fw-sbp2.c 32.9 KB
Newer Older
1 2
/*
 * SBP2 driver (SCSI over IEEE1394)
3
 *
4
 * Copyright (C) 2005-2007  Kristian Hoegsberg <krh@bitplanet.net>
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

21 22
/*
 * The basic structure of this driver is based on the old storage driver,
23 24 25 26 27 28 29 30
 * drivers/ieee1394/sbp2.c, originally written by
 *     James Goodwin <jamesg@filanet.com>
 * with later contributions and ongoing maintenance from
 *     Ben Collins <bcollins@debian.org>,
 *     Stefan Richter <stefanr@s5r6.in-berlin.de>
 * and many others.
 */

31 32
#include <linux/kernel.h>
#include <linux/module.h>
S
Stefan Richter 已提交
33
#include <linux/mod_devicetable.h>
34
#include <linux/device.h>
A
Andrew Morton 已提交
35
#include <linux/scatterlist.h>
36
#include <linux/dma-mapping.h>
37
#include <linux/timer.h>
38 39 40 41 42 43 44 45 46 47 48 49

#include <scsi/scsi.h>
#include <scsi/scsi_cmnd.h>
#include <scsi/scsi_dbg.h>
#include <scsi/scsi_device.h>
#include <scsi/scsi_host.h>

#include "fw-transaction.h"
#include "fw-topology.h"
#include "fw-device.h"

/* I don't know why the SCSI stack doesn't define something like this... */
50
typedef void (*scsi_done_fn_t)(struct scsi_cmnd *);
51 52 53 54

static const char sbp2_driver_name[] = "sbp2";

struct sbp2_device {
55
	struct kref kref;
56 57 58 59 60 61 62 63
	struct fw_unit *unit;
	struct fw_address_handler address_handler;
	struct list_head orb_list;
	u64 management_agent_address;
	u64 command_block_agent_address;
	u32 workarounds;
	int login_id;

64 65
	/*
	 * We cache these addresses and only update them once we've
66 67 68
	 * logged in or reconnected to the sbp2 device.  That way, any
	 * IO to the device will automatically fail and get retried if
	 * it happens in a window where the device is not ready to
69 70
	 * handle it (e.g. after a bus reset but before we reconnect).
	 */
71 72 73 74
	int node_id;
	int address_high;
	int generation;

75 76
	int retries;
	struct delayed_work work;
77 78 79 80
};

#define SBP2_MAX_SG_ELEMENT_LENGTH	0xf000
#define SBP2_MAX_SECTORS		255	/* Max sectors supported */
81
#define SBP2_ORB_TIMEOUT		2000	/* Timeout in ms */
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

#define SBP2_ORB_NULL			0x80000000

#define SBP2_DIRECTION_TO_MEDIA		0x0
#define SBP2_DIRECTION_FROM_MEDIA	0x1

/* Unit directory keys */
#define SBP2_COMMAND_SET_SPECIFIER	0x38
#define SBP2_COMMAND_SET		0x39
#define SBP2_COMMAND_SET_REVISION	0x3b
#define SBP2_FIRMWARE_REVISION		0x3c

/* Flags for detected oddities and brokeness */
#define SBP2_WORKAROUND_128K_MAX_TRANS	0x1
#define SBP2_WORKAROUND_INQUIRY_36	0x2
#define SBP2_WORKAROUND_MODE_SENSE_8	0x4
#define SBP2_WORKAROUND_FIX_CAPACITY	0x8
#define SBP2_WORKAROUND_OVERRIDE	0x100

/* Management orb opcodes */
#define SBP2_LOGIN_REQUEST		0x0
#define SBP2_QUERY_LOGINS_REQUEST	0x1
#define SBP2_RECONNECT_REQUEST		0x3
#define SBP2_SET_PASSWORD_REQUEST	0x4
#define SBP2_LOGOUT_REQUEST		0x7
#define SBP2_ABORT_TASK_REQUEST		0xb
#define SBP2_ABORT_TASK_SET		0xc
#define SBP2_LOGICAL_UNIT_RESET		0xe
#define SBP2_TARGET_RESET_REQUEST	0xf

/* Offsets for command block agent registers */
#define SBP2_AGENT_STATE		0x00
#define SBP2_AGENT_RESET		0x04
#define SBP2_ORB_POINTER		0x08
#define SBP2_DOORBELL			0x10
#define SBP2_UNSOLICITED_STATUS_ENABLE	0x14

/* Status write response codes */
#define SBP2_STATUS_REQUEST_COMPLETE	0x0
#define SBP2_STATUS_TRANSPORT_FAILURE	0x1
#define SBP2_STATUS_ILLEGAL_REQUEST	0x2
#define SBP2_STATUS_VENDOR_DEPENDENT	0x3

125 126 127 128 129 130 131 132
#define STATUS_GET_ORB_HIGH(v)		((v).status & 0xffff)
#define STATUS_GET_SBP_STATUS(v)	(((v).status >> 16) & 0xff)
#define STATUS_GET_LEN(v)		(((v).status >> 24) & 0x07)
#define STATUS_GET_DEAD(v)		(((v).status >> 27) & 0x01)
#define STATUS_GET_RESPONSE(v)		(((v).status >> 28) & 0x03)
#define STATUS_GET_SOURCE(v)		(((v).status >> 30) & 0x03)
#define STATUS_GET_ORB_LOW(v)		((v).orb_low)
#define STATUS_GET_DATA(v)		((v).data)
133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149

struct sbp2_status {
	u32 status;
	u32 orb_low;
	u8 data[24];
};

struct sbp2_pointer {
	u32 high;
	u32 low;
};

struct sbp2_orb {
	struct fw_transaction t;
	dma_addr_t request_bus;
	int rcode;
	struct sbp2_pointer pointer;
150
	void (*callback)(struct sbp2_orb * orb, struct sbp2_status * status);
151 152 153
	struct list_head link;
};

154 155 156 157 158 159
#define MANAGEMENT_ORB_LUN(v)			((v))
#define MANAGEMENT_ORB_FUNCTION(v)		((v) << 16)
#define MANAGEMENT_ORB_RECONNECT(v)		((v) << 20)
#define MANAGEMENT_ORB_EXCLUSIVE		((1) << 28)
#define MANAGEMENT_ORB_REQUEST_FORMAT(v)	((v) << 29)
#define MANAGEMENT_ORB_NOTIFY			((1) << 31)
160

161 162
#define MANAGEMENT_ORB_RESPONSE_LENGTH(v)	((v))
#define MANAGEMENT_ORB_PASSWORD_LENGTH(v)	((v) << 16)
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178

struct sbp2_management_orb {
	struct sbp2_orb base;
	struct {
		struct sbp2_pointer password;
		struct sbp2_pointer response;
		u32 misc;
		u32 length;
		struct sbp2_pointer status_fifo;
	} request;
	__be32 response[4];
	dma_addr_t response_bus;
	struct completion done;
	struct sbp2_status status;
};

179 180
#define LOGIN_RESPONSE_GET_LOGIN_ID(v)	((v).misc & 0xffff)
#define LOGIN_RESPONSE_GET_LENGTH(v)	(((v).misc >> 16) & 0xffff)
181 182 183 184 185 186

struct sbp2_login_response {
	u32 misc;
	struct sbp2_pointer command_block_agent;
	u32 reconnect_hold;
};
187 188 189 190 191 192 193 194
#define COMMAND_ORB_DATA_SIZE(v)	((v))
#define COMMAND_ORB_PAGE_SIZE(v)	((v) << 16)
#define COMMAND_ORB_PAGE_TABLE_PRESENT	((1) << 19)
#define COMMAND_ORB_MAX_PAYLOAD(v)	((v) << 20)
#define COMMAND_ORB_SPEED(v)		((v) << 24)
#define COMMAND_ORB_DIRECTION(v)	((v) << 27)
#define COMMAND_ORB_REQUEST_FORMAT(v)	((v) << 29)
#define COMMAND_ORB_NOTIFY		((1) << 31)
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241

struct sbp2_command_orb {
	struct sbp2_orb base;
	struct {
		struct sbp2_pointer next;
		struct sbp2_pointer data_descriptor;
		u32 misc;
		u8 command_block[12];
	} request;
	struct scsi_cmnd *cmd;
	scsi_done_fn_t done;
	struct fw_unit *unit;

	struct sbp2_pointer page_table[SG_ALL];
	dma_addr_t page_table_bus;
};

/*
 * List of devices with known bugs.
 *
 * The firmware_revision field, masked with 0xffff00, is the best
 * indicator for the type of bridge chip of a device.  It yields a few
 * false positives but this did not break correctly behaving devices
 * so far.  We use ~0 as a wildcard, since the 24 bit values we get
 * from the config rom can never match that.
 */
static const struct {
	u32 firmware_revision;
	u32 model;
	unsigned workarounds;
} sbp2_workarounds_table[] = {
	/* DViCO Momobay CX-1 with TSB42AA9 bridge */ {
		.firmware_revision	= 0x002800,
		.model			= 0x001010,
		.workarounds		= SBP2_WORKAROUND_INQUIRY_36 |
					  SBP2_WORKAROUND_MODE_SENSE_8,
	},
	/* Initio bridges, actually only needed for some older ones */ {
		.firmware_revision	= 0x000200,
		.model			= ~0,
		.workarounds		= SBP2_WORKAROUND_INQUIRY_36,
	},
	/* Symbios bridge */ {
		.firmware_revision	= 0xa0b800,
		.model			= ~0,
		.workarounds		= SBP2_WORKAROUND_128K_MAX_TRANS,
	},
242 243 244

	/*
	 * There are iPods (2nd gen, 3rd gen) with model_id == 0, but
245 246
	 * these iPods do not feature the read_capacity bug according
	 * to one report.  Read_capacity behaviour as well as model_id
247 248 249
	 * could change due to Apple-supplied firmware updates though.
	 */

250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280
	/* iPod 4th generation. */ {
		.firmware_revision	= 0x0a2700,
		.model			= 0x000021,
		.workarounds		= SBP2_WORKAROUND_FIX_CAPACITY,
	},
	/* iPod mini */ {
		.firmware_revision	= 0x0a2700,
		.model			= 0x000023,
		.workarounds		= SBP2_WORKAROUND_FIX_CAPACITY,
	},
	/* iPod Photo */ {
		.firmware_revision	= 0x0a2700,
		.model			= 0x00007e,
		.workarounds		= SBP2_WORKAROUND_FIX_CAPACITY,
	}
};

static void
sbp2_status_write(struct fw_card *card, struct fw_request *request,
		  int tcode, int destination, int source,
		  int generation, int speed,
		  unsigned long long offset,
		  void *payload, size_t length, void *callback_data)
{
	struct sbp2_device *sd = callback_data;
	struct sbp2_orb *orb;
	struct sbp2_status status;
	size_t header_size;
	unsigned long flags;

	if (tcode != TCODE_WRITE_BLOCK_REQUEST ||
281
	    length == 0 || length > sizeof(status)) {
282 283 284 285 286 287 288 289
		fw_send_response(card, request, RCODE_TYPE_ERROR);
		return;
	}

	header_size = min(length, 2 * sizeof(u32));
	fw_memcpy_from_be32(&status, payload, header_size);
	if (length > header_size)
		memcpy(status.data, payload + 8, length - header_size);
290
	if (STATUS_GET_SOURCE(status) == 2 || STATUS_GET_SOURCE(status) == 3) {
291 292 293 294 295 296 297 298
		fw_notify("non-orb related status write, not handled\n");
		fw_send_response(card, request, RCODE_COMPLETE);
		return;
	}

	/* Lookup the orb corresponding to this status write. */
	spin_lock_irqsave(&card->lock, flags);
	list_for_each_entry(orb, &sd->orb_list, link) {
299 300
		if (STATUS_GET_ORB_HIGH(status) == 0 &&
		    STATUS_GET_ORB_LOW(status) == orb->request_bus &&
301
		    orb->rcode == RCODE_COMPLETE) {
302 303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341
			list_del(&orb->link);
			break;
		}
	}
	spin_unlock_irqrestore(&card->lock, flags);

	if (&orb->link != &sd->orb_list)
		orb->callback(orb, &status);
	else
		fw_error("status write for unknown orb\n");

	fw_send_response(card, request, RCODE_COMPLETE);
}

static void
complete_transaction(struct fw_card *card, int rcode,
		     void *payload, size_t length, void *data)
{
	struct sbp2_orb *orb = data;
	unsigned long flags;

	orb->rcode = rcode;
	if (rcode != RCODE_COMPLETE) {
		spin_lock_irqsave(&card->lock, flags);
		list_del(&orb->link);
		spin_unlock_irqrestore(&card->lock, flags);
		orb->callback(orb, NULL);
	}
}

static void
sbp2_send_orb(struct sbp2_orb *orb, struct fw_unit *unit,
	      int node_id, int generation, u64 offset)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	unsigned long flags;

	orb->pointer.high = 0;
	orb->pointer.low = orb->request_bus;
342
	fw_memcpy_to_be32(&orb->pointer, &orb->pointer, sizeof(orb->pointer));
343 344 345 346 347 348

	spin_lock_irqsave(&device->card->lock, flags);
	list_add_tail(&orb->link, &sd->orb_list);
	spin_unlock_irqrestore(&device->card->lock, flags);

	fw_send_request(device->card, &orb->t, TCODE_WRITE_BLOCK_REQUEST,
349
			node_id, generation,
350
			device->node->max_speed, offset,
351
			&orb->pointer, sizeof(orb->pointer),
352 353 354
			complete_transaction, orb);
}

355
static int sbp2_cancel_orbs(struct fw_unit *unit)
356 357 358 359 360 361
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	struct sbp2_orb *orb, *next;
	struct list_head list;
	unsigned long flags;
362
	int retval = -ENOENT;
363 364 365 366 367 368 369

	INIT_LIST_HEAD(&list);
	spin_lock_irqsave(&device->card->lock, flags);
	list_splice_init(&sd->orb_list, &list);
	spin_unlock_irqrestore(&device->card->lock, flags);

	list_for_each_entry_safe(orb, next, &list, link) {
370
		retval = 0;
371 372 373
		if (fw_cancel_transaction(device->card, &orb->t) == 0)
			continue;

374 375 376 377
		orb->rcode = RCODE_CANCELLED;
		orb->callback(orb, NULL);
	}

378
	return retval;
379 380
}

381 382 383 384 385 386 387
static void
complete_management_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
{
	struct sbp2_management_orb *orb =
	    (struct sbp2_management_orb *)base_orb;

	if (status)
388
		memcpy(&orb->status, status, sizeof(*status));
389 390 391 392 393 394 395 396 397 398 399 400
	complete(&orb->done);
}

static int
sbp2_send_management_orb(struct fw_unit *unit, int node_id, int generation,
			 int function, int lun, void *response)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	struct sbp2_management_orb *orb;
	int retval = -ENOMEM;

401
	orb = kzalloc(sizeof(*orb), GFP_ATOMIC);
402 403 404
	if (orb == NULL)
		return -ENOMEM;

405 406 407 408
	/*
	 * The sbp2 device is going to send a block read request to
	 * read out the request from host memory, so map it for dma.
	 */
409 410
	orb->base.request_bus =
		dma_map_single(device->card->device, &orb->request,
411
			       sizeof(orb->request), DMA_TO_DEVICE);
412
	if (dma_mapping_error(orb->base.request_bus))
413 414 415 416
		goto out;

	orb->response_bus =
		dma_map_single(device->card->device, &orb->response,
417
			       sizeof(orb->response), DMA_FROM_DEVICE);
418
	if (dma_mapping_error(orb->response_bus))
419 420 421 422 423 424
		goto out;

	orb->request.response.high    = 0;
	orb->request.response.low     = orb->response_bus;

	orb->request.misc =
425 426 427
		MANAGEMENT_ORB_NOTIFY |
		MANAGEMENT_ORB_FUNCTION(function) |
		MANAGEMENT_ORB_LUN(lun);
428
	orb->request.length =
429
		MANAGEMENT_ORB_RESPONSE_LENGTH(sizeof(orb->response));
430 431 432 433

	orb->request.status_fifo.high = sd->address_handler.offset >> 32;
	orb->request.status_fifo.low  = sd->address_handler.offset;

434 435
	/*
	 * FIXME: Yeah, ok this isn't elegant, we hardwire exclusive
436
	 * login and 1 second reconnect time.  The reconnect setting
437 438
	 * is probably fine, but the exclusive login should be an option.
	 */
439 440
	if (function == SBP2_LOGIN_REQUEST) {
		orb->request.misc |=
441 442
			MANAGEMENT_ORB_EXCLUSIVE |
			MANAGEMENT_ORB_RECONNECT(0);
443 444
	}

445
	fw_memcpy_to_be32(&orb->request, &orb->request, sizeof(orb->request));
446 447 448

	init_completion(&orb->done);
	orb->base.callback = complete_management_orb;
449

450 451 452
	sbp2_send_orb(&orb->base, unit,
		      node_id, generation, sd->management_agent_address);

453 454
	wait_for_completion_timeout(&orb->done,
				    msecs_to_jiffies(SBP2_ORB_TIMEOUT));
455 456

	retval = -EIO;
457 458
	if (sbp2_cancel_orbs(unit) == 0) {
		fw_error("orb reply timed out, rcode=0x%02x\n",
459 460 461 462
			 orb->base.rcode);
		goto out;
	}

463 464
	if (orb->base.rcode != RCODE_COMPLETE) {
		fw_error("management write failed, rcode 0x%02x\n",
465 466 467 468
			 orb->base.rcode);
		goto out;
	}

469 470
	if (STATUS_GET_RESPONSE(orb->status) != 0 ||
	    STATUS_GET_SBP_STATUS(orb->status) != 0) {
471
		fw_error("error status: %d:%d\n",
472 473
			 STATUS_GET_RESPONSE(orb->status),
			 STATUS_GET_SBP_STATUS(orb->status));
474 475 476 477 478 479
		goto out;
	}

	retval = 0;
 out:
	dma_unmap_single(device->card->device, orb->base.request_bus,
480
			 sizeof(orb->request), DMA_TO_DEVICE);
481
	dma_unmap_single(device->card->device, orb->response_bus,
482
			 sizeof(orb->response), DMA_FROM_DEVICE);
483 484 485

	if (response)
		fw_memcpy_from_be32(response,
486
				    orb->response, sizeof(orb->response));
487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507
	kfree(orb);

	return retval;
}

static void
complete_agent_reset_write(struct fw_card *card, int rcode,
			   void *payload, size_t length, void *data)
{
	struct fw_transaction *t = data;

	kfree(t);
}

static int sbp2_agent_reset(struct fw_unit *unit)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	struct fw_transaction *t;
	static u32 zero;

508
	t = kzalloc(sizeof(*t), GFP_ATOMIC);
509 510 511 512
	if (t == NULL)
		return -ENOMEM;

	fw_send_request(device->card, t, TCODE_WRITE_QUADLET_REQUEST,
513
			sd->node_id, sd->generation, SCODE_400,
514
			sd->command_block_agent_address + SBP2_AGENT_RESET,
515
			&zero, sizeof(zero), complete_agent_reset_write, t);
516 517 518 519

	return 0;
}

520
static void sbp2_reconnect(struct work_struct *work);
521
static struct scsi_host_template scsi_driver_template;
522

523 524 525 526
static void
release_sbp2_device(struct kref *kref)
{
	struct sbp2_device *sd = container_of(kref, struct sbp2_device, kref);
527 528
	struct Scsi_Host *host =
		container_of((void *)sd, struct Scsi_Host, hostdata[0]);
529 530 531 532

	sbp2_send_management_orb(sd->unit, sd->node_id, sd->generation,
				 SBP2_LOGOUT_REQUEST, sd->login_id, NULL);

533
	scsi_remove_host(host);
534 535 536
	fw_core_remove_address_handler(&sd->address_handler);
	fw_notify("removed sbp2 unit %s\n", sd->unit->device.bus_id);
	put_device(&sd->unit->device);
537
	scsi_host_put(host);
538 539
}

540 541 542 543
static void sbp2_login(struct work_struct *work)
{
	struct sbp2_device *sd =
		container_of(work, struct sbp2_device, work.work);
544 545
	struct Scsi_Host *host =
		container_of((void *)sd, struct Scsi_Host, hostdata[0]);
546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564
	struct fw_unit *unit = sd->unit;
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_login_response response;
	int generation, node_id, local_node_id, lun, retval;

	/* FIXME: Make this work for multi-lun devices. */
	lun = 0;

	generation    = device->card->generation;
	node_id       = device->node->node_id;
	local_node_id = device->card->local_node->node_id;

	if (sbp2_send_management_orb(unit, node_id, generation,
				     SBP2_LOGIN_REQUEST, lun, &response) < 0) {
		if (sd->retries++ < 5) {
			schedule_delayed_work(&sd->work, DIV_ROUND_UP(HZ, 5));
		} else {
			fw_error("failed to login to %s\n",
				 unit->device.bus_id);
565
			kref_put(&sd->kref, release_sbp2_device);
566 567 568 569 570 571 572 573 574 575
		}
		return;
	}

	sd->generation   = generation;
	sd->node_id      = node_id;
	sd->address_high = local_node_id << 16;

	/* Get command block agent offset and login id. */
	sd->command_block_agent_address =
576
		((u64) (response.command_block_agent.high & 0xffff) << 32) |
577
		response.command_block_agent.low;
578
	sd->login_id = LOGIN_RESPONSE_GET_LOGIN_ID(response);
579

580 581 582
	fw_notify("logged in to sbp2 unit %s (%d retries)\n",
		  unit->device.bus_id, sd->retries);
	fw_notify(" - management_agent_address:    0x%012llx\n",
583 584 585
		  (unsigned long long) sd->management_agent_address);
	fw_notify(" - command_block_agent_address: 0x%012llx\n",
		  (unsigned long long) sd->command_block_agent_address);
586
	fw_notify(" - status write address:        0x%012llx\n",
587 588 589 590 591 592 593
		  (unsigned long long) sd->address_handler.offset);

#if 0
	/* FIXME: The linux1394 sbp2 does this last step. */
	sbp2_set_busy_timeout(scsi_id);
#endif

594
	PREPARE_DELAYED_WORK(&sd->work, sbp2_reconnect);
595 596
	sbp2_agent_reset(unit);

597 598 599
	/* FIXME: Loop over luns here. */
	lun = 0;
	retval = scsi_add_device(host, 0, 0, lun);
600 601 602 603
	if (retval < 0) {
		sbp2_send_management_orb(unit, sd->node_id, sd->generation,
					 SBP2_LOGOUT_REQUEST, sd->login_id,
					 NULL);
604 605 606 607
		/*
		 * Set this back to sbp2_login so we fall back and
		 * retry login on bus reset.
		 */
608
		PREPARE_DELAYED_WORK(&sd->work, sbp2_login);
609
	}
610
	kref_put(&sd->kref, release_sbp2_device);
611
}
612 613 614 615 616 617 618

static int sbp2_probe(struct device *dev)
{
	struct fw_unit *unit = fw_unit(dev);
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd;
	struct fw_csr_iterator ci;
619 620
	struct Scsi_Host *host;
	int i, key, value, err;
621 622
	u32 model, firmware_revision;

623 624 625 626
	err = -ENOMEM;
	host = scsi_host_alloc(&scsi_driver_template, sizeof(*sd));
	if (host == NULL)
		goto fail;
627

628
	sd = (struct sbp2_device *) host->hostdata;
629 630 631
	unit->device.driver_data = sd;
	sd->unit = unit;
	INIT_LIST_HEAD(&sd->orb_list);
632
	kref_init(&sd->kref);
633 634 635 636 637

	sd->address_handler.length = 0x100;
	sd->address_handler.address_callback = sbp2_status_write;
	sd->address_handler.callback_data = sd;

638 639 640 641
	err = fw_core_add_address_handler(&sd->address_handler,
					  &fw_high_memory_region);
	if (err < 0)
		goto fail_host;
642

643 644 645 646 647 648 649
	err = fw_device_enable_phys_dma(device);
	if (err < 0)
		goto fail_address_handler;

	err = scsi_add_host(host, &unit->device);
	if (err < 0)
		goto fail_address_handler;
650

651 652
	/*
	 * Scan unit directory to get management agent address,
653
	 * firmware revison and model.  Initialize firmware_revision
654 655
	 * and model to values that wont match anything in our table.
	 */
656 657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690
	firmware_revision = 0xff000000;
	model = 0xff000000;
	fw_csr_iterator_init(&ci, unit->directory);
	while (fw_csr_iterator_next(&ci, &key, &value)) {
		switch (key) {
		case CSR_DEPENDENT_INFO | CSR_OFFSET:
			sd->management_agent_address =
				0xfffff0000000ULL + 4 * value;
			break;
		case SBP2_FIRMWARE_REVISION:
			firmware_revision = value;
			break;
		case CSR_MODEL:
			model = value;
			break;
		}
	}

	for (i = 0; i < ARRAY_SIZE(sbp2_workarounds_table); i++) {
		if (sbp2_workarounds_table[i].firmware_revision !=
		    (firmware_revision & 0xffffff00))
			continue;
		if (sbp2_workarounds_table[i].model != model &&
		    sbp2_workarounds_table[i].model != ~0)
			continue;
		sd->workarounds |= sbp2_workarounds_table[i].workarounds;
		break;
	}

	if (sd->workarounds)
		fw_notify("Workarounds for node %s: 0x%x "
			  "(firmware_revision 0x%06x, model_id 0x%06x)\n",
			  unit->device.bus_id,
			  sd->workarounds, firmware_revision, model);

691 692
	get_device(&unit->device);

693 694
	/*
	 * We schedule work to do the login so we can easily
695
	 * reschedule retries. Always get the ref before scheduling
696 697
	 * work.
	 */
698
	INIT_DELAYED_WORK(&sd->work, sbp2_login);
699 700
	if (schedule_delayed_work(&sd->work, 0))
		kref_get(&sd->kref);
701 702

	return 0;
703 704 705 706 707 708 709

 fail_address_handler:
	fw_core_remove_address_handler(&sd->address_handler);
 fail_host:
	scsi_host_put(host);
 fail:
	return err;
710 711 712 713 714 715 716
}

static int sbp2_remove(struct device *dev)
{
	struct fw_unit *unit = fw_unit(dev);
	struct sbp2_device *sd = unit->device.driver_data;

717
	kref_put(&sd->kref, release_sbp2_device);
718 719 720 721 722 723

	return 0;
}

static void sbp2_reconnect(struct work_struct *work)
{
724 725
	struct sbp2_device *sd =
		container_of(work, struct sbp2_device, work.work);
726 727 728 729 730 731 732 733
	struct fw_unit *unit = sd->unit;
	struct fw_device *device = fw_device(unit->device.parent);
	int generation, node_id, local_node_id;

	generation    = device->card->generation;
	node_id       = device->node->node_id;
	local_node_id = device->card->local_node->node_id;

734 735 736
	if (sbp2_send_management_orb(unit, node_id, generation,
				     SBP2_RECONNECT_REQUEST,
				     sd->login_id, NULL) < 0) {
737
		if (sd->retries++ >= 5) {
738 739 740 741
			fw_error("failed to reconnect to %s\n",
				 unit->device.bus_id);
			/* Fall back and try to log in again. */
			sd->retries = 0;
742
			PREPARE_DELAYED_WORK(&sd->work, sbp2_login);
743 744 745 746
		}
		schedule_delayed_work(&sd->work, DIV_ROUND_UP(HZ, 5));
		return;
	}
747 748 749

	sd->generation   = generation;
	sd->node_id      = node_id;
750
	sd->address_high = local_node_id << 16;
751

752 753
	fw_notify("reconnected to unit %s (%d retries)\n",
		  unit->device.bus_id, sd->retries);
754 755
	sbp2_agent_reset(unit);
	sbp2_cancel_orbs(unit);
756
	kref_put(&sd->kref, release_sbp2_device);
757 758 759 760 761 762 763
}

static void sbp2_update(struct fw_unit *unit)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;

764
	sd->retries = 0;
765
	fw_device_enable_phys_dma(device);
766 767
	if (schedule_delayed_work(&sd->work, 0))
		kref_get(&sd->kref);
768 769 770 771 772
}

#define SBP2_UNIT_SPEC_ID_ENTRY	0x0000609e
#define SBP2_SW_VERSION_ENTRY	0x00010483

773
static const struct fw_device_id sbp2_id_table[] = {
774 775 776
	{
		.match_flags  = FW_MATCH_SPECIFIER_ID | FW_MATCH_VERSION,
		.specifier_id = SBP2_UNIT_SPEC_ID_ENTRY,
777
		.version      = SBP2_SW_VERSION_ENTRY,
778 779 780 781 782 783 784 785 786 787 788 789 790 791 792 793
	},
	{ }
};

static struct fw_driver sbp2_driver = {
	.driver   = {
		.owner  = THIS_MODULE,
		.name   = sbp2_driver_name,
		.bus    = &fw_bus_type,
		.probe  = sbp2_probe,
		.remove = sbp2_remove,
	},
	.update   = sbp2_update,
	.id_table = sbp2_id_table,
};

794 795
static unsigned int
sbp2_status_to_sense_data(u8 *sbp2_status, u8 *sense_data)
796
{
797 798
	int sam_status;

799 800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815
	sense_data[0] = 0x70;
	sense_data[1] = 0x0;
	sense_data[2] = sbp2_status[1];
	sense_data[3] = sbp2_status[4];
	sense_data[4] = sbp2_status[5];
	sense_data[5] = sbp2_status[6];
	sense_data[6] = sbp2_status[7];
	sense_data[7] = 10;
	sense_data[8] = sbp2_status[8];
	sense_data[9] = sbp2_status[9];
	sense_data[10] = sbp2_status[10];
	sense_data[11] = sbp2_status[11];
	sense_data[12] = sbp2_status[2];
	sense_data[13] = sbp2_status[3];
	sense_data[14] = sbp2_status[12];
	sense_data[15] = sbp2_status[13];

816
	sam_status = sbp2_status[0] & 0x3f;
817

818 819
	switch (sam_status) {
	case SAM_STAT_GOOD:
820 821
	case SAM_STAT_CHECK_CONDITION:
	case SAM_STAT_CONDITION_MET:
822
	case SAM_STAT_BUSY:
823 824
	case SAM_STAT_RESERVATION_CONFLICT:
	case SAM_STAT_COMMAND_TERMINATED:
825 826
		return DID_OK << 16 | sam_status;

827
	default:
828
		return DID_ERROR << 16;
829 830 831 832 833 834 835 836 837 838 839 840 841
	}
}

static void
complete_command_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
{
	struct sbp2_command_orb *orb = (struct sbp2_command_orb *)base_orb;
	struct fw_unit *unit = orb->unit;
	struct fw_device *device = fw_device(unit->device.parent);
	struct scatterlist *sg;
	int result;

	if (status != NULL) {
842
		if (STATUS_GET_DEAD(*status))
843 844
			sbp2_agent_reset(unit);

845
		switch (STATUS_GET_RESPONSE(*status)) {
846
		case SBP2_STATUS_REQUEST_COMPLETE:
847
			result = DID_OK << 16;
848 849
			break;
		case SBP2_STATUS_TRANSPORT_FAILURE:
850
			result = DID_BUS_BUSY << 16;
851 852 853 854
			break;
		case SBP2_STATUS_ILLEGAL_REQUEST:
		case SBP2_STATUS_VENDOR_DEPENDENT:
		default:
855
			result = DID_ERROR << 16;
856 857 858
			break;
		}

859 860
		if (result == DID_OK << 16 && STATUS_GET_LEN(*status) > 1)
			result = sbp2_status_to_sense_data(STATUS_GET_DATA(*status),
861 862
							   orb->cmd->sense_buffer);
	} else {
863 864
		/*
		 * If the orb completes with status == NULL, something
865
		 * went wrong, typically a bus reset happened mid-orb
866 867
		 * or when sending the write (less likely).
		 */
868
		result = DID_BUS_BUSY << 16;
869 870 871
	}

	dma_unmap_single(device->card->device, orb->base.request_bus,
872
			 sizeof(orb->request), DMA_TO_DEVICE);
873 874 875 876 877 878 879 880 881

	if (orb->cmd->use_sg > 0) {
		sg = (struct scatterlist *)orb->cmd->request_buffer;
		dma_unmap_sg(device->card->device, sg, orb->cmd->use_sg,
			     orb->cmd->sc_data_direction);
	}

	if (orb->page_table_bus != 0)
		dma_unmap_single(device->card->device, orb->page_table_bus,
882
				 sizeof(orb->page_table_bus), DMA_TO_DEVICE);
883

884
	orb->cmd->result = result;
885 886 887 888
	orb->done(orb->cmd);
	kfree(orb);
}

889
static int sbp2_command_orb_map_scatterlist(struct sbp2_command_orb *orb)
890
{
891 892 893
	struct sbp2_device *sd =
		(struct sbp2_device *)orb->cmd->device->host->hostdata;
	struct fw_unit *unit = sd->unit;
894 895 896 897 898 899 900 901 902
	struct fw_device *device = fw_device(unit->device.parent);
	struct scatterlist *sg;
	int sg_len, l, i, j, count;
	size_t size;
	dma_addr_t sg_addr;

	sg = (struct scatterlist *)orb->cmd->request_buffer;
	count = dma_map_sg(device->card->device, sg, orb->cmd->use_sg,
			   orb->cmd->sc_data_direction);
903 904
	if (count == 0)
		goto fail;
905

906 907
	/*
	 * Handle the special case where there is only one element in
908 909 910
	 * the scatter list by converting it to an immediate block
	 * request. This is also a workaround for broken devices such
	 * as the second generation iPod which doesn't support page
911 912
	 * tables.
	 */
913 914 915 916
	if (count == 1 && sg_dma_len(sg) < SBP2_MAX_SG_ELEMENT_LENGTH) {
		orb->request.data_descriptor.high = sd->address_high;
		orb->request.data_descriptor.low  = sg_dma_address(sg);
		orb->request.misc |=
917
			COMMAND_ORB_DATA_SIZE(sg_dma_len(sg));
918
		return 0;
919 920
	}

921 922
	/*
	 * Convert the scatterlist to an sbp2 page table.  If any
923 924 925 926
	 * scatterlist entries are too big for sbp2, we split them as we
	 * go.  Even if we ask the block I/O layer to not give us sg
	 * elements larger than 65535 bytes, some IOMMUs may merge sg elements
	 * during DMA mapping, and Linux currently doesn't prevent this.
927
	 */
928 929 930 931 932 933 934 935 936 937 938 939 940
	for (i = 0, j = 0; i < count; i++) {
		sg_len = sg_dma_len(sg + i);
		sg_addr = sg_dma_address(sg + i);
		while (sg_len) {
			l = min(sg_len, SBP2_MAX_SG_ELEMENT_LENGTH);
			orb->page_table[j].low = sg_addr;
			orb->page_table[j].high = (l << 16);
			sg_addr += l;
			sg_len -= l;
			j++;
		}
	}

941
	size = sizeof(orb->page_table[0]) * j;
942

943 944
	/*
	 * The data_descriptor pointer is the one case where we need
945 946 947
	 * to fill in the node ID part of the address.  All other
	 * pointers assume that the data referenced reside on the
	 * initiator (i.e. us), but data_descriptor can refer to data
948 949
	 * on other nodes so we need to put our ID in descriptor.high.
	 */
950 951 952 953

	orb->page_table_bus =
		dma_map_single(device->card->device, orb->page_table,
			       size, DMA_TO_DEVICE);
954 955
	if (dma_mapping_error(orb->page_table_bus))
		goto fail_page_table;
956 957 958
	orb->request.data_descriptor.high = sd->address_high;
	orb->request.data_descriptor.low  = orb->page_table_bus;
	orb->request.misc |=
959 960
		COMMAND_ORB_PAGE_TABLE_PRESENT |
		COMMAND_ORB_DATA_SIZE(j);
961 962

	fw_memcpy_to_be32(orb->page_table, orb->page_table, size);
963 964 965 966 967 968 969 970

	return 0;

 fail_page_table:
	dma_unmap_sg(device->card->device, sg, orb->cmd->use_sg,
		     orb->cmd->sc_data_direction);
 fail:
	return -ENOMEM;
971 972 973 974 975 976
}

/* SCSI stack integration */

static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
{
977 978 979
	struct sbp2_device *sd =
		(struct sbp2_device *)cmd->device->host->hostdata;
	struct fw_unit *unit = sd->unit;
980 981 982
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_command_orb *orb;

983 984 985 986
	/*
	 * Bidirectional commands are not yet implemented, and unknown
	 * transfer direction not handled.
	 */
987
	if (cmd->sc_data_direction == DMA_BIDIRECTIONAL) {
988
		fw_error("Can't handle DMA_BIDIRECTIONAL, rejecting command\n");
989 990 991
		cmd->result = DID_ERROR << 16;
		done(cmd);
		return 0;
992 993
	}

994
	orb = kzalloc(sizeof(*orb), GFP_ATOMIC);
995 996
	if (orb == NULL) {
		fw_notify("failed to alloc orb\n");
997
		goto fail_alloc;
998 999
	}

1000 1001
	/* Initialize rcode to something not RCODE_COMPLETE. */
	orb->base.rcode = -1;
1002 1003
	orb->base.request_bus =
		dma_map_single(device->card->device, &orb->request,
1004
			       sizeof(orb->request), DMA_TO_DEVICE);
1005 1006
	if (dma_mapping_error(orb->base.request_bus))
		goto fail_mapping;
1007 1008 1009 1010 1011 1012 1013

	orb->unit = unit;
	orb->done = done;
	orb->cmd  = cmd;

	orb->request.next.high   = SBP2_ORB_NULL;
	orb->request.next.low    = 0x0;
1014 1015
	/*
	 * At speed 100 we can do 512 bytes per packet, at speed 200,
1016 1017
	 * 1024 bytes per packet etc.  The SBP-2 max_payload field
	 * specifies the max payload size as 2 ^ (max_payload + 2), so
1018 1019
	 * if we set this to max_speed + 7, we get the right value.
	 */
1020
	orb->request.misc =
1021 1022 1023
		COMMAND_ORB_MAX_PAYLOAD(device->node->max_speed + 7) |
		COMMAND_ORB_SPEED(device->node->max_speed) |
		COMMAND_ORB_NOTIFY;
1024 1025 1026

	if (cmd->sc_data_direction == DMA_FROM_DEVICE)
		orb->request.misc |=
1027
			COMMAND_ORB_DIRECTION(SBP2_DIRECTION_FROM_MEDIA);
1028 1029
	else if (cmd->sc_data_direction == DMA_TO_DEVICE)
		orb->request.misc |=
1030
			COMMAND_ORB_DIRECTION(SBP2_DIRECTION_TO_MEDIA);
1031

1032
	if (cmd->use_sg && sbp2_command_orb_map_scatterlist(orb) < 0)
1033
		goto fail_map_payload;
1034

1035
	fw_memcpy_to_be32(&orb->request, &orb->request, sizeof(orb->request));
1036 1037

	memset(orb->request.command_block,
1038
	       0, sizeof(orb->request.command_block));
1039 1040 1041 1042 1043 1044 1045 1046
	memcpy(orb->request.command_block, cmd->cmnd, COMMAND_SIZE(*cmd->cmnd));

	orb->base.callback = complete_command_orb;

	sbp2_send_orb(&orb->base, unit, sd->node_id, sd->generation,
		      sd->command_block_agent_address + SBP2_ORB_POINTER);

	return 0;
1047

1048
 fail_map_payload:
1049
	dma_unmap_single(device->card->device, orb->base.request_bus,
1050
			 sizeof(orb->request), DMA_TO_DEVICE);
1051 1052 1053
 fail_mapping:
	kfree(orb);
 fail_alloc:
1054
	return SCSI_MLQUEUE_HOST_BUSY;
1055 1056
}

1057 1058
static int sbp2_scsi_slave_alloc(struct scsi_device *sdev)
{
1059
	struct sbp2_device *sd = (struct sbp2_device *)sdev->host->hostdata;
1060 1061 1062 1063 1064 1065 1066 1067

	sdev->allow_restart = 1;

	if (sd->workarounds & SBP2_WORKAROUND_INQUIRY_36)
		sdev->inquiry_len = 36;
	return 0;
}

1068 1069
static int sbp2_scsi_slave_configure(struct scsi_device *sdev)
{
1070 1071
	struct sbp2_device *sd = (struct sbp2_device *)sdev->host->hostdata;
	struct fw_unit *unit = sd->unit;
1072

1073 1074 1075 1076
	sdev->use_10_for_rw = 1;

	if (sdev->type == TYPE_ROM)
		sdev->use_10_for_ms = 1;
1077 1078 1079 1080 1081 1082 1083 1084 1085 1086 1087 1088 1089 1090 1091 1092 1093
	if (sdev->type == TYPE_DISK &&
	    sd->workarounds & SBP2_WORKAROUND_MODE_SENSE_8)
		sdev->skip_ms_page_8 = 1;
	if (sd->workarounds & SBP2_WORKAROUND_FIX_CAPACITY) {
		fw_notify("setting fix_capacity for %s\n", unit->device.bus_id);
		sdev->fix_capacity = 1;
	}

	return 0;
}

/*
 * Called by scsi stack when something has really gone wrong.  Usually
 * called when a command has timed-out for some reason.
 */
static int sbp2_scsi_abort(struct scsi_cmnd *cmd)
{
1094 1095 1096
	struct sbp2_device *sd =
		(struct sbp2_device *)cmd->device->host->hostdata;
	struct fw_unit *unit = sd->unit;
1097 1098

	fw_notify("sbp2_scsi_abort\n");
1099
	sbp2_agent_reset(unit);
1100 1101 1102 1103 1104
	sbp2_cancel_orbs(unit);

	return SUCCESS;
}

1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 1128 1129 1130 1131 1132 1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 1149 1150 1151 1152 1153 1154 1155 1156
/*
 * Format of /sys/bus/scsi/devices/.../ieee1394_id:
 * u64 EUI-64 : u24 directory_ID : u16 LUN  (all printed in hexadecimal)
 *
 * This is the concatenation of target port identifier and logical unit
 * identifier as per SAM-2...SAM-4 annex A.
 */
static ssize_t
sbp2_sysfs_ieee1394_id_show(struct device *dev, struct device_attribute *attr,
			    char *buf)
{
	struct scsi_device *sdev = to_scsi_device(dev);
	struct sbp2_device *sd;
	struct fw_unit *unit;
	struct fw_device *device;
	u32 directory_id;
	struct fw_csr_iterator ci;
	int key, value, lun;

	if (!sdev)
		return 0;
	sd = (struct sbp2_device *)sdev->host->hostdata;
	unit = sd->unit;
	device = fw_device(unit->device.parent);

	/* implicit directory ID */
	directory_id = ((unit->directory - device->config_rom) * 4
			+ CSR_CONFIG_ROM) & 0xffffff;

	/* explicit directory ID, overrides implicit ID if present */
	fw_csr_iterator_init(&ci, unit->directory);
	while (fw_csr_iterator_next(&ci, &key, &value))
		if (key == CSR_DIRECTORY_ID) {
			directory_id = value;
			break;
		}

	/* FIXME: Make this work for multi-lun devices. */
	lun = 0;

	return sprintf(buf, "%08x%08x:%06x:%04x\n",
			device->config_rom[3], device->config_rom[4],
			directory_id, lun);
}

static DEVICE_ATTR(ieee1394_id, S_IRUGO, sbp2_sysfs_ieee1394_id_show, NULL);

static struct device_attribute *sbp2_scsi_sysfs_attrs[] = {
	&dev_attr_ieee1394_id,
	NULL
};

1157 1158 1159 1160 1161
static struct scsi_host_template scsi_driver_template = {
	.module			= THIS_MODULE,
	.name			= "SBP-2 IEEE-1394",
	.proc_name		= (char *)sbp2_driver_name,
	.queuecommand		= sbp2_scsi_queuecommand,
1162
	.slave_alloc		= sbp2_scsi_slave_alloc,
1163 1164 1165 1166 1167
	.slave_configure	= sbp2_scsi_slave_configure,
	.eh_abort_handler	= sbp2_scsi_abort,
	.this_id		= -1,
	.sg_tablesize		= SG_ALL,
	.use_clustering		= ENABLE_CLUSTERING,
1168 1169
	.cmd_per_lun		= 1,
	.can_queue		= 1,
1170
	.sdev_attrs		= sbp2_scsi_sysfs_attrs,
1171 1172 1173 1174 1175 1176 1177
};

MODULE_AUTHOR("Kristian Hoegsberg <krh@bitplanet.net>");
MODULE_DESCRIPTION("SCSI over IEEE1394");
MODULE_LICENSE("GPL");
MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);

1178 1179 1180 1181 1182
/* Provide a module alias so root-on-sbp2 initrds don't break. */
#ifndef CONFIG_IEEE1394_SBP2_MODULE
MODULE_ALIAS("sbp2");
#endif

1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194
static int __init sbp2_init(void)
{
	return driver_register(&sbp2_driver.driver);
}

static void __exit sbp2_cleanup(void)
{
	driver_unregister(&sbp2_driver.driver);
}

module_init(sbp2_init);
module_exit(sbp2_cleanup);