmd_queued = TRUE;
8030 	if (ptgt)
8031 		ptgt->m_t_nwait++;
8032 	if (cmd->cmd_pkt_flags & FLAG_HEAD) {
8033 		if ((cmd->cmd_linkp = mpt->m_waitq) == NULL) {
8034 			mpt->m_waitqtail = &cmd->cmd_linkp;
8035 		}
8036 		mpt->m_waitq = cmd;
8037 	} else {
8038 		cmd->cmd_linkp = NULL;
8039 		*(mpt->m_waitqtail) = cmd;
8040 		mpt->m_waitqtail = &cmd->cmd_linkp;
8041 	}
8042 }
8043 
8044 static mptsas_cmd_t *
8045 mptsas_waitq_rm(mptsas_t *mpt)
8046 {
8047 	mptsas_cmd_t	*cmd;
8048 	mptsas_target_t *ptgt;
8049 	NDBG7(("mptsas_waitq_rm"));
8050 
8051 	MPTSAS_WAITQ_RM(mpt, cmd);
8052 
8053 	NDBG7(("mptsas_waitq_rm: cmd=0x%p", (void *)cmd));
8054 	if (cmd) {
8055 		ptgt = cmd->cmd_tgt_addr;
8056 		if (ptgt) {
8057 			ptgt->m_t_nwait--;
8058 			ASSERT(ptgt->m_t_nwait >= 0);
8059 		}
8060 	}
8061 	return (cmd);
8062 }
8063 
8064 /*
8065  * remove specified cmd from the middle of the wait queue.
8066  */
8067 static void
8068 mptsas_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd)
8069 {
8070 	mptsas_cmd_t	*prevp = mpt->m_waitq;
8071 	mptsas_target_t *ptgt = cmd->cmd_tgt_addr;
8072 
8073 	NDBG7(("mptsas_waitq_delete: mpt=0x%p cmd=0x%p",
8074 	    (void *)mpt, (void *)cmd));
8075 	if (ptgt) {
8076 		ptgt->m_t_nwait--;
8077 		ASSERT(ptgt->m_t_nwait >= 0);
8078 	}
8079 
8080 	if (prevp == cmd) {
8081 		if ((mpt->m_waitq = cmd->cmd_linkp) == NULL)
8082 			mpt->m_waitqtail = &mpt->m_waitq;
8083 
8084 		cmd->cmd_linkp = NULL;
8085 		cmd->cmd_queued = FALSE;
8086 		NDBG7(("mptsas_waitq_delete: mpt=0x%p cmd=0x%p",
8087 		    (void *)mpt, (void *)cmd));
8088 		return;
8089 	}
8090 
8091 	while (prevp != NULL) {
8092 		if (prevp->cmd_linkp == cmd) {
8093 			if ((prevp->cmd_linkp = cmd->cmd_linkp) == NULL)
8094 				mpt->m_waitqtail = &prevp->cmd_linkp;
8095 
8096 			cmd->cmd_linkp = NULL;
8097 			cmd->cmd_queued = FALSE;
8098 			NDBG7(("mptsas_waitq_delete: mpt=0x%p cmd=0x%p",
8099 			    (void *)mpt, (void *)cmd));
8100 			return;
8101 		}
8102 		prevp = prevp->cmd_linkp;
8103 	}
8104 	cmn_err(CE_PANIC, "mpt: mptsas_waitq_delete: queue botch");
8105 }
8106 
8107 static mptsas_cmd_t *
8108 mptsas_tx_waitq_rm(mptsas_t *mpt)
8109 {
8110 	mptsas_cmd_t *cmd;
8111 	NDBG7(("mptsas_tx_waitq_rm"));
8112 
8113 	MPTSAS_TX_WAITQ_RM(mpt, cmd);
8114 
8115 	NDBG7(("mptsas_tx_waitq_rm: cmd=0x%p", (void *)cmd));
8116 
8117 	return (cmd);
8118 }
8119 
8120 /*
8121  * remove specified cmd from the middle of the tx_waitq.
8122  */
8123 static void
8124 mptsas_tx_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd)
8125 {
8126 	mptsas_cmd_t *prevp = mpt->m_tx_waitq;
8127 
8128 	NDBG7(("mptsas_tx_waitq_delete: mpt=0x%p cmd=0x%p",
8129 	    (void *)mpt, (void *)cmd));
8130 
8131 	if (prevp == cmd) {
8132 		if ((mpt->m_tx_waitq = cmd->cmd_linkp) == NULL)
8133 			mpt->m_tx_waitqtail = &mpt->m_tx_waitq;
8134 
8135 		cmd->cmd_linkp = NULL;
8136 		cmd->cmd_queued = FALSE;
8137 		NDBG7(("mptsas_tx_waitq_delete: mpt=0x%p cmd=0x%p",
8138 		    (void *)mpt, (void *)cmd));
8139 		return;
8140 	}
8141 
8142 	while (prevp != NULL) {
8143 		if (prevp->cmd_linkp == cmd) {
8144 			if ((prevp->cmd_linkp = cmd->cmd_linkp) == NULL)
8145 				mpt->m_tx_waitqtail = &prevp->cmd_linkp;
8146 
8147 			cmd->cmd_linkp = NULL;
8148 			cmd->cmd_queued = FALSE;
8149 			NDBG7(("mptsas_tx_waitq_delete: mpt=0x%p cmd=0x%p",
8150 			    (void *)mpt, (void *)cmd));
8151 			return;
8152 		}
8153 		prevp = prevp->cmd_linkp;
8154 	}
8155 	cmn_err(CE_PANIC, "mpt: mptsas_tx_waitq_delete: queue botch");
8156 }
8157 
8158 /*
8159  * device and bus reset handling
8160  *
8161  * Notes:
8162  *	- RESET_ALL:	reset the controller
8163  *	- RESET_TARGET:	reset the target specified in scsi_address
8164  */
8165 static int
8166 mptsas_scsi_reset(struct scsi_address *ap, int level)
8167 {
8168 	mptsas_t		*mpt = ADDR2MPT(ap);
8169 	int			rval;
8170 	mptsas_tgt_private_t	*tgt_private;
8171 	mptsas_target_t		*ptgt = NULL;
8172 
8173 	tgt_private = (mptsas_tgt_private_t *)ap->a_hba_tran->tran_tgt_private;
8174 	ptgt = tgt_private->t_private;
8175 	if (ptgt == NULL) {
8176 		return (FALSE);
8177 	}
8178 	NDBG22(("mptsas_scsi_reset: target=%d level=%d", ptgt->m_devhdl,
8179 	    level));
8180 
8181 	mutex_enter(&mpt->m_mutex);
8182 	/*
8183 	 * if we are not in panic set up a reset delay for this target
8184 	 */
8185 	if (!ddi_in_panic()) {
8186 		mptsas_setup_bus_reset_delay(mpt);
8187 	} else {
8188 		drv_usecwait(mpt->m_scsi_reset_delay * 1000);
8189 	}
8190 	rval = mptsas_do_scsi_reset(mpt, ptgt->m_devhdl);
8191 	mutex_exit(&mpt->m_mutex);
8192 
8193 	/*
8194 	 * The transport layer expect to only see TRUE and
8195 	 * FALSE. Therefore, we will adjust the return value
8196 	 * if mptsas_do_scsi_reset returns FAILED.
8197 	 */
8198 	if (rval == FAILED)
8199 		rval = FALSE;
8200 	return (rval);
8201 }
8202 
8203 static int
8204 mptsas_do_scsi_reset(mptsas_t *mpt, uint16_t devhdl)
8205 {
8206 	int		rval = FALSE;
8207 	uint8_t		config, disk;
8208 	mptsas_slots_t	*slots = mpt->m_active;
8209 
8210 	ASSERT(mutex_owned(&mpt->m_mutex));
8211 
8212 	if (mptsas_debug_resets) {
8213 		mptsas_log(mpt, CE_WARN, "mptsas_do_scsi_reset: target=%d",
8214 		    devhdl);
8215 	}
8216 
8217 	/*
8218 	 * Issue a Target Reset message to the target specified but not to a
8219 	 * disk making up a raid volume.  Just look through the RAID config
8220 	 * Phys Disk list of DevHandles.  If the target's DevHandle is in this
8221 	 * list, then don't reset this target.
8222 	 */
8223 	for (config = 0; config < slots->m_num_raid_configs; config++) {
8224 		for (disk = 0; disk < MPTSAS_MAX_DISKS_IN_CONFIG; disk++) {
8225 			if (devhdl == slots->m_raidconfig[config].
8226 			    m_physdisk_devhdl[disk]) {
8227 				return (TRUE);
8228 			}
8229 		}
8230 	}
8231 
8232 	rval = mptsas_ioc_task_management(mpt,
8233 	    MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET, devhdl, 0, NULL, 0, 0);
8234 
8235 	mptsas_doneq_empty(mpt);
8236 	return (rval);
8237 }
8238 
8239 static int
8240 mptsas_scsi_reset_notify(struct scsi_address *ap, int flag,
8241 	void (*callback)(caddr_t), caddr_t arg)
8242 {
8243 	mptsas_t	*mpt = ADDR2MPT(ap);
8244 
8245 	NDBG22(("mptsas_scsi_reset_notify: tgt=%d", ap->a_target));
8246 
8247 	return (scsi_hba_reset_notify_setup(ap, flag, callback, arg,
8248 	    &mpt->m_mutex, &mpt->m_reset_notify_listf));
8249 }
8250 
8251 static int
8252 mptsas_get_name(struct scsi_device *sd, char *name, int len)
8253 {
8254 	dev_info_t	*lun_dip = NULL;
8255 
8256 	ASSERT(sd != NULL);
8257 	ASSERT(name != NULL);
8258 	lun_dip = sd->sd_dev;
8259 	ASSERT(lun_dip != NULL);
8260 
8261 	if (mptsas_name_child(lun_dip, name, len) == DDI_SUCCESS) {
8262 		return (1);
8263 	} else {
8264 		return (0);
8265 	}
8266 }
8267 
8268 static int
8269 mptsas_get_bus_addr(struct scsi_device *sd, char *name, int len)
8270 {
8271 	return (mptsas_get_name(sd, name, len));
8272 }
8273 
8274 void
8275 mptsas_set_throttle(mptsas_t *mpt, mptsas_target_t *ptgt, int what)
8276 {
8277 
8278 	NDBG25(("mptsas_set_throttle: throttle=%x", what));
8279 
8280 	/*
8281 	 * if the bus is draining/quiesced, no changes to the throttles
8282 	 * are allowed. Not allowing change of throttles during draining
8283 	 * limits error recovery but will reduce draining time
8284 	 *
8285 	 * all throttles should have been set to HOLD_THROTTLE
8286 	 */
8287 	if (mpt->m_softstate & (MPTSAS_SS_QUIESCED | MPTSAS_SS_DRAINING)) {
8288 		return;
8289 	}
8290 
8291 	if (what == HOLD_THROTTLE) {
8292 		ptgt->m_t_throttle = HOLD_THROTTLE;
8293 	} else if (ptgt->m_reset_delay == 0) {
8294 		ptgt->m_t_throttle = what;
8295 	}
8296 }
8297 
8298 /*
8299  * Clean up from a device reset.
8300  * For the case of target reset, this function clears the waitq of all
8301  * commands for a particular target.   For the case of abort task set, this
8302  * function clears the waitq of all commonds for a particular target/lun.
8303  */
8304 static void
8305 mptsas_flush_target(mptsas_t *mpt, ushort_t target, int lun, uint8_t tasktype)
8306 {
8307 	mptsas_slots_t	*slots = mpt->m_active;
8308 	mptsas_cmd_t	*cmd, *next_cmd;
8309 	int		slot;
8310 	uchar_t		reason;
8311 	uint_t		stat;
8312 
8313 	NDBG25(("mptsas_flush_target: target=%d lun=%d", target, lun));
8314 
8315 	/*
8316 	 * Make sure the I/O Controller has flushed all cmds
8317 	 * that are associated with this target for a target reset
8318 	 * and target/lun for abort task set.
8319 	 * Account for TM requests, which use the last SMID.
8320 	 */
8321 	for (slot = 0; slot <= mpt->m_active->m_n_slots; slot++) {
8322 		if ((cmd = slots->m_slot[slot]) == NULL)
8323 			continue;
8324 		reason = CMD_RESET;
8325 		stat = STAT_DEV_RESET;
8326 		switch (tasktype) {
8327 		case MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET:
8328 			if (Tgt(cmd) == target) {
8329 				NDBG25(("mptsas_flush_target discovered non-"
8330 				    "NULL cmd in slot %d, tasktype 0x%x", slot,
8331 				    tasktype));
8332 				mptsas_dump_cmd(mpt, cmd);
8333 				mptsas_remove_cmd(mpt, cmd);
8334 				mptsas_set_pkt_reason(mpt, cmd, reason, stat);
8335 				mptsas_doneq_add(mpt, cmd);
8336 			}
8337 			break;
8338 		case MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET:
8339 			reason = CMD_ABORTED;
8340 			stat = STAT_ABORTED;
8341 			/*FALLTHROUGH*/
8342 		case MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET:
8343 			if ((Tgt(cmd) == target) && (Lun(cmd) == lun)) {
8344 
8345 				NDBG25(("mptsas_flush_target discovered non-"
8346 				    "NULL cmd in slot %d, tasktype 0x%x", slot,
8347 				    tasktype));
8348 				mptsas_dump_cmd(mpt, cmd);
8349 				mptsas_remove_cmd(mpt, cmd);
8350 				mptsas_set_pkt_reason(mpt, cmd, reason,
8351 				    stat);
8352 				mptsas_doneq_add(mpt, cmd);
8353 			}
8354 			break;
8355 		default:
8356 			break;
8357 		}
8358 	}
8359 
8360 	/*
8361 	 * Flush the waitq and tx_waitq of this target's cmds
8362 	 */
8363 	cmd = mpt->m_waitq;
8364 
8365 	reason = CMD_RESET;
8366 	stat = STAT_DEV_RESET;
8367 
8368 	switch (tasktype) {
8369 	case MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET:
8370 		while (cmd != NULL) {
8371 			next_cmd = cmd->cmd_linkp;
8372 			if (Tgt(cmd) == target) {
8373 				mptsas_waitq_delete(mpt, cmd);
8374 				mptsas_set_pkt_reason(mpt, cmd,
8375 				    reason, stat);
8376 				mptsas_doneq_add(mpt, cmd);
8377 			}
8378 			cmd = next_cmd;
8379 		}
8380 		mutex_enter(&mpt->m_tx_waitq_mutex);
8381 		cmd = mpt->m_tx_waitq;
8382 		while (cmd != NULL) {
8383 			next_cmd = cmd->cmd_linkp;
8384 			if (Tgt(cmd) == target) {
8385 				mptsas_tx_waitq_delete(mpt, cmd);
8386 				mutex_exit(&mpt->m_tx_waitq_mutex);
8387 				mptsas_set_pkt_reason(mpt, cmd,
8388 				    reason, stat);
8389 				mptsas_doneq_add(mpt, cmd);
8390 				mutex_enter(&mpt->m_tx_waitq_mutex);
8391 			}
8392 			cmd = next_cmd;
8393 		}
8394 		mutex_exit(&mpt->m_tx_waitq_mutex);
8395 		break;
8396 	case MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET:
8397 		reason = CMD_ABORTED;
8398 		stat =  STAT_ABORTED;
8399 		/*FALLTHROUGH*/
8400 	case MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET:
8401 		while (cmd != NULL) {
8402 			next_cmd = cmd->cmd_linkp;
8403 			if ((Tgt(cmd) == target) && (Lun(cmd) == lun)) {
8404 				mptsas_waitq_delete(mpt, cmd);
8405 				mptsas_set_pkt_reason(mpt, cmd,
8406 				    reason, stat);
8407 				mptsas_doneq_add(mpt, cmd);
8408 			}
8409 			cmd = next_cmd;
8410 		}
8411 		mutex_enter(&mpt->m_tx_waitq_mutex);
8412 		cmd = mpt->m_tx_waitq;
8413 		while (cmd != NULL) {
8414 			next_cmd = cmd->cmd_linkp;
8415 			if ((Tgt(cmd) == target) && (Lun(cmd) == lun)) {
8416 				mptsas_tx_waitq_delete(mpt, cmd);
8417 				mutex_exit(&mpt->m_tx_waitq_mutex);
8418 				mptsas_set_pkt_reason(mpt, cmd,
8419 				    reason, stat);
8420 				mptsas_doneq_add(mpt, cmd);
8421 				mutex_enter(&mpt->m_tx_waitq_mutex);
8422 			}
8423 			cmd = next_cmd;
8424 		}
8425 		mutex_exit(&mpt->m_tx_waitq_mutex);
8426 		break;
8427 	default:
8428 		mptsas_log(mpt, CE_WARN, "Unknown task management type %d.",
8429 		    tasktype);
8430 		break;
8431 	}
8432 }
8433 
8434 /*
8435  * Clean up hba state, abort all outstanding command and commands in waitq
8436  * reset timeout of all targets.
8437  */
8438 static void
8439 mptsas_flush_hba(mptsas_t *mpt)
8440 {
8441 	mptsas_slots_t	*slots = mpt->m_active;
8442 	mptsas_cmd_t	*cmd;
8443 	int		slot;
8444 
8445 	NDBG25(("mptsas_flush_hba"));
8446 
8447 	/*
8448 	 * The I/O Controller should have already sent back
8449 	 * all commands via the scsi I/O reply frame.  Make
8450 	 * sure all commands have been flushed.
8451 	 * Account for TM request, which use the last SMID.
8452 	 */
8453 	for (slot = 0; slot <= mpt->m_active->m_n_slots; slot++) {
8454 		if ((cmd = slots->m_slot[slot]) == NULL)
8455 			continue;
8456 
8457 		if (cmd->cmd_flags & CFLAG_CMDIOC) {
8458 			/*
8459 			 * Need to make sure to tell everyone that might be
8460 			 * waiting on this command that it's going to fail.  If
8461 			 * we get here, this command will never timeout because
8462 			 * the active command table is going to be re-allocated,
8463 			 * so there will be nothing to check against a time out.
8464 			 * Instead, mark the command as failed due to reset.
8465 			 */
8466 			mptsas_set_pkt_reason(mpt, cmd, CMD_RESET,
8467 			    STAT_BUS_RESET);
8468 			if ((cmd->cmd_flags & CFLAG_PASSTHRU) ||
8469 			    (cmd->cmd_flags & CFLAG_CONFIG) ||
8470 			    (cmd->cmd_flags & CFLAG_FW_DIAG)) {
8471 				cmd->cmd_flags |= CFLAG_FINISHED;
8472 				cv_broadcast(&mpt->m_passthru_cv);
8473 				cv_broadcast(&mpt->m_config_cv);
8474 				cv_broadcast(&mpt->m_fw_diag_cv);
8475 			}
8476 			continue;
8477 		}
8478 
8479 		NDBG25(("mptsas_flush_hba discovered non-NULL cmd in slot %d",
8480 		    slot));
8481 		mptsas_dump_cmd(mpt, cmd);
8482 
8483 		mptsas_remove_cmd(mpt, cmd);
8484 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
8485 		mptsas_doneq_add(mpt, cmd);
8486 	}
8487 
8488 	/*
8489 	 * Flush the waitq.
8490 	 */
8491 	while ((cmd = mptsas_waitq_rm(mpt)) != NULL) {
8492 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
8493 		if ((cmd->cmd_flags & CFLAG_PASSTHRU) ||
8494 		    (cmd->cmd_flags & CFLAG_CONFIG) ||
8495 		    (cmd->cmd_flags & CFLAG_FW_DIAG)) {
8496 			cmd->cmd_flags |= CFLAG_FINISHED;
8497 			cv_broadcast(&mpt->m_passthru_cv);
8498 			cv_broadcast(&mpt->m_config_cv);
8499 			cv_broadcast(&mpt->m_fw_diag_cv);
8500 		} else {
8501 			mptsas_doneq_add(mpt, cmd);
8502 		}
8503 	}
8504 
8505 	/*
8506 	 * Flush the tx_waitq
8507 	 */
8508 	mutex_enter(&mpt->m_tx_waitq_mutex);
8509 	while ((cmd = mptsas_tx_waitq_rm(mpt)) != NULL) {
8510 		mutex_exit(&mpt->m_tx_waitq_mutex);
8511 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
8512 		mptsas_doneq_add(mpt, cmd);
8513 		mutex_enter(&mpt->m_tx_waitq_mutex);
8514 	}
8515 	mutex_exit(&mpt->m_tx_waitq_mutex);
8516 }
8517 
8518 /*
8519  * set pkt_reason and OR in pkt_statistics flag
8520  */
8521 static void
8522 mptsas_set_pkt_reason(mptsas_t *mpt, mptsas_cmd_t *cmd, uchar_t reason,
8523     uint_t stat)
8524 {
8525 #ifndef __lock_lint
8526 	_NOTE(ARGUNUSED(mpt))
8527 #endif
8528 
8529 	NDBG25(("mptsas_set_pkt_reason: cmd=0x%p reason=%x stat=%x",
8530 	    (void *)cmd, reason, stat));
8531 
8532 	if (cmd) {
8533 		if (cmd->cmd_pkt->pkt_reason == CMD_CMPLT) {
8534 			cmd->cmd_pkt->pkt_reason = reason;
8535 		}
8536 		cmd->cmd_pkt->pkt_statistics |= stat;
8537 	}
8538 }
8539 
8540 static void
8541 mptsas_start_watch_reset_delay()
8542 {
8543 	NDBG22(("mptsas_start_watch_reset_delay"));
8544 
8545 	mutex_enter(&mptsas_global_mutex);
8546 	if (mptsas_reset_watch == NULL && mptsas_timeouts_enabled) {
8547 		mptsas_reset_watch = timeout(mptsas_watch_reset_delay, NULL,
8548 		    drv_usectohz((clock_t)
8549 		    MPTSAS_WATCH_RESET_DELAY_TICK * 1000));
8550 		ASSERT(mptsas_reset_watch != NULL);
8551 	}
8552 	mutex_exit(&mptsas_global_mutex);
8553 }
8554 
8555 static void
8556 mptsas_setup_bus_reset_delay(mptsas_t *mpt)
8557 {
8558 	mptsas_target_t	*ptgt = NULL;
8559 
8560 	NDBG22(("mptsas_setup_bus_reset_delay"));
8561 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
8562 	    MPTSAS_HASH_FIRST);
8563 	while (ptgt != NULL) {
8564 		mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
8565 		ptgt->m_reset_delay = mpt->m_scsi_reset_delay;
8566 
8567 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
8568 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
8569 	}
8570 
8571 	mptsas_start_watch_reset_delay();
8572 }
8573 
8574 /*
8575  * mptsas_watch_reset_delay(_subr) is invoked by timeout() and checks every
8576  * mpt instance for active reset delays
8577  */
8578 static void
8579 mptsas_watch_reset_delay(void *arg)
8580 {
8581 #ifndef __lock_lint
8582 	_NOTE(ARGUNUSED(arg))
8583 #endif
8584 
8585 	mptsas_t	*mpt;
8586 	int		not_done = 0;
8587 
8588 	NDBG22(("mptsas_watch_reset_delay"));
8589 
8590 	mutex_enter(&mptsas_global_mutex);
8591 	mptsas_reset_watch = 0;
8592 	mutex_exit(&mptsas_global_mutex);
8593 	rw_enter(&mptsas_global_rwlock, RW_READER);
8594 	for (mpt = mptsas_head; mpt != NULL; mpt = mpt->m_next) {
8595 		if (mpt->m_tran == 0) {
8596 			continue;
8597 		}
8598 		mutex_enter(&mpt->m_mutex);
8599 		not_done += mptsas_watch_reset_delay_subr(mpt);
8600 		mutex_exit(&mpt->m_mutex);
8601 	}
8602 	rw_exit(&mptsas_global_rwlock);
8603 
8604 	if (not_done) {
8605 		mptsas_start_watch_reset_delay();
8606 	}
8607 }
8608 
8609 static int
8610 mptsas_watch_reset_delay_subr(mptsas_t *mpt)
8611 {
8612 	int		done = 0;
8613 	int		restart = 0;
8614 	mptsas_target_t	*ptgt = NULL;
8615 
8616 	NDBG22(("mptsas_watch_reset_delay_subr: mpt=0x%p", (void *)mpt));
8617 
8618 	ASSERT(mutex_owned(&mpt->m_mutex));
8619 
8620 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
8621 	    MPTSAS_HASH_FIRST);
8622 	while (ptgt != NULL) {
8623 		if (ptgt->m_reset_delay != 0) {
8624 			ptgt->m_reset_delay -=
8625 			    MPTSAS_WATCH_RESET_DELAY_TICK;
8626 			if (ptgt->m_reset_delay <= 0) {
8627 				ptgt->m_reset_delay = 0;
8628 				mptsas_set_throttle(mpt, ptgt,
8629 				    MAX_THROTTLE);
8630 				restart++;
8631 			} else {
8632 				done = -1;
8633 			}
8634 		}
8635 
8636 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
8637 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
8638 	}
8639 
8640 	if (restart > 0) {
8641 		mptsas_restart_hba(mpt);
8642 	}
8643 	return (done);
8644 }
8645 
8646 #ifdef MPTSAS_TEST
8647 static void
8648 mptsas_test_reset(mptsas_t *mpt, int target)
8649 {
8650 	mptsas_target_t    *ptgt = NULL;
8651 
8652 	if (mptsas_rtest == target) {
8653 		if (mptsas_do_scsi_reset(mpt, target) == TRUE) {
8654 			mptsas_rtest = -1;
8655 		}
8656 		if (mptsas_rtest == -1) {
8657 			NDBG22(("mptsas_test_reset success"));
8658 		}
8659 	}
8660 }
8661 #endif
8662 
8663 /*
8664  * abort handling:
8665  *
8666  * Notes:
8667  *	- if pkt is not NULL, abort just that command
8668  *	- if pkt is NULL, abort all outstanding commands for target
8669  */
8670 static int
8671 mptsas_scsi_abort(struct scsi_address *ap, struct scsi_pkt *pkt)
8672 {
8673 	mptsas_t		*mpt = ADDR2MPT(ap);
8674 	int			rval;
8675 	mptsas_tgt_private_t	*tgt_private;
8676 	int			target, lun;
8677 
8678 	tgt_private = (mptsas_tgt_private_t *)ap->a_hba_tran->
8679 	    tran_tgt_private;
8680 	ASSERT(tgt_private != NULL);
8681 	target = tgt_private->t_private->m_devhdl;
8682 	lun = tgt_private->t_lun;
8683 
8684 	NDBG23(("mptsas_scsi_abort: target=%d.%d", target, lun));
8685 
8686 	mutex_enter(&mpt->m_mutex);
8687 	rval = mptsas_do_scsi_abort(mpt, target, lun, pkt);
8688 	mutex_exit(&mpt->m_mutex);
8689 	return (rval);
8690 }
8691 
8692 static int
8693 mptsas_do_scsi_abort(mptsas_t *mpt, int target, int lun, struct scsi_pkt *pkt)
8694 {
8695 	mptsas_cmd_t	*sp = NULL;
8696 	mptsas_slots_t	*slots = mpt->m_active;
8697 	int		rval = FALSE;
8698 
8699 	ASSERT(mutex_owned(&mpt->m_mutex));
8700 
8701 	/*
8702 	 * Abort the command pkt on the target/lun in ap.  If pkt is
8703 	 * NULL, abort all outstanding commands on that target/lun.
8704 	 * If you can abort them, return 1, else return 0.
8705 	 * Each packet that's aborted should be sent back to the target
8706 	 * driver through the callback routine, with pkt_reason set to
8707 	 * CMD_ABORTED.
8708 	 *
8709 	 * abort cmd pkt on HBA hardware; clean out of outstanding
8710 	 * command lists, etc.
8711 	 */
8712 	if (pkt != NULL) {
8713 		/* abort the specified packet */
8714 		sp = PKT2CMD(pkt);
8715 
8716 		if (sp->cmd_queued) {
8717 			NDBG23(("mptsas_do_scsi_abort: queued sp=0x%p aborted",
8718 			    (void *)sp));
8719 			mptsas_waitq_delete(mpt, sp);
8720 			mptsas_set_pkt_reason(mpt, sp, CMD_ABORTED,
8721 			    STAT_ABORTED);
8722 			mptsas_doneq_add(mpt, sp);
8723 			rval = TRUE;
8724 			goto done;
8725 		}
8726 
8727 		/*
8728 		 * Have mpt firmware abort this command
8729 		 */
8730 
8731 		if (slots->m_slot[sp->cmd_slot] != NULL) {
8732 			rval = mptsas_ioc_task_management(mpt,
8733 			    MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK, target,
8734 			    lun, NULL, 0, 0);
8735 
8736 			/*
8737 			 * The transport layer expects only TRUE and FALSE.
8738 			 * Therefore, if mptsas_ioc_task_management returns
8739 			 * FAILED we will return FALSE.
8740 			 */
8741 			if (rval == FAILED)
8742 				rval = FALSE;
8743 			goto done;
8744 		}
8745 	}
8746 
8747 	/*
8748 	 * If pkt is NULL then abort task set
8749 	 */
8750 	rval = mptsas_ioc_task_management(mpt,
8751 	    MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET, target, lun, NULL, 0, 0);
8752 
8753 	/*
8754 	 * The transport layer expects only TRUE and FALSE.
8755 	 * Therefore, if mptsas_ioc_task_management returns
8756 	 * FAILED we will return FALSE.
8757 	 */
8758 	if (rval == FAILED)
8759 		rval = FALSE;
8760 
8761 #ifdef MPTSAS_TEST
8762 	if (rval && mptsas_test_stop) {
8763 		debug_enter("mptsas_do_scsi_abort");
8764 	}
8765 #endif
8766 
8767 done:
8768 	mptsas_doneq_empty(mpt);
8769 	return (rval);
8770 }
8771 
8772 /*
8773  * capability handling:
8774  * (*tran_getcap).  Get the capability named, and return its value.
8775  */
8776 static int
8777 mptsas_scsi_getcap(struct scsi_address *ap, char *cap, int tgtonly)
8778 {
8779 	mptsas_t	*mpt = ADDR2MPT(ap);
8780 	int		ckey;
8781 	int		rval = FALSE;
8782 
8783 	NDBG24(("mptsas_scsi_getcap: target=%d, cap=%s tgtonly=%x",
8784 	    ap->a_target, cap, tgtonly));
8785 
8786 	mutex_enter(&mpt->m_mutex);
8787 
8788 	if ((mptsas_scsi_capchk(cap, tgtonly, &ckey)) != TRUE) {
8789 		mutex_exit(&mpt->m_mutex);
8790 		return (UNDEFINED);
8791 	}
8792 
8793 	switch (ckey) {
8794 	case SCSI_CAP_DMA_MAX:
8795 		rval = (int)mpt->m_msg_dma_attr.dma_attr_maxxfer;
8796 		break;
8797 	case SCSI_CAP_ARQ:
8798 		rval = TRUE;
8799 		break;
8800 	case SCSI_CAP_MSG_OUT:
8801 	case SCSI_CAP_PARITY:
8802 	case SCSI_CAP_UNTAGGED_QING:
8803 		rval = TRUE;
8804 		break;
8805 	case SCSI_CAP_TAGGED_QING:
8806 		rval = TRUE;
8807 		break;
8808 	case SCSI_CAP_RESET_NOTIFICATION:
8809 		rval = TRUE;
8810 		break;
8811 	case SCSI_CAP_LINKED_CMDS:
8812 		rval = FALSE;
8813 		break;
8814 	case SCSI_CAP_QFULL_RETRIES:
8815 		rval = ((mptsas_tgt_private_t *)(ap->a_hba_tran->
8816 		    tran_tgt_private))->t_private->m_qfull_retries;
8817 		break;
8818 	case SCSI_CAP_QFULL_RETRY_INTERVAL:
8819 		rval = drv_hztousec(((mptsas_tgt_private_t *)
8820 		    (ap->a_hba_tran->tran_tgt_private))->
8821 		    t_private->m_qfull_retry_interval) / 1000;
8822 		break;
8823 	case SCSI_CAP_CDB_LEN:
8824 		rval = CDB_GROUP4;
8825 		break;
8826 	case SCSI_CAP_INTERCONNECT_TYPE:
8827 		rval = INTERCONNECT_SAS;
8828 		break;
8829 	case SCSI_CAP_TRAN_LAYER_RETRIES:
8830 		if (mpt->m_ioc_capabilities &
8831 		    MPI2_IOCFACTS_CAPABILITY_TLR)
8832 			rval = TRUE;
8833 		else
8834 			rval = FALSE;
8835 		break;
8836 	default:
8837 		rval = UNDEFINED;
8838 		break;
8839 	}
8840 
8841 	NDBG24(("mptsas_scsi_getcap: %s, rval=%x", cap, rval));
8842 
8843 	mutex_exit(&mpt->m_mutex);
8844 	return (rval);
8845 }
8846 
8847 /*
8848  * (*tran_setcap).  Set the capability named to the value given.
8849  */
8850 static int
8851 mptsas_scsi_setcap(struct scsi_address *ap, char *cap, int value, int tgtonly)
8852 {
8853 	mptsas_t	*mpt = ADDR2MPT(ap);
8854 	int		ckey;
8855 	int		rval = FALSE;
8856 
8857 	NDBG24(("mptsas_scsi_setcap: target=%d, cap=%s value=%x tgtonly=%x",
8858 	    ap->a_target, cap, value, tgtonly));
8859 
8860 	if (!tgtonly) {
8861 		return (rval);
8862 	}
8863 
8864 	mutex_enter(&mpt->m_mutex);
8865 
8866 	if ((mptsas_scsi_capchk(cap, tgtonly, &ckey)) != TRUE) {
8867 		mutex_exit(&mpt->m_mutex);
8868 		return (UNDEFINED);
8869 	}
8870 
8871 	switch (ckey) {
8872 	case SCSI_CAP_DMA_MAX:
8873 	case SCSI_CAP_MSG_OUT:
8874 	case SCSI_CAP_PARITY:
8875 	case SCSI_CAP_INITIATOR_ID:
8876 	case SCSI_CAP_LINKED_CMDS:
8877 	case SCSI_CAP_UNTAGGED_QING:
8878 	case SCSI_CAP_RESET_NOTIFICATION:
8879 		/*
8880 		 * None of these are settable via
8881 		 * the capability interface.
8882 		 */
8883 		break;
8884 	case SCSI_CAP_ARQ:
8885 		/*
8886 		 * We cannot turn off arq so return false if asked to
8887 		 */
8888 		if (value) {
8889 			rval = TRUE;
8890 		} else {
8891 			rval = FALSE;
8892 		}
8893 		break;
8894 	case SCSI_CAP_TAGGED_QING:
8895 		mptsas_set_throttle(mpt, ((mptsas_tgt_private_t *)
8896 		    (ap->a_hba_tran->tran_tgt_private))->t_private,
8897 		    MAX_THROTTLE);
8898 		rval = TRUE;
8899 		break;
8900 	case SCSI_CAP_QFULL_RETRIES:
8901 		((mptsas_tgt_private_t *)(ap->a_hba_tran->tran_tgt_private))->
8902 		    t_private->m_qfull_retries = (uchar_t)value;
8903 		rval = TRUE;
8904 		break;
8905 	case SCSI_CAP_QFULL_RETRY_INTERVAL:
8906 		((mptsas_tgt_private_t *)(ap->a_hba_tran->tran_tgt_private))->
8907 		    t_private->m_qfull_retry_interval =
8908 		    drv_usectohz(value * 1000);
8909 		rval = TRUE;
8910 		break;
8911 	default:
8912 		rval = UNDEFINED;
8913 		break;
8914 	}
8915 	mutex_exit(&mpt->m_mutex);
8916 	return (rval);
8917 }
8918 
8919 /*
8920  * Utility routine for mptsas_ifsetcap/ifgetcap
8921  */
8922 /*ARGSUSED*/
8923 static int
8924 mptsas_scsi_capchk(char *cap, int tgtonly, int *cidxp)
8925 {
8926 	NDBG24(("mptsas_scsi_capchk: cap=%s", cap));
8927 
8928 	if (!cap)
8929 		return (FALSE);
8930 
8931 	*cidxp = scsi_hba_lookup_capstr(cap);
8932 	return (TRUE);
8933 }
8934 
8935 static int
8936 mptsas_alloc_active_slots(mptsas_t *mpt, int flag)
8937 {
8938 	mptsas_slots_t	*old_active = mpt->m_active;
8939 	mptsas_slots_t	*new_active;
8940 	size_t		size;
8941 	int		rval = -1;
8942 
8943 	if (mpt->m_ncmds) {
8944 		NDBG9(("cannot change size of active slots array"));
8945 		return (rval);
8946 	}
8947 
8948 	size = MPTSAS_SLOTS_SIZE(mpt);
8949 	new_active = kmem_zalloc(size, flag);
8950 	if (new_active == NULL) {
8951 		NDBG1(("new active alloc failed"));
8952 	} else {
8953 		/*
8954 		 * Since SMID 0 is reserved and the TM slot is reserved, the
8955 		 * number of slots that can be used at any one time is
8956 		 * m_max_requests - 2.
8957 		 */
8958 		mpt->m_active = new_active;
8959 		mpt->m_active->m_n_slots = (mpt->m_max_requests - 2);
8960 		mpt->m_active->m_size = size;
8961 		mpt->m_active->m_tags = 1;
8962 		if (old_active) {
8963 			kmem_free(old_active, old_active->m_size);
8964 		}
8965 		rval = 0;
8966 	}
8967 
8968 	return (rval);
8969 }
8970 
8971 /*
8972  * Error logging, printing, and debug print routines.
8973  */
8974 static char *mptsas_label = "mpt_sas";
8975 
8976 /*PRINTFLIKE3*/
8977 void
8978 mptsas_log(mptsas_t *mpt, int level, char *fmt, ...)
8979 {
8980 	dev_info_t	*dev;
8981 	va_list		ap;
8982 
8983 	if (mpt) {
8984 		dev = mpt->m_dip;
8985 	} else {
8986 		dev = 0;
8987 	}
8988 
8989 	mutex_enter(&mptsas_log_mutex);
8990 
8991 	va_start(ap, fmt);
8992 	(void) vsprintf(mptsas_log_buf, fmt, ap);
8993 	va_end(ap);
8994 
8995 	if (level == CE_CONT) {
8996 		scsi_log(dev, mptsas_label, level, "%s\n", mptsas_log_buf);
8997 	} else {
8998 		scsi_log(dev, mptsas_label, level, "%s", mptsas_log_buf);
8999 	}
9000 
9001 	mutex_exit(&mptsas_log_mutex);
9002 }
9003 
9004 #ifdef MPTSAS_DEBUG
9005 /*PRINTFLIKE1*/
9006 void
9007 mptsas_printf(char *fmt, ...)
9008 {
9009 	dev_info_t	*dev = 0;
9010 	va_list		ap;
9011 
9012 	mutex_enter(&mptsas_log_mutex);
9013 
9014 	va_start(ap, fmt);
9015 	(void) vsprintf(mptsas_log_buf, fmt, ap);
9016 	va_end(ap);
9017 
9018 #ifdef PROM_PRINTF
9019 	prom_printf("%s:\t%s\n", mptsas_label, mptsas_log_buf);
9020 #else
9021 	scsi_log(dev, mptsas_label, SCSI_DEBUG, "%s\n", mptsas_log_buf);
9022 #endif
9023 	mutex_exit(&mptsas_log_mutex);
9024 }
9025 #endif
9026 
9027 /*
9028  * timeout handling
9029  */
9030 static void
9031 mptsas_watch(void *arg)
9032 {
9033 #ifndef __lock_lint
9034 	_NOTE(ARGUNUSED(arg))
9035 #endif
9036 
9037 	mptsas_t	*mpt;
9038 	uint32_t	doorbell;
9039 
9040 	NDBG30(("mptsas_watch"));
9041 
9042 	rw_enter(&mptsas_global_rwlock, RW_READER);
9043 	for (mpt = mptsas_head; mpt != (mptsas_t *)NULL; mpt = mpt->m_next) {
9044 
9045 		mutex_enter(&mpt->m_mutex);
9046 
9047 		/* Skip device if not powered on */
9048 		if (mpt->m_options & MPTSAS_OPT_PM) {
9049 			if (mpt->m_power_level == PM_LEVEL_D0) {
9050 				(void) pm_busy_component(mpt->m_dip, 0);
9051 				mpt->m_busy = 1;
9052 			} else {
9053 				mutex_exit(&mpt->m_mutex);
9054 				continue;
9055 			}
9056 		}
9057 
9058 		/*
9059 		 * Check if controller is in a FAULT state. If so, reset it.
9060 		 */
9061 		doorbell = ddi_get32(mpt->m_datap, &mpt->m_reg->Doorbell);
9062 		if ((doorbell & MPI2_IOC_STATE_MASK) == MPI2_IOC_STATE_FAULT) {
9063 			doorbell &= MPI2_DOORBELL_DATA_MASK;
9064 			mptsas_log(mpt, CE_WARN, "MPT Firmware Fault, "
9065 			    "code: %04x", doorbell);
9066 			if ((mptsas_restart_ioc(mpt)) == DDI_FAILURE) {
9067 				mptsas_log(mpt, CE_WARN, "Reset failed"
9068 				    "after fault was detected");
9069 			}
9070 		}
9071 
9072 		/*
9073 		 * For now, always call mptsas_watchsubr.
9074 		 */
9075 		mptsas_watchsubr(mpt);
9076 
9077 		if (mpt->m_options & MPTSAS_OPT_PM) {
9078 			mpt->m_busy = 0;
9079 			(void) pm_idle_component(mpt->m_dip, 0);
9080 		}
9081 
9082 		mutex_exit(&mpt->m_mutex);
9083 	}
9084 	rw_exit(&mptsas_global_rwlock);
9085 
9086 	mutex_enter(&mptsas_global_mutex);
9087 	if (mptsas_timeouts_enabled)
9088 		mptsas_timeout_id = timeout(mptsas_watch, NULL, mptsas_tick);
9089 	mutex_exit(&mptsas_global_mutex);
9090 }
9091 
9092 static void
9093 mptsas_watchsubr(mptsas_t *mpt)
9094 {
9095 	int		i;
9096 	mptsas_cmd_t	*cmd;
9097 	mptsas_target_t	*ptgt = NULL;
9098 
9099 	NDBG30(("mptsas_watchsubr: mpt=0x%p", (void *)mpt));
9100 
9101 #ifdef MPTSAS_TEST
9102 	if (mptsas_enable_untagged) {
9103 		mptsas_test_untagged++;
9104 	}
9105 #endif
9106 
9107 	/*
9108 	 * Check for commands stuck in active slot
9109 	 * Account for TM requests, which use the last SMID.
9110 	 */
9111 	for (i = 0; i <= mpt->m_active->m_n_slots; i++) {
9112 		if ((cmd = mpt->m_active->m_slot[i]) != NULL) {
9113 			if ((cmd->cmd_flags & CFLAG_CMDIOC) == 0) {
9114 				cmd->cmd_active_timeout -=
9115 				    mptsas_scsi_watchdog_tick;
9116 				if (cmd->cmd_active_timeout <= 0) {
9117 					/*
9118 					 * There seems to be a command stuck
9119 					 * in the active slot.  Drain throttle.
9120 					 */
9121 					mptsas_set_throttle(mpt,
9122 					    cmd->cmd_tgt_addr,
9123 					    DRAIN_THROTTLE);
9124 				}
9125 			}
9126 			if ((cmd->cmd_flags & CFLAG_PASSTHRU) ||
9127 			    (cmd->cmd_flags & CFLAG_CONFIG) ||
9128 			    (cmd->cmd_flags & CFLAG_FW_DIAG)) {
9129 				cmd->cmd_active_timeout -=
9130 				    mptsas_scsi_watchdog_tick;
9131 				if (cmd->cmd_active_timeout <= 0) {
9132 					/*
9133 					 * passthrough command timeout
9134 					 */
9135 					cmd->cmd_flags |= (CFLAG_FINISHED |
9136 					    CFLAG_TIMEOUT);
9137 					cv_broadcast(&mpt->m_passthru_cv);
9138 					cv_broadcast(&mpt->m_config_cv);
9139 					cv_broadcast(&mpt->m_fw_diag_cv);
9140 				}
9141 			}
9142 		}
9143 	}
9144 
9145 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
9146 	    MPTSAS_HASH_FIRST);
9147 	while (ptgt != NULL) {
9148 		/*
9149 		 * If we were draining due to a qfull condition,
9150 		 * go back to full throttle.
9151 		 */
9152 		if ((ptgt->m_t_throttle < MAX_THROTTLE) &&
9153 		    (ptgt->m_t_throttle > HOLD_THROTTLE) &&
9154 		    (ptgt->m_t_ncmds < ptgt->m_t_throttle)) {
9155 			mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
9156 			mptsas_restart_hba(mpt);
9157 		}
9158 
9159 		if ((ptgt->m_t_ncmds > 0) &&
9160 		    (ptgt->m_timebase)) {
9161 
9162 			if (ptgt->m_timebase <=
9163 			    mptsas_scsi_watchdog_tick) {
9164 				ptgt->m_timebase +=
9165 				    mptsas_scsi_watchdog_tick;
9166 				ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9167 				    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
9168 				continue;
9169 			}
9170 
9171 			ptgt->m_timeout -= mptsas_scsi_watchdog_tick;
9172 
9173 			if (ptgt->m_timeout < 0) {
9174 				mptsas_cmd_timeout(mpt, ptgt->m_devhdl);
9175 				ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9176 				    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
9177 				continue;
9178 			}
9179 
9180 			if ((ptgt->m_timeout) <=
9181 			    mptsas_scsi_watchdog_tick) {
9182 				NDBG23(("pending timeout"));
9183 				mptsas_set_throttle(mpt, ptgt,
9184 				    DRAIN_THROTTLE);
9185 			}
9186 		}
9187 
9188 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9189 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
9190 	}
9191 }
9192 
9193 /*
9194  * timeout recovery
9195  */
9196 static void
9197 mptsas_cmd_timeout(mptsas_t *mpt, uint16_t devhdl)
9198 {
9199 
9200 	NDBG29(("mptsas_cmd_timeout: target=%d", devhdl));
9201 	mptsas_log(mpt, CE_WARN, "Disconnected command timeout for "
9202 	    "Target %d", devhdl);
9203 
9204 	/*
9205 	 * If the current target is not the target passed in,
9206 	 * try to reset that target.
9207 	 */
9208 	NDBG29(("mptsas_cmd_timeout: device reset"));
9209 	if (mptsas_do_scsi_reset(mpt, devhdl) != TRUE) {
9210 		mptsas_log(mpt, CE_WARN, "Target %d reset for command timeout "
9211 		    "recovery failed!", devhdl);
9212 	}
9213 }
9214 
9215 /*
9216  * Device / Hotplug control
9217  */
9218 static int
9219 mptsas_scsi_quiesce(dev_info_t *dip)
9220 {
9221 	mptsas_t	*mpt;
9222 	scsi_hba_tran_t	*tran;
9223 
9224 	tran = ddi_get_driver_private(dip);
9225 	if (tran == NULL || (mpt = TRAN2MPT(tran)) == NULL)
9226 		return (-1);
9227 
9228 	return (mptsas_quiesce_bus(mpt));
9229 }
9230 
9231 static int
9232 mptsas_scsi_unquiesce(dev_info_t *dip)
9233 {
9234 	mptsas_t		*mpt;
9235 	scsi_hba_tran_t	*tran;
9236 
9237 	tran = ddi_get_driver_private(dip);
9238 	if (tran == NULL || (mpt = TRAN2MPT(tran)) == NULL)
9239 		return (-1);
9240 
9241 	return (mptsas_unquiesce_bus(mpt));
9242 }
9243 
9244 static int
9245 mptsas_quiesce_bus(mptsas_t *mpt)
9246 {
9247 	mptsas_target_t	*ptgt = NULL;
9248 
9249 	NDBG28(("mptsas_quiesce_bus"));
9250 	mutex_enter(&mpt->m_mutex);
9251 
9252 	/* Set all the throttles to zero */
9253 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
9254 	    MPTSAS_HASH_FIRST);
9255 	while (ptgt != NULL) {
9256 		mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
9257 
9258 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9259 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
9260 	}
9261 
9262 	/* If there are any outstanding commands in the queue */
9263 	if (mpt->m_ncmds) {
9264 		mpt->m_softstate |= MPTSAS_SS_DRAINING;
9265 		mpt->m_quiesce_timeid = timeout(mptsas_ncmds_checkdrain,
9266 		    mpt, (MPTSAS_QUIESCE_TIMEOUT * drv_usectohz(1000000)));
9267 		if (cv_wait_sig(&mpt->m_cv, &mpt->m_mutex) == 0) {
9268 			/*
9269 			 * Quiesce has been interrupted
9270 			 */
9271 			mpt->m_softstate &= ~MPTSAS_SS_DRAINING;
9272 			ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9273 			    &mpt->m_active->m_tgttbl, MPTSAS_HASH_FIRST);
9274 			while (ptgt != NULL) {
9275 				mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
9276 
9277 				ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9278 				    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
9279 			}
9280 			mptsas_restart_hba(mpt);
9281 			if (mpt->m_quiesce_timeid != 0) {
9282 				timeout_id_t tid = mpt->m_quiesce_timeid;
9283 				mpt->m_quiesce_timeid = 0;
9284 				mutex_exit(&mpt->m_mutex);
9285 				(void) untimeout(tid);
9286 				return (-1);
9287 			}
9288 			mutex_exit(&mpt->m_mutex);
9289 			return (-1);
9290 		} else {
9291 			/* Bus has been quiesced */
9292 			ASSERT(mpt->m_quiesce_timeid == 0);
9293 			mpt->m_softstate &= ~MPTSAS_SS_DRAINING;
9294 			mpt->m_softstate |= MPTSAS_SS_QUIESCED;
9295 			mutex_exit(&mpt->m_mutex);
9296 			return (0);
9297 		}
9298 	}
9299 	/* Bus was not busy - QUIESCED */
9300 	mutex_exit(&mpt->m_mutex);
9301 
9302 	return (0);
9303 }
9304 
9305 static int
9306 mptsas_unquiesce_bus(mptsas_t *mpt)
9307 {
9308 	mptsas_target_t	*ptgt = NULL;
9309 
9310 	NDBG28(("mptsas_unquiesce_bus"));
9311 	mutex_enter(&mpt->m_mutex);
9312 	mpt->m_softstate &= ~MPTSAS_SS_QUIESCED;
9313 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
9314 	    MPTSAS_HASH_FIRST);
9315 	while (ptgt != NULL) {
9316 		mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
9317 
9318 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9319 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
9320 	}
9321 	mptsas_restart_hba(mpt);
9322 	mutex_exit(&mpt->m_mutex);
9323 	return (0);
9324 }
9325 
9326 static void
9327 mptsas_ncmds_checkdrain(void *arg)
9328 {
9329 	mptsas_t	*mpt = arg;
9330 	mptsas_target_t	*ptgt = NULL;
9331 
9332 	mutex_enter(&mpt->m_mutex);
9333 	if (mpt->m_softstate & MPTSAS_SS_DRAINING) {
9334 		mpt->m_quiesce_timeid = 0;
9335 		if (mpt->m_ncmds == 0) {
9336 			/* Command queue has been drained */
9337 			cv_signal(&mpt->m_cv);
9338 		} else {
9339 			/*
9340 			 * The throttle may have been reset because
9341 			 * of a SCSI bus reset
9342 			 */
9343 			ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9344 			    &mpt->m_active->m_tgttbl, MPTSAS_HASH_FIRST);
9345 			while (ptgt != NULL) {
9346 				mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
9347 
9348 				ptgt = (mptsas_target_t *)mptsas_hash_traverse(
9349 				    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
9350 			}
9351 
9352 			mpt->m_quiesce_timeid = timeout(mptsas_ncmds_checkdrain,
9353 			    mpt, (MPTSAS_QUIESCE_TIMEOUT *
9354 			    drv_usectohz(1000000)));
9355 		}
9356 	}
9357 	mutex_exit(&mpt->m_mutex);
9358 }
9359 
9360 /*ARGSUSED*/
9361 static void
9362 mptsas_dump_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
9363 {
9364 	int	i;
9365 	uint8_t	*cp = (uchar_t *)cmd->cmd_pkt->pkt_cdbp;
9366 	char	buf[128];
9367 
9368 	buf[0] = '\0';
9369 	NDBG25(("?Cmd (0x%p) dump for Target %d Lun %d:\n", (void *)cmd,
9370 	    Tgt(cmd), Lun(cmd)));
9371 	(void) sprintf(&buf[0], "\tcdb=[");
9372 	for (i = 0; i < (int)cmd->cmd_cdblen; i++) {
9373 		(void) sprintf(&buf[strlen(buf)], " 0x%x", *cp++);
9374 	}
9375 	(void) sprintf(&buf[strlen(buf)], " ]");
9376 	NDBG25(("?%s\n", buf));
9377 	NDBG25(("?pkt_flags=0x%x pkt_statistics=0x%x pkt_state=0x%x\n",
9378 	    cmd->cmd_pkt->pkt_flags, cmd->cmd_pkt->pkt_statistics,
9379 	    cmd->cmd_pkt->pkt_state));
9380 	NDBG25(("?pkt_scbp=0x%x cmd_flags=0x%x\n", *(cmd->cmd_pkt->pkt_scbp),
9381 	    cmd->cmd_flags));
9382 }
9383 
9384 static void
9385 mptsas_start_passthru(mptsas_t *mpt, mptsas_cmd_t *cmd)
9386 {
9387 	caddr_t			memp;
9388 	pMPI2RequestHeader_t	request_hdrp;
9389 	struct scsi_pkt		*pkt = cmd->cmd_pkt;
9390 	mptsas_pt_request_t	*pt = pkt->pkt_ha_private;
9391 	uint32_t		request_size, data_size, dataout_size;
9392 	uint32_t		direction;
9393 	ddi_dma_cookie_t	data_cookie;
9394 	ddi_dma_cookie_t	dataout_cookie;
9395 	uint32_t		request_desc_low, request_desc_high = 0;
9396 	uint32_t		i, sense_bufp;
9397 	uint8_t			desc_type;
9398 	uint8_t			*request, function;
9399 	ddi_dma_handle_t	dma_hdl = mpt->m_dma_req_frame_hdl;
9400 	ddi_acc_handle_t	acc_hdl = mpt->m_acc_req_frame_hdl;
9401 
9402 	desc_type = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
9403 
9404 	request = pt->request;
9405 	direction = pt->direction;
9406 	request_size = pt->request_size;
9407 	data_size = pt->data_size;
9408 	dataout_size = pt->dataout_size;
9409 	data_cookie = pt->data_cookie;
9410 	dataout_cookie = pt->dataout_cookie;
9411 
9412 	/*
9413 	 * Store the passthrough message in memory location
9414 	 * corresponding to our slot number
9415 	 */
9416 	memp = mpt->m_req_frame + (mpt->m_req_frame_size * cmd->cmd_slot);
9417 	request_hdrp = (pMPI2RequestHeader_t)memp;
9418 	bzero(memp, mpt->m_req_frame_size);
9419 
9420 	for (i = 0; i < request_size; i++) {
9421 		bcopy(request + i, memp + i, 1);
9422 	}
9423 
9424 	if (data_size || dataout_size) {
9425 		pMpi2SGESimple64_t	sgep;
9426 		uint32_t		sge_flags;
9427 
9428 		sgep = (pMpi2SGESimple64_t)((uint8_t *)request_hdrp +
9429 		    request_size);
9430 		if (dataout_size) {
9431 
9432 			sge_flags = dataout_size |
9433 			    ((uint32_t)(MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
9434 			    MPI2_SGE_FLAGS_END_OF_BUFFER |
9435 			    MPI2_SGE_FLAGS_HOST_TO_IOC |
9436 			    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
9437 			    MPI2_SGE_FLAGS_SHIFT);
9438 			ddi_put32(acc_hdl, &sgep->FlagsLength, sge_flags);
9439 			ddi_put32(acc_hdl, &sgep->Address.Low,
9440 			    (uint32_t)(dataout_cookie.dmac_laddress &
9441 			    0xffffffffull));
9442 			ddi_put32(acc_hdl, &sgep->Address.High,
9443 			    (uint32_t)(dataout_cookie.dmac_laddress
9444 			    >> 32));
9445 			sgep++;
9446 		}
9447 		sge_flags = data_size;
9448 		sge_flags |= ((uint32_t)(MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
9449 		    MPI2_SGE_FLAGS_LAST_ELEMENT |
9450 		    MPI2_SGE_FLAGS_END_OF_BUFFER |
9451 		    MPI2_SGE_FLAGS_END_OF_LIST |
9452 		    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
9453 		    MPI2_SGE_FLAGS_SHIFT);
9454 		if (direction == MPTSAS_PASS_THRU_DIRECTION_WRITE) {
9455 			sge_flags |= ((uint32_t)(MPI2_SGE_FLAGS_HOST_TO_IOC) <<
9456 			    MPI2_SGE_FLAGS_SHIFT);
9457 		} else {
9458 			sge_flags |= ((uint32_t)(MPI2_SGE_FLAGS_IOC_TO_HOST) <<
9459 			    MPI2_SGE_FLAGS_SHIFT);
9460 		}
9461 		ddi_put32(acc_hdl, &sgep->FlagsLength,
9462 		    sge_flags);
9463 		ddi_put32(acc_hdl, &sgep->Address.Low,
9464 		    (uint32_t)(data_cookie.dmac_laddress &
9465 		    0xffffffffull));
9466 		ddi_put32(acc_hdl, &sgep->Address.High,
9467 		    (uint32_t)(data_cookie.dmac_laddress >> 32));
9468 	}
9469 
9470 	function = request_hdrp->Function;
9471 	if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
9472 	    (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
9473 		pMpi2SCSIIORequest_t	scsi_io_req;
9474 
9475 		scsi_io_req = (pMpi2SCSIIORequest_t)request_hdrp;
9476 		/*
9477 		 * Put SGE for data and data_out buffer at the end of
9478 		 * scsi_io_request message header.(64 bytes in total)
9479 		 * Following above SGEs, the residual space will be
9480 		 * used by sense data.
9481 		 */
9482 		ddi_put8(acc_hdl,
9483 		    &scsi_io_req->SenseBufferLength,
9484 		    (uint8_t)(request_size - 64));
9485 
9486 		sense_bufp = mpt->m_req_frame_dma_addr +
9487 		    (mpt->m_req_frame_size * cmd->cmd_slot);
9488 		sense_bufp += 64;
9489 		ddi_put32(acc_hdl,
9490 		    &scsi_io_req->SenseBufferLowAddress, sense_bufp);
9491 
9492 		/*
9493 		 * Set SGLOffset0 value
9494 		 */
9495 		ddi_put8(acc_hdl, &scsi_io_req->SGLOffset0,
9496 		    offsetof(MPI2_SCSI_IO_REQUEST, SGL) / 4);
9497 
9498 		/*
9499 		 * Setup descriptor info.  RAID passthrough must use the
9500 		 * default request descriptor which is already set, so if this
9501 		 * is a SCSI IO request, change the descriptor to SCSI IO.
9502 		 */
9503 		if (function == MPI2_FUNCTION_SCSI_IO_REQUEST) {
9504 			desc_type = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
9505 		}
9506 		request_desc_high = (ddi_get16(acc_hdl,
9507 		    &scsi_io_req->DevHandle) << 16);
9508 	}
9509 
9510 	/*
9511 	 * We must wait till the message has been completed before
9512 	 * beginning the next message so we wait for this one to
9513 	 * finish.
9514 	 */
9515 	(void) ddi_dma_sync(dma_hdl, 0, 0, DDI_DMA_SYNC_FORDEV);
9516 	request_desc_low = (cmd->cmd_slot << 16) + desc_type;
9517 	cmd->cmd_rfm = NULL;
9518 	MPTSAS_START_CMD(mpt, request_desc_low, request_desc_high);
9519 	if ((mptsas_check_dma_handle(dma_hdl) != DDI_SUCCESS) ||
9520 	    (mptsas_check_acc_handle(acc_hdl) != DDI_SUCCESS)) {
9521 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
9522 	}
9523 }
9524 
9525 
9526 
9527 static int
9528 mptsas_do_passthru(mptsas_t *mpt, uint8_t *request, uint8_t *reply,
9529     uint8_t *data, uint32_t request_size, uint32_t reply_size,
9530     uint32_t data_size, uint32_t direction, uint8_t *dataout,
9531     uint32_t dataout_size, short timeout, int mode)
9532 {
9533 	mptsas_pt_request_t		pt;
9534 	mptsas_dma_alloc_state_t	data_dma_state;
9535 	mptsas_dma_alloc_state_t	dataout_dma_state;
9536 	caddr_t				memp;
9537 	mptsas_cmd_t			*cmd = NULL;
9538 	struct scsi_pkt			*pkt;
9539 	uint32_t			reply_len = 0, sense_len = 0;
9540 	pMPI2RequestHeader_t		request_hdrp;
9541 	pMPI2RequestHeader_t		request_msg;
9542 	pMPI2DefaultReply_t		reply_msg;
9543 	Mpi2SCSIIOReply_t		rep_msg;
9544 	int				i, status = 0, pt_flags = 0, rv = 0;
9545 	int				rvalue;
9546 	uint8_t				function;
9547 
9548 	ASSERT(mutex_owned(&mpt->m_mutex));
9549 
9550 	reply_msg = (pMPI2DefaultReply_t)(&rep_msg);
9551 	bzero(reply_msg, sizeof (MPI2_DEFAULT_REPLY));
9552 	request_msg = kmem_zalloc(request_size, KM_SLEEP);
9553 
9554 	mutex_exit(&mpt->m_mutex);
9555 	/*
9556 	 * copy in the request buffer since it could be used by
9557 	 * another thread when the pt request into waitq
9558 	 */
9559 	if (ddi_copyin(request, request_msg, request_size, mode)) {
9560 		mutex_enter(&mpt->m_mutex);
9561 		status = EFAULT;
9562 		mptsas_log(mpt, CE_WARN, "failed to copy request data");
9563 		goto out;
9564 	}
9565 	mutex_enter(&mpt->m_mutex);
9566 
9567 	function = request_msg->Function;
9568 	if (function == MPI2_FUNCTION_SCSI_TASK_MGMT) {
9569 		pMpi2SCSITaskManagementRequest_t	task;
9570 		task = (pMpi2SCSITaskManagementRequest_t)request_msg;
9571 		mptsas_setup_bus_reset_delay(mpt);
9572 		rv = mptsas_ioc_task_management(mpt, task->TaskType,
9573 		    task->DevHandle, (int)task->LUN[1], reply, reply_size,
9574 		    mode);
9575 
9576 		if (rv != TRUE) {
9577 			status = EIO;
9578 			mptsas_log(mpt, CE_WARN, "task management failed");
9579 		}
9580 		goto out;
9581 	}
9582 
9583 	if (data_size != 0) {
9584 		data_dma_state.size = data_size;
9585 		if (mptsas_dma_alloc(mpt, &data_dma_state) != DDI_SUCCESS) {
9586 			status = ENOMEM;
9587 			mptsas_log(mpt, CE_WARN, "failed to alloc DMA "
9588 			    "resource");
9589 			goto out;
9590 		}
9591 		pt_flags |= MPTSAS_DATA_ALLOCATED;
9592 		if (direction == MPTSAS_PASS_THRU_DIRECTION_WRITE) {
9593 			mutex_exit(&mpt->m_mutex);
9594 			for (i = 0; i < data_size; i++) {
9595 				if (ddi_copyin(data + i, (uint8_t *)
9596 				    data_dma_state.memp + i, 1, mode)) {
9597 					mutex_enter(&mpt->m_mutex);
9598 					status = EFAULT;
9599 					mptsas_log(mpt, CE_WARN, "failed to "
9600 					    "copy read data");
9601 					goto out;
9602 				}
9603 			}
9604 			mutex_enter(&mpt->m_mutex);
9605 		}
9606 	}
9607 
9608 	if (dataout_size != 0) {
9609 		dataout_dma_state.size = dataout_size;
9610 		if (mptsas_dma_alloc(mpt, &dataout_dma_state) != DDI_SUCCESS) {
9611 			status = ENOMEM;
9612 			mptsas_log(mpt, CE_WARN, "failed to alloc DMA "
9613 			    "resource");
9614 			goto out;
9615 		}
9616 		pt_flags |= MPTSAS_DATAOUT_ALLOCATED;
9617 		mutex_exit(&mpt->m_mutex);
9618 		for (i = 0; i < dataout_size; i++) {
9619 			if (ddi_copyin(dataout + i, (uint8_t *)
9620 			    dataout_dma_state.memp + i, 1, mode)) {
9621 				mutex_enter(&mpt->m_mutex);
9622 				mptsas_log(mpt, CE_WARN, "failed to copy out"
9623 				    " data");
9624 				status = EFAULT;
9625 				goto out;
9626 			}
9627 		}
9628 		mutex_enter(&mpt->m_mutex);
9629 	}
9630 
9631 	if ((rvalue = (mptsas_request_from_pool(mpt, &cmd, &pkt))) == -1) {
9632 		status = EAGAIN;
9633 		mptsas_log(mpt, CE_NOTE, "event ack command pool is full");
9634 		goto out;
9635 	}
9636 	pt_flags |= MPTSAS_REQUEST_POOL_CMD;
9637 
9638 	bzero((caddr_t)cmd, sizeof (*cmd));
9639 	bzero((caddr_t)pkt, scsi_pkt_size());
9640 	bzero((caddr_t)&pt, sizeof (pt));
9641 
9642 	cmd->ioc_cmd_slot = (uint32_t)(rvalue);
9643 
9644 	pt.request = (uint8_t *)request_msg;
9645 	pt.direction = direction;
9646 	pt.request_size = request_size;
9647 	pt.data_size = data_size;
9648 	pt.dataout_size = dataout_size;
9649 	pt.data_cookie = data_dma_state.cookie;
9650 	pt.dataout_cookie = dataout_dma_state.cookie;
9651 
9652 	/*
9653 	 * Form a blank cmd/pkt to store the acknowledgement message
9654 	 */
9655 	pkt->pkt_cdbp		= (opaque_t)&cmd->cmd_cdb[0];
9656 	pkt->pkt_scbp		= (opaque_t)&cmd->cmd_scb;
9657 	pkt->pkt_ha_private	= (opaque_t)&pt;
9658 	pkt->pkt_flags		= FLAG_HEAD;
9659 	pkt->pkt_time		= timeout;
9660 	cmd->cmd_pkt		= pkt;
9661 	cmd->cmd_flags		= CFLAG_CMDIOC | CFLAG_PASSTHRU;
9662 
9663 	/*
9664 	 * Save the command in a slot
9665 	 */
9666 	if (mptsas_save_cmd(mpt, cmd) == TRUE) {
9667 		/*
9668 		 * Once passthru command get slot, set cmd_flags
9669 		 * CFLAG_PREPARED.
9670 		 */
9671 		cmd->cmd_flags |= CFLAG_PREPARED;
9672 		mptsas_start_passthru(mpt, cmd);
9673 	} else {
9674 		mptsas_waitq_add(mpt, cmd);
9675 	}
9676 
9677 	while ((cmd->cmd_flags & CFLAG_FINISHED) == 0) {
9678 		cv_wait(&mpt->m_passthru_cv, &mpt->m_mutex);
9679 	}
9680 
9681 	if (cmd->cmd_flags & CFLAG_PREPARED) {
9682 		memp = mpt->m_req_frame + (mpt->m_req_frame_size *
9683 		    cmd->cmd_slot);
9684 		request_hdrp = (pMPI2RequestHeader_t)memp;
9685 	}
9686 
9687 	if (cmd->cmd_flags & CFLAG_TIMEOUT) {
9688 		status = ETIMEDOUT;
9689 		mptsas_log(mpt, CE_WARN, "passthrough command timeout");
9690 		pt_flags |= MPTSAS_CMD_TIMEOUT;
9691 		goto out;
9692 	}
9693 
9694 	if (cmd->cmd_rfm) {
9695 		/*
9696 		 * cmd_rfm is zero means the command reply is a CONTEXT
9697 		 * reply and no PCI Write to post the free reply SMFA
9698 		 * because no reply message frame is used.
9699 		 * cmd_rfm is non-zero means the reply is a ADDRESS
9700 		 * reply and reply message frame is used.
9701 		 */
9702 		pt_flags |= MPTSAS_ADDRESS_REPLY;
9703 		(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
9704 		    DDI_DMA_SYNC_FORCPU);
9705 		reply_msg = (pMPI2DefaultReply_t)
9706 		    (mpt->m_reply_frame + (cmd->cmd_rfm -
9707 		    mpt->m_reply_frame_dma_addr));
9708 	}
9709 
9710 	mptsas_fma_check(mpt, cmd);
9711 	if (pkt->pkt_reason == CMD_TRAN_ERR) {
9712 		status = EAGAIN;
9713 		mptsas_log(mpt, CE_WARN, "passthru fma error");
9714 		goto out;
9715 	}
9716 	if (pkt->pkt_reason == CMD_RESET) {
9717 		status = EAGAIN;
9718 		mptsas_log(mpt, CE_WARN, "ioc reset abort passthru");
9719 		goto out;
9720 	}
9721 
9722 	if (pkt->pkt_reason == CMD_INCOMPLETE) {
9723 		status = EIO;
9724 		mptsas_log(mpt, CE_WARN, "passthrough command incomplete");
9725 		goto out;
9726 	}
9727 
9728 	mutex_exit(&mpt->m_mutex);
9729 	if (cmd->cmd_flags & CFLAG_PREPARED) {
9730 		function = request_hdrp->Function;
9731 		if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
9732 		    (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
9733 			reply_len = sizeof (MPI2_SCSI_IO_REPLY);
9734 			sense_len = reply_size - reply_len;
9735 		} else {
9736 			reply_len = reply_size;
9737 			sense_len = 0;
9738 		}
9739 
9740 		for (i = 0; i < reply_len; i++) {
9741 			if (ddi_copyout((uint8_t *)reply_msg + i, reply + i, 1,
9742 			    mode)) {
9743 				mutex_enter(&mpt->m_mutex);
9744 				status = EFAULT;
9745 				mptsas_log(mpt, CE_WARN, "failed to copy out "
9746 				    "reply data");
9747 				goto out;
9748 			}
9749 		}
9750 		for (i = 0; i < sense_len; i++) {
9751 			if (ddi_copyout((uint8_t *)request_hdrp + 64 + i,
9752 			    reply + reply_len + i, 1, mode)) {
9753 				mutex_enter(&mpt->m_mutex);
9754 				status = EFAULT;
9755 				mptsas_log(mpt, CE_WARN, "failed to copy out "
9756 				    "sense data");
9757 				goto out;
9758 			}
9759 		}
9760 	}
9761 
9762 	if (data_size) {
9763 		if (direction != MPTSAS_PASS_THRU_DIRECTION_WRITE) {
9764 			(void) ddi_dma_sync(data_dma_state.handle, 0, 0,
9765 			    DDI_DMA_SYNC_FORCPU);
9766 			for (i = 0; i < data_size; i++) {
9767 				if (ddi_copyout((uint8_t *)(
9768 				    data_dma_state.memp + i), data + i,  1,
9769 				    mode)) {
9770 					mutex_enter(&mpt->m_mutex);
9771 					status = EFAULT;
9772 					mptsas_log(mpt, CE_WARN, "failed to "
9773 					    "copy out the reply data");
9774 					goto out;
9775 				}
9776 			}
9777 		}
9778 	}
9779 	mutex_enter(&mpt->m_mutex);
9780 out:
9781 	/*
9782 	 * Put the reply frame back on the free queue, increment the free
9783 	 * index, and write the new index to the free index register.  But only
9784 	 * if this reply is an ADDRESS reply.
9785 	 */
9786 	if (pt_flags & MPTSAS_ADDRESS_REPLY) {
9787 		ddi_put32(mpt->m_acc_free_queue_hdl,
9788 		    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
9789 		    cmd->cmd_rfm);
9790 		(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
9791 		    DDI_DMA_SYNC_FORDEV);
9792 		if (++mpt->m_free_index == mpt->m_free_queue_depth) {
9793 			mpt->m_free_index = 0;
9794 		}
9795 		ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
9796 		    mpt->m_free_index);
9797 	}
9798 	if (cmd && (cmd->cmd_flags & CFLAG_PREPARED)) {
9799 		mptsas_remove_cmd(mpt, cmd);
9800 		pt_flags &= (~MPTSAS_REQUEST_POOL_CMD);
9801 	}
9802 	if (pt_flags & MPTSAS_REQUEST_POOL_CMD)
9803 		mptsas_return_to_pool(mpt, cmd);
9804 	if (pt_flags & MPTSAS_DATA_ALLOCATED) {
9805 		if (mptsas_check_dma_handle(data_dma_state.handle) !=
9806 		    DDI_SUCCESS) {
9807 			ddi_fm_service_impact(mpt->m_dip,
9808 			    DDI_SERVICE_UNAFFECTED);
9809 			status = EFAULT;
9810 		}
9811 		mptsas_dma_free(&data_dma_state);
9812 	}
9813 	if (pt_flags & MPTSAS_DATAOUT_ALLOCATED) {
9814 		if (mptsas_check_dma_handle(dataout_dma_state.handle) !=
9815 		    DDI_SUCCESS) {
9816 			ddi_fm_service_impact(mpt->m_dip,
9817 			    DDI_SERVICE_UNAFFECTED);
9818 			status = EFAULT;
9819 		}
9820 		mptsas_dma_free(&dataout_dma_state);
9821 	}
9822 	if (pt_flags & MPTSAS_CMD_TIMEOUT) {
9823 		if ((mptsas_restart_ioc(mpt)) == DDI_FAILURE) {
9824 			mptsas_log(mpt, CE_WARN, "mptsas_restart_ioc failed");
9825 		}
9826 	}
9827 	if (request_msg)
9828 		kmem_free(request_msg, request_size);
9829 
9830 	return (status);
9831 }
9832 
9833 static int
9834 mptsas_pass_thru(mptsas_t *mpt, mptsas_pass_thru_t *data, int mode)
9835 {
9836 	/*
9837 	 * If timeout is 0, set timeout to default of 60 seconds.
9838 	 */
9839 	if (data->Timeout == 0) {
9840 		data->Timeout = MPTSAS_PASS_THRU_TIME_DEFAULT;
9841 	}
9842 
9843 	if (((data->DataSize == 0) &&
9844 	    (data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_NONE)) ||
9845 	    ((data->DataSize != 0) &&
9846 	    ((data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_READ) ||
9847 	    (data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_WRITE) ||
9848 	    ((data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_BOTH) &&
9849 	    (data->DataOutSize != 0))))) {
9850 		if (data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_BOTH) {
9851 			data->DataDirection = MPTSAS_PASS_THRU_DIRECTION_READ;
9852 		} else {
9853 			data->DataOutSize = 0;
9854 		}
9855 		/*
9856 		 * Send passthru request messages
9857 		 */
9858 		return (mptsas_do_passthru(mpt,
9859 		    (uint8_t *)((uintptr_t)data->PtrRequest),
9860 		    (uint8_t *)((uintptr_t)data->PtrReply),
9861 		    (uint8_t *)((uintptr_t)data->PtrData),
9862 		    data->RequestSize, data->ReplySize,
9863 		    data->DataSize, data->DataDirection,
9864 		    (uint8_t *)((uintptr_t)data->PtrDataOut),
9865 		    data->DataOutSize, data->Timeout, mode));
9866 	} else {
9867 		return (EINVAL);
9868 	}
9869 }
9870 
9871 static uint8_t
9872 mptsas_get_fw_diag_buffer_number(mptsas_t *mpt, uint32_t unique_id)
9873 {
9874 	uint8_t	index;
9875 
9876 	for (index = 0; index < MPI2_DIAG_BUF_TYPE_COUNT; index++) {
9877 		if (mpt->m_fw_diag_buffer_list[index].unique_id == unique_id) {
9878 			return (index);
9879 		}
9880 	}
9881 
9882 	return (MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND);
9883 }
9884 
9885 static void
9886 mptsas_start_diag(mptsas_t *mpt, mptsas_cmd_t *cmd)
9887 {
9888 	pMpi2DiagBufferPostRequest_t	pDiag_post_msg;
9889 	pMpi2DiagReleaseRequest_t	pDiag_release_msg;
9890 	struct scsi_pkt			*pkt = cmd->cmd_pkt;
9891 	mptsas_diag_request_t		*diag = pkt->pkt_ha_private;
9892 	uint32_t			request_desc_low, i;
9893 
9894 	ASSERT(mutex_owned(&mpt->m_mutex));
9895 
9896 	/*
9897 	 * Form the diag message depending on the post or release function.
9898 	 */
9899 	if (diag->function == MPI2_FUNCTION_DIAG_BUFFER_POST) {
9900 		pDiag_post_msg = (pMpi2DiagBufferPostRequest_t)
9901 		    (mpt->m_req_frame + (mpt->m_req_frame_size *
9902 		    cmd->cmd_slot));
9903 		bzero(pDiag_post_msg, mpt->m_req_frame_size);
9904 		ddi_put8(mpt->m_acc_req_frame_hdl, &pDiag_post_msg->Function,
9905 		    diag->function);
9906 		ddi_put8(mpt->m_acc_req_frame_hdl, &pDiag_post_msg->BufferType,
9907 		    diag->pBuffer->buffer_type);
9908 		ddi_put8(mpt->m_acc_req_frame_hdl,
9909 		    &pDiag_post_msg->ExtendedType,
9910 		    diag->pBuffer->extended_type);
9911 		ddi_put32(mpt->m_acc_req_frame_hdl,
9912 		    &pDiag_post_msg->BufferLength,
9913 		    diag->pBuffer->buffer_data.size);
9914 		for (i = 0; i < (sizeof (pDiag_post_msg->ProductSpecific) / 4);
9915 		    i++) {
9916 			ddi_put32(mpt->m_acc_req_frame_hdl,
9917 			    &pDiag_post_msg->ProductSpecific[i],
9918 			    diag->pBuffer->product_specific[i]);
9919 		}
9920 		ddi_put32(mpt->m_acc_req_frame_hdl,
9921 		    &pDiag_post_msg->BufferAddress.Low,
9922 		    (uint32_t)(diag->pBuffer->buffer_data.cookie.dmac_laddress
9923 		    & 0xffffffffull));
9924 		ddi_put32(mpt->m_acc_req_frame_hdl,
9925 		    &pDiag_post_msg->BufferAddress.High,
9926 		    (uint32_t)(diag->pBuffer->buffer_data.cookie.dmac_laddress
9927 		    >> 32));
9928 	} else {
9929 		pDiag_release_msg = (pMpi2DiagReleaseRequest_t)
9930 		    (mpt->m_req_frame + (mpt->m_req_frame_size *
9931 		    cmd->cmd_slot));
9932 		bzero(pDiag_release_msg, mpt->m_req_frame_size);
9933 		ddi_put8(mpt->m_acc_req_frame_hdl,
9934 		    &pDiag_release_msg->Function, diag->function);
9935 		ddi_put8(mpt->m_acc_req_frame_hdl,
9936 		    &pDiag_release_msg->BufferType,
9937 		    diag->pBuffer->buffer_type);
9938 	}
9939 
9940 	/*
9941 	 * Send the message
9942 	 */
9943 	(void) ddi_dma_sync(mpt->m_dma_req_frame_hdl, 0, 0,
9944 	    DDI_DMA_SYNC_FORDEV);
9945 	request_desc_low = (cmd->cmd_slot << 16) +
9946 	    MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
9947 	cmd->cmd_rfm = NULL;
9948 	MPTSAS_START_CMD(mpt, request_desc_low, 0);
9949 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl) !=
9950 	    DDI_SUCCESS) ||
9951 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl) !=
9952 	    DDI_SUCCESS)) {
9953 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
9954 	}
9955 }
9956 
9957 static int
9958 mptsas_post_fw_diag_buffer(mptsas_t *mpt,
9959     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code)
9960 {
9961 	mptsas_diag_request_t		diag;
9962 	int				status, slot_num, post_flags = 0;
9963 	mptsas_cmd_t			*cmd = NULL;
9964 	struct scsi_pkt			*pkt;
9965 	pMpi2DiagBufferPostReply_t	reply;
9966 	uint16_t			iocstatus;
9967 	uint32_t			iocloginfo, transfer_length;
9968 
9969 	/*
9970 	 * If buffer is not enabled, just leave.
9971 	 */
9972 	*return_code = MPTSAS_FW_DIAG_ERROR_POST_FAILED;
9973 	if (!pBuffer->enabled) {
9974 		status = DDI_FAILURE;
9975 		goto out;
9976 	}
9977 
9978 	/*
9979 	 * Clear some flags initially.
9980 	 */
9981 	pBuffer->force_release = FALSE;
9982 	pBuffer->valid_data = FALSE;
9983 	pBuffer->owned_by_firmware = FALSE;
9984 
9985 	/*
9986 	 * Get a cmd buffer from the cmd buffer pool
9987 	 */
9988 	if ((slot_num = (mptsas_request_from_pool(mpt, &cmd, &pkt))) == -1) {
9989 		status = DDI_FAILURE;
9990 		mptsas_log(mpt, CE_NOTE, "command pool is full: Post FW Diag");
9991 		goto out;
9992 	}
9993 	post_flags |= MPTSAS_REQUEST_POOL_CMD;
9994 
9995 	bzero((caddr_t)cmd, sizeof (*cmd));
9996 	bzero((caddr_t)pkt, scsi_pkt_size());
9997 
9998 	cmd->ioc_cmd_slot = (uint32_t)(slot_num);
9999 
10000 	diag.pBuffer = pBuffer;
10001 	diag.function = MPI2_FUNCTION_DIAG_BUFFER_POST;
10002 
10003 	/*
10004 	 * Form a blank cmd/pkt to store the acknowledgement message
10005 	 */
10006 	pkt->pkt_ha_private	= (opaque_t)&diag;
10007 	pkt->pkt_flags		= FLAG_HEAD;
10008 	pkt->pkt_time		= 60;
10009 	cmd->cmd_pkt		= pkt;
10010 	cmd->cmd_flags		= CFLAG_CMDIOC | CFLAG_FW_DIAG;
10011 
10012 	/*
10013 	 * Save the command in a slot
10014 	 */
10015 	if (mptsas_save_cmd(mpt, cmd) == TRUE) {
10016 		/*
10017 		 * Once passthru command get slot, set cmd_flags
10018 		 * CFLAG_PREPARED.
10019 		 */
10020 		cmd->cmd_flags |= CFLAG_PREPARED;
10021 		mptsas_start_diag(mpt, cmd);
10022 	} else {
10023 		mptsas_waitq_add(mpt, cmd);
10024 	}
10025 
10026 	while ((cmd->cmd_flags & CFLAG_FINISHED) == 0) {
10027 		cv_wait(&mpt->m_fw_diag_cv, &mpt->m_mutex);
10028 	}
10029 
10030 	if (cmd->cmd_flags & CFLAG_TIMEOUT) {
10031 		status = DDI_FAILURE;
10032 		mptsas_log(mpt, CE_WARN, "Post FW Diag command timeout");
10033 		goto out;
10034 	}
10035 
10036 	/*
10037 	 * cmd_rfm points to the reply message if a reply was given.  Check the
10038 	 * IOCStatus to make sure everything went OK with the FW diag request
10039 	 * and set buffer flags.
10040 	 */
10041 	if (cmd->cmd_rfm) {
10042 		post_flags |= MPTSAS_ADDRESS_REPLY;
10043 		(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
10044 		    DDI_DMA_SYNC_FORCPU);
10045 		reply = (pMpi2DiagBufferPostReply_t)(mpt->m_reply_frame +
10046 		    (cmd->cmd_rfm - mpt->m_reply_frame_dma_addr));
10047 
10048 		/*
10049 		 * Get the reply message data
10050 		 */
10051 		iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
10052 		    &reply->IOCStatus);
10053 		iocloginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
10054 		    &reply->IOCLogInfo);
10055 		transfer_length = ddi_get32(mpt->m_acc_reply_frame_hdl,
10056 		    &reply->TransferLength);
10057 
10058 		/*
10059 		 * If post failed quit.
10060 		 */
10061 		if (iocstatus != MPI2_IOCSTATUS_SUCCESS) {
10062 			status = DDI_FAILURE;
10063 			NDBG13(("post FW Diag Buffer failed: IOCStatus=0x%x, "
10064 			    "IOCLogInfo=0x%x, TransferLength=0x%x", iocstatus,
10065 			    iocloginfo, transfer_length));
10066 			goto out;
10067 		}
10068 
10069 		/*
10070 		 * Post was successful.
10071 		 */
10072 		pBuffer->valid_data = TRUE;
10073 		pBuffer->owned_by_firmware = TRUE;
10074 		*return_code = MPTSAS_FW_DIAG_ERROR_SUCCESS;
10075 		status = DDI_SUCCESS;
10076 	}
10077 
10078 out:
10079 	/*
10080 	 * Put the reply frame back on the free queue, increment the free
10081 	 * index, and write the new index to the free index register.  But only
10082 	 * if this reply is an ADDRESS reply.
10083 	 */
10084 	if (post_flags & MPTSAS_ADDRESS_REPLY) {
10085 		ddi_put32(mpt->m_acc_free_queue_hdl,
10086 		    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
10087 		    cmd->cmd_rfm);
10088 		(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
10089 		    DDI_DMA_SYNC_FORDEV);
10090 		if (++mpt->m_free_index == mpt->m_free_queue_depth) {
10091 			mpt->m_free_index = 0;
10092 		}
10093 		ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
10094 		    mpt->m_free_index);
10095 	}
10096 	if (cmd && (cmd->cmd_flags & CFLAG_PREPARED)) {
10097 		mptsas_remove_cmd(mpt, cmd);
10098 		post_flags &= (~MPTSAS_REQUEST_POOL_CMD);
10099 	}
10100 	if (post_flags & MPTSAS_REQUEST_POOL_CMD) {
10101 		mptsas_return_to_pool(mpt, cmd);
10102 	}
10103 
10104 	return (status);
10105 }
10106 
10107 static int
10108 mptsas_release_fw_diag_buffer(mptsas_t *mpt,
10109     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code,
10110     uint32_t diag_type)
10111 {
10112 	mptsas_diag_request_t	diag;
10113 	int			status, slot_num, rel_flags = 0;
10114 	mptsas_cmd_t		*cmd = NULL;
10115 	struct scsi_pkt		*pkt;
10116 	pMpi2DiagReleaseReply_t	reply;
10117 	uint16_t		iocstatus;
10118 	uint32_t		iocloginfo;
10119 
10120 	/*
10121 	 * If buffer is not enabled, just leave.
10122 	 */
10123 	*return_code = MPTSAS_FW_DIAG_ERROR_RELEASE_FAILED;
10124 	if (!pBuffer->enabled) {
10125 		mptsas_log(mpt, CE_NOTE, "This buffer type is not supported "
10126 		    "by the IOC");
10127 		status = DDI_FAILURE;
10128 		goto out;
10129 	}
10130 
10131 	/*
10132 	 * Clear some flags initially.
10133 	 */
10134 	pBuffer->force_release = FALSE;
10135 	pBuffer->valid_data = FALSE;
10136 	pBuffer->owned_by_firmware = FALSE;
10137 
10138 	/*
10139 	 * Get a cmd buffer from the cmd buffer pool
10140 	 */
10141 	if ((slot_num = (mptsas_request_from_pool(mpt, &cmd, &pkt))) == -1) {
10142 		status = DDI_FAILURE;
10143 		mptsas_log(mpt, CE_NOTE, "command pool is full: Release FW "
10144 		    "Diag");
10145 		goto out;
10146 	}
10147 	rel_flags |= MPTSAS_REQUEST_POOL_CMD;
10148 
10149 	bzero((caddr_t)cmd, sizeof (*cmd));
10150 	bzero((caddr_t)pkt, scsi_pkt_size());
10151 
10152 	cmd->ioc_cmd_slot = (uint32_t)(slot_num);
10153 
10154 	diag.pBuffer = pBuffer;
10155 	diag.function = MPI2_FUNCTION_DIAG_RELEASE;
10156 
10157 	/*
10158 	 * Form a blank cmd/pkt to store the acknowledgement message
10159 	 */
10160 	pkt->pkt_ha_private	= (opaque_t)&diag;
10161 	pkt->pkt_flags		= FLAG_HEAD;
10162 	pkt->pkt_time		= 60;
10163 	cmd->cmd_pkt		= pkt;
10164 	cmd->cmd_flags		= CFLAG_CMDIOC | CFLAG_FW_DIAG;
10165 
10166 	/*
10167 	 * Save the command in a slot
10168 	 */
10169 	if (mptsas_save_cmd(mpt, cmd) == TRUE) {
10170 		/*
10171 		 * Once passthru command get slot, set cmd_flags
10172 		 * CFLAG_PREPARED.
10173 		 */
10174 		cmd->cmd_flags |= CFLAG_PREPARED;
10175 		mptsas_start_diag(mpt, cmd);
10176 	} else {
10177 		mptsas_waitq_add(mpt, cmd);
10178 	}
10179 
10180 	while ((cmd->cmd_flags & CFLAG_FINISHED) == 0) {
10181 		cv_wait(&mpt->m_fw_diag_cv, &mpt->m_mutex);
10182 	}
10183 
10184 	if (cmd->cmd_flags & CFLAG_TIMEOUT) {
10185 		status = DDI_FAILURE;
10186 		mptsas_log(mpt, CE_WARN, "Release FW Diag command timeout");
10187 		goto out;
10188 	}
10189 
10190 	/*
10191 	 * cmd_rfm points to the reply message if a reply was given.  Check the
10192 	 * IOCStatus to make sure everything went OK with the FW diag request
10193 	 * and set buffer flags.
10194 	 */
10195 	if (cmd->cmd_rfm) {
10196 		rel_flags |= MPTSAS_ADDRESS_REPLY;
10197 		(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
10198 		    DDI_DMA_SYNC_FORCPU);
10199 		reply = (pMpi2DiagReleaseReply_t)(mpt->m_reply_frame +
10200 		    (cmd->cmd_rfm - mpt->m_reply_frame_dma_addr));
10201 
10202 		/*
10203 		 * Get the reply message data
10204 		 */
10205 		iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
10206 		    &reply->IOCStatus);
10207 		iocloginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
10208 		    &reply->IOCLogInfo);
10209 
10210 		/*
10211 		 * If release failed quit.
10212 		 */
10213 		if ((iocstatus != MPI2_IOCSTATUS_SUCCESS) ||
10214 		    pBuffer->owned_by_firmware) {
10215 			status = DDI_FAILURE;
10216 			NDBG13(("release FW Diag Buffer failed: "
10217 			    "IOCStatus=0x%x, IOCLogInfo=0x%x", iocstatus,
10218 			    iocloginfo));
10219 			goto out;
10220 		}
10221 
10222 		/*
10223 		 * Release was successful.
10224 		 */
10225 		*return_code = MPTSAS_FW_DIAG_ERROR_SUCCESS;
10226 		status = DDI_SUCCESS;
10227 
10228 		/*
10229 		 * If this was for an UNREGISTER diag type command, clear the
10230 		 * unique ID.
10231 		 */
10232 		if (diag_type == MPTSAS_FW_DIAG_TYPE_UNREGISTER) {
10233 			pBuffer->unique_id = MPTSAS_FW_DIAG_INVALID_UID;
10234 		}
10235 	}
10236 
10237 out:
10238 	/*
10239 	 * Put the reply frame back on the free queue, increment the free
10240 	 * index, and write the new index to the free index register.  But only
10241 	 * if this reply is an ADDRESS reply.
10242 	 */
10243 	if (rel_flags & MPTSAS_ADDRESS_REPLY) {
10244 		ddi_put32(mpt->m_acc_free_queue_hdl,
10245 		    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
10246 		    cmd->cmd_rfm);
10247 		(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
10248 		    DDI_DMA_SYNC_FORDEV);
10249 		if (++mpt->m_free_index == mpt->m_free_queue_depth) {
10250 			mpt->m_free_index = 0;
10251 		}
10252 		ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
10253 		    mpt->m_free_index);
10254 	}
10255 	if (cmd && (cmd->cmd_flags & CFLAG_PREPARED)) {
10256 		mptsas_remove_cmd(mpt, cmd);
10257 		rel_flags &= (~MPTSAS_REQUEST_POOL_CMD);
10258 	}
10259 	if (rel_flags & MPTSAS_REQUEST_POOL_CMD) {
10260 		mptsas_return_to_pool(mpt, cmd);
10261 	}
10262 
10263 	return (status);
10264 }
10265 
10266 static int
10267 mptsas_diag_register(mptsas_t *mpt, mptsas_fw_diag_register_t *diag_register,
10268     uint32_t *return_code)
10269 {
10270 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
10271 	uint8_t				extended_type, buffer_type, i;
10272 	uint32_t			buffer_size;
10273 	uint32_t			unique_id;
10274 	int				status;
10275 
10276 	ASSERT(mutex_owned(&mpt->m_mutex));
10277 
10278 	extended_type = diag_register->ExtendedType;
10279 	buffer_type = diag_register->BufferType;
10280 	buffer_size = diag_register->RequestedBufferSize;
10281 	unique_id = diag_register->UniqueId;
10282 
10283 	/*
10284 	 * Check for valid buffer type
10285 	 */
10286 	if (buffer_type >= MPI2_DIAG_BUF_TYPE_COUNT) {
10287 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10288 		return (DDI_FAILURE);
10289 	}
10290 
10291 	/*
10292 	 * Get the current buffer and look up the unique ID.  The unique ID
10293 	 * should not be found.  If it is, the ID is already in use.
10294 	 */
10295 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
10296 	pBuffer = &mpt->m_fw_diag_buffer_list[buffer_type];
10297 	if (i != MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
10298 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
10299 		return (DDI_FAILURE);
10300 	}
10301 
10302 	/*
10303 	 * The buffer's unique ID should not be registered yet, and the given
10304 	 * unique ID cannot be 0.
10305 	 */
10306 	if ((pBuffer->unique_id != MPTSAS_FW_DIAG_INVALID_UID) ||
10307 	    (unique_id == MPTSAS_FW_DIAG_INVALID_UID)) {
10308 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
10309 		return (DDI_FAILURE);
10310 	}
10311 
10312 	/*
10313 	 * If this buffer is already posted as immediate, just change owner.
10314 	 */
10315 	if (pBuffer->immediate && pBuffer->owned_by_firmware &&
10316 	    (pBuffer->unique_id == MPTSAS_FW_DIAG_INVALID_UID)) {
10317 		pBuffer->immediate = FALSE;
10318 		pBuffer->unique_id = unique_id;
10319 		return (DDI_SUCCESS);
10320 	}
10321 
10322 	/*
10323 	 * Post a new buffer after checking if it's enabled.  The DMA buffer
10324 	 * that is allocated will be contiguous (sgl_len = 1).
10325 	 */
10326 	if (!pBuffer->enabled) {
10327 		*return_code = MPTSAS_FW_DIAG_ERROR_NO_BUFFER;
10328 		return (DDI_FAILURE);
10329 	}
10330 	bzero(&pBuffer->buffer_data, sizeof (mptsas_dma_alloc_state_t));
10331 	pBuffer->buffer_data.size = buffer_size;
10332 	if (mptsas_dma_alloc(mpt, &pBuffer->buffer_data) != DDI_SUCCESS) {
10333 		mptsas_log(mpt, CE_WARN, "failed to alloc DMA resource for "
10334 		    "diag buffer: size = %d bytes", buffer_size);
10335 		*return_code = MPTSAS_FW_DIAG_ERROR_NO_BUFFER;
10336 		return (DDI_FAILURE);
10337 	}
10338 
10339 	/*
10340 	 * Copy the given info to the diag buffer and post the buffer.
10341 	 */
10342 	pBuffer->buffer_type = buffer_type;
10343 	pBuffer->immediate = FALSE;
10344 	if (buffer_type == MPI2_DIAG_BUF_TYPE_TRACE) {
10345 		for (i = 0; i < (sizeof (pBuffer->product_specific) / 4);
10346 		    i++) {
10347 			pBuffer->product_specific[i] =
10348 			    diag_register->ProductSpecific[i];
10349 		}
10350 	}
10351 	pBuffer->extended_type = extended_type;
10352 	pBuffer->unique_id = unique_id;
10353 	status = mptsas_post_fw_diag_buffer(mpt, pBuffer, return_code);
10354 
10355 	if (mptsas_check_dma_handle(pBuffer->buffer_data.handle) !=
10356 	    DDI_SUCCESS) {
10357 		mptsas_log(mpt, CE_WARN, "Check of DMA handle failed in "
10358 		    "mptsas_diag_register.");
10359 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
10360 			status = DDI_FAILURE;
10361 	}
10362 
10363 	/*
10364 	 * In case there was a failure, free the DMA buffer.
10365 	 */
10366 	if (status == DDI_FAILURE) {
10367 		mptsas_dma_free(&pBuffer->buffer_data);
10368 	}
10369 
10370 	return (status);
10371 }
10372 
10373 static int
10374 mptsas_diag_unregister(mptsas_t *mpt,
10375     mptsas_fw_diag_unregister_t *diag_unregister, uint32_t *return_code)
10376 {
10377 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
10378 	uint8_t				i;
10379 	uint32_t			unique_id;
10380 	int				status;
10381 
10382 	ASSERT(mutex_owned(&mpt->m_mutex));
10383 
10384 	unique_id = diag_unregister->UniqueId;
10385 
10386 	/*
10387 	 * Get the current buffer and look up the unique ID.  The unique ID
10388 	 * should be there.
10389 	 */
10390 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
10391 	if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
10392 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
10393 		return (DDI_FAILURE);
10394 	}
10395 
10396 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
10397 
10398 	/*
10399 	 * Try to release the buffer from FW before freeing it.  If release
10400 	 * fails, don't free the DMA buffer in case FW tries to access it
10401 	 * later.  If buffer is not owned by firmware, can't release it.
10402 	 */
10403 	if (!pBuffer->owned_by_firmware) {
10404 		status = DDI_SUCCESS;
10405 	} else {
10406 		status = mptsas_release_fw_diag_buffer(mpt, pBuffer,
10407 		    return_code, MPTSAS_FW_DIAG_TYPE_UNREGISTER);
10408 	}
10409 
10410 	/*
10411 	 * At this point, return the current status no matter what happens with
10412 	 * the DMA buffer.
10413 	 */
10414 	pBuffer->unique_id = MPTSAS_FW_DIAG_INVALID_UID;
10415 	if (status == DDI_SUCCESS) {
10416 		if (mptsas_check_dma_handle(pBuffer->buffer_data.handle) !=
10417 		    DDI_SUCCESS) {
10418 			mptsas_log(mpt, CE_WARN, "Check of DMA handle failed "
10419 			    "in mptsas_diag_unregister.");
10420 			ddi_fm_service_impact(mpt->m_dip,
10421 			    DDI_SERVICE_UNAFFECTED);
10422 		}
10423 		mptsas_dma_free(&pBuffer->buffer_data);
10424 	}
10425 
10426 	return (status);
10427 }
10428 
10429 static int
10430 mptsas_diag_query(mptsas_t *mpt, mptsas_fw_diag_query_t *diag_query,
10431     uint32_t *return_code)
10432 {
10433 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
10434 	uint8_t				i;
10435 	uint32_t			unique_id;
10436 
10437 	ASSERT(mutex_owned(&mpt->m_mutex));
10438 
10439 	unique_id = diag_query->UniqueId;
10440 
10441 	/*
10442 	 * If ID is valid, query on ID.
10443 	 * If ID is invalid, query on buffer type.
10444 	 */
10445 	if (unique_id == MPTSAS_FW_DIAG_INVALID_UID) {
10446 		i = diag_query->BufferType;
10447 		if (i >= MPI2_DIAG_BUF_TYPE_COUNT) {
10448 			*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
10449 			return (DDI_FAILURE);
10450 		}
10451 	} else {
10452 		i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
10453 		if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
10454 			*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
10455 			return (DDI_FAILURE);
10456 		}
10457 	}
10458 
10459 	/*
10460 	 * Fill query structure with the diag buffer info.
10461 	 */
10462 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
10463 	diag_query->BufferType = pBuffer->buffer_type;
10464 	diag_query->ExtendedType = pBuffer->extended_type;
10465 	if (diag_query->BufferType == MPI2_DIAG_BUF_TYPE_TRACE) {
10466 		for (i = 0; i < (sizeof (diag_query->ProductSpecific) / 4);
10467 		    i++) {
10468 			diag_query->ProductSpecific[i] =
10469 			    pBuffer->product_specific[i];
10470 		}
10471 	}
10472 	diag_query->TotalBufferSize = pBuffer->buffer_data.size;
10473 	diag_query->DriverAddedBufferSize = 0;
10474 	diag_query->UniqueId = pBuffer->unique_id;
10475 	diag_query->ApplicationFlags = 0;
10476 	diag_query->DiagnosticFlags = 0;
10477 
10478 	/*
10479 	 * Set/Clear application flags
10480 	 */
10481 	if (pBuffer->immediate) {
10482 		diag_query->ApplicationFlags &= ~MPTSAS_FW_DIAG_FLAG_APP_OWNED;
10483 	} else {
10484 		diag_query->ApplicationFlags |= MPTSAS_FW_DIAG_FLAG_APP_OWNED;
10485 	}
10486 	if (pBuffer->valid_data || pBuffer->owned_by_firmware) {
10487 		diag_query->ApplicationFlags |=
10488 		    MPTSAS_FW_DIAG_FLAG_BUFFER_VALID;
10489 	} else {
10490 		diag_query->ApplicationFlags &=
10491 		    ~MPTSAS_FW_DIAG_FLAG_BUFFER_VALID;
10492 	}
10493 	if (pBuffer->owned_by_firmware) {
10494 		diag_query->ApplicationFlags |=
10495 		    MPTSAS_FW_DIAG_FLAG_FW_BUFFER_ACCESS;
10496 	} else {
10497 		diag_query->ApplicationFlags &=
10498 		    ~MPTSAS_FW_DIAG_FLAG_FW_BUFFER_ACCESS;
10499 	}
10500 
10501 	return (DDI_SUCCESS);
10502 }
10503 
10504 static int
10505 mptsas_diag_read_buffer(mptsas_t *mpt,
10506     mptsas_diag_read_buffer_t *diag_read_buffer, uint8_t *ioctl_buf,
10507     uint32_t *return_code, int ioctl_mode)
10508 {
10509 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
10510 	uint8_t				i, *pData;
10511 	uint32_t			unique_id, byte;
10512 	int				status;
10513 
10514 	ASSERT(mutex_owned(&mpt->m_mutex));
10515 
10516 	unique_id = diag_read_buffer->UniqueId;
10517 
10518 	/*
10519 	 * Get the current buffer and look up the unique ID.  The unique ID
10520 	 * should be there.
10521 	 */
10522 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
10523 	if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
10524 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
10525 		return (DDI_FAILURE);
10526 	}
10527 
10528 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
10529 
10530 	/*
10531 	 * Make sure requested read is within limits
10532 	 */
10533 	if (diag_read_buffer->StartingOffset + diag_read_buffer->BytesToRead >
10534 	    pBuffer->buffer_data.size) {
10535 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10536 		return (DDI_FAILURE);
10537 	}
10538 
10539 	/*
10540 	 * Copy the requested data from DMA to the diag_read_buffer.  The DMA
10541 	 * buffer that was allocated is one contiguous buffer.
10542 	 */
10543 	pData = (uint8_t *)(pBuffer->buffer_data.memp +
10544 	    diag_read_buffer->StartingOffset);
10545 	(void) ddi_dma_sync(pBuffer->buffer_data.handle, 0, 0,
10546 	    DDI_DMA_SYNC_FORCPU);
10547 	for (byte = 0; byte < diag_read_buffer->BytesToRead; byte++) {
10548 		if (ddi_copyout(pData + byte, ioctl_buf + byte, 1, ioctl_mode)
10549 		    != 0) {
10550 			return (DDI_FAILURE);
10551 		}
10552 	}
10553 	diag_read_buffer->Status = 0;
10554 
10555 	/*
10556 	 * Set or clear the Force Release flag.
10557 	 */
10558 	if (pBuffer->force_release) {
10559 		diag_read_buffer->Flags |= MPTSAS_FW_DIAG_FLAG_FORCE_RELEASE;
10560 	} else {
10561 		diag_read_buffer->Flags &= ~MPTSAS_FW_DIAG_FLAG_FORCE_RELEASE;
10562 	}
10563 
10564 	/*
10565 	 * If buffer is to be reregistered, make sure it's not already owned by
10566 	 * firmware first.
10567 	 */
10568 	status = DDI_SUCCESS;
10569 	if (!pBuffer->owned_by_firmware) {
10570 		if (diag_read_buffer->Flags & MPTSAS_FW_DIAG_FLAG_REREGISTER) {
10571 			status = mptsas_post_fw_diag_buffer(mpt, pBuffer,
10572 			    return_code);
10573 		}
10574 	}
10575 
10576 	return (status);
10577 }
10578 
10579 static int
10580 mptsas_diag_release(mptsas_t *mpt, mptsas_fw_diag_release_t *diag_release,
10581     uint32_t *return_code)
10582 {
10583 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
10584 	uint8_t				i;
10585 	uint32_t			unique_id;
10586 	int				status;
10587 
10588 	ASSERT(mutex_owned(&mpt->m_mutex));
10589 
10590 	unique_id = diag_release->UniqueId;
10591 
10592 	/*
10593 	 * Get the current buffer and look up the unique ID.  The unique ID
10594 	 * should be there.
10595 	 */
10596 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
10597 	if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
10598 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
10599 		return (DDI_FAILURE);
10600 	}
10601 
10602 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
10603 
10604 	/*
10605 	 * If buffer is not owned by firmware, it's already been released.
10606 	 */
10607 	if (!pBuffer->owned_by_firmware) {
10608 		*return_code = MPTSAS_FW_DIAG_ERROR_ALREADY_RELEASED;
10609 		return (DDI_FAILURE);
10610 	}
10611 
10612 	/*
10613 	 * Release the buffer.
10614 	 */
10615 	status = mptsas_release_fw_diag_buffer(mpt, pBuffer, return_code,
10616 	    MPTSAS_FW_DIAG_TYPE_RELEASE);
10617 	return (status);
10618 }
10619 
10620 static int
10621 mptsas_do_diag_action(mptsas_t *mpt, uint32_t action, uint8_t *diag_action,
10622     uint32_t length, uint32_t *return_code, int ioctl_mode)
10623 {
10624 	mptsas_fw_diag_register_t	diag_register;
10625 	mptsas_fw_diag_unregister_t	diag_unregister;
10626 	mptsas_fw_diag_query_t		diag_query;
10627 	mptsas_diag_read_buffer_t	diag_read_buffer;
10628 	mptsas_fw_diag_release_t	diag_release;
10629 	int				status = DDI_SUCCESS;
10630 	uint32_t			original_return_code, read_buf_len;
10631 
10632 	ASSERT(mutex_owned(&mpt->m_mutex));
10633 
10634 	original_return_code = *return_code;
10635 	*return_code = MPTSAS_FW_DIAG_ERROR_SUCCESS;
10636 
10637 	switch (action) {
10638 		case MPTSAS_FW_DIAG_TYPE_REGISTER:
10639 			if (!length) {
10640 				*return_code =
10641 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10642 				status = DDI_FAILURE;
10643 				break;
10644 			}
10645 			if (ddi_copyin(diag_action, &diag_register,
10646 			    sizeof (diag_register), ioctl_mode) != 0) {
10647 				return (DDI_FAILURE);
10648 			}
10649 			status = mptsas_diag_register(mpt, &diag_register,
10650 			    return_code);
10651 			break;
10652 
10653 		case MPTSAS_FW_DIAG_TYPE_UNREGISTER:
10654 			if (length < sizeof (diag_unregister)) {
10655 				*return_code =
10656 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10657 				status = DDI_FAILURE;
10658 				break;
10659 			}
10660 			if (ddi_copyin(diag_action, &diag_unregister,
10661 			    sizeof (diag_unregister), ioctl_mode) != 0) {
10662 				return (DDI_FAILURE);
10663 			}
10664 			status = mptsas_diag_unregister(mpt, &diag_unregister,
10665 			    return_code);
10666 			break;
10667 
10668 		case MPTSAS_FW_DIAG_TYPE_QUERY:
10669 			if (length < sizeof (diag_query)) {
10670 				*return_code =
10671 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10672 				status = DDI_FAILURE;
10673 				break;
10674 			}
10675 			if (ddi_copyin(diag_action, &diag_query,
10676 			    sizeof (diag_query), ioctl_mode) != 0) {
10677 				return (DDI_FAILURE);
10678 			}
10679 			status = mptsas_diag_query(mpt, &diag_query,
10680 			    return_code);
10681 			if (status == DDI_SUCCESS) {
10682 				if (ddi_copyout(&diag_query, diag_action,
10683 				    sizeof (diag_query), ioctl_mode) != 0) {
10684 					return (DDI_FAILURE);
10685 				}
10686 			}
10687 			break;
10688 
10689 		case MPTSAS_FW_DIAG_TYPE_READ_BUFFER:
10690 			if (ddi_copyin(diag_action, &diag_read_buffer,
10691 			    sizeof (diag_read_buffer) - 4, ioctl_mode) != 0) {
10692 				return (DDI_FAILURE);
10693 			}
10694 			read_buf_len = sizeof (diag_read_buffer) -
10695 			    sizeof (diag_read_buffer.DataBuffer) +
10696 			    diag_read_buffer.BytesToRead;
10697 			if (length < read_buf_len) {
10698 				*return_code =
10699 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10700 				status = DDI_FAILURE;
10701 				break;
10702 			}
10703 			status = mptsas_diag_read_buffer(mpt,
10704 			    &diag_read_buffer, diag_action +
10705 			    sizeof (diag_read_buffer) - 4, return_code,
10706 			    ioctl_mode);
10707 			if (status == DDI_SUCCESS) {
10708 				if (ddi_copyout(&diag_read_buffer, diag_action,
10709 				    sizeof (diag_read_buffer) - 4, ioctl_mode)
10710 				    != 0) {
10711 					return (DDI_FAILURE);
10712 				}
10713 			}
10714 			break;
10715 
10716 		case MPTSAS_FW_DIAG_TYPE_RELEASE:
10717 			if (length < sizeof (diag_release)) {
10718 				*return_code =
10719 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10720 				status = DDI_FAILURE;
10721 				break;
10722 			}
10723 			if (ddi_copyin(diag_action, &diag_release,
10724 			    sizeof (diag_release), ioctl_mode) != 0) {
10725 				return (DDI_FAILURE);
10726 			}
10727 			status = mptsas_diag_release(mpt, &diag_release,
10728 			    return_code);
10729 			break;
10730 
10731 		default:
10732 			*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
10733 			status = DDI_FAILURE;
10734 			break;
10735 	}
10736 
10737 	if ((status == DDI_FAILURE) &&
10738 	    (original_return_code == MPTSAS_FW_DIAG_NEW) &&
10739 	    (*return_code != MPTSAS_FW_DIAG_ERROR_SUCCESS)) {
10740 		status = DDI_SUCCESS;
10741 	}
10742 
10743 	return (status);
10744 }
10745 
10746 static int
10747 mptsas_diag_action(mptsas_t *mpt, mptsas_diag_action_t *user_data, int mode)
10748 {
10749 	int			status;
10750 	mptsas_diag_action_t	driver_data;
10751 
10752 	ASSERT(mutex_owned(&mpt->m_mutex));
10753 
10754 	/*
10755 	 * Copy the user data to a driver data buffer.
10756 	 */
10757 	if (ddi_copyin(user_data, &driver_data, sizeof (mptsas_diag_action_t),
10758 	    mode) == 0) {
10759 		/*
10760 		 * Send diag action request if Action is valid
10761 		 */
10762 		if (driver_data.Action == MPTSAS_FW_DIAG_TYPE_REGISTER ||
10763 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_UNREGISTER ||
10764 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_QUERY ||
10765 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_READ_BUFFER ||
10766 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_RELEASE) {
10767 			status = mptsas_do_diag_action(mpt, driver_data.Action,
10768 			    (void *)(uintptr_t)driver_data.PtrDiagAction,
10769 			    driver_data.Length, &driver_data.ReturnCode,
10770 			    mode);
10771 			if (status == DDI_SUCCESS) {
10772 				if (ddi_copyout(&driver_data.ReturnCode,
10773 				    &user_data->ReturnCode,
10774 				    sizeof (user_data->ReturnCode), mode)
10775 				    != 0) {
10776 					status = EFAULT;
10777 				} else {
10778 					status = 0;
10779 				}
10780 			} else {
10781 				status = EIO;
10782 			}
10783 		} else {
10784 			status = EINVAL;
10785 		}
10786 	} else {
10787 		status = EFAULT;
10788 	}
10789 
10790 	return (status);
10791 }
10792 
10793 /*
10794  * This routine handles the "event query" ioctl.
10795  */
10796 static int
10797 mptsas_event_query(mptsas_t *mpt, mptsas_event_query_t *data, int mode,
10798     int *rval)
10799 {
10800 	int			status;
10801 	mptsas_event_query_t	driverdata;
10802 	uint8_t			i;
10803 
10804 	driverdata.Entries = MPTSAS_EVENT_QUEUE_SIZE;
10805 
10806 	mutex_enter(&mpt->m_mutex);
10807 	for (i = 0; i < 4; i++) {
10808 		driverdata.Types[i] = mpt->m_event_mask[i];
10809 	}
10810 	mutex_exit(&mpt->m_mutex);
10811 
10812 	if (ddi_copyout(&driverdata, data, sizeof (driverdata), mode) != 0) {
10813 		status = EFAULT;
10814 	} else {
10815 		*rval = MPTIOCTL_STATUS_GOOD;
10816 		status = 0;
10817 	}
10818 
10819 	return (status);
10820 }
10821 
10822 /*
10823  * This routine handles the "event enable" ioctl.
10824  */
10825 static int
10826 mptsas_event_enable(mptsas_t *mpt, mptsas_event_enable_t *data, int mode,
10827     int *rval)
10828 {
10829 	int			status;
10830 	mptsas_event_enable_t	driverdata;
10831 	uint8_t			i;
10832 
10833 	if (ddi_copyin(data, &driverdata, sizeof (driverdata), mode) == 0) {
10834 		mutex_enter(&mpt->m_mutex);
10835 		for (i = 0; i < 4; i++) {
10836 			mpt->m_event_mask[i] = driverdata.Types[i];
10837 		}
10838 		mutex_exit(&mpt->m_mutex);
10839 
10840 		*rval = MPTIOCTL_STATUS_GOOD;
10841 		status = 0;
10842 	} else {
10843 		status = EFAULT;
10844 	}
10845 	return (status);
10846 }
10847 
10848 /*
10849  * This routine handles the "event report" ioctl.
10850  */
10851 static int
10852 mptsas_event_report(mptsas_t *mpt, mptsas_event_report_t *data, int mode,
10853     int *rval)
10854 {
10855 	int			status;
10856 	mptsas_event_report_t	driverdata;
10857 
10858 	mutex_enter(&mpt->m_mutex);
10859 
10860 	if (ddi_copyin(&data->Size, &driverdata.Size, sizeof (driverdata.Size),
10861 	    mode) == 0) {
10862 		if (driverdata.Size >= sizeof (mpt->m_events)) {
10863 			if (ddi_copyout(mpt->m_events, data->Events,
10864 			    sizeof (mpt->m_events), mode) != 0) {
10865 				status = EFAULT;
10866 			} else {
10867 				if (driverdata.Size > sizeof (mpt->m_events)) {
10868 					driverdata.Size =
10869 					    sizeof (mpt->m_events);
10870 					if (ddi_copyout(&driverdata.Size,
10871 					    &data->Size,
10872 					    sizeof (driverdata.Size),
10873 					    mode) != 0) {
10874 						status = EFAULT;
10875 					} else {
10876 						*rval = MPTIOCTL_STATUS_GOOD;
10877 						status = 0;
10878 					}
10879 				} else {
10880 					*rval = MPTIOCTL_STATUS_GOOD;
10881 					status = 0;
10882 				}
10883 			}
10884 		} else {
10885 			*rval = MPTIOCTL_STATUS_LEN_TOO_SHORT;
10886 			status = 0;
10887 		}
10888 	} else {
10889 		status = EFAULT;
10890 	}
10891 
10892 	mutex_exit(&mpt->m_mutex);
10893 	return (status);
10894 }
10895 
10896 static void
10897 mptsas_lookup_pci_data(mptsas_t *mpt, mptsas_adapter_data_t *adapter_data)
10898 {
10899 	int	*reg_data;
10900 	uint_t	reglen;
10901 
10902 	/*
10903 	 * Lookup the 'reg' property and extract the other data
10904 	 */
10905 	if (ddi_prop_lookup_int_array(DDI_DEV_T_ANY, mpt->m_dip,
10906 	    DDI_PROP_DONTPASS, "reg", &reg_data, &reglen) ==
10907 	    DDI_PROP_SUCCESS) {
10908 		/*
10909 		 * Extract the PCI data from the 'reg' property first DWORD.
10910 		 * The entry looks like the following:
10911 		 * First DWORD:
10912 		 * Bits 0 - 7 8-bit Register number
10913 		 * Bits 8 - 10 3-bit Function number
10914 		 * Bits 11 - 15 5-bit Device number
10915 		 * Bits 16 - 23 8-bit Bus number
10916 		 * Bits 24 - 25 2-bit Address Space type identifier
10917 		 *
10918 		 */
10919 		adapter_data->PciInformation.u.bits.BusNumber =
10920 		    (reg_data[0] & 0x00FF0000) >> 16;
10921 		adapter_data->PciInformation.u.bits.DeviceNumber =
10922 		    (reg_data[0] & 0x0000F800) >> 11;
10923 		adapter_data->PciInformation.u.bits.FunctionNumber =
10924 		    (reg_data[0] & 0x00000700) >> 8;
10925 		ddi_prop_free((void *)reg_data);
10926 	} else {
10927 		/*
10928 		 * If we can't determine the PCI data then we fill in FF's for
10929 		 * the data to indicate this.
10930 		 */
10931 		adapter_data->PCIDeviceHwId = 0xFFFFFFFF;
10932 		adapter_data->MpiPortNumber = 0xFFFFFFFF;
10933 		adapter_data->PciInformation.u.AsDWORD = 0xFFFFFFFF;
10934 	}
10935 
10936 	/*
10937 	 * Saved in the mpt->m_fwversion
10938 	 */
10939 	adapter_data->MpiFirmwareVersion = mpt->m_fwversion;
10940 }
10941 
10942 static void
10943 mptsas_read_adapter_data(mptsas_t *mpt, mptsas_adapter_data_t *adapter_data)
10944 {
10945 	char	*driver_verstr = MPTSAS_MOD_STRING;
10946 
10947 	mptsas_lookup_pci_data(mpt, adapter_data);
10948 	adapter_data->AdapterType = MPTIOCTL_ADAPTER_TYPE_SAS2;
10949 	adapter_data->PCIDeviceHwId = (uint32_t)mpt->m_devid;
10950 	adapter_data->PCIDeviceHwRev = (uint32_t)mpt->m_revid;
10951 	adapter_data->SubSystemId = (uint32_t)mpt->m_ssid;
10952 	adapter_data->SubsystemVendorId = (uint32_t)mpt->m_svid;
10953 	(void) strcpy((char *)&adapter_data->DriverVersion[0], driver_verstr);
10954 	adapter_data->BiosVersion = 0;
10955 	(void) mptsas_get_bios_page3(mpt, &adapter_data->BiosVersion);
10956 }
10957 
10958 static void
10959 mptsas_read_pci_info(mptsas_t *mpt, mptsas_pci_info_t *pci_info)
10960 {
10961 	int	*reg_data, i;
10962 	uint_t	reglen;
10963 
10964 	/*
10965 	 * Lookup the 'reg' property and extract the other data
10966 	 */
10967 	if (ddi_prop_lookup_int_array(DDI_DEV_T_ANY, mpt->m_dip,
10968 	    DDI_PROP_DONTPASS, "reg", &reg_data, &reglen) ==
10969 	    DDI_PROP_SUCCESS) {
10970 		/*
10971 		 * Extract the PCI data from the 'reg' property first DWORD.
10972 		 * The entry looks like the following:
10973 		 * First DWORD:
10974 		 * Bits 8 - 10 3-bit Function number
10975 		 * Bits 11 - 15 5-bit Device number
10976 		 * Bits 16 - 23 8-bit Bus number
10977 		 */
10978 		pci_info->BusNumber = (reg_data[0] & 0x00FF0000) >> 16;
10979 		pci_info->DeviceNumber = (reg_data[0] & 0x0000F800) >> 11;
10980 		pci_info->FunctionNumber = (reg_data[0] & 0x00000700) >> 8;
10981 		ddi_prop_free((void *)reg_data);
10982 	} else {
10983 		/*
10984 		 * If we can't determine the PCI info then we fill in FF's for
10985 		 * the data to indicate this.
10986 		 */
10987 		pci_info->BusNumber = 0xFFFFFFFF;
10988 		pci_info->DeviceNumber = 0xFF;
10989 		pci_info->FunctionNumber = 0xFF;
10990 	}
10991 
10992 	/*
10993 	 * Now get the interrupt vector and the pci header.  The vector can
10994 	 * only be 0 right now.  The header is the first 256 bytes of config
10995 	 * space.
10996 	 */
10997 	pci_info->InterruptVector = 0;
10998 	for (i = 0; i < sizeof (pci_info->PciHeader); i++) {
10999 		pci_info->PciHeader[i] = pci_config_get8(mpt->m_config_handle,
11000 		    i);
11001 	}
11002 }
11003 
11004 static int
11005 mptsas_reg_access(mptsas_t *mpt, mptsas_reg_access_t *data, int mode)
11006 {
11007 	int			status = 0;
11008 	mptsas_reg_access_t	driverdata;
11009 
11010 	mutex_enter(&mpt->m_mutex);
11011 	if (ddi_copyin(data, &driverdata, sizeof (driverdata), mode) == 0) {
11012 		switch (driverdata.Command) {
11013 			/*
11014 			 * IO access is not supported.
11015 			 */
11016 			case REG_IO_READ:
11017 			case REG_IO_WRITE:
11018 				mptsas_log(mpt, CE_WARN, "IO access is not "
11019 				    "supported.  Use memory access.");
11020 				status = EINVAL;
11021 				break;
11022 
11023 			case REG_MEM_READ:
11024 				driverdata.RegData = ddi_get32(mpt->m_datap,
11025 				    (uint32_t *)(void *)mpt->m_reg +
11026 				    driverdata.RegOffset);
11027 				if (ddi_copyout(&driverdata.RegData,
11028 				    &data->RegData,
11029 				    sizeof (driverdata.RegData), mode) != 0) {
11030 					mptsas_log(mpt, CE_WARN, "Register "
11031 					    "Read Failed");
11032 					status = EFAULT;
11033 				}
11034 				break;
11035 
11036 			case REG_MEM_WRITE:
11037 				ddi_put32(mpt->m_datap,
11038 				    (uint32_t *)(void *)mpt->m_reg +
11039 				    driverdata.RegOffset,
11040 				    driverdata.RegData);
11041 				break;
11042 
11043 			default:
11044 				status = EINVAL;
11045 				break;
11046 		}
11047 	} else {
11048 		status = EFAULT;
11049 	}
11050 
11051 	mutex_exit(&mpt->m_mutex);
11052 	return (status);
11053 }
11054 
11055 static int
11056 mptsas_ioctl(dev_t dev, int cmd, intptr_t data, int mode, cred_t *credp,
11057     int *rval)
11058 {
11059 	int			status = 0;
11060 	mptsas_t		*mpt;
11061 	mptsas_update_flash_t	flashdata;
11062 	mptsas_pass_thru_t	passthru_data;
11063 	mptsas_adapter_data_t   adapter_data;
11064 	mptsas_pci_info_t	pci_info;
11065 	int			copylen;
11066 
11067 	*rval = MPTIOCTL_STATUS_GOOD;
11068 	mpt = ddi_get_soft_state(mptsas_state, MINOR2INST(getminor(dev)));
11069 	if (mpt == NULL) {
11070 		return (scsi_hba_ioctl(dev, cmd, data, mode, credp, rval));
11071 	}
11072 	if (secpolicy_sys_config(credp, B_FALSE) != 0) {
11073 		return (EPERM);
11074 	}
11075 
11076 	/* Make sure power level is D0 before accessing registers */
11077 	mutex_enter(&mpt->m_mutex);
11078 	if (mpt->m_options & MPTSAS_OPT_PM) {
11079 		(void) pm_busy_component(mpt->m_dip, 0);
11080 		if (mpt->m_power_level != PM_LEVEL_D0) {
11081 			mutex_exit(&mpt->m_mutex);
11082 			if (pm_raise_power(mpt->m_dip, 0, PM_LEVEL_D0) !=
11083 			    DDI_SUCCESS) {
11084 				mptsas_log(mpt, CE_WARN,
11085 				    "mptsas%d: mptsas_ioctl: Raise power "
11086 				    "request failed.", mpt->m_instance);
11087 				(void) pm_idle_component(mpt->m_dip, 0);
11088 				return (ENXIO);
11089 			}
11090 		} else {
11091 			mutex_exit(&mpt->m_mutex);
11092 		}
11093 	} else {
11094 		mutex_exit(&mpt->m_mutex);
11095 	}
11096 
11097 	switch (cmd) {
11098 		case MPTIOCTL_UPDATE_FLASH:
11099 			if (ddi_copyin((void *)data, &flashdata,
11100 				sizeof (struct mptsas_update_flash), mode)) {
11101 				status = EFAULT;
11102 				break;
11103 			}
11104 
11105 			mutex_enter(&mpt->m_mutex);
11106 			if (mptsas_update_flash(mpt,
11107 			    (caddr_t)(long)flashdata.PtrBuffer,
11108 			    flashdata.ImageSize, flashdata.ImageType, mode)) {
11109 				status = EFAULT;
11110 			}
11111 
11112 			/*
11113 			 * Reset the chip to start using the new
11114 			 * firmware.  Reset if failed also.
11115 			 */
11116 			if (mptsas_restart_ioc(mpt) == DDI_FAILURE) {
11117 				status = EFAULT;
11118 			}
11119 			mutex_exit(&mpt->m_mutex);
11120 			break;
11121 		case MPTIOCTL_PASS_THRU:
11122 			/*
11123 			 * The user has requested to pass through a command to
11124 			 * be executed by the MPT firmware.  Call our routine
11125 			 * which does this.  Only allow one passthru IOCTL at
11126 			 * one time.
11127 			 */
11128 			if (ddi_copyin((void *)data, &passthru_data,
11129 			    sizeof (mptsas_pass_thru_t), mode)) {
11130 				status = EFAULT;
11131 				break;
11132 			}
11133 			mutex_enter(&mpt->m_mutex);
11134 			if (mpt->m_passthru_in_progress) {
11135 				mutex_exit(&mpt->m_mutex);
11136 				return (EBUSY);
11137 			}
11138 			mpt->m_passthru_in_progress = 1;
11139 			status = mptsas_pass_thru(mpt, &passthru_data, mode);
11140 			mpt->m_passthru_in_progress = 0;
11141 			mutex_exit(&mpt->m_mutex);
11142 
11143 			break;
11144 		case MPTIOCTL_GET_ADAPTER_DATA:
11145 			/*
11146 			 * The user has requested to read adapter data.  Call
11147 			 * our routine which does this.
11148 			 */
11149 			bzero(&adapter_data, sizeof (mptsas_adapter_data_t));
11150 			if (ddi_copyin((void *)data, (void *)&adapter_data,
11151 			    sizeof (mptsas_adapter_data_t), mode)) {
11152 				status = EFAULT;
11153 				break;
11154 			}
11155 			if (adapter_data.StructureLength >=
11156 			    sizeof (mptsas_adapter_data_t)) {
11157 				adapter_data.StructureLength = (uint32_t)
11158 				    sizeof (mptsas_adapter_data_t);
11159 				copylen = sizeof (mptsas_adapter_data_t);
11160 				mutex_enter(&mpt->m_mutex);
11161 				mptsas_read_adapter_data(mpt, &adapter_data);
11162 				mutex_exit(&mpt->m_mutex);
11163 			} else {
11164 				adapter_data.StructureLength = (uint32_t)
11165 				    sizeof (mptsas_adapter_data_t);
11166 				copylen = sizeof (adapter_data.StructureLength);
11167 				*rval = MPTIOCTL_STATUS_LEN_TOO_SHORT;
11168 			}
11169 			if (ddi_copyout((void *)(&adapter_data), (void *)data,
11170 			    copylen, mode) != 0) {
11171 				status = EFAULT;
11172 			}
11173 			break;
11174 		case MPTIOCTL_GET_PCI_INFO:
11175 			/*
11176 			 * The user has requested to read pci info.  Call
11177 			 * our routine which does this.
11178 			 */
11179 			bzero(&pci_info, sizeof (mptsas_pci_info_t));
11180 			mutex_enter(&mpt->m_mutex);
11181 			mptsas_read_pci_info(mpt, &pci_info);
11182 			mutex_exit(&mpt->m_mutex);
11183 			if (ddi_copyout((void *)(&pci_info), (void *)data,
11184 			    sizeof (mptsas_pci_info_t), mode) != 0) {
11185 				status = EFAULT;
11186 			}
11187 			break;
11188 		case MPTIOCTL_RESET_ADAPTER:
11189 			mutex_enter(&mpt->m_mutex);
11190 			if ((mptsas_restart_ioc(mpt)) == DDI_FAILURE) {
11191 				mptsas_log(mpt, CE_WARN, "reset adapter IOCTL "
11192 				    "failed");
11193 				status = EFAULT;
11194 			}
11195 			mutex_exit(&mpt->m_mutex);
11196 			break;
11197 		case MPTIOCTL_DIAG_ACTION:
11198 			/*
11199 			 * The user has done a diag buffer action.  Call our
11200 			 * routine which does this.  Only allow one diag action
11201 			 * at one time.
11202 			 */
11203 			mutex_enter(&mpt->m_mutex);
11204 			if (mpt->m_diag_action_in_progress) {
11205 				mutex_exit(&mpt->m_mutex);
11206 				return (EBUSY);
11207 			}
11208 			mpt->m_diag_action_in_progress = 1;
11209 			status = mptsas_diag_action(mpt,
11210 			    (mptsas_diag_action_t *)data, mode);
11211 			mpt->m_diag_action_in_progress = 0;
11212 			mutex_exit(&mpt->m_mutex);
11213 			break;
11214 		case MPTIOCTL_EVENT_QUERY:
11215 			/*
11216 			 * The user has done an event query. Call our routine
11217 			 * which does this.
11218 			 */
11219 			status = mptsas_event_query(mpt,
11220 			    (mptsas_event_query_t *)data, mode, rval);
11221 			break;
11222 		case MPTIOCTL_EVENT_ENABLE:
11223 			/*
11224 			 * The user has done an event enable. Call our routine
11225 			 * which does this.
11226 			 */
11227 			status = mptsas_event_enable(mpt,
11228 			    (mptsas_event_enable_t *)data, mode, rval);
11229 			break;
11230 		case MPTIOCTL_EVENT_REPORT:
11231 			/*
11232 			 * The user has done an event report. Call our routine
11233 			 * which does this.
11234 			 */
11235 			status = mptsas_event_report(mpt,
11236 			    (mptsas_event_report_t *)data, mode, rval);
11237 			break;
11238 		case MPTIOCTL_REG_ACCESS:
11239 			/*
11240 			 * The user has requested register access.  Call our
11241 			 * routine which does this.
11242 			 */
11243 			status = mptsas_reg_access(mpt,
11244 			    (mptsas_reg_access_t *)data, mode);
11245 			break;
11246 		default:
11247 			status = scsi_hba_ioctl(dev, cmd, data, mode, credp,
11248 			    rval);
11249 			break;
11250 	}
11251 
11252 	/*
11253 	 * Report idle status to pm after grace period because
11254 	 * multiple ioctls may be queued and raising power
11255 	 * for every ioctl is time consuming.  If a timeout is
11256 	 * pending for the previous ioctl, cancel the timeout and
11257 	 * report idle status to pm because calls to pm_busy_component(9F)
11258 	 * are stacked.
11259 	 */
11260 	mutex_enter(&mpt->m_mutex);
11261 	if (mpt->m_options & MPTSAS_OPT_PM) {
11262 		if (mpt->m_pm_timeid != 0) {
11263 			timeout_id_t tid = mpt->m_pm_timeid;
11264 			mpt->m_pm_timeid = 0;
11265 			mutex_exit(&mpt->m_mutex);
11266 			(void) untimeout(tid);
11267 			/*
11268 			 * Report idle status for previous ioctl since
11269 			 * calls to pm_busy_component(9F) are stacked.
11270 			 */
11271 			(void) pm_idle_component(mpt->m_dip, 0);
11272 			mutex_enter(&mpt->m_mutex);
11273 		}
11274 		mpt->m_pm_timeid = timeout(mptsas_idle_pm, mpt,
11275 		    drv_usectohz((clock_t)mpt->m_pm_idle_delay * 1000000));
11276 	}
11277 	mutex_exit(&mpt->m_mutex);
11278 
11279 	return (status);
11280 }
11281 
11282 int
11283 mptsas_restart_ioc(mptsas_t *mpt)
11284 {
11285 	int		rval = DDI_SUCCESS;
11286 	mptsas_target_t	*ptgt = NULL;
11287 
11288 	ASSERT(mutex_owned(&mpt->m_mutex));
11289 
11290 	/*
11291 	 * Set a flag telling I/O path that we're processing a reset.  This is
11292 	 * needed because after the reset is complete, the hash table still
11293 	 * needs to be rebuilt.  If I/Os are started before the hash table is
11294 	 * rebuilt, I/O errors will occur.  This flag allows I/Os to be marked
11295 	 * so that they can be retried.
11296 	 */
11297 	mpt->m_in_reset = TRUE;
11298 
11299 	/*
11300 	 * Set all throttles to HOLD
11301 	 */
11302 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
11303 	    MPTSAS_HASH_FIRST);
11304 	while (ptgt != NULL) {
11305 		mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
11306 
11307 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
11308 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
11309 	}
11310 
11311 	/*
11312 	 * Disable interrupts
11313 	 */
11314 	MPTSAS_DISABLE_INTR(mpt);
11315 
11316 	/*
11317 	 * Abort all commands: outstanding commands, commands in waitq and
11318 	 * tx_waitq.
11319 	 */
11320 	mptsas_flush_hba(mpt);
11321 
11322 	/*
11323 	 * Reinitialize the chip.
11324 	 */
11325 	if (mptsas_init_chip(mpt, FALSE) == DDI_FAILURE) {
11326 		rval = DDI_FAILURE;
11327 	}
11328 
11329 	/*
11330 	 * Enable interrupts again
11331 	 */
11332 	MPTSAS_ENABLE_INTR(mpt);
11333 
11334 	/*
11335 	 * If mptsas_init_chip was successful, update the driver data.
11336 	 */
11337 	if (rval == DDI_SUCCESS) {
11338 		mptsas_update_driver_data(mpt);
11339 	}
11340 
11341 	/*
11342 	 * Reset the throttles
11343 	 */
11344 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
11345 	    MPTSAS_HASH_FIRST);
11346 	while (ptgt != NULL) {
11347 		mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
11348 
11349 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
11350 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
11351 	}
11352 
11353 	mptsas_doneq_empty(mpt);
11354 	mptsas_restart_hba(mpt);
11355 
11356 	if (rval != DDI_SUCCESS) {
11357 		mptsas_fm_ereport(mpt, DDI_FM_DEVICE_NO_RESPONSE);
11358 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_LOST);
11359 	}
11360 
11361 	/*
11362 	 * Clear the reset flag so that I/Os can continue.
11363 	 */
11364 	mpt->m_in_reset = FALSE;
11365 
11366 	return (rval);
11367 }
11368 
11369 int
11370 mptsas_init_chip(mptsas_t *mpt, int first_time)
11371 {
11372 	ddi_dma_cookie_t	cookie;
11373 	uint32_t		i;
11374 	mptsas_slots_t		*new_active;
11375 
11376 	/*
11377 	 * Check to see if the firmware image is valid
11378 	 */
11379 	if (ddi_get32(mpt->m_datap, &mpt->m_reg->HostDiagnostic) &
11380 	    MPI2_DIAG_FLASH_BAD_SIG) {
11381 		mptsas_log(mpt, CE_WARN, "mptsas bad flash signature!");
11382 		goto fail;
11383 	}
11384 
11385 	/*
11386 	 * Reset the chip
11387 	 */
11388 	if (mptsas_ioc_reset(mpt) == MPTSAS_RESET_FAIL) {
11389 		mptsas_log(mpt, CE_WARN, "hard reset failed!");
11390 		goto fail;
11391 	}
11392 
11393 	if (first_time == FALSE) {
11394 		/*
11395 		 * De-allocate buffers before re-allocating them using the
11396 		 * latest IOC facts.
11397 		 */
11398 		mptsas_hba_fini(mpt);
11399 
11400 		/*
11401 		 * Setup configuration space
11402 		 */
11403 		if (mptsas_config_space_init(mpt) == FALSE) {
11404 			mptsas_log(mpt, CE_WARN, "mptsas_config_space_init "
11405 			    "failed!");
11406 			goto fail;
11407 		}
11408 	}
11409 
11410 	/*
11411 	 * IOC facts can change after a diag reset so all buffers that are
11412 	 * based on these numbers must be de-allocated and re-allocated.  Get
11413 	 * new IOC facts each time chip is initialized.
11414 	 */
11415 	if (mptsas_ioc_get_facts(mpt) == DDI_FAILURE) {
11416 		mptsas_log(mpt, CE_WARN, "mptsas_ioc_get_facts failed");
11417 		goto fail;
11418 	}
11419 	/*
11420 	 * Re-allocate active slots here if not the first reset.  Since
11421 	 * m_active could have a different number of slots allocated after a
11422 	 * reset, just de-allocate the old m_active structure and re-allocate a
11423 	 * new one.  Save the tables and IR info from the old m_active.
11424 	 */
11425 	if (first_time == FALSE) {
11426 		new_active = kmem_zalloc(MPTSAS_SLOTS_SIZE(mpt), KM_SLEEP);
11427 		if (new_active == NULL) {
11428 			mptsas_log(mpt, CE_WARN, "Re-alloc of active slots "
11429 			    "failed!");
11430 			goto fail;
11431 		} else {
11432 			new_active->m_n_slots = (mpt->m_max_requests - 2);
11433 			new_active->m_size = MPTSAS_SLOTS_SIZE(mpt);
11434 			new_active->m_tags = 1;
11435 			new_active->m_tgttbl = mpt->m_active->m_tgttbl;
11436 			new_active->m_smptbl = mpt->m_active->m_smptbl;
11437 			new_active->m_num_raid_configs =
11438 			    mpt->m_active->m_num_raid_configs;
11439 			for (i = 0; i < new_active->m_num_raid_configs; i++) {
11440 				new_active->m_raidconfig[i] =
11441 				    mpt->m_active->m_raidconfig[i];
11442 			}
11443 			kmem_free(mpt->m_active, mpt->m_active->m_size);
11444 			mpt->m_active = new_active;
11445 		}
11446 	}
11447 
11448 	/*
11449 	 * Allocate request message frames, reply free queue, reply descriptor
11450 	 * post queue, and reply message frames using latest IOC facts.
11451 	 */
11452 	if (mptsas_alloc_request_frames(mpt) == DDI_FAILURE) {
11453 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_request_frames failed");
11454 		goto fail;
11455 	}
11456 	if (mptsas_alloc_free_queue(mpt) == DDI_FAILURE) {
11457 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_free_queue failed!");
11458 		goto fail;
11459 	}
11460 	if (mptsas_alloc_post_queue(mpt) == DDI_FAILURE) {
11461 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_post_queue failed!");
11462 		goto fail;
11463 	}
11464 	if (mptsas_alloc_reply_frames(mpt) == DDI_FAILURE) {
11465 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_reply_frames failed!");
11466 		goto fail;
11467 	}
11468 
11469 	/*
11470 	 * Re-Initialize ioc to operational state
11471 	 */
11472 	if (mptsas_ioc_init(mpt) == DDI_FAILURE) {
11473 		mptsas_log(mpt, CE_WARN, "mptsas_ioc_init failed");
11474 		goto fail;
11475 	}
11476 
11477 	mpt->m_replyh_args = kmem_zalloc(sizeof (m_replyh_arg_t) *
11478 	    mpt->m_max_replies, KM_SLEEP);
11479 
11480 	/*
11481 	 * Initialize reply post index.  Reply free index is initialized after
11482 	 * the next loop.
11483 	 */
11484 	mpt->m_post_index = 0;
11485 
11486 	/*
11487 	 * Initialize the Reply Free Queue with the physical addresses of our
11488 	 * reply frames.
11489 	 */
11490 	cookie.dmac_address = mpt->m_reply_frame_dma_addr;
11491 	for (i = 0; i < mpt->m_max_replies; i++) {
11492 		ddi_put32(mpt->m_acc_free_queue_hdl,
11493 		    &((uint32_t *)(void *)mpt->m_free_queue)[i],
11494 		    cookie.dmac_address);
11495 		cookie.dmac_address += mpt->m_reply_frame_size;
11496 	}
11497 	(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
11498 	    DDI_DMA_SYNC_FORDEV);
11499 
11500 	/*
11501 	 * Initialize the reply free index to one past the last frame on the
11502 	 * queue.  This will signify that the queue is empty to start with.
11503 	 */
11504 	mpt->m_free_index = i;
11505 	ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex, i);
11506 
11507 	/*
11508 	 * Initialize the reply post queue to 0xFFFFFFFF,0xFFFFFFFF's.
11509 	 */
11510 	for (i = 0; i < mpt->m_post_queue_depth; i++) {
11511 		ddi_put64(mpt->m_acc_post_queue_hdl,
11512 		    &((uint64_t *)(void *)mpt->m_post_queue)[i],
11513 		    0xFFFFFFFFFFFFFFFF);
11514 	}
11515 	(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
11516 	    DDI_DMA_SYNC_FORDEV);
11517 
11518 	/*
11519 	 * Enable ports
11520 	 */
11521 	if (mptsas_ioc_enable_port(mpt) == DDI_FAILURE) {
11522 		mptsas_log(mpt, CE_WARN, "mptsas_ioc_enable_port failed");
11523 		goto fail;
11524 	}
11525 
11526 	/*
11527 	 * First, make sure the HBA is set in "initiator" mode.  Once that
11528 	 * is complete, get the base WWID.
11529 	 */
11530 
11531 	if (first_time == TRUE) {
11532 		if (mptsas_set_initiator_mode(mpt)) {
11533 			mptsas_log(mpt, CE_WARN, "mptsas_set_initiator_mode "
11534 			    "failed!");
11535 			goto fail;
11536 		}
11537 
11538 		if (mptsas_get_manufacture_page5(mpt) == DDI_FAILURE) {
11539 			mptsas_log(mpt, CE_WARN,
11540 			    "mptsas_get_manufacture_page5 failed!");
11541 			goto fail;
11542 		}
11543 	}
11544 
11545 	/*
11546 	 * enable events
11547 	 */
11548 	if (first_time == FALSE) {
11549 		if (mptsas_ioc_enable_event_notification(mpt)) {
11550 			goto fail;
11551 		}
11552 	}
11553 
11554 	/*
11555 	 * We need checks in attach and these.
11556 	 * chip_init is called in mult. places
11557 	 */
11558 
11559 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl) !=
11560 	    DDI_SUCCESS) ||
11561 	    (mptsas_check_dma_handle(mpt->m_dma_reply_frame_hdl) !=
11562 	    DDI_SUCCESS) ||
11563 	    (mptsas_check_dma_handle(mpt->m_dma_free_queue_hdl) !=
11564 	    DDI_SUCCESS) ||
11565 	    (mptsas_check_dma_handle(mpt->m_dma_post_queue_hdl) !=
11566 	    DDI_SUCCESS) ||
11567 	    (mptsas_check_dma_handle(mpt->m_hshk_dma_hdl) !=
11568 	    DDI_SUCCESS)) {
11569 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
11570 		goto fail;
11571 	}
11572 
11573 	/* Check all acc handles */
11574 	if ((mptsas_check_acc_handle(mpt->m_datap) != DDI_SUCCESS) ||
11575 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl) !=
11576 	    DDI_SUCCESS) ||
11577 	    (mptsas_check_acc_handle(mpt->m_acc_reply_frame_hdl) !=
11578 	    DDI_SUCCESS) ||
11579 	    (mptsas_check_acc_handle(mpt->m_acc_free_queue_hdl) !=
11580 	    DDI_SUCCESS) ||
11581 	    (mptsas_check_acc_handle(mpt->m_acc_post_queue_hdl) !=
11582 	    DDI_SUCCESS) ||
11583 	    (mptsas_check_acc_handle(mpt->m_hshk_acc_hdl) !=
11584 	    DDI_SUCCESS) ||
11585 	    (mptsas_check_acc_handle(mpt->m_config_handle) !=
11586 	    DDI_SUCCESS)) {
11587 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
11588 		goto fail;
11589 	}
11590 
11591 	return (DDI_SUCCESS);
11592 
11593 fail:
11594 	return (DDI_FAILURE);
11595 }
11596 
11597 static int
11598 mptsas_init_pm(mptsas_t *mpt)
11599 {
11600 	char		pmc_name[16];
11601 	char		*pmc[] = {
11602 				NULL,
11603 				"0=Off (PCI D3 State)",
11604 				"3=On (PCI D0 State)",
11605 				NULL
11606 			};
11607 	uint16_t	pmcsr_stat;
11608 
11609 	/*
11610 	 * If power management is supported by this chip, create
11611 	 * pm-components property for the power management framework
11612 	 */
11613 	(void) sprintf(pmc_name, "NAME=mptsas%d", mpt->m_instance);
11614 	pmc[0] = pmc_name;
11615 	if (ddi_prop_update_string_array(DDI_DEV_T_NONE, mpt->m_dip,
11616 	    "pm-components", pmc, 3) != DDI_PROP_SUCCESS) {
11617 		mpt->m_options &= ~MPTSAS_OPT_PM;
11618 		mptsas_log(mpt, CE_WARN,
11619 		    "mptsas%d: pm-component property creation failed.",
11620 		    mpt->m_instance);
11621 		return (DDI_FAILURE);
11622 	}
11623 
11624 	/*
11625 	 * Power on device.
11626 	 */
11627 	(void) pm_busy_component(mpt->m_dip, 0);
11628 	pmcsr_stat = pci_config_get16(mpt->m_config_handle,
11629 	    mpt->m_pmcsr_offset);
11630 	if ((pmcsr_stat & PCI_PMCSR_STATE_MASK) != PCI_PMCSR_D0) {
11631 		mptsas_log(mpt, CE_WARN, "mptsas%d: Power up the device",
11632 		    mpt->m_instance);
11633 		pci_config_put16(mpt->m_config_handle, mpt->m_pmcsr_offset,
11634 		    PCI_PMCSR_D0);
11635 	}
11636 	if (pm_power_has_changed(mpt->m_dip, 0, PM_LEVEL_D0) != DDI_SUCCESS) {
11637 		mptsas_log(mpt, CE_WARN, "pm_power_has_changed failed");
11638 		return (DDI_FAILURE);
11639 	}
11640 	mpt->m_power_level = PM_LEVEL_D0;
11641 	/*
11642 	 * Set pm idle delay.
11643 	 */
11644 	mpt->m_pm_idle_delay = ddi_prop_get_int(DDI_DEV_T_ANY,
11645 	    mpt->m_dip, 0, "mptsas-pm-idle-delay", MPTSAS_PM_IDLE_TIMEOUT);
11646 
11647 	return (DDI_SUCCESS);
11648 }
11649 
11650 /*
11651  * mptsas_add_intrs:
11652  *
11653  * Register FIXED or MSI interrupts.
11654  */
11655 static int
11656 mptsas_add_intrs(mptsas_t *mpt, int intr_type)
11657 {
11658 	dev_info_t	*dip = mpt->m_dip;
11659 	int		avail, actual, count = 0;
11660 	int		i, flag, ret;
11661 
11662 	NDBG6(("mptsas_add_intrs:interrupt type 0x%x", intr_type));
11663 
11664 	/* Get number of interrupts */
11665 	ret = ddi_intr_get_nintrs(dip, intr_type, &count);
11666 	if ((ret != DDI_SUCCESS) || (count <= 0)) {
11667 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_nintrs() failed, "
11668 		    "ret %d count %d\n", ret, count);
11669 
11670 		return (DDI_FAILURE);
11671 	}
11672 
11673 	/* Get number of available interrupts */
11674 	ret = ddi_intr_get_navail(dip, intr_type, &avail);
11675 	if ((ret != DDI_SUCCESS) || (avail == 0)) {
11676 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_navail() failed, "
11677 		    "ret %d avail %d\n", ret, avail);
11678 
11679 		return (DDI_FAILURE);
11680 	}
11681 
11682 	if (avail < count) {
11683 		mptsas_log(mpt, CE_NOTE, "ddi_intr_get_nvail returned %d, "
11684 		    "navail() returned %d", count, avail);
11685 	}
11686 
11687 	/* Mpt only have one interrupt routine */
11688 	if ((intr_type == DDI_INTR_TYPE_MSI) && (count > 1)) {
11689 		count = 1;
11690 	}
11691 
11692 	/* Allocate an array of interrupt handles */
11693 	mpt->m_intr_size = count * sizeof (ddi_intr_handle_t);
11694 	mpt->m_htable = kmem_alloc(mpt->m_intr_size, KM_SLEEP);
11695 
11696 	flag = DDI_INTR_ALLOC_NORMAL;
11697 
11698 	/* call ddi_intr_alloc() */
11699 	ret = ddi_intr_alloc(dip, mpt->m_htable, intr_type, 0,
11700 	    count, &actual, flag);
11701 
11702 	if ((ret != DDI_SUCCESS) || (actual == 0)) {
11703 		mptsas_log(mpt, CE_WARN, "ddi_intr_alloc() failed, ret %d\n",
11704 		    ret);
11705 		kmem_free(mpt->m_htable, mpt->m_intr_size);
11706 		return (DDI_FAILURE);
11707 	}
11708 
11709 	/* use interrupt count returned or abort? */
11710 	if (actual < count) {
11711 		mptsas_log(mpt, CE_NOTE, "Requested: %d, Received: %d\n",
11712 		    count, actual);
11713 	}
11714 
11715 	mpt->m_intr_cnt = actual;
11716 
11717 	/*
11718 	 * Get priority for first msi, assume remaining are all the same
11719 	 */
11720 	if ((ret = ddi_intr_get_pri(mpt->m_htable[0],
11721 	    &mpt->m_intr_pri)) != DDI_SUCCESS) {
11722 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_pri() failed %d\n", ret);
11723 
11724 		/* Free already allocated intr */
11725 		for (i = 0; i < actual; i++) {
11726 			(void) ddi_intr_free(mpt->m_htable[i]);
11727 		}
11728 
11729 		kmem_free(mpt->m_htable, mpt->m_intr_size);
11730 		return (DDI_FAILURE);
11731 	}
11732 
11733 	/* Test for high level mutex */
11734 	if (mpt->m_intr_pri >= ddi_intr_get_hilevel_pri()) {
11735 		mptsas_log(mpt, CE_WARN, "mptsas_add_intrs: "
11736 		    "Hi level interrupt not supported\n");
11737 
11738 		/* Free already allocated intr */
11739 		for (i = 0; i < actual; i++) {
11740 			(void) ddi_intr_free(mpt->m_htable[i]);
11741 		}
11742 
11743 		kmem_free(mpt->m_htable, mpt->m_intr_size);
11744 		return (DDI_FAILURE);
11745 	}
11746 
11747 	/* Call ddi_intr_add_handler() */
11748 	for (i = 0; i < actual; i++) {
11749 		if ((ret = ddi_intr_add_handler(mpt->m_htable[i], mptsas_intr,
11750 		    (caddr_t)mpt, (caddr_t)(uintptr_t)i)) != DDI_SUCCESS) {
11751 			mptsas_log(mpt, CE_WARN, "ddi_intr_add_handler() "
11752 			    "failed %d\n", ret);
11753 
11754 			/* Free already allocated intr */
11755 			for (i = 0; i < actual; i++) {
11756 				(void) ddi_intr_free(mpt->m_htable[i]);
11757 			}
11758 
11759 			kmem_free(mpt->m_htable, mpt->m_intr_size);
11760 			return (DDI_FAILURE);
11761 		}
11762 	}
11763 
11764 	if ((ret = ddi_intr_get_cap(mpt->m_htable[0], &mpt->m_intr_cap))
11765 	    != DDI_SUCCESS) {
11766 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_cap() failed %d\n", ret);
11767 
11768 		/* Free already allocated intr */
11769 		for (i = 0; i < actual; i++) {
11770 			(void) ddi_intr_free(mpt->m_htable[i]);
11771 		}
11772 
11773 		kmem_free(mpt->m_htable, mpt->m_intr_size);
11774 		return (DDI_FAILURE);
11775 	}
11776 
11777 	return (DDI_SUCCESS);
11778 }
11779 
11780 /*
11781  * mptsas_rem_intrs:
11782  *
11783  * Unregister FIXED or MSI interrupts
11784  */
11785 static void
11786 mptsas_rem_intrs(mptsas_t *mpt)
11787 {
11788 	int	i;
11789 
11790 	NDBG6(("mptsas_rem_intrs"));
11791 
11792 	/* Disable all interrupts */
11793 	if (mpt->m_intr_cap & DDI_INTR_FLAG_BLOCK) {
11794 		/* Call ddi_intr_block_disable() */
11795 		(void) ddi_intr_block_disable(mpt->m_htable, mpt->m_intr_cnt);
11796 	} else {
11797 		for (i = 0; i < mpt->m_intr_cnt; i++) {
11798 			(void) ddi_intr_disable(mpt->m_htable[i]);
11799 		}
11800 	}
11801 
11802 	/* Call ddi_intr_remove_handler() */
11803 	for (i = 0; i < mpt->m_intr_cnt; i++) {
11804 		(void) ddi_intr_remove_handler(mpt->m_htable[i]);
11805 		(void) ddi_intr_free(mpt->m_htable[i]);
11806 	}
11807 
11808 	kmem_free(mpt->m_htable, mpt->m_intr_size);
11809 }
11810 
11811 /*
11812  * The IO fault service error handling callback function
11813  */
11814 /*ARGSUSED*/
11815 static int
11816 mptsas_fm_error_cb(dev_info_t *dip, ddi_fm_error_t *err, const void *impl_data)
11817 {
11818 	/*
11819 	 * as the driver can always deal with an error in any dma or
11820 	 * access handle, we can just return the fme_status value.
11821 	 */
11822 	pci_ereport_post(dip, err, NULL);
11823 	return (err->fme_status);
11824 }
11825 
11826 /*
11827  * mptsas_fm_init - initialize fma capabilities and register with IO
11828  *               fault services.
11829  */
11830 static void
11831 mptsas_fm_init(mptsas_t *mpt)
11832 {
11833 	/*
11834 	 * Need to change iblock to priority for new MSI intr
11835 	 */
11836 	ddi_iblock_cookie_t	fm_ibc;
11837 
11838 	/* Only register with IO Fault Services if we have some capability */
11839 	if (mpt->m_fm_capabilities) {
11840 		/* Adjust access and dma attributes for FMA */
11841 		mpt->m_reg_acc_attr.devacc_attr_access = DDI_FLAGERR_ACC;
11842 		mpt->m_msg_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR;
11843 		mpt->m_io_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR;
11844 
11845 		/*
11846 		 * Register capabilities with IO Fault Services.
11847 		 * mpt->m_fm_capabilities will be updated to indicate
11848 		 * capabilities actually supported (not requested.)
11849 		 */
11850 		ddi_fm_init(mpt->m_dip, &mpt->m_fm_capabilities, &fm_ibc);
11851 
11852 		/*
11853 		 * Initialize pci ereport capabilities if ereport
11854 		 * capable (should always be.)
11855 		 */
11856 		if (DDI_FM_EREPORT_CAP(mpt->m_fm_capabilities) ||
11857 		    DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
11858 			pci_ereport_setup(mpt->m_dip);
11859 		}
11860 
11861 		/*
11862 		 * Register error callback if error callback capable.
11863 		 */
11864 		if (DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
11865 			ddi_fm_handler_register(mpt->m_dip,
11866 			    mptsas_fm_error_cb, (void *) mpt);
11867 		}
11868 	}
11869 }
11870 
11871 /*
11872  * mptsas_fm_fini - Releases fma capabilities and un-registers with IO
11873  *               fault services.
11874  *
11875  */
11876 static void
11877 mptsas_fm_fini(mptsas_t *mpt)
11878 {
11879 	/* Only unregister FMA capabilities if registered */
11880 	if (mpt->m_fm_capabilities) {
11881 
11882 		/*
11883 		 * Un-register error callback if error callback capable.
11884 		 */
11885 
11886 		if (DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
11887 			ddi_fm_handler_unregister(mpt->m_dip);
11888 		}
11889 
11890 		/*
11891 		 * Release any resources allocated by pci_ereport_setup()
11892 		 */
11893 
11894 		if (DDI_FM_EREPORT_CAP(mpt->m_fm_capabilities) ||
11895 		    DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
11896 			pci_ereport_teardown(mpt->m_dip);
11897 		}
11898 
11899 		/* Unregister from IO Fault Services */
11900 		ddi_fm_fini(mpt->m_dip);
11901 
11902 		/* Adjust access and dma attributes for FMA */
11903 		mpt->m_reg_acc_attr.devacc_attr_access = DDI_DEFAULT_ACC;
11904 		mpt->m_msg_dma_attr.dma_attr_flags &= ~DDI_DMA_FLAGERR;
11905 		mpt->m_io_dma_attr.dma_attr_flags &= ~DDI_DMA_FLAGERR;
11906 
11907 	}
11908 }
11909 
11910 int
11911 mptsas_check_acc_handle(ddi_acc_handle_t handle)
11912 {
11913 	ddi_fm_error_t	de;
11914 
11915 	if (handle == NULL)
11916 		return (DDI_FAILURE);
11917 	ddi_fm_acc_err_get(handle, &de, DDI_FME_VER0);
11918 	return (de.fme_status);
11919 }
11920 
11921 int
11922 mptsas_check_dma_handle(ddi_dma_handle_t handle)
11923 {
11924 	ddi_fm_error_t	de;
11925 
11926 	if (handle == NULL)
11927 		return (DDI_FAILURE);
11928 	ddi_fm_dma_err_get(handle, &de, DDI_FME_VER0);
11929 	return (de.fme_status);
11930 }
11931 
11932 void
11933 mptsas_fm_ereport(mptsas_t *mpt, char *detail)
11934 {
11935 	uint64_t	ena;
11936 	char		buf[FM_MAX_CLASS];
11937 
11938 	(void) snprintf(buf, FM_MAX_CLASS, "%s.%s", DDI_FM_DEVICE, detail);
11939 	ena = fm_ena_generate(0, FM_ENA_FMT1);
11940 	if (DDI_FM_EREPORT_CAP(mpt->m_fm_capabilities)) {
11941 		ddi_fm_ereport_post(mpt->m_dip, buf, ena, DDI_NOSLEEP,
11942 		    FM_VERSION, DATA_TYPE_UINT8, FM_EREPORT_VERS0, NULL);
11943 	}
11944 }
11945 
11946 static int
11947 mptsas_get_target_device_info(mptsas_t *mpt, uint32_t page_address,
11948     uint16_t *dev_handle, mptsas_target_t **pptgt)
11949 {
11950 	int		rval;
11951 	uint32_t	dev_info;
11952 	uint64_t	sas_wwn;
11953 	uint8_t		physport, phymask;
11954 	uint8_t		phynum, config, disk;
11955 	mptsas_slots_t	*slots = mpt->m_active;
11956 	uint64_t		devicename;
11957 	mptsas_target_t		*tmp_tgt = NULL;
11958 
11959 	ASSERT(*pptgt == NULL);
11960 
11961 	rval = mptsas_get_sas_device_page0(mpt, page_address, dev_handle,
11962 	    &sas_wwn, &dev_info, &physport, &phynum);
11963 	if (rval != DDI_SUCCESS) {
11964 		rval = DEV_INFO_FAIL_PAGE0;
11965 		return (rval);
11966 	}
11967 
11968 	if ((dev_info & (MPI2_SAS_DEVICE_INFO_SSP_TARGET |
11969 	    MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
11970 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) == NULL) {
11971 		rval = DEV_INFO_WRONG_DEVICE_TYPE;
11972 		return (rval);
11973 	}
11974 
11975 	/*
11976 	 * Get SATA Device Name from SAS device page0 for
11977 	 * sata device, if device name doesn't exist, set m_sas_wwn to
11978 	 * 0 for direct attached SATA. For the device behind the expander
11979 	 * we still can use STP address assigned by expander.
11980 	 */
11981 	if (dev_info & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
11982 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
11983 		mutex_exit(&mpt->m_mutex);
11984 		/* alloc a tmp_tgt to send the cmd */
11985 		tmp_tgt = kmem_zalloc(sizeof (struct mptsas_target),
11986 		    KM_SLEEP);
11987 		tmp_tgt->m_devhdl = *dev_handle;
11988 		tmp_tgt->m_deviceinfo = dev_info;
11989 		tmp_tgt->m_qfull_retries = QFULL_RETRIES;
11990 		tmp_tgt->m_qfull_retry_interval =
11991 		    drv_usectohz(QFULL_RETRY_INTERVAL * 1000);
11992 		tmp_tgt->m_t_throttle = MAX_THROTTLE;
11993 		devicename = mptsas_get_sata_guid(mpt, tmp_tgt, 0);
11994 		kmem_free(tmp_tgt, sizeof (struct mptsas_target));
11995 		mutex_enter(&mpt->m_mutex);
11996 		if (devicename != 0 && (((devicename >> 56) & 0xf0) == 0x50)) {
11997 			sas_wwn = devicename;
11998 		} else if (dev_info & MPI2_SAS_DEVICE_INFO_DIRECT_ATTACH) {
11999 			sas_wwn = 0;
12000 		}
12001 	}
12002 
12003 	/*
12004 	 * Check if the dev handle is for a Phys Disk. If so, set return value
12005 	 * and exit.  Don't add Phys Disks to hash.
12006 	 */
12007 	for (config = 0; config < slots->m_num_raid_configs; config++) {
12008 		for (disk = 0; disk < MPTSAS_MAX_DISKS_IN_CONFIG; disk++) {
12009 			if (*dev_handle == slots->m_raidconfig[config].
12010 			    m_physdisk_devhdl[disk]) {
12011 				rval = DEV_INFO_PHYS_DISK;
12012 				return (rval);
12013 			}
12014 		}
12015 	}
12016 
12017 	phymask = mptsas_physport_to_phymask(mpt, physport);
12018 	*pptgt = mptsas_tgt_alloc(&slots->m_tgttbl, *dev_handle, sas_wwn,
12019 	    dev_info, phymask, phynum);
12020 	if (*pptgt == NULL) {
12021 		mptsas_log(mpt, CE_WARN, "Failed to allocated target"
12022 		    "structure!");
12023 		rval = DEV_INFO_FAIL_ALLOC;
12024 		return (rval);
12025 	}
12026 	return (DEV_INFO_SUCCESS);
12027 }
12028 
12029 uint64_t
12030 mptsas_get_sata_guid(mptsas_t *mpt, mptsas_target_t *ptgt, int lun)
12031 {
12032 	uint64_t	sata_guid = 0, *pwwn = NULL;
12033 	int		target = ptgt->m_devhdl;
12034 	uchar_t		*inq83 = NULL;
12035 	int		inq83_len = 0xFF;
12036 	uchar_t		*dblk = NULL;
12037 	int		inq83_retry = 3;
12038 	int		rval = DDI_FAILURE;
12039 
12040 	inq83	= kmem_zalloc(inq83_len, KM_SLEEP);
12041 
12042 inq83_retry:
12043 	rval = mptsas_inquiry(mpt, ptgt, lun, 0x83, inq83,
12044 	    inq83_len, NULL, 1);
12045 	if (rval != DDI_SUCCESS) {
12046 		mptsas_log(mpt, CE_WARN, "!mptsas request inquiry page "
12047 		    "0x83 for target:%x, lun:%x failed!", target, lun);
12048 		goto out;
12049 	}
12050 	/* According to SAT2, the first descriptor is logic unit name */
12051 	dblk = &inq83[4];
12052 	if ((dblk[1] & 0x30) != 0) {
12053 		mptsas_log(mpt, CE_WARN, "!Descriptor is not lun associated.");
12054 		goto out;
12055 	}
12056 	pwwn = (uint64_t *)(void *)(&dblk[4]);
12057 	if ((dblk[4] & 0xf0) == 0x50) {
12058 		sata_guid = BE_64(*pwwn);
12059 		goto out;
12060 	} else if (dblk[4] == 'A') {
12061 		NDBG20(("SATA drive has no NAA format GUID."));
12062 		goto out;
12063 	} else {
12064 		/* The data is not ready, wait and retry */
12065 		inq83_retry--;
12066 		if (inq83_retry <= 0) {
12067 			goto out;
12068 		}
12069 		NDBG20(("The GUID is not ready, retry..."));
12070 		delay(1 * drv_usectohz(1000000));
12071 		goto inq83_retry;
12072 	}
12073 out:
12074 	kmem_free(inq83, inq83_len);
12075 	return (sata_guid);
12076 }
12077 
12078 static int
12079 mptsas_inquiry(mptsas_t *mpt, mptsas_target_t *ptgt, int lun, uchar_t page,
12080     unsigned char *buf, int len, int *reallen, uchar_t evpd)
12081 {
12082 	uchar_t			cdb[CDB_GROUP0];
12083 	struct scsi_address	ap;
12084 	struct buf		*data_bp = NULL;
12085 	int			resid = 0;
12086 	int			ret = DDI_FAILURE;
12087 
12088 	ASSERT(len <= 0xffff);
12089 
12090 	ap.a_target = MPTSAS_INVALID_DEVHDL;
12091 	ap.a_lun = (uchar_t)(lun);
12092 	ap.a_hba_tran = mpt->m_tran;
12093 
12094 	data_bp = scsi_alloc_consistent_buf(&ap,
12095 	    (struct buf *)NULL, len, B_READ, NULL_FUNC, NULL);
12096 	if (data_bp == NULL) {
12097 		return (ret);
12098 	}
12099 	bzero(cdb, CDB_GROUP0);
12100 	cdb[0] = SCMD_INQUIRY;
12101 	cdb[1] = evpd;
12102 	cdb[2] = page;
12103 	cdb[3] = (len & 0xff00) >> 8;
12104 	cdb[4] = (len & 0x00ff);
12105 	cdb[5] = 0;
12106 
12107 	ret = mptsas_send_scsi_cmd(mpt, &ap, ptgt, &cdb[0], CDB_GROUP0, data_bp,
12108 	    &resid);
12109 	if (ret == DDI_SUCCESS) {
12110 		if (reallen) {
12111 			*reallen = len - resid;
12112 		}
12113 		bcopy((caddr_t)data_bp->b_un.b_addr, buf, len);
12114 	}
12115 	if (data_bp) {
12116 		scsi_free_consistent_buf(data_bp);
12117 	}
12118 	return (ret);
12119 }
12120 
12121 static int
12122 mptsas_send_scsi_cmd(mptsas_t *mpt, struct scsi_address *ap,
12123     mptsas_target_t *ptgt, uchar_t *cdb, int cdblen, struct buf *data_bp,
12124     int *resid)
12125 {
12126 	struct scsi_pkt		*pktp = NULL;
12127 	scsi_hba_tran_t		*tran_clone = NULL;
12128 	mptsas_tgt_private_t	*tgt_private = NULL;
12129 	int			ret = DDI_FAILURE;
12130 
12131 	/*
12132 	 * scsi_hba_tran_t->tran_tgt_private is used to pass the address
12133 	 * information to scsi_init_pkt, allocate a scsi_hba_tran structure
12134 	 * to simulate the cmds from sd
12135 	 */
12136 	tran_clone = kmem_alloc(
12137 	    sizeof (scsi_hba_tran_t), KM_SLEEP);
12138 	if (tran_clone == NULL) {
12139 		goto out;
12140 	}
12141 	bcopy((caddr_t)mpt->m_tran,
12142 	    (caddr_t)tran_clone, sizeof (scsi_hba_tran_t));
12143 	tgt_private = kmem_alloc(
12144 	    sizeof (mptsas_tgt_private_t), KM_SLEEP);
12145 	if (tgt_private == NULL) {
12146 		goto out;
12147 	}
12148 	tgt_private->t_lun = ap->a_lun;
12149 	tgt_private->t_private = ptgt;
12150 	tran_clone->tran_tgt_private = tgt_private;
12151 	ap->a_hba_tran = tran_clone;
12152 
12153 	pktp = scsi_init_pkt(ap, (struct scsi_pkt *)NULL,
12154 	    data_bp, cdblen, sizeof (struct scsi_arq_status),
12155 	    0, PKT_CONSISTENT, NULL, NULL);
12156 	if (pktp == NULL) {
12157 		goto out;
12158 	}
12159 	bcopy(cdb, pktp->pkt_cdbp, cdblen);
12160 	pktp->pkt_flags = FLAG_NOPARITY;
12161 	if (scsi_poll(pktp) < 0) {
12162 		goto out;
12163 	}
12164 	if (((struct scsi_status *)pktp->pkt_scbp)->sts_chk) {
12165 		goto out;
12166 	}
12167 	if (resid != NULL) {
12168 		*resid = pktp->pkt_resid;
12169 	}
12170 
12171 	ret = DDI_SUCCESS;
12172 out:
12173 	if (pktp) {
12174 		scsi_destroy_pkt(pktp);
12175 	}
12176 	if (tran_clone) {
12177 		kmem_free(tran_clone, sizeof (scsi_hba_tran_t));
12178 	}
12179 	if (tgt_private) {
12180 		kmem_free(tgt_private, sizeof (mptsas_tgt_private_t));
12181 	}
12182 	return (ret);
12183 }
12184 static int
12185 mptsas_parse_address(char *name, uint64_t *wwid, uint8_t *phy, int *lun)
12186 {
12187 	char	*cp = NULL;
12188 	char	*ptr = NULL;
12189 	size_t	s = 0;
12190 	char	*wwid_str = NULL;
12191 	char	*lun_str = NULL;
12192 	long	lunnum;
12193 	long	phyid = -1;
12194 	int	rc = DDI_FAILURE;
12195 
12196 	ptr = name;
12197 	ASSERT(ptr[0] == 'w' || ptr[0] == 'p');
12198 	ptr++;
12199 	if ((cp = strchr(ptr, ',')) == NULL) {
12200 		return (DDI_FAILURE);
12201 	}
12202 
12203 	wwid_str = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
12204 	s = (uintptr_t)cp - (uintptr_t)ptr;
12205 
12206 	bcopy(ptr, wwid_str, s);
12207 	wwid_str[s] = '\0';
12208 
12209 	ptr = ++cp;
12210 
12211 	if ((cp = strchr(ptr, '\0')) == NULL) {
12212 		goto out;
12213 	}
12214 	lun_str =  kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
12215 	s = (uintptr_t)cp - (uintptr_t)ptr;
12216 
12217 	bcopy(ptr, lun_str, s);
12218 	lun_str[s] = '\0';
12219 
12220 	if (name[0] == 'p') {
12221 		rc = ddi_strtol(wwid_str, NULL, 0x10, &phyid);
12222 	} else {
12223 		rc = scsi_wwnstr_to_wwn(wwid_str, wwid);
12224 	}
12225 	if (rc != DDI_SUCCESS)
12226 		goto out;
12227 
12228 	if (phyid != -1) {
12229 		ASSERT(phyid < 8);
12230 		*phy = (uint8_t)phyid;
12231 	}
12232 	rc = ddi_strtol(lun_str, NULL, 0x10, &lunnum);
12233 	if (rc != 0)
12234 		goto out;
12235 
12236 	*lun = (int)lunnum;
12237 	rc = DDI_SUCCESS;
12238 out:
12239 	if (wwid_str)
12240 		kmem_free(wwid_str, SCSI_MAXNAMELEN);
12241 	if (lun_str)
12242 		kmem_free(lun_str, SCSI_MAXNAMELEN);
12243 
12244 	return (rc);
12245 }
12246 
12247 /*
12248  * mptsas_parse_smp_name() is to parse sas wwn string
12249  * which format is "wWWN"
12250  */
12251 static int
12252 mptsas_parse_smp_name(char *name, uint64_t *wwn)
12253 {
12254 	char	*ptr = name;
12255 
12256 	if (*ptr != 'w') {
12257 		return (DDI_FAILURE);
12258 	}
12259 
12260 	ptr++;
12261 	if (scsi_wwnstr_to_wwn(ptr, wwn)) {
12262 		return (DDI_FAILURE);
12263 	}
12264 	return (DDI_SUCCESS);
12265 }
12266 
12267 static int
12268 mptsas_bus_config(dev_info_t *pdip, uint_t flag,
12269     ddi_bus_config_op_t op, void *arg, dev_info_t **childp)
12270 {
12271 	int		ret = NDI_FAILURE;
12272 	int		circ = 0;
12273 	int		circ1 = 0;
12274 	mptsas_t	*mpt;
12275 	char		*ptr = NULL;
12276 	char		*devnm = NULL;
12277 	uint64_t	wwid = 0;
12278 	uint8_t		phy = 0xFF;
12279 	int		lun = 0;
12280 	uint_t		mflags = flag;
12281 
12282 	if (scsi_hba_iport_unit_address(pdip) == 0) {
12283 		return (DDI_FAILURE);
12284 	}
12285 
12286 	mpt = DIP2MPT(pdip);
12287 	if (!mpt) {
12288 		return (DDI_FAILURE);
12289 	}
12290 
12291 	/*
12292 	 * Hold the nexus across the bus_config
12293 	 */
12294 	ndi_devi_enter(scsi_vhci_dip, &circ);
12295 	ndi_devi_enter(pdip, &circ1);
12296 	switch (op) {
12297 	case BUS_CONFIG_ONE:
12298 		/* parse wwid/target name out of name given */
12299 		if ((ptr = strchr((char *)arg, '@')) == NULL) {
12300 			ret = NDI_FAILURE;
12301 			break;
12302 		}
12303 		ptr++;
12304 		if (strncmp((char *)arg, "smp", 3) == 0) {
12305 			/*
12306 			 * This is a SMP target device
12307 			 */
12308 			ret = mptsas_parse_smp_name(ptr, &wwid);
12309 			if (ret != DDI_SUCCESS) {
12310 				ret = NDI_FAILURE;
12311 				break;
12312 			}
12313 			ret = mptsas_config_smp(pdip, wwid, childp);
12314 		} else if ((ptr[0] == 'w') || (ptr[0] == 'p')) {
12315 			/*
12316 			 * OBP could pass down a non-canonical form
12317 			 * bootpath without LUN part when LUN is 0.
12318 			 * So driver need adjust the string.
12319 			 */
12320 			if (strchr(ptr, ',') == NULL) {
12321 				devnm = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
12322 				(void) sprintf(devnm, "%s,0", (char *)arg);
12323 				ptr = strchr(devnm, '@');
12324 				ptr++;
12325 			}
12326 
12327 			/*
12328 			 * The device path is wWWID format and the device
12329 			 * is not SMP target device.
12330 			 */
12331 			ret = mptsas_parse_address(ptr, &wwid, &phy, &lun);
12332 			if (ret != DDI_SUCCESS) {
12333 				ret = NDI_FAILURE;
12334 				break;
12335 			}
12336 			if (ptr[0] == 'w') {
12337 				ret = mptsas_config_one_addr(pdip, wwid,
12338 				    lun, childp);
12339 			} else if (ptr[0] == 'p') {
12340 				ret = mptsas_config_one_phy(pdip, phy, lun,
12341 				    childp);
12342 			}
12343 		} else {
12344 			ret = NDI_FAILURE;
12345 			break;
12346 		}
12347 
12348 		/*
12349 		 * DDI group instructed us to use this flag.
12350 		 */
12351 		mflags |= NDI_MDI_FALLBACK;
12352 		break;
12353 	case BUS_CONFIG_DRIVER:
12354 	case BUS_CONFIG_ALL:
12355 		mptsas_config_all(pdip);
12356 		ret = NDI_SUCCESS;
12357 		break;
12358 	}
12359 
12360 	if (ret == NDI_SUCCESS) {
12361 		ret = ndi_busop_bus_config(pdip, mflags, op,
12362 		    (devnm == NULL) ? arg : devnm, childp, 0);
12363 	}
12364 
12365 	ndi_devi_exit(pdip, circ1);
12366 	ndi_devi_exit(scsi_vhci_dip, circ);
12367 	if (devnm != NULL)
12368 		kmem_free(devnm, SCSI_MAXNAMELEN);
12369 	return (ret);
12370 }
12371 
12372 static int
12373 mptsas_probe_lun(dev_info_t *pdip, int lun, dev_info_t **dip,
12374     mptsas_target_t *ptgt)
12375 {
12376 	int			rval = DDI_FAILURE;
12377 	struct scsi_inquiry	*sd_inq = NULL;
12378 	mptsas_t		*mpt = DIP2MPT(pdip);
12379 
12380 	sd_inq = (struct scsi_inquiry *)kmem_alloc(SUN_INQSIZE, KM_SLEEP);
12381 
12382 	rval = mptsas_inquiry(mpt, ptgt, lun, 0, (uchar_t *)sd_inq,
12383 	    SUN_INQSIZE, 0, (uchar_t)0);
12384 
12385 	if ((rval == DDI_SUCCESS) && MPTSAS_VALID_LUN(sd_inq)) {
12386 		rval = mptsas_create_lun(pdip, sd_inq, dip, ptgt, lun);
12387 	} else {
12388 		rval = DDI_FAILURE;
12389 	}
12390 
12391 	kmem_free(sd_inq, SUN_INQSIZE);
12392 	return (rval);
12393 }
12394 
12395 static int
12396 mptsas_config_one_addr(dev_info_t *pdip, uint64_t sasaddr, int lun,
12397     dev_info_t **lundip)
12398 {
12399 	int		rval;
12400 	mptsas_t		*mpt = DIP2MPT(pdip);
12401 	int		phymask;
12402 	mptsas_target_t	*ptgt = NULL;
12403 
12404 	/*
12405 	 * Get the physical port associated to the iport
12406 	 */
12407 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
12408 	    "phymask", 0);
12409 
12410 	ptgt = mptsas_wwid_to_ptgt(mpt, phymask, sasaddr);
12411 	if (ptgt == NULL) {
12412 		/*
12413 		 * didn't match any device by searching
12414 		 */
12415 		return (DDI_FAILURE);
12416 	}
12417 	/*
12418 	 * If the LUN already exists and the status is online,
12419 	 * we just return the pointer to dev_info_t directly.
12420 	 * For the mdi_pathinfo node, we'll handle it in
12421 	 * mptsas_create_virt_lun()
12422 	 * TODO should be also in mptsas_handle_dr
12423 	 */
12424 
12425 	*lundip = mptsas_find_child_addr(pdip, sasaddr, lun);
12426 	if (*lundip != NULL) {
12427 		/*
12428 		 * TODO Another senario is, we hotplug the same disk
12429 		 * on the same slot, the devhdl changed, is this
12430 		 * possible?
12431 		 * tgt_private->t_private != ptgt
12432 		 */
12433 		if (sasaddr != ptgt->m_sas_wwn) {
12434 			/*
12435 			 * The device has changed although the devhdl is the
12436 			 * same (Enclosure mapping mode, change drive on the
12437 			 * same slot)
12438 			 */
12439 			return (DDI_FAILURE);
12440 		}
12441 		return (DDI_SUCCESS);
12442 	}
12443 
12444 	if (phymask == 0) {
12445 		/*
12446 		 * Configure IR volume
12447 		 */
12448 		rval =  mptsas_config_raid(pdip, ptgt->m_devhdl, lundip);
12449 		return (rval);
12450 	}
12451 	rval = mptsas_probe_lun(pdip, lun, lundip, ptgt);
12452 
12453 	return (rval);
12454 }
12455 
12456 static int
12457 mptsas_config_one_phy(dev_info_t *pdip, uint8_t phy, int lun,
12458     dev_info_t **lundip)
12459 {
12460 	int		rval;
12461 	mptsas_target_t	*ptgt = NULL;
12462 
12463 	ptgt = mptsas_phy_to_tgt(pdip, phy);
12464 	if (ptgt == NULL) {
12465 		/*
12466 		 * didn't match any device by searching
12467 		 */
12468 		return (DDI_FAILURE);
12469 	}
12470 
12471 	/*
12472 	 * If the LUN already exists and the status is online,
12473 	 * we just return the pointer to dev_info_t directly.
12474 	 * For the mdi_pathinfo node, we'll handle it in
12475 	 * mptsas_create_virt_lun().
12476 	 */
12477 
12478 	*lundip = mptsas_find_child_phy(pdip, phy);
12479 	if (*lundip != NULL) {
12480 		return (DDI_SUCCESS);
12481 	}
12482 
12483 	rval = mptsas_probe_lun(pdip, lun, lundip, ptgt);
12484 
12485 	return (rval);
12486 }
12487 
12488 static int
12489 mptsas_retrieve_lundata(int lun_cnt, uint8_t *buf, uint16_t *lun_num,
12490     uint8_t *lun_addr_type)
12491 {
12492 	uint32_t	lun_idx = 0;
12493 
12494 	ASSERT(lun_num != NULL);
12495 	ASSERT(lun_addr_type != NULL);
12496 
12497 	lun_idx = (lun_cnt + 1) * MPTSAS_SCSI_REPORTLUNS_ADDRESS_SIZE;
12498 	/* determine report luns addressing type */
12499 	switch (buf[lun_idx] & MPTSAS_SCSI_REPORTLUNS_ADDRESS_MASK) {
12500 		/*
12501 		 * Vendors in the field have been found to be concatenating
12502 		 * bus/target/lun to equal the complete lun value instead
12503 		 * of switching to flat space addressing
12504 		 */
12505 		/* 00b - peripheral device addressing method */
12506 	case MPTSAS_SCSI_REPORTLUNS_ADDRESS_PERIPHERAL:
12507 		/* FALLTHRU */
12508 		/* 10b - logical unit addressing method */
12509 	case MPTSAS_SCSI_REPORTLUNS_ADDRESS_LOGICAL_UNIT:
12510 		/* FALLTHRU */
12511 		/* 01b - flat space addressing method */
12512 	case MPTSAS_SCSI_REPORTLUNS_ADDRESS_FLAT_SPACE:
12513 		/* byte0 bit0-5=msb lun byte1 bit0-7=lsb lun */
12514 		*lun_addr_type = (buf[lun_idx] &
12515 		    MPTSAS_SCSI_REPORTLUNS_ADDRESS_MASK) >> 6;
12516 		*lun_num = (buf[lun_idx] & 0x3F) << 8;
12517 		*lun_num |= buf[lun_idx + 1];
12518 		return (DDI_SUCCESS);
12519 	default:
12520 		return (DDI_FAILURE);
12521 	}
12522 }
12523 
12524 static int
12525 mptsas_config_luns(dev_info_t *pdip, mptsas_target_t *ptgt)
12526 {
12527 	struct buf		*repluns_bp = NULL;
12528 	struct scsi_address	ap;
12529 	uchar_t			cdb[CDB_GROUP5];
12530 	int			ret = DDI_FAILURE;
12531 	int			retry = 0;
12532 	int			lun_list_len = 0;
12533 	uint16_t		lun_num = 0;
12534 	uint8_t			lun_addr_type = 0;
12535 	uint32_t		lun_cnt = 0;
12536 	uint32_t		lun_total = 0;
12537 	dev_info_t		*cdip = NULL;
12538 	uint16_t		*saved_repluns = NULL;
12539 	char			*buffer = NULL;
12540 	int			buf_len = 128;
12541 	mptsas_t		*mpt = DIP2MPT(pdip);
12542 	uint64_t		sas_wwn = 0;
12543 	uint8_t			phy = 0xFF;
12544 	uint32_t		dev_info = 0;
12545 
12546 	mutex_enter(&mpt->m_mutex);
12547 	sas_wwn = ptgt->m_sas_wwn;
12548 	phy = ptgt->m_phynum;
12549 	dev_info = ptgt->m_deviceinfo;
12550 	mutex_exit(&mpt->m_mutex);
12551 
12552 	if (sas_wwn == 0) {
12553 		/*
12554 		 * It's a SATA without Device Name
12555 		 * So don't try multi-LUNs
12556 		 */
12557 		if (mptsas_find_child_phy(pdip, phy)) {
12558 			return (DDI_SUCCESS);
12559 		} else {
12560 			/*
12561 			 * need configure and create node
12562 			 */
12563 			return (DDI_FAILURE);
12564 		}
12565 	}
12566 
12567 	/*
12568 	 * WWN (SAS address or Device Name exist)
12569 	 */
12570 	if (dev_info & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
12571 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
12572 		/*
12573 		 * SATA device with Device Name
12574 		 * So don't try multi-LUNs
12575 		 */
12576 		if (mptsas_find_child_addr(pdip, sas_wwn, 0)) {
12577 			return (DDI_SUCCESS);
12578 		} else {
12579 			return (DDI_FAILURE);
12580 		}
12581 	}
12582 
12583 	do {
12584 		ap.a_target = MPTSAS_INVALID_DEVHDL;
12585 		ap.a_lun = 0;
12586 		ap.a_hba_tran = mpt->m_tran;
12587 		repluns_bp = scsi_alloc_consistent_buf(&ap,
12588 		    (struct buf *)NULL, buf_len, B_READ, NULL_FUNC, NULL);
12589 		if (repluns_bp == NULL) {
12590 			retry++;
12591 			continue;
12592 		}
12593 		bzero(cdb, CDB_GROUP5);
12594 		cdb[0] = SCMD_REPORT_LUNS;
12595 		cdb[6] = (buf_len & 0xff000000) >> 24;
12596 		cdb[7] = (buf_len & 0x00ff0000) >> 16;
12597 		cdb[8] = (buf_len & 0x0000ff00) >> 8;
12598 		cdb[9] = (buf_len & 0x000000ff);
12599 
12600 		ret = mptsas_send_scsi_cmd(mpt, &ap, ptgt, &cdb[0], CDB_GROUP5,
12601 		    repluns_bp, NULL);
12602 		if (ret != DDI_SUCCESS) {
12603 			scsi_free_consistent_buf(repluns_bp);
12604 			retry++;
12605 			continue;
12606 		}
12607 		lun_list_len = BE_32(*(int *)((void *)(
12608 		    repluns_bp->b_un.b_addr)));
12609 		if (buf_len >= lun_list_len + 8) {
12610 			ret = DDI_SUCCESS;
12611 			break;
12612 		}
12613 		scsi_free_consistent_buf(repluns_bp);
12614 		buf_len = lun_list_len + 8;
12615 
12616 	} while (retry < 3);
12617 
12618 	if (ret != DDI_SUCCESS)
12619 		return (ret);
12620 	buffer = (char *)repluns_bp->b_un.b_addr;
12621 	/*
12622 	 * find out the number of luns returned by the SCSI ReportLun call
12623 	 * and allocate buffer space
12624 	 */
12625 	lun_total = lun_list_len / MPTSAS_SCSI_REPORTLUNS_ADDRESS_SIZE;
12626 	saved_repluns = kmem_zalloc(sizeof (uint16_t) * lun_total, KM_SLEEP);
12627 	if (saved_repluns == NULL) {
12628 		scsi_free_consistent_buf(repluns_bp);
12629 		return (DDI_FAILURE);
12630 	}
12631 	for (lun_cnt = 0; lun_cnt < lun_total; lun_cnt++) {
12632 		if (mptsas_retrieve_lundata(lun_cnt, (uint8_t *)(buffer),
12633 		    &lun_num, &lun_addr_type) != DDI_SUCCESS) {
12634 			continue;
12635 		}
12636 		saved_repluns[lun_cnt] = lun_num;
12637 		if (cdip = mptsas_find_child_addr(pdip, sas_wwn, lun_num))
12638 			ret = DDI_SUCCESS;
12639 		else
12640 			ret = mptsas_probe_lun(pdip, lun_num, &cdip,
12641 			    ptgt);
12642 		if ((ret == DDI_SUCCESS) && (cdip != NULL)) {
12643 			(void) ndi_prop_remove(DDI_DEV_T_NONE, cdip,
12644 			    MPTSAS_DEV_GONE);
12645 		}
12646 	}
12647 	mptsas_offline_missed_luns(pdip, saved_repluns, lun_total, ptgt);
12648 	kmem_free(saved_repluns, sizeof (uint16_t) * lun_total);
12649 	scsi_free_consistent_buf(repluns_bp);
12650 	return (DDI_SUCCESS);
12651 }
12652 
12653 static int
12654 mptsas_config_raid(dev_info_t *pdip, uint16_t target, dev_info_t **dip)
12655 {
12656 	int			rval = DDI_FAILURE;
12657 	struct scsi_inquiry	*sd_inq = NULL;
12658 	mptsas_t		*mpt = DIP2MPT(pdip);
12659 	mptsas_target_t		*ptgt = NULL;
12660 
12661 	mutex_enter(&mpt->m_mutex);
12662 	ptgt = mptsas_search_by_devhdl(&mpt->m_active->m_tgttbl, target);
12663 	mutex_exit(&mpt->m_mutex);
12664 	if (ptgt == NULL) {
12665 		mptsas_log(mpt, CE_WARN, "Volume with VolDevHandle of 0x%x "
12666 		    "not found.", target);
12667 		return (rval);
12668 	}
12669 
12670 	sd_inq = (struct scsi_inquiry *)kmem_alloc(SUN_INQSIZE, KM_SLEEP);
12671 	rval = mptsas_inquiry(mpt, ptgt, 0, 0, (uchar_t *)sd_inq,
12672 	    SUN_INQSIZE, 0, (uchar_t)0);
12673 
12674 	if ((rval == DDI_SUCCESS) && MPTSAS_VALID_LUN(sd_inq)) {
12675 		rval = mptsas_create_phys_lun(pdip, sd_inq, NULL, dip, ptgt,
12676 		    0);
12677 	} else {
12678 		rval = DDI_FAILURE;
12679 	}
12680 
12681 	kmem_free(sd_inq, SUN_INQSIZE);
12682 	return (rval);
12683 }
12684 
12685 /*
12686  * configure all RAID volumes for virtual iport
12687  */
12688 static void
12689 mptsas_config_all_viport(dev_info_t *pdip)
12690 {
12691 	mptsas_t	*mpt = DIP2MPT(pdip);
12692 	int		config, vol;
12693 	int		target;
12694 	dev_info_t	*lundip = NULL;
12695 	mptsas_slots_t	*slots = mpt->m_active;
12696 
12697 	/*
12698 	 * Get latest RAID info and search for any Volume DevHandles.  If any
12699 	 * are found, configure the volume.
12700 	 */
12701 	mutex_enter(&mpt->m_mutex);
12702 	for (config = 0; config < slots->m_num_raid_configs; config++) {
12703 		for (vol = 0; vol < MPTSAS_MAX_RAIDVOLS; vol++) {
12704 			if (slots->m_raidconfig[config].m_raidvol[vol].m_israid
12705 			    == 1) {
12706 				target = slots->m_raidconfig[config].
12707 				    m_raidvol[vol].m_raidhandle;
12708 				mutex_exit(&mpt->m_mutex);
12709 				(void) mptsas_config_raid(pdip, target,
12710 				    &lundip);
12711 				mutex_enter(&mpt->m_mutex);
12712 			}
12713 		}
12714 	}
12715 	mutex_exit(&mpt->m_mutex);
12716 }
12717 
12718 static void
12719 mptsas_offline_missed_luns(dev_info_t *pdip, uint16_t *repluns,
12720     int lun_cnt, mptsas_target_t *ptgt)
12721 {
12722 	dev_info_t	*child = NULL, *savechild = NULL;
12723 	mdi_pathinfo_t	*pip = NULL, *savepip = NULL;
12724 	uint64_t	sas_wwn, wwid;
12725 	uint8_t		phy;
12726 	int		lun;
12727 	int		i;
12728 	int		find;
12729 	char		*addr;
12730 	char		*nodename;
12731 	mptsas_t	*mpt = DIP2MPT(pdip);
12732 
12733 	mutex_enter(&mpt->m_mutex);
12734 	wwid = ptgt->m_sas_wwn;
12735 	mutex_exit(&mpt->m_mutex);
12736 
12737 	child = ddi_get_child(pdip);
12738 	while (child) {
12739 		find = 0;
12740 		savechild = child;
12741 		child = ddi_get_next_sibling(child);
12742 
12743 		nodename = ddi_node_name(savechild);
12744 		if (strcmp(nodename, "smp") == 0) {
12745 			continue;
12746 		}
12747 
12748 		addr = ddi_get_name_addr(savechild);
12749 		if (addr == NULL) {
12750 			continue;
12751 		}
12752 
12753 		if (mptsas_parse_address(addr, &sas_wwn, &phy, &lun) !=
12754 		    DDI_SUCCESS) {
12755 			continue;
12756 		}
12757 
12758 		if (wwid == sas_wwn) {
12759 			for (i = 0; i < lun_cnt; i++) {
12760 				if (repluns[i] == lun) {
12761 					find = 1;
12762 					break;
12763 				}
12764 			}
12765 		} else {
12766 			continue;
12767 		}
12768 		if (find == 0) {
12769 			/*
12770 			 * The lun has not been there already
12771 			 */
12772 			(void) mptsas_offline_lun(pdip, savechild, NULL,
12773 			    NDI_DEVI_REMOVE);
12774 		}
12775 	}
12776 
12777 	pip = mdi_get_next_client_path(pdip, NULL);
12778 	while (pip) {
12779 		find = 0;
12780 		savepip = pip;
12781 		addr = MDI_PI(pip)->pi_addr;
12782 
12783 		pip = mdi_get_next_client_path(pdip, pip);
12784 
12785 		if (addr == NULL) {
12786 			continue;
12787 		}
12788 
12789 		if (mptsas_parse_address(addr, &sas_wwn, &phy,
12790 		    &lun) != DDI_SUCCESS) {
12791 			continue;
12792 		}
12793 
12794 		if (sas_wwn == wwid) {
12795 			for (i = 0; i < lun_cnt; i++) {
12796 				if (repluns[i] == lun) {
12797 					find = 1;
12798 					break;
12799 				}
12800 			}
12801 		} else {
12802 			continue;
12803 		}
12804 
12805 		if (find == 0) {
12806 			/*
12807 			 * The lun has not been there already
12808 			 */
12809 			(void) mptsas_offline_lun(pdip, NULL, savepip,
12810 			    NDI_DEVI_REMOVE);
12811 		}
12812 	}
12813 }
12814 
12815 void
12816 mptsas_update_hashtab(struct mptsas *mpt)
12817 {
12818 	uint32_t	page_address;
12819 	int		rval = 0;
12820 	uint16_t	dev_handle;
12821 	mptsas_target_t	*ptgt = NULL;
12822 	mptsas_smp_t	smp_node;
12823 
12824 	/*
12825 	 * Get latest RAID info.
12826 	 */
12827 	(void) mptsas_get_raid_info(mpt);
12828 
12829 	dev_handle = mpt->m_smp_devhdl;
12830 	for (; mpt->m_done_traverse_smp == 0; ) {
12831 		page_address = (MPI2_SAS_EXPAND_PGAD_FORM_GET_NEXT_HNDL &
12832 		    MPI2_SAS_EXPAND_PGAD_FORM_MASK) | (uint32_t)dev_handle;
12833 		if (mptsas_get_sas_expander_page0(mpt, page_address, &smp_node)
12834 		    != DDI_SUCCESS) {
12835 			break;
12836 		}
12837 		mpt->m_smp_devhdl = dev_handle = smp_node.m_devhdl;
12838 		(void) mptsas_smp_alloc(&mpt->m_active->m_smptbl, &smp_node);
12839 	}
12840 
12841 	/*
12842 	 * Config target devices
12843 	 */
12844 	dev_handle = mpt->m_dev_handle;
12845 
12846 	/*
12847 	 * Do loop to get sas device page 0 by GetNextHandle till the
12848 	 * the last handle. If the sas device is a SATA/SSP target,
12849 	 * we try to config it.
12850 	 */
12851 	for (; mpt->m_done_traverse_dev == 0; ) {
12852 		ptgt = NULL;
12853 		page_address =
12854 		    (MPI2_SAS_DEVICE_PGAD_FORM_GET_NEXT_HANDLE &
12855 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
12856 		    (uint32_t)dev_handle;
12857 		rval = mptsas_get_target_device_info(mpt, page_address,
12858 		    &dev_handle, &ptgt);
12859 		if ((rval == DEV_INFO_FAIL_PAGE0) ||
12860 		    (rval == DEV_INFO_FAIL_ALLOC)) {
12861 			break;
12862 		}
12863 
12864 		mpt->m_dev_handle = dev_handle;
12865 	}
12866 
12867 }
12868 
12869 void
12870 mptsas_invalid_hashtab(mptsas_hash_table_t *hashtab)
12871 {
12872 	mptsas_hash_data_t *data;
12873 	data = mptsas_hash_traverse(hashtab, MPTSAS_HASH_FIRST);
12874 	while (data != NULL) {
12875 		data->devhdl = MPTSAS_INVALID_DEVHDL;
12876 		data->device_info = 0;
12877 		/*
12878 		 * For tgttbl, clear dr_flag.
12879 		 */
12880 		data->dr_flag = MPTSAS_DR_INACTIVE;
12881 		data = mptsas_hash_traverse(hashtab, MPTSAS_HASH_NEXT);
12882 	}
12883 }
12884 
12885 void
12886 mptsas_update_driver_data(struct mptsas *mpt)
12887 {
12888 	/*
12889 	 * TODO after hard reset, update the driver data structures
12890 	 * 1. update port/phymask mapping table mpt->m_phy_info
12891 	 * 2. invalid all the entries in hash table
12892 	 *    m_devhdl = 0xffff and m_deviceinfo = 0
12893 	 * 3. call sas_device_page/expander_page to update hash table
12894 	 */
12895 	mptsas_update_phymask(mpt);
12896 	/*
12897 	 * Invalid the existing entries
12898 	 */
12899 	mptsas_invalid_hashtab(&mpt->m_active->m_tgttbl);
12900 	mptsas_invalid_hashtab(&mpt->m_active->m_smptbl);
12901 	mpt->m_done_traverse_dev = 0;
12902 	mpt->m_done_traverse_smp = 0;
12903 	mpt->m_dev_handle = mpt->m_smp_devhdl = MPTSAS_INVALID_DEVHDL;
12904 	mptsas_update_hashtab(mpt);
12905 }
12906 
12907 static void
12908 mptsas_config_all(dev_info_t *pdip)
12909 {
12910 	dev_info_t	*smpdip = NULL;
12911 	mptsas_t	*mpt = DIP2MPT(pdip);
12912 	int		phymask = 0;
12913 	uint8_t		phy_mask;
12914 	mptsas_target_t	*ptgt = NULL;
12915 	mptsas_smp_t	*psmp;
12916 
12917 	/*
12918 	 * Get the phymask associated to the iport
12919 	 */
12920 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
12921 	    "phymask", 0);
12922 
12923 	/*
12924 	 * Enumerate RAID volumes here (phymask == 0).
12925 	 */
12926 	if (phymask == 0) {
12927 		mptsas_config_all_viport(pdip);
12928 		return;
12929 	}
12930 
12931 	mutex_enter(&mpt->m_mutex);
12932 
12933 	if (!mpt->m_done_traverse_dev || !mpt->m_done_traverse_smp) {
12934 		mptsas_update_hashtab(mpt);
12935 	}
12936 
12937 	psmp = (mptsas_smp_t *)mptsas_hash_traverse(&mpt->m_active->m_smptbl,
12938 	    MPTSAS_HASH_FIRST);
12939 	while (psmp != NULL) {
12940 		phy_mask = psmp->m_phymask;
12941 		if (phy_mask == phymask) {
12942 			smpdip = NULL;
12943 			mutex_exit(&mpt->m_mutex);
12944 			(void) mptsas_online_smp(pdip, psmp, &smpdip);
12945 			mutex_enter(&mpt->m_mutex);
12946 		}
12947 		psmp = (mptsas_smp_t *)mptsas_hash_traverse(
12948 		    &mpt->m_active->m_smptbl, MPTSAS_HASH_NEXT);
12949 	}
12950 
12951 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
12952 	    MPTSAS_HASH_FIRST);
12953 	while (ptgt != NULL) {
12954 		phy_mask = ptgt->m_phymask;
12955 		if (phy_mask == phymask) {
12956 			mutex_exit(&mpt->m_mutex);
12957 			(void) mptsas_config_target(pdip, ptgt);
12958 			mutex_enter(&mpt->m_mutex);
12959 		}
12960 
12961 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
12962 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
12963 	}
12964 	mutex_exit(&mpt->m_mutex);
12965 }
12966 
12967 static int
12968 mptsas_config_target(dev_info_t *pdip, mptsas_target_t *ptgt)
12969 {
12970 	int		rval = DDI_FAILURE;
12971 	dev_info_t	*tdip;
12972 
12973 	rval = mptsas_config_luns(pdip, ptgt);
12974 	if (rval != DDI_SUCCESS) {
12975 		/*
12976 		 * The return value means the SCMD_REPORT_LUNS
12977 		 * did not execute successfully. The target maybe
12978 		 * doesn't support such command.
12979 		 */
12980 		rval = mptsas_probe_lun(pdip, 0, &tdip, ptgt);
12981 	}
12982 	return (rval);
12983 }
12984 
12985 /*
12986  * Return fail if not all the childs/paths are freed.
12987  * if there is any path under the HBA, the return value will be always fail
12988  * because we didn't call mdi_pi_free for path
12989  */
12990 static int
12991 mptsas_offline_target(dev_info_t *pdip, char *name)
12992 {
12993 	dev_info_t		*child = NULL, *prechild = NULL;
12994 	mdi_pathinfo_t		*pip = NULL, *savepip = NULL;
12995 	int			tmp_rval, rval = DDI_SUCCESS;
12996 	char			*addr, *cp;
12997 	size_t			s;
12998 	mptsas_t		*mpt = DIP2MPT(pdip);
12999 
13000 	child = ddi_get_child(pdip);
13001 	while (child) {
13002 		addr = ddi_get_name_addr(child);
13003 		prechild = child;
13004 		child = ddi_get_next_sibling(child);
13005 
13006 		if (addr == NULL) {
13007 			continue;
13008 		}
13009 		if ((cp = strchr(addr, ',')) == NULL) {
13010 			continue;
13011 		}
13012 
13013 		s = (uintptr_t)cp - (uintptr_t)addr;
13014 
13015 		if (strncmp(addr, name, s) != 0) {
13016 			continue;
13017 		}
13018 
13019 		tmp_rval = mptsas_offline_lun(pdip, prechild, NULL,
13020 		    NDI_DEVI_REMOVE);
13021 		if (tmp_rval != DDI_SUCCESS) {
13022 			rval = DDI_FAILURE;
13023 			if (ndi_prop_create_boolean(DDI_DEV_T_NONE,
13024 			    prechild, MPTSAS_DEV_GONE) !=
13025 			    DDI_PROP_SUCCESS) {
13026 				mptsas_log(mpt, CE_WARN, "mptsas driver "
13027 				    "unable to create property for "
13028 				    "SAS %s (MPTSAS_DEV_GONE)", addr);
13029 			}
13030 		}
13031 	}
13032 
13033 	pip = mdi_get_next_client_path(pdip, NULL);
13034 	while (pip) {
13035 		addr = MDI_PI(pip)->pi_addr;
13036 		savepip = pip;
13037 		pip = mdi_get_next_client_path(pdip, pip);
13038 		if (addr == NULL) {
13039 			continue;
13040 		}
13041 
13042 		if ((cp = strchr(addr, ',')) == NULL) {
13043 			continue;
13044 		}
13045 
13046 		s = (uintptr_t)cp - (uintptr_t)addr;
13047 
13048 		if (strncmp(addr, name, s) != 0) {
13049 			continue;
13050 		}
13051 
13052 		(void) mptsas_offline_lun(pdip, NULL, savepip,
13053 		    NDI_DEVI_REMOVE);
13054 		/*
13055 		 * driver will not invoke mdi_pi_free, so path will not
13056 		 * be freed forever, return DDI_FAILURE.
13057 		 */
13058 		rval = DDI_FAILURE;
13059 	}
13060 	return (rval);
13061 }
13062 
13063 static int
13064 mptsas_offline_lun(dev_info_t *pdip, dev_info_t *rdip,
13065     mdi_pathinfo_t *rpip, uint_t flags)
13066 {
13067 	int		rval = DDI_FAILURE;
13068 	char		*devname;
13069 	dev_info_t	*cdip, *parent;
13070 
13071 	if (rpip != NULL) {
13072 		parent = scsi_vhci_dip;
13073 		cdip = mdi_pi_get_client(rpip);
13074 	} else if (rdip != NULL) {
13075 		parent = pdip;
13076 		cdip = rdip;
13077 	} else {
13078 		return (DDI_FAILURE);
13079 	}
13080 
13081 	/*
13082 	 * Make sure node is attached otherwise
13083 	 * it won't have related cache nodes to
13084 	 * clean up.  i_ddi_devi_attached is
13085 	 * similiar to i_ddi_node_state(cdip) >=
13086 	 * DS_ATTACHED.
13087 	 */
13088 	if (i_ddi_devi_attached(cdip)) {
13089 
13090 		/* Get full devname */
13091 		devname = kmem_alloc(MAXNAMELEN + 1, KM_SLEEP);
13092 		(void) ddi_deviname(cdip, devname);
13093 		/* Clean cache */
13094 		(void) devfs_clean(parent, devname + 1,
13095 		    DV_CLEAN_FORCE);
13096 		kmem_free(devname, MAXNAMELEN + 1);
13097 	}
13098 	if (rpip != NULL) {
13099 		if (MDI_PI_IS_OFFLINE(rpip)) {
13100 			rval = DDI_SUCCESS;
13101 		} else {
13102 			rval = mdi_pi_offline(rpip, 0);
13103 		}
13104 	} else {
13105 		rval = ndi_devi_offline(cdip, flags);
13106 	}
13107 
13108 	return (rval);
13109 }
13110 
13111 static dev_info_t *
13112 mptsas_find_smp_child(dev_info_t *parent, char *str_wwn)
13113 {
13114 	dev_info_t	*child = NULL;
13115 	char		*smp_wwn = NULL;
13116 
13117 	child = ddi_get_child(parent);
13118 	while (child) {
13119 		if (ddi_prop_lookup_string(DDI_DEV_T_ANY, child,
13120 		    DDI_PROP_DONTPASS, SMP_WWN, &smp_wwn)
13121 		    != DDI_SUCCESS) {
13122 			child = ddi_get_next_sibling(child);
13123 			continue;
13124 		}
13125 
13126 		if (strcmp(smp_wwn, str_wwn) == 0) {
13127 			ddi_prop_free(smp_wwn);
13128 			break;
13129 		}
13130 		child = ddi_get_next_sibling(child);
13131 		ddi_prop_free(smp_wwn);
13132 	}
13133 	return (child);
13134 }
13135 
13136 static int
13137 mptsas_offline_smp(dev_info_t *pdip, mptsas_smp_t *smp_node, uint_t flags)
13138 {
13139 	int		rval = DDI_FAILURE;
13140 	char		*devname;
13141 	char		wwn_str[MPTSAS_WWN_STRLEN];
13142 	dev_info_t	*cdip;
13143 
13144 	(void) sprintf(wwn_str, "%"PRIx64, smp_node->m_sasaddr);
13145 
13146 	cdip = mptsas_find_smp_child(pdip, wwn_str);
13147 
13148 	if (cdip == NULL)
13149 		return (DDI_SUCCESS);
13150 
13151 	/*
13152 	 * Make sure node is attached otherwise
13153 	 * it won't have related cache nodes to
13154 	 * clean up.  i_ddi_devi_attached is
13155 	 * similiar to i_ddi_node_state(cdip) >=
13156 	 * DS_ATTACHED.
13157 	 */
13158 	if (i_ddi_devi_attached(cdip)) {
13159 
13160 		/* Get full devname */
13161 		devname = kmem_alloc(MAXNAMELEN + 1, KM_SLEEP);
13162 		(void) ddi_deviname(cdip, devname);
13163 		/* Clean cache */
13164 		(void) devfs_clean(pdip, devname + 1,
13165 		    DV_CLEAN_FORCE);
13166 		kmem_free(devname, MAXNAMELEN + 1);
13167 	}
13168 
13169 	rval = ndi_devi_offline(cdip, flags);
13170 
13171 	return (rval);
13172 }
13173 
13174 static dev_info_t *
13175 mptsas_find_child(dev_info_t *pdip, char *name)
13176 {
13177 	dev_info_t	*child = NULL;
13178 	char		*rname = NULL;
13179 	int		rval = DDI_FAILURE;
13180 
13181 	rname = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13182 
13183 	child = ddi_get_child(pdip);
13184 	while (child) {
13185 		rval = mptsas_name_child(child, rname, SCSI_MAXNAMELEN);
13186 		if (rval != DDI_SUCCESS) {
13187 			child = ddi_get_next_sibling(child);
13188 			bzero(rname, SCSI_MAXNAMELEN);
13189 			continue;
13190 		}
13191 
13192 		if (strcmp(rname, name) == 0) {
13193 			break;
13194 		}
13195 		child = ddi_get_next_sibling(child);
13196 		bzero(rname, SCSI_MAXNAMELEN);
13197 	}
13198 
13199 	kmem_free(rname, SCSI_MAXNAMELEN);
13200 
13201 	return (child);
13202 }
13203 
13204 
13205 static dev_info_t *
13206 mptsas_find_child_addr(dev_info_t *pdip, uint64_t sasaddr, int lun)
13207 {
13208 	dev_info_t	*child = NULL;
13209 	char		*name = NULL;
13210 	char		*addr = NULL;
13211 
13212 	name = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13213 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13214 	(void) sprintf(name, "%016"PRIx64, sasaddr);
13215 	(void) sprintf(addr, "w%s,%x", name, lun);
13216 	child = mptsas_find_child(pdip, addr);
13217 	kmem_free(name, SCSI_MAXNAMELEN);
13218 	kmem_free(addr, SCSI_MAXNAMELEN);
13219 	return (child);
13220 }
13221 
13222 static dev_info_t *
13223 mptsas_find_child_phy(dev_info_t *pdip, uint8_t phy)
13224 {
13225 	dev_info_t	*child;
13226 	char		*addr;
13227 
13228 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13229 	(void) sprintf(addr, "p%x,0", phy);
13230 	child = mptsas_find_child(pdip, addr);
13231 	kmem_free(addr, SCSI_MAXNAMELEN);
13232 	return (child);
13233 }
13234 
13235 static mdi_pathinfo_t *
13236 mptsas_find_path_phy(dev_info_t *pdip, uint8_t phy)
13237 {
13238 	mdi_pathinfo_t	*path;
13239 	char		*addr = NULL;
13240 
13241 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13242 	(void) sprintf(addr, "p%x,0", phy);
13243 	path = mdi_pi_find(pdip, NULL, addr);
13244 	kmem_free(addr, SCSI_MAXNAMELEN);
13245 	return (path);
13246 }
13247 
13248 static mdi_pathinfo_t *
13249 mptsas_find_path_addr(dev_info_t *parent, uint64_t sasaddr, int lun)
13250 {
13251 	mdi_pathinfo_t	*path;
13252 	char		*name = NULL;
13253 	char		*addr = NULL;
13254 
13255 	name = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13256 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13257 	(void) sprintf(name, "%016"PRIx64, sasaddr);
13258 	(void) sprintf(addr, "w%s,%x", name, lun);
13259 	path = mdi_pi_find(parent, NULL, addr);
13260 	kmem_free(name, SCSI_MAXNAMELEN);
13261 	kmem_free(addr, SCSI_MAXNAMELEN);
13262 
13263 	return (path);
13264 }
13265 
13266 static int
13267 mptsas_create_lun(dev_info_t *pdip, struct scsi_inquiry *sd_inq,
13268     dev_info_t **lun_dip, mptsas_target_t *ptgt, int lun)
13269 {
13270 	int			i = 0;
13271 	uchar_t			*inq83 = NULL;
13272 	int			inq83_len1 = 0xFF;
13273 	int			inq83_len = 0;
13274 	int			rval = DDI_FAILURE;
13275 	ddi_devid_t		devid;
13276 	char			*guid = NULL;
13277 	int			target = ptgt->m_devhdl;
13278 	mdi_pathinfo_t		*pip = NULL;
13279 	mptsas_t		*mpt = DIP2MPT(pdip);
13280 
13281 	/*
13282 	 * For DVD/CD ROM and tape devices and optical
13283 	 * devices, we won't try to enumerate them under
13284 	 * scsi_vhci, so no need to try page83
13285 	 */
13286 	if (sd_inq && (sd_inq->inq_dtype == DTYPE_RODIRECT ||
13287 	    sd_inq->inq_dtype == DTYPE_OPTICAL ||
13288 	    sd_inq->inq_dtype == DTYPE_ESI))
13289 		goto create_lun;
13290 
13291 	/*
13292 	 * The LCA returns good SCSI status, but corrupt page 83 data the first
13293 	 * time it is queried. The solution is to keep trying to request page83
13294 	 * and verify the GUID is not (DDI_NOT_WELL_FORMED) in
13295 	 * mptsas_inq83_retry_timeout seconds. If the timeout expires, driver
13296 	 * give up to get VPD page at this stage and fail the enumeration.
13297 	 */
13298 
13299 	inq83	= kmem_zalloc(inq83_len1, KM_SLEEP);
13300 
13301 	for (i = 0; i < mptsas_inq83_retry_timeout; i++) {
13302 		rval = mptsas_inquiry(mpt, ptgt, lun, 0x83, inq83,
13303 		    inq83_len1, &inq83_len, 1);
13304 		if (rval != 0) {
13305 			mptsas_log(mpt, CE_WARN, "!mptsas request inquiry page "
13306 			    "0x83 for target:%x, lun:%x failed!", target, lun);
13307 			goto out;
13308 		}
13309 		/*
13310 		 * create DEVID from inquiry data
13311 		 */
13312 		if ((rval = ddi_devid_scsi_encode(
13313 		    DEVID_SCSI_ENCODE_VERSION_LATEST, NULL, (uchar_t *)sd_inq,
13314 		    sizeof (struct scsi_inquiry), NULL, 0, inq83,
13315 		    (size_t)inq83_len, &devid)) == DDI_SUCCESS) {
13316 			/*
13317 			 * extract GUID from DEVID
13318 			 */
13319 			guid = ddi_devid_to_guid(devid);
13320 
13321 			/*
13322 			 * Do not enable MPXIO if the strlen(guid) is greater
13323 			 * than MPTSAS_MAX_GUID_LEN, this constrain would be
13324 			 * handled by framework later.
13325 			 */
13326 			if (guid && (strlen(guid) > MPTSAS_MAX_GUID_LEN)) {
13327 				ddi_devid_free_guid(guid);
13328 				guid = NULL;
13329 				if (mpt->m_mpxio_enable == TRUE) {
13330 					mptsas_log(mpt, CE_NOTE, "!Target:%x, "
13331 					    "lun:%x doesn't have a valid GUID, "
13332 					    "multipathing for this drive is "
13333 					    "not enabled", target, lun);
13334 				}
13335 			}
13336 
13337 			/*
13338 			 * devid no longer needed
13339 			 */
13340 			ddi_devid_free(devid);
13341 			break;
13342 		} else if (rval == DDI_NOT_WELL_FORMED) {
13343 			/*
13344 			 * return value of ddi_devid_scsi_encode equal to
13345 			 * DDI_NOT_WELL_FORMED means DEVID_RETRY, it worth
13346 			 * to retry inquiry page 0x83 and get GUID.
13347 			 */
13348 			NDBG20(("Not well formed devid, retry..."));
13349 			delay(1 * drv_usectohz(1000000));
13350 			continue;
13351 		} else {
13352 			mptsas_log(mpt, CE_WARN, "!Encode devid failed for "
13353 			    "path target:%x, lun:%x", target, lun);
13354 			rval = DDI_FAILURE;
13355 			goto create_lun;
13356 		}
13357 	}
13358 
13359 	if (i == mptsas_inq83_retry_timeout) {
13360 		mptsas_log(mpt, CE_WARN, "!Repeated page83 requests timeout "
13361 		    "for path target:%x, lun:%x", target, lun);
13362 	}
13363 
13364 	rval = DDI_FAILURE;
13365 
13366 create_lun:
13367 	if ((guid != NULL) && (mpt->m_mpxio_enable == TRUE)) {
13368 		rval = mptsas_create_virt_lun(pdip, sd_inq, guid, lun_dip, &pip,
13369 		    ptgt, lun);
13370 	}
13371 	if (rval != DDI_SUCCESS) {
13372 		rval = mptsas_create_phys_lun(pdip, sd_inq, guid, lun_dip,
13373 		    ptgt, lun);
13374 	}
13375 out:
13376 	if (guid != NULL) {
13377 		/*
13378 		 * guid no longer needed
13379 		 */
13380 		ddi_devid_free_guid(guid);
13381 	}
13382 	if (inq83 != NULL)
13383 		kmem_free(inq83, inq83_len1);
13384 	return (rval);
13385 }
13386 
13387 static int
13388 mptsas_create_virt_lun(dev_info_t *pdip, struct scsi_inquiry *inq, char *guid,
13389     dev_info_t **lun_dip, mdi_pathinfo_t **pip, mptsas_target_t *ptgt, int lun)
13390 {
13391 	int			target;
13392 	char			*nodename = NULL;
13393 	char			**compatible = NULL;
13394 	int			ncompatible	= 0;
13395 	int			mdi_rtn = MDI_FAILURE;
13396 	int			rval = DDI_FAILURE;
13397 	char			*old_guid = NULL;
13398 	mptsas_t		*mpt = DIP2MPT(pdip);
13399 	char			*lun_addr = NULL;
13400 	char			*wwn_str = NULL;
13401 	char			*component = NULL;
13402 	uint8_t			phy = 0xFF;
13403 	uint64_t		sas_wwn;
13404 	uint32_t		devinfo;
13405 
13406 	mutex_enter(&mpt->m_mutex);
13407 	target = ptgt->m_devhdl;
13408 	sas_wwn = ptgt->m_sas_wwn;
13409 	devinfo = ptgt->m_deviceinfo;
13410 	phy = ptgt->m_phynum;
13411 	mutex_exit(&mpt->m_mutex);
13412 
13413 	if (sas_wwn) {
13414 		*pip = mptsas_find_path_addr(pdip, sas_wwn, lun);
13415 	} else {
13416 		*pip = mptsas_find_path_phy(pdip, phy);
13417 	}
13418 
13419 	if (*pip != NULL) {
13420 		*lun_dip = MDI_PI(*pip)->pi_client->ct_dip;
13421 		ASSERT(*lun_dip != NULL);
13422 		if (ddi_prop_lookup_string(DDI_DEV_T_ANY, *lun_dip,
13423 		    (DDI_PROP_DONTPASS | DDI_PROP_NOTPROM),
13424 		    MDI_CLIENT_GUID_PROP, &old_guid) == DDI_SUCCESS) {
13425 			if (strncmp(guid, old_guid, strlen(guid)) == 0) {
13426 				/*
13427 				 * Same path back online again.
13428 				 */
13429 				(void) ddi_prop_free(old_guid);
13430 				if (!MDI_PI_IS_ONLINE(*pip) &&
13431 				    !MDI_PI_IS_STANDBY(*pip)) {
13432 					rval = mdi_pi_online(*pip, 0);
13433 				} else {
13434 					rval = DDI_SUCCESS;
13435 				}
13436 				if (rval != DDI_SUCCESS) {
13437 					mptsas_log(mpt, CE_WARN, "path:target: "
13438 					    "%x, lun:%x online failed!", target,
13439 					    lun);
13440 					*pip = NULL;
13441 					*lun_dip = NULL;
13442 				}
13443 				return (rval);
13444 			} else {
13445 				/*
13446 				 * The GUID of the LUN has changed which maybe
13447 				 * because customer mapped another volume to the
13448 				 * same LUN.
13449 				 */
13450 				mptsas_log(mpt, CE_WARN, "The GUID of the "
13451 				    "target:%x, lun:%x was changed, maybe "
13452 				    "because someone mapped another volume "
13453 				    "to the same LUN", target, lun);
13454 				(void) ddi_prop_free(old_guid);
13455 				if (!MDI_PI_IS_OFFLINE(*pip)) {
13456 					rval = mdi_pi_offline(*pip, 0);
13457 					if (rval != MDI_SUCCESS) {
13458 						mptsas_log(mpt, CE_WARN, "path:"
13459 						    "target:%x, lun:%x offline "
13460 						    "failed!", target, lun);
13461 						*pip = NULL;
13462 						*lun_dip = NULL;
13463 						return (DDI_FAILURE);
13464 					}
13465 				}
13466 				if (mdi_pi_free(*pip, 0) != MDI_SUCCESS) {
13467 					mptsas_log(mpt, CE_WARN, "path:target:"
13468 					    "%x, lun:%x free failed!", target,
13469 					    lun);
13470 					*pip = NULL;
13471 					*lun_dip = NULL;
13472 					return (DDI_FAILURE);
13473 				}
13474 			}
13475 		} else {
13476 			mptsas_log(mpt, CE_WARN, "Can't get client-guid "
13477 			    "property for path:target:%x, lun:%x", target, lun);
13478 			*pip = NULL;
13479 			*lun_dip = NULL;
13480 			return (DDI_FAILURE);
13481 		}
13482 	}
13483 	scsi_hba_nodename_compatible_get(inq, NULL,
13484 	    inq->inq_dtype, NULL, &nodename, &compatible, &ncompatible);
13485 
13486 	/*
13487 	 * if nodename can't be determined then print a message and skip it
13488 	 */
13489 	if (nodename == NULL) {
13490 		mptsas_log(mpt, CE_WARN, "mptsas driver found no compatible "
13491 		    "driver for target%d lun %d dtype:0x%02x", target, lun,
13492 		    inq->inq_dtype);
13493 		return (DDI_FAILURE);
13494 	}
13495 
13496 	wwn_str = kmem_zalloc(MPTSAS_WWN_STRLEN, KM_SLEEP);
13497 	/* The property is needed by MPAPI */
13498 	(void) sprintf(wwn_str, "%016"PRIx64, sas_wwn);
13499 
13500 	lun_addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13501 	if (sas_wwn)
13502 		(void) sprintf(lun_addr, "w%s,%x", wwn_str, lun);
13503 	else
13504 		(void) sprintf(lun_addr, "p%x,%x", phy, lun);
13505 
13506 	mdi_rtn = mdi_pi_alloc_compatible(pdip, nodename,
13507 	    guid, lun_addr, compatible, ncompatible,
13508 	    0, pip);
13509 	if (mdi_rtn == MDI_SUCCESS) {
13510 
13511 		if (mdi_prop_update_string(*pip, MDI_GUID,
13512 		    guid) != DDI_SUCCESS) {
13513 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
13514 			    "create property for target %d lun %d (MDI_GUID)",
13515 			    target, lun);
13516 			mdi_rtn = MDI_FAILURE;
13517 			goto virt_create_done;
13518 		}
13519 
13520 		if (mdi_prop_update_int(*pip, LUN_PROP,
13521 		    lun) != DDI_SUCCESS) {
13522 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
13523 			    "create property for target %d lun %d (LUN_PROP)",
13524 			    target, lun);
13525 			mdi_rtn = MDI_FAILURE;
13526 			goto virt_create_done;
13527 		}
13528 		if (mdi_prop_update_string_array(*pip, "compatible",
13529 		    compatible, ncompatible) !=
13530 		    DDI_PROP_SUCCESS) {
13531 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
13532 			    "create property for target %d lun %d (COMPATIBLE)",
13533 			    target, lun);
13534 			mdi_rtn = MDI_FAILURE;
13535 			goto virt_create_done;
13536 		}
13537 		if (sas_wwn && (mdi_prop_update_string(*pip,
13538 		    SCSI_ADDR_PROP_TARGET_PORT, wwn_str) != DDI_PROP_SUCCESS)) {
13539 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
13540 			    "create property for target %d lun %d "
13541 			    "(target-port)", target, lun);
13542 			mdi_rtn = MDI_FAILURE;
13543 			goto virt_create_done;
13544 		} else if ((sas_wwn == 0) && (mdi_prop_update_int(*pip,
13545 		    "sata-phy", phy) != DDI_PROP_SUCCESS)) {
13546 			/*
13547 			 * Direct attached SATA device without DeviceName
13548 			 */
13549 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
13550 			    "create property for SAS target %d lun %d "
13551 			    "(sata-phy)", target, lun);
13552 			mdi_rtn = NDI_FAILURE;
13553 			goto virt_create_done;
13554 		}
13555 
13556 		if (inq->inq_dtype == 0) {
13557 			component = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
13558 			/*
13559 			 * set obp path for pathinfo
13560 			 */
13561 			(void) snprintf(component, MAXPATHLEN,
13562 			    "disk@%s", lun_addr);
13563 
13564 			if (mdi_pi_pathname_obp_set(*pip, component) !=
13565 			    DDI_SUCCESS) {
13566 				mptsas_log(mpt, CE_WARN, "mpt_sas driver "
13567 				    "unable to set obp-path for object %s",
13568 				    component);
13569 				mdi_rtn = MDI_FAILURE;
13570 				goto virt_create_done;
13571 			}
13572 		}
13573 
13574 		*lun_dip = MDI_PI(*pip)->pi_client->ct_dip;
13575 		if (devinfo & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
13576 		    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
13577 			if ((ndi_prop_update_int(DDI_DEV_T_NONE, *lun_dip,
13578 			    "pm-capable", 1)) !=
13579 			    DDI_PROP_SUCCESS) {
13580 				mptsas_log(mpt, CE_WARN, "mptsas driver"
13581 				    "failed to create pm-capable "
13582 				    "property, target %d", target);
13583 				mdi_rtn = MDI_FAILURE;
13584 				goto virt_create_done;
13585 			}
13586 		}
13587 		NDBG20(("new path:%s onlining,", MDI_PI(*pip)->pi_addr));
13588 		mdi_rtn = mdi_pi_online(*pip, 0);
13589 		if (mdi_rtn == MDI_NOT_SUPPORTED) {
13590 			mdi_rtn = MDI_FAILURE;
13591 		}
13592 virt_create_done:
13593 		if (*pip && mdi_rtn != MDI_SUCCESS) {
13594 			(void) mdi_pi_free(*pip, 0);
13595 			*pip = NULL;
13596 			*lun_dip = NULL;
13597 		}
13598 	}
13599 
13600 	scsi_hba_nodename_compatible_free(nodename, compatible);
13601 	if (lun_addr != NULL) {
13602 		kmem_free(lun_addr, SCSI_MAXNAMELEN);
13603 	}
13604 	if (wwn_str != NULL) {
13605 		kmem_free(wwn_str, MPTSAS_WWN_STRLEN);
13606 	}
13607 	if (component != NULL) {
13608 		kmem_free(component, MAXPATHLEN);
13609 	}
13610 
13611 	return ((mdi_rtn == MDI_SUCCESS) ? DDI_SUCCESS : DDI_FAILURE);
13612 }
13613 
13614 static int
13615 mptsas_create_phys_lun(dev_info_t *pdip, struct scsi_inquiry *inq,
13616     char *guid, dev_info_t **lun_dip, mptsas_target_t *ptgt, int lun)
13617 {
13618 	int			target;
13619 	int			ndi_rtn = NDI_FAILURE;
13620 	uint64_t		be_sas_wwn;
13621 	char			*nodename = NULL;
13622 	char			**compatible = NULL;
13623 	int			ncompatible = 0;
13624 	int			instance = 0;
13625 	mptsas_t		*mpt = DIP2MPT(pdip);
13626 	char			*wwn_str = NULL;
13627 	char			*component = NULL;
13628 	uint8_t			phy = 0xFF;
13629 	uint64_t		sas_wwn;
13630 	uint32_t		devinfo;
13631 
13632 	mutex_enter(&mpt->m_mutex);
13633 	target = ptgt->m_devhdl;
13634 	sas_wwn = ptgt->m_sas_wwn;
13635 	devinfo = ptgt->m_deviceinfo;
13636 	phy = ptgt->m_phynum;
13637 	mutex_exit(&mpt->m_mutex);
13638 
13639 	/*
13640 	 * generate compatible property with binding-set "mpt"
13641 	 */
13642 	scsi_hba_nodename_compatible_get(inq, NULL, inq->inq_dtype, NULL,
13643 	    &nodename, &compatible, &ncompatible);
13644 
13645 	/*
13646 	 * if nodename can't be determined then print a message and skip it
13647 	 */
13648 	if (nodename == NULL) {
13649 		mptsas_log(mpt, CE_WARN, "mptsas found no compatible driver "
13650 		    "for target %d lun %d", target, lun);
13651 		return (DDI_FAILURE);
13652 	}
13653 
13654 	ndi_rtn = ndi_devi_alloc(pdip, nodename,
13655 	    DEVI_SID_NODEID, lun_dip);
13656 
13657 	/*
13658 	 * if lun alloc success, set props
13659 	 */
13660 	if (ndi_rtn == NDI_SUCCESS) {
13661 
13662 		if (ndi_prop_update_int(DDI_DEV_T_NONE,
13663 		    *lun_dip, LUN_PROP, lun) !=
13664 		    DDI_PROP_SUCCESS) {
13665 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
13666 			    "property for target %d lun %d (LUN_PROP)",
13667 			    target, lun);
13668 			ndi_rtn = NDI_FAILURE;
13669 			goto phys_create_done;
13670 		}
13671 
13672 		if (ndi_prop_update_string_array(DDI_DEV_T_NONE,
13673 		    *lun_dip, "compatible", compatible, ncompatible)
13674 		    != DDI_PROP_SUCCESS) {
13675 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
13676 			    "property for target %d lun %d (COMPATIBLE)",
13677 			    target, lun);
13678 			ndi_rtn = NDI_FAILURE;
13679 			goto phys_create_done;
13680 		}
13681 
13682 		/*
13683 		 * We need the SAS WWN for non-multipath devices, so
13684 		 * we'll use the same property as that multipathing
13685 		 * devices need to present for MPAPI. If we don't have
13686 		 * a WWN (e.g. parallel SCSI), don't create the prop.
13687 		 */
13688 		wwn_str = kmem_zalloc(MPTSAS_WWN_STRLEN, KM_SLEEP);
13689 		(void) sprintf(wwn_str, "%016"PRIx64, sas_wwn);
13690 		if (sas_wwn && ndi_prop_update_string(DDI_DEV_T_NONE,
13691 		    *lun_dip, SCSI_ADDR_PROP_TARGET_PORT, wwn_str)
13692 		    != DDI_PROP_SUCCESS) {
13693 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
13694 			    "create property for SAS target %d lun %d "
13695 			    "(target-port)", target, lun);
13696 			ndi_rtn = NDI_FAILURE;
13697 			goto phys_create_done;
13698 		}
13699 		be_sas_wwn = BE_64(sas_wwn);
13700 		if (sas_wwn && ndi_prop_update_byte_array(
13701 		    DDI_DEV_T_NONE, *lun_dip, "port-wwn",
13702 		    (uchar_t *)&be_sas_wwn, 8) != DDI_PROP_SUCCESS) {
13703 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
13704 			    "create property for SAS target %d lun %d "
13705 			    "(port-wwn)", target, lun);
13706 			ndi_rtn = NDI_FAILURE;
13707 			goto phys_create_done;
13708 		} else if ((sas_wwn == 0) && (ndi_prop_update_int(
13709 		    DDI_DEV_T_NONE, *lun_dip, "sata-phy", phy) !=
13710 		    DDI_PROP_SUCCESS)) {
13711 			/*
13712 			 * Direct attached SATA device without DeviceName
13713 			 */
13714 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
13715 			    "create property for SAS target %d lun %d "
13716 			    "(sata-phy)", target, lun);
13717 			ndi_rtn = NDI_FAILURE;
13718 			goto phys_create_done;
13719 		}
13720 		if (ndi_prop_create_boolean(DDI_DEV_T_NONE,
13721 		    *lun_dip, SAS_PROP) != DDI_PROP_SUCCESS) {
13722 			mptsas_log(mpt, CE_WARN, "mptsas unable to"
13723 			    "create property for SAS target %d lun %d"
13724 			    " (SAS_PROP)", target, lun);
13725 			ndi_rtn = NDI_FAILURE;
13726 			goto phys_create_done;
13727 		}
13728 		if (guid && (ndi_prop_update_string(DDI_DEV_T_NONE,
13729 		    *lun_dip, NDI_GUID, guid) != DDI_SUCCESS)) {
13730 			mptsas_log(mpt, CE_WARN, "mptsas unable "
13731 			    "to create guid property for target %d "
13732 			    "lun %d", target, lun);
13733 			ndi_rtn = NDI_FAILURE;
13734 			goto phys_create_done;
13735 		}
13736 
13737 		/*
13738 		 * if this is a SAS controller, and the target is a SATA
13739 		 * drive, set the 'pm-capable' property for sd and if on
13740 		 * an OPL platform, also check if this is an ATAPI
13741 		 * device.
13742 		 */
13743 		instance = ddi_get_instance(mpt->m_dip);
13744 		if (devinfo & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
13745 		    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
13746 			NDBG2(("mptsas%d: creating pm-capable property, "
13747 			    "target %d", instance, target));
13748 
13749 			if ((ndi_prop_update_int(DDI_DEV_T_NONE,
13750 			    *lun_dip, "pm-capable", 1)) !=
13751 			    DDI_PROP_SUCCESS) {
13752 				mptsas_log(mpt, CE_WARN, "mptsas "
13753 				    "failed to create pm-capable "
13754 				    "property, target %d", target);
13755 				ndi_rtn = NDI_FAILURE;
13756 				goto phys_create_done;
13757 			}
13758 
13759 		}
13760 
13761 		if (inq->inq_dtype == 0) {
13762 			/*
13763 			 * add 'obp-path' properties for devinfo
13764 			 */
13765 			component = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
13766 			if (sas_wwn) {
13767 				(void) snprintf(component, MAXPATHLEN,
13768 				    "disk@w%s,%x", wwn_str, lun);
13769 			} else {
13770 				(void) snprintf(component, MAXPATHLEN,
13771 				    "disk@p%x,%x", phy, lun);
13772 			}
13773 			if (ddi_pathname_obp_set(*lun_dip, component)
13774 			    != DDI_SUCCESS) {
13775 				mptsas_log(mpt, CE_WARN, "mpt_sas driver "
13776 				    "unable to set obp-path for SAS "
13777 				    "object %s", component);
13778 				ndi_rtn = NDI_FAILURE;
13779 				goto phys_create_done;
13780 			}
13781 		}
13782 
13783 phys_create_done:
13784 		/*
13785 		 * If props were setup ok, online the lun
13786 		 */
13787 		if (ndi_rtn == NDI_SUCCESS) {
13788 			/*
13789 			 * Try to online the new node
13790 			 */
13791 			ndi_rtn = ndi_devi_online(*lun_dip, NDI_ONLINE_ATTACH);
13792 		}
13793 
13794 		/*
13795 		 * If success set rtn flag, else unwire alloc'd lun
13796 		 */
13797 		if (ndi_rtn != NDI_SUCCESS) {
13798 			NDBG12(("mptsas driver unable to online "
13799 			    "target %d lun %d", target, lun));
13800 			ndi_prop_remove_all(*lun_dip);
13801 			(void) ndi_devi_free(*lun_dip);
13802 			*lun_dip = NULL;
13803 		}
13804 	}
13805 
13806 	scsi_hba_nodename_compatible_free(nodename, compatible);
13807 
13808 	if (wwn_str != NULL) {
13809 		kmem_free(wwn_str, MPTSAS_WWN_STRLEN);
13810 	}
13811 	if (component != NULL) {
13812 		kmem_free(component, MAXPATHLEN);
13813 	}
13814 
13815 	return ((ndi_rtn == NDI_SUCCESS) ? DDI_SUCCESS : DDI_FAILURE);
13816 }
13817 
13818 static int
13819 mptsas_probe_smp(dev_info_t *pdip, uint64_t wwn)
13820 {
13821 	mptsas_t	*mpt = DIP2MPT(pdip);
13822 	struct smp_device smp_sd;
13823 
13824 	/* XXX An HBA driver should not be allocating an smp_device. */
13825 	bzero(&smp_sd, sizeof (struct smp_device));
13826 	smp_sd.smp_sd_address.smp_a_hba_tran = mpt->m_smptran;
13827 	bcopy(&wwn, smp_sd.smp_sd_address.smp_a_wwn, SAS_WWN_BYTE_SIZE);
13828 
13829 	if (smp_probe(&smp_sd) != DDI_PROBE_SUCCESS)
13830 		return (NDI_FAILURE);
13831 	return (NDI_SUCCESS);
13832 }
13833 
13834 static int
13835 mptsas_config_smp(dev_info_t *pdip, uint64_t sas_wwn, dev_info_t **smp_dip)
13836 {
13837 	mptsas_t	*mpt = DIP2MPT(pdip);
13838 	mptsas_smp_t	*psmp = NULL;
13839 	int		rval;
13840 	int		phymask;
13841 
13842 	/*
13843 	 * Get the physical port associated to the iport
13844 	 * PHYMASK TODO
13845 	 */
13846 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
13847 	    "phymask", 0);
13848 	/*
13849 	 * Find the smp node in hash table with specified sas address and
13850 	 * physical port
13851 	 */
13852 	psmp = mptsas_wwid_to_psmp(mpt, phymask, sas_wwn);
13853 	if (psmp == NULL) {
13854 		return (DDI_FAILURE);
13855 	}
13856 
13857 	rval = mptsas_online_smp(pdip, psmp, smp_dip);
13858 
13859 	return (rval);
13860 }
13861 
13862 static int
13863 mptsas_online_smp(dev_info_t *pdip, mptsas_smp_t *smp_node,
13864     dev_info_t **smp_dip)
13865 {
13866 	char		wwn_str[MPTSAS_WWN_STRLEN];
13867 	int		ndi_rtn = NDI_FAILURE;
13868 	mptsas_t	*mpt = DIP2MPT(pdip);
13869 
13870 	(void) sprintf(wwn_str, "%"PRIx64, smp_node->m_sasaddr);
13871 
13872 	/*
13873 	 * Probe smp device, prevent the node of removed device from being
13874 	 * configured succesfully
13875 	 */
13876 	if (mptsas_probe_smp(pdip, smp_node->m_sasaddr) != NDI_SUCCESS) {
13877 		return (DDI_FAILURE);
13878 	}
13879 
13880 	if ((*smp_dip = mptsas_find_smp_child(pdip, wwn_str)) != NULL) {
13881 		return (DDI_SUCCESS);
13882 	}
13883 
13884 	ndi_rtn = ndi_devi_alloc(pdip, "smp", DEVI_SID_NODEID, smp_dip);
13885 
13886 	/*
13887 	 * if lun alloc success, set props
13888 	 */
13889 	if (ndi_rtn == NDI_SUCCESS) {
13890 		/*
13891 		 * Set the flavor of the child to be SMP flavored
13892 		 */
13893 		ndi_flavor_set(*smp_dip, SCSA_FLAVOR_SMP);
13894 
13895 		if (ndi_prop_update_string(DDI_DEV_T_NONE,
13896 		    *smp_dip, SMP_WWN, wwn_str) !=
13897 		    DDI_PROP_SUCCESS) {
13898 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
13899 			    "property for smp device %s (sas_wwn)",
13900 			    wwn_str);
13901 			ndi_rtn = NDI_FAILURE;
13902 			goto smp_create_done;
13903 		}
13904 
13905 		if (ndi_prop_create_boolean(DDI_DEV_T_NONE,
13906 		    *smp_dip, SMP_PROP) != DDI_PROP_SUCCESS) {
13907 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
13908 			    "create property for SMP %s (SMP_PROP) ",
13909 			    wwn_str);
13910 			ndi_rtn = NDI_FAILURE;
13911 			goto smp_create_done;
13912 		}
13913 
13914 smp_create_done:
13915 		/*
13916 		 * If props were setup ok, online the lun
13917 		 */
13918 		if (ndi_rtn == NDI_SUCCESS) {
13919 			/*
13920 			 * Try to online the new node
13921 			 */
13922 			ndi_rtn = ndi_devi_online(*smp_dip, NDI_ONLINE_ATTACH);
13923 		}
13924 
13925 		/*
13926 		 * If success set rtn flag, else unwire alloc'd lun
13927 		 */
13928 		if (ndi_rtn != NDI_SUCCESS) {
13929 			NDBG12(("mptsas unable to online "
13930 			    "SMP target %s", wwn_str));
13931 			ndi_prop_remove_all(*smp_dip);
13932 			(void) ndi_devi_free(*smp_dip);
13933 		}
13934 	}
13935 
13936 	return ((ndi_rtn == NDI_SUCCESS) ? DDI_SUCCESS : DDI_FAILURE);
13937 }
13938 
13939 /* smp transport routine */
13940 static int mptsas_smp_start(struct smp_pkt *smp_pkt)
13941 {
13942 	uint64_t			wwn;
13943 	Mpi2SmpPassthroughRequest_t	req;
13944 	Mpi2SmpPassthroughReply_t	rep;
13945 	uint32_t			direction = 0;
13946 	mptsas_t			*mpt;
13947 	int				ret;
13948 	uint64_t			tmp64;
13949 
13950 	mpt = (mptsas_t *)smp_pkt->smp_pkt_address->
13951 	    smp_a_hba_tran->smp_tran_hba_private;
13952 
13953 	bcopy(smp_pkt->smp_pkt_address->smp_a_wwn, &wwn, SAS_WWN_BYTE_SIZE);
13954 	/*
13955 	 * Need to compose a SMP request message
13956 	 * and call mptsas_do_passthru() function
13957 	 */
13958 	bzero(&req, sizeof (req));
13959 	bzero(&rep, sizeof (rep));
13960 	req.PassthroughFlags = 0;
13961 	req.PhysicalPort = 0xff;
13962 	req.ChainOffset = 0;
13963 	req.Function = MPI2_FUNCTION_SMP_PASSTHROUGH;
13964 
13965 	if ((smp_pkt->smp_pkt_reqsize & 0xffff0000ul) != 0) {
13966 		smp_pkt->smp_pkt_reason = ERANGE;
13967 		return (DDI_FAILURE);
13968 	}
13969 	req.RequestDataLength = LE_16((uint16_t)(smp_pkt->smp_pkt_reqsize - 4));
13970 
13971 	req.MsgFlags = 0;
13972 	tmp64 = LE_64(wwn);
13973 	bcopy(&tmp64, &req.SASAddress, SAS_WWN_BYTE_SIZE);
13974 	if (smp_pkt->smp_pkt_rspsize > 0) {
13975 		direction |= MPTSAS_PASS_THRU_DIRECTION_READ;
13976 	}
13977 	if (smp_pkt->smp_pkt_reqsize > 0) {
13978 		direction |= MPTSAS_PASS_THRU_DIRECTION_WRITE;
13979 	}
13980 
13981 	mutex_enter(&mpt->m_mutex);
13982 	ret = mptsas_do_passthru(mpt, (uint8_t *)&req, (uint8_t *)&rep,
13983 	    (uint8_t *)smp_pkt->smp_pkt_rsp,
13984 	    offsetof(Mpi2SmpPassthroughRequest_t, SGL), sizeof (rep),
13985 	    smp_pkt->smp_pkt_rspsize - 4, direction,
13986 	    (uint8_t *)smp_pkt->smp_pkt_req, smp_pkt->smp_pkt_reqsize - 4,
13987 	    smp_pkt->smp_pkt_timeout, FKIOCTL);
13988 	mutex_exit(&mpt->m_mutex);
13989 	if (ret != 0) {
13990 		cmn_err(CE_WARN, "smp_start do passthru error %d", ret);
13991 		smp_pkt->smp_pkt_reason = (uchar_t)(ret);
13992 		return (DDI_FAILURE);
13993 	}
13994 	/* do passthrough success, check the smp status */
13995 	if (LE_16(rep.IOCStatus) != MPI2_IOCSTATUS_SUCCESS) {
13996 		switch (LE_16(rep.IOCStatus)) {
13997 		case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
13998 			smp_pkt->smp_pkt_reason = ENODEV;
13999 			break;
14000 		case MPI2_IOCSTATUS_SAS_SMP_DATA_OVERRUN:
14001 			smp_pkt->smp_pkt_reason = EOVERFLOW;
14002 			break;
14003 		case MPI2_IOCSTATUS_SAS_SMP_REQUEST_FAILED:
14004 			smp_pkt->smp_pkt_reason = EIO;
14005 			break;
14006 		default:
14007 			mptsas_log(mpt, CE_NOTE, "smp_start: get unknown ioc"
14008 			    "status:%x", LE_16(rep.IOCStatus));
14009 			smp_pkt->smp_pkt_reason = EIO;
14010 			break;
14011 		}
14012 		return (DDI_FAILURE);
14013 	}
14014 	if (rep.SASStatus != MPI2_SASSTATUS_SUCCESS) {
14015 		mptsas_log(mpt, CE_NOTE, "smp_start: get error SAS status:%x",
14016 		    rep.SASStatus);
14017 		smp_pkt->smp_pkt_reason = EIO;
14018 		return (DDI_FAILURE);
14019 	}
14020 
14021 	return (DDI_SUCCESS);
14022 }
14023 
14024 static void
14025 mptsas_idle_pm(void *arg)
14026 {
14027 	mptsas_t	*mpt = arg;
14028 
14029 	(void) pm_idle_component(mpt->m_dip, 0);
14030 	mutex_enter(&mpt->m_mutex);
14031 	mpt->m_pm_timeid = 0;
14032 	mutex_exit(&mpt->m_mutex);
14033 }
14034 
14035 /*
14036  * If we didn't get a match, we need to get sas page0 for each device, and
14037  * untill we get a match. If failed, return NULL
14038  * TODO should be implemented similar to mptsas_wwid_to_ptgt?
14039  */
14040 static mptsas_target_t *
14041 mptsas_phy_to_tgt(dev_info_t *pdip, uint8_t phy)
14042 {
14043 	int		i, j = 0;
14044 	int		rval = 0;
14045 	uint16_t	cur_handle;
14046 	uint32_t	page_address;
14047 	mptsas_target_t	*ptgt = NULL;
14048 	mptsas_t	*mpt = DIP2MPT(pdip);
14049 	int		phymask;
14050 
14051 	/*
14052 	 * Get the physical port associated to the iport
14053 	 */
14054 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
14055 	    "phymask", 0);
14056 
14057 	if (phymask == 0)
14058 		return (NULL);
14059 
14060 	/*
14061 	 * PHY named device must be direct attached and attaches to
14062 	 * narrow port, if the iport is not parent of the device which
14063 	 * we are looking for.
14064 	 */
14065 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
14066 		if ((1 << i) & phymask)
14067 			j++;
14068 	}
14069 
14070 	if (j > 1)
14071 		return (NULL);
14072 
14073 	/*
14074 	 * Must be a narrow port and single device attached to the narrow port
14075 	 * So the physical port num of device  which is equal to the iport's
14076 	 * port num is the device what we are looking for.
14077 	 */
14078 
14079 	if (mpt->m_phy_info[phy].phy_mask != phymask)
14080 		return (NULL);
14081 
14082 	mutex_enter(&mpt->m_mutex);
14083 
14084 	ptgt = (mptsas_target_t *)mptsas_hash_traverse(&mpt->m_active->m_tgttbl,
14085 	    MPTSAS_HASH_FIRST);
14086 	while (ptgt != NULL) {
14087 			if ((ptgt->m_sas_wwn == 0) && (ptgt->m_phynum == phy)) {
14088 			mutex_exit(&mpt->m_mutex);
14089 			return (ptgt);
14090 		}
14091 
14092 		ptgt = (mptsas_target_t *)mptsas_hash_traverse(
14093 		    &mpt->m_active->m_tgttbl, MPTSAS_HASH_NEXT);
14094 	}
14095 
14096 	if (mpt->m_done_traverse_dev) {
14097 		mutex_exit(&mpt->m_mutex);
14098 		return (NULL);
14099 	}
14100 
14101 	/* If didn't get a match, come here */
14102 	cur_handle = mpt->m_dev_handle;
14103 	for (; ; ) {
14104 		ptgt = NULL;
14105 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_GET_NEXT_HANDLE &
14106 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) | (uint32_t)cur_handle;
14107 		rval = mptsas_get_target_device_info(mpt, page_address,
14108 		    &cur_handle, &ptgt);
14109 		if ((rval == DEV_INFO_FAIL_PAGE0) ||
14110 		    (rval == DEV_INFO_FAIL_ALLOC)) {
14111 			break;
14112 		}
14113 		if ((rval == DEV_INFO_WRONG_DEVICE_TYPE) ||
14114 		    (rval == DEV_INFO_PHYS_DISK)) {
14115 			continue;
14116 		}
14117 		mpt->m_dev_handle = cur_handle;
14118 
14119 		if ((ptgt->m_sas_wwn == 0) && (ptgt->m_phynum == phy)) {
14120 			break;
14121 		}
14122 	}
14123 
14124 	mutex_exit(&mpt->m_mutex);
14125 	return (ptgt);
14126 }
14127 
14128 /*
14129  * The ptgt->m_sas_wwn contains the wwid for each disk.
14130  * For Raid volumes, we need to check m_raidvol[x].m_raidwwid
14131  * If we didn't get a match, we need to get sas page0 for each device, and
14132  * untill we get a match
14133  * If failed, return NULL
14134  */
14135 static mptsas_target_t *
14136 mptsas_wwid_to_ptgt(mptsas_t *mpt, int phymask, uint64_t wwid)
14137 {
14138 	int		rval = 0;
14139 	uint16_t	cur_handle;
14140 	uint32_t	page_address;
14141 	mptsas_target_t	*tmp_tgt = NULL;
14142 
14143 	mutex_enter(&mpt->m_mutex);
14144 	tmp_tgt = (struct mptsas_target *)mptsas_hash_search(
14145 	    &mpt->m_active->m_tgttbl, wwid, phymask);
14146 	if (tmp_tgt != NULL) {
14147 		mutex_exit(&mpt->m_mutex);
14148 		return (tmp_tgt);
14149 	}
14150 
14151 	if (phymask == 0) {
14152 		/*
14153 		 * It's IR volume
14154 		 */
14155 		rval = mptsas_get_raid_info(mpt);
14156 		if (rval) {
14157 			tmp_tgt = (struct mptsas_target *)mptsas_hash_search(
14158 			    &mpt->m_active->m_tgttbl, wwid, phymask);
14159 		}
14160 		mutex_exit(&mpt->m_mutex);
14161 		return (tmp_tgt);
14162 	}
14163 
14164 	if (mpt->m_done_traverse_dev) {
14165 		mutex_exit(&mpt->m_mutex);
14166 		return (NULL);
14167 	}
14168 
14169 	/* If didn't get a match, come here */
14170 	cur_handle = mpt->m_dev_handle;
14171 	for (; ; ) {
14172 		tmp_tgt = NULL;
14173 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_GET_NEXT_HANDLE &
14174 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) | cur_handle;
14175 		rval = mptsas_get_target_device_info(mpt, page_address,
14176 		    &cur_handle, &tmp_tgt);
14177 		if ((rval == DEV_INFO_FAIL_PAGE0) ||
14178 		    (rval == DEV_INFO_FAIL_ALLOC)) {
14179 			tmp_tgt = NULL;
14180 			break;
14181 		}
14182 		if ((rval == DEV_INFO_WRONG_DEVICE_TYPE) ||
14183 		    (rval == DEV_INFO_PHYS_DISK)) {
14184 			continue;
14185 		}
14186 		mpt->m_dev_handle = cur_handle;
14187 		if ((tmp_tgt->m_sas_wwn) && (tmp_tgt->m_sas_wwn == wwid) &&
14188 		    (tmp_tgt->m_phymask == phymask)) {
14189 			break;
14190 		}
14191 	}
14192 
14193 	mutex_exit(&mpt->m_mutex);
14194 	return (tmp_tgt);
14195 }
14196 
14197 static mptsas_smp_t *
14198 mptsas_wwid_to_psmp(mptsas_t *mpt, int phymask, uint64_t wwid)
14199 {
14200 	int		rval = 0;
14201 	uint16_t	cur_handle;
14202 	uint32_t	page_address;
14203 	mptsas_smp_t	smp_node, *psmp = NULL;
14204 
14205 	mutex_enter(&mpt->m_mutex);
14206 	psmp = (struct mptsas_smp *)mptsas_hash_search(&mpt->m_active->m_smptbl,
14207 	    wwid, phymask);
14208 	if (psmp != NULL) {
14209 		mutex_exit(&mpt->m_mutex);
14210 		return (psmp);
14211 	}
14212 
14213 	if (mpt->m_done_traverse_smp) {
14214 		mutex_exit(&mpt->m_mutex);
14215 		return (NULL);
14216 	}
14217 
14218 	/* If didn't get a match, come here */
14219 	cur_handle = mpt->m_smp_devhdl;
14220 	for (; ; ) {
14221 		psmp = NULL;
14222 		page_address = (MPI2_SAS_EXPAND_PGAD_FORM_GET_NEXT_HNDL &
14223 		    MPI2_SAS_EXPAND_PGAD_FORM_MASK) | (uint32_t)cur_handle;
14224 		rval = mptsas_get_sas_expander_page0(mpt, page_address,
14225 		    &smp_node);
14226 		if (rval != DDI_SUCCESS) {
14227 			break;
14228 		}
14229 		mpt->m_smp_devhdl = cur_handle = smp_node.m_devhdl;
14230 		psmp = mptsas_smp_alloc(&mpt->m_active->m_smptbl, &smp_node);
14231 		ASSERT(psmp);
14232 		if ((psmp->m_sasaddr) && (psmp->m_sasaddr == wwid) &&
14233 		    (psmp->m_phymask == phymask)) {
14234 			break;
14235 		}
14236 	}
14237 
14238 	mutex_exit(&mpt->m_mutex);
14239 	return (psmp);
14240 }
14241 
14242 /* helper functions using hash */
14243 
14244 /*
14245  * Can't have duplicate entries for same devhdl,
14246  * if there are invalid entries, the devhdl should be set to 0xffff
14247  */
14248 static void *
14249 mptsas_search_by_devhdl(mptsas_hash_table_t *hashtab, uint16_t devhdl)
14250 {
14251 	mptsas_hash_data_t *data;
14252 
14253 	data = mptsas_hash_traverse(hashtab, MPTSAS_HASH_FIRST);
14254 	while (data != NULL) {
14255 		if (data->devhdl == devhdl) {
14256 			break;
14257 		}
14258 		data = mptsas_hash_traverse(hashtab, MPTSAS_HASH_NEXT);
14259 	}
14260 	return (data);
14261 }
14262 
14263 mptsas_target_t *
14264 mptsas_tgt_alloc(mptsas_hash_table_t *hashtab, uint16_t devhdl, uint64_t wwid,
14265     uint32_t devinfo, uint8_t phymask, uint8_t phynum)
14266 {
14267 	mptsas_target_t *tmp_tgt = NULL;
14268 
14269 	tmp_tgt = mptsas_hash_search(hashtab, wwid, phymask);
14270 	if (tmp_tgt != NULL) {
14271 		NDBG20(("Hash item already exist"));
14272 		tmp_tgt->m_deviceinfo = devinfo;
14273 		tmp_tgt->m_devhdl = devhdl;
14274 		return (tmp_tgt);
14275 	}
14276 	tmp_tgt = kmem_zalloc(sizeof (struct mptsas_target), KM_SLEEP);
14277 	if (tmp_tgt == NULL) {
14278 		cmn_err(CE_WARN, "Fatal, allocated tgt failed");
14279 		return (NULL);
14280 	}
14281 	tmp_tgt->m_devhdl = devhdl;
14282 	tmp_tgt->m_sas_wwn = wwid;
14283 	tmp_tgt->m_deviceinfo = devinfo;
14284 	tmp_tgt->m_phymask = phymask;
14285 	tmp_tgt->m_phynum = phynum;
14286 	/* Initialized the tgt structure */
14287 	tmp_tgt->m_qfull_retries = QFULL_RETRIES;
14288 	tmp_tgt->m_qfull_retry_interval =
14289 	    drv_usectohz(QFULL_RETRY_INTERVAL * 1000);
14290 	tmp_tgt->m_t_throttle = MAX_THROTTLE;
14291 
14292 	mptsas_hash_add(hashtab, tmp_tgt);
14293 
14294 	return (tmp_tgt);
14295 }
14296 
14297 static void
14298 mptsas_tgt_free(mptsas_hash_table_t *hashtab, uint64_t wwid, uint8_t phymask)
14299 {
14300 	mptsas_target_t *tmp_tgt;
14301 	tmp_tgt = mptsas_hash_rem(hashtab, wwid, phymask);
14302 	if (tmp_tgt == NULL) {
14303 		cmn_err(CE_WARN, "Tgt not found, nothing to free");
14304 	} else {
14305 		kmem_free(tmp_tgt, sizeof (struct mptsas_target));
14306 	}
14307 }
14308 
14309 /*
14310  * Return the entry in the hash table
14311  */
14312 static mptsas_smp_t *
14313 mptsas_smp_alloc(mptsas_hash_table_t *hashtab, mptsas_smp_t *data)
14314 {
14315 	uint64_t key1 = data->m_sasaddr;
14316 	uint8_t key2 = data->m_phymask;
14317 	mptsas_smp_t *ret_data;
14318 
14319 	ret_data = mptsas_hash_search(hashtab, key1, key2);
14320 	if (ret_data != NULL) {
14321 		bcopy(data, ret_data, sizeof (mptsas_smp_t));
14322 		return (ret_data);
14323 	}
14324 
14325 	ret_data = kmem_alloc(sizeof (mptsas_smp_t), KM_SLEEP);
14326 	bcopy(data, ret_data, sizeof (mptsas_smp_t));
14327 	mptsas_hash_add(hashtab, ret_data);
14328 	return (ret_data);
14329 }
14330 
14331 static void
14332 mptsas_smp_free(mptsas_hash_table_t *hashtab, uint64_t wwid, uint8_t phymask)
14333 {
14334 	mptsas_smp_t *tmp_smp;
14335 	tmp_smp = mptsas_hash_rem(hashtab, wwid, phymask);
14336 	if (tmp_smp == NULL) {
14337 		cmn_err(CE_WARN, "Smp element not found, nothing to free");
14338 	} else {
14339 		kmem_free(tmp_smp, sizeof (struct mptsas_smp));
14340 	}
14341 }
14342 
14343 /*
14344  * Hash operation functions
14345  * key1 is the sas_wwn, key2 is the phymask
14346  */
14347 static void
14348 mptsas_hash_init(mptsas_hash_table_t *hashtab)
14349 {
14350 	if (hashtab == NULL) {
14351 		return;
14352 	}
14353 	bzero(hashtab->head, sizeof (mptsas_hash_node_t) *
14354 	    MPTSAS_HASH_ARRAY_SIZE);
14355 	hashtab->cur = NULL;
14356 	hashtab->line = 0;
14357 }
14358 
14359 static void
14360 mptsas_hash_uninit(mptsas_hash_table_t *hashtab, size_t datalen)
14361 {
14362 	uint16_t line = 0;
14363 	mptsas_hash_node_t *cur = NULL, *last = NULL;
14364 
14365 	if (hashtab == NULL) {
14366 		return;
14367 	}
14368 	for (line = 0; line < MPTSAS_HASH_ARRAY_SIZE; line++) {
14369 		cur = hashtab->head[line];
14370 		while (cur != NULL) {
14371 			last = cur;
14372 			cur = cur->next;
14373 			kmem_free(last->data, datalen);
14374 			kmem_free(last, sizeof (mptsas_hash_node_t));
14375 		}
14376 	}
14377 }
14378 
14379 /*
14380  * You must guarantee the element doesn't exist in the hash table
14381  * before you call mptsas_hash_add()
14382  */
14383 static void
14384 mptsas_hash_add(mptsas_hash_table_t *hashtab, void *data)
14385 {
14386 	uint64_t key1 = ((mptsas_hash_data_t *)data)->key1;
14387 	uint8_t	key2 = ((mptsas_hash_data_t *)data)->key2;
14388 	mptsas_hash_node_t **head = NULL;
14389 	mptsas_hash_node_t *node = NULL;
14390 
14391 	if (hashtab == NULL) {
14392 		return;
14393 	}
14394 	ASSERT(mptsas_hash_search(hashtab, key1, key2) == NULL);
14395 	node = kmem_zalloc(sizeof (mptsas_hash_node_t), KM_NOSLEEP);
14396 	node->data = data;
14397 
14398 	head = &(hashtab->head[key1 % MPTSAS_HASH_ARRAY_SIZE]);
14399 	if (*head == NULL) {
14400 		*head = node;
14401 	} else {
14402 		node->next = *head;
14403 		*head = node;
14404 	}
14405 }
14406 
14407 static void *
14408 mptsas_hash_rem(mptsas_hash_table_t *hashtab, uint64_t key1, uint8_t key2)
14409 {
14410 	mptsas_hash_node_t **head = NULL;
14411 	mptsas_hash_node_t *last = NULL, *cur = NULL;
14412 	mptsas_hash_data_t *data;
14413 	if (hashtab == NULL) {
14414 		return (NULL);
14415 	}
14416 	head = &(hashtab->head[key1 % MPTSAS_HASH_ARRAY_SIZE]);
14417 	cur = *head;
14418 	while (cur != NULL) {
14419 		data = cur->data;
14420 		if ((data->key1 == key1) && (data->key2 == key2)) {
14421 			if (last == NULL) {
14422 				(*head) = cur->next;
14423 			} else {
14424 				last->next = cur->next;
14425 			}
14426 			kmem_free(cur, sizeof (mptsas_hash_node_t));
14427 			return (data);
14428 		} else {
14429 			last = cur;
14430 			cur = cur->next;
14431 		}
14432 	}
14433 	return (NULL);
14434 }
14435 
14436 static void *
14437 mptsas_hash_search(mptsas_hash_table_t *hashtab, uint64_t key1, uint8_t key2)
14438 {
14439 	mptsas_hash_node_t *cur = NULL;
14440 	mptsas_hash_data_t *data;
14441 	if (hashtab == NULL) {
14442 		return (NULL);
14443 	}
14444 	cur = hashtab->head[key1 % MPTSAS_HASH_ARRAY_SIZE];
14445 	while (cur != NULL) {
14446 		data = cur->data;
14447 		if ((data->key1 == key1) && (data->key2 == key2)) {
14448 			return (data);
14449 		} else {
14450 			cur = cur->next;
14451 		}
14452 	}
14453 	return (NULL);
14454 }
14455 
14456 static void *
14457 mptsas_hash_traverse(mptsas_hash_table_t *hashtab, int pos)
14458 {
14459 	mptsas_hash_node_t *this = NULL;
14460 
14461 	if (hashtab == NULL) {
14462 		return (NULL);
14463 	}
14464 
14465 	if (pos == MPTSAS_HASH_FIRST) {
14466 		hashtab->line = 0;
14467 		hashtab->cur = NULL;
14468 		this = hashtab->head[0];
14469 	} else {
14470 		if (hashtab->cur == NULL) {
14471 			return (NULL);
14472 		} else {
14473 			this = hashtab->cur->next;
14474 		}
14475 	}
14476 
14477 	while (this == NULL) {
14478 		hashtab->line++;
14479 		if (hashtab->line >= MPTSAS_HASH_ARRAY_SIZE) {
14480 			/* the traverse reaches the end */
14481 			hashtab->cur = NULL;
14482 			return (NULL);
14483 		} else {
14484 			this = hashtab->head[hashtab->line];
14485 		}
14486 	}
14487 	hashtab->cur = this;
14488 	return (this->data);
14489 }
14490