xref: /illumos-gate/usr/src/uts/common/io/scsi/adapters/mpt_sas/mptsas.c (revision 44bc9120699af80bb18366ca474cb2c618608ca9) 
1 /*
2  * CDDL HEADER START
3  *
4  * The contents of this file are subject to the terms of the
5  * Common Development and Distribution License (the "License").
6  * You may not use this file except in compliance with the License.
7  *
8  * You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
9  * or http://www.opensolaris.org/os/licensing.
10  * See the License for the specific language governing permissions
11  * and limitations under the License.
12  *
13  * When distributing Covered Code, include this CDDL HEADER in each
14  * file and include the License file at usr/src/OPENSOLARIS.LICENSE.
15  * If applicable, add the following below this CDDL HEADER, with the
16  * fields enclosed by brackets "[]" replaced with your own identifying
17  * information: Portions Copyright [yyyy] [name of copyright owner]
18  *
19  * CDDL HEADER END
20  */
21 
22 /*
23  * Copyright (c) 2009, 2010, Oracle and/or its affiliates. All rights reserved.
24  * Copyright 2014 Nexenta Systems, Inc. All rights reserved.
25  * Copyright (c) 2014, Joyent, Inc. All rights reserved.
26  * Copyright 2014 OmniTI Computer Consulting, Inc. All rights reserved.
27  * Copyright (c) 2014, Tegile Systems Inc. All rights reserved.
28  */
29 
30 /*
31  * Copyright (c) 2000 to 2010, LSI Corporation.
32  * All rights reserved.
33  *
34  * Redistribution and use in source and binary forms of all code within
35  * this file that is exclusively owned by LSI, with or without
36  * modification, is permitted provided that, in addition to the CDDL 1.0
37  * License requirements, the following conditions are met:
38  *
39  *    Neither the name of the author nor the names of its contributors may be
40  *    used to endorse or promote products derived from this software without
41  *    specific prior written permission.
42  *
43  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
44  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
45  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
46  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
47  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
48  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
49  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
50  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
51  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
52  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
53  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
54  * DAMAGE.
55  */
56 
57 /*
58  * mptsas - This is a driver based on LSI Logic's MPT2.0/2.5 interface.
59  *
60  */
61 
62 #if defined(lint) || defined(DEBUG)
63 #define	MPTSAS_DEBUG
64 #endif
65 
66 /*
67  * standard header files.
68  */
69 #include <sys/note.h>
70 #include <sys/scsi/scsi.h>
71 #include <sys/pci.h>
72 #include <sys/file.h>
73 #include <sys/policy.h>
74 #include <sys/model.h>
75 #include <sys/sysevent.h>
76 #include <sys/sysevent/eventdefs.h>
77 #include <sys/sysevent/dr.h>
78 #include <sys/sata/sata_defs.h>
79 #include <sys/scsi/generic/sas.h>
80 #include <sys/scsi/impl/scsi_sas.h>
81 
82 #pragma pack(1)
83 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_type.h>
84 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2.h>
85 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_cnfg.h>
86 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_init.h>
87 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_ioc.h>
88 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_sas.h>
89 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_tool.h>
90 #include <sys/scsi/adapters/mpt_sas/mpi/mpi2_raid.h>
91 #pragma pack()
92 
93 /*
94  * private header files.
95  *
96  */
97 #include <sys/scsi/impl/scsi_reset_notify.h>
98 #include <sys/scsi/adapters/mpt_sas/mptsas_var.h>
99 #include <sys/scsi/adapters/mpt_sas/mptsas_ioctl.h>
100 #include <sys/scsi/adapters/mpt_sas/mptsas_smhba.h>
101 #include <sys/scsi/adapters/mpt_sas/mptsas_hash.h>
102 #include <sys/raidioctl.h>
103 
104 #include <sys/fs/dv_node.h>	/* devfs_clean */
105 
106 /*
107  * FMA header files
108  */
109 #include <sys/ddifm.h>
110 #include <sys/fm/protocol.h>
111 #include <sys/fm/util.h>
112 #include <sys/fm/io/ddi.h>
113 
114 /*
115  * autoconfiguration data and routines.
116  */
117 static int mptsas_attach(dev_info_t *dip, ddi_attach_cmd_t cmd);
118 static int mptsas_detach(dev_info_t *devi, ddi_detach_cmd_t cmd);
119 static int mptsas_power(dev_info_t *dip, int component, int level);
120 
121 /*
122  * cb_ops function
123  */
124 static int mptsas_ioctl(dev_t dev, int cmd, intptr_t data, int mode,
125 	cred_t *credp, int *rval);
126 #ifdef __sparc
127 static int mptsas_reset(dev_info_t *devi, ddi_reset_cmd_t cmd);
128 #else  /* __sparc */
129 static int mptsas_quiesce(dev_info_t *devi);
130 #endif	/* __sparc */
131 
132 /*
133  * Resource initilaization for hardware
134  */
135 static void mptsas_setup_cmd_reg(mptsas_t *mpt);
136 static void mptsas_disable_bus_master(mptsas_t *mpt);
137 static void mptsas_hba_fini(mptsas_t *mpt);
138 static void mptsas_cfg_fini(mptsas_t *mptsas_blkp);
139 static int mptsas_hba_setup(mptsas_t *mpt);
140 static void mptsas_hba_teardown(mptsas_t *mpt);
141 static int mptsas_config_space_init(mptsas_t *mpt);
142 static void mptsas_config_space_fini(mptsas_t *mpt);
143 static void mptsas_iport_register(mptsas_t *mpt);
144 static int mptsas_smp_setup(mptsas_t *mpt);
145 static void mptsas_smp_teardown(mptsas_t *mpt);
146 static int mptsas_cache_create(mptsas_t *mpt);
147 static void mptsas_cache_destroy(mptsas_t *mpt);
148 static int mptsas_alloc_request_frames(mptsas_t *mpt);
149 static int mptsas_alloc_sense_bufs(mptsas_t *mpt);
150 static int mptsas_alloc_reply_frames(mptsas_t *mpt);
151 static int mptsas_alloc_free_queue(mptsas_t *mpt);
152 static int mptsas_alloc_post_queue(mptsas_t *mpt);
153 static void mptsas_alloc_reply_args(mptsas_t *mpt);
154 static int mptsas_alloc_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd);
155 static void mptsas_free_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd);
156 static int mptsas_init_chip(mptsas_t *mpt, int first_time);
157 
158 /*
159  * SCSA function prototypes
160  */
161 static int mptsas_scsi_start(struct scsi_address *ap, struct scsi_pkt *pkt);
162 static int mptsas_scsi_reset(struct scsi_address *ap, int level);
163 static int mptsas_scsi_abort(struct scsi_address *ap, struct scsi_pkt *pkt);
164 static int mptsas_scsi_getcap(struct scsi_address *ap, char *cap, int tgtonly);
165 static int mptsas_scsi_setcap(struct scsi_address *ap, char *cap, int value,
166     int tgtonly);
167 static void mptsas_scsi_dmafree(struct scsi_address *ap, struct scsi_pkt *pkt);
168 static struct scsi_pkt *mptsas_scsi_init_pkt(struct scsi_address *ap,
169     struct scsi_pkt *pkt, struct buf *bp, int cmdlen, int statuslen,
170 	int tgtlen, int flags, int (*callback)(), caddr_t arg);
171 static void mptsas_scsi_sync_pkt(struct scsi_address *ap, struct scsi_pkt *pkt);
172 static void mptsas_scsi_destroy_pkt(struct scsi_address *ap,
173     struct scsi_pkt *pkt);
174 static int mptsas_scsi_tgt_init(dev_info_t *hba_dip, dev_info_t *tgt_dip,
175     scsi_hba_tran_t *hba_tran, struct scsi_device *sd);
176 static void mptsas_scsi_tgt_free(dev_info_t *hba_dip, dev_info_t *tgt_dip,
177     scsi_hba_tran_t *hba_tran, struct scsi_device *sd);
178 static int mptsas_scsi_reset_notify(struct scsi_address *ap, int flag,
179     void (*callback)(caddr_t), caddr_t arg);
180 static int mptsas_get_name(struct scsi_device *sd, char *name, int len);
181 static int mptsas_get_bus_addr(struct scsi_device *sd, char *name, int len);
182 static int mptsas_scsi_quiesce(dev_info_t *dip);
183 static int mptsas_scsi_unquiesce(dev_info_t *dip);
184 static int mptsas_bus_config(dev_info_t *pdip, uint_t flags,
185     ddi_bus_config_op_t op, void *arg, dev_info_t **childp);
186 
187 /*
188  * SMP functions
189  */
190 static int mptsas_smp_start(struct smp_pkt *smp_pkt);
191 
192 /*
193  * internal function prototypes.
194  */
195 static void mptsas_list_add(mptsas_t *mpt);
196 static void mptsas_list_del(mptsas_t *mpt);
197 
198 static int mptsas_quiesce_bus(mptsas_t *mpt);
199 static int mptsas_unquiesce_bus(mptsas_t *mpt);
200 
201 static int mptsas_alloc_handshake_msg(mptsas_t *mpt, size_t alloc_size);
202 static void mptsas_free_handshake_msg(mptsas_t *mpt);
203 
204 static void mptsas_ncmds_checkdrain(void *arg);
205 
206 static int mptsas_prepare_pkt(mptsas_cmd_t *cmd);
207 static int mptsas_accept_pkt(mptsas_t *mpt, mptsas_cmd_t *sp);
208 static int mptsas_accept_txwq_and_pkt(mptsas_t *mpt, mptsas_cmd_t *sp);
209 static void mptsas_accept_tx_waitq(mptsas_t *mpt);
210 
211 static int mptsas_do_detach(dev_info_t *dev);
212 static int mptsas_do_scsi_reset(mptsas_t *mpt, uint16_t devhdl);
213 static int mptsas_do_scsi_abort(mptsas_t *mpt, int target, int lun,
214     struct scsi_pkt *pkt);
215 static int mptsas_scsi_capchk(char *cap, int tgtonly, int *cidxp);
216 
217 static void mptsas_handle_qfull(mptsas_t *mpt, mptsas_cmd_t *cmd);
218 static void mptsas_handle_event(void *args);
219 static int mptsas_handle_event_sync(void *args);
220 static void mptsas_handle_dr(void *args);
221 static void mptsas_handle_topo_change(mptsas_topo_change_list_t *topo_node,
222     dev_info_t *pdip);
223 
224 static void mptsas_restart_cmd(void *);
225 
226 static void mptsas_flush_hba(mptsas_t *mpt);
227 static void mptsas_flush_target(mptsas_t *mpt, ushort_t target, int lun,
228 	uint8_t tasktype);
229 static void mptsas_set_pkt_reason(mptsas_t *mpt, mptsas_cmd_t *cmd,
230     uchar_t reason, uint_t stat);
231 
232 static uint_t mptsas_intr(caddr_t arg1, caddr_t arg2);
233 static void mptsas_process_intr(mptsas_t *mpt,
234     pMpi2ReplyDescriptorsUnion_t reply_desc_union);
235 static void mptsas_handle_scsi_io_success(mptsas_t *mpt,
236     pMpi2ReplyDescriptorsUnion_t reply_desc);
237 static void mptsas_handle_address_reply(mptsas_t *mpt,
238     pMpi2ReplyDescriptorsUnion_t reply_desc);
239 static int mptsas_wait_intr(mptsas_t *mpt, int polltime);
240 static void mptsas_sge_setup(mptsas_t *mpt, mptsas_cmd_t *cmd,
241     uint32_t *control, pMpi2SCSIIORequest_t frame, ddi_acc_handle_t acc_hdl);
242 
243 static void mptsas_watch(void *arg);
244 static void mptsas_watchsubr(mptsas_t *mpt);
245 static void mptsas_cmd_timeout(mptsas_t *mpt, mptsas_target_t *ptgt);
246 
247 static void mptsas_start_passthru(mptsas_t *mpt, mptsas_cmd_t *cmd);
248 static int mptsas_do_passthru(mptsas_t *mpt, uint8_t *request, uint8_t *reply,
249     uint8_t *data, uint32_t request_size, uint32_t reply_size,
250     uint32_t data_size, uint32_t direction, uint8_t *dataout,
251     uint32_t dataout_size, short timeout, int mode);
252 static int mptsas_free_devhdl(mptsas_t *mpt, uint16_t devhdl);
253 
254 static uint8_t mptsas_get_fw_diag_buffer_number(mptsas_t *mpt,
255     uint32_t unique_id);
256 static void mptsas_start_diag(mptsas_t *mpt, mptsas_cmd_t *cmd);
257 static int mptsas_post_fw_diag_buffer(mptsas_t *mpt,
258     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code);
259 static int mptsas_release_fw_diag_buffer(mptsas_t *mpt,
260     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code,
261     uint32_t diag_type);
262 static int mptsas_diag_register(mptsas_t *mpt,
263     mptsas_fw_diag_register_t *diag_register, uint32_t *return_code);
264 static int mptsas_diag_unregister(mptsas_t *mpt,
265     mptsas_fw_diag_unregister_t *diag_unregister, uint32_t *return_code);
266 static int mptsas_diag_query(mptsas_t *mpt, mptsas_fw_diag_query_t *diag_query,
267     uint32_t *return_code);
268 static int mptsas_diag_read_buffer(mptsas_t *mpt,
269     mptsas_diag_read_buffer_t *diag_read_buffer, uint8_t *ioctl_buf,
270     uint32_t *return_code, int ioctl_mode);
271 static int mptsas_diag_release(mptsas_t *mpt,
272     mptsas_fw_diag_release_t *diag_release, uint32_t *return_code);
273 static int mptsas_do_diag_action(mptsas_t *mpt, uint32_t action,
274     uint8_t *diag_action, uint32_t length, uint32_t *return_code,
275     int ioctl_mode);
276 static int mptsas_diag_action(mptsas_t *mpt, mptsas_diag_action_t *data,
277     int mode);
278 
279 static int mptsas_pkt_alloc_extern(mptsas_t *mpt, mptsas_cmd_t *cmd,
280     int cmdlen, int tgtlen, int statuslen, int kf);
281 static void mptsas_pkt_destroy_extern(mptsas_t *mpt, mptsas_cmd_t *cmd);
282 
283 static int mptsas_kmem_cache_constructor(void *buf, void *cdrarg, int kmflags);
284 static void mptsas_kmem_cache_destructor(void *buf, void *cdrarg);
285 
286 static int mptsas_cache_frames_constructor(void *buf, void *cdrarg,
287     int kmflags);
288 static void mptsas_cache_frames_destructor(void *buf, void *cdrarg);
289 
290 static void mptsas_check_scsi_io_error(mptsas_t *mpt, pMpi2SCSIIOReply_t reply,
291     mptsas_cmd_t *cmd);
292 static void mptsas_check_task_mgt(mptsas_t *mpt,
293     pMpi2SCSIManagementReply_t reply, mptsas_cmd_t *cmd);
294 static int mptsas_send_scsi_cmd(mptsas_t *mpt, struct scsi_address *ap,
295     mptsas_target_t *ptgt, uchar_t *cdb, int cdblen, struct buf *data_bp,
296     int *resid);
297 
298 static int mptsas_alloc_active_slots(mptsas_t *mpt, int flag);
299 static void mptsas_free_active_slots(mptsas_t *mpt);
300 static int mptsas_start_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd);
301 
302 static void mptsas_restart_hba(mptsas_t *mpt);
303 static void mptsas_restart_waitq(mptsas_t *mpt);
304 
305 static void mptsas_deliver_doneq_thread(mptsas_t *mpt);
306 static void mptsas_doneq_add(mptsas_t *mpt, mptsas_cmd_t *cmd);
307 static void mptsas_doneq_mv(mptsas_t *mpt, uint64_t t);
308 
309 static mptsas_cmd_t *mptsas_doneq_thread_rm(mptsas_t *mpt, uint64_t t);
310 static void mptsas_doneq_empty(mptsas_t *mpt);
311 static void mptsas_doneq_thread(mptsas_doneq_thread_arg_t *arg);
312 
313 static mptsas_cmd_t *mptsas_waitq_rm(mptsas_t *mpt);
314 static void mptsas_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd);
315 static mptsas_cmd_t *mptsas_tx_waitq_rm(mptsas_t *mpt);
316 static void mptsas_tx_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd);
317 
318 
319 static void mptsas_start_watch_reset_delay();
320 static void mptsas_setup_bus_reset_delay(mptsas_t *mpt);
321 static void mptsas_watch_reset_delay(void *arg);
322 static int mptsas_watch_reset_delay_subr(mptsas_t *mpt);
323 
324 /*
325  * helper functions
326  */
327 static void mptsas_dump_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd);
328 
329 static dev_info_t *mptsas_find_child(dev_info_t *pdip, char *name);
330 static dev_info_t *mptsas_find_child_phy(dev_info_t *pdip, uint8_t phy);
331 static dev_info_t *mptsas_find_child_addr(dev_info_t *pdip, uint64_t sasaddr,
332     int lun);
333 static mdi_pathinfo_t *mptsas_find_path_addr(dev_info_t *pdip, uint64_t sasaddr,
334     int lun);
335 static mdi_pathinfo_t *mptsas_find_path_phy(dev_info_t *pdip, uint8_t phy);
336 static dev_info_t *mptsas_find_smp_child(dev_info_t *pdip, char *str_wwn);
337 
338 static int mptsas_parse_address(char *name, uint64_t *wwid, uint8_t *phy,
339     int *lun);
340 static int mptsas_parse_smp_name(char *name, uint64_t *wwn);
341 
342 static mptsas_target_t *mptsas_phy_to_tgt(mptsas_t *mpt,
343     mptsas_phymask_t phymask, uint8_t phy);
344 static mptsas_target_t *mptsas_wwid_to_ptgt(mptsas_t *mpt,
345     mptsas_phymask_t phymask, uint64_t wwid);
346 static mptsas_smp_t *mptsas_wwid_to_psmp(mptsas_t *mpt,
347     mptsas_phymask_t phymask, uint64_t wwid);
348 
349 static int mptsas_inquiry(mptsas_t *mpt, mptsas_target_t *ptgt, int lun,
350     uchar_t page, unsigned char *buf, int len, int *rlen, uchar_t evpd);
351 
352 static int mptsas_get_target_device_info(mptsas_t *mpt, uint32_t page_address,
353     uint16_t *handle, mptsas_target_t **pptgt);
354 static void mptsas_update_phymask(mptsas_t *mpt);
355 
356 static int mptsas_send_sep(mptsas_t *mpt, mptsas_target_t *ptgt,
357     uint32_t *status, uint8_t cmd);
358 static dev_info_t *mptsas_get_dip_from_dev(dev_t dev,
359     mptsas_phymask_t *phymask);
360 static mptsas_target_t *mptsas_addr_to_ptgt(mptsas_t *mpt, char *addr,
361     mptsas_phymask_t phymask);
362 static int mptsas_flush_led_status(mptsas_t *mpt, mptsas_target_t *ptgt);
363 
364 
365 /*
366  * Enumeration / DR functions
367  */
368 static void mptsas_config_all(dev_info_t *pdip);
369 static int mptsas_config_one_addr(dev_info_t *pdip, uint64_t sasaddr, int lun,
370     dev_info_t **lundip);
371 static int mptsas_config_one_phy(dev_info_t *pdip, uint8_t phy, int lun,
372     dev_info_t **lundip);
373 
374 static int mptsas_config_target(dev_info_t *pdip, mptsas_target_t *ptgt);
375 static int mptsas_offline_target(dev_info_t *pdip, char *name);
376 
377 static int mptsas_config_raid(dev_info_t *pdip, uint16_t target,
378     dev_info_t **dip);
379 
380 static int mptsas_config_luns(dev_info_t *pdip, mptsas_target_t *ptgt);
381 static int mptsas_probe_lun(dev_info_t *pdip, int lun,
382     dev_info_t **dip, mptsas_target_t *ptgt);
383 
384 static int mptsas_create_lun(dev_info_t *pdip, struct scsi_inquiry *sd_inq,
385     dev_info_t **dip, mptsas_target_t *ptgt, int lun);
386 
387 static int mptsas_create_phys_lun(dev_info_t *pdip, struct scsi_inquiry *sd,
388     char *guid, dev_info_t **dip, mptsas_target_t *ptgt, int lun);
389 static int mptsas_create_virt_lun(dev_info_t *pdip, struct scsi_inquiry *sd,
390     char *guid, dev_info_t **dip, mdi_pathinfo_t **pip, mptsas_target_t *ptgt,
391     int lun);
392 
393 static void mptsas_offline_missed_luns(dev_info_t *pdip,
394     uint16_t *repluns, int lun_cnt, mptsas_target_t *ptgt);
395 static int mptsas_offline_lun(dev_info_t *pdip, dev_info_t *rdip,
396     mdi_pathinfo_t *rpip, uint_t flags);
397 
398 static int mptsas_config_smp(dev_info_t *pdip, uint64_t sas_wwn,
399     dev_info_t **smp_dip);
400 static int mptsas_offline_smp(dev_info_t *pdip, mptsas_smp_t *smp_node,
401     uint_t flags);
402 
403 static int mptsas_event_query(mptsas_t *mpt, mptsas_event_query_t *data,
404     int mode, int *rval);
405 static int mptsas_event_enable(mptsas_t *mpt, mptsas_event_enable_t *data,
406     int mode, int *rval);
407 static int mptsas_event_report(mptsas_t *mpt, mptsas_event_report_t *data,
408     int mode, int *rval);
409 static void mptsas_record_event(void *args);
410 static int mptsas_reg_access(mptsas_t *mpt, mptsas_reg_access_t *data,
411     int mode);
412 
413 mptsas_target_t *mptsas_tgt_alloc(mptsas_t *, uint16_t, uint64_t,
414     uint32_t, mptsas_phymask_t, uint8_t);
415 static mptsas_smp_t *mptsas_smp_alloc(mptsas_t *, mptsas_smp_t *);
416 static int mptsas_online_smp(dev_info_t *pdip, mptsas_smp_t *smp_node,
417     dev_info_t **smp_dip);
418 
419 /*
420  * Power management functions
421  */
422 static int mptsas_get_pci_cap(mptsas_t *mpt);
423 static int mptsas_init_pm(mptsas_t *mpt);
424 
425 /*
426  * MPT MSI tunable:
427  *
428  * By default MSI is enabled on all supported platforms.
429  */
430 boolean_t mptsas_enable_msi = B_TRUE;
431 boolean_t mptsas_physical_bind_failed_page_83 = B_FALSE;
432 
433 /*
434  * Global switch for use of MPI2.5 FAST PATH.
435  * We don't really know what FAST PATH actually does, so if it is suspected
436  * to cause problems it can be turned off by setting this variable to B_FALSE.
437  */
438 boolean_t mptsas_use_fastpath = B_TRUE;
439 
440 static int mptsas_register_intrs(mptsas_t *);
441 static void mptsas_unregister_intrs(mptsas_t *);
442 static int mptsas_add_intrs(mptsas_t *, int);
443 static void mptsas_rem_intrs(mptsas_t *);
444 
445 /*
446  * FMA Prototypes
447  */
448 static void mptsas_fm_init(mptsas_t *mpt);
449 static void mptsas_fm_fini(mptsas_t *mpt);
450 static int mptsas_fm_error_cb(dev_info_t *, ddi_fm_error_t *, const void *);
451 
452 extern pri_t minclsyspri, maxclsyspri;
453 
454 /*
455  * This device is created by the SCSI pseudo nexus driver (SCSI vHCI).  It is
456  * under this device that the paths to a physical device are created when
457  * MPxIO is used.
458  */
459 extern dev_info_t	*scsi_vhci_dip;
460 
461 /*
462  * Tunable timeout value for Inquiry VPD page 0x83
463  * By default the value is 30 seconds.
464  */
465 int mptsas_inq83_retry_timeout = 30;
466 
467 /*
468  * This is used to allocate memory for message frame storage, not for
469  * data I/O DMA. All message frames must be stored in the first 4G of
470  * physical memory.
471  */
472 ddi_dma_attr_t mptsas_dma_attrs = {
473 	DMA_ATTR_V0,	/* attribute layout version		*/
474 	0x0ull,		/* address low - should be 0 (longlong)	*/
475 	0xffffffffull,	/* address high - 32-bit max range	*/
476 	0x00ffffffull,	/* count max - max DMA object size	*/
477 	4,		/* allocation alignment requirements	*/
478 	0x78,		/* burstsizes - binary encoded values	*/
479 	1,		/* minxfer - gran. of DMA engine	*/
480 	0x00ffffffull,	/* maxxfer - gran. of DMA engine	*/
481 	0xffffffffull,	/* max segment size (DMA boundary)	*/
482 	MPTSAS_MAX_DMA_SEGS, /* scatter/gather list length	*/
483 	512,		/* granularity - device transfer size	*/
484 	0		/* flags, set to 0			*/
485 };
486 
487 /*
488  * This is used for data I/O DMA memory allocation. (full 64-bit DMA
489  * physical addresses are supported.)
490  */
491 ddi_dma_attr_t mptsas_dma_attrs64 = {
492 	DMA_ATTR_V0,	/* attribute layout version		*/
493 	0x0ull,		/* address low - should be 0 (longlong)	*/
494 	0xffffffffffffffffull,	/* address high - 64-bit max	*/
495 	0x00ffffffull,	/* count max - max DMA object size	*/
496 	4,		/* allocation alignment requirements	*/
497 	0x78,		/* burstsizes - binary encoded values	*/
498 	1,		/* minxfer - gran. of DMA engine	*/
499 	0x00ffffffull,	/* maxxfer - gran. of DMA engine	*/
500 	0xffffffffull,	/* max segment size (DMA boundary)	*/
501 	MPTSAS_MAX_DMA_SEGS, /* scatter/gather list length	*/
502 	512,		/* granularity - device transfer size	*/
503 	0		/* flags, set to 0 */
504 };
505 
506 ddi_device_acc_attr_t mptsas_dev_attr = {
507 	DDI_DEVICE_ATTR_V1,
508 	DDI_STRUCTURE_LE_ACC,
509 	DDI_STRICTORDER_ACC,
510 	DDI_DEFAULT_ACC
511 };
512 
513 static struct cb_ops mptsas_cb_ops = {
514 	scsi_hba_open,		/* open */
515 	scsi_hba_close,		/* close */
516 	nodev,			/* strategy */
517 	nodev,			/* print */
518 	nodev,			/* dump */
519 	nodev,			/* read */
520 	nodev,			/* write */
521 	mptsas_ioctl,		/* ioctl */
522 	nodev,			/* devmap */
523 	nodev,			/* mmap */
524 	nodev,			/* segmap */
525 	nochpoll,		/* chpoll */
526 	ddi_prop_op,		/* cb_prop_op */
527 	NULL,			/* streamtab */
528 	D_MP,			/* cb_flag */
529 	CB_REV,			/* rev */
530 	nodev,			/* aread */
531 	nodev			/* awrite */
532 };
533 
534 static struct dev_ops mptsas_ops = {
535 	DEVO_REV,		/* devo_rev, */
536 	0,			/* refcnt  */
537 	ddi_no_info,		/* info */
538 	nulldev,		/* identify */
539 	nulldev,		/* probe */
540 	mptsas_attach,		/* attach */
541 	mptsas_detach,		/* detach */
542 #ifdef  __sparc
543 	mptsas_reset,
544 #else
545 	nodev,			/* reset */
546 #endif  /* __sparc */
547 	&mptsas_cb_ops,		/* driver operations */
548 	NULL,			/* bus operations */
549 	mptsas_power,		/* power management */
550 #ifdef	__sparc
551 	ddi_quiesce_not_needed
552 #else
553 	mptsas_quiesce		/* quiesce */
554 #endif	/* __sparc */
555 };
556 
557 
558 #define	MPTSAS_MOD_STRING "MPTSAS HBA Driver 00.00.00.24"
559 
560 static struct modldrv modldrv = {
561 	&mod_driverops,	/* Type of module. This one is a driver */
562 	MPTSAS_MOD_STRING, /* Name of the module. */
563 	&mptsas_ops,	/* driver ops */
564 };
565 
566 static struct modlinkage modlinkage = {
567 	MODREV_1, &modldrv, NULL
568 };
569 #define	TARGET_PROP	"target"
570 #define	LUN_PROP	"lun"
571 #define	LUN64_PROP	"lun64"
572 #define	SAS_PROP	"sas-mpt"
573 #define	MDI_GUID	"wwn"
574 #define	NDI_GUID	"guid"
575 #define	MPTSAS_DEV_GONE	"mptsas_dev_gone"
576 
577 /*
578  * Local static data
579  */
580 #if defined(MPTSAS_DEBUG)
581 /*
582  * Flags to indicate which debug messages are to be printed and which go to the
583  * debug log ring buffer. Default is to not print anything, and to log
584  * everything except the watchsubr() output which normally happens every second.
585  */
586 uint32_t mptsas_debugprt_flags = 0x0;
587 uint32_t mptsas_debuglog_flags = ~(1U << 30);
588 #endif	/* defined(MPTSAS_DEBUG) */
589 uint32_t mptsas_debug_resets = 0;
590 
591 static kmutex_t		mptsas_global_mutex;
592 static void		*mptsas_state;		/* soft	state ptr */
593 static krwlock_t	mptsas_global_rwlock;
594 
595 static kmutex_t		mptsas_log_mutex;
596 static char		mptsas_log_buf[256];
597 _NOTE(MUTEX_PROTECTS_DATA(mptsas_log_mutex, mptsas_log_buf))
598 
599 static mptsas_t *mptsas_head, *mptsas_tail;
600 static clock_t mptsas_scsi_watchdog_tick;
601 static clock_t mptsas_tick;
602 static timeout_id_t mptsas_reset_watch;
603 static timeout_id_t mptsas_timeout_id;
604 static int mptsas_timeouts_enabled = 0;
605 
606 /*
607  * Default length for extended auto request sense buffers.
608  * All sense buffers need to be under the same alloc because there
609  * is only one common top 32bits (of 64bits) address register.
610  * Most requests only require 32 bytes, but some request >256.
611  * We use rmalloc()/rmfree() on this additional memory to manage the
612  * "extended" requests.
613  */
614 int mptsas_extreq_sense_bufsize = 256*64;
615 
616 /*
617  * We believe that all software resrictions of having to run with DMA
618  * attributes to limit allocation to the first 4G are removed.
619  * However, this flag remains to enable quick switchback should suspicious
620  * problems emerge.
621  * Note that scsi_alloc_consistent_buf() does still adhere to allocating
622  * 32 bit addressable memory, but we can cope if that is changed now.
623  */
624 int mptsas_use_64bit_msgaddr = 1;
625 
626 /*
627  * warlock directives
628  */
629 _NOTE(SCHEME_PROTECTS_DATA("unique per pkt", scsi_pkt \
630 	mptsas_cmd NcrTableIndirect buf scsi_cdb scsi_status))
631 _NOTE(SCHEME_PROTECTS_DATA("unique per pkt", smp_pkt))
632 _NOTE(SCHEME_PROTECTS_DATA("stable data", scsi_device scsi_address))
633 _NOTE(SCHEME_PROTECTS_DATA("No Mutex Needed", mptsas_tgt_private))
634 _NOTE(SCHEME_PROTECTS_DATA("No Mutex Needed", scsi_hba_tran::tran_tgt_private))
635 
636 /*
637  * SM - HBA statics
638  */
639 char	*mptsas_driver_rev = MPTSAS_MOD_STRING;
640 
641 #ifdef MPTSAS_DEBUG
642 void debug_enter(char *);
643 #endif
644 
645 /*
646  * Notes:
647  *	- scsi_hba_init(9F) initializes SCSI HBA modules
648  *	- must call scsi_hba_fini(9F) if modload() fails
649  */
650 int
651 _init(void)
652 {
653 	int status;
654 	/* CONSTCOND */
655 	ASSERT(NO_COMPETING_THREADS);
656 
657 	NDBG0(("_init"));
658 
659 	status = ddi_soft_state_init(&mptsas_state, MPTSAS_SIZE,
660 	    MPTSAS_INITIAL_SOFT_SPACE);
661 	if (status != 0) {
662 		return (status);
663 	}
664 
665 	if ((status = scsi_hba_init(&modlinkage)) != 0) {
666 		ddi_soft_state_fini(&mptsas_state);
667 		return (status);
668 	}
669 
670 	mutex_init(&mptsas_global_mutex, NULL, MUTEX_DRIVER, NULL);
671 	rw_init(&mptsas_global_rwlock, NULL, RW_DRIVER, NULL);
672 	mutex_init(&mptsas_log_mutex, NULL, MUTEX_DRIVER, NULL);
673 
674 	if ((status = mod_install(&modlinkage)) != 0) {
675 		mutex_destroy(&mptsas_log_mutex);
676 		rw_destroy(&mptsas_global_rwlock);
677 		mutex_destroy(&mptsas_global_mutex);
678 		ddi_soft_state_fini(&mptsas_state);
679 		scsi_hba_fini(&modlinkage);
680 	}
681 
682 	return (status);
683 }
684 
685 /*
686  * Notes:
687  *	- scsi_hba_fini(9F) uninitializes SCSI HBA modules
688  */
689 int
690 _fini(void)
691 {
692 	int	status;
693 	/* CONSTCOND */
694 	ASSERT(NO_COMPETING_THREADS);
695 
696 	NDBG0(("_fini"));
697 
698 	if ((status = mod_remove(&modlinkage)) == 0) {
699 		ddi_soft_state_fini(&mptsas_state);
700 		scsi_hba_fini(&modlinkage);
701 		mutex_destroy(&mptsas_global_mutex);
702 		rw_destroy(&mptsas_global_rwlock);
703 		mutex_destroy(&mptsas_log_mutex);
704 	}
705 	return (status);
706 }
707 
708 /*
709  * The loadable-module _info(9E) entry point
710  */
711 int
712 _info(struct modinfo *modinfop)
713 {
714 	/* CONSTCOND */
715 	ASSERT(NO_COMPETING_THREADS);
716 	NDBG0(("mptsas _info"));
717 
718 	return (mod_info(&modlinkage, modinfop));
719 }
720 
721 static int
722 mptsas_target_eval_devhdl(const void *op, void *arg)
723 {
724 	uint16_t dh = *(uint16_t *)arg;
725 	const mptsas_target_t *tp = op;
726 
727 	return ((int)tp->m_devhdl - (int)dh);
728 }
729 
730 static int
731 mptsas_target_eval_slot(const void *op, void *arg)
732 {
733 	mptsas_led_control_t *lcp = arg;
734 	const mptsas_target_t *tp = op;
735 
736 	if (tp->m_enclosure != lcp->Enclosure)
737 		return ((int)tp->m_enclosure - (int)lcp->Enclosure);
738 
739 	return ((int)tp->m_slot_num - (int)lcp->Slot);
740 }
741 
742 static int
743 mptsas_target_eval_nowwn(const void *op, void *arg)
744 {
745 	uint8_t phy = *(uint8_t *)arg;
746 	const mptsas_target_t *tp = op;
747 
748 	if (tp->m_addr.mta_wwn != 0)
749 		return (-1);
750 
751 	return ((int)tp->m_phynum - (int)phy);
752 }
753 
754 static int
755 mptsas_smp_eval_devhdl(const void *op, void *arg)
756 {
757 	uint16_t dh = *(uint16_t *)arg;
758 	const mptsas_smp_t *sp = op;
759 
760 	return ((int)sp->m_devhdl - (int)dh);
761 }
762 
763 static uint64_t
764 mptsas_target_addr_hash(const void *tp)
765 {
766 	const mptsas_target_addr_t *tap = tp;
767 
768 	return ((tap->mta_wwn & 0xffffffffffffULL) |
769 	    ((uint64_t)tap->mta_phymask << 48));
770 }
771 
772 static int
773 mptsas_target_addr_cmp(const void *a, const void *b)
774 {
775 	const mptsas_target_addr_t *aap = a;
776 	const mptsas_target_addr_t *bap = b;
777 
778 	if (aap->mta_wwn < bap->mta_wwn)
779 		return (-1);
780 	if (aap->mta_wwn > bap->mta_wwn)
781 		return (1);
782 	return ((int)bap->mta_phymask - (int)aap->mta_phymask);
783 }
784 
785 static void
786 mptsas_target_free(void *op)
787 {
788 	kmem_free(op, sizeof (mptsas_target_t));
789 }
790 
791 static void
792 mptsas_smp_free(void *op)
793 {
794 	kmem_free(op, sizeof (mptsas_smp_t));
795 }
796 
797 static void
798 mptsas_destroy_hashes(mptsas_t *mpt)
799 {
800 	mptsas_target_t *tp;
801 	mptsas_smp_t *sp;
802 
803 	for (tp = refhash_first(mpt->m_targets); tp != NULL;
804 	    tp = refhash_next(mpt->m_targets, tp)) {
805 		refhash_remove(mpt->m_targets, tp);
806 	}
807 	for (sp = refhash_first(mpt->m_smp_targets); sp != NULL;
808 	    sp = refhash_next(mpt->m_smp_targets, sp)) {
809 		refhash_remove(mpt->m_smp_targets, sp);
810 	}
811 	refhash_destroy(mpt->m_targets);
812 	refhash_destroy(mpt->m_smp_targets);
813 	mpt->m_targets = NULL;
814 	mpt->m_smp_targets = NULL;
815 }
816 
817 static int
818 mptsas_iport_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
819 {
820 	dev_info_t		*pdip;
821 	mptsas_t		*mpt;
822 	scsi_hba_tran_t		*hba_tran;
823 	char			*iport = NULL;
824 	char			phymask[MPTSAS_MAX_PHYS];
825 	mptsas_phymask_t	phy_mask = 0;
826 	int			dynamic_port = 0;
827 	uint32_t		page_address;
828 	char			initiator_wwnstr[MPTSAS_WWN_STRLEN];
829 	int			rval = DDI_FAILURE;
830 	int			i = 0;
831 	uint8_t			numphys = 0;
832 	uint8_t			phy_id;
833 	uint8_t			phy_port = 0;
834 	uint16_t		attached_devhdl = 0;
835 	uint32_t		dev_info;
836 	uint64_t		attached_sas_wwn;
837 	uint16_t		dev_hdl;
838 	uint16_t		pdev_hdl;
839 	uint16_t		bay_num, enclosure, io_flags;
840 	char			attached_wwnstr[MPTSAS_WWN_STRLEN];
841 
842 	/* CONSTCOND */
843 	ASSERT(NO_COMPETING_THREADS);
844 
845 	switch (cmd) {
846 	case DDI_ATTACH:
847 		break;
848 
849 	case DDI_RESUME:
850 		/*
851 		 * If this a scsi-iport node, nothing to do here.
852 		 */
853 		return (DDI_SUCCESS);
854 
855 	default:
856 		return (DDI_FAILURE);
857 	}
858 
859 	pdip = ddi_get_parent(dip);
860 
861 	if ((hba_tran = ndi_flavorv_get(pdip, SCSA_FLAVOR_SCSI_DEVICE)) ==
862 	    NULL) {
863 		cmn_err(CE_WARN, "Failed attach iport because fail to "
864 		    "get tran vector for the HBA node");
865 		return (DDI_FAILURE);
866 	}
867 
868 	mpt = TRAN2MPT(hba_tran);
869 	ASSERT(mpt != NULL);
870 	if (mpt == NULL)
871 		return (DDI_FAILURE);
872 
873 	if ((hba_tran = ndi_flavorv_get(dip, SCSA_FLAVOR_SCSI_DEVICE)) ==
874 	    NULL) {
875 		mptsas_log(mpt, CE_WARN, "Failed attach iport because fail to "
876 		    "get tran vector for the iport node");
877 		return (DDI_FAILURE);
878 	}
879 
880 	/*
881 	 * Overwrite parent's tran_hba_private to iport's tran vector
882 	 */
883 	hba_tran->tran_hba_private = mpt;
884 
885 	ddi_report_dev(dip);
886 
887 	/*
888 	 * Get SAS address for initiator port according dev_handle
889 	 */
890 	iport = ddi_get_name_addr(dip);
891 	if (iport && strncmp(iport, "v0", 2) == 0) {
892 		if (ddi_prop_update_int(DDI_DEV_T_NONE, dip,
893 		    MPTSAS_VIRTUAL_PORT, 1) !=
894 		    DDI_PROP_SUCCESS) {
895 			(void) ddi_prop_remove(DDI_DEV_T_NONE, dip,
896 			    MPTSAS_VIRTUAL_PORT);
897 			mptsas_log(mpt, CE_WARN, "mptsas virtual port "
898 			    "prop update failed");
899 			return (DDI_FAILURE);
900 		}
901 		return (DDI_SUCCESS);
902 	}
903 
904 	mutex_enter(&mpt->m_mutex);
905 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
906 		bzero(phymask, sizeof (phymask));
907 		(void) sprintf(phymask,
908 		    "%x", mpt->m_phy_info[i].phy_mask);
909 		if (strcmp(phymask, iport) == 0) {
910 			break;
911 		}
912 	}
913 
914 	if (i == MPTSAS_MAX_PHYS) {
915 		mptsas_log(mpt, CE_WARN, "Failed attach port %s because port"
916 		    "seems not exist", iport);
917 		mutex_exit(&mpt->m_mutex);
918 		return (DDI_FAILURE);
919 	}
920 
921 	phy_mask = mpt->m_phy_info[i].phy_mask;
922 
923 	if (mpt->m_phy_info[i].port_flags & AUTO_PORT_CONFIGURATION)
924 		dynamic_port = 1;
925 	else
926 		dynamic_port = 0;
927 
928 	/*
929 	 * Update PHY info for smhba
930 	 */
931 	if (mptsas_smhba_phy_init(mpt)) {
932 		mutex_exit(&mpt->m_mutex);
933 		mptsas_log(mpt, CE_WARN, "mptsas phy update "
934 		    "failed");
935 		return (DDI_FAILURE);
936 	}
937 
938 	mutex_exit(&mpt->m_mutex);
939 
940 	numphys = 0;
941 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
942 		if ((phy_mask >> i) & 0x01) {
943 			numphys++;
944 		}
945 	}
946 
947 	bzero(initiator_wwnstr, sizeof (initiator_wwnstr));
948 	(void) sprintf(initiator_wwnstr, "w%016"PRIx64,
949 	    mpt->un.m_base_wwid);
950 
951 	if (ddi_prop_update_string(DDI_DEV_T_NONE, dip,
952 	    SCSI_ADDR_PROP_INITIATOR_PORT, initiator_wwnstr) !=
953 	    DDI_PROP_SUCCESS) {
954 		(void) ddi_prop_remove(DDI_DEV_T_NONE,
955 		    dip, SCSI_ADDR_PROP_INITIATOR_PORT);
956 		mptsas_log(mpt, CE_WARN, "mptsas Initiator port "
957 		    "prop update failed");
958 		return (DDI_FAILURE);
959 	}
960 	if (ddi_prop_update_int(DDI_DEV_T_NONE, dip,
961 	    MPTSAS_NUM_PHYS, numphys) !=
962 	    DDI_PROP_SUCCESS) {
963 		(void) ddi_prop_remove(DDI_DEV_T_NONE, dip, MPTSAS_NUM_PHYS);
964 		return (DDI_FAILURE);
965 	}
966 
967 	if (ddi_prop_update_int(DDI_DEV_T_NONE, dip,
968 	    "phymask", phy_mask) !=
969 	    DDI_PROP_SUCCESS) {
970 		(void) ddi_prop_remove(DDI_DEV_T_NONE, dip, "phymask");
971 		mptsas_log(mpt, CE_WARN, "mptsas phy mask "
972 		    "prop update failed");
973 		return (DDI_FAILURE);
974 	}
975 
976 	if (ddi_prop_update_int(DDI_DEV_T_NONE, dip,
977 	    "dynamic-port", dynamic_port) !=
978 	    DDI_PROP_SUCCESS) {
979 		(void) ddi_prop_remove(DDI_DEV_T_NONE, dip, "dynamic-port");
980 		mptsas_log(mpt, CE_WARN, "mptsas dynamic port "
981 		    "prop update failed");
982 		return (DDI_FAILURE);
983 	}
984 	if (ddi_prop_update_int(DDI_DEV_T_NONE, dip,
985 	    MPTSAS_VIRTUAL_PORT, 0) !=
986 	    DDI_PROP_SUCCESS) {
987 		(void) ddi_prop_remove(DDI_DEV_T_NONE, dip,
988 		    MPTSAS_VIRTUAL_PORT);
989 		mptsas_log(mpt, CE_WARN, "mptsas virtual port "
990 		    "prop update failed");
991 		return (DDI_FAILURE);
992 	}
993 	mptsas_smhba_set_all_phy_props(mpt, dip, numphys, phy_mask,
994 	    &attached_devhdl);
995 
996 	mutex_enter(&mpt->m_mutex);
997 	page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
998 	    MPI2_SAS_DEVICE_PGAD_FORM_MASK) | (uint32_t)attached_devhdl;
999 	rval = mptsas_get_sas_device_page0(mpt, page_address, &dev_hdl,
1000 	    &attached_sas_wwn, &dev_info, &phy_port, &phy_id,
1001 	    &pdev_hdl, &bay_num, &enclosure, &io_flags);
1002 	if (rval != DDI_SUCCESS) {
1003 		mptsas_log(mpt, CE_WARN,
1004 		    "Failed to get device page0 for handle:%d",
1005 		    attached_devhdl);
1006 		mutex_exit(&mpt->m_mutex);
1007 		return (DDI_FAILURE);
1008 	}
1009 
1010 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
1011 		bzero(phymask, sizeof (phymask));
1012 		(void) sprintf(phymask, "%x", mpt->m_phy_info[i].phy_mask);
1013 		if (strcmp(phymask, iport) == 0) {
1014 			(void) sprintf(&mpt->m_phy_info[i].smhba_info.path[0],
1015 			    "%x",
1016 			    mpt->m_phy_info[i].phy_mask);
1017 		}
1018 	}
1019 	mutex_exit(&mpt->m_mutex);
1020 
1021 	bzero(attached_wwnstr, sizeof (attached_wwnstr));
1022 	(void) sprintf(attached_wwnstr, "w%016"PRIx64,
1023 	    attached_sas_wwn);
1024 	if (ddi_prop_update_string(DDI_DEV_T_NONE, dip,
1025 	    SCSI_ADDR_PROP_ATTACHED_PORT, attached_wwnstr) !=
1026 	    DDI_PROP_SUCCESS) {
1027 		(void) ddi_prop_remove(DDI_DEV_T_NONE,
1028 		    dip, SCSI_ADDR_PROP_ATTACHED_PORT);
1029 		return (DDI_FAILURE);
1030 	}
1031 
1032 	/* Create kstats for each phy on this iport */
1033 
1034 	mptsas_create_phy_stats(mpt, iport, dip);
1035 
1036 	/*
1037 	 * register sas hba iport with mdi (MPxIO/vhci)
1038 	 */
1039 	if (mdi_phci_register(MDI_HCI_CLASS_SCSI,
1040 	    dip, 0) == MDI_SUCCESS) {
1041 		mpt->m_mpxio_enable = TRUE;
1042 	}
1043 	return (DDI_SUCCESS);
1044 }
1045 
1046 /*
1047  * Notes:
1048  *	Set up all device state and allocate data structures,
1049  *	mutexes, condition variables, etc. for device operation.
1050  *	Add interrupts needed.
1051  *	Return DDI_SUCCESS if device is ready, else return DDI_FAILURE.
1052  */
1053 static int
1054 mptsas_attach(dev_info_t *dip, ddi_attach_cmd_t cmd)
1055 {
1056 	mptsas_t		*mpt = NULL;
1057 	int			instance, i, j;
1058 	int			doneq_thread_num;
1059 	char			intr_added = 0;
1060 	char			map_setup = 0;
1061 	char			config_setup = 0;
1062 	char			hba_attach_setup = 0;
1063 	char			smp_attach_setup = 0;
1064 	char			mutex_init_done = 0;
1065 	char			event_taskq_create = 0;
1066 	char			dr_taskq_create = 0;
1067 	char			doneq_thread_create = 0;
1068 	char			added_watchdog = 0;
1069 	scsi_hba_tran_t		*hba_tran;
1070 	uint_t			mem_bar = MEM_SPACE;
1071 	int			rval = DDI_FAILURE;
1072 
1073 	/* CONSTCOND */
1074 	ASSERT(NO_COMPETING_THREADS);
1075 
1076 	if (scsi_hba_iport_unit_address(dip)) {
1077 		return (mptsas_iport_attach(dip, cmd));
1078 	}
1079 
1080 	switch (cmd) {
1081 	case DDI_ATTACH:
1082 		break;
1083 
1084 	case DDI_RESUME:
1085 		if ((hba_tran = ddi_get_driver_private(dip)) == NULL)
1086 			return (DDI_FAILURE);
1087 
1088 		mpt = TRAN2MPT(hba_tran);
1089 
1090 		if (!mpt) {
1091 			return (DDI_FAILURE);
1092 		}
1093 
1094 		/*
1095 		 * Reset hardware and softc to "no outstanding commands"
1096 		 * Note	that a check condition can result on first command
1097 		 * to a	target.
1098 		 */
1099 		mutex_enter(&mpt->m_mutex);
1100 
1101 		/*
1102 		 * raise power.
1103 		 */
1104 		if (mpt->m_options & MPTSAS_OPT_PM) {
1105 			mutex_exit(&mpt->m_mutex);
1106 			(void) pm_busy_component(dip, 0);
1107 			rval = pm_power_has_changed(dip, 0, PM_LEVEL_D0);
1108 			if (rval == DDI_SUCCESS) {
1109 				mutex_enter(&mpt->m_mutex);
1110 			} else {
1111 				/*
1112 				 * The pm_raise_power() call above failed,
1113 				 * and that can only occur if we were unable
1114 				 * to reset the hardware.  This is probably
1115 				 * due to unhealty hardware, and because
1116 				 * important filesystems(such as the root
1117 				 * filesystem) could be on the attached disks,
1118 				 * it would not be a good idea to continue,
1119 				 * as we won't be entirely certain we are
1120 				 * writing correct data.  So we panic() here
1121 				 * to not only prevent possible data corruption,
1122 				 * but to give developers or end users a hope
1123 				 * of identifying and correcting any problems.
1124 				 */
1125 				fm_panic("mptsas could not reset hardware "
1126 				    "during resume");
1127 			}
1128 		}
1129 
1130 		mpt->m_suspended = 0;
1131 
1132 		/*
1133 		 * Reinitialize ioc
1134 		 */
1135 		mpt->m_softstate |= MPTSAS_SS_MSG_UNIT_RESET;
1136 		if (mptsas_init_chip(mpt, FALSE) == DDI_FAILURE) {
1137 			mutex_exit(&mpt->m_mutex);
1138 			if (mpt->m_options & MPTSAS_OPT_PM) {
1139 				(void) pm_idle_component(dip, 0);
1140 			}
1141 			fm_panic("mptsas init chip fail during resume");
1142 		}
1143 		/*
1144 		 * mptsas_update_driver_data needs interrupts so enable them
1145 		 * first.
1146 		 */
1147 		MPTSAS_ENABLE_INTR(mpt);
1148 		mptsas_update_driver_data(mpt);
1149 
1150 		/* start requests, if possible */
1151 		mptsas_restart_hba(mpt);
1152 
1153 		mutex_exit(&mpt->m_mutex);
1154 
1155 		/*
1156 		 * Restart watch thread
1157 		 */
1158 		mutex_enter(&mptsas_global_mutex);
1159 		if (mptsas_timeout_id == 0) {
1160 			mptsas_timeout_id = timeout(mptsas_watch, NULL,
1161 			    mptsas_tick);
1162 			mptsas_timeouts_enabled = 1;
1163 		}
1164 		mutex_exit(&mptsas_global_mutex);
1165 
1166 		/* report idle status to pm framework */
1167 		if (mpt->m_options & MPTSAS_OPT_PM) {
1168 			(void) pm_idle_component(dip, 0);
1169 		}
1170 
1171 		return (DDI_SUCCESS);
1172 
1173 	default:
1174 		return (DDI_FAILURE);
1175 
1176 	}
1177 
1178 	instance = ddi_get_instance(dip);
1179 
1180 	/*
1181 	 * Allocate softc information.
1182 	 */
1183 	if (ddi_soft_state_zalloc(mptsas_state, instance) != DDI_SUCCESS) {
1184 		mptsas_log(NULL, CE_WARN,
1185 		    "mptsas%d: cannot allocate soft state", instance);
1186 		goto fail;
1187 	}
1188 
1189 	mpt = ddi_get_soft_state(mptsas_state, instance);
1190 
1191 	if (mpt == NULL) {
1192 		mptsas_log(NULL, CE_WARN,
1193 		    "mptsas%d: cannot get soft state", instance);
1194 		goto fail;
1195 	}
1196 
1197 	/* Indicate that we are 'sizeof (scsi_*(9S))' clean. */
1198 	scsi_size_clean(dip);
1199 
1200 	mpt->m_dip = dip;
1201 	mpt->m_instance = instance;
1202 
1203 	/* Make a per-instance copy of the structures */
1204 	mpt->m_io_dma_attr = mptsas_dma_attrs64;
1205 	if (mptsas_use_64bit_msgaddr) {
1206 		mpt->m_msg_dma_attr = mptsas_dma_attrs64;
1207 	} else {
1208 		mpt->m_msg_dma_attr = mptsas_dma_attrs;
1209 	}
1210 	mpt->m_reg_acc_attr = mptsas_dev_attr;
1211 	mpt->m_dev_acc_attr = mptsas_dev_attr;
1212 
1213 	/*
1214 	 * Size of individual request sense buffer
1215 	 */
1216 	mpt->m_req_sense_size = EXTCMDS_STATUS_SIZE;
1217 
1218 	/*
1219 	 * Initialize FMA
1220 	 */
1221 	mpt->m_fm_capabilities = ddi_getprop(DDI_DEV_T_ANY, mpt->m_dip,
1222 	    DDI_PROP_CANSLEEP | DDI_PROP_DONTPASS, "fm-capable",
1223 	    DDI_FM_EREPORT_CAPABLE | DDI_FM_ACCCHK_CAPABLE |
1224 	    DDI_FM_DMACHK_CAPABLE | DDI_FM_ERRCB_CAPABLE);
1225 
1226 	mptsas_fm_init(mpt);
1227 
1228 	if (mptsas_alloc_handshake_msg(mpt,
1229 	    sizeof (Mpi2SCSITaskManagementRequest_t)) == DDI_FAILURE) {
1230 		mptsas_log(mpt, CE_WARN, "cannot initialize handshake msg.");
1231 		goto fail;
1232 	}
1233 
1234 	/*
1235 	 * Setup configuration space
1236 	 */
1237 	if (mptsas_config_space_init(mpt) == FALSE) {
1238 		mptsas_log(mpt, CE_WARN, "mptsas_config_space_init failed");
1239 		goto fail;
1240 	}
1241 	config_setup++;
1242 
1243 	if (ddi_regs_map_setup(dip, mem_bar, (caddr_t *)&mpt->m_reg,
1244 	    0, 0, &mpt->m_reg_acc_attr, &mpt->m_datap) != DDI_SUCCESS) {
1245 		mptsas_log(mpt, CE_WARN, "map setup failed");
1246 		goto fail;
1247 	}
1248 	map_setup++;
1249 
1250 	/*
1251 	 * A taskq is created for dealing with the event handler
1252 	 */
1253 	if ((mpt->m_event_taskq = ddi_taskq_create(dip, "mptsas_event_taskq",
1254 	    1, TASKQ_DEFAULTPRI, 0)) == NULL) {
1255 		mptsas_log(mpt, CE_NOTE, "ddi_taskq_create failed");
1256 		goto fail;
1257 	}
1258 	event_taskq_create++;
1259 
1260 	/*
1261 	 * A taskq is created for dealing with dr events
1262 	 */
1263 	if ((mpt->m_dr_taskq = ddi_taskq_create(dip,
1264 	    "mptsas_dr_taskq",
1265 	    1, TASKQ_DEFAULTPRI, 0)) == NULL) {
1266 		mptsas_log(mpt, CE_NOTE, "ddi_taskq_create for discovery "
1267 		    "failed");
1268 		goto fail;
1269 	}
1270 	dr_taskq_create++;
1271 
1272 	mpt->m_doneq_thread_threshold = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1273 	    0, "mptsas_doneq_thread_threshold_prop", 10);
1274 	mpt->m_doneq_length_threshold = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1275 	    0, "mptsas_doneq_length_threshold_prop", 8);
1276 	mpt->m_doneq_thread_n = ddi_prop_get_int(DDI_DEV_T_ANY, dip,
1277 	    0, "mptsas_doneq_thread_n_prop", 8);
1278 
1279 	if (mpt->m_doneq_thread_n) {
1280 		cv_init(&mpt->m_doneq_thread_cv, NULL, CV_DRIVER, NULL);
1281 		mutex_init(&mpt->m_doneq_mutex, NULL, MUTEX_DRIVER, NULL);
1282 
1283 		mutex_enter(&mpt->m_doneq_mutex);
1284 		mpt->m_doneq_thread_id =
1285 		    kmem_zalloc(sizeof (mptsas_doneq_thread_list_t)
1286 		    * mpt->m_doneq_thread_n, KM_SLEEP);
1287 
1288 		for (j = 0; j < mpt->m_doneq_thread_n; j++) {
1289 			cv_init(&mpt->m_doneq_thread_id[j].cv, NULL,
1290 			    CV_DRIVER, NULL);
1291 			mutex_init(&mpt->m_doneq_thread_id[j].mutex, NULL,
1292 			    MUTEX_DRIVER, NULL);
1293 			mutex_enter(&mpt->m_doneq_thread_id[j].mutex);
1294 			mpt->m_doneq_thread_id[j].flag |=
1295 			    MPTSAS_DONEQ_THREAD_ACTIVE;
1296 			mpt->m_doneq_thread_id[j].arg.mpt = mpt;
1297 			mpt->m_doneq_thread_id[j].arg.t = j;
1298 			mpt->m_doneq_thread_id[j].threadp =
1299 			    thread_create(NULL, 0, mptsas_doneq_thread,
1300 			    &mpt->m_doneq_thread_id[j].arg,
1301 			    0, &p0, TS_RUN, minclsyspri);
1302 			mpt->m_doneq_thread_id[j].donetail =
1303 			    &mpt->m_doneq_thread_id[j].doneq;
1304 			mutex_exit(&mpt->m_doneq_thread_id[j].mutex);
1305 		}
1306 		mutex_exit(&mpt->m_doneq_mutex);
1307 		doneq_thread_create++;
1308 	}
1309 
1310 	/*
1311 	 * Disable hardware interrupt since we're not ready to
1312 	 * handle it yet.
1313 	 */
1314 	MPTSAS_DISABLE_INTR(mpt);
1315 	if (mptsas_register_intrs(mpt) == FALSE)
1316 		goto fail;
1317 	intr_added++;
1318 
1319 	/* Initialize mutex used in interrupt handler */
1320 	mutex_init(&mpt->m_mutex, NULL, MUTEX_DRIVER,
1321 	    DDI_INTR_PRI(mpt->m_intr_pri));
1322 	mutex_init(&mpt->m_passthru_mutex, NULL, MUTEX_DRIVER, NULL);
1323 	mutex_init(&mpt->m_tx_waitq_mutex, NULL, MUTEX_DRIVER,
1324 	    DDI_INTR_PRI(mpt->m_intr_pri));
1325 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
1326 		mutex_init(&mpt->m_phy_info[i].smhba_info.phy_mutex,
1327 		    NULL, MUTEX_DRIVER,
1328 		    DDI_INTR_PRI(mpt->m_intr_pri));
1329 	}
1330 
1331 	cv_init(&mpt->m_cv, NULL, CV_DRIVER, NULL);
1332 	cv_init(&mpt->m_passthru_cv, NULL, CV_DRIVER, NULL);
1333 	cv_init(&mpt->m_fw_cv, NULL, CV_DRIVER, NULL);
1334 	cv_init(&mpt->m_config_cv, NULL, CV_DRIVER, NULL);
1335 	cv_init(&mpt->m_fw_diag_cv, NULL, CV_DRIVER, NULL);
1336 	mutex_init_done++;
1337 
1338 	mutex_enter(&mpt->m_mutex);
1339 	/*
1340 	 * Initialize power management component
1341 	 */
1342 	if (mpt->m_options & MPTSAS_OPT_PM) {
1343 		if (mptsas_init_pm(mpt)) {
1344 			mutex_exit(&mpt->m_mutex);
1345 			mptsas_log(mpt, CE_WARN, "mptsas pm initialization "
1346 			    "failed");
1347 			goto fail;
1348 		}
1349 	}
1350 
1351 	/*
1352 	 * Initialize chip using Message Unit Reset, if allowed
1353 	 */
1354 	mpt->m_softstate |= MPTSAS_SS_MSG_UNIT_RESET;
1355 	if (mptsas_init_chip(mpt, TRUE) == DDI_FAILURE) {
1356 		mutex_exit(&mpt->m_mutex);
1357 		mptsas_log(mpt, CE_WARN, "mptsas chip initialization failed");
1358 		goto fail;
1359 	}
1360 
1361 	mpt->m_targets = refhash_create(MPTSAS_TARGET_BUCKET_COUNT,
1362 	    mptsas_target_addr_hash, mptsas_target_addr_cmp,
1363 	    mptsas_target_free, sizeof (mptsas_target_t),
1364 	    offsetof(mptsas_target_t, m_link),
1365 	    offsetof(mptsas_target_t, m_addr), KM_SLEEP);
1366 
1367 	/*
1368 	 * Fill in the phy_info structure and get the base WWID
1369 	 */
1370 	if (mptsas_get_manufacture_page5(mpt) == DDI_FAILURE) {
1371 		mptsas_log(mpt, CE_WARN,
1372 		    "mptsas_get_manufacture_page5 failed!");
1373 		goto fail;
1374 	}
1375 
1376 	if (mptsas_get_sas_io_unit_page_hndshk(mpt)) {
1377 		mptsas_log(mpt, CE_WARN,
1378 		    "mptsas_get_sas_io_unit_page_hndshk failed!");
1379 		goto fail;
1380 	}
1381 
1382 	if (mptsas_get_manufacture_page0(mpt) == DDI_FAILURE) {
1383 		mptsas_log(mpt, CE_WARN,
1384 		    "mptsas_get_manufacture_page0 failed!");
1385 		goto fail;
1386 	}
1387 
1388 	mutex_exit(&mpt->m_mutex);
1389 
1390 	/*
1391 	 * Register the iport for multiple port HBA
1392 	 */
1393 	mptsas_iport_register(mpt);
1394 
1395 	/*
1396 	 * initialize SCSI HBA transport structure
1397 	 */
1398 	if (mptsas_hba_setup(mpt) == FALSE)
1399 		goto fail;
1400 	hba_attach_setup++;
1401 
1402 	if (mptsas_smp_setup(mpt) == FALSE)
1403 		goto fail;
1404 	smp_attach_setup++;
1405 
1406 	if (mptsas_cache_create(mpt) == FALSE)
1407 		goto fail;
1408 
1409 	mpt->m_scsi_reset_delay	= ddi_prop_get_int(DDI_DEV_T_ANY,
1410 	    dip, 0, "scsi-reset-delay",	SCSI_DEFAULT_RESET_DELAY);
1411 	if (mpt->m_scsi_reset_delay == 0) {
1412 		mptsas_log(mpt, CE_NOTE,
1413 		    "scsi_reset_delay of 0 is not recommended,"
1414 		    " resetting to SCSI_DEFAULT_RESET_DELAY\n");
1415 		mpt->m_scsi_reset_delay = SCSI_DEFAULT_RESET_DELAY;
1416 	}
1417 
1418 	/*
1419 	 * Initialize the wait and done FIFO queue
1420 	 */
1421 	mpt->m_donetail = &mpt->m_doneq;
1422 	mpt->m_waitqtail = &mpt->m_waitq;
1423 	mpt->m_tx_waitqtail = &mpt->m_tx_waitq;
1424 	mpt->m_tx_draining = 0;
1425 
1426 	/*
1427 	 * ioc cmd queue initialize
1428 	 */
1429 	mpt->m_ioc_event_cmdtail = &mpt->m_ioc_event_cmdq;
1430 	mpt->m_dev_handle = 0xFFFF;
1431 
1432 	MPTSAS_ENABLE_INTR(mpt);
1433 
1434 	/*
1435 	 * enable event notification
1436 	 */
1437 	mutex_enter(&mpt->m_mutex);
1438 	if (mptsas_ioc_enable_event_notification(mpt)) {
1439 		mutex_exit(&mpt->m_mutex);
1440 		goto fail;
1441 	}
1442 	mutex_exit(&mpt->m_mutex);
1443 
1444 	/*
1445 	 * used for mptsas_watch
1446 	 */
1447 	mptsas_list_add(mpt);
1448 
1449 	mutex_enter(&mptsas_global_mutex);
1450 	if (mptsas_timeouts_enabled == 0) {
1451 		mptsas_scsi_watchdog_tick = ddi_prop_get_int(DDI_DEV_T_ANY,
1452 		    dip, 0, "scsi-watchdog-tick", DEFAULT_WD_TICK);
1453 
1454 		mptsas_tick = mptsas_scsi_watchdog_tick *
1455 		    drv_usectohz((clock_t)1000000);
1456 
1457 		mptsas_timeout_id = timeout(mptsas_watch, NULL, mptsas_tick);
1458 		mptsas_timeouts_enabled = 1;
1459 	}
1460 	mutex_exit(&mptsas_global_mutex);
1461 	added_watchdog++;
1462 
1463 	/*
1464 	 * Initialize PHY info for smhba.
1465 	 * This requires watchdog to be enabled otherwise if interrupts
1466 	 * don't work the system will hang.
1467 	 */
1468 	if (mptsas_smhba_setup(mpt)) {
1469 		mptsas_log(mpt, CE_WARN, "mptsas phy initialization "
1470 		    "failed");
1471 		goto fail;
1472 	}
1473 
1474 	/* Check all dma handles allocated in attach */
1475 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl)
1476 	    != DDI_SUCCESS) ||
1477 	    (mptsas_check_dma_handle(mpt->m_dma_req_sense_hdl)
1478 	    != DDI_SUCCESS) ||
1479 	    (mptsas_check_dma_handle(mpt->m_dma_reply_frame_hdl)
1480 	    != DDI_SUCCESS) ||
1481 	    (mptsas_check_dma_handle(mpt->m_dma_free_queue_hdl)
1482 	    != DDI_SUCCESS) ||
1483 	    (mptsas_check_dma_handle(mpt->m_dma_post_queue_hdl)
1484 	    != DDI_SUCCESS) ||
1485 	    (mptsas_check_dma_handle(mpt->m_hshk_dma_hdl)
1486 	    != DDI_SUCCESS)) {
1487 		goto fail;
1488 	}
1489 
1490 	/* Check all acc handles allocated in attach */
1491 	if ((mptsas_check_acc_handle(mpt->m_datap) != DDI_SUCCESS) ||
1492 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl)
1493 	    != DDI_SUCCESS) ||
1494 	    (mptsas_check_acc_handle(mpt->m_acc_req_sense_hdl)
1495 	    != DDI_SUCCESS) ||
1496 	    (mptsas_check_acc_handle(mpt->m_acc_reply_frame_hdl)
1497 	    != DDI_SUCCESS) ||
1498 	    (mptsas_check_acc_handle(mpt->m_acc_free_queue_hdl)
1499 	    != DDI_SUCCESS) ||
1500 	    (mptsas_check_acc_handle(mpt->m_acc_post_queue_hdl)
1501 	    != DDI_SUCCESS) ||
1502 	    (mptsas_check_acc_handle(mpt->m_hshk_acc_hdl)
1503 	    != DDI_SUCCESS) ||
1504 	    (mptsas_check_acc_handle(mpt->m_config_handle)
1505 	    != DDI_SUCCESS)) {
1506 		goto fail;
1507 	}
1508 
1509 	/*
1510 	 * After this point, we are not going to fail the attach.
1511 	 */
1512 
1513 	/* Print message of HBA present */
1514 	ddi_report_dev(dip);
1515 
1516 	/* report idle status to pm framework */
1517 	if (mpt->m_options & MPTSAS_OPT_PM) {
1518 		(void) pm_idle_component(dip, 0);
1519 	}
1520 
1521 	return (DDI_SUCCESS);
1522 
1523 fail:
1524 	mptsas_log(mpt, CE_WARN, "attach failed");
1525 	mptsas_fm_ereport(mpt, DDI_FM_DEVICE_NO_RESPONSE);
1526 	ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_LOST);
1527 	if (mpt) {
1528 		/* deallocate in reverse order */
1529 		if (added_watchdog) {
1530 			mptsas_list_del(mpt);
1531 			mutex_enter(&mptsas_global_mutex);
1532 
1533 			if (mptsas_timeout_id && (mptsas_head == NULL)) {
1534 				timeout_id_t tid = mptsas_timeout_id;
1535 				mptsas_timeouts_enabled = 0;
1536 				mptsas_timeout_id = 0;
1537 				mutex_exit(&mptsas_global_mutex);
1538 				(void) untimeout(tid);
1539 				mutex_enter(&mptsas_global_mutex);
1540 			}
1541 			mutex_exit(&mptsas_global_mutex);
1542 		}
1543 
1544 		mptsas_cache_destroy(mpt);
1545 
1546 		if (smp_attach_setup) {
1547 			mptsas_smp_teardown(mpt);
1548 		}
1549 		if (hba_attach_setup) {
1550 			mptsas_hba_teardown(mpt);
1551 		}
1552 
1553 		if (mpt->m_targets)
1554 			refhash_destroy(mpt->m_targets);
1555 		if (mpt->m_smp_targets)
1556 			refhash_destroy(mpt->m_smp_targets);
1557 
1558 		if (mpt->m_active) {
1559 			mptsas_free_active_slots(mpt);
1560 		}
1561 		if (intr_added) {
1562 			mptsas_unregister_intrs(mpt);
1563 		}
1564 
1565 		if (doneq_thread_create) {
1566 			mutex_enter(&mpt->m_doneq_mutex);
1567 			doneq_thread_num = mpt->m_doneq_thread_n;
1568 			for (j = 0; j < mpt->m_doneq_thread_n; j++) {
1569 				mutex_enter(&mpt->m_doneq_thread_id[j].mutex);
1570 				mpt->m_doneq_thread_id[j].flag &=
1571 				    (~MPTSAS_DONEQ_THREAD_ACTIVE);
1572 				cv_signal(&mpt->m_doneq_thread_id[j].cv);
1573 				mutex_exit(&mpt->m_doneq_thread_id[j].mutex);
1574 			}
1575 			while (mpt->m_doneq_thread_n) {
1576 				cv_wait(&mpt->m_doneq_thread_cv,
1577 				    &mpt->m_doneq_mutex);
1578 			}
1579 			for (j = 0; j < doneq_thread_num; j++) {
1580 				cv_destroy(&mpt->m_doneq_thread_id[j].cv);
1581 				mutex_destroy(&mpt->m_doneq_thread_id[j].mutex);
1582 			}
1583 			kmem_free(mpt->m_doneq_thread_id,
1584 			    sizeof (mptsas_doneq_thread_list_t)
1585 			    * doneq_thread_num);
1586 			mutex_exit(&mpt->m_doneq_mutex);
1587 			cv_destroy(&mpt->m_doneq_thread_cv);
1588 			mutex_destroy(&mpt->m_doneq_mutex);
1589 		}
1590 		if (event_taskq_create) {
1591 			ddi_taskq_destroy(mpt->m_event_taskq);
1592 		}
1593 		if (dr_taskq_create) {
1594 			ddi_taskq_destroy(mpt->m_dr_taskq);
1595 		}
1596 		if (mutex_init_done) {
1597 			mutex_destroy(&mpt->m_tx_waitq_mutex);
1598 			mutex_destroy(&mpt->m_passthru_mutex);
1599 			mutex_destroy(&mpt->m_mutex);
1600 			for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
1601 				mutex_destroy(
1602 				    &mpt->m_phy_info[i].smhba_info.phy_mutex);
1603 			}
1604 			cv_destroy(&mpt->m_cv);
1605 			cv_destroy(&mpt->m_passthru_cv);
1606 			cv_destroy(&mpt->m_fw_cv);
1607 			cv_destroy(&mpt->m_config_cv);
1608 			cv_destroy(&mpt->m_fw_diag_cv);
1609 		}
1610 
1611 		if (map_setup) {
1612 			mptsas_cfg_fini(mpt);
1613 		}
1614 		if (config_setup) {
1615 			mptsas_config_space_fini(mpt);
1616 		}
1617 		mptsas_free_handshake_msg(mpt);
1618 		mptsas_hba_fini(mpt);
1619 
1620 		mptsas_fm_fini(mpt);
1621 		ddi_soft_state_free(mptsas_state, instance);
1622 		ddi_prop_remove_all(dip);
1623 	}
1624 	return (DDI_FAILURE);
1625 }
1626 
1627 static int
1628 mptsas_suspend(dev_info_t *devi)
1629 {
1630 	mptsas_t	*mpt, *g;
1631 	scsi_hba_tran_t	*tran;
1632 
1633 	if (scsi_hba_iport_unit_address(devi)) {
1634 		return (DDI_SUCCESS);
1635 	}
1636 
1637 	if ((tran = ddi_get_driver_private(devi)) == NULL)
1638 		return (DDI_SUCCESS);
1639 
1640 	mpt = TRAN2MPT(tran);
1641 	if (!mpt) {
1642 		return (DDI_SUCCESS);
1643 	}
1644 
1645 	mutex_enter(&mpt->m_mutex);
1646 
1647 	if (mpt->m_suspended++) {
1648 		mutex_exit(&mpt->m_mutex);
1649 		return (DDI_SUCCESS);
1650 	}
1651 
1652 	/*
1653 	 * Cancel timeout threads for this mpt
1654 	 */
1655 	if (mpt->m_quiesce_timeid) {
1656 		timeout_id_t tid = mpt->m_quiesce_timeid;
1657 		mpt->m_quiesce_timeid = 0;
1658 		mutex_exit(&mpt->m_mutex);
1659 		(void) untimeout(tid);
1660 		mutex_enter(&mpt->m_mutex);
1661 	}
1662 
1663 	if (mpt->m_restart_cmd_timeid) {
1664 		timeout_id_t tid = mpt->m_restart_cmd_timeid;
1665 		mpt->m_restart_cmd_timeid = 0;
1666 		mutex_exit(&mpt->m_mutex);
1667 		(void) untimeout(tid);
1668 		mutex_enter(&mpt->m_mutex);
1669 	}
1670 
1671 	mutex_exit(&mpt->m_mutex);
1672 
1673 	(void) pm_idle_component(mpt->m_dip, 0);
1674 
1675 	/*
1676 	 * Cancel watch threads if all mpts suspended
1677 	 */
1678 	rw_enter(&mptsas_global_rwlock, RW_WRITER);
1679 	for (g = mptsas_head; g != NULL; g = g->m_next) {
1680 		if (!g->m_suspended)
1681 			break;
1682 	}
1683 	rw_exit(&mptsas_global_rwlock);
1684 
1685 	mutex_enter(&mptsas_global_mutex);
1686 	if (g == NULL) {
1687 		timeout_id_t tid;
1688 
1689 		mptsas_timeouts_enabled = 0;
1690 		if (mptsas_timeout_id) {
1691 			tid = mptsas_timeout_id;
1692 			mptsas_timeout_id = 0;
1693 			mutex_exit(&mptsas_global_mutex);
1694 			(void) untimeout(tid);
1695 			mutex_enter(&mptsas_global_mutex);
1696 		}
1697 		if (mptsas_reset_watch) {
1698 			tid = mptsas_reset_watch;
1699 			mptsas_reset_watch = 0;
1700 			mutex_exit(&mptsas_global_mutex);
1701 			(void) untimeout(tid);
1702 			mutex_enter(&mptsas_global_mutex);
1703 		}
1704 	}
1705 	mutex_exit(&mptsas_global_mutex);
1706 
1707 	mutex_enter(&mpt->m_mutex);
1708 
1709 	/*
1710 	 * If this mpt is not in full power(PM_LEVEL_D0), just return.
1711 	 */
1712 	if ((mpt->m_options & MPTSAS_OPT_PM) &&
1713 	    (mpt->m_power_level != PM_LEVEL_D0)) {
1714 		mutex_exit(&mpt->m_mutex);
1715 		return (DDI_SUCCESS);
1716 	}
1717 
1718 	/* Disable HBA interrupts in hardware */
1719 	MPTSAS_DISABLE_INTR(mpt);
1720 	/*
1721 	 * Send RAID action system shutdown to sync IR
1722 	 */
1723 	mptsas_raid_action_system_shutdown(mpt);
1724 
1725 	mutex_exit(&mpt->m_mutex);
1726 
1727 	/* drain the taskq */
1728 	ddi_taskq_wait(mpt->m_event_taskq);
1729 	ddi_taskq_wait(mpt->m_dr_taskq);
1730 
1731 	return (DDI_SUCCESS);
1732 }
1733 
1734 #ifdef	__sparc
1735 /*ARGSUSED*/
1736 static int
1737 mptsas_reset(dev_info_t *devi, ddi_reset_cmd_t cmd)
1738 {
1739 	mptsas_t	*mpt;
1740 	scsi_hba_tran_t *tran;
1741 
1742 	/*
1743 	 * If this call is for iport, just return.
1744 	 */
1745 	if (scsi_hba_iport_unit_address(devi))
1746 		return (DDI_SUCCESS);
1747 
1748 	if ((tran = ddi_get_driver_private(devi)) == NULL)
1749 		return (DDI_SUCCESS);
1750 
1751 	if ((mpt = TRAN2MPT(tran)) == NULL)
1752 		return (DDI_SUCCESS);
1753 
1754 	/*
1755 	 * Send RAID action system shutdown to sync IR.  Disable HBA
1756 	 * interrupts in hardware first.
1757 	 */
1758 	MPTSAS_DISABLE_INTR(mpt);
1759 	mptsas_raid_action_system_shutdown(mpt);
1760 
1761 	return (DDI_SUCCESS);
1762 }
1763 #else /* __sparc */
1764 /*
1765  * quiesce(9E) entry point.
1766  *
1767  * This function is called when the system is single-threaded at high
1768  * PIL with preemption disabled. Therefore, this function must not be
1769  * blocked.
1770  *
1771  * This function returns DDI_SUCCESS on success, or DDI_FAILURE on failure.
1772  * DDI_FAILURE indicates an error condition and should almost never happen.
1773  */
1774 static int
1775 mptsas_quiesce(dev_info_t *devi)
1776 {
1777 	mptsas_t	*mpt;
1778 	scsi_hba_tran_t *tran;
1779 
1780 	/*
1781 	 * If this call is for iport, just return.
1782 	 */
1783 	if (scsi_hba_iport_unit_address(devi))
1784 		return (DDI_SUCCESS);
1785 
1786 	if ((tran = ddi_get_driver_private(devi)) == NULL)
1787 		return (DDI_SUCCESS);
1788 
1789 	if ((mpt = TRAN2MPT(tran)) == NULL)
1790 		return (DDI_SUCCESS);
1791 
1792 	/* Disable HBA interrupts in hardware */
1793 	MPTSAS_DISABLE_INTR(mpt);
1794 	/* Send RAID action system shutdonw to sync IR */
1795 	mptsas_raid_action_system_shutdown(mpt);
1796 
1797 	return (DDI_SUCCESS);
1798 }
1799 #endif	/* __sparc */
1800 
1801 /*
1802  * detach(9E).	Remove all device allocations and system resources;
1803  * disable device interrupts.
1804  * Return DDI_SUCCESS if done; DDI_FAILURE if there's a problem.
1805  */
1806 static int
1807 mptsas_detach(dev_info_t *devi, ddi_detach_cmd_t cmd)
1808 {
1809 	/* CONSTCOND */
1810 	ASSERT(NO_COMPETING_THREADS);
1811 	NDBG0(("mptsas_detach: dip=0x%p cmd=0x%p", (void *)devi, (void *)cmd));
1812 
1813 	switch (cmd) {
1814 	case DDI_DETACH:
1815 		return (mptsas_do_detach(devi));
1816 
1817 	case DDI_SUSPEND:
1818 		return (mptsas_suspend(devi));
1819 
1820 	default:
1821 		return (DDI_FAILURE);
1822 	}
1823 	/* NOTREACHED */
1824 }
1825 
1826 static int
1827 mptsas_do_detach(dev_info_t *dip)
1828 {
1829 	mptsas_t	*mpt;
1830 	scsi_hba_tran_t	*tran;
1831 	int		circ = 0;
1832 	int		circ1 = 0;
1833 	mdi_pathinfo_t	*pip = NULL;
1834 	int		i;
1835 	int		doneq_thread_num = 0;
1836 
1837 	NDBG0(("mptsas_do_detach: dip=0x%p", (void *)dip));
1838 
1839 	if ((tran = ndi_flavorv_get(dip, SCSA_FLAVOR_SCSI_DEVICE)) == NULL)
1840 		return (DDI_FAILURE);
1841 
1842 	mpt = TRAN2MPT(tran);
1843 	if (!mpt) {
1844 		return (DDI_FAILURE);
1845 	}
1846 	/*
1847 	 * Still have pathinfo child, should not detach mpt driver
1848 	 */
1849 	if (scsi_hba_iport_unit_address(dip)) {
1850 		if (mpt->m_mpxio_enable) {
1851 			/*
1852 			 * MPxIO enabled for the iport
1853 			 */
1854 			ndi_devi_enter(scsi_vhci_dip, &circ1);
1855 			ndi_devi_enter(dip, &circ);
1856 			while (pip = mdi_get_next_client_path(dip, NULL)) {
1857 				if (mdi_pi_free(pip, 0) == MDI_SUCCESS) {
1858 					continue;
1859 				}
1860 				ndi_devi_exit(dip, circ);
1861 				ndi_devi_exit(scsi_vhci_dip, circ1);
1862 				NDBG12(("detach failed because of "
1863 				    "outstanding path info"));
1864 				return (DDI_FAILURE);
1865 			}
1866 			ndi_devi_exit(dip, circ);
1867 			ndi_devi_exit(scsi_vhci_dip, circ1);
1868 			(void) mdi_phci_unregister(dip, 0);
1869 		}
1870 
1871 		ddi_prop_remove_all(dip);
1872 
1873 		return (DDI_SUCCESS);
1874 	}
1875 
1876 	/* Make sure power level is D0 before accessing registers */
1877 	if (mpt->m_options & MPTSAS_OPT_PM) {
1878 		(void) pm_busy_component(dip, 0);
1879 		if (mpt->m_power_level != PM_LEVEL_D0) {
1880 			if (pm_raise_power(dip, 0, PM_LEVEL_D0) !=
1881 			    DDI_SUCCESS) {
1882 				mptsas_log(mpt, CE_WARN,
1883 				    "mptsas%d: Raise power request failed.",
1884 				    mpt->m_instance);
1885 				(void) pm_idle_component(dip, 0);
1886 				return (DDI_FAILURE);
1887 			}
1888 		}
1889 	}
1890 
1891 	/*
1892 	 * Send RAID action system shutdown to sync IR.  After action, send a
1893 	 * Message Unit Reset. Since after that DMA resource will be freed,
1894 	 * set ioc to READY state will avoid HBA initiated DMA operation.
1895 	 */
1896 	mutex_enter(&mpt->m_mutex);
1897 	MPTSAS_DISABLE_INTR(mpt);
1898 	mptsas_raid_action_system_shutdown(mpt);
1899 	mpt->m_softstate |= MPTSAS_SS_MSG_UNIT_RESET;
1900 	(void) mptsas_ioc_reset(mpt, FALSE);
1901 	mutex_exit(&mpt->m_mutex);
1902 	mptsas_rem_intrs(mpt);
1903 	ddi_taskq_destroy(mpt->m_event_taskq);
1904 	ddi_taskq_destroy(mpt->m_dr_taskq);
1905 
1906 	if (mpt->m_doneq_thread_n) {
1907 		mutex_enter(&mpt->m_doneq_mutex);
1908 		doneq_thread_num = mpt->m_doneq_thread_n;
1909 		for (i = 0; i < mpt->m_doneq_thread_n; i++) {
1910 			mutex_enter(&mpt->m_doneq_thread_id[i].mutex);
1911 			mpt->m_doneq_thread_id[i].flag &=
1912 			    (~MPTSAS_DONEQ_THREAD_ACTIVE);
1913 			cv_signal(&mpt->m_doneq_thread_id[i].cv);
1914 			mutex_exit(&mpt->m_doneq_thread_id[i].mutex);
1915 		}
1916 		while (mpt->m_doneq_thread_n) {
1917 			cv_wait(&mpt->m_doneq_thread_cv,
1918 			    &mpt->m_doneq_mutex);
1919 		}
1920 		for (i = 0;  i < doneq_thread_num; i++) {
1921 			cv_destroy(&mpt->m_doneq_thread_id[i].cv);
1922 			mutex_destroy(&mpt->m_doneq_thread_id[i].mutex);
1923 		}
1924 		kmem_free(mpt->m_doneq_thread_id,
1925 		    sizeof (mptsas_doneq_thread_list_t)
1926 		    * doneq_thread_num);
1927 		mutex_exit(&mpt->m_doneq_mutex);
1928 		cv_destroy(&mpt->m_doneq_thread_cv);
1929 		mutex_destroy(&mpt->m_doneq_mutex);
1930 	}
1931 
1932 	scsi_hba_reset_notify_tear_down(mpt->m_reset_notify_listf);
1933 
1934 	mptsas_list_del(mpt);
1935 
1936 	/*
1937 	 * Cancel timeout threads for this mpt
1938 	 */
1939 	mutex_enter(&mpt->m_mutex);
1940 	if (mpt->m_quiesce_timeid) {
1941 		timeout_id_t tid = mpt->m_quiesce_timeid;
1942 		mpt->m_quiesce_timeid = 0;
1943 		mutex_exit(&mpt->m_mutex);
1944 		(void) untimeout(tid);
1945 		mutex_enter(&mpt->m_mutex);
1946 	}
1947 
1948 	if (mpt->m_restart_cmd_timeid) {
1949 		timeout_id_t tid = mpt->m_restart_cmd_timeid;
1950 		mpt->m_restart_cmd_timeid = 0;
1951 		mutex_exit(&mpt->m_mutex);
1952 		(void) untimeout(tid);
1953 		mutex_enter(&mpt->m_mutex);
1954 	}
1955 
1956 	mutex_exit(&mpt->m_mutex);
1957 
1958 	/*
1959 	 * last mpt? ... if active, CANCEL watch threads.
1960 	 */
1961 	mutex_enter(&mptsas_global_mutex);
1962 	if (mptsas_head == NULL) {
1963 		timeout_id_t tid;
1964 		/*
1965 		 * Clear mptsas_timeouts_enable so that the watch thread
1966 		 * gets restarted on DDI_ATTACH
1967 		 */
1968 		mptsas_timeouts_enabled = 0;
1969 		if (mptsas_timeout_id) {
1970 			tid = mptsas_timeout_id;
1971 			mptsas_timeout_id = 0;
1972 			mutex_exit(&mptsas_global_mutex);
1973 			(void) untimeout(tid);
1974 			mutex_enter(&mptsas_global_mutex);
1975 		}
1976 		if (mptsas_reset_watch) {
1977 			tid = mptsas_reset_watch;
1978 			mptsas_reset_watch = 0;
1979 			mutex_exit(&mptsas_global_mutex);
1980 			(void) untimeout(tid);
1981 			mutex_enter(&mptsas_global_mutex);
1982 		}
1983 	}
1984 	mutex_exit(&mptsas_global_mutex);
1985 
1986 	/*
1987 	 * Delete Phy stats
1988 	 */
1989 	mptsas_destroy_phy_stats(mpt);
1990 
1991 	mptsas_destroy_hashes(mpt);
1992 
1993 	/*
1994 	 * Delete nt_active.
1995 	 */
1996 	mutex_enter(&mpt->m_mutex);
1997 	mptsas_free_active_slots(mpt);
1998 	mutex_exit(&mpt->m_mutex);
1999 
2000 	/* deallocate everything that was allocated in mptsas_attach */
2001 	mptsas_cache_destroy(mpt);
2002 
2003 	mptsas_hba_fini(mpt);
2004 	mptsas_cfg_fini(mpt);
2005 
2006 	/* Lower the power informing PM Framework */
2007 	if (mpt->m_options & MPTSAS_OPT_PM) {
2008 		if (pm_lower_power(dip, 0, PM_LEVEL_D3) != DDI_SUCCESS)
2009 			mptsas_log(mpt, CE_WARN,
2010 			    "!mptsas%d: Lower power request failed "
2011 			    "during detach, ignoring.",
2012 			    mpt->m_instance);
2013 	}
2014 
2015 	mutex_destroy(&mpt->m_tx_waitq_mutex);
2016 	mutex_destroy(&mpt->m_passthru_mutex);
2017 	mutex_destroy(&mpt->m_mutex);
2018 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
2019 		mutex_destroy(&mpt->m_phy_info[i].smhba_info.phy_mutex);
2020 	}
2021 	cv_destroy(&mpt->m_cv);
2022 	cv_destroy(&mpt->m_passthru_cv);
2023 	cv_destroy(&mpt->m_fw_cv);
2024 	cv_destroy(&mpt->m_config_cv);
2025 	cv_destroy(&mpt->m_fw_diag_cv);
2026 
2027 
2028 	mptsas_smp_teardown(mpt);
2029 	mptsas_hba_teardown(mpt);
2030 
2031 	mptsas_config_space_fini(mpt);
2032 
2033 	mptsas_free_handshake_msg(mpt);
2034 
2035 	mptsas_fm_fini(mpt);
2036 	ddi_soft_state_free(mptsas_state, ddi_get_instance(dip));
2037 	ddi_prop_remove_all(dip);
2038 
2039 	return (DDI_SUCCESS);
2040 }
2041 
2042 static void
2043 mptsas_list_add(mptsas_t *mpt)
2044 {
2045 	rw_enter(&mptsas_global_rwlock, RW_WRITER);
2046 
2047 	if (mptsas_head == NULL) {
2048 		mptsas_head = mpt;
2049 	} else {
2050 		mptsas_tail->m_next = mpt;
2051 	}
2052 	mptsas_tail = mpt;
2053 	rw_exit(&mptsas_global_rwlock);
2054 }
2055 
2056 static void
2057 mptsas_list_del(mptsas_t *mpt)
2058 {
2059 	mptsas_t *m;
2060 	/*
2061 	 * Remove device instance from the global linked list
2062 	 */
2063 	rw_enter(&mptsas_global_rwlock, RW_WRITER);
2064 	if (mptsas_head == mpt) {
2065 		m = mptsas_head = mpt->m_next;
2066 	} else {
2067 		for (m = mptsas_head; m != NULL; m = m->m_next) {
2068 			if (m->m_next == mpt) {
2069 				m->m_next = mpt->m_next;
2070 				break;
2071 			}
2072 		}
2073 		if (m == NULL) {
2074 			mptsas_log(mpt, CE_PANIC, "Not in softc list!");
2075 		}
2076 	}
2077 
2078 	if (mptsas_tail == mpt) {
2079 		mptsas_tail = m;
2080 	}
2081 	rw_exit(&mptsas_global_rwlock);
2082 }
2083 
2084 static int
2085 mptsas_alloc_handshake_msg(mptsas_t *mpt, size_t alloc_size)
2086 {
2087 	ddi_dma_attr_t	task_dma_attrs;
2088 
2089 	mpt->m_hshk_dma_size = 0;
2090 	task_dma_attrs = mpt->m_msg_dma_attr;
2091 	task_dma_attrs.dma_attr_sgllen = 1;
2092 	task_dma_attrs.dma_attr_granular = (uint32_t)(alloc_size);
2093 
2094 	/* allocate Task Management ddi_dma resources */
2095 	if (mptsas_dma_addr_create(mpt, task_dma_attrs,
2096 	    &mpt->m_hshk_dma_hdl, &mpt->m_hshk_acc_hdl, &mpt->m_hshk_memp,
2097 	    alloc_size, NULL) == FALSE) {
2098 		return (DDI_FAILURE);
2099 	}
2100 	mpt->m_hshk_dma_size = alloc_size;
2101 
2102 	return (DDI_SUCCESS);
2103 }
2104 
2105 static void
2106 mptsas_free_handshake_msg(mptsas_t *mpt)
2107 {
2108 	if (mpt->m_hshk_dma_size == 0)
2109 		return;
2110 	mptsas_dma_addr_destroy(&mpt->m_hshk_dma_hdl, &mpt->m_hshk_acc_hdl);
2111 	mpt->m_hshk_dma_size = 0;
2112 }
2113 
2114 static int
2115 mptsas_hba_setup(mptsas_t *mpt)
2116 {
2117 	scsi_hba_tran_t		*hba_tran;
2118 	int			tran_flags;
2119 
2120 	/* Allocate a transport structure */
2121 	hba_tran = mpt->m_tran = scsi_hba_tran_alloc(mpt->m_dip,
2122 	    SCSI_HBA_CANSLEEP);
2123 	ASSERT(mpt->m_tran != NULL);
2124 
2125 	hba_tran->tran_hba_private	= mpt;
2126 	hba_tran->tran_tgt_private	= NULL;
2127 
2128 	hba_tran->tran_tgt_init		= mptsas_scsi_tgt_init;
2129 	hba_tran->tran_tgt_free		= mptsas_scsi_tgt_free;
2130 
2131 	hba_tran->tran_start		= mptsas_scsi_start;
2132 	hba_tran->tran_reset		= mptsas_scsi_reset;
2133 	hba_tran->tran_abort		= mptsas_scsi_abort;
2134 	hba_tran->tran_getcap		= mptsas_scsi_getcap;
2135 	hba_tran->tran_setcap		= mptsas_scsi_setcap;
2136 	hba_tran->tran_init_pkt		= mptsas_scsi_init_pkt;
2137 	hba_tran->tran_destroy_pkt	= mptsas_scsi_destroy_pkt;
2138 
2139 	hba_tran->tran_dmafree		= mptsas_scsi_dmafree;
2140 	hba_tran->tran_sync_pkt		= mptsas_scsi_sync_pkt;
2141 	hba_tran->tran_reset_notify	= mptsas_scsi_reset_notify;
2142 
2143 	hba_tran->tran_get_bus_addr	= mptsas_get_bus_addr;
2144 	hba_tran->tran_get_name		= mptsas_get_name;
2145 
2146 	hba_tran->tran_quiesce		= mptsas_scsi_quiesce;
2147 	hba_tran->tran_unquiesce	= mptsas_scsi_unquiesce;
2148 	hba_tran->tran_bus_reset	= NULL;
2149 
2150 	hba_tran->tran_add_eventcall	= NULL;
2151 	hba_tran->tran_get_eventcookie	= NULL;
2152 	hba_tran->tran_post_event	= NULL;
2153 	hba_tran->tran_remove_eventcall	= NULL;
2154 
2155 	hba_tran->tran_bus_config	= mptsas_bus_config;
2156 
2157 	hba_tran->tran_interconnect_type = INTERCONNECT_SAS;
2158 
2159 	/*
2160 	 * All children of the HBA are iports. We need tran was cloned.
2161 	 * So we pass the flags to SCSA. SCSI_HBA_TRAN_CLONE will be
2162 	 * inherited to iport's tran vector.
2163 	 */
2164 	tran_flags = (SCSI_HBA_HBA | SCSI_HBA_TRAN_CLONE);
2165 
2166 	if (scsi_hba_attach_setup(mpt->m_dip, &mpt->m_msg_dma_attr,
2167 	    hba_tran, tran_flags) != DDI_SUCCESS) {
2168 		mptsas_log(mpt, CE_WARN, "hba attach setup failed");
2169 		scsi_hba_tran_free(hba_tran);
2170 		mpt->m_tran = NULL;
2171 		return (FALSE);
2172 	}
2173 	return (TRUE);
2174 }
2175 
2176 static void
2177 mptsas_hba_teardown(mptsas_t *mpt)
2178 {
2179 	(void) scsi_hba_detach(mpt->m_dip);
2180 	if (mpt->m_tran != NULL) {
2181 		scsi_hba_tran_free(mpt->m_tran);
2182 		mpt->m_tran = NULL;
2183 	}
2184 }
2185 
2186 static void
2187 mptsas_iport_register(mptsas_t *mpt)
2188 {
2189 	int i, j;
2190 	mptsas_phymask_t	mask = 0x0;
2191 	/*
2192 	 * initial value of mask is 0
2193 	 */
2194 	mutex_enter(&mpt->m_mutex);
2195 	for (i = 0; i < mpt->m_num_phys; i++) {
2196 		mptsas_phymask_t phy_mask = 0x0;
2197 		char phy_mask_name[MPTSAS_MAX_PHYS];
2198 		uint8_t current_port;
2199 
2200 		if (mpt->m_phy_info[i].attached_devhdl == 0)
2201 			continue;
2202 
2203 		bzero(phy_mask_name, sizeof (phy_mask_name));
2204 
2205 		current_port = mpt->m_phy_info[i].port_num;
2206 
2207 		if ((mask & (1 << i)) != 0)
2208 			continue;
2209 
2210 		for (j = 0; j < mpt->m_num_phys; j++) {
2211 			if (mpt->m_phy_info[j].attached_devhdl &&
2212 			    (mpt->m_phy_info[j].port_num == current_port)) {
2213 				phy_mask |= (1 << j);
2214 			}
2215 		}
2216 		mask = mask | phy_mask;
2217 
2218 		for (j = 0; j < mpt->m_num_phys; j++) {
2219 			if ((phy_mask >> j) & 0x01) {
2220 				mpt->m_phy_info[j].phy_mask = phy_mask;
2221 			}
2222 		}
2223 
2224 		(void) sprintf(phy_mask_name, "%x", phy_mask);
2225 
2226 		mutex_exit(&mpt->m_mutex);
2227 		/*
2228 		 * register a iport
2229 		 */
2230 		(void) scsi_hba_iport_register(mpt->m_dip, phy_mask_name);
2231 		mutex_enter(&mpt->m_mutex);
2232 	}
2233 	mutex_exit(&mpt->m_mutex);
2234 	/*
2235 	 * register a virtual port for RAID volume always
2236 	 */
2237 	(void) scsi_hba_iport_register(mpt->m_dip, "v0");
2238 
2239 }
2240 
2241 static int
2242 mptsas_smp_setup(mptsas_t *mpt)
2243 {
2244 	mpt->m_smptran = smp_hba_tran_alloc(mpt->m_dip);
2245 	ASSERT(mpt->m_smptran != NULL);
2246 	mpt->m_smptran->smp_tran_hba_private = mpt;
2247 	mpt->m_smptran->smp_tran_start = mptsas_smp_start;
2248 	if (smp_hba_attach_setup(mpt->m_dip, mpt->m_smptran) != DDI_SUCCESS) {
2249 		mptsas_log(mpt, CE_WARN, "smp attach setup failed");
2250 		smp_hba_tran_free(mpt->m_smptran);
2251 		mpt->m_smptran = NULL;
2252 		return (FALSE);
2253 	}
2254 	/*
2255 	 * Initialize smp hash table
2256 	 */
2257 	mpt->m_smp_targets = refhash_create(MPTSAS_SMP_BUCKET_COUNT,
2258 	    mptsas_target_addr_hash, mptsas_target_addr_cmp,
2259 	    mptsas_smp_free, sizeof (mptsas_smp_t),
2260 	    offsetof(mptsas_smp_t, m_link), offsetof(mptsas_smp_t, m_addr),
2261 	    KM_SLEEP);
2262 	mpt->m_smp_devhdl = 0xFFFF;
2263 
2264 	return (TRUE);
2265 }
2266 
2267 static void
2268 mptsas_smp_teardown(mptsas_t *mpt)
2269 {
2270 	(void) smp_hba_detach(mpt->m_dip);
2271 	if (mpt->m_smptran != NULL) {
2272 		smp_hba_tran_free(mpt->m_smptran);
2273 		mpt->m_smptran = NULL;
2274 	}
2275 	mpt->m_smp_devhdl = 0;
2276 }
2277 
2278 static int
2279 mptsas_cache_create(mptsas_t *mpt)
2280 {
2281 	int instance = mpt->m_instance;
2282 	char buf[64];
2283 
2284 	/*
2285 	 * create kmem cache for packets
2286 	 */
2287 	(void) sprintf(buf, "mptsas%d_cache", instance);
2288 	mpt->m_kmem_cache = kmem_cache_create(buf,
2289 	    sizeof (struct mptsas_cmd) + scsi_pkt_size(), 8,
2290 	    mptsas_kmem_cache_constructor, mptsas_kmem_cache_destructor,
2291 	    NULL, (void *)mpt, NULL, 0);
2292 
2293 	if (mpt->m_kmem_cache == NULL) {
2294 		mptsas_log(mpt, CE_WARN, "creating kmem cache failed");
2295 		return (FALSE);
2296 	}
2297 
2298 	/*
2299 	 * create kmem cache for extra SGL frames if SGL cannot
2300 	 * be accomodated into main request frame.
2301 	 */
2302 	(void) sprintf(buf, "mptsas%d_cache_frames", instance);
2303 	mpt->m_cache_frames = kmem_cache_create(buf,
2304 	    sizeof (mptsas_cache_frames_t), 8,
2305 	    mptsas_cache_frames_constructor, mptsas_cache_frames_destructor,
2306 	    NULL, (void *)mpt, NULL, 0);
2307 
2308 	if (mpt->m_cache_frames == NULL) {
2309 		mptsas_log(mpt, CE_WARN, "creating cache for frames failed");
2310 		return (FALSE);
2311 	}
2312 
2313 	return (TRUE);
2314 }
2315 
2316 static void
2317 mptsas_cache_destroy(mptsas_t *mpt)
2318 {
2319 	/* deallocate in reverse order */
2320 	if (mpt->m_cache_frames) {
2321 		kmem_cache_destroy(mpt->m_cache_frames);
2322 		mpt->m_cache_frames = NULL;
2323 	}
2324 	if (mpt->m_kmem_cache) {
2325 		kmem_cache_destroy(mpt->m_kmem_cache);
2326 		mpt->m_kmem_cache = NULL;
2327 	}
2328 }
2329 
2330 static int
2331 mptsas_power(dev_info_t *dip, int component, int level)
2332 {
2333 #ifndef __lock_lint
2334 	_NOTE(ARGUNUSED(component))
2335 #endif
2336 	mptsas_t	*mpt;
2337 	int		rval = DDI_SUCCESS;
2338 	int		polls = 0;
2339 	uint32_t	ioc_status;
2340 
2341 	if (scsi_hba_iport_unit_address(dip) != 0)
2342 		return (DDI_SUCCESS);
2343 
2344 	mpt = ddi_get_soft_state(mptsas_state, ddi_get_instance(dip));
2345 	if (mpt == NULL) {
2346 		return (DDI_FAILURE);
2347 	}
2348 
2349 	mutex_enter(&mpt->m_mutex);
2350 
2351 	/*
2352 	 * If the device is busy, don't lower its power level
2353 	 */
2354 	if (mpt->m_busy && (mpt->m_power_level > level)) {
2355 		mutex_exit(&mpt->m_mutex);
2356 		return (DDI_FAILURE);
2357 	}
2358 	switch (level) {
2359 	case PM_LEVEL_D0:
2360 		NDBG11(("mptsas%d: turning power ON.", mpt->m_instance));
2361 		MPTSAS_POWER_ON(mpt);
2362 		/*
2363 		 * Wait up to 30 seconds for IOC to come out of reset.
2364 		 */
2365 		while (((ioc_status = ddi_get32(mpt->m_datap,
2366 		    &mpt->m_reg->Doorbell)) &
2367 		    MPI2_IOC_STATE_MASK) == MPI2_IOC_STATE_RESET) {
2368 			if (polls++ > 3000) {
2369 				break;
2370 			}
2371 			delay(drv_usectohz(10000));
2372 		}
2373 		/*
2374 		 * If IOC is not in operational state, try to hard reset it.
2375 		 */
2376 		if ((ioc_status & MPI2_IOC_STATE_MASK) !=
2377 		    MPI2_IOC_STATE_OPERATIONAL) {
2378 			mpt->m_softstate &= ~MPTSAS_SS_MSG_UNIT_RESET;
2379 			if (mptsas_restart_ioc(mpt) == DDI_FAILURE) {
2380 				mptsas_log(mpt, CE_WARN,
2381 				    "mptsas_power: hard reset failed");
2382 				mutex_exit(&mpt->m_mutex);
2383 				return (DDI_FAILURE);
2384 			}
2385 		}
2386 		mpt->m_power_level = PM_LEVEL_D0;
2387 		break;
2388 	case PM_LEVEL_D3:
2389 		NDBG11(("mptsas%d: turning power OFF.", mpt->m_instance));
2390 		MPTSAS_POWER_OFF(mpt);
2391 		break;
2392 	default:
2393 		mptsas_log(mpt, CE_WARN, "mptsas%d: unknown power level <%x>.",
2394 		    mpt->m_instance, level);
2395 		rval = DDI_FAILURE;
2396 		break;
2397 	}
2398 	mutex_exit(&mpt->m_mutex);
2399 	return (rval);
2400 }
2401 
2402 /*
2403  * Initialize configuration space and figure out which
2404  * chip and revison of the chip the mpt driver is using.
2405  */
2406 static int
2407 mptsas_config_space_init(mptsas_t *mpt)
2408 {
2409 	NDBG0(("mptsas_config_space_init"));
2410 
2411 	if (mpt->m_config_handle != NULL)
2412 		return (TRUE);
2413 
2414 	if (pci_config_setup(mpt->m_dip,
2415 	    &mpt->m_config_handle) != DDI_SUCCESS) {
2416 		mptsas_log(mpt, CE_WARN, "cannot map configuration space.");
2417 		return (FALSE);
2418 	}
2419 
2420 	/*
2421 	 * This is a workaround for a XMITS ASIC bug which does not
2422 	 * drive the CBE upper bits.
2423 	 */
2424 	if (pci_config_get16(mpt->m_config_handle, PCI_CONF_STAT) &
2425 	    PCI_STAT_PERROR) {
2426 		pci_config_put16(mpt->m_config_handle, PCI_CONF_STAT,
2427 		    PCI_STAT_PERROR);
2428 	}
2429 
2430 	mptsas_setup_cmd_reg(mpt);
2431 
2432 	/*
2433 	 * Get the chip device id:
2434 	 */
2435 	mpt->m_devid = pci_config_get16(mpt->m_config_handle, PCI_CONF_DEVID);
2436 
2437 	/*
2438 	 * Save the revision.
2439 	 */
2440 	mpt->m_revid = pci_config_get8(mpt->m_config_handle, PCI_CONF_REVID);
2441 
2442 	/*
2443 	 * Save the SubSystem Vendor and Device IDs
2444 	 */
2445 	mpt->m_svid = pci_config_get16(mpt->m_config_handle, PCI_CONF_SUBVENID);
2446 	mpt->m_ssid = pci_config_get16(mpt->m_config_handle, PCI_CONF_SUBSYSID);
2447 
2448 	/*
2449 	 * Set the latency timer to 0x40 as specified by the upa -> pci
2450 	 * bridge chip design team.  This may be done by the sparc pci
2451 	 * bus nexus driver, but the driver should make sure the latency
2452 	 * timer is correct for performance reasons.
2453 	 */
2454 	pci_config_put8(mpt->m_config_handle, PCI_CONF_LATENCY_TIMER,
2455 	    MPTSAS_LATENCY_TIMER);
2456 
2457 	(void) mptsas_get_pci_cap(mpt);
2458 	return (TRUE);
2459 }
2460 
2461 static void
2462 mptsas_config_space_fini(mptsas_t *mpt)
2463 {
2464 	if (mpt->m_config_handle != NULL) {
2465 		mptsas_disable_bus_master(mpt);
2466 		pci_config_teardown(&mpt->m_config_handle);
2467 		mpt->m_config_handle = NULL;
2468 	}
2469 }
2470 
2471 static void
2472 mptsas_setup_cmd_reg(mptsas_t *mpt)
2473 {
2474 	ushort_t	cmdreg;
2475 
2476 	/*
2477 	 * Set the command register to the needed values.
2478 	 */
2479 	cmdreg = pci_config_get16(mpt->m_config_handle, PCI_CONF_COMM);
2480 	cmdreg |= (PCI_COMM_ME | PCI_COMM_SERR_ENABLE |
2481 	    PCI_COMM_PARITY_DETECT | PCI_COMM_MAE);
2482 	cmdreg &= ~PCI_COMM_IO;
2483 	pci_config_put16(mpt->m_config_handle, PCI_CONF_COMM, cmdreg);
2484 }
2485 
2486 static void
2487 mptsas_disable_bus_master(mptsas_t *mpt)
2488 {
2489 	ushort_t	cmdreg;
2490 
2491 	/*
2492 	 * Clear the master enable bit in the PCI command register.
2493 	 * This prevents any bus mastering activity like DMA.
2494 	 */
2495 	cmdreg = pci_config_get16(mpt->m_config_handle, PCI_CONF_COMM);
2496 	cmdreg &= ~PCI_COMM_ME;
2497 	pci_config_put16(mpt->m_config_handle, PCI_CONF_COMM, cmdreg);
2498 }
2499 
2500 int
2501 mptsas_dma_alloc(mptsas_t *mpt, mptsas_dma_alloc_state_t *dma_statep)
2502 {
2503 	ddi_dma_attr_t	attrs;
2504 
2505 	attrs = mpt->m_io_dma_attr;
2506 	attrs.dma_attr_sgllen = 1;
2507 
2508 	ASSERT(dma_statep != NULL);
2509 
2510 	if (mptsas_dma_addr_create(mpt, attrs, &dma_statep->handle,
2511 	    &dma_statep->accessp, &dma_statep->memp, dma_statep->size,
2512 	    &dma_statep->cookie) == FALSE) {
2513 		return (DDI_FAILURE);
2514 	}
2515 
2516 	return (DDI_SUCCESS);
2517 }
2518 
2519 void
2520 mptsas_dma_free(mptsas_dma_alloc_state_t *dma_statep)
2521 {
2522 	ASSERT(dma_statep != NULL);
2523 	mptsas_dma_addr_destroy(&dma_statep->handle, &dma_statep->accessp);
2524 	dma_statep->size = 0;
2525 }
2526 
2527 int
2528 mptsas_do_dma(mptsas_t *mpt, uint32_t size, int var, int (*callback)())
2529 {
2530 	ddi_dma_attr_t		attrs;
2531 	ddi_dma_handle_t	dma_handle;
2532 	caddr_t			memp;
2533 	ddi_acc_handle_t	accessp;
2534 	int			rval;
2535 
2536 	ASSERT(mutex_owned(&mpt->m_mutex));
2537 
2538 	attrs = mpt->m_msg_dma_attr;
2539 	attrs.dma_attr_sgllen = 1;
2540 	attrs.dma_attr_granular = size;
2541 
2542 	if (mptsas_dma_addr_create(mpt, attrs, &dma_handle,
2543 	    &accessp, &memp, size, NULL) == FALSE) {
2544 		return (DDI_FAILURE);
2545 	}
2546 
2547 	rval = (*callback) (mpt, memp, var, accessp);
2548 
2549 	if ((mptsas_check_dma_handle(dma_handle) != DDI_SUCCESS) ||
2550 	    (mptsas_check_acc_handle(accessp) != DDI_SUCCESS)) {
2551 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
2552 		rval = DDI_FAILURE;
2553 	}
2554 
2555 	mptsas_dma_addr_destroy(&dma_handle, &accessp);
2556 	return (rval);
2557 
2558 }
2559 
2560 static int
2561 mptsas_alloc_request_frames(mptsas_t *mpt)
2562 {
2563 	ddi_dma_attr_t		frame_dma_attrs;
2564 	caddr_t			memp;
2565 	ddi_dma_cookie_t	cookie;
2566 	size_t			mem_size;
2567 
2568 	/*
2569 	 * re-alloc when it has already alloced
2570 	 */
2571 	if (mpt->m_dma_req_frame_hdl)
2572 		mptsas_dma_addr_destroy(&mpt->m_dma_req_frame_hdl,
2573 		    &mpt->m_acc_req_frame_hdl);
2574 
2575 	/*
2576 	 * The size of the request frame pool is:
2577 	 *   Number of Request Frames * Request Frame Size
2578 	 */
2579 	mem_size = mpt->m_max_requests * mpt->m_req_frame_size;
2580 
2581 	/*
2582 	 * set the DMA attributes.  System Request Message Frames must be
2583 	 * aligned on a 16-byte boundry.
2584 	 */
2585 	frame_dma_attrs = mpt->m_msg_dma_attr;
2586 	frame_dma_attrs.dma_attr_align = 16;
2587 	frame_dma_attrs.dma_attr_sgllen = 1;
2588 
2589 	/*
2590 	 * allocate the request frame pool.
2591 	 */
2592 	if (mptsas_dma_addr_create(mpt, frame_dma_attrs,
2593 	    &mpt->m_dma_req_frame_hdl, &mpt->m_acc_req_frame_hdl, &memp,
2594 	    mem_size, &cookie) == FALSE) {
2595 		return (DDI_FAILURE);
2596 	}
2597 
2598 	/*
2599 	 * Store the request frame memory address.  This chip uses this
2600 	 * address to dma to and from the driver's frame.  The second
2601 	 * address is the address mpt uses to fill in the frame.
2602 	 */
2603 	mpt->m_req_frame_dma_addr = cookie.dmac_laddress;
2604 	mpt->m_req_frame = memp;
2605 
2606 	/*
2607 	 * Clear the request frame pool.
2608 	 */
2609 	bzero(mpt->m_req_frame, mem_size);
2610 
2611 	return (DDI_SUCCESS);
2612 }
2613 
2614 static int
2615 mptsas_alloc_sense_bufs(mptsas_t *mpt)
2616 {
2617 	ddi_dma_attr_t		sense_dma_attrs;
2618 	caddr_t			memp;
2619 	ddi_dma_cookie_t	cookie;
2620 	size_t			mem_size;
2621 	int			num_extrqsense_bufs;
2622 
2623 	/*
2624 	 * re-alloc when it has already alloced
2625 	 */
2626 	if (mpt->m_dma_req_sense_hdl) {
2627 		rmfreemap(mpt->m_erqsense_map);
2628 		mptsas_dma_addr_destroy(&mpt->m_dma_req_sense_hdl,
2629 		    &mpt->m_acc_req_sense_hdl);
2630 	}
2631 
2632 	/*
2633 	 * The size of the request sense pool is:
2634 	 *   (Number of Request Frames - 2 ) * Request Sense Size +
2635 	 *   extra memory for extended sense requests.
2636 	 */
2637 	mem_size = ((mpt->m_max_requests - 2) * mpt->m_req_sense_size) +
2638 	    mptsas_extreq_sense_bufsize;
2639 
2640 	/*
2641 	 * set the DMA attributes.  ARQ buffers
2642 	 * aligned on a 16-byte boundry.
2643 	 */
2644 	sense_dma_attrs = mpt->m_msg_dma_attr;
2645 	sense_dma_attrs.dma_attr_align = 16;
2646 	sense_dma_attrs.dma_attr_sgllen = 1;
2647 
2648 	/*
2649 	 * allocate the request sense buffer pool.
2650 	 */
2651 	if (mptsas_dma_addr_create(mpt, sense_dma_attrs,
2652 	    &mpt->m_dma_req_sense_hdl, &mpt->m_acc_req_sense_hdl, &memp,
2653 	    mem_size, &cookie) == FALSE) {
2654 		return (DDI_FAILURE);
2655 	}
2656 
2657 	/*
2658 	 * Store the request sense base memory address.  This chip uses this
2659 	 * address to dma the request sense data.  The second
2660 	 * address is the address mpt uses to access the data.
2661 	 * The third is the base for the extended rqsense buffers.
2662 	 */
2663 	mpt->m_req_sense_dma_addr = cookie.dmac_laddress;
2664 	mpt->m_req_sense = memp;
2665 	memp += (mpt->m_max_requests - 2) * mpt->m_req_sense_size;
2666 	mpt->m_extreq_sense = memp;
2667 
2668 	/*
2669 	 * The extra memory is divided up into multiples of the base
2670 	 * buffer size in order to allocate via rmalloc().
2671 	 * Note that the rmallocmap cannot start at zero!
2672 	 */
2673 	num_extrqsense_bufs = mptsas_extreq_sense_bufsize /
2674 	    mpt->m_req_sense_size;
2675 	mpt->m_erqsense_map = rmallocmap_wait(num_extrqsense_bufs);
2676 	rmfree(mpt->m_erqsense_map, num_extrqsense_bufs, 1);
2677 
2678 	/*
2679 	 * Clear the pool.
2680 	 */
2681 	bzero(mpt->m_req_sense, mem_size);
2682 
2683 	return (DDI_SUCCESS);
2684 }
2685 
2686 static int
2687 mptsas_alloc_reply_frames(mptsas_t *mpt)
2688 {
2689 	ddi_dma_attr_t		frame_dma_attrs;
2690 	caddr_t			memp;
2691 	ddi_dma_cookie_t	cookie;
2692 	size_t			mem_size;
2693 
2694 	/*
2695 	 * re-alloc when it has already alloced
2696 	 */
2697 	if (mpt->m_dma_reply_frame_hdl) {
2698 		mptsas_dma_addr_destroy(&mpt->m_dma_reply_frame_hdl,
2699 		    &mpt->m_acc_reply_frame_hdl);
2700 	}
2701 
2702 	/*
2703 	 * The size of the reply frame pool is:
2704 	 *   Number of Reply Frames * Reply Frame Size
2705 	 */
2706 	mem_size = mpt->m_max_replies * mpt->m_reply_frame_size;
2707 
2708 	/*
2709 	 * set the DMA attributes.   System Reply Message Frames must be
2710 	 * aligned on a 4-byte boundry.  This is the default.
2711 	 */
2712 	frame_dma_attrs = mpt->m_msg_dma_attr;
2713 	frame_dma_attrs.dma_attr_sgllen = 1;
2714 
2715 	/*
2716 	 * allocate the reply frame pool
2717 	 */
2718 	if (mptsas_dma_addr_create(mpt, frame_dma_attrs,
2719 	    &mpt->m_dma_reply_frame_hdl, &mpt->m_acc_reply_frame_hdl, &memp,
2720 	    mem_size, &cookie) == FALSE) {
2721 		return (DDI_FAILURE);
2722 	}
2723 
2724 	/*
2725 	 * Store the reply frame memory address.  This chip uses this
2726 	 * address to dma to and from the driver's frame.  The second
2727 	 * address is the address mpt uses to process the frame.
2728 	 */
2729 	mpt->m_reply_frame_dma_addr = cookie.dmac_laddress;
2730 	mpt->m_reply_frame = memp;
2731 
2732 	/*
2733 	 * Clear the reply frame pool.
2734 	 */
2735 	bzero(mpt->m_reply_frame, mem_size);
2736 
2737 	return (DDI_SUCCESS);
2738 }
2739 
2740 static int
2741 mptsas_alloc_free_queue(mptsas_t *mpt)
2742 {
2743 	ddi_dma_attr_t		frame_dma_attrs;
2744 	caddr_t			memp;
2745 	ddi_dma_cookie_t	cookie;
2746 	size_t			mem_size;
2747 
2748 	/*
2749 	 * re-alloc when it has already alloced
2750 	 */
2751 	if (mpt->m_dma_free_queue_hdl) {
2752 		mptsas_dma_addr_destroy(&mpt->m_dma_free_queue_hdl,
2753 		    &mpt->m_acc_free_queue_hdl);
2754 	}
2755 
2756 	/*
2757 	 * The reply free queue size is:
2758 	 *   Reply Free Queue Depth * 4
2759 	 * The "4" is the size of one 32 bit address (low part of 64-bit
2760 	 *   address)
2761 	 */
2762 	mem_size = mpt->m_free_queue_depth * 4;
2763 
2764 	/*
2765 	 * set the DMA attributes  The Reply Free Queue must be aligned on a
2766 	 * 16-byte boundry.
2767 	 */
2768 	frame_dma_attrs = mpt->m_msg_dma_attr;
2769 	frame_dma_attrs.dma_attr_align = 16;
2770 	frame_dma_attrs.dma_attr_sgllen = 1;
2771 
2772 	/*
2773 	 * allocate the reply free queue
2774 	 */
2775 	if (mptsas_dma_addr_create(mpt, frame_dma_attrs,
2776 	    &mpt->m_dma_free_queue_hdl, &mpt->m_acc_free_queue_hdl, &memp,
2777 	    mem_size, &cookie) == FALSE) {
2778 		return (DDI_FAILURE);
2779 	}
2780 
2781 	/*
2782 	 * Store the reply free queue memory address.  This chip uses this
2783 	 * address to read from the reply free queue.  The second address
2784 	 * is the address mpt uses to manage the queue.
2785 	 */
2786 	mpt->m_free_queue_dma_addr = cookie.dmac_laddress;
2787 	mpt->m_free_queue = memp;
2788 
2789 	/*
2790 	 * Clear the reply free queue memory.
2791 	 */
2792 	bzero(mpt->m_free_queue, mem_size);
2793 
2794 	return (DDI_SUCCESS);
2795 }
2796 
2797 static int
2798 mptsas_alloc_post_queue(mptsas_t *mpt)
2799 {
2800 	ddi_dma_attr_t		frame_dma_attrs;
2801 	caddr_t			memp;
2802 	ddi_dma_cookie_t	cookie;
2803 	size_t			mem_size;
2804 
2805 	/*
2806 	 * re-alloc when it has already alloced
2807 	 */
2808 	if (mpt->m_dma_post_queue_hdl) {
2809 		mptsas_dma_addr_destroy(&mpt->m_dma_post_queue_hdl,
2810 		    &mpt->m_acc_post_queue_hdl);
2811 	}
2812 
2813 	/*
2814 	 * The reply descriptor post queue size is:
2815 	 *   Reply Descriptor Post Queue Depth * 8
2816 	 * The "8" is the size of each descriptor (8 bytes or 64 bits).
2817 	 */
2818 	mem_size = mpt->m_post_queue_depth * 8;
2819 
2820 	/*
2821 	 * set the DMA attributes.  The Reply Descriptor Post Queue must be
2822 	 * aligned on a 16-byte boundry.
2823 	 */
2824 	frame_dma_attrs = mpt->m_msg_dma_attr;
2825 	frame_dma_attrs.dma_attr_align = 16;
2826 	frame_dma_attrs.dma_attr_sgllen = 1;
2827 
2828 	/*
2829 	 * allocate the reply post queue
2830 	 */
2831 	if (mptsas_dma_addr_create(mpt, frame_dma_attrs,
2832 	    &mpt->m_dma_post_queue_hdl, &mpt->m_acc_post_queue_hdl, &memp,
2833 	    mem_size, &cookie) == FALSE) {
2834 		return (DDI_FAILURE);
2835 	}
2836 
2837 	/*
2838 	 * Store the reply descriptor post queue memory address.  This chip
2839 	 * uses this address to write to the reply descriptor post queue.  The
2840 	 * second address is the address mpt uses to manage the queue.
2841 	 */
2842 	mpt->m_post_queue_dma_addr = cookie.dmac_laddress;
2843 	mpt->m_post_queue = memp;
2844 
2845 	/*
2846 	 * Clear the reply post queue memory.
2847 	 */
2848 	bzero(mpt->m_post_queue, mem_size);
2849 
2850 	return (DDI_SUCCESS);
2851 }
2852 
2853 static void
2854 mptsas_alloc_reply_args(mptsas_t *mpt)
2855 {
2856 	if (mpt->m_replyh_args == NULL) {
2857 		mpt->m_replyh_args = kmem_zalloc(sizeof (m_replyh_arg_t) *
2858 		    mpt->m_max_replies, KM_SLEEP);
2859 	}
2860 }
2861 
2862 static int
2863 mptsas_alloc_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd)
2864 {
2865 	mptsas_cache_frames_t	*frames = NULL;
2866 	if (cmd->cmd_extra_frames == NULL) {
2867 		frames = kmem_cache_alloc(mpt->m_cache_frames, KM_NOSLEEP);
2868 		if (frames == NULL) {
2869 			return (DDI_FAILURE);
2870 		}
2871 		cmd->cmd_extra_frames = frames;
2872 	}
2873 	return (DDI_SUCCESS);
2874 }
2875 
2876 static void
2877 mptsas_free_extra_sgl_frame(mptsas_t *mpt, mptsas_cmd_t *cmd)
2878 {
2879 	if (cmd->cmd_extra_frames) {
2880 		kmem_cache_free(mpt->m_cache_frames,
2881 		    (void *)cmd->cmd_extra_frames);
2882 		cmd->cmd_extra_frames = NULL;
2883 	}
2884 }
2885 
2886 static void
2887 mptsas_cfg_fini(mptsas_t *mpt)
2888 {
2889 	NDBG0(("mptsas_cfg_fini"));
2890 	ddi_regs_map_free(&mpt->m_datap);
2891 }
2892 
2893 static void
2894 mptsas_hba_fini(mptsas_t *mpt)
2895 {
2896 	NDBG0(("mptsas_hba_fini"));
2897 
2898 	/*
2899 	 * Free up any allocated memory
2900 	 */
2901 	if (mpt->m_dma_req_frame_hdl) {
2902 		mptsas_dma_addr_destroy(&mpt->m_dma_req_frame_hdl,
2903 		    &mpt->m_acc_req_frame_hdl);
2904 	}
2905 
2906 	if (mpt->m_dma_req_sense_hdl) {
2907 		rmfreemap(mpt->m_erqsense_map);
2908 		mptsas_dma_addr_destroy(&mpt->m_dma_req_sense_hdl,
2909 		    &mpt->m_acc_req_sense_hdl);
2910 	}
2911 
2912 	if (mpt->m_dma_reply_frame_hdl) {
2913 		mptsas_dma_addr_destroy(&mpt->m_dma_reply_frame_hdl,
2914 		    &mpt->m_acc_reply_frame_hdl);
2915 	}
2916 
2917 	if (mpt->m_dma_free_queue_hdl) {
2918 		mptsas_dma_addr_destroy(&mpt->m_dma_free_queue_hdl,
2919 		    &mpt->m_acc_free_queue_hdl);
2920 	}
2921 
2922 	if (mpt->m_dma_post_queue_hdl) {
2923 		mptsas_dma_addr_destroy(&mpt->m_dma_post_queue_hdl,
2924 		    &mpt->m_acc_post_queue_hdl);
2925 	}
2926 
2927 	if (mpt->m_replyh_args != NULL) {
2928 		kmem_free(mpt->m_replyh_args, sizeof (m_replyh_arg_t)
2929 		    * mpt->m_max_replies);
2930 	}
2931 }
2932 
2933 static int
2934 mptsas_name_child(dev_info_t *lun_dip, char *name, int len)
2935 {
2936 	int		lun = 0;
2937 	char		*sas_wwn = NULL;
2938 	int		phynum = -1;
2939 	int		reallen = 0;
2940 
2941 	/* Get the target num */
2942 	lun = ddi_prop_get_int(DDI_DEV_T_ANY, lun_dip, DDI_PROP_DONTPASS,
2943 	    LUN_PROP, 0);
2944 
2945 	if ((phynum = ddi_prop_get_int(DDI_DEV_T_ANY, lun_dip,
2946 	    DDI_PROP_DONTPASS, "sata-phy", -1)) != -1) {
2947 		/*
2948 		 * Stick in the address of form "pPHY,LUN"
2949 		 */
2950 		reallen = snprintf(name, len, "p%x,%x", phynum, lun);
2951 	} else if (ddi_prop_lookup_string(DDI_DEV_T_ANY, lun_dip,
2952 	    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_TARGET_PORT, &sas_wwn)
2953 	    == DDI_PROP_SUCCESS) {
2954 		/*
2955 		 * Stick in the address of the form "wWWN,LUN"
2956 		 */
2957 		reallen = snprintf(name, len, "%s,%x", sas_wwn, lun);
2958 		ddi_prop_free(sas_wwn);
2959 	} else {
2960 		return (DDI_FAILURE);
2961 	}
2962 
2963 	ASSERT(reallen < len);
2964 	if (reallen >= len) {
2965 		mptsas_log(0, CE_WARN, "!mptsas_get_name: name parameter "
2966 		    "length too small, it needs to be %d bytes", reallen + 1);
2967 	}
2968 	return (DDI_SUCCESS);
2969 }
2970 
2971 /*
2972  * tran_tgt_init(9E) - target device instance initialization
2973  */
2974 static int
2975 mptsas_scsi_tgt_init(dev_info_t *hba_dip, dev_info_t *tgt_dip,
2976     scsi_hba_tran_t *hba_tran, struct scsi_device *sd)
2977 {
2978 #ifndef __lock_lint
2979 	_NOTE(ARGUNUSED(hba_tran))
2980 #endif
2981 
2982 	/*
2983 	 * At this point, the scsi_device structure already exists
2984 	 * and has been initialized.
2985 	 *
2986 	 * Use this function to allocate target-private data structures,
2987 	 * if needed by this HBA.  Add revised flow-control and queue
2988 	 * properties for child here, if desired and if you can tell they
2989 	 * support tagged queueing by now.
2990 	 */
2991 	mptsas_t		*mpt;
2992 	int			lun = sd->sd_address.a_lun;
2993 	mdi_pathinfo_t		*pip = NULL;
2994 	mptsas_tgt_private_t	*tgt_private = NULL;
2995 	mptsas_target_t		*ptgt = NULL;
2996 	char			*psas_wwn = NULL;
2997 	mptsas_phymask_t	phymask = 0;
2998 	uint64_t		sas_wwn = 0;
2999 	mptsas_target_addr_t	addr;
3000 	mpt = SDEV2MPT(sd);
3001 
3002 	ASSERT(scsi_hba_iport_unit_address(hba_dip) != 0);
3003 
3004 	NDBG0(("mptsas_scsi_tgt_init: hbadip=0x%p tgtdip=0x%p lun=%d",
3005 	    (void *)hba_dip, (void *)tgt_dip, lun));
3006 
3007 	if (ndi_dev_is_persistent_node(tgt_dip) == 0) {
3008 		(void) ndi_merge_node(tgt_dip, mptsas_name_child);
3009 		ddi_set_name_addr(tgt_dip, NULL);
3010 		return (DDI_FAILURE);
3011 	}
3012 	/*
3013 	 * phymask is 0 means the virtual port for RAID
3014 	 */
3015 	phymask = (mptsas_phymask_t)ddi_prop_get_int(DDI_DEV_T_ANY, hba_dip, 0,
3016 	    "phymask", 0);
3017 	if (mdi_component_is_client(tgt_dip, NULL) == MDI_SUCCESS) {
3018 		if ((pip = (void *)(sd->sd_private)) == NULL) {
3019 			/*
3020 			 * Very bad news if this occurs. Somehow scsi_vhci has
3021 			 * lost the pathinfo node for this target.
3022 			 */
3023 			return (DDI_NOT_WELL_FORMED);
3024 		}
3025 
3026 		if (mdi_prop_lookup_int(pip, LUN_PROP, &lun) !=
3027 		    DDI_PROP_SUCCESS) {
3028 			mptsas_log(mpt, CE_WARN, "Get lun property failed\n");
3029 			return (DDI_FAILURE);
3030 		}
3031 
3032 		if (mdi_prop_lookup_string(pip, SCSI_ADDR_PROP_TARGET_PORT,
3033 		    &psas_wwn) == MDI_SUCCESS) {
3034 			if (scsi_wwnstr_to_wwn(psas_wwn, &sas_wwn)) {
3035 				sas_wwn = 0;
3036 			}
3037 			(void) mdi_prop_free(psas_wwn);
3038 		}
3039 	} else {
3040 		lun = ddi_prop_get_int(DDI_DEV_T_ANY, tgt_dip,
3041 		    DDI_PROP_DONTPASS, LUN_PROP, 0);
3042 		if (ddi_prop_lookup_string(DDI_DEV_T_ANY, tgt_dip,
3043 		    DDI_PROP_DONTPASS, SCSI_ADDR_PROP_TARGET_PORT, &psas_wwn) ==
3044 		    DDI_PROP_SUCCESS) {
3045 			if (scsi_wwnstr_to_wwn(psas_wwn, &sas_wwn)) {
3046 				sas_wwn = 0;
3047 			}
3048 			ddi_prop_free(psas_wwn);
3049 		} else {
3050 			sas_wwn = 0;
3051 		}
3052 	}
3053 
3054 	ASSERT((sas_wwn != 0) || (phymask != 0));
3055 	addr.mta_wwn = sas_wwn;
3056 	addr.mta_phymask = phymask;
3057 	mutex_enter(&mpt->m_mutex);
3058 	ptgt = refhash_lookup(mpt->m_targets, &addr);
3059 	mutex_exit(&mpt->m_mutex);
3060 	if (ptgt == NULL) {
3061 		mptsas_log(mpt, CE_WARN, "!tgt_init: target doesn't exist or "
3062 		    "gone already! phymask:%x, saswwn %"PRIx64, phymask,
3063 		    sas_wwn);
3064 		return (DDI_FAILURE);
3065 	}
3066 	if (hba_tran->tran_tgt_private == NULL) {
3067 		tgt_private = kmem_zalloc(sizeof (mptsas_tgt_private_t),
3068 		    KM_SLEEP);
3069 		tgt_private->t_lun = lun;
3070 		tgt_private->t_private = ptgt;
3071 		hba_tran->tran_tgt_private = tgt_private;
3072 	}
3073 
3074 	if (mdi_component_is_client(tgt_dip, NULL) == MDI_SUCCESS) {
3075 		return (DDI_SUCCESS);
3076 	}
3077 	mutex_enter(&mpt->m_mutex);
3078 
3079 	if (ptgt->m_deviceinfo &
3080 	    (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
3081 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
3082 		uchar_t *inq89 = NULL;
3083 		int inq89_len = 0x238;
3084 		int reallen = 0;
3085 		int rval = 0;
3086 		struct sata_id *sid = NULL;
3087 		char model[SATA_ID_MODEL_LEN + 1];
3088 		char fw[SATA_ID_FW_LEN + 1];
3089 		char *vid, *pid;
3090 		int i;
3091 
3092 		mutex_exit(&mpt->m_mutex);
3093 		/*
3094 		 * According SCSI/ATA Translation -2 (SAT-2) revision 01a
3095 		 * chapter 12.4.2 VPD page 89h includes 512 bytes ATA IDENTIFY
3096 		 * DEVICE data or ATA IDENTIFY PACKET DEVICE data.
3097 		 */
3098 		inq89 = kmem_zalloc(inq89_len, KM_SLEEP);
3099 		rval = mptsas_inquiry(mpt, ptgt, 0, 0x89,
3100 		    inq89, inq89_len, &reallen, 1);
3101 
3102 		if (rval != 0) {
3103 			if (inq89 != NULL) {
3104 				kmem_free(inq89, inq89_len);
3105 			}
3106 
3107 			mptsas_log(mpt, CE_WARN, "!mptsas request inquiry page "
3108 			    "0x89 for SATA target:%x failed!", ptgt->m_devhdl);
3109 			return (DDI_SUCCESS);
3110 		}
3111 		sid = (void *)(&inq89[60]);
3112 
3113 		swab(sid->ai_model, model, SATA_ID_MODEL_LEN);
3114 		swab(sid->ai_fw, fw, SATA_ID_FW_LEN);
3115 
3116 		model[SATA_ID_MODEL_LEN] = 0;
3117 		fw[SATA_ID_FW_LEN] = 0;
3118 
3119 		/*
3120 		 * split model into into vid/pid
3121 		 */
3122 		for (i = 0, pid = model; i < SATA_ID_MODEL_LEN; i++, pid++)
3123 			if ((*pid == ' ') || (*pid == '\t'))
3124 				break;
3125 		if (i < SATA_ID_MODEL_LEN) {
3126 			vid = model;
3127 			/*
3128 			 * terminate vid, establish pid
3129 			 */
3130 			*pid++ = 0;
3131 		} else {
3132 			/*
3133 			 * vid will stay "ATA     ", the rule is same
3134 			 * as sata framework implementation.
3135 			 */
3136 			vid = NULL;
3137 			/*
3138 			 * model is all pid
3139 			 */
3140 			pid = model;
3141 		}
3142 
3143 		/*
3144 		 * override SCSA "inquiry-*" properties
3145 		 */
3146 		if (vid)
3147 			(void) scsi_device_prop_update_inqstring(sd,
3148 			    INQUIRY_VENDOR_ID, vid, strlen(vid));
3149 		if (pid)
3150 			(void) scsi_device_prop_update_inqstring(sd,
3151 			    INQUIRY_PRODUCT_ID, pid, strlen(pid));
3152 		(void) scsi_device_prop_update_inqstring(sd,
3153 		    INQUIRY_REVISION_ID, fw, strlen(fw));
3154 
3155 		if (inq89 != NULL) {
3156 			kmem_free(inq89, inq89_len);
3157 		}
3158 	} else {
3159 		mutex_exit(&mpt->m_mutex);
3160 	}
3161 
3162 	return (DDI_SUCCESS);
3163 }
3164 /*
3165  * tran_tgt_free(9E) - target device instance deallocation
3166  */
3167 static void
3168 mptsas_scsi_tgt_free(dev_info_t *hba_dip, dev_info_t *tgt_dip,
3169     scsi_hba_tran_t *hba_tran, struct scsi_device *sd)
3170 {
3171 #ifndef __lock_lint
3172 	_NOTE(ARGUNUSED(hba_dip, tgt_dip, hba_tran, sd))
3173 #endif
3174 
3175 	mptsas_tgt_private_t	*tgt_private = hba_tran->tran_tgt_private;
3176 
3177 	if (tgt_private != NULL) {
3178 		kmem_free(tgt_private, sizeof (mptsas_tgt_private_t));
3179 		hba_tran->tran_tgt_private = NULL;
3180 	}
3181 }
3182 
3183 /*
3184  * scsi_pkt handling
3185  *
3186  * Visible to the external world via the transport structure.
3187  */
3188 
3189 /*
3190  * Notes:
3191  *	- transport the command to the addressed SCSI target/lun device
3192  *	- normal operation is to schedule the command to be transported,
3193  *	  and return TRAN_ACCEPT if this is successful.
3194  *	- if NO_INTR, tran_start must poll device for command completion
3195  */
3196 static int
3197 mptsas_scsi_start(struct scsi_address *ap, struct scsi_pkt *pkt)
3198 {
3199 #ifndef __lock_lint
3200 	_NOTE(ARGUNUSED(ap))
3201 #endif
3202 	mptsas_t	*mpt = PKT2MPT(pkt);
3203 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
3204 	int		rval;
3205 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
3206 
3207 	NDBG1(("mptsas_scsi_start: pkt=0x%p", (void *)pkt));
3208 	ASSERT(ptgt);
3209 	if (ptgt == NULL)
3210 		return (TRAN_FATAL_ERROR);
3211 
3212 	/*
3213 	 * prepare the pkt before taking mutex.
3214 	 */
3215 	rval = mptsas_prepare_pkt(cmd);
3216 	if (rval != TRAN_ACCEPT) {
3217 		return (rval);
3218 	}
3219 
3220 	/*
3221 	 * Send the command to target/lun, however your HBA requires it.
3222 	 * If busy, return TRAN_BUSY; if there's some other formatting error
3223 	 * in the packet, return TRAN_BADPKT; otherwise, fall through to the
3224 	 * return of TRAN_ACCEPT.
3225 	 *
3226 	 * Remember that access to shared resources, including the mptsas_t
3227 	 * data structure and the HBA hardware registers, must be protected
3228 	 * with mutexes, here and everywhere.
3229 	 *
3230 	 * Also remember that at interrupt time, you'll get an argument
3231 	 * to the interrupt handler which is a pointer to your mptsas_t
3232 	 * structure; you'll have to remember which commands are outstanding
3233 	 * and which scsi_pkt is the currently-running command so the
3234 	 * interrupt handler can refer to the pkt to set completion
3235 	 * status, call the target driver back through pkt_comp, etc.
3236 	 *
3237 	 * If the instance lock is held by other thread, don't spin to wait
3238 	 * for it. Instead, queue the cmd and next time when the instance lock
3239 	 * is not held, accept all the queued cmd. A extra tx_waitq is
3240 	 * introduced to protect the queue.
3241 	 *
3242 	 * The polled cmd will not be queud and accepted as usual.
3243 	 *
3244 	 * Under the tx_waitq mutex, record whether a thread is draining
3245 	 * the tx_waitq.  An IO requesting thread that finds the instance
3246 	 * mutex contended appends to the tx_waitq and while holding the
3247 	 * tx_wait mutex, if the draining flag is not set, sets it and then
3248 	 * proceeds to spin for the instance mutex. This scheme ensures that
3249 	 * the last cmd in a burst be processed.
3250 	 *
3251 	 * we enable this feature only when the helper threads are enabled,
3252 	 * at which we think the loads are heavy.
3253 	 *
3254 	 * per instance mutex m_tx_waitq_mutex is introduced to protect the
3255 	 * m_tx_waitqtail, m_tx_waitq, m_tx_draining.
3256 	 */
3257 
3258 	if (mpt->m_doneq_thread_n) {
3259 		if (mutex_tryenter(&mpt->m_mutex) != 0) {
3260 			rval = mptsas_accept_txwq_and_pkt(mpt, cmd);
3261 			mutex_exit(&mpt->m_mutex);
3262 		} else if (cmd->cmd_pkt_flags & FLAG_NOINTR) {
3263 			mutex_enter(&mpt->m_mutex);
3264 			rval = mptsas_accept_txwq_and_pkt(mpt, cmd);
3265 			mutex_exit(&mpt->m_mutex);
3266 		} else {
3267 			mutex_enter(&mpt->m_tx_waitq_mutex);
3268 			/*
3269 			 * ptgt->m_dr_flag is protected by m_mutex or
3270 			 * m_tx_waitq_mutex. In this case, m_tx_waitq_mutex
3271 			 * is acquired.
3272 			 */
3273 			if (ptgt->m_dr_flag == MPTSAS_DR_INTRANSITION) {
3274 				if (cmd->cmd_pkt_flags & FLAG_NOQUEUE) {
3275 					/*
3276 					 * The command should be allowed to
3277 					 * retry by returning TRAN_BUSY to
3278 					 * to stall the I/O's which come from
3279 					 * scsi_vhci since the device/path is
3280 					 * in unstable state now.
3281 					 */
3282 					mutex_exit(&mpt->m_tx_waitq_mutex);
3283 					return (TRAN_BUSY);
3284 				} else {
3285 					/*
3286 					 * The device is offline, just fail the
3287 					 * command by returning
3288 					 * TRAN_FATAL_ERROR.
3289 					 */
3290 					mutex_exit(&mpt->m_tx_waitq_mutex);
3291 					return (TRAN_FATAL_ERROR);
3292 				}
3293 			}
3294 			if (mpt->m_tx_draining) {
3295 				cmd->cmd_flags |= CFLAG_TXQ;
3296 				*mpt->m_tx_waitqtail = cmd;
3297 				mpt->m_tx_waitqtail = &cmd->cmd_linkp;
3298 				mutex_exit(&mpt->m_tx_waitq_mutex);
3299 			} else { /* drain the queue */
3300 				mpt->m_tx_draining = 1;
3301 				mutex_exit(&mpt->m_tx_waitq_mutex);
3302 				mutex_enter(&mpt->m_mutex);
3303 				rval = mptsas_accept_txwq_and_pkt(mpt, cmd);
3304 				mutex_exit(&mpt->m_mutex);
3305 			}
3306 		}
3307 	} else {
3308 		mutex_enter(&mpt->m_mutex);
3309 		/*
3310 		 * ptgt->m_dr_flag is protected by m_mutex or m_tx_waitq_mutex
3311 		 * in this case, m_mutex is acquired.
3312 		 */
3313 		if (ptgt->m_dr_flag == MPTSAS_DR_INTRANSITION) {
3314 			if (cmd->cmd_pkt_flags & FLAG_NOQUEUE) {
3315 				/*
3316 				 * commands should be allowed to retry by
3317 				 * returning TRAN_BUSY to stall the I/O's
3318 				 * which come from scsi_vhci since the device/
3319 				 * path is in unstable state now.
3320 				 */
3321 				mutex_exit(&mpt->m_mutex);
3322 				return (TRAN_BUSY);
3323 			} else {
3324 				/*
3325 				 * The device is offline, just fail the
3326 				 * command by returning TRAN_FATAL_ERROR.
3327 				 */
3328 				mutex_exit(&mpt->m_mutex);
3329 				return (TRAN_FATAL_ERROR);
3330 			}
3331 		}
3332 		rval = mptsas_accept_pkt(mpt, cmd);
3333 		mutex_exit(&mpt->m_mutex);
3334 	}
3335 
3336 	return (rval);
3337 }
3338 
3339 /*
3340  * Accept all the queued cmds(if any) before accept the current one.
3341  */
3342 static int
3343 mptsas_accept_txwq_and_pkt(mptsas_t *mpt, mptsas_cmd_t *cmd)
3344 {
3345 	int rval;
3346 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
3347 
3348 	ASSERT(mutex_owned(&mpt->m_mutex));
3349 	/*
3350 	 * The call to mptsas_accept_tx_waitq() must always be performed
3351 	 * because that is where mpt->m_tx_draining is cleared.
3352 	 */
3353 	mutex_enter(&mpt->m_tx_waitq_mutex);
3354 	mptsas_accept_tx_waitq(mpt);
3355 	mutex_exit(&mpt->m_tx_waitq_mutex);
3356 	/*
3357 	 * ptgt->m_dr_flag is protected by m_mutex or m_tx_waitq_mutex
3358 	 * in this case, m_mutex is acquired.
3359 	 */
3360 	if (ptgt->m_dr_flag == MPTSAS_DR_INTRANSITION) {
3361 		if (cmd->cmd_pkt_flags & FLAG_NOQUEUE) {
3362 			/*
3363 			 * The command should be allowed to retry by returning
3364 			 * TRAN_BUSY to stall the I/O's which come from
3365 			 * scsi_vhci since the device/path is in unstable state
3366 			 * now.
3367 			 */
3368 			return (TRAN_BUSY);
3369 		} else {
3370 			/*
3371 			 * The device is offline, just fail the command by
3372 			 * return TRAN_FATAL_ERROR.
3373 			 */
3374 			return (TRAN_FATAL_ERROR);
3375 		}
3376 	}
3377 	rval = mptsas_accept_pkt(mpt, cmd);
3378 
3379 	return (rval);
3380 }
3381 
3382 static int
3383 mptsas_accept_pkt(mptsas_t *mpt, mptsas_cmd_t *cmd)
3384 {
3385 	int		rval = TRAN_ACCEPT;
3386 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
3387 
3388 	NDBG1(("mptsas_accept_pkt: cmd=0x%p", (void *)cmd));
3389 
3390 	ASSERT(mutex_owned(&mpt->m_mutex));
3391 
3392 	if ((cmd->cmd_flags & CFLAG_PREPARED) == 0) {
3393 		rval = mptsas_prepare_pkt(cmd);
3394 		if (rval != TRAN_ACCEPT) {
3395 			cmd->cmd_flags &= ~CFLAG_TRANFLAG;
3396 			return (rval);
3397 		}
3398 	}
3399 
3400 	/*
3401 	 * reset the throttle if we were draining
3402 	 */
3403 	if ((ptgt->m_t_ncmds == 0) &&
3404 	    (ptgt->m_t_throttle == DRAIN_THROTTLE)) {
3405 		NDBG23(("reset throttle"));
3406 		ASSERT(ptgt->m_reset_delay == 0);
3407 		mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
3408 	}
3409 
3410 	/*
3411 	 * If HBA is being reset, the DevHandles are being re-initialized,
3412 	 * which means that they could be invalid even if the target is still
3413 	 * attached.  Check if being reset and if DevHandle is being
3414 	 * re-initialized.  If this is the case, return BUSY so the I/O can be
3415 	 * retried later.
3416 	 */
3417 	if ((ptgt->m_devhdl == MPTSAS_INVALID_DEVHDL) && mpt->m_in_reset) {
3418 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
3419 		if (cmd->cmd_flags & CFLAG_TXQ) {
3420 			mptsas_doneq_add(mpt, cmd);
3421 			mptsas_doneq_empty(mpt);
3422 			return (rval);
3423 		} else {
3424 			return (TRAN_BUSY);
3425 		}
3426 	}
3427 
3428 	/*
3429 	 * If device handle has already been invalidated, just
3430 	 * fail the command. In theory, command from scsi_vhci
3431 	 * client is impossible send down command with invalid
3432 	 * devhdl since devhdl is set after path offline, target
3433 	 * driver is not suppose to select a offlined path.
3434 	 */
3435 	if (ptgt->m_devhdl == MPTSAS_INVALID_DEVHDL) {
3436 		NDBG3(("rejecting command, it might because invalid devhdl "
3437 		    "request."));
3438 		mptsas_set_pkt_reason(mpt, cmd, CMD_DEV_GONE, STAT_TERMINATED);
3439 		if (cmd->cmd_flags & CFLAG_TXQ) {
3440 			mptsas_doneq_add(mpt, cmd);
3441 			mptsas_doneq_empty(mpt);
3442 			return (rval);
3443 		} else {
3444 			return (TRAN_FATAL_ERROR);
3445 		}
3446 	}
3447 	/*
3448 	 * The first case is the normal case.  mpt gets a command from the
3449 	 * target driver and starts it.
3450 	 * Since SMID 0 is reserved and the TM slot is reserved, the actual max
3451 	 * commands is m_max_requests - 2.
3452 	 */
3453 	if ((mpt->m_ncmds <= (mpt->m_max_requests - 2)) &&
3454 	    (ptgt->m_t_throttle > HOLD_THROTTLE) &&
3455 	    (ptgt->m_t_ncmds < ptgt->m_t_throttle) &&
3456 	    (ptgt->m_reset_delay == 0) &&
3457 	    (ptgt->m_t_nwait == 0) &&
3458 	    ((cmd->cmd_pkt_flags & FLAG_NOINTR) == 0)) {
3459 		if (mptsas_save_cmd(mpt, cmd) == TRUE) {
3460 			(void) mptsas_start_cmd(mpt, cmd);
3461 		} else {
3462 			mptsas_waitq_add(mpt, cmd);
3463 		}
3464 	} else {
3465 		/*
3466 		 * Add this pkt to the work queue
3467 		 */
3468 		mptsas_waitq_add(mpt, cmd);
3469 
3470 		if (cmd->cmd_pkt_flags & FLAG_NOINTR) {
3471 			(void) mptsas_poll(mpt, cmd, MPTSAS_POLL_TIME);
3472 
3473 			/*
3474 			 * Only flush the doneq if this is not a TM
3475 			 * cmd.  For TM cmds the flushing of the
3476 			 * doneq will be done in those routines.
3477 			 */
3478 			if ((cmd->cmd_flags & CFLAG_TM_CMD) == 0) {
3479 				mptsas_doneq_empty(mpt);
3480 			}
3481 		}
3482 	}
3483 	return (rval);
3484 }
3485 
3486 int
3487 mptsas_save_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
3488 {
3489 	mptsas_slots_t *slots = mpt->m_active;
3490 	uint_t slot, start_rotor;
3491 	mptsas_target_t *ptgt = cmd->cmd_tgt_addr;
3492 
3493 	ASSERT(MUTEX_HELD(&mpt->m_mutex));
3494 
3495 	/*
3496 	 * Account for reserved TM request slot and reserved SMID of 0.
3497 	 */
3498 	ASSERT(slots->m_n_normal == (mpt->m_max_requests - 2));
3499 
3500 	/*
3501 	 * Find the next available slot, beginning at m_rotor.  If no slot is
3502 	 * available, we'll return FALSE to indicate that.  This mechanism
3503 	 * considers only the normal slots, not the reserved slot 0 nor the
3504 	 * task management slot m_n_normal + 1.  The rotor is left to point to
3505 	 * the normal slot after the one we select, unless we select the last
3506 	 * normal slot in which case it returns to slot 1.
3507 	 */
3508 	start_rotor = slots->m_rotor;
3509 	do {
3510 		slot = slots->m_rotor++;
3511 		if (slots->m_rotor > slots->m_n_normal)
3512 			slots->m_rotor = 1;
3513 
3514 		if (slots->m_rotor == start_rotor)
3515 			break;
3516 	} while (slots->m_slot[slot] != NULL);
3517 
3518 	if (slots->m_slot[slot] != NULL)
3519 		return (FALSE);
3520 
3521 	ASSERT(slot != 0 && slot <= slots->m_n_normal);
3522 
3523 	cmd->cmd_slot = slot;
3524 	slots->m_slot[slot] = cmd;
3525 	mpt->m_ncmds++;
3526 
3527 	/*
3528 	 * only increment per target ncmds if this is not a
3529 	 * command that has no target associated with it (i.e. a
3530 	 * event acknoledgment)
3531 	 */
3532 	if ((cmd->cmd_flags & CFLAG_CMDIOC) == 0) {
3533 		/*
3534 		 * Expiration time is set in mptsas_start_cmd
3535 		 */
3536 		ptgt->m_t_ncmds++;
3537 		cmd->cmd_active_expiration = 0;
3538 	} else {
3539 		/*
3540 		 * Initialize expiration time for passthrough commands,
3541 		 */
3542 		cmd->cmd_active_expiration = gethrtime() +
3543 		    (hrtime_t)cmd->cmd_pkt->pkt_time * NANOSEC;
3544 	}
3545 	return (TRUE);
3546 }
3547 
3548 /*
3549  * prepare the pkt:
3550  * the pkt may have been resubmitted or just reused so
3551  * initialize some fields and do some checks.
3552  */
3553 static int
3554 mptsas_prepare_pkt(mptsas_cmd_t *cmd)
3555 {
3556 	struct scsi_pkt	*pkt = CMD2PKT(cmd);
3557 
3558 	NDBG1(("mptsas_prepare_pkt: cmd=0x%p", (void *)cmd));
3559 
3560 	/*
3561 	 * Reinitialize some fields that need it; the packet may
3562 	 * have been resubmitted
3563 	 */
3564 	pkt->pkt_reason = CMD_CMPLT;
3565 	pkt->pkt_state = 0;
3566 	pkt->pkt_statistics = 0;
3567 	pkt->pkt_resid = 0;
3568 	cmd->cmd_age = 0;
3569 	cmd->cmd_pkt_flags = pkt->pkt_flags;
3570 
3571 	/*
3572 	 * zero status byte.
3573 	 */
3574 	*(pkt->pkt_scbp) = 0;
3575 
3576 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
3577 		pkt->pkt_resid = cmd->cmd_dmacount;
3578 
3579 		/*
3580 		 * consistent packets need to be sync'ed first
3581 		 * (only for data going out)
3582 		 */
3583 		if ((cmd->cmd_flags & CFLAG_CMDIOPB) &&
3584 		    (cmd->cmd_flags & CFLAG_DMASEND)) {
3585 			(void) ddi_dma_sync(cmd->cmd_dmahandle, 0, 0,
3586 			    DDI_DMA_SYNC_FORDEV);
3587 		}
3588 	}
3589 
3590 	cmd->cmd_flags =
3591 	    (cmd->cmd_flags & ~(CFLAG_TRANFLAG)) |
3592 	    CFLAG_PREPARED | CFLAG_IN_TRANSPORT;
3593 
3594 	return (TRAN_ACCEPT);
3595 }
3596 
3597 /*
3598  * tran_init_pkt(9E) - allocate scsi_pkt(9S) for command
3599  *
3600  * One of three possibilities:
3601  *	- allocate scsi_pkt
3602  *	- allocate scsi_pkt and DMA resources
3603  *	- allocate DMA resources to an already-allocated pkt
3604  */
3605 static struct scsi_pkt *
3606 mptsas_scsi_init_pkt(struct scsi_address *ap, struct scsi_pkt *pkt,
3607     struct buf *bp, int cmdlen, int statuslen, int tgtlen, int flags,
3608     int (*callback)(), caddr_t arg)
3609 {
3610 	mptsas_cmd_t		*cmd, *new_cmd;
3611 	mptsas_t		*mpt = ADDR2MPT(ap);
3612 	int			failure = 1;
3613 	uint_t			oldcookiec;
3614 	mptsas_target_t		*ptgt = NULL;
3615 	int			rval;
3616 	mptsas_tgt_private_t	*tgt_private;
3617 	int			kf;
3618 
3619 	kf = (callback == SLEEP_FUNC)? KM_SLEEP: KM_NOSLEEP;
3620 
3621 	tgt_private = (mptsas_tgt_private_t *)ap->a_hba_tran->
3622 	    tran_tgt_private;
3623 	ASSERT(tgt_private != NULL);
3624 	if (tgt_private == NULL) {
3625 		return (NULL);
3626 	}
3627 	ptgt = tgt_private->t_private;
3628 	ASSERT(ptgt != NULL);
3629 	if (ptgt == NULL)
3630 		return (NULL);
3631 	ap->a_target = ptgt->m_devhdl;
3632 	ap->a_lun = tgt_private->t_lun;
3633 
3634 	ASSERT(callback == NULL_FUNC || callback == SLEEP_FUNC);
3635 #ifdef MPTSAS_TEST_EXTRN_ALLOC
3636 	statuslen *= 100; tgtlen *= 4;
3637 #endif
3638 	NDBG3(("mptsas_scsi_init_pkt:\n"
3639 	    "\ttgt=%d in=0x%p bp=0x%p clen=%d slen=%d tlen=%d flags=%x",
3640 	    ap->a_target, (void *)pkt, (void *)bp,
3641 	    cmdlen, statuslen, tgtlen, flags));
3642 
3643 	/*
3644 	 * Allocate the new packet.
3645 	 */
3646 	if (pkt == NULL) {
3647 		ddi_dma_handle_t	save_dma_handle;
3648 
3649 		cmd = kmem_cache_alloc(mpt->m_kmem_cache, kf);
3650 
3651 		if (cmd) {
3652 			save_dma_handle = cmd->cmd_dmahandle;
3653 			bzero(cmd, sizeof (*cmd) + scsi_pkt_size());
3654 			cmd->cmd_dmahandle = save_dma_handle;
3655 
3656 			pkt = (void *)((uchar_t *)cmd +
3657 			    sizeof (struct mptsas_cmd));
3658 			pkt->pkt_ha_private = (opaque_t)cmd;
3659 			pkt->pkt_address = *ap;
3660 			pkt->pkt_private = (opaque_t)cmd->cmd_pkt_private;
3661 			pkt->pkt_scbp = (opaque_t)&cmd->cmd_scb;
3662 			pkt->pkt_cdbp = (opaque_t)&cmd->cmd_cdb;
3663 			cmd->cmd_pkt = (struct scsi_pkt *)pkt;
3664 			cmd->cmd_cdblen = (uchar_t)cmdlen;
3665 			cmd->cmd_scblen = statuslen;
3666 			cmd->cmd_rqslen = SENSE_LENGTH;
3667 			cmd->cmd_tgt_addr = ptgt;
3668 			failure = 0;
3669 		}
3670 
3671 		if (failure || (cmdlen > sizeof (cmd->cmd_cdb)) ||
3672 		    (tgtlen > PKT_PRIV_LEN) ||
3673 		    (statuslen > EXTCMDS_STATUS_SIZE)) {
3674 			if (failure == 0) {
3675 				/*
3676 				 * if extern alloc fails, all will be
3677 				 * deallocated, including cmd
3678 				 */
3679 				failure = mptsas_pkt_alloc_extern(mpt, cmd,
3680 				    cmdlen, tgtlen, statuslen, kf);
3681 			}
3682 			if (failure) {
3683 				/*
3684 				 * if extern allocation fails, it will
3685 				 * deallocate the new pkt as well
3686 				 */
3687 				return (NULL);
3688 			}
3689 		}
3690 		new_cmd = cmd;
3691 
3692 	} else {
3693 		cmd = PKT2CMD(pkt);
3694 		new_cmd = NULL;
3695 	}
3696 
3697 
3698 	/* grab cmd->cmd_cookiec here as oldcookiec */
3699 
3700 	oldcookiec = cmd->cmd_cookiec;
3701 
3702 	/*
3703 	 * If the dma was broken up into PARTIAL transfers cmd_nwin will be
3704 	 * greater than 0 and we'll need to grab the next dma window
3705 	 */
3706 	/*
3707 	 * SLM-not doing extra command frame right now; may add later
3708 	 */
3709 
3710 	if (cmd->cmd_nwin > 0) {
3711 
3712 		/*
3713 		 * Make sure we havn't gone past the the total number
3714 		 * of windows
3715 		 */
3716 		if (++cmd->cmd_winindex >= cmd->cmd_nwin) {
3717 			return (NULL);
3718 		}
3719 		if (ddi_dma_getwin(cmd->cmd_dmahandle, cmd->cmd_winindex,
3720 		    &cmd->cmd_dma_offset, &cmd->cmd_dma_len,
3721 		    &cmd->cmd_cookie, &cmd->cmd_cookiec) == DDI_FAILURE) {
3722 			return (NULL);
3723 		}
3724 		goto get_dma_cookies;
3725 	}
3726 
3727 
3728 	if (flags & PKT_XARQ) {
3729 		cmd->cmd_flags |= CFLAG_XARQ;
3730 	}
3731 
3732 	/*
3733 	 * DMA resource allocation.  This version assumes your
3734 	 * HBA has some sort of bus-mastering or onboard DMA capability, with a
3735 	 * scatter-gather list of length MPTSAS_MAX_DMA_SEGS, as given in the
3736 	 * ddi_dma_attr_t structure and passed to scsi_impl_dmaget.
3737 	 */
3738 	if (bp && (bp->b_bcount != 0) &&
3739 	    (cmd->cmd_flags & CFLAG_DMAVALID) == 0) {
3740 
3741 		int	cnt, dma_flags;
3742 		mptti_t	*dmap;		/* ptr to the S/G list */
3743 
3744 		/*
3745 		 * Set up DMA memory and position to the next DMA segment.
3746 		 */
3747 		ASSERT(cmd->cmd_dmahandle != NULL);
3748 
3749 		if (bp->b_flags & B_READ) {
3750 			dma_flags = DDI_DMA_READ;
3751 			cmd->cmd_flags &= ~CFLAG_DMASEND;
3752 		} else {
3753 			dma_flags = DDI_DMA_WRITE;
3754 			cmd->cmd_flags |= CFLAG_DMASEND;
3755 		}
3756 		if (flags & PKT_CONSISTENT) {
3757 			cmd->cmd_flags |= CFLAG_CMDIOPB;
3758 			dma_flags |= DDI_DMA_CONSISTENT;
3759 		}
3760 
3761 		if (flags & PKT_DMA_PARTIAL) {
3762 			dma_flags |= DDI_DMA_PARTIAL;
3763 		}
3764 
3765 		/*
3766 		 * workaround for byte hole issue on psycho and
3767 		 * schizo pre 2.1
3768 		 */
3769 		if ((bp->b_flags & B_READ) && ((bp->b_flags &
3770 		    (B_PAGEIO|B_REMAPPED)) != B_PAGEIO) &&
3771 		    ((uintptr_t)bp->b_un.b_addr & 0x7)) {
3772 			dma_flags |= DDI_DMA_CONSISTENT;
3773 		}
3774 
3775 		rval = ddi_dma_buf_bind_handle(cmd->cmd_dmahandle, bp,
3776 		    dma_flags, callback, arg,
3777 		    &cmd->cmd_cookie, &cmd->cmd_cookiec);
3778 		if (rval == DDI_DMA_PARTIAL_MAP) {
3779 			(void) ddi_dma_numwin(cmd->cmd_dmahandle,
3780 			    &cmd->cmd_nwin);
3781 			cmd->cmd_winindex = 0;
3782 			(void) ddi_dma_getwin(cmd->cmd_dmahandle,
3783 			    cmd->cmd_winindex, &cmd->cmd_dma_offset,
3784 			    &cmd->cmd_dma_len, &cmd->cmd_cookie,
3785 			    &cmd->cmd_cookiec);
3786 		} else if (rval && (rval != DDI_DMA_MAPPED)) {
3787 			switch (rval) {
3788 			case DDI_DMA_NORESOURCES:
3789 				bioerror(bp, 0);
3790 				break;
3791 			case DDI_DMA_BADATTR:
3792 			case DDI_DMA_NOMAPPING:
3793 				bioerror(bp, EFAULT);
3794 				break;
3795 			case DDI_DMA_TOOBIG:
3796 			default:
3797 				bioerror(bp, EINVAL);
3798 				break;
3799 			}
3800 			cmd->cmd_flags &= ~CFLAG_DMAVALID;
3801 			if (new_cmd) {
3802 				mptsas_scsi_destroy_pkt(ap, pkt);
3803 			}
3804 			return ((struct scsi_pkt *)NULL);
3805 		}
3806 
3807 get_dma_cookies:
3808 		cmd->cmd_flags |= CFLAG_DMAVALID;
3809 		ASSERT(cmd->cmd_cookiec > 0);
3810 
3811 		if (cmd->cmd_cookiec > MPTSAS_MAX_CMD_SEGS) {
3812 			mptsas_log(mpt, CE_NOTE, "large cookiec received %d\n",
3813 			    cmd->cmd_cookiec);
3814 			bioerror(bp, EINVAL);
3815 			if (new_cmd) {
3816 				mptsas_scsi_destroy_pkt(ap, pkt);
3817 			}
3818 			return ((struct scsi_pkt *)NULL);
3819 		}
3820 
3821 		/*
3822 		 * Allocate extra SGL buffer if needed.
3823 		 */
3824 		if ((cmd->cmd_cookiec > MPTSAS_MAX_FRAME_SGES64(mpt)) &&
3825 		    (cmd->cmd_extra_frames == NULL)) {
3826 			if (mptsas_alloc_extra_sgl_frame(mpt, cmd) ==
3827 			    DDI_FAILURE) {
3828 				mptsas_log(mpt, CE_WARN, "MPT SGL mem alloc "
3829 				    "failed");
3830 				bioerror(bp, ENOMEM);
3831 				if (new_cmd) {
3832 					mptsas_scsi_destroy_pkt(ap, pkt);
3833 				}
3834 				return ((struct scsi_pkt *)NULL);
3835 			}
3836 		}
3837 
3838 		/*
3839 		 * Always use scatter-gather transfer
3840 		 * Use the loop below to store physical addresses of
3841 		 * DMA segments, from the DMA cookies, into your HBA's
3842 		 * scatter-gather list.
3843 		 * We need to ensure we have enough kmem alloc'd
3844 		 * for the sg entries since we are no longer using an
3845 		 * array inside mptsas_cmd_t.
3846 		 *
3847 		 * We check cmd->cmd_cookiec against oldcookiec so
3848 		 * the scatter-gather list is correctly allocated
3849 		 */
3850 
3851 		if (oldcookiec != cmd->cmd_cookiec) {
3852 			if (cmd->cmd_sg != (mptti_t *)NULL) {
3853 				kmem_free(cmd->cmd_sg, sizeof (mptti_t) *
3854 				    oldcookiec);
3855 				cmd->cmd_sg = NULL;
3856 			}
3857 		}
3858 
3859 		if (cmd->cmd_sg == (mptti_t *)NULL) {
3860 			cmd->cmd_sg = kmem_alloc((size_t)(sizeof (mptti_t)*
3861 			    cmd->cmd_cookiec), kf);
3862 
3863 			if (cmd->cmd_sg == (mptti_t *)NULL) {
3864 				mptsas_log(mpt, CE_WARN,
3865 				    "unable to kmem_alloc enough memory "
3866 				    "for scatter/gather list");
3867 		/*
3868 		 * if we have an ENOMEM condition we need to behave
3869 		 * the same way as the rest of this routine
3870 		 */
3871 
3872 				bioerror(bp, ENOMEM);
3873 				if (new_cmd) {
3874 					mptsas_scsi_destroy_pkt(ap, pkt);
3875 				}
3876 				return ((struct scsi_pkt *)NULL);
3877 			}
3878 		}
3879 
3880 		dmap = cmd->cmd_sg;
3881 
3882 		ASSERT(cmd->cmd_cookie.dmac_size != 0);
3883 
3884 		/*
3885 		 * store the first segment into the S/G list
3886 		 */
3887 		dmap->count = cmd->cmd_cookie.dmac_size;
3888 		dmap->addr.address64.Low = (uint32_t)
3889 		    (cmd->cmd_cookie.dmac_laddress & 0xffffffffull);
3890 		dmap->addr.address64.High = (uint32_t)
3891 		    (cmd->cmd_cookie.dmac_laddress >> 32);
3892 
3893 		/*
3894 		 * dmacount counts the size of the dma for this window
3895 		 * (if partial dma is being used).  totaldmacount
3896 		 * keeps track of the total amount of dma we have
3897 		 * transferred for all the windows (needed to calculate
3898 		 * the resid value below).
3899 		 */
3900 		cmd->cmd_dmacount = cmd->cmd_cookie.dmac_size;
3901 		cmd->cmd_totaldmacount += cmd->cmd_cookie.dmac_size;
3902 
3903 		/*
3904 		 * We already stored the first DMA scatter gather segment,
3905 		 * start at 1 if we need to store more.
3906 		 */
3907 		for (cnt = 1; cnt < cmd->cmd_cookiec; cnt++) {
3908 			/*
3909 			 * Get next DMA cookie
3910 			 */
3911 			ddi_dma_nextcookie(cmd->cmd_dmahandle,
3912 			    &cmd->cmd_cookie);
3913 			dmap++;
3914 
3915 			cmd->cmd_dmacount += cmd->cmd_cookie.dmac_size;
3916 			cmd->cmd_totaldmacount += cmd->cmd_cookie.dmac_size;
3917 
3918 			/*
3919 			 * store the segment parms into the S/G list
3920 			 */
3921 			dmap->count = cmd->cmd_cookie.dmac_size;
3922 			dmap->addr.address64.Low = (uint32_t)
3923 			    (cmd->cmd_cookie.dmac_laddress & 0xffffffffull);
3924 			dmap->addr.address64.High = (uint32_t)
3925 			    (cmd->cmd_cookie.dmac_laddress >> 32);
3926 		}
3927 
3928 		/*
3929 		 * If this was partially allocated we set the resid
3930 		 * the amount of data NOT transferred in this window
3931 		 * If there is only one window, the resid will be 0
3932 		 */
3933 		pkt->pkt_resid = (bp->b_bcount - cmd->cmd_totaldmacount);
3934 		NDBG3(("mptsas_scsi_init_pkt: cmd_dmacount=%d.",
3935 		    cmd->cmd_dmacount));
3936 	}
3937 	return (pkt);
3938 }
3939 
3940 /*
3941  * tran_destroy_pkt(9E) - scsi_pkt(9s) deallocation
3942  *
3943  * Notes:
3944  *	- also frees DMA resources if allocated
3945  *	- implicit DMA synchonization
3946  */
3947 static void
3948 mptsas_scsi_destroy_pkt(struct scsi_address *ap, struct scsi_pkt *pkt)
3949 {
3950 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
3951 	mptsas_t	*mpt = ADDR2MPT(ap);
3952 
3953 	NDBG3(("mptsas_scsi_destroy_pkt: target=%d pkt=0x%p",
3954 	    ap->a_target, (void *)pkt));
3955 
3956 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
3957 		(void) ddi_dma_unbind_handle(cmd->cmd_dmahandle);
3958 		cmd->cmd_flags &= ~CFLAG_DMAVALID;
3959 	}
3960 
3961 	if (cmd->cmd_sg) {
3962 		kmem_free(cmd->cmd_sg, sizeof (mptti_t) * cmd->cmd_cookiec);
3963 		cmd->cmd_sg = NULL;
3964 	}
3965 
3966 	mptsas_free_extra_sgl_frame(mpt, cmd);
3967 
3968 	if ((cmd->cmd_flags &
3969 	    (CFLAG_FREE | CFLAG_CDBEXTERN | CFLAG_PRIVEXTERN |
3970 	    CFLAG_SCBEXTERN)) == 0) {
3971 		cmd->cmd_flags = CFLAG_FREE;
3972 		kmem_cache_free(mpt->m_kmem_cache, (void *)cmd);
3973 	} else {
3974 		mptsas_pkt_destroy_extern(mpt, cmd);
3975 	}
3976 }
3977 
3978 /*
3979  * kmem cache constructor and destructor:
3980  * When constructing, we bzero the cmd and allocate the dma handle
3981  * When destructing, just free the dma handle
3982  */
3983 static int
3984 mptsas_kmem_cache_constructor(void *buf, void *cdrarg, int kmflags)
3985 {
3986 	mptsas_cmd_t		*cmd = buf;
3987 	mptsas_t		*mpt  = cdrarg;
3988 	int			(*callback)(caddr_t);
3989 
3990 	callback = (kmflags == KM_SLEEP)? DDI_DMA_SLEEP: DDI_DMA_DONTWAIT;
3991 
3992 	NDBG4(("mptsas_kmem_cache_constructor"));
3993 
3994 	/*
3995 	 * allocate a dma handle
3996 	 */
3997 	if ((ddi_dma_alloc_handle(mpt->m_dip, &mpt->m_io_dma_attr, callback,
3998 	    NULL, &cmd->cmd_dmahandle)) != DDI_SUCCESS) {
3999 		cmd->cmd_dmahandle = NULL;
4000 		return (-1);
4001 	}
4002 	return (0);
4003 }
4004 
4005 static void
4006 mptsas_kmem_cache_destructor(void *buf, void *cdrarg)
4007 {
4008 #ifndef __lock_lint
4009 	_NOTE(ARGUNUSED(cdrarg))
4010 #endif
4011 	mptsas_cmd_t	*cmd = buf;
4012 
4013 	NDBG4(("mptsas_kmem_cache_destructor"));
4014 
4015 	if (cmd->cmd_dmahandle) {
4016 		ddi_dma_free_handle(&cmd->cmd_dmahandle);
4017 		cmd->cmd_dmahandle = NULL;
4018 	}
4019 }
4020 
4021 static int
4022 mptsas_cache_frames_constructor(void *buf, void *cdrarg, int kmflags)
4023 {
4024 	mptsas_cache_frames_t	*p = buf;
4025 	mptsas_t		*mpt = cdrarg;
4026 	ddi_dma_attr_t		frame_dma_attr;
4027 	size_t			mem_size, alloc_len;
4028 	ddi_dma_cookie_t	cookie;
4029 	uint_t			ncookie;
4030 	int (*callback)(caddr_t) = (kmflags == KM_SLEEP)
4031 	    ? DDI_DMA_SLEEP: DDI_DMA_DONTWAIT;
4032 
4033 	frame_dma_attr = mpt->m_msg_dma_attr;
4034 	frame_dma_attr.dma_attr_align = 0x10;
4035 	frame_dma_attr.dma_attr_sgllen = 1;
4036 
4037 	if (ddi_dma_alloc_handle(mpt->m_dip, &frame_dma_attr, callback, NULL,
4038 	    &p->m_dma_hdl) != DDI_SUCCESS) {
4039 		mptsas_log(mpt, CE_WARN, "Unable to allocate dma handle for"
4040 		    " extra SGL.");
4041 		return (DDI_FAILURE);
4042 	}
4043 
4044 	mem_size = (mpt->m_max_request_frames - 1) * mpt->m_req_frame_size;
4045 
4046 	if (ddi_dma_mem_alloc(p->m_dma_hdl, mem_size, &mpt->m_dev_acc_attr,
4047 	    DDI_DMA_CONSISTENT, callback, NULL, (caddr_t *)&p->m_frames_addr,
4048 	    &alloc_len, &p->m_acc_hdl) != DDI_SUCCESS) {
4049 		ddi_dma_free_handle(&p->m_dma_hdl);
4050 		p->m_dma_hdl = NULL;
4051 		mptsas_log(mpt, CE_WARN, "Unable to allocate dma memory for"
4052 		    " extra SGL.");
4053 		return (DDI_FAILURE);
4054 	}
4055 
4056 	if (ddi_dma_addr_bind_handle(p->m_dma_hdl, NULL, p->m_frames_addr,
4057 	    alloc_len, DDI_DMA_RDWR | DDI_DMA_CONSISTENT, callback, NULL,
4058 	    &cookie, &ncookie) != DDI_DMA_MAPPED) {
4059 		(void) ddi_dma_mem_free(&p->m_acc_hdl);
4060 		ddi_dma_free_handle(&p->m_dma_hdl);
4061 		p->m_dma_hdl = NULL;
4062 		mptsas_log(mpt, CE_WARN, "Unable to bind DMA resources for"
4063 		    " extra SGL");
4064 		return (DDI_FAILURE);
4065 	}
4066 
4067 	/*
4068 	 * Store the SGL memory address.  This chip uses this
4069 	 * address to dma to and from the driver.  The second
4070 	 * address is the address mpt uses to fill in the SGL.
4071 	 */
4072 	p->m_phys_addr = cookie.dmac_laddress;
4073 
4074 	return (DDI_SUCCESS);
4075 }
4076 
4077 static void
4078 mptsas_cache_frames_destructor(void *buf, void *cdrarg)
4079 {
4080 #ifndef __lock_lint
4081 	_NOTE(ARGUNUSED(cdrarg))
4082 #endif
4083 	mptsas_cache_frames_t	*p = buf;
4084 	if (p->m_dma_hdl != NULL) {
4085 		(void) ddi_dma_unbind_handle(p->m_dma_hdl);
4086 		(void) ddi_dma_mem_free(&p->m_acc_hdl);
4087 		ddi_dma_free_handle(&p->m_dma_hdl);
4088 		p->m_phys_addr = NULL;
4089 		p->m_frames_addr = NULL;
4090 		p->m_dma_hdl = NULL;
4091 		p->m_acc_hdl = NULL;
4092 	}
4093 
4094 }
4095 
4096 /*
4097  * Figure out if we need to use a different method for the request
4098  * sense buffer and allocate from the map if necessary.
4099  */
4100 static boolean_t
4101 mptsas_cmdarqsize(mptsas_t *mpt, mptsas_cmd_t *cmd, size_t senselength, int kf)
4102 {
4103 	if (senselength > mpt->m_req_sense_size) {
4104 		unsigned long i;
4105 
4106 		/* Sense length is limited to an 8 bit value in MPI Spec. */
4107 		if (senselength > 255)
4108 			senselength = 255;
4109 		cmd->cmd_extrqschunks = (senselength +
4110 		    (mpt->m_req_sense_size - 1))/mpt->m_req_sense_size;
4111 		i = (kf == KM_SLEEP ? rmalloc_wait : rmalloc)
4112 		    (mpt->m_erqsense_map, cmd->cmd_extrqschunks);
4113 
4114 		if (i == 0)
4115 			return (B_FALSE);
4116 
4117 		cmd->cmd_extrqslen = (uint16_t)senselength;
4118 		cmd->cmd_extrqsidx = i - 1;
4119 		cmd->cmd_arq_buf = mpt->m_extreq_sense +
4120 		    (cmd->cmd_extrqsidx * mpt->m_req_sense_size);
4121 	} else {
4122 		cmd->cmd_rqslen = (uchar_t)senselength;
4123 	}
4124 
4125 	return (B_TRUE);
4126 }
4127 
4128 /*
4129  * allocate and deallocate external pkt space (ie. not part of mptsas_cmd)
4130  * for non-standard length cdb, pkt_private, status areas
4131  * if allocation fails, then deallocate all external space and the pkt
4132  */
4133 /* ARGSUSED */
4134 static int
4135 mptsas_pkt_alloc_extern(mptsas_t *mpt, mptsas_cmd_t *cmd,
4136     int cmdlen, int tgtlen, int statuslen, int kf)
4137 {
4138 	caddr_t			cdbp, scbp, tgt;
4139 
4140 	NDBG3(("mptsas_pkt_alloc_extern: "
4141 	    "cmd=0x%p cmdlen=%d tgtlen=%d statuslen=%d kf=%x",
4142 	    (void *)cmd, cmdlen, tgtlen, statuslen, kf));
4143 
4144 	tgt = cdbp = scbp = NULL;
4145 	cmd->cmd_scblen		= statuslen;
4146 	cmd->cmd_privlen	= (uchar_t)tgtlen;
4147 
4148 	if (cmdlen > sizeof (cmd->cmd_cdb)) {
4149 		if ((cdbp = kmem_zalloc((size_t)cmdlen, kf)) == NULL) {
4150 			goto fail;
4151 		}
4152 		cmd->cmd_pkt->pkt_cdbp = (opaque_t)cdbp;
4153 		cmd->cmd_flags |= CFLAG_CDBEXTERN;
4154 	}
4155 	if (tgtlen > PKT_PRIV_LEN) {
4156 		if ((tgt = kmem_zalloc((size_t)tgtlen, kf)) == NULL) {
4157 			goto fail;
4158 		}
4159 		cmd->cmd_flags |= CFLAG_PRIVEXTERN;
4160 		cmd->cmd_pkt->pkt_private = tgt;
4161 	}
4162 	if (statuslen > EXTCMDS_STATUS_SIZE) {
4163 		if ((scbp = kmem_zalloc((size_t)statuslen, kf)) == NULL) {
4164 			goto fail;
4165 		}
4166 		cmd->cmd_flags |= CFLAG_SCBEXTERN;
4167 		cmd->cmd_pkt->pkt_scbp = (opaque_t)scbp;
4168 
4169 		/* allocate sense data buf for DMA */
4170 		if (mptsas_cmdarqsize(mpt, cmd, statuslen -
4171 		    MPTSAS_GET_ITEM_OFF(struct scsi_arq_status, sts_sensedata),
4172 		    kf) == B_FALSE)
4173 			goto fail;
4174 	}
4175 	return (0);
4176 fail:
4177 	mptsas_pkt_destroy_extern(mpt, cmd);
4178 	return (1);
4179 }
4180 
4181 /*
4182  * deallocate external pkt space and deallocate the pkt
4183  */
4184 static void
4185 mptsas_pkt_destroy_extern(mptsas_t *mpt, mptsas_cmd_t *cmd)
4186 {
4187 	NDBG3(("mptsas_pkt_destroy_extern: cmd=0x%p", (void *)cmd));
4188 
4189 	if (cmd->cmd_flags & CFLAG_FREE) {
4190 		mptsas_log(mpt, CE_PANIC,
4191 		    "mptsas_pkt_destroy_extern: freeing free packet");
4192 		_NOTE(NOT_REACHED)
4193 		/* NOTREACHED */
4194 	}
4195 	if (cmd->cmd_extrqslen != 0) {
4196 		rmfree(mpt->m_erqsense_map, cmd->cmd_extrqschunks,
4197 		    cmd->cmd_extrqsidx + 1);
4198 	}
4199 	if (cmd->cmd_flags & CFLAG_CDBEXTERN) {
4200 		kmem_free(cmd->cmd_pkt->pkt_cdbp, (size_t)cmd->cmd_cdblen);
4201 	}
4202 	if (cmd->cmd_flags & CFLAG_SCBEXTERN) {
4203 		kmem_free(cmd->cmd_pkt->pkt_scbp, (size_t)cmd->cmd_scblen);
4204 	}
4205 	if (cmd->cmd_flags & CFLAG_PRIVEXTERN) {
4206 		kmem_free(cmd->cmd_pkt->pkt_private, (size_t)cmd->cmd_privlen);
4207 	}
4208 	cmd->cmd_flags = CFLAG_FREE;
4209 	kmem_cache_free(mpt->m_kmem_cache, (void *)cmd);
4210 }
4211 
4212 /*
4213  * tran_sync_pkt(9E) - explicit DMA synchronization
4214  */
4215 /*ARGSUSED*/
4216 static void
4217 mptsas_scsi_sync_pkt(struct scsi_address *ap, struct scsi_pkt *pkt)
4218 {
4219 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
4220 
4221 	NDBG3(("mptsas_scsi_sync_pkt: target=%d, pkt=0x%p",
4222 	    ap->a_target, (void *)pkt));
4223 
4224 	if (cmd->cmd_dmahandle) {
4225 		(void) ddi_dma_sync(cmd->cmd_dmahandle, 0, 0,
4226 		    (cmd->cmd_flags & CFLAG_DMASEND) ?
4227 		    DDI_DMA_SYNC_FORDEV : DDI_DMA_SYNC_FORCPU);
4228 	}
4229 }
4230 
4231 /*
4232  * tran_dmafree(9E) - deallocate DMA resources allocated for command
4233  */
4234 /*ARGSUSED*/
4235 static void
4236 mptsas_scsi_dmafree(struct scsi_address *ap, struct scsi_pkt *pkt)
4237 {
4238 	mptsas_cmd_t	*cmd = PKT2CMD(pkt);
4239 	mptsas_t	*mpt = ADDR2MPT(ap);
4240 
4241 	NDBG3(("mptsas_scsi_dmafree: target=%d pkt=0x%p",
4242 	    ap->a_target, (void *)pkt));
4243 
4244 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
4245 		(void) ddi_dma_unbind_handle(cmd->cmd_dmahandle);
4246 		cmd->cmd_flags &= ~CFLAG_DMAVALID;
4247 	}
4248 
4249 	mptsas_free_extra_sgl_frame(mpt, cmd);
4250 }
4251 
4252 static void
4253 mptsas_pkt_comp(struct scsi_pkt *pkt, mptsas_cmd_t *cmd)
4254 {
4255 	if ((cmd->cmd_flags & CFLAG_CMDIOPB) &&
4256 	    (!(cmd->cmd_flags & CFLAG_DMASEND))) {
4257 		(void) ddi_dma_sync(cmd->cmd_dmahandle, 0, 0,
4258 		    DDI_DMA_SYNC_FORCPU);
4259 	}
4260 	(*pkt->pkt_comp)(pkt);
4261 }
4262 
4263 static void
4264 mptsas_sge_mainframe(mptsas_cmd_t *cmd, pMpi2SCSIIORequest_t frame,
4265     ddi_acc_handle_t acc_hdl, uint_t cookiec, uint32_t end_flags)
4266 {
4267 	pMpi2SGESimple64_t	sge;
4268 	mptti_t			*dmap;
4269 	uint32_t		flags;
4270 
4271 	dmap = cmd->cmd_sg;
4272 
4273 	sge = (pMpi2SGESimple64_t)(&frame->SGL);
4274 	while (cookiec--) {
4275 		ddi_put32(acc_hdl,
4276 		    &sge->Address.Low, dmap->addr.address64.Low);
4277 		ddi_put32(acc_hdl,
4278 		    &sge->Address.High, dmap->addr.address64.High);
4279 		ddi_put32(acc_hdl, &sge->FlagsLength,
4280 		    dmap->count);
4281 		flags = ddi_get32(acc_hdl, &sge->FlagsLength);
4282 		flags |= ((uint32_t)
4283 		    (MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
4284 		    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4285 		    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
4286 		    MPI2_SGE_FLAGS_SHIFT);
4287 
4288 		/*
4289 		 * If this is the last cookie, we set the flags
4290 		 * to indicate so
4291 		 */
4292 		if (cookiec == 0) {
4293 			flags |= end_flags;
4294 		}
4295 		if (cmd->cmd_flags & CFLAG_DMASEND) {
4296 			flags |= (MPI2_SGE_FLAGS_HOST_TO_IOC <<
4297 			    MPI2_SGE_FLAGS_SHIFT);
4298 		} else {
4299 			flags |= (MPI2_SGE_FLAGS_IOC_TO_HOST <<
4300 			    MPI2_SGE_FLAGS_SHIFT);
4301 		}
4302 		ddi_put32(acc_hdl, &sge->FlagsLength, flags);
4303 		dmap++;
4304 		sge++;
4305 	}
4306 }
4307 
4308 static void
4309 mptsas_sge_chain(mptsas_t *mpt, mptsas_cmd_t *cmd,
4310     pMpi2SCSIIORequest_t frame, ddi_acc_handle_t acc_hdl)
4311 {
4312 	pMpi2SGESimple64_t	sge;
4313 	pMpi2SGEChain64_t	sgechain;
4314 	uint64_t		nframe_phys_addr;
4315 	uint_t			cookiec;
4316 	mptti_t			*dmap;
4317 	uint32_t		flags;
4318 
4319 	/*
4320 	 * Save the number of entries in the DMA
4321 	 * Scatter/Gather list
4322 	 */
4323 	cookiec = cmd->cmd_cookiec;
4324 
4325 	/*
4326 	 * Hereby we start to deal with multiple frames.
4327 	 * The process is as follows:
4328 	 * 1. Determine how many frames are needed for SGL element
4329 	 *    storage; Note that all frames are stored in contiguous
4330 	 *    memory space and in 64-bit DMA mode each element is
4331 	 *    3 double-words (12 bytes) long.
4332 	 * 2. Fill up the main frame. We need to do this separately
4333 	 *    since it contains the SCSI IO request header and needs
4334 	 *    dedicated processing. Note that the last 4 double-words
4335 	 *    of the SCSI IO header is for SGL element storage
4336 	 *    (MPI2_SGE_IO_UNION).
4337 	 * 3. Fill the chain element in the main frame, so the DMA
4338 	 *    engine can use the following frames.
4339 	 * 4. Enter a loop to fill the remaining frames. Note that the
4340 	 *    last frame contains no chain element.  The remaining
4341 	 *    frames go into the mpt SGL buffer allocated on the fly,
4342 	 *    not immediately following the main message frame, as in
4343 	 *    Gen1.
4344 	 * Some restrictions:
4345 	 * 1. For 64-bit DMA, the simple element and chain element
4346 	 *    are both of 3 double-words (12 bytes) in size, even
4347 	 *    though all frames are stored in the first 4G of mem
4348 	 *    range and the higher 32-bits of the address are always 0.
4349 	 * 2. On some controllers (like the 1064/1068), a frame can
4350 	 *    hold SGL elements with the last 1 or 2 double-words
4351 	 *    (4 or 8 bytes) un-used. On these controllers, we should
4352 	 *    recognize that there's not enough room for another SGL
4353 	 *    element and move the sge pointer to the next frame.
4354 	 */
4355 	int			i, j, k, l, frames, sgemax;
4356 	int			temp;
4357 	uint8_t			chainflags;
4358 	uint16_t		chainlength;
4359 	mptsas_cache_frames_t	*p;
4360 
4361 	/*
4362 	 * Sgemax is the number of SGE's that will fit
4363 	 * each extra frame and frames is total
4364 	 * number of frames we'll need.  1 sge entry per
4365 	 * frame is reseverd for the chain element thus the -1 below.
4366 	 */
4367 	sgemax = ((mpt->m_req_frame_size / sizeof (MPI2_SGE_SIMPLE64))
4368 	    - 1);
4369 	temp = (cookiec - (MPTSAS_MAX_FRAME_SGES64(mpt) - 1)) / sgemax;
4370 
4371 	/*
4372 	 * A little check to see if we need to round up the number
4373 	 * of frames we need
4374 	 */
4375 	if ((cookiec - (MPTSAS_MAX_FRAME_SGES64(mpt) - 1)) - (temp *
4376 	    sgemax) > 1) {
4377 		frames = (temp + 1);
4378 	} else {
4379 		frames = temp;
4380 	}
4381 	dmap = cmd->cmd_sg;
4382 	sge = (pMpi2SGESimple64_t)(&frame->SGL);
4383 
4384 	/*
4385 	 * First fill in the main frame
4386 	 */
4387 	j = MPTSAS_MAX_FRAME_SGES64(mpt) - 1;
4388 	mptsas_sge_mainframe(cmd, frame, acc_hdl, j,
4389 	    ((uint32_t)(MPI2_SGE_FLAGS_LAST_ELEMENT) <<
4390 	    MPI2_SGE_FLAGS_SHIFT));
4391 	dmap += j;
4392 	sge += j;
4393 	j++;
4394 
4395 	/*
4396 	 * Fill in the chain element in the main frame.
4397 	 * About calculation on ChainOffset:
4398 	 * 1. Struct msg_scsi_io_request has 4 double-words (16 bytes)
4399 	 *    in the end reserved for SGL element storage
4400 	 *    (MPI2_SGE_IO_UNION); we should count it in our
4401 	 *    calculation.  See its definition in the header file.
4402 	 * 2. Constant j is the counter of the current SGL element
4403 	 *    that will be processed, and (j - 1) is the number of
4404 	 *    SGL elements that have been processed (stored in the
4405 	 *    main frame).
4406 	 * 3. ChainOffset value should be in units of double-words (4
4407 	 *    bytes) so the last value should be divided by 4.
4408 	 */
4409 	ddi_put8(acc_hdl, &frame->ChainOffset,
4410 	    (sizeof (MPI2_SCSI_IO_REQUEST) -
4411 	    sizeof (MPI2_SGE_IO_UNION) +
4412 	    (j - 1) * sizeof (MPI2_SGE_SIMPLE64)) >> 2);
4413 	sgechain = (pMpi2SGEChain64_t)sge;
4414 	chainflags = (MPI2_SGE_FLAGS_CHAIN_ELEMENT |
4415 	    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4416 	    MPI2_SGE_FLAGS_64_BIT_ADDRESSING);
4417 	ddi_put8(acc_hdl, &sgechain->Flags, chainflags);
4418 
4419 	/*
4420 	 * The size of the next frame is the accurate size of space
4421 	 * (in bytes) used to store the SGL elements. j is the counter
4422 	 * of SGL elements. (j - 1) is the number of SGL elements that
4423 	 * have been processed (stored in frames).
4424 	 */
4425 	if (frames >= 2) {
4426 		ASSERT(mpt->m_req_frame_size >= sizeof (MPI2_SGE_SIMPLE64));
4427 		chainlength = mpt->m_req_frame_size /
4428 		    sizeof (MPI2_SGE_SIMPLE64) *
4429 		    sizeof (MPI2_SGE_SIMPLE64);
4430 	} else {
4431 		chainlength = ((cookiec - (j - 1)) *
4432 		    sizeof (MPI2_SGE_SIMPLE64));
4433 	}
4434 
4435 	p = cmd->cmd_extra_frames;
4436 
4437 	ddi_put16(acc_hdl, &sgechain->Length, chainlength);
4438 	ddi_put32(acc_hdl, &sgechain->Address.Low, p->m_phys_addr);
4439 	ddi_put32(acc_hdl, &sgechain->Address.High, p->m_phys_addr >> 32);
4440 
4441 	/*
4442 	 * If there are more than 2 frames left we have to
4443 	 * fill in the next chain offset to the location of
4444 	 * the chain element in the next frame.
4445 	 * sgemax is the number of simple elements in an extra
4446 	 * frame. Note that the value NextChainOffset should be
4447 	 * in double-words (4 bytes).
4448 	 */
4449 	if (frames >= 2) {
4450 		ddi_put8(acc_hdl, &sgechain->NextChainOffset,
4451 		    (sgemax * sizeof (MPI2_SGE_SIMPLE64)) >> 2);
4452 	} else {
4453 		ddi_put8(acc_hdl, &sgechain->NextChainOffset, 0);
4454 	}
4455 
4456 	/*
4457 	 * Jump to next frame;
4458 	 * Starting here, chain buffers go into the per command SGL.
4459 	 * This buffer is allocated when chain buffers are needed.
4460 	 */
4461 	sge = (pMpi2SGESimple64_t)p->m_frames_addr;
4462 	i = cookiec;
4463 
4464 	/*
4465 	 * Start filling in frames with SGE's.  If we
4466 	 * reach the end of frame and still have SGE's
4467 	 * to fill we need to add a chain element and
4468 	 * use another frame.  j will be our counter
4469 	 * for what cookie we are at and i will be
4470 	 * the total cookiec. k is the current frame
4471 	 */
4472 	for (k = 1; k <= frames; k++) {
4473 		for (l = 1; (l <= (sgemax + 1)) && (j <= i); j++, l++) {
4474 
4475 			/*
4476 			 * If we have reached the end of frame
4477 			 * and we have more SGE's to fill in
4478 			 * we have to fill the final entry
4479 			 * with a chain element and then
4480 			 * continue to the next frame
4481 			 */
4482 			if ((l == (sgemax + 1)) && (k != frames)) {
4483 				sgechain = (pMpi2SGEChain64_t)sge;
4484 				j--;
4485 				chainflags = (
4486 				    MPI2_SGE_FLAGS_CHAIN_ELEMENT |
4487 				    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4488 				    MPI2_SGE_FLAGS_64_BIT_ADDRESSING);
4489 				ddi_put8(p->m_acc_hdl,
4490 				    &sgechain->Flags, chainflags);
4491 				/*
4492 				 * k is the frame counter and (k + 1)
4493 				 * is the number of the next frame.
4494 				 * Note that frames are in contiguous
4495 				 * memory space.
4496 				 */
4497 				nframe_phys_addr = p->m_phys_addr +
4498 				    (mpt->m_req_frame_size * k);
4499 				ddi_put32(p->m_acc_hdl,
4500 				    &sgechain->Address.Low,
4501 				    nframe_phys_addr);
4502 				ddi_put32(p->m_acc_hdl,
4503 				    &sgechain->Address.High,
4504 				    nframe_phys_addr >> 32);
4505 
4506 				/*
4507 				 * If there are more than 2 frames left
4508 				 * we have to next chain offset to
4509 				 * the location of the chain element
4510 				 * in the next frame and fill in the
4511 				 * length of the next chain
4512 				 */
4513 				if ((frames - k) >= 2) {
4514 					ddi_put8(p->m_acc_hdl,
4515 					    &sgechain->NextChainOffset,
4516 					    (sgemax *
4517 					    sizeof (MPI2_SGE_SIMPLE64))
4518 					    >> 2);
4519 					ddi_put16(p->m_acc_hdl,
4520 					    &sgechain->Length,
4521 					    mpt->m_req_frame_size /
4522 					    sizeof (MPI2_SGE_SIMPLE64) *
4523 					    sizeof (MPI2_SGE_SIMPLE64));
4524 				} else {
4525 					/*
4526 					 * This is the last frame. Set
4527 					 * the NextChainOffset to 0 and
4528 					 * Length is the total size of
4529 					 * all remaining simple elements
4530 					 */
4531 					ddi_put8(p->m_acc_hdl,
4532 					    &sgechain->NextChainOffset,
4533 					    0);
4534 					ddi_put16(p->m_acc_hdl,
4535 					    &sgechain->Length,
4536 					    (cookiec - j) *
4537 					    sizeof (MPI2_SGE_SIMPLE64));
4538 				}
4539 
4540 				/* Jump to the next frame */
4541 				sge = (pMpi2SGESimple64_t)
4542 				    ((char *)p->m_frames_addr +
4543 				    (int)mpt->m_req_frame_size * k);
4544 
4545 				continue;
4546 			}
4547 
4548 			ddi_put32(p->m_acc_hdl,
4549 			    &sge->Address.Low,
4550 			    dmap->addr.address64.Low);
4551 			ddi_put32(p->m_acc_hdl,
4552 			    &sge->Address.High,
4553 			    dmap->addr.address64.High);
4554 			ddi_put32(p->m_acc_hdl,
4555 			    &sge->FlagsLength, dmap->count);
4556 			flags = ddi_get32(p->m_acc_hdl,
4557 			    &sge->FlagsLength);
4558 			flags |= ((uint32_t)(
4559 			    MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
4560 			    MPI2_SGE_FLAGS_SYSTEM_ADDRESS |
4561 			    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
4562 			    MPI2_SGE_FLAGS_SHIFT);
4563 
4564 			/*
4565 			 * If we are at the end of the frame and
4566 			 * there is another frame to fill in
4567 			 * we set the last simple element as last
4568 			 * element
4569 			 */
4570 			if ((l == sgemax) && (k != frames)) {
4571 				flags |= ((uint32_t)
4572 				    (MPI2_SGE_FLAGS_LAST_ELEMENT) <<
4573 				    MPI2_SGE_FLAGS_SHIFT);
4574 			}
4575 
4576 			/*
4577 			 * If this is the final cookie we
4578 			 * indicate it by setting the flags
4579 			 */
4580 			if (j == i) {
4581 				flags |= ((uint32_t)
4582 				    (MPI2_SGE_FLAGS_LAST_ELEMENT |
4583 				    MPI2_SGE_FLAGS_END_OF_BUFFER |
4584 				    MPI2_SGE_FLAGS_END_OF_LIST) <<
4585 				    MPI2_SGE_FLAGS_SHIFT);
4586 			}
4587 			if (cmd->cmd_flags & CFLAG_DMASEND) {
4588 				flags |=
4589 				    (MPI2_SGE_FLAGS_HOST_TO_IOC <<
4590 				    MPI2_SGE_FLAGS_SHIFT);
4591 			} else {
4592 				flags |=
4593 				    (MPI2_SGE_FLAGS_IOC_TO_HOST <<
4594 				    MPI2_SGE_FLAGS_SHIFT);
4595 			}
4596 			ddi_put32(p->m_acc_hdl,
4597 			    &sge->FlagsLength, flags);
4598 			dmap++;
4599 			sge++;
4600 		}
4601 	}
4602 
4603 	/*
4604 	 * Sync DMA with the chain buffers that were just created
4605 	 */
4606 	(void) ddi_dma_sync(p->m_dma_hdl, 0, 0, DDI_DMA_SYNC_FORDEV);
4607 }
4608 
4609 static void
4610 mptsas_ieee_sge_mainframe(mptsas_cmd_t *cmd, pMpi2SCSIIORequest_t frame,
4611     ddi_acc_handle_t acc_hdl, uint_t cookiec, uint8_t end_flag)
4612 {
4613 	pMpi2IeeeSgeSimple64_t	ieeesge;
4614 	mptti_t			*dmap;
4615 	uint8_t			flags;
4616 
4617 	dmap = cmd->cmd_sg;
4618 
4619 	NDBG1(("mptsas_ieee_sge_mainframe: cookiec=%d, %s", cookiec,
4620 	    cmd->cmd_flags & CFLAG_DMASEND?"Out":"In"));
4621 
4622 	ieeesge = (pMpi2IeeeSgeSimple64_t)(&frame->SGL);
4623 	while (cookiec--) {
4624 		ddi_put32(acc_hdl,
4625 		    &ieeesge->Address.Low, dmap->addr.address64.Low);
4626 		ddi_put32(acc_hdl,
4627 		    &ieeesge->Address.High, dmap->addr.address64.High);
4628 		ddi_put32(acc_hdl, &ieeesge->Length,
4629 		    dmap->count);
4630 		NDBG1(("mptsas_ieee_sge_mainframe: len=%d", dmap->count));
4631 		flags = (MPI2_IEEE_SGE_FLAGS_SIMPLE_ELEMENT |
4632 		    MPI2_IEEE_SGE_FLAGS_SYSTEM_ADDR);
4633 
4634 		/*
4635 		 * If this is the last cookie, we set the flags
4636 		 * to indicate so
4637 		 */
4638 		if (cookiec == 0) {
4639 			flags |= end_flag;
4640 		}
4641 
4642 		ddi_put8(acc_hdl, &ieeesge->Flags, flags);
4643 		dmap++;
4644 		ieeesge++;
4645 	}
4646 }
4647 
4648 static void
4649 mptsas_ieee_sge_chain(mptsas_t *mpt, mptsas_cmd_t *cmd,
4650     pMpi2SCSIIORequest_t frame, ddi_acc_handle_t acc_hdl)
4651 {
4652 	pMpi2IeeeSgeSimple64_t	ieeesge;
4653 	pMpi25IeeeSgeChain64_t	ieeesgechain;
4654 	uint64_t		nframe_phys_addr;
4655 	uint_t			cookiec;
4656 	mptti_t			*dmap;
4657 	uint8_t			flags;
4658 
4659 	/*
4660 	 * Save the number of entries in the DMA
4661 	 * Scatter/Gather list
4662 	 */
4663 	cookiec = cmd->cmd_cookiec;
4664 
4665 	NDBG1(("mptsas_ieee_sge_chain: cookiec=%d", cookiec));
4666 
4667 	/*
4668 	 * Hereby we start to deal with multiple frames.
4669 	 * The process is as follows:
4670 	 * 1. Determine how many frames are needed for SGL element
4671 	 *    storage; Note that all frames are stored in contiguous
4672 	 *    memory space and in 64-bit DMA mode each element is
4673 	 *    4 double-words (16 bytes) long.
4674 	 * 2. Fill up the main frame. We need to do this separately
4675 	 *    since it contains the SCSI IO request header and needs
4676 	 *    dedicated processing. Note that the last 4 double-words
4677 	 *    of the SCSI IO header is for SGL element storage
4678 	 *    (MPI2_SGE_IO_UNION).
4679 	 * 3. Fill the chain element in the main frame, so the DMA
4680 	 *    engine can use the following frames.
4681 	 * 4. Enter a loop to fill the remaining frames. Note that the
4682 	 *    last frame contains no chain element.  The remaining
4683 	 *    frames go into the mpt SGL buffer allocated on the fly,
4684 	 *    not immediately following the main message frame, as in
4685 	 *    Gen1.
4686 	 * Restrictions:
4687 	 *    For 64-bit DMA, the simple element and chain element
4688 	 *    are both of 4 double-words (16 bytes) in size, even
4689 	 *    though all frames are stored in the first 4G of mem
4690 	 *    range and the higher 32-bits of the address are always 0.
4691 	 */
4692 	int			i, j, k, l, frames, sgemax;
4693 	int			temp;
4694 	uint8_t			chainflags;
4695 	uint32_t		chainlength;
4696 	mptsas_cache_frames_t	*p;
4697 
4698 	/*
4699 	 * Sgemax is the number of SGE's that will fit
4700 	 * each extra frame and frames is total
4701 	 * number of frames we'll need.  1 sge entry per
4702 	 * frame is reseverd for the chain element thus the -1 below.
4703 	 */
4704 	sgemax = ((mpt->m_req_frame_size / sizeof (MPI2_IEEE_SGE_SIMPLE64))
4705 	    - 1);
4706 	temp = (cookiec - (MPTSAS_MAX_FRAME_SGES64(mpt) - 1)) / sgemax;
4707 
4708 	/*
4709 	 * A little check to see if we need to round up the number
4710 	 * of frames we need
4711 	 */
4712 	if ((cookiec - (MPTSAS_MAX_FRAME_SGES64(mpt) - 1)) - (temp *
4713 	    sgemax) > 1) {
4714 		frames = (temp + 1);
4715 	} else {
4716 		frames = temp;
4717 	}
4718 	NDBG1(("mptsas_ieee_sge_chain: temp=%d, frames=%d", temp, frames));
4719 	dmap = cmd->cmd_sg;
4720 	ieeesge = (pMpi2IeeeSgeSimple64_t)(&frame->SGL);
4721 
4722 	/*
4723 	 * First fill in the main frame
4724 	 */
4725 	j = MPTSAS_MAX_FRAME_SGES64(mpt) - 1;
4726 	mptsas_ieee_sge_mainframe(cmd, frame, acc_hdl, j, 0);
4727 	dmap += j;
4728 	ieeesge += j;
4729 	j++;
4730 
4731 	/*
4732 	 * Fill in the chain element in the main frame.
4733 	 * About calculation on ChainOffset:
4734 	 * 1. Struct msg_scsi_io_request has 4 double-words (16 bytes)
4735 	 *    in the end reserved for SGL element storage
4736 	 *    (MPI2_SGE_IO_UNION); we should count it in our
4737 	 *    calculation.  See its definition in the header file.
4738 	 * 2. Constant j is the counter of the current SGL element
4739 	 *    that will be processed, and (j - 1) is the number of
4740 	 *    SGL elements that have been processed (stored in the
4741 	 *    main frame).
4742 	 * 3. ChainOffset value should be in units of quad-words (16
4743 	 *    bytes) so the last value should be divided by 16.
4744 	 */
4745 	ddi_put8(acc_hdl, &frame->ChainOffset,
4746 	    (sizeof (MPI2_SCSI_IO_REQUEST) -
4747 	    sizeof (MPI2_SGE_IO_UNION) +
4748 	    (j - 1) * sizeof (MPI2_IEEE_SGE_SIMPLE64)) >> 4);
4749 	ieeesgechain = (pMpi25IeeeSgeChain64_t)ieeesge;
4750 	chainflags = (MPI2_IEEE_SGE_FLAGS_CHAIN_ELEMENT |
4751 	    MPI2_IEEE_SGE_FLAGS_SYSTEM_ADDR);
4752 	ddi_put8(acc_hdl, &ieeesgechain->Flags, chainflags);
4753 
4754 	/*
4755 	 * The size of the next frame is the accurate size of space
4756 	 * (in bytes) used to store the SGL elements. j is the counter
4757 	 * of SGL elements. (j - 1) is the number of SGL elements that
4758 	 * have been processed (stored in frames).
4759 	 */
4760 	if (frames >= 2) {
4761 		ASSERT(mpt->m_req_frame_size >=
4762 		    sizeof (MPI2_IEEE_SGE_SIMPLE64));
4763 		chainlength = mpt->m_req_frame_size /
4764 		    sizeof (MPI2_IEEE_SGE_SIMPLE64) *
4765 		    sizeof (MPI2_IEEE_SGE_SIMPLE64);
4766 	} else {
4767 		chainlength = ((cookiec - (j - 1)) *
4768 		    sizeof (MPI2_IEEE_SGE_SIMPLE64));
4769 	}
4770 
4771 	p = cmd->cmd_extra_frames;
4772 
4773 	ddi_put32(acc_hdl, &ieeesgechain->Length, chainlength);
4774 	ddi_put32(acc_hdl, &ieeesgechain->Address.Low, p->m_phys_addr);
4775 	ddi_put32(acc_hdl, &ieeesgechain->Address.High, p->m_phys_addr >> 32);
4776 
4777 	/*
4778 	 * If there are more than 2 frames left we have to
4779 	 * fill in the next chain offset to the location of
4780 	 * the chain element in the next frame.
4781 	 * sgemax is the number of simple elements in an extra
4782 	 * frame. Note that the value NextChainOffset should be
4783 	 * in double-words (4 bytes).
4784 	 */
4785 	if (frames >= 2) {
4786 		ddi_put8(acc_hdl, &ieeesgechain->NextChainOffset,
4787 		    (sgemax * sizeof (MPI2_IEEE_SGE_SIMPLE64)) >> 4);
4788 	} else {
4789 		ddi_put8(acc_hdl, &ieeesgechain->NextChainOffset, 0);
4790 	}
4791 
4792 	/*
4793 	 * Jump to next frame;
4794 	 * Starting here, chain buffers go into the per command SGL.
4795 	 * This buffer is allocated when chain buffers are needed.
4796 	 */
4797 	ieeesge = (pMpi2IeeeSgeSimple64_t)p->m_frames_addr;
4798 	i = cookiec;
4799 
4800 	/*
4801 	 * Start filling in frames with SGE's.  If we
4802 	 * reach the end of frame and still have SGE's
4803 	 * to fill we need to add a chain element and
4804 	 * use another frame.  j will be our counter
4805 	 * for what cookie we are at and i will be
4806 	 * the total cookiec. k is the current frame
4807 	 */
4808 	for (k = 1; k <= frames; k++) {
4809 		for (l = 1; (l <= (sgemax + 1)) && (j <= i); j++, l++) {
4810 
4811 			/*
4812 			 * If we have reached the end of frame
4813 			 * and we have more SGE's to fill in
4814 			 * we have to fill the final entry
4815 			 * with a chain element and then
4816 			 * continue to the next frame
4817 			 */
4818 			if ((l == (sgemax + 1)) && (k != frames)) {
4819 				ieeesgechain = (pMpi25IeeeSgeChain64_t)ieeesge;
4820 				j--;
4821 				chainflags =
4822 				    MPI2_IEEE_SGE_FLAGS_CHAIN_ELEMENT |
4823 				    MPI2_IEEE_SGE_FLAGS_SYSTEM_ADDR;
4824 				ddi_put8(p->m_acc_hdl,
4825 				    &ieeesgechain->Flags, chainflags);
4826 				/*
4827 				 * k is the frame counter and (k + 1)
4828 				 * is the number of the next frame.
4829 				 * Note that frames are in contiguous
4830 				 * memory space.
4831 				 */
4832 				nframe_phys_addr = p->m_phys_addr +
4833 				    (mpt->m_req_frame_size * k);
4834 				ddi_put32(p->m_acc_hdl,
4835 				    &ieeesgechain->Address.Low,
4836 				    nframe_phys_addr);
4837 				ddi_put32(p->m_acc_hdl,
4838 				    &ieeesgechain->Address.High,
4839 				    nframe_phys_addr >> 32);
4840 
4841 				/*
4842 				 * If there are more than 2 frames left
4843 				 * we have to next chain offset to
4844 				 * the location of the chain element
4845 				 * in the next frame and fill in the
4846 				 * length of the next chain
4847 				 */
4848 				if ((frames - k) >= 2) {
4849 					ddi_put8(p->m_acc_hdl,
4850 					    &ieeesgechain->NextChainOffset,
4851 					    (sgemax *
4852 					    sizeof (MPI2_IEEE_SGE_SIMPLE64))
4853 					    >> 4);
4854 					ASSERT(mpt->m_req_frame_size >=
4855 					    sizeof (MPI2_IEEE_SGE_SIMPLE64));
4856 					ddi_put32(p->m_acc_hdl,
4857 					    &ieeesgechain->Length,
4858 					    mpt->m_req_frame_size /
4859 					    sizeof (MPI2_IEEE_SGE_SIMPLE64) *
4860 					    sizeof (MPI2_IEEE_SGE_SIMPLE64));
4861 				} else {
4862 					/*
4863 					 * This is the last frame. Set
4864 					 * the NextChainOffset to 0 and
4865 					 * Length is the total size of
4866 					 * all remaining simple elements
4867 					 */
4868 					ddi_put8(p->m_acc_hdl,
4869 					    &ieeesgechain->NextChainOffset,
4870 					    0);
4871 					ddi_put32(p->m_acc_hdl,
4872 					    &ieeesgechain->Length,
4873 					    (cookiec - j) *
4874 					    sizeof (MPI2_IEEE_SGE_SIMPLE64));
4875 				}
4876 
4877 				/* Jump to the next frame */
4878 				ieeesge = (pMpi2IeeeSgeSimple64_t)
4879 				    ((char *)p->m_frames_addr +
4880 				    (int)mpt->m_req_frame_size * k);
4881 
4882 				continue;
4883 			}
4884 
4885 			ddi_put32(p->m_acc_hdl,
4886 			    &ieeesge->Address.Low,
4887 			    dmap->addr.address64.Low);
4888 			ddi_put32(p->m_acc_hdl,
4889 			    &ieeesge->Address.High,
4890 			    dmap->addr.address64.High);
4891 			ddi_put32(p->m_acc_hdl,
4892 			    &ieeesge->Length, dmap->count);
4893 			flags = (MPI2_IEEE_SGE_FLAGS_SIMPLE_ELEMENT |
4894 			    MPI2_IEEE_SGE_FLAGS_SYSTEM_ADDR);
4895 
4896 			/*
4897 			 * If we are at the end of the frame and
4898 			 * there is another frame to fill in
4899 			 * do we need to do anything?
4900 			 * if ((l == sgemax) && (k != frames)) {
4901 			 * }
4902 			 */
4903 
4904 			/*
4905 			 * If this is the final cookie set end of list.
4906 			 */
4907 			if (j == i) {
4908 				flags |= MPI25_IEEE_SGE_FLAGS_END_OF_LIST;
4909 			}
4910 
4911 			ddi_put8(p->m_acc_hdl, &ieeesge->Flags, flags);
4912 			dmap++;
4913 			ieeesge++;
4914 		}
4915 	}
4916 
4917 	/*
4918 	 * Sync DMA with the chain buffers that were just created
4919 	 */
4920 	(void) ddi_dma_sync(p->m_dma_hdl, 0, 0, DDI_DMA_SYNC_FORDEV);
4921 }
4922 
4923 static void
4924 mptsas_sge_setup(mptsas_t *mpt, mptsas_cmd_t *cmd, uint32_t *control,
4925     pMpi2SCSIIORequest_t frame, ddi_acc_handle_t acc_hdl)
4926 {
4927 	ASSERT(cmd->cmd_flags & CFLAG_DMAVALID);
4928 
4929 	NDBG1(("mptsas_sge_setup: cookiec=%d", cmd->cmd_cookiec));
4930 
4931 	/*
4932 	 * Set read/write bit in control.
4933 	 */
4934 	if (cmd->cmd_flags & CFLAG_DMASEND) {
4935 		*control |= MPI2_SCSIIO_CONTROL_WRITE;
4936 	} else {
4937 		*control |= MPI2_SCSIIO_CONTROL_READ;
4938 	}
4939 
4940 	ddi_put32(acc_hdl, &frame->DataLength, cmd->cmd_dmacount);
4941 
4942 	/*
4943 	 * We have 4 cases here.  First where we can fit all the
4944 	 * SG elements into the main frame, and the case
4945 	 * where we can't. The SG element is also different when using
4946 	 * MPI2.5 interface.
4947 	 * If we have more cookies than we can attach to a frame
4948 	 * we will need to use a chain element to point
4949 	 * a location of memory where the rest of the S/G
4950 	 * elements reside.
4951 	 */
4952 	if (cmd->cmd_cookiec <= MPTSAS_MAX_FRAME_SGES64(mpt)) {
4953 		if (mpt->m_MPI25) {
4954 			mptsas_ieee_sge_mainframe(cmd, frame, acc_hdl,
4955 			    cmd->cmd_cookiec,
4956 			    MPI25_IEEE_SGE_FLAGS_END_OF_LIST);
4957 		} else {
4958 			mptsas_sge_mainframe(cmd, frame, acc_hdl,
4959 			    cmd->cmd_cookiec,
4960 			    ((uint32_t)(MPI2_SGE_FLAGS_LAST_ELEMENT
4961 			    | MPI2_SGE_FLAGS_END_OF_BUFFER
4962 			    | MPI2_SGE_FLAGS_END_OF_LIST) <<
4963 			    MPI2_SGE_FLAGS_SHIFT));
4964 		}
4965 	} else {
4966 		if (mpt->m_MPI25) {
4967 			mptsas_ieee_sge_chain(mpt, cmd, frame, acc_hdl);
4968 		} else {
4969 			mptsas_sge_chain(mpt, cmd, frame, acc_hdl);
4970 		}
4971 	}
4972 }
4973 
4974 /*
4975  * Interrupt handling
4976  * Utility routine.  Poll for status of a command sent to HBA
4977  * without interrupts (a FLAG_NOINTR command).
4978  */
4979 int
4980 mptsas_poll(mptsas_t *mpt, mptsas_cmd_t *poll_cmd, int polltime)
4981 {
4982 	int	rval = TRUE;
4983 
4984 	NDBG5(("mptsas_poll: cmd=0x%p", (void *)poll_cmd));
4985 
4986 	if ((poll_cmd->cmd_flags & CFLAG_TM_CMD) == 0) {
4987 		mptsas_restart_hba(mpt);
4988 	}
4989 
4990 	/*
4991 	 * Wait, using drv_usecwait(), long enough for the command to
4992 	 * reasonably return from the target if the target isn't
4993 	 * "dead".  A polled command may well be sent from scsi_poll, and
4994 	 * there are retries built in to scsi_poll if the transport
4995 	 * accepted the packet (TRAN_ACCEPT).  scsi_poll waits 1 second
4996 	 * and retries the transport up to scsi_poll_busycnt times
4997 	 * (currently 60) if
4998 	 * 1. pkt_reason is CMD_INCOMPLETE and pkt_state is 0, or
4999 	 * 2. pkt_reason is CMD_CMPLT and *pkt_scbp has STATUS_BUSY
5000 	 *
5001 	 * limit the waiting to avoid a hang in the event that the
5002 	 * cmd never gets started but we are still receiving interrupts
5003 	 */
5004 	while (!(poll_cmd->cmd_flags & CFLAG_FINISHED)) {
5005 		if (mptsas_wait_intr(mpt, polltime) == FALSE) {
5006 			NDBG5(("mptsas_poll: command incomplete"));
5007 			rval = FALSE;
5008 			break;
5009 		}
5010 	}
5011 
5012 	if (rval == FALSE) {
5013 
5014 		/*
5015 		 * this isn't supposed to happen, the hba must be wedged
5016 		 * Mark this cmd as a timeout.
5017 		 */
5018 		mptsas_set_pkt_reason(mpt, poll_cmd, CMD_TIMEOUT,
5019 		    (STAT_TIMEOUT|STAT_ABORTED));
5020 
5021 		if (poll_cmd->cmd_queued == FALSE) {
5022 
5023 			NDBG5(("mptsas_poll: not on waitq"));
5024 
5025 			poll_cmd->cmd_pkt->pkt_state |=
5026 			    (STATE_GOT_BUS|STATE_GOT_TARGET|STATE_SENT_CMD);
5027 		} else {
5028 
5029 			/* find and remove it from the waitq */
5030 			NDBG5(("mptsas_poll: delete from waitq"));
5031 			mptsas_waitq_delete(mpt, poll_cmd);
5032 		}
5033 
5034 	}
5035 	mptsas_fma_check(mpt, poll_cmd);
5036 	NDBG5(("mptsas_poll: done"));
5037 	return (rval);
5038 }
5039 
5040 /*
5041  * Used for polling cmds and TM function
5042  */
5043 static int
5044 mptsas_wait_intr(mptsas_t *mpt, int polltime)
5045 {
5046 	int				cnt;
5047 	pMpi2ReplyDescriptorsUnion_t	reply_desc_union;
5048 	uint32_t			int_mask;
5049 
5050 	NDBG5(("mptsas_wait_intr"));
5051 
5052 	mpt->m_polled_intr = 1;
5053 
5054 	/*
5055 	 * Get the current interrupt mask and disable interrupts.  When
5056 	 * re-enabling ints, set mask to saved value.
5057 	 */
5058 	int_mask = ddi_get32(mpt->m_datap, &mpt->m_reg->HostInterruptMask);
5059 	MPTSAS_DISABLE_INTR(mpt);
5060 
5061 	/*
5062 	 * Keep polling for at least (polltime * 1000) seconds
5063 	 */
5064 	for (cnt = 0; cnt < polltime; cnt++) {
5065 		(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
5066 		    DDI_DMA_SYNC_FORCPU);
5067 
5068 		reply_desc_union = (pMpi2ReplyDescriptorsUnion_t)
5069 		    MPTSAS_GET_NEXT_REPLY(mpt, mpt->m_post_index);
5070 
5071 		if (ddi_get32(mpt->m_acc_post_queue_hdl,
5072 		    &reply_desc_union->Words.Low) == 0xFFFFFFFF ||
5073 		    ddi_get32(mpt->m_acc_post_queue_hdl,
5074 		    &reply_desc_union->Words.High) == 0xFFFFFFFF) {
5075 			drv_usecwait(1000);
5076 			continue;
5077 		}
5078 
5079 		/*
5080 		 * The reply is valid, process it according to its
5081 		 * type.
5082 		 */
5083 		mptsas_process_intr(mpt, reply_desc_union);
5084 
5085 		if (++mpt->m_post_index == mpt->m_post_queue_depth) {
5086 			mpt->m_post_index = 0;
5087 		}
5088 
5089 		/*
5090 		 * Update the global reply index
5091 		 */
5092 		ddi_put32(mpt->m_datap,
5093 		    &mpt->m_reg->ReplyPostHostIndex, mpt->m_post_index);
5094 		mpt->m_polled_intr = 0;
5095 
5096 		/*
5097 		 * Re-enable interrupts and quit.
5098 		 */
5099 		ddi_put32(mpt->m_datap, &mpt->m_reg->HostInterruptMask,
5100 		    int_mask);
5101 		return (TRUE);
5102 
5103 	}
5104 
5105 	/*
5106 	 * Clear polling flag, re-enable interrupts and quit.
5107 	 */
5108 	mpt->m_polled_intr = 0;
5109 	ddi_put32(mpt->m_datap, &mpt->m_reg->HostInterruptMask, int_mask);
5110 	return (FALSE);
5111 }
5112 
5113 static void
5114 mptsas_handle_scsi_io_success(mptsas_t *mpt,
5115     pMpi2ReplyDescriptorsUnion_t reply_desc)
5116 {
5117 	pMpi2SCSIIOSuccessReplyDescriptor_t	scsi_io_success;
5118 	uint16_t				SMID;
5119 	mptsas_slots_t				*slots = mpt->m_active;
5120 	mptsas_cmd_t				*cmd = NULL;
5121 	struct scsi_pkt				*pkt;
5122 
5123 	ASSERT(mutex_owned(&mpt->m_mutex));
5124 
5125 	scsi_io_success = (pMpi2SCSIIOSuccessReplyDescriptor_t)reply_desc;
5126 	SMID = ddi_get16(mpt->m_acc_post_queue_hdl, &scsi_io_success->SMID);
5127 
5128 	/*
5129 	 * This is a success reply so just complete the IO.  First, do a sanity
5130 	 * check on the SMID.  The final slot is used for TM requests, which
5131 	 * would not come into this reply handler.
5132 	 */
5133 	if ((SMID == 0) || (SMID > slots->m_n_normal)) {
5134 		mptsas_log(mpt, CE_WARN, "?Received invalid SMID of %d\n",
5135 		    SMID);
5136 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
5137 		return;
5138 	}
5139 
5140 	cmd = slots->m_slot[SMID];
5141 
5142 	/*
5143 	 * print warning and return if the slot is empty
5144 	 */
5145 	if (cmd == NULL) {
5146 		mptsas_log(mpt, CE_WARN, "?NULL command for successful SCSI IO "
5147 		    "in slot %d", SMID);
5148 		return;
5149 	}
5150 
5151 	pkt = CMD2PKT(cmd);
5152 	pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET | STATE_SENT_CMD |
5153 	    STATE_GOT_STATUS);
5154 	if (cmd->cmd_flags & CFLAG_DMAVALID) {
5155 		pkt->pkt_state |= STATE_XFERRED_DATA;
5156 	}
5157 	pkt->pkt_resid = 0;
5158 
5159 	if (cmd->cmd_flags & CFLAG_PASSTHRU) {
5160 		cmd->cmd_flags |= CFLAG_FINISHED;
5161 		cv_broadcast(&mpt->m_passthru_cv);
5162 		return;
5163 	} else {
5164 		mptsas_remove_cmd(mpt, cmd);
5165 	}
5166 
5167 	if (cmd->cmd_flags & CFLAG_RETRY) {
5168 		/*
5169 		 * The target returned QFULL or busy, do not add tihs
5170 		 * pkt to the doneq since the hba will retry
5171 		 * this cmd.
5172 		 *
5173 		 * The pkt has already been resubmitted in
5174 		 * mptsas_handle_qfull() or in mptsas_check_scsi_io_error().
5175 		 * Remove this cmd_flag here.
5176 		 */
5177 		cmd->cmd_flags &= ~CFLAG_RETRY;
5178 	} else {
5179 		mptsas_doneq_add(mpt, cmd);
5180 	}
5181 }
5182 
5183 static void
5184 mptsas_handle_address_reply(mptsas_t *mpt,
5185     pMpi2ReplyDescriptorsUnion_t reply_desc)
5186 {
5187 	pMpi2AddressReplyDescriptor_t	address_reply;
5188 	pMPI2DefaultReply_t		reply;
5189 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
5190 	uint32_t			reply_addr, reply_frame_dma_baseaddr;
5191 	uint16_t			SMID, iocstatus;
5192 	mptsas_slots_t			*slots = mpt->m_active;
5193 	mptsas_cmd_t			*cmd = NULL;
5194 	uint8_t				function, buffer_type;
5195 	m_replyh_arg_t			*args;
5196 	int				reply_frame_no;
5197 
5198 	ASSERT(mutex_owned(&mpt->m_mutex));
5199 
5200 	address_reply = (pMpi2AddressReplyDescriptor_t)reply_desc;
5201 	reply_addr = ddi_get32(mpt->m_acc_post_queue_hdl,
5202 	    &address_reply->ReplyFrameAddress);
5203 	SMID = ddi_get16(mpt->m_acc_post_queue_hdl, &address_reply->SMID);
5204 
5205 	/*
5206 	 * If reply frame is not in the proper range we should ignore this
5207 	 * message and exit the interrupt handler.
5208 	 */
5209 	reply_frame_dma_baseaddr = mpt->m_reply_frame_dma_addr & 0xffffffffu;
5210 	if ((reply_addr < reply_frame_dma_baseaddr) ||
5211 	    (reply_addr >= (reply_frame_dma_baseaddr +
5212 	    (mpt->m_reply_frame_size * mpt->m_max_replies))) ||
5213 	    ((reply_addr - reply_frame_dma_baseaddr) %
5214 	    mpt->m_reply_frame_size != 0)) {
5215 		mptsas_log(mpt, CE_WARN, "?Received invalid reply frame "
5216 		    "address 0x%x\n", reply_addr);
5217 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
5218 		return;
5219 	}
5220 
5221 	(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
5222 	    DDI_DMA_SYNC_FORCPU);
5223 	reply = (pMPI2DefaultReply_t)(mpt->m_reply_frame + (reply_addr -
5224 	    reply_frame_dma_baseaddr));
5225 	function = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->Function);
5226 
5227 	NDBG31(("mptsas_handle_address_reply: function 0x%x, reply_addr=0x%x",
5228 	    function, reply_addr));
5229 
5230 	/*
5231 	 * don't get slot information and command for events since these values
5232 	 * don't exist
5233 	 */
5234 	if ((function != MPI2_FUNCTION_EVENT_NOTIFICATION) &&
5235 	    (function != MPI2_FUNCTION_DIAG_BUFFER_POST)) {
5236 		/*
5237 		 * This could be a TM reply, which use the last allocated SMID,
5238 		 * so allow for that.
5239 		 */
5240 		if ((SMID == 0) || (SMID > (slots->m_n_normal + 1))) {
5241 			mptsas_log(mpt, CE_WARN, "?Received invalid SMID of "
5242 			    "%d\n", SMID);
5243 			ddi_fm_service_impact(mpt->m_dip,
5244 			    DDI_SERVICE_UNAFFECTED);
5245 			return;
5246 		}
5247 
5248 		cmd = slots->m_slot[SMID];
5249 
5250 		/*
5251 		 * print warning and return if the slot is empty
5252 		 */
5253 		if (cmd == NULL) {
5254 			mptsas_log(mpt, CE_WARN, "?NULL command for address "
5255 			    "reply in slot %d", SMID);
5256 			return;
5257 		}
5258 		if ((cmd->cmd_flags &
5259 		    (CFLAG_PASSTHRU | CFLAG_CONFIG | CFLAG_FW_DIAG))) {
5260 			cmd->cmd_rfm = reply_addr;
5261 			cmd->cmd_flags |= CFLAG_FINISHED;
5262 			cv_broadcast(&mpt->m_passthru_cv);
5263 			cv_broadcast(&mpt->m_config_cv);
5264 			cv_broadcast(&mpt->m_fw_diag_cv);
5265 			return;
5266 		} else if (!(cmd->cmd_flags & CFLAG_FW_CMD)) {
5267 			mptsas_remove_cmd(mpt, cmd);
5268 		}
5269 		NDBG31(("\t\tmptsas_process_intr: slot=%d", SMID));
5270 	}
5271 	/*
5272 	 * Depending on the function, we need to handle
5273 	 * the reply frame (and cmd) differently.
5274 	 */
5275 	switch (function) {
5276 	case MPI2_FUNCTION_SCSI_IO_REQUEST:
5277 		mptsas_check_scsi_io_error(mpt, (pMpi2SCSIIOReply_t)reply, cmd);
5278 		break;
5279 	case MPI2_FUNCTION_SCSI_TASK_MGMT:
5280 		cmd->cmd_rfm = reply_addr;
5281 		mptsas_check_task_mgt(mpt, (pMpi2SCSIManagementReply_t)reply,
5282 		    cmd);
5283 		break;
5284 	case MPI2_FUNCTION_FW_DOWNLOAD:
5285 		cmd->cmd_flags |= CFLAG_FINISHED;
5286 		cv_signal(&mpt->m_fw_cv);
5287 		break;
5288 	case MPI2_FUNCTION_EVENT_NOTIFICATION:
5289 		reply_frame_no = (reply_addr - reply_frame_dma_baseaddr) /
5290 		    mpt->m_reply_frame_size;
5291 		args = &mpt->m_replyh_args[reply_frame_no];
5292 		args->mpt = (void *)mpt;
5293 		args->rfm = reply_addr;
5294 
5295 		/*
5296 		 * Record the event if its type is enabled in
5297 		 * this mpt instance by ioctl.
5298 		 */
5299 		mptsas_record_event(args);
5300 
5301 		/*
5302 		 * Handle time critical events
5303 		 * NOT_RESPONDING/ADDED only now
5304 		 */
5305 		if (mptsas_handle_event_sync(args) == DDI_SUCCESS) {
5306 			/*
5307 			 * Would not return main process,
5308 			 * just let taskq resolve ack action
5309 			 * and ack would be sent in taskq thread
5310 			 */
5311 			NDBG20(("send mptsas_handle_event_sync success"));
5312 		}
5313 
5314 		if (mpt->m_in_reset) {
5315 			NDBG20(("dropping event received during reset"));
5316 			return;
5317 		}
5318 
5319 		if ((ddi_taskq_dispatch(mpt->m_event_taskq, mptsas_handle_event,
5320 		    (void *)args, DDI_NOSLEEP)) != DDI_SUCCESS) {
5321 			mptsas_log(mpt, CE_WARN, "No memory available"
5322 			"for dispatch taskq");
5323 			/*
5324 			 * Return the reply frame to the free queue.
5325 			 */
5326 			ddi_put32(mpt->m_acc_free_queue_hdl,
5327 			    &((uint32_t *)(void *)
5328 			    mpt->m_free_queue)[mpt->m_free_index], reply_addr);
5329 			(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
5330 			    DDI_DMA_SYNC_FORDEV);
5331 			if (++mpt->m_free_index == mpt->m_free_queue_depth) {
5332 				mpt->m_free_index = 0;
5333 			}
5334 
5335 			ddi_put32(mpt->m_datap,
5336 			    &mpt->m_reg->ReplyFreeHostIndex, mpt->m_free_index);
5337 		}
5338 		return;
5339 	case MPI2_FUNCTION_DIAG_BUFFER_POST:
5340 		/*
5341 		 * If SMID is 0, this implies that the reply is due to a
5342 		 * release function with a status that the buffer has been
5343 		 * released.  Set the buffer flags accordingly.
5344 		 */
5345 		if (SMID == 0) {
5346 			iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
5347 			    &reply->IOCStatus);
5348 			buffer_type = ddi_get8(mpt->m_acc_reply_frame_hdl,
5349 			    &(((pMpi2DiagBufferPostReply_t)reply)->BufferType));
5350 			if (iocstatus == MPI2_IOCSTATUS_DIAGNOSTIC_RELEASED) {
5351 				pBuffer =
5352 				    &mpt->m_fw_diag_buffer_list[buffer_type];
5353 				pBuffer->valid_data = TRUE;
5354 				pBuffer->owned_by_firmware = FALSE;
5355 				pBuffer->immediate = FALSE;
5356 			}
5357 		} else {
5358 			/*
5359 			 * Normal handling of diag post reply with SMID.
5360 			 */
5361 			cmd = slots->m_slot[SMID];
5362 
5363 			/*
5364 			 * print warning and return if the slot is empty
5365 			 */
5366 			if (cmd == NULL) {
5367 				mptsas_log(mpt, CE_WARN, "?NULL command for "
5368 				    "address reply in slot %d", SMID);
5369 				return;
5370 			}
5371 			cmd->cmd_rfm = reply_addr;
5372 			cmd->cmd_flags |= CFLAG_FINISHED;
5373 			cv_broadcast(&mpt->m_fw_diag_cv);
5374 		}
5375 		return;
5376 	default:
5377 		mptsas_log(mpt, CE_WARN, "Unknown function 0x%x ", function);
5378 		break;
5379 	}
5380 
5381 	/*
5382 	 * Return the reply frame to the free queue.
5383 	 */
5384 	ddi_put32(mpt->m_acc_free_queue_hdl,
5385 	    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
5386 	    reply_addr);
5387 	(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
5388 	    DDI_DMA_SYNC_FORDEV);
5389 	if (++mpt->m_free_index == mpt->m_free_queue_depth) {
5390 		mpt->m_free_index = 0;
5391 	}
5392 	ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
5393 	    mpt->m_free_index);
5394 
5395 	if (cmd->cmd_flags & CFLAG_FW_CMD)
5396 		return;
5397 
5398 	if (cmd->cmd_flags & CFLAG_RETRY) {
5399 		/*
5400 		 * The target returned QFULL or busy, do not add this
5401 		 * pkt to the doneq since the hba will retry
5402 		 * this cmd.
5403 		 *
5404 		 * The pkt has already been resubmitted in
5405 		 * mptsas_handle_qfull() or in mptsas_check_scsi_io_error().
5406 		 * Remove this cmd_flag here.
5407 		 */
5408 		cmd->cmd_flags &= ~CFLAG_RETRY;
5409 	} else {
5410 		mptsas_doneq_add(mpt, cmd);
5411 	}
5412 }
5413 
5414 #ifdef MPTSAS_DEBUG
5415 static uint8_t mptsas_last_sense[256];
5416 #endif
5417 
5418 static void
5419 mptsas_check_scsi_io_error(mptsas_t *mpt, pMpi2SCSIIOReply_t reply,
5420     mptsas_cmd_t *cmd)
5421 {
5422 	uint8_t			scsi_status, scsi_state;
5423 	uint16_t		ioc_status, cmd_rqs_len;
5424 	uint32_t		xferred, sensecount, responsedata, loginfo = 0;
5425 	struct scsi_pkt		*pkt;
5426 	struct scsi_arq_status	*arqstat;
5427 	mptsas_target_t		*ptgt = cmd->cmd_tgt_addr;
5428 	uint8_t			*sensedata = NULL;
5429 	uint64_t		sas_wwn;
5430 	uint8_t			phy;
5431 	char			wwn_str[MPTSAS_WWN_STRLEN];
5432 
5433 	scsi_status = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->SCSIStatus);
5434 	ioc_status = ddi_get16(mpt->m_acc_reply_frame_hdl, &reply->IOCStatus);
5435 	scsi_state = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->SCSIState);
5436 	xferred = ddi_get32(mpt->m_acc_reply_frame_hdl, &reply->TransferCount);
5437 	sensecount = ddi_get32(mpt->m_acc_reply_frame_hdl, &reply->SenseCount);
5438 	responsedata = ddi_get32(mpt->m_acc_reply_frame_hdl,
5439 	    &reply->ResponseInfo);
5440 
5441 	if (ioc_status & MPI2_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
5442 		sas_wwn = ptgt->m_addr.mta_wwn;
5443 		phy = ptgt->m_phynum;
5444 		if (sas_wwn == 0) {
5445 			(void) sprintf(wwn_str, "p%x", phy);
5446 		} else {
5447 			(void) sprintf(wwn_str, "w%016"PRIx64, sas_wwn);
5448 		}
5449 		loginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
5450 		    &reply->IOCLogInfo);
5451 		mptsas_log(mpt, CE_NOTE,
5452 		    "?Log info 0x%x received for target %d %s.\n"
5453 		    "\tscsi_status=0x%x, ioc_status=0x%x, scsi_state=0x%x",
5454 		    loginfo, Tgt(cmd), wwn_str, scsi_status, ioc_status,
5455 		    scsi_state);
5456 	}
5457 
5458 	NDBG31(("\t\tscsi_status=0x%x, ioc_status=0x%x, scsi_state=0x%x",
5459 	    scsi_status, ioc_status, scsi_state));
5460 
5461 	pkt = CMD2PKT(cmd);
5462 	*(pkt->pkt_scbp) = scsi_status;
5463 
5464 	if (loginfo == 0x31170000) {
5465 		/*
5466 		 * if loginfo PL_LOGINFO_CODE_IO_DEVICE_MISSING_DELAY_RETRY
5467 		 * 0x31170000 comes, that means the device missing delay
5468 		 * is in progressing, the command need retry later.
5469 		 */
5470 		*(pkt->pkt_scbp) = STATUS_BUSY;
5471 		return;
5472 	}
5473 
5474 	if ((scsi_state & MPI2_SCSI_STATE_NO_SCSI_STATUS) &&
5475 	    ((ioc_status & MPI2_IOCSTATUS_MASK) ==
5476 	    MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE)) {
5477 		pkt->pkt_reason = CMD_INCOMPLETE;
5478 		pkt->pkt_state |= STATE_GOT_BUS;
5479 		if (ptgt->m_reset_delay == 0) {
5480 			mptsas_set_throttle(mpt, ptgt,
5481 			    DRAIN_THROTTLE);
5482 		}
5483 		return;
5484 	}
5485 
5486 	if (scsi_state & MPI2_SCSI_STATE_RESPONSE_INFO_VALID) {
5487 		responsedata &= 0x000000FF;
5488 		if (responsedata & MPTSAS_SCSI_RESPONSE_CODE_TLR_OFF) {
5489 			mptsas_log(mpt, CE_NOTE, "Do not support the TLR\n");
5490 			pkt->pkt_reason = CMD_TLR_OFF;
5491 			return;
5492 		}
5493 	}
5494 
5495 
5496 	switch (scsi_status) {
5497 	case MPI2_SCSI_STATUS_CHECK_CONDITION:
5498 		pkt->pkt_resid = (cmd->cmd_dmacount - xferred);
5499 		arqstat = (void*)(pkt->pkt_scbp);
5500 		arqstat->sts_rqpkt_status = *((struct scsi_status *)
5501 		    (pkt->pkt_scbp));
5502 		pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET |
5503 		    STATE_SENT_CMD | STATE_GOT_STATUS | STATE_ARQ_DONE);
5504 		if (cmd->cmd_flags & CFLAG_XARQ) {
5505 			pkt->pkt_state |= STATE_XARQ_DONE;
5506 		}
5507 		if (pkt->pkt_resid != cmd->cmd_dmacount) {
5508 			pkt->pkt_state |= STATE_XFERRED_DATA;
5509 		}
5510 		arqstat->sts_rqpkt_reason = pkt->pkt_reason;
5511 		arqstat->sts_rqpkt_state  = pkt->pkt_state;
5512 		arqstat->sts_rqpkt_state |= STATE_XFERRED_DATA;
5513 		arqstat->sts_rqpkt_statistics = pkt->pkt_statistics;
5514 		sensedata = (uint8_t *)&arqstat->sts_sensedata;
5515 		cmd_rqs_len = cmd->cmd_extrqslen ?
5516 		    cmd->cmd_extrqslen : cmd->cmd_rqslen;
5517 		(void) ddi_dma_sync(mpt->m_dma_req_sense_hdl, 0, 0,
5518 		    DDI_DMA_SYNC_FORKERNEL);
5519 #ifdef MPTSAS_DEBUG
5520 		bcopy(cmd->cmd_arq_buf, mptsas_last_sense,
5521 		    ((cmd_rqs_len >= sizeof (mptsas_last_sense)) ?
5522 		    sizeof (mptsas_last_sense):cmd_rqs_len));
5523 #endif
5524 		bcopy((uchar_t *)cmd->cmd_arq_buf, sensedata,
5525 		    ((cmd_rqs_len >= sensecount) ? sensecount :
5526 		    cmd_rqs_len));
5527 		arqstat->sts_rqpkt_resid = (cmd_rqs_len - sensecount);
5528 		cmd->cmd_flags |= CFLAG_CMDARQ;
5529 		/*
5530 		 * Set proper status for pkt if autosense was valid
5531 		 */
5532 		if (scsi_state & MPI2_SCSI_STATE_AUTOSENSE_VALID) {
5533 			struct scsi_status zero_status = { 0 };
5534 			arqstat->sts_rqpkt_status = zero_status;
5535 		}
5536 
5537 		/*
5538 		 * ASC=0x47 is parity error
5539 		 * ASC=0x48 is initiator detected error received
5540 		 */
5541 		if ((scsi_sense_key(sensedata) == KEY_ABORTED_COMMAND) &&
5542 		    ((scsi_sense_asc(sensedata) == 0x47) ||
5543 		    (scsi_sense_asc(sensedata) == 0x48))) {
5544 			mptsas_log(mpt, CE_NOTE, "Aborted_command!");
5545 		}
5546 
5547 		/*
5548 		 * ASC/ASCQ=0x3F/0x0E means report_luns data changed
5549 		 * ASC/ASCQ=0x25/0x00 means invalid lun
5550 		 */
5551 		if (((scsi_sense_key(sensedata) == KEY_UNIT_ATTENTION) &&
5552 		    (scsi_sense_asc(sensedata) == 0x3F) &&
5553 		    (scsi_sense_ascq(sensedata) == 0x0E)) ||
5554 		    ((scsi_sense_key(sensedata) == KEY_ILLEGAL_REQUEST) &&
5555 		    (scsi_sense_asc(sensedata) == 0x25) &&
5556 		    (scsi_sense_ascq(sensedata) == 0x00))) {
5557 			mptsas_topo_change_list_t *topo_node = NULL;
5558 
5559 			topo_node = kmem_zalloc(
5560 			    sizeof (mptsas_topo_change_list_t),
5561 			    KM_NOSLEEP);
5562 			if (topo_node == NULL) {
5563 				mptsas_log(mpt, CE_NOTE, "No memory"
5564 				    "resource for handle SAS dynamic"
5565 				    "reconfigure.\n");
5566 				break;
5567 			}
5568 			topo_node->mpt = mpt;
5569 			topo_node->event = MPTSAS_DR_EVENT_RECONFIG_TARGET;
5570 			topo_node->un.phymask = ptgt->m_addr.mta_phymask;
5571 			topo_node->devhdl = ptgt->m_devhdl;
5572 			topo_node->object = (void *)ptgt;
5573 			topo_node->flags = MPTSAS_TOPO_FLAG_LUN_ASSOCIATED;
5574 
5575 			if ((ddi_taskq_dispatch(mpt->m_dr_taskq,
5576 			    mptsas_handle_dr,
5577 			    (void *)topo_node,
5578 			    DDI_NOSLEEP)) != DDI_SUCCESS) {
5579 				kmem_free(topo_node,
5580 				    sizeof (mptsas_topo_change_list_t));
5581 				mptsas_log(mpt, CE_NOTE, "mptsas start taskq"
5582 				    "for handle SAS dynamic reconfigure"
5583 				    "failed. \n");
5584 			}
5585 		}
5586 		break;
5587 	case MPI2_SCSI_STATUS_GOOD:
5588 		switch (ioc_status & MPI2_IOCSTATUS_MASK) {
5589 		case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
5590 			pkt->pkt_reason = CMD_DEV_GONE;
5591 			pkt->pkt_state |= STATE_GOT_BUS;
5592 			if (ptgt->m_reset_delay == 0) {
5593 				mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
5594 			}
5595 			NDBG31(("lost disk for target%d, command:%x",
5596 			    Tgt(cmd), pkt->pkt_cdbp[0]));
5597 			break;
5598 		case MPI2_IOCSTATUS_SCSI_DATA_OVERRUN:
5599 			NDBG31(("data overrun: xferred=%d", xferred));
5600 			NDBG31(("dmacount=%d", cmd->cmd_dmacount));
5601 			pkt->pkt_reason = CMD_DATA_OVR;
5602 			pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET
5603 			    | STATE_SENT_CMD | STATE_GOT_STATUS
5604 			    | STATE_XFERRED_DATA);
5605 			pkt->pkt_resid = 0;
5606 			break;
5607 		case MPI2_IOCSTATUS_SCSI_RESIDUAL_MISMATCH:
5608 		case MPI2_IOCSTATUS_SCSI_DATA_UNDERRUN:
5609 			NDBG31(("data underrun: xferred=%d", xferred));
5610 			NDBG31(("dmacount=%d", cmd->cmd_dmacount));
5611 			pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET
5612 			    | STATE_SENT_CMD | STATE_GOT_STATUS);
5613 			pkt->pkt_resid = (cmd->cmd_dmacount - xferred);
5614 			if (pkt->pkt_resid != cmd->cmd_dmacount) {
5615 				pkt->pkt_state |= STATE_XFERRED_DATA;
5616 			}
5617 			break;
5618 		case MPI2_IOCSTATUS_SCSI_TASK_TERMINATED:
5619 			if (cmd->cmd_active_expiration <= gethrtime()) {
5620 				/*
5621 				 * When timeout requested, propagate
5622 				 * proper reason and statistics to
5623 				 * target drivers.
5624 				 */
5625 				mptsas_set_pkt_reason(mpt, cmd, CMD_TIMEOUT,
5626 				    STAT_BUS_RESET | STAT_TIMEOUT);
5627 			} else {
5628 				mptsas_set_pkt_reason(mpt, cmd, CMD_RESET,
5629 				    STAT_BUS_RESET);
5630 			}
5631 			break;
5632 		case MPI2_IOCSTATUS_SCSI_IOC_TERMINATED:
5633 		case MPI2_IOCSTATUS_SCSI_EXT_TERMINATED:
5634 			mptsas_set_pkt_reason(mpt,
5635 			    cmd, CMD_RESET, STAT_DEV_RESET);
5636 			break;
5637 		case MPI2_IOCSTATUS_SCSI_IO_DATA_ERROR:
5638 		case MPI2_IOCSTATUS_SCSI_PROTOCOL_ERROR:
5639 			pkt->pkt_state |= (STATE_GOT_BUS | STATE_GOT_TARGET);
5640 			mptsas_set_pkt_reason(mpt,
5641 			    cmd, CMD_TERMINATED, STAT_TERMINATED);
5642 			break;
5643 		case MPI2_IOCSTATUS_INSUFFICIENT_RESOURCES:
5644 		case MPI2_IOCSTATUS_BUSY:
5645 			/*
5646 			 * set throttles to drain
5647 			 */
5648 			for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
5649 			    ptgt = refhash_next(mpt->m_targets, ptgt)) {
5650 				mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
5651 			}
5652 
5653 			/*
5654 			 * retry command
5655 			 */
5656 			cmd->cmd_flags |= CFLAG_RETRY;
5657 			cmd->cmd_pkt_flags |= FLAG_HEAD;
5658 
5659 			(void) mptsas_accept_pkt(mpt, cmd);
5660 			break;
5661 		default:
5662 			mptsas_log(mpt, CE_WARN,
5663 			    "unknown ioc_status = %x\n", ioc_status);
5664 			mptsas_log(mpt, CE_CONT, "scsi_state = %x, transfer "
5665 			    "count = %x, scsi_status = %x", scsi_state,
5666 			    xferred, scsi_status);
5667 			break;
5668 		}
5669 		break;
5670 	case MPI2_SCSI_STATUS_TASK_SET_FULL:
5671 		mptsas_handle_qfull(mpt, cmd);
5672 		break;
5673 	case MPI2_SCSI_STATUS_BUSY:
5674 		NDBG31(("scsi_status busy received"));
5675 		break;
5676 	case MPI2_SCSI_STATUS_RESERVATION_CONFLICT:
5677 		NDBG31(("scsi_status reservation conflict received"));
5678 		break;
5679 	default:
5680 		mptsas_log(mpt, CE_WARN, "scsi_status=%x, ioc_status=%x\n",
5681 		    scsi_status, ioc_status);
5682 		mptsas_log(mpt, CE_WARN,
5683 		    "mptsas_process_intr: invalid scsi status\n");
5684 		break;
5685 	}
5686 }
5687 
5688 static void
5689 mptsas_check_task_mgt(mptsas_t *mpt, pMpi2SCSIManagementReply_t reply,
5690 	mptsas_cmd_t *cmd)
5691 {
5692 	uint8_t		task_type;
5693 	uint16_t	ioc_status;
5694 	uint32_t	log_info;
5695 	uint16_t	dev_handle;
5696 	struct scsi_pkt *pkt = CMD2PKT(cmd);
5697 
5698 	task_type = ddi_get8(mpt->m_acc_reply_frame_hdl, &reply->TaskType);
5699 	ioc_status = ddi_get16(mpt->m_acc_reply_frame_hdl, &reply->IOCStatus);
5700 	log_info = ddi_get32(mpt->m_acc_reply_frame_hdl, &reply->IOCLogInfo);
5701 	dev_handle = ddi_get16(mpt->m_acc_reply_frame_hdl, &reply->DevHandle);
5702 
5703 	if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
5704 		mptsas_log(mpt, CE_WARN, "mptsas_check_task_mgt: Task 0x%x "
5705 		    "failed. IOCStatus=0x%x IOCLogInfo=0x%x target=%d\n",
5706 		    task_type, ioc_status, log_info, dev_handle);
5707 		pkt->pkt_reason = CMD_INCOMPLETE;
5708 		return;
5709 	}
5710 
5711 	switch (task_type) {
5712 	case MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK:
5713 	case MPI2_SCSITASKMGMT_TASKTYPE_CLEAR_TASK_SET:
5714 	case MPI2_SCSITASKMGMT_TASKTYPE_QUERY_TASK:
5715 	case MPI2_SCSITASKMGMT_TASKTYPE_CLR_ACA:
5716 	case MPI2_SCSITASKMGMT_TASKTYPE_QRY_TASK_SET:
5717 	case MPI2_SCSITASKMGMT_TASKTYPE_QRY_UNIT_ATTENTION:
5718 		break;
5719 	case MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET:
5720 	case MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET:
5721 	case MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET:
5722 		/*
5723 		 * Check for invalid DevHandle of 0 in case application
5724 		 * sends bad command.  DevHandle of 0 could cause problems.
5725 		 */
5726 		if (dev_handle == 0) {
5727 			mptsas_log(mpt, CE_WARN, "!Can't flush target with"
5728 			    " DevHandle of 0.");
5729 		} else {
5730 			mptsas_flush_target(mpt, dev_handle, Lun(cmd),
5731 			    task_type);
5732 		}
5733 		break;
5734 	default:
5735 		mptsas_log(mpt, CE_WARN, "Unknown task management type %d.",
5736 		    task_type);
5737 		mptsas_log(mpt, CE_WARN, "ioc status = %x", ioc_status);
5738 		break;
5739 	}
5740 }
5741 
5742 static void
5743 mptsas_doneq_thread(mptsas_doneq_thread_arg_t *arg)
5744 {
5745 	mptsas_t			*mpt = arg->mpt;
5746 	uint64_t			t = arg->t;
5747 	mptsas_cmd_t			*cmd;
5748 	struct scsi_pkt			*pkt;
5749 	mptsas_doneq_thread_list_t	*item = &mpt->m_doneq_thread_id[t];
5750 
5751 	mutex_enter(&item->mutex);
5752 	while (item->flag & MPTSAS_DONEQ_THREAD_ACTIVE) {
5753 		if (!item->doneq) {
5754 			cv_wait(&item->cv, &item->mutex);
5755 		}
5756 		pkt = NULL;
5757 		if ((cmd = mptsas_doneq_thread_rm(mpt, t)) != NULL) {
5758 			cmd->cmd_flags |= CFLAG_COMPLETED;
5759 			pkt = CMD2PKT(cmd);
5760 		}
5761 		mutex_exit(&item->mutex);
5762 		if (pkt) {
5763 			mptsas_pkt_comp(pkt, cmd);
5764 		}
5765 		mutex_enter(&item->mutex);
5766 	}
5767 	mutex_exit(&item->mutex);
5768 	mutex_enter(&mpt->m_doneq_mutex);
5769 	mpt->m_doneq_thread_n--;
5770 	cv_broadcast(&mpt->m_doneq_thread_cv);
5771 	mutex_exit(&mpt->m_doneq_mutex);
5772 }
5773 
5774 
5775 /*
5776  * mpt interrupt handler.
5777  */
5778 static uint_t
5779 mptsas_intr(caddr_t arg1, caddr_t arg2)
5780 {
5781 	mptsas_t			*mpt = (void *)arg1;
5782 	pMpi2ReplyDescriptorsUnion_t	reply_desc_union;
5783 	uchar_t				did_reply = FALSE;
5784 
5785 	NDBG1(("mptsas_intr: arg1 0x%p arg2 0x%p", (void *)arg1, (void *)arg2));
5786 
5787 	mutex_enter(&mpt->m_mutex);
5788 
5789 	/*
5790 	 * If interrupts are shared by two channels then check whether this
5791 	 * interrupt is genuinely for this channel by making sure first the
5792 	 * chip is in high power state.
5793 	 */
5794 	if ((mpt->m_options & MPTSAS_OPT_PM) &&
5795 	    (mpt->m_power_level != PM_LEVEL_D0)) {
5796 		mutex_exit(&mpt->m_mutex);
5797 		return (DDI_INTR_UNCLAIMED);
5798 	}
5799 
5800 	/*
5801 	 * If polling, interrupt was triggered by some shared interrupt because
5802 	 * IOC interrupts are disabled during polling, so polling routine will
5803 	 * handle any replies.  Considering this, if polling is happening,
5804 	 * return with interrupt unclaimed.
5805 	 */
5806 	if (mpt->m_polled_intr) {
5807 		mutex_exit(&mpt->m_mutex);
5808 		mptsas_log(mpt, CE_WARN, "mpt_sas: Unclaimed interrupt");
5809 		return (DDI_INTR_UNCLAIMED);
5810 	}
5811 
5812 	/*
5813 	 * Read the istat register.
5814 	 */
5815 	if ((INTPENDING(mpt)) != 0) {
5816 		/*
5817 		 * read fifo until empty.
5818 		 */
5819 #ifndef __lock_lint
5820 		_NOTE(CONSTCOND)
5821 #endif
5822 		while (TRUE) {
5823 			(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
5824 			    DDI_DMA_SYNC_FORCPU);
5825 			reply_desc_union = (pMpi2ReplyDescriptorsUnion_t)
5826 			    MPTSAS_GET_NEXT_REPLY(mpt, mpt->m_post_index);
5827 
5828 			if (ddi_get32(mpt->m_acc_post_queue_hdl,
5829 			    &reply_desc_union->Words.Low) == 0xFFFFFFFF ||
5830 			    ddi_get32(mpt->m_acc_post_queue_hdl,
5831 			    &reply_desc_union->Words.High) == 0xFFFFFFFF) {
5832 				break;
5833 			}
5834 
5835 			/*
5836 			 * The reply is valid, process it according to its
5837 			 * type.  Also, set a flag for updating the reply index
5838 			 * after they've all been processed.
5839 			 */
5840 			did_reply = TRUE;
5841 
5842 			mptsas_process_intr(mpt, reply_desc_union);
5843 
5844 			/*
5845 			 * Increment post index and roll over if needed.
5846 			 */
5847 			if (++mpt->m_post_index == mpt->m_post_queue_depth) {
5848 				mpt->m_post_index = 0;
5849 			}
5850 		}
5851 
5852 		/*
5853 		 * Update the global reply index if at least one reply was
5854 		 * processed.
5855 		 */
5856 		if (did_reply) {
5857 			ddi_put32(mpt->m_datap,
5858 			    &mpt->m_reg->ReplyPostHostIndex, mpt->m_post_index);
5859 		}
5860 	} else {
5861 		mutex_exit(&mpt->m_mutex);
5862 		return (DDI_INTR_UNCLAIMED);
5863 	}
5864 	NDBG1(("mptsas_intr complete"));
5865 
5866 	/*
5867 	 * If no helper threads are created, process the doneq in ISR. If
5868 	 * helpers are created, use the doneq length as a metric to measure the
5869 	 * load on the interrupt CPU. If it is long enough, which indicates the
5870 	 * load is heavy, then we deliver the IO completions to the helpers.
5871 	 * This measurement has some limitations, although it is simple and
5872 	 * straightforward and works well for most of the cases at present.
5873 	 */
5874 	if (!mpt->m_doneq_thread_n ||
5875 	    (mpt->m_doneq_len <= mpt->m_doneq_length_threshold)) {
5876 		mptsas_doneq_empty(mpt);
5877 	} else {
5878 		mptsas_deliver_doneq_thread(mpt);
5879 	}
5880 
5881 	/*
5882 	 * If there are queued cmd, start them now.
5883 	 */
5884 	if (mpt->m_waitq != NULL) {
5885 		mptsas_restart_waitq(mpt);
5886 	}
5887 
5888 	mutex_exit(&mpt->m_mutex);
5889 	return (DDI_INTR_CLAIMED);
5890 }
5891 
5892 static void
5893 mptsas_process_intr(mptsas_t *mpt,
5894     pMpi2ReplyDescriptorsUnion_t reply_desc_union)
5895 {
5896 	uint8_t	reply_type;
5897 
5898 	ASSERT(mutex_owned(&mpt->m_mutex));
5899 
5900 	/*
5901 	 * The reply is valid, process it according to its
5902 	 * type.  Also, set a flag for updated the reply index
5903 	 * after they've all been processed.
5904 	 */
5905 	reply_type = ddi_get8(mpt->m_acc_post_queue_hdl,
5906 	    &reply_desc_union->Default.ReplyFlags);
5907 	reply_type &= MPI2_RPY_DESCRIPT_FLAGS_TYPE_MASK;
5908 	if (reply_type == MPI2_RPY_DESCRIPT_FLAGS_SCSI_IO_SUCCESS ||
5909 	    reply_type == MPI25_RPY_DESCRIPT_FLAGS_FAST_PATH_SCSI_IO_SUCCESS) {
5910 		mptsas_handle_scsi_io_success(mpt, reply_desc_union);
5911 	} else if (reply_type == MPI2_RPY_DESCRIPT_FLAGS_ADDRESS_REPLY) {
5912 		mptsas_handle_address_reply(mpt, reply_desc_union);
5913 	} else {
5914 		mptsas_log(mpt, CE_WARN, "?Bad reply type %x", reply_type);
5915 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
5916 	}
5917 
5918 	/*
5919 	 * Clear the reply descriptor for re-use and increment
5920 	 * index.
5921 	 */
5922 	ddi_put64(mpt->m_acc_post_queue_hdl,
5923 	    &((uint64_t *)(void *)mpt->m_post_queue)[mpt->m_post_index],
5924 	    0xFFFFFFFFFFFFFFFF);
5925 	(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
5926 	    DDI_DMA_SYNC_FORDEV);
5927 }
5928 
5929 /*
5930  * handle qfull condition
5931  */
5932 static void
5933 mptsas_handle_qfull(mptsas_t *mpt, mptsas_cmd_t *cmd)
5934 {
5935 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
5936 
5937 	if ((++cmd->cmd_qfull_retries > ptgt->m_qfull_retries) ||
5938 	    (ptgt->m_qfull_retries == 0)) {
5939 		/*
5940 		 * We have exhausted the retries on QFULL, or,
5941 		 * the target driver has indicated that it
5942 		 * wants to handle QFULL itself by setting
5943 		 * qfull-retries capability to 0. In either case
5944 		 * we want the target driver's QFULL handling
5945 		 * to kick in. We do this by having pkt_reason
5946 		 * as CMD_CMPLT and pkt_scbp as STATUS_QFULL.
5947 		 */
5948 		mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
5949 	} else {
5950 		if (ptgt->m_reset_delay == 0) {
5951 			ptgt->m_t_throttle =
5952 			    max((ptgt->m_t_ncmds - 2), 0);
5953 		}
5954 
5955 		cmd->cmd_pkt_flags |= FLAG_HEAD;
5956 		cmd->cmd_flags &= ~(CFLAG_TRANFLAG);
5957 		cmd->cmd_flags |= CFLAG_RETRY;
5958 
5959 		(void) mptsas_accept_pkt(mpt, cmd);
5960 
5961 		/*
5962 		 * when target gives queue full status with no commands
5963 		 * outstanding (m_t_ncmds == 0), throttle is set to 0
5964 		 * (HOLD_THROTTLE), and the queue full handling start
5965 		 * (see psarc/1994/313); if there are commands outstanding,
5966 		 * throttle is set to (m_t_ncmds - 2)
5967 		 */
5968 		if (ptgt->m_t_throttle == HOLD_THROTTLE) {
5969 			/*
5970 			 * By setting throttle to QFULL_THROTTLE, we
5971 			 * avoid submitting new commands and in
5972 			 * mptsas_restart_cmd find out slots which need
5973 			 * their throttles to be cleared.
5974 			 */
5975 			mptsas_set_throttle(mpt, ptgt, QFULL_THROTTLE);
5976 			if (mpt->m_restart_cmd_timeid == 0) {
5977 				mpt->m_restart_cmd_timeid =
5978 				    timeout(mptsas_restart_cmd, mpt,
5979 				    ptgt->m_qfull_retry_interval);
5980 			}
5981 		}
5982 	}
5983 }
5984 
5985 mptsas_phymask_t
5986 mptsas_physport_to_phymask(mptsas_t *mpt, uint8_t physport)
5987 {
5988 	mptsas_phymask_t	phy_mask = 0;
5989 	uint8_t			i = 0;
5990 
5991 	NDBG20(("mptsas%d physport_to_phymask enter", mpt->m_instance));
5992 
5993 	ASSERT(mutex_owned(&mpt->m_mutex));
5994 
5995 	/*
5996 	 * If physport is 0xFF, this is a RAID volume.  Use phymask of 0.
5997 	 */
5998 	if (physport == 0xFF) {
5999 		return (0);
6000 	}
6001 
6002 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
6003 		if (mpt->m_phy_info[i].attached_devhdl &&
6004 		    (mpt->m_phy_info[i].phy_mask != 0) &&
6005 		    (mpt->m_phy_info[i].port_num == physport)) {
6006 			phy_mask = mpt->m_phy_info[i].phy_mask;
6007 			break;
6008 		}
6009 	}
6010 	NDBG20(("mptsas%d physport_to_phymask:physport :%x phymask :%x, ",
6011 	    mpt->m_instance, physport, phy_mask));
6012 	return (phy_mask);
6013 }
6014 
6015 /*
6016  * mpt free device handle after device gone, by use of passthrough
6017  */
6018 static int
6019 mptsas_free_devhdl(mptsas_t *mpt, uint16_t devhdl)
6020 {
6021 	Mpi2SasIoUnitControlRequest_t	req;
6022 	Mpi2SasIoUnitControlReply_t	rep;
6023 	int				ret;
6024 
6025 	ASSERT(mutex_owned(&mpt->m_mutex));
6026 
6027 	/*
6028 	 * Need to compose a SAS IO Unit Control request message
6029 	 * and call mptsas_do_passthru() function
6030 	 */
6031 	bzero(&req, sizeof (req));
6032 	bzero(&rep, sizeof (rep));
6033 
6034 	req.Function = MPI2_FUNCTION_SAS_IO_UNIT_CONTROL;
6035 	req.Operation = MPI2_SAS_OP_REMOVE_DEVICE;
6036 	req.DevHandle = LE_16(devhdl);
6037 
6038 	ret = mptsas_do_passthru(mpt, (uint8_t *)&req, (uint8_t *)&rep, NULL,
6039 	    sizeof (req), sizeof (rep), NULL, 0, NULL, 0, 60, FKIOCTL);
6040 	if (ret != 0) {
6041 		cmn_err(CE_WARN, "mptsas_free_devhdl: passthru SAS IO Unit "
6042 		    "Control error %d", ret);
6043 		return (DDI_FAILURE);
6044 	}
6045 
6046 	/* do passthrough success, check the ioc status */
6047 	if (LE_16(rep.IOCStatus) != MPI2_IOCSTATUS_SUCCESS) {
6048 		cmn_err(CE_WARN, "mptsas_free_devhdl: passthru SAS IO Unit "
6049 		    "Control IOCStatus %d", LE_16(rep.IOCStatus));
6050 		return (DDI_FAILURE);
6051 	}
6052 
6053 	return (DDI_SUCCESS);
6054 }
6055 
6056 static void
6057 mptsas_update_phymask(mptsas_t *mpt)
6058 {
6059 	mptsas_phymask_t mask = 0, phy_mask;
6060 	char		*phy_mask_name;
6061 	uint8_t		current_port;
6062 	int		i, j;
6063 
6064 	NDBG20(("mptsas%d update phymask ", mpt->m_instance));
6065 
6066 	ASSERT(mutex_owned(&mpt->m_mutex));
6067 
6068 	(void) mptsas_get_sas_io_unit_page(mpt);
6069 
6070 	phy_mask_name = kmem_zalloc(MPTSAS_MAX_PHYS, KM_SLEEP);
6071 
6072 	for (i = 0; i < mpt->m_num_phys; i++) {
6073 		phy_mask = 0x00;
6074 
6075 		if (mpt->m_phy_info[i].attached_devhdl == 0)
6076 			continue;
6077 
6078 		bzero(phy_mask_name, sizeof (phy_mask_name));
6079 
6080 		current_port = mpt->m_phy_info[i].port_num;
6081 
6082 		if ((mask & (1 << i)) != 0)
6083 			continue;
6084 
6085 		for (j = 0; j < mpt->m_num_phys; j++) {
6086 			if (mpt->m_phy_info[j].attached_devhdl &&
6087 			    (mpt->m_phy_info[j].port_num == current_port)) {
6088 				phy_mask |= (1 << j);
6089 			}
6090 		}
6091 		mask = mask | phy_mask;
6092 
6093 		for (j = 0; j < mpt->m_num_phys; j++) {
6094 			if ((phy_mask >> j) & 0x01) {
6095 				mpt->m_phy_info[j].phy_mask = phy_mask;
6096 			}
6097 		}
6098 
6099 		(void) sprintf(phy_mask_name, "%x", phy_mask);
6100 
6101 		mutex_exit(&mpt->m_mutex);
6102 		/*
6103 		 * register a iport, if the port has already been existed
6104 		 * SCSA will do nothing and just return.
6105 		 */
6106 		(void) scsi_hba_iport_register(mpt->m_dip, phy_mask_name);
6107 		mutex_enter(&mpt->m_mutex);
6108 	}
6109 	kmem_free(phy_mask_name, MPTSAS_MAX_PHYS);
6110 	NDBG20(("mptsas%d update phymask return", mpt->m_instance));
6111 }
6112 
6113 /*
6114  * mptsas_handle_dr is a task handler for DR, the DR action includes:
6115  * 1. Directly attched Device Added/Removed.
6116  * 2. Expander Device Added/Removed.
6117  * 3. Indirectly Attached Device Added/Expander.
6118  * 4. LUNs of a existing device status change.
6119  * 5. RAID volume created/deleted.
6120  * 6. Member of RAID volume is released because of RAID deletion.
6121  * 7. Physical disks are removed because of RAID creation.
6122  */
6123 static void
6124 mptsas_handle_dr(void *args) {
6125 	mptsas_topo_change_list_t	*topo_node = NULL;
6126 	mptsas_topo_change_list_t	*save_node = NULL;
6127 	mptsas_t			*mpt;
6128 	dev_info_t			*parent = NULL;
6129 	mptsas_phymask_t		phymask = 0;
6130 	char				*phy_mask_name;
6131 	uint8_t				flags = 0, physport = 0xff;
6132 	uint8_t				port_update = 0;
6133 	uint_t				event;
6134 
6135 	topo_node = (mptsas_topo_change_list_t *)args;
6136 
6137 	mpt = topo_node->mpt;
6138 	event = topo_node->event;
6139 	flags = topo_node->flags;
6140 
6141 	phy_mask_name = kmem_zalloc(MPTSAS_MAX_PHYS, KM_SLEEP);
6142 
6143 	NDBG20(("mptsas%d handle_dr enter", mpt->m_instance));
6144 
6145 	switch (event) {
6146 	case MPTSAS_DR_EVENT_RECONFIG_TARGET:
6147 		if ((flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) ||
6148 		    (flags == MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE) ||
6149 		    (flags == MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED)) {
6150 			/*
6151 			 * Direct attached or expander attached device added
6152 			 * into system or a Phys Disk that is being unhidden.
6153 			 */
6154 			port_update = 1;
6155 		}
6156 		break;
6157 	case MPTSAS_DR_EVENT_RECONFIG_SMP:
6158 		/*
6159 		 * New expander added into system, it must be the head
6160 		 * of topo_change_list_t
6161 		 */
6162 		port_update = 1;
6163 		break;
6164 	default:
6165 		port_update = 0;
6166 		break;
6167 	}
6168 	/*
6169 	 * All cases port_update == 1 may cause initiator port form change
6170 	 */
6171 	mutex_enter(&mpt->m_mutex);
6172 	if (mpt->m_port_chng && port_update) {
6173 		/*
6174 		 * mpt->m_port_chng flag indicates some PHYs of initiator
6175 		 * port have changed to online. So when expander added or
6176 		 * directly attached device online event come, we force to
6177 		 * update port information by issueing SAS IO Unit Page and
6178 		 * update PHYMASKs.
6179 		 */
6180 		(void) mptsas_update_phymask(mpt);
6181 		mpt->m_port_chng = 0;
6182 
6183 	}
6184 	mutex_exit(&mpt->m_mutex);
6185 	while (topo_node) {
6186 		phymask = 0;
6187 		if (parent == NULL) {
6188 			physport = topo_node->un.physport;
6189 			event = topo_node->event;
6190 			flags = topo_node->flags;
6191 			if (event & (MPTSAS_DR_EVENT_OFFLINE_TARGET |
6192 			    MPTSAS_DR_EVENT_OFFLINE_SMP)) {
6193 				/*
6194 				 * For all offline events, phymask is known
6195 				 */
6196 				phymask = topo_node->un.phymask;
6197 				goto find_parent;
6198 			}
6199 			if (event & MPTSAS_TOPO_FLAG_REMOVE_HANDLE) {
6200 				goto handle_topo_change;
6201 			}
6202 			if (flags & MPTSAS_TOPO_FLAG_LUN_ASSOCIATED) {
6203 				phymask = topo_node->un.phymask;
6204 				goto find_parent;
6205 			}
6206 
6207 			if ((flags ==
6208 			    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED) &&
6209 			    (event == MPTSAS_DR_EVENT_RECONFIG_TARGET)) {
6210 				/*
6211 				 * There is no any field in IR_CONFIG_CHANGE
6212 				 * event indicate physport/phynum, let's get
6213 				 * parent after SAS Device Page0 request.
6214 				 */
6215 				goto handle_topo_change;
6216 			}
6217 
6218 			mutex_enter(&mpt->m_mutex);
6219 			if (flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) {
6220 				/*
6221 				 * If the direct attached device added or a
6222 				 * phys disk is being unhidden, argument
6223 				 * physport actually is PHY#, so we have to get
6224 				 * phymask according PHY#.
6225 				 */
6226 				physport = mpt->m_phy_info[physport].port_num;
6227 			}
6228 
6229 			/*
6230 			 * Translate physport to phymask so that we can search
6231 			 * parent dip.
6232 			 */
6233 			phymask = mptsas_physport_to_phymask(mpt,
6234 			    physport);
6235 			mutex_exit(&mpt->m_mutex);
6236 
6237 find_parent:
6238 			bzero(phy_mask_name, MPTSAS_MAX_PHYS);
6239 			/*
6240 			 * For RAID topology change node, write the iport name
6241 			 * as v0.
6242 			 */
6243 			if (flags & MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) {
6244 				(void) sprintf(phy_mask_name, "v0");
6245 			} else {
6246 				/*
6247 				 * phymask can bo 0 if the drive has been
6248 				 * pulled by the time an add event is
6249 				 * processed.  If phymask is 0, just skip this
6250 				 * event and continue.
6251 				 */
6252 				if (phymask == 0) {
6253 					mutex_enter(&mpt->m_mutex);
6254 					save_node = topo_node;
6255 					topo_node = topo_node->next;
6256 					ASSERT(save_node);
6257 					kmem_free(save_node,
6258 					    sizeof (mptsas_topo_change_list_t));
6259 					mutex_exit(&mpt->m_mutex);
6260 
6261 					parent = NULL;
6262 					continue;
6263 				}
6264 				(void) sprintf(phy_mask_name, "%x", phymask);
6265 			}
6266 			parent = scsi_hba_iport_find(mpt->m_dip,
6267 			    phy_mask_name);
6268 			if (parent == NULL) {
6269 				mptsas_log(mpt, CE_WARN, "Failed to find an "
6270 				    "iport, should not happen!");
6271 				goto out;
6272 			}
6273 
6274 		}
6275 		ASSERT(parent);
6276 handle_topo_change:
6277 
6278 		mutex_enter(&mpt->m_mutex);
6279 		/*
6280 		 * If HBA is being reset, don't perform operations depending
6281 		 * on the IOC. We must free the topo list, however.
6282 		 */
6283 		if (!mpt->m_in_reset)
6284 			mptsas_handle_topo_change(topo_node, parent);
6285 		else
6286 			NDBG20(("skipping topo change received during reset"));
6287 		save_node = topo_node;
6288 		topo_node = topo_node->next;
6289 		ASSERT(save_node);
6290 		kmem_free(save_node, sizeof (mptsas_topo_change_list_t));
6291 		mutex_exit(&mpt->m_mutex);
6292 
6293 		if ((flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) ||
6294 		    (flags == MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED) ||
6295 		    (flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED)) {
6296 			/*
6297 			 * If direct attached device associated, make sure
6298 			 * reset the parent before start the next one. But
6299 			 * all devices associated with expander shares the
6300 			 * parent.  Also, reset parent if this is for RAID.
6301 			 */
6302 			parent = NULL;
6303 		}
6304 	}
6305 out:
6306 	kmem_free(phy_mask_name, MPTSAS_MAX_PHYS);
6307 }
6308 
6309 static void
6310 mptsas_handle_topo_change(mptsas_topo_change_list_t *topo_node,
6311     dev_info_t *parent)
6312 {
6313 	mptsas_target_t	*ptgt = NULL;
6314 	mptsas_smp_t	*psmp = NULL;
6315 	mptsas_t	*mpt = (void *)topo_node->mpt;
6316 	uint16_t	devhdl;
6317 	uint16_t	attached_devhdl;
6318 	uint64_t	sas_wwn = 0;
6319 	int		rval = 0;
6320 	uint32_t	page_address;
6321 	uint8_t		phy, flags;
6322 	char		*addr = NULL;
6323 	dev_info_t	*lundip;
6324 	int		circ = 0, circ1 = 0;
6325 	char		attached_wwnstr[MPTSAS_WWN_STRLEN];
6326 
6327 	NDBG20(("mptsas%d handle_topo_change enter, devhdl 0x%x,"
6328 	    "event 0x%x, flags 0x%x", mpt->m_instance, topo_node->devhdl,
6329 	    topo_node->event, topo_node->flags));
6330 
6331 	ASSERT(mutex_owned(&mpt->m_mutex));
6332 
6333 	switch (topo_node->event) {
6334 	case MPTSAS_DR_EVENT_RECONFIG_TARGET:
6335 	{
6336 		char *phy_mask_name;
6337 		mptsas_phymask_t phymask = 0;
6338 
6339 		if (topo_node->flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) {
6340 			/*
6341 			 * Get latest RAID info.
6342 			 */
6343 			(void) mptsas_get_raid_info(mpt);
6344 			ptgt = refhash_linear_search(mpt->m_targets,
6345 			    mptsas_target_eval_devhdl, &topo_node->devhdl);
6346 			if (ptgt == NULL)
6347 				break;
6348 		} else {
6349 			ptgt = (void *)topo_node->object;
6350 		}
6351 
6352 		if (ptgt == NULL) {
6353 			/*
6354 			 * If a Phys Disk was deleted, RAID info needs to be
6355 			 * updated to reflect the new topology.
6356 			 */
6357 			(void) mptsas_get_raid_info(mpt);
6358 
6359 			/*
6360 			 * Get sas device page 0 by DevHandle to make sure if
6361 			 * SSP/SATA end device exist.
6362 			 */
6363 			page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
6364 			    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
6365 			    topo_node->devhdl;
6366 
6367 			rval = mptsas_get_target_device_info(mpt, page_address,
6368 			    &devhdl, &ptgt);
6369 			if (rval == DEV_INFO_WRONG_DEVICE_TYPE) {
6370 				mptsas_log(mpt, CE_NOTE,
6371 				    "mptsas_handle_topo_change: target %d is "
6372 				    "not a SAS/SATA device. \n",
6373 				    topo_node->devhdl);
6374 			} else if (rval == DEV_INFO_FAIL_ALLOC) {
6375 				mptsas_log(mpt, CE_NOTE,
6376 				    "mptsas_handle_topo_change: could not "
6377 				    "allocate memory. \n");
6378 			}
6379 			/*
6380 			 * If rval is DEV_INFO_PHYS_DISK than there is nothing
6381 			 * else to do, just leave.
6382 			 */
6383 			if (rval != DEV_INFO_SUCCESS) {
6384 				return;
6385 			}
6386 		}
6387 
6388 		ASSERT(ptgt->m_devhdl == topo_node->devhdl);
6389 
6390 		mutex_exit(&mpt->m_mutex);
6391 		flags = topo_node->flags;
6392 
6393 		if (flags == MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED) {
6394 			phymask = ptgt->m_addr.mta_phymask;
6395 			phy_mask_name = kmem_zalloc(MPTSAS_MAX_PHYS, KM_SLEEP);
6396 			(void) sprintf(phy_mask_name, "%x", phymask);
6397 			parent = scsi_hba_iport_find(mpt->m_dip,
6398 			    phy_mask_name);
6399 			kmem_free(phy_mask_name, MPTSAS_MAX_PHYS);
6400 			if (parent == NULL) {
6401 				mptsas_log(mpt, CE_WARN, "Failed to find a "
6402 				    "iport for PD, should not happen!");
6403 				mutex_enter(&mpt->m_mutex);
6404 				break;
6405 			}
6406 		}
6407 
6408 		if (flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) {
6409 			ndi_devi_enter(parent, &circ1);
6410 			(void) mptsas_config_raid(parent, topo_node->devhdl,
6411 			    &lundip);
6412 			ndi_devi_exit(parent, circ1);
6413 		} else {
6414 			/*
6415 			 * hold nexus for bus configure
6416 			 */
6417 			ndi_devi_enter(scsi_vhci_dip, &circ);
6418 			ndi_devi_enter(parent, &circ1);
6419 			rval = mptsas_config_target(parent, ptgt);
6420 			/*
6421 			 * release nexus for bus configure
6422 			 */
6423 			ndi_devi_exit(parent, circ1);
6424 			ndi_devi_exit(scsi_vhci_dip, circ);
6425 
6426 			/*
6427 			 * Add parent's props for SMHBA support
6428 			 */
6429 			if (flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) {
6430 				bzero(attached_wwnstr,
6431 				    sizeof (attached_wwnstr));
6432 				(void) sprintf(attached_wwnstr, "w%016"PRIx64,
6433 				    ptgt->m_addr.mta_wwn);
6434 				if (ddi_prop_update_string(DDI_DEV_T_NONE,
6435 				    parent,
6436 				    SCSI_ADDR_PROP_ATTACHED_PORT,
6437 				    attached_wwnstr)
6438 				    != DDI_PROP_SUCCESS) {
6439 					(void) ddi_prop_remove(DDI_DEV_T_NONE,
6440 					    parent,
6441 					    SCSI_ADDR_PROP_ATTACHED_PORT);
6442 					mptsas_log(mpt, CE_WARN, "Failed to"
6443 					    "attached-port props");
6444 					return;
6445 				}
6446 				if (ddi_prop_update_int(DDI_DEV_T_NONE, parent,
6447 				    MPTSAS_NUM_PHYS, 1) !=
6448 				    DDI_PROP_SUCCESS) {
6449 					(void) ddi_prop_remove(DDI_DEV_T_NONE,
6450 					    parent, MPTSAS_NUM_PHYS);
6451 					mptsas_log(mpt, CE_WARN, "Failed to"
6452 					    " create num-phys props");
6453 					return;
6454 				}
6455 
6456 				/*
6457 				 * Update PHY info for smhba
6458 				 */
6459 				mutex_enter(&mpt->m_mutex);
6460 				if (mptsas_smhba_phy_init(mpt)) {
6461 					mutex_exit(&mpt->m_mutex);
6462 					mptsas_log(mpt, CE_WARN, "mptsas phy"
6463 					    " update failed");
6464 					return;
6465 				}
6466 				mutex_exit(&mpt->m_mutex);
6467 
6468 				/*
6469 				 * topo_node->un.physport is really the PHY#
6470 				 * for direct attached devices
6471 				 */
6472 				mptsas_smhba_set_one_phy_props(mpt, parent,
6473 				    topo_node->un.physport, &attached_devhdl);
6474 
6475 				if (ddi_prop_update_int(DDI_DEV_T_NONE, parent,
6476 				    MPTSAS_VIRTUAL_PORT, 0) !=
6477 				    DDI_PROP_SUCCESS) {
6478 					(void) ddi_prop_remove(DDI_DEV_T_NONE,
6479 					    parent, MPTSAS_VIRTUAL_PORT);
6480 					mptsas_log(mpt, CE_WARN,
6481 					    "mptsas virtual-port"
6482 					    "port prop update failed");
6483 					return;
6484 				}
6485 			}
6486 		}
6487 		mutex_enter(&mpt->m_mutex);
6488 
6489 		NDBG20(("mptsas%d handle_topo_change to online devhdl:%x, "
6490 		    "phymask:%x.", mpt->m_instance, ptgt->m_devhdl,
6491 		    ptgt->m_addr.mta_phymask));
6492 		break;
6493 	}
6494 	case MPTSAS_DR_EVENT_OFFLINE_TARGET:
6495 	{
6496 		devhdl = topo_node->devhdl;
6497 		ptgt = refhash_linear_search(mpt->m_targets,
6498 		    mptsas_target_eval_devhdl, &devhdl);
6499 		if (ptgt == NULL)
6500 			break;
6501 
6502 		sas_wwn = ptgt->m_addr.mta_wwn;
6503 		phy = ptgt->m_phynum;
6504 
6505 		addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
6506 
6507 		if (sas_wwn) {
6508 			(void) sprintf(addr, "w%016"PRIx64, sas_wwn);
6509 		} else {
6510 			(void) sprintf(addr, "p%x", phy);
6511 		}
6512 		ASSERT(ptgt->m_devhdl == devhdl);
6513 
6514 		if ((topo_node->flags == MPTSAS_TOPO_FLAG_RAID_ASSOCIATED) ||
6515 		    (topo_node->flags ==
6516 		    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED)) {
6517 			/*
6518 			 * Get latest RAID info if RAID volume status changes
6519 			 * or Phys Disk status changes
6520 			 */
6521 			(void) mptsas_get_raid_info(mpt);
6522 		}
6523 		/*
6524 		 * Abort all outstanding command on the device
6525 		 */
6526 		rval = mptsas_do_scsi_reset(mpt, devhdl);
6527 		if (rval) {
6528 			NDBG20(("mptsas%d handle_topo_change to reset target "
6529 			    "before offline devhdl:%x, phymask:%x, rval:%x",
6530 			    mpt->m_instance, ptgt->m_devhdl,
6531 			    ptgt->m_addr.mta_phymask, rval));
6532 		}
6533 
6534 		mutex_exit(&mpt->m_mutex);
6535 
6536 		ndi_devi_enter(scsi_vhci_dip, &circ);
6537 		ndi_devi_enter(parent, &circ1);
6538 		rval = mptsas_offline_target(parent, addr);
6539 		ndi_devi_exit(parent, circ1);
6540 		ndi_devi_exit(scsi_vhci_dip, circ);
6541 		NDBG20(("mptsas%d handle_topo_change to offline devhdl:%x, "
6542 		    "phymask:%x, rval:%x", mpt->m_instance,
6543 		    ptgt->m_devhdl, ptgt->m_addr.mta_phymask, rval));
6544 
6545 		kmem_free(addr, SCSI_MAXNAMELEN);
6546 
6547 		/*
6548 		 * Clear parent's props for SMHBA support
6549 		 */
6550 		flags = topo_node->flags;
6551 		if (flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) {
6552 			bzero(attached_wwnstr, sizeof (attached_wwnstr));
6553 			if (ddi_prop_update_string(DDI_DEV_T_NONE, parent,
6554 			    SCSI_ADDR_PROP_ATTACHED_PORT, attached_wwnstr) !=
6555 			    DDI_PROP_SUCCESS) {
6556 				(void) ddi_prop_remove(DDI_DEV_T_NONE, parent,
6557 				    SCSI_ADDR_PROP_ATTACHED_PORT);
6558 				mptsas_log(mpt, CE_WARN, "mptsas attached port "
6559 				    "prop update failed");
6560 				break;
6561 			}
6562 			if (ddi_prop_update_int(DDI_DEV_T_NONE, parent,
6563 			    MPTSAS_NUM_PHYS, 0) !=
6564 			    DDI_PROP_SUCCESS) {
6565 				(void) ddi_prop_remove(DDI_DEV_T_NONE, parent,
6566 				    MPTSAS_NUM_PHYS);
6567 				mptsas_log(mpt, CE_WARN, "mptsas num phys "
6568 				    "prop update failed");
6569 				break;
6570 			}
6571 			if (ddi_prop_update_int(DDI_DEV_T_NONE, parent,
6572 			    MPTSAS_VIRTUAL_PORT, 1) !=
6573 			    DDI_PROP_SUCCESS) {
6574 				(void) ddi_prop_remove(DDI_DEV_T_NONE, parent,
6575 				    MPTSAS_VIRTUAL_PORT);
6576 				mptsas_log(mpt, CE_WARN, "mptsas virtual port "
6577 				    "prop update failed");
6578 				break;
6579 			}
6580 		}
6581 
6582 		mutex_enter(&mpt->m_mutex);
6583 		ptgt->m_led_status = 0;
6584 		(void) mptsas_flush_led_status(mpt, ptgt);
6585 		if (rval == DDI_SUCCESS) {
6586 			refhash_remove(mpt->m_targets, ptgt);
6587 			ptgt = NULL;
6588 		} else {
6589 			/*
6590 			 * clean DR_INTRANSITION flag to allow I/O down to
6591 			 * PHCI driver since failover finished.
6592 			 * Invalidate the devhdl
6593 			 */
6594 			ptgt->m_devhdl = MPTSAS_INVALID_DEVHDL;
6595 			ptgt->m_tgt_unconfigured = 0;
6596 			mutex_enter(&mpt->m_tx_waitq_mutex);
6597 			ptgt->m_dr_flag = MPTSAS_DR_INACTIVE;
6598 			mutex_exit(&mpt->m_tx_waitq_mutex);
6599 		}
6600 
6601 		/*
6602 		 * Send SAS IO Unit Control to free the dev handle
6603 		 */
6604 		if ((flags == MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE) ||
6605 		    (flags == MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE)) {
6606 			rval = mptsas_free_devhdl(mpt, devhdl);
6607 
6608 			NDBG20(("mptsas%d handle_topo_change to remove "
6609 			    "devhdl:%x, rval:%x", mpt->m_instance, devhdl,
6610 			    rval));
6611 		}
6612 
6613 		break;
6614 	}
6615 	case MPTSAS_TOPO_FLAG_REMOVE_HANDLE:
6616 	{
6617 		devhdl = topo_node->devhdl;
6618 		/*
6619 		 * If this is the remove handle event, do a reset first.
6620 		 */
6621 		if (topo_node->event == MPTSAS_TOPO_FLAG_REMOVE_HANDLE) {
6622 			rval = mptsas_do_scsi_reset(mpt, devhdl);
6623 			if (rval) {
6624 				NDBG20(("mpt%d reset target before remove "
6625 				    "devhdl:%x, rval:%x", mpt->m_instance,
6626 				    devhdl, rval));
6627 			}
6628 		}
6629 
6630 		/*
6631 		 * Send SAS IO Unit Control to free the dev handle
6632 		 */
6633 		rval = mptsas_free_devhdl(mpt, devhdl);
6634 		NDBG20(("mptsas%d handle_topo_change to remove "
6635 		    "devhdl:%x, rval:%x", mpt->m_instance, devhdl,
6636 		    rval));
6637 		break;
6638 	}
6639 	case MPTSAS_DR_EVENT_RECONFIG_SMP:
6640 	{
6641 		mptsas_smp_t smp;
6642 		dev_info_t *smpdip;
6643 
6644 		devhdl = topo_node->devhdl;
6645 
6646 		page_address = (MPI2_SAS_EXPAND_PGAD_FORM_HNDL &
6647 		    MPI2_SAS_EXPAND_PGAD_FORM_MASK) | (uint32_t)devhdl;
6648 		rval = mptsas_get_sas_expander_page0(mpt, page_address, &smp);
6649 		if (rval != DDI_SUCCESS) {
6650 			mptsas_log(mpt, CE_WARN, "failed to online smp, "
6651 			    "handle %x", devhdl);
6652 			return;
6653 		}
6654 
6655 		psmp = mptsas_smp_alloc(mpt, &smp);
6656 		if (psmp == NULL) {
6657 			return;
6658 		}
6659 
6660 		mutex_exit(&mpt->m_mutex);
6661 		ndi_devi_enter(parent, &circ1);
6662 		(void) mptsas_online_smp(parent, psmp, &smpdip);
6663 		ndi_devi_exit(parent, circ1);
6664 
6665 		mutex_enter(&mpt->m_mutex);
6666 		break;
6667 	}
6668 	case MPTSAS_DR_EVENT_OFFLINE_SMP:
6669 	{
6670 		devhdl = topo_node->devhdl;
6671 		uint32_t dev_info;
6672 
6673 		psmp = refhash_linear_search(mpt->m_smp_targets,
6674 		    mptsas_smp_eval_devhdl, &devhdl);
6675 		if (psmp == NULL)
6676 			break;
6677 		/*
6678 		 * The mptsas_smp_t data is released only if the dip is offlined
6679 		 * successfully.
6680 		 */
6681 		mutex_exit(&mpt->m_mutex);
6682 
6683 		ndi_devi_enter(parent, &circ1);
6684 		rval = mptsas_offline_smp(parent, psmp, NDI_DEVI_REMOVE);
6685 		ndi_devi_exit(parent, circ1);
6686 
6687 		dev_info = psmp->m_deviceinfo;
6688 		if ((dev_info & DEVINFO_DIRECT_ATTACHED) ==
6689 		    DEVINFO_DIRECT_ATTACHED) {
6690 			if (ddi_prop_update_int(DDI_DEV_T_NONE, parent,
6691 			    MPTSAS_VIRTUAL_PORT, 1) !=
6692 			    DDI_PROP_SUCCESS) {
6693 				(void) ddi_prop_remove(DDI_DEV_T_NONE, parent,
6694 				    MPTSAS_VIRTUAL_PORT);
6695 				mptsas_log(mpt, CE_WARN, "mptsas virtual port "
6696 				    "prop update failed");
6697 				return;
6698 			}
6699 			/*
6700 			 * Check whether the smp connected to the iport,
6701 			 */
6702 			if (ddi_prop_update_int(DDI_DEV_T_NONE, parent,
6703 			    MPTSAS_NUM_PHYS, 0) !=
6704 			    DDI_PROP_SUCCESS) {
6705 				(void) ddi_prop_remove(DDI_DEV_T_NONE, parent,
6706 				    MPTSAS_NUM_PHYS);
6707 				mptsas_log(mpt, CE_WARN, "mptsas num phys"
6708 				    "prop update failed");
6709 				return;
6710 			}
6711 			/*
6712 			 * Clear parent's attached-port props
6713 			 */
6714 			bzero(attached_wwnstr, sizeof (attached_wwnstr));
6715 			if (ddi_prop_update_string(DDI_DEV_T_NONE, parent,
6716 			    SCSI_ADDR_PROP_ATTACHED_PORT, attached_wwnstr) !=
6717 			    DDI_PROP_SUCCESS) {
6718 				(void) ddi_prop_remove(DDI_DEV_T_NONE, parent,
6719 				    SCSI_ADDR_PROP_ATTACHED_PORT);
6720 				mptsas_log(mpt, CE_WARN, "mptsas attached port "
6721 				    "prop update failed");
6722 				return;
6723 			}
6724 		}
6725 
6726 		mutex_enter(&mpt->m_mutex);
6727 		NDBG20(("mptsas%d handle_topo_change to remove devhdl:%x, "
6728 		    "rval:%x", mpt->m_instance, psmp->m_devhdl, rval));
6729 		if (rval == DDI_SUCCESS) {
6730 			refhash_remove(mpt->m_smp_targets, psmp);
6731 		} else {
6732 			psmp->m_devhdl = MPTSAS_INVALID_DEVHDL;
6733 		}
6734 
6735 		bzero(attached_wwnstr, sizeof (attached_wwnstr));
6736 
6737 		break;
6738 	}
6739 	default:
6740 		return;
6741 	}
6742 }
6743 
6744 /*
6745  * Record the event if its type is enabled in mpt instance by ioctl.
6746  */
6747 static void
6748 mptsas_record_event(void *args)
6749 {
6750 	m_replyh_arg_t			*replyh_arg;
6751 	pMpi2EventNotificationReply_t	eventreply;
6752 	uint32_t			event, rfm;
6753 	mptsas_t			*mpt;
6754 	int				i, j;
6755 	uint16_t			event_data_len;
6756 	boolean_t			sendAEN = FALSE;
6757 
6758 	replyh_arg = (m_replyh_arg_t *)args;
6759 	rfm = replyh_arg->rfm;
6760 	mpt = replyh_arg->mpt;
6761 
6762 	eventreply = (pMpi2EventNotificationReply_t)
6763 	    (mpt->m_reply_frame + (rfm -
6764 	    (mpt->m_reply_frame_dma_addr & 0xffffffffu)));
6765 	event = ddi_get16(mpt->m_acc_reply_frame_hdl, &eventreply->Event);
6766 
6767 
6768 	/*
6769 	 * Generate a system event to let anyone who cares know that a
6770 	 * LOG_ENTRY_ADDED event has occurred.  This is sent no matter what the
6771 	 * event mask is set to.
6772 	 */
6773 	if (event == MPI2_EVENT_LOG_ENTRY_ADDED) {
6774 		sendAEN = TRUE;
6775 	}
6776 
6777 	/*
6778 	 * Record the event only if it is not masked.  Determine which dword
6779 	 * and bit of event mask to test.
6780 	 */
6781 	i = (uint8_t)(event / 32);
6782 	j = (uint8_t)(event % 32);
6783 	if ((i < 4) && ((1 << j) & mpt->m_event_mask[i])) {
6784 		i = mpt->m_event_index;
6785 		mpt->m_events[i].Type = event;
6786 		mpt->m_events[i].Number = ++mpt->m_event_number;
6787 		bzero(mpt->m_events[i].Data, MPTSAS_MAX_EVENT_DATA_LENGTH * 4);
6788 		event_data_len = ddi_get16(mpt->m_acc_reply_frame_hdl,
6789 		    &eventreply->EventDataLength);
6790 
6791 		if (event_data_len > 0) {
6792 			/*
6793 			 * Limit data to size in m_event entry
6794 			 */
6795 			if (event_data_len > MPTSAS_MAX_EVENT_DATA_LENGTH) {
6796 				event_data_len = MPTSAS_MAX_EVENT_DATA_LENGTH;
6797 			}
6798 			for (j = 0; j < event_data_len; j++) {
6799 				mpt->m_events[i].Data[j] =
6800 				    ddi_get32(mpt->m_acc_reply_frame_hdl,
6801 				    &(eventreply->EventData[j]));
6802 			}
6803 
6804 			/*
6805 			 * check for index wrap-around
6806 			 */
6807 			if (++i == MPTSAS_EVENT_QUEUE_SIZE) {
6808 				i = 0;
6809 			}
6810 			mpt->m_event_index = (uint8_t)i;
6811 
6812 			/*
6813 			 * Set flag to send the event.
6814 			 */
6815 			sendAEN = TRUE;
6816 		}
6817 	}
6818 
6819 	/*
6820 	 * Generate a system event if flag is set to let anyone who cares know
6821 	 * that an event has occurred.
6822 	 */
6823 	if (sendAEN) {
6824 		(void) ddi_log_sysevent(mpt->m_dip, DDI_VENDOR_LSI, "MPT_SAS",
6825 		    "SAS", NULL, NULL, DDI_NOSLEEP);
6826 	}
6827 }
6828 
6829 #define	SMP_RESET_IN_PROGRESS MPI2_EVENT_SAS_TOPO_LR_SMP_RESET_IN_PROGRESS
6830 /*
6831  * handle sync events from ioc in interrupt
6832  * return value:
6833  * DDI_SUCCESS: The event is handled by this func
6834  * DDI_FAILURE: Event is not handled
6835  */
6836 static int
6837 mptsas_handle_event_sync(void *args)
6838 {
6839 	m_replyh_arg_t			*replyh_arg;
6840 	pMpi2EventNotificationReply_t	eventreply;
6841 	uint32_t			event, rfm;
6842 	mptsas_t			*mpt;
6843 	uint_t				iocstatus;
6844 
6845 	replyh_arg = (m_replyh_arg_t *)args;
6846 	rfm = replyh_arg->rfm;
6847 	mpt = replyh_arg->mpt;
6848 
6849 	ASSERT(mutex_owned(&mpt->m_mutex));
6850 
6851 	eventreply = (pMpi2EventNotificationReply_t)
6852 	    (mpt->m_reply_frame + (rfm -
6853 	    (mpt->m_reply_frame_dma_addr & 0xffffffffu)));
6854 	event = ddi_get16(mpt->m_acc_reply_frame_hdl, &eventreply->Event);
6855 
6856 	if (iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
6857 	    &eventreply->IOCStatus)) {
6858 		if (iocstatus == MPI2_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
6859 			mptsas_log(mpt, CE_WARN,
6860 			    "!mptsas_handle_event_sync: event 0x%x, "
6861 			    "IOCStatus=0x%x, "
6862 			    "IOCLogInfo=0x%x", event, iocstatus,
6863 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
6864 			    &eventreply->IOCLogInfo));
6865 		} else {
6866 			mptsas_log(mpt, CE_WARN,
6867 			    "mptsas_handle_event_sync: event 0x%x, "
6868 			    "IOCStatus=0x%x, "
6869 			    "(IOCLogInfo=0x%x)", event, iocstatus,
6870 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
6871 			    &eventreply->IOCLogInfo));
6872 		}
6873 	}
6874 
6875 	/*
6876 	 * figure out what kind of event we got and handle accordingly
6877 	 */
6878 	switch (event) {
6879 	case MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST:
6880 	{
6881 		pMpi2EventDataSasTopologyChangeList_t	sas_topo_change_list;
6882 		uint8_t				num_entries, expstatus, phy;
6883 		uint8_t				phystatus, physport, state, i;
6884 		uint8_t				start_phy_num, link_rate;
6885 		uint16_t			dev_handle, reason_code;
6886 		uint16_t			enc_handle, expd_handle;
6887 		char				string[80], curr[80], prev[80];
6888 		mptsas_topo_change_list_t	*topo_head = NULL;
6889 		mptsas_topo_change_list_t	*topo_tail = NULL;
6890 		mptsas_topo_change_list_t	*topo_node = NULL;
6891 		mptsas_target_t			*ptgt;
6892 		mptsas_smp_t			*psmp;
6893 		uint8_t				flags = 0, exp_flag;
6894 		smhba_info_t			*pSmhba = NULL;
6895 
6896 		NDBG20(("mptsas_handle_event_sync: SAS topology change"));
6897 
6898 		sas_topo_change_list = (pMpi2EventDataSasTopologyChangeList_t)
6899 		    eventreply->EventData;
6900 
6901 		enc_handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6902 		    &sas_topo_change_list->EnclosureHandle);
6903 		expd_handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6904 		    &sas_topo_change_list->ExpanderDevHandle);
6905 		num_entries = ddi_get8(mpt->m_acc_reply_frame_hdl,
6906 		    &sas_topo_change_list->NumEntries);
6907 		start_phy_num = ddi_get8(mpt->m_acc_reply_frame_hdl,
6908 		    &sas_topo_change_list->StartPhyNum);
6909 		expstatus = ddi_get8(mpt->m_acc_reply_frame_hdl,
6910 		    &sas_topo_change_list->ExpStatus);
6911 		physport = ddi_get8(mpt->m_acc_reply_frame_hdl,
6912 		    &sas_topo_change_list->PhysicalPort);
6913 
6914 		string[0] = 0;
6915 		if (expd_handle) {
6916 			flags = MPTSAS_TOPO_FLAG_EXPANDER_ASSOCIATED;
6917 			switch (expstatus) {
6918 			case MPI2_EVENT_SAS_TOPO_ES_ADDED:
6919 				(void) sprintf(string, " added");
6920 				/*
6921 				 * New expander device added
6922 				 */
6923 				mpt->m_port_chng = 1;
6924 				topo_node = kmem_zalloc(
6925 				    sizeof (mptsas_topo_change_list_t),
6926 				    KM_SLEEP);
6927 				topo_node->mpt = mpt;
6928 				topo_node->event = MPTSAS_DR_EVENT_RECONFIG_SMP;
6929 				topo_node->un.physport = physport;
6930 				topo_node->devhdl = expd_handle;
6931 				topo_node->flags = flags;
6932 				topo_node->object = NULL;
6933 				if (topo_head == NULL) {
6934 					topo_head = topo_tail = topo_node;
6935 				} else {
6936 					topo_tail->next = topo_node;
6937 					topo_tail = topo_node;
6938 				}
6939 				break;
6940 			case MPI2_EVENT_SAS_TOPO_ES_NOT_RESPONDING:
6941 				(void) sprintf(string, " not responding, "
6942 				    "removed");
6943 				psmp = refhash_linear_search(mpt->m_smp_targets,
6944 				    mptsas_smp_eval_devhdl, &expd_handle);
6945 				if (psmp == NULL)
6946 					break;
6947 
6948 				topo_node = kmem_zalloc(
6949 				    sizeof (mptsas_topo_change_list_t),
6950 				    KM_SLEEP);
6951 				topo_node->mpt = mpt;
6952 				topo_node->un.phymask =
6953 				    psmp->m_addr.mta_phymask;
6954 				topo_node->event = MPTSAS_DR_EVENT_OFFLINE_SMP;
6955 				topo_node->devhdl = expd_handle;
6956 				topo_node->flags = flags;
6957 				topo_node->object = NULL;
6958 				if (topo_head == NULL) {
6959 					topo_head = topo_tail = topo_node;
6960 				} else {
6961 					topo_tail->next = topo_node;
6962 					topo_tail = topo_node;
6963 				}
6964 				break;
6965 			case MPI2_EVENT_SAS_TOPO_ES_RESPONDING:
6966 				break;
6967 			case MPI2_EVENT_SAS_TOPO_ES_DELAY_NOT_RESPONDING:
6968 				(void) sprintf(string, " not responding, "
6969 				    "delaying removal");
6970 				break;
6971 			default:
6972 				break;
6973 			}
6974 		} else {
6975 			flags = MPTSAS_TOPO_FLAG_DIRECT_ATTACHED_DEVICE;
6976 		}
6977 
6978 		NDBG20(("SAS TOPOLOGY CHANGE for enclosure %x expander %x%s\n",
6979 		    enc_handle, expd_handle, string));
6980 		for (i = 0; i < num_entries; i++) {
6981 			phy = i + start_phy_num;
6982 			phystatus = ddi_get8(mpt->m_acc_reply_frame_hdl,
6983 			    &sas_topo_change_list->PHY[i].PhyStatus);
6984 			dev_handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
6985 			    &sas_topo_change_list->PHY[i].AttachedDevHandle);
6986 			reason_code = phystatus & MPI2_EVENT_SAS_TOPO_RC_MASK;
6987 			/*
6988 			 * Filter out processing of Phy Vacant Status unless
6989 			 * the reason code is "Not Responding".  Process all
6990 			 * other combinations of Phy Status and Reason Codes.
6991 			 */
6992 			if ((phystatus &
6993 			    MPI2_EVENT_SAS_TOPO_PHYSTATUS_VACANT) &&
6994 			    (reason_code !=
6995 			    MPI2_EVENT_SAS_TOPO_RC_TARG_NOT_RESPONDING)) {
6996 				continue;
6997 			}
6998 			curr[0] = 0;
6999 			prev[0] = 0;
7000 			string[0] = 0;
7001 			switch (reason_code) {
7002 			case MPI2_EVENT_SAS_TOPO_RC_TARG_ADDED:
7003 			{
7004 				NDBG20(("mptsas%d phy %d physical_port %d "
7005 				    "dev_handle %d added", mpt->m_instance, phy,
7006 				    physport, dev_handle));
7007 				link_rate = ddi_get8(mpt->m_acc_reply_frame_hdl,
7008 				    &sas_topo_change_list->PHY[i].LinkRate);
7009 				state = (link_rate &
7010 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_MASK) >>
7011 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_SHIFT;
7012 				switch (state) {
7013 				case MPI2_EVENT_SAS_TOPO_LR_PHY_DISABLED:
7014 					(void) sprintf(curr, "is disabled");
7015 					break;
7016 				case MPI2_EVENT_SAS_TOPO_LR_NEGOTIATION_FAILED:
7017 					(void) sprintf(curr, "is offline, "
7018 					    "failed speed negotiation");
7019 					break;
7020 				case MPI2_EVENT_SAS_TOPO_LR_SATA_OOB_COMPLETE:
7021 					(void) sprintf(curr, "SATA OOB "
7022 					    "complete");
7023 					break;
7024 				case SMP_RESET_IN_PROGRESS:
7025 					(void) sprintf(curr, "SMP reset in "
7026 					    "progress");
7027 					break;
7028 				case MPI2_EVENT_SAS_TOPO_LR_RATE_1_5:
7029 					(void) sprintf(curr, "is online at "
7030 					    "1.5 Gbps");
7031 					break;
7032 				case MPI2_EVENT_SAS_TOPO_LR_RATE_3_0:
7033 					(void) sprintf(curr, "is online at 3.0 "
7034 					    "Gbps");
7035 					break;
7036 				case MPI2_EVENT_SAS_TOPO_LR_RATE_6_0:
7037 					(void) sprintf(curr, "is online at 6.0 "
7038 					    "Gbps");
7039 					break;
7040 				case MPI25_EVENT_SAS_TOPO_LR_RATE_12_0:
7041 					(void) sprintf(curr,
7042 					    "is online at 12.0 Gbps");
7043 					break;
7044 				default:
7045 					(void) sprintf(curr, "state is "
7046 					    "unknown");
7047 					break;
7048 				}
7049 				/*
7050 				 * New target device added into the system.
7051 				 * Set association flag according to if an
7052 				 * expander is used or not.
7053 				 */
7054 				exp_flag =
7055 				    MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE;
7056 				if (flags ==
7057 				    MPTSAS_TOPO_FLAG_EXPANDER_ASSOCIATED) {
7058 					flags = exp_flag;
7059 				}
7060 				topo_node = kmem_zalloc(
7061 				    sizeof (mptsas_topo_change_list_t),
7062 				    KM_SLEEP);
7063 				topo_node->mpt = mpt;
7064 				topo_node->event =
7065 				    MPTSAS_DR_EVENT_RECONFIG_TARGET;
7066 				if (expd_handle == 0) {
7067 					/*
7068 					 * Per MPI 2, if expander dev handle
7069 					 * is 0, it's a directly attached
7070 					 * device. So driver use PHY to decide
7071 					 * which iport is associated
7072 					 */
7073 					physport = phy;
7074 					mpt->m_port_chng = 1;
7075 				}
7076 				topo_node->un.physport = physport;
7077 				topo_node->devhdl = dev_handle;
7078 				topo_node->flags = flags;
7079 				topo_node->object = NULL;
7080 				if (topo_head == NULL) {
7081 					topo_head = topo_tail = topo_node;
7082 				} else {
7083 					topo_tail->next = topo_node;
7084 					topo_tail = topo_node;
7085 				}
7086 				break;
7087 			}
7088 			case MPI2_EVENT_SAS_TOPO_RC_TARG_NOT_RESPONDING:
7089 			{
7090 				NDBG20(("mptsas%d phy %d physical_port %d "
7091 				    "dev_handle %d removed", mpt->m_instance,
7092 				    phy, physport, dev_handle));
7093 				/*
7094 				 * Set association flag according to if an
7095 				 * expander is used or not.
7096 				 */
7097 				exp_flag =
7098 				    MPTSAS_TOPO_FLAG_EXPANDER_ATTACHED_DEVICE;
7099 				if (flags ==
7100 				    MPTSAS_TOPO_FLAG_EXPANDER_ASSOCIATED) {
7101 					flags = exp_flag;
7102 				}
7103 				/*
7104 				 * Target device is removed from the system
7105 				 * Before the device is really offline from
7106 				 * from system.
7107 				 */
7108 				ptgt = refhash_linear_search(mpt->m_targets,
7109 				    mptsas_target_eval_devhdl, &dev_handle);
7110 				/*
7111 				 * If ptgt is NULL here, it means that the
7112 				 * DevHandle is not in the hash table.  This is
7113 				 * reasonable sometimes.  For example, if a
7114 				 * disk was pulled, then added, then pulled
7115 				 * again, the disk will not have been put into
7116 				 * the hash table because the add event will
7117 				 * have an invalid phymask.  BUT, this does not
7118 				 * mean that the DevHandle is invalid.  The
7119 				 * controller will still have a valid DevHandle
7120 				 * that must be removed.  To do this, use the
7121 				 * MPTSAS_TOPO_FLAG_REMOVE_HANDLE event.
7122 				 */
7123 				if (ptgt == NULL) {
7124 					topo_node = kmem_zalloc(
7125 					    sizeof (mptsas_topo_change_list_t),
7126 					    KM_SLEEP);
7127 					topo_node->mpt = mpt;
7128 					topo_node->un.phymask = 0;
7129 					topo_node->event =
7130 					    MPTSAS_TOPO_FLAG_REMOVE_HANDLE;
7131 					topo_node->devhdl = dev_handle;
7132 					topo_node->flags = flags;
7133 					topo_node->object = NULL;
7134 					if (topo_head == NULL) {
7135 						topo_head = topo_tail =
7136 						    topo_node;
7137 					} else {
7138 						topo_tail->next = topo_node;
7139 						topo_tail = topo_node;
7140 					}
7141 					break;
7142 				}
7143 
7144 				/*
7145 				 * Update DR flag immediately avoid I/O failure
7146 				 * before failover finish. Pay attention to the
7147 				 * mutex protect, we need grab m_tx_waitq_mutex
7148 				 * during set m_dr_flag because we won't add
7149 				 * the following command into waitq, instead,
7150 				 * we need return TRAN_BUSY in the tran_start
7151 				 * context.
7152 				 */
7153 				mutex_enter(&mpt->m_tx_waitq_mutex);
7154 				ptgt->m_dr_flag = MPTSAS_DR_INTRANSITION;
7155 				mutex_exit(&mpt->m_tx_waitq_mutex);
7156 
7157 				topo_node = kmem_zalloc(
7158 				    sizeof (mptsas_topo_change_list_t),
7159 				    KM_SLEEP);
7160 				topo_node->mpt = mpt;
7161 				topo_node->un.phymask =
7162 				    ptgt->m_addr.mta_phymask;
7163 				topo_node->event =
7164 				    MPTSAS_DR_EVENT_OFFLINE_TARGET;
7165 				topo_node->devhdl = dev_handle;
7166 				topo_node->flags = flags;
7167 				topo_node->object = NULL;
7168 				if (topo_head == NULL) {
7169 					topo_head = topo_tail = topo_node;
7170 				} else {
7171 					topo_tail->next = topo_node;
7172 					topo_tail = topo_node;
7173 				}
7174 				break;
7175 			}
7176 			case MPI2_EVENT_SAS_TOPO_RC_PHY_CHANGED:
7177 				link_rate = ddi_get8(mpt->m_acc_reply_frame_hdl,
7178 				    &sas_topo_change_list->PHY[i].LinkRate);
7179 				state = (link_rate &
7180 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_MASK) >>
7181 				    MPI2_EVENT_SAS_TOPO_LR_CURRENT_SHIFT;
7182 				pSmhba = &mpt->m_phy_info[i].smhba_info;
7183 				pSmhba->negotiated_link_rate = state;
7184 				switch (state) {
7185 				case MPI2_EVENT_SAS_TOPO_LR_PHY_DISABLED:
7186 					(void) sprintf(curr, "is disabled");
7187 					mptsas_smhba_log_sysevent(mpt,
7188 					    ESC_SAS_PHY_EVENT,
7189 					    SAS_PHY_REMOVE,
7190 					    &mpt->m_phy_info[i].smhba_info);
7191 					mpt->m_phy_info[i].smhba_info.
7192 					    negotiated_link_rate
7193 					    = 0x1;
7194 					break;
7195 				case MPI2_EVENT_SAS_TOPO_LR_NEGOTIATION_FAILED:
7196 					(void) sprintf(curr, "is offline, "
7197 					    "failed speed negotiation");
7198 					mptsas_smhba_log_sysevent(mpt,
7199 					    ESC_SAS_PHY_EVENT,
7200 					    SAS_PHY_OFFLINE,
7201 					    &mpt->m_phy_info[i].smhba_info);
7202 					break;
7203 				case MPI2_EVENT_SAS_TOPO_LR_SATA_OOB_COMPLETE:
7204 					(void) sprintf(curr, "SATA OOB "
7205 					    "complete");
7206 					break;
7207 				case SMP_RESET_IN_PROGRESS:
7208 					(void) sprintf(curr, "SMP reset in "
7209 					    "progress");
7210 					break;
7211 				case MPI2_EVENT_SAS_TOPO_LR_RATE_1_5:
7212 					(void) sprintf(curr, "is online at "
7213 					    "1.5 Gbps");
7214 					if ((expd_handle == 0) &&
7215 					    (enc_handle == 1)) {
7216 						mpt->m_port_chng = 1;
7217 					}
7218 					mptsas_smhba_log_sysevent(mpt,
7219 					    ESC_SAS_PHY_EVENT,
7220 					    SAS_PHY_ONLINE,
7221 					    &mpt->m_phy_info[i].smhba_info);
7222 					break;
7223 				case MPI2_EVENT_SAS_TOPO_LR_RATE_3_0:
7224 					(void) sprintf(curr, "is online at 3.0 "
7225 					    "Gbps");
7226 					if ((expd_handle == 0) &&
7227 					    (enc_handle == 1)) {
7228 						mpt->m_port_chng = 1;
7229 					}
7230 					mptsas_smhba_log_sysevent(mpt,
7231 					    ESC_SAS_PHY_EVENT,
7232 					    SAS_PHY_ONLINE,
7233 					    &mpt->m_phy_info[i].smhba_info);
7234 					break;
7235 				case MPI2_EVENT_SAS_TOPO_LR_RATE_6_0:
7236 					(void) sprintf(curr, "is online at "
7237 					    "6.0 Gbps");
7238 					if ((expd_handle == 0) &&
7239 					    (enc_handle == 1)) {
7240 						mpt->m_port_chng = 1;
7241 					}
7242 					mptsas_smhba_log_sysevent(mpt,
7243 					    ESC_SAS_PHY_EVENT,
7244 					    SAS_PHY_ONLINE,
7245 					    &mpt->m_phy_info[i].smhba_info);
7246 					break;
7247 				case MPI25_EVENT_SAS_TOPO_LR_RATE_12_0:
7248 					(void) sprintf(curr, "is online at "
7249 					    "12.0 Gbps");
7250 					if ((expd_handle == 0) &&
7251 					    (enc_handle == 1)) {
7252 						mpt->m_port_chng = 1;
7253 					}
7254 					mptsas_smhba_log_sysevent(mpt,
7255 					    ESC_SAS_PHY_EVENT,
7256 					    SAS_PHY_ONLINE,
7257 					    &mpt->m_phy_info[i].smhba_info);
7258 					break;
7259 				default:
7260 					(void) sprintf(curr, "state is "
7261 					    "unknown");
7262 					break;
7263 				}
7264 
7265 				state = (link_rate &
7266 				    MPI2_EVENT_SAS_TOPO_LR_PREV_MASK) >>
7267 				    MPI2_EVENT_SAS_TOPO_LR_PREV_SHIFT;
7268 				switch (state) {
7269 				case MPI2_EVENT_SAS_TOPO_LR_PHY_DISABLED:
7270 					(void) sprintf(prev, ", was disabled");
7271 					break;
7272 				case MPI2_EVENT_SAS_TOPO_LR_NEGOTIATION_FAILED:
7273 					(void) sprintf(prev, ", was offline, "
7274 					    "failed speed negotiation");
7275 					break;
7276 				case MPI2_EVENT_SAS_TOPO_LR_SATA_OOB_COMPLETE:
7277 					(void) sprintf(prev, ", was SATA OOB "
7278 					    "complete");
7279 					break;
7280 				case SMP_RESET_IN_PROGRESS:
7281 					(void) sprintf(prev, ", was SMP reset "
7282 					    "in progress");
7283 					break;
7284 				case MPI2_EVENT_SAS_TOPO_LR_RATE_1_5:
7285 					(void) sprintf(prev, ", was online at "
7286 					    "1.5 Gbps");
7287 					break;
7288 				case MPI2_EVENT_SAS_TOPO_LR_RATE_3_0:
7289 					(void) sprintf(prev, ", was online at "
7290 					    "3.0 Gbps");
7291 					break;
7292 				case MPI2_EVENT_SAS_TOPO_LR_RATE_6_0:
7293 					(void) sprintf(prev, ", was online at "
7294 					    "6.0 Gbps");
7295 					break;
7296 				case MPI25_EVENT_SAS_TOPO_LR_RATE_12_0:
7297 					(void) sprintf(prev, ", was online at "
7298 					    "12.0 Gbps");
7299 					break;
7300 				default:
7301 				break;
7302 				}
7303 				(void) sprintf(&string[strlen(string)], "link "
7304 				    "changed, ");
7305 				break;
7306 			case MPI2_EVENT_SAS_TOPO_RC_NO_CHANGE:
7307 				continue;
7308 			case MPI2_EVENT_SAS_TOPO_RC_DELAY_NOT_RESPONDING:
7309 				(void) sprintf(&string[strlen(string)],
7310 				    "target not responding, delaying "
7311 				    "removal");
7312 				break;
7313 			}
7314 			NDBG20(("mptsas%d phy %d DevHandle %x, %s%s%s\n",
7315 			    mpt->m_instance, phy, dev_handle, string, curr,
7316 			    prev));
7317 		}
7318 		if (topo_head != NULL) {
7319 			/*
7320 			 * Launch DR taskq to handle topology change
7321 			 */
7322 			if ((ddi_taskq_dispatch(mpt->m_dr_taskq,
7323 			    mptsas_handle_dr, (void *)topo_head,
7324 			    DDI_NOSLEEP)) != DDI_SUCCESS) {
7325 				while (topo_head != NULL) {
7326 					topo_node = topo_head;
7327 					topo_head = topo_head->next;
7328 					kmem_free(topo_node,
7329 					    sizeof (mptsas_topo_change_list_t));
7330 				}
7331 				mptsas_log(mpt, CE_NOTE, "mptsas start taskq "
7332 				    "for handle SAS DR event failed. \n");
7333 			}
7334 		}
7335 		break;
7336 	}
7337 	case MPI2_EVENT_IR_CONFIGURATION_CHANGE_LIST:
7338 	{
7339 		Mpi2EventDataIrConfigChangeList_t	*irChangeList;
7340 		mptsas_topo_change_list_t		*topo_head = NULL;
7341 		mptsas_topo_change_list_t		*topo_tail = NULL;
7342 		mptsas_topo_change_list_t		*topo_node = NULL;
7343 		mptsas_target_t				*ptgt;
7344 		uint8_t					num_entries, i, reason;
7345 		uint16_t				volhandle, diskhandle;
7346 
7347 		irChangeList = (pMpi2EventDataIrConfigChangeList_t)
7348 		    eventreply->EventData;
7349 		num_entries = ddi_get8(mpt->m_acc_reply_frame_hdl,
7350 		    &irChangeList->NumElements);
7351 
7352 		NDBG20(("mptsas%d IR_CONFIGURATION_CHANGE_LIST event received",
7353 		    mpt->m_instance));
7354 
7355 		for (i = 0; i < num_entries; i++) {
7356 			reason = ddi_get8(mpt->m_acc_reply_frame_hdl,
7357 			    &irChangeList->ConfigElement[i].ReasonCode);
7358 			volhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7359 			    &irChangeList->ConfigElement[i].VolDevHandle);
7360 			diskhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7361 			    &irChangeList->ConfigElement[i].PhysDiskDevHandle);
7362 
7363 			switch (reason) {
7364 			case MPI2_EVENT_IR_CHANGE_RC_ADDED:
7365 			case MPI2_EVENT_IR_CHANGE_RC_VOLUME_CREATED:
7366 			{
7367 				NDBG20(("mptsas %d volume added\n",
7368 				    mpt->m_instance));
7369 
7370 				topo_node = kmem_zalloc(
7371 				    sizeof (mptsas_topo_change_list_t),
7372 				    KM_SLEEP);
7373 
7374 				topo_node->mpt = mpt;
7375 				topo_node->event =
7376 				    MPTSAS_DR_EVENT_RECONFIG_TARGET;
7377 				topo_node->un.physport = 0xff;
7378 				topo_node->devhdl = volhandle;
7379 				topo_node->flags =
7380 				    MPTSAS_TOPO_FLAG_RAID_ASSOCIATED;
7381 				topo_node->object = NULL;
7382 				if (topo_head == NULL) {
7383 					topo_head = topo_tail = topo_node;
7384 				} else {
7385 					topo_tail->next = topo_node;
7386 					topo_tail = topo_node;
7387 				}
7388 				break;
7389 			}
7390 			case MPI2_EVENT_IR_CHANGE_RC_REMOVED:
7391 			case MPI2_EVENT_IR_CHANGE_RC_VOLUME_DELETED:
7392 			{
7393 				NDBG20(("mptsas %d volume deleted\n",
7394 				    mpt->m_instance));
7395 				ptgt = refhash_linear_search(mpt->m_targets,
7396 				    mptsas_target_eval_devhdl, &volhandle);
7397 				if (ptgt == NULL)
7398 					break;
7399 
7400 				/*
7401 				 * Clear any flags related to volume
7402 				 */
7403 				(void) mptsas_delete_volume(mpt, volhandle);
7404 
7405 				/*
7406 				 * Update DR flag immediately avoid I/O failure
7407 				 */
7408 				mutex_enter(&mpt->m_tx_waitq_mutex);
7409 				ptgt->m_dr_flag = MPTSAS_DR_INTRANSITION;
7410 				mutex_exit(&mpt->m_tx_waitq_mutex);
7411 
7412 				topo_node = kmem_zalloc(
7413 				    sizeof (mptsas_topo_change_list_t),
7414 				    KM_SLEEP);
7415 				topo_node->mpt = mpt;
7416 				topo_node->un.phymask =
7417 				    ptgt->m_addr.mta_phymask;
7418 				topo_node->event =
7419 				    MPTSAS_DR_EVENT_OFFLINE_TARGET;
7420 				topo_node->devhdl = volhandle;
7421 				topo_node->flags =
7422 				    MPTSAS_TOPO_FLAG_RAID_ASSOCIATED;
7423 				topo_node->object = (void *)ptgt;
7424 				if (topo_head == NULL) {
7425 					topo_head = topo_tail = topo_node;
7426 				} else {
7427 					topo_tail->next = topo_node;
7428 					topo_tail = topo_node;
7429 				}
7430 				break;
7431 			}
7432 			case MPI2_EVENT_IR_CHANGE_RC_PD_CREATED:
7433 			case MPI2_EVENT_IR_CHANGE_RC_HIDE:
7434 			{
7435 				ptgt = refhash_linear_search(mpt->m_targets,
7436 				    mptsas_target_eval_devhdl, &diskhandle);
7437 				if (ptgt == NULL)
7438 					break;
7439 
7440 				/*
7441 				 * Update DR flag immediately avoid I/O failure
7442 				 */
7443 				mutex_enter(&mpt->m_tx_waitq_mutex);
7444 				ptgt->m_dr_flag = MPTSAS_DR_INTRANSITION;
7445 				mutex_exit(&mpt->m_tx_waitq_mutex);
7446 
7447 				topo_node = kmem_zalloc(
7448 				    sizeof (mptsas_topo_change_list_t),
7449 				    KM_SLEEP);
7450 				topo_node->mpt = mpt;
7451 				topo_node->un.phymask =
7452 				    ptgt->m_addr.mta_phymask;
7453 				topo_node->event =
7454 				    MPTSAS_DR_EVENT_OFFLINE_TARGET;
7455 				topo_node->devhdl = diskhandle;
7456 				topo_node->flags =
7457 				    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED;
7458 				topo_node->object = (void *)ptgt;
7459 				if (topo_head == NULL) {
7460 					topo_head = topo_tail = topo_node;
7461 				} else {
7462 					topo_tail->next = topo_node;
7463 					topo_tail = topo_node;
7464 				}
7465 				break;
7466 			}
7467 			case MPI2_EVENT_IR_CHANGE_RC_UNHIDE:
7468 			case MPI2_EVENT_IR_CHANGE_RC_PD_DELETED:
7469 			{
7470 				/*
7471 				 * The physical drive is released by a IR
7472 				 * volume. But we cannot get the the physport
7473 				 * or phynum from the event data, so we only
7474 				 * can get the physport/phynum after SAS
7475 				 * Device Page0 request for the devhdl.
7476 				 */
7477 				topo_node = kmem_zalloc(
7478 				    sizeof (mptsas_topo_change_list_t),
7479 				    KM_SLEEP);
7480 				topo_node->mpt = mpt;
7481 				topo_node->un.phymask = 0;
7482 				topo_node->event =
7483 				    MPTSAS_DR_EVENT_RECONFIG_TARGET;
7484 				topo_node->devhdl = diskhandle;
7485 				topo_node->flags =
7486 				    MPTSAS_TOPO_FLAG_RAID_PHYSDRV_ASSOCIATED;
7487 				topo_node->object = NULL;
7488 				mpt->m_port_chng = 1;
7489 				if (topo_head == NULL) {
7490 					topo_head = topo_tail = topo_node;
7491 				} else {
7492 					topo_tail->next = topo_node;
7493 					topo_tail = topo_node;
7494 				}
7495 				break;
7496 			}
7497 			default:
7498 				break;
7499 			}
7500 		}
7501 
7502 		if (topo_head != NULL) {
7503 			/*
7504 			 * Launch DR taskq to handle topology change
7505 			 */
7506 			if ((ddi_taskq_dispatch(mpt->m_dr_taskq,
7507 			    mptsas_handle_dr, (void *)topo_head,
7508 			    DDI_NOSLEEP)) != DDI_SUCCESS) {
7509 				while (topo_head != NULL) {
7510 					topo_node = topo_head;
7511 					topo_head = topo_head->next;
7512 					kmem_free(topo_node,
7513 					    sizeof (mptsas_topo_change_list_t));
7514 				}
7515 				mptsas_log(mpt, CE_NOTE, "mptsas start taskq "
7516 				    "for handle SAS DR event failed. \n");
7517 			}
7518 		}
7519 		break;
7520 	}
7521 	default:
7522 		return (DDI_FAILURE);
7523 	}
7524 
7525 	return (DDI_SUCCESS);
7526 }
7527 
7528 /*
7529  * handle events from ioc
7530  */
7531 static void
7532 mptsas_handle_event(void *args)
7533 {
7534 	m_replyh_arg_t			*replyh_arg;
7535 	pMpi2EventNotificationReply_t	eventreply;
7536 	uint32_t			event, iocloginfo, rfm;
7537 	uint32_t			status;
7538 	uint8_t				port;
7539 	mptsas_t			*mpt;
7540 	uint_t				iocstatus;
7541 
7542 	replyh_arg = (m_replyh_arg_t *)args;
7543 	rfm = replyh_arg->rfm;
7544 	mpt = replyh_arg->mpt;
7545 
7546 	mutex_enter(&mpt->m_mutex);
7547 	/*
7548 	 * If HBA is being reset, drop incoming event.
7549 	 */
7550 	if (mpt->m_in_reset) {
7551 		NDBG20(("dropping event received prior to reset"));
7552 		mutex_exit(&mpt->m_mutex);
7553 		return;
7554 	}
7555 
7556 	eventreply = (pMpi2EventNotificationReply_t)
7557 	    (mpt->m_reply_frame + (rfm -
7558 	    (mpt->m_reply_frame_dma_addr & 0xffffffffu)));
7559 	event = ddi_get16(mpt->m_acc_reply_frame_hdl, &eventreply->Event);
7560 
7561 	if (iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
7562 	    &eventreply->IOCStatus)) {
7563 		if (iocstatus == MPI2_IOCSTATUS_FLAG_LOG_INFO_AVAILABLE) {
7564 			mptsas_log(mpt, CE_WARN,
7565 			    "!mptsas_handle_event: IOCStatus=0x%x, "
7566 			    "IOCLogInfo=0x%x", iocstatus,
7567 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
7568 			    &eventreply->IOCLogInfo));
7569 		} else {
7570 			mptsas_log(mpt, CE_WARN,
7571 			    "mptsas_handle_event: IOCStatus=0x%x, "
7572 			    "IOCLogInfo=0x%x", iocstatus,
7573 			    ddi_get32(mpt->m_acc_reply_frame_hdl,
7574 			    &eventreply->IOCLogInfo));
7575 		}
7576 	}
7577 
7578 	/*
7579 	 * figure out what kind of event we got and handle accordingly
7580 	 */
7581 	switch (event) {
7582 	case MPI2_EVENT_LOG_ENTRY_ADDED:
7583 		break;
7584 	case MPI2_EVENT_LOG_DATA:
7585 		iocloginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
7586 		    &eventreply->IOCLogInfo);
7587 		NDBG20(("mptsas %d log info %x received.\n", mpt->m_instance,
7588 		    iocloginfo));
7589 		break;
7590 	case MPI2_EVENT_STATE_CHANGE:
7591 		NDBG20(("mptsas%d state change.", mpt->m_instance));
7592 		break;
7593 	case MPI2_EVENT_HARD_RESET_RECEIVED:
7594 		NDBG20(("mptsas%d event change.", mpt->m_instance));
7595 		break;
7596 	case MPI2_EVENT_SAS_DISCOVERY:
7597 	{
7598 		MPI2_EVENT_DATA_SAS_DISCOVERY	*sasdiscovery;
7599 		char				string[80];
7600 		uint8_t				rc;
7601 
7602 		sasdiscovery =
7603 		    (pMpi2EventDataSasDiscovery_t)eventreply->EventData;
7604 
7605 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
7606 		    &sasdiscovery->ReasonCode);
7607 		port = ddi_get8(mpt->m_acc_reply_frame_hdl,
7608 		    &sasdiscovery->PhysicalPort);
7609 		status = ddi_get32(mpt->m_acc_reply_frame_hdl,
7610 		    &sasdiscovery->DiscoveryStatus);
7611 
7612 		string[0] = 0;
7613 		switch (rc) {
7614 		case MPI2_EVENT_SAS_DISC_RC_STARTED:
7615 			(void) sprintf(string, "STARTING");
7616 			break;
7617 		case MPI2_EVENT_SAS_DISC_RC_COMPLETED:
7618 			(void) sprintf(string, "COMPLETED");
7619 			break;
7620 		default:
7621 			(void) sprintf(string, "UNKNOWN");
7622 			break;
7623 		}
7624 
7625 		NDBG20(("SAS DISCOVERY is %s for port %d, status %x", string,
7626 		    port, status));
7627 
7628 		break;
7629 	}
7630 	case MPI2_EVENT_EVENT_CHANGE:
7631 		NDBG20(("mptsas%d event change.", mpt->m_instance));
7632 		break;
7633 	case MPI2_EVENT_TASK_SET_FULL:
7634 	{
7635 		pMpi2EventDataTaskSetFull_t	taskfull;
7636 
7637 		taskfull = (pMpi2EventDataTaskSetFull_t)eventreply->EventData;
7638 
7639 		NDBG20(("TASK_SET_FULL received for mptsas%d, depth %d\n",
7640 		    mpt->m_instance,  ddi_get16(mpt->m_acc_reply_frame_hdl,
7641 		    &taskfull->CurrentDepth)));
7642 		break;
7643 	}
7644 	case MPI2_EVENT_SAS_TOPOLOGY_CHANGE_LIST:
7645 	{
7646 		/*
7647 		 * SAS TOPOLOGY CHANGE LIST Event has already been handled
7648 		 * in mptsas_handle_event_sync() of interrupt context
7649 		 */
7650 		break;
7651 	}
7652 	case MPI2_EVENT_SAS_ENCL_DEVICE_STATUS_CHANGE:
7653 	{
7654 		pMpi2EventDataSasEnclDevStatusChange_t	encstatus;
7655 		uint8_t					rc;
7656 		char					string[80];
7657 
7658 		encstatus = (pMpi2EventDataSasEnclDevStatusChange_t)
7659 		    eventreply->EventData;
7660 
7661 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
7662 		    &encstatus->ReasonCode);
7663 		switch (rc) {
7664 		case MPI2_EVENT_SAS_ENCL_RC_ADDED:
7665 			(void) sprintf(string, "added");
7666 			break;
7667 		case MPI2_EVENT_SAS_ENCL_RC_NOT_RESPONDING:
7668 			(void) sprintf(string, ", not responding");
7669 			break;
7670 		default:
7671 		break;
7672 		}
7673 		NDBG20(("mptsas%d ENCLOSURE STATUS CHANGE for enclosure "
7674 		    "%x%s\n", mpt->m_instance,
7675 		    ddi_get16(mpt->m_acc_reply_frame_hdl,
7676 		    &encstatus->EnclosureHandle), string));
7677 		break;
7678 	}
7679 
7680 	/*
7681 	 * MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE is handled by
7682 	 * mptsas_handle_event_sync,in here just send ack message.
7683 	 */
7684 	case MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE:
7685 	{
7686 		pMpi2EventDataSasDeviceStatusChange_t	statuschange;
7687 		uint8_t					rc;
7688 		uint16_t				devhdl;
7689 		uint64_t				wwn = 0;
7690 		uint32_t				wwn_lo, wwn_hi;
7691 
7692 		statuschange = (pMpi2EventDataSasDeviceStatusChange_t)
7693 		    eventreply->EventData;
7694 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
7695 		    &statuschange->ReasonCode);
7696 		wwn_lo = ddi_get32(mpt->m_acc_reply_frame_hdl,
7697 		    (uint32_t *)(void *)&statuschange->SASAddress);
7698 		wwn_hi = ddi_get32(mpt->m_acc_reply_frame_hdl,
7699 		    (uint32_t *)(void *)&statuschange->SASAddress + 1);
7700 		wwn = ((uint64_t)wwn_hi << 32) | wwn_lo;
7701 		devhdl =  ddi_get16(mpt->m_acc_reply_frame_hdl,
7702 		    &statuschange->DevHandle);
7703 
7704 		NDBG13(("MPI2_EVENT_SAS_DEVICE_STATUS_CHANGE wwn is %"PRIx64,
7705 		    wwn));
7706 
7707 		switch (rc) {
7708 		case MPI2_EVENT_SAS_DEV_STAT_RC_SMART_DATA:
7709 			NDBG20(("SMART data received, ASC/ASCQ = %02x/%02x",
7710 			    ddi_get8(mpt->m_acc_reply_frame_hdl,
7711 			    &statuschange->ASC),
7712 			    ddi_get8(mpt->m_acc_reply_frame_hdl,
7713 			    &statuschange->ASCQ)));
7714 			break;
7715 
7716 		case MPI2_EVENT_SAS_DEV_STAT_RC_UNSUPPORTED:
7717 			NDBG20(("Device not supported"));
7718 			break;
7719 
7720 		case MPI2_EVENT_SAS_DEV_STAT_RC_INTERNAL_DEVICE_RESET:
7721 			NDBG20(("IOC internally generated the Target Reset "
7722 			    "for devhdl:%x", devhdl));
7723 			break;
7724 
7725 		case MPI2_EVENT_SAS_DEV_STAT_RC_CMP_INTERNAL_DEV_RESET:
7726 			NDBG20(("IOC's internally generated Target Reset "
7727 			    "completed for devhdl:%x", devhdl));
7728 			break;
7729 
7730 		case MPI2_EVENT_SAS_DEV_STAT_RC_TASK_ABORT_INTERNAL:
7731 			NDBG20(("IOC internally generated Abort Task"));
7732 			break;
7733 
7734 		case MPI2_EVENT_SAS_DEV_STAT_RC_CMP_TASK_ABORT_INTERNAL:
7735 			NDBG20(("IOC's internally generated Abort Task "
7736 			    "completed"));
7737 			break;
7738 
7739 		case MPI2_EVENT_SAS_DEV_STAT_RC_ABORT_TASK_SET_INTERNAL:
7740 			NDBG20(("IOC internally generated Abort Task Set"));
7741 			break;
7742 
7743 		case MPI2_EVENT_SAS_DEV_STAT_RC_CLEAR_TASK_SET_INTERNAL:
7744 			NDBG20(("IOC internally generated Clear Task Set"));
7745 			break;
7746 
7747 		case MPI2_EVENT_SAS_DEV_STAT_RC_QUERY_TASK_INTERNAL:
7748 			NDBG20(("IOC internally generated Query Task"));
7749 			break;
7750 
7751 		case MPI2_EVENT_SAS_DEV_STAT_RC_ASYNC_NOTIFICATION:
7752 			NDBG20(("Device sent an Asynchronous Notification"));
7753 			break;
7754 
7755 		default:
7756 			break;
7757 		}
7758 		break;
7759 	}
7760 	case MPI2_EVENT_IR_CONFIGURATION_CHANGE_LIST:
7761 	{
7762 		/*
7763 		 * IR TOPOLOGY CHANGE LIST Event has already been handled
7764 		 * in mpt_handle_event_sync() of interrupt context
7765 		 */
7766 		break;
7767 	}
7768 	case MPI2_EVENT_IR_OPERATION_STATUS:
7769 	{
7770 		Mpi2EventDataIrOperationStatus_t	*irOpStatus;
7771 		char					reason_str[80];
7772 		uint8_t					rc, percent;
7773 		uint16_t				handle;
7774 
7775 		irOpStatus = (pMpi2EventDataIrOperationStatus_t)
7776 		    eventreply->EventData;
7777 		rc = ddi_get8(mpt->m_acc_reply_frame_hdl,
7778 		    &irOpStatus->RAIDOperation);
7779 		percent = ddi_get8(mpt->m_acc_reply_frame_hdl,
7780 		    &irOpStatus->PercentComplete);
7781 		handle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7782 		    &irOpStatus->VolDevHandle);
7783 
7784 		switch (rc) {
7785 			case MPI2_EVENT_IR_RAIDOP_RESYNC:
7786 				(void) sprintf(reason_str, "resync");
7787 				break;
7788 			case MPI2_EVENT_IR_RAIDOP_ONLINE_CAP_EXPANSION:
7789 				(void) sprintf(reason_str, "online capacity "
7790 				    "expansion");
7791 				break;
7792 			case MPI2_EVENT_IR_RAIDOP_CONSISTENCY_CHECK:
7793 				(void) sprintf(reason_str, "consistency check");
7794 				break;
7795 			default:
7796 				(void) sprintf(reason_str, "unknown reason %x",
7797 				    rc);
7798 		}
7799 
7800 		NDBG20(("mptsas%d raid operational status: (%s)"
7801 		    "\thandle(0x%04x), percent complete(%d)\n",
7802 		    mpt->m_instance, reason_str, handle, percent));
7803 		break;
7804 	}
7805 	case MPI2_EVENT_SAS_BROADCAST_PRIMITIVE:
7806 	{
7807 		pMpi2EventDataSasBroadcastPrimitive_t	sas_broadcast;
7808 		uint8_t					phy_num;
7809 		uint8_t					primitive;
7810 
7811 		sas_broadcast = (pMpi2EventDataSasBroadcastPrimitive_t)
7812 		    eventreply->EventData;
7813 
7814 		phy_num = ddi_get8(mpt->m_acc_reply_frame_hdl,
7815 		    &sas_broadcast->PhyNum);
7816 		primitive = ddi_get8(mpt->m_acc_reply_frame_hdl,
7817 		    &sas_broadcast->Primitive);
7818 
7819 		switch (primitive) {
7820 		case MPI2_EVENT_PRIMITIVE_CHANGE:
7821 			mptsas_smhba_log_sysevent(mpt,
7822 			    ESC_SAS_HBA_PORT_BROADCAST,
7823 			    SAS_PORT_BROADCAST_CHANGE,
7824 			    &mpt->m_phy_info[phy_num].smhba_info);
7825 			break;
7826 		case MPI2_EVENT_PRIMITIVE_SES:
7827 			mptsas_smhba_log_sysevent(mpt,
7828 			    ESC_SAS_HBA_PORT_BROADCAST,
7829 			    SAS_PORT_BROADCAST_SES,
7830 			    &mpt->m_phy_info[phy_num].smhba_info);
7831 			break;
7832 		case MPI2_EVENT_PRIMITIVE_EXPANDER:
7833 			mptsas_smhba_log_sysevent(mpt,
7834 			    ESC_SAS_HBA_PORT_BROADCAST,
7835 			    SAS_PORT_BROADCAST_D01_4,
7836 			    &mpt->m_phy_info[phy_num].smhba_info);
7837 			break;
7838 		case MPI2_EVENT_PRIMITIVE_ASYNCHRONOUS_EVENT:
7839 			mptsas_smhba_log_sysevent(mpt,
7840 			    ESC_SAS_HBA_PORT_BROADCAST,
7841 			    SAS_PORT_BROADCAST_D04_7,
7842 			    &mpt->m_phy_info[phy_num].smhba_info);
7843 			break;
7844 		case MPI2_EVENT_PRIMITIVE_RESERVED3:
7845 			mptsas_smhba_log_sysevent(mpt,
7846 			    ESC_SAS_HBA_PORT_BROADCAST,
7847 			    SAS_PORT_BROADCAST_D16_7,
7848 			    &mpt->m_phy_info[phy_num].smhba_info);
7849 			break;
7850 		case MPI2_EVENT_PRIMITIVE_RESERVED4:
7851 			mptsas_smhba_log_sysevent(mpt,
7852 			    ESC_SAS_HBA_PORT_BROADCAST,
7853 			    SAS_PORT_BROADCAST_D29_7,
7854 			    &mpt->m_phy_info[phy_num].smhba_info);
7855 			break;
7856 		case MPI2_EVENT_PRIMITIVE_CHANGE0_RESERVED:
7857 			mptsas_smhba_log_sysevent(mpt,
7858 			    ESC_SAS_HBA_PORT_BROADCAST,
7859 			    SAS_PORT_BROADCAST_D24_0,
7860 			    &mpt->m_phy_info[phy_num].smhba_info);
7861 			break;
7862 		case MPI2_EVENT_PRIMITIVE_CHANGE1_RESERVED:
7863 			mptsas_smhba_log_sysevent(mpt,
7864 			    ESC_SAS_HBA_PORT_BROADCAST,
7865 			    SAS_PORT_BROADCAST_D27_4,
7866 			    &mpt->m_phy_info[phy_num].smhba_info);
7867 			break;
7868 		default:
7869 			NDBG16(("mptsas%d: unknown BROADCAST PRIMITIVE"
7870 			    " %x received",
7871 			    mpt->m_instance, primitive));
7872 			break;
7873 		}
7874 		NDBG16(("mptsas%d sas broadcast primitive: "
7875 		    "\tprimitive(0x%04x), phy(%d) complete\n",
7876 		    mpt->m_instance, primitive, phy_num));
7877 		break;
7878 	}
7879 	case MPI2_EVENT_IR_VOLUME:
7880 	{
7881 		Mpi2EventDataIrVolume_t		*irVolume;
7882 		uint16_t			devhandle;
7883 		uint32_t			state;
7884 		int				config, vol;
7885 		uint8_t				found = FALSE;
7886 
7887 		irVolume = (pMpi2EventDataIrVolume_t)eventreply->EventData;
7888 		state = ddi_get32(mpt->m_acc_reply_frame_hdl,
7889 		    &irVolume->NewValue);
7890 		devhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
7891 		    &irVolume->VolDevHandle);
7892 
7893 		NDBG20(("EVENT_IR_VOLUME event is received"));
7894 
7895 		/*
7896 		 * Get latest RAID info and then find the DevHandle for this
7897 		 * event in the configuration.  If the DevHandle is not found
7898 		 * just exit the event.
7899 		 */
7900 		(void) mptsas_get_raid_info(mpt);
7901 		for (config = 0; (config < mpt->m_num_raid_configs) &&
7902 		    (!found); config++) {
7903 			for (vol = 0; vol < MPTSAS_MAX_RAIDVOLS; vol++) {
7904 				if (mpt->m_raidconfig[config].m_raidvol[vol].
7905 				    m_raidhandle == devhandle) {
7906 					found = TRUE;
7907 					break;
7908 				}
7909 			}
7910 		}
7911 		if (!found) {
7912 			break;
7913 		}
7914 
7915 		switch (irVolume->ReasonCode) {
7916 		case MPI2_EVENT_IR_VOLUME_RC_SETTINGS_CHANGED:
7917 		{
7918 			uint32_t i;
7919 			mpt->m_raidconfig[config].m_raidvol[vol].m_settings =
7920 			    state;
7921 
7922 			i = state & MPI2_RAIDVOL0_SETTING_MASK_WRITE_CACHING;
7923 			mptsas_log(mpt, CE_NOTE, " Volume %d settings changed"
7924 			    ", auto-config of hot-swap drives is %s"
7925 			    ", write caching is %s"
7926 			    ", hot-spare pool mask is %02x\n",
7927 			    vol, state &
7928 			    MPI2_RAIDVOL0_SETTING_AUTO_CONFIG_HSWAP_DISABLE
7929 			    ? "disabled" : "enabled",
7930 			    i == MPI2_RAIDVOL0_SETTING_UNCHANGED
7931 			    ? "controlled by member disks" :
7932 			    i == MPI2_RAIDVOL0_SETTING_DISABLE_WRITE_CACHING
7933 			    ? "disabled" :
7934 			    i == MPI2_RAIDVOL0_SETTING_ENABLE_WRITE_CACHING
7935 			    ? "enabled" :
7936 			    "incorrectly set",
7937 			    (state >> 16) & 0xff);
7938 				break;
7939 		}
7940 		case MPI2_EVENT_IR_VOLUME_RC_STATE_CHANGED:
7941 		{
7942 			mpt->m_raidconfig[config].m_raidvol[vol].m_state =
7943 			    (uint8_t)state;
7944 
7945 			mptsas_log(mpt, CE_NOTE,
7946 			    "Volume %d is now %s\n", vol,
7947 			    state == MPI2_RAID_VOL_STATE_OPTIMAL
7948 			    ? "optimal" :
7949 			    state == MPI2_RAID_VOL_STATE_DEGRADED
7950 			    ? "degraded" :
7951 			    state == MPI2_RAID_VOL_STATE_ONLINE
7952 			    ? "online" :
7953 			    state == MPI2_RAID_VOL_STATE_INITIALIZING
7954 			    ? "initializing" :
7955 			    state == MPI2_RAID_VOL_STATE_FAILED
7956 			    ? "failed" :
7957 			    state == MPI2_RAID_VOL_STATE_MISSING
7958 			    ? "missing" :
7959 			    "state unknown");
7960 			break;
7961 		}
7962 		case MPI2_EVENT_IR_VOLUME_RC_STATUS_FLAGS_CHANGED:
7963 		{
7964 			mpt->m_raidconfig[config].m_raidvol[vol].
7965 			    m_statusflags = state;
7966 
7967 			mptsas_log(mpt, CE_NOTE,
7968 			    " Volume %d is now %s%s%s%s%s%s%s%s%s\n",
7969 			    vol,
7970 			    state & MPI2_RAIDVOL0_STATUS_FLAG_ENABLED
7971 			    ? ", enabled" : ", disabled",
7972 			    state & MPI2_RAIDVOL0_STATUS_FLAG_QUIESCED
7973 			    ? ", quiesced" : "",
7974 			    state & MPI2_RAIDVOL0_STATUS_FLAG_VOLUME_INACTIVE
7975 			    ? ", inactive" : ", active",
7976 			    state &
7977 			    MPI2_RAIDVOL0_STATUS_FLAG_BAD_BLOCK_TABLE_FULL
7978 			    ? ", bad block table is full" : "",
7979 			    state &
7980 			    MPI2_RAIDVOL0_STATUS_FLAG_RESYNC_IN_PROGRESS
7981 			    ? ", resync in progress" : "",
7982 			    state & MPI2_RAIDVOL0_STATUS_FLAG_BACKGROUND_INIT
7983 			    ? ", background initialization in progress" : "",
7984 			    state &
7985 			    MPI2_RAIDVOL0_STATUS_FLAG_CAPACITY_EXPANSION
7986 			    ? ", capacity expansion in progress" : "",
7987 			    state &
7988 			    MPI2_RAIDVOL0_STATUS_FLAG_CONSISTENCY_CHECK
7989 			    ? ", consistency check in progress" : "",
7990 			    state & MPI2_RAIDVOL0_STATUS_FLAG_DATA_SCRUB
7991 			    ? ", data scrub in progress" : "");
7992 			break;
7993 		}
7994 		default:
7995 			break;
7996 		}
7997 		break;
7998 	}
7999 	case MPI2_EVENT_IR_PHYSICAL_DISK:
8000 	{
8001 		Mpi2EventDataIrPhysicalDisk_t	*irPhysDisk;
8002 		uint16_t			devhandle, enchandle, slot;
8003 		uint32_t			status, state;
8004 		uint8_t				physdisknum, reason;
8005 
8006 		irPhysDisk = (Mpi2EventDataIrPhysicalDisk_t *)
8007 		    eventreply->EventData;
8008 		physdisknum = ddi_get8(mpt->m_acc_reply_frame_hdl,
8009 		    &irPhysDisk->PhysDiskNum);
8010 		devhandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
8011 		    &irPhysDisk->PhysDiskDevHandle);
8012 		enchandle = ddi_get16(mpt->m_acc_reply_frame_hdl,
8013 		    &irPhysDisk->EnclosureHandle);
8014 		slot = ddi_get16(mpt->m_acc_reply_frame_hdl,
8015 		    &irPhysDisk->Slot);
8016 		state = ddi_get32(mpt->m_acc_reply_frame_hdl,
8017 		    &irPhysDisk->NewValue);
8018 		reason = ddi_get8(mpt->m_acc_reply_frame_hdl,
8019 		    &irPhysDisk->ReasonCode);
8020 
8021 		NDBG20(("EVENT_IR_PHYSICAL_DISK event is received"));
8022 
8023 		switch (reason) {
8024 		case MPI2_EVENT_IR_PHYSDISK_RC_SETTINGS_CHANGED:
8025 			mptsas_log(mpt, CE_NOTE,
8026 			    " PhysDiskNum %d with DevHandle 0x%x in slot %d "
8027 			    "for enclosure with handle 0x%x is now in hot "
8028 			    "spare pool %d",
8029 			    physdisknum, devhandle, slot, enchandle,
8030 			    (state >> 16) & 0xff);
8031 			break;
8032 
8033 		case MPI2_EVENT_IR_PHYSDISK_RC_STATUS_FLAGS_CHANGED:
8034 			status = state;
8035 			mptsas_log(mpt, CE_NOTE,
8036 			    " PhysDiskNum %d with DevHandle 0x%x in slot %d "
8037 			    "for enclosure with handle 0x%x is now "
8038 			    "%s%s%s%s%s\n", physdisknum, devhandle, slot,
8039 			    enchandle,
8040 			    status & MPI2_PHYSDISK0_STATUS_FLAG_INACTIVE_VOLUME
8041 			    ? ", inactive" : ", active",
8042 			    status & MPI2_PHYSDISK0_STATUS_FLAG_OUT_OF_SYNC
8043 			    ? ", out of sync" : "",
8044 			    status & MPI2_PHYSDISK0_STATUS_FLAG_QUIESCED
8045 			    ? ", quiesced" : "",
8046 			    status &
8047 			    MPI2_PHYSDISK0_STATUS_FLAG_WRITE_CACHE_ENABLED
8048 			    ? ", write cache enabled" : "",
8049 			    status & MPI2_PHYSDISK0_STATUS_FLAG_OCE_TARGET
8050 			    ? ", capacity expansion target" : "");
8051 			break;
8052 
8053 		case MPI2_EVENT_IR_PHYSDISK_RC_STATE_CHANGED:
8054 			mptsas_log(mpt, CE_NOTE,
8055 			    " PhysDiskNum %d with DevHandle 0x%x in slot %d "
8056 			    "for enclosure with handle 0x%x is now %s\n",
8057 			    physdisknum, devhandle, slot, enchandle,
8058 			    state == MPI2_RAID_PD_STATE_OPTIMAL
8059 			    ? "optimal" :
8060 			    state == MPI2_RAID_PD_STATE_REBUILDING
8061 			    ? "rebuilding" :
8062 			    state == MPI2_RAID_PD_STATE_DEGRADED
8063 			    ? "degraded" :
8064 			    state == MPI2_RAID_PD_STATE_HOT_SPARE
8065 			    ? "a hot spare" :
8066 			    state == MPI2_RAID_PD_STATE_ONLINE
8067 			    ? "online" :
8068 			    state == MPI2_RAID_PD_STATE_OFFLINE
8069 			    ? "offline" :
8070 			    state == MPI2_RAID_PD_STATE_NOT_COMPATIBLE
8071 			    ? "not compatible" :
8072 			    state == MPI2_RAID_PD_STATE_NOT_CONFIGURED
8073 			    ? "not configured" :
8074 			    "state unknown");
8075 			break;
8076 		}
8077 		break;
8078 	}
8079 	default:
8080 		NDBG20(("mptsas%d: unknown event %x received",
8081 		    mpt->m_instance, event));
8082 		break;
8083 	}
8084 
8085 	/*
8086 	 * Return the reply frame to the free queue.
8087 	 */
8088 	ddi_put32(mpt->m_acc_free_queue_hdl,
8089 	    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index], rfm);
8090 	(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
8091 	    DDI_DMA_SYNC_FORDEV);
8092 	if (++mpt->m_free_index == mpt->m_free_queue_depth) {
8093 		mpt->m_free_index = 0;
8094 	}
8095 	ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
8096 	    mpt->m_free_index);
8097 	mutex_exit(&mpt->m_mutex);
8098 }
8099 
8100 /*
8101  * invoked from timeout() to restart qfull cmds with throttle == 0
8102  */
8103 static void
8104 mptsas_restart_cmd(void *arg)
8105 {
8106 	mptsas_t	*mpt = arg;
8107 	mptsas_target_t	*ptgt = NULL;
8108 
8109 	mutex_enter(&mpt->m_mutex);
8110 
8111 	mpt->m_restart_cmd_timeid = 0;
8112 
8113 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
8114 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
8115 		if (ptgt->m_reset_delay == 0) {
8116 			if (ptgt->m_t_throttle == QFULL_THROTTLE) {
8117 				mptsas_set_throttle(mpt, ptgt,
8118 				    MAX_THROTTLE);
8119 			}
8120 		}
8121 	}
8122 	mptsas_restart_hba(mpt);
8123 	mutex_exit(&mpt->m_mutex);
8124 }
8125 
8126 void
8127 mptsas_remove_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
8128 {
8129 	int		slot;
8130 	mptsas_slots_t	*slots = mpt->m_active;
8131 	mptsas_target_t	*ptgt = cmd->cmd_tgt_addr;
8132 
8133 	ASSERT(cmd != NULL);
8134 	ASSERT(cmd->cmd_queued == FALSE);
8135 
8136 	/*
8137 	 * Task Management cmds are removed in their own routines.  Also,
8138 	 * we don't want to modify timeout based on TM cmds.
8139 	 */
8140 	if (cmd->cmd_flags & CFLAG_TM_CMD) {
8141 		return;
8142 	}
8143 
8144 	slot = cmd->cmd_slot;
8145 
8146 	/*
8147 	 * remove the cmd.
8148 	 */
8149 	if (cmd == slots->m_slot[slot]) {
8150 		NDBG31(("mptsas_remove_cmd: removing cmd=0x%p, flags "
8151 		    "0x%x", (void *)cmd, cmd->cmd_flags));
8152 		slots->m_slot[slot] = NULL;
8153 		mpt->m_ncmds--;
8154 
8155 		/*
8156 		 * only decrement per target ncmds if command
8157 		 * has a target associated with it.
8158 		 */
8159 		if ((cmd->cmd_flags & CFLAG_CMDIOC) == 0) {
8160 			ptgt->m_t_ncmds--;
8161 			/*
8162 			 * reset throttle if we just ran an untagged command
8163 			 * to a tagged target
8164 			 */
8165 			if ((ptgt->m_t_ncmds == 0) &&
8166 			    ((cmd->cmd_pkt_flags & FLAG_TAGMASK) == 0)) {
8167 				mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
8168 			}
8169 
8170 			/*
8171 			 * Remove this command from the active queue.
8172 			 */
8173 			if (cmd->cmd_active_expiration != 0) {
8174 				TAILQ_REMOVE(&ptgt->m_active_cmdq, cmd,
8175 				    cmd_active_link);
8176 				cmd->cmd_active_expiration = 0;
8177 			}
8178 		}
8179 	}
8180 
8181 	/*
8182 	 * This is all we need to do for ioc commands.
8183 	 */
8184 	if (cmd->cmd_flags & CFLAG_CMDIOC) {
8185 		mptsas_return_to_pool(mpt, cmd);
8186 		return;
8187 	}
8188 
8189 	ASSERT(cmd != slots->m_slot[cmd->cmd_slot]);
8190 }
8191 
8192 /*
8193  * accept all cmds on the tx_waitq if any and then
8194  * start a fresh request from the top of the device queue.
8195  *
8196  * since there are always cmds queued on the tx_waitq, and rare cmds on
8197  * the instance waitq, so this function should not be invoked in the ISR,
8198  * the mptsas_restart_waitq() is invoked in the ISR instead. otherwise, the
8199  * burden belongs to the IO dispatch CPUs is moved the interrupt CPU.
8200  */
8201 static void
8202 mptsas_restart_hba(mptsas_t *mpt)
8203 {
8204 	ASSERT(mutex_owned(&mpt->m_mutex));
8205 
8206 	mutex_enter(&mpt->m_tx_waitq_mutex);
8207 	if (mpt->m_tx_waitq) {
8208 		mptsas_accept_tx_waitq(mpt);
8209 	}
8210 	mutex_exit(&mpt->m_tx_waitq_mutex);
8211 	mptsas_restart_waitq(mpt);
8212 }
8213 
8214 /*
8215  * start a fresh request from the top of the device queue
8216  */
8217 static void
8218 mptsas_restart_waitq(mptsas_t *mpt)
8219 {
8220 	mptsas_cmd_t	*cmd, *next_cmd;
8221 	mptsas_target_t *ptgt = NULL;
8222 
8223 	NDBG1(("mptsas_restart_waitq: mpt=0x%p", (void *)mpt));
8224 
8225 	ASSERT(mutex_owned(&mpt->m_mutex));
8226 
8227 	/*
8228 	 * If there is a reset delay, don't start any cmds.  Otherwise, start
8229 	 * as many cmds as possible.
8230 	 * Since SMID 0 is reserved and the TM slot is reserved, the actual max
8231 	 * commands is m_max_requests - 2.
8232 	 */
8233 	cmd = mpt->m_waitq;
8234 
8235 	while (cmd != NULL) {
8236 		next_cmd = cmd->cmd_linkp;
8237 		if (cmd->cmd_flags & CFLAG_PASSTHRU) {
8238 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
8239 				/*
8240 				 * passthru command get slot need
8241 				 * set CFLAG_PREPARED.
8242 				 */
8243 				cmd->cmd_flags |= CFLAG_PREPARED;
8244 				mptsas_waitq_delete(mpt, cmd);
8245 				mptsas_start_passthru(mpt, cmd);
8246 			}
8247 			cmd = next_cmd;
8248 			continue;
8249 		}
8250 		if (cmd->cmd_flags & CFLAG_CONFIG) {
8251 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
8252 				/*
8253 				 * Send the config page request and delete it
8254 				 * from the waitq.
8255 				 */
8256 				cmd->cmd_flags |= CFLAG_PREPARED;
8257 				mptsas_waitq_delete(mpt, cmd);
8258 				mptsas_start_config_page_access(mpt, cmd);
8259 			}
8260 			cmd = next_cmd;
8261 			continue;
8262 		}
8263 		if (cmd->cmd_flags & CFLAG_FW_DIAG) {
8264 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
8265 				/*
8266 				 * Send the FW Diag request and delete if from
8267 				 * the waitq.
8268 				 */
8269 				cmd->cmd_flags |= CFLAG_PREPARED;
8270 				mptsas_waitq_delete(mpt, cmd);
8271 				mptsas_start_diag(mpt, cmd);
8272 			}
8273 			cmd = next_cmd;
8274 			continue;
8275 		}
8276 
8277 		ptgt = cmd->cmd_tgt_addr;
8278 		if (ptgt && (ptgt->m_t_throttle == DRAIN_THROTTLE) &&
8279 		    (ptgt->m_t_ncmds == 0)) {
8280 			mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
8281 		}
8282 		if ((mpt->m_ncmds <= (mpt->m_max_requests - 2)) &&
8283 		    (ptgt && (ptgt->m_reset_delay == 0)) &&
8284 		    (ptgt && (ptgt->m_t_ncmds <
8285 		    ptgt->m_t_throttle))) {
8286 			if (mptsas_save_cmd(mpt, cmd) == TRUE) {
8287 				mptsas_waitq_delete(mpt, cmd);
8288 				(void) mptsas_start_cmd(mpt, cmd);
8289 			}
8290 		}
8291 		cmd = next_cmd;
8292 	}
8293 }
8294 /*
8295  * Cmds are queued if tran_start() doesn't get the m_mutexlock(no wait).
8296  * Accept all those queued cmds before new cmd is accept so that the
8297  * cmds are sent in order.
8298  */
8299 static void
8300 mptsas_accept_tx_waitq(mptsas_t *mpt)
8301 {
8302 	mptsas_cmd_t *cmd;
8303 
8304 	ASSERT(mutex_owned(&mpt->m_mutex));
8305 	ASSERT(mutex_owned(&mpt->m_tx_waitq_mutex));
8306 
8307 	/*
8308 	 * A Bus Reset could occur at any time and flush the tx_waitq,
8309 	 * so we cannot count on the tx_waitq to contain even one cmd.
8310 	 * And when the m_tx_waitq_mutex is released and run
8311 	 * mptsas_accept_pkt(), the tx_waitq may be flushed.
8312 	 */
8313 	cmd = mpt->m_tx_waitq;
8314 	for (;;) {
8315 		if ((cmd = mpt->m_tx_waitq) == NULL) {
8316 			mpt->m_tx_draining = 0;
8317 			break;
8318 		}
8319 		if ((mpt->m_tx_waitq = cmd->cmd_linkp) == NULL) {
8320 			mpt->m_tx_waitqtail = &mpt->m_tx_waitq;
8321 		}
8322 		cmd->cmd_linkp = NULL;
8323 		mutex_exit(&mpt->m_tx_waitq_mutex);
8324 		if (mptsas_accept_pkt(mpt, cmd) != TRAN_ACCEPT)
8325 			cmn_err(CE_WARN, "mpt: mptsas_accept_tx_waitq: failed "
8326 			    "to accept cmd on queue\n");
8327 		mutex_enter(&mpt->m_tx_waitq_mutex);
8328 	}
8329 }
8330 
8331 
8332 /*
8333  * mpt tag type lookup
8334  */
8335 static char mptsas_tag_lookup[] =
8336 	{0, MSG_HEAD_QTAG, MSG_ORDERED_QTAG, 0, MSG_SIMPLE_QTAG};
8337 
8338 static int
8339 mptsas_start_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
8340 {
8341 	struct scsi_pkt		*pkt = CMD2PKT(cmd);
8342 	uint32_t		control = 0;
8343 	caddr_t			mem, arsbuf;
8344 	pMpi2SCSIIORequest_t	io_request;
8345 	ddi_dma_handle_t	dma_hdl = mpt->m_dma_req_frame_hdl;
8346 	ddi_acc_handle_t	acc_hdl = mpt->m_acc_req_frame_hdl;
8347 	mptsas_target_t		*ptgt = cmd->cmd_tgt_addr;
8348 	uint16_t		SMID, io_flags = 0;
8349 	uint8_t			ars_size;
8350 	uint64_t		request_desc;
8351 	uint32_t		ars_dmaaddrlow;
8352 	mptsas_cmd_t		*c;
8353 
8354 	NDBG1(("mptsas_start_cmd: cmd=0x%p, flags 0x%x", (void *)cmd,
8355 	    cmd->cmd_flags));
8356 
8357 	/*
8358 	 * Set SMID and increment index.  Rollover to 1 instead of 0 if index
8359 	 * is at the max.  0 is an invalid SMID, so we call the first index 1.
8360 	 */
8361 	SMID = cmd->cmd_slot;
8362 
8363 	/*
8364 	 * It is possible for back to back device reset to
8365 	 * happen before the reset delay has expired.  That's
8366 	 * ok, just let the device reset go out on the bus.
8367 	 */
8368 	if ((cmd->cmd_pkt_flags & FLAG_NOINTR) == 0) {
8369 		ASSERT(ptgt->m_reset_delay == 0);
8370 	}
8371 
8372 	/*
8373 	 * if a non-tagged cmd is submitted to an active tagged target
8374 	 * then drain before submitting this cmd; SCSI-2 allows RQSENSE
8375 	 * to be untagged
8376 	 */
8377 	if (((cmd->cmd_pkt_flags & FLAG_TAGMASK) == 0) &&
8378 	    (ptgt->m_t_ncmds > 1) &&
8379 	    ((cmd->cmd_flags & CFLAG_TM_CMD) == 0) &&
8380 	    (*(cmd->cmd_pkt->pkt_cdbp) != SCMD_REQUEST_SENSE)) {
8381 		if ((cmd->cmd_pkt_flags & FLAG_NOINTR) == 0) {
8382 			NDBG23(("target=%d, untagged cmd, start draining\n",
8383 			    ptgt->m_devhdl));
8384 
8385 			if (ptgt->m_reset_delay == 0) {
8386 				mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
8387 			}
8388 
8389 			mptsas_remove_cmd(mpt, cmd);
8390 			cmd->cmd_pkt_flags |= FLAG_HEAD;
8391 			mptsas_waitq_add(mpt, cmd);
8392 		}
8393 		return (DDI_FAILURE);
8394 	}
8395 
8396 	/*
8397 	 * Set correct tag bits.
8398 	 */
8399 	if (cmd->cmd_pkt_flags & FLAG_TAGMASK) {
8400 		switch (mptsas_tag_lookup[((cmd->cmd_pkt_flags &
8401 		    FLAG_TAGMASK) >> 12)]) {
8402 		case MSG_SIMPLE_QTAG:
8403 			control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
8404 			break;
8405 		case MSG_HEAD_QTAG:
8406 			control |= MPI2_SCSIIO_CONTROL_HEADOFQ;
8407 			break;
8408 		case MSG_ORDERED_QTAG:
8409 			control |= MPI2_SCSIIO_CONTROL_ORDEREDQ;
8410 			break;
8411 		default:
8412 			mptsas_log(mpt, CE_WARN, "mpt: Invalid tag type\n");
8413 			break;
8414 		}
8415 	} else {
8416 		if (*(cmd->cmd_pkt->pkt_cdbp) != SCMD_REQUEST_SENSE) {
8417 				ptgt->m_t_throttle = 1;
8418 		}
8419 		control |= MPI2_SCSIIO_CONTROL_SIMPLEQ;
8420 	}
8421 
8422 	if (cmd->cmd_pkt_flags & FLAG_TLR) {
8423 		control |= MPI2_SCSIIO_CONTROL_TLR_ON;
8424 	}
8425 
8426 	mem = mpt->m_req_frame + (mpt->m_req_frame_size * SMID);
8427 	io_request = (pMpi2SCSIIORequest_t)mem;
8428 	if (cmd->cmd_extrqslen != 0) {
8429 		/*
8430 		 * Mapping of the buffer was done in mptsas_pkt_alloc_extern().
8431 		 * Calculate the DMA address with the same offset.
8432 		 */
8433 		arsbuf = cmd->cmd_arq_buf;
8434 		ars_size = cmd->cmd_extrqslen;
8435 		ars_dmaaddrlow = (mpt->m_req_sense_dma_addr +
8436 		    ((uintptr_t)arsbuf - (uintptr_t)mpt->m_req_sense)) &
8437 		    0xffffffffu;
8438 	} else {
8439 		arsbuf = mpt->m_req_sense + (mpt->m_req_sense_size * (SMID-1));
8440 		cmd->cmd_arq_buf = arsbuf;
8441 		ars_size = mpt->m_req_sense_size;
8442 		ars_dmaaddrlow = (mpt->m_req_sense_dma_addr +
8443 		    (mpt->m_req_sense_size * (SMID-1))) &
8444 		    0xffffffffu;
8445 	}
8446 	bzero(io_request, sizeof (Mpi2SCSIIORequest_t));
8447 	bzero(arsbuf, ars_size);
8448 
8449 	ddi_put8(acc_hdl, &io_request->SGLOffset0, offsetof
8450 	    (MPI2_SCSI_IO_REQUEST, SGL) / 4);
8451 	mptsas_init_std_hdr(acc_hdl, io_request, ptgt->m_devhdl, Lun(cmd), 0,
8452 	    MPI2_FUNCTION_SCSI_IO_REQUEST);
8453 
8454 	(void) ddi_rep_put8(acc_hdl, (uint8_t *)pkt->pkt_cdbp,
8455 	    io_request->CDB.CDB32, cmd->cmd_cdblen, DDI_DEV_AUTOINCR);
8456 
8457 	io_flags = cmd->cmd_cdblen;
8458 	if (mptsas_use_fastpath &&
8459 	    ptgt->m_io_flags & MPI25_SAS_DEVICE0_FLAGS_ENABLED_FAST_PATH) {
8460 		io_flags |= MPI25_SCSIIO_IOFLAGS_FAST_PATH;
8461 		request_desc = MPI25_REQ_DESCRIPT_FLAGS_FAST_PATH_SCSI_IO;
8462 	} else {
8463 		request_desc = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
8464 	}
8465 	ddi_put16(acc_hdl, &io_request->IoFlags, io_flags);
8466 	/*
8467 	 * setup the Scatter/Gather DMA list for this request
8468 	 */
8469 	if (cmd->cmd_cookiec > 0) {
8470 		mptsas_sge_setup(mpt, cmd, &control, io_request, acc_hdl);
8471 	} else {
8472 		ddi_put32(acc_hdl, &io_request->SGL.MpiSimple.FlagsLength,
8473 		    ((uint32_t)MPI2_SGE_FLAGS_LAST_ELEMENT |
8474 		    MPI2_SGE_FLAGS_END_OF_BUFFER |
8475 		    MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
8476 		    MPI2_SGE_FLAGS_END_OF_LIST) << MPI2_SGE_FLAGS_SHIFT);
8477 	}
8478 
8479 	/*
8480 	 * save ARQ information
8481 	 */
8482 	ddi_put8(acc_hdl, &io_request->SenseBufferLength, ars_size);
8483 	ddi_put32(acc_hdl, &io_request->SenseBufferLowAddress, ars_dmaaddrlow);
8484 
8485 	ddi_put32(acc_hdl, &io_request->Control, control);
8486 
8487 	NDBG31(("starting message=%d(0x%p), with cmd=0x%p",
8488 	    SMID, (void *)io_request, (void *)cmd));
8489 
8490 	(void) ddi_dma_sync(dma_hdl, 0, 0, DDI_DMA_SYNC_FORDEV);
8491 	(void) ddi_dma_sync(mpt->m_dma_req_sense_hdl, 0, 0,
8492 	    DDI_DMA_SYNC_FORDEV);
8493 
8494 	/*
8495 	 * Build request descriptor and write it to the request desc post reg.
8496 	 */
8497 	request_desc |= (SMID << 16);
8498 	request_desc |= (uint64_t)ptgt->m_devhdl << 48;
8499 	MPTSAS_START_CMD(mpt, request_desc);
8500 
8501 	/*
8502 	 * Start timeout.
8503 	 */
8504 	cmd->cmd_active_expiration =
8505 	    gethrtime() + (hrtime_t)pkt->pkt_time * NANOSEC;
8506 #ifdef MPTSAS_TEST
8507 	/*
8508 	 * Force timeouts to happen immediately.
8509 	 */
8510 	if (mptsas_test_timeouts)
8511 		cmd->cmd_active_expiration = gethrtime();
8512 #endif
8513 	c = TAILQ_FIRST(&ptgt->m_active_cmdq);
8514 	if (c == NULL ||
8515 	    c->cmd_active_expiration < cmd->cmd_active_expiration) {
8516 		/*
8517 		 * Common case is that this is the last pending expiration
8518 		 * (or queue is empty). Insert at head of the queue.
8519 		 */
8520 		TAILQ_INSERT_HEAD(&ptgt->m_active_cmdq, cmd, cmd_active_link);
8521 	} else {
8522 		/*
8523 		 * Queue is not empty and first element expires later than
8524 		 * this command. Search for element expiring sooner.
8525 		 */
8526 		while ((c = TAILQ_NEXT(c, cmd_active_link)) != NULL) {
8527 			if (c->cmd_active_expiration <
8528 			    cmd->cmd_active_expiration) {
8529 				TAILQ_INSERT_BEFORE(c, cmd, cmd_active_link);
8530 				break;
8531 			}
8532 		}
8533 		if (c == NULL) {
8534 			/*
8535 			 * No element found expiring sooner, append to
8536 			 * non-empty queue.
8537 			 */
8538 			TAILQ_INSERT_TAIL(&ptgt->m_active_cmdq, cmd,
8539 			    cmd_active_link);
8540 		}
8541 	}
8542 
8543 	if ((mptsas_check_dma_handle(dma_hdl) != DDI_SUCCESS) ||
8544 	    (mptsas_check_acc_handle(acc_hdl) != DDI_SUCCESS)) {
8545 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
8546 		return (DDI_FAILURE);
8547 	}
8548 	return (DDI_SUCCESS);
8549 }
8550 
8551 /*
8552  * Select a helper thread to handle current doneq
8553  */
8554 static void
8555 mptsas_deliver_doneq_thread(mptsas_t *mpt)
8556 {
8557 	uint64_t			t, i;
8558 	uint32_t			min = 0xffffffff;
8559 	mptsas_doneq_thread_list_t	*item;
8560 
8561 	for (i = 0; i < mpt->m_doneq_thread_n; i++) {
8562 		item = &mpt->m_doneq_thread_id[i];
8563 		/*
8564 		 * If the completed command on help thread[i] less than
8565 		 * doneq_thread_threshold, then pick the thread[i]. Otherwise
8566 		 * pick a thread which has least completed command.
8567 		 */
8568 
8569 		mutex_enter(&item->mutex);
8570 		if (item->len < mpt->m_doneq_thread_threshold) {
8571 			t = i;
8572 			mutex_exit(&item->mutex);
8573 			break;
8574 		}
8575 		if (item->len < min) {
8576 			min = item->len;
8577 			t = i;
8578 		}
8579 		mutex_exit(&item->mutex);
8580 	}
8581 	mutex_enter(&mpt->m_doneq_thread_id[t].mutex);
8582 	mptsas_doneq_mv(mpt, t);
8583 	cv_signal(&mpt->m_doneq_thread_id[t].cv);
8584 	mutex_exit(&mpt->m_doneq_thread_id[t].mutex);
8585 }
8586 
8587 /*
8588  * move the current global doneq to the doneq of thead[t]
8589  */
8590 static void
8591 mptsas_doneq_mv(mptsas_t *mpt, uint64_t t)
8592 {
8593 	mptsas_cmd_t			*cmd;
8594 	mptsas_doneq_thread_list_t	*item = &mpt->m_doneq_thread_id[t];
8595 
8596 	ASSERT(mutex_owned(&item->mutex));
8597 	while ((cmd = mpt->m_doneq) != NULL) {
8598 		if ((mpt->m_doneq = cmd->cmd_linkp) == NULL) {
8599 			mpt->m_donetail = &mpt->m_doneq;
8600 		}
8601 		cmd->cmd_linkp = NULL;
8602 		*item->donetail = cmd;
8603 		item->donetail = &cmd->cmd_linkp;
8604 		mpt->m_doneq_len--;
8605 		item->len++;
8606 	}
8607 }
8608 
8609 void
8610 mptsas_fma_check(mptsas_t *mpt, mptsas_cmd_t *cmd)
8611 {
8612 	struct scsi_pkt	*pkt = CMD2PKT(cmd);
8613 
8614 	/* Check all acc and dma handles */
8615 	if ((mptsas_check_acc_handle(mpt->m_datap) !=
8616 	    DDI_SUCCESS) ||
8617 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl) !=
8618 	    DDI_SUCCESS) ||
8619 	    (mptsas_check_acc_handle(mpt->m_acc_req_sense_hdl) !=
8620 	    DDI_SUCCESS) ||
8621 	    (mptsas_check_acc_handle(mpt->m_acc_reply_frame_hdl) !=
8622 	    DDI_SUCCESS) ||
8623 	    (mptsas_check_acc_handle(mpt->m_acc_free_queue_hdl) !=
8624 	    DDI_SUCCESS) ||
8625 	    (mptsas_check_acc_handle(mpt->m_acc_post_queue_hdl) !=
8626 	    DDI_SUCCESS) ||
8627 	    (mptsas_check_acc_handle(mpt->m_hshk_acc_hdl) !=
8628 	    DDI_SUCCESS) ||
8629 	    (mptsas_check_acc_handle(mpt->m_config_handle) !=
8630 	    DDI_SUCCESS)) {
8631 		ddi_fm_service_impact(mpt->m_dip,
8632 		    DDI_SERVICE_UNAFFECTED);
8633 		ddi_fm_acc_err_clear(mpt->m_config_handle,
8634 		    DDI_FME_VER0);
8635 		pkt->pkt_reason = CMD_TRAN_ERR;
8636 		pkt->pkt_statistics = 0;
8637 	}
8638 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl) !=
8639 	    DDI_SUCCESS) ||
8640 	    (mptsas_check_dma_handle(mpt->m_dma_req_sense_hdl) !=
8641 	    DDI_SUCCESS) ||
8642 	    (mptsas_check_dma_handle(mpt->m_dma_reply_frame_hdl) !=
8643 	    DDI_SUCCESS) ||
8644 	    (mptsas_check_dma_handle(mpt->m_dma_free_queue_hdl) !=
8645 	    DDI_SUCCESS) ||
8646 	    (mptsas_check_dma_handle(mpt->m_dma_post_queue_hdl) !=
8647 	    DDI_SUCCESS) ||
8648 	    (mptsas_check_dma_handle(mpt->m_hshk_dma_hdl) !=
8649 	    DDI_SUCCESS)) {
8650 		ddi_fm_service_impact(mpt->m_dip,
8651 		    DDI_SERVICE_UNAFFECTED);
8652 		pkt->pkt_reason = CMD_TRAN_ERR;
8653 		pkt->pkt_statistics = 0;
8654 	}
8655 	if (cmd->cmd_dmahandle &&
8656 	    (mptsas_check_dma_handle(cmd->cmd_dmahandle) != DDI_SUCCESS)) {
8657 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
8658 		pkt->pkt_reason = CMD_TRAN_ERR;
8659 		pkt->pkt_statistics = 0;
8660 	}
8661 	if ((cmd->cmd_extra_frames &&
8662 	    ((mptsas_check_dma_handle(cmd->cmd_extra_frames->m_dma_hdl) !=
8663 	    DDI_SUCCESS) ||
8664 	    (mptsas_check_acc_handle(cmd->cmd_extra_frames->m_acc_hdl) !=
8665 	    DDI_SUCCESS)))) {
8666 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
8667 		pkt->pkt_reason = CMD_TRAN_ERR;
8668 		pkt->pkt_statistics = 0;
8669 	}
8670 }
8671 
8672 /*
8673  * These routines manipulate the queue of commands that
8674  * are waiting for their completion routines to be called.
8675  * The queue is usually in FIFO order but on an MP system
8676  * it's possible for the completion routines to get out
8677  * of order. If that's a problem you need to add a global
8678  * mutex around the code that calls the completion routine
8679  * in the interrupt handler.
8680  */
8681 static void
8682 mptsas_doneq_add(mptsas_t *mpt, mptsas_cmd_t *cmd)
8683 {
8684 	struct scsi_pkt	*pkt = CMD2PKT(cmd);
8685 
8686 	NDBG31(("mptsas_doneq_add: cmd=0x%p", (void *)cmd));
8687 
8688 	ASSERT((cmd->cmd_flags & CFLAG_COMPLETED) == 0);
8689 	cmd->cmd_linkp = NULL;
8690 	cmd->cmd_flags |= CFLAG_FINISHED;
8691 	cmd->cmd_flags &= ~CFLAG_IN_TRANSPORT;
8692 
8693 	mptsas_fma_check(mpt, cmd);
8694 
8695 	/*
8696 	 * only add scsi pkts that have completion routines to
8697 	 * the doneq.  no intr cmds do not have callbacks.
8698 	 */
8699 	if (pkt && (pkt->pkt_comp)) {
8700 		*mpt->m_donetail = cmd;
8701 		mpt->m_donetail = &cmd->cmd_linkp;
8702 		mpt->m_doneq_len++;
8703 	}
8704 }
8705 
8706 static mptsas_cmd_t *
8707 mptsas_doneq_thread_rm(mptsas_t *mpt, uint64_t t)
8708 {
8709 	mptsas_cmd_t			*cmd;
8710 	mptsas_doneq_thread_list_t	*item = &mpt->m_doneq_thread_id[t];
8711 
8712 	/* pop one off the done queue */
8713 	if ((cmd = item->doneq) != NULL) {
8714 		/* if the queue is now empty fix the tail pointer */
8715 		NDBG31(("mptsas_doneq_thread_rm: cmd=0x%p", (void *)cmd));
8716 		if ((item->doneq = cmd->cmd_linkp) == NULL) {
8717 			item->donetail = &item->doneq;
8718 		}
8719 		cmd->cmd_linkp = NULL;
8720 		item->len--;
8721 	}
8722 	return (cmd);
8723 }
8724 
8725 static void
8726 mptsas_doneq_empty(mptsas_t *mpt)
8727 {
8728 	if (mpt->m_doneq && !mpt->m_in_callback) {
8729 		mptsas_cmd_t	*cmd, *next;
8730 		struct scsi_pkt *pkt;
8731 
8732 		mpt->m_in_callback = 1;
8733 		cmd = mpt->m_doneq;
8734 		mpt->m_doneq = NULL;
8735 		mpt->m_donetail = &mpt->m_doneq;
8736 		mpt->m_doneq_len = 0;
8737 
8738 		mutex_exit(&mpt->m_mutex);
8739 		/*
8740 		 * run the completion routines of all the
8741 		 * completed commands
8742 		 */
8743 		while (cmd != NULL) {
8744 			next = cmd->cmd_linkp;
8745 			cmd->cmd_linkp = NULL;
8746 			/* run this command's completion routine */
8747 			cmd->cmd_flags |= CFLAG_COMPLETED;
8748 			pkt = CMD2PKT(cmd);
8749 			mptsas_pkt_comp(pkt, cmd);
8750 			cmd = next;
8751 		}
8752 		mutex_enter(&mpt->m_mutex);
8753 		mpt->m_in_callback = 0;
8754 	}
8755 }
8756 
8757 /*
8758  * These routines manipulate the target's queue of pending requests
8759  */
8760 void
8761 mptsas_waitq_add(mptsas_t *mpt, mptsas_cmd_t *cmd)
8762 {
8763 	NDBG7(("mptsas_waitq_add: cmd=0x%p", (void *)cmd));
8764 	mptsas_target_t *ptgt = cmd->cmd_tgt_addr;
8765 	cmd->cmd_queued = TRUE;
8766 	if (ptgt)
8767 		ptgt->m_t_nwait++;
8768 	if (cmd->cmd_pkt_flags & FLAG_HEAD) {
8769 		if ((cmd->cmd_linkp = mpt->m_waitq) == NULL) {
8770 			mpt->m_waitqtail = &cmd->cmd_linkp;
8771 		}
8772 		mpt->m_waitq = cmd;
8773 	} else {
8774 		cmd->cmd_linkp = NULL;
8775 		*(mpt->m_waitqtail) = cmd;
8776 		mpt->m_waitqtail = &cmd->cmd_linkp;
8777 	}
8778 }
8779 
8780 static mptsas_cmd_t *
8781 mptsas_waitq_rm(mptsas_t *mpt)
8782 {
8783 	mptsas_cmd_t	*cmd;
8784 	mptsas_target_t *ptgt;
8785 	NDBG7(("mptsas_waitq_rm"));
8786 
8787 	MPTSAS_WAITQ_RM(mpt, cmd);
8788 
8789 	NDBG7(("mptsas_waitq_rm: cmd=0x%p", (void *)cmd));
8790 	if (cmd) {
8791 		ptgt = cmd->cmd_tgt_addr;
8792 		if (ptgt) {
8793 			ptgt->m_t_nwait--;
8794 			ASSERT(ptgt->m_t_nwait >= 0);
8795 		}
8796 	}
8797 	return (cmd);
8798 }
8799 
8800 /*
8801  * remove specified cmd from the middle of the wait queue.
8802  */
8803 static void
8804 mptsas_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd)
8805 {
8806 	mptsas_cmd_t	*prevp = mpt->m_waitq;
8807 	mptsas_target_t *ptgt = cmd->cmd_tgt_addr;
8808 
8809 	NDBG7(("mptsas_waitq_delete: mpt=0x%p cmd=0x%p",
8810 	    (void *)mpt, (void *)cmd));
8811 	if (ptgt) {
8812 		ptgt->m_t_nwait--;
8813 		ASSERT(ptgt->m_t_nwait >= 0);
8814 	}
8815 
8816 	if (prevp == cmd) {
8817 		if ((mpt->m_waitq = cmd->cmd_linkp) == NULL)
8818 			mpt->m_waitqtail = &mpt->m_waitq;
8819 
8820 		cmd->cmd_linkp = NULL;
8821 		cmd->cmd_queued = FALSE;
8822 		NDBG7(("mptsas_waitq_delete: mpt=0x%p cmd=0x%p",
8823 		    (void *)mpt, (void *)cmd));
8824 		return;
8825 	}
8826 
8827 	while (prevp != NULL) {
8828 		if (prevp->cmd_linkp == cmd) {
8829 			if ((prevp->cmd_linkp = cmd->cmd_linkp) == NULL)
8830 				mpt->m_waitqtail = &prevp->cmd_linkp;
8831 
8832 			cmd->cmd_linkp = NULL;
8833 			cmd->cmd_queued = FALSE;
8834 			NDBG7(("mptsas_waitq_delete: mpt=0x%p cmd=0x%p",
8835 			    (void *)mpt, (void *)cmd));
8836 			return;
8837 		}
8838 		prevp = prevp->cmd_linkp;
8839 	}
8840 	cmn_err(CE_PANIC, "mpt: mptsas_waitq_delete: queue botch");
8841 }
8842 
8843 static mptsas_cmd_t *
8844 mptsas_tx_waitq_rm(mptsas_t *mpt)
8845 {
8846 	mptsas_cmd_t *cmd;
8847 	NDBG7(("mptsas_tx_waitq_rm"));
8848 
8849 	MPTSAS_TX_WAITQ_RM(mpt, cmd);
8850 
8851 	NDBG7(("mptsas_tx_waitq_rm: cmd=0x%p", (void *)cmd));
8852 
8853 	return (cmd);
8854 }
8855 
8856 /*
8857  * remove specified cmd from the middle of the tx_waitq.
8858  */
8859 static void
8860 mptsas_tx_waitq_delete(mptsas_t *mpt, mptsas_cmd_t *cmd)
8861 {
8862 	mptsas_cmd_t *prevp = mpt->m_tx_waitq;
8863 
8864 	NDBG7(("mptsas_tx_waitq_delete: mpt=0x%p cmd=0x%p",
8865 	    (void *)mpt, (void *)cmd));
8866 
8867 	if (prevp == cmd) {
8868 		if ((mpt->m_tx_waitq = cmd->cmd_linkp) == NULL)
8869 			mpt->m_tx_waitqtail = &mpt->m_tx_waitq;
8870 
8871 		cmd->cmd_linkp = NULL;
8872 		cmd->cmd_queued = FALSE;
8873 		NDBG7(("mptsas_tx_waitq_delete: mpt=0x%p cmd=0x%p",
8874 		    (void *)mpt, (void *)cmd));
8875 		return;
8876 	}
8877 
8878 	while (prevp != NULL) {
8879 		if (prevp->cmd_linkp == cmd) {
8880 			if ((prevp->cmd_linkp = cmd->cmd_linkp) == NULL)
8881 				mpt->m_tx_waitqtail = &prevp->cmd_linkp;
8882 
8883 			cmd->cmd_linkp = NULL;
8884 			cmd->cmd_queued = FALSE;
8885 			NDBG7(("mptsas_tx_waitq_delete: mpt=0x%p cmd=0x%p",
8886 			    (void *)mpt, (void *)cmd));
8887 			return;
8888 		}
8889 		prevp = prevp->cmd_linkp;
8890 	}
8891 	cmn_err(CE_PANIC, "mpt: mptsas_tx_waitq_delete: queue botch");
8892 }
8893 
8894 /*
8895  * device and bus reset handling
8896  *
8897  * Notes:
8898  *	- RESET_ALL:	reset the controller
8899  *	- RESET_TARGET:	reset the target specified in scsi_address
8900  */
8901 static int
8902 mptsas_scsi_reset(struct scsi_address *ap, int level)
8903 {
8904 	mptsas_t		*mpt = ADDR2MPT(ap);
8905 	int			rval;
8906 	mptsas_tgt_private_t	*tgt_private;
8907 	mptsas_target_t		*ptgt = NULL;
8908 
8909 	tgt_private = (mptsas_tgt_private_t *)ap->a_hba_tran->tran_tgt_private;
8910 	ptgt = tgt_private->t_private;
8911 	if (ptgt == NULL) {
8912 		return (FALSE);
8913 	}
8914 	NDBG22(("mptsas_scsi_reset: target=%d level=%d", ptgt->m_devhdl,
8915 	    level));
8916 
8917 	mutex_enter(&mpt->m_mutex);
8918 	/*
8919 	 * if we are not in panic set up a reset delay for this target
8920 	 */
8921 	if (!ddi_in_panic()) {
8922 		mptsas_setup_bus_reset_delay(mpt);
8923 	} else {
8924 		drv_usecwait(mpt->m_scsi_reset_delay * 1000);
8925 	}
8926 	rval = mptsas_do_scsi_reset(mpt, ptgt->m_devhdl);
8927 	mutex_exit(&mpt->m_mutex);
8928 
8929 	/*
8930 	 * The transport layer expect to only see TRUE and
8931 	 * FALSE. Therefore, we will adjust the return value
8932 	 * if mptsas_do_scsi_reset returns FAILED.
8933 	 */
8934 	if (rval == FAILED)
8935 		rval = FALSE;
8936 	return (rval);
8937 }
8938 
8939 static int
8940 mptsas_do_scsi_reset(mptsas_t *mpt, uint16_t devhdl)
8941 {
8942 	int		rval = FALSE;
8943 	uint8_t		config, disk;
8944 
8945 	ASSERT(mutex_owned(&mpt->m_mutex));
8946 
8947 	if (mptsas_debug_resets) {
8948 		mptsas_log(mpt, CE_WARN, "mptsas_do_scsi_reset: target=%d",
8949 		    devhdl);
8950 	}
8951 
8952 	/*
8953 	 * Issue a Target Reset message to the target specified but not to a
8954 	 * disk making up a raid volume.  Just look through the RAID config
8955 	 * Phys Disk list of DevHandles.  If the target's DevHandle is in this
8956 	 * list, then don't reset this target.
8957 	 */
8958 	for (config = 0; config < mpt->m_num_raid_configs; config++) {
8959 		for (disk = 0; disk < MPTSAS_MAX_DISKS_IN_CONFIG; disk++) {
8960 			if (devhdl == mpt->m_raidconfig[config].
8961 			    m_physdisk_devhdl[disk]) {
8962 				return (TRUE);
8963 			}
8964 		}
8965 	}
8966 
8967 	rval = mptsas_ioc_task_management(mpt,
8968 	    MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET, devhdl, 0, NULL, 0, 0);
8969 
8970 	mptsas_doneq_empty(mpt);
8971 	return (rval);
8972 }
8973 
8974 static int
8975 mptsas_scsi_reset_notify(struct scsi_address *ap, int flag,
8976 	void (*callback)(caddr_t), caddr_t arg)
8977 {
8978 	mptsas_t	*mpt = ADDR2MPT(ap);
8979 
8980 	NDBG22(("mptsas_scsi_reset_notify: tgt=%d", ap->a_target));
8981 
8982 	return (scsi_hba_reset_notify_setup(ap, flag, callback, arg,
8983 	    &mpt->m_mutex, &mpt->m_reset_notify_listf));
8984 }
8985 
8986 static int
8987 mptsas_get_name(struct scsi_device *sd, char *name, int len)
8988 {
8989 	dev_info_t	*lun_dip = NULL;
8990 
8991 	ASSERT(sd != NULL);
8992 	ASSERT(name != NULL);
8993 	lun_dip = sd->sd_dev;
8994 	ASSERT(lun_dip != NULL);
8995 
8996 	if (mptsas_name_child(lun_dip, name, len) == DDI_SUCCESS) {
8997 		return (1);
8998 	} else {
8999 		return (0);
9000 	}
9001 }
9002 
9003 static int
9004 mptsas_get_bus_addr(struct scsi_device *sd, char *name, int len)
9005 {
9006 	return (mptsas_get_name(sd, name, len));
9007 }
9008 
9009 void
9010 mptsas_set_throttle(mptsas_t *mpt, mptsas_target_t *ptgt, int what)
9011 {
9012 
9013 	NDBG25(("mptsas_set_throttle: throttle=%x", what));
9014 
9015 	/*
9016 	 * if the bus is draining/quiesced, no changes to the throttles
9017 	 * are allowed. Not allowing change of throttles during draining
9018 	 * limits error recovery but will reduce draining time
9019 	 *
9020 	 * all throttles should have been set to HOLD_THROTTLE
9021 	 */
9022 	if (mpt->m_softstate & (MPTSAS_SS_QUIESCED | MPTSAS_SS_DRAINING)) {
9023 		return;
9024 	}
9025 
9026 	if (what == HOLD_THROTTLE) {
9027 		ptgt->m_t_throttle = HOLD_THROTTLE;
9028 	} else if (ptgt->m_reset_delay == 0) {
9029 		ptgt->m_t_throttle = what;
9030 	}
9031 }
9032 
9033 /*
9034  * Clean up from a device reset.
9035  * For the case of target reset, this function clears the waitq of all
9036  * commands for a particular target.   For the case of abort task set, this
9037  * function clears the waitq of all commonds for a particular target/lun.
9038  */
9039 static void
9040 mptsas_flush_target(mptsas_t *mpt, ushort_t target, int lun, uint8_t tasktype)
9041 {
9042 	mptsas_slots_t	*slots = mpt->m_active;
9043 	mptsas_cmd_t	*cmd, *next_cmd;
9044 	int		slot;
9045 	uchar_t		reason;
9046 	uint_t		stat;
9047 	hrtime_t	timestamp;
9048 
9049 	NDBG25(("mptsas_flush_target: target=%d lun=%d", target, lun));
9050 
9051 	timestamp = gethrtime();
9052 
9053 	/*
9054 	 * Make sure the I/O Controller has flushed all cmds
9055 	 * that are associated with this target for a target reset
9056 	 * and target/lun for abort task set.
9057 	 * Account for TM requests, which use the last SMID.
9058 	 */
9059 	for (slot = 0; slot <= mpt->m_active->m_n_normal; slot++) {
9060 		if ((cmd = slots->m_slot[slot]) == NULL)
9061 			continue;
9062 		reason = CMD_RESET;
9063 		stat = STAT_DEV_RESET;
9064 		switch (tasktype) {
9065 		case MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET:
9066 			if (Tgt(cmd) == target) {
9067 				if (cmd->cmd_active_expiration <= timestamp) {
9068 					/*
9069 					 * When timeout requested, propagate
9070 					 * proper reason and statistics to
9071 					 * target drivers.
9072 					 */
9073 					reason = CMD_TIMEOUT;
9074 					stat |= STAT_TIMEOUT;
9075 				}
9076 				NDBG25(("mptsas_flush_target discovered non-"
9077 				    "NULL cmd in slot %d, tasktype 0x%x", slot,
9078 				    tasktype));
9079 				mptsas_dump_cmd(mpt, cmd);
9080 				mptsas_remove_cmd(mpt, cmd);
9081 				mptsas_set_pkt_reason(mpt, cmd, reason, stat);
9082 				mptsas_doneq_add(mpt, cmd);
9083 			}
9084 			break;
9085 		case MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET:
9086 			reason = CMD_ABORTED;
9087 			stat = STAT_ABORTED;
9088 			/*FALLTHROUGH*/
9089 		case MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET:
9090 			if ((Tgt(cmd) == target) && (Lun(cmd) == lun)) {
9091 
9092 				NDBG25(("mptsas_flush_target discovered non-"
9093 				    "NULL cmd in slot %d, tasktype 0x%x", slot,
9094 				    tasktype));
9095 				mptsas_dump_cmd(mpt, cmd);
9096 				mptsas_remove_cmd(mpt, cmd);
9097 				mptsas_set_pkt_reason(mpt, cmd, reason,
9098 				    stat);
9099 				mptsas_doneq_add(mpt, cmd);
9100 			}
9101 			break;
9102 		default:
9103 			break;
9104 		}
9105 	}
9106 
9107 	/*
9108 	 * Flush the waitq and tx_waitq of this target's cmds
9109 	 */
9110 	cmd = mpt->m_waitq;
9111 
9112 	reason = CMD_RESET;
9113 	stat = STAT_DEV_RESET;
9114 
9115 	switch (tasktype) {
9116 	case MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET:
9117 		while (cmd != NULL) {
9118 			next_cmd = cmd->cmd_linkp;
9119 			if (Tgt(cmd) == target) {
9120 				mptsas_waitq_delete(mpt, cmd);
9121 				mptsas_set_pkt_reason(mpt, cmd,
9122 				    reason, stat);
9123 				mptsas_doneq_add(mpt, cmd);
9124 			}
9125 			cmd = next_cmd;
9126 		}
9127 		mutex_enter(&mpt->m_tx_waitq_mutex);
9128 		cmd = mpt->m_tx_waitq;
9129 		while (cmd != NULL) {
9130 			next_cmd = cmd->cmd_linkp;
9131 			if (Tgt(cmd) == target) {
9132 				mptsas_tx_waitq_delete(mpt, cmd);
9133 				mutex_exit(&mpt->m_tx_waitq_mutex);
9134 				mptsas_set_pkt_reason(mpt, cmd,
9135 				    reason, stat);
9136 				mptsas_doneq_add(mpt, cmd);
9137 				mutex_enter(&mpt->m_tx_waitq_mutex);
9138 			}
9139 			cmd = next_cmd;
9140 		}
9141 		mutex_exit(&mpt->m_tx_waitq_mutex);
9142 		break;
9143 	case MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET:
9144 		reason = CMD_ABORTED;
9145 		stat =  STAT_ABORTED;
9146 		/*FALLTHROUGH*/
9147 	case MPI2_SCSITASKMGMT_TASKTYPE_LOGICAL_UNIT_RESET:
9148 		while (cmd != NULL) {
9149 			next_cmd = cmd->cmd_linkp;
9150 			if ((Tgt(cmd) == target) && (Lun(cmd) == lun)) {
9151 				mptsas_waitq_delete(mpt, cmd);
9152 				mptsas_set_pkt_reason(mpt, cmd,
9153 				    reason, stat);
9154 				mptsas_doneq_add(mpt, cmd);
9155 			}
9156 			cmd = next_cmd;
9157 		}
9158 		mutex_enter(&mpt->m_tx_waitq_mutex);
9159 		cmd = mpt->m_tx_waitq;
9160 		while (cmd != NULL) {
9161 			next_cmd = cmd->cmd_linkp;
9162 			if ((Tgt(cmd) == target) && (Lun(cmd) == lun)) {
9163 				mptsas_tx_waitq_delete(mpt, cmd);
9164 				mutex_exit(&mpt->m_tx_waitq_mutex);
9165 				mptsas_set_pkt_reason(mpt, cmd,
9166 				    reason, stat);
9167 				mptsas_doneq_add(mpt, cmd);
9168 				mutex_enter(&mpt->m_tx_waitq_mutex);
9169 			}
9170 			cmd = next_cmd;
9171 		}
9172 		mutex_exit(&mpt->m_tx_waitq_mutex);
9173 		break;
9174 	default:
9175 		mptsas_log(mpt, CE_WARN, "Unknown task management type %d.",
9176 		    tasktype);
9177 		break;
9178 	}
9179 }
9180 
9181 /*
9182  * Clean up hba state, abort all outstanding command and commands in waitq
9183  * reset timeout of all targets.
9184  */
9185 static void
9186 mptsas_flush_hba(mptsas_t *mpt)
9187 {
9188 	mptsas_slots_t	*slots = mpt->m_active;
9189 	mptsas_cmd_t	*cmd;
9190 	int		slot;
9191 
9192 	NDBG25(("mptsas_flush_hba"));
9193 
9194 	/*
9195 	 * The I/O Controller should have already sent back
9196 	 * all commands via the scsi I/O reply frame.  Make
9197 	 * sure all commands have been flushed.
9198 	 * Account for TM request, which use the last SMID.
9199 	 */
9200 	for (slot = 0; slot <= mpt->m_active->m_n_normal; slot++) {
9201 		if ((cmd = slots->m_slot[slot]) == NULL)
9202 			continue;
9203 
9204 		if (cmd->cmd_flags & CFLAG_CMDIOC) {
9205 			/*
9206 			 * Need to make sure to tell everyone that might be
9207 			 * waiting on this command that it's going to fail.  If
9208 			 * we get here, this command will never timeout because
9209 			 * the active command table is going to be re-allocated,
9210 			 * so there will be nothing to check against a time out.
9211 			 * Instead, mark the command as failed due to reset.
9212 			 */
9213 			mptsas_set_pkt_reason(mpt, cmd, CMD_RESET,
9214 			    STAT_BUS_RESET);
9215 			if ((cmd->cmd_flags &
9216 			    (CFLAG_PASSTHRU | CFLAG_CONFIG | CFLAG_FW_DIAG))) {
9217 				cmd->cmd_flags |= CFLAG_FINISHED;
9218 				cv_broadcast(&mpt->m_passthru_cv);
9219 				cv_broadcast(&mpt->m_config_cv);
9220 				cv_broadcast(&mpt->m_fw_diag_cv);
9221 			}
9222 			continue;
9223 		}
9224 
9225 		NDBG25(("mptsas_flush_hba discovered non-NULL cmd in slot %d",
9226 		    slot));
9227 		mptsas_dump_cmd(mpt, cmd);
9228 
9229 		mptsas_remove_cmd(mpt, cmd);
9230 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
9231 		mptsas_doneq_add(mpt, cmd);
9232 	}
9233 
9234 	/*
9235 	 * Flush the waitq.
9236 	 */
9237 	while ((cmd = mptsas_waitq_rm(mpt)) != NULL) {
9238 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
9239 		if ((cmd->cmd_flags & CFLAG_PASSTHRU) ||
9240 		    (cmd->cmd_flags & CFLAG_CONFIG) ||
9241 		    (cmd->cmd_flags & CFLAG_FW_DIAG)) {
9242 			cmd->cmd_flags |= CFLAG_FINISHED;
9243 			cv_broadcast(&mpt->m_passthru_cv);
9244 			cv_broadcast(&mpt->m_config_cv);
9245 			cv_broadcast(&mpt->m_fw_diag_cv);
9246 		} else {
9247 			mptsas_doneq_add(mpt, cmd);
9248 		}
9249 	}
9250 
9251 	/*
9252 	 * Flush the tx_waitq
9253 	 */
9254 	mutex_enter(&mpt->m_tx_waitq_mutex);
9255 	while ((cmd = mptsas_tx_waitq_rm(mpt)) != NULL) {
9256 		mutex_exit(&mpt->m_tx_waitq_mutex);
9257 		mptsas_set_pkt_reason(mpt, cmd, CMD_RESET, STAT_BUS_RESET);
9258 		mptsas_doneq_add(mpt, cmd);
9259 		mutex_enter(&mpt->m_tx_waitq_mutex);
9260 	}
9261 	mutex_exit(&mpt->m_tx_waitq_mutex);
9262 
9263 	/*
9264 	 * Drain the taskqs prior to reallocating resources.
9265 	 */
9266 	mutex_exit(&mpt->m_mutex);
9267 	ddi_taskq_wait(mpt->m_event_taskq);
9268 	ddi_taskq_wait(mpt->m_dr_taskq);
9269 	mutex_enter(&mpt->m_mutex);
9270 }
9271 
9272 /*
9273  * set pkt_reason and OR in pkt_statistics flag
9274  */
9275 static void
9276 mptsas_set_pkt_reason(mptsas_t *mpt, mptsas_cmd_t *cmd, uchar_t reason,
9277     uint_t stat)
9278 {
9279 #ifndef __lock_lint
9280 	_NOTE(ARGUNUSED(mpt))
9281 #endif
9282 
9283 	NDBG25(("mptsas_set_pkt_reason: cmd=0x%p reason=%x stat=%x",
9284 	    (void *)cmd, reason, stat));
9285 
9286 	if (cmd) {
9287 		if (cmd->cmd_pkt->pkt_reason == CMD_CMPLT) {
9288 			cmd->cmd_pkt->pkt_reason = reason;
9289 		}
9290 		cmd->cmd_pkt->pkt_statistics |= stat;
9291 	}
9292 }
9293 
9294 static void
9295 mptsas_start_watch_reset_delay()
9296 {
9297 	NDBG22(("mptsas_start_watch_reset_delay"));
9298 
9299 	mutex_enter(&mptsas_global_mutex);
9300 	if (mptsas_reset_watch == NULL && mptsas_timeouts_enabled) {
9301 		mptsas_reset_watch = timeout(mptsas_watch_reset_delay, NULL,
9302 		    drv_usectohz((clock_t)
9303 		    MPTSAS_WATCH_RESET_DELAY_TICK * 1000));
9304 		ASSERT(mptsas_reset_watch != NULL);
9305 	}
9306 	mutex_exit(&mptsas_global_mutex);
9307 }
9308 
9309 static void
9310 mptsas_setup_bus_reset_delay(mptsas_t *mpt)
9311 {
9312 	mptsas_target_t	*ptgt = NULL;
9313 
9314 	ASSERT(MUTEX_HELD(&mpt->m_mutex));
9315 
9316 	NDBG22(("mptsas_setup_bus_reset_delay"));
9317 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
9318 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
9319 		mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
9320 		ptgt->m_reset_delay = mpt->m_scsi_reset_delay;
9321 	}
9322 
9323 	mptsas_start_watch_reset_delay();
9324 }
9325 
9326 /*
9327  * mptsas_watch_reset_delay(_subr) is invoked by timeout() and checks every
9328  * mpt instance for active reset delays
9329  */
9330 static void
9331 mptsas_watch_reset_delay(void *arg)
9332 {
9333 #ifndef __lock_lint
9334 	_NOTE(ARGUNUSED(arg))
9335 #endif
9336 
9337 	mptsas_t	*mpt;
9338 	int		not_done = 0;
9339 
9340 	NDBG22(("mptsas_watch_reset_delay"));
9341 
9342 	mutex_enter(&mptsas_global_mutex);
9343 	mptsas_reset_watch = 0;
9344 	mutex_exit(&mptsas_global_mutex);
9345 	rw_enter(&mptsas_global_rwlock, RW_READER);
9346 	for (mpt = mptsas_head; mpt != NULL; mpt = mpt->m_next) {
9347 		if (mpt->m_tran == 0) {
9348 			continue;
9349 		}
9350 		mutex_enter(&mpt->m_mutex);
9351 		not_done += mptsas_watch_reset_delay_subr(mpt);
9352 		mutex_exit(&mpt->m_mutex);
9353 	}
9354 	rw_exit(&mptsas_global_rwlock);
9355 
9356 	if (not_done) {
9357 		mptsas_start_watch_reset_delay();
9358 	}
9359 }
9360 
9361 static int
9362 mptsas_watch_reset_delay_subr(mptsas_t *mpt)
9363 {
9364 	int		done = 0;
9365 	int		restart = 0;
9366 	mptsas_target_t	*ptgt = NULL;
9367 
9368 	NDBG22(("mptsas_watch_reset_delay_subr: mpt=0x%p", (void *)mpt));
9369 
9370 	ASSERT(mutex_owned(&mpt->m_mutex));
9371 
9372 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
9373 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
9374 		if (ptgt->m_reset_delay != 0) {
9375 			ptgt->m_reset_delay -=
9376 			    MPTSAS_WATCH_RESET_DELAY_TICK;
9377 			if (ptgt->m_reset_delay <= 0) {
9378 				ptgt->m_reset_delay = 0;
9379 				mptsas_set_throttle(mpt, ptgt,
9380 				    MAX_THROTTLE);
9381 				restart++;
9382 			} else {
9383 				done = -1;
9384 			}
9385 		}
9386 	}
9387 
9388 	if (restart > 0) {
9389 		mptsas_restart_hba(mpt);
9390 	}
9391 	return (done);
9392 }
9393 
9394 #ifdef MPTSAS_TEST
9395 static void
9396 mptsas_test_reset(mptsas_t *mpt, int target)
9397 {
9398 	mptsas_target_t    *ptgt = NULL;
9399 
9400 	if (mptsas_rtest == target) {
9401 		if (mptsas_do_scsi_reset(mpt, target) == TRUE) {
9402 			mptsas_rtest = -1;
9403 		}
9404 		if (mptsas_rtest == -1) {
9405 			NDBG22(("mptsas_test_reset success"));
9406 		}
9407 	}
9408 }
9409 #endif
9410 
9411 /*
9412  * abort handling:
9413  *
9414  * Notes:
9415  *	- if pkt is not NULL, abort just that command
9416  *	- if pkt is NULL, abort all outstanding commands for target
9417  */
9418 static int
9419 mptsas_scsi_abort(struct scsi_address *ap, struct scsi_pkt *pkt)
9420 {
9421 	mptsas_t		*mpt = ADDR2MPT(ap);
9422 	int			rval;
9423 	mptsas_tgt_private_t	*tgt_private;
9424 	int			target, lun;
9425 
9426 	tgt_private = (mptsas_tgt_private_t *)ap->a_hba_tran->
9427 	    tran_tgt_private;
9428 	ASSERT(tgt_private != NULL);
9429 	target = tgt_private->t_private->m_devhdl;
9430 	lun = tgt_private->t_lun;
9431 
9432 	NDBG23(("mptsas_scsi_abort: target=%d.%d", target, lun));
9433 
9434 	mutex_enter(&mpt->m_mutex);
9435 	rval = mptsas_do_scsi_abort(mpt, target, lun, pkt);
9436 	mutex_exit(&mpt->m_mutex);
9437 	return (rval);
9438 }
9439 
9440 static int
9441 mptsas_do_scsi_abort(mptsas_t *mpt, int target, int lun, struct scsi_pkt *pkt)
9442 {
9443 	mptsas_cmd_t	*sp = NULL;
9444 	mptsas_slots_t	*slots = mpt->m_active;
9445 	int		rval = FALSE;
9446 
9447 	ASSERT(mutex_owned(&mpt->m_mutex));
9448 
9449 	/*
9450 	 * Abort the command pkt on the target/lun in ap.  If pkt is
9451 	 * NULL, abort all outstanding commands on that target/lun.
9452 	 * If you can abort them, return 1, else return 0.
9453 	 * Each packet that's aborted should be sent back to the target
9454 	 * driver through the callback routine, with pkt_reason set to
9455 	 * CMD_ABORTED.
9456 	 *
9457 	 * abort cmd pkt on HBA hardware; clean out of outstanding
9458 	 * command lists, etc.
9459 	 */
9460 	if (pkt != NULL) {
9461 		/* abort the specified packet */
9462 		sp = PKT2CMD(pkt);
9463 
9464 		if (sp->cmd_queued) {
9465 			NDBG23(("mptsas_do_scsi_abort: queued sp=0x%p aborted",
9466 			    (void *)sp));
9467 			mptsas_waitq_delete(mpt, sp);
9468 			mptsas_set_pkt_reason(mpt, sp, CMD_ABORTED,
9469 			    STAT_ABORTED);
9470 			mptsas_doneq_add(mpt, sp);
9471 			rval = TRUE;
9472 			goto done;
9473 		}
9474 
9475 		/*
9476 		 * Have mpt firmware abort this command
9477 		 */
9478 
9479 		if (slots->m_slot[sp->cmd_slot] != NULL) {
9480 			rval = mptsas_ioc_task_management(mpt,
9481 			    MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK, target,
9482 			    lun, NULL, 0, 0);
9483 
9484 			/*
9485 			 * The transport layer expects only TRUE and FALSE.
9486 			 * Therefore, if mptsas_ioc_task_management returns
9487 			 * FAILED we will return FALSE.
9488 			 */
9489 			if (rval == FAILED)
9490 				rval = FALSE;
9491 			goto done;
9492 		}
9493 	}
9494 
9495 	/*
9496 	 * If pkt is NULL then abort task set
9497 	 */
9498 	rval = mptsas_ioc_task_management(mpt,
9499 	    MPI2_SCSITASKMGMT_TASKTYPE_ABRT_TASK_SET, target, lun, NULL, 0, 0);
9500 
9501 	/*
9502 	 * The transport layer expects only TRUE and FALSE.
9503 	 * Therefore, if mptsas_ioc_task_management returns
9504 	 * FAILED we will return FALSE.
9505 	 */
9506 	if (rval == FAILED)
9507 		rval = FALSE;
9508 
9509 #ifdef MPTSAS_TEST
9510 	if (rval && mptsas_test_stop) {
9511 		debug_enter("mptsas_do_scsi_abort");
9512 	}
9513 #endif
9514 
9515 done:
9516 	mptsas_doneq_empty(mpt);
9517 	return (rval);
9518 }
9519 
9520 /*
9521  * capability handling:
9522  * (*tran_getcap).  Get the capability named, and return its value.
9523  */
9524 static int
9525 mptsas_scsi_getcap(struct scsi_address *ap, char *cap, int tgtonly)
9526 {
9527 	mptsas_t	*mpt = ADDR2MPT(ap);
9528 	int		ckey;
9529 	int		rval = FALSE;
9530 
9531 	NDBG24(("mptsas_scsi_getcap: target=%d, cap=%s tgtonly=%x",
9532 	    ap->a_target, cap, tgtonly));
9533 
9534 	mutex_enter(&mpt->m_mutex);
9535 
9536 	if ((mptsas_scsi_capchk(cap, tgtonly, &ckey)) != TRUE) {
9537 		mutex_exit(&mpt->m_mutex);
9538 		return (UNDEFINED);
9539 	}
9540 
9541 	switch (ckey) {
9542 	case SCSI_CAP_DMA_MAX:
9543 		rval = (int)mpt->m_msg_dma_attr.dma_attr_maxxfer;
9544 		break;
9545 	case SCSI_CAP_ARQ:
9546 		rval = TRUE;
9547 		break;
9548 	case SCSI_CAP_MSG_OUT:
9549 	case SCSI_CAP_PARITY:
9550 	case SCSI_CAP_UNTAGGED_QING:
9551 		rval = TRUE;
9552 		break;
9553 	case SCSI_CAP_TAGGED_QING:
9554 		rval = TRUE;
9555 		break;
9556 	case SCSI_CAP_RESET_NOTIFICATION:
9557 		rval = TRUE;
9558 		break;
9559 	case SCSI_CAP_LINKED_CMDS:
9560 		rval = FALSE;
9561 		break;
9562 	case SCSI_CAP_QFULL_RETRIES:
9563 		rval = ((mptsas_tgt_private_t *)(ap->a_hba_tran->
9564 		    tran_tgt_private))->t_private->m_qfull_retries;
9565 		break;
9566 	case SCSI_CAP_QFULL_RETRY_INTERVAL:
9567 		rval = drv_hztousec(((mptsas_tgt_private_t *)
9568 		    (ap->a_hba_tran->tran_tgt_private))->
9569 		    t_private->m_qfull_retry_interval) / 1000;
9570 		break;
9571 	case SCSI_CAP_CDB_LEN:
9572 		rval = CDB_GROUP4;
9573 		break;
9574 	case SCSI_CAP_INTERCONNECT_TYPE:
9575 		rval = INTERCONNECT_SAS;
9576 		break;
9577 	case SCSI_CAP_TRAN_LAYER_RETRIES:
9578 		if (mpt->m_ioc_capabilities &
9579 		    MPI2_IOCFACTS_CAPABILITY_TLR)
9580 			rval = TRUE;
9581 		else
9582 			rval = FALSE;
9583 		break;
9584 	default:
9585 		rval = UNDEFINED;
9586 		break;
9587 	}
9588 
9589 	NDBG24(("mptsas_scsi_getcap: %s, rval=%x", cap, rval));
9590 
9591 	mutex_exit(&mpt->m_mutex);
9592 	return (rval);
9593 }
9594 
9595 /*
9596  * (*tran_setcap).  Set the capability named to the value given.
9597  */
9598 static int
9599 mptsas_scsi_setcap(struct scsi_address *ap, char *cap, int value, int tgtonly)
9600 {
9601 	mptsas_t	*mpt = ADDR2MPT(ap);
9602 	int		ckey;
9603 	int		rval = FALSE;
9604 
9605 	NDBG24(("mptsas_scsi_setcap: target=%d, cap=%s value=%x tgtonly=%x",
9606 	    ap->a_target, cap, value, tgtonly));
9607 
9608 	if (!tgtonly) {
9609 		return (rval);
9610 	}
9611 
9612 	mutex_enter(&mpt->m_mutex);
9613 
9614 	if ((mptsas_scsi_capchk(cap, tgtonly, &ckey)) != TRUE) {
9615 		mutex_exit(&mpt->m_mutex);
9616 		return (UNDEFINED);
9617 	}
9618 
9619 	switch (ckey) {
9620 	case SCSI_CAP_DMA_MAX:
9621 	case SCSI_CAP_MSG_OUT:
9622 	case SCSI_CAP_PARITY:
9623 	case SCSI_CAP_INITIATOR_ID:
9624 	case SCSI_CAP_LINKED_CMDS:
9625 	case SCSI_CAP_UNTAGGED_QING:
9626 	case SCSI_CAP_RESET_NOTIFICATION:
9627 		/*
9628 		 * None of these are settable via
9629 		 * the capability interface.
9630 		 */
9631 		break;
9632 	case SCSI_CAP_ARQ:
9633 		/*
9634 		 * We cannot turn off arq so return false if asked to
9635 		 */
9636 		if (value) {
9637 			rval = TRUE;
9638 		} else {
9639 			rval = FALSE;
9640 		}
9641 		break;
9642 	case SCSI_CAP_TAGGED_QING:
9643 		mptsas_set_throttle(mpt, ((mptsas_tgt_private_t *)
9644 		    (ap->a_hba_tran->tran_tgt_private))->t_private,
9645 		    MAX_THROTTLE);
9646 		rval = TRUE;
9647 		break;
9648 	case SCSI_CAP_QFULL_RETRIES:
9649 		((mptsas_tgt_private_t *)(ap->a_hba_tran->tran_tgt_private))->
9650 		    t_private->m_qfull_retries = (uchar_t)value;
9651 		rval = TRUE;
9652 		break;
9653 	case SCSI_CAP_QFULL_RETRY_INTERVAL:
9654 		((mptsas_tgt_private_t *)(ap->a_hba_tran->tran_tgt_private))->
9655 		    t_private->m_qfull_retry_interval =
9656 		    drv_usectohz(value * 1000);
9657 		rval = TRUE;
9658 		break;
9659 	default:
9660 		rval = UNDEFINED;
9661 		break;
9662 	}
9663 	mutex_exit(&mpt->m_mutex);
9664 	return (rval);
9665 }
9666 
9667 /*
9668  * Utility routine for mptsas_ifsetcap/ifgetcap
9669  */
9670 /*ARGSUSED*/
9671 static int
9672 mptsas_scsi_capchk(char *cap, int tgtonly, int *cidxp)
9673 {
9674 	NDBG24(("mptsas_scsi_capchk: cap=%s", cap));
9675 
9676 	if (!cap)
9677 		return (FALSE);
9678 
9679 	*cidxp = scsi_hba_lookup_capstr(cap);
9680 	return (TRUE);
9681 }
9682 
9683 static int
9684 mptsas_alloc_active_slots(mptsas_t *mpt, int flag)
9685 {
9686 	mptsas_slots_t	*old_active = mpt->m_active;
9687 	mptsas_slots_t	*new_active;
9688 	size_t		size;
9689 
9690 	/*
9691 	 * if there are active commands, then we cannot
9692 	 * change size of active slots array.
9693 	 */
9694 	ASSERT(mpt->m_ncmds == 0);
9695 
9696 	size = MPTSAS_SLOTS_SIZE(mpt);
9697 	new_active = kmem_zalloc(size, flag);
9698 	if (new_active == NULL) {
9699 		NDBG1(("new active alloc failed"));
9700 		return (-1);
9701 	}
9702 	/*
9703 	 * Since SMID 0 is reserved and the TM slot is reserved, the
9704 	 * number of slots that can be used at any one time is
9705 	 * m_max_requests - 2.
9706 	 */
9707 	new_active->m_n_normal = (mpt->m_max_requests - 2);
9708 	new_active->m_size = size;
9709 	new_active->m_rotor = 1;
9710 	if (old_active)
9711 		mptsas_free_active_slots(mpt);
9712 	mpt->m_active = new_active;
9713 
9714 	return (0);
9715 }
9716 
9717 static void
9718 mptsas_free_active_slots(mptsas_t *mpt)
9719 {
9720 	mptsas_slots_t	*active = mpt->m_active;
9721 	size_t		size;
9722 
9723 	if (active == NULL)
9724 		return;
9725 	size = active->m_size;
9726 	kmem_free(active, size);
9727 	mpt->m_active = NULL;
9728 }
9729 
9730 /*
9731  * Error logging, printing, and debug print routines.
9732  */
9733 static char *mptsas_label = "mpt_sas";
9734 
9735 /*PRINTFLIKE3*/
9736 void
9737 mptsas_log(mptsas_t *mpt, int level, char *fmt, ...)
9738 {
9739 	dev_info_t	*dev;
9740 	va_list		ap;
9741 
9742 	if (mpt) {
9743 		dev = mpt->m_dip;
9744 	} else {
9745 		dev = 0;
9746 	}
9747 
9748 	mutex_enter(&mptsas_log_mutex);
9749 
9750 	va_start(ap, fmt);
9751 	(void) vsprintf(mptsas_log_buf, fmt, ap);
9752 	va_end(ap);
9753 
9754 	if (level == CE_CONT) {
9755 		scsi_log(dev, mptsas_label, level, "%s\n", mptsas_log_buf);
9756 	} else {
9757 		scsi_log(dev, mptsas_label, level, "%s", mptsas_log_buf);
9758 	}
9759 
9760 	mutex_exit(&mptsas_log_mutex);
9761 }
9762 
9763 #ifdef MPTSAS_DEBUG
9764 /*
9765  * Use a circular buffer to log messages to private memory.
9766  * Increment idx atomically to minimize risk to miss lines.
9767  * It's fast and does not hold up the proceedings too much.
9768  */
9769 static const size_t mptsas_dbglog_linecnt = MPTSAS_DBGLOG_LINECNT;
9770 static const size_t mptsas_dbglog_linelen = MPTSAS_DBGLOG_LINELEN;
9771 static char mptsas_dbglog_bufs[MPTSAS_DBGLOG_LINECNT][MPTSAS_DBGLOG_LINELEN];
9772 static uint32_t mptsas_dbglog_idx = 0;
9773 
9774 /*PRINTFLIKE1*/
9775 void
9776 mptsas_debug_log(char *fmt, ...)
9777 {
9778 	va_list		ap;
9779 	uint32_t	idx;
9780 
9781 	idx = atomic_inc_32_nv(&mptsas_dbglog_idx) &
9782 	    (mptsas_dbglog_linecnt - 1);
9783 
9784 	va_start(ap, fmt);
9785 	(void) vsnprintf(mptsas_dbglog_bufs[idx],
9786 	    mptsas_dbglog_linelen, fmt, ap);
9787 	va_end(ap);
9788 }
9789 
9790 /*PRINTFLIKE1*/
9791 void
9792 mptsas_printf(char *fmt, ...)
9793 {
9794 	dev_info_t	*dev = 0;
9795 	va_list		ap;
9796 
9797 	mutex_enter(&mptsas_log_mutex);
9798 
9799 	va_start(ap, fmt);
9800 	(void) vsprintf(mptsas_log_buf, fmt, ap);
9801 	va_end(ap);
9802 
9803 #ifdef PROM_PRINTF
9804 	prom_printf("%s:\t%s\n", mptsas_label, mptsas_log_buf);
9805 #else
9806 	scsi_log(dev, mptsas_label, CE_CONT, "!%s\n", mptsas_log_buf);
9807 #endif
9808 	mutex_exit(&mptsas_log_mutex);
9809 }
9810 #endif
9811 
9812 /*
9813  * timeout handling
9814  */
9815 static void
9816 mptsas_watch(void *arg)
9817 {
9818 #ifndef __lock_lint
9819 	_NOTE(ARGUNUSED(arg))
9820 #endif
9821 
9822 	mptsas_t	*mpt;
9823 	uint32_t	doorbell;
9824 
9825 	NDBG30(("mptsas_watch"));
9826 
9827 	rw_enter(&mptsas_global_rwlock, RW_READER);
9828 	for (mpt = mptsas_head; mpt != (mptsas_t *)NULL; mpt = mpt->m_next) {
9829 
9830 		mutex_enter(&mpt->m_mutex);
9831 
9832 		/* Skip device if not powered on */
9833 		if (mpt->m_options & MPTSAS_OPT_PM) {
9834 			if (mpt->m_power_level == PM_LEVEL_D0) {
9835 				(void) pm_busy_component(mpt->m_dip, 0);
9836 				mpt->m_busy = 1;
9837 			} else {
9838 				mutex_exit(&mpt->m_mutex);
9839 				continue;
9840 			}
9841 		}
9842 
9843 		/*
9844 		 * Check if controller is in a FAULT state. If so, reset it.
9845 		 */
9846 		doorbell = ddi_get32(mpt->m_datap, &mpt->m_reg->Doorbell);
9847 		if ((doorbell & MPI2_IOC_STATE_MASK) == MPI2_IOC_STATE_FAULT) {
9848 			doorbell &= MPI2_DOORBELL_DATA_MASK;
9849 			mptsas_log(mpt, CE_WARN, "MPT Firmware Fault, "
9850 			    "code: %04x", doorbell);
9851 			mpt->m_softstate &= ~MPTSAS_SS_MSG_UNIT_RESET;
9852 			if ((mptsas_restart_ioc(mpt)) == DDI_FAILURE) {
9853 				mptsas_log(mpt, CE_WARN, "Reset failed"
9854 				    "after fault was detected");
9855 			}
9856 		}
9857 
9858 		/*
9859 		 * For now, always call mptsas_watchsubr.
9860 		 */
9861 		mptsas_watchsubr(mpt);
9862 
9863 		if (mpt->m_options & MPTSAS_OPT_PM) {
9864 			mpt->m_busy = 0;
9865 			(void) pm_idle_component(mpt->m_dip, 0);
9866 		}
9867 
9868 		mutex_exit(&mpt->m_mutex);
9869 	}
9870 	rw_exit(&mptsas_global_rwlock);
9871 
9872 	mutex_enter(&mptsas_global_mutex);
9873 	if (mptsas_timeouts_enabled)
9874 		mptsas_timeout_id = timeout(mptsas_watch, NULL, mptsas_tick);
9875 	mutex_exit(&mptsas_global_mutex);
9876 }
9877 
9878 static void
9879 mptsas_watchsubr(mptsas_t *mpt)
9880 {
9881 	int		i;
9882 	mptsas_cmd_t	*cmd;
9883 	mptsas_target_t	*ptgt = NULL;
9884 	hrtime_t	timestamp = gethrtime();
9885 
9886 	ASSERT(MUTEX_HELD(&mpt->m_mutex));
9887 
9888 	NDBG30(("mptsas_watchsubr: mpt=0x%p", (void *)mpt));
9889 
9890 #ifdef MPTSAS_TEST
9891 	if (mptsas_enable_untagged) {
9892 		mptsas_test_untagged++;
9893 	}
9894 #endif
9895 
9896 	/*
9897 	 * Check for commands stuck in active slot
9898 	 * Account for TM requests, which use the last SMID.
9899 	 */
9900 	for (i = 0; i <= mpt->m_active->m_n_normal; i++) {
9901 		if ((cmd = mpt->m_active->m_slot[i]) != NULL) {
9902 			if (cmd->cmd_active_expiration <= timestamp) {
9903 				if ((cmd->cmd_flags & CFLAG_CMDIOC) == 0) {
9904 					/*
9905 					 * There seems to be a command stuck
9906 					 * in the active slot.  Drain throttle.
9907 					 */
9908 					mptsas_set_throttle(mpt,
9909 					    cmd->cmd_tgt_addr,
9910 					    DRAIN_THROTTLE);
9911 				} else if (cmd->cmd_flags &
9912 				    (CFLAG_PASSTHRU | CFLAG_CONFIG |
9913 				    CFLAG_FW_DIAG)) {
9914 					/*
9915 					 * passthrough command timeout
9916 					 */
9917 					cmd->cmd_flags |= (CFLAG_FINISHED |
9918 					    CFLAG_TIMEOUT);
9919 					cv_broadcast(&mpt->m_passthru_cv);
9920 					cv_broadcast(&mpt->m_config_cv);
9921 					cv_broadcast(&mpt->m_fw_diag_cv);
9922 				}
9923 			}
9924 		}
9925 	}
9926 
9927 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
9928 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
9929 		/*
9930 		 * If we were draining due to a qfull condition,
9931 		 * go back to full throttle.
9932 		 */
9933 		if ((ptgt->m_t_throttle < MAX_THROTTLE) &&
9934 		    (ptgt->m_t_throttle > HOLD_THROTTLE) &&
9935 		    (ptgt->m_t_ncmds < ptgt->m_t_throttle)) {
9936 			mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
9937 			mptsas_restart_hba(mpt);
9938 		}
9939 
9940 		cmd = TAILQ_LAST(&ptgt->m_active_cmdq, mptsas_active_cmdq);
9941 		if (cmd == NULL)
9942 			continue;
9943 
9944 		if (cmd->cmd_active_expiration <= timestamp) {
9945 			/*
9946 			 * Earliest command timeout expired. Drain throttle.
9947 			 */
9948 			mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
9949 
9950 			/*
9951 			 * Check for remaining commands.
9952 			 */
9953 			cmd = TAILQ_FIRST(&ptgt->m_active_cmdq);
9954 			if (cmd->cmd_active_expiration > timestamp) {
9955 				/*
9956 				 * Wait for remaining commands to complete or
9957 				 * time out.
9958 				 */
9959 				NDBG23(("command timed out, pending drain"));
9960 				continue;
9961 			}
9962 
9963 			/*
9964 			 * All command timeouts expired.
9965 			 */
9966 			mptsas_log(mpt, CE_NOTE, "Timeout of %d seconds "
9967 			    "expired with %d commands on target %d lun %d.",
9968 			    cmd->cmd_pkt->pkt_time, ptgt->m_t_ncmds,
9969 			    ptgt->m_devhdl, Lun(cmd));
9970 
9971 			mptsas_cmd_timeout(mpt, ptgt);
9972 		} else if (cmd->cmd_active_expiration <=
9973 		    timestamp + (hrtime_t)mptsas_scsi_watchdog_tick * NANOSEC) {
9974 			NDBG23(("pending timeout"));
9975 			mptsas_set_throttle(mpt, ptgt, DRAIN_THROTTLE);
9976 		}
9977 	}
9978 }
9979 
9980 /*
9981  * timeout recovery
9982  */
9983 static void
9984 mptsas_cmd_timeout(mptsas_t *mpt, mptsas_target_t *ptgt)
9985 {
9986 	uint16_t	devhdl;
9987 	uint64_t	sas_wwn;
9988 	uint8_t		phy;
9989 	char		wwn_str[MPTSAS_WWN_STRLEN];
9990 
9991 	devhdl = ptgt->m_devhdl;
9992 	sas_wwn = ptgt->m_addr.mta_wwn;
9993 	phy = ptgt->m_phynum;
9994 	if (sas_wwn == 0) {
9995 		(void) sprintf(wwn_str, "p%x", phy);
9996 	} else {
9997 		(void) sprintf(wwn_str, "w%016"PRIx64, sas_wwn);
9998 	}
9999 
10000 	NDBG29(("mptsas_cmd_timeout: target=%d", devhdl));
10001 	mptsas_log(mpt, CE_WARN, "Disconnected command timeout for "
10002 	    "target %d %s, enclosure %u", devhdl, wwn_str,
10003 	    ptgt->m_enclosure);
10004 
10005 	/*
10006 	 * Abort all outstanding commands on the device.
10007 	 */
10008 	NDBG29(("mptsas_cmd_timeout: device reset"));
10009 	if (mptsas_do_scsi_reset(mpt, devhdl) != TRUE) {
10010 		mptsas_log(mpt, CE_WARN, "Target %d reset for command timeout "
10011 		    "recovery failed!", devhdl);
10012 	}
10013 }
10014 
10015 /*
10016  * Device / Hotplug control
10017  */
10018 static int
10019 mptsas_scsi_quiesce(dev_info_t *dip)
10020 {
10021 	mptsas_t	*mpt;
10022 	scsi_hba_tran_t	*tran;
10023 
10024 	tran = ddi_get_driver_private(dip);
10025 	if (tran == NULL || (mpt = TRAN2MPT(tran)) == NULL)
10026 		return (-1);
10027 
10028 	return (mptsas_quiesce_bus(mpt));
10029 }
10030 
10031 static int
10032 mptsas_scsi_unquiesce(dev_info_t *dip)
10033 {
10034 	mptsas_t		*mpt;
10035 	scsi_hba_tran_t	*tran;
10036 
10037 	tran = ddi_get_driver_private(dip);
10038 	if (tran == NULL || (mpt = TRAN2MPT(tran)) == NULL)
10039 		return (-1);
10040 
10041 	return (mptsas_unquiesce_bus(mpt));
10042 }
10043 
10044 static int
10045 mptsas_quiesce_bus(mptsas_t *mpt)
10046 {
10047 	mptsas_target_t	*ptgt = NULL;
10048 
10049 	NDBG28(("mptsas_quiesce_bus"));
10050 	mutex_enter(&mpt->m_mutex);
10051 
10052 	/* Set all the throttles to zero */
10053 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
10054 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
10055 		mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
10056 	}
10057 
10058 	/* If there are any outstanding commands in the queue */
10059 	if (mpt->m_ncmds) {
10060 		mpt->m_softstate |= MPTSAS_SS_DRAINING;
10061 		mpt->m_quiesce_timeid = timeout(mptsas_ncmds_checkdrain,
10062 		    mpt, (MPTSAS_QUIESCE_TIMEOUT * drv_usectohz(1000000)));
10063 		if (cv_wait_sig(&mpt->m_cv, &mpt->m_mutex) == 0) {
10064 			/*
10065 			 * Quiesce has been interrupted
10066 			 */
10067 			mpt->m_softstate &= ~MPTSAS_SS_DRAINING;
10068 			for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
10069 			    ptgt = refhash_next(mpt->m_targets, ptgt)) {
10070 				mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
10071 			}
10072 			mptsas_restart_hba(mpt);
10073 			if (mpt->m_quiesce_timeid != 0) {
10074 				timeout_id_t tid = mpt->m_quiesce_timeid;
10075 				mpt->m_quiesce_timeid = 0;
10076 				mutex_exit(&mpt->m_mutex);
10077 				(void) untimeout(tid);
10078 				return (-1);
10079 			}
10080 			mutex_exit(&mpt->m_mutex);
10081 			return (-1);
10082 		} else {
10083 			/* Bus has been quiesced */
10084 			ASSERT(mpt->m_quiesce_timeid == 0);
10085 			mpt->m_softstate &= ~MPTSAS_SS_DRAINING;
10086 			mpt->m_softstate |= MPTSAS_SS_QUIESCED;
10087 			mutex_exit(&mpt->m_mutex);
10088 			return (0);
10089 		}
10090 	}
10091 	/* Bus was not busy - QUIESCED */
10092 	mutex_exit(&mpt->m_mutex);
10093 
10094 	return (0);
10095 }
10096 
10097 static int
10098 mptsas_unquiesce_bus(mptsas_t *mpt)
10099 {
10100 	mptsas_target_t	*ptgt = NULL;
10101 
10102 	NDBG28(("mptsas_unquiesce_bus"));
10103 	mutex_enter(&mpt->m_mutex);
10104 	mpt->m_softstate &= ~MPTSAS_SS_QUIESCED;
10105 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
10106 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
10107 		mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
10108 	}
10109 	mptsas_restart_hba(mpt);
10110 	mutex_exit(&mpt->m_mutex);
10111 	return (0);
10112 }
10113 
10114 static void
10115 mptsas_ncmds_checkdrain(void *arg)
10116 {
10117 	mptsas_t	*mpt = arg;
10118 	mptsas_target_t	*ptgt = NULL;
10119 
10120 	mutex_enter(&mpt->m_mutex);
10121 	if (mpt->m_softstate & MPTSAS_SS_DRAINING) {
10122 		mpt->m_quiesce_timeid = 0;
10123 		if (mpt->m_ncmds == 0) {
10124 			/* Command queue has been drained */
10125 			cv_signal(&mpt->m_cv);
10126 		} else {
10127 			/*
10128 			 * The throttle may have been reset because
10129 			 * of a SCSI bus reset
10130 			 */
10131 			for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
10132 			    ptgt = refhash_next(mpt->m_targets, ptgt)) {
10133 				mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
10134 			}
10135 
10136 			mpt->m_quiesce_timeid = timeout(mptsas_ncmds_checkdrain,
10137 			    mpt, (MPTSAS_QUIESCE_TIMEOUT *
10138 			    drv_usectohz(1000000)));
10139 		}
10140 	}
10141 	mutex_exit(&mpt->m_mutex);
10142 }
10143 
10144 /*ARGSUSED*/
10145 static void
10146 mptsas_dump_cmd(mptsas_t *mpt, mptsas_cmd_t *cmd)
10147 {
10148 	int	i;
10149 	uint8_t	*cp = (uchar_t *)cmd->cmd_pkt->pkt_cdbp;
10150 	char	buf[128];
10151 
10152 	buf[0] = '\0';
10153 	NDBG25(("?Cmd (0x%p) dump for Target %d Lun %d:\n", (void *)cmd,
10154 	    Tgt(cmd), Lun(cmd)));
10155 	(void) sprintf(&buf[0], "\tcdb=[");
10156 	for (i = 0; i < (int)cmd->cmd_cdblen; i++) {
10157 		(void) sprintf(&buf[strlen(buf)], " 0x%x", *cp++);
10158 	}
10159 	(void) sprintf(&buf[strlen(buf)], " ]");
10160 	NDBG25(("?%s\n", buf));
10161 	NDBG25(("?pkt_flags=0x%x pkt_statistics=0x%x pkt_state=0x%x\n",
10162 	    cmd->cmd_pkt->pkt_flags, cmd->cmd_pkt->pkt_statistics,
10163 	    cmd->cmd_pkt->pkt_state));
10164 	NDBG25(("?pkt_scbp=0x%x cmd_flags=0x%x\n", cmd->cmd_pkt->pkt_scbp ?
10165 	    *(cmd->cmd_pkt->pkt_scbp) : 0, cmd->cmd_flags));
10166 }
10167 
10168 static void
10169 mptsas_passthru_sge(ddi_acc_handle_t acc_hdl, mptsas_pt_request_t *pt,
10170     pMpi2SGESimple64_t sgep)
10171 {
10172 	uint32_t		sge_flags;
10173 	uint32_t		data_size, dataout_size;
10174 	ddi_dma_cookie_t	data_cookie;
10175 	ddi_dma_cookie_t	dataout_cookie;
10176 
10177 	data_size = pt->data_size;
10178 	dataout_size = pt->dataout_size;
10179 	data_cookie = pt->data_cookie;
10180 	dataout_cookie = pt->dataout_cookie;
10181 
10182 	if (dataout_size) {
10183 		sge_flags = dataout_size |
10184 		    ((uint32_t)(MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
10185 		    MPI2_SGE_FLAGS_END_OF_BUFFER |
10186 		    MPI2_SGE_FLAGS_HOST_TO_IOC |
10187 		    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
10188 		    MPI2_SGE_FLAGS_SHIFT);
10189 		ddi_put32(acc_hdl, &sgep->FlagsLength, sge_flags);
10190 		ddi_put32(acc_hdl, &sgep->Address.Low,
10191 		    (uint32_t)(dataout_cookie.dmac_laddress &
10192 		    0xffffffffull));
10193 		ddi_put32(acc_hdl, &sgep->Address.High,
10194 		    (uint32_t)(dataout_cookie.dmac_laddress
10195 		    >> 32));
10196 		sgep++;
10197 	}
10198 	sge_flags = data_size;
10199 	sge_flags |= ((uint32_t)(MPI2_SGE_FLAGS_SIMPLE_ELEMENT |
10200 	    MPI2_SGE_FLAGS_LAST_ELEMENT |
10201 	    MPI2_SGE_FLAGS_END_OF_BUFFER |
10202 	    MPI2_SGE_FLAGS_END_OF_LIST |
10203 	    MPI2_SGE_FLAGS_64_BIT_ADDRESSING) <<
10204 	    MPI2_SGE_FLAGS_SHIFT);
10205 	if (pt->direction == MPTSAS_PASS_THRU_DIRECTION_WRITE) {
10206 		sge_flags |= ((uint32_t)(MPI2_SGE_FLAGS_HOST_TO_IOC) <<
10207 		    MPI2_SGE_FLAGS_SHIFT);
10208 	} else {
10209 		sge_flags |= ((uint32_t)(MPI2_SGE_FLAGS_IOC_TO_HOST) <<
10210 		    MPI2_SGE_FLAGS_SHIFT);
10211 	}
10212 	ddi_put32(acc_hdl, &sgep->FlagsLength,
10213 	    sge_flags);
10214 	ddi_put32(acc_hdl, &sgep->Address.Low,
10215 	    (uint32_t)(data_cookie.dmac_laddress &
10216 	    0xffffffffull));
10217 	ddi_put32(acc_hdl, &sgep->Address.High,
10218 	    (uint32_t)(data_cookie.dmac_laddress >> 32));
10219 }
10220 
10221 static void
10222 mptsas_passthru_ieee_sge(ddi_acc_handle_t acc_hdl, mptsas_pt_request_t *pt,
10223     pMpi2IeeeSgeSimple64_t ieeesgep)
10224 {
10225 	uint8_t			sge_flags;
10226 	uint32_t		data_size, dataout_size;
10227 	ddi_dma_cookie_t	data_cookie;
10228 	ddi_dma_cookie_t	dataout_cookie;
10229 
10230 	data_size = pt->data_size;
10231 	dataout_size = pt->dataout_size;
10232 	data_cookie = pt->data_cookie;
10233 	dataout_cookie = pt->dataout_cookie;
10234 
10235 	sge_flags = (MPI2_IEEE_SGE_FLAGS_SIMPLE_ELEMENT |
10236 	    MPI2_IEEE_SGE_FLAGS_SYSTEM_ADDR);
10237 	if (dataout_size) {
10238 		ddi_put32(acc_hdl, &ieeesgep->Length, dataout_size);
10239 		ddi_put32(acc_hdl, &ieeesgep->Address.Low,
10240 		    (uint32_t)(dataout_cookie.dmac_laddress &
10241 		    0xffffffffull));
10242 		ddi_put32(acc_hdl, &ieeesgep->Address.High,
10243 		    (uint32_t)(dataout_cookie.dmac_laddress >> 32));
10244 		ddi_put8(acc_hdl, &ieeesgep->Flags, sge_flags);
10245 		ieeesgep++;
10246 	}
10247 	sge_flags |= MPI25_IEEE_SGE_FLAGS_END_OF_LIST;
10248 	ddi_put32(acc_hdl, &ieeesgep->Length, data_size);
10249 	ddi_put32(acc_hdl, &ieeesgep->Address.Low,
10250 	    (uint32_t)(data_cookie.dmac_laddress & 0xffffffffull));
10251 	ddi_put32(acc_hdl, &ieeesgep->Address.High,
10252 	    (uint32_t)(data_cookie.dmac_laddress >> 32));
10253 	ddi_put8(acc_hdl, &ieeesgep->Flags, sge_flags);
10254 }
10255 
10256 static void
10257 mptsas_start_passthru(mptsas_t *mpt, mptsas_cmd_t *cmd)
10258 {
10259 	caddr_t			memp;
10260 	pMPI2RequestHeader_t	request_hdrp;
10261 	struct scsi_pkt		*pkt = cmd->cmd_pkt;
10262 	mptsas_pt_request_t	*pt = pkt->pkt_ha_private;
10263 	uint32_t		request_size;
10264 	uint32_t		i;
10265 	uint64_t		request_desc = 0;
10266 	uint8_t			desc_type;
10267 	uint16_t		SMID;
10268 	uint8_t			*request, function;
10269 	ddi_dma_handle_t	dma_hdl = mpt->m_dma_req_frame_hdl;
10270 	ddi_acc_handle_t	acc_hdl = mpt->m_acc_req_frame_hdl;
10271 
10272 	desc_type = MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
10273 
10274 	request = pt->request;
10275 	request_size = pt->request_size;
10276 
10277 	SMID = cmd->cmd_slot;
10278 
10279 	/*
10280 	 * Store the passthrough message in memory location
10281 	 * corresponding to our slot number
10282 	 */
10283 	memp = mpt->m_req_frame + (mpt->m_req_frame_size * SMID);
10284 	request_hdrp = (pMPI2RequestHeader_t)memp;
10285 	bzero(memp, mpt->m_req_frame_size);
10286 
10287 	for (i = 0; i < request_size; i++) {
10288 		bcopy(request + i, memp + i, 1);
10289 	}
10290 
10291 	NDBG15(("mptsas_start_passthru: Func 0x%x, MsgFlags 0x%x, "
10292 	    "size=%d, in %d, out %d, SMID %d", request_hdrp->Function,
10293 	    request_hdrp->MsgFlags, request_size,
10294 	    pt->data_size, pt->dataout_size, SMID));
10295 
10296 	/*
10297 	 * Add an SGE, even if the length is zero.
10298 	 */
10299 	if (mpt->m_MPI25 && pt->simple == 0) {
10300 		mptsas_passthru_ieee_sge(acc_hdl, pt,
10301 		    (pMpi2IeeeSgeSimple64_t)
10302 		    ((uint8_t *)request_hdrp + pt->sgl_offset));
10303 	} else {
10304 		mptsas_passthru_sge(acc_hdl, pt,
10305 		    (pMpi2SGESimple64_t)
10306 		    ((uint8_t *)request_hdrp + pt->sgl_offset));
10307 	}
10308 
10309 	function = request_hdrp->Function;
10310 	if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
10311 	    (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
10312 		pMpi2SCSIIORequest_t	scsi_io_req;
10313 		caddr_t			arsbuf;
10314 		uint8_t			ars_size;
10315 		uint32_t		ars_dmaaddrlow;
10316 
10317 		NDBG15(("mptsas_start_passthru: Is SCSI IO Req"));
10318 		scsi_io_req = (pMpi2SCSIIORequest_t)request_hdrp;
10319 
10320 		if (cmd->cmd_extrqslen != 0) {
10321 			/*
10322 			 * Mapping of the buffer was done in
10323 			 * mptsas_do_passthru().
10324 			 * Calculate the DMA address with the same offset.
10325 			 */
10326 			arsbuf = cmd->cmd_arq_buf;
10327 			ars_size = cmd->cmd_extrqslen;
10328 			ars_dmaaddrlow = (mpt->m_req_sense_dma_addr +
10329 			    ((uintptr_t)arsbuf - (uintptr_t)mpt->m_req_sense)) &
10330 			    0xffffffffu;
10331 		} else {
10332 			arsbuf = mpt->m_req_sense +
10333 			    (mpt->m_req_sense_size * (SMID-1));
10334 			cmd->cmd_arq_buf = arsbuf;
10335 			ars_size = mpt->m_req_sense_size;
10336 			ars_dmaaddrlow = (mpt->m_req_sense_dma_addr +
10337 			    (mpt->m_req_sense_size * (SMID-1))) &
10338 			    0xffffffffu;
10339 		}
10340 		bzero(arsbuf, ars_size);
10341 
10342 		ddi_put8(acc_hdl, &scsi_io_req->SenseBufferLength, ars_size);
10343 		ddi_put32(acc_hdl, &scsi_io_req->SenseBufferLowAddress,
10344 		    ars_dmaaddrlow);
10345 
10346 		/*
10347 		 * Put SGE for data and data_out buffer at the end of
10348 		 * scsi_io_request message header.(64 bytes in total)
10349 		 * Set SGLOffset0 value
10350 		 */
10351 		ddi_put8(acc_hdl, &scsi_io_req->SGLOffset0,
10352 		    offsetof(MPI2_SCSI_IO_REQUEST, SGL) / 4);
10353 
10354 		/*
10355 		 * Setup descriptor info.  RAID passthrough must use the
10356 		 * default request descriptor which is already set, so if this
10357 		 * is a SCSI IO request, change the descriptor to SCSI IO.
10358 		 */
10359 		if (function == MPI2_FUNCTION_SCSI_IO_REQUEST) {
10360 			desc_type = MPI2_REQ_DESCRIPT_FLAGS_SCSI_IO;
10361 			request_desc = ((uint64_t)ddi_get16(acc_hdl,
10362 			    &scsi_io_req->DevHandle) << 48);
10363 		}
10364 		(void) ddi_dma_sync(mpt->m_dma_req_sense_hdl, 0, 0,
10365 		    DDI_DMA_SYNC_FORDEV);
10366 	}
10367 
10368 	/*
10369 	 * We must wait till the message has been completed before
10370 	 * beginning the next message so we wait for this one to
10371 	 * finish.
10372 	 */
10373 	(void) ddi_dma_sync(dma_hdl, 0, 0, DDI_DMA_SYNC_FORDEV);
10374 	request_desc |= (SMID << 16) + desc_type;
10375 	cmd->cmd_rfm = NULL;
10376 	MPTSAS_START_CMD(mpt, request_desc);
10377 	if ((mptsas_check_dma_handle(dma_hdl) != DDI_SUCCESS) ||
10378 	    (mptsas_check_acc_handle(acc_hdl) != DDI_SUCCESS)) {
10379 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
10380 	}
10381 }
10382 
10383 typedef void (mptsas_pre_f)(mptsas_t *, mptsas_pt_request_t *);
10384 static mptsas_pre_f	mpi_pre_ioc_facts;
10385 static mptsas_pre_f	mpi_pre_port_facts;
10386 static mptsas_pre_f	mpi_pre_fw_download;
10387 static mptsas_pre_f	mpi_pre_fw_25_download;
10388 static mptsas_pre_f	mpi_pre_fw_upload;
10389 static mptsas_pre_f	mpi_pre_fw_25_upload;
10390 static mptsas_pre_f	mpi_pre_sata_passthrough;
10391 static mptsas_pre_f	mpi_pre_smp_passthrough;
10392 static mptsas_pre_f	mpi_pre_config;
10393 static mptsas_pre_f	mpi_pre_sas_io_unit_control;
10394 static mptsas_pre_f	mpi_pre_scsi_io_req;
10395 
10396 /*
10397  * Prepare the pt for a SAS2 FW_DOWNLOAD request.
10398  */
10399 static void
10400 mpi_pre_fw_download(mptsas_t *mpt, mptsas_pt_request_t *pt)
10401 {
10402 	pMpi2FWDownloadTCSGE_t tcsge;
10403 	pMpi2FWDownloadRequest req;
10404 
10405 	/*
10406 	 * If SAS3, call separate function.
10407 	 */
10408 	if (mpt->m_MPI25) {
10409 		mpi_pre_fw_25_download(mpt, pt);
10410 		return;
10411 	}
10412 
10413 	/*
10414 	 * User requests should come in with the Transaction
10415 	 * context element where the SGL will go. Putting the
10416 	 * SGL after that seems to work, but don't really know
10417 	 * why. Other drivers tend to create an extra SGL and
10418 	 * refer to the TCE through that.
10419 	 */
10420 	req = (pMpi2FWDownloadRequest)pt->request;
10421 	tcsge = (pMpi2FWDownloadTCSGE_t)&req->SGL;
10422 	if (tcsge->ContextSize != 0 || tcsge->DetailsLength != 12 ||
10423 	    tcsge->Flags != MPI2_SGE_FLAGS_TRANSACTION_ELEMENT) {
10424 		mptsas_log(mpt, CE_WARN, "FW Download tce invalid!");
10425 	}
10426 
10427 	pt->sgl_offset = offsetof(MPI2_FW_DOWNLOAD_REQUEST, SGL) +
10428 	    sizeof (*tcsge);
10429 	if (pt->request_size != pt->sgl_offset)
10430 		NDBG15(("mpi_pre_fw_download(): Incorrect req size, "
10431 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10432 		    (int)pt->request_size, (int)pt->sgl_offset,
10433 		    (int)pt->dataout_size));
10434 	if (pt->data_size < sizeof (MPI2_FW_DOWNLOAD_REPLY))
10435 		NDBG15(("mpi_pre_fw_download(): Incorrect rep size, "
10436 		    "0x%x, should be 0x%x", pt->data_size,
10437 		    (int)sizeof (MPI2_FW_DOWNLOAD_REPLY)));
10438 }
10439 
10440 /*
10441  * Prepare the pt for a SAS3 FW_DOWNLOAD request.
10442  */
10443 static void
10444 mpi_pre_fw_25_download(mptsas_t *mpt, mptsas_pt_request_t *pt)
10445 {
10446 	pMpi2FWDownloadTCSGE_t tcsge;
10447 	pMpi2FWDownloadRequest req2;
10448 	pMpi25FWDownloadRequest req25;
10449 
10450 	/*
10451 	 * User requests should come in with the Transaction
10452 	 * context element where the SGL will go. The new firmware
10453 	 * Doesn't use TCE and has space in the main request for
10454 	 * this information. So move to the right place.
10455 	 */
10456 	req2 = (pMpi2FWDownloadRequest)pt->request;
10457 	req25 = (pMpi25FWDownloadRequest)pt->request;
10458 	tcsge = (pMpi2FWDownloadTCSGE_t)&req2->SGL;
10459 	if (tcsge->ContextSize != 0 || tcsge->DetailsLength != 12 ||
10460 	    tcsge->Flags != MPI2_SGE_FLAGS_TRANSACTION_ELEMENT) {
10461 		mptsas_log(mpt, CE_WARN, "FW Download tce invalid!");
10462 	}
10463 	req25->ImageOffset = tcsge->ImageOffset;
10464 	req25->ImageSize = tcsge->ImageSize;
10465 
10466 	pt->sgl_offset = offsetof(MPI25_FW_DOWNLOAD_REQUEST, SGL);
10467 	if (pt->request_size != pt->sgl_offset)
10468 		NDBG15(("mpi_pre_fw_25_download(): Incorrect req size, "
10469 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10470 		    pt->request_size, pt->sgl_offset,
10471 		    pt->dataout_size));
10472 	if (pt->data_size < sizeof (MPI2_FW_DOWNLOAD_REPLY))
10473 		NDBG15(("mpi_pre_fw_25_download(): Incorrect rep size, "
10474 		    "0x%x, should be 0x%x", pt->data_size,
10475 		    (int)sizeof (MPI2_FW_UPLOAD_REPLY)));
10476 }
10477 
10478 /*
10479  * Prepare the pt for a SAS2 FW_UPLOAD request.
10480  */
10481 static void
10482 mpi_pre_fw_upload(mptsas_t *mpt, mptsas_pt_request_t *pt)
10483 {
10484 	pMpi2FWUploadTCSGE_t tcsge;
10485 	pMpi2FWUploadRequest_t req;
10486 
10487 	/*
10488 	 * If SAS3, call separate function.
10489 	 */
10490 	if (mpt->m_MPI25) {
10491 		mpi_pre_fw_25_upload(mpt, pt);
10492 		return;
10493 	}
10494 
10495 	/*
10496 	 * User requests should come in with the Transaction
10497 	 * context element where the SGL will go. Putting the
10498 	 * SGL after that seems to work, but don't really know
10499 	 * why. Other drivers tend to create an extra SGL and
10500 	 * refer to the TCE through that.
10501 	 */
10502 	req = (pMpi2FWUploadRequest_t)pt->request;
10503 	tcsge = (pMpi2FWUploadTCSGE_t)&req->SGL;
10504 	if (tcsge->ContextSize != 0 || tcsge->DetailsLength != 12 ||
10505 	    tcsge->Flags != MPI2_SGE_FLAGS_TRANSACTION_ELEMENT) {
10506 		mptsas_log(mpt, CE_WARN, "FW Upload tce invalid!");
10507 	}
10508 
10509 	pt->sgl_offset = offsetof(MPI2_FW_UPLOAD_REQUEST, SGL) +
10510 	    sizeof (*tcsge);
10511 	if (pt->request_size != pt->sgl_offset)
10512 		NDBG15(("mpi_pre_fw_upload(): Incorrect req size, "
10513 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10514 		    pt->request_size, pt->sgl_offset,
10515 		    pt->dataout_size));
10516 	if (pt->data_size < sizeof (MPI2_FW_UPLOAD_REPLY))
10517 		NDBG15(("mpi_pre_fw_upload(): Incorrect rep size, "
10518 		    "0x%x, should be 0x%x", pt->data_size,
10519 		    (int)sizeof (MPI2_FW_UPLOAD_REPLY)));
10520 }
10521 
10522 /*
10523  * Prepare the pt a SAS3 FW_UPLOAD request.
10524  */
10525 static void
10526 mpi_pre_fw_25_upload(mptsas_t *mpt, mptsas_pt_request_t *pt)
10527 {
10528 	pMpi2FWUploadTCSGE_t tcsge;
10529 	pMpi2FWUploadRequest_t req2;
10530 	pMpi25FWUploadRequest_t req25;
10531 
10532 	/*
10533 	 * User requests should come in with the Transaction
10534 	 * context element where the SGL will go. The new firmware
10535 	 * Doesn't use TCE and has space in the main request for
10536 	 * this information. So move to the right place.
10537 	 */
10538 	req2 = (pMpi2FWUploadRequest_t)pt->request;
10539 	req25 = (pMpi25FWUploadRequest_t)pt->request;
10540 	tcsge = (pMpi2FWUploadTCSGE_t)&req2->SGL;
10541 	if (tcsge->ContextSize != 0 || tcsge->DetailsLength != 12 ||
10542 	    tcsge->Flags != MPI2_SGE_FLAGS_TRANSACTION_ELEMENT) {
10543 		mptsas_log(mpt, CE_WARN, "FW Upload tce invalid!");
10544 	}
10545 	req25->ImageOffset = tcsge->ImageOffset;
10546 	req25->ImageSize = tcsge->ImageSize;
10547 
10548 	pt->sgl_offset = offsetof(MPI25_FW_UPLOAD_REQUEST, SGL);
10549 	if (pt->request_size != pt->sgl_offset)
10550 		NDBG15(("mpi_pre_fw_25_upload(): Incorrect req size, "
10551 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10552 		    pt->request_size, pt->sgl_offset,
10553 		    pt->dataout_size));
10554 	if (pt->data_size < sizeof (MPI2_FW_UPLOAD_REPLY))
10555 		NDBG15(("mpi_pre_fw_25_upload(): Incorrect rep size, "
10556 		    "0x%x, should be 0x%x", pt->data_size,
10557 		    (int)sizeof (MPI2_FW_UPLOAD_REPLY)));
10558 }
10559 
10560 /*
10561  * Prepare the pt for an IOC_FACTS request.
10562  */
10563 static void
10564 mpi_pre_ioc_facts(mptsas_t *mpt, mptsas_pt_request_t *pt)
10565 {
10566 #ifndef __lock_lint
10567 	_NOTE(ARGUNUSED(mpt))
10568 #endif
10569 	if (pt->request_size != sizeof (MPI2_IOC_FACTS_REQUEST))
10570 		NDBG15(("mpi_pre_ioc_facts(): Incorrect req size, "
10571 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10572 		    pt->request_size,
10573 		    (int)sizeof (MPI2_IOC_FACTS_REQUEST),
10574 		    pt->dataout_size));
10575 	if (pt->data_size != sizeof (MPI2_IOC_FACTS_REPLY))
10576 		NDBG15(("mpi_pre_ioc_facts(): Incorrect rep size, "
10577 		    "0x%x, should be 0x%x", pt->data_size,
10578 		    (int)sizeof (MPI2_IOC_FACTS_REPLY)));
10579 	pt->sgl_offset = (uint16_t)pt->request_size;
10580 }
10581 
10582 /*
10583  * Prepare the pt for a PORT_FACTS request.
10584  */
10585 static void
10586 mpi_pre_port_facts(mptsas_t *mpt, mptsas_pt_request_t *pt)
10587 {
10588 #ifndef __lock_lint
10589 	_NOTE(ARGUNUSED(mpt))
10590 #endif
10591 	if (pt->request_size != sizeof (MPI2_PORT_FACTS_REQUEST))
10592 		NDBG15(("mpi_pre_port_facts(): Incorrect req size, "
10593 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10594 		    pt->request_size,
10595 		    (int)sizeof (MPI2_PORT_FACTS_REQUEST),
10596 		    pt->dataout_size));
10597 	if (pt->data_size != sizeof (MPI2_PORT_FACTS_REPLY))
10598 		NDBG15(("mpi_pre_port_facts(): Incorrect rep size, "
10599 		    "0x%x, should be 0x%x", pt->data_size,
10600 		    (int)sizeof (MPI2_PORT_FACTS_REPLY)));
10601 	pt->sgl_offset = (uint16_t)pt->request_size;
10602 }
10603 
10604 /*
10605  * Prepare pt for a SATA_PASSTHROUGH request.
10606  */
10607 static void
10608 mpi_pre_sata_passthrough(mptsas_t *mpt, mptsas_pt_request_t *pt)
10609 {
10610 #ifndef __lock_lint
10611 	_NOTE(ARGUNUSED(mpt))
10612 #endif
10613 	pt->sgl_offset = offsetof(MPI2_SATA_PASSTHROUGH_REQUEST, SGL);
10614 	if (pt->request_size != pt->sgl_offset)
10615 		NDBG15(("mpi_pre_sata_passthrough(): Incorrect req size, "
10616 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10617 		    pt->request_size, pt->sgl_offset,
10618 		    pt->dataout_size));
10619 	if (pt->data_size != sizeof (MPI2_SATA_PASSTHROUGH_REPLY))
10620 		NDBG15(("mpi_pre_sata_passthrough(): Incorrect rep size, "
10621 		    "0x%x, should be 0x%x", pt->data_size,
10622 		    (int)sizeof (MPI2_SATA_PASSTHROUGH_REPLY)));
10623 }
10624 
10625 static void
10626 mpi_pre_smp_passthrough(mptsas_t *mpt, mptsas_pt_request_t *pt)
10627 {
10628 #ifndef __lock_lint
10629 	_NOTE(ARGUNUSED(mpt))
10630 #endif
10631 	pt->sgl_offset = offsetof(MPI2_SMP_PASSTHROUGH_REQUEST, SGL);
10632 	if (pt->request_size != pt->sgl_offset)
10633 		NDBG15(("mpi_pre_smp_passthrough(): Incorrect req size, "
10634 		    "0x%x, should be 0x%x, dataoutsz 0x%x",
10635 		    pt->request_size, pt->sgl_offset,
10636 		    pt->dataout_size));
10637 	if (pt->data_size != sizeof (MPI2_SMP_PASSTHROUGH_REPLY))
10638 		NDBG15(("mpi_pre_smp_passthrough(): Incorrect rep size, "
10639 		    "0x%x, should be 0x%x", pt->data_size,
10640 		    (int)sizeof (MPI2_SMP_PASSTHROUGH_REPLY)));
10641 }
10642 
10643 /*
10644  * Prepare pt for a CONFIG request.
10645  */
10646 static void
10647 mpi_pre_config(mptsas_t *mpt, mptsas_pt_request_t *pt)
10648 {
10649 #ifndef __lock_lint
10650 	_NOTE(ARGUNUSED(mpt))
10651 #endif
10652 	pt->sgl_offset = offsetof(MPI2_CONFIG_REQUEST, PageBufferSGE);
10653 	if (pt->request_size != pt->sgl_offset)
10654 		NDBG15(("mpi_pre_config(): Incorrect req size, 0x%x, "
10655 		    "should be 0x%x, dataoutsz 0x%x", pt->request_size,
10656 		    pt->sgl_offset, pt->dataout_size));
10657 	if (pt->data_size != sizeof (MPI2_CONFIG_REPLY))
10658 		NDBG15(("mpi_pre_config(): Incorrect rep size, 0x%x, "
10659 		    "should be 0x%x", pt->data_size,
10660 		    (int)sizeof (MPI2_CONFIG_REPLY)));
10661 	pt->simple = 1;
10662 }
10663 
10664 /*
10665  * Prepare pt for a SCSI_IO_REQ request.
10666  */
10667 static void
10668 mpi_pre_scsi_io_req(mptsas_t *mpt, mptsas_pt_request_t *pt)
10669 {
10670 #ifndef __lock_lint
10671 	_NOTE(ARGUNUSED(mpt))
10672 #endif
10673 	pt->sgl_offset = offsetof(MPI2_SCSI_IO_REQUEST, SGL);
10674 	if (pt->request_size != pt->sgl_offset)
10675 		NDBG15(("mpi_pre_config(): Incorrect req size, 0x%x, "
10676 		    "should be 0x%x, dataoutsz 0x%x", pt->request_size,
10677 		    pt->sgl_offset,
10678 		    pt->dataout_size));
10679 	if (pt->data_size != sizeof (MPI2_SCSI_IO_REPLY))
10680 		NDBG15(("mpi_pre_config(): Incorrect rep size, 0x%x, "
10681 		    "should be 0x%x", pt->data_size,
10682 		    (int)sizeof (MPI2_SCSI_IO_REPLY)));
10683 }
10684 
10685 /*
10686  * Prepare the mptsas_cmd for a SAS_IO_UNIT_CONTROL request.
10687  */
10688 static void
10689 mpi_pre_sas_io_unit_control(mptsas_t *mpt, mptsas_pt_request_t *pt)
10690 {
10691 #ifndef __lock_lint
10692 	_NOTE(ARGUNUSED(mpt))
10693 #endif
10694 	pt->sgl_offset = (uint16_t)pt->request_size;
10695 }
10696 
10697 /*
10698  * A set of functions to prepare an mptsas_cmd for the various
10699  * supported requests.
10700  */
10701 static struct mptsas_func {
10702 	U8		Function;
10703 	char		*Name;
10704 	mptsas_pre_f	*f_pre;
10705 } mptsas_func_list[] = {
10706 	{ MPI2_FUNCTION_IOC_FACTS, "IOC_FACTS",		mpi_pre_ioc_facts },
10707 	{ MPI2_FUNCTION_PORT_FACTS, "PORT_FACTS",	mpi_pre_port_facts },
10708 	{ MPI2_FUNCTION_FW_DOWNLOAD, "FW_DOWNLOAD",	mpi_pre_fw_download },
10709 	{ MPI2_FUNCTION_FW_UPLOAD, "FW_UPLOAD",		mpi_pre_fw_upload },
10710 	{ MPI2_FUNCTION_SATA_PASSTHROUGH, "SATA_PASSTHROUGH",
10711 	    mpi_pre_sata_passthrough },
10712 	{ MPI2_FUNCTION_SMP_PASSTHROUGH, "SMP_PASSTHROUGH",
10713 	    mpi_pre_smp_passthrough},
10714 	{ MPI2_FUNCTION_SCSI_IO_REQUEST, "SCSI_IO_REQUEST",
10715 	    mpi_pre_scsi_io_req},
10716 	{ MPI2_FUNCTION_CONFIG, "CONFIG",		mpi_pre_config},
10717 	{ MPI2_FUNCTION_SAS_IO_UNIT_CONTROL, "SAS_IO_UNIT_CONTROL",
10718 	    mpi_pre_sas_io_unit_control },
10719 	{ 0xFF, NULL,				NULL } /* list end */
10720 };
10721 
10722 static void
10723 mptsas_prep_sgl_offset(mptsas_t *mpt, mptsas_pt_request_t *pt)
10724 {
10725 	pMPI2RequestHeader_t	hdr;
10726 	struct mptsas_func	*f;
10727 
10728 	hdr = (pMPI2RequestHeader_t)pt->request;
10729 
10730 	for (f = mptsas_func_list; f->f_pre != NULL; f++) {
10731 		if (hdr->Function == f->Function) {
10732 			f->f_pre(mpt, pt);
10733 			NDBG15(("mptsas_prep_sgl_offset: Function %s,"
10734 			    " sgl_offset 0x%x", f->Name,
10735 			    pt->sgl_offset));
10736 			return;
10737 		}
10738 	}
10739 	NDBG15(("mptsas_prep_sgl_offset: Unknown Function 0x%02x,"
10740 	    " returning req_size 0x%x for sgl_offset",
10741 	    hdr->Function, pt->request_size));
10742 	pt->sgl_offset = (uint16_t)pt->request_size;
10743 }
10744 
10745 
10746 static int
10747 mptsas_do_passthru(mptsas_t *mpt, uint8_t *request, uint8_t *reply,
10748     uint8_t *data, uint32_t request_size, uint32_t reply_size,
10749     uint32_t data_size, uint32_t direction, uint8_t *dataout,
10750     uint32_t dataout_size, short timeout, int mode)
10751 {
10752 	mptsas_pt_request_t		pt;
10753 	mptsas_dma_alloc_state_t	data_dma_state;
10754 	mptsas_dma_alloc_state_t	dataout_dma_state;
10755 	caddr_t				memp;
10756 	mptsas_cmd_t			*cmd = NULL;
10757 	struct scsi_pkt			*pkt;
10758 	uint32_t			reply_len = 0, sense_len = 0;
10759 	pMPI2RequestHeader_t		request_hdrp;
10760 	pMPI2RequestHeader_t		request_msg;
10761 	pMPI2DefaultReply_t		reply_msg;
10762 	Mpi2SCSIIOReply_t		rep_msg;
10763 	int				rvalue;
10764 	int				i, status = 0, pt_flags = 0, rv = 0;
10765 	uint8_t				function;
10766 
10767 	ASSERT(mutex_owned(&mpt->m_mutex));
10768 
10769 	reply_msg = (pMPI2DefaultReply_t)(&rep_msg);
10770 	bzero(reply_msg, sizeof (MPI2_DEFAULT_REPLY));
10771 	request_msg = kmem_zalloc(request_size, KM_SLEEP);
10772 
10773 	mutex_exit(&mpt->m_mutex);
10774 	/*
10775 	 * copy in the request buffer since it could be used by
10776 	 * another thread when the pt request into waitq
10777 	 */
10778 	if (ddi_copyin(request, request_msg, request_size, mode)) {
10779 		mutex_enter(&mpt->m_mutex);
10780 		status = EFAULT;
10781 		mptsas_log(mpt, CE_WARN, "failed to copy request data");
10782 		goto out;
10783 	}
10784 	NDBG27(("mptsas_do_passthru: mode 0x%x, size 0x%x, Func 0x%x",
10785 	    mode, request_size, request_msg->Function));
10786 	mutex_enter(&mpt->m_mutex);
10787 
10788 	function = request_msg->Function;
10789 	if (function == MPI2_FUNCTION_SCSI_TASK_MGMT) {
10790 		pMpi2SCSITaskManagementRequest_t	task;
10791 		task = (pMpi2SCSITaskManagementRequest_t)request_msg;
10792 		mptsas_setup_bus_reset_delay(mpt);
10793 		rv = mptsas_ioc_task_management(mpt, task->TaskType,
10794 		    task->DevHandle, (int)task->LUN[1], reply, reply_size,
10795 		    mode);
10796 
10797 		if (rv != TRUE) {
10798 			status = EIO;
10799 			mptsas_log(mpt, CE_WARN, "task management failed");
10800 		}
10801 		goto out;
10802 	}
10803 
10804 	if (data_size != 0) {
10805 		data_dma_state.size = data_size;
10806 		if (mptsas_dma_alloc(mpt, &data_dma_state) != DDI_SUCCESS) {
10807 			status = ENOMEM;
10808 			mptsas_log(mpt, CE_WARN, "failed to alloc DMA "
10809 			    "resource");
10810 			goto out;
10811 		}
10812 		pt_flags |= MPTSAS_DATA_ALLOCATED;
10813 		if (direction == MPTSAS_PASS_THRU_DIRECTION_WRITE) {
10814 			mutex_exit(&mpt->m_mutex);
10815 			for (i = 0; i < data_size; i++) {
10816 				if (ddi_copyin(data + i, (uint8_t *)
10817 				    data_dma_state.memp + i, 1, mode)) {
10818 					mutex_enter(&mpt->m_mutex);
10819 					status = EFAULT;
10820 					mptsas_log(mpt, CE_WARN, "failed to "
10821 					    "copy read data");
10822 					goto out;
10823 				}
10824 			}
10825 			mutex_enter(&mpt->m_mutex);
10826 		}
10827 	} else {
10828 		bzero(&data_dma_state, sizeof (data_dma_state));
10829 	}
10830 
10831 	if (dataout_size != 0) {
10832 		dataout_dma_state.size = dataout_size;
10833 		if (mptsas_dma_alloc(mpt, &dataout_dma_state) != DDI_SUCCESS) {
10834 			status = ENOMEM;
10835 			mptsas_log(mpt, CE_WARN, "failed to alloc DMA "
10836 			    "resource");
10837 			goto out;
10838 		}
10839 		pt_flags |= MPTSAS_DATAOUT_ALLOCATED;
10840 		mutex_exit(&mpt->m_mutex);
10841 		for (i = 0; i < dataout_size; i++) {
10842 			if (ddi_copyin(dataout + i, (uint8_t *)
10843 			    dataout_dma_state.memp + i, 1, mode)) {
10844 				mutex_enter(&mpt->m_mutex);
10845 				mptsas_log(mpt, CE_WARN, "failed to copy out"
10846 				    " data");
10847 				status = EFAULT;
10848 				goto out;
10849 			}
10850 		}
10851 		mutex_enter(&mpt->m_mutex);
10852 	} else {
10853 		bzero(&dataout_dma_state, sizeof (dataout_dma_state));
10854 	}
10855 
10856 	if ((rvalue = (mptsas_request_from_pool(mpt, &cmd, &pkt))) == -1) {
10857 		status = EAGAIN;
10858 		mptsas_log(mpt, CE_NOTE, "event ack command pool is full");
10859 		goto out;
10860 	}
10861 	pt_flags |= MPTSAS_REQUEST_POOL_CMD;
10862 
10863 	bzero((caddr_t)cmd, sizeof (*cmd));
10864 	bzero((caddr_t)pkt, scsi_pkt_size());
10865 	bzero((caddr_t)&pt, sizeof (pt));
10866 
10867 	cmd->ioc_cmd_slot = (uint32_t)(rvalue);
10868 
10869 	pt.request = (uint8_t *)request_msg;
10870 	pt.direction = direction;
10871 	pt.simple = 0;
10872 	pt.request_size = request_size;
10873 	pt.data_size = data_size;
10874 	pt.dataout_size = dataout_size;
10875 	pt.data_cookie = data_dma_state.cookie;
10876 	pt.dataout_cookie = dataout_dma_state.cookie;
10877 	mptsas_prep_sgl_offset(mpt, &pt);
10878 
10879 	/*
10880 	 * Form a blank cmd/pkt to store the acknowledgement message
10881 	 */
10882 	pkt->pkt_cdbp		= (opaque_t)&cmd->cmd_cdb[0];
10883 	pkt->pkt_scbp		= (opaque_t)&cmd->cmd_scb;
10884 	pkt->pkt_ha_private	= (opaque_t)&pt;
10885 	pkt->pkt_flags		= FLAG_HEAD;
10886 	pkt->pkt_time		= timeout;
10887 	cmd->cmd_pkt		= pkt;
10888 	cmd->cmd_flags		= CFLAG_CMDIOC | CFLAG_PASSTHRU;
10889 
10890 	if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
10891 	    (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
10892 		uint8_t			com, cdb_group_id;
10893 		boolean_t		ret;
10894 
10895 		pkt->pkt_cdbp = ((pMpi2SCSIIORequest_t)request_msg)->CDB.CDB32;
10896 		com = pkt->pkt_cdbp[0];
10897 		cdb_group_id = CDB_GROUPID(com);
10898 		switch (cdb_group_id) {
10899 		case CDB_GROUPID_0: cmd->cmd_cdblen = CDB_GROUP0; break;
10900 		case CDB_GROUPID_1: cmd->cmd_cdblen = CDB_GROUP1; break;
10901 		case CDB_GROUPID_2: cmd->cmd_cdblen = CDB_GROUP2; break;
10902 		case CDB_GROUPID_4: cmd->cmd_cdblen = CDB_GROUP4; break;
10903 		case CDB_GROUPID_5: cmd->cmd_cdblen = CDB_GROUP5; break;
10904 		default:
10905 			NDBG27(("mptsas_do_passthru: SCSI_IO, reserved "
10906 			    "CDBGROUP 0x%x requested!", cdb_group_id));
10907 			break;
10908 		}
10909 
10910 		reply_len = sizeof (MPI2_SCSI_IO_REPLY);
10911 		sense_len = reply_size - reply_len;
10912 		ret = mptsas_cmdarqsize(mpt, cmd, sense_len, KM_SLEEP);
10913 		VERIFY(ret == B_TRUE);
10914 	} else {
10915 		reply_len = reply_size;
10916 		sense_len = 0;
10917 	}
10918 
10919 	NDBG27(("mptsas_do_passthru: %s, dsz 0x%x, dosz 0x%x, replen 0x%x, "
10920 	    "snslen 0x%x",
10921 	    (direction == MPTSAS_PASS_THRU_DIRECTION_WRITE)?"Write":"Read",
10922 	    data_size, dataout_size, reply_len, sense_len));
10923 
10924 	/*
10925 	 * Save the command in a slot
10926 	 */
10927 	if (mptsas_save_cmd(mpt, cmd) == TRUE) {
10928 		/*
10929 		 * Once passthru command get slot, set cmd_flags
10930 		 * CFLAG_PREPARED.
10931 		 */
10932 		cmd->cmd_flags |= CFLAG_PREPARED;
10933 		mptsas_start_passthru(mpt, cmd);
10934 	} else {
10935 		mptsas_waitq_add(mpt, cmd);
10936 	}
10937 
10938 	while ((cmd->cmd_flags & CFLAG_FINISHED) == 0) {
10939 		cv_wait(&mpt->m_passthru_cv, &mpt->m_mutex);
10940 	}
10941 
10942 	NDBG27(("mptsas_do_passthru: Cmd complete, flags 0x%x, rfm 0x%x "
10943 	    "pktreason 0x%x", cmd->cmd_flags, cmd->cmd_rfm,
10944 	    pkt->pkt_reason));
10945 
10946 	if (cmd->cmd_flags & CFLAG_PREPARED) {
10947 		memp = mpt->m_req_frame + (mpt->m_req_frame_size *
10948 		    cmd->cmd_slot);
10949 		request_hdrp = (pMPI2RequestHeader_t)memp;
10950 	}
10951 
10952 	if (cmd->cmd_flags & CFLAG_TIMEOUT) {
10953 		status = ETIMEDOUT;
10954 		mptsas_log(mpt, CE_WARN, "passthrough command timeout");
10955 		pt_flags |= MPTSAS_CMD_TIMEOUT;
10956 		goto out;
10957 	}
10958 
10959 	if (cmd->cmd_rfm) {
10960 		/*
10961 		 * cmd_rfm is zero means the command reply is a CONTEXT
10962 		 * reply and no PCI Write to post the free reply SMFA
10963 		 * because no reply message frame is used.
10964 		 * cmd_rfm is non-zero means the reply is a ADDRESS
10965 		 * reply and reply message frame is used.
10966 		 */
10967 		pt_flags |= MPTSAS_ADDRESS_REPLY;
10968 		(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
10969 		    DDI_DMA_SYNC_FORCPU);
10970 		reply_msg = (pMPI2DefaultReply_t)
10971 		    (mpt->m_reply_frame + (cmd->cmd_rfm -
10972 		    (mpt->m_reply_frame_dma_addr & 0xffffffffu)));
10973 	}
10974 
10975 	mptsas_fma_check(mpt, cmd);
10976 	if (pkt->pkt_reason == CMD_TRAN_ERR) {
10977 		status = EAGAIN;
10978 		mptsas_log(mpt, CE_WARN, "passthru fma error");
10979 		goto out;
10980 	}
10981 	if (pkt->pkt_reason == CMD_RESET) {
10982 		status = EAGAIN;
10983 		mptsas_log(mpt, CE_WARN, "ioc reset abort passthru");
10984 		goto out;
10985 	}
10986 
10987 	if (pkt->pkt_reason == CMD_INCOMPLETE) {
10988 		status = EIO;
10989 		mptsas_log(mpt, CE_WARN, "passthrough command incomplete");
10990 		goto out;
10991 	}
10992 
10993 	mutex_exit(&mpt->m_mutex);
10994 	if (cmd->cmd_flags & CFLAG_PREPARED) {
10995 		function = request_hdrp->Function;
10996 		if ((function == MPI2_FUNCTION_SCSI_IO_REQUEST) ||
10997 		    (function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
10998 			reply_len = sizeof (MPI2_SCSI_IO_REPLY);
10999 			sense_len = cmd->cmd_extrqslen ?
11000 			    min(sense_len, cmd->cmd_extrqslen) :
11001 			    min(sense_len, cmd->cmd_rqslen);
11002 		} else {
11003 			reply_len = reply_size;
11004 			sense_len = 0;
11005 		}
11006 
11007 		for (i = 0; i < reply_len; i++) {
11008 			if (ddi_copyout((uint8_t *)reply_msg + i, reply + i, 1,
11009 			    mode)) {
11010 				mutex_enter(&mpt->m_mutex);
11011 				status = EFAULT;
11012 				mptsas_log(mpt, CE_WARN, "failed to copy out "
11013 				    "reply data");
11014 				goto out;
11015 			}
11016 		}
11017 		for (i = 0; i < sense_len; i++) {
11018 			if (ddi_copyout((uint8_t *)request_hdrp + 64 + i,
11019 			    reply + reply_len + i, 1, mode)) {
11020 				mutex_enter(&mpt->m_mutex);
11021 				status = EFAULT;
11022 				mptsas_log(mpt, CE_WARN, "failed to copy out "
11023 				    "sense data");
11024 				goto out;
11025 			}
11026 		}
11027 	}
11028 
11029 	if (data_size) {
11030 		if (direction != MPTSAS_PASS_THRU_DIRECTION_WRITE) {
11031 			(void) ddi_dma_sync(data_dma_state.handle, 0, 0,
11032 			    DDI_DMA_SYNC_FORCPU);
11033 			for (i = 0; i < data_size; i++) {
11034 				if (ddi_copyout((uint8_t *)(
11035 				    data_dma_state.memp + i), data + i,  1,
11036 				    mode)) {
11037 					mutex_enter(&mpt->m_mutex);
11038 					status = EFAULT;
11039 					mptsas_log(mpt, CE_WARN, "failed to "
11040 					    "copy out the reply data");
11041 					goto out;
11042 				}
11043 			}
11044 		}
11045 	}
11046 	mutex_enter(&mpt->m_mutex);
11047 out:
11048 	/*
11049 	 * Put the reply frame back on the free queue, increment the free
11050 	 * index, and write the new index to the free index register.  But only
11051 	 * if this reply is an ADDRESS reply.
11052 	 */
11053 	if (pt_flags & MPTSAS_ADDRESS_REPLY) {
11054 		ddi_put32(mpt->m_acc_free_queue_hdl,
11055 		    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
11056 		    cmd->cmd_rfm);
11057 		(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
11058 		    DDI_DMA_SYNC_FORDEV);
11059 		if (++mpt->m_free_index == mpt->m_free_queue_depth) {
11060 			mpt->m_free_index = 0;
11061 		}
11062 		ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
11063 		    mpt->m_free_index);
11064 	}
11065 	if (cmd) {
11066 		if (cmd->cmd_extrqslen != 0) {
11067 			rmfree(mpt->m_erqsense_map, cmd->cmd_extrqschunks,
11068 			    cmd->cmd_extrqsidx + 1);
11069 		}
11070 		if (cmd->cmd_flags & CFLAG_PREPARED) {
11071 			mptsas_remove_cmd(mpt, cmd);
11072 			pt_flags &= (~MPTSAS_REQUEST_POOL_CMD);
11073 		}
11074 	}
11075 	if (pt_flags & MPTSAS_REQUEST_POOL_CMD)
11076 		mptsas_return_to_pool(mpt, cmd);
11077 	if (pt_flags & MPTSAS_DATA_ALLOCATED) {
11078 		if (mptsas_check_dma_handle(data_dma_state.handle) !=
11079 		    DDI_SUCCESS) {
11080 			ddi_fm_service_impact(mpt->m_dip,
11081 			    DDI_SERVICE_UNAFFECTED);
11082 			status = EFAULT;
11083 		}
11084 		mptsas_dma_free(&data_dma_state);
11085 	}
11086 	if (pt_flags & MPTSAS_DATAOUT_ALLOCATED) {
11087 		if (mptsas_check_dma_handle(dataout_dma_state.handle) !=
11088 		    DDI_SUCCESS) {
11089 			ddi_fm_service_impact(mpt->m_dip,
11090 			    DDI_SERVICE_UNAFFECTED);
11091 			status = EFAULT;
11092 		}
11093 		mptsas_dma_free(&dataout_dma_state);
11094 	}
11095 	if (pt_flags & MPTSAS_CMD_TIMEOUT) {
11096 		if ((mptsas_restart_ioc(mpt)) == DDI_FAILURE) {
11097 			mptsas_log(mpt, CE_WARN, "mptsas_restart_ioc failed");
11098 		}
11099 	}
11100 	if (request_msg)
11101 		kmem_free(request_msg, request_size);
11102 	NDBG27(("mptsas_do_passthru: Done status 0x%x", status));
11103 
11104 	return (status);
11105 }
11106 
11107 static int
11108 mptsas_pass_thru(mptsas_t *mpt, mptsas_pass_thru_t *data, int mode)
11109 {
11110 	/*
11111 	 * If timeout is 0, set timeout to default of 60 seconds.
11112 	 */
11113 	if (data->Timeout == 0) {
11114 		data->Timeout = MPTSAS_PASS_THRU_TIME_DEFAULT;
11115 	}
11116 
11117 	if (((data->DataSize == 0) &&
11118 	    (data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_NONE)) ||
11119 	    ((data->DataSize != 0) &&
11120 	    ((data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_READ) ||
11121 	    (data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_WRITE) ||
11122 	    ((data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_BOTH) &&
11123 	    (data->DataOutSize != 0))))) {
11124 		if (data->DataDirection == MPTSAS_PASS_THRU_DIRECTION_BOTH) {
11125 			data->DataDirection = MPTSAS_PASS_THRU_DIRECTION_READ;
11126 		} else {
11127 			data->DataOutSize = 0;
11128 		}
11129 		/*
11130 		 * Send passthru request messages
11131 		 */
11132 		return (mptsas_do_passthru(mpt,
11133 		    (uint8_t *)((uintptr_t)data->PtrRequest),
11134 		    (uint8_t *)((uintptr_t)data->PtrReply),
11135 		    (uint8_t *)((uintptr_t)data->PtrData),
11136 		    data->RequestSize, data->ReplySize,
11137 		    data->DataSize, data->DataDirection,
11138 		    (uint8_t *)((uintptr_t)data->PtrDataOut),
11139 		    data->DataOutSize, data->Timeout, mode));
11140 	} else {
11141 		return (EINVAL);
11142 	}
11143 }
11144 
11145 static uint8_t
11146 mptsas_get_fw_diag_buffer_number(mptsas_t *mpt, uint32_t unique_id)
11147 {
11148 	uint8_t	index;
11149 
11150 	for (index = 0; index < MPI2_DIAG_BUF_TYPE_COUNT; index++) {
11151 		if (mpt->m_fw_diag_buffer_list[index].unique_id == unique_id) {
11152 			return (index);
11153 		}
11154 	}
11155 
11156 	return (MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND);
11157 }
11158 
11159 static void
11160 mptsas_start_diag(mptsas_t *mpt, mptsas_cmd_t *cmd)
11161 {
11162 	pMpi2DiagBufferPostRequest_t	pDiag_post_msg;
11163 	pMpi2DiagReleaseRequest_t	pDiag_release_msg;
11164 	struct scsi_pkt			*pkt = cmd->cmd_pkt;
11165 	mptsas_diag_request_t		*diag = pkt->pkt_ha_private;
11166 	uint32_t			i;
11167 	uint64_t			request_desc;
11168 
11169 	ASSERT(mutex_owned(&mpt->m_mutex));
11170 
11171 	/*
11172 	 * Form the diag message depending on the post or release function.
11173 	 */
11174 	if (diag->function == MPI2_FUNCTION_DIAG_BUFFER_POST) {
11175 		pDiag_post_msg = (pMpi2DiagBufferPostRequest_t)
11176 		    (mpt->m_req_frame + (mpt->m_req_frame_size *
11177 		    cmd->cmd_slot));
11178 		bzero(pDiag_post_msg, mpt->m_req_frame_size);
11179 		ddi_put8(mpt->m_acc_req_frame_hdl, &pDiag_post_msg->Function,
11180 		    diag->function);
11181 		ddi_put8(mpt->m_acc_req_frame_hdl, &pDiag_post_msg->BufferType,
11182 		    diag->pBuffer->buffer_type);
11183 		ddi_put8(mpt->m_acc_req_frame_hdl,
11184 		    &pDiag_post_msg->ExtendedType,
11185 		    diag->pBuffer->extended_type);
11186 		ddi_put32(mpt->m_acc_req_frame_hdl,
11187 		    &pDiag_post_msg->BufferLength,
11188 		    diag->pBuffer->buffer_data.size);
11189 		for (i = 0; i < (sizeof (pDiag_post_msg->ProductSpecific) / 4);
11190 		    i++) {
11191 			ddi_put32(mpt->m_acc_req_frame_hdl,
11192 			    &pDiag_post_msg->ProductSpecific[i],
11193 			    diag->pBuffer->product_specific[i]);
11194 		}
11195 		ddi_put32(mpt->m_acc_req_frame_hdl,
11196 		    &pDiag_post_msg->BufferAddress.Low,
11197 		    (uint32_t)(diag->pBuffer->buffer_data.cookie.dmac_laddress
11198 		    & 0xffffffffull));
11199 		ddi_put32(mpt->m_acc_req_frame_hdl,
11200 		    &pDiag_post_msg->BufferAddress.High,
11201 		    (uint32_t)(diag->pBuffer->buffer_data.cookie.dmac_laddress
11202 		    >> 32));
11203 	} else {
11204 		pDiag_release_msg = (pMpi2DiagReleaseRequest_t)
11205 		    (mpt->m_req_frame + (mpt->m_req_frame_size *
11206 		    cmd->cmd_slot));
11207 		bzero(pDiag_release_msg, mpt->m_req_frame_size);
11208 		ddi_put8(mpt->m_acc_req_frame_hdl,
11209 		    &pDiag_release_msg->Function, diag->function);
11210 		ddi_put8(mpt->m_acc_req_frame_hdl,
11211 		    &pDiag_release_msg->BufferType,
11212 		    diag->pBuffer->buffer_type);
11213 	}
11214 
11215 	/*
11216 	 * Send the message
11217 	 */
11218 	(void) ddi_dma_sync(mpt->m_dma_req_frame_hdl, 0, 0,
11219 	    DDI_DMA_SYNC_FORDEV);
11220 	request_desc = (cmd->cmd_slot << 16) +
11221 	    MPI2_REQ_DESCRIPT_FLAGS_DEFAULT_TYPE;
11222 	cmd->cmd_rfm = NULL;
11223 	MPTSAS_START_CMD(mpt, request_desc);
11224 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl) !=
11225 	    DDI_SUCCESS) ||
11226 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl) !=
11227 	    DDI_SUCCESS)) {
11228 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
11229 	}
11230 }
11231 
11232 static int
11233 mptsas_post_fw_diag_buffer(mptsas_t *mpt,
11234     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code)
11235 {
11236 	mptsas_diag_request_t		diag;
11237 	int				status, slot_num, post_flags = 0;
11238 	mptsas_cmd_t			*cmd = NULL;
11239 	struct scsi_pkt			*pkt;
11240 	pMpi2DiagBufferPostReply_t	reply;
11241 	uint16_t			iocstatus;
11242 	uint32_t			iocloginfo, transfer_length;
11243 
11244 	/*
11245 	 * If buffer is not enabled, just leave.
11246 	 */
11247 	*return_code = MPTSAS_FW_DIAG_ERROR_POST_FAILED;
11248 	if (!pBuffer->enabled) {
11249 		status = DDI_FAILURE;
11250 		goto out;
11251 	}
11252 
11253 	/*
11254 	 * Clear some flags initially.
11255 	 */
11256 	pBuffer->force_release = FALSE;
11257 	pBuffer->valid_data = FALSE;
11258 	pBuffer->owned_by_firmware = FALSE;
11259 
11260 	/*
11261 	 * Get a cmd buffer from the cmd buffer pool
11262 	 */
11263 	if ((slot_num = (mptsas_request_from_pool(mpt, &cmd, &pkt))) == -1) {
11264 		status = DDI_FAILURE;
11265 		mptsas_log(mpt, CE_NOTE, "command pool is full: Post FW Diag");
11266 		goto out;
11267 	}
11268 	post_flags |= MPTSAS_REQUEST_POOL_CMD;
11269 
11270 	bzero((caddr_t)cmd, sizeof (*cmd));
11271 	bzero((caddr_t)pkt, scsi_pkt_size());
11272 
11273 	cmd->ioc_cmd_slot = (uint32_t)(slot_num);
11274 
11275 	diag.pBuffer = pBuffer;
11276 	diag.function = MPI2_FUNCTION_DIAG_BUFFER_POST;
11277 
11278 	/*
11279 	 * Form a blank cmd/pkt to store the acknowledgement message
11280 	 */
11281 	pkt->pkt_ha_private	= (opaque_t)&diag;
11282 	pkt->pkt_flags		= FLAG_HEAD;
11283 	pkt->pkt_time		= 60;
11284 	cmd->cmd_pkt		= pkt;
11285 	cmd->cmd_flags		= CFLAG_CMDIOC | CFLAG_FW_DIAG;
11286 
11287 	/*
11288 	 * Save the command in a slot
11289 	 */
11290 	if (mptsas_save_cmd(mpt, cmd) == TRUE) {
11291 		/*
11292 		 * Once passthru command get slot, set cmd_flags
11293 		 * CFLAG_PREPARED.
11294 		 */
11295 		cmd->cmd_flags |= CFLAG_PREPARED;
11296 		mptsas_start_diag(mpt, cmd);
11297 	} else {
11298 		mptsas_waitq_add(mpt, cmd);
11299 	}
11300 
11301 	while ((cmd->cmd_flags & CFLAG_FINISHED) == 0) {
11302 		cv_wait(&mpt->m_fw_diag_cv, &mpt->m_mutex);
11303 	}
11304 
11305 	if (cmd->cmd_flags & CFLAG_TIMEOUT) {
11306 		status = DDI_FAILURE;
11307 		mptsas_log(mpt, CE_WARN, "Post FW Diag command timeout");
11308 		goto out;
11309 	}
11310 
11311 	/*
11312 	 * cmd_rfm points to the reply message if a reply was given.  Check the
11313 	 * IOCStatus to make sure everything went OK with the FW diag request
11314 	 * and set buffer flags.
11315 	 */
11316 	if (cmd->cmd_rfm) {
11317 		post_flags |= MPTSAS_ADDRESS_REPLY;
11318 		(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
11319 		    DDI_DMA_SYNC_FORCPU);
11320 		reply = (pMpi2DiagBufferPostReply_t)(mpt->m_reply_frame +
11321 		    (cmd->cmd_rfm -
11322 		    (mpt->m_reply_frame_dma_addr & 0xffffffffu)));
11323 
11324 		/*
11325 		 * Get the reply message data
11326 		 */
11327 		iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
11328 		    &reply->IOCStatus);
11329 		iocloginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
11330 		    &reply->IOCLogInfo);
11331 		transfer_length = ddi_get32(mpt->m_acc_reply_frame_hdl,
11332 		    &reply->TransferLength);
11333 
11334 		/*
11335 		 * If post failed quit.
11336 		 */
11337 		if (iocstatus != MPI2_IOCSTATUS_SUCCESS) {
11338 			status = DDI_FAILURE;
11339 			NDBG13(("post FW Diag Buffer failed: IOCStatus=0x%x, "
11340 			    "IOCLogInfo=0x%x, TransferLength=0x%x", iocstatus,
11341 			    iocloginfo, transfer_length));
11342 			goto out;
11343 		}
11344 
11345 		/*
11346 		 * Post was successful.
11347 		 */
11348 		pBuffer->valid_data = TRUE;
11349 		pBuffer->owned_by_firmware = TRUE;
11350 		*return_code = MPTSAS_FW_DIAG_ERROR_SUCCESS;
11351 		status = DDI_SUCCESS;
11352 	}
11353 
11354 out:
11355 	/*
11356 	 * Put the reply frame back on the free queue, increment the free
11357 	 * index, and write the new index to the free index register.  But only
11358 	 * if this reply is an ADDRESS reply.
11359 	 */
11360 	if (post_flags & MPTSAS_ADDRESS_REPLY) {
11361 		ddi_put32(mpt->m_acc_free_queue_hdl,
11362 		    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
11363 		    cmd->cmd_rfm);
11364 		(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
11365 		    DDI_DMA_SYNC_FORDEV);
11366 		if (++mpt->m_free_index == mpt->m_free_queue_depth) {
11367 			mpt->m_free_index = 0;
11368 		}
11369 		ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
11370 		    mpt->m_free_index);
11371 	}
11372 	if (cmd && (cmd->cmd_flags & CFLAG_PREPARED)) {
11373 		mptsas_remove_cmd(mpt, cmd);
11374 		post_flags &= (~MPTSAS_REQUEST_POOL_CMD);
11375 	}
11376 	if (post_flags & MPTSAS_REQUEST_POOL_CMD) {
11377 		mptsas_return_to_pool(mpt, cmd);
11378 	}
11379 
11380 	return (status);
11381 }
11382 
11383 static int
11384 mptsas_release_fw_diag_buffer(mptsas_t *mpt,
11385     mptsas_fw_diagnostic_buffer_t *pBuffer, uint32_t *return_code,
11386     uint32_t diag_type)
11387 {
11388 	mptsas_diag_request_t	diag;
11389 	int			status, slot_num, rel_flags = 0;
11390 	mptsas_cmd_t		*cmd = NULL;
11391 	struct scsi_pkt		*pkt;
11392 	pMpi2DiagReleaseReply_t	reply;
11393 	uint16_t		iocstatus;
11394 	uint32_t		iocloginfo;
11395 
11396 	/*
11397 	 * If buffer is not enabled, just leave.
11398 	 */
11399 	*return_code = MPTSAS_FW_DIAG_ERROR_RELEASE_FAILED;
11400 	if (!pBuffer->enabled) {
11401 		mptsas_log(mpt, CE_NOTE, "This buffer type is not supported "
11402 		    "by the IOC");
11403 		status = DDI_FAILURE;
11404 		goto out;
11405 	}
11406 
11407 	/*
11408 	 * Clear some flags initially.
11409 	 */
11410 	pBuffer->force_release = FALSE;
11411 	pBuffer->valid_data = FALSE;
11412 	pBuffer->owned_by_firmware = FALSE;
11413 
11414 	/*
11415 	 * Get a cmd buffer from the cmd buffer pool
11416 	 */
11417 	if ((slot_num = (mptsas_request_from_pool(mpt, &cmd, &pkt))) == -1) {
11418 		status = DDI_FAILURE;
11419 		mptsas_log(mpt, CE_NOTE, "command pool is full: Release FW "
11420 		    "Diag");
11421 		goto out;
11422 	}
11423 	rel_flags |= MPTSAS_REQUEST_POOL_CMD;
11424 
11425 	bzero((caddr_t)cmd, sizeof (*cmd));
11426 	bzero((caddr_t)pkt, scsi_pkt_size());
11427 
11428 	cmd->ioc_cmd_slot = (uint32_t)(slot_num);
11429 
11430 	diag.pBuffer = pBuffer;
11431 	diag.function = MPI2_FUNCTION_DIAG_RELEASE;
11432 
11433 	/*
11434 	 * Form a blank cmd/pkt to store the acknowledgement message
11435 	 */
11436 	pkt->pkt_ha_private	= (opaque_t)&diag;
11437 	pkt->pkt_flags		= FLAG_HEAD;
11438 	pkt->pkt_time		= 60;
11439 	cmd->cmd_pkt		= pkt;
11440 	cmd->cmd_flags		= CFLAG_CMDIOC | CFLAG_FW_DIAG;
11441 
11442 	/*
11443 	 * Save the command in a slot
11444 	 */
11445 	if (mptsas_save_cmd(mpt, cmd) == TRUE) {
11446 		/*
11447 		 * Once passthru command get slot, set cmd_flags
11448 		 * CFLAG_PREPARED.
11449 		 */
11450 		cmd->cmd_flags |= CFLAG_PREPARED;
11451 		mptsas_start_diag(mpt, cmd);
11452 	} else {
11453 		mptsas_waitq_add(mpt, cmd);
11454 	}
11455 
11456 	while ((cmd->cmd_flags & CFLAG_FINISHED) == 0) {
11457 		cv_wait(&mpt->m_fw_diag_cv, &mpt->m_mutex);
11458 	}
11459 
11460 	if (cmd->cmd_flags & CFLAG_TIMEOUT) {
11461 		status = DDI_FAILURE;
11462 		mptsas_log(mpt, CE_WARN, "Release FW Diag command timeout");
11463 		goto out;
11464 	}
11465 
11466 	/*
11467 	 * cmd_rfm points to the reply message if a reply was given.  Check the
11468 	 * IOCStatus to make sure everything went OK with the FW diag request
11469 	 * and set buffer flags.
11470 	 */
11471 	if (cmd->cmd_rfm) {
11472 		rel_flags |= MPTSAS_ADDRESS_REPLY;
11473 		(void) ddi_dma_sync(mpt->m_dma_reply_frame_hdl, 0, 0,
11474 		    DDI_DMA_SYNC_FORCPU);
11475 		reply = (pMpi2DiagReleaseReply_t)(mpt->m_reply_frame +
11476 		    (cmd->cmd_rfm -
11477 		    (mpt->m_reply_frame_dma_addr & 0xffffffffu)));
11478 
11479 		/*
11480 		 * Get the reply message data
11481 		 */
11482 		iocstatus = ddi_get16(mpt->m_acc_reply_frame_hdl,
11483 		    &reply->IOCStatus);
11484 		iocloginfo = ddi_get32(mpt->m_acc_reply_frame_hdl,
11485 		    &reply->IOCLogInfo);
11486 
11487 		/*
11488 		 * If release failed quit.
11489 		 */
11490 		if ((iocstatus != MPI2_IOCSTATUS_SUCCESS) ||
11491 		    pBuffer->owned_by_firmware) {
11492 			status = DDI_FAILURE;
11493 			NDBG13(("release FW Diag Buffer failed: "
11494 			    "IOCStatus=0x%x, IOCLogInfo=0x%x", iocstatus,
11495 			    iocloginfo));
11496 			goto out;
11497 		}
11498 
11499 		/*
11500 		 * Release was successful.
11501 		 */
11502 		*return_code = MPTSAS_FW_DIAG_ERROR_SUCCESS;
11503 		status = DDI_SUCCESS;
11504 
11505 		/*
11506 		 * If this was for an UNREGISTER diag type command, clear the
11507 		 * unique ID.
11508 		 */
11509 		if (diag_type == MPTSAS_FW_DIAG_TYPE_UNREGISTER) {
11510 			pBuffer->unique_id = MPTSAS_FW_DIAG_INVALID_UID;
11511 		}
11512 	}
11513 
11514 out:
11515 	/*
11516 	 * Put the reply frame back on the free queue, increment the free
11517 	 * index, and write the new index to the free index register.  But only
11518 	 * if this reply is an ADDRESS reply.
11519 	 */
11520 	if (rel_flags & MPTSAS_ADDRESS_REPLY) {
11521 		ddi_put32(mpt->m_acc_free_queue_hdl,
11522 		    &((uint32_t *)(void *)mpt->m_free_queue)[mpt->m_free_index],
11523 		    cmd->cmd_rfm);
11524 		(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
11525 		    DDI_DMA_SYNC_FORDEV);
11526 		if (++mpt->m_free_index == mpt->m_free_queue_depth) {
11527 			mpt->m_free_index = 0;
11528 		}
11529 		ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex,
11530 		    mpt->m_free_index);
11531 	}
11532 	if (cmd && (cmd->cmd_flags & CFLAG_PREPARED)) {
11533 		mptsas_remove_cmd(mpt, cmd);
11534 		rel_flags &= (~MPTSAS_REQUEST_POOL_CMD);
11535 	}
11536 	if (rel_flags & MPTSAS_REQUEST_POOL_CMD) {
11537 		mptsas_return_to_pool(mpt, cmd);
11538 	}
11539 
11540 	return (status);
11541 }
11542 
11543 static int
11544 mptsas_diag_register(mptsas_t *mpt, mptsas_fw_diag_register_t *diag_register,
11545     uint32_t *return_code)
11546 {
11547 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
11548 	uint8_t				extended_type, buffer_type, i;
11549 	uint32_t			buffer_size;
11550 	uint32_t			unique_id;
11551 	int				status;
11552 
11553 	ASSERT(mutex_owned(&mpt->m_mutex));
11554 
11555 	extended_type = diag_register->ExtendedType;
11556 	buffer_type = diag_register->BufferType;
11557 	buffer_size = diag_register->RequestedBufferSize;
11558 	unique_id = diag_register->UniqueId;
11559 
11560 	/*
11561 	 * Check for valid buffer type
11562 	 */
11563 	if (buffer_type >= MPI2_DIAG_BUF_TYPE_COUNT) {
11564 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
11565 		return (DDI_FAILURE);
11566 	}
11567 
11568 	/*
11569 	 * Get the current buffer and look up the unique ID.  The unique ID
11570 	 * should not be found.  If it is, the ID is already in use.
11571 	 */
11572 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
11573 	pBuffer = &mpt->m_fw_diag_buffer_list[buffer_type];
11574 	if (i != MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
11575 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
11576 		return (DDI_FAILURE);
11577 	}
11578 
11579 	/*
11580 	 * The buffer's unique ID should not be registered yet, and the given
11581 	 * unique ID cannot be 0.
11582 	 */
11583 	if ((pBuffer->unique_id != MPTSAS_FW_DIAG_INVALID_UID) ||
11584 	    (unique_id == MPTSAS_FW_DIAG_INVALID_UID)) {
11585 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
11586 		return (DDI_FAILURE);
11587 	}
11588 
11589 	/*
11590 	 * If this buffer is already posted as immediate, just change owner.
11591 	 */
11592 	if (pBuffer->immediate && pBuffer->owned_by_firmware &&
11593 	    (pBuffer->unique_id == MPTSAS_FW_DIAG_INVALID_UID)) {
11594 		pBuffer->immediate = FALSE;
11595 		pBuffer->unique_id = unique_id;
11596 		return (DDI_SUCCESS);
11597 	}
11598 
11599 	/*
11600 	 * Post a new buffer after checking if it's enabled.  The DMA buffer
11601 	 * that is allocated will be contiguous (sgl_len = 1).
11602 	 */
11603 	if (!pBuffer->enabled) {
11604 		*return_code = MPTSAS_FW_DIAG_ERROR_NO_BUFFER;
11605 		return (DDI_FAILURE);
11606 	}
11607 	bzero(&pBuffer->buffer_data, sizeof (mptsas_dma_alloc_state_t));
11608 	pBuffer->buffer_data.size = buffer_size;
11609 	if (mptsas_dma_alloc(mpt, &pBuffer->buffer_data) != DDI_SUCCESS) {
11610 		mptsas_log(mpt, CE_WARN, "failed to alloc DMA resource for "
11611 		    "diag buffer: size = %d bytes", buffer_size);
11612 		*return_code = MPTSAS_FW_DIAG_ERROR_NO_BUFFER;
11613 		return (DDI_FAILURE);
11614 	}
11615 
11616 	/*
11617 	 * Copy the given info to the diag buffer and post the buffer.
11618 	 */
11619 	pBuffer->buffer_type = buffer_type;
11620 	pBuffer->immediate = FALSE;
11621 	if (buffer_type == MPI2_DIAG_BUF_TYPE_TRACE) {
11622 		for (i = 0; i < (sizeof (pBuffer->product_specific) / 4);
11623 		    i++) {
11624 			pBuffer->product_specific[i] =
11625 			    diag_register->ProductSpecific[i];
11626 		}
11627 	}
11628 	pBuffer->extended_type = extended_type;
11629 	pBuffer->unique_id = unique_id;
11630 	status = mptsas_post_fw_diag_buffer(mpt, pBuffer, return_code);
11631 
11632 	if (mptsas_check_dma_handle(pBuffer->buffer_data.handle) !=
11633 	    DDI_SUCCESS) {
11634 		mptsas_log(mpt, CE_WARN, "Check of DMA handle failed in "
11635 		    "mptsas_diag_register.");
11636 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
11637 			status = DDI_FAILURE;
11638 	}
11639 
11640 	/*
11641 	 * In case there was a failure, free the DMA buffer.
11642 	 */
11643 	if (status == DDI_FAILURE) {
11644 		mptsas_dma_free(&pBuffer->buffer_data);
11645 	}
11646 
11647 	return (status);
11648 }
11649 
11650 static int
11651 mptsas_diag_unregister(mptsas_t *mpt,
11652     mptsas_fw_diag_unregister_t *diag_unregister, uint32_t *return_code)
11653 {
11654 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
11655 	uint8_t				i;
11656 	uint32_t			unique_id;
11657 	int				status;
11658 
11659 	ASSERT(mutex_owned(&mpt->m_mutex));
11660 
11661 	unique_id = diag_unregister->UniqueId;
11662 
11663 	/*
11664 	 * Get the current buffer and look up the unique ID.  The unique ID
11665 	 * should be there.
11666 	 */
11667 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
11668 	if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
11669 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
11670 		return (DDI_FAILURE);
11671 	}
11672 
11673 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
11674 
11675 	/*
11676 	 * Try to release the buffer from FW before freeing it.  If release
11677 	 * fails, don't free the DMA buffer in case FW tries to access it
11678 	 * later.  If buffer is not owned by firmware, can't release it.
11679 	 */
11680 	if (!pBuffer->owned_by_firmware) {
11681 		status = DDI_SUCCESS;
11682 	} else {
11683 		status = mptsas_release_fw_diag_buffer(mpt, pBuffer,
11684 		    return_code, MPTSAS_FW_DIAG_TYPE_UNREGISTER);
11685 	}
11686 
11687 	/*
11688 	 * At this point, return the current status no matter what happens with
11689 	 * the DMA buffer.
11690 	 */
11691 	pBuffer->unique_id = MPTSAS_FW_DIAG_INVALID_UID;
11692 	if (status == DDI_SUCCESS) {
11693 		if (mptsas_check_dma_handle(pBuffer->buffer_data.handle) !=
11694 		    DDI_SUCCESS) {
11695 			mptsas_log(mpt, CE_WARN, "Check of DMA handle failed "
11696 			    "in mptsas_diag_unregister.");
11697 			ddi_fm_service_impact(mpt->m_dip,
11698 			    DDI_SERVICE_UNAFFECTED);
11699 		}
11700 		mptsas_dma_free(&pBuffer->buffer_data);
11701 	}
11702 
11703 	return (status);
11704 }
11705 
11706 static int
11707 mptsas_diag_query(mptsas_t *mpt, mptsas_fw_diag_query_t *diag_query,
11708     uint32_t *return_code)
11709 {
11710 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
11711 	uint8_t				i;
11712 	uint32_t			unique_id;
11713 
11714 	ASSERT(mutex_owned(&mpt->m_mutex));
11715 
11716 	unique_id = diag_query->UniqueId;
11717 
11718 	/*
11719 	 * If ID is valid, query on ID.
11720 	 * If ID is invalid, query on buffer type.
11721 	 */
11722 	if (unique_id == MPTSAS_FW_DIAG_INVALID_UID) {
11723 		i = diag_query->BufferType;
11724 		if (i >= MPI2_DIAG_BUF_TYPE_COUNT) {
11725 			*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
11726 			return (DDI_FAILURE);
11727 		}
11728 	} else {
11729 		i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
11730 		if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
11731 			*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
11732 			return (DDI_FAILURE);
11733 		}
11734 	}
11735 
11736 	/*
11737 	 * Fill query structure with the diag buffer info.
11738 	 */
11739 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
11740 	diag_query->BufferType = pBuffer->buffer_type;
11741 	diag_query->ExtendedType = pBuffer->extended_type;
11742 	if (diag_query->BufferType == MPI2_DIAG_BUF_TYPE_TRACE) {
11743 		for (i = 0; i < (sizeof (diag_query->ProductSpecific) / 4);
11744 		    i++) {
11745 			diag_query->ProductSpecific[i] =
11746 			    pBuffer->product_specific[i];
11747 		}
11748 	}
11749 	diag_query->TotalBufferSize = pBuffer->buffer_data.size;
11750 	diag_query->DriverAddedBufferSize = 0;
11751 	diag_query->UniqueId = pBuffer->unique_id;
11752 	diag_query->ApplicationFlags = 0;
11753 	diag_query->DiagnosticFlags = 0;
11754 
11755 	/*
11756 	 * Set/Clear application flags
11757 	 */
11758 	if (pBuffer->immediate) {
11759 		diag_query->ApplicationFlags &= ~MPTSAS_FW_DIAG_FLAG_APP_OWNED;
11760 	} else {
11761 		diag_query->ApplicationFlags |= MPTSAS_FW_DIAG_FLAG_APP_OWNED;
11762 	}
11763 	if (pBuffer->valid_data || pBuffer->owned_by_firmware) {
11764 		diag_query->ApplicationFlags |=
11765 		    MPTSAS_FW_DIAG_FLAG_BUFFER_VALID;
11766 	} else {
11767 		diag_query->ApplicationFlags &=
11768 		    ~MPTSAS_FW_DIAG_FLAG_BUFFER_VALID;
11769 	}
11770 	if (pBuffer->owned_by_firmware) {
11771 		diag_query->ApplicationFlags |=
11772 		    MPTSAS_FW_DIAG_FLAG_FW_BUFFER_ACCESS;
11773 	} else {
11774 		diag_query->ApplicationFlags &=
11775 		    ~MPTSAS_FW_DIAG_FLAG_FW_BUFFER_ACCESS;
11776 	}
11777 
11778 	return (DDI_SUCCESS);
11779 }
11780 
11781 static int
11782 mptsas_diag_read_buffer(mptsas_t *mpt,
11783     mptsas_diag_read_buffer_t *diag_read_buffer, uint8_t *ioctl_buf,
11784     uint32_t *return_code, int ioctl_mode)
11785 {
11786 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
11787 	uint8_t				i, *pData;
11788 	uint32_t			unique_id, byte;
11789 	int				status;
11790 
11791 	ASSERT(mutex_owned(&mpt->m_mutex));
11792 
11793 	unique_id = diag_read_buffer->UniqueId;
11794 
11795 	/*
11796 	 * Get the current buffer and look up the unique ID.  The unique ID
11797 	 * should be there.
11798 	 */
11799 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
11800 	if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
11801 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
11802 		return (DDI_FAILURE);
11803 	}
11804 
11805 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
11806 
11807 	/*
11808 	 * Make sure requested read is within limits
11809 	 */
11810 	if (diag_read_buffer->StartingOffset + diag_read_buffer->BytesToRead >
11811 	    pBuffer->buffer_data.size) {
11812 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
11813 		return (DDI_FAILURE);
11814 	}
11815 
11816 	/*
11817 	 * Copy the requested data from DMA to the diag_read_buffer.  The DMA
11818 	 * buffer that was allocated is one contiguous buffer.
11819 	 */
11820 	pData = (uint8_t *)(pBuffer->buffer_data.memp +
11821 	    diag_read_buffer->StartingOffset);
11822 	(void) ddi_dma_sync(pBuffer->buffer_data.handle, 0, 0,
11823 	    DDI_DMA_SYNC_FORCPU);
11824 	for (byte = 0; byte < diag_read_buffer->BytesToRead; byte++) {
11825 		if (ddi_copyout(pData + byte, ioctl_buf + byte, 1, ioctl_mode)
11826 		    != 0) {
11827 			return (DDI_FAILURE);
11828 		}
11829 	}
11830 	diag_read_buffer->Status = 0;
11831 
11832 	/*
11833 	 * Set or clear the Force Release flag.
11834 	 */
11835 	if (pBuffer->force_release) {
11836 		diag_read_buffer->Flags |= MPTSAS_FW_DIAG_FLAG_FORCE_RELEASE;
11837 	} else {
11838 		diag_read_buffer->Flags &= ~MPTSAS_FW_DIAG_FLAG_FORCE_RELEASE;
11839 	}
11840 
11841 	/*
11842 	 * If buffer is to be reregistered, make sure it's not already owned by
11843 	 * firmware first.
11844 	 */
11845 	status = DDI_SUCCESS;
11846 	if (!pBuffer->owned_by_firmware) {
11847 		if (diag_read_buffer->Flags & MPTSAS_FW_DIAG_FLAG_REREGISTER) {
11848 			status = mptsas_post_fw_diag_buffer(mpt, pBuffer,
11849 			    return_code);
11850 		}
11851 	}
11852 
11853 	return (status);
11854 }
11855 
11856 static int
11857 mptsas_diag_release(mptsas_t *mpt, mptsas_fw_diag_release_t *diag_release,
11858     uint32_t *return_code)
11859 {
11860 	mptsas_fw_diagnostic_buffer_t	*pBuffer;
11861 	uint8_t				i;
11862 	uint32_t			unique_id;
11863 	int				status;
11864 
11865 	ASSERT(mutex_owned(&mpt->m_mutex));
11866 
11867 	unique_id = diag_release->UniqueId;
11868 
11869 	/*
11870 	 * Get the current buffer and look up the unique ID.  The unique ID
11871 	 * should be there.
11872 	 */
11873 	i = mptsas_get_fw_diag_buffer_number(mpt, unique_id);
11874 	if (i == MPTSAS_FW_DIAGNOSTIC_UID_NOT_FOUND) {
11875 		*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_UID;
11876 		return (DDI_FAILURE);
11877 	}
11878 
11879 	pBuffer = &mpt->m_fw_diag_buffer_list[i];
11880 
11881 	/*
11882 	 * If buffer is not owned by firmware, it's already been released.
11883 	 */
11884 	if (!pBuffer->owned_by_firmware) {
11885 		*return_code = MPTSAS_FW_DIAG_ERROR_ALREADY_RELEASED;
11886 		return (DDI_FAILURE);
11887 	}
11888 
11889 	/*
11890 	 * Release the buffer.
11891 	 */
11892 	status = mptsas_release_fw_diag_buffer(mpt, pBuffer, return_code,
11893 	    MPTSAS_FW_DIAG_TYPE_RELEASE);
11894 	return (status);
11895 }
11896 
11897 static int
11898 mptsas_do_diag_action(mptsas_t *mpt, uint32_t action, uint8_t *diag_action,
11899     uint32_t length, uint32_t *return_code, int ioctl_mode)
11900 {
11901 	mptsas_fw_diag_register_t	diag_register;
11902 	mptsas_fw_diag_unregister_t	diag_unregister;
11903 	mptsas_fw_diag_query_t		diag_query;
11904 	mptsas_diag_read_buffer_t	diag_read_buffer;
11905 	mptsas_fw_diag_release_t	diag_release;
11906 	int				status = DDI_SUCCESS;
11907 	uint32_t			original_return_code, read_buf_len;
11908 
11909 	ASSERT(mutex_owned(&mpt->m_mutex));
11910 
11911 	original_return_code = *return_code;
11912 	*return_code = MPTSAS_FW_DIAG_ERROR_SUCCESS;
11913 
11914 	switch (action) {
11915 		case MPTSAS_FW_DIAG_TYPE_REGISTER:
11916 			if (!length) {
11917 				*return_code =
11918 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
11919 				status = DDI_FAILURE;
11920 				break;
11921 			}
11922 			if (ddi_copyin(diag_action, &diag_register,
11923 			    sizeof (diag_register), ioctl_mode) != 0) {
11924 				return (DDI_FAILURE);
11925 			}
11926 			status = mptsas_diag_register(mpt, &diag_register,
11927 			    return_code);
11928 			break;
11929 
11930 		case MPTSAS_FW_DIAG_TYPE_UNREGISTER:
11931 			if (length < sizeof (diag_unregister)) {
11932 				*return_code =
11933 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
11934 				status = DDI_FAILURE;
11935 				break;
11936 			}
11937 			if (ddi_copyin(diag_action, &diag_unregister,
11938 			    sizeof (diag_unregister), ioctl_mode) != 0) {
11939 				return (DDI_FAILURE);
11940 			}
11941 			status = mptsas_diag_unregister(mpt, &diag_unregister,
11942 			    return_code);
11943 			break;
11944 
11945 		case MPTSAS_FW_DIAG_TYPE_QUERY:
11946 			if (length < sizeof (diag_query)) {
11947 				*return_code =
11948 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
11949 				status = DDI_FAILURE;
11950 				break;
11951 			}
11952 			if (ddi_copyin(diag_action, &diag_query,
11953 			    sizeof (diag_query), ioctl_mode) != 0) {
11954 				return (DDI_FAILURE);
11955 			}
11956 			status = mptsas_diag_query(mpt, &diag_query,
11957 			    return_code);
11958 			if (status == DDI_SUCCESS) {
11959 				if (ddi_copyout(&diag_query, diag_action,
11960 				    sizeof (diag_query), ioctl_mode) != 0) {
11961 					return (DDI_FAILURE);
11962 				}
11963 			}
11964 			break;
11965 
11966 		case MPTSAS_FW_DIAG_TYPE_READ_BUFFER:
11967 			if (ddi_copyin(diag_action, &diag_read_buffer,
11968 			    sizeof (diag_read_buffer) - 4, ioctl_mode) != 0) {
11969 				return (DDI_FAILURE);
11970 			}
11971 			read_buf_len = sizeof (diag_read_buffer) -
11972 			    sizeof (diag_read_buffer.DataBuffer) +
11973 			    diag_read_buffer.BytesToRead;
11974 			if (length < read_buf_len) {
11975 				*return_code =
11976 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
11977 				status = DDI_FAILURE;
11978 				break;
11979 			}
11980 			status = mptsas_diag_read_buffer(mpt,
11981 			    &diag_read_buffer, diag_action +
11982 			    sizeof (diag_read_buffer) - 4, return_code,
11983 			    ioctl_mode);
11984 			if (status == DDI_SUCCESS) {
11985 				if (ddi_copyout(&diag_read_buffer, diag_action,
11986 				    sizeof (diag_read_buffer) - 4, ioctl_mode)
11987 				    != 0) {
11988 					return (DDI_FAILURE);
11989 				}
11990 			}
11991 			break;
11992 
11993 		case MPTSAS_FW_DIAG_TYPE_RELEASE:
11994 			if (length < sizeof (diag_release)) {
11995 				*return_code =
11996 				    MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
11997 				status = DDI_FAILURE;
11998 				break;
11999 			}
12000 			if (ddi_copyin(diag_action, &diag_release,
12001 			    sizeof (diag_release), ioctl_mode) != 0) {
12002 				return (DDI_FAILURE);
12003 			}
12004 			status = mptsas_diag_release(mpt, &diag_release,
12005 			    return_code);
12006 			break;
12007 
12008 		default:
12009 			*return_code = MPTSAS_FW_DIAG_ERROR_INVALID_PARAMETER;
12010 			status = DDI_FAILURE;
12011 			break;
12012 	}
12013 
12014 	if ((status == DDI_FAILURE) &&
12015 	    (original_return_code == MPTSAS_FW_DIAG_NEW) &&
12016 	    (*return_code != MPTSAS_FW_DIAG_ERROR_SUCCESS)) {
12017 		status = DDI_SUCCESS;
12018 	}
12019 
12020 	return (status);
12021 }
12022 
12023 static int
12024 mptsas_diag_action(mptsas_t *mpt, mptsas_diag_action_t *user_data, int mode)
12025 {
12026 	int			status;
12027 	mptsas_diag_action_t	driver_data;
12028 
12029 	ASSERT(mutex_owned(&mpt->m_mutex));
12030 
12031 	/*
12032 	 * Copy the user data to a driver data buffer.
12033 	 */
12034 	if (ddi_copyin(user_data, &driver_data, sizeof (mptsas_diag_action_t),
12035 	    mode) == 0) {
12036 		/*
12037 		 * Send diag action request if Action is valid
12038 		 */
12039 		if (driver_data.Action == MPTSAS_FW_DIAG_TYPE_REGISTER ||
12040 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_UNREGISTER ||
12041 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_QUERY ||
12042 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_READ_BUFFER ||
12043 		    driver_data.Action == MPTSAS_FW_DIAG_TYPE_RELEASE) {
12044 			status = mptsas_do_diag_action(mpt, driver_data.Action,
12045 			    (void *)(uintptr_t)driver_data.PtrDiagAction,
12046 			    driver_data.Length, &driver_data.ReturnCode,
12047 			    mode);
12048 			if (status == DDI_SUCCESS) {
12049 				if (ddi_copyout(&driver_data.ReturnCode,
12050 				    &user_data->ReturnCode,
12051 				    sizeof (user_data->ReturnCode), mode)
12052 				    != 0) {
12053 					status = EFAULT;
12054 				} else {
12055 					status = 0;
12056 				}
12057 			} else {
12058 				status = EIO;
12059 			}
12060 		} else {
12061 			status = EINVAL;
12062 		}
12063 	} else {
12064 		status = EFAULT;
12065 	}
12066 
12067 	return (status);
12068 }
12069 
12070 /*
12071  * This routine handles the "event query" ioctl.
12072  */
12073 static int
12074 mptsas_event_query(mptsas_t *mpt, mptsas_event_query_t *data, int mode,
12075     int *rval)
12076 {
12077 	int			status;
12078 	mptsas_event_query_t	driverdata;
12079 	uint8_t			i;
12080 
12081 	driverdata.Entries = MPTSAS_EVENT_QUEUE_SIZE;
12082 
12083 	mutex_enter(&mpt->m_mutex);
12084 	for (i = 0; i < 4; i++) {
12085 		driverdata.Types[i] = mpt->m_event_mask[i];
12086 	}
12087 	mutex_exit(&mpt->m_mutex);
12088 
12089 	if (ddi_copyout(&driverdata, data, sizeof (driverdata), mode) != 0) {
12090 		status = EFAULT;
12091 	} else {
12092 		*rval = MPTIOCTL_STATUS_GOOD;
12093 		status = 0;
12094 	}
12095 
12096 	return (status);
12097 }
12098 
12099 /*
12100  * This routine handles the "event enable" ioctl.
12101  */
12102 static int
12103 mptsas_event_enable(mptsas_t *mpt, mptsas_event_enable_t *data, int mode,
12104     int *rval)
12105 {
12106 	int			status;
12107 	mptsas_event_enable_t	driverdata;
12108 	uint8_t			i;
12109 
12110 	if (ddi_copyin(data, &driverdata, sizeof (driverdata), mode) == 0) {
12111 		mutex_enter(&mpt->m_mutex);
12112 		for (i = 0; i < 4; i++) {
12113 			mpt->m_event_mask[i] = driverdata.Types[i];
12114 		}
12115 		mutex_exit(&mpt->m_mutex);
12116 
12117 		*rval = MPTIOCTL_STATUS_GOOD;
12118 		status = 0;
12119 	} else {
12120 		status = EFAULT;
12121 	}
12122 	return (status);
12123 }
12124 
12125 /*
12126  * This routine handles the "event report" ioctl.
12127  */
12128 static int
12129 mptsas_event_report(mptsas_t *mpt, mptsas_event_report_t *data, int mode,
12130     int *rval)
12131 {
12132 	int			status;
12133 	mptsas_event_report_t	driverdata;
12134 
12135 	mutex_enter(&mpt->m_mutex);
12136 
12137 	if (ddi_copyin(&data->Size, &driverdata.Size, sizeof (driverdata.Size),
12138 	    mode) == 0) {
12139 		if (driverdata.Size >= sizeof (mpt->m_events)) {
12140 			if (ddi_copyout(mpt->m_events, data->Events,
12141 			    sizeof (mpt->m_events), mode) != 0) {
12142 				status = EFAULT;
12143 			} else {
12144 				if (driverdata.Size > sizeof (mpt->m_events)) {
12145 					driverdata.Size =
12146 					    sizeof (mpt->m_events);
12147 					if (ddi_copyout(&driverdata.Size,
12148 					    &data->Size,
12149 					    sizeof (driverdata.Size),
12150 					    mode) != 0) {
12151 						status = EFAULT;
12152 					} else {
12153 						*rval = MPTIOCTL_STATUS_GOOD;
12154 						status = 0;
12155 					}
12156 				} else {
12157 					*rval = MPTIOCTL_STATUS_GOOD;
12158 					status = 0;
12159 				}
12160 			}
12161 		} else {
12162 			*rval = MPTIOCTL_STATUS_LEN_TOO_SHORT;
12163 			status = 0;
12164 		}
12165 	} else {
12166 		status = EFAULT;
12167 	}
12168 
12169 	mutex_exit(&mpt->m_mutex);
12170 	return (status);
12171 }
12172 
12173 static void
12174 mptsas_lookup_pci_data(mptsas_t *mpt, mptsas_adapter_data_t *adapter_data)
12175 {
12176 	int	*reg_data;
12177 	uint_t	reglen;
12178 
12179 	/*
12180 	 * Lookup the 'reg' property and extract the other data
12181 	 */
12182 	if (ddi_prop_lookup_int_array(DDI_DEV_T_ANY, mpt->m_dip,
12183 	    DDI_PROP_DONTPASS, "reg", &reg_data, &reglen) ==
12184 	    DDI_PROP_SUCCESS) {
12185 		/*
12186 		 * Extract the PCI data from the 'reg' property first DWORD.
12187 		 * The entry looks like the following:
12188 		 * First DWORD:
12189 		 * Bits 0 - 7 8-bit Register number
12190 		 * Bits 8 - 10 3-bit Function number
12191 		 * Bits 11 - 15 5-bit Device number
12192 		 * Bits 16 - 23 8-bit Bus number
12193 		 * Bits 24 - 25 2-bit Address Space type identifier
12194 		 *
12195 		 */
12196 		adapter_data->PciInformation.u.bits.BusNumber =
12197 		    (reg_data[0] & 0x00FF0000) >> 16;
12198 		adapter_data->PciInformation.u.bits.DeviceNumber =
12199 		    (reg_data[0] & 0x0000F800) >> 11;
12200 		adapter_data->PciInformation.u.bits.FunctionNumber =
12201 		    (reg_data[0] & 0x00000700) >> 8;
12202 		ddi_prop_free((void *)reg_data);
12203 	} else {
12204 		/*
12205 		 * If we can't determine the PCI data then we fill in FF's for
12206 		 * the data to indicate this.
12207 		 */
12208 		adapter_data->PCIDeviceHwId = 0xFFFFFFFF;
12209 		adapter_data->MpiPortNumber = 0xFFFFFFFF;
12210 		adapter_data->PciInformation.u.AsDWORD = 0xFFFFFFFF;
12211 	}
12212 
12213 	/*
12214 	 * Saved in the mpt->m_fwversion
12215 	 */
12216 	adapter_data->MpiFirmwareVersion = mpt->m_fwversion;
12217 }
12218 
12219 static void
12220 mptsas_read_adapter_data(mptsas_t *mpt, mptsas_adapter_data_t *adapter_data)
12221 {
12222 	char	*driver_verstr = MPTSAS_MOD_STRING;
12223 
12224 	mptsas_lookup_pci_data(mpt, adapter_data);
12225 	adapter_data->AdapterType = mpt->m_MPI25 ?
12226 	    MPTIOCTL_ADAPTER_TYPE_SAS3 :
12227 	    MPTIOCTL_ADAPTER_TYPE_SAS2;
12228 	adapter_data->PCIDeviceHwId = (uint32_t)mpt->m_devid;
12229 	adapter_data->PCIDeviceHwRev = (uint32_t)mpt->m_revid;
12230 	adapter_data->SubSystemId = (uint32_t)mpt->m_ssid;
12231 	adapter_data->SubsystemVendorId = (uint32_t)mpt->m_svid;
12232 	(void) strcpy((char *)&adapter_data->DriverVersion[0], driver_verstr);
12233 	adapter_data->BiosVersion = 0;
12234 	(void) mptsas_get_bios_page3(mpt, &adapter_data->BiosVersion);
12235 }
12236 
12237 static void
12238 mptsas_read_pci_info(mptsas_t *mpt, mptsas_pci_info_t *pci_info)
12239 {
12240 	int	*reg_data, i;
12241 	uint_t	reglen;
12242 
12243 	/*
12244 	 * Lookup the 'reg' property and extract the other data
12245 	 */
12246 	if (ddi_prop_lookup_int_array(DDI_DEV_T_ANY, mpt->m_dip,
12247 	    DDI_PROP_DONTPASS, "reg", &reg_data, &reglen) ==
12248 	    DDI_PROP_SUCCESS) {
12249 		/*
12250 		 * Extract the PCI data from the 'reg' property first DWORD.
12251 		 * The entry looks like the following:
12252 		 * First DWORD:
12253 		 * Bits 8 - 10 3-bit Function number
12254 		 * Bits 11 - 15 5-bit Device number
12255 		 * Bits 16 - 23 8-bit Bus number
12256 		 */
12257 		pci_info->BusNumber = (reg_data[0] & 0x00FF0000) >> 16;
12258 		pci_info->DeviceNumber = (reg_data[0] & 0x0000F800) >> 11;
12259 		pci_info->FunctionNumber = (reg_data[0] & 0x00000700) >> 8;
12260 		ddi_prop_free((void *)reg_data);
12261 	} else {
12262 		/*
12263 		 * If we can't determine the PCI info then we fill in FF's for
12264 		 * the data to indicate this.
12265 		 */
12266 		pci_info->BusNumber = 0xFFFFFFFF;
12267 		pci_info->DeviceNumber = 0xFF;
12268 		pci_info->FunctionNumber = 0xFF;
12269 	}
12270 
12271 	/*
12272 	 * Now get the interrupt vector and the pci header.  The vector can
12273 	 * only be 0 right now.  The header is the first 256 bytes of config
12274 	 * space.
12275 	 */
12276 	pci_info->InterruptVector = 0;
12277 	for (i = 0; i < sizeof (pci_info->PciHeader); i++) {
12278 		pci_info->PciHeader[i] = pci_config_get8(mpt->m_config_handle,
12279 		    i);
12280 	}
12281 }
12282 
12283 static int
12284 mptsas_reg_access(mptsas_t *mpt, mptsas_reg_access_t *data, int mode)
12285 {
12286 	int			status = 0;
12287 	mptsas_reg_access_t	driverdata;
12288 
12289 	mutex_enter(&mpt->m_mutex);
12290 	if (ddi_copyin(data, &driverdata, sizeof (driverdata), mode) == 0) {
12291 		switch (driverdata.Command) {
12292 			/*
12293 			 * IO access is not supported.
12294 			 */
12295 			case REG_IO_READ:
12296 			case REG_IO_WRITE:
12297 				mptsas_log(mpt, CE_WARN, "IO access is not "
12298 				    "supported.  Use memory access.");
12299 				status = EINVAL;
12300 				break;
12301 
12302 			case REG_MEM_READ:
12303 				driverdata.RegData = ddi_get32(mpt->m_datap,
12304 				    (uint32_t *)(void *)mpt->m_reg +
12305 				    driverdata.RegOffset);
12306 				if (ddi_copyout(&driverdata.RegData,
12307 				    &data->RegData,
12308 				    sizeof (driverdata.RegData), mode) != 0) {
12309 					mptsas_log(mpt, CE_WARN, "Register "
12310 					    "Read Failed");
12311 					status = EFAULT;
12312 				}
12313 				break;
12314 
12315 			case REG_MEM_WRITE:
12316 				ddi_put32(mpt->m_datap,
12317 				    (uint32_t *)(void *)mpt->m_reg +
12318 				    driverdata.RegOffset,
12319 				    driverdata.RegData);
12320 				break;
12321 
12322 			default:
12323 				status = EINVAL;
12324 				break;
12325 		}
12326 	} else {
12327 		status = EFAULT;
12328 	}
12329 
12330 	mutex_exit(&mpt->m_mutex);
12331 	return (status);
12332 }
12333 
12334 static int
12335 led_control(mptsas_t *mpt, intptr_t data, int mode)
12336 {
12337 	int ret = 0;
12338 	mptsas_led_control_t lc;
12339 	mptsas_target_t *ptgt;
12340 
12341 	if (ddi_copyin((void *)data, &lc, sizeof (lc), mode) != 0) {
12342 		return (EFAULT);
12343 	}
12344 
12345 	if ((lc.Command != MPTSAS_LEDCTL_FLAG_SET &&
12346 	    lc.Command != MPTSAS_LEDCTL_FLAG_GET) ||
12347 	    lc.Led < MPTSAS_LEDCTL_LED_MIN ||
12348 	    lc.Led > MPTSAS_LEDCTL_LED_MAX ||
12349 	    (lc.Command == MPTSAS_LEDCTL_FLAG_SET && lc.LedStatus != 0 &&
12350 	    lc.LedStatus != 1)) {
12351 		return (EINVAL);
12352 	}
12353 
12354 	if ((lc.Command == MPTSAS_LEDCTL_FLAG_SET && (mode & FWRITE) == 0) ||
12355 	    (lc.Command == MPTSAS_LEDCTL_FLAG_GET && (mode & FREAD) == 0))
12356 		return (EACCES);
12357 
12358 	/* Locate the target we're interrogating... */
12359 	mutex_enter(&mpt->m_mutex);
12360 	ptgt = refhash_linear_search(mpt->m_targets,
12361 	    mptsas_target_eval_slot, &lc);
12362 	if (ptgt == NULL) {
12363 		/* We could not find a target for that enclosure/slot. */
12364 		mutex_exit(&mpt->m_mutex);
12365 		return (ENOENT);
12366 	}
12367 
12368 	if (lc.Command == MPTSAS_LEDCTL_FLAG_SET) {
12369 		/* Update our internal LED state. */
12370 		ptgt->m_led_status &= ~(1 << (lc.Led - 1));
12371 		ptgt->m_led_status |= lc.LedStatus << (lc.Led - 1);
12372 
12373 		/* Flush it to the controller. */
12374 		ret = mptsas_flush_led_status(mpt, ptgt);
12375 		mutex_exit(&mpt->m_mutex);
12376 		return (ret);
12377 	}
12378 
12379 	/* Return our internal LED state. */
12380 	lc.LedStatus = (ptgt->m_led_status >> (lc.Led - 1)) & 1;
12381 	mutex_exit(&mpt->m_mutex);
12382 
12383 	if (ddi_copyout(&lc, (void *)data, sizeof (lc), mode) != 0) {
12384 		return (EFAULT);
12385 	}
12386 
12387 	return (0);
12388 }
12389 
12390 static int
12391 get_disk_info(mptsas_t *mpt, intptr_t data, int mode)
12392 {
12393 	uint16_t i = 0;
12394 	uint16_t count = 0;
12395 	int ret = 0;
12396 	mptsas_target_t *ptgt;
12397 	mptsas_disk_info_t *di;
12398 	STRUCT_DECL(mptsas_get_disk_info, gdi);
12399 
12400 	if ((mode & FREAD) == 0)
12401 		return (EACCES);
12402 
12403 	STRUCT_INIT(gdi, get_udatamodel());
12404 
12405 	if (ddi_copyin((void *)data, STRUCT_BUF(gdi), STRUCT_SIZE(gdi),
12406 	    mode) != 0) {
12407 		return (EFAULT);
12408 	}
12409 
12410 	/* Find out how many targets there are. */
12411 	mutex_enter(&mpt->m_mutex);
12412 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
12413 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
12414 		count++;
12415 	}
12416 	mutex_exit(&mpt->m_mutex);
12417 
12418 	/*
12419 	 * If we haven't been asked to copy out information on each target,
12420 	 * then just return the count.
12421 	 */
12422 	STRUCT_FSET(gdi, DiskCount, count);
12423 	if (STRUCT_FGETP(gdi, PtrDiskInfoArray) == NULL)
12424 		goto copy_out;
12425 
12426 	/*
12427 	 * If we haven't been given a large enough buffer to copy out into,
12428 	 * let the caller know.
12429 	 */
12430 	if (STRUCT_FGET(gdi, DiskInfoArraySize) <
12431 	    count * sizeof (mptsas_disk_info_t)) {
12432 		ret = ENOSPC;
12433 		goto copy_out;
12434 	}
12435 
12436 	di = kmem_zalloc(count * sizeof (mptsas_disk_info_t), KM_SLEEP);
12437 
12438 	mutex_enter(&mpt->m_mutex);
12439 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
12440 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
12441 		if (i >= count) {
12442 			/*
12443 			 * The number of targets changed while we weren't
12444 			 * looking, so give up.
12445 			 */
12446 			refhash_rele(mpt->m_targets, ptgt);
12447 			mutex_exit(&mpt->m_mutex);
12448 			kmem_free(di, count * sizeof (mptsas_disk_info_t));
12449 			return (EAGAIN);
12450 		}
12451 		di[i].Instance = mpt->m_instance;
12452 		di[i].Enclosure = ptgt->m_enclosure;
12453 		di[i].Slot = ptgt->m_slot_num;
12454 		di[i].SasAddress = ptgt->m_addr.mta_wwn;
12455 		i++;
12456 	}
12457 	mutex_exit(&mpt->m_mutex);
12458 	STRUCT_FSET(gdi, DiskCount, i);
12459 
12460 	/* Copy out the disk information to the caller. */
12461 	if (ddi_copyout((void *)di, STRUCT_FGETP(gdi, PtrDiskInfoArray),
12462 	    i * sizeof (mptsas_disk_info_t), mode) != 0) {
12463 		ret = EFAULT;
12464 	}
12465 
12466 	kmem_free(di, count * sizeof (mptsas_disk_info_t));
12467 
12468 copy_out:
12469 	if (ddi_copyout(STRUCT_BUF(gdi), (void *)data, STRUCT_SIZE(gdi),
12470 	    mode) != 0) {
12471 		ret = EFAULT;
12472 	}
12473 
12474 	return (ret);
12475 }
12476 
12477 static int
12478 mptsas_ioctl(dev_t dev, int cmd, intptr_t data, int mode, cred_t *credp,
12479     int *rval)
12480 {
12481 	int			status = 0;
12482 	mptsas_t		*mpt;
12483 	mptsas_update_flash_t	flashdata;
12484 	mptsas_pass_thru_t	passthru_data;
12485 	mptsas_adapter_data_t   adapter_data;
12486 	mptsas_pci_info_t	pci_info;
12487 	int			copylen;
12488 
12489 	int			iport_flag = 0;
12490 	dev_info_t		*dip = NULL;
12491 	mptsas_phymask_t	phymask = 0;
12492 	struct devctl_iocdata	*dcp = NULL;
12493 	char			*addr = NULL;
12494 	mptsas_target_t		*ptgt = NULL;
12495 
12496 	*rval = MPTIOCTL_STATUS_GOOD;
12497 	if (secpolicy_sys_config(credp, B_FALSE) != 0) {
12498 		return (EPERM);
12499 	}
12500 
12501 	mpt = ddi_get_soft_state(mptsas_state, MINOR2INST(getminor(dev)));
12502 	if (mpt == NULL) {
12503 		/*
12504 		 * Called from iport node, get the states
12505 		 */
12506 		iport_flag = 1;
12507 		dip = mptsas_get_dip_from_dev(dev, &phymask);
12508 		if (dip == NULL) {
12509 			return (ENXIO);
12510 		}
12511 		mpt = DIP2MPT(dip);
12512 	}
12513 	/* Make sure power level is D0 before accessing registers */
12514 	mutex_enter(&mpt->m_mutex);
12515 	if (mpt->m_options & MPTSAS_OPT_PM) {
12516 		(void) pm_busy_component(mpt->m_dip, 0);
12517 		if (mpt->m_power_level != PM_LEVEL_D0) {
12518 			mutex_exit(&mpt->m_mutex);
12519 			if (pm_raise_power(mpt->m_dip, 0, PM_LEVEL_D0) !=
12520 			    DDI_SUCCESS) {
12521 				mptsas_log(mpt, CE_WARN,
12522 				    "mptsas%d: mptsas_ioctl: Raise power "
12523 				    "request failed.", mpt->m_instance);
12524 				(void) pm_idle_component(mpt->m_dip, 0);
12525 				return (ENXIO);
12526 			}
12527 		} else {
12528 			mutex_exit(&mpt->m_mutex);
12529 		}
12530 	} else {
12531 		mutex_exit(&mpt->m_mutex);
12532 	}
12533 
12534 	if (iport_flag) {
12535 		status = scsi_hba_ioctl(dev, cmd, data, mode, credp, rval);
12536 		if (status != 0) {
12537 			goto out;
12538 		}
12539 		/*
12540 		 * The following code control the OK2RM LED, it doesn't affect
12541 		 * the ioctl return status.
12542 		 */
12543 		if ((cmd == DEVCTL_DEVICE_ONLINE) ||
12544 		    (cmd == DEVCTL_DEVICE_OFFLINE)) {
12545 			if (ndi_dc_allochdl((void *)data, &dcp) !=
12546 			    NDI_SUCCESS) {
12547 				goto out;
12548 			}
12549 			addr = ndi_dc_getaddr(dcp);
12550 			ptgt = mptsas_addr_to_ptgt(mpt, addr, phymask);
12551 			if (ptgt == NULL) {
12552 				NDBG14(("mptsas_ioctl led control: tgt %s not "
12553 				    "found", addr));
12554 				ndi_dc_freehdl(dcp);
12555 				goto out;
12556 			}
12557 			mutex_enter(&mpt->m_mutex);
12558 			if (cmd == DEVCTL_DEVICE_ONLINE) {
12559 				ptgt->m_tgt_unconfigured = 0;
12560 			} else if (cmd == DEVCTL_DEVICE_OFFLINE) {
12561 				ptgt->m_tgt_unconfigured = 1;
12562 			}
12563 			if (cmd == DEVCTL_DEVICE_OFFLINE) {
12564 				ptgt->m_led_status |=
12565 				    (1 << (MPTSAS_LEDCTL_LED_OK2RM - 1));
12566 			} else {
12567 				ptgt->m_led_status &=
12568 				    ~(1 << (MPTSAS_LEDCTL_LED_OK2RM - 1));
12569 			}
12570 			(void) mptsas_flush_led_status(mpt, ptgt);
12571 			mutex_exit(&mpt->m_mutex);
12572 			ndi_dc_freehdl(dcp);
12573 		}
12574 		goto out;
12575 	}
12576 	switch (cmd) {
12577 		case MPTIOCTL_GET_DISK_INFO:
12578 			status = get_disk_info(mpt, data, mode);
12579 			break;
12580 		case MPTIOCTL_LED_CONTROL:
12581 			status = led_control(mpt, data, mode);
12582 			break;
12583 		case MPTIOCTL_UPDATE_FLASH:
12584 			if (ddi_copyin((void *)data, &flashdata,
12585 				sizeof (struct mptsas_update_flash), mode)) {
12586 				status = EFAULT;
12587 				break;
12588 			}
12589 
12590 			mutex_enter(&mpt->m_mutex);
12591 			if (mptsas_update_flash(mpt,
12592 			    (caddr_t)(long)flashdata.PtrBuffer,
12593 			    flashdata.ImageSize, flashdata.ImageType, mode)) {
12594 				status = EFAULT;
12595 			}
12596 
12597 			/*
12598 			 * Reset the chip to start using the new
12599 			 * firmware.  Reset if failed also.
12600 			 */
12601 			mpt->m_softstate &= ~MPTSAS_SS_MSG_UNIT_RESET;
12602 			if (mptsas_restart_ioc(mpt) == DDI_FAILURE) {
12603 				status = EFAULT;
12604 			}
12605 			mutex_exit(&mpt->m_mutex);
12606 			break;
12607 		case MPTIOCTL_PASS_THRU:
12608 			/*
12609 			 * The user has requested to pass through a command to
12610 			 * be executed by the MPT firmware.  Call our routine
12611 			 * which does this.  Only allow one passthru IOCTL at
12612 			 * one time. Other threads will block on
12613 			 * m_passthru_mutex, which is of adaptive variant.
12614 			 */
12615 			if (ddi_copyin((void *)data, &passthru_data,
12616 			    sizeof (mptsas_pass_thru_t), mode)) {
12617 				status = EFAULT;
12618 				break;
12619 			}
12620 			mutex_enter(&mpt->m_passthru_mutex);
12621 			mutex_enter(&mpt->m_mutex);
12622 			status = mptsas_pass_thru(mpt, &passthru_data, mode);
12623 			mutex_exit(&mpt->m_mutex);
12624 			mutex_exit(&mpt->m_passthru_mutex);
12625 
12626 			break;
12627 		case MPTIOCTL_GET_ADAPTER_DATA:
12628 			/*
12629 			 * The user has requested to read adapter data.  Call
12630 			 * our routine which does this.
12631 			 */
12632 			bzero(&adapter_data, sizeof (mptsas_adapter_data_t));
12633 			if (ddi_copyin((void *)data, (void *)&adapter_data,
12634 			    sizeof (mptsas_adapter_data_t), mode)) {
12635 				status = EFAULT;
12636 				break;
12637 			}
12638 			if (adapter_data.StructureLength >=
12639 			    sizeof (mptsas_adapter_data_t)) {
12640 				adapter_data.StructureLength = (uint32_t)
12641 				    sizeof (mptsas_adapter_data_t);
12642 				copylen = sizeof (mptsas_adapter_data_t);
12643 				mutex_enter(&mpt->m_mutex);
12644 				mptsas_read_adapter_data(mpt, &adapter_data);
12645 				mutex_exit(&mpt->m_mutex);
12646 			} else {
12647 				adapter_data.StructureLength = (uint32_t)
12648 				    sizeof (mptsas_adapter_data_t);
12649 				copylen = sizeof (adapter_data.StructureLength);
12650 				*rval = MPTIOCTL_STATUS_LEN_TOO_SHORT;
12651 			}
12652 			if (ddi_copyout((void *)(&adapter_data), (void *)data,
12653 			    copylen, mode) != 0) {
12654 				status = EFAULT;
12655 			}
12656 			break;
12657 		case MPTIOCTL_GET_PCI_INFO:
12658 			/*
12659 			 * The user has requested to read pci info.  Call
12660 			 * our routine which does this.
12661 			 */
12662 			bzero(&pci_info, sizeof (mptsas_pci_info_t));
12663 			mutex_enter(&mpt->m_mutex);
12664 			mptsas_read_pci_info(mpt, &pci_info);
12665 			mutex_exit(&mpt->m_mutex);
12666 			if (ddi_copyout((void *)(&pci_info), (void *)data,
12667 			    sizeof (mptsas_pci_info_t), mode) != 0) {
12668 				status = EFAULT;
12669 			}
12670 			break;
12671 		case MPTIOCTL_RESET_ADAPTER:
12672 			mutex_enter(&mpt->m_mutex);
12673 			mpt->m_softstate &= ~MPTSAS_SS_MSG_UNIT_RESET;
12674 			if ((mptsas_restart_ioc(mpt)) == DDI_FAILURE) {
12675 				mptsas_log(mpt, CE_WARN, "reset adapter IOCTL "
12676 				    "failed");
12677 				status = EFAULT;
12678 			}
12679 			mutex_exit(&mpt->m_mutex);
12680 			break;
12681 		case MPTIOCTL_DIAG_ACTION:
12682 			/*
12683 			 * The user has done a diag buffer action.  Call our
12684 			 * routine which does this.  Only allow one diag action
12685 			 * at one time.
12686 			 */
12687 			mutex_enter(&mpt->m_mutex);
12688 			if (mpt->m_diag_action_in_progress) {
12689 				mutex_exit(&mpt->m_mutex);
12690 				return (EBUSY);
12691 			}
12692 			mpt->m_diag_action_in_progress = 1;
12693 			status = mptsas_diag_action(mpt,
12694 			    (mptsas_diag_action_t *)data, mode);
12695 			mpt->m_diag_action_in_progress = 0;
12696 			mutex_exit(&mpt->m_mutex);
12697 			break;
12698 		case MPTIOCTL_EVENT_QUERY:
12699 			/*
12700 			 * The user has done an event query. Call our routine
12701 			 * which does this.
12702 			 */
12703 			status = mptsas_event_query(mpt,
12704 			    (mptsas_event_query_t *)data, mode, rval);
12705 			break;
12706 		case MPTIOCTL_EVENT_ENABLE:
12707 			/*
12708 			 * The user has done an event enable. Call our routine
12709 			 * which does this.
12710 			 */
12711 			status = mptsas_event_enable(mpt,
12712 			    (mptsas_event_enable_t *)data, mode, rval);
12713 			break;
12714 		case MPTIOCTL_EVENT_REPORT:
12715 			/*
12716 			 * The user has done an event report. Call our routine
12717 			 * which does this.
12718 			 */
12719 			status = mptsas_event_report(mpt,
12720 			    (mptsas_event_report_t *)data, mode, rval);
12721 			break;
12722 		case MPTIOCTL_REG_ACCESS:
12723 			/*
12724 			 * The user has requested register access.  Call our
12725 			 * routine which does this.
12726 			 */
12727 			status = mptsas_reg_access(mpt,
12728 			    (mptsas_reg_access_t *)data, mode);
12729 			break;
12730 		default:
12731 			status = scsi_hba_ioctl(dev, cmd, data, mode, credp,
12732 			    rval);
12733 			break;
12734 	}
12735 
12736 out:
12737 	return (status);
12738 }
12739 
12740 int
12741 mptsas_restart_ioc(mptsas_t *mpt)
12742 {
12743 	int		rval = DDI_SUCCESS;
12744 	mptsas_target_t	*ptgt = NULL;
12745 
12746 	ASSERT(mutex_owned(&mpt->m_mutex));
12747 
12748 	/*
12749 	 * Set a flag telling I/O path that we're processing a reset.  This is
12750 	 * needed because after the reset is complete, the hash table still
12751 	 * needs to be rebuilt.  If I/Os are started before the hash table is
12752 	 * rebuilt, I/O errors will occur.  This flag allows I/Os to be marked
12753 	 * so that they can be retried.
12754 	 */
12755 	mpt->m_in_reset = TRUE;
12756 
12757 	/*
12758 	 * Set all throttles to HOLD
12759 	 */
12760 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
12761 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
12762 		mptsas_set_throttle(mpt, ptgt, HOLD_THROTTLE);
12763 	}
12764 
12765 	/*
12766 	 * Disable interrupts
12767 	 */
12768 	MPTSAS_DISABLE_INTR(mpt);
12769 
12770 	/*
12771 	 * Abort all commands: outstanding commands, commands in waitq and
12772 	 * tx_waitq.
12773 	 */
12774 	mptsas_flush_hba(mpt);
12775 
12776 	/*
12777 	 * Reinitialize the chip.
12778 	 */
12779 	if (mptsas_init_chip(mpt, FALSE) == DDI_FAILURE) {
12780 		rval = DDI_FAILURE;
12781 	}
12782 
12783 	/*
12784 	 * Enable interrupts again
12785 	 */
12786 	MPTSAS_ENABLE_INTR(mpt);
12787 
12788 	/*
12789 	 * If mptsas_init_chip was successful, update the driver data.
12790 	 */
12791 	if (rval == DDI_SUCCESS) {
12792 		mptsas_update_driver_data(mpt);
12793 	}
12794 
12795 	/*
12796 	 * Reset the throttles
12797 	 */
12798 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
12799 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
12800 		mptsas_set_throttle(mpt, ptgt, MAX_THROTTLE);
12801 	}
12802 
12803 	mptsas_doneq_empty(mpt);
12804 	mptsas_restart_hba(mpt);
12805 
12806 	if (rval != DDI_SUCCESS) {
12807 		mptsas_fm_ereport(mpt, DDI_FM_DEVICE_NO_RESPONSE);
12808 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_LOST);
12809 	}
12810 
12811 	/*
12812 	 * Clear the reset flag so that I/Os can continue.
12813 	 */
12814 	mpt->m_in_reset = FALSE;
12815 
12816 	return (rval);
12817 }
12818 
12819 static int
12820 mptsas_init_chip(mptsas_t *mpt, int first_time)
12821 {
12822 	ddi_dma_cookie_t	cookie;
12823 	uint32_t		i;
12824 	int			rval;
12825 
12826 	/*
12827 	 * Check to see if the firmware image is valid
12828 	 */
12829 	if (ddi_get32(mpt->m_datap, &mpt->m_reg->HostDiagnostic) &
12830 	    MPI2_DIAG_FLASH_BAD_SIG) {
12831 		mptsas_log(mpt, CE_WARN, "mptsas bad flash signature!");
12832 		goto fail;
12833 	}
12834 
12835 	/*
12836 	 * Reset the chip
12837 	 */
12838 	rval = mptsas_ioc_reset(mpt, first_time);
12839 	if (rval == MPTSAS_RESET_FAIL) {
12840 		mptsas_log(mpt, CE_WARN, "hard reset failed!");
12841 		goto fail;
12842 	}
12843 
12844 	if ((rval == MPTSAS_SUCCESS_MUR) && (!first_time)) {
12845 		goto mur;
12846 	}
12847 	/*
12848 	 * Setup configuration space
12849 	 */
12850 	if (mptsas_config_space_init(mpt) == FALSE) {
12851 		mptsas_log(mpt, CE_WARN, "mptsas_config_space_init "
12852 		    "failed!");
12853 		goto fail;
12854 	}
12855 
12856 	/*
12857 	 * IOC facts can change after a diag reset so all buffers that are
12858 	 * based on these numbers must be de-allocated and re-allocated.  Get
12859 	 * new IOC facts each time chip is initialized.
12860 	 */
12861 	if (mptsas_ioc_get_facts(mpt) == DDI_FAILURE) {
12862 		mptsas_log(mpt, CE_WARN, "mptsas_ioc_get_facts failed");
12863 		goto fail;
12864 	}
12865 
12866 	if (mptsas_alloc_active_slots(mpt, KM_SLEEP)) {
12867 		goto fail;
12868 	}
12869 	/*
12870 	 * Allocate request message frames, reply free queue, reply descriptor
12871 	 * post queue, and reply message frames using latest IOC facts.
12872 	 */
12873 	if (mptsas_alloc_request_frames(mpt) == DDI_FAILURE) {
12874 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_request_frames failed");
12875 		goto fail;
12876 	}
12877 	if (mptsas_alloc_sense_bufs(mpt) == DDI_FAILURE) {
12878 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_sense_bufs failed");
12879 		goto fail;
12880 	}
12881 	if (mptsas_alloc_free_queue(mpt) == DDI_FAILURE) {
12882 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_free_queue failed!");
12883 		goto fail;
12884 	}
12885 	if (mptsas_alloc_post_queue(mpt) == DDI_FAILURE) {
12886 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_post_queue failed!");
12887 		goto fail;
12888 	}
12889 	if (mptsas_alloc_reply_frames(mpt) == DDI_FAILURE) {
12890 		mptsas_log(mpt, CE_WARN, "mptsas_alloc_reply_frames failed!");
12891 		goto fail;
12892 	}
12893 
12894 mur:
12895 	/*
12896 	 * Re-Initialize ioc to operational state
12897 	 */
12898 	if (mptsas_ioc_init(mpt) == DDI_FAILURE) {
12899 		mptsas_log(mpt, CE_WARN, "mptsas_ioc_init failed");
12900 		goto fail;
12901 	}
12902 
12903 	mptsas_alloc_reply_args(mpt);
12904 
12905 	/*
12906 	 * Initialize reply post index.  Reply free index is initialized after
12907 	 * the next loop.
12908 	 */
12909 	mpt->m_post_index = 0;
12910 
12911 	/*
12912 	 * Initialize the Reply Free Queue with the physical addresses of our
12913 	 * reply frames.
12914 	 */
12915 	cookie.dmac_address = mpt->m_reply_frame_dma_addr & 0xffffffffu;
12916 	for (i = 0; i < mpt->m_max_replies; i++) {
12917 		ddi_put32(mpt->m_acc_free_queue_hdl,
12918 		    &((uint32_t *)(void *)mpt->m_free_queue)[i],
12919 		    cookie.dmac_address);
12920 		cookie.dmac_address += mpt->m_reply_frame_size;
12921 	}
12922 	(void) ddi_dma_sync(mpt->m_dma_free_queue_hdl, 0, 0,
12923 	    DDI_DMA_SYNC_FORDEV);
12924 
12925 	/*
12926 	 * Initialize the reply free index to one past the last frame on the
12927 	 * queue.  This will signify that the queue is empty to start with.
12928 	 */
12929 	mpt->m_free_index = i;
12930 	ddi_put32(mpt->m_datap, &mpt->m_reg->ReplyFreeHostIndex, i);
12931 
12932 	/*
12933 	 * Initialize the reply post queue to 0xFFFFFFFF,0xFFFFFFFF's.
12934 	 */
12935 	for (i = 0; i < mpt->m_post_queue_depth; i++) {
12936 		ddi_put64(mpt->m_acc_post_queue_hdl,
12937 		    &((uint64_t *)(void *)mpt->m_post_queue)[i],
12938 		    0xFFFFFFFFFFFFFFFF);
12939 	}
12940 	(void) ddi_dma_sync(mpt->m_dma_post_queue_hdl, 0, 0,
12941 	    DDI_DMA_SYNC_FORDEV);
12942 
12943 	/*
12944 	 * Enable ports
12945 	 */
12946 	if (mptsas_ioc_enable_port(mpt) == DDI_FAILURE) {
12947 		mptsas_log(mpt, CE_WARN, "mptsas_ioc_enable_port failed");
12948 		goto fail;
12949 	}
12950 
12951 	/*
12952 	 * enable events
12953 	 */
12954 	if (mptsas_ioc_enable_event_notification(mpt)) {
12955 		mptsas_log(mpt, CE_WARN,
12956 		    "mptsas_ioc_enable_event_notification failed");
12957 		goto fail;
12958 	}
12959 
12960 	/*
12961 	 * We need checks in attach and these.
12962 	 * chip_init is called in mult. places
12963 	 */
12964 
12965 	if ((mptsas_check_dma_handle(mpt->m_dma_req_frame_hdl) !=
12966 	    DDI_SUCCESS) ||
12967 	    (mptsas_check_dma_handle(mpt->m_dma_req_sense_hdl) !=
12968 	    DDI_SUCCESS) ||
12969 	    (mptsas_check_dma_handle(mpt->m_dma_reply_frame_hdl) !=
12970 	    DDI_SUCCESS) ||
12971 	    (mptsas_check_dma_handle(mpt->m_dma_free_queue_hdl) !=
12972 	    DDI_SUCCESS) ||
12973 	    (mptsas_check_dma_handle(mpt->m_dma_post_queue_hdl) !=
12974 	    DDI_SUCCESS) ||
12975 	    (mptsas_check_dma_handle(mpt->m_hshk_dma_hdl) !=
12976 	    DDI_SUCCESS)) {
12977 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
12978 		goto fail;
12979 	}
12980 
12981 	/* Check all acc handles */
12982 	if ((mptsas_check_acc_handle(mpt->m_datap) != DDI_SUCCESS) ||
12983 	    (mptsas_check_acc_handle(mpt->m_acc_req_frame_hdl) !=
12984 	    DDI_SUCCESS) ||
12985 	    (mptsas_check_acc_handle(mpt->m_acc_req_sense_hdl) !=
12986 	    DDI_SUCCESS) ||
12987 	    (mptsas_check_acc_handle(mpt->m_acc_reply_frame_hdl) !=
12988 	    DDI_SUCCESS) ||
12989 	    (mptsas_check_acc_handle(mpt->m_acc_free_queue_hdl) !=
12990 	    DDI_SUCCESS) ||
12991 	    (mptsas_check_acc_handle(mpt->m_acc_post_queue_hdl) !=
12992 	    DDI_SUCCESS) ||
12993 	    (mptsas_check_acc_handle(mpt->m_hshk_acc_hdl) !=
12994 	    DDI_SUCCESS) ||
12995 	    (mptsas_check_acc_handle(mpt->m_config_handle) !=
12996 	    DDI_SUCCESS)) {
12997 		ddi_fm_service_impact(mpt->m_dip, DDI_SERVICE_UNAFFECTED);
12998 		goto fail;
12999 	}
13000 
13001 	return (DDI_SUCCESS);
13002 
13003 fail:
13004 	return (DDI_FAILURE);
13005 }
13006 
13007 static int
13008 mptsas_get_pci_cap(mptsas_t *mpt)
13009 {
13010 	ushort_t caps_ptr, cap, cap_count;
13011 
13012 	if (mpt->m_config_handle == NULL)
13013 		return (FALSE);
13014 	/*
13015 	 * Check if capabilities list is supported and if so,
13016 	 * get initial capabilities pointer and clear bits 0,1.
13017 	 */
13018 	if (pci_config_get16(mpt->m_config_handle, PCI_CONF_STAT)
13019 	    & PCI_STAT_CAP) {
13020 		caps_ptr = P2ALIGN(pci_config_get8(mpt->m_config_handle,
13021 		    PCI_CONF_CAP_PTR), 4);
13022 	} else {
13023 		caps_ptr = PCI_CAP_NEXT_PTR_NULL;
13024 	}
13025 
13026 	/*
13027 	 * Walk capabilities if supported.
13028 	 */
13029 	for (cap_count = 0; caps_ptr != PCI_CAP_NEXT_PTR_NULL; ) {
13030 
13031 		/*
13032 		 * Check that we haven't exceeded the maximum number of
13033 		 * capabilities and that the pointer is in a valid range.
13034 		 */
13035 		if (++cap_count > 48) {
13036 			mptsas_log(mpt, CE_WARN,
13037 			    "too many device capabilities.\n");
13038 			break;
13039 		}
13040 		if (caps_ptr < 64) {
13041 			mptsas_log(mpt, CE_WARN,
13042 			    "capabilities pointer 0x%x out of range.\n",
13043 			    caps_ptr);
13044 			break;
13045 		}
13046 
13047 		/*
13048 		 * Get next capability and check that it is valid.
13049 		 * For now, we only support power management.
13050 		 */
13051 		cap = pci_config_get8(mpt->m_config_handle, caps_ptr);
13052 		switch (cap) {
13053 			case PCI_CAP_ID_PM:
13054 				mptsas_log(mpt, CE_NOTE,
13055 				    "?mptsas%d supports power management.\n",
13056 				    mpt->m_instance);
13057 				mpt->m_options |= MPTSAS_OPT_PM;
13058 
13059 				/* Save PMCSR offset */
13060 				mpt->m_pmcsr_offset = caps_ptr + PCI_PMCSR;
13061 				break;
13062 			/*
13063 			 * The following capabilities are valid.  Any others
13064 			 * will cause a message to be logged.
13065 			 */
13066 			case PCI_CAP_ID_VPD:
13067 			case PCI_CAP_ID_MSI:
13068 			case PCI_CAP_ID_PCIX:
13069 			case PCI_CAP_ID_PCI_E:
13070 			case PCI_CAP_ID_MSI_X:
13071 				break;
13072 			default:
13073 				mptsas_log(mpt, CE_NOTE,
13074 				    "?mptsas%d unrecognized capability "
13075 				    "0x%x.\n", mpt->m_instance, cap);
13076 				break;
13077 		}
13078 
13079 		/*
13080 		 * Get next capabilities pointer and clear bits 0,1.
13081 		 */
13082 		caps_ptr = P2ALIGN(pci_config_get8(mpt->m_config_handle,
13083 		    (caps_ptr + PCI_CAP_NEXT_PTR)), 4);
13084 	}
13085 	return (TRUE);
13086 }
13087 
13088 static int
13089 mptsas_init_pm(mptsas_t *mpt)
13090 {
13091 	char		pmc_name[16];
13092 	char		*pmc[] = {
13093 				NULL,
13094 				"0=Off (PCI D3 State)",
13095 				"3=On (PCI D0 State)",
13096 				NULL
13097 			};
13098 	uint16_t	pmcsr_stat;
13099 
13100 	if (mptsas_get_pci_cap(mpt) == FALSE) {
13101 		return (DDI_FAILURE);
13102 	}
13103 	/*
13104 	 * If PCI's capability does not support PM, then don't need
13105 	 * to registe the pm-components
13106 	 */
13107 	if (!(mpt->m_options & MPTSAS_OPT_PM))
13108 		return (DDI_SUCCESS);
13109 	/*
13110 	 * If power management is supported by this chip, create
13111 	 * pm-components property for the power management framework
13112 	 */
13113 	(void) sprintf(pmc_name, "NAME=mptsas%d", mpt->m_instance);
13114 	pmc[0] = pmc_name;
13115 	if (ddi_prop_update_string_array(DDI_DEV_T_NONE, mpt->m_dip,
13116 	    "pm-components", pmc, 3) != DDI_PROP_SUCCESS) {
13117 		mpt->m_options &= ~MPTSAS_OPT_PM;
13118 		mptsas_log(mpt, CE_WARN,
13119 		    "mptsas%d: pm-component property creation failed.",
13120 		    mpt->m_instance);
13121 		return (DDI_FAILURE);
13122 	}
13123 
13124 	/*
13125 	 * Power on device.
13126 	 */
13127 	(void) pm_busy_component(mpt->m_dip, 0);
13128 	pmcsr_stat = pci_config_get16(mpt->m_config_handle,
13129 	    mpt->m_pmcsr_offset);
13130 	if ((pmcsr_stat & PCI_PMCSR_STATE_MASK) != PCI_PMCSR_D0) {
13131 		mptsas_log(mpt, CE_WARN, "mptsas%d: Power up the device",
13132 		    mpt->m_instance);
13133 		pci_config_put16(mpt->m_config_handle, mpt->m_pmcsr_offset,
13134 		    PCI_PMCSR_D0);
13135 	}
13136 	if (pm_power_has_changed(mpt->m_dip, 0, PM_LEVEL_D0) != DDI_SUCCESS) {
13137 		mptsas_log(mpt, CE_WARN, "pm_power_has_changed failed");
13138 		return (DDI_FAILURE);
13139 	}
13140 	mpt->m_power_level = PM_LEVEL_D0;
13141 	/*
13142 	 * Set pm idle delay.
13143 	 */
13144 	mpt->m_pm_idle_delay = ddi_prop_get_int(DDI_DEV_T_ANY,
13145 	    mpt->m_dip, 0, "mptsas-pm-idle-delay", MPTSAS_PM_IDLE_TIMEOUT);
13146 
13147 	return (DDI_SUCCESS);
13148 }
13149 
13150 static int
13151 mptsas_register_intrs(mptsas_t *mpt)
13152 {
13153 	dev_info_t *dip;
13154 	int intr_types;
13155 
13156 	dip = mpt->m_dip;
13157 
13158 	/* Get supported interrupt types */
13159 	if (ddi_intr_get_supported_types(dip, &intr_types) != DDI_SUCCESS) {
13160 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_supported_types "
13161 		    "failed\n");
13162 		return (FALSE);
13163 	}
13164 
13165 	NDBG6(("ddi_intr_get_supported_types() returned: 0x%x", intr_types));
13166 
13167 	/*
13168 	 * Try MSI, but fall back to FIXED
13169 	 */
13170 	if (mptsas_enable_msi && (intr_types & DDI_INTR_TYPE_MSI)) {
13171 		if (mptsas_add_intrs(mpt, DDI_INTR_TYPE_MSI) == DDI_SUCCESS) {
13172 			NDBG0(("Using MSI interrupt type"));
13173 			mpt->m_intr_type = DDI_INTR_TYPE_MSI;
13174 			return (TRUE);
13175 		}
13176 	}
13177 	if (intr_types & DDI_INTR_TYPE_FIXED) {
13178 		if (mptsas_add_intrs(mpt, DDI_INTR_TYPE_FIXED) == DDI_SUCCESS) {
13179 			NDBG0(("Using FIXED interrupt type"));
13180 			mpt->m_intr_type = DDI_INTR_TYPE_FIXED;
13181 			return (TRUE);
13182 		} else {
13183 			NDBG0(("FIXED interrupt registration failed"));
13184 			return (FALSE);
13185 		}
13186 	}
13187 
13188 	return (FALSE);
13189 }
13190 
13191 static void
13192 mptsas_unregister_intrs(mptsas_t *mpt)
13193 {
13194 	mptsas_rem_intrs(mpt);
13195 }
13196 
13197 /*
13198  * mptsas_add_intrs:
13199  *
13200  * Register FIXED or MSI interrupts.
13201  */
13202 static int
13203 mptsas_add_intrs(mptsas_t *mpt, int intr_type)
13204 {
13205 	dev_info_t	*dip = mpt->m_dip;
13206 	int		avail, actual, count = 0;
13207 	int		i, flag, ret;
13208 
13209 	NDBG6(("mptsas_add_intrs:interrupt type 0x%x", intr_type));
13210 
13211 	/* Get number of interrupts */
13212 	ret = ddi_intr_get_nintrs(dip, intr_type, &count);
13213 	if ((ret != DDI_SUCCESS) || (count <= 0)) {
13214 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_nintrs() failed, "
13215 		    "ret %d count %d\n", ret, count);
13216 
13217 		return (DDI_FAILURE);
13218 	}
13219 
13220 	/* Get number of available interrupts */
13221 	ret = ddi_intr_get_navail(dip, intr_type, &avail);
13222 	if ((ret != DDI_SUCCESS) || (avail == 0)) {
13223 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_navail() failed, "
13224 		    "ret %d avail %d\n", ret, avail);
13225 
13226 		return (DDI_FAILURE);
13227 	}
13228 
13229 	if (avail < count) {
13230 		mptsas_log(mpt, CE_NOTE, "ddi_intr_get_nvail returned %d, "
13231 		    "navail() returned %d", count, avail);
13232 	}
13233 
13234 	/* Mpt only have one interrupt routine */
13235 	if ((intr_type == DDI_INTR_TYPE_MSI) && (count > 1)) {
13236 		count = 1;
13237 	}
13238 
13239 	/* Allocate an array of interrupt handles */
13240 	mpt->m_intr_size = count * sizeof (ddi_intr_handle_t);
13241 	mpt->m_htable = kmem_alloc(mpt->m_intr_size, KM_SLEEP);
13242 
13243 	flag = DDI_INTR_ALLOC_NORMAL;
13244 
13245 	/* call ddi_intr_alloc() */
13246 	ret = ddi_intr_alloc(dip, mpt->m_htable, intr_type, 0,
13247 	    count, &actual, flag);
13248 
13249 	if ((ret != DDI_SUCCESS) || (actual == 0)) {
13250 		mptsas_log(mpt, CE_WARN, "ddi_intr_alloc() failed, ret %d\n",
13251 		    ret);
13252 		kmem_free(mpt->m_htable, mpt->m_intr_size);
13253 		return (DDI_FAILURE);
13254 	}
13255 
13256 	/* use interrupt count returned or abort? */
13257 	if (actual < count) {
13258 		mptsas_log(mpt, CE_NOTE, "Requested: %d, Received: %d\n",
13259 		    count, actual);
13260 	}
13261 
13262 	mpt->m_intr_cnt = actual;
13263 
13264 	/*
13265 	 * Get priority for first msi, assume remaining are all the same
13266 	 */
13267 	if ((ret = ddi_intr_get_pri(mpt->m_htable[0],
13268 	    &mpt->m_intr_pri)) != DDI_SUCCESS) {
13269 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_pri() failed %d\n", ret);
13270 
13271 		/* Free already allocated intr */
13272 		for (i = 0; i < actual; i++) {
13273 			(void) ddi_intr_free(mpt->m_htable[i]);
13274 		}
13275 
13276 		kmem_free(mpt->m_htable, mpt->m_intr_size);
13277 		return (DDI_FAILURE);
13278 	}
13279 
13280 	/* Test for high level mutex */
13281 	if (mpt->m_intr_pri >= ddi_intr_get_hilevel_pri()) {
13282 		mptsas_log(mpt, CE_WARN, "mptsas_add_intrs: "
13283 		    "Hi level interrupt not supported\n");
13284 
13285 		/* Free already allocated intr */
13286 		for (i = 0; i < actual; i++) {
13287 			(void) ddi_intr_free(mpt->m_htable[i]);
13288 		}
13289 
13290 		kmem_free(mpt->m_htable, mpt->m_intr_size);
13291 		return (DDI_FAILURE);
13292 	}
13293 
13294 	/* Call ddi_intr_add_handler() */
13295 	for (i = 0; i < actual; i++) {
13296 		if ((ret = ddi_intr_add_handler(mpt->m_htable[i], mptsas_intr,
13297 		    (caddr_t)mpt, (caddr_t)(uintptr_t)i)) != DDI_SUCCESS) {
13298 			mptsas_log(mpt, CE_WARN, "ddi_intr_add_handler() "
13299 			    "failed %d\n", ret);
13300 
13301 			/* Free already allocated intr */
13302 			for (i = 0; i < actual; i++) {
13303 				(void) ddi_intr_free(mpt->m_htable[i]);
13304 			}
13305 
13306 			kmem_free(mpt->m_htable, mpt->m_intr_size);
13307 			return (DDI_FAILURE);
13308 		}
13309 	}
13310 
13311 	if ((ret = ddi_intr_get_cap(mpt->m_htable[0], &mpt->m_intr_cap))
13312 	    != DDI_SUCCESS) {
13313 		mptsas_log(mpt, CE_WARN, "ddi_intr_get_cap() failed %d\n", ret);
13314 
13315 		/* Free already allocated intr */
13316 		for (i = 0; i < actual; i++) {
13317 			(void) ddi_intr_free(mpt->m_htable[i]);
13318 		}
13319 
13320 		kmem_free(mpt->m_htable, mpt->m_intr_size);
13321 		return (DDI_FAILURE);
13322 	}
13323 
13324 	/*
13325 	 * Enable interrupts
13326 	 */
13327 	if (mpt->m_intr_cap & DDI_INTR_FLAG_BLOCK) {
13328 		/* Call ddi_intr_block_enable() for MSI interrupts */
13329 		(void) ddi_intr_block_enable(mpt->m_htable, mpt->m_intr_cnt);
13330 	} else {
13331 		/* Call ddi_intr_enable for MSI or FIXED interrupts */
13332 		for (i = 0; i < mpt->m_intr_cnt; i++) {
13333 			(void) ddi_intr_enable(mpt->m_htable[i]);
13334 		}
13335 	}
13336 	return (DDI_SUCCESS);
13337 }
13338 
13339 /*
13340  * mptsas_rem_intrs:
13341  *
13342  * Unregister FIXED or MSI interrupts
13343  */
13344 static void
13345 mptsas_rem_intrs(mptsas_t *mpt)
13346 {
13347 	int	i;
13348 
13349 	NDBG6(("mptsas_rem_intrs"));
13350 
13351 	/* Disable all interrupts */
13352 	if (mpt->m_intr_cap & DDI_INTR_FLAG_BLOCK) {
13353 		/* Call ddi_intr_block_disable() */
13354 		(void) ddi_intr_block_disable(mpt->m_htable, mpt->m_intr_cnt);
13355 	} else {
13356 		for (i = 0; i < mpt->m_intr_cnt; i++) {
13357 			(void) ddi_intr_disable(mpt->m_htable[i]);
13358 		}
13359 	}
13360 
13361 	/* Call ddi_intr_remove_handler() */
13362 	for (i = 0; i < mpt->m_intr_cnt; i++) {
13363 		(void) ddi_intr_remove_handler(mpt->m_htable[i]);
13364 		(void) ddi_intr_free(mpt->m_htable[i]);
13365 	}
13366 
13367 	kmem_free(mpt->m_htable, mpt->m_intr_size);
13368 }
13369 
13370 /*
13371  * The IO fault service error handling callback function
13372  */
13373 /*ARGSUSED*/
13374 static int
13375 mptsas_fm_error_cb(dev_info_t *dip, ddi_fm_error_t *err, const void *impl_data)
13376 {
13377 	/*
13378 	 * as the driver can always deal with an error in any dma or
13379 	 * access handle, we can just return the fme_status value.
13380 	 */
13381 	pci_ereport_post(dip, err, NULL);
13382 	return (err->fme_status);
13383 }
13384 
13385 /*
13386  * mptsas_fm_init - initialize fma capabilities and register with IO
13387  *               fault services.
13388  */
13389 static void
13390 mptsas_fm_init(mptsas_t *mpt)
13391 {
13392 	/*
13393 	 * Need to change iblock to priority for new MSI intr
13394 	 */
13395 	ddi_iblock_cookie_t	fm_ibc;
13396 
13397 	/* Only register with IO Fault Services if we have some capability */
13398 	if (mpt->m_fm_capabilities) {
13399 		/* Adjust access and dma attributes for FMA */
13400 		mpt->m_reg_acc_attr.devacc_attr_access = DDI_FLAGERR_ACC;
13401 		mpt->m_msg_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR;
13402 		mpt->m_io_dma_attr.dma_attr_flags |= DDI_DMA_FLAGERR;
13403 
13404 		/*
13405 		 * Register capabilities with IO Fault Services.
13406 		 * mpt->m_fm_capabilities will be updated to indicate
13407 		 * capabilities actually supported (not requested.)
13408 		 */
13409 		ddi_fm_init(mpt->m_dip, &mpt->m_fm_capabilities, &fm_ibc);
13410 
13411 		/*
13412 		 * Initialize pci ereport capabilities if ereport
13413 		 * capable (should always be.)
13414 		 */
13415 		if (DDI_FM_EREPORT_CAP(mpt->m_fm_capabilities) ||
13416 		    DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
13417 			pci_ereport_setup(mpt->m_dip);
13418 		}
13419 
13420 		/*
13421 		 * Register error callback if error callback capable.
13422 		 */
13423 		if (DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
13424 			ddi_fm_handler_register(mpt->m_dip,
13425 			    mptsas_fm_error_cb, (void *) mpt);
13426 		}
13427 	}
13428 }
13429 
13430 /*
13431  * mptsas_fm_fini - Releases fma capabilities and un-registers with IO
13432  *               fault services.
13433  *
13434  */
13435 static void
13436 mptsas_fm_fini(mptsas_t *mpt)
13437 {
13438 	/* Only unregister FMA capabilities if registered */
13439 	if (mpt->m_fm_capabilities) {
13440 
13441 		/*
13442 		 * Un-register error callback if error callback capable.
13443 		 */
13444 
13445 		if (DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
13446 			ddi_fm_handler_unregister(mpt->m_dip);
13447 		}
13448 
13449 		/*
13450 		 * Release any resources allocated by pci_ereport_setup()
13451 		 */
13452 
13453 		if (DDI_FM_EREPORT_CAP(mpt->m_fm_capabilities) ||
13454 		    DDI_FM_ERRCB_CAP(mpt->m_fm_capabilities)) {
13455 			pci_ereport_teardown(mpt->m_dip);
13456 		}
13457 
13458 		/* Unregister from IO Fault Services */
13459 		ddi_fm_fini(mpt->m_dip);
13460 
13461 		/* Adjust access and dma attributes for FMA */
13462 		mpt->m_reg_acc_attr.devacc_attr_access = DDI_DEFAULT_ACC;
13463 		mpt->m_msg_dma_attr.dma_attr_flags &= ~DDI_DMA_FLAGERR;
13464 		mpt->m_io_dma_attr.dma_attr_flags &= ~DDI_DMA_FLAGERR;
13465 
13466 	}
13467 }
13468 
13469 int
13470 mptsas_check_acc_handle(ddi_acc_handle_t handle)
13471 {
13472 	ddi_fm_error_t	de;
13473 
13474 	if (handle == NULL)
13475 		return (DDI_FAILURE);
13476 	ddi_fm_acc_err_get(handle, &de, DDI_FME_VER0);
13477 	return (de.fme_status);
13478 }
13479 
13480 int
13481 mptsas_check_dma_handle(ddi_dma_handle_t handle)
13482 {
13483 	ddi_fm_error_t	de;
13484 
13485 	if (handle == NULL)
13486 		return (DDI_FAILURE);
13487 	ddi_fm_dma_err_get(handle, &de, DDI_FME_VER0);
13488 	return (de.fme_status);
13489 }
13490 
13491 void
13492 mptsas_fm_ereport(mptsas_t *mpt, char *detail)
13493 {
13494 	uint64_t	ena;
13495 	char		buf[FM_MAX_CLASS];
13496 
13497 	(void) snprintf(buf, FM_MAX_CLASS, "%s.%s", DDI_FM_DEVICE, detail);
13498 	ena = fm_ena_generate(0, FM_ENA_FMT1);
13499 	if (DDI_FM_EREPORT_CAP(mpt->m_fm_capabilities)) {
13500 		ddi_fm_ereport_post(mpt->m_dip, buf, ena, DDI_NOSLEEP,
13501 		    FM_VERSION, DATA_TYPE_UINT8, FM_EREPORT_VERS0, NULL);
13502 	}
13503 }
13504 
13505 static int
13506 mptsas_get_target_device_info(mptsas_t *mpt, uint32_t page_address,
13507     uint16_t *dev_handle, mptsas_target_t **pptgt)
13508 {
13509 	int		rval;
13510 	uint32_t	dev_info;
13511 	uint64_t	sas_wwn;
13512 	mptsas_phymask_t phymask;
13513 	uint8_t		physport, phynum, config, disk;
13514 	uint64_t	devicename;
13515 	uint16_t	pdev_hdl;
13516 	mptsas_target_t	*tmp_tgt = NULL;
13517 	uint16_t	bay_num, enclosure, io_flags;
13518 
13519 	ASSERT(*pptgt == NULL);
13520 
13521 	rval = mptsas_get_sas_device_page0(mpt, page_address, dev_handle,
13522 	    &sas_wwn, &dev_info, &physport, &phynum, &pdev_hdl,
13523 	    &bay_num, &enclosure, &io_flags);
13524 	if (rval != DDI_SUCCESS) {
13525 		rval = DEV_INFO_FAIL_PAGE0;
13526 		return (rval);
13527 	}
13528 
13529 	if ((dev_info & (MPI2_SAS_DEVICE_INFO_SSP_TARGET |
13530 	    MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
13531 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) == NULL) {
13532 		rval = DEV_INFO_WRONG_DEVICE_TYPE;
13533 		return (rval);
13534 	}
13535 
13536 	/*
13537 	 * Check if the dev handle is for a Phys Disk. If so, set return value
13538 	 * and exit.  Don't add Phys Disks to hash.
13539 	 */
13540 	for (config = 0; config < mpt->m_num_raid_configs; config++) {
13541 		for (disk = 0; disk < MPTSAS_MAX_DISKS_IN_CONFIG; disk++) {
13542 			if (*dev_handle == mpt->m_raidconfig[config].
13543 			    m_physdisk_devhdl[disk]) {
13544 				rval = DEV_INFO_PHYS_DISK;
13545 				return (rval);
13546 			}
13547 		}
13548 	}
13549 
13550 	/*
13551 	 * Get SATA Device Name from SAS device page0 for
13552 	 * sata device, if device name doesn't exist, set mta_wwn to
13553 	 * 0 for direct attached SATA. For the device behind the expander
13554 	 * we still can use STP address assigned by expander.
13555 	 */
13556 	if (dev_info & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
13557 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
13558 		mutex_exit(&mpt->m_mutex);
13559 		/* alloc a tmp_tgt to send the cmd */
13560 		tmp_tgt = kmem_zalloc(sizeof (struct mptsas_target),
13561 		    KM_SLEEP);
13562 		tmp_tgt->m_devhdl = *dev_handle;
13563 		tmp_tgt->m_deviceinfo = dev_info;
13564 		tmp_tgt->m_qfull_retries = QFULL_RETRIES;
13565 		tmp_tgt->m_qfull_retry_interval =
13566 		    drv_usectohz(QFULL_RETRY_INTERVAL * 1000);
13567 		tmp_tgt->m_t_throttle = MAX_THROTTLE;
13568 		devicename = mptsas_get_sata_guid(mpt, tmp_tgt, 0);
13569 		kmem_free(tmp_tgt, sizeof (struct mptsas_target));
13570 		mutex_enter(&mpt->m_mutex);
13571 		if (devicename != 0 && (((devicename >> 56) & 0xf0) == 0x50)) {
13572 			sas_wwn = devicename;
13573 		} else if (dev_info & MPI2_SAS_DEVICE_INFO_DIRECT_ATTACH) {
13574 			sas_wwn = 0;
13575 		}
13576 	}
13577 
13578 	phymask = mptsas_physport_to_phymask(mpt, physport);
13579 	*pptgt = mptsas_tgt_alloc(mpt, *dev_handle, sas_wwn,
13580 	    dev_info, phymask, phynum);
13581 	if (*pptgt == NULL) {
13582 		mptsas_log(mpt, CE_WARN, "Failed to allocated target"
13583 		    "structure!");
13584 		rval = DEV_INFO_FAIL_ALLOC;
13585 		return (rval);
13586 	}
13587 	(*pptgt)->m_io_flags = io_flags;
13588 	(*pptgt)->m_enclosure = enclosure;
13589 	(*pptgt)->m_slot_num = bay_num;
13590 	return (DEV_INFO_SUCCESS);
13591 }
13592 
13593 uint64_t
13594 mptsas_get_sata_guid(mptsas_t *mpt, mptsas_target_t *ptgt, int lun)
13595 {
13596 	uint64_t	sata_guid = 0, *pwwn = NULL;
13597 	int		target = ptgt->m_devhdl;
13598 	uchar_t		*inq83 = NULL;
13599 	int		inq83_len = 0xFF;
13600 	uchar_t		*dblk = NULL;
13601 	int		inq83_retry = 3;
13602 	int		rval = DDI_FAILURE;
13603 
13604 	inq83	= kmem_zalloc(inq83_len, KM_SLEEP);
13605 
13606 inq83_retry:
13607 	rval = mptsas_inquiry(mpt, ptgt, lun, 0x83, inq83,
13608 	    inq83_len, NULL, 1);
13609 	if (rval != DDI_SUCCESS) {
13610 		mptsas_log(mpt, CE_WARN, "!mptsas request inquiry page "
13611 		    "0x83 for target:%x, lun:%x failed!", target, lun);
13612 		goto out;
13613 	}
13614 	/* According to SAT2, the first descriptor is logic unit name */
13615 	dblk = &inq83[4];
13616 	if ((dblk[1] & 0x30) != 0) {
13617 		mptsas_log(mpt, CE_WARN, "!Descriptor is not lun associated.");
13618 		goto out;
13619 	}
13620 	pwwn = (uint64_t *)(void *)(&dblk[4]);
13621 	if ((dblk[4] & 0xf0) == 0x50) {
13622 		sata_guid = BE_64(*pwwn);
13623 		goto out;
13624 	} else if (dblk[4] == 'A') {
13625 		NDBG20(("SATA drive has no NAA format GUID."));
13626 		goto out;
13627 	} else {
13628 		/* The data is not ready, wait and retry */
13629 		inq83_retry--;
13630 		if (inq83_retry <= 0) {
13631 			goto out;
13632 		}
13633 		NDBG20(("The GUID is not ready, retry..."));
13634 		delay(1 * drv_usectohz(1000000));
13635 		goto inq83_retry;
13636 	}
13637 out:
13638 	kmem_free(inq83, inq83_len);
13639 	return (sata_guid);
13640 }
13641 
13642 static int
13643 mptsas_inquiry(mptsas_t *mpt, mptsas_target_t *ptgt, int lun, uchar_t page,
13644     unsigned char *buf, int len, int *reallen, uchar_t evpd)
13645 {
13646 	uchar_t			cdb[CDB_GROUP0];
13647 	struct scsi_address	ap;
13648 	struct buf		*data_bp = NULL;
13649 	int			resid = 0;
13650 	int			ret = DDI_FAILURE;
13651 
13652 	ASSERT(len <= 0xffff);
13653 
13654 	ap.a_target = MPTSAS_INVALID_DEVHDL;
13655 	ap.a_lun = (uchar_t)(lun);
13656 	ap.a_hba_tran = mpt->m_tran;
13657 
13658 	data_bp = scsi_alloc_consistent_buf(&ap,
13659 	    (struct buf *)NULL, len, B_READ, NULL_FUNC, NULL);
13660 	if (data_bp == NULL) {
13661 		return (ret);
13662 	}
13663 	bzero(cdb, CDB_GROUP0);
13664 	cdb[0] = SCMD_INQUIRY;
13665 	cdb[1] = evpd;
13666 	cdb[2] = page;
13667 	cdb[3] = (len & 0xff00) >> 8;
13668 	cdb[4] = (len & 0x00ff);
13669 	cdb[5] = 0;
13670 
13671 	ret = mptsas_send_scsi_cmd(mpt, &ap, ptgt, &cdb[0], CDB_GROUP0, data_bp,
13672 	    &resid);
13673 	if (ret == DDI_SUCCESS) {
13674 		if (reallen) {
13675 			*reallen = len - resid;
13676 		}
13677 		bcopy((caddr_t)data_bp->b_un.b_addr, buf, len);
13678 	}
13679 	if (data_bp) {
13680 		scsi_free_consistent_buf(data_bp);
13681 	}
13682 	return (ret);
13683 }
13684 
13685 static int
13686 mptsas_send_scsi_cmd(mptsas_t *mpt, struct scsi_address *ap,
13687     mptsas_target_t *ptgt, uchar_t *cdb, int cdblen, struct buf *data_bp,
13688     int *resid)
13689 {
13690 	struct scsi_pkt		*pktp = NULL;
13691 	scsi_hba_tran_t		*tran_clone = NULL;
13692 	mptsas_tgt_private_t	*tgt_private = NULL;
13693 	int			ret = DDI_FAILURE;
13694 
13695 	/*
13696 	 * scsi_hba_tran_t->tran_tgt_private is used to pass the address
13697 	 * information to scsi_init_pkt, allocate a scsi_hba_tran structure
13698 	 * to simulate the cmds from sd
13699 	 */
13700 	tran_clone = kmem_alloc(
13701 	    sizeof (scsi_hba_tran_t), KM_SLEEP);
13702 	if (tran_clone == NULL) {
13703 		goto out;
13704 	}
13705 	bcopy((caddr_t)mpt->m_tran,
13706 	    (caddr_t)tran_clone, sizeof (scsi_hba_tran_t));
13707 	tgt_private = kmem_alloc(
13708 	    sizeof (mptsas_tgt_private_t), KM_SLEEP);
13709 	if (tgt_private == NULL) {
13710 		goto out;
13711 	}
13712 	tgt_private->t_lun = ap->a_lun;
13713 	tgt_private->t_private = ptgt;
13714 	tran_clone->tran_tgt_private = tgt_private;
13715 	ap->a_hba_tran = tran_clone;
13716 
13717 	pktp = scsi_init_pkt(ap, (struct scsi_pkt *)NULL,
13718 	    data_bp, cdblen, sizeof (struct scsi_arq_status),
13719 	    0, PKT_CONSISTENT, NULL, NULL);
13720 	if (pktp == NULL) {
13721 		goto out;
13722 	}
13723 	bcopy(cdb, pktp->pkt_cdbp, cdblen);
13724 	pktp->pkt_flags = FLAG_NOPARITY;
13725 	if (scsi_poll(pktp) < 0) {
13726 		goto out;
13727 	}
13728 	if (((struct scsi_status *)pktp->pkt_scbp)->sts_chk) {
13729 		goto out;
13730 	}
13731 	if (resid != NULL) {
13732 		*resid = pktp->pkt_resid;
13733 	}
13734 
13735 	ret = DDI_SUCCESS;
13736 out:
13737 	if (pktp) {
13738 		scsi_destroy_pkt(pktp);
13739 	}
13740 	if (tran_clone) {
13741 		kmem_free(tran_clone, sizeof (scsi_hba_tran_t));
13742 	}
13743 	if (tgt_private) {
13744 		kmem_free(tgt_private, sizeof (mptsas_tgt_private_t));
13745 	}
13746 	return (ret);
13747 }
13748 static int
13749 mptsas_parse_address(char *name, uint64_t *wwid, uint8_t *phy, int *lun)
13750 {
13751 	char	*cp = NULL;
13752 	char	*ptr = NULL;
13753 	size_t	s = 0;
13754 	char	*wwid_str = NULL;
13755 	char	*lun_str = NULL;
13756 	long	lunnum;
13757 	long	phyid = -1;
13758 	int	rc = DDI_FAILURE;
13759 
13760 	ptr = name;
13761 	ASSERT(ptr[0] == 'w' || ptr[0] == 'p');
13762 	ptr++;
13763 	if ((cp = strchr(ptr, ',')) == NULL) {
13764 		return (DDI_FAILURE);
13765 	}
13766 
13767 	wwid_str = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13768 	s = (uintptr_t)cp - (uintptr_t)ptr;
13769 
13770 	bcopy(ptr, wwid_str, s);
13771 	wwid_str[s] = '\0';
13772 
13773 	ptr = ++cp;
13774 
13775 	if ((cp = strchr(ptr, '\0')) == NULL) {
13776 		goto out;
13777 	}
13778 	lun_str =  kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13779 	s = (uintptr_t)cp - (uintptr_t)ptr;
13780 
13781 	bcopy(ptr, lun_str, s);
13782 	lun_str[s] = '\0';
13783 
13784 	if (name[0] == 'p') {
13785 		rc = ddi_strtol(wwid_str, NULL, 0x10, &phyid);
13786 	} else {
13787 		rc = scsi_wwnstr_to_wwn(wwid_str, wwid);
13788 	}
13789 	if (rc != DDI_SUCCESS)
13790 		goto out;
13791 
13792 	if (phyid != -1) {
13793 		ASSERT(phyid < MPTSAS_MAX_PHYS);
13794 		*phy = (uint8_t)phyid;
13795 	}
13796 	rc = ddi_strtol(lun_str, NULL, 0x10, &lunnum);
13797 	if (rc != 0)
13798 		goto out;
13799 
13800 	*lun = (int)lunnum;
13801 	rc = DDI_SUCCESS;
13802 out:
13803 	if (wwid_str)
13804 		kmem_free(wwid_str, SCSI_MAXNAMELEN);
13805 	if (lun_str)
13806 		kmem_free(lun_str, SCSI_MAXNAMELEN);
13807 
13808 	return (rc);
13809 }
13810 
13811 /*
13812  * mptsas_parse_smp_name() is to parse sas wwn string
13813  * which format is "wWWN"
13814  */
13815 static int
13816 mptsas_parse_smp_name(char *name, uint64_t *wwn)
13817 {
13818 	char	*ptr = name;
13819 
13820 	if (*ptr != 'w') {
13821 		return (DDI_FAILURE);
13822 	}
13823 
13824 	ptr++;
13825 	if (scsi_wwnstr_to_wwn(ptr, wwn)) {
13826 		return (DDI_FAILURE);
13827 	}
13828 	return (DDI_SUCCESS);
13829 }
13830 
13831 static int
13832 mptsas_bus_config(dev_info_t *pdip, uint_t flag,
13833     ddi_bus_config_op_t op, void *arg, dev_info_t **childp)
13834 {
13835 	int		ret = NDI_FAILURE;
13836 	int		circ = 0;
13837 	int		circ1 = 0;
13838 	mptsas_t	*mpt;
13839 	char		*ptr = NULL;
13840 	char		*devnm = NULL;
13841 	uint64_t	wwid = 0;
13842 	uint8_t		phy = 0xFF;
13843 	int		lun = 0;
13844 	uint_t		mflags = flag;
13845 	int		bconfig = TRUE;
13846 
13847 	if (scsi_hba_iport_unit_address(pdip) == 0) {
13848 		return (DDI_FAILURE);
13849 	}
13850 
13851 	mpt = DIP2MPT(pdip);
13852 	if (!mpt) {
13853 		return (DDI_FAILURE);
13854 	}
13855 	/*
13856 	 * Hold the nexus across the bus_config
13857 	 */
13858 	ndi_devi_enter(scsi_vhci_dip, &circ);
13859 	ndi_devi_enter(pdip, &circ1);
13860 	switch (op) {
13861 	case BUS_CONFIG_ONE:
13862 		/* parse wwid/target name out of name given */
13863 		if ((ptr = strchr((char *)arg, '@')) == NULL) {
13864 			ret = NDI_FAILURE;
13865 			break;
13866 		}
13867 		ptr++;
13868 		if (strncmp((char *)arg, "smp", 3) == 0) {
13869 			/*
13870 			 * This is a SMP target device
13871 			 */
13872 			ret = mptsas_parse_smp_name(ptr, &wwid);
13873 			if (ret != DDI_SUCCESS) {
13874 				ret = NDI_FAILURE;
13875 				break;
13876 			}
13877 			ret = mptsas_config_smp(pdip, wwid, childp);
13878 		} else if ((ptr[0] == 'w') || (ptr[0] == 'p')) {
13879 			/*
13880 			 * OBP could pass down a non-canonical form
13881 			 * bootpath without LUN part when LUN is 0.
13882 			 * So driver need adjust the string.
13883 			 */
13884 			if (strchr(ptr, ',') == NULL) {
13885 				devnm = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
13886 				(void) sprintf(devnm, "%s,0", (char *)arg);
13887 				ptr = strchr(devnm, '@');
13888 				ptr++;
13889 			}
13890 
13891 			/*
13892 			 * The device path is wWWID format and the device
13893 			 * is not SMP target device.
13894 			 */
13895 			ret = mptsas_parse_address(ptr, &wwid, &phy, &lun);
13896 			if (ret != DDI_SUCCESS) {
13897 				ret = NDI_FAILURE;
13898 				break;
13899 			}
13900 			*childp = NULL;
13901 			if (ptr[0] == 'w') {
13902 				ret = mptsas_config_one_addr(pdip, wwid,
13903 				    lun, childp);
13904 			} else if (ptr[0] == 'p') {
13905 				ret = mptsas_config_one_phy(pdip, phy, lun,
13906 				    childp);
13907 			}
13908 
13909 			/*
13910 			 * If this is CD/DVD device in OBP path, the
13911 			 * ndi_busop_bus_config can be skipped as config one
13912 			 * operation is done above.
13913 			 */
13914 			if ((ret == NDI_SUCCESS) && (*childp != NULL) &&
13915 			    (strcmp(ddi_node_name(*childp), "cdrom") == 0) &&
13916 			    (strncmp((char *)arg, "disk", 4) == 0)) {
13917 				bconfig = FALSE;
13918 				ndi_hold_devi(*childp);
13919 			}
13920 		} else {
13921 			ret = NDI_FAILURE;
13922 			break;
13923 		}
13924 
13925 		/*
13926 		 * DDI group instructed us to use this flag.
13927 		 */
13928 		mflags |= NDI_MDI_FALLBACK;
13929 		break;
13930 	case BUS_CONFIG_DRIVER:
13931 	case BUS_CONFIG_ALL:
13932 		mptsas_config_all(pdip);
13933 		ret = NDI_SUCCESS;
13934 		break;
13935 	}
13936 
13937 	if ((ret == NDI_SUCCESS) && bconfig) {
13938 		ret = ndi_busop_bus_config(pdip, mflags, op,
13939 		    (devnm == NULL) ? arg : devnm, childp, 0);
13940 	}
13941 
13942 	ndi_devi_exit(pdip, circ1);
13943 	ndi_devi_exit(scsi_vhci_dip, circ);
13944 	if (devnm != NULL)
13945 		kmem_free(devnm, SCSI_MAXNAMELEN);
13946 	return (ret);
13947 }
13948 
13949 static int
13950 mptsas_probe_lun(dev_info_t *pdip, int lun, dev_info_t **dip,
13951     mptsas_target_t *ptgt)
13952 {
13953 	int			rval = DDI_FAILURE;
13954 	struct scsi_inquiry	*sd_inq = NULL;
13955 	mptsas_t		*mpt = DIP2MPT(pdip);
13956 
13957 	sd_inq = (struct scsi_inquiry *)kmem_alloc(SUN_INQSIZE, KM_SLEEP);
13958 
13959 	rval = mptsas_inquiry(mpt, ptgt, lun, 0, (uchar_t *)sd_inq,
13960 	    SUN_INQSIZE, 0, (uchar_t)0);
13961 
13962 	if ((rval == DDI_SUCCESS) && MPTSAS_VALID_LUN(sd_inq)) {
13963 		rval = mptsas_create_lun(pdip, sd_inq, dip, ptgt, lun);
13964 	} else {
13965 		rval = DDI_FAILURE;
13966 	}
13967 
13968 	kmem_free(sd_inq, SUN_INQSIZE);
13969 	return (rval);
13970 }
13971 
13972 static int
13973 mptsas_config_one_addr(dev_info_t *pdip, uint64_t sasaddr, int lun,
13974     dev_info_t **lundip)
13975 {
13976 	int		rval;
13977 	mptsas_t		*mpt = DIP2MPT(pdip);
13978 	int		phymask;
13979 	mptsas_target_t	*ptgt = NULL;
13980 
13981 	/*
13982 	 * Get the physical port associated to the iport
13983 	 */
13984 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
13985 	    "phymask", 0);
13986 
13987 	ptgt = mptsas_wwid_to_ptgt(mpt, phymask, sasaddr);
13988 	if (ptgt == NULL) {
13989 		/*
13990 		 * didn't match any device by searching
13991 		 */
13992 		return (DDI_FAILURE);
13993 	}
13994 	/*
13995 	 * If the LUN already exists and the status is online,
13996 	 * we just return the pointer to dev_info_t directly.
13997 	 * For the mdi_pathinfo node, we'll handle it in
13998 	 * mptsas_create_virt_lun()
13999 	 * TODO should be also in mptsas_handle_dr
14000 	 */
14001 
14002 	*lundip = mptsas_find_child_addr(pdip, sasaddr, lun);
14003 	if (*lundip != NULL) {
14004 		/*
14005 		 * TODO Another senario is, we hotplug the same disk
14006 		 * on the same slot, the devhdl changed, is this
14007 		 * possible?
14008 		 * tgt_private->t_private != ptgt
14009 		 */
14010 		if (sasaddr != ptgt->m_addr.mta_wwn) {
14011 			/*
14012 			 * The device has changed although the devhdl is the
14013 			 * same (Enclosure mapping mode, change drive on the
14014 			 * same slot)
14015 			 */
14016 			return (DDI_FAILURE);
14017 		}
14018 		return (DDI_SUCCESS);
14019 	}
14020 
14021 	if (phymask == 0) {
14022 		/*
14023 		 * Configure IR volume
14024 		 */
14025 		rval =  mptsas_config_raid(pdip, ptgt->m_devhdl, lundip);
14026 		return (rval);
14027 	}
14028 	rval = mptsas_probe_lun(pdip, lun, lundip, ptgt);
14029 
14030 	return (rval);
14031 }
14032 
14033 static int
14034 mptsas_config_one_phy(dev_info_t *pdip, uint8_t phy, int lun,
14035     dev_info_t **lundip)
14036 {
14037 	int		rval;
14038 	mptsas_t	*mpt = DIP2MPT(pdip);
14039 	mptsas_phymask_t phymask;
14040 	mptsas_target_t	*ptgt = NULL;
14041 
14042 	/*
14043 	 * Get the physical port associated to the iport
14044 	 */
14045 	phymask = (mptsas_phymask_t)ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
14046 	    "phymask", 0);
14047 
14048 	ptgt = mptsas_phy_to_tgt(mpt, phymask, phy);
14049 	if (ptgt == NULL) {
14050 		/*
14051 		 * didn't match any device by searching
14052 		 */
14053 		return (DDI_FAILURE);
14054 	}
14055 
14056 	/*
14057 	 * If the LUN already exists and the status is online,
14058 	 * we just return the pointer to dev_info_t directly.
14059 	 * For the mdi_pathinfo node, we'll handle it in
14060 	 * mptsas_create_virt_lun().
14061 	 */
14062 
14063 	*lundip = mptsas_find_child_phy(pdip, phy);
14064 	if (*lundip != NULL) {
14065 		return (DDI_SUCCESS);
14066 	}
14067 
14068 	rval = mptsas_probe_lun(pdip, lun, lundip, ptgt);
14069 
14070 	return (rval);
14071 }
14072 
14073 static int
14074 mptsas_retrieve_lundata(int lun_cnt, uint8_t *buf, uint16_t *lun_num,
14075     uint8_t *lun_addr_type)
14076 {
14077 	uint32_t	lun_idx = 0;
14078 
14079 	ASSERT(lun_num != NULL);
14080 	ASSERT(lun_addr_type != NULL);
14081 
14082 	lun_idx = (lun_cnt + 1) * MPTSAS_SCSI_REPORTLUNS_ADDRESS_SIZE;
14083 	/* determine report luns addressing type */
14084 	switch (buf[lun_idx] & MPTSAS_SCSI_REPORTLUNS_ADDRESS_MASK) {
14085 		/*
14086 		 * Vendors in the field have been found to be concatenating
14087 		 * bus/target/lun to equal the complete lun value instead
14088 		 * of switching to flat space addressing
14089 		 */
14090 		/* 00b - peripheral device addressing method */
14091 	case MPTSAS_SCSI_REPORTLUNS_ADDRESS_PERIPHERAL:
14092 		/* FALLTHRU */
14093 		/* 10b - logical unit addressing method */
14094 	case MPTSAS_SCSI_REPORTLUNS_ADDRESS_LOGICAL_UNIT:
14095 		/* FALLTHRU */
14096 		/* 01b - flat space addressing method */
14097 	case MPTSAS_SCSI_REPORTLUNS_ADDRESS_FLAT_SPACE:
14098 		/* byte0 bit0-5=msb lun byte1 bit0-7=lsb lun */
14099 		*lun_addr_type = (buf[lun_idx] &
14100 		    MPTSAS_SCSI_REPORTLUNS_ADDRESS_MASK) >> 6;
14101 		*lun_num = (buf[lun_idx] & 0x3F) << 8;
14102 		*lun_num |= buf[lun_idx + 1];
14103 		return (DDI_SUCCESS);
14104 	default:
14105 		return (DDI_FAILURE);
14106 	}
14107 }
14108 
14109 static int
14110 mptsas_config_luns(dev_info_t *pdip, mptsas_target_t *ptgt)
14111 {
14112 	struct buf		*repluns_bp = NULL;
14113 	struct scsi_address	ap;
14114 	uchar_t			cdb[CDB_GROUP5];
14115 	int			ret = DDI_FAILURE;
14116 	int			retry = 0;
14117 	int			lun_list_len = 0;
14118 	uint16_t		lun_num = 0;
14119 	uint8_t			lun_addr_type = 0;
14120 	uint32_t		lun_cnt = 0;
14121 	uint32_t		lun_total = 0;
14122 	dev_info_t		*cdip = NULL;
14123 	uint16_t		*saved_repluns = NULL;
14124 	char			*buffer = NULL;
14125 	int			buf_len = 128;
14126 	mptsas_t		*mpt = DIP2MPT(pdip);
14127 	uint64_t		sas_wwn = 0;
14128 	uint8_t			phy = 0xFF;
14129 	uint32_t		dev_info = 0;
14130 
14131 	mutex_enter(&mpt->m_mutex);
14132 	sas_wwn = ptgt->m_addr.mta_wwn;
14133 	phy = ptgt->m_phynum;
14134 	dev_info = ptgt->m_deviceinfo;
14135 	mutex_exit(&mpt->m_mutex);
14136 
14137 	if (sas_wwn == 0) {
14138 		/*
14139 		 * It's a SATA without Device Name
14140 		 * So don't try multi-LUNs
14141 		 */
14142 		if (mptsas_find_child_phy(pdip, phy)) {
14143 			return (DDI_SUCCESS);
14144 		} else {
14145 			/*
14146 			 * need configure and create node
14147 			 */
14148 			return (DDI_FAILURE);
14149 		}
14150 	}
14151 
14152 	/*
14153 	 * WWN (SAS address or Device Name exist)
14154 	 */
14155 	if (dev_info & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
14156 	    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
14157 		/*
14158 		 * SATA device with Device Name
14159 		 * So don't try multi-LUNs
14160 		 */
14161 		if (mptsas_find_child_addr(pdip, sas_wwn, 0)) {
14162 			return (DDI_SUCCESS);
14163 		} else {
14164 			return (DDI_FAILURE);
14165 		}
14166 	}
14167 
14168 	do {
14169 		ap.a_target = MPTSAS_INVALID_DEVHDL;
14170 		ap.a_lun = 0;
14171 		ap.a_hba_tran = mpt->m_tran;
14172 		repluns_bp = scsi_alloc_consistent_buf(&ap,
14173 		    (struct buf *)NULL, buf_len, B_READ, NULL_FUNC, NULL);
14174 		if (repluns_bp == NULL) {
14175 			retry++;
14176 			continue;
14177 		}
14178 		bzero(cdb, CDB_GROUP5);
14179 		cdb[0] = SCMD_REPORT_LUNS;
14180 		cdb[6] = (buf_len & 0xff000000) >> 24;
14181 		cdb[7] = (buf_len & 0x00ff0000) >> 16;
14182 		cdb[8] = (buf_len & 0x0000ff00) >> 8;
14183 		cdb[9] = (buf_len & 0x000000ff);
14184 
14185 		ret = mptsas_send_scsi_cmd(mpt, &ap, ptgt, &cdb[0], CDB_GROUP5,
14186 		    repluns_bp, NULL);
14187 		if (ret != DDI_SUCCESS) {
14188 			scsi_free_consistent_buf(repluns_bp);
14189 			retry++;
14190 			continue;
14191 		}
14192 		lun_list_len = BE_32(*(int *)((void *)(
14193 		    repluns_bp->b_un.b_addr)));
14194 		if (buf_len >= lun_list_len + 8) {
14195 			ret = DDI_SUCCESS;
14196 			break;
14197 		}
14198 		scsi_free_consistent_buf(repluns_bp);
14199 		buf_len = lun_list_len + 8;
14200 
14201 	} while (retry < 3);
14202 
14203 	if (ret != DDI_SUCCESS)
14204 		return (ret);
14205 	buffer = (char *)repluns_bp->b_un.b_addr;
14206 	/*
14207 	 * find out the number of luns returned by the SCSI ReportLun call
14208 	 * and allocate buffer space
14209 	 */
14210 	lun_total = lun_list_len / MPTSAS_SCSI_REPORTLUNS_ADDRESS_SIZE;
14211 	saved_repluns = kmem_zalloc(sizeof (uint16_t) * lun_total, KM_SLEEP);
14212 	if (saved_repluns == NULL) {
14213 		scsi_free_consistent_buf(repluns_bp);
14214 		return (DDI_FAILURE);
14215 	}
14216 	for (lun_cnt = 0; lun_cnt < lun_total; lun_cnt++) {
14217 		if (mptsas_retrieve_lundata(lun_cnt, (uint8_t *)(buffer),
14218 		    &lun_num, &lun_addr_type) != DDI_SUCCESS) {
14219 			continue;
14220 		}
14221 		saved_repluns[lun_cnt] = lun_num;
14222 		if (cdip = mptsas_find_child_addr(pdip, sas_wwn, lun_num))
14223 			ret = DDI_SUCCESS;
14224 		else
14225 			ret = mptsas_probe_lun(pdip, lun_num, &cdip,
14226 			    ptgt);
14227 		if ((ret == DDI_SUCCESS) && (cdip != NULL)) {
14228 			(void) ndi_prop_remove(DDI_DEV_T_NONE, cdip,
14229 			    MPTSAS_DEV_GONE);
14230 		}
14231 	}
14232 	mptsas_offline_missed_luns(pdip, saved_repluns, lun_total, ptgt);
14233 	kmem_free(saved_repluns, sizeof (uint16_t) * lun_total);
14234 	scsi_free_consistent_buf(repluns_bp);
14235 	return (DDI_SUCCESS);
14236 }
14237 
14238 static int
14239 mptsas_config_raid(dev_info_t *pdip, uint16_t target, dev_info_t **dip)
14240 {
14241 	int			rval = DDI_FAILURE;
14242 	struct scsi_inquiry	*sd_inq = NULL;
14243 	mptsas_t		*mpt = DIP2MPT(pdip);
14244 	mptsas_target_t		*ptgt = NULL;
14245 
14246 	mutex_enter(&mpt->m_mutex);
14247 	ptgt = refhash_linear_search(mpt->m_targets,
14248 	    mptsas_target_eval_devhdl, &target);
14249 	mutex_exit(&mpt->m_mutex);
14250 	if (ptgt == NULL) {
14251 		mptsas_log(mpt, CE_WARN, "Volume with VolDevHandle of 0x%x "
14252 		    "not found.", target);
14253 		return (rval);
14254 	}
14255 
14256 	sd_inq = (struct scsi_inquiry *)kmem_alloc(SUN_INQSIZE, KM_SLEEP);
14257 	rval = mptsas_inquiry(mpt, ptgt, 0, 0, (uchar_t *)sd_inq,
14258 	    SUN_INQSIZE, 0, (uchar_t)0);
14259 
14260 	if ((rval == DDI_SUCCESS) && MPTSAS_VALID_LUN(sd_inq)) {
14261 		rval = mptsas_create_phys_lun(pdip, sd_inq, NULL, dip, ptgt,
14262 		    0);
14263 	} else {
14264 		rval = DDI_FAILURE;
14265 	}
14266 
14267 	kmem_free(sd_inq, SUN_INQSIZE);
14268 	return (rval);
14269 }
14270 
14271 /*
14272  * configure all RAID volumes for virtual iport
14273  */
14274 static void
14275 mptsas_config_all_viport(dev_info_t *pdip)
14276 {
14277 	mptsas_t	*mpt = DIP2MPT(pdip);
14278 	int		config, vol;
14279 	int		target;
14280 	dev_info_t	*lundip = NULL;
14281 
14282 	/*
14283 	 * Get latest RAID info and search for any Volume DevHandles.  If any
14284 	 * are found, configure the volume.
14285 	 */
14286 	mutex_enter(&mpt->m_mutex);
14287 	for (config = 0; config < mpt->m_num_raid_configs; config++) {
14288 		for (vol = 0; vol < MPTSAS_MAX_RAIDVOLS; vol++) {
14289 			if (mpt->m_raidconfig[config].m_raidvol[vol].m_israid
14290 			    == 1) {
14291 				target = mpt->m_raidconfig[config].
14292 				    m_raidvol[vol].m_raidhandle;
14293 				mutex_exit(&mpt->m_mutex);
14294 				(void) mptsas_config_raid(pdip, target,
14295 				    &lundip);
14296 				mutex_enter(&mpt->m_mutex);
14297 			}
14298 		}
14299 	}
14300 	mutex_exit(&mpt->m_mutex);
14301 }
14302 
14303 static void
14304 mptsas_offline_missed_luns(dev_info_t *pdip, uint16_t *repluns,
14305     int lun_cnt, mptsas_target_t *ptgt)
14306 {
14307 	dev_info_t	*child = NULL, *savechild = NULL;
14308 	mdi_pathinfo_t	*pip = NULL, *savepip = NULL;
14309 	uint64_t	sas_wwn, wwid;
14310 	uint8_t		phy;
14311 	int		lun;
14312 	int		i;
14313 	int		find;
14314 	char		*addr;
14315 	char		*nodename;
14316 	mptsas_t	*mpt = DIP2MPT(pdip);
14317 
14318 	mutex_enter(&mpt->m_mutex);
14319 	wwid = ptgt->m_addr.mta_wwn;
14320 	mutex_exit(&mpt->m_mutex);
14321 
14322 	child = ddi_get_child(pdip);
14323 	while (child) {
14324 		find = 0;
14325 		savechild = child;
14326 		child = ddi_get_next_sibling(child);
14327 
14328 		nodename = ddi_node_name(savechild);
14329 		if (strcmp(nodename, "smp") == 0) {
14330 			continue;
14331 		}
14332 
14333 		addr = ddi_get_name_addr(savechild);
14334 		if (addr == NULL) {
14335 			continue;
14336 		}
14337 
14338 		if (mptsas_parse_address(addr, &sas_wwn, &phy, &lun) !=
14339 		    DDI_SUCCESS) {
14340 			continue;
14341 		}
14342 
14343 		if (wwid == sas_wwn) {
14344 			for (i = 0; i < lun_cnt; i++) {
14345 				if (repluns[i] == lun) {
14346 					find = 1;
14347 					break;
14348 				}
14349 			}
14350 		} else {
14351 			continue;
14352 		}
14353 		if (find == 0) {
14354 			/*
14355 			 * The lun has not been there already
14356 			 */
14357 			(void) mptsas_offline_lun(pdip, savechild, NULL,
14358 			    NDI_DEVI_REMOVE);
14359 		}
14360 	}
14361 
14362 	pip = mdi_get_next_client_path(pdip, NULL);
14363 	while (pip) {
14364 		find = 0;
14365 		savepip = pip;
14366 		addr = MDI_PI(pip)->pi_addr;
14367 
14368 		pip = mdi_get_next_client_path(pdip, pip);
14369 
14370 		if (addr == NULL) {
14371 			continue;
14372 		}
14373 
14374 		if (mptsas_parse_address(addr, &sas_wwn, &phy,
14375 		    &lun) != DDI_SUCCESS) {
14376 			continue;
14377 		}
14378 
14379 		if (sas_wwn == wwid) {
14380 			for (i = 0; i < lun_cnt; i++) {
14381 				if (repluns[i] == lun) {
14382 					find = 1;
14383 					break;
14384 				}
14385 			}
14386 		} else {
14387 			continue;
14388 		}
14389 
14390 		if (find == 0) {
14391 			/*
14392 			 * The lun has not been there already
14393 			 */
14394 			(void) mptsas_offline_lun(pdip, NULL, savepip,
14395 			    NDI_DEVI_REMOVE);
14396 		}
14397 	}
14398 }
14399 
14400 void
14401 mptsas_update_hashtab(struct mptsas *mpt)
14402 {
14403 	uint32_t	page_address;
14404 	int		rval = 0;
14405 	uint16_t	dev_handle;
14406 	mptsas_target_t	*ptgt = NULL;
14407 	mptsas_smp_t	smp_node;
14408 
14409 	/*
14410 	 * Get latest RAID info.
14411 	 */
14412 	(void) mptsas_get_raid_info(mpt);
14413 
14414 	dev_handle = mpt->m_smp_devhdl;
14415 	for (; mpt->m_done_traverse_smp == 0; ) {
14416 		page_address = (MPI2_SAS_EXPAND_PGAD_FORM_GET_NEXT_HNDL &
14417 		    MPI2_SAS_EXPAND_PGAD_FORM_MASK) | (uint32_t)dev_handle;
14418 		if (mptsas_get_sas_expander_page0(mpt, page_address, &smp_node)
14419 		    != DDI_SUCCESS) {
14420 			break;
14421 		}
14422 		mpt->m_smp_devhdl = dev_handle = smp_node.m_devhdl;
14423 		(void) mptsas_smp_alloc(mpt, &smp_node);
14424 	}
14425 
14426 	/*
14427 	 * Config target devices
14428 	 */
14429 	dev_handle = mpt->m_dev_handle;
14430 
14431 	/*
14432 	 * Do loop to get sas device page 0 by GetNextHandle till the
14433 	 * the last handle. If the sas device is a SATA/SSP target,
14434 	 * we try to config it.
14435 	 */
14436 	for (; mpt->m_done_traverse_dev == 0; ) {
14437 		ptgt = NULL;
14438 		page_address =
14439 		    (MPI2_SAS_DEVICE_PGAD_FORM_GET_NEXT_HANDLE &
14440 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
14441 		    (uint32_t)dev_handle;
14442 		rval = mptsas_get_target_device_info(mpt, page_address,
14443 		    &dev_handle, &ptgt);
14444 		if ((rval == DEV_INFO_FAIL_PAGE0) ||
14445 		    (rval == DEV_INFO_FAIL_ALLOC)) {
14446 			break;
14447 		}
14448 
14449 		mpt->m_dev_handle = dev_handle;
14450 	}
14451 
14452 }
14453 
14454 void
14455 mptsas_update_driver_data(struct mptsas *mpt)
14456 {
14457 	mptsas_target_t *tp;
14458 	mptsas_smp_t *sp;
14459 
14460 	ASSERT(MUTEX_HELD(&mpt->m_mutex));
14461 
14462 	/*
14463 	 * TODO after hard reset, update the driver data structures
14464 	 * 1. update port/phymask mapping table mpt->m_phy_info
14465 	 * 2. invalid all the entries in hash table
14466 	 *    m_devhdl = 0xffff and m_deviceinfo = 0
14467 	 * 3. call sas_device_page/expander_page to update hash table
14468 	 */
14469 	mptsas_update_phymask(mpt);
14470 
14471 	/*
14472 	 * Remove all the devhdls for existing entries but leave their
14473 	 * addresses alone.  In update_hashtab() below, we'll find all
14474 	 * targets that are still present and reassociate them with
14475 	 * their potentially new devhdls.  Leaving the targets around in
14476 	 * this fashion allows them to be used on the tx waitq even
14477 	 * while IOC reset is occurring.
14478 	 */
14479 	for (tp = refhash_first(mpt->m_targets); tp != NULL;
14480 	    tp = refhash_next(mpt->m_targets, tp)) {
14481 		tp->m_devhdl = MPTSAS_INVALID_DEVHDL;
14482 		tp->m_deviceinfo = 0;
14483 		tp->m_dr_flag = MPTSAS_DR_INACTIVE;
14484 	}
14485 	for (sp = refhash_first(mpt->m_smp_targets); sp != NULL;
14486 	    sp = refhash_next(mpt->m_smp_targets, sp)) {
14487 		sp->m_devhdl = MPTSAS_INVALID_DEVHDL;
14488 		sp->m_deviceinfo = 0;
14489 	}
14490 	mpt->m_done_traverse_dev = 0;
14491 	mpt->m_done_traverse_smp = 0;
14492 	mpt->m_dev_handle = mpt->m_smp_devhdl = MPTSAS_INVALID_DEVHDL;
14493 	mptsas_update_hashtab(mpt);
14494 }
14495 
14496 static void
14497 mptsas_config_all(dev_info_t *pdip)
14498 {
14499 	dev_info_t	*smpdip = NULL;
14500 	mptsas_t	*mpt = DIP2MPT(pdip);
14501 	int		phymask = 0;
14502 	mptsas_phymask_t phy_mask;
14503 	mptsas_target_t	*ptgt = NULL;
14504 	mptsas_smp_t	*psmp;
14505 
14506 	/*
14507 	 * Get the phymask associated to the iport
14508 	 */
14509 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
14510 	    "phymask", 0);
14511 
14512 	/*
14513 	 * Enumerate RAID volumes here (phymask == 0).
14514 	 */
14515 	if (phymask == 0) {
14516 		mptsas_config_all_viport(pdip);
14517 		return;
14518 	}
14519 
14520 	mutex_enter(&mpt->m_mutex);
14521 
14522 	if (!mpt->m_done_traverse_dev || !mpt->m_done_traverse_smp) {
14523 		mptsas_update_hashtab(mpt);
14524 	}
14525 
14526 	for (psmp = refhash_first(mpt->m_smp_targets); psmp != NULL;
14527 	    psmp = refhash_next(mpt->m_smp_targets, psmp)) {
14528 		phy_mask = psmp->m_addr.mta_phymask;
14529 		if (phy_mask == phymask) {
14530 			smpdip = NULL;
14531 			mutex_exit(&mpt->m_mutex);
14532 			(void) mptsas_online_smp(pdip, psmp, &smpdip);
14533 			mutex_enter(&mpt->m_mutex);
14534 		}
14535 	}
14536 
14537 	for (ptgt = refhash_first(mpt->m_targets); ptgt != NULL;
14538 	    ptgt = refhash_next(mpt->m_targets, ptgt)) {
14539 		phy_mask = ptgt->m_addr.mta_phymask;
14540 		if (phy_mask == phymask) {
14541 			mutex_exit(&mpt->m_mutex);
14542 			(void) mptsas_config_target(pdip, ptgt);
14543 			mutex_enter(&mpt->m_mutex);
14544 		}
14545 	}
14546 	mutex_exit(&mpt->m_mutex);
14547 }
14548 
14549 static int
14550 mptsas_config_target(dev_info_t *pdip, mptsas_target_t *ptgt)
14551 {
14552 	int		rval = DDI_FAILURE;
14553 	dev_info_t	*tdip;
14554 
14555 	rval = mptsas_config_luns(pdip, ptgt);
14556 	if (rval != DDI_SUCCESS) {
14557 		/*
14558 		 * The return value means the SCMD_REPORT_LUNS
14559 		 * did not execute successfully. The target maybe
14560 		 * doesn't support such command.
14561 		 */
14562 		rval = mptsas_probe_lun(pdip, 0, &tdip, ptgt);
14563 	}
14564 	return (rval);
14565 }
14566 
14567 /*
14568  * Return fail if not all the childs/paths are freed.
14569  * if there is any path under the HBA, the return value will be always fail
14570  * because we didn't call mdi_pi_free for path
14571  */
14572 static int
14573 mptsas_offline_target(dev_info_t *pdip, char *name)
14574 {
14575 	dev_info_t		*child = NULL, *prechild = NULL;
14576 	mdi_pathinfo_t		*pip = NULL, *savepip = NULL;
14577 	int			tmp_rval, rval = DDI_SUCCESS;
14578 	char			*addr, *cp;
14579 	size_t			s;
14580 	mptsas_t		*mpt = DIP2MPT(pdip);
14581 
14582 	child = ddi_get_child(pdip);
14583 	while (child) {
14584 		addr = ddi_get_name_addr(child);
14585 		prechild = child;
14586 		child = ddi_get_next_sibling(child);
14587 
14588 		if (addr == NULL) {
14589 			continue;
14590 		}
14591 		if ((cp = strchr(addr, ',')) == NULL) {
14592 			continue;
14593 		}
14594 
14595 		s = (uintptr_t)cp - (uintptr_t)addr;
14596 
14597 		if (strncmp(addr, name, s) != 0) {
14598 			continue;
14599 		}
14600 
14601 		tmp_rval = mptsas_offline_lun(pdip, prechild, NULL,
14602 		    NDI_DEVI_REMOVE);
14603 		if (tmp_rval != DDI_SUCCESS) {
14604 			rval = DDI_FAILURE;
14605 			if (ndi_prop_create_boolean(DDI_DEV_T_NONE,
14606 			    prechild, MPTSAS_DEV_GONE) !=
14607 			    DDI_PROP_SUCCESS) {
14608 				mptsas_log(mpt, CE_WARN, "mptsas driver "
14609 				    "unable to create property for "
14610 				    "SAS %s (MPTSAS_DEV_GONE)", addr);
14611 			}
14612 		}
14613 	}
14614 
14615 	pip = mdi_get_next_client_path(pdip, NULL);
14616 	while (pip) {
14617 		addr = MDI_PI(pip)->pi_addr;
14618 		savepip = pip;
14619 		pip = mdi_get_next_client_path(pdip, pip);
14620 		if (addr == NULL) {
14621 			continue;
14622 		}
14623 
14624 		if ((cp = strchr(addr, ',')) == NULL) {
14625 			continue;
14626 		}
14627 
14628 		s = (uintptr_t)cp - (uintptr_t)addr;
14629 
14630 		if (strncmp(addr, name, s) != 0) {
14631 			continue;
14632 		}
14633 
14634 		(void) mptsas_offline_lun(pdip, NULL, savepip,
14635 		    NDI_DEVI_REMOVE);
14636 		/*
14637 		 * driver will not invoke mdi_pi_free, so path will not
14638 		 * be freed forever, return DDI_FAILURE.
14639 		 */
14640 		rval = DDI_FAILURE;
14641 	}
14642 	return (rval);
14643 }
14644 
14645 static int
14646 mptsas_offline_lun(dev_info_t *pdip, dev_info_t *rdip,
14647     mdi_pathinfo_t *rpip, uint_t flags)
14648 {
14649 	int		rval = DDI_FAILURE;
14650 	char		*devname;
14651 	dev_info_t	*cdip, *parent;
14652 
14653 	if (rpip != NULL) {
14654 		parent = scsi_vhci_dip;
14655 		cdip = mdi_pi_get_client(rpip);
14656 	} else if (rdip != NULL) {
14657 		parent = pdip;
14658 		cdip = rdip;
14659 	} else {
14660 		return (DDI_FAILURE);
14661 	}
14662 
14663 	/*
14664 	 * Make sure node is attached otherwise
14665 	 * it won't have related cache nodes to
14666 	 * clean up.  i_ddi_devi_attached is
14667 	 * similiar to i_ddi_node_state(cdip) >=
14668 	 * DS_ATTACHED.
14669 	 */
14670 	if (i_ddi_devi_attached(cdip)) {
14671 
14672 		/* Get full devname */
14673 		devname = kmem_alloc(MAXNAMELEN + 1, KM_SLEEP);
14674 		(void) ddi_deviname(cdip, devname);
14675 		/* Clean cache */
14676 		(void) devfs_clean(parent, devname + 1,
14677 		    DV_CLEAN_FORCE);
14678 		kmem_free(devname, MAXNAMELEN + 1);
14679 	}
14680 	if (rpip != NULL) {
14681 		if (MDI_PI_IS_OFFLINE(rpip)) {
14682 			rval = DDI_SUCCESS;
14683 		} else {
14684 			rval = mdi_pi_offline(rpip, 0);
14685 		}
14686 	} else {
14687 		rval = ndi_devi_offline(cdip, flags);
14688 	}
14689 
14690 	return (rval);
14691 }
14692 
14693 static dev_info_t *
14694 mptsas_find_smp_child(dev_info_t *parent, char *str_wwn)
14695 {
14696 	dev_info_t	*child = NULL;
14697 	char		*smp_wwn = NULL;
14698 
14699 	child = ddi_get_child(parent);
14700 	while (child) {
14701 		if (ddi_prop_lookup_string(DDI_DEV_T_ANY, child,
14702 		    DDI_PROP_DONTPASS, SMP_WWN, &smp_wwn)
14703 		    != DDI_SUCCESS) {
14704 			child = ddi_get_next_sibling(child);
14705 			continue;
14706 		}
14707 
14708 		if (strcmp(smp_wwn, str_wwn) == 0) {
14709 			ddi_prop_free(smp_wwn);
14710 			break;
14711 		}
14712 		child = ddi_get_next_sibling(child);
14713 		ddi_prop_free(smp_wwn);
14714 	}
14715 	return (child);
14716 }
14717 
14718 static int
14719 mptsas_offline_smp(dev_info_t *pdip, mptsas_smp_t *smp_node, uint_t flags)
14720 {
14721 	int		rval = DDI_FAILURE;
14722 	char		*devname;
14723 	char		wwn_str[MPTSAS_WWN_STRLEN];
14724 	dev_info_t	*cdip;
14725 
14726 	(void) sprintf(wwn_str, "%"PRIx64, smp_node->m_addr.mta_wwn);
14727 
14728 	cdip = mptsas_find_smp_child(pdip, wwn_str);
14729 
14730 	if (cdip == NULL)
14731 		return (DDI_SUCCESS);
14732 
14733 	/*
14734 	 * Make sure node is attached otherwise
14735 	 * it won't have related cache nodes to
14736 	 * clean up.  i_ddi_devi_attached is
14737 	 * similiar to i_ddi_node_state(cdip) >=
14738 	 * DS_ATTACHED.
14739 	 */
14740 	if (i_ddi_devi_attached(cdip)) {
14741 
14742 		/* Get full devname */
14743 		devname = kmem_alloc(MAXNAMELEN + 1, KM_SLEEP);
14744 		(void) ddi_deviname(cdip, devname);
14745 		/* Clean cache */
14746 		(void) devfs_clean(pdip, devname + 1,
14747 		    DV_CLEAN_FORCE);
14748 		kmem_free(devname, MAXNAMELEN + 1);
14749 	}
14750 
14751 	rval = ndi_devi_offline(cdip, flags);
14752 
14753 	return (rval);
14754 }
14755 
14756 static dev_info_t *
14757 mptsas_find_child(dev_info_t *pdip, char *name)
14758 {
14759 	dev_info_t	*child = NULL;
14760 	char		*rname = NULL;
14761 	int		rval = DDI_FAILURE;
14762 
14763 	rname = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
14764 
14765 	child = ddi_get_child(pdip);
14766 	while (child) {
14767 		rval = mptsas_name_child(child, rname, SCSI_MAXNAMELEN);
14768 		if (rval != DDI_SUCCESS) {
14769 			child = ddi_get_next_sibling(child);
14770 			bzero(rname, SCSI_MAXNAMELEN);
14771 			continue;
14772 		}
14773 
14774 		if (strcmp(rname, name) == 0) {
14775 			break;
14776 		}
14777 		child = ddi_get_next_sibling(child);
14778 		bzero(rname, SCSI_MAXNAMELEN);
14779 	}
14780 
14781 	kmem_free(rname, SCSI_MAXNAMELEN);
14782 
14783 	return (child);
14784 }
14785 
14786 
14787 static dev_info_t *
14788 mptsas_find_child_addr(dev_info_t *pdip, uint64_t sasaddr, int lun)
14789 {
14790 	dev_info_t	*child = NULL;
14791 	char		*name = NULL;
14792 	char		*addr = NULL;
14793 
14794 	name = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
14795 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
14796 	(void) sprintf(name, "%016"PRIx64, sasaddr);
14797 	(void) sprintf(addr, "w%s,%x", name, lun);
14798 	child = mptsas_find_child(pdip, addr);
14799 	kmem_free(name, SCSI_MAXNAMELEN);
14800 	kmem_free(addr, SCSI_MAXNAMELEN);
14801 	return (child);
14802 }
14803 
14804 static dev_info_t *
14805 mptsas_find_child_phy(dev_info_t *pdip, uint8_t phy)
14806 {
14807 	dev_info_t	*child;
14808 	char		*addr;
14809 
14810 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
14811 	(void) sprintf(addr, "p%x,0", phy);
14812 	child = mptsas_find_child(pdip, addr);
14813 	kmem_free(addr, SCSI_MAXNAMELEN);
14814 	return (child);
14815 }
14816 
14817 static mdi_pathinfo_t *
14818 mptsas_find_path_phy(dev_info_t *pdip, uint8_t phy)
14819 {
14820 	mdi_pathinfo_t	*path;
14821 	char		*addr = NULL;
14822 
14823 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
14824 	(void) sprintf(addr, "p%x,0", phy);
14825 	path = mdi_pi_find(pdip, NULL, addr);
14826 	kmem_free(addr, SCSI_MAXNAMELEN);
14827 	return (path);
14828 }
14829 
14830 static mdi_pathinfo_t *
14831 mptsas_find_path_addr(dev_info_t *parent, uint64_t sasaddr, int lun)
14832 {
14833 	mdi_pathinfo_t	*path;
14834 	char		*name = NULL;
14835 	char		*addr = NULL;
14836 
14837 	name = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
14838 	addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
14839 	(void) sprintf(name, "%016"PRIx64, sasaddr);
14840 	(void) sprintf(addr, "w%s,%x", name, lun);
14841 	path = mdi_pi_find(parent, NULL, addr);
14842 	kmem_free(name, SCSI_MAXNAMELEN);
14843 	kmem_free(addr, SCSI_MAXNAMELEN);
14844 
14845 	return (path);
14846 }
14847 
14848 static int
14849 mptsas_create_lun(dev_info_t *pdip, struct scsi_inquiry *sd_inq,
14850     dev_info_t **lun_dip, mptsas_target_t *ptgt, int lun)
14851 {
14852 	int			i = 0;
14853 	uchar_t			*inq83 = NULL;
14854 	int			inq83_len1 = 0xFF;
14855 	int			inq83_len = 0;
14856 	int			rval = DDI_FAILURE;
14857 	ddi_devid_t		devid;
14858 	char			*guid = NULL;
14859 	int			target = ptgt->m_devhdl;
14860 	mdi_pathinfo_t		*pip = NULL;
14861 	mptsas_t		*mpt = DIP2MPT(pdip);
14862 
14863 	/*
14864 	 * For DVD/CD ROM and tape devices and optical
14865 	 * devices, we won't try to enumerate them under
14866 	 * scsi_vhci, so no need to try page83
14867 	 */
14868 	if (sd_inq && (sd_inq->inq_dtype == DTYPE_RODIRECT ||
14869 	    sd_inq->inq_dtype == DTYPE_OPTICAL ||
14870 	    sd_inq->inq_dtype == DTYPE_ESI))
14871 		goto create_lun;
14872 
14873 	/*
14874 	 * The LCA returns good SCSI status, but corrupt page 83 data the first
14875 	 * time it is queried. The solution is to keep trying to request page83
14876 	 * and verify the GUID is not (DDI_NOT_WELL_FORMED) in
14877 	 * mptsas_inq83_retry_timeout seconds. If the timeout expires, driver
14878 	 * give up to get VPD page at this stage and fail the enumeration.
14879 	 */
14880 
14881 	inq83	= kmem_zalloc(inq83_len1, KM_SLEEP);
14882 
14883 	for (i = 0; i < mptsas_inq83_retry_timeout; i++) {
14884 		rval = mptsas_inquiry(mpt, ptgt, lun, 0x83, inq83,
14885 		    inq83_len1, &inq83_len, 1);
14886 		if (rval != 0) {
14887 			mptsas_log(mpt, CE_WARN, "!mptsas request inquiry page "
14888 			    "0x83 for target:%x, lun:%x failed!", target, lun);
14889 			if (mptsas_physical_bind_failed_page_83 != B_FALSE)
14890 				goto create_lun;
14891 			goto out;
14892 		}
14893 		/*
14894 		 * create DEVID from inquiry data
14895 		 */
14896 		if ((rval = ddi_devid_scsi_encode(
14897 		    DEVID_SCSI_ENCODE_VERSION_LATEST, NULL, (uchar_t *)sd_inq,
14898 		    sizeof (struct scsi_inquiry), NULL, 0, inq83,
14899 		    (size_t)inq83_len, &devid)) == DDI_SUCCESS) {
14900 			/*
14901 			 * extract GUID from DEVID
14902 			 */
14903 			guid = ddi_devid_to_guid(devid);
14904 
14905 			/*
14906 			 * Do not enable MPXIO if the strlen(guid) is greater
14907 			 * than MPTSAS_MAX_GUID_LEN, this constrain would be
14908 			 * handled by framework later.
14909 			 */
14910 			if (guid && (strlen(guid) > MPTSAS_MAX_GUID_LEN)) {
14911 				ddi_devid_free_guid(guid);
14912 				guid = NULL;
14913 				if (mpt->m_mpxio_enable == TRUE) {
14914 					mptsas_log(mpt, CE_NOTE, "!Target:%x, "
14915 					    "lun:%x doesn't have a valid GUID, "
14916 					    "multipathing for this drive is "
14917 					    "not enabled", target, lun);
14918 				}
14919 			}
14920 
14921 			/*
14922 			 * devid no longer needed
14923 			 */
14924 			ddi_devid_free(devid);
14925 			break;
14926 		} else if (rval == DDI_NOT_WELL_FORMED) {
14927 			/*
14928 			 * return value of ddi_devid_scsi_encode equal to
14929 			 * DDI_NOT_WELL_FORMED means DEVID_RETRY, it worth
14930 			 * to retry inquiry page 0x83 and get GUID.
14931 			 */
14932 			NDBG20(("Not well formed devid, retry..."));
14933 			delay(1 * drv_usectohz(1000000));
14934 			continue;
14935 		} else {
14936 			mptsas_log(mpt, CE_WARN, "!Encode devid failed for "
14937 			    "path target:%x, lun:%x", target, lun);
14938 			rval = DDI_FAILURE;
14939 			goto create_lun;
14940 		}
14941 	}
14942 
14943 	if (i == mptsas_inq83_retry_timeout) {
14944 		mptsas_log(mpt, CE_WARN, "!Repeated page83 requests timeout "
14945 		    "for path target:%x, lun:%x", target, lun);
14946 	}
14947 
14948 	rval = DDI_FAILURE;
14949 
14950 create_lun:
14951 	if ((guid != NULL) && (mpt->m_mpxio_enable == TRUE)) {
14952 		rval = mptsas_create_virt_lun(pdip, sd_inq, guid, lun_dip, &pip,
14953 		    ptgt, lun);
14954 	}
14955 	if (rval != DDI_SUCCESS) {
14956 		rval = mptsas_create_phys_lun(pdip, sd_inq, guid, lun_dip,
14957 		    ptgt, lun);
14958 
14959 	}
14960 out:
14961 	if (guid != NULL) {
14962 		/*
14963 		 * guid no longer needed
14964 		 */
14965 		ddi_devid_free_guid(guid);
14966 	}
14967 	if (inq83 != NULL)
14968 		kmem_free(inq83, inq83_len1);
14969 	return (rval);
14970 }
14971 
14972 static int
14973 mptsas_create_virt_lun(dev_info_t *pdip, struct scsi_inquiry *inq, char *guid,
14974     dev_info_t **lun_dip, mdi_pathinfo_t **pip, mptsas_target_t *ptgt, int lun)
14975 {
14976 	int			target;
14977 	char			*nodename = NULL;
14978 	char			**compatible = NULL;
14979 	int			ncompatible	= 0;
14980 	int			mdi_rtn = MDI_FAILURE;
14981 	int			rval = DDI_FAILURE;
14982 	char			*old_guid = NULL;
14983 	mptsas_t		*mpt = DIP2MPT(pdip);
14984 	char			*lun_addr = NULL;
14985 	char			*wwn_str = NULL;
14986 	char			*attached_wwn_str = NULL;
14987 	char			*component = NULL;
14988 	uint8_t			phy = 0xFF;
14989 	uint64_t		sas_wwn;
14990 	int64_t			lun64 = 0;
14991 	uint32_t		devinfo;
14992 	uint16_t		dev_hdl;
14993 	uint16_t		pdev_hdl;
14994 	uint64_t		dev_sas_wwn;
14995 	uint64_t		pdev_sas_wwn;
14996 	uint32_t		pdev_info;
14997 	uint8_t			physport;
14998 	uint8_t			phy_id;
14999 	uint32_t		page_address;
15000 	uint16_t		bay_num, enclosure, io_flags;
15001 	char			pdev_wwn_str[MPTSAS_WWN_STRLEN];
15002 	uint32_t		dev_info;
15003 
15004 	mutex_enter(&mpt->m_mutex);
15005 	target = ptgt->m_devhdl;
15006 	sas_wwn = ptgt->m_addr.mta_wwn;
15007 	devinfo = ptgt->m_deviceinfo;
15008 	phy = ptgt->m_phynum;
15009 	mutex_exit(&mpt->m_mutex);
15010 
15011 	if (sas_wwn) {
15012 		*pip = mptsas_find_path_addr(pdip, sas_wwn, lun);
15013 	} else {
15014 		*pip = mptsas_find_path_phy(pdip, phy);
15015 	}
15016 
15017 	if (*pip != NULL) {
15018 		*lun_dip = MDI_PI(*pip)->pi_client->ct_dip;
15019 		ASSERT(*lun_dip != NULL);
15020 		if (ddi_prop_lookup_string(DDI_DEV_T_ANY, *lun_dip,
15021 		    (DDI_PROP_DONTPASS | DDI_PROP_NOTPROM),
15022 		    MDI_CLIENT_GUID_PROP, &old_guid) == DDI_SUCCESS) {
15023 			if (strncmp(guid, old_guid, strlen(guid)) == 0) {
15024 				/*
15025 				 * Same path back online again.
15026 				 */
15027 				(void) ddi_prop_free(old_guid);
15028 				if ((!MDI_PI_IS_ONLINE(*pip)) &&
15029 				    (!MDI_PI_IS_STANDBY(*pip)) &&
15030 				    (ptgt->m_tgt_unconfigured == 0)) {
15031 					rval = mdi_pi_online(*pip, 0);
15032 					mutex_enter(&mpt->m_mutex);
15033 					ptgt->m_led_status = 0;
15034 					(void) mptsas_flush_led_status(mpt,
15035 					    ptgt);
15036 					mutex_exit(&mpt->m_mutex);
15037 				} else {
15038 					rval = DDI_SUCCESS;
15039 				}
15040 				if (rval != DDI_SUCCESS) {
15041 					mptsas_log(mpt, CE_WARN, "path:target: "
15042 					    "%x, lun:%x online failed!", target,
15043 					    lun);
15044 					*pip = NULL;
15045 					*lun_dip = NULL;
15046 				}
15047 				return (rval);
15048 			} else {
15049 				/*
15050 				 * The GUID of the LUN has changed which maybe
15051 				 * because customer mapped another volume to the
15052 				 * same LUN.
15053 				 */
15054 				mptsas_log(mpt, CE_WARN, "The GUID of the "
15055 				    "target:%x, lun:%x was changed, maybe "
15056 				    "because someone mapped another volume "
15057 				    "to the same LUN", target, lun);
15058 				(void) ddi_prop_free(old_guid);
15059 				if (!MDI_PI_IS_OFFLINE(*pip)) {
15060 					rval = mdi_pi_offline(*pip, 0);
15061 					if (rval != MDI_SUCCESS) {
15062 						mptsas_log(mpt, CE_WARN, "path:"
15063 						    "target:%x, lun:%x offline "
15064 						    "failed!", target, lun);
15065 						*pip = NULL;
15066 						*lun_dip = NULL;
15067 						return (DDI_FAILURE);
15068 					}
15069 				}
15070 				if (mdi_pi_free(*pip, 0) != MDI_SUCCESS) {
15071 					mptsas_log(mpt, CE_WARN, "path:target:"
15072 					    "%x, lun:%x free failed!", target,
15073 					    lun);
15074 					*pip = NULL;
15075 					*lun_dip = NULL;
15076 					return (DDI_FAILURE);
15077 				}
15078 			}
15079 		} else {
15080 			mptsas_log(mpt, CE_WARN, "Can't get client-guid "
15081 			    "property for path:target:%x, lun:%x", target, lun);
15082 			*pip = NULL;
15083 			*lun_dip = NULL;
15084 			return (DDI_FAILURE);
15085 		}
15086 	}
15087 	scsi_hba_nodename_compatible_get(inq, NULL,
15088 	    inq->inq_dtype, NULL, &nodename, &compatible, &ncompatible);
15089 
15090 	/*
15091 	 * if nodename can't be determined then print a message and skip it
15092 	 */
15093 	if (nodename == NULL) {
15094 		mptsas_log(mpt, CE_WARN, "mptsas driver found no compatible "
15095 		    "driver for target%d lun %d dtype:0x%02x", target, lun,
15096 		    inq->inq_dtype);
15097 		return (DDI_FAILURE);
15098 	}
15099 
15100 	wwn_str = kmem_zalloc(MPTSAS_WWN_STRLEN, KM_SLEEP);
15101 	/* The property is needed by MPAPI */
15102 	(void) sprintf(wwn_str, "%016"PRIx64, sas_wwn);
15103 
15104 	lun_addr = kmem_zalloc(SCSI_MAXNAMELEN, KM_SLEEP);
15105 	if (guid) {
15106 		(void) sprintf(lun_addr, "w%s,%x", wwn_str, lun);
15107 		(void) sprintf(wwn_str, "w%016"PRIx64, sas_wwn);
15108 	} else {
15109 		(void) sprintf(lun_addr, "p%x,%x", phy, lun);
15110 		(void) sprintf(wwn_str, "p%x", phy);
15111 	}
15112 
15113 	mdi_rtn = mdi_pi_alloc_compatible(pdip, nodename,
15114 	    guid, lun_addr, compatible, ncompatible,
15115 	    0, pip);
15116 	if (mdi_rtn == MDI_SUCCESS) {
15117 
15118 		if (mdi_prop_update_string(*pip, MDI_GUID,
15119 		    guid) != DDI_SUCCESS) {
15120 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
15121 			    "create prop for target %d lun %d (MDI_GUID)",
15122 			    target, lun);
15123 			mdi_rtn = MDI_FAILURE;
15124 			goto virt_create_done;
15125 		}
15126 
15127 		if (mdi_prop_update_int(*pip, LUN_PROP,
15128 		    lun) != DDI_SUCCESS) {
15129 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
15130 			    "create prop for target %d lun %d (LUN_PROP)",
15131 			    target, lun);
15132 			mdi_rtn = MDI_FAILURE;
15133 			goto virt_create_done;
15134 		}
15135 		lun64 = (int64_t)lun;
15136 		if (mdi_prop_update_int64(*pip, LUN64_PROP,
15137 		    lun64) != DDI_SUCCESS) {
15138 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
15139 			    "create prop for target %d (LUN64_PROP)",
15140 			    target);
15141 			mdi_rtn = MDI_FAILURE;
15142 			goto virt_create_done;
15143 		}
15144 		if (mdi_prop_update_string_array(*pip, "compatible",
15145 		    compatible, ncompatible) !=
15146 		    DDI_PROP_SUCCESS) {
15147 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
15148 			    "create prop for target %d lun %d (COMPATIBLE)",
15149 			    target, lun);
15150 			mdi_rtn = MDI_FAILURE;
15151 			goto virt_create_done;
15152 		}
15153 		if (sas_wwn && (mdi_prop_update_string(*pip,
15154 		    SCSI_ADDR_PROP_TARGET_PORT, wwn_str) != DDI_PROP_SUCCESS)) {
15155 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
15156 			    "create prop for target %d lun %d "
15157 			    "(target-port)", target, lun);
15158 			mdi_rtn = MDI_FAILURE;
15159 			goto virt_create_done;
15160 		} else if ((sas_wwn == 0) && (mdi_prop_update_int(*pip,
15161 		    "sata-phy", phy) != DDI_PROP_SUCCESS)) {
15162 			/*
15163 			 * Direct attached SATA device without DeviceName
15164 			 */
15165 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
15166 			    "create prop for SAS target %d lun %d "
15167 			    "(sata-phy)", target, lun);
15168 			mdi_rtn = MDI_FAILURE;
15169 			goto virt_create_done;
15170 		}
15171 		mutex_enter(&mpt->m_mutex);
15172 
15173 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
15174 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
15175 		    (uint32_t)ptgt->m_devhdl;
15176 		rval = mptsas_get_sas_device_page0(mpt, page_address,
15177 		    &dev_hdl, &dev_sas_wwn, &dev_info, &physport,
15178 		    &phy_id, &pdev_hdl, &bay_num, &enclosure, &io_flags);
15179 		if (rval != DDI_SUCCESS) {
15180 			mutex_exit(&mpt->m_mutex);
15181 			mptsas_log(mpt, CE_WARN, "mptsas unable to get "
15182 			    "parent device for handle %d", page_address);
15183 			mdi_rtn = MDI_FAILURE;
15184 			goto virt_create_done;
15185 		}
15186 
15187 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
15188 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) | (uint32_t)pdev_hdl;
15189 		rval = mptsas_get_sas_device_page0(mpt, page_address,
15190 		    &dev_hdl, &pdev_sas_wwn, &pdev_info, &physport,
15191 		    &phy_id, &pdev_hdl, &bay_num, &enclosure, &io_flags);
15192 		if (rval != DDI_SUCCESS) {
15193 			mutex_exit(&mpt->m_mutex);
15194 			mptsas_log(mpt, CE_WARN, "mptsas unable to get"
15195 			    "device info for handle %d", page_address);
15196 			mdi_rtn = MDI_FAILURE;
15197 			goto virt_create_done;
15198 		}
15199 
15200 		mutex_exit(&mpt->m_mutex);
15201 
15202 		/*
15203 		 * If this device direct attached to the controller
15204 		 * set the attached-port to the base wwid
15205 		 */
15206 		if ((ptgt->m_deviceinfo & DEVINFO_DIRECT_ATTACHED)
15207 		    != DEVINFO_DIRECT_ATTACHED) {
15208 			(void) sprintf(pdev_wwn_str, "w%016"PRIx64,
15209 			    pdev_sas_wwn);
15210 		} else {
15211 			/*
15212 			 * Update the iport's attached-port to guid
15213 			 */
15214 			if (sas_wwn == 0) {
15215 				(void) sprintf(wwn_str, "p%x", phy);
15216 			} else {
15217 				(void) sprintf(wwn_str, "w%016"PRIx64, sas_wwn);
15218 			}
15219 			if (ddi_prop_update_string(DDI_DEV_T_NONE,
15220 			    pdip, SCSI_ADDR_PROP_ATTACHED_PORT, wwn_str) !=
15221 			    DDI_PROP_SUCCESS) {
15222 				mptsas_log(mpt, CE_WARN,
15223 				    "mptsas unable to create "
15224 				    "property for iport target-port"
15225 				    " %s (sas_wwn)",
15226 				    wwn_str);
15227 				mdi_rtn = MDI_FAILURE;
15228 				goto virt_create_done;
15229 			}
15230 
15231 			(void) sprintf(pdev_wwn_str, "w%016"PRIx64,
15232 			    mpt->un.m_base_wwid);
15233 		}
15234 
15235 		if (mdi_prop_update_string(*pip,
15236 		    SCSI_ADDR_PROP_ATTACHED_PORT, pdev_wwn_str) !=
15237 		    DDI_PROP_SUCCESS) {
15238 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15239 			    "property for iport attached-port %s (sas_wwn)",
15240 			    attached_wwn_str);
15241 			mdi_rtn = MDI_FAILURE;
15242 			goto virt_create_done;
15243 		}
15244 
15245 
15246 		if (inq->inq_dtype == 0) {
15247 			component = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
15248 			/*
15249 			 * set obp path for pathinfo
15250 			 */
15251 			(void) snprintf(component, MAXPATHLEN,
15252 			    "disk@%s", lun_addr);
15253 
15254 			if (mdi_pi_pathname_obp_set(*pip, component) !=
15255 			    DDI_SUCCESS) {
15256 				mptsas_log(mpt, CE_WARN, "mpt_sas driver "
15257 				    "unable to set obp-path for object %s",
15258 				    component);
15259 				mdi_rtn = MDI_FAILURE;
15260 				goto virt_create_done;
15261 			}
15262 		}
15263 
15264 		*lun_dip = MDI_PI(*pip)->pi_client->ct_dip;
15265 		if (devinfo & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
15266 		    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
15267 			if ((ndi_prop_update_int(DDI_DEV_T_NONE, *lun_dip,
15268 			    "pm-capable", 1)) !=
15269 			    DDI_PROP_SUCCESS) {
15270 				mptsas_log(mpt, CE_WARN, "mptsas driver"
15271 				    "failed to create pm-capable "
15272 				    "property, target %d", target);
15273 				mdi_rtn = MDI_FAILURE;
15274 				goto virt_create_done;
15275 			}
15276 		}
15277 		/*
15278 		 * Create the phy-num property
15279 		 */
15280 		if (mdi_prop_update_int(*pip, "phy-num",
15281 		    ptgt->m_phynum) != DDI_SUCCESS) {
15282 			mptsas_log(mpt, CE_WARN, "mptsas driver unable to "
15283 			    "create phy-num property for target %d lun %d",
15284 			    target, lun);
15285 			mdi_rtn = MDI_FAILURE;
15286 			goto virt_create_done;
15287 		}
15288 		NDBG20(("new path:%s onlining,", MDI_PI(*pip)->pi_addr));
15289 		mdi_rtn = mdi_pi_online(*pip, 0);
15290 		if (mdi_rtn == MDI_SUCCESS) {
15291 			mutex_enter(&mpt->m_mutex);
15292 			ptgt->m_led_status = 0;
15293 			(void) mptsas_flush_led_status(mpt, ptgt);
15294 			mutex_exit(&mpt->m_mutex);
15295 		}
15296 		if (mdi_rtn == MDI_NOT_SUPPORTED) {
15297 			mdi_rtn = MDI_FAILURE;
15298 		}
15299 virt_create_done:
15300 		if (*pip && mdi_rtn != MDI_SUCCESS) {
15301 			(void) mdi_pi_free(*pip, 0);
15302 			*pip = NULL;
15303 			*lun_dip = NULL;
15304 		}
15305 	}
15306 
15307 	scsi_hba_nodename_compatible_free(nodename, compatible);
15308 	if (lun_addr != NULL) {
15309 		kmem_free(lun_addr, SCSI_MAXNAMELEN);
15310 	}
15311 	if (wwn_str != NULL) {
15312 		kmem_free(wwn_str, MPTSAS_WWN_STRLEN);
15313 	}
15314 	if (component != NULL) {
15315 		kmem_free(component, MAXPATHLEN);
15316 	}
15317 
15318 	return ((mdi_rtn == MDI_SUCCESS) ? DDI_SUCCESS : DDI_FAILURE);
15319 }
15320 
15321 static int
15322 mptsas_create_phys_lun(dev_info_t *pdip, struct scsi_inquiry *inq,
15323     char *guid, dev_info_t **lun_dip, mptsas_target_t *ptgt, int lun)
15324 {
15325 	int			target;
15326 	int			rval;
15327 	int			ndi_rtn = NDI_FAILURE;
15328 	uint64_t		be_sas_wwn;
15329 	char			*nodename = NULL;
15330 	char			**compatible = NULL;
15331 	int			ncompatible = 0;
15332 	int			instance = 0;
15333 	mptsas_t		*mpt = DIP2MPT(pdip);
15334 	char			*wwn_str = NULL;
15335 	char			*component = NULL;
15336 	char			*attached_wwn_str = NULL;
15337 	uint8_t			phy = 0xFF;
15338 	uint64_t		sas_wwn;
15339 	uint32_t		devinfo;
15340 	uint16_t		dev_hdl;
15341 	uint16_t		pdev_hdl;
15342 	uint64_t		pdev_sas_wwn;
15343 	uint64_t		dev_sas_wwn;
15344 	uint32_t		pdev_info;
15345 	uint8_t			physport;
15346 	uint8_t			phy_id;
15347 	uint32_t		page_address;
15348 	uint16_t		bay_num, enclosure, io_flags;
15349 	char			pdev_wwn_str[MPTSAS_WWN_STRLEN];
15350 	uint32_t		dev_info;
15351 	int64_t			lun64 = 0;
15352 
15353 	mutex_enter(&mpt->m_mutex);
15354 	target = ptgt->m_devhdl;
15355 	sas_wwn = ptgt->m_addr.mta_wwn;
15356 	devinfo = ptgt->m_deviceinfo;
15357 	phy = ptgt->m_phynum;
15358 	mutex_exit(&mpt->m_mutex);
15359 
15360 	/*
15361 	 * generate compatible property with binding-set "mpt"
15362 	 */
15363 	scsi_hba_nodename_compatible_get(inq, NULL, inq->inq_dtype, NULL,
15364 	    &nodename, &compatible, &ncompatible);
15365 
15366 	/*
15367 	 * if nodename can't be determined then print a message and skip it
15368 	 */
15369 	if (nodename == NULL) {
15370 		mptsas_log(mpt, CE_WARN, "mptsas found no compatible driver "
15371 		    "for target %d lun %d", target, lun);
15372 		return (DDI_FAILURE);
15373 	}
15374 
15375 	ndi_rtn = ndi_devi_alloc(pdip, nodename,
15376 	    DEVI_SID_NODEID, lun_dip);
15377 
15378 	/*
15379 	 * if lun alloc success, set props
15380 	 */
15381 	if (ndi_rtn == NDI_SUCCESS) {
15382 
15383 		if (ndi_prop_update_int(DDI_DEV_T_NONE,
15384 		    *lun_dip, LUN_PROP, lun) !=
15385 		    DDI_PROP_SUCCESS) {
15386 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15387 			    "property for target %d lun %d (LUN_PROP)",
15388 			    target, lun);
15389 			ndi_rtn = NDI_FAILURE;
15390 			goto phys_create_done;
15391 		}
15392 
15393 		lun64 = (int64_t)lun;
15394 		if (ndi_prop_update_int64(DDI_DEV_T_NONE,
15395 		    *lun_dip, LUN64_PROP, lun64) !=
15396 		    DDI_PROP_SUCCESS) {
15397 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15398 			    "property for target %d lun64 %d (LUN64_PROP)",
15399 			    target, lun);
15400 			ndi_rtn = NDI_FAILURE;
15401 			goto phys_create_done;
15402 		}
15403 		if (ndi_prop_update_string_array(DDI_DEV_T_NONE,
15404 		    *lun_dip, "compatible", compatible, ncompatible)
15405 		    != DDI_PROP_SUCCESS) {
15406 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15407 			    "property for target %d lun %d (COMPATIBLE)",
15408 			    target, lun);
15409 			ndi_rtn = NDI_FAILURE;
15410 			goto phys_create_done;
15411 		}
15412 
15413 		/*
15414 		 * We need the SAS WWN for non-multipath devices, so
15415 		 * we'll use the same property as that multipathing
15416 		 * devices need to present for MPAPI. If we don't have
15417 		 * a WWN (e.g. parallel SCSI), don't create the prop.
15418 		 */
15419 		wwn_str = kmem_zalloc(MPTSAS_WWN_STRLEN, KM_SLEEP);
15420 		(void) sprintf(wwn_str, "w%016"PRIx64, sas_wwn);
15421 		if (sas_wwn && ndi_prop_update_string(DDI_DEV_T_NONE,
15422 		    *lun_dip, SCSI_ADDR_PROP_TARGET_PORT, wwn_str)
15423 		    != DDI_PROP_SUCCESS) {
15424 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
15425 			    "create property for SAS target %d lun %d "
15426 			    "(target-port)", target, lun);
15427 			ndi_rtn = NDI_FAILURE;
15428 			goto phys_create_done;
15429 		}
15430 
15431 		be_sas_wwn = BE_64(sas_wwn);
15432 		if (sas_wwn && ndi_prop_update_byte_array(
15433 		    DDI_DEV_T_NONE, *lun_dip, "port-wwn",
15434 		    (uchar_t *)&be_sas_wwn, 8) != DDI_PROP_SUCCESS) {
15435 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
15436 			    "create property for SAS target %d lun %d "
15437 			    "(port-wwn)", target, lun);
15438 			ndi_rtn = NDI_FAILURE;
15439 			goto phys_create_done;
15440 		} else if ((sas_wwn == 0) && (ndi_prop_update_int(
15441 		    DDI_DEV_T_NONE, *lun_dip, "sata-phy", phy) !=
15442 		    DDI_PROP_SUCCESS)) {
15443 			/*
15444 			 * Direct attached SATA device without DeviceName
15445 			 */
15446 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
15447 			    "create property for SAS target %d lun %d "
15448 			    "(sata-phy)", target, lun);
15449 			ndi_rtn = NDI_FAILURE;
15450 			goto phys_create_done;
15451 		}
15452 
15453 		if (ndi_prop_create_boolean(DDI_DEV_T_NONE,
15454 		    *lun_dip, SAS_PROP) != DDI_PROP_SUCCESS) {
15455 			mptsas_log(mpt, CE_WARN, "mptsas unable to"
15456 			    "create property for SAS target %d lun %d"
15457 			    " (SAS_PROP)", target, lun);
15458 			ndi_rtn = NDI_FAILURE;
15459 			goto phys_create_done;
15460 		}
15461 		if (guid && (ndi_prop_update_string(DDI_DEV_T_NONE,
15462 		    *lun_dip, NDI_GUID, guid) != DDI_SUCCESS)) {
15463 			mptsas_log(mpt, CE_WARN, "mptsas unable "
15464 			    "to create guid property for target %d "
15465 			    "lun %d", target, lun);
15466 			ndi_rtn = NDI_FAILURE;
15467 			goto phys_create_done;
15468 		}
15469 
15470 		/*
15471 		 * The following code is to set properties for SM-HBA support,
15472 		 * it doesn't apply to RAID volumes
15473 		 */
15474 		if (ptgt->m_addr.mta_phymask == 0)
15475 			goto phys_raid_lun;
15476 
15477 		mutex_enter(&mpt->m_mutex);
15478 
15479 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
15480 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
15481 		    (uint32_t)ptgt->m_devhdl;
15482 		rval = mptsas_get_sas_device_page0(mpt, page_address,
15483 		    &dev_hdl, &dev_sas_wwn, &dev_info,
15484 		    &physport, &phy_id, &pdev_hdl,
15485 		    &bay_num, &enclosure, &io_flags);
15486 		if (rval != DDI_SUCCESS) {
15487 			mutex_exit(&mpt->m_mutex);
15488 			mptsas_log(mpt, CE_WARN, "mptsas unable to get"
15489 			    "parent device for handle %d.", page_address);
15490 			ndi_rtn = NDI_FAILURE;
15491 			goto phys_create_done;
15492 		}
15493 
15494 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
15495 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) | (uint32_t)pdev_hdl;
15496 		rval = mptsas_get_sas_device_page0(mpt, page_address,
15497 		    &dev_hdl, &pdev_sas_wwn, &pdev_info, &physport,
15498 		    &phy_id, &pdev_hdl, &bay_num, &enclosure, &io_flags);
15499 		if (rval != DDI_SUCCESS) {
15500 			mutex_exit(&mpt->m_mutex);
15501 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15502 			    "device for handle %d.", page_address);
15503 			ndi_rtn = NDI_FAILURE;
15504 			goto phys_create_done;
15505 		}
15506 
15507 		mutex_exit(&mpt->m_mutex);
15508 
15509 		/*
15510 		 * If this device direct attached to the controller
15511 		 * set the attached-port to the base wwid
15512 		 */
15513 		if ((ptgt->m_deviceinfo & DEVINFO_DIRECT_ATTACHED)
15514 		    != DEVINFO_DIRECT_ATTACHED) {
15515 			(void) sprintf(pdev_wwn_str, "w%016"PRIx64,
15516 			    pdev_sas_wwn);
15517 		} else {
15518 			/*
15519 			 * Update the iport's attached-port to guid
15520 			 */
15521 			if (sas_wwn == 0) {
15522 				(void) sprintf(wwn_str, "p%x", phy);
15523 			} else {
15524 				(void) sprintf(wwn_str, "w%016"PRIx64, sas_wwn);
15525 			}
15526 			if (ddi_prop_update_string(DDI_DEV_T_NONE,
15527 			    pdip, SCSI_ADDR_PROP_ATTACHED_PORT, wwn_str) !=
15528 			    DDI_PROP_SUCCESS) {
15529 				mptsas_log(mpt, CE_WARN,
15530 				    "mptsas unable to create "
15531 				    "property for iport target-port"
15532 				    " %s (sas_wwn)",
15533 				    wwn_str);
15534 				ndi_rtn = NDI_FAILURE;
15535 				goto phys_create_done;
15536 			}
15537 
15538 			(void) sprintf(pdev_wwn_str, "w%016"PRIx64,
15539 			    mpt->un.m_base_wwid);
15540 		}
15541 
15542 		if (ndi_prop_update_string(DDI_DEV_T_NONE,
15543 		    *lun_dip, SCSI_ADDR_PROP_ATTACHED_PORT, pdev_wwn_str) !=
15544 		    DDI_PROP_SUCCESS) {
15545 			mptsas_log(mpt, CE_WARN,
15546 			    "mptsas unable to create "
15547 			    "property for iport attached-port %s (sas_wwn)",
15548 			    attached_wwn_str);
15549 			ndi_rtn = NDI_FAILURE;
15550 			goto phys_create_done;
15551 		}
15552 
15553 		if (IS_SATA_DEVICE(dev_info)) {
15554 			if (ndi_prop_update_string(DDI_DEV_T_NONE,
15555 			    *lun_dip, MPTSAS_VARIANT, "sata") !=
15556 			    DDI_PROP_SUCCESS) {
15557 				mptsas_log(mpt, CE_WARN,
15558 				    "mptsas unable to create "
15559 				    "property for device variant ");
15560 				ndi_rtn = NDI_FAILURE;
15561 				goto phys_create_done;
15562 			}
15563 		}
15564 
15565 		if (IS_ATAPI_DEVICE(dev_info)) {
15566 			if (ndi_prop_update_string(DDI_DEV_T_NONE,
15567 			    *lun_dip, MPTSAS_VARIANT, "atapi") !=
15568 			    DDI_PROP_SUCCESS) {
15569 				mptsas_log(mpt, CE_WARN,
15570 				    "mptsas unable to create "
15571 				    "property for device variant ");
15572 				ndi_rtn = NDI_FAILURE;
15573 				goto phys_create_done;
15574 			}
15575 		}
15576 
15577 phys_raid_lun:
15578 		/*
15579 		 * if this is a SAS controller, and the target is a SATA
15580 		 * drive, set the 'pm-capable' property for sd and if on
15581 		 * an OPL platform, also check if this is an ATAPI
15582 		 * device.
15583 		 */
15584 		instance = ddi_get_instance(mpt->m_dip);
15585 		if (devinfo & (MPI2_SAS_DEVICE_INFO_SATA_DEVICE |
15586 		    MPI2_SAS_DEVICE_INFO_ATAPI_DEVICE)) {
15587 			NDBG2(("mptsas%d: creating pm-capable property, "
15588 			    "target %d", instance, target));
15589 
15590 			if ((ndi_prop_update_int(DDI_DEV_T_NONE,
15591 			    *lun_dip, "pm-capable", 1)) !=
15592 			    DDI_PROP_SUCCESS) {
15593 				mptsas_log(mpt, CE_WARN, "mptsas "
15594 				    "failed to create pm-capable "
15595 				    "property, target %d", target);
15596 				ndi_rtn = NDI_FAILURE;
15597 				goto phys_create_done;
15598 			}
15599 
15600 		}
15601 
15602 		if ((inq->inq_dtype == 0) || (inq->inq_dtype == 5)) {
15603 			/*
15604 			 * add 'obp-path' properties for devinfo
15605 			 */
15606 			bzero(wwn_str, sizeof (wwn_str));
15607 			(void) sprintf(wwn_str, "%016"PRIx64, sas_wwn);
15608 			component = kmem_zalloc(MAXPATHLEN, KM_SLEEP);
15609 			if (guid) {
15610 				(void) snprintf(component, MAXPATHLEN,
15611 				    "disk@w%s,%x", wwn_str, lun);
15612 			} else {
15613 				(void) snprintf(component, MAXPATHLEN,
15614 				    "disk@p%x,%x", phy, lun);
15615 			}
15616 			if (ddi_pathname_obp_set(*lun_dip, component)
15617 			    != DDI_SUCCESS) {
15618 				mptsas_log(mpt, CE_WARN, "mpt_sas driver "
15619 				    "unable to set obp-path for SAS "
15620 				    "object %s", component);
15621 				ndi_rtn = NDI_FAILURE;
15622 				goto phys_create_done;
15623 			}
15624 		}
15625 		/*
15626 		 * Create the phy-num property for non-raid disk
15627 		 */
15628 		if (ptgt->m_addr.mta_phymask != 0) {
15629 			if (ndi_prop_update_int(DDI_DEV_T_NONE,
15630 			    *lun_dip, "phy-num", ptgt->m_phynum) !=
15631 			    DDI_PROP_SUCCESS) {
15632 				mptsas_log(mpt, CE_WARN, "mptsas driver "
15633 				    "failed to create phy-num property for "
15634 				    "target %d", target);
15635 				ndi_rtn = NDI_FAILURE;
15636 				goto phys_create_done;
15637 			}
15638 		}
15639 phys_create_done:
15640 		/*
15641 		 * If props were setup ok, online the lun
15642 		 */
15643 		if (ndi_rtn == NDI_SUCCESS) {
15644 			/*
15645 			 * Try to online the new node
15646 			 */
15647 			ndi_rtn = ndi_devi_online(*lun_dip, NDI_ONLINE_ATTACH);
15648 		}
15649 		if (ndi_rtn == NDI_SUCCESS) {
15650 			mutex_enter(&mpt->m_mutex);
15651 			ptgt->m_led_status = 0;
15652 			(void) mptsas_flush_led_status(mpt, ptgt);
15653 			mutex_exit(&mpt->m_mutex);
15654 		}
15655 
15656 		/*
15657 		 * If success set rtn flag, else unwire alloc'd lun
15658 		 */
15659 		if (ndi_rtn != NDI_SUCCESS) {
15660 			NDBG12(("mptsas driver unable to online "
15661 			    "target %d lun %d", target, lun));
15662 			ndi_prop_remove_all(*lun_dip);
15663 			(void) ndi_devi_free(*lun_dip);
15664 			*lun_dip = NULL;
15665 		}
15666 	}
15667 
15668 	scsi_hba_nodename_compatible_free(nodename, compatible);
15669 
15670 	if (wwn_str != NULL) {
15671 		kmem_free(wwn_str, MPTSAS_WWN_STRLEN);
15672 	}
15673 	if (component != NULL) {
15674 		kmem_free(component, MAXPATHLEN);
15675 	}
15676 
15677 
15678 	return ((ndi_rtn == NDI_SUCCESS) ? DDI_SUCCESS : DDI_FAILURE);
15679 }
15680 
15681 static int
15682 mptsas_probe_smp(dev_info_t *pdip, uint64_t wwn)
15683 {
15684 	mptsas_t	*mpt = DIP2MPT(pdip);
15685 	struct smp_device smp_sd;
15686 
15687 	/* XXX An HBA driver should not be allocating an smp_device. */
15688 	bzero(&smp_sd, sizeof (struct smp_device));
15689 	smp_sd.smp_sd_address.smp_a_hba_tran = mpt->m_smptran;
15690 	bcopy(&wwn, smp_sd.smp_sd_address.smp_a_wwn, SAS_WWN_BYTE_SIZE);
15691 
15692 	if (smp_probe(&smp_sd) != DDI_PROBE_SUCCESS)
15693 		return (NDI_FAILURE);
15694 	return (NDI_SUCCESS);
15695 }
15696 
15697 static int
15698 mptsas_config_smp(dev_info_t *pdip, uint64_t sas_wwn, dev_info_t **smp_dip)
15699 {
15700 	mptsas_t	*mpt = DIP2MPT(pdip);
15701 	mptsas_smp_t	*psmp = NULL;
15702 	int		rval;
15703 	int		phymask;
15704 
15705 	/*
15706 	 * Get the physical port associated to the iport
15707 	 * PHYMASK TODO
15708 	 */
15709 	phymask = ddi_prop_get_int(DDI_DEV_T_ANY, pdip, 0,
15710 	    "phymask", 0);
15711 	/*
15712 	 * Find the smp node in hash table with specified sas address and
15713 	 * physical port
15714 	 */
15715 	psmp = mptsas_wwid_to_psmp(mpt, phymask, sas_wwn);
15716 	if (psmp == NULL) {
15717 		return (DDI_FAILURE);
15718 	}
15719 
15720 	rval = mptsas_online_smp(pdip, psmp, smp_dip);
15721 
15722 	return (rval);
15723 }
15724 
15725 static int
15726 mptsas_online_smp(dev_info_t *pdip, mptsas_smp_t *smp_node,
15727     dev_info_t **smp_dip)
15728 {
15729 	char		wwn_str[MPTSAS_WWN_STRLEN];
15730 	char		attached_wwn_str[MPTSAS_WWN_STRLEN];
15731 	int		ndi_rtn = NDI_FAILURE;
15732 	int		rval = 0;
15733 	mptsas_smp_t	dev_info;
15734 	uint32_t	page_address;
15735 	mptsas_t	*mpt = DIP2MPT(pdip);
15736 	uint16_t	dev_hdl;
15737 	uint64_t	sas_wwn;
15738 	uint64_t	smp_sas_wwn;
15739 	uint8_t		physport;
15740 	uint8_t		phy_id;
15741 	uint16_t	pdev_hdl;
15742 	uint8_t		numphys = 0;
15743 	uint16_t	i = 0;
15744 	char		phymask[MPTSAS_MAX_PHYS];
15745 	char		*iport = NULL;
15746 	mptsas_phymask_t	phy_mask = 0;
15747 	uint16_t	attached_devhdl;
15748 	uint16_t	bay_num, enclosure, io_flags;
15749 
15750 	(void) sprintf(wwn_str, "%"PRIx64, smp_node->m_addr.mta_wwn);
15751 
15752 	/*
15753 	 * Probe smp device, prevent the node of removed device from being
15754 	 * configured succesfully
15755 	 */
15756 	if (mptsas_probe_smp(pdip, smp_node->m_addr.mta_wwn) != NDI_SUCCESS) {
15757 		return (DDI_FAILURE);
15758 	}
15759 
15760 	if ((*smp_dip = mptsas_find_smp_child(pdip, wwn_str)) != NULL) {
15761 		return (DDI_SUCCESS);
15762 	}
15763 
15764 	ndi_rtn = ndi_devi_alloc(pdip, "smp", DEVI_SID_NODEID, smp_dip);
15765 
15766 	/*
15767 	 * if lun alloc success, set props
15768 	 */
15769 	if (ndi_rtn == NDI_SUCCESS) {
15770 		/*
15771 		 * Set the flavor of the child to be SMP flavored
15772 		 */
15773 		ndi_flavor_set(*smp_dip, SCSA_FLAVOR_SMP);
15774 
15775 		if (ndi_prop_update_string(DDI_DEV_T_NONE,
15776 		    *smp_dip, SMP_WWN, wwn_str) !=
15777 		    DDI_PROP_SUCCESS) {
15778 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15779 			    "property for smp device %s (sas_wwn)",
15780 			    wwn_str);
15781 			ndi_rtn = NDI_FAILURE;
15782 			goto smp_create_done;
15783 		}
15784 		(void) sprintf(wwn_str, "w%"PRIx64, smp_node->m_addr.mta_wwn);
15785 		if (ndi_prop_update_string(DDI_DEV_T_NONE,
15786 		    *smp_dip, SCSI_ADDR_PROP_TARGET_PORT, wwn_str) !=
15787 		    DDI_PROP_SUCCESS) {
15788 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15789 			    "property for iport target-port %s (sas_wwn)",
15790 			    wwn_str);
15791 			ndi_rtn = NDI_FAILURE;
15792 			goto smp_create_done;
15793 		}
15794 
15795 		mutex_enter(&mpt->m_mutex);
15796 
15797 		page_address = (MPI2_SAS_EXPAND_PGAD_FORM_HNDL &
15798 		    MPI2_SAS_EXPAND_PGAD_FORM_MASK) | smp_node->m_devhdl;
15799 		rval = mptsas_get_sas_expander_page0(mpt, page_address,
15800 		    &dev_info);
15801 		if (rval != DDI_SUCCESS) {
15802 			mutex_exit(&mpt->m_mutex);
15803 			mptsas_log(mpt, CE_WARN,
15804 			    "mptsas unable to get expander "
15805 			    "parent device info for %x", page_address);
15806 			ndi_rtn = NDI_FAILURE;
15807 			goto smp_create_done;
15808 		}
15809 
15810 		smp_node->m_pdevhdl = dev_info.m_pdevhdl;
15811 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
15812 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
15813 		    (uint32_t)dev_info.m_pdevhdl;
15814 		rval = mptsas_get_sas_device_page0(mpt, page_address,
15815 		    &dev_hdl, &sas_wwn, &smp_node->m_pdevinfo, &physport,
15816 		    &phy_id, &pdev_hdl, &bay_num, &enclosure, &io_flags);
15817 		if (rval != DDI_SUCCESS) {
15818 			mutex_exit(&mpt->m_mutex);
15819 			mptsas_log(mpt, CE_WARN, "mptsas unable to get "
15820 			    "device info for %x", page_address);
15821 			ndi_rtn = NDI_FAILURE;
15822 			goto smp_create_done;
15823 		}
15824 
15825 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_HANDLE &
15826 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) |
15827 		    (uint32_t)dev_info.m_devhdl;
15828 		rval = mptsas_get_sas_device_page0(mpt, page_address,
15829 		    &dev_hdl, &smp_sas_wwn, &smp_node->m_deviceinfo,
15830 		    &physport, &phy_id, &pdev_hdl, &bay_num, &enclosure,
15831 		    &io_flags);
15832 		if (rval != DDI_SUCCESS) {
15833 			mutex_exit(&mpt->m_mutex);
15834 			mptsas_log(mpt, CE_WARN, "mptsas unable to get "
15835 			    "device info for %x", page_address);
15836 			ndi_rtn = NDI_FAILURE;
15837 			goto smp_create_done;
15838 		}
15839 		mutex_exit(&mpt->m_mutex);
15840 
15841 		/*
15842 		 * If this smp direct attached to the controller
15843 		 * set the attached-port to the base wwid
15844 		 */
15845 		if ((smp_node->m_deviceinfo & DEVINFO_DIRECT_ATTACHED)
15846 		    != DEVINFO_DIRECT_ATTACHED) {
15847 			(void) sprintf(attached_wwn_str, "w%016"PRIx64,
15848 			    sas_wwn);
15849 		} else {
15850 			(void) sprintf(attached_wwn_str, "w%016"PRIx64,
15851 			    mpt->un.m_base_wwid);
15852 		}
15853 
15854 		if (ndi_prop_update_string(DDI_DEV_T_NONE,
15855 		    *smp_dip, SCSI_ADDR_PROP_ATTACHED_PORT, attached_wwn_str) !=
15856 		    DDI_PROP_SUCCESS) {
15857 			mptsas_log(mpt, CE_WARN, "mptsas unable to create "
15858 			    "property for smp attached-port %s (sas_wwn)",
15859 			    attached_wwn_str);
15860 			ndi_rtn = NDI_FAILURE;
15861 			goto smp_create_done;
15862 		}
15863 
15864 		if (ndi_prop_create_boolean(DDI_DEV_T_NONE,
15865 		    *smp_dip, SMP_PROP) != DDI_PROP_SUCCESS) {
15866 			mptsas_log(mpt, CE_WARN, "mptsas unable to "
15867 			    "create property for SMP %s (SMP_PROP) ",
15868 			    wwn_str);
15869 			ndi_rtn = NDI_FAILURE;
15870 			goto smp_create_done;
15871 		}
15872 
15873 		/*
15874 		 * check the smp to see whether it direct
15875 		 * attached to the controller
15876 		 */
15877 		if ((smp_node->m_deviceinfo & DEVINFO_DIRECT_ATTACHED)
15878 		    != DEVINFO_DIRECT_ATTACHED) {
15879 			goto smp_create_done;
15880 		}
15881 		numphys = ddi_prop_get_int(DDI_DEV_T_ANY, pdip,
15882 		    DDI_PROP_DONTPASS, MPTSAS_NUM_PHYS, -1);
15883 		if (numphys > 0) {
15884 			goto smp_create_done;
15885 		}
15886 		/*
15887 		 * this iport is an old iport, we need to
15888 		 * reconfig the props for it.
15889 		 */
15890 		if (ddi_prop_update_int(DDI_DEV_T_NONE, pdip,
15891 		    MPTSAS_VIRTUAL_PORT, 0) !=
15892 		    DDI_PROP_SUCCESS) {
15893 			(void) ddi_prop_remove(DDI_DEV_T_NONE, pdip,
15894 			    MPTSAS_VIRTUAL_PORT);
15895 			mptsas_log(mpt, CE_WARN, "mptsas virtual port "
15896 			    "prop update failed");
15897 			goto smp_create_done;
15898 		}
15899 
15900 		mutex_enter(&mpt->m_mutex);
15901 		numphys = 0;
15902 		iport = ddi_get_name_addr(pdip);
15903 		for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
15904 			bzero(phymask, sizeof (phymask));
15905 			(void) sprintf(phymask,
15906 			    "%x", mpt->m_phy_info[i].phy_mask);
15907 			if (strcmp(phymask, iport) == 0) {
15908 				phy_mask = mpt->m_phy_info[i].phy_mask;
15909 				break;
15910 			}
15911 		}
15912 
15913 		for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
15914 			if ((phy_mask >> i) & 0x01) {
15915 				numphys++;
15916 			}
15917 		}
15918 		/*
15919 		 * Update PHY info for smhba
15920 		 */
15921 		if (mptsas_smhba_phy_init(mpt)) {
15922 			mutex_exit(&mpt->m_mutex);
15923 			mptsas_log(mpt, CE_WARN, "mptsas phy update "
15924 			    "failed");
15925 			goto smp_create_done;
15926 		}
15927 		mutex_exit(&mpt->m_mutex);
15928 
15929 		mptsas_smhba_set_all_phy_props(mpt, pdip, numphys, phy_mask,
15930 		    &attached_devhdl);
15931 
15932 		if (ddi_prop_update_int(DDI_DEV_T_NONE, pdip,
15933 		    MPTSAS_NUM_PHYS, numphys) !=
15934 		    DDI_PROP_SUCCESS) {
15935 			(void) ddi_prop_remove(DDI_DEV_T_NONE, pdip,
15936 			    MPTSAS_NUM_PHYS);
15937 			mptsas_log(mpt, CE_WARN, "mptsas update "
15938 			    "num phys props failed");
15939 			goto smp_create_done;
15940 		}
15941 		/*
15942 		 * Add parent's props for SMHBA support
15943 		 */
15944 		if (ddi_prop_update_string(DDI_DEV_T_NONE, pdip,
15945 		    SCSI_ADDR_PROP_ATTACHED_PORT, wwn_str) !=
15946 		    DDI_PROP_SUCCESS) {
15947 			(void) ddi_prop_remove(DDI_DEV_T_NONE, pdip,
15948 			    SCSI_ADDR_PROP_ATTACHED_PORT);
15949 			mptsas_log(mpt, CE_WARN, "mptsas update iport"
15950 			    "attached-port failed");
15951 			goto smp_create_done;
15952 		}
15953 
15954 smp_create_done:
15955 		/*
15956 		 * If props were setup ok, online the lun
15957 		 */
15958 		if (ndi_rtn == NDI_SUCCESS) {
15959 			/*
15960 			 * Try to online the new node
15961 			 */
15962 			ndi_rtn = ndi_devi_online(*smp_dip, NDI_ONLINE_ATTACH);
15963 		}
15964 
15965 		/*
15966 		 * If success set rtn flag, else unwire alloc'd lun
15967 		 */
15968 		if (ndi_rtn != NDI_SUCCESS) {
15969 			NDBG12(("mptsas unable to online "
15970 			    "SMP target %s", wwn_str));
15971 			ndi_prop_remove_all(*smp_dip);
15972 			(void) ndi_devi_free(*smp_dip);
15973 		}
15974 	}
15975 
15976 	return ((ndi_rtn == NDI_SUCCESS) ? DDI_SUCCESS : DDI_FAILURE);
15977 }
15978 
15979 /* smp transport routine */
15980 static int mptsas_smp_start(struct smp_pkt *smp_pkt)
15981 {
15982 	uint64_t			wwn;
15983 	Mpi2SmpPassthroughRequest_t	req;
15984 	Mpi2SmpPassthroughReply_t	rep;
15985 	uint32_t			direction = 0;
15986 	mptsas_t			*mpt;
15987 	int				ret;
15988 	uint64_t			tmp64;
15989 
15990 	mpt = (mptsas_t *)smp_pkt->smp_pkt_address->
15991 	    smp_a_hba_tran->smp_tran_hba_private;
15992 
15993 	bcopy(smp_pkt->smp_pkt_address->smp_a_wwn, &wwn, SAS_WWN_BYTE_SIZE);
15994 	/*
15995 	 * Need to compose a SMP request message
15996 	 * and call mptsas_do_passthru() function
15997 	 */
15998 	bzero(&req, sizeof (req));
15999 	bzero(&rep, sizeof (rep));
16000 	req.PassthroughFlags = 0;
16001 	req.PhysicalPort = 0xff;
16002 	req.ChainOffset = 0;
16003 	req.Function = MPI2_FUNCTION_SMP_PASSTHROUGH;
16004 
16005 	if ((smp_pkt->smp_pkt_reqsize & 0xffff0000ul) != 0) {
16006 		smp_pkt->smp_pkt_reason = ERANGE;
16007 		return (DDI_FAILURE);
16008 	}
16009 	req.RequestDataLength = LE_16((uint16_t)(smp_pkt->smp_pkt_reqsize - 4));
16010 
16011 	req.MsgFlags = 0;
16012 	tmp64 = LE_64(wwn);
16013 	bcopy(&tmp64, &req.SASAddress, SAS_WWN_BYTE_SIZE);
16014 	if (smp_pkt->smp_pkt_rspsize > 0) {
16015 		direction |= MPTSAS_PASS_THRU_DIRECTION_READ;
16016 	}
16017 	if (smp_pkt->smp_pkt_reqsize > 0) {
16018 		direction |= MPTSAS_PASS_THRU_DIRECTION_WRITE;
16019 	}
16020 
16021 	mutex_enter(&mpt->m_mutex);
16022 	ret = mptsas_do_passthru(mpt, (uint8_t *)&req, (uint8_t *)&rep,
16023 	    (uint8_t *)smp_pkt->smp_pkt_rsp,
16024 	    offsetof(Mpi2SmpPassthroughRequest_t, SGL), sizeof (rep),
16025 	    smp_pkt->smp_pkt_rspsize - 4, direction,
16026 	    (uint8_t *)smp_pkt->smp_pkt_req, smp_pkt->smp_pkt_reqsize - 4,
16027 	    smp_pkt->smp_pkt_timeout, FKIOCTL);
16028 	mutex_exit(&mpt->m_mutex);
16029 	if (ret != 0) {
16030 		cmn_err(CE_WARN, "smp_start do passthru error %d", ret);
16031 		smp_pkt->smp_pkt_reason = (uchar_t)(ret);
16032 		return (DDI_FAILURE);
16033 	}
16034 	/* do passthrough success, check the smp status */
16035 	if (LE_16(rep.IOCStatus) != MPI2_IOCSTATUS_SUCCESS) {
16036 		switch (LE_16(rep.IOCStatus)) {
16037 		case MPI2_IOCSTATUS_SCSI_DEVICE_NOT_THERE:
16038 			smp_pkt->smp_pkt_reason = ENODEV;
16039 			break;
16040 		case MPI2_IOCSTATUS_SAS_SMP_DATA_OVERRUN:
16041 			smp_pkt->smp_pkt_reason = EOVERFLOW;
16042 			break;
16043 		case MPI2_IOCSTATUS_SAS_SMP_REQUEST_FAILED:
16044 			smp_pkt->smp_pkt_reason = EIO;
16045 			break;
16046 		default:
16047 			mptsas_log(mpt, CE_NOTE, "smp_start: get unknown ioc"
16048 			    "status:%x", LE_16(rep.IOCStatus));
16049 			smp_pkt->smp_pkt_reason = EIO;
16050 			break;
16051 		}
16052 		return (DDI_FAILURE);
16053 	}
16054 	if (rep.SASStatus != MPI2_SASSTATUS_SUCCESS) {
16055 		mptsas_log(mpt, CE_NOTE, "smp_start: get error SAS status:%x",
16056 		    rep.SASStatus);
16057 		smp_pkt->smp_pkt_reason = EIO;
16058 		return (DDI_FAILURE);
16059 	}
16060 
16061 	return (DDI_SUCCESS);
16062 }
16063 
16064 /*
16065  * If we didn't get a match, we need to get sas page0 for each device, and
16066  * untill we get a match. If failed, return NULL
16067  */
16068 static mptsas_target_t *
16069 mptsas_phy_to_tgt(mptsas_t *mpt, mptsas_phymask_t phymask, uint8_t phy)
16070 {
16071 	int		i, j = 0;
16072 	int		rval = 0;
16073 	uint16_t	cur_handle;
16074 	uint32_t	page_address;
16075 	mptsas_target_t	*ptgt = NULL;
16076 
16077 	/*
16078 	 * PHY named device must be direct attached and attaches to
16079 	 * narrow port, if the iport is not parent of the device which
16080 	 * we are looking for.
16081 	 */
16082 	for (i = 0; i < MPTSAS_MAX_PHYS; i++) {
16083 		if ((1 << i) & phymask)
16084 			j++;
16085 	}
16086 
16087 	if (j > 1)
16088 		return (NULL);
16089 
16090 	/*
16091 	 * Must be a narrow port and single device attached to the narrow port
16092 	 * So the physical port num of device  which is equal to the iport's
16093 	 * port num is the device what we are looking for.
16094 	 */
16095 
16096 	if (mpt->m_phy_info[phy].phy_mask != phymask)
16097 		return (NULL);
16098 
16099 	mutex_enter(&mpt->m_mutex);
16100 
16101 	ptgt = refhash_linear_search(mpt->m_targets, mptsas_target_eval_nowwn,
16102 	    &phy);
16103 	if (ptgt != NULL) {
16104 		mutex_exit(&mpt->m_mutex);
16105 		return (ptgt);
16106 	}
16107 
16108 	if (mpt->m_done_traverse_dev) {
16109 		mutex_exit(&mpt->m_mutex);
16110 		return (NULL);
16111 	}
16112 
16113 	/* If didn't get a match, come here */
16114 	cur_handle = mpt->m_dev_handle;
16115 	for (; ; ) {
16116 		ptgt = NULL;
16117 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_GET_NEXT_HANDLE &
16118 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) | (uint32_t)cur_handle;
16119 		rval = mptsas_get_target_device_info(mpt, page_address,
16120 		    &cur_handle, &ptgt);
16121 		if ((rval == DEV_INFO_FAIL_PAGE0) ||
16122 		    (rval == DEV_INFO_FAIL_ALLOC)) {
16123 			break;
16124 		}
16125 		if ((rval == DEV_INFO_WRONG_DEVICE_TYPE) ||
16126 		    (rval == DEV_INFO_PHYS_DISK)) {
16127 			continue;
16128 		}
16129 		mpt->m_dev_handle = cur_handle;
16130 
16131 		if ((ptgt->m_addr.mta_wwn == 0) && (ptgt->m_phynum == phy)) {
16132 			break;
16133 		}
16134 	}
16135 
16136 	mutex_exit(&mpt->m_mutex);
16137 	return (ptgt);
16138 }
16139 
16140 /*
16141  * The ptgt->m_addr.mta_wwn contains the wwid for each disk.
16142  * For Raid volumes, we need to check m_raidvol[x].m_raidwwid
16143  * If we didn't get a match, we need to get sas page0 for each device, and
16144  * untill we get a match
16145  * If failed, return NULL
16146  */
16147 static mptsas_target_t *
16148 mptsas_wwid_to_ptgt(mptsas_t *mpt, mptsas_phymask_t phymask, uint64_t wwid)
16149 {
16150 	int		rval = 0;
16151 	uint16_t	cur_handle;
16152 	uint32_t	page_address;
16153 	mptsas_target_t	*tmp_tgt = NULL;
16154 	mptsas_target_addr_t addr;
16155 
16156 	addr.mta_wwn = wwid;
16157 	addr.mta_phymask = phymask;
16158 	mutex_enter(&mpt->m_mutex);
16159 	tmp_tgt = refhash_lookup(mpt->m_targets, &addr);
16160 	if (tmp_tgt != NULL) {
16161 		mutex_exit(&mpt->m_mutex);
16162 		return (tmp_tgt);
16163 	}
16164 
16165 	if (phymask == 0) {
16166 		/*
16167 		 * It's IR volume
16168 		 */
16169 		rval = mptsas_get_raid_info(mpt);
16170 		if (rval) {
16171 			tmp_tgt = refhash_lookup(mpt->m_targets, &addr);
16172 		}
16173 		mutex_exit(&mpt->m_mutex);
16174 		return (tmp_tgt);
16175 	}
16176 
16177 	if (mpt->m_done_traverse_dev) {
16178 		mutex_exit(&mpt->m_mutex);
16179 		return (NULL);
16180 	}
16181 
16182 	/* If didn't get a match, come here */
16183 	cur_handle = mpt->m_dev_handle;
16184 	for (;;) {
16185 		tmp_tgt = NULL;
16186 		page_address = (MPI2_SAS_DEVICE_PGAD_FORM_GET_NEXT_HANDLE &
16187 		    MPI2_SAS_DEVICE_PGAD_FORM_MASK) | cur_handle;
16188 		rval = mptsas_get_target_device_info(mpt, page_address,
16189 		    &cur_handle, &tmp_tgt);
16190 		if ((rval == DEV_INFO_FAIL_PAGE0) ||
16191 		    (rval == DEV_INFO_FAIL_ALLOC)) {
16192 			tmp_tgt = NULL;
16193 			break;
16194 		}
16195 		if ((rval == DEV_INFO_WRONG_DEVICE_TYPE) ||
16196 		    (rval == DEV_INFO_PHYS_DISK)) {
16197 			continue;
16198 		}
16199 		mpt->m_dev_handle = cur_handle;
16200 		if ((tmp_tgt->m_addr.mta_wwn) &&
16201 		    (tmp_tgt->m_addr.mta_wwn == wwid) &&
16202 		    (tmp_tgt->m_addr.mta_phymask == phymask)) {
16203 			break;
16204 		}
16205 	}
16206 
16207 	mutex_exit(&mpt->m_mutex);
16208 	return (tmp_tgt);
16209 }
16210 
16211 static mptsas_smp_t *
16212 mptsas_wwid_to_psmp(mptsas_t *mpt, mptsas_phymask_t phymask, uint64_t wwid)
16213 {
16214 	int		rval = 0;
16215 	uint16_t	cur_handle;
16216 	uint32_t	page_address;
16217 	mptsas_smp_t	smp_node, *psmp = NULL;
16218 	mptsas_target_addr_t addr;
16219 
16220 	addr.mta_wwn = wwid;
16221 	addr.mta_phymask = phymask;
16222 	mutex_enter(&mpt->m_mutex);
16223 	psmp = refhash_lookup(mpt->m_smp_targets, &addr);
16224 	if (psmp != NULL) {
16225 		mutex_exit(&mpt->m_mutex);
16226 		return (psmp);
16227 	}
16228 
16229 	if (mpt->m_done_traverse_smp) {
16230 		mutex_exit(&mpt->m_mutex);
16231 		return (NULL);
16232 	}
16233 
16234 	/* If didn't get a match, come here */
16235 	cur_handle = mpt->m_smp_devhdl;
16236 	for (;;) {
16237 		psmp = NULL;
16238 		page_address = (MPI2_SAS_EXPAND_PGAD_FORM_GET_NEXT_HNDL &
16239 		    MPI2_SAS_EXPAND_PGAD_FORM_MASK) | (uint32_t)cur_handle;
16240 		rval = mptsas_get_sas_expander_page0(mpt, page_address,
16241 		    &smp_node);
16242 		if (rval != DDI_SUCCESS) {
16243 			break;
16244 		}
16245 		mpt->m_smp_devhdl = cur_handle = smp_node.m_devhdl;
16246 		psmp = mptsas_smp_alloc(mpt, &smp_node);
16247 		ASSERT(psmp);
16248 		if ((psmp->m_addr.mta_wwn) && (psmp->m_addr.mta_wwn == wwid) &&
16249 		    (psmp->m_addr.mta_phymask == phymask)) {
16250 			break;
16251 		}
16252 	}
16253 
16254 	mutex_exit(&mpt->m_mutex);
16255 	return (psmp);
16256 }
16257 
16258 mptsas_target_t *
16259 mptsas_tgt_alloc(mptsas_t *mpt, uint16_t devhdl, uint64_t wwid,
16260     uint32_t devinfo, mptsas_phymask_t phymask, uint8_t phynum)
16261 {
16262 	mptsas_target_t *tmp_tgt = NULL;
16263 	mptsas_target_addr_t addr;
16264 
16265 	addr.mta_wwn = wwid;
16266 	addr.mta_phymask = phymask;
16267 	tmp_tgt = refhash_lookup(mpt->m_targets, &addr);
16268 	if (tmp_tgt != NULL) {
16269 		NDBG20(("Hash item already exist"));
16270 		tmp_tgt->m_deviceinfo = devinfo;
16271 		tmp_tgt->m_devhdl = devhdl;	/* XXX - duplicate? */
16272 		return (tmp_tgt);
16273 	}
16274 	tmp_tgt = kmem_zalloc(sizeof (struct mptsas_target), KM_SLEEP);
16275 	if (tmp_tgt == NULL) {
16276 		cmn_err(CE_WARN, "Fatal, allocated tgt failed");
16277 		return (NULL);
16278 	}
16279 	tmp_tgt->m_devhdl = devhdl;
16280 	tmp_tgt->m_addr.mta_wwn = wwid;
16281 	tmp_tgt->m_deviceinfo = devinfo;
16282 	tmp_tgt->m_addr.mta_phymask = phymask;
16283 	tmp_tgt->m_phynum = phynum;
16284 	/* Initialized the tgt structure */
16285 	tmp_tgt->m_qfull_retries = QFULL_RETRIES;
16286 	tmp_tgt->m_qfull_retry_interval =
16287 	    drv_usectohz(QFULL_RETRY_INTERVAL * 1000);
16288 	tmp_tgt->m_t_throttle = MAX_THROTTLE;
16289 	TAILQ_INIT(&tmp_tgt->m_active_cmdq);
16290 
16291 	refhash_insert(mpt->m_targets, tmp_tgt);
16292 
16293 	return (tmp_tgt);
16294 }
16295 
16296 static void
16297 mptsas_smp_target_copy(mptsas_smp_t *src, mptsas_smp_t *dst)
16298 {
16299 	dst->m_devhdl = src->m_devhdl;
16300 	dst->m_deviceinfo = src->m_deviceinfo;
16301 	dst->m_pdevhdl = src->m_pdevhdl;
16302 	dst->m_pdevinfo = src->m_pdevinfo;
16303 }
16304 
16305 static mptsas_smp_t *
16306 mptsas_smp_alloc(mptsas_t *mpt, mptsas_smp_t *data)
16307 {
16308 	mptsas_target_addr_t addr;
16309 	mptsas_smp_t *ret_data;
16310 
16311 	addr.mta_wwn = data->m_addr.mta_wwn;
16312 	addr.mta_phymask = data->m_addr.mta_phymask;
16313 	ret_data = refhash_lookup(mpt->m_smp_targets, &addr);
16314 	/*
16315 	 * If there's already a matching SMP target, update its fields
16316 	 * in place.  Since the address is not changing, it's safe to do
16317 	 * this.  We cannot just bcopy() here because the structure we've
16318 	 * been given has invalid hash links.
16319 	 */
16320 	if (ret_data != NULL) {
16321 		mptsas_smp_target_copy(data, ret_data);
16322 		return (ret_data);
16323 	}
16324 
16325 	ret_data = kmem_alloc(sizeof (mptsas_smp_t), KM_SLEEP);
16326 	bcopy(data, ret_data, sizeof (mptsas_smp_t));
16327 	refhash_insert(mpt->m_smp_targets, ret_data);
16328 	return (ret_data);
16329 }
16330 
16331 /*
16332  * Functions for SGPIO LED support
16333  */
16334 static dev_info_t *
16335 mptsas_get_dip_from_dev(dev_t dev, mptsas_phymask_t *phymask)
16336 {
16337 	dev_info_t	*dip;
16338 	int		prop;
16339 	dip = e_ddi_hold_devi_by_dev(dev, 0);
16340 	if (dip == NULL)
16341 		return (dip);
16342 	prop = ddi_prop_get_int(DDI_DEV_T_ANY, dip, 0,
16343 	    "phymask", 0);
16344 	*phymask = (mptsas_phymask_t)prop;
16345 	ddi_release_devi(dip);
16346 	return (dip);
16347 }
16348 static mptsas_target_t *
16349 mptsas_addr_to_ptgt(mptsas_t *mpt, char *addr, mptsas_phymask_t phymask)
16350 {
16351 	uint8_t			phynum;
16352 	uint64_t		wwn;
16353 	int			lun;
16354 	mptsas_target_t		*ptgt = NULL;
16355 
16356 	if (mptsas_parse_address(addr, &wwn, &phynum, &lun) != DDI_SUCCESS) {
16357 		return (NULL);
16358 	}
16359 	if (addr[0] == 'w') {
16360 		ptgt = mptsas_wwid_to_ptgt(mpt, (int)phymask, wwn);
16361 	} else {
16362 		ptgt = mptsas_phy_to_tgt(mpt, (int)phymask, phynum);
16363 	}
16364 	return (ptgt);
16365 }
16366 
16367 static int
16368 mptsas_flush_led_status(mptsas_t *mpt, mptsas_target_t *ptgt)
16369 {
16370 	uint32_t slotstatus = 0;
16371 
16372 	/* Build an MPI2 Slot Status based on our view of the world */
16373 	if (ptgt->m_led_status & (1 << (MPTSAS_LEDCTL_LED_IDENT - 1)))
16374 		slotstatus |= MPI2_SEP_REQ_SLOTSTATUS_IDENTIFY_REQUEST;
16375 	if (ptgt->m_led_status & (1 << (MPTSAS_LEDCTL_LED_FAIL - 1)))
16376 		slotstatus |= MPI2_SEP_REQ_SLOTSTATUS_PREDICTED_FAULT;
16377 	if (ptgt->m_led_status & (1 << (MPTSAS_LEDCTL_LED_OK2RM - 1)))
16378 		slotstatus |= MPI2_SEP_REQ_SLOTSTATUS_REQUEST_REMOVE;
16379 
16380 	/* Write it to the controller */
16381 	NDBG14(("mptsas_ioctl: set LED status %x for slot %x",
16382 	    slotstatus, ptgt->m_slot_num));
16383 	return (mptsas_send_sep(mpt, ptgt, &slotstatus,
16384 	    MPI2_SEP_REQ_ACTION_WRITE_STATUS));
16385 }
16386 
16387 /*
16388  *  send sep request, use enclosure/slot addressing
16389  */
16390 static int
16391 mptsas_send_sep(mptsas_t *mpt, mptsas_target_t *ptgt,
16392     uint32_t *status, uint8_t act)
16393 {
16394 	Mpi2SepRequest_t	req;
16395 	Mpi2SepReply_t		rep;
16396 	int			ret;
16397 
16398 	ASSERT(mutex_owned(&mpt->m_mutex));
16399 
16400 	/*
16401 	 * We only support SEP control of directly-attached targets, in which
16402 	 * case the "SEP" we're talking to is a virtual one contained within
16403 	 * the HBA itself.  This is necessary because DA targets typically have
16404 	 * no other mechanism for LED control.  Targets for which a separate
16405 	 * enclosure service processor exists should be controlled via ses(7d)
16406 	 * or sgen(7d).  Furthermore, since such requests can time out, they
16407 	 * should be made in user context rather than in response to
16408 	 * asynchronous fabric changes.
16409 	 *
16410 	 * In addition, we do not support this operation for RAID volumes,
16411 	 * since there is no slot associated with them.
16412 	 */
16413 	if (!(ptgt->m_deviceinfo & DEVINFO_DIRECT_ATTACHED) ||
16414 	    ptgt->m_addr.mta_phymask == 0) {
16415 		return (ENOTTY);
16416 	}
16417 
16418 	bzero(&req, sizeof (req));
16419 	bzero(&rep, sizeof (rep));
16420 
16421 	req.Function = MPI2_FUNCTION_SCSI_ENCLOSURE_PROCESSOR;
16422 	req.Action = act;
16423 	req.Flags = MPI2_SEP_REQ_FLAGS_ENCLOSURE_SLOT_ADDRESS;
16424 	req.EnclosureHandle = LE_16(ptgt->m_enclosure);
16425 	req.Slot = LE_16(ptgt->m_slot_num);
16426 	if (act == MPI2_SEP_REQ_ACTION_WRITE_STATUS) {
16427 		req.SlotStatus = LE_32(*status);
16428 	}
16429 	ret = mptsas_do_passthru(mpt, (uint8_t *)&req, (uint8_t *)&rep, NULL,
16430 	    sizeof (req), sizeof (rep), NULL, 0, NULL, 0, 60, FKIOCTL);
16431 	if (ret != 0) {
16432 		mptsas_log(mpt, CE_NOTE, "mptsas_send_sep: passthru SEP "
16433 		    "Processor Request message error %d", ret);
16434 		return (ret);
16435 	}
16436 	/* do passthrough success, check the ioc status */
16437 	if (LE_16(rep.IOCStatus) != MPI2_IOCSTATUS_SUCCESS) {
16438 		mptsas_log(mpt, CE_NOTE, "send_sep act %x: ioc "
16439 		    "status:%x loginfo %x", act, LE_16(rep.IOCStatus),
16440 		    LE_32(rep.IOCLogInfo));
16441 		switch (LE_16(rep.IOCStatus) & MPI2_IOCSTATUS_MASK) {
16442 		case MPI2_IOCSTATUS_INVALID_FUNCTION:
16443 		case MPI2_IOCSTATUS_INVALID_VPID:
16444 		case MPI2_IOCSTATUS_INVALID_FIELD:
16445 		case MPI2_IOCSTATUS_INVALID_STATE:
16446 		case MPI2_IOCSTATUS_OP_STATE_NOT_SUPPORTED:
16447 		case MPI2_IOCSTATUS_CONFIG_INVALID_ACTION:
16448 		case MPI2_IOCSTATUS_CONFIG_INVALID_TYPE:
16449 		case MPI2_IOCSTATUS_CONFIG_INVALID_PAGE:
16450 		case MPI2_IOCSTATUS_CONFIG_INVALID_DATA:
16451 		case MPI2_IOCSTATUS_CONFIG_NO_DEFAULTS:
16452 			return (EINVAL);
16453 		case MPI2_IOCSTATUS_BUSY:
16454 			return (EBUSY);
16455 		case MPI2_IOCSTATUS_INSUFFICIENT_RESOURCES:
16456 			return (EAGAIN);
16457 		case MPI2_IOCSTATUS_INVALID_SGL:
16458 		case MPI2_IOCSTATUS_INTERNAL_ERROR:
16459 		case MPI2_IOCSTATUS_CONFIG_CANT_COMMIT:
16460 		default:
16461 			return (EIO);
16462 		}
16463 	}
16464 	if (act != MPI2_SEP_REQ_ACTION_WRITE_STATUS) {
16465 		*status = LE_32(rep.SlotStatus);
16466 	}
16467 
16468 	return (0);
16469 }
16470 
16471 int
16472 mptsas_dma_addr_create(mptsas_t *mpt, ddi_dma_attr_t dma_attr,
16473     ddi_dma_handle_t *dma_hdp, ddi_acc_handle_t *acc_hdp, caddr_t *dma_memp,
16474     uint32_t alloc_size, ddi_dma_cookie_t *cookiep)
16475 {
16476 	ddi_dma_cookie_t	new_cookie;
16477 	size_t			alloc_len;
16478 	uint_t			ncookie;
16479 
16480 	if (cookiep == NULL)
16481 		cookiep = &new_cookie;
16482 
16483 	if (ddi_dma_alloc_handle(mpt->m_dip, &dma_attr, DDI_DMA_SLEEP,
16484 	    NULL, dma_hdp) != DDI_SUCCESS) {
16485 		return (FALSE);
16486 	}
16487 
16488 	if (ddi_dma_mem_alloc(*dma_hdp, alloc_size, &mpt->m_dev_acc_attr,
16489 	    DDI_DMA_CONSISTENT, DDI_DMA_SLEEP, NULL, dma_memp, &alloc_len,
16490 	    acc_hdp) != DDI_SUCCESS) {
16491 		ddi_dma_free_handle(dma_hdp);
16492 		*dma_hdp = NULL;
16493 		return (FALSE);
16494 	}
16495 
16496 	if (ddi_dma_addr_bind_handle(*dma_hdp, NULL, *dma_memp, alloc_len,
16497 	    (DDI_DMA_RDWR | DDI_DMA_CONSISTENT), DDI_DMA_SLEEP, NULL,
16498 	    cookiep, &ncookie) != DDI_DMA_MAPPED) {
16499 		(void) ddi_dma_mem_free(acc_hdp);
16500 		ddi_dma_free_handle(dma_hdp);
16501 		*dma_hdp = NULL;
16502 		return (FALSE);
16503 	}
16504 
16505 	return (TRUE);
16506 }
16507 
16508 void
16509 mptsas_dma_addr_destroy(ddi_dma_handle_t *dma_hdp, ddi_acc_handle_t *acc_hdp)
16510 {
16511 	if (*dma_hdp == NULL)
16512 		return;
16513 
16514 	(void) ddi_dma_unbind_handle(*dma_hdp);
16515 	(void) ddi_dma_mem_free(acc_hdp);
16516 	ddi_dma_free_handle(dma_hdp);
16517 	*dma_hdp = NULL;
16518 }
16519