1 /* 2 * This file and its contents are supplied under the terms of the 3 * Common Development and Distribution License ("CDDL"), version 1.0. 4 * You may only use this file in accordance with the terms of version 5 * 1.0 of the CDDL. 6 * 7 * A full copy of the text of the CDDL should have accompanied this 8 * source. A copy of the CDDL is also available via the Internet at 9 * http://www.illumos.org/license/CDDL. 10 */ 11 12 /* 13 * Copyright 2018 Nexenta Systems, Inc. 14 * Copyright 2016 Tegile Systems, Inc. All rights reserved. 15 * Copyright (c) 2016 The MathWorks, Inc. All rights reserved. 16 * Copyright 2020 Joyent, Inc. 17 * Copyright 2019 Western Digital Corporation. 18 * Copyright 2020 Racktop Systems. 19 */ 20 21 /* 22 * blkdev driver for NVMe compliant storage devices 23 * 24 * This driver was written to conform to version 1.2.1 of the NVMe 25 * specification. It may work with newer versions, but that is completely 26 * untested and disabled by default. 27 * 28 * The driver has only been tested on x86 systems and will not work on big- 29 * endian systems without changes to the code accessing registers and data 30 * structures used by the hardware. 31 * 32 * 33 * Interrupt Usage: 34 * 35 * The driver will use a single interrupt while configuring the device as the 36 * specification requires, but contrary to the specification it will try to use 37 * a single-message MSI(-X) or FIXED interrupt. Later in the attach process it 38 * will switch to multiple-message MSI(-X) if supported. The driver wants to 39 * have one interrupt vector per CPU, but it will work correctly if less are 40 * available. Interrupts can be shared by queues, the interrupt handler will 41 * iterate through the I/O queue array by steps of n_intr_cnt. Usually only 42 * the admin queue will share an interrupt with one I/O queue. The interrupt 43 * handler will retrieve completed commands from all queues sharing an interrupt 44 * vector and will post them to a taskq for completion processing. 45 * 46 * 47 * Command Processing: 48 * 49 * NVMe devices can have up to 65535 I/O queue pairs, with each queue holding up 50 * to 65536 I/O commands. The driver will configure one I/O queue pair per 51 * available interrupt vector, with the queue length usually much smaller than 52 * the maximum of 65536. If the hardware doesn't provide enough queues, fewer 53 * interrupt vectors will be used. 54 * 55 * Additionally the hardware provides a single special admin queue pair that can 56 * hold up to 4096 admin commands. 57 * 58 * From the hardware perspective both queues of a queue pair are independent, 59 * but they share some driver state: the command array (holding pointers to 60 * commands currently being processed by the hardware) and the active command 61 * counter. Access to a submission queue and the shared state is protected by 62 * nq_mutex; completion queue is protected by ncq_mutex. 63 * 64 * When a command is submitted to a queue pair the active command counter is 65 * incremented and a pointer to the command is stored in the command array. The 66 * array index is used as command identifier (CID) in the submission queue 67 * entry. Some commands may take a very long time to complete, and if the queue 68 * wraps around in that time a submission may find the next array slot to still 69 * be used by a long-running command. In this case the array is sequentially 70 * searched for the next free slot. The length of the command array is the same 71 * as the configured queue length. Queue overrun is prevented by the semaphore, 72 * so a command submission may block if the queue is full. 73 * 74 * 75 * Polled I/O Support: 76 * 77 * For kernel core dump support the driver can do polled I/O. As interrupts are 78 * turned off while dumping the driver will just submit a command in the regular 79 * way, and then repeatedly attempt a command retrieval until it gets the 80 * command back. 81 * 82 * 83 * Namespace Support: 84 * 85 * NVMe devices can have multiple namespaces, each being a independent data 86 * store. The driver supports multiple namespaces and creates a blkdev interface 87 * for each namespace found. Namespaces can have various attributes to support 88 * protection information. This driver does not support any of this and ignores 89 * namespaces that have these attributes. 90 * 91 * As of NVMe 1.1 namespaces can have an 64bit Extended Unique Identifier 92 * (EUI64). This driver uses the EUI64 if present to generate the devid and 93 * passes it to blkdev to use it in the device node names. As this is currently 94 * untested namespaces with EUI64 are ignored by default. 95 * 96 * We currently support only (2 << NVME_MINOR_INST_SHIFT) - 2 namespaces in a 97 * single controller. This is an artificial limit imposed by the driver to be 98 * able to address a reasonable number of controllers and namespaces using a 99 * 32bit minor node number. 100 * 101 * 102 * Minor nodes: 103 * 104 * For each NVMe device the driver exposes one minor node for the controller and 105 * one minor node for each namespace. The only operations supported by those 106 * minor nodes are open(9E), close(9E), and ioctl(9E). This serves as the 107 * interface for the nvmeadm(1M) utility. 108 * 109 * 110 * Blkdev Interface: 111 * 112 * This driver uses blkdev to do all the heavy lifting involved with presenting 113 * a disk device to the system. As a result, the processing of I/O requests is 114 * relatively simple as blkdev takes care of partitioning, boundary checks, DMA 115 * setup, and splitting of transfers into manageable chunks. 116 * 117 * I/O requests coming in from blkdev are turned into NVM commands and posted to 118 * an I/O queue. The queue is selected by taking the CPU id modulo the number of 119 * queues. There is currently no timeout handling of I/O commands. 120 * 121 * Blkdev also supports querying device/media information and generating a 122 * devid. The driver reports the best block size as determined by the namespace 123 * format back to blkdev as physical block size to support partition and block 124 * alignment. The devid is either based on the namespace EUI64, if present, or 125 * composed using the device vendor ID, model number, serial number, and the 126 * namespace ID. 127 * 128 * 129 * Error Handling: 130 * 131 * Error handling is currently limited to detecting fatal hardware errors, 132 * either by asynchronous events, or synchronously through command status or 133 * admin command timeouts. In case of severe errors the device is fenced off, 134 * all further requests will return EIO. FMA is then called to fault the device. 135 * 136 * The hardware has a limit for outstanding asynchronous event requests. Before 137 * this limit is known the driver assumes it is at least 1 and posts a single 138 * asynchronous request. Later when the limit is known more asynchronous event 139 * requests are posted to allow quicker reception of error information. When an 140 * asynchronous event is posted by the hardware the driver will parse the error 141 * status fields and log information or fault the device, depending on the 142 * severity of the asynchronous event. The asynchronous event request is then 143 * reused and posted to the admin queue again. 144 * 145 * On command completion the command status is checked for errors. In case of 146 * errors indicating a driver bug the driver panics. Almost all other error 147 * status values just cause EIO to be returned. 148 * 149 * Command timeouts are currently detected for all admin commands except 150 * asynchronous event requests. If a command times out and the hardware appears 151 * to be healthy the driver attempts to abort the command. The original command 152 * timeout is also applied to the abort command. If the abort times out too the 153 * driver assumes the device to be dead, fences it off, and calls FMA to retire 154 * it. In all other cases the aborted command should return immediately with a 155 * status indicating it was aborted, and the driver will wait indefinitely for 156 * that to happen. No timeout handling of normal I/O commands is presently done. 157 * 158 * Any command that times out due to the controller dropping dead will be put on 159 * nvme_lost_cmds list if it references DMA memory. This will prevent the DMA 160 * memory being reused by the system and later be written to by a "dead" NVMe 161 * controller. 162 * 163 * 164 * Locking: 165 * 166 * Each queue pair has a nq_mutex and ncq_mutex. The nq_mutex must be held 167 * when accessing shared state and submission queue registers, ncq_mutex 168 * is held when accessing completion queue state and registers. 169 * Callers of nvme_unqueue_cmd() must make sure that nq_mutex is held, while 170 * nvme_submit_{admin,io}_cmd() and nvme_retrieve_cmd() take care of both 171 * mutexes themselves. 172 * 173 * Each command also has its own nc_mutex, which is associated with the 174 * condition variable nc_cv. It is only used on admin commands which are run 175 * synchronously. In that case it must be held across calls to 176 * nvme_submit_{admin,io}_cmd() and nvme_wait_cmd(), which is taken care of by 177 * nvme_admin_cmd(). It must also be held whenever the completion state of the 178 * command is changed or while a admin command timeout is handled. 179 * 180 * If both nc_mutex and nq_mutex must be held, nc_mutex must be acquired first. 181 * More than one nc_mutex may only be held when aborting commands. In this case, 182 * the nc_mutex of the command to be aborted must be held across the call to 183 * nvme_abort_cmd() to prevent the command from completing while the abort is in 184 * progress. 185 * 186 * If both nq_mutex and ncq_mutex need to be held, ncq_mutex must be 187 * acquired first. More than one nq_mutex is never held by a single thread. 188 * The ncq_mutex is only held by nvme_retrieve_cmd() and 189 * nvme_process_iocq(). nvme_process_iocq() is only called from the 190 * interrupt thread and nvme_retrieve_cmd() during polled I/O, so the 191 * mutex is non-contentious but is required for implementation completeness 192 * and safety. 193 * 194 * Each minor node has its own nm_mutex, which protects the open count nm_ocnt 195 * and exclusive-open flag nm_oexcl. 196 * 197 * 198 * Quiesce / Fast Reboot: 199 * 200 * The driver currently does not support fast reboot. A quiesce(9E) entry point 201 * is still provided which is used to send a shutdown notification to the 202 * device. 203 * 204 * 205 * NVMe Hotplug: 206 * 207 * The driver supports hot removal. The driver uses the NDI event framework 208 * to register a callback, nvme_remove_callback, to clean up when a disk is 209 * removed. In particular, the driver will unqueue outstanding I/O commands and 210 * set n_dead on the softstate to true so that other operations, such as ioctls 211 * and command submissions, fail as well. 212 * 213 * While the callback registration relies on the NDI event framework, the 214 * removal event itself is kicked off in the PCIe hotplug framework, when the 215 * PCIe bridge driver ("pcieb") gets a hotplug interrupt indicatating that a 216 * device was removed from the slot. 217 * 218 * The NVMe driver instance itself will remain until the final close of the 219 * device. 220 * 221 * 222 * DDI UFM Support 223 * 224 * The driver supports the DDI UFM framework for reporting information about 225 * the device's firmware image and slot configuration. This data can be 226 * queried by userland software via ioctls to the ufm driver. For more 227 * information, see ddi_ufm(9E). 228 * 229 * 230 * Driver Configuration: 231 * 232 * The following driver properties can be changed to control some aspects of the 233 * drivers operation: 234 * - strict-version: can be set to 0 to allow devices conforming to newer 235 * major versions to be used 236 * - ignore-unknown-vendor-status: can be set to 1 to not handle any vendor 237 * specific command status as a fatal error leading device faulting 238 * - admin-queue-len: the maximum length of the admin queue (16-4096) 239 * - io-squeue-len: the maximum length of the I/O submission queues (16-65536) 240 * - io-cqueue-len: the maximum length of the I/O completion queues (16-65536) 241 * - async-event-limit: the maximum number of asynchronous event requests to be 242 * posted by the driver 243 * - volatile-write-cache-enable: can be set to 0 to disable the volatile write 244 * cache 245 * - min-phys-block-size: the minimum physical block size to report to blkdev, 246 * which is among other things the basis for ZFS vdev ashift 247 * - max-submission-queues: the maximum number of I/O submission queues. 248 * - max-completion-queues: the maximum number of I/O completion queues, 249 * can be less than max-submission-queues, in which case the completion 250 * queues are shared. 251 * 252 * 253 * TODO: 254 * - figure out sane default for I/O queue depth reported to blkdev 255 * - FMA handling of media errors 256 * - support for devices supporting very large I/O requests using chained PRPs 257 * - support for configuring hardware parameters like interrupt coalescing 258 * - support for media formatting and hard partitioning into namespaces 259 * - support for big-endian systems 260 * - support for fast reboot 261 * - support for NVMe Subsystem Reset (1.1) 262 * - support for Scatter/Gather lists (1.1) 263 * - support for Reservations (1.1) 264 * - support for power management 265 */ 266 267 #include <sys/byteorder.h> 268 #ifdef _BIG_ENDIAN 269 #error nvme driver needs porting for big-endian platforms 270 #endif 271 272 #include <sys/modctl.h> 273 #include <sys/conf.h> 274 #include <sys/devops.h> 275 #include <sys/ddi.h> 276 #include <sys/ddi_ufm.h> 277 #include <sys/sunddi.h> 278 #include <sys/sunndi.h> 279 #include <sys/bitmap.h> 280 #include <sys/sysmacros.h> 281 #include <sys/param.h> 282 #include <sys/varargs.h> 283 #include <sys/cpuvar.h> 284 #include <sys/disp.h> 285 #include <sys/blkdev.h> 286 #include <sys/atomic.h> 287 #include <sys/archsystm.h> 288 #include <sys/sata/sata_hba.h> 289 #include <sys/stat.h> 290 #include <sys/policy.h> 291 #include <sys/list.h> 292 #include <sys/dkio.h> 293 294 #include <sys/nvme.h> 295 296 #ifdef __x86 297 #include <sys/x86_archext.h> 298 #endif 299 300 #include "nvme_reg.h" 301 #include "nvme_var.h" 302 303 /* 304 * Assertions to make sure that we've properly captured various aspects of the 305 * packed structures and haven't broken them during updates. 306 */ 307 CTASSERT(sizeof (nvme_identify_ctrl_t) == 0x1000); 308 CTASSERT(offsetof(nvme_identify_ctrl_t, id_oacs) == 256); 309 CTASSERT(offsetof(nvme_identify_ctrl_t, id_sqes) == 512); 310 CTASSERT(offsetof(nvme_identify_ctrl_t, id_oncs) == 520); 311 CTASSERT(offsetof(nvme_identify_ctrl_t, id_subnqn) == 768); 312 CTASSERT(offsetof(nvme_identify_ctrl_t, id_nvmof) == 1792); 313 CTASSERT(offsetof(nvme_identify_ctrl_t, id_psd) == 2048); 314 CTASSERT(offsetof(nvme_identify_ctrl_t, id_vs) == 3072); 315 316 CTASSERT(sizeof (nvme_identify_nsid_t) == 0x1000); 317 CTASSERT(offsetof(nvme_identify_nsid_t, id_fpi) == 32); 318 CTASSERT(offsetof(nvme_identify_nsid_t, id_anagrpid) == 92); 319 CTASSERT(offsetof(nvme_identify_nsid_t, id_nguid) == 104); 320 CTASSERT(offsetof(nvme_identify_nsid_t, id_lbaf) == 128); 321 CTASSERT(offsetof(nvme_identify_nsid_t, id_vs) == 384); 322 323 CTASSERT(sizeof (nvme_identify_primary_caps_t) == 0x1000); 324 CTASSERT(offsetof(nvme_identify_primary_caps_t, nipc_vqfrt) == 32); 325 CTASSERT(offsetof(nvme_identify_primary_caps_t, nipc_vifrt) == 64); 326 327 328 /* NVMe spec version supported */ 329 static const int nvme_version_major = 1; 330 331 /* tunable for admin command timeout in seconds, default is 1s */ 332 int nvme_admin_cmd_timeout = 1; 333 334 /* tunable for FORMAT NVM command timeout in seconds, default is 600s */ 335 int nvme_format_cmd_timeout = 600; 336 337 /* tunable for firmware commit with NVME_FWC_SAVE, default is 15s */ 338 int nvme_commit_save_cmd_timeout = 15; 339 340 static int nvme_attach(dev_info_t *, ddi_attach_cmd_t); 341 static int nvme_detach(dev_info_t *, ddi_detach_cmd_t); 342 static int nvme_quiesce(dev_info_t *); 343 static int nvme_fm_errcb(dev_info_t *, ddi_fm_error_t *, const void *); 344 static int nvme_setup_interrupts(nvme_t *, int, int); 345 static void nvme_release_interrupts(nvme_t *); 346 static uint_t nvme_intr(caddr_t, caddr_t); 347 348 static void nvme_shutdown(nvme_t *, int, boolean_t); 349 static boolean_t nvme_reset(nvme_t *, boolean_t); 350 static int nvme_init(nvme_t *); 351 static nvme_cmd_t *nvme_alloc_cmd(nvme_t *, int); 352 static void nvme_free_cmd(nvme_cmd_t *); 353 static nvme_cmd_t *nvme_create_nvm_cmd(nvme_namespace_t *, uint8_t, 354 bd_xfer_t *); 355 static void nvme_admin_cmd(nvme_cmd_t *, int); 356 static void nvme_submit_admin_cmd(nvme_qpair_t *, nvme_cmd_t *); 357 static int nvme_submit_io_cmd(nvme_qpair_t *, nvme_cmd_t *); 358 static void nvme_submit_cmd_common(nvme_qpair_t *, nvme_cmd_t *); 359 static nvme_cmd_t *nvme_unqueue_cmd(nvme_t *, nvme_qpair_t *, int); 360 static nvme_cmd_t *nvme_retrieve_cmd(nvme_t *, nvme_qpair_t *); 361 static void nvme_wait_cmd(nvme_cmd_t *, uint_t); 362 static void nvme_wakeup_cmd(void *); 363 static void nvme_async_event_task(void *); 364 365 static int nvme_check_unknown_cmd_status(nvme_cmd_t *); 366 static int nvme_check_vendor_cmd_status(nvme_cmd_t *); 367 static int nvme_check_integrity_cmd_status(nvme_cmd_t *); 368 static int nvme_check_specific_cmd_status(nvme_cmd_t *); 369 static int nvme_check_generic_cmd_status(nvme_cmd_t *); 370 static inline int nvme_check_cmd_status(nvme_cmd_t *); 371 372 static int nvme_abort_cmd(nvme_cmd_t *, uint_t); 373 static void nvme_async_event(nvme_t *); 374 static int nvme_format_nvm(nvme_t *, boolean_t, uint32_t, uint8_t, boolean_t, 375 uint8_t, boolean_t, uint8_t); 376 static int nvme_get_logpage(nvme_t *, boolean_t, void **, size_t *, uint8_t, 377 ...); 378 static int nvme_identify(nvme_t *, boolean_t, uint32_t, void **); 379 static int nvme_set_features(nvme_t *, boolean_t, uint32_t, uint8_t, uint32_t, 380 uint32_t *); 381 static int nvme_get_features(nvme_t *, boolean_t, uint32_t, uint8_t, uint32_t *, 382 void **, size_t *); 383 static int nvme_write_cache_set(nvme_t *, boolean_t); 384 static int nvme_set_nqueues(nvme_t *); 385 386 static void nvme_free_dma(nvme_dma_t *); 387 static int nvme_zalloc_dma(nvme_t *, size_t, uint_t, ddi_dma_attr_t *, 388 nvme_dma_t **); 389 static int nvme_zalloc_queue_dma(nvme_t *, uint32_t, uint16_t, uint_t, 390 nvme_dma_t **); 391 static void nvme_free_qpair(nvme_qpair_t *); 392 static int nvme_alloc_qpair(nvme_t *, uint32_t, nvme_qpair_t **, uint_t); 393 static int nvme_create_io_qpair(nvme_t *, nvme_qpair_t *, uint16_t); 394 395 static inline void nvme_put64(nvme_t *, uintptr_t, uint64_t); 396 static inline void nvme_put32(nvme_t *, uintptr_t, uint32_t); 397 static inline uint64_t nvme_get64(nvme_t *, uintptr_t); 398 static inline uint32_t nvme_get32(nvme_t *, uintptr_t); 399 400 static boolean_t nvme_check_regs_hdl(nvme_t *); 401 static boolean_t nvme_check_dma_hdl(nvme_dma_t *); 402 403 static int nvme_fill_prp(nvme_cmd_t *, bd_xfer_t *); 404 405 static void nvme_bd_xfer_done(void *); 406 static void nvme_bd_driveinfo(void *, bd_drive_t *); 407 static int nvme_bd_mediainfo(void *, bd_media_t *); 408 static int nvme_bd_cmd(nvme_namespace_t *, bd_xfer_t *, uint8_t); 409 static int nvme_bd_read(void *, bd_xfer_t *); 410 static int nvme_bd_write(void *, bd_xfer_t *); 411 static int nvme_bd_sync(void *, bd_xfer_t *); 412 static int nvme_bd_devid(void *, dev_info_t *, ddi_devid_t *); 413 static int nvme_bd_free_space(void *, bd_xfer_t *); 414 415 static int nvme_prp_dma_constructor(void *, void *, int); 416 static void nvme_prp_dma_destructor(void *, void *); 417 418 static void nvme_prepare_devid(nvme_t *, uint32_t); 419 420 /* DDI UFM callbacks */ 421 static int nvme_ufm_fill_image(ddi_ufm_handle_t *, void *, uint_t, 422 ddi_ufm_image_t *); 423 static int nvme_ufm_fill_slot(ddi_ufm_handle_t *, void *, uint_t, uint_t, 424 ddi_ufm_slot_t *); 425 static int nvme_ufm_getcaps(ddi_ufm_handle_t *, void *, ddi_ufm_cap_t *); 426 427 static int nvme_open(dev_t *, int, int, cred_t *); 428 static int nvme_close(dev_t, int, int, cred_t *); 429 static int nvme_ioctl(dev_t, int, intptr_t, int, cred_t *, int *); 430 431 static ddi_ufm_ops_t nvme_ufm_ops = { 432 NULL, 433 nvme_ufm_fill_image, 434 nvme_ufm_fill_slot, 435 nvme_ufm_getcaps 436 }; 437 438 #define NVME_MINOR_INST_SHIFT 9 439 #define NVME_MINOR(inst, nsid) (((inst) << NVME_MINOR_INST_SHIFT) | (nsid)) 440 #define NVME_MINOR_INST(minor) ((minor) >> NVME_MINOR_INST_SHIFT) 441 #define NVME_MINOR_NSID(minor) ((minor) & ((1 << NVME_MINOR_INST_SHIFT) - 1)) 442 #define NVME_MINOR_MAX (NVME_MINOR(1, 0) - 2) 443 444 static void *nvme_state; 445 static kmem_cache_t *nvme_cmd_cache; 446 447 /* 448 * DMA attributes for queue DMA memory 449 * 450 * Queue DMA memory must be page aligned. The maximum length of a queue is 451 * 65536 entries, and an entry can be 64 bytes long. 452 */ 453 static ddi_dma_attr_t nvme_queue_dma_attr = { 454 .dma_attr_version = DMA_ATTR_V0, 455 .dma_attr_addr_lo = 0, 456 .dma_attr_addr_hi = 0xffffffffffffffffULL, 457 .dma_attr_count_max = (UINT16_MAX + 1) * sizeof (nvme_sqe_t) - 1, 458 .dma_attr_align = 0x1000, 459 .dma_attr_burstsizes = 0x7ff, 460 .dma_attr_minxfer = 0x1000, 461 .dma_attr_maxxfer = (UINT16_MAX + 1) * sizeof (nvme_sqe_t), 462 .dma_attr_seg = 0xffffffffffffffffULL, 463 .dma_attr_sgllen = 1, 464 .dma_attr_granular = 1, 465 .dma_attr_flags = 0, 466 }; 467 468 /* 469 * DMA attributes for transfers using Physical Region Page (PRP) entries 470 * 471 * A PRP entry describes one page of DMA memory using the page size specified 472 * in the controller configuration's memory page size register (CC.MPS). It uses 473 * a 64bit base address aligned to this page size. There is no limitation on 474 * chaining PRPs together for arbitrarily large DMA transfers. 475 */ 476 static ddi_dma_attr_t nvme_prp_dma_attr = { 477 .dma_attr_version = DMA_ATTR_V0, 478 .dma_attr_addr_lo = 0, 479 .dma_attr_addr_hi = 0xffffffffffffffffULL, 480 .dma_attr_count_max = 0xfff, 481 .dma_attr_align = 0x1000, 482 .dma_attr_burstsizes = 0x7ff, 483 .dma_attr_minxfer = 0x1000, 484 .dma_attr_maxxfer = 0x1000, 485 .dma_attr_seg = 0xfff, 486 .dma_attr_sgllen = -1, 487 .dma_attr_granular = 1, 488 .dma_attr_flags = 0, 489 }; 490 491 /* 492 * DMA attributes for transfers using scatter/gather lists 493 * 494 * A SGL entry describes a chunk of DMA memory using a 64bit base address and a 495 * 32bit length field. SGL Segment and SGL Last Segment entries require the 496 * length to be a multiple of 16 bytes. 497 */ 498 static ddi_dma_attr_t nvme_sgl_dma_attr = { 499 .dma_attr_version = DMA_ATTR_V0, 500 .dma_attr_addr_lo = 0, 501 .dma_attr_addr_hi = 0xffffffffffffffffULL, 502 .dma_attr_count_max = 0xffffffffUL, 503 .dma_attr_align = 1, 504 .dma_attr_burstsizes = 0x7ff, 505 .dma_attr_minxfer = 0x10, 506 .dma_attr_maxxfer = 0xfffffffffULL, 507 .dma_attr_seg = 0xffffffffffffffffULL, 508 .dma_attr_sgllen = -1, 509 .dma_attr_granular = 0x10, 510 .dma_attr_flags = 0 511 }; 512 513 static ddi_device_acc_attr_t nvme_reg_acc_attr = { 514 .devacc_attr_version = DDI_DEVICE_ATTR_V0, 515 .devacc_attr_endian_flags = DDI_STRUCTURE_LE_ACC, 516 .devacc_attr_dataorder = DDI_STRICTORDER_ACC 517 }; 518 519 static struct cb_ops nvme_cb_ops = { 520 .cb_open = nvme_open, 521 .cb_close = nvme_close, 522 .cb_strategy = nodev, 523 .cb_print = nodev, 524 .cb_dump = nodev, 525 .cb_read = nodev, 526 .cb_write = nodev, 527 .cb_ioctl = nvme_ioctl, 528 .cb_devmap = nodev, 529 .cb_mmap = nodev, 530 .cb_segmap = nodev, 531 .cb_chpoll = nochpoll, 532 .cb_prop_op = ddi_prop_op, 533 .cb_str = 0, 534 .cb_flag = D_NEW | D_MP, 535 .cb_rev = CB_REV, 536 .cb_aread = nodev, 537 .cb_awrite = nodev 538 }; 539 540 static struct dev_ops nvme_dev_ops = { 541 .devo_rev = DEVO_REV, 542 .devo_refcnt = 0, 543 .devo_getinfo = ddi_no_info, 544 .devo_identify = nulldev, 545 .devo_probe = nulldev, 546 .devo_attach = nvme_attach, 547 .devo_detach = nvme_detach, 548 .devo_reset = nodev, 549 .devo_cb_ops = &nvme_cb_ops, 550 .devo_bus_ops = NULL, 551 .devo_power = NULL, 552 .devo_quiesce = nvme_quiesce, 553 }; 554 555 static struct modldrv nvme_modldrv = { 556 .drv_modops = &mod_driverops, 557 .drv_linkinfo = "NVMe v1.1b", 558 .drv_dev_ops = &nvme_dev_ops 559 }; 560 561 static struct modlinkage nvme_modlinkage = { 562 .ml_rev = MODREV_1, 563 .ml_linkage = { &nvme_modldrv, NULL } 564 }; 565 566 static bd_ops_t nvme_bd_ops = { 567 .o_version = BD_OPS_CURRENT_VERSION, 568 .o_drive_info = nvme_bd_driveinfo, 569 .o_media_info = nvme_bd_mediainfo, 570 .o_devid_init = nvme_bd_devid, 571 .o_sync_cache = nvme_bd_sync, 572 .o_read = nvme_bd_read, 573 .o_write = nvme_bd_write, 574 .o_free_space = nvme_bd_free_space, 575 }; 576 577 /* 578 * This list will hold commands that have timed out and couldn't be aborted. 579 * As we don't know what the hardware may still do with the DMA memory we can't 580 * free them, so we'll keep them forever on this list where we can easily look 581 * at them with mdb. 582 */ 583 static struct list nvme_lost_cmds; 584 static kmutex_t nvme_lc_mutex; 585 586 int 587 _init(void) 588 { 589 int error; 590 591 error = ddi_soft_state_init(&nvme_state, sizeof (nvme_t), 1); 592 if (error != DDI_SUCCESS) 593 return (error); 594 595 nvme_cmd_cache = kmem_cache_create("nvme_cmd_cache", 596 sizeof (nvme_cmd_t), 64, NULL, NULL, NULL, NULL, NULL, 0); 597 598 mutex_init(&nvme_lc_mutex, NULL, MUTEX_DRIVER, NULL); 599 list_create(&nvme_lost_cmds, sizeof (nvme_cmd_t), 600 offsetof(nvme_cmd_t, nc_list)); 601 602 bd_mod_init(&nvme_dev_ops); 603 604 error = mod_install(&nvme_modlinkage); 605 if (error != DDI_SUCCESS) { 606 ddi_soft_state_fini(&nvme_state); 607 mutex_destroy(&nvme_lc_mutex); 608 list_destroy(&nvme_lost_cmds); 609 bd_mod_fini(&nvme_dev_ops); 610 } 611 612 return (error); 613 } 614 615 int 616 _fini(void) 617 { 618 int error; 619 620 if (!list_is_empty(&nvme_lost_cmds)) 621 return (DDI_FAILURE); 622 623 error = mod_remove(&nvme_modlinkage); 624 if (error == DDI_SUCCESS) { 625 ddi_soft_state_fini(&nvme_state); 626 kmem_cache_destroy(nvme_cmd_cache); 627 mutex_destroy(&nvme_lc_mutex); 628 list_destroy(&nvme_lost_cmds); 629 bd_mod_fini(&nvme_dev_ops); 630 } 631 632 return (error); 633 } 634 635 int 636 _info(struct modinfo *modinfop) 637 { 638 return (mod_info(&nvme_modlinkage, modinfop)); 639 } 640 641 static inline void 642 nvme_put64(nvme_t *nvme, uintptr_t reg, uint64_t val) 643 { 644 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x7) == 0); 645 646 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 647 ddi_put64(nvme->n_regh, (uint64_t *)(nvme->n_regs + reg), val); 648 } 649 650 static inline void 651 nvme_put32(nvme_t *nvme, uintptr_t reg, uint32_t val) 652 { 653 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x3) == 0); 654 655 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 656 ddi_put32(nvme->n_regh, (uint32_t *)(nvme->n_regs + reg), val); 657 } 658 659 static inline uint64_t 660 nvme_get64(nvme_t *nvme, uintptr_t reg) 661 { 662 uint64_t val; 663 664 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x7) == 0); 665 666 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 667 val = ddi_get64(nvme->n_regh, (uint64_t *)(nvme->n_regs + reg)); 668 669 return (val); 670 } 671 672 static inline uint32_t 673 nvme_get32(nvme_t *nvme, uintptr_t reg) 674 { 675 uint32_t val; 676 677 ASSERT(((uintptr_t)(nvme->n_regs + reg) & 0x3) == 0); 678 679 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 680 val = ddi_get32(nvme->n_regh, (uint32_t *)(nvme->n_regs + reg)); 681 682 return (val); 683 } 684 685 static boolean_t 686 nvme_check_regs_hdl(nvme_t *nvme) 687 { 688 ddi_fm_error_t error; 689 690 ddi_fm_acc_err_get(nvme->n_regh, &error, DDI_FME_VERSION); 691 692 if (error.fme_status != DDI_FM_OK) 693 return (B_TRUE); 694 695 return (B_FALSE); 696 } 697 698 static boolean_t 699 nvme_check_dma_hdl(nvme_dma_t *dma) 700 { 701 ddi_fm_error_t error; 702 703 if (dma == NULL) 704 return (B_FALSE); 705 706 ddi_fm_dma_err_get(dma->nd_dmah, &error, DDI_FME_VERSION); 707 708 if (error.fme_status != DDI_FM_OK) 709 return (B_TRUE); 710 711 return (B_FALSE); 712 } 713 714 static void 715 nvme_free_dma_common(nvme_dma_t *dma) 716 { 717 if (dma->nd_dmah != NULL) 718 (void) ddi_dma_unbind_handle(dma->nd_dmah); 719 if (dma->nd_acch != NULL) 720 ddi_dma_mem_free(&dma->nd_acch); 721 if (dma->nd_dmah != NULL) 722 ddi_dma_free_handle(&dma->nd_dmah); 723 } 724 725 static void 726 nvme_free_dma(nvme_dma_t *dma) 727 { 728 nvme_free_dma_common(dma); 729 kmem_free(dma, sizeof (*dma)); 730 } 731 732 /* ARGSUSED */ 733 static void 734 nvme_prp_dma_destructor(void *buf, void *private) 735 { 736 nvme_dma_t *dma = (nvme_dma_t *)buf; 737 738 nvme_free_dma_common(dma); 739 } 740 741 static int 742 nvme_alloc_dma_common(nvme_t *nvme, nvme_dma_t *dma, 743 size_t len, uint_t flags, ddi_dma_attr_t *dma_attr) 744 { 745 if (ddi_dma_alloc_handle(nvme->n_dip, dma_attr, DDI_DMA_SLEEP, NULL, 746 &dma->nd_dmah) != DDI_SUCCESS) { 747 /* 748 * Due to DDI_DMA_SLEEP this can't be DDI_DMA_NORESOURCES, and 749 * the only other possible error is DDI_DMA_BADATTR which 750 * indicates a driver bug which should cause a panic. 751 */ 752 dev_err(nvme->n_dip, CE_PANIC, 753 "!failed to get DMA handle, check DMA attributes"); 754 return (DDI_FAILURE); 755 } 756 757 /* 758 * ddi_dma_mem_alloc() can only fail when DDI_DMA_NOSLEEP is specified 759 * or the flags are conflicting, which isn't the case here. 760 */ 761 (void) ddi_dma_mem_alloc(dma->nd_dmah, len, &nvme->n_reg_acc_attr, 762 DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL, &dma->nd_memp, 763 &dma->nd_len, &dma->nd_acch); 764 765 if (ddi_dma_addr_bind_handle(dma->nd_dmah, NULL, dma->nd_memp, 766 dma->nd_len, flags | DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL, 767 &dma->nd_cookie, &dma->nd_ncookie) != DDI_DMA_MAPPED) { 768 dev_err(nvme->n_dip, CE_WARN, 769 "!failed to bind DMA memory"); 770 atomic_inc_32(&nvme->n_dma_bind_err); 771 nvme_free_dma_common(dma); 772 return (DDI_FAILURE); 773 } 774 775 return (DDI_SUCCESS); 776 } 777 778 static int 779 nvme_zalloc_dma(nvme_t *nvme, size_t len, uint_t flags, 780 ddi_dma_attr_t *dma_attr, nvme_dma_t **ret) 781 { 782 nvme_dma_t *dma = kmem_zalloc(sizeof (nvme_dma_t), KM_SLEEP); 783 784 if (nvme_alloc_dma_common(nvme, dma, len, flags, dma_attr) != 785 DDI_SUCCESS) { 786 *ret = NULL; 787 kmem_free(dma, sizeof (nvme_dma_t)); 788 return (DDI_FAILURE); 789 } 790 791 bzero(dma->nd_memp, dma->nd_len); 792 793 *ret = dma; 794 return (DDI_SUCCESS); 795 } 796 797 /* ARGSUSED */ 798 static int 799 nvme_prp_dma_constructor(void *buf, void *private, int flags) 800 { 801 nvme_dma_t *dma = (nvme_dma_t *)buf; 802 nvme_t *nvme = (nvme_t *)private; 803 804 dma->nd_dmah = NULL; 805 dma->nd_acch = NULL; 806 807 if (nvme_alloc_dma_common(nvme, dma, nvme->n_pagesize, 808 DDI_DMA_READ, &nvme->n_prp_dma_attr) != DDI_SUCCESS) { 809 return (-1); 810 } 811 812 ASSERT(dma->nd_ncookie == 1); 813 814 dma->nd_cached = B_TRUE; 815 816 return (0); 817 } 818 819 static int 820 nvme_zalloc_queue_dma(nvme_t *nvme, uint32_t nentry, uint16_t qe_len, 821 uint_t flags, nvme_dma_t **dma) 822 { 823 uint32_t len = nentry * qe_len; 824 ddi_dma_attr_t q_dma_attr = nvme->n_queue_dma_attr; 825 826 len = roundup(len, nvme->n_pagesize); 827 828 if (nvme_zalloc_dma(nvme, len, flags, &q_dma_attr, dma) 829 != DDI_SUCCESS) { 830 dev_err(nvme->n_dip, CE_WARN, 831 "!failed to get DMA memory for queue"); 832 goto fail; 833 } 834 835 if ((*dma)->nd_ncookie != 1) { 836 dev_err(nvme->n_dip, CE_WARN, 837 "!got too many cookies for queue DMA"); 838 goto fail; 839 } 840 841 return (DDI_SUCCESS); 842 843 fail: 844 if (*dma) { 845 nvme_free_dma(*dma); 846 *dma = NULL; 847 } 848 849 return (DDI_FAILURE); 850 } 851 852 static void 853 nvme_free_cq(nvme_cq_t *cq) 854 { 855 mutex_destroy(&cq->ncq_mutex); 856 857 if (cq->ncq_cmd_taskq != NULL) 858 taskq_destroy(cq->ncq_cmd_taskq); 859 860 if (cq->ncq_dma != NULL) 861 nvme_free_dma(cq->ncq_dma); 862 863 kmem_free(cq, sizeof (*cq)); 864 } 865 866 static void 867 nvme_free_qpair(nvme_qpair_t *qp) 868 { 869 int i; 870 871 mutex_destroy(&qp->nq_mutex); 872 sema_destroy(&qp->nq_sema); 873 874 if (qp->nq_sqdma != NULL) 875 nvme_free_dma(qp->nq_sqdma); 876 877 if (qp->nq_active_cmds > 0) 878 for (i = 0; i != qp->nq_nentry; i++) 879 if (qp->nq_cmd[i] != NULL) 880 nvme_free_cmd(qp->nq_cmd[i]); 881 882 if (qp->nq_cmd != NULL) 883 kmem_free(qp->nq_cmd, sizeof (nvme_cmd_t *) * qp->nq_nentry); 884 885 kmem_free(qp, sizeof (nvme_qpair_t)); 886 } 887 888 /* 889 * Destroy the pre-allocated cq array, but only free individual completion 890 * queues from the given starting index. 891 */ 892 static void 893 nvme_destroy_cq_array(nvme_t *nvme, uint_t start) 894 { 895 uint_t i; 896 897 for (i = start; i < nvme->n_cq_count; i++) 898 if (nvme->n_cq[i] != NULL) 899 nvme_free_cq(nvme->n_cq[i]); 900 901 kmem_free(nvme->n_cq, sizeof (*nvme->n_cq) * nvme->n_cq_count); 902 } 903 904 static int 905 nvme_alloc_cq(nvme_t *nvme, uint32_t nentry, nvme_cq_t **cqp, uint16_t idx, 906 uint_t nthr) 907 { 908 nvme_cq_t *cq = kmem_zalloc(sizeof (*cq), KM_SLEEP); 909 char name[64]; /* large enough for the taskq name */ 910 911 mutex_init(&cq->ncq_mutex, NULL, MUTEX_DRIVER, 912 DDI_INTR_PRI(nvme->n_intr_pri)); 913 914 if (nvme_zalloc_queue_dma(nvme, nentry, sizeof (nvme_cqe_t), 915 DDI_DMA_READ, &cq->ncq_dma) != DDI_SUCCESS) 916 goto fail; 917 918 cq->ncq_cq = (nvme_cqe_t *)cq->ncq_dma->nd_memp; 919 cq->ncq_nentry = nentry; 920 cq->ncq_id = idx; 921 cq->ncq_hdbl = NVME_REG_CQHDBL(nvme, idx); 922 923 /* 924 * Each completion queue has its own command taskq. 925 */ 926 (void) snprintf(name, sizeof (name), "%s%d_cmd_taskq%u", 927 ddi_driver_name(nvme->n_dip), ddi_get_instance(nvme->n_dip), idx); 928 929 cq->ncq_cmd_taskq = taskq_create(name, nthr, minclsyspri, 64, INT_MAX, 930 TASKQ_PREPOPULATE); 931 932 if (cq->ncq_cmd_taskq == NULL) { 933 dev_err(nvme->n_dip, CE_WARN, "!failed to create cmd " 934 "taskq for cq %u", idx); 935 goto fail; 936 } 937 938 *cqp = cq; 939 return (DDI_SUCCESS); 940 941 fail: 942 nvme_free_cq(cq); 943 *cqp = NULL; 944 945 return (DDI_FAILURE); 946 } 947 948 /* 949 * Create the n_cq array big enough to hold "ncq" completion queues. 950 * If the array already exists it will be re-sized (but only larger). 951 * The admin queue is included in this array, which boosts the 952 * max number of entries to UINT16_MAX + 1. 953 */ 954 static int 955 nvme_create_cq_array(nvme_t *nvme, uint_t ncq, uint32_t nentry, uint_t nthr) 956 { 957 nvme_cq_t **cq; 958 uint_t i, cq_count; 959 960 ASSERT3U(ncq, >, nvme->n_cq_count); 961 962 cq = nvme->n_cq; 963 cq_count = nvme->n_cq_count; 964 965 nvme->n_cq = kmem_zalloc(sizeof (*nvme->n_cq) * ncq, KM_SLEEP); 966 nvme->n_cq_count = ncq; 967 968 for (i = 0; i < cq_count; i++) 969 nvme->n_cq[i] = cq[i]; 970 971 for (; i < nvme->n_cq_count; i++) 972 if (nvme_alloc_cq(nvme, nentry, &nvme->n_cq[i], i, nthr) != 973 DDI_SUCCESS) 974 goto fail; 975 976 if (cq != NULL) 977 kmem_free(cq, sizeof (*cq) * cq_count); 978 979 return (DDI_SUCCESS); 980 981 fail: 982 nvme_destroy_cq_array(nvme, cq_count); 983 /* 984 * Restore the original array 985 */ 986 nvme->n_cq_count = cq_count; 987 nvme->n_cq = cq; 988 989 return (DDI_FAILURE); 990 } 991 992 static int 993 nvme_alloc_qpair(nvme_t *nvme, uint32_t nentry, nvme_qpair_t **nqp, 994 uint_t idx) 995 { 996 nvme_qpair_t *qp = kmem_zalloc(sizeof (*qp), KM_SLEEP); 997 uint_t cq_idx; 998 999 mutex_init(&qp->nq_mutex, NULL, MUTEX_DRIVER, 1000 DDI_INTR_PRI(nvme->n_intr_pri)); 1001 1002 /* 1003 * The NVMe spec defines that a full queue has one empty (unused) slot; 1004 * initialize the semaphore accordingly. 1005 */ 1006 sema_init(&qp->nq_sema, nentry - 1, NULL, SEMA_DRIVER, NULL); 1007 1008 if (nvme_zalloc_queue_dma(nvme, nentry, sizeof (nvme_sqe_t), 1009 DDI_DMA_WRITE, &qp->nq_sqdma) != DDI_SUCCESS) 1010 goto fail; 1011 1012 /* 1013 * idx == 0 is adminq, those above 0 are shared io completion queues. 1014 */ 1015 cq_idx = idx == 0 ? 0 : 1 + (idx - 1) % (nvme->n_cq_count - 1); 1016 qp->nq_cq = nvme->n_cq[cq_idx]; 1017 qp->nq_sq = (nvme_sqe_t *)qp->nq_sqdma->nd_memp; 1018 qp->nq_nentry = nentry; 1019 1020 qp->nq_sqtdbl = NVME_REG_SQTDBL(nvme, idx); 1021 1022 qp->nq_cmd = kmem_zalloc(sizeof (nvme_cmd_t *) * nentry, KM_SLEEP); 1023 qp->nq_next_cmd = 0; 1024 1025 *nqp = qp; 1026 return (DDI_SUCCESS); 1027 1028 fail: 1029 nvme_free_qpair(qp); 1030 *nqp = NULL; 1031 1032 return (DDI_FAILURE); 1033 } 1034 1035 static nvme_cmd_t * 1036 nvme_alloc_cmd(nvme_t *nvme, int kmflag) 1037 { 1038 nvme_cmd_t *cmd = kmem_cache_alloc(nvme_cmd_cache, kmflag); 1039 1040 if (cmd == NULL) 1041 return (cmd); 1042 1043 bzero(cmd, sizeof (nvme_cmd_t)); 1044 1045 cmd->nc_nvme = nvme; 1046 1047 mutex_init(&cmd->nc_mutex, NULL, MUTEX_DRIVER, 1048 DDI_INTR_PRI(nvme->n_intr_pri)); 1049 cv_init(&cmd->nc_cv, NULL, CV_DRIVER, NULL); 1050 1051 return (cmd); 1052 } 1053 1054 static void 1055 nvme_free_cmd(nvme_cmd_t *cmd) 1056 { 1057 /* Don't free commands on the lost commands list. */ 1058 if (list_link_active(&cmd->nc_list)) 1059 return; 1060 1061 if (cmd->nc_dma) { 1062 if (cmd->nc_dma->nd_cached) 1063 kmem_cache_free(cmd->nc_nvme->n_prp_cache, 1064 cmd->nc_dma); 1065 else 1066 nvme_free_dma(cmd->nc_dma); 1067 cmd->nc_dma = NULL; 1068 } 1069 1070 cv_destroy(&cmd->nc_cv); 1071 mutex_destroy(&cmd->nc_mutex); 1072 1073 kmem_cache_free(nvme_cmd_cache, cmd); 1074 } 1075 1076 static void 1077 nvme_submit_admin_cmd(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1078 { 1079 sema_p(&qp->nq_sema); 1080 nvme_submit_cmd_common(qp, cmd); 1081 } 1082 1083 static int 1084 nvme_submit_io_cmd(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1085 { 1086 if (cmd->nc_nvme->n_dead) { 1087 return (EIO); 1088 } 1089 1090 if (sema_tryp(&qp->nq_sema) == 0) 1091 return (EAGAIN); 1092 1093 nvme_submit_cmd_common(qp, cmd); 1094 return (0); 1095 } 1096 1097 static void 1098 nvme_submit_cmd_common(nvme_qpair_t *qp, nvme_cmd_t *cmd) 1099 { 1100 nvme_reg_sqtdbl_t tail = { 0 }; 1101 1102 mutex_enter(&qp->nq_mutex); 1103 cmd->nc_completed = B_FALSE; 1104 1105 /* 1106 * Now that we hold the queue pair lock, we must check whether or not 1107 * the controller has been listed as dead (e.g. was removed due to 1108 * hotplug). This is necessary as otherwise we could race with 1109 * nvme_remove_callback(). Because this has not been enqueued, we don't 1110 * call nvme_unqueue_cmd(), which is why we must manually decrement the 1111 * semaphore. 1112 */ 1113 if (cmd->nc_nvme->n_dead) { 1114 taskq_dispatch_ent(qp->nq_cq->ncq_cmd_taskq, cmd->nc_callback, 1115 cmd, TQ_NOSLEEP, &cmd->nc_tqent); 1116 sema_v(&qp->nq_sema); 1117 mutex_exit(&qp->nq_mutex); 1118 return; 1119 } 1120 1121 /* 1122 * Try to insert the cmd into the active cmd array at the nq_next_cmd 1123 * slot. If the slot is already occupied advance to the next slot and 1124 * try again. This can happen for long running commands like async event 1125 * requests. 1126 */ 1127 while (qp->nq_cmd[qp->nq_next_cmd] != NULL) 1128 qp->nq_next_cmd = (qp->nq_next_cmd + 1) % qp->nq_nentry; 1129 qp->nq_cmd[qp->nq_next_cmd] = cmd; 1130 1131 qp->nq_active_cmds++; 1132 1133 cmd->nc_sqe.sqe_cid = qp->nq_next_cmd; 1134 bcopy(&cmd->nc_sqe, &qp->nq_sq[qp->nq_sqtail], sizeof (nvme_sqe_t)); 1135 (void) ddi_dma_sync(qp->nq_sqdma->nd_dmah, 1136 sizeof (nvme_sqe_t) * qp->nq_sqtail, 1137 sizeof (nvme_sqe_t), DDI_DMA_SYNC_FORDEV); 1138 qp->nq_next_cmd = (qp->nq_next_cmd + 1) % qp->nq_nentry; 1139 1140 tail.b.sqtdbl_sqt = qp->nq_sqtail = (qp->nq_sqtail + 1) % qp->nq_nentry; 1141 nvme_put32(cmd->nc_nvme, qp->nq_sqtdbl, tail.r); 1142 1143 mutex_exit(&qp->nq_mutex); 1144 } 1145 1146 static nvme_cmd_t * 1147 nvme_unqueue_cmd(nvme_t *nvme, nvme_qpair_t *qp, int cid) 1148 { 1149 nvme_cmd_t *cmd; 1150 1151 ASSERT(mutex_owned(&qp->nq_mutex)); 1152 ASSERT3S(cid, <, qp->nq_nentry); 1153 1154 cmd = qp->nq_cmd[cid]; 1155 qp->nq_cmd[cid] = NULL; 1156 ASSERT3U(qp->nq_active_cmds, >, 0); 1157 qp->nq_active_cmds--; 1158 sema_v(&qp->nq_sema); 1159 1160 ASSERT3P(cmd, !=, NULL); 1161 ASSERT3P(cmd->nc_nvme, ==, nvme); 1162 ASSERT3S(cmd->nc_sqe.sqe_cid, ==, cid); 1163 1164 return (cmd); 1165 } 1166 1167 /* 1168 * Get the command tied to the next completed cqe and bump along completion 1169 * queue head counter. 1170 */ 1171 static nvme_cmd_t * 1172 nvme_get_completed(nvme_t *nvme, nvme_cq_t *cq) 1173 { 1174 nvme_qpair_t *qp; 1175 nvme_cqe_t *cqe; 1176 nvme_cmd_t *cmd; 1177 1178 ASSERT(mutex_owned(&cq->ncq_mutex)); 1179 1180 cqe = &cq->ncq_cq[cq->ncq_head]; 1181 1182 /* Check phase tag of CQE. Hardware inverts it for new entries. */ 1183 if (cqe->cqe_sf.sf_p == cq->ncq_phase) 1184 return (NULL); 1185 1186 qp = nvme->n_ioq[cqe->cqe_sqid]; 1187 1188 mutex_enter(&qp->nq_mutex); 1189 cmd = nvme_unqueue_cmd(nvme, qp, cqe->cqe_cid); 1190 mutex_exit(&qp->nq_mutex); 1191 1192 ASSERT(cmd->nc_sqid == cqe->cqe_sqid); 1193 bcopy(cqe, &cmd->nc_cqe, sizeof (nvme_cqe_t)); 1194 1195 qp->nq_sqhead = cqe->cqe_sqhd; 1196 1197 cq->ncq_head = (cq->ncq_head + 1) % cq->ncq_nentry; 1198 1199 /* Toggle phase on wrap-around. */ 1200 if (cq->ncq_head == 0) 1201 cq->ncq_phase = cq->ncq_phase ? 0 : 1; 1202 1203 return (cmd); 1204 } 1205 1206 /* 1207 * Process all completed commands on the io completion queue. 1208 */ 1209 static uint_t 1210 nvme_process_iocq(nvme_t *nvme, nvme_cq_t *cq) 1211 { 1212 nvme_reg_cqhdbl_t head = { 0 }; 1213 nvme_cmd_t *cmd; 1214 uint_t completed = 0; 1215 1216 if (ddi_dma_sync(cq->ncq_dma->nd_dmah, 0, 0, DDI_DMA_SYNC_FORKERNEL) != 1217 DDI_SUCCESS) 1218 dev_err(nvme->n_dip, CE_WARN, "!ddi_dma_sync() failed in %s", 1219 __func__); 1220 1221 mutex_enter(&cq->ncq_mutex); 1222 1223 while ((cmd = nvme_get_completed(nvme, cq)) != NULL) { 1224 taskq_dispatch_ent(cq->ncq_cmd_taskq, cmd->nc_callback, cmd, 1225 TQ_NOSLEEP, &cmd->nc_tqent); 1226 1227 completed++; 1228 } 1229 1230 if (completed > 0) { 1231 /* 1232 * Update the completion queue head doorbell. 1233 */ 1234 head.b.cqhdbl_cqh = cq->ncq_head; 1235 nvme_put32(nvme, cq->ncq_hdbl, head.r); 1236 } 1237 1238 mutex_exit(&cq->ncq_mutex); 1239 1240 return (completed); 1241 } 1242 1243 static nvme_cmd_t * 1244 nvme_retrieve_cmd(nvme_t *nvme, nvme_qpair_t *qp) 1245 { 1246 nvme_cq_t *cq = qp->nq_cq; 1247 nvme_reg_cqhdbl_t head = { 0 }; 1248 nvme_cmd_t *cmd; 1249 1250 if (ddi_dma_sync(cq->ncq_dma->nd_dmah, 0, 0, DDI_DMA_SYNC_FORKERNEL) != 1251 DDI_SUCCESS) 1252 dev_err(nvme->n_dip, CE_WARN, "!ddi_dma_sync() failed in %s", 1253 __func__); 1254 1255 mutex_enter(&cq->ncq_mutex); 1256 1257 if ((cmd = nvme_get_completed(nvme, cq)) != NULL) { 1258 head.b.cqhdbl_cqh = cq->ncq_head; 1259 nvme_put32(nvme, cq->ncq_hdbl, head.r); 1260 } 1261 1262 mutex_exit(&cq->ncq_mutex); 1263 1264 return (cmd); 1265 } 1266 1267 static int 1268 nvme_check_unknown_cmd_status(nvme_cmd_t *cmd) 1269 { 1270 nvme_cqe_t *cqe = &cmd->nc_cqe; 1271 1272 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1273 "!unknown command status received: opc = %x, sqid = %d, cid = %d, " 1274 "sc = %x, sct = %x, dnr = %d, m = %d", cmd->nc_sqe.sqe_opc, 1275 cqe->cqe_sqid, cqe->cqe_cid, cqe->cqe_sf.sf_sc, cqe->cqe_sf.sf_sct, 1276 cqe->cqe_sf.sf_dnr, cqe->cqe_sf.sf_m); 1277 1278 if (cmd->nc_xfer != NULL) 1279 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1280 1281 if (cmd->nc_nvme->n_strict_version) { 1282 cmd->nc_nvme->n_dead = B_TRUE; 1283 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1284 } 1285 1286 return (EIO); 1287 } 1288 1289 static int 1290 nvme_check_vendor_cmd_status(nvme_cmd_t *cmd) 1291 { 1292 nvme_cqe_t *cqe = &cmd->nc_cqe; 1293 1294 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1295 "!unknown command status received: opc = %x, sqid = %d, cid = %d, " 1296 "sc = %x, sct = %x, dnr = %d, m = %d", cmd->nc_sqe.sqe_opc, 1297 cqe->cqe_sqid, cqe->cqe_cid, cqe->cqe_sf.sf_sc, cqe->cqe_sf.sf_sct, 1298 cqe->cqe_sf.sf_dnr, cqe->cqe_sf.sf_m); 1299 if (!cmd->nc_nvme->n_ignore_unknown_vendor_status) { 1300 cmd->nc_nvme->n_dead = B_TRUE; 1301 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1302 } 1303 1304 return (EIO); 1305 } 1306 1307 static int 1308 nvme_check_integrity_cmd_status(nvme_cmd_t *cmd) 1309 { 1310 nvme_cqe_t *cqe = &cmd->nc_cqe; 1311 1312 switch (cqe->cqe_sf.sf_sc) { 1313 case NVME_CQE_SC_INT_NVM_WRITE: 1314 /* write fail */ 1315 /* TODO: post ereport */ 1316 if (cmd->nc_xfer != NULL) 1317 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1318 return (EIO); 1319 1320 case NVME_CQE_SC_INT_NVM_READ: 1321 /* read fail */ 1322 /* TODO: post ereport */ 1323 if (cmd->nc_xfer != NULL) 1324 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1325 return (EIO); 1326 1327 default: 1328 return (nvme_check_unknown_cmd_status(cmd)); 1329 } 1330 } 1331 1332 static int 1333 nvme_check_generic_cmd_status(nvme_cmd_t *cmd) 1334 { 1335 nvme_cqe_t *cqe = &cmd->nc_cqe; 1336 1337 switch (cqe->cqe_sf.sf_sc) { 1338 case NVME_CQE_SC_GEN_SUCCESS: 1339 return (0); 1340 1341 /* 1342 * Errors indicating a bug in the driver should cause a panic. 1343 */ 1344 case NVME_CQE_SC_GEN_INV_OPC: 1345 /* Invalid Command Opcode */ 1346 if (!cmd->nc_dontpanic) 1347 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1348 "programming error: invalid opcode in cmd %p", 1349 (void *)cmd); 1350 return (EINVAL); 1351 1352 case NVME_CQE_SC_GEN_INV_FLD: 1353 /* Invalid Field in Command */ 1354 if (!cmd->nc_dontpanic) 1355 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1356 "programming error: invalid field in cmd %p", 1357 (void *)cmd); 1358 return (EIO); 1359 1360 case NVME_CQE_SC_GEN_ID_CNFL: 1361 /* Command ID Conflict */ 1362 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1363 "cmd ID conflict in cmd %p", (void *)cmd); 1364 return (0); 1365 1366 case NVME_CQE_SC_GEN_INV_NS: 1367 /* Invalid Namespace or Format */ 1368 if (!cmd->nc_dontpanic) 1369 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, 1370 "programming error: invalid NS/format in cmd %p", 1371 (void *)cmd); 1372 return (EINVAL); 1373 1374 case NVME_CQE_SC_GEN_NVM_LBA_RANGE: 1375 /* LBA Out Of Range */ 1376 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1377 "LBA out of range in cmd %p", (void *)cmd); 1378 return (0); 1379 1380 /* 1381 * Non-fatal errors, handle gracefully. 1382 */ 1383 case NVME_CQE_SC_GEN_DATA_XFR_ERR: 1384 /* Data Transfer Error (DMA) */ 1385 /* TODO: post ereport */ 1386 atomic_inc_32(&cmd->nc_nvme->n_data_xfr_err); 1387 if (cmd->nc_xfer != NULL) 1388 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1389 return (EIO); 1390 1391 case NVME_CQE_SC_GEN_INTERNAL_ERR: 1392 /* 1393 * Internal Error. The spec (v1.0, section 4.5.1.2) says 1394 * detailed error information is returned as async event, 1395 * so we pretty much ignore the error here and handle it 1396 * in the async event handler. 1397 */ 1398 atomic_inc_32(&cmd->nc_nvme->n_internal_err); 1399 if (cmd->nc_xfer != NULL) 1400 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1401 return (EIO); 1402 1403 case NVME_CQE_SC_GEN_ABORT_REQUEST: 1404 /* 1405 * Command Abort Requested. This normally happens only when a 1406 * command times out. 1407 */ 1408 /* TODO: post ereport or change blkdev to handle this? */ 1409 atomic_inc_32(&cmd->nc_nvme->n_abort_rq_err); 1410 return (ECANCELED); 1411 1412 case NVME_CQE_SC_GEN_ABORT_PWRLOSS: 1413 /* Command Aborted due to Power Loss Notification */ 1414 ddi_fm_service_impact(cmd->nc_nvme->n_dip, DDI_SERVICE_LOST); 1415 cmd->nc_nvme->n_dead = B_TRUE; 1416 return (EIO); 1417 1418 case NVME_CQE_SC_GEN_ABORT_SQ_DEL: 1419 /* Command Aborted due to SQ Deletion */ 1420 atomic_inc_32(&cmd->nc_nvme->n_abort_sq_del); 1421 return (EIO); 1422 1423 case NVME_CQE_SC_GEN_NVM_CAP_EXC: 1424 /* Capacity Exceeded */ 1425 atomic_inc_32(&cmd->nc_nvme->n_nvm_cap_exc); 1426 if (cmd->nc_xfer != NULL) 1427 bd_error(cmd->nc_xfer, BD_ERR_MEDIA); 1428 return (EIO); 1429 1430 case NVME_CQE_SC_GEN_NVM_NS_NOTRDY: 1431 /* Namespace Not Ready */ 1432 atomic_inc_32(&cmd->nc_nvme->n_nvm_ns_notrdy); 1433 if (cmd->nc_xfer != NULL) 1434 bd_error(cmd->nc_xfer, BD_ERR_NTRDY); 1435 return (EIO); 1436 1437 default: 1438 return (nvme_check_unknown_cmd_status(cmd)); 1439 } 1440 } 1441 1442 static int 1443 nvme_check_specific_cmd_status(nvme_cmd_t *cmd) 1444 { 1445 nvme_cqe_t *cqe = &cmd->nc_cqe; 1446 1447 switch (cqe->cqe_sf.sf_sc) { 1448 case NVME_CQE_SC_SPC_INV_CQ: 1449 /* Completion Queue Invalid */ 1450 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE); 1451 atomic_inc_32(&cmd->nc_nvme->n_inv_cq_err); 1452 return (EINVAL); 1453 1454 case NVME_CQE_SC_SPC_INV_QID: 1455 /* Invalid Queue Identifier */ 1456 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE || 1457 cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_SQUEUE || 1458 cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE || 1459 cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_CQUEUE); 1460 atomic_inc_32(&cmd->nc_nvme->n_inv_qid_err); 1461 return (EINVAL); 1462 1463 case NVME_CQE_SC_SPC_MAX_QSZ_EXC: 1464 /* Max Queue Size Exceeded */ 1465 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_SQUEUE || 1466 cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE); 1467 atomic_inc_32(&cmd->nc_nvme->n_max_qsz_exc); 1468 return (EINVAL); 1469 1470 case NVME_CQE_SC_SPC_ABRT_CMD_EXC: 1471 /* Abort Command Limit Exceeded */ 1472 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_ABORT); 1473 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1474 "abort command limit exceeded in cmd %p", (void *)cmd); 1475 return (0); 1476 1477 case NVME_CQE_SC_SPC_ASYNC_EVREQ_EXC: 1478 /* Async Event Request Limit Exceeded */ 1479 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_ASYNC_EVENT); 1480 dev_err(cmd->nc_nvme->n_dip, CE_PANIC, "programming error: " 1481 "async event request limit exceeded in cmd %p", 1482 (void *)cmd); 1483 return (0); 1484 1485 case NVME_CQE_SC_SPC_INV_INT_VECT: 1486 /* Invalid Interrupt Vector */ 1487 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_CREATE_CQUEUE); 1488 atomic_inc_32(&cmd->nc_nvme->n_inv_int_vect); 1489 return (EINVAL); 1490 1491 case NVME_CQE_SC_SPC_INV_LOG_PAGE: 1492 /* Invalid Log Page */ 1493 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_GET_LOG_PAGE); 1494 atomic_inc_32(&cmd->nc_nvme->n_inv_log_page); 1495 return (EINVAL); 1496 1497 case NVME_CQE_SC_SPC_INV_FORMAT: 1498 /* Invalid Format */ 1499 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_FORMAT); 1500 atomic_inc_32(&cmd->nc_nvme->n_inv_format); 1501 if (cmd->nc_xfer != NULL) 1502 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1503 return (EINVAL); 1504 1505 case NVME_CQE_SC_SPC_INV_Q_DEL: 1506 /* Invalid Queue Deletion */ 1507 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_DELETE_CQUEUE); 1508 atomic_inc_32(&cmd->nc_nvme->n_inv_q_del); 1509 return (EINVAL); 1510 1511 case NVME_CQE_SC_SPC_NVM_CNFL_ATTR: 1512 /* Conflicting Attributes */ 1513 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_DSET_MGMT || 1514 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_READ || 1515 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1516 atomic_inc_32(&cmd->nc_nvme->n_cnfl_attr); 1517 if (cmd->nc_xfer != NULL) 1518 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1519 return (EINVAL); 1520 1521 case NVME_CQE_SC_SPC_NVM_INV_PROT: 1522 /* Invalid Protection Information */ 1523 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_COMPARE || 1524 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_READ || 1525 cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1526 atomic_inc_32(&cmd->nc_nvme->n_inv_prot); 1527 if (cmd->nc_xfer != NULL) 1528 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1529 return (EINVAL); 1530 1531 case NVME_CQE_SC_SPC_NVM_READONLY: 1532 /* Write to Read Only Range */ 1533 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_NVM_WRITE); 1534 atomic_inc_32(&cmd->nc_nvme->n_readonly); 1535 if (cmd->nc_xfer != NULL) 1536 bd_error(cmd->nc_xfer, BD_ERR_ILLRQ); 1537 return (EROFS); 1538 1539 case NVME_CQE_SC_SPC_INV_FW_SLOT: 1540 /* Invalid Firmware Slot */ 1541 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1542 return (EINVAL); 1543 1544 case NVME_CQE_SC_SPC_INV_FW_IMG: 1545 /* Invalid Firmware Image */ 1546 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1547 return (EINVAL); 1548 1549 case NVME_CQE_SC_SPC_FW_RESET: 1550 /* Conventional Reset Required */ 1551 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1552 return (0); 1553 1554 case NVME_CQE_SC_SPC_FW_NSSR: 1555 /* NVMe Subsystem Reset Required */ 1556 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1557 return (0); 1558 1559 case NVME_CQE_SC_SPC_FW_NEXT_RESET: 1560 /* Activation Requires Reset */ 1561 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1562 return (0); 1563 1564 case NVME_CQE_SC_SPC_FW_MTFA: 1565 /* Activation Requires Maximum Time Violation */ 1566 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1567 return (EAGAIN); 1568 1569 case NVME_CQE_SC_SPC_FW_PROHIBITED: 1570 /* Activation Prohibited */ 1571 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_ACTIVATE); 1572 return (EINVAL); 1573 1574 case NVME_CQE_SC_SPC_FW_OVERLAP: 1575 /* Overlapping Firmware Ranges */ 1576 ASSERT(cmd->nc_sqe.sqe_opc == NVME_OPC_FW_IMAGE_LOAD); 1577 return (EINVAL); 1578 1579 default: 1580 return (nvme_check_unknown_cmd_status(cmd)); 1581 } 1582 } 1583 1584 static inline int 1585 nvme_check_cmd_status(nvme_cmd_t *cmd) 1586 { 1587 nvme_cqe_t *cqe = &cmd->nc_cqe; 1588 1589 /* 1590 * Take a shortcut if the controller is dead, or if 1591 * command status indicates no error. 1592 */ 1593 if (cmd->nc_nvme->n_dead) 1594 return (EIO); 1595 1596 if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1597 cqe->cqe_sf.sf_sc == NVME_CQE_SC_GEN_SUCCESS) 1598 return (0); 1599 1600 if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC) 1601 return (nvme_check_generic_cmd_status(cmd)); 1602 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_SPECIFIC) 1603 return (nvme_check_specific_cmd_status(cmd)); 1604 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_INTEGRITY) 1605 return (nvme_check_integrity_cmd_status(cmd)); 1606 else if (cqe->cqe_sf.sf_sct == NVME_CQE_SCT_VENDOR) 1607 return (nvme_check_vendor_cmd_status(cmd)); 1608 1609 return (nvme_check_unknown_cmd_status(cmd)); 1610 } 1611 1612 static int 1613 nvme_abort_cmd(nvme_cmd_t *abort_cmd, uint_t sec) 1614 { 1615 nvme_t *nvme = abort_cmd->nc_nvme; 1616 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1617 nvme_abort_cmd_t ac = { 0 }; 1618 int ret = 0; 1619 1620 sema_p(&nvme->n_abort_sema); 1621 1622 ac.b.ac_cid = abort_cmd->nc_sqe.sqe_cid; 1623 ac.b.ac_sqid = abort_cmd->nc_sqid; 1624 1625 cmd->nc_sqid = 0; 1626 cmd->nc_sqe.sqe_opc = NVME_OPC_ABORT; 1627 cmd->nc_callback = nvme_wakeup_cmd; 1628 cmd->nc_sqe.sqe_cdw10 = ac.r; 1629 1630 /* 1631 * Send the ABORT to the hardware. The ABORT command will return _after_ 1632 * the aborted command has completed (aborted or otherwise), but since 1633 * we still hold the aborted command's mutex its callback hasn't been 1634 * processed yet. 1635 */ 1636 nvme_admin_cmd(cmd, sec); 1637 sema_v(&nvme->n_abort_sema); 1638 1639 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 1640 dev_err(nvme->n_dip, CE_WARN, 1641 "!ABORT failed with sct = %x, sc = %x", 1642 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 1643 atomic_inc_32(&nvme->n_abort_failed); 1644 } else { 1645 dev_err(nvme->n_dip, CE_WARN, 1646 "!ABORT of command %d/%d %ssuccessful", 1647 abort_cmd->nc_sqe.sqe_cid, abort_cmd->nc_sqid, 1648 cmd->nc_cqe.cqe_dw0 & 1 ? "un" : ""); 1649 if ((cmd->nc_cqe.cqe_dw0 & 1) == 0) 1650 atomic_inc_32(&nvme->n_cmd_aborted); 1651 } 1652 1653 nvme_free_cmd(cmd); 1654 return (ret); 1655 } 1656 1657 /* 1658 * nvme_wait_cmd -- wait for command completion or timeout 1659 * 1660 * In case of a serious error or a timeout of the abort command the hardware 1661 * will be declared dead and FMA will be notified. 1662 */ 1663 static void 1664 nvme_wait_cmd(nvme_cmd_t *cmd, uint_t sec) 1665 { 1666 clock_t timeout = ddi_get_lbolt() + drv_usectohz(sec * MICROSEC); 1667 nvme_t *nvme = cmd->nc_nvme; 1668 nvme_reg_csts_t csts; 1669 nvme_qpair_t *qp; 1670 1671 ASSERT(mutex_owned(&cmd->nc_mutex)); 1672 1673 while (!cmd->nc_completed) { 1674 if (cv_timedwait(&cmd->nc_cv, &cmd->nc_mutex, timeout) == -1) 1675 break; 1676 } 1677 1678 if (cmd->nc_completed) 1679 return; 1680 1681 /* 1682 * The command timed out. 1683 * 1684 * Check controller for fatal status, any errors associated with the 1685 * register or DMA handle, or for a double timeout (abort command timed 1686 * out). If necessary log a warning and call FMA. 1687 */ 1688 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 1689 dev_err(nvme->n_dip, CE_WARN, "!command %d/%d timeout, " 1690 "OPC = %x, CFS = %d", cmd->nc_sqe.sqe_cid, cmd->nc_sqid, 1691 cmd->nc_sqe.sqe_opc, csts.b.csts_cfs); 1692 atomic_inc_32(&nvme->n_cmd_timeout); 1693 1694 if (csts.b.csts_cfs || 1695 nvme_check_regs_hdl(nvme) || 1696 nvme_check_dma_hdl(cmd->nc_dma) || 1697 cmd->nc_sqe.sqe_opc == NVME_OPC_ABORT) { 1698 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1699 nvme->n_dead = B_TRUE; 1700 } else if (nvme_abort_cmd(cmd, sec) == 0) { 1701 /* 1702 * If the abort succeeded the command should complete 1703 * immediately with an appropriate status. 1704 */ 1705 while (!cmd->nc_completed) 1706 cv_wait(&cmd->nc_cv, &cmd->nc_mutex); 1707 1708 return; 1709 } 1710 1711 qp = nvme->n_ioq[cmd->nc_sqid]; 1712 1713 mutex_enter(&qp->nq_mutex); 1714 (void) nvme_unqueue_cmd(nvme, qp, cmd->nc_sqe.sqe_cid); 1715 mutex_exit(&qp->nq_mutex); 1716 1717 /* 1718 * As we don't know what the presumed dead hardware might still do with 1719 * the DMA memory, we'll put the command on the lost commands list if it 1720 * has any DMA memory. 1721 */ 1722 if (cmd->nc_dma != NULL) { 1723 mutex_enter(&nvme_lc_mutex); 1724 list_insert_head(&nvme_lost_cmds, cmd); 1725 mutex_exit(&nvme_lc_mutex); 1726 } 1727 } 1728 1729 static void 1730 nvme_wakeup_cmd(void *arg) 1731 { 1732 nvme_cmd_t *cmd = arg; 1733 1734 mutex_enter(&cmd->nc_mutex); 1735 cmd->nc_completed = B_TRUE; 1736 cv_signal(&cmd->nc_cv); 1737 mutex_exit(&cmd->nc_mutex); 1738 } 1739 1740 static void 1741 nvme_async_event_task(void *arg) 1742 { 1743 nvme_cmd_t *cmd = arg; 1744 nvme_t *nvme = cmd->nc_nvme; 1745 nvme_error_log_entry_t *error_log = NULL; 1746 nvme_health_log_t *health_log = NULL; 1747 size_t logsize = 0; 1748 nvme_async_event_t event; 1749 1750 /* 1751 * Check for errors associated with the async request itself. The only 1752 * command-specific error is "async event limit exceeded", which 1753 * indicates a programming error in the driver and causes a panic in 1754 * nvme_check_cmd_status(). 1755 * 1756 * Other possible errors are various scenarios where the async request 1757 * was aborted, or internal errors in the device. Internal errors are 1758 * reported to FMA, the command aborts need no special handling here. 1759 * 1760 * And finally, at least qemu nvme does not support async events, 1761 * and will return NVME_CQE_SC_GEN_INV_OPC | DNR. If so, we 1762 * will avoid posting async events. 1763 */ 1764 1765 if (nvme_check_cmd_status(cmd) != 0) { 1766 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 1767 "!async event request returned failure, sct = %x, " 1768 "sc = %x, dnr = %d, m = %d", cmd->nc_cqe.cqe_sf.sf_sct, 1769 cmd->nc_cqe.cqe_sf.sf_sc, cmd->nc_cqe.cqe_sf.sf_dnr, 1770 cmd->nc_cqe.cqe_sf.sf_m); 1771 1772 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1773 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INTERNAL_ERR) { 1774 cmd->nc_nvme->n_dead = B_TRUE; 1775 ddi_fm_service_impact(cmd->nc_nvme->n_dip, 1776 DDI_SERVICE_LOST); 1777 } 1778 1779 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 1780 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INV_OPC && 1781 cmd->nc_cqe.cqe_sf.sf_dnr == 1) { 1782 nvme->n_async_event_supported = B_FALSE; 1783 } 1784 1785 nvme_free_cmd(cmd); 1786 return; 1787 } 1788 1789 1790 event.r = cmd->nc_cqe.cqe_dw0; 1791 1792 /* Clear CQE and re-submit the async request. */ 1793 bzero(&cmd->nc_cqe, sizeof (nvme_cqe_t)); 1794 nvme_submit_admin_cmd(nvme->n_adminq, cmd); 1795 1796 switch (event.b.ae_type) { 1797 case NVME_ASYNC_TYPE_ERROR: 1798 if (event.b.ae_logpage == NVME_LOGPAGE_ERROR) { 1799 (void) nvme_get_logpage(nvme, B_FALSE, 1800 (void **)&error_log, &logsize, event.b.ae_logpage); 1801 } else { 1802 dev_err(nvme->n_dip, CE_WARN, "!wrong logpage in " 1803 "async event reply: %d", event.b.ae_logpage); 1804 atomic_inc_32(&nvme->n_wrong_logpage); 1805 } 1806 1807 switch (event.b.ae_info) { 1808 case NVME_ASYNC_ERROR_INV_SQ: 1809 dev_err(nvme->n_dip, CE_PANIC, "programming error: " 1810 "invalid submission queue"); 1811 return; 1812 1813 case NVME_ASYNC_ERROR_INV_DBL: 1814 dev_err(nvme->n_dip, CE_PANIC, "programming error: " 1815 "invalid doorbell write value"); 1816 return; 1817 1818 case NVME_ASYNC_ERROR_DIAGFAIL: 1819 dev_err(nvme->n_dip, CE_WARN, "!diagnostic failure"); 1820 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1821 nvme->n_dead = B_TRUE; 1822 atomic_inc_32(&nvme->n_diagfail_event); 1823 break; 1824 1825 case NVME_ASYNC_ERROR_PERSISTENT: 1826 dev_err(nvme->n_dip, CE_WARN, "!persistent internal " 1827 "device error"); 1828 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 1829 nvme->n_dead = B_TRUE; 1830 atomic_inc_32(&nvme->n_persistent_event); 1831 break; 1832 1833 case NVME_ASYNC_ERROR_TRANSIENT: 1834 dev_err(nvme->n_dip, CE_WARN, "!transient internal " 1835 "device error"); 1836 /* TODO: send ereport */ 1837 atomic_inc_32(&nvme->n_transient_event); 1838 break; 1839 1840 case NVME_ASYNC_ERROR_FW_LOAD: 1841 dev_err(nvme->n_dip, CE_WARN, 1842 "!firmware image load error"); 1843 atomic_inc_32(&nvme->n_fw_load_event); 1844 break; 1845 } 1846 break; 1847 1848 case NVME_ASYNC_TYPE_HEALTH: 1849 if (event.b.ae_logpage == NVME_LOGPAGE_HEALTH) { 1850 (void) nvme_get_logpage(nvme, B_FALSE, 1851 (void **)&health_log, &logsize, event.b.ae_logpage, 1852 -1); 1853 } else { 1854 dev_err(nvme->n_dip, CE_WARN, "!wrong logpage in " 1855 "async event reply: %d", event.b.ae_logpage); 1856 atomic_inc_32(&nvme->n_wrong_logpage); 1857 } 1858 1859 switch (event.b.ae_info) { 1860 case NVME_ASYNC_HEALTH_RELIABILITY: 1861 dev_err(nvme->n_dip, CE_WARN, 1862 "!device reliability compromised"); 1863 /* TODO: send ereport */ 1864 atomic_inc_32(&nvme->n_reliability_event); 1865 break; 1866 1867 case NVME_ASYNC_HEALTH_TEMPERATURE: 1868 dev_err(nvme->n_dip, CE_WARN, 1869 "!temperature above threshold"); 1870 /* TODO: send ereport */ 1871 atomic_inc_32(&nvme->n_temperature_event); 1872 break; 1873 1874 case NVME_ASYNC_HEALTH_SPARE: 1875 dev_err(nvme->n_dip, CE_WARN, 1876 "!spare space below threshold"); 1877 /* TODO: send ereport */ 1878 atomic_inc_32(&nvme->n_spare_event); 1879 break; 1880 } 1881 break; 1882 1883 case NVME_ASYNC_TYPE_VENDOR: 1884 dev_err(nvme->n_dip, CE_WARN, "!vendor specific async event " 1885 "received, info = %x, logpage = %x", event.b.ae_info, 1886 event.b.ae_logpage); 1887 atomic_inc_32(&nvme->n_vendor_event); 1888 break; 1889 1890 default: 1891 dev_err(nvme->n_dip, CE_WARN, "!unknown async event received, " 1892 "type = %x, info = %x, logpage = %x", event.b.ae_type, 1893 event.b.ae_info, event.b.ae_logpage); 1894 atomic_inc_32(&nvme->n_unknown_event); 1895 break; 1896 } 1897 1898 if (error_log) 1899 kmem_free(error_log, logsize); 1900 1901 if (health_log) 1902 kmem_free(health_log, logsize); 1903 } 1904 1905 static void 1906 nvme_admin_cmd(nvme_cmd_t *cmd, int sec) 1907 { 1908 mutex_enter(&cmd->nc_mutex); 1909 nvme_submit_admin_cmd(cmd->nc_nvme->n_adminq, cmd); 1910 nvme_wait_cmd(cmd, sec); 1911 mutex_exit(&cmd->nc_mutex); 1912 } 1913 1914 static void 1915 nvme_async_event(nvme_t *nvme) 1916 { 1917 nvme_cmd_t *cmd; 1918 1919 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1920 cmd->nc_sqid = 0; 1921 cmd->nc_sqe.sqe_opc = NVME_OPC_ASYNC_EVENT; 1922 cmd->nc_callback = nvme_async_event_task; 1923 cmd->nc_dontpanic = B_TRUE; 1924 1925 nvme_submit_admin_cmd(nvme->n_adminq, cmd); 1926 } 1927 1928 static int 1929 nvme_format_nvm(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t lbaf, 1930 boolean_t ms, uint8_t pi, boolean_t pil, uint8_t ses) 1931 { 1932 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1933 nvme_format_nvm_t format_nvm = { 0 }; 1934 int ret; 1935 1936 format_nvm.b.fm_lbaf = lbaf & 0xf; 1937 format_nvm.b.fm_ms = ms ? 1 : 0; 1938 format_nvm.b.fm_pi = pi & 0x7; 1939 format_nvm.b.fm_pil = pil ? 1 : 0; 1940 format_nvm.b.fm_ses = ses & 0x7; 1941 1942 cmd->nc_sqid = 0; 1943 cmd->nc_callback = nvme_wakeup_cmd; 1944 cmd->nc_sqe.sqe_nsid = nsid; 1945 cmd->nc_sqe.sqe_opc = NVME_OPC_NVM_FORMAT; 1946 cmd->nc_sqe.sqe_cdw10 = format_nvm.r; 1947 1948 /* 1949 * Some devices like Samsung SM951 don't allow formatting of all 1950 * namespaces in one command. Handle that gracefully. 1951 */ 1952 if (nsid == (uint32_t)-1) 1953 cmd->nc_dontpanic = B_TRUE; 1954 /* 1955 * If this format request was initiated by the user, then don't allow a 1956 * programmer error to panic the system. 1957 */ 1958 if (user) 1959 cmd->nc_dontpanic = B_TRUE; 1960 1961 nvme_admin_cmd(cmd, nvme_format_cmd_timeout); 1962 1963 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 1964 dev_err(nvme->n_dip, CE_WARN, 1965 "!FORMAT failed with sct = %x, sc = %x", 1966 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 1967 } 1968 1969 nvme_free_cmd(cmd); 1970 return (ret); 1971 } 1972 1973 static int 1974 nvme_get_logpage(nvme_t *nvme, boolean_t user, void **buf, size_t *bufsize, 1975 uint8_t logpage, ...) 1976 { 1977 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 1978 nvme_getlogpage_t getlogpage = { 0 }; 1979 va_list ap; 1980 int ret; 1981 1982 va_start(ap, logpage); 1983 1984 cmd->nc_sqid = 0; 1985 cmd->nc_callback = nvme_wakeup_cmd; 1986 cmd->nc_sqe.sqe_opc = NVME_OPC_GET_LOG_PAGE; 1987 1988 if (user) 1989 cmd->nc_dontpanic = B_TRUE; 1990 1991 getlogpage.b.lp_lid = logpage; 1992 1993 switch (logpage) { 1994 case NVME_LOGPAGE_ERROR: 1995 cmd->nc_sqe.sqe_nsid = (uint32_t)-1; 1996 /* 1997 * The GET LOG PAGE command can use at most 2 pages to return 1998 * data, PRP lists are not supported. 1999 */ 2000 *bufsize = MIN(2 * nvme->n_pagesize, 2001 nvme->n_error_log_len * sizeof (nvme_error_log_entry_t)); 2002 break; 2003 2004 case NVME_LOGPAGE_HEALTH: 2005 cmd->nc_sqe.sqe_nsid = va_arg(ap, uint32_t); 2006 *bufsize = sizeof (nvme_health_log_t); 2007 break; 2008 2009 case NVME_LOGPAGE_FWSLOT: 2010 cmd->nc_sqe.sqe_nsid = (uint32_t)-1; 2011 *bufsize = sizeof (nvme_fwslot_log_t); 2012 break; 2013 2014 default: 2015 dev_err(nvme->n_dip, CE_WARN, "!unknown log page requested: %d", 2016 logpage); 2017 atomic_inc_32(&nvme->n_unknown_logpage); 2018 ret = EINVAL; 2019 goto fail; 2020 } 2021 2022 va_end(ap); 2023 2024 getlogpage.b.lp_numd = *bufsize / sizeof (uint32_t) - 1; 2025 2026 cmd->nc_sqe.sqe_cdw10 = getlogpage.r; 2027 2028 if (nvme_zalloc_dma(nvme, *bufsize, 2029 DDI_DMA_READ, &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2030 dev_err(nvme->n_dip, CE_WARN, 2031 "!nvme_zalloc_dma failed for GET LOG PAGE"); 2032 ret = ENOMEM; 2033 goto fail; 2034 } 2035 2036 if (cmd->nc_dma->nd_ncookie > 2) { 2037 dev_err(nvme->n_dip, CE_WARN, 2038 "!too many DMA cookies for GET LOG PAGE"); 2039 atomic_inc_32(&nvme->n_too_many_cookies); 2040 ret = ENOMEM; 2041 goto fail; 2042 } 2043 2044 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_dma->nd_cookie.dmac_laddress; 2045 if (cmd->nc_dma->nd_ncookie > 1) { 2046 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2047 &cmd->nc_dma->nd_cookie); 2048 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2049 cmd->nc_dma->nd_cookie.dmac_laddress; 2050 } 2051 2052 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2053 2054 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2055 dev_err(nvme->n_dip, CE_WARN, 2056 "!GET LOG PAGE failed with sct = %x, sc = %x", 2057 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2058 goto fail; 2059 } 2060 2061 *buf = kmem_alloc(*bufsize, KM_SLEEP); 2062 bcopy(cmd->nc_dma->nd_memp, *buf, *bufsize); 2063 2064 fail: 2065 nvme_free_cmd(cmd); 2066 2067 return (ret); 2068 } 2069 2070 static int 2071 nvme_identify(nvme_t *nvme, boolean_t user, uint32_t nsid, void **buf) 2072 { 2073 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2074 int ret; 2075 2076 if (buf == NULL) 2077 return (EINVAL); 2078 2079 cmd->nc_sqid = 0; 2080 cmd->nc_callback = nvme_wakeup_cmd; 2081 cmd->nc_sqe.sqe_opc = NVME_OPC_IDENTIFY; 2082 cmd->nc_sqe.sqe_nsid = nsid; 2083 cmd->nc_sqe.sqe_cdw10 = nsid ? NVME_IDENTIFY_NSID : NVME_IDENTIFY_CTRL; 2084 2085 if (nvme_zalloc_dma(nvme, NVME_IDENTIFY_BUFSIZE, DDI_DMA_READ, 2086 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2087 dev_err(nvme->n_dip, CE_WARN, 2088 "!nvme_zalloc_dma failed for IDENTIFY"); 2089 ret = ENOMEM; 2090 goto fail; 2091 } 2092 2093 if (cmd->nc_dma->nd_ncookie > 2) { 2094 dev_err(nvme->n_dip, CE_WARN, 2095 "!too many DMA cookies for IDENTIFY"); 2096 atomic_inc_32(&nvme->n_too_many_cookies); 2097 ret = ENOMEM; 2098 goto fail; 2099 } 2100 2101 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_dma->nd_cookie.dmac_laddress; 2102 if (cmd->nc_dma->nd_ncookie > 1) { 2103 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2104 &cmd->nc_dma->nd_cookie); 2105 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2106 cmd->nc_dma->nd_cookie.dmac_laddress; 2107 } 2108 2109 if (user) 2110 cmd->nc_dontpanic = B_TRUE; 2111 2112 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2113 2114 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2115 dev_err(nvme->n_dip, CE_WARN, 2116 "!IDENTIFY failed with sct = %x, sc = %x", 2117 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2118 goto fail; 2119 } 2120 2121 *buf = kmem_alloc(NVME_IDENTIFY_BUFSIZE, KM_SLEEP); 2122 bcopy(cmd->nc_dma->nd_memp, *buf, NVME_IDENTIFY_BUFSIZE); 2123 2124 fail: 2125 nvme_free_cmd(cmd); 2126 2127 return (ret); 2128 } 2129 2130 static int 2131 nvme_set_features(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t feature, 2132 uint32_t val, uint32_t *res) 2133 { 2134 _NOTE(ARGUNUSED(nsid)); 2135 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2136 int ret = EINVAL; 2137 2138 ASSERT(res != NULL); 2139 2140 cmd->nc_sqid = 0; 2141 cmd->nc_callback = nvme_wakeup_cmd; 2142 cmd->nc_sqe.sqe_opc = NVME_OPC_SET_FEATURES; 2143 cmd->nc_sqe.sqe_cdw10 = feature; 2144 cmd->nc_sqe.sqe_cdw11 = val; 2145 2146 if (user) 2147 cmd->nc_dontpanic = B_TRUE; 2148 2149 switch (feature) { 2150 case NVME_FEAT_WRITE_CACHE: 2151 if (!nvme->n_write_cache_present) 2152 goto fail; 2153 break; 2154 2155 case NVME_FEAT_NQUEUES: 2156 break; 2157 2158 default: 2159 goto fail; 2160 } 2161 2162 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2163 2164 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2165 dev_err(nvme->n_dip, CE_WARN, 2166 "!SET FEATURES %d failed with sct = %x, sc = %x", 2167 feature, cmd->nc_cqe.cqe_sf.sf_sct, 2168 cmd->nc_cqe.cqe_sf.sf_sc); 2169 goto fail; 2170 } 2171 2172 *res = cmd->nc_cqe.cqe_dw0; 2173 2174 fail: 2175 nvme_free_cmd(cmd); 2176 return (ret); 2177 } 2178 2179 static int 2180 nvme_get_features(nvme_t *nvme, boolean_t user, uint32_t nsid, uint8_t feature, 2181 uint32_t *res, void **buf, size_t *bufsize) 2182 { 2183 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2184 int ret = EINVAL; 2185 2186 ASSERT(res != NULL); 2187 2188 if (bufsize != NULL) 2189 *bufsize = 0; 2190 2191 cmd->nc_sqid = 0; 2192 cmd->nc_callback = nvme_wakeup_cmd; 2193 cmd->nc_sqe.sqe_opc = NVME_OPC_GET_FEATURES; 2194 cmd->nc_sqe.sqe_cdw10 = feature; 2195 cmd->nc_sqe.sqe_cdw11 = *res; 2196 2197 /* 2198 * For some of the optional features there doesn't seem to be a method 2199 * of detecting whether it is supported other than using it. This will 2200 * cause "Invalid Field in Command" error, which is normally considered 2201 * a programming error. Set the nc_dontpanic flag to override the panic 2202 * in nvme_check_generic_cmd_status(). 2203 */ 2204 switch (feature) { 2205 case NVME_FEAT_ARBITRATION: 2206 case NVME_FEAT_POWER_MGMT: 2207 case NVME_FEAT_TEMPERATURE: 2208 case NVME_FEAT_ERROR: 2209 case NVME_FEAT_NQUEUES: 2210 case NVME_FEAT_INTR_COAL: 2211 case NVME_FEAT_INTR_VECT: 2212 case NVME_FEAT_WRITE_ATOM: 2213 case NVME_FEAT_ASYNC_EVENT: 2214 break; 2215 2216 case NVME_FEAT_WRITE_CACHE: 2217 if (!nvme->n_write_cache_present) 2218 goto fail; 2219 break; 2220 2221 case NVME_FEAT_LBA_RANGE: 2222 if (!nvme->n_lba_range_supported) 2223 goto fail; 2224 2225 cmd->nc_dontpanic = B_TRUE; 2226 cmd->nc_sqe.sqe_nsid = nsid; 2227 ASSERT(bufsize != NULL); 2228 *bufsize = NVME_LBA_RANGE_BUFSIZE; 2229 break; 2230 2231 case NVME_FEAT_AUTO_PST: 2232 if (!nvme->n_auto_pst_supported) 2233 goto fail; 2234 2235 ASSERT(bufsize != NULL); 2236 *bufsize = NVME_AUTO_PST_BUFSIZE; 2237 break; 2238 2239 case NVME_FEAT_PROGRESS: 2240 if (!nvme->n_progress_supported) 2241 goto fail; 2242 2243 cmd->nc_dontpanic = B_TRUE; 2244 break; 2245 2246 default: 2247 goto fail; 2248 } 2249 2250 if (user) 2251 cmd->nc_dontpanic = B_TRUE; 2252 2253 if (bufsize != NULL && *bufsize != 0) { 2254 if (nvme_zalloc_dma(nvme, *bufsize, DDI_DMA_READ, 2255 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 2256 dev_err(nvme->n_dip, CE_WARN, 2257 "!nvme_zalloc_dma failed for GET FEATURES"); 2258 ret = ENOMEM; 2259 goto fail; 2260 } 2261 2262 if (cmd->nc_dma->nd_ncookie > 2) { 2263 dev_err(nvme->n_dip, CE_WARN, 2264 "!too many DMA cookies for GET FEATURES"); 2265 atomic_inc_32(&nvme->n_too_many_cookies); 2266 ret = ENOMEM; 2267 goto fail; 2268 } 2269 2270 cmd->nc_sqe.sqe_dptr.d_prp[0] = 2271 cmd->nc_dma->nd_cookie.dmac_laddress; 2272 if (cmd->nc_dma->nd_ncookie > 1) { 2273 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 2274 &cmd->nc_dma->nd_cookie); 2275 cmd->nc_sqe.sqe_dptr.d_prp[1] = 2276 cmd->nc_dma->nd_cookie.dmac_laddress; 2277 } 2278 } 2279 2280 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2281 2282 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2283 boolean_t known = B_TRUE; 2284 2285 /* Check if this is unsupported optional feature */ 2286 if (cmd->nc_cqe.cqe_sf.sf_sct == NVME_CQE_SCT_GENERIC && 2287 cmd->nc_cqe.cqe_sf.sf_sc == NVME_CQE_SC_GEN_INV_FLD) { 2288 switch (feature) { 2289 case NVME_FEAT_LBA_RANGE: 2290 nvme->n_lba_range_supported = B_FALSE; 2291 break; 2292 case NVME_FEAT_PROGRESS: 2293 nvme->n_progress_supported = B_FALSE; 2294 break; 2295 default: 2296 known = B_FALSE; 2297 break; 2298 } 2299 } else { 2300 known = B_FALSE; 2301 } 2302 2303 /* Report the error otherwise */ 2304 if (!known) { 2305 dev_err(nvme->n_dip, CE_WARN, 2306 "!GET FEATURES %d failed with sct = %x, sc = %x", 2307 feature, cmd->nc_cqe.cqe_sf.sf_sct, 2308 cmd->nc_cqe.cqe_sf.sf_sc); 2309 } 2310 2311 goto fail; 2312 } 2313 2314 if (bufsize != NULL && *bufsize != 0) { 2315 ASSERT(buf != NULL); 2316 *buf = kmem_alloc(*bufsize, KM_SLEEP); 2317 bcopy(cmd->nc_dma->nd_memp, *buf, *bufsize); 2318 } 2319 2320 *res = cmd->nc_cqe.cqe_dw0; 2321 2322 fail: 2323 nvme_free_cmd(cmd); 2324 return (ret); 2325 } 2326 2327 static int 2328 nvme_write_cache_set(nvme_t *nvme, boolean_t enable) 2329 { 2330 nvme_write_cache_t nwc = { 0 }; 2331 2332 if (enable) 2333 nwc.b.wc_wce = 1; 2334 2335 return (nvme_set_features(nvme, B_FALSE, 0, NVME_FEAT_WRITE_CACHE, 2336 nwc.r, &nwc.r)); 2337 } 2338 2339 static int 2340 nvme_set_nqueues(nvme_t *nvme) 2341 { 2342 nvme_nqueues_t nq = { 0 }; 2343 int ret; 2344 2345 /* 2346 * The default is to allocate one completion queue per vector. 2347 */ 2348 if (nvme->n_completion_queues == -1) 2349 nvme->n_completion_queues = nvme->n_intr_cnt; 2350 2351 /* 2352 * There is no point in having more compeletion queues than 2353 * interrupt vectors. 2354 */ 2355 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2356 nvme->n_intr_cnt); 2357 2358 /* 2359 * The default is to use one submission queue per completion queue. 2360 */ 2361 if (nvme->n_submission_queues == -1) 2362 nvme->n_submission_queues = nvme->n_completion_queues; 2363 2364 /* 2365 * There is no point in having more compeletion queues than 2366 * submission queues. 2367 */ 2368 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2369 nvme->n_submission_queues); 2370 2371 ASSERT(nvme->n_submission_queues > 0); 2372 ASSERT(nvme->n_completion_queues > 0); 2373 2374 nq.b.nq_nsq = nvme->n_submission_queues - 1; 2375 nq.b.nq_ncq = nvme->n_completion_queues - 1; 2376 2377 ret = nvme_set_features(nvme, B_FALSE, 0, NVME_FEAT_NQUEUES, nq.r, 2378 &nq.r); 2379 2380 if (ret == 0) { 2381 /* 2382 * Never use more than the requested number of queues. 2383 */ 2384 nvme->n_submission_queues = MIN(nvme->n_submission_queues, 2385 nq.b.nq_nsq + 1); 2386 nvme->n_completion_queues = MIN(nvme->n_completion_queues, 2387 nq.b.nq_ncq + 1); 2388 } 2389 2390 return (ret); 2391 } 2392 2393 static int 2394 nvme_create_completion_queue(nvme_t *nvme, nvme_cq_t *cq) 2395 { 2396 nvme_cmd_t *cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2397 nvme_create_queue_dw10_t dw10 = { 0 }; 2398 nvme_create_cq_dw11_t c_dw11 = { 0 }; 2399 int ret; 2400 2401 dw10.b.q_qid = cq->ncq_id; 2402 dw10.b.q_qsize = cq->ncq_nentry - 1; 2403 2404 c_dw11.b.cq_pc = 1; 2405 c_dw11.b.cq_ien = 1; 2406 c_dw11.b.cq_iv = cq->ncq_id % nvme->n_intr_cnt; 2407 2408 cmd->nc_sqid = 0; 2409 cmd->nc_callback = nvme_wakeup_cmd; 2410 cmd->nc_sqe.sqe_opc = NVME_OPC_CREATE_CQUEUE; 2411 cmd->nc_sqe.sqe_cdw10 = dw10.r; 2412 cmd->nc_sqe.sqe_cdw11 = c_dw11.r; 2413 cmd->nc_sqe.sqe_dptr.d_prp[0] = cq->ncq_dma->nd_cookie.dmac_laddress; 2414 2415 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2416 2417 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2418 dev_err(nvme->n_dip, CE_WARN, 2419 "!CREATE CQUEUE failed with sct = %x, sc = %x", 2420 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2421 } 2422 2423 nvme_free_cmd(cmd); 2424 2425 return (ret); 2426 } 2427 2428 static int 2429 nvme_create_io_qpair(nvme_t *nvme, nvme_qpair_t *qp, uint16_t idx) 2430 { 2431 nvme_cq_t *cq = qp->nq_cq; 2432 nvme_cmd_t *cmd; 2433 nvme_create_queue_dw10_t dw10 = { 0 }; 2434 nvme_create_sq_dw11_t s_dw11 = { 0 }; 2435 int ret; 2436 2437 /* 2438 * It is possible to have more qpairs than completion queues, 2439 * and when the idx > ncq_id, that completion queue is shared 2440 * and has already been created. 2441 */ 2442 if (idx <= cq->ncq_id && 2443 nvme_create_completion_queue(nvme, cq) != DDI_SUCCESS) 2444 return (DDI_FAILURE); 2445 2446 dw10.b.q_qid = idx; 2447 dw10.b.q_qsize = qp->nq_nentry - 1; 2448 2449 s_dw11.b.sq_pc = 1; 2450 s_dw11.b.sq_cqid = cq->ncq_id; 2451 2452 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 2453 cmd->nc_sqid = 0; 2454 cmd->nc_callback = nvme_wakeup_cmd; 2455 cmd->nc_sqe.sqe_opc = NVME_OPC_CREATE_SQUEUE; 2456 cmd->nc_sqe.sqe_cdw10 = dw10.r; 2457 cmd->nc_sqe.sqe_cdw11 = s_dw11.r; 2458 cmd->nc_sqe.sqe_dptr.d_prp[0] = qp->nq_sqdma->nd_cookie.dmac_laddress; 2459 2460 nvme_admin_cmd(cmd, nvme_admin_cmd_timeout); 2461 2462 if ((ret = nvme_check_cmd_status(cmd)) != 0) { 2463 dev_err(nvme->n_dip, CE_WARN, 2464 "!CREATE SQUEUE failed with sct = %x, sc = %x", 2465 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 2466 } 2467 2468 nvme_free_cmd(cmd); 2469 2470 return (ret); 2471 } 2472 2473 static boolean_t 2474 nvme_reset(nvme_t *nvme, boolean_t quiesce) 2475 { 2476 nvme_reg_csts_t csts; 2477 int i; 2478 2479 nvme_put32(nvme, NVME_REG_CC, 0); 2480 2481 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2482 if (csts.b.csts_rdy == 1) { 2483 nvme_put32(nvme, NVME_REG_CC, 0); 2484 for (i = 0; i != nvme->n_timeout * 10; i++) { 2485 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2486 if (csts.b.csts_rdy == 0) 2487 break; 2488 2489 if (quiesce) 2490 drv_usecwait(50000); 2491 else 2492 delay(drv_usectohz(50000)); 2493 } 2494 } 2495 2496 nvme_put32(nvme, NVME_REG_AQA, 0); 2497 nvme_put32(nvme, NVME_REG_ASQ, 0); 2498 nvme_put32(nvme, NVME_REG_ACQ, 0); 2499 2500 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2501 return (csts.b.csts_rdy == 0 ? B_TRUE : B_FALSE); 2502 } 2503 2504 static void 2505 nvme_shutdown(nvme_t *nvme, int mode, boolean_t quiesce) 2506 { 2507 nvme_reg_cc_t cc; 2508 nvme_reg_csts_t csts; 2509 int i; 2510 2511 ASSERT(mode == NVME_CC_SHN_NORMAL || mode == NVME_CC_SHN_ABRUPT); 2512 2513 cc.r = nvme_get32(nvme, NVME_REG_CC); 2514 cc.b.cc_shn = mode & 0x3; 2515 nvme_put32(nvme, NVME_REG_CC, cc.r); 2516 2517 for (i = 0; i != 10; i++) { 2518 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2519 if (csts.b.csts_shst == NVME_CSTS_SHN_COMPLETE) 2520 break; 2521 2522 if (quiesce) 2523 drv_usecwait(100000); 2524 else 2525 delay(drv_usectohz(100000)); 2526 } 2527 } 2528 2529 2530 static void 2531 nvme_prepare_devid(nvme_t *nvme, uint32_t nsid) 2532 { 2533 /* 2534 * Section 7.7 of the spec describes how to get a unique ID for 2535 * the controller: the vendor ID, the model name and the serial 2536 * number shall be unique when combined. 2537 * 2538 * If a namespace has no EUI64 we use the above and add the hex 2539 * namespace ID to get a unique ID for the namespace. 2540 */ 2541 char model[sizeof (nvme->n_idctl->id_model) + 1]; 2542 char serial[sizeof (nvme->n_idctl->id_serial) + 1]; 2543 2544 bcopy(nvme->n_idctl->id_model, model, sizeof (nvme->n_idctl->id_model)); 2545 bcopy(nvme->n_idctl->id_serial, serial, 2546 sizeof (nvme->n_idctl->id_serial)); 2547 2548 model[sizeof (nvme->n_idctl->id_model)] = '\0'; 2549 serial[sizeof (nvme->n_idctl->id_serial)] = '\0'; 2550 2551 nvme->n_ns[nsid - 1].ns_devid = kmem_asprintf("%4X-%s-%s-%X", 2552 nvme->n_idctl->id_vid, model, serial, nsid); 2553 } 2554 2555 static int 2556 nvme_init_ns(nvme_t *nvme, int nsid) 2557 { 2558 nvme_namespace_t *ns = &nvme->n_ns[nsid - 1]; 2559 nvme_identify_nsid_t *idns; 2560 boolean_t was_ignored; 2561 int last_rp; 2562 2563 ns->ns_nvme = nvme; 2564 2565 if (nvme_identify(nvme, B_FALSE, nsid, (void **)&idns) != 0) { 2566 dev_err(nvme->n_dip, CE_WARN, 2567 "!failed to identify namespace %d", nsid); 2568 return (DDI_FAILURE); 2569 } 2570 2571 ns->ns_idns = idns; 2572 ns->ns_id = nsid; 2573 ns->ns_block_count = idns->id_nsize; 2574 ns->ns_block_size = 2575 1 << idns->id_lbaf[idns->id_flbas.lba_format].lbaf_lbads; 2576 ns->ns_best_block_size = ns->ns_block_size; 2577 2578 /* 2579 * Get the EUI64 if present. Use it for devid and device node names. 2580 */ 2581 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 1)) 2582 bcopy(idns->id_eui64, ns->ns_eui64, sizeof (ns->ns_eui64)); 2583 2584 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 2585 if (*(uint64_t *)ns->ns_eui64 != 0) { 2586 uint8_t *eui64 = ns->ns_eui64; 2587 2588 (void) snprintf(ns->ns_name, sizeof (ns->ns_name), 2589 "%02x%02x%02x%02x%02x%02x%02x%02x", 2590 eui64[0], eui64[1], eui64[2], eui64[3], 2591 eui64[4], eui64[5], eui64[6], eui64[7]); 2592 } else { 2593 (void) snprintf(ns->ns_name, sizeof (ns->ns_name), "%d", 2594 ns->ns_id); 2595 2596 nvme_prepare_devid(nvme, ns->ns_id); 2597 } 2598 2599 /* 2600 * Find the LBA format with no metadata and the best relative 2601 * performance. A value of 3 means "degraded", 0 is best. 2602 */ 2603 last_rp = 3; 2604 for (int j = 0; j <= idns->id_nlbaf; j++) { 2605 if (idns->id_lbaf[j].lbaf_lbads == 0) 2606 break; 2607 if (idns->id_lbaf[j].lbaf_ms != 0) 2608 continue; 2609 if (idns->id_lbaf[j].lbaf_rp >= last_rp) 2610 continue; 2611 last_rp = idns->id_lbaf[j].lbaf_rp; 2612 ns->ns_best_block_size = 2613 1 << idns->id_lbaf[j].lbaf_lbads; 2614 } 2615 2616 if (ns->ns_best_block_size < nvme->n_min_block_size) 2617 ns->ns_best_block_size = nvme->n_min_block_size; 2618 2619 was_ignored = ns->ns_ignore; 2620 2621 /* 2622 * We currently don't support namespaces that use either: 2623 * - protection information 2624 * - illegal block size (< 512) 2625 */ 2626 if (idns->id_dps.dp_pinfo) { 2627 dev_err(nvme->n_dip, CE_WARN, 2628 "!ignoring namespace %d, unsupported feature: " 2629 "pinfo = %d", nsid, idns->id_dps.dp_pinfo); 2630 ns->ns_ignore = B_TRUE; 2631 } else if (ns->ns_block_size < 512) { 2632 dev_err(nvme->n_dip, CE_WARN, 2633 "!ignoring namespace %d, unsupported block size %"PRIu64, 2634 nsid, (uint64_t)ns->ns_block_size); 2635 ns->ns_ignore = B_TRUE; 2636 } else { 2637 ns->ns_ignore = B_FALSE; 2638 } 2639 2640 /* 2641 * Keep a count of namespaces which are attachable. 2642 * See comments in nvme_bd_driveinfo() to understand its effect. 2643 */ 2644 if (was_ignored) { 2645 /* 2646 * Previously ignored, but now not. Count it. 2647 */ 2648 if (!ns->ns_ignore) 2649 nvme->n_namespaces_attachable++; 2650 } else { 2651 /* 2652 * Wasn't ignored previously, but now needs to be. 2653 * Discount it. 2654 */ 2655 if (ns->ns_ignore) 2656 nvme->n_namespaces_attachable--; 2657 } 2658 2659 return (DDI_SUCCESS); 2660 } 2661 2662 static int 2663 nvme_init(nvme_t *nvme) 2664 { 2665 nvme_reg_cc_t cc = { 0 }; 2666 nvme_reg_aqa_t aqa = { 0 }; 2667 nvme_reg_asq_t asq = { 0 }; 2668 nvme_reg_acq_t acq = { 0 }; 2669 nvme_reg_cap_t cap; 2670 nvme_reg_vs_t vs; 2671 nvme_reg_csts_t csts; 2672 int i = 0; 2673 uint16_t nqueues; 2674 uint_t tq_threads; 2675 char model[sizeof (nvme->n_idctl->id_model) + 1]; 2676 char *vendor, *product; 2677 2678 /* Check controller version */ 2679 vs.r = nvme_get32(nvme, NVME_REG_VS); 2680 nvme->n_version.v_major = vs.b.vs_mjr; 2681 nvme->n_version.v_minor = vs.b.vs_mnr; 2682 dev_err(nvme->n_dip, CE_CONT, "?NVMe spec version %d.%d", 2683 nvme->n_version.v_major, nvme->n_version.v_minor); 2684 2685 if (nvme->n_version.v_major > nvme_version_major) { 2686 dev_err(nvme->n_dip, CE_WARN, "!no support for version > %d.x", 2687 nvme_version_major); 2688 if (nvme->n_strict_version) 2689 goto fail; 2690 } 2691 2692 /* retrieve controller configuration */ 2693 cap.r = nvme_get64(nvme, NVME_REG_CAP); 2694 2695 if ((cap.b.cap_css & NVME_CAP_CSS_NVM) == 0) { 2696 dev_err(nvme->n_dip, CE_WARN, 2697 "!NVM command set not supported by hardware"); 2698 goto fail; 2699 } 2700 2701 nvme->n_nssr_supported = cap.b.cap_nssrs; 2702 nvme->n_doorbell_stride = 4 << cap.b.cap_dstrd; 2703 nvme->n_timeout = cap.b.cap_to; 2704 nvme->n_arbitration_mechanisms = cap.b.cap_ams; 2705 nvme->n_cont_queues_reqd = cap.b.cap_cqr; 2706 nvme->n_max_queue_entries = cap.b.cap_mqes + 1; 2707 2708 /* 2709 * The MPSMIN and MPSMAX fields in the CAP register use 0 to specify 2710 * the base page size of 4k (1<<12), so add 12 here to get the real 2711 * page size value. 2712 */ 2713 nvme->n_pageshift = MIN(MAX(cap.b.cap_mpsmin + 12, PAGESHIFT), 2714 cap.b.cap_mpsmax + 12); 2715 nvme->n_pagesize = 1UL << (nvme->n_pageshift); 2716 2717 /* 2718 * Set up Queue DMA to transfer at least 1 page-aligned page at a time. 2719 */ 2720 nvme->n_queue_dma_attr.dma_attr_align = nvme->n_pagesize; 2721 nvme->n_queue_dma_attr.dma_attr_minxfer = nvme->n_pagesize; 2722 2723 /* 2724 * Set up PRP DMA to transfer 1 page-aligned page at a time. 2725 * Maxxfer may be increased after we identified the controller limits. 2726 */ 2727 nvme->n_prp_dma_attr.dma_attr_maxxfer = nvme->n_pagesize; 2728 nvme->n_prp_dma_attr.dma_attr_minxfer = nvme->n_pagesize; 2729 nvme->n_prp_dma_attr.dma_attr_align = nvme->n_pagesize; 2730 nvme->n_prp_dma_attr.dma_attr_seg = nvme->n_pagesize - 1; 2731 2732 /* 2733 * Reset controller if it's still in ready state. 2734 */ 2735 if (nvme_reset(nvme, B_FALSE) == B_FALSE) { 2736 dev_err(nvme->n_dip, CE_WARN, "!unable to reset controller"); 2737 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 2738 nvme->n_dead = B_TRUE; 2739 goto fail; 2740 } 2741 2742 /* 2743 * Create the cq array with one completion queue to be assigned 2744 * to the admin queue pair and a limited number of taskqs (4). 2745 */ 2746 if (nvme_create_cq_array(nvme, 1, nvme->n_admin_queue_len, 4) != 2747 DDI_SUCCESS) { 2748 dev_err(nvme->n_dip, CE_WARN, 2749 "!failed to pre-allocate admin completion queue"); 2750 goto fail; 2751 } 2752 /* 2753 * Create the admin queue pair. 2754 */ 2755 if (nvme_alloc_qpair(nvme, nvme->n_admin_queue_len, &nvme->n_adminq, 0) 2756 != DDI_SUCCESS) { 2757 dev_err(nvme->n_dip, CE_WARN, 2758 "!unable to allocate admin qpair"); 2759 goto fail; 2760 } 2761 nvme->n_ioq = kmem_alloc(sizeof (nvme_qpair_t *), KM_SLEEP); 2762 nvme->n_ioq[0] = nvme->n_adminq; 2763 2764 nvme->n_progress |= NVME_ADMIN_QUEUE; 2765 2766 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2767 "admin-queue-len", nvme->n_admin_queue_len); 2768 2769 aqa.b.aqa_asqs = aqa.b.aqa_acqs = nvme->n_admin_queue_len - 1; 2770 asq = nvme->n_adminq->nq_sqdma->nd_cookie.dmac_laddress; 2771 acq = nvme->n_adminq->nq_cq->ncq_dma->nd_cookie.dmac_laddress; 2772 2773 ASSERT((asq & (nvme->n_pagesize - 1)) == 0); 2774 ASSERT((acq & (nvme->n_pagesize - 1)) == 0); 2775 2776 nvme_put32(nvme, NVME_REG_AQA, aqa.r); 2777 nvme_put64(nvme, NVME_REG_ASQ, asq); 2778 nvme_put64(nvme, NVME_REG_ACQ, acq); 2779 2780 cc.b.cc_ams = 0; /* use Round-Robin arbitration */ 2781 cc.b.cc_css = 0; /* use NVM command set */ 2782 cc.b.cc_mps = nvme->n_pageshift - 12; 2783 cc.b.cc_shn = 0; /* no shutdown in progress */ 2784 cc.b.cc_en = 1; /* enable controller */ 2785 cc.b.cc_iosqes = 6; /* submission queue entry is 2^6 bytes long */ 2786 cc.b.cc_iocqes = 4; /* completion queue entry is 2^4 bytes long */ 2787 2788 nvme_put32(nvme, NVME_REG_CC, cc.r); 2789 2790 /* 2791 * Wait for the controller to become ready. 2792 */ 2793 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2794 if (csts.b.csts_rdy == 0) { 2795 for (i = 0; i != nvme->n_timeout * 10; i++) { 2796 delay(drv_usectohz(50000)); 2797 csts.r = nvme_get32(nvme, NVME_REG_CSTS); 2798 2799 if (csts.b.csts_cfs == 1) { 2800 dev_err(nvme->n_dip, CE_WARN, 2801 "!controller fatal status at init"); 2802 ddi_fm_service_impact(nvme->n_dip, 2803 DDI_SERVICE_LOST); 2804 nvme->n_dead = B_TRUE; 2805 goto fail; 2806 } 2807 2808 if (csts.b.csts_rdy == 1) 2809 break; 2810 } 2811 } 2812 2813 if (csts.b.csts_rdy == 0) { 2814 dev_err(nvme->n_dip, CE_WARN, "!controller not ready"); 2815 ddi_fm_service_impact(nvme->n_dip, DDI_SERVICE_LOST); 2816 nvme->n_dead = B_TRUE; 2817 goto fail; 2818 } 2819 2820 /* 2821 * Assume an abort command limit of 1. We'll destroy and re-init 2822 * that later when we know the true abort command limit. 2823 */ 2824 sema_init(&nvme->n_abort_sema, 1, NULL, SEMA_DRIVER, NULL); 2825 2826 /* 2827 * Setup initial interrupt for admin queue. 2828 */ 2829 if ((nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSIX, 1) 2830 != DDI_SUCCESS) && 2831 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSI, 1) 2832 != DDI_SUCCESS) && 2833 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_FIXED, 1) 2834 != DDI_SUCCESS)) { 2835 dev_err(nvme->n_dip, CE_WARN, 2836 "!failed to setup initial interrupt"); 2837 goto fail; 2838 } 2839 2840 /* 2841 * Post an asynchronous event command to catch errors. 2842 * We assume the asynchronous events are supported as required by 2843 * specification (Figure 40 in section 5 of NVMe 1.2). 2844 * However, since at least qemu does not follow the specification, 2845 * we need a mechanism to protect ourselves. 2846 */ 2847 nvme->n_async_event_supported = B_TRUE; 2848 nvme_async_event(nvme); 2849 2850 /* 2851 * Identify Controller 2852 */ 2853 if (nvme_identify(nvme, B_FALSE, 0, (void **)&nvme->n_idctl) != 0) { 2854 dev_err(nvme->n_dip, CE_WARN, 2855 "!failed to identify controller"); 2856 goto fail; 2857 } 2858 2859 /* 2860 * Get Vendor & Product ID 2861 */ 2862 bcopy(nvme->n_idctl->id_model, model, sizeof (nvme->n_idctl->id_model)); 2863 model[sizeof (nvme->n_idctl->id_model)] = '\0'; 2864 sata_split_model(model, &vendor, &product); 2865 2866 if (vendor == NULL) 2867 nvme->n_vendor = strdup("NVMe"); 2868 else 2869 nvme->n_vendor = strdup(vendor); 2870 2871 nvme->n_product = strdup(product); 2872 2873 /* 2874 * Get controller limits. 2875 */ 2876 nvme->n_async_event_limit = MAX(NVME_MIN_ASYNC_EVENT_LIMIT, 2877 MIN(nvme->n_admin_queue_len / 10, 2878 MIN(nvme->n_idctl->id_aerl + 1, nvme->n_async_event_limit))); 2879 2880 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2881 "async-event-limit", nvme->n_async_event_limit); 2882 2883 nvme->n_abort_command_limit = nvme->n_idctl->id_acl + 1; 2884 2885 /* 2886 * Reinitialize the semaphore with the true abort command limit 2887 * supported by the hardware. It's not necessary to disable interrupts 2888 * as only command aborts use the semaphore, and no commands are 2889 * executed or aborted while we're here. 2890 */ 2891 sema_destroy(&nvme->n_abort_sema); 2892 sema_init(&nvme->n_abort_sema, nvme->n_abort_command_limit - 1, NULL, 2893 SEMA_DRIVER, NULL); 2894 2895 nvme->n_progress |= NVME_CTRL_LIMITS; 2896 2897 if (nvme->n_idctl->id_mdts == 0) 2898 nvme->n_max_data_transfer_size = nvme->n_pagesize * 65536; 2899 else 2900 nvme->n_max_data_transfer_size = 2901 1ull << (nvme->n_pageshift + nvme->n_idctl->id_mdts); 2902 2903 nvme->n_error_log_len = nvme->n_idctl->id_elpe + 1; 2904 2905 /* 2906 * Limit n_max_data_transfer_size to what we can handle in one PRP. 2907 * Chained PRPs are currently unsupported. 2908 * 2909 * This is a no-op on hardware which doesn't support a transfer size 2910 * big enough to require chained PRPs. 2911 */ 2912 nvme->n_max_data_transfer_size = MIN(nvme->n_max_data_transfer_size, 2913 (nvme->n_pagesize / sizeof (uint64_t) * nvme->n_pagesize)); 2914 2915 nvme->n_prp_dma_attr.dma_attr_maxxfer = nvme->n_max_data_transfer_size; 2916 2917 /* 2918 * Make sure the minimum/maximum queue entry sizes are not 2919 * larger/smaller than the default. 2920 */ 2921 2922 if (((1 << nvme->n_idctl->id_sqes.qes_min) > sizeof (nvme_sqe_t)) || 2923 ((1 << nvme->n_idctl->id_sqes.qes_max) < sizeof (nvme_sqe_t)) || 2924 ((1 << nvme->n_idctl->id_cqes.qes_min) > sizeof (nvme_cqe_t)) || 2925 ((1 << nvme->n_idctl->id_cqes.qes_max) < sizeof (nvme_cqe_t))) 2926 goto fail; 2927 2928 /* 2929 * Check for the presence of a Volatile Write Cache. If present, 2930 * enable or disable based on the value of the property 2931 * volatile-write-cache-enable (default is enabled). 2932 */ 2933 nvme->n_write_cache_present = 2934 nvme->n_idctl->id_vwc.vwc_present == 0 ? B_FALSE : B_TRUE; 2935 2936 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2937 "volatile-write-cache-present", 2938 nvme->n_write_cache_present ? 1 : 0); 2939 2940 if (!nvme->n_write_cache_present) { 2941 nvme->n_write_cache_enabled = B_FALSE; 2942 } else if (nvme_write_cache_set(nvme, nvme->n_write_cache_enabled) 2943 != 0) { 2944 dev_err(nvme->n_dip, CE_WARN, 2945 "!failed to %sable volatile write cache", 2946 nvme->n_write_cache_enabled ? "en" : "dis"); 2947 /* 2948 * Assume the cache is (still) enabled. 2949 */ 2950 nvme->n_write_cache_enabled = B_TRUE; 2951 } 2952 2953 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, 2954 "volatile-write-cache-enable", 2955 nvme->n_write_cache_enabled ? 1 : 0); 2956 2957 /* 2958 * Assume LBA Range Type feature is supported. If it isn't this 2959 * will be set to B_FALSE by nvme_get_features(). 2960 */ 2961 nvme->n_lba_range_supported = B_TRUE; 2962 2963 /* 2964 * Check support for Autonomous Power State Transition. 2965 */ 2966 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 1)) 2967 nvme->n_auto_pst_supported = 2968 nvme->n_idctl->id_apsta.ap_sup == 0 ? B_FALSE : B_TRUE; 2969 2970 /* 2971 * Assume Software Progress Marker feature is supported. If it isn't 2972 * this will be set to B_FALSE by nvme_get_features(). 2973 */ 2974 nvme->n_progress_supported = B_TRUE; 2975 2976 /* 2977 * Identify Namespaces 2978 */ 2979 nvme->n_namespace_count = nvme->n_idctl->id_nn; 2980 2981 if (nvme->n_namespace_count == 0) { 2982 dev_err(nvme->n_dip, CE_WARN, 2983 "!controllers without namespaces are not supported"); 2984 goto fail; 2985 } 2986 2987 if (nvme->n_namespace_count > NVME_MINOR_MAX) { 2988 dev_err(nvme->n_dip, CE_WARN, 2989 "!too many namespaces: %d, limiting to %d\n", 2990 nvme->n_namespace_count, NVME_MINOR_MAX); 2991 nvme->n_namespace_count = NVME_MINOR_MAX; 2992 } 2993 2994 nvme->n_ns = kmem_zalloc(sizeof (nvme_namespace_t) * 2995 nvme->n_namespace_count, KM_SLEEP); 2996 2997 for (i = 0; i != nvme->n_namespace_count; i++) { 2998 mutex_init(&nvme->n_ns[i].ns_minor.nm_mutex, NULL, MUTEX_DRIVER, 2999 NULL); 3000 nvme->n_ns[i].ns_ignore = B_TRUE; 3001 if (nvme_init_ns(nvme, i + 1) != DDI_SUCCESS) 3002 goto fail; 3003 } 3004 3005 /* 3006 * Try to set up MSI/MSI-X interrupts. 3007 */ 3008 if ((nvme->n_intr_types & (DDI_INTR_TYPE_MSI | DDI_INTR_TYPE_MSIX)) 3009 != 0) { 3010 nvme_release_interrupts(nvme); 3011 3012 nqueues = MIN(UINT16_MAX, ncpus); 3013 3014 if ((nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSIX, 3015 nqueues) != DDI_SUCCESS) && 3016 (nvme_setup_interrupts(nvme, DDI_INTR_TYPE_MSI, 3017 nqueues) != DDI_SUCCESS)) { 3018 dev_err(nvme->n_dip, CE_WARN, 3019 "!failed to setup MSI/MSI-X interrupts"); 3020 goto fail; 3021 } 3022 } 3023 3024 /* 3025 * Create I/O queue pairs. 3026 */ 3027 3028 if (nvme_set_nqueues(nvme) != 0) { 3029 dev_err(nvme->n_dip, CE_WARN, 3030 "!failed to set number of I/O queues to %d", 3031 nvme->n_intr_cnt); 3032 goto fail; 3033 } 3034 3035 /* 3036 * Reallocate I/O queue array 3037 */ 3038 kmem_free(nvme->n_ioq, sizeof (nvme_qpair_t *)); 3039 nvme->n_ioq = kmem_zalloc(sizeof (nvme_qpair_t *) * 3040 (nvme->n_submission_queues + 1), KM_SLEEP); 3041 nvme->n_ioq[0] = nvme->n_adminq; 3042 3043 /* 3044 * There should always be at least as many submission queues 3045 * as completion queues. 3046 */ 3047 ASSERT(nvme->n_submission_queues >= nvme->n_completion_queues); 3048 3049 nvme->n_ioq_count = nvme->n_submission_queues; 3050 3051 nvme->n_io_squeue_len = 3052 MIN(nvme->n_io_squeue_len, nvme->n_max_queue_entries); 3053 3054 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, "io-squeue-len", 3055 nvme->n_io_squeue_len); 3056 3057 /* 3058 * Pre-allocate completion queues. 3059 * When there are the same number of submission and completion 3060 * queues there is no value in having a larger completion 3061 * queue length. 3062 */ 3063 if (nvme->n_submission_queues == nvme->n_completion_queues) 3064 nvme->n_io_cqueue_len = MIN(nvme->n_io_cqueue_len, 3065 nvme->n_io_squeue_len); 3066 3067 nvme->n_io_cqueue_len = MIN(nvme->n_io_cqueue_len, 3068 nvme->n_max_queue_entries); 3069 3070 (void) ddi_prop_update_int(DDI_DEV_T_NONE, nvme->n_dip, "io-cqueue-len", 3071 nvme->n_io_cqueue_len); 3072 3073 /* 3074 * Assign the equal quantity of taskq threads to each completion 3075 * queue, capping the total number of threads to the number 3076 * of CPUs. 3077 */ 3078 tq_threads = MIN(UINT16_MAX, ncpus) / nvme->n_completion_queues; 3079 3080 /* 3081 * In case the calculation above is zero, we need at least one 3082 * thread per completion queue. 3083 */ 3084 tq_threads = MAX(1, tq_threads); 3085 3086 if (nvme_create_cq_array(nvme, nvme->n_completion_queues + 1, 3087 nvme->n_io_cqueue_len, tq_threads) != DDI_SUCCESS) { 3088 dev_err(nvme->n_dip, CE_WARN, 3089 "!failed to pre-allocate completion queues"); 3090 goto fail; 3091 } 3092 3093 /* 3094 * If we use less completion queues than interrupt vectors return 3095 * some of the interrupt vectors back to the system. 3096 */ 3097 if (nvme->n_completion_queues + 1 < nvme->n_intr_cnt) { 3098 nvme_release_interrupts(nvme); 3099 3100 if (nvme_setup_interrupts(nvme, nvme->n_intr_type, 3101 nvme->n_completion_queues + 1) != DDI_SUCCESS) { 3102 dev_err(nvme->n_dip, CE_WARN, 3103 "!failed to reduce number of interrupts"); 3104 goto fail; 3105 } 3106 } 3107 3108 /* 3109 * Alloc & register I/O queue pairs 3110 */ 3111 3112 for (i = 1; i != nvme->n_ioq_count + 1; i++) { 3113 if (nvme_alloc_qpair(nvme, nvme->n_io_squeue_len, 3114 &nvme->n_ioq[i], i) != DDI_SUCCESS) { 3115 dev_err(nvme->n_dip, CE_WARN, 3116 "!unable to allocate I/O qpair %d", i); 3117 goto fail; 3118 } 3119 3120 if (nvme_create_io_qpair(nvme, nvme->n_ioq[i], i) != 0) { 3121 dev_err(nvme->n_dip, CE_WARN, 3122 "!unable to create I/O qpair %d", i); 3123 goto fail; 3124 } 3125 } 3126 3127 /* 3128 * Post more asynchronous events commands to reduce event reporting 3129 * latency as suggested by the spec. 3130 */ 3131 if (nvme->n_async_event_supported) { 3132 for (i = 1; i != nvme->n_async_event_limit; i++) 3133 nvme_async_event(nvme); 3134 } 3135 3136 return (DDI_SUCCESS); 3137 3138 fail: 3139 (void) nvme_reset(nvme, B_FALSE); 3140 return (DDI_FAILURE); 3141 } 3142 3143 static uint_t 3144 nvme_intr(caddr_t arg1, caddr_t arg2) 3145 { 3146 /*LINTED: E_PTR_BAD_CAST_ALIGN*/ 3147 nvme_t *nvme = (nvme_t *)arg1; 3148 int inum = (int)(uintptr_t)arg2; 3149 int ccnt = 0; 3150 int qnum; 3151 3152 if (inum >= nvme->n_intr_cnt) 3153 return (DDI_INTR_UNCLAIMED); 3154 3155 if (nvme->n_dead) 3156 return (nvme->n_intr_type == DDI_INTR_TYPE_FIXED ? 3157 DDI_INTR_UNCLAIMED : DDI_INTR_CLAIMED); 3158 3159 /* 3160 * The interrupt vector a queue uses is calculated as queue_idx % 3161 * intr_cnt in nvme_create_io_qpair(). Iterate through the queue array 3162 * in steps of n_intr_cnt to process all queues using this vector. 3163 */ 3164 for (qnum = inum; 3165 qnum < nvme->n_cq_count && nvme->n_cq[qnum] != NULL; 3166 qnum += nvme->n_intr_cnt) { 3167 ccnt += nvme_process_iocq(nvme, nvme->n_cq[qnum]); 3168 } 3169 3170 return (ccnt > 0 ? DDI_INTR_CLAIMED : DDI_INTR_UNCLAIMED); 3171 } 3172 3173 static void 3174 nvme_release_interrupts(nvme_t *nvme) 3175 { 3176 int i; 3177 3178 for (i = 0; i < nvme->n_intr_cnt; i++) { 3179 if (nvme->n_inth[i] == NULL) 3180 break; 3181 3182 if (nvme->n_intr_cap & DDI_INTR_FLAG_BLOCK) 3183 (void) ddi_intr_block_disable(&nvme->n_inth[i], 1); 3184 else 3185 (void) ddi_intr_disable(nvme->n_inth[i]); 3186 3187 (void) ddi_intr_remove_handler(nvme->n_inth[i]); 3188 (void) ddi_intr_free(nvme->n_inth[i]); 3189 } 3190 3191 kmem_free(nvme->n_inth, nvme->n_inth_sz); 3192 nvme->n_inth = NULL; 3193 nvme->n_inth_sz = 0; 3194 3195 nvme->n_progress &= ~NVME_INTERRUPTS; 3196 } 3197 3198 static int 3199 nvme_setup_interrupts(nvme_t *nvme, int intr_type, int nqpairs) 3200 { 3201 int nintrs, navail, count; 3202 int ret; 3203 int i; 3204 3205 if (nvme->n_intr_types == 0) { 3206 ret = ddi_intr_get_supported_types(nvme->n_dip, 3207 &nvme->n_intr_types); 3208 if (ret != DDI_SUCCESS) { 3209 dev_err(nvme->n_dip, CE_WARN, 3210 "!%s: ddi_intr_get_supported types failed", 3211 __func__); 3212 return (ret); 3213 } 3214 #ifdef __x86 3215 if (get_hwenv() == HW_VMWARE) 3216 nvme->n_intr_types &= ~DDI_INTR_TYPE_MSIX; 3217 #endif 3218 } 3219 3220 if ((nvme->n_intr_types & intr_type) == 0) 3221 return (DDI_FAILURE); 3222 3223 ret = ddi_intr_get_nintrs(nvme->n_dip, intr_type, &nintrs); 3224 if (ret != DDI_SUCCESS) { 3225 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_nintrs failed", 3226 __func__); 3227 return (ret); 3228 } 3229 3230 ret = ddi_intr_get_navail(nvme->n_dip, intr_type, &navail); 3231 if (ret != DDI_SUCCESS) { 3232 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_navail failed", 3233 __func__); 3234 return (ret); 3235 } 3236 3237 /* We want at most one interrupt per queue pair. */ 3238 if (navail > nqpairs) 3239 navail = nqpairs; 3240 3241 nvme->n_inth_sz = sizeof (ddi_intr_handle_t) * navail; 3242 nvme->n_inth = kmem_zalloc(nvme->n_inth_sz, KM_SLEEP); 3243 3244 ret = ddi_intr_alloc(nvme->n_dip, nvme->n_inth, intr_type, 0, navail, 3245 &count, 0); 3246 if (ret != DDI_SUCCESS) { 3247 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_alloc failed", 3248 __func__); 3249 goto fail; 3250 } 3251 3252 nvme->n_intr_cnt = count; 3253 3254 ret = ddi_intr_get_pri(nvme->n_inth[0], &nvme->n_intr_pri); 3255 if (ret != DDI_SUCCESS) { 3256 dev_err(nvme->n_dip, CE_WARN, "!%s: ddi_intr_get_pri failed", 3257 __func__); 3258 goto fail; 3259 } 3260 3261 for (i = 0; i < count; i++) { 3262 ret = ddi_intr_add_handler(nvme->n_inth[i], nvme_intr, 3263 (void *)nvme, (void *)(uintptr_t)i); 3264 if (ret != DDI_SUCCESS) { 3265 dev_err(nvme->n_dip, CE_WARN, 3266 "!%s: ddi_intr_add_handler failed", __func__); 3267 goto fail; 3268 } 3269 } 3270 3271 (void) ddi_intr_get_cap(nvme->n_inth[0], &nvme->n_intr_cap); 3272 3273 for (i = 0; i < count; i++) { 3274 if (nvme->n_intr_cap & DDI_INTR_FLAG_BLOCK) 3275 ret = ddi_intr_block_enable(&nvme->n_inth[i], 1); 3276 else 3277 ret = ddi_intr_enable(nvme->n_inth[i]); 3278 3279 if (ret != DDI_SUCCESS) { 3280 dev_err(nvme->n_dip, CE_WARN, 3281 "!%s: enabling interrupt %d failed", __func__, i); 3282 goto fail; 3283 } 3284 } 3285 3286 nvme->n_intr_type = intr_type; 3287 3288 nvme->n_progress |= NVME_INTERRUPTS; 3289 3290 return (DDI_SUCCESS); 3291 3292 fail: 3293 nvme_release_interrupts(nvme); 3294 3295 return (ret); 3296 } 3297 3298 static int 3299 nvme_fm_errcb(dev_info_t *dip, ddi_fm_error_t *fm_error, const void *arg) 3300 { 3301 _NOTE(ARGUNUSED(arg)); 3302 3303 pci_ereport_post(dip, fm_error, NULL); 3304 return (fm_error->fme_status); 3305 } 3306 3307 static void 3308 nvme_remove_callback(dev_info_t *dip, ddi_eventcookie_t cookie, void *a, 3309 void *b) 3310 { 3311 nvme_t *nvme = a; 3312 3313 nvme->n_dead = B_TRUE; 3314 3315 /* 3316 * Fail all outstanding commands, including those in the admin queue 3317 * (queue 0). 3318 */ 3319 for (uint_t i = 0; i < nvme->n_ioq_count + 1; i++) { 3320 nvme_qpair_t *qp = nvme->n_ioq[i]; 3321 3322 mutex_enter(&qp->nq_mutex); 3323 for (size_t j = 0; j < qp->nq_nentry; j++) { 3324 nvme_cmd_t *cmd = qp->nq_cmd[j]; 3325 nvme_cmd_t *u_cmd; 3326 3327 if (cmd == NULL) { 3328 continue; 3329 } 3330 3331 /* 3332 * Since we have the queue lock held the entire time we 3333 * iterate over it, it's not possible for the queue to 3334 * change underneath us. Thus, we don't need to check 3335 * that the return value of nvme_unqueue_cmd matches the 3336 * requested cmd to unqueue. 3337 */ 3338 u_cmd = nvme_unqueue_cmd(nvme, qp, cmd->nc_sqe.sqe_cid); 3339 taskq_dispatch_ent(qp->nq_cq->ncq_cmd_taskq, 3340 cmd->nc_callback, cmd, TQ_NOSLEEP, &cmd->nc_tqent); 3341 3342 ASSERT3P(u_cmd, ==, cmd); 3343 } 3344 mutex_exit(&qp->nq_mutex); 3345 } 3346 } 3347 3348 static int 3349 nvme_attach(dev_info_t *dip, ddi_attach_cmd_t cmd) 3350 { 3351 nvme_t *nvme; 3352 int instance; 3353 int nregs; 3354 off_t regsize; 3355 int i; 3356 char name[32]; 3357 bd_ops_t ops = nvme_bd_ops; 3358 3359 if (cmd != DDI_ATTACH) 3360 return (DDI_FAILURE); 3361 3362 instance = ddi_get_instance(dip); 3363 3364 if (ddi_soft_state_zalloc(nvme_state, instance) != DDI_SUCCESS) 3365 return (DDI_FAILURE); 3366 3367 nvme = ddi_get_soft_state(nvme_state, instance); 3368 ddi_set_driver_private(dip, nvme); 3369 nvme->n_dip = dip; 3370 3371 /* Set up event handlers for hot removal. */ 3372 if (ddi_get_eventcookie(nvme->n_dip, DDI_DEVI_REMOVE_EVENT, 3373 &nvme->n_rm_cookie) != DDI_SUCCESS) { 3374 goto fail; 3375 } 3376 if (ddi_add_event_handler(nvme->n_dip, nvme->n_rm_cookie, 3377 nvme_remove_callback, nvme, &nvme->n_ev_rm_cb_id) != 3378 DDI_SUCCESS) { 3379 goto fail; 3380 } 3381 3382 mutex_init(&nvme->n_minor.nm_mutex, NULL, MUTEX_DRIVER, NULL); 3383 3384 nvme->n_strict_version = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3385 DDI_PROP_DONTPASS, "strict-version", 1) == 1 ? B_TRUE : B_FALSE; 3386 nvme->n_ignore_unknown_vendor_status = ddi_prop_get_int(DDI_DEV_T_ANY, 3387 dip, DDI_PROP_DONTPASS, "ignore-unknown-vendor-status", 0) == 1 ? 3388 B_TRUE : B_FALSE; 3389 nvme->n_admin_queue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3390 DDI_PROP_DONTPASS, "admin-queue-len", NVME_DEFAULT_ADMIN_QUEUE_LEN); 3391 nvme->n_io_squeue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3392 DDI_PROP_DONTPASS, "io-squeue-len", NVME_DEFAULT_IO_QUEUE_LEN); 3393 /* 3394 * Double up the default for completion queues in case of 3395 * queue sharing. 3396 */ 3397 nvme->n_io_cqueue_len = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3398 DDI_PROP_DONTPASS, "io-cqueue-len", 2 * NVME_DEFAULT_IO_QUEUE_LEN); 3399 nvme->n_async_event_limit = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3400 DDI_PROP_DONTPASS, "async-event-limit", 3401 NVME_DEFAULT_ASYNC_EVENT_LIMIT); 3402 nvme->n_write_cache_enabled = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3403 DDI_PROP_DONTPASS, "volatile-write-cache-enable", 1) != 0 ? 3404 B_TRUE : B_FALSE; 3405 nvme->n_min_block_size = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3406 DDI_PROP_DONTPASS, "min-phys-block-size", 3407 NVME_DEFAULT_MIN_BLOCK_SIZE); 3408 nvme->n_submission_queues = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3409 DDI_PROP_DONTPASS, "max-submission-queues", -1); 3410 nvme->n_completion_queues = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 3411 DDI_PROP_DONTPASS, "max-completion-queues", -1); 3412 3413 if (!ISP2(nvme->n_min_block_size) || 3414 (nvme->n_min_block_size < NVME_DEFAULT_MIN_BLOCK_SIZE)) { 3415 dev_err(dip, CE_WARN, "!min-phys-block-size %s, " 3416 "using default %d", ISP2(nvme->n_min_block_size) ? 3417 "too low" : "not a power of 2", 3418 NVME_DEFAULT_MIN_BLOCK_SIZE); 3419 nvme->n_min_block_size = NVME_DEFAULT_MIN_BLOCK_SIZE; 3420 } 3421 3422 if (nvme->n_submission_queues != -1 && 3423 (nvme->n_submission_queues < 1 || 3424 nvme->n_submission_queues > UINT16_MAX)) { 3425 dev_err(dip, CE_WARN, "!\"submission-queues\"=%d is not " 3426 "valid. Must be [1..%d]", nvme->n_submission_queues, 3427 UINT16_MAX); 3428 nvme->n_submission_queues = -1; 3429 } 3430 3431 if (nvme->n_completion_queues != -1 && 3432 (nvme->n_completion_queues < 1 || 3433 nvme->n_completion_queues > UINT16_MAX)) { 3434 dev_err(dip, CE_WARN, "!\"completion-queues\"=%d is not " 3435 "valid. Must be [1..%d]", nvme->n_completion_queues, 3436 UINT16_MAX); 3437 nvme->n_completion_queues = -1; 3438 } 3439 3440 if (nvme->n_admin_queue_len < NVME_MIN_ADMIN_QUEUE_LEN) 3441 nvme->n_admin_queue_len = NVME_MIN_ADMIN_QUEUE_LEN; 3442 else if (nvme->n_admin_queue_len > NVME_MAX_ADMIN_QUEUE_LEN) 3443 nvme->n_admin_queue_len = NVME_MAX_ADMIN_QUEUE_LEN; 3444 3445 if (nvme->n_io_squeue_len < NVME_MIN_IO_QUEUE_LEN) 3446 nvme->n_io_squeue_len = NVME_MIN_IO_QUEUE_LEN; 3447 if (nvme->n_io_cqueue_len < NVME_MIN_IO_QUEUE_LEN) 3448 nvme->n_io_cqueue_len = NVME_MIN_IO_QUEUE_LEN; 3449 3450 if (nvme->n_async_event_limit < 1) 3451 nvme->n_async_event_limit = NVME_DEFAULT_ASYNC_EVENT_LIMIT; 3452 3453 nvme->n_reg_acc_attr = nvme_reg_acc_attr; 3454 nvme->n_queue_dma_attr = nvme_queue_dma_attr; 3455 nvme->n_prp_dma_attr = nvme_prp_dma_attr; 3456 nvme->n_sgl_dma_attr = nvme_sgl_dma_attr; 3457 3458 /* 3459 * Setup FMA support. 3460 */ 3461 nvme->n_fm_cap = ddi_getprop(DDI_DEV_T_ANY, dip, 3462 DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "fm-capable", 3463 DDI_FM_EREPORT_CAPABLE | DDI_FM_ACCCHK_CAPABLE | 3464 DDI_FM_DMACHK_CAPABLE | DDI_FM_ERRCB_CAPABLE); 3465 3466 ddi_fm_init(dip, &nvme->n_fm_cap, &nvme->n_fm_ibc); 3467 3468 if (nvme->n_fm_cap) { 3469 if (nvme->n_fm_cap & DDI_FM_ACCCHK_CAPABLE) 3470 nvme->n_reg_acc_attr.devacc_attr_access = 3471 DDI_FLAGERR_ACC; 3472 3473 if (nvme->n_fm_cap & DDI_FM_DMACHK_CAPABLE) { 3474 nvme->n_prp_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR; 3475 nvme->n_sgl_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR; 3476 } 3477 3478 if (DDI_FM_EREPORT_CAP(nvme->n_fm_cap) || 3479 DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3480 pci_ereport_setup(dip); 3481 3482 if (DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3483 ddi_fm_handler_register(dip, nvme_fm_errcb, 3484 (void *)nvme); 3485 } 3486 3487 nvme->n_progress |= NVME_FMA_INIT; 3488 3489 /* 3490 * The spec defines several register sets. Only the controller 3491 * registers (set 1) are currently used. 3492 */ 3493 if (ddi_dev_nregs(dip, &nregs) == DDI_FAILURE || 3494 nregs < 2 || 3495 ddi_dev_regsize(dip, 1, ®size) == DDI_FAILURE) 3496 goto fail; 3497 3498 if (ddi_regs_map_setup(dip, 1, &nvme->n_regs, 0, regsize, 3499 &nvme->n_reg_acc_attr, &nvme->n_regh) != DDI_SUCCESS) { 3500 dev_err(dip, CE_WARN, "!failed to map regset 1"); 3501 goto fail; 3502 } 3503 3504 nvme->n_progress |= NVME_REGS_MAPPED; 3505 3506 /* 3507 * Create PRP DMA cache 3508 */ 3509 (void) snprintf(name, sizeof (name), "%s%d_prp_cache", 3510 ddi_driver_name(dip), ddi_get_instance(dip)); 3511 nvme->n_prp_cache = kmem_cache_create(name, sizeof (nvme_dma_t), 3512 0, nvme_prp_dma_constructor, nvme_prp_dma_destructor, 3513 NULL, (void *)nvme, NULL, 0); 3514 3515 if (nvme_init(nvme) != DDI_SUCCESS) 3516 goto fail; 3517 3518 if (!nvme->n_idctl->id_oncs.on_dset_mgmt) 3519 ops.o_free_space = NULL; 3520 3521 /* 3522 * Initialize the driver with the UFM subsystem 3523 */ 3524 if (ddi_ufm_init(dip, DDI_UFM_CURRENT_VERSION, &nvme_ufm_ops, 3525 &nvme->n_ufmh, nvme) != 0) { 3526 dev_err(dip, CE_WARN, "!failed to initialize UFM subsystem"); 3527 goto fail; 3528 } 3529 mutex_init(&nvme->n_fwslot_mutex, NULL, MUTEX_DRIVER, NULL); 3530 ddi_ufm_update(nvme->n_ufmh); 3531 nvme->n_progress |= NVME_UFM_INIT; 3532 3533 /* 3534 * Attach the blkdev driver for each namespace. 3535 */ 3536 for (i = 0; i != nvme->n_namespace_count; i++) { 3537 if (ddi_create_minor_node(nvme->n_dip, nvme->n_ns[i].ns_name, 3538 S_IFCHR, NVME_MINOR(ddi_get_instance(nvme->n_dip), i + 1), 3539 DDI_NT_NVME_ATTACHMENT_POINT, 0) != DDI_SUCCESS) { 3540 dev_err(dip, CE_WARN, 3541 "!failed to create minor node for namespace %d", i); 3542 goto fail; 3543 } 3544 3545 if (nvme->n_ns[i].ns_ignore) 3546 continue; 3547 3548 nvme->n_ns[i].ns_bd_hdl = bd_alloc_handle(&nvme->n_ns[i], 3549 &ops, &nvme->n_prp_dma_attr, KM_SLEEP); 3550 3551 if (nvme->n_ns[i].ns_bd_hdl == NULL) { 3552 dev_err(dip, CE_WARN, 3553 "!failed to get blkdev handle for namespace %d", i); 3554 goto fail; 3555 } 3556 3557 if (bd_attach_handle(dip, nvme->n_ns[i].ns_bd_hdl) 3558 != DDI_SUCCESS) { 3559 dev_err(dip, CE_WARN, 3560 "!failed to attach blkdev handle for namespace %d", 3561 i); 3562 goto fail; 3563 } 3564 } 3565 3566 if (ddi_create_minor_node(dip, "devctl", S_IFCHR, 3567 NVME_MINOR(ddi_get_instance(dip), 0), DDI_NT_NVME_NEXUS, 0) 3568 != DDI_SUCCESS) { 3569 dev_err(dip, CE_WARN, "nvme_attach: " 3570 "cannot create devctl minor node"); 3571 goto fail; 3572 } 3573 3574 return (DDI_SUCCESS); 3575 3576 fail: 3577 /* attach successful anyway so that FMA can retire the device */ 3578 if (nvme->n_dead) 3579 return (DDI_SUCCESS); 3580 3581 (void) nvme_detach(dip, DDI_DETACH); 3582 3583 return (DDI_FAILURE); 3584 } 3585 3586 static int 3587 nvme_detach(dev_info_t *dip, ddi_detach_cmd_t cmd) 3588 { 3589 int instance, i; 3590 nvme_t *nvme; 3591 3592 if (cmd != DDI_DETACH) 3593 return (DDI_FAILURE); 3594 3595 instance = ddi_get_instance(dip); 3596 3597 nvme = ddi_get_soft_state(nvme_state, instance); 3598 3599 if (nvme == NULL) 3600 return (DDI_FAILURE); 3601 3602 ddi_remove_minor_node(dip, "devctl"); 3603 mutex_destroy(&nvme->n_minor.nm_mutex); 3604 3605 if (nvme->n_ns) { 3606 for (i = 0; i != nvme->n_namespace_count; i++) { 3607 ddi_remove_minor_node(dip, nvme->n_ns[i].ns_name); 3608 mutex_destroy(&nvme->n_ns[i].ns_minor.nm_mutex); 3609 3610 if (nvme->n_ns[i].ns_bd_hdl) { 3611 (void) bd_detach_handle( 3612 nvme->n_ns[i].ns_bd_hdl); 3613 bd_free_handle(nvme->n_ns[i].ns_bd_hdl); 3614 } 3615 3616 if (nvme->n_ns[i].ns_idns) 3617 kmem_free(nvme->n_ns[i].ns_idns, 3618 sizeof (nvme_identify_nsid_t)); 3619 if (nvme->n_ns[i].ns_devid) 3620 strfree(nvme->n_ns[i].ns_devid); 3621 } 3622 3623 kmem_free(nvme->n_ns, sizeof (nvme_namespace_t) * 3624 nvme->n_namespace_count); 3625 } 3626 if (nvme->n_progress & NVME_UFM_INIT) { 3627 ddi_ufm_fini(nvme->n_ufmh); 3628 mutex_destroy(&nvme->n_fwslot_mutex); 3629 } 3630 3631 if (nvme->n_progress & NVME_INTERRUPTS) 3632 nvme_release_interrupts(nvme); 3633 3634 for (i = 0; i < nvme->n_cq_count; i++) { 3635 if (nvme->n_cq[i]->ncq_cmd_taskq != NULL) 3636 taskq_wait(nvme->n_cq[i]->ncq_cmd_taskq); 3637 } 3638 3639 if (nvme->n_ioq_count > 0) { 3640 for (i = 1; i != nvme->n_ioq_count + 1; i++) { 3641 if (nvme->n_ioq[i] != NULL) { 3642 /* TODO: send destroy queue commands */ 3643 nvme_free_qpair(nvme->n_ioq[i]); 3644 } 3645 } 3646 3647 kmem_free(nvme->n_ioq, sizeof (nvme_qpair_t *) * 3648 (nvme->n_ioq_count + 1)); 3649 } 3650 3651 if (nvme->n_prp_cache != NULL) { 3652 kmem_cache_destroy(nvme->n_prp_cache); 3653 } 3654 3655 if (nvme->n_progress & NVME_REGS_MAPPED) { 3656 nvme_shutdown(nvme, NVME_CC_SHN_NORMAL, B_FALSE); 3657 (void) nvme_reset(nvme, B_FALSE); 3658 } 3659 3660 if (nvme->n_progress & NVME_CTRL_LIMITS) 3661 sema_destroy(&nvme->n_abort_sema); 3662 3663 if (nvme->n_progress & NVME_ADMIN_QUEUE) 3664 nvme_free_qpair(nvme->n_adminq); 3665 3666 if (nvme->n_cq_count > 0) { 3667 nvme_destroy_cq_array(nvme, 0); 3668 nvme->n_cq = NULL; 3669 nvme->n_cq_count = 0; 3670 } 3671 3672 if (nvme->n_idctl) 3673 kmem_free(nvme->n_idctl, NVME_IDENTIFY_BUFSIZE); 3674 3675 if (nvme->n_progress & NVME_REGS_MAPPED) 3676 ddi_regs_map_free(&nvme->n_regh); 3677 3678 if (nvme->n_progress & NVME_FMA_INIT) { 3679 if (DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3680 ddi_fm_handler_unregister(nvme->n_dip); 3681 3682 if (DDI_FM_EREPORT_CAP(nvme->n_fm_cap) || 3683 DDI_FM_ERRCB_CAP(nvme->n_fm_cap)) 3684 pci_ereport_teardown(nvme->n_dip); 3685 3686 ddi_fm_fini(nvme->n_dip); 3687 } 3688 3689 if (nvme->n_vendor != NULL) 3690 strfree(nvme->n_vendor); 3691 3692 if (nvme->n_product != NULL) 3693 strfree(nvme->n_product); 3694 3695 /* Clean up hot removal event handler. */ 3696 if (nvme->n_ev_rm_cb_id != NULL) { 3697 (void) ddi_remove_event_handler(nvme->n_ev_rm_cb_id); 3698 } 3699 nvme->n_ev_rm_cb_id = NULL; 3700 3701 ddi_soft_state_free(nvme_state, instance); 3702 3703 return (DDI_SUCCESS); 3704 } 3705 3706 static int 3707 nvme_quiesce(dev_info_t *dip) 3708 { 3709 int instance; 3710 nvme_t *nvme; 3711 3712 instance = ddi_get_instance(dip); 3713 3714 nvme = ddi_get_soft_state(nvme_state, instance); 3715 3716 if (nvme == NULL) 3717 return (DDI_FAILURE); 3718 3719 nvme_shutdown(nvme, NVME_CC_SHN_ABRUPT, B_TRUE); 3720 3721 (void) nvme_reset(nvme, B_TRUE); 3722 3723 return (DDI_FAILURE); 3724 } 3725 3726 static int 3727 nvme_fill_prp(nvme_cmd_t *cmd, bd_xfer_t *xfer) 3728 { 3729 nvme_t *nvme = cmd->nc_nvme; 3730 int nprp_page, nprp; 3731 uint64_t *prp; 3732 3733 if (xfer->x_ndmac == 0) 3734 return (DDI_FAILURE); 3735 3736 cmd->nc_sqe.sqe_dptr.d_prp[0] = xfer->x_dmac.dmac_laddress; 3737 3738 if (xfer->x_ndmac == 1) { 3739 cmd->nc_sqe.sqe_dptr.d_prp[1] = 0; 3740 return (DDI_SUCCESS); 3741 } else if (xfer->x_ndmac == 2) { 3742 ddi_dma_nextcookie(xfer->x_dmah, &xfer->x_dmac); 3743 cmd->nc_sqe.sqe_dptr.d_prp[1] = xfer->x_dmac.dmac_laddress; 3744 return (DDI_SUCCESS); 3745 } 3746 3747 xfer->x_ndmac--; 3748 3749 nprp_page = nvme->n_pagesize / sizeof (uint64_t); 3750 ASSERT(nprp_page > 0); 3751 nprp = (xfer->x_ndmac + nprp_page - 1) / nprp_page; 3752 3753 /* 3754 * We currently don't support chained PRPs and set up our DMA 3755 * attributes to reflect that. If we still get an I/O request 3756 * that needs a chained PRP something is very wrong. 3757 */ 3758 VERIFY(nprp == 1); 3759 3760 cmd->nc_dma = kmem_cache_alloc(nvme->n_prp_cache, KM_SLEEP); 3761 bzero(cmd->nc_dma->nd_memp, cmd->nc_dma->nd_len); 3762 3763 cmd->nc_sqe.sqe_dptr.d_prp[1] = cmd->nc_dma->nd_cookie.dmac_laddress; 3764 3765 /*LINTED: E_PTR_BAD_CAST_ALIGN*/ 3766 for (prp = (uint64_t *)cmd->nc_dma->nd_memp; 3767 xfer->x_ndmac > 0; 3768 prp++, xfer->x_ndmac--) { 3769 ddi_dma_nextcookie(xfer->x_dmah, &xfer->x_dmac); 3770 *prp = xfer->x_dmac.dmac_laddress; 3771 } 3772 3773 (void) ddi_dma_sync(cmd->nc_dma->nd_dmah, 0, cmd->nc_dma->nd_len, 3774 DDI_DMA_SYNC_FORDEV); 3775 return (DDI_SUCCESS); 3776 } 3777 3778 /* 3779 * The maximum number of requests supported for a deallocate request is 3780 * NVME_DSET_MGMT_MAX_RANGES (256) -- this is from the NVMe 1.1 spec (and 3781 * unchanged through at least 1.4a). The definition of nvme_range_t is also 3782 * from the NVMe 1.1 spec. Together, the result is that all of the ranges for 3783 * a deallocate request will fit into the smallest supported namespace page 3784 * (4k). 3785 */ 3786 CTASSERT(sizeof (nvme_range_t) * NVME_DSET_MGMT_MAX_RANGES == 4096); 3787 3788 static int 3789 nvme_fill_ranges(nvme_cmd_t *cmd, bd_xfer_t *xfer, uint64_t blocksize, 3790 int allocflag) 3791 { 3792 const dkioc_free_list_t *dfl = xfer->x_dfl; 3793 const dkioc_free_list_ext_t *exts = dfl->dfl_exts; 3794 nvme_t *nvme = cmd->nc_nvme; 3795 nvme_range_t *ranges = NULL; 3796 uint_t i; 3797 3798 /* 3799 * The number of ranges in the request is 0s based (that is 3800 * word10 == 0 -> 1 range, word10 == 1 -> 2 ranges, ..., 3801 * word10 == 255 -> 256 ranges). Therefore the allowed values are 3802 * [1..NVME_DSET_MGMT_MAX_RANGES]. If blkdev gives us a bad request, 3803 * we either provided bad info in nvme_bd_driveinfo() or there is a bug 3804 * in blkdev. 3805 */ 3806 VERIFY3U(dfl->dfl_num_exts, >, 0); 3807 VERIFY3U(dfl->dfl_num_exts, <=, NVME_DSET_MGMT_MAX_RANGES); 3808 cmd->nc_sqe.sqe_cdw10 = (dfl->dfl_num_exts - 1) & 0xff; 3809 3810 cmd->nc_sqe.sqe_cdw11 = NVME_DSET_MGMT_ATTR_DEALLOCATE; 3811 3812 cmd->nc_dma = kmem_cache_alloc(nvme->n_prp_cache, allocflag); 3813 if (cmd->nc_dma == NULL) 3814 return (DDI_FAILURE); 3815 3816 bzero(cmd->nc_dma->nd_memp, cmd->nc_dma->nd_len); 3817 ranges = (nvme_range_t *)cmd->nc_dma->nd_memp; 3818 3819 cmd->nc_sqe.sqe_dptr.d_prp[0] = cmd->nc_dma->nd_cookie.dmac_laddress; 3820 cmd->nc_sqe.sqe_dptr.d_prp[1] = 0; 3821 3822 for (i = 0; i < dfl->dfl_num_exts; i++) { 3823 uint64_t lba, len; 3824 3825 lba = (dfl->dfl_offset + exts[i].dfle_start) / blocksize; 3826 len = exts[i].dfle_length / blocksize; 3827 3828 VERIFY3U(len, <=, UINT32_MAX); 3829 3830 /* No context attributes for a deallocate request */ 3831 ranges[i].nr_ctxattr = 0; 3832 ranges[i].nr_len = len; 3833 ranges[i].nr_lba = lba; 3834 } 3835 3836 (void) ddi_dma_sync(cmd->nc_dma->nd_dmah, 0, cmd->nc_dma->nd_len, 3837 DDI_DMA_SYNC_FORDEV); 3838 3839 return (DDI_SUCCESS); 3840 } 3841 3842 static nvme_cmd_t * 3843 nvme_create_nvm_cmd(nvme_namespace_t *ns, uint8_t opc, bd_xfer_t *xfer) 3844 { 3845 nvme_t *nvme = ns->ns_nvme; 3846 nvme_cmd_t *cmd; 3847 int allocflag; 3848 3849 /* 3850 * Blkdev only sets BD_XFER_POLL when dumping, so don't sleep. 3851 */ 3852 allocflag = (xfer->x_flags & BD_XFER_POLL) ? KM_NOSLEEP : KM_SLEEP; 3853 cmd = nvme_alloc_cmd(nvme, allocflag); 3854 3855 if (cmd == NULL) 3856 return (NULL); 3857 3858 cmd->nc_sqe.sqe_opc = opc; 3859 cmd->nc_callback = nvme_bd_xfer_done; 3860 cmd->nc_xfer = xfer; 3861 3862 switch (opc) { 3863 case NVME_OPC_NVM_WRITE: 3864 case NVME_OPC_NVM_READ: 3865 VERIFY(xfer->x_nblks <= 0x10000); 3866 3867 cmd->nc_sqe.sqe_nsid = ns->ns_id; 3868 3869 cmd->nc_sqe.sqe_cdw10 = xfer->x_blkno & 0xffffffffu; 3870 cmd->nc_sqe.sqe_cdw11 = (xfer->x_blkno >> 32); 3871 cmd->nc_sqe.sqe_cdw12 = (uint16_t)(xfer->x_nblks - 1); 3872 3873 if (nvme_fill_prp(cmd, xfer) != DDI_SUCCESS) 3874 goto fail; 3875 break; 3876 3877 case NVME_OPC_NVM_FLUSH: 3878 cmd->nc_sqe.sqe_nsid = ns->ns_id; 3879 break; 3880 3881 case NVME_OPC_NVM_DSET_MGMT: 3882 cmd->nc_sqe.sqe_nsid = ns->ns_id; 3883 3884 if (nvme_fill_ranges(cmd, xfer, 3885 (uint64_t)ns->ns_block_size, allocflag) != DDI_SUCCESS) 3886 goto fail; 3887 break; 3888 3889 default: 3890 goto fail; 3891 } 3892 3893 return (cmd); 3894 3895 fail: 3896 nvme_free_cmd(cmd); 3897 return (NULL); 3898 } 3899 3900 static void 3901 nvme_bd_xfer_done(void *arg) 3902 { 3903 nvme_cmd_t *cmd = arg; 3904 bd_xfer_t *xfer = cmd->nc_xfer; 3905 int error = 0; 3906 3907 error = nvme_check_cmd_status(cmd); 3908 nvme_free_cmd(cmd); 3909 3910 bd_xfer_done(xfer, error); 3911 } 3912 3913 static void 3914 nvme_bd_driveinfo(void *arg, bd_drive_t *drive) 3915 { 3916 nvme_namespace_t *ns = arg; 3917 nvme_t *nvme = ns->ns_nvme; 3918 uint_t ns_count = MAX(1, nvme->n_namespaces_attachable); 3919 3920 /* 3921 * Set the blkdev qcount to the number of submission queues. 3922 * It will then create one waitq/runq pair for each submission 3923 * queue and spread I/O requests across the queues. 3924 */ 3925 drive->d_qcount = nvme->n_ioq_count; 3926 3927 /* 3928 * I/O activity to individual namespaces is distributed across 3929 * each of the d_qcount blkdev queues (which has been set to 3930 * the number of nvme submission queues). d_qsize is the number 3931 * of submitted and not completed I/Os within each queue that blkdev 3932 * will allow before it starts holding them in the waitq. 3933 * 3934 * Each namespace will create a child blkdev instance, for each one 3935 * we try and set the d_qsize so that each namespace gets an 3936 * equal portion of the submission queue. 3937 * 3938 * If post instantiation of the nvme drive, n_namespaces_attachable 3939 * changes and a namespace is attached it could calculate a 3940 * different d_qsize. It may even be that the sum of the d_qsizes is 3941 * now beyond the submission queue size. Should that be the case 3942 * and the I/O rate is such that blkdev attempts to submit more 3943 * I/Os than the size of the submission queue, the excess I/Os 3944 * will be held behind the semaphore nq_sema. 3945 */ 3946 drive->d_qsize = nvme->n_io_squeue_len / ns_count; 3947 3948 /* 3949 * Don't let the queue size drop below the minimum, though. 3950 */ 3951 drive->d_qsize = MAX(drive->d_qsize, NVME_MIN_IO_QUEUE_LEN); 3952 3953 /* 3954 * d_maxxfer is not set, which means the value is taken from the DMA 3955 * attributes specified to bd_alloc_handle. 3956 */ 3957 3958 drive->d_removable = B_FALSE; 3959 drive->d_hotpluggable = B_FALSE; 3960 3961 bcopy(ns->ns_eui64, drive->d_eui64, sizeof (drive->d_eui64)); 3962 drive->d_target = ns->ns_id; 3963 drive->d_lun = 0; 3964 3965 drive->d_model = nvme->n_idctl->id_model; 3966 drive->d_model_len = sizeof (nvme->n_idctl->id_model); 3967 drive->d_vendor = nvme->n_vendor; 3968 drive->d_vendor_len = strlen(nvme->n_vendor); 3969 drive->d_product = nvme->n_product; 3970 drive->d_product_len = strlen(nvme->n_product); 3971 drive->d_serial = nvme->n_idctl->id_serial; 3972 drive->d_serial_len = sizeof (nvme->n_idctl->id_serial); 3973 drive->d_revision = nvme->n_idctl->id_fwrev; 3974 drive->d_revision_len = sizeof (nvme->n_idctl->id_fwrev); 3975 3976 /* 3977 * If we support the dataset management command, the only restrictions 3978 * on a discard request are the maximum number of ranges (segments) 3979 * per single request. 3980 */ 3981 if (nvme->n_idctl->id_oncs.on_dset_mgmt) 3982 drive->d_max_free_seg = NVME_DSET_MGMT_MAX_RANGES; 3983 } 3984 3985 static int 3986 nvme_bd_mediainfo(void *arg, bd_media_t *media) 3987 { 3988 nvme_namespace_t *ns = arg; 3989 nvme_t *nvme = ns->ns_nvme; 3990 3991 if (nvme->n_dead) { 3992 return (EIO); 3993 } 3994 3995 media->m_nblks = ns->ns_block_count; 3996 media->m_blksize = ns->ns_block_size; 3997 media->m_readonly = B_FALSE; 3998 media->m_solidstate = B_TRUE; 3999 4000 media->m_pblksize = ns->ns_best_block_size; 4001 4002 return (0); 4003 } 4004 4005 static int 4006 nvme_bd_cmd(nvme_namespace_t *ns, bd_xfer_t *xfer, uint8_t opc) 4007 { 4008 nvme_t *nvme = ns->ns_nvme; 4009 nvme_cmd_t *cmd; 4010 nvme_qpair_t *ioq; 4011 boolean_t poll; 4012 int ret; 4013 4014 if (nvme->n_dead) { 4015 return (EIO); 4016 } 4017 4018 cmd = nvme_create_nvm_cmd(ns, opc, xfer); 4019 if (cmd == NULL) 4020 return (ENOMEM); 4021 4022 cmd->nc_sqid = xfer->x_qnum + 1; 4023 ASSERT(cmd->nc_sqid <= nvme->n_ioq_count); 4024 ioq = nvme->n_ioq[cmd->nc_sqid]; 4025 4026 /* 4027 * Get the polling flag before submitting the command. The command may 4028 * complete immediately after it was submitted, which means we must 4029 * treat both cmd and xfer as if they have been freed already. 4030 */ 4031 poll = (xfer->x_flags & BD_XFER_POLL) != 0; 4032 4033 ret = nvme_submit_io_cmd(ioq, cmd); 4034 4035 if (ret != 0) 4036 return (ret); 4037 4038 if (!poll) 4039 return (0); 4040 4041 do { 4042 cmd = nvme_retrieve_cmd(nvme, ioq); 4043 if (cmd != NULL) 4044 cmd->nc_callback(cmd); 4045 else 4046 drv_usecwait(10); 4047 } while (ioq->nq_active_cmds != 0); 4048 4049 return (0); 4050 } 4051 4052 static int 4053 nvme_bd_read(void *arg, bd_xfer_t *xfer) 4054 { 4055 nvme_namespace_t *ns = arg; 4056 4057 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_READ)); 4058 } 4059 4060 static int 4061 nvme_bd_write(void *arg, bd_xfer_t *xfer) 4062 { 4063 nvme_namespace_t *ns = arg; 4064 4065 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_WRITE)); 4066 } 4067 4068 static int 4069 nvme_bd_sync(void *arg, bd_xfer_t *xfer) 4070 { 4071 nvme_namespace_t *ns = arg; 4072 4073 if (ns->ns_nvme->n_dead) 4074 return (EIO); 4075 4076 /* 4077 * If the volatile write cache is not present or not enabled the FLUSH 4078 * command is a no-op, so we can take a shortcut here. 4079 */ 4080 if (!ns->ns_nvme->n_write_cache_present) { 4081 bd_xfer_done(xfer, ENOTSUP); 4082 return (0); 4083 } 4084 4085 if (!ns->ns_nvme->n_write_cache_enabled) { 4086 bd_xfer_done(xfer, 0); 4087 return (0); 4088 } 4089 4090 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_FLUSH)); 4091 } 4092 4093 static int 4094 nvme_bd_devid(void *arg, dev_info_t *devinfo, ddi_devid_t *devid) 4095 { 4096 nvme_namespace_t *ns = arg; 4097 nvme_t *nvme = ns->ns_nvme; 4098 4099 if (nvme->n_dead) { 4100 return (EIO); 4101 } 4102 4103 /*LINTED: E_BAD_PTR_CAST_ALIGN*/ 4104 if (*(uint64_t *)ns->ns_eui64 != 0) { 4105 return (ddi_devid_init(devinfo, DEVID_SCSI3_WWN, 4106 sizeof (ns->ns_eui64), ns->ns_eui64, devid)); 4107 } else { 4108 return (ddi_devid_init(devinfo, DEVID_ENCAP, 4109 strlen(ns->ns_devid), ns->ns_devid, devid)); 4110 } 4111 } 4112 4113 static int 4114 nvme_bd_free_space(void *arg, bd_xfer_t *xfer) 4115 { 4116 nvme_namespace_t *ns = arg; 4117 4118 if (xfer->x_dfl == NULL) 4119 return (EINVAL); 4120 4121 if (!ns->ns_nvme->n_idctl->id_oncs.on_dset_mgmt) 4122 return (ENOTSUP); 4123 4124 return (nvme_bd_cmd(ns, xfer, NVME_OPC_NVM_DSET_MGMT)); 4125 } 4126 4127 static int 4128 nvme_open(dev_t *devp, int flag, int otyp, cred_t *cred_p) 4129 { 4130 #ifndef __lock_lint 4131 _NOTE(ARGUNUSED(cred_p)); 4132 #endif 4133 minor_t minor = getminor(*devp); 4134 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4135 int nsid = NVME_MINOR_NSID(minor); 4136 nvme_minor_state_t *nm; 4137 int rv = 0; 4138 4139 if (otyp != OTYP_CHR) 4140 return (EINVAL); 4141 4142 if (nvme == NULL) 4143 return (ENXIO); 4144 4145 if (nsid > nvme->n_namespace_count) 4146 return (ENXIO); 4147 4148 if (nvme->n_dead) 4149 return (EIO); 4150 4151 nm = nsid == 0 ? &nvme->n_minor : &nvme->n_ns[nsid - 1].ns_minor; 4152 4153 mutex_enter(&nm->nm_mutex); 4154 if (nm->nm_oexcl) { 4155 rv = EBUSY; 4156 goto out; 4157 } 4158 4159 if (flag & FEXCL) { 4160 if (nm->nm_ocnt != 0) { 4161 rv = EBUSY; 4162 goto out; 4163 } 4164 nm->nm_oexcl = B_TRUE; 4165 } 4166 4167 nm->nm_ocnt++; 4168 4169 out: 4170 mutex_exit(&nm->nm_mutex); 4171 return (rv); 4172 4173 } 4174 4175 static int 4176 nvme_close(dev_t dev, int flag, int otyp, cred_t *cred_p) 4177 { 4178 #ifndef __lock_lint 4179 _NOTE(ARGUNUSED(cred_p)); 4180 _NOTE(ARGUNUSED(flag)); 4181 #endif 4182 minor_t minor = getminor(dev); 4183 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4184 int nsid = NVME_MINOR_NSID(minor); 4185 nvme_minor_state_t *nm; 4186 4187 if (otyp != OTYP_CHR) 4188 return (ENXIO); 4189 4190 if (nvme == NULL) 4191 return (ENXIO); 4192 4193 if (nsid > nvme->n_namespace_count) 4194 return (ENXIO); 4195 4196 nm = nsid == 0 ? &nvme->n_minor : &nvme->n_ns[nsid - 1].ns_minor; 4197 4198 mutex_enter(&nm->nm_mutex); 4199 if (nm->nm_oexcl) 4200 nm->nm_oexcl = B_FALSE; 4201 4202 ASSERT(nm->nm_ocnt > 0); 4203 nm->nm_ocnt--; 4204 mutex_exit(&nm->nm_mutex); 4205 4206 return (0); 4207 } 4208 4209 static int 4210 nvme_ioctl_identify(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4211 cred_t *cred_p) 4212 { 4213 _NOTE(ARGUNUSED(cred_p)); 4214 int rv = 0; 4215 void *idctl; 4216 4217 if ((mode & FREAD) == 0) 4218 return (EPERM); 4219 4220 if (nioc->n_len < NVME_IDENTIFY_BUFSIZE) 4221 return (EINVAL); 4222 4223 if ((rv = nvme_identify(nvme, B_TRUE, nsid, (void **)&idctl)) != 0) 4224 return (rv); 4225 4226 if (ddi_copyout(idctl, (void *)nioc->n_buf, NVME_IDENTIFY_BUFSIZE, mode) 4227 != 0) 4228 rv = EFAULT; 4229 4230 kmem_free(idctl, NVME_IDENTIFY_BUFSIZE); 4231 4232 return (rv); 4233 } 4234 4235 /* 4236 * Execute commands on behalf of the various ioctls. 4237 */ 4238 static int 4239 nvme_ioc_cmd(nvme_t *nvme, nvme_sqe_t *sqe, boolean_t is_admin, void *data_addr, 4240 uint32_t data_len, int rwk, nvme_cqe_t *cqe, uint_t timeout) 4241 { 4242 nvme_cmd_t *cmd; 4243 nvme_qpair_t *ioq; 4244 int rv = 0; 4245 4246 cmd = nvme_alloc_cmd(nvme, KM_SLEEP); 4247 if (is_admin) { 4248 cmd->nc_sqid = 0; 4249 ioq = nvme->n_adminq; 4250 } else { 4251 cmd->nc_sqid = (CPU->cpu_id % nvme->n_ioq_count) + 1; 4252 ASSERT(cmd->nc_sqid <= nvme->n_ioq_count); 4253 ioq = nvme->n_ioq[cmd->nc_sqid]; 4254 } 4255 4256 cmd->nc_callback = nvme_wakeup_cmd; 4257 cmd->nc_sqe = *sqe; 4258 4259 if ((rwk & (FREAD | FWRITE)) != 0) { 4260 if (data_addr == NULL) { 4261 rv = EINVAL; 4262 goto free_cmd; 4263 } 4264 4265 /* 4266 * Because we use PRPs and haven't implemented PRP 4267 * lists here, the maximum data size is restricted to 4268 * 2 pages. 4269 */ 4270 if (data_len > 2 * nvme->n_pagesize) { 4271 dev_err(nvme->n_dip, CE_WARN, "!Data size %u is too " 4272 "large for nvme_ioc_cmd(). Limit is 2 pages " 4273 "(%u bytes)", data_len, 2 * nvme->n_pagesize); 4274 4275 rv = EINVAL; 4276 goto free_cmd; 4277 } 4278 4279 if (nvme_zalloc_dma(nvme, data_len, DDI_DMA_READ, 4280 &nvme->n_prp_dma_attr, &cmd->nc_dma) != DDI_SUCCESS) { 4281 dev_err(nvme->n_dip, CE_WARN, 4282 "!nvme_zalloc_dma failed for nvme_ioc_cmd()"); 4283 4284 rv = ENOMEM; 4285 goto free_cmd; 4286 } 4287 4288 if (cmd->nc_dma->nd_ncookie > 2) { 4289 dev_err(nvme->n_dip, CE_WARN, 4290 "!too many DMA cookies for nvme_ioc_cmd()"); 4291 atomic_inc_32(&nvme->n_too_many_cookies); 4292 4293 rv = E2BIG; 4294 goto free_cmd; 4295 } 4296 4297 cmd->nc_sqe.sqe_dptr.d_prp[0] = 4298 cmd->nc_dma->nd_cookie.dmac_laddress; 4299 4300 if (cmd->nc_dma->nd_ncookie > 1) { 4301 ddi_dma_nextcookie(cmd->nc_dma->nd_dmah, 4302 &cmd->nc_dma->nd_cookie); 4303 cmd->nc_sqe.sqe_dptr.d_prp[1] = 4304 cmd->nc_dma->nd_cookie.dmac_laddress; 4305 } 4306 4307 if ((rwk & FWRITE) != 0) { 4308 if (ddi_copyin(data_addr, cmd->nc_dma->nd_memp, 4309 data_len, rwk & FKIOCTL) != 0) { 4310 rv = EFAULT; 4311 goto free_cmd; 4312 } 4313 } 4314 } 4315 4316 if (is_admin) { 4317 nvme_admin_cmd(cmd, timeout); 4318 } else { 4319 mutex_enter(&cmd->nc_mutex); 4320 4321 rv = nvme_submit_io_cmd(ioq, cmd); 4322 4323 if (rv == EAGAIN) { 4324 mutex_exit(&cmd->nc_mutex); 4325 dev_err(cmd->nc_nvme->n_dip, CE_WARN, 4326 "!nvme_ioc_cmd() failed, I/O Q full"); 4327 goto free_cmd; 4328 } 4329 4330 nvme_wait_cmd(cmd, timeout); 4331 4332 mutex_exit(&cmd->nc_mutex); 4333 } 4334 4335 if (cqe != NULL) 4336 *cqe = cmd->nc_cqe; 4337 4338 if ((rv = nvme_check_cmd_status(cmd)) != 0) { 4339 dev_err(nvme->n_dip, CE_WARN, 4340 "!nvme_ioc_cmd() failed with sct = %x, sc = %x", 4341 cmd->nc_cqe.cqe_sf.sf_sct, cmd->nc_cqe.cqe_sf.sf_sc); 4342 4343 goto free_cmd; 4344 } 4345 4346 if ((rwk & FREAD) != 0) { 4347 if (ddi_copyout(cmd->nc_dma->nd_memp, 4348 data_addr, data_len, rwk & FKIOCTL) != 0) 4349 rv = EFAULT; 4350 } 4351 4352 free_cmd: 4353 nvme_free_cmd(cmd); 4354 4355 return (rv); 4356 } 4357 4358 static int 4359 nvme_ioctl_capabilities(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4360 int mode, cred_t *cred_p) 4361 { 4362 _NOTE(ARGUNUSED(nsid, cred_p)); 4363 int rv = 0; 4364 nvme_reg_cap_t cap = { 0 }; 4365 nvme_capabilities_t nc; 4366 4367 if ((mode & FREAD) == 0) 4368 return (EPERM); 4369 4370 if (nioc->n_len < sizeof (nc)) 4371 return (EINVAL); 4372 4373 cap.r = nvme_get64(nvme, NVME_REG_CAP); 4374 4375 /* 4376 * The MPSMIN and MPSMAX fields in the CAP register use 0 to 4377 * specify the base page size of 4k (1<<12), so add 12 here to 4378 * get the real page size value. 4379 */ 4380 nc.mpsmax = 1 << (12 + cap.b.cap_mpsmax); 4381 nc.mpsmin = 1 << (12 + cap.b.cap_mpsmin); 4382 4383 if (ddi_copyout(&nc, (void *)nioc->n_buf, sizeof (nc), mode) != 0) 4384 rv = EFAULT; 4385 4386 return (rv); 4387 } 4388 4389 static int 4390 nvme_ioctl_get_logpage(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4391 int mode, cred_t *cred_p) 4392 { 4393 _NOTE(ARGUNUSED(cred_p)); 4394 void *log = NULL; 4395 size_t bufsize = 0; 4396 int rv = 0; 4397 4398 if ((mode & FREAD) == 0) 4399 return (EPERM); 4400 4401 switch (nioc->n_arg) { 4402 case NVME_LOGPAGE_ERROR: 4403 if (nsid != 0) 4404 return (EINVAL); 4405 break; 4406 case NVME_LOGPAGE_HEALTH: 4407 if (nsid != 0 && nvme->n_idctl->id_lpa.lp_smart == 0) 4408 return (EINVAL); 4409 4410 if (nsid == 0) 4411 nsid = (uint32_t)-1; 4412 4413 break; 4414 case NVME_LOGPAGE_FWSLOT: 4415 if (nsid != 0) 4416 return (EINVAL); 4417 break; 4418 default: 4419 return (EINVAL); 4420 } 4421 4422 if (nvme_get_logpage(nvme, B_TRUE, &log, &bufsize, nioc->n_arg, nsid) 4423 != DDI_SUCCESS) 4424 return (EIO); 4425 4426 if (nioc->n_len < bufsize) { 4427 kmem_free(log, bufsize); 4428 return (EINVAL); 4429 } 4430 4431 if (ddi_copyout(log, (void *)nioc->n_buf, bufsize, mode) != 0) 4432 rv = EFAULT; 4433 4434 nioc->n_len = bufsize; 4435 kmem_free(log, bufsize); 4436 4437 return (rv); 4438 } 4439 4440 static int 4441 nvme_ioctl_get_features(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4442 int mode, cred_t *cred_p) 4443 { 4444 _NOTE(ARGUNUSED(cred_p)); 4445 void *buf = NULL; 4446 size_t bufsize = 0; 4447 uint32_t res = 0; 4448 uint8_t feature; 4449 int rv = 0; 4450 4451 if ((mode & FREAD) == 0) 4452 return (EPERM); 4453 4454 if ((nioc->n_arg >> 32) > 0xff) 4455 return (EINVAL); 4456 4457 feature = (uint8_t)(nioc->n_arg >> 32); 4458 4459 switch (feature) { 4460 case NVME_FEAT_ARBITRATION: 4461 case NVME_FEAT_POWER_MGMT: 4462 case NVME_FEAT_ERROR: 4463 case NVME_FEAT_NQUEUES: 4464 case NVME_FEAT_INTR_COAL: 4465 case NVME_FEAT_WRITE_ATOM: 4466 case NVME_FEAT_ASYNC_EVENT: 4467 case NVME_FEAT_PROGRESS: 4468 if (nsid != 0) 4469 return (EINVAL); 4470 break; 4471 4472 case NVME_FEAT_TEMPERATURE: 4473 if (nsid != 0) 4474 return (EINVAL); 4475 res = nioc->n_arg & 0xffffffffUL; 4476 if (NVME_VERSION_ATLEAST(&nvme->n_version, 1, 2)) { 4477 nvme_temp_threshold_t tt; 4478 4479 tt.r = res; 4480 if (tt.b.tt_thsel != NVME_TEMP_THRESH_OVER && 4481 tt.b.tt_thsel != NVME_TEMP_THRESH_UNDER) { 4482 return (EINVAL); 4483 } 4484 4485 if (tt.b.tt_tmpsel > NVME_TEMP_THRESH_MAX_SENSOR) { 4486 return (EINVAL); 4487 } 4488 } else if (res != 0) { 4489 return (EINVAL); 4490 } 4491 break; 4492 4493 case NVME_FEAT_INTR_VECT: 4494 if (nsid != 0) 4495 return (EINVAL); 4496 4497 res = nioc->n_arg & 0xffffffffUL; 4498 if (res >= nvme->n_intr_cnt) 4499 return (EINVAL); 4500 break; 4501 4502 case NVME_FEAT_LBA_RANGE: 4503 if (nvme->n_lba_range_supported == B_FALSE) 4504 return (EINVAL); 4505 4506 if (nsid == 0 || 4507 nsid > nvme->n_namespace_count) 4508 return (EINVAL); 4509 4510 break; 4511 4512 case NVME_FEAT_WRITE_CACHE: 4513 if (nsid != 0) 4514 return (EINVAL); 4515 4516 if (!nvme->n_write_cache_present) 4517 return (EINVAL); 4518 4519 break; 4520 4521 case NVME_FEAT_AUTO_PST: 4522 if (nsid != 0) 4523 return (EINVAL); 4524 4525 if (!nvme->n_auto_pst_supported) 4526 return (EINVAL); 4527 4528 break; 4529 4530 default: 4531 return (EINVAL); 4532 } 4533 4534 rv = nvme_get_features(nvme, B_TRUE, nsid, feature, &res, &buf, 4535 &bufsize); 4536 if (rv != 0) 4537 return (rv); 4538 4539 if (nioc->n_len < bufsize) { 4540 kmem_free(buf, bufsize); 4541 return (EINVAL); 4542 } 4543 4544 if (buf && ddi_copyout(buf, (void*)nioc->n_buf, bufsize, mode) != 0) 4545 rv = EFAULT; 4546 4547 kmem_free(buf, bufsize); 4548 nioc->n_arg = res; 4549 nioc->n_len = bufsize; 4550 4551 return (rv); 4552 } 4553 4554 static int 4555 nvme_ioctl_intr_cnt(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4556 cred_t *cred_p) 4557 { 4558 _NOTE(ARGUNUSED(nsid, mode, cred_p)); 4559 4560 if ((mode & FREAD) == 0) 4561 return (EPERM); 4562 4563 nioc->n_arg = nvme->n_intr_cnt; 4564 return (0); 4565 } 4566 4567 static int 4568 nvme_ioctl_version(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4569 cred_t *cred_p) 4570 { 4571 _NOTE(ARGUNUSED(nsid, cred_p)); 4572 int rv = 0; 4573 4574 if ((mode & FREAD) == 0) 4575 return (EPERM); 4576 4577 if (nioc->n_len < sizeof (nvme->n_version)) 4578 return (ENOMEM); 4579 4580 if (ddi_copyout(&nvme->n_version, (void *)nioc->n_buf, 4581 sizeof (nvme->n_version), mode) != 0) 4582 rv = EFAULT; 4583 4584 return (rv); 4585 } 4586 4587 static int 4588 nvme_ioctl_format(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4589 cred_t *cred_p) 4590 { 4591 _NOTE(ARGUNUSED(mode)); 4592 nvme_format_nvm_t frmt = { 0 }; 4593 int c_nsid = nsid != 0 ? nsid - 1 : 0; 4594 4595 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4596 return (EPERM); 4597 4598 frmt.r = nioc->n_arg & 0xffffffff; 4599 4600 /* 4601 * Check whether the FORMAT NVM command is supported. 4602 */ 4603 if (nvme->n_idctl->id_oacs.oa_format == 0) 4604 return (EINVAL); 4605 4606 /* 4607 * Don't allow format or secure erase of individual namespace if that 4608 * would cause a format or secure erase of all namespaces. 4609 */ 4610 if (nsid != 0 && nvme->n_idctl->id_fna.fn_format != 0) 4611 return (EINVAL); 4612 4613 if (nsid != 0 && frmt.b.fm_ses != NVME_FRMT_SES_NONE && 4614 nvme->n_idctl->id_fna.fn_sec_erase != 0) 4615 return (EINVAL); 4616 4617 /* 4618 * Don't allow formatting with Protection Information. 4619 */ 4620 if (frmt.b.fm_pi != 0 || frmt.b.fm_pil != 0 || frmt.b.fm_ms != 0) 4621 return (EINVAL); 4622 4623 /* 4624 * Don't allow formatting using an illegal LBA format, or any LBA format 4625 * that uses metadata. 4626 */ 4627 if (frmt.b.fm_lbaf > nvme->n_ns[c_nsid].ns_idns->id_nlbaf || 4628 nvme->n_ns[c_nsid].ns_idns->id_lbaf[frmt.b.fm_lbaf].lbaf_ms != 0) 4629 return (EINVAL); 4630 4631 /* 4632 * Don't allow formatting using an illegal Secure Erase setting. 4633 */ 4634 if (frmt.b.fm_ses > NVME_FRMT_MAX_SES || 4635 (frmt.b.fm_ses == NVME_FRMT_SES_CRYPTO && 4636 nvme->n_idctl->id_fna.fn_crypt_erase == 0)) 4637 return (EINVAL); 4638 4639 if (nsid == 0) 4640 nsid = (uint32_t)-1; 4641 4642 return (nvme_format_nvm(nvme, B_TRUE, nsid, frmt.b.fm_lbaf, B_FALSE, 0, 4643 B_FALSE, frmt.b.fm_ses)); 4644 } 4645 4646 static int 4647 nvme_ioctl_detach(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4648 cred_t *cred_p) 4649 { 4650 _NOTE(ARGUNUSED(nioc, mode)); 4651 int rv = 0; 4652 4653 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4654 return (EPERM); 4655 4656 if (nsid == 0) 4657 return (EINVAL); 4658 4659 if (nvme->n_ns[nsid - 1].ns_ignore) 4660 return (0); 4661 4662 rv = bd_detach_handle(nvme->n_ns[nsid - 1].ns_bd_hdl); 4663 if (rv != DDI_SUCCESS) 4664 rv = EBUSY; 4665 4666 return (rv); 4667 } 4668 4669 static int 4670 nvme_ioctl_attach(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, int mode, 4671 cred_t *cred_p) 4672 { 4673 _NOTE(ARGUNUSED(nioc, mode)); 4674 nvme_identify_nsid_t *idns; 4675 int rv = 0; 4676 4677 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4678 return (EPERM); 4679 4680 if (nsid == 0) 4681 return (EINVAL); 4682 4683 /* 4684 * Identify namespace again, free old identify data. 4685 */ 4686 idns = nvme->n_ns[nsid - 1].ns_idns; 4687 if (nvme_init_ns(nvme, nsid) != DDI_SUCCESS) 4688 return (EIO); 4689 4690 kmem_free(idns, sizeof (nvme_identify_nsid_t)); 4691 4692 if (nvme->n_ns[nsid - 1].ns_ignore) 4693 return (ENOTSUP); 4694 4695 if (nvme->n_ns[nsid - 1].ns_bd_hdl == NULL) 4696 nvme->n_ns[nsid - 1].ns_bd_hdl = bd_alloc_handle( 4697 &nvme->n_ns[nsid - 1], &nvme_bd_ops, &nvme->n_prp_dma_attr, 4698 KM_SLEEP); 4699 4700 rv = bd_attach_handle(nvme->n_dip, nvme->n_ns[nsid - 1].ns_bd_hdl); 4701 if (rv != DDI_SUCCESS) 4702 rv = EBUSY; 4703 4704 return (rv); 4705 } 4706 4707 static void 4708 nvme_ufm_update(nvme_t *nvme) 4709 { 4710 mutex_enter(&nvme->n_fwslot_mutex); 4711 ddi_ufm_update(nvme->n_ufmh); 4712 if (nvme->n_fwslot != NULL) { 4713 kmem_free(nvme->n_fwslot, sizeof (nvme_fwslot_log_t)); 4714 nvme->n_fwslot = NULL; 4715 } 4716 mutex_exit(&nvme->n_fwslot_mutex); 4717 } 4718 4719 static int 4720 nvme_ioctl_firmware_download(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4721 int mode, cred_t *cred_p) 4722 { 4723 int rv = 0; 4724 size_t len, copylen; 4725 offset_t offset; 4726 uintptr_t buf; 4727 nvme_sqe_t sqe = { 4728 .sqe_opc = NVME_OPC_FW_IMAGE_LOAD 4729 }; 4730 4731 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4732 return (EPERM); 4733 4734 if (nsid != 0) 4735 return (EINVAL); 4736 4737 /* 4738 * The offset (in n_len) is restricted to the number of DWORDs in 4739 * 32 bits. 4740 */ 4741 if (nioc->n_len > NVME_FW_OFFSETB_MAX) 4742 return (EINVAL); 4743 4744 /* Confirm that both offset and length are a multiple of DWORD bytes */ 4745 if ((nioc->n_len & NVME_DWORD_MASK) != 0 || 4746 (nioc->n_arg & NVME_DWORD_MASK) != 0) 4747 return (EINVAL); 4748 4749 len = nioc->n_len; 4750 offset = nioc->n_arg; 4751 buf = (uintptr_t)nioc->n_buf; 4752 while (len > 0 && rv == 0) { 4753 /* 4754 * nvme_ioc_cmd() does not use SGLs or PRP lists. 4755 * It is limited to 2 PRPs per NVM command, so limit 4756 * the size of the data to 2 pages. 4757 */ 4758 copylen = MIN(2 * nvme->n_pagesize, len); 4759 4760 sqe.sqe_cdw10 = (uint32_t)(copylen >> NVME_DWORD_SHIFT) - 1; 4761 sqe.sqe_cdw11 = (uint32_t)(offset >> NVME_DWORD_SHIFT); 4762 4763 rv = nvme_ioc_cmd(nvme, &sqe, B_TRUE, (void *)buf, copylen, 4764 FWRITE, NULL, nvme_admin_cmd_timeout); 4765 4766 buf += copylen; 4767 offset += copylen; 4768 len -= copylen; 4769 } 4770 4771 /* 4772 * Let the DDI UFM subsystem know that the firmware information for 4773 * this device has changed. 4774 */ 4775 nvme_ufm_update(nvme); 4776 4777 return (rv); 4778 } 4779 4780 static int 4781 nvme_ioctl_firmware_commit(nvme_t *nvme, int nsid, nvme_ioctl_t *nioc, 4782 int mode, cred_t *cred_p) 4783 { 4784 nvme_firmware_commit_dw10_t fc_dw10 = { 0 }; 4785 uint32_t slot = nioc->n_arg & 0xffffffff; 4786 uint32_t action = nioc->n_arg >> 32; 4787 nvme_cqe_t cqe = { 0 }; 4788 nvme_sqe_t sqe = { 4789 .sqe_opc = NVME_OPC_FW_ACTIVATE 4790 }; 4791 int timeout; 4792 int rv; 4793 4794 if ((mode & FWRITE) == 0 || secpolicy_sys_config(cred_p, B_FALSE) != 0) 4795 return (EPERM); 4796 4797 if (nsid != 0) 4798 return (EINVAL); 4799 4800 /* Validate slot is in range. */ 4801 if (slot < NVME_FW_SLOT_MIN || slot > NVME_FW_SLOT_MAX) 4802 return (EINVAL); 4803 4804 switch (action) { 4805 case NVME_FWC_SAVE: 4806 case NVME_FWC_SAVE_ACTIVATE: 4807 timeout = nvme_commit_save_cmd_timeout; 4808 break; 4809 case NVME_FWC_ACTIVATE: 4810 case NVME_FWC_ACTIVATE_IMMED: 4811 timeout = nvme_admin_cmd_timeout; 4812 break; 4813 default: 4814 return (EINVAL); 4815 } 4816 4817 fc_dw10.b.fc_slot = slot; 4818 fc_dw10.b.fc_action = action; 4819 sqe.sqe_cdw10 = fc_dw10.r; 4820 4821 rv = nvme_ioc_cmd(nvme, &sqe, B_TRUE, NULL, 0, 0, &cqe, timeout); 4822 4823 nioc->n_arg = ((uint64_t)cqe.cqe_sf.sf_sct << 16) | cqe.cqe_sf.sf_sc; 4824 4825 /* 4826 * Let the DDI UFM subsystem know that the firmware information for 4827 * this device has changed. 4828 */ 4829 nvme_ufm_update(nvme); 4830 4831 return (rv); 4832 } 4833 4834 static int 4835 nvme_ioctl(dev_t dev, int cmd, intptr_t arg, int mode, cred_t *cred_p, 4836 int *rval_p) 4837 { 4838 #ifndef __lock_lint 4839 _NOTE(ARGUNUSED(rval_p)); 4840 #endif 4841 minor_t minor = getminor(dev); 4842 nvme_t *nvme = ddi_get_soft_state(nvme_state, NVME_MINOR_INST(minor)); 4843 int nsid = NVME_MINOR_NSID(minor); 4844 int rv = 0; 4845 nvme_ioctl_t nioc; 4846 4847 int (*nvme_ioctl[])(nvme_t *, int, nvme_ioctl_t *, int, cred_t *) = { 4848 NULL, 4849 nvme_ioctl_identify, 4850 nvme_ioctl_identify, 4851 nvme_ioctl_capabilities, 4852 nvme_ioctl_get_logpage, 4853 nvme_ioctl_get_features, 4854 nvme_ioctl_intr_cnt, 4855 nvme_ioctl_version, 4856 nvme_ioctl_format, 4857 nvme_ioctl_detach, 4858 nvme_ioctl_attach, 4859 nvme_ioctl_firmware_download, 4860 nvme_ioctl_firmware_commit 4861 }; 4862 4863 if (nvme == NULL) 4864 return (ENXIO); 4865 4866 if (nsid > nvme->n_namespace_count) 4867 return (ENXIO); 4868 4869 if (IS_DEVCTL(cmd)) 4870 return (ndi_devctl_ioctl(nvme->n_dip, cmd, arg, mode, 0)); 4871 4872 #ifdef _MULTI_DATAMODEL 4873 switch (ddi_model_convert_from(mode & FMODELS)) { 4874 case DDI_MODEL_ILP32: { 4875 nvme_ioctl32_t nioc32; 4876 if (ddi_copyin((void*)arg, &nioc32, sizeof (nvme_ioctl32_t), 4877 mode) != 0) 4878 return (EFAULT); 4879 nioc.n_len = nioc32.n_len; 4880 nioc.n_buf = nioc32.n_buf; 4881 nioc.n_arg = nioc32.n_arg; 4882 break; 4883 } 4884 case DDI_MODEL_NONE: 4885 #endif 4886 if (ddi_copyin((void*)arg, &nioc, sizeof (nvme_ioctl_t), mode) 4887 != 0) 4888 return (EFAULT); 4889 #ifdef _MULTI_DATAMODEL 4890 break; 4891 } 4892 #endif 4893 4894 if (nvme->n_dead && cmd != NVME_IOC_DETACH) 4895 return (EIO); 4896 4897 4898 if (cmd == NVME_IOC_IDENTIFY_CTRL) { 4899 /* 4900 * This makes NVME_IOC_IDENTIFY_CTRL work the same on devctl and 4901 * attachment point nodes. 4902 */ 4903 nsid = 0; 4904 } else if (cmd == NVME_IOC_IDENTIFY_NSID && nsid == 0) { 4905 /* 4906 * This makes NVME_IOC_IDENTIFY_NSID work on a devctl node, it 4907 * will always return identify data for namespace 1. 4908 */ 4909 nsid = 1; 4910 } 4911 4912 if (IS_NVME_IOC(cmd) && nvme_ioctl[NVME_IOC_CMD(cmd)] != NULL) 4913 rv = nvme_ioctl[NVME_IOC_CMD(cmd)](nvme, nsid, &nioc, mode, 4914 cred_p); 4915 else 4916 rv = EINVAL; 4917 4918 #ifdef _MULTI_DATAMODEL 4919 switch (ddi_model_convert_from(mode & FMODELS)) { 4920 case DDI_MODEL_ILP32: { 4921 nvme_ioctl32_t nioc32; 4922 4923 nioc32.n_len = (size32_t)nioc.n_len; 4924 nioc32.n_buf = (uintptr32_t)nioc.n_buf; 4925 nioc32.n_arg = nioc.n_arg; 4926 4927 if (ddi_copyout(&nioc32, (void *)arg, sizeof (nvme_ioctl32_t), 4928 mode) != 0) 4929 return (EFAULT); 4930 break; 4931 } 4932 case DDI_MODEL_NONE: 4933 #endif 4934 if (ddi_copyout(&nioc, (void *)arg, sizeof (nvme_ioctl_t), mode) 4935 != 0) 4936 return (EFAULT); 4937 #ifdef _MULTI_DATAMODEL 4938 break; 4939 } 4940 #endif 4941 4942 return (rv); 4943 } 4944 4945 /* 4946 * DDI UFM Callbacks 4947 */ 4948 static int 4949 nvme_ufm_fill_image(ddi_ufm_handle_t *ufmh, void *arg, uint_t imgno, 4950 ddi_ufm_image_t *img) 4951 { 4952 nvme_t *nvme = arg; 4953 4954 if (imgno != 0) 4955 return (EINVAL); 4956 4957 ddi_ufm_image_set_desc(img, "Firmware"); 4958 ddi_ufm_image_set_nslots(img, nvme->n_idctl->id_frmw.fw_nslot); 4959 4960 return (0); 4961 } 4962 4963 /* 4964 * Fill out firmware slot information for the requested slot. The firmware 4965 * slot information is gathered by requesting the Firmware Slot Information log 4966 * page. The format of the page is described in section 5.10.1.3. 4967 * 4968 * We lazily cache the log page on the first call and then invalidate the cache 4969 * data after a successful firmware download or firmware commit command. 4970 * The cached data is protected by a mutex as the state can change 4971 * asynchronous to this callback. 4972 */ 4973 static int 4974 nvme_ufm_fill_slot(ddi_ufm_handle_t *ufmh, void *arg, uint_t imgno, 4975 uint_t slotno, ddi_ufm_slot_t *slot) 4976 { 4977 nvme_t *nvme = arg; 4978 void *log = NULL; 4979 size_t bufsize; 4980 ddi_ufm_attr_t attr = 0; 4981 char fw_ver[NVME_FWVER_SZ + 1]; 4982 int ret; 4983 4984 if (imgno > 0 || slotno > (nvme->n_idctl->id_frmw.fw_nslot - 1)) 4985 return (EINVAL); 4986 4987 mutex_enter(&nvme->n_fwslot_mutex); 4988 if (nvme->n_fwslot == NULL) { 4989 ret = nvme_get_logpage(nvme, B_TRUE, &log, &bufsize, 4990 NVME_LOGPAGE_FWSLOT, 0); 4991 if (ret != DDI_SUCCESS || 4992 bufsize != sizeof (nvme_fwslot_log_t)) { 4993 if (log != NULL) 4994 kmem_free(log, bufsize); 4995 mutex_exit(&nvme->n_fwslot_mutex); 4996 return (EIO); 4997 } 4998 nvme->n_fwslot = (nvme_fwslot_log_t *)log; 4999 } 5000 5001 /* 5002 * NVMe numbers firmware slots starting at 1 5003 */ 5004 if (slotno == (nvme->n_fwslot->fw_afi - 1)) 5005 attr |= DDI_UFM_ATTR_ACTIVE; 5006 5007 if (slotno != 0 || nvme->n_idctl->id_frmw.fw_readonly == 0) 5008 attr |= DDI_UFM_ATTR_WRITEABLE; 5009 5010 if (nvme->n_fwslot->fw_frs[slotno][0] == '\0') { 5011 attr |= DDI_UFM_ATTR_EMPTY; 5012 } else { 5013 (void) strncpy(fw_ver, nvme->n_fwslot->fw_frs[slotno], 5014 NVME_FWVER_SZ); 5015 fw_ver[NVME_FWVER_SZ] = '\0'; 5016 ddi_ufm_slot_set_version(slot, fw_ver); 5017 } 5018 mutex_exit(&nvme->n_fwslot_mutex); 5019 5020 ddi_ufm_slot_set_attrs(slot, attr); 5021 5022 return (0); 5023 } 5024 5025 static int 5026 nvme_ufm_getcaps(ddi_ufm_handle_t *ufmh, void *arg, ddi_ufm_cap_t *caps) 5027 { 5028 *caps = DDI_UFM_CAP_REPORT; 5029 return (0); 5030 } 5031