fw-sbp2.c 32.2 KB
Newer Older
1 2
/*
 * SBP2 driver (SCSI over IEEE1394)
3
 *
4
 * Copyright (C) 2005-2007  Kristian Hoegsberg <krh@bitplanet.net>
5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

21 22
/*
 * The basic structure of this driver is based on the old storage driver,
23 24 25 26 27 28 29 30
 * drivers/ieee1394/sbp2.c, originally written by
 *     James Goodwin <jamesg@filanet.com>
 * with later contributions and ongoing maintenance from
 *     Ben Collins <bcollins@debian.org>,
 *     Stefan Richter <stefanr@s5r6.in-berlin.de>
 * and many others.
 */

31 32
#include <linux/kernel.h>
#include <linux/module.h>
S
Stefan Richter 已提交
33
#include <linux/mod_devicetable.h>
34
#include <linux/device.h>
A
Andrew Morton 已提交
35
#include <linux/scatterlist.h>
36
#include <linux/dma-mapping.h>
37
#include <linux/timer.h>
38 39 40 41 42 43 44 45 46 47 48 49

#include <scsi/scsi.h>
#include <scsi/scsi_cmnd.h>
#include <scsi/scsi_dbg.h>
#include <scsi/scsi_device.h>
#include <scsi/scsi_host.h>

#include "fw-transaction.h"
#include "fw-topology.h"
#include "fw-device.h"

/* I don't know why the SCSI stack doesn't define something like this... */
50
typedef void (*scsi_done_fn_t)(struct scsi_cmnd *);
51 52 53 54

static const char sbp2_driver_name[] = "sbp2";

struct sbp2_device {
55
	struct kref kref;
56 57 58 59 60 61 62 63
	struct fw_unit *unit;
	struct fw_address_handler address_handler;
	struct list_head orb_list;
	u64 management_agent_address;
	u64 command_block_agent_address;
	u32 workarounds;
	int login_id;

64 65
	/*
	 * We cache these addresses and only update them once we've
66 67 68
	 * logged in or reconnected to the sbp2 device.  That way, any
	 * IO to the device will automatically fail and get retried if
	 * it happens in a window where the device is not ready to
69 70
	 * handle it (e.g. after a bus reset but before we reconnect).
	 */
71 72 73 74
	int node_id;
	int address_high;
	int generation;

75 76
	int retries;
	struct delayed_work work;
77 78 79 80
};

#define SBP2_MAX_SG_ELEMENT_LENGTH	0xf000
#define SBP2_MAX_SECTORS		255	/* Max sectors supported */
81
#define SBP2_ORB_TIMEOUT		2000	/* Timeout in ms */
82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124

#define SBP2_ORB_NULL			0x80000000

#define SBP2_DIRECTION_TO_MEDIA		0x0
#define SBP2_DIRECTION_FROM_MEDIA	0x1

/* Unit directory keys */
#define SBP2_COMMAND_SET_SPECIFIER	0x38
#define SBP2_COMMAND_SET		0x39
#define SBP2_COMMAND_SET_REVISION	0x3b
#define SBP2_FIRMWARE_REVISION		0x3c

/* Flags for detected oddities and brokeness */
#define SBP2_WORKAROUND_128K_MAX_TRANS	0x1
#define SBP2_WORKAROUND_INQUIRY_36	0x2
#define SBP2_WORKAROUND_MODE_SENSE_8	0x4
#define SBP2_WORKAROUND_FIX_CAPACITY	0x8
#define SBP2_WORKAROUND_OVERRIDE	0x100

/* Management orb opcodes */
#define SBP2_LOGIN_REQUEST		0x0
#define SBP2_QUERY_LOGINS_REQUEST	0x1
#define SBP2_RECONNECT_REQUEST		0x3
#define SBP2_SET_PASSWORD_REQUEST	0x4
#define SBP2_LOGOUT_REQUEST		0x7
#define SBP2_ABORT_TASK_REQUEST		0xb
#define SBP2_ABORT_TASK_SET		0xc
#define SBP2_LOGICAL_UNIT_RESET		0xe
#define SBP2_TARGET_RESET_REQUEST	0xf

/* Offsets for command block agent registers */
#define SBP2_AGENT_STATE		0x00
#define SBP2_AGENT_RESET		0x04
#define SBP2_ORB_POINTER		0x08
#define SBP2_DOORBELL			0x10
#define SBP2_UNSOLICITED_STATUS_ENABLE	0x14

/* Status write response codes */
#define SBP2_STATUS_REQUEST_COMPLETE	0x0
#define SBP2_STATUS_TRANSPORT_FAILURE	0x1
#define SBP2_STATUS_ILLEGAL_REQUEST	0x2
#define SBP2_STATUS_VENDOR_DEPENDENT	0x3

125 126 127 128 129 130 131 132
#define STATUS_GET_ORB_HIGH(v)		((v).status & 0xffff)
#define STATUS_GET_SBP_STATUS(v)	(((v).status >> 16) & 0xff)
#define STATUS_GET_LEN(v)		(((v).status >> 24) & 0x07)
#define STATUS_GET_DEAD(v)		(((v).status >> 27) & 0x01)
#define STATUS_GET_RESPONSE(v)		(((v).status >> 28) & 0x03)
#define STATUS_GET_SOURCE(v)		(((v).status >> 30) & 0x03)
#define STATUS_GET_ORB_LOW(v)		((v).orb_low)
#define STATUS_GET_DATA(v)		((v).data)
133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149

struct sbp2_status {
	u32 status;
	u32 orb_low;
	u8 data[24];
};

struct sbp2_pointer {
	u32 high;
	u32 low;
};

struct sbp2_orb {
	struct fw_transaction t;
	dma_addr_t request_bus;
	int rcode;
	struct sbp2_pointer pointer;
150
	void (*callback)(struct sbp2_orb * orb, struct sbp2_status * status);
151 152 153
	struct list_head link;
};

154 155 156 157 158 159
#define MANAGEMENT_ORB_LUN(v)			((v))
#define MANAGEMENT_ORB_FUNCTION(v)		((v) << 16)
#define MANAGEMENT_ORB_RECONNECT(v)		((v) << 20)
#define MANAGEMENT_ORB_EXCLUSIVE		((1) << 28)
#define MANAGEMENT_ORB_REQUEST_FORMAT(v)	((v) << 29)
#define MANAGEMENT_ORB_NOTIFY			((1) << 31)
160

161 162
#define MANAGEMENT_ORB_RESPONSE_LENGTH(v)	((v))
#define MANAGEMENT_ORB_PASSWORD_LENGTH(v)	((v) << 16)
163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178

struct sbp2_management_orb {
	struct sbp2_orb base;
	struct {
		struct sbp2_pointer password;
		struct sbp2_pointer response;
		u32 misc;
		u32 length;
		struct sbp2_pointer status_fifo;
	} request;
	__be32 response[4];
	dma_addr_t response_bus;
	struct completion done;
	struct sbp2_status status;
};

179 180
#define LOGIN_RESPONSE_GET_LOGIN_ID(v)	((v).misc & 0xffff)
#define LOGIN_RESPONSE_GET_LENGTH(v)	(((v).misc >> 16) & 0xffff)
181 182 183 184 185 186

struct sbp2_login_response {
	u32 misc;
	struct sbp2_pointer command_block_agent;
	u32 reconnect_hold;
};
187 188 189 190 191 192 193 194
#define COMMAND_ORB_DATA_SIZE(v)	((v))
#define COMMAND_ORB_PAGE_SIZE(v)	((v) << 16)
#define COMMAND_ORB_PAGE_TABLE_PRESENT	((1) << 19)
#define COMMAND_ORB_MAX_PAYLOAD(v)	((v) << 20)
#define COMMAND_ORB_SPEED(v)		((v) << 24)
#define COMMAND_ORB_DIRECTION(v)	((v) << 27)
#define COMMAND_ORB_REQUEST_FORMAT(v)	((v) << 29)
#define COMMAND_ORB_NOTIFY		((1) << 31)
195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242

struct sbp2_command_orb {
	struct sbp2_orb base;
	struct {
		struct sbp2_pointer next;
		struct sbp2_pointer data_descriptor;
		u32 misc;
		u8 command_block[12];
	} request;
	struct scsi_cmnd *cmd;
	scsi_done_fn_t done;
	struct fw_unit *unit;

	struct sbp2_pointer page_table[SG_ALL];
	dma_addr_t page_table_bus;
	dma_addr_t request_buffer_bus;
};

/*
 * List of devices with known bugs.
 *
 * The firmware_revision field, masked with 0xffff00, is the best
 * indicator for the type of bridge chip of a device.  It yields a few
 * false positives but this did not break correctly behaving devices
 * so far.  We use ~0 as a wildcard, since the 24 bit values we get
 * from the config rom can never match that.
 */
static const struct {
	u32 firmware_revision;
	u32 model;
	unsigned workarounds;
} sbp2_workarounds_table[] = {
	/* DViCO Momobay CX-1 with TSB42AA9 bridge */ {
		.firmware_revision	= 0x002800,
		.model			= 0x001010,
		.workarounds		= SBP2_WORKAROUND_INQUIRY_36 |
					  SBP2_WORKAROUND_MODE_SENSE_8,
	},
	/* Initio bridges, actually only needed for some older ones */ {
		.firmware_revision	= 0x000200,
		.model			= ~0,
		.workarounds		= SBP2_WORKAROUND_INQUIRY_36,
	},
	/* Symbios bridge */ {
		.firmware_revision	= 0xa0b800,
		.model			= ~0,
		.workarounds		= SBP2_WORKAROUND_128K_MAX_TRANS,
	},
243 244 245

	/*
	 * There are iPods (2nd gen, 3rd gen) with model_id == 0, but
246 247
	 * these iPods do not feature the read_capacity bug according
	 * to one report.  Read_capacity behaviour as well as model_id
248 249 250
	 * could change due to Apple-supplied firmware updates though.
	 */

251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290
	/* iPod 4th generation. */ {
		.firmware_revision	= 0x0a2700,
		.model			= 0x000021,
		.workarounds		= SBP2_WORKAROUND_FIX_CAPACITY,
	},
	/* iPod mini */ {
		.firmware_revision	= 0x0a2700,
		.model			= 0x000023,
		.workarounds		= SBP2_WORKAROUND_FIX_CAPACITY,
	},
	/* iPod Photo */ {
		.firmware_revision	= 0x0a2700,
		.model			= 0x00007e,
		.workarounds		= SBP2_WORKAROUND_FIX_CAPACITY,
	}
};

static void
sbp2_status_write(struct fw_card *card, struct fw_request *request,
		  int tcode, int destination, int source,
		  int generation, int speed,
		  unsigned long long offset,
		  void *payload, size_t length, void *callback_data)
{
	struct sbp2_device *sd = callback_data;
	struct sbp2_orb *orb;
	struct sbp2_status status;
	size_t header_size;
	unsigned long flags;

	if (tcode != TCODE_WRITE_BLOCK_REQUEST ||
	    length == 0 || length > sizeof status) {
		fw_send_response(card, request, RCODE_TYPE_ERROR);
		return;
	}

	header_size = min(length, 2 * sizeof(u32));
	fw_memcpy_from_be32(&status, payload, header_size);
	if (length > header_size)
		memcpy(status.data, payload + 8, length - header_size);
291
	if (STATUS_GET_SOURCE(status) == 2 || STATUS_GET_SOURCE(status) == 3) {
292 293 294 295 296 297 298 299
		fw_notify("non-orb related status write, not handled\n");
		fw_send_response(card, request, RCODE_COMPLETE);
		return;
	}

	/* Lookup the orb corresponding to this status write. */
	spin_lock_irqsave(&card->lock, flags);
	list_for_each_entry(orb, &sd->orb_list, link) {
300 301
		if (STATUS_GET_ORB_HIGH(status) == 0 &&
		    STATUS_GET_ORB_LOW(status) == orb->request_bus &&
302
		    orb->rcode == RCODE_COMPLETE) {
303 304 305 306 307 308 309 310 311 312 313 314 315 316 317 318 319 320 321 322 323 324 325 326 327 328 329 330 331 332 333 334 335 336 337 338 339 340 341 342 343 344 345 346 347 348 349
			list_del(&orb->link);
			break;
		}
	}
	spin_unlock_irqrestore(&card->lock, flags);

	if (&orb->link != &sd->orb_list)
		orb->callback(orb, &status);
	else
		fw_error("status write for unknown orb\n");

	fw_send_response(card, request, RCODE_COMPLETE);
}

static void
complete_transaction(struct fw_card *card, int rcode,
		     void *payload, size_t length, void *data)
{
	struct sbp2_orb *orb = data;
	unsigned long flags;

	orb->rcode = rcode;
	if (rcode != RCODE_COMPLETE) {
		spin_lock_irqsave(&card->lock, flags);
		list_del(&orb->link);
		spin_unlock_irqrestore(&card->lock, flags);
		orb->callback(orb, NULL);
	}
}

static void
sbp2_send_orb(struct sbp2_orb *orb, struct fw_unit *unit,
	      int node_id, int generation, u64 offset)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	unsigned long flags;

	orb->pointer.high = 0;
	orb->pointer.low = orb->request_bus;
	fw_memcpy_to_be32(&orb->pointer, &orb->pointer, sizeof orb->pointer);

	spin_lock_irqsave(&device->card->lock, flags);
	list_add_tail(&orb->link, &sd->orb_list);
	spin_unlock_irqrestore(&device->card->lock, flags);

	fw_send_request(device->card, &orb->t, TCODE_WRITE_BLOCK_REQUEST,
350
			node_id, generation,
351 352 353 354 355
			device->node->max_speed, offset,
			&orb->pointer, sizeof orb->pointer,
			complete_transaction, orb);
}

356
static int sbp2_cancel_orbs(struct fw_unit *unit)
357 358 359 360 361 362
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	struct sbp2_orb *orb, *next;
	struct list_head list;
	unsigned long flags;
363
	int retval = -ENOENT;
364 365 366 367 368 369 370

	INIT_LIST_HEAD(&list);
	spin_lock_irqsave(&device->card->lock, flags);
	list_splice_init(&sd->orb_list, &list);
	spin_unlock_irqrestore(&device->card->lock, flags);

	list_for_each_entry_safe(orb, next, &list, link) {
371
		retval = 0;
372 373 374
		if (fw_cancel_transaction(device->card, &orb->t) == 0)
			continue;

375 376 377 378
		orb->rcode = RCODE_CANCELLED;
		orb->callback(orb, NULL);
	}

379
	return retval;
380 381
}

382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405
static void
complete_management_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
{
	struct sbp2_management_orb *orb =
	    (struct sbp2_management_orb *)base_orb;

	if (status)
		memcpy(&orb->status, status, sizeof *status);
	complete(&orb->done);
}

static int
sbp2_send_management_orb(struct fw_unit *unit, int node_id, int generation,
			 int function, int lun, void *response)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	struct sbp2_management_orb *orb;
	int retval = -ENOMEM;

	orb = kzalloc(sizeof *orb, GFP_ATOMIC);
	if (orb == NULL)
		return -ENOMEM;

406 407 408 409
	/*
	 * The sbp2 device is going to send a block read request to
	 * read out the request from host memory, so map it for dma.
	 */
410 411 412
	orb->base.request_bus =
		dma_map_single(device->card->device, &orb->request,
			       sizeof orb->request, DMA_TO_DEVICE);
413
	if (dma_mapping_error(orb->base.request_bus))
414 415 416 417 418
		goto out;

	orb->response_bus =
		dma_map_single(device->card->device, &orb->response,
			       sizeof orb->response, DMA_FROM_DEVICE);
419
	if (dma_mapping_error(orb->response_bus))
420 421 422 423 424 425
		goto out;

	orb->request.response.high    = 0;
	orb->request.response.low     = orb->response_bus;

	orb->request.misc =
426 427 428
		MANAGEMENT_ORB_NOTIFY |
		MANAGEMENT_ORB_FUNCTION(function) |
		MANAGEMENT_ORB_LUN(lun);
429
	orb->request.length =
430
		MANAGEMENT_ORB_RESPONSE_LENGTH(sizeof orb->response);
431 432 433 434

	orb->request.status_fifo.high = sd->address_handler.offset >> 32;
	orb->request.status_fifo.low  = sd->address_handler.offset;

435 436
	/*
	 * FIXME: Yeah, ok this isn't elegant, we hardwire exclusive
437
	 * login and 1 second reconnect time.  The reconnect setting
438 439
	 * is probably fine, but the exclusive login should be an option.
	 */
440 441
	if (function == SBP2_LOGIN_REQUEST) {
		orb->request.misc |=
442 443
			MANAGEMENT_ORB_EXCLUSIVE |
			MANAGEMENT_ORB_RECONNECT(0);
444 445 446 447 448 449
	}

	fw_memcpy_to_be32(&orb->request, &orb->request, sizeof orb->request);

	init_completion(&orb->done);
	orb->base.callback = complete_management_orb;
450

451 452 453
	sbp2_send_orb(&orb->base, unit,
		      node_id, generation, sd->management_agent_address);

454 455
	wait_for_completion_timeout(&orb->done,
				    msecs_to_jiffies(SBP2_ORB_TIMEOUT));
456 457

	retval = -EIO;
458 459
	if (sbp2_cancel_orbs(unit) == 0) {
		fw_error("orb reply timed out, rcode=0x%02x\n",
460 461 462 463
			 orb->base.rcode);
		goto out;
	}

464 465
	if (orb->base.rcode != RCODE_COMPLETE) {
		fw_error("management write failed, rcode 0x%02x\n",
466 467 468 469
			 orb->base.rcode);
		goto out;
	}

470 471
	if (STATUS_GET_RESPONSE(orb->status) != 0 ||
	    STATUS_GET_SBP_STATUS(orb->status) != 0) {
472
		fw_error("error status: %d:%d\n",
473 474
			 STATUS_GET_RESPONSE(orb->status),
			 STATUS_GET_SBP_STATUS(orb->status));
475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513
		goto out;
	}

	retval = 0;
 out:
	dma_unmap_single(device->card->device, orb->base.request_bus,
			 sizeof orb->request, DMA_TO_DEVICE);
	dma_unmap_single(device->card->device, orb->response_bus,
			 sizeof orb->response, DMA_FROM_DEVICE);

	if (response)
		fw_memcpy_from_be32(response,
				    orb->response, sizeof orb->response);
	kfree(orb);

	return retval;
}

static void
complete_agent_reset_write(struct fw_card *card, int rcode,
			   void *payload, size_t length, void *data)
{
	struct fw_transaction *t = data;

	kfree(t);
}

static int sbp2_agent_reset(struct fw_unit *unit)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;
	struct fw_transaction *t;
	static u32 zero;

	t = kzalloc(sizeof *t, GFP_ATOMIC);
	if (t == NULL)
		return -ENOMEM;

	fw_send_request(device->card, t, TCODE_WRITE_QUADLET_REQUEST,
514
			sd->node_id, sd->generation, SCODE_400,
515 516 517 518 519 520
			sd->command_block_agent_address + SBP2_AGENT_RESET,
			&zero, sizeof zero, complete_agent_reset_write, t);

	return 0;
}

521
static void sbp2_reconnect(struct work_struct *work);
522
static struct scsi_host_template scsi_driver_template;
523

524 525 526 527
static void
release_sbp2_device(struct kref *kref)
{
	struct sbp2_device *sd = container_of(kref, struct sbp2_device, kref);
528 529
	struct Scsi_Host *host =
		container_of((void *)sd, struct Scsi_Host, hostdata[0]);
530 531 532 533

	sbp2_send_management_orb(sd->unit, sd->node_id, sd->generation,
				 SBP2_LOGOUT_REQUEST, sd->login_id, NULL);

534
	scsi_remove_host(host);
535 536 537
	fw_core_remove_address_handler(&sd->address_handler);
	fw_notify("removed sbp2 unit %s\n", sd->unit->device.bus_id);
	put_device(&sd->unit->device);
538
	scsi_host_put(host);
539 540
}

541 542 543 544
static void sbp2_login(struct work_struct *work)
{
	struct sbp2_device *sd =
		container_of(work, struct sbp2_device, work.work);
545 546
	struct Scsi_Host *host =
		container_of((void *)sd, struct Scsi_Host, hostdata[0]);
547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565
	struct fw_unit *unit = sd->unit;
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_login_response response;
	int generation, node_id, local_node_id, lun, retval;

	/* FIXME: Make this work for multi-lun devices. */
	lun = 0;

	generation    = device->card->generation;
	node_id       = device->node->node_id;
	local_node_id = device->card->local_node->node_id;

	if (sbp2_send_management_orb(unit, node_id, generation,
				     SBP2_LOGIN_REQUEST, lun, &response) < 0) {
		if (sd->retries++ < 5) {
			schedule_delayed_work(&sd->work, DIV_ROUND_UP(HZ, 5));
		} else {
			fw_error("failed to login to %s\n",
				 unit->device.bus_id);
566
			kref_put(&sd->kref, release_sbp2_device);
567 568 569 570 571 572 573 574 575 576
		}
		return;
	}

	sd->generation   = generation;
	sd->node_id      = node_id;
	sd->address_high = local_node_id << 16;

	/* Get command block agent offset and login id. */
	sd->command_block_agent_address =
577
		((u64) (response.command_block_agent.high & 0xffff) << 32) |
578
		response.command_block_agent.low;
579
	sd->login_id = LOGIN_RESPONSE_GET_LOGIN_ID(response);
580

581 582 583
	fw_notify("logged in to sbp2 unit %s (%d retries)\n",
		  unit->device.bus_id, sd->retries);
	fw_notify(" - management_agent_address:    0x%012llx\n",
584 585 586
		  (unsigned long long) sd->management_agent_address);
	fw_notify(" - command_block_agent_address: 0x%012llx\n",
		  (unsigned long long) sd->command_block_agent_address);
587
	fw_notify(" - status write address:        0x%012llx\n",
588 589 590 591 592 593 594
		  (unsigned long long) sd->address_handler.offset);

#if 0
	/* FIXME: The linux1394 sbp2 does this last step. */
	sbp2_set_busy_timeout(scsi_id);
#endif

595
	PREPARE_DELAYED_WORK(&sd->work, sbp2_reconnect);
596 597
	sbp2_agent_reset(unit);

598 599 600
	/* FIXME: Loop over luns here. */
	lun = 0;
	retval = scsi_add_device(host, 0, 0, lun);
601 602 603 604
	if (retval < 0) {
		sbp2_send_management_orb(unit, sd->node_id, sd->generation,
					 SBP2_LOGOUT_REQUEST, sd->login_id,
					 NULL);
605 606 607 608
		/*
		 * Set this back to sbp2_login so we fall back and
		 * retry login on bus reset.
		 */
609
		PREPARE_DELAYED_WORK(&sd->work, sbp2_login);
610
	}
611
	kref_put(&sd->kref, release_sbp2_device);
612
}
613 614 615 616 617 618 619

static int sbp2_probe(struct device *dev)
{
	struct fw_unit *unit = fw_unit(dev);
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd;
	struct fw_csr_iterator ci;
620 621
	struct Scsi_Host *host;
	int i, key, value, err;
622 623
	u32 model, firmware_revision;

624 625 626 627
	err = -ENOMEM;
	host = scsi_host_alloc(&scsi_driver_template, sizeof(*sd));
	if (host == NULL)
		goto fail;
628

629
	sd = (struct sbp2_device *) host->hostdata;
630 631 632
	unit->device.driver_data = sd;
	sd->unit = unit;
	INIT_LIST_HEAD(&sd->orb_list);
633
	kref_init(&sd->kref);
634 635 636 637 638

	sd->address_handler.length = 0x100;
	sd->address_handler.address_callback = sbp2_status_write;
	sd->address_handler.callback_data = sd;

639 640 641 642
	err = fw_core_add_address_handler(&sd->address_handler,
					  &fw_high_memory_region);
	if (err < 0)
		goto fail_host;
643

644 645 646 647 648 649 650
	err = fw_device_enable_phys_dma(device);
	if (err < 0)
		goto fail_address_handler;

	err = scsi_add_host(host, &unit->device);
	if (err < 0)
		goto fail_address_handler;
651

652 653
	/*
	 * Scan unit directory to get management agent address,
654
	 * firmware revison and model.  Initialize firmware_revision
655 656
	 * and model to values that wont match anything in our table.
	 */
657 658 659 660 661 662 663 664 665 666 667 668 669 670 671 672 673 674 675 676 677 678 679 680 681 682 683 684 685 686 687 688 689 690 691
	firmware_revision = 0xff000000;
	model = 0xff000000;
	fw_csr_iterator_init(&ci, unit->directory);
	while (fw_csr_iterator_next(&ci, &key, &value)) {
		switch (key) {
		case CSR_DEPENDENT_INFO | CSR_OFFSET:
			sd->management_agent_address =
				0xfffff0000000ULL + 4 * value;
			break;
		case SBP2_FIRMWARE_REVISION:
			firmware_revision = value;
			break;
		case CSR_MODEL:
			model = value;
			break;
		}
	}

	for (i = 0; i < ARRAY_SIZE(sbp2_workarounds_table); i++) {
		if (sbp2_workarounds_table[i].firmware_revision !=
		    (firmware_revision & 0xffffff00))
			continue;
		if (sbp2_workarounds_table[i].model != model &&
		    sbp2_workarounds_table[i].model != ~0)
			continue;
		sd->workarounds |= sbp2_workarounds_table[i].workarounds;
		break;
	}

	if (sd->workarounds)
		fw_notify("Workarounds for node %s: 0x%x "
			  "(firmware_revision 0x%06x, model_id 0x%06x)\n",
			  unit->device.bus_id,
			  sd->workarounds, firmware_revision, model);

692 693
	get_device(&unit->device);

694 695
	/*
	 * We schedule work to do the login so we can easily
696
	 * reschedule retries. Always get the ref before scheduling
697 698
	 * work.
	 */
699
	INIT_DELAYED_WORK(&sd->work, sbp2_login);
700 701
	if (schedule_delayed_work(&sd->work, 0))
		kref_get(&sd->kref);
702 703

	return 0;
704 705 706 707 708 709 710

 fail_address_handler:
	fw_core_remove_address_handler(&sd->address_handler);
 fail_host:
	scsi_host_put(host);
 fail:
	return err;
711 712 713 714 715 716 717
}

static int sbp2_remove(struct device *dev)
{
	struct fw_unit *unit = fw_unit(dev);
	struct sbp2_device *sd = unit->device.driver_data;

718
	kref_put(&sd->kref, release_sbp2_device);
719 720 721 722 723 724

	return 0;
}

static void sbp2_reconnect(struct work_struct *work)
{
725 726
	struct sbp2_device *sd =
		container_of(work, struct sbp2_device, work.work);
727 728 729 730 731 732 733 734
	struct fw_unit *unit = sd->unit;
	struct fw_device *device = fw_device(unit->device.parent);
	int generation, node_id, local_node_id;

	generation    = device->card->generation;
	node_id       = device->node->node_id;
	local_node_id = device->card->local_node->node_id;

735 736 737
	if (sbp2_send_management_orb(unit, node_id, generation,
				     SBP2_RECONNECT_REQUEST,
				     sd->login_id, NULL) < 0) {
738
		if (sd->retries++ >= 5) {
739 740 741 742
			fw_error("failed to reconnect to %s\n",
				 unit->device.bus_id);
			/* Fall back and try to log in again. */
			sd->retries = 0;
743
			PREPARE_DELAYED_WORK(&sd->work, sbp2_login);
744 745 746 747
		}
		schedule_delayed_work(&sd->work, DIV_ROUND_UP(HZ, 5));
		return;
	}
748 749 750

	sd->generation   = generation;
	sd->node_id      = node_id;
751
	sd->address_high = local_node_id << 16;
752

753 754
	fw_notify("reconnected to unit %s (%d retries)\n",
		  unit->device.bus_id, sd->retries);
755 756
	sbp2_agent_reset(unit);
	sbp2_cancel_orbs(unit);
757
	kref_put(&sd->kref, release_sbp2_device);
758 759 760 761 762 763 764
}

static void sbp2_update(struct fw_unit *unit)
{
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_device *sd = unit->device.driver_data;

765
	sd->retries = 0;
766
	fw_device_enable_phys_dma(device);
767 768
	if (schedule_delayed_work(&sd->work, 0))
		kref_get(&sd->kref);
769 770 771 772 773
}

#define SBP2_UNIT_SPEC_ID_ENTRY	0x0000609e
#define SBP2_SW_VERSION_ENTRY	0x00010483

774
static const struct fw_device_id sbp2_id_table[] = {
775 776 777
	{
		.match_flags  = FW_MATCH_SPECIFIER_ID | FW_MATCH_VERSION,
		.specifier_id = SBP2_UNIT_SPEC_ID_ENTRY,
778
		.version      = SBP2_SW_VERSION_ENTRY,
779 780 781 782 783 784 785 786 787 788 789 790 791 792 793 794
	},
	{ }
};

static struct fw_driver sbp2_driver = {
	.driver   = {
		.owner  = THIS_MODULE,
		.name   = sbp2_driver_name,
		.bus    = &fw_bus_type,
		.probe  = sbp2_probe,
		.remove = sbp2_remove,
	},
	.update   = sbp2_update,
	.id_table = sbp2_id_table,
};

795 796
static unsigned int
sbp2_status_to_sense_data(u8 *sbp2_status, u8 *sense_data)
797
{
798 799
	int sam_status;

800 801 802 803 804 805 806 807 808 809 810 811 812 813 814 815 816
	sense_data[0] = 0x70;
	sense_data[1] = 0x0;
	sense_data[2] = sbp2_status[1];
	sense_data[3] = sbp2_status[4];
	sense_data[4] = sbp2_status[5];
	sense_data[5] = sbp2_status[6];
	sense_data[6] = sbp2_status[7];
	sense_data[7] = 10;
	sense_data[8] = sbp2_status[8];
	sense_data[9] = sbp2_status[9];
	sense_data[10] = sbp2_status[10];
	sense_data[11] = sbp2_status[11];
	sense_data[12] = sbp2_status[2];
	sense_data[13] = sbp2_status[3];
	sense_data[14] = sbp2_status[12];
	sense_data[15] = sbp2_status[13];

817
	sam_status = sbp2_status[0] & 0x3f;
818

819 820
	switch (sam_status) {
	case SAM_STAT_GOOD:
821 822
	case SAM_STAT_CHECK_CONDITION:
	case SAM_STAT_CONDITION_MET:
823
	case SAM_STAT_BUSY:
824 825
	case SAM_STAT_RESERVATION_CONFLICT:
	case SAM_STAT_COMMAND_TERMINATED:
826 827
		return DID_OK << 16 | sam_status;

828
	default:
829
		return DID_ERROR << 16;
830 831 832 833 834 835 836 837 838 839 840 841 842
	}
}

static void
complete_command_orb(struct sbp2_orb *base_orb, struct sbp2_status *status)
{
	struct sbp2_command_orb *orb = (struct sbp2_command_orb *)base_orb;
	struct fw_unit *unit = orb->unit;
	struct fw_device *device = fw_device(unit->device.parent);
	struct scatterlist *sg;
	int result;

	if (status != NULL) {
843
		if (STATUS_GET_DEAD(*status))
844 845
			sbp2_agent_reset(unit);

846
		switch (STATUS_GET_RESPONSE(*status)) {
847
		case SBP2_STATUS_REQUEST_COMPLETE:
848
			result = DID_OK << 16;
849 850
			break;
		case SBP2_STATUS_TRANSPORT_FAILURE:
851
			result = DID_BUS_BUSY << 16;
852 853 854 855
			break;
		case SBP2_STATUS_ILLEGAL_REQUEST:
		case SBP2_STATUS_VENDOR_DEPENDENT:
		default:
856
			result = DID_ERROR << 16;
857 858 859
			break;
		}

860 861
		if (result == DID_OK << 16 && STATUS_GET_LEN(*status) > 1)
			result = sbp2_status_to_sense_data(STATUS_GET_DATA(*status),
862 863
							   orb->cmd->sense_buffer);
	} else {
864 865
		/*
		 * If the orb completes with status == NULL, something
866
		 * went wrong, typically a bus reset happened mid-orb
867 868
		 * or when sending the write (less likely).
		 */
869
		result = DID_BUS_BUSY << 16;
870 871 872 873 874 875 876 877 878 879 880 881 882 883 884 885 886 887 888 889
	}

	dma_unmap_single(device->card->device, orb->base.request_bus,
			 sizeof orb->request, DMA_TO_DEVICE);

	if (orb->cmd->use_sg > 0) {
		sg = (struct scatterlist *)orb->cmd->request_buffer;
		dma_unmap_sg(device->card->device, sg, orb->cmd->use_sg,
			     orb->cmd->sc_data_direction);
	}

	if (orb->page_table_bus != 0)
		dma_unmap_single(device->card->device, orb->page_table_bus,
				 sizeof orb->page_table_bus, DMA_TO_DEVICE);

	if (orb->request_buffer_bus != 0)
		dma_unmap_single(device->card->device, orb->request_buffer_bus,
				 sizeof orb->request_buffer_bus,
				 DMA_FROM_DEVICE);

890
	orb->cmd->result = result;
891 892 893 894 895 896
	orb->done(orb->cmd);
	kfree(orb);
}

static void sbp2_command_orb_map_scatterlist(struct sbp2_command_orb *orb)
{
897 898 899
	struct sbp2_device *sd =
		(struct sbp2_device *)orb->cmd->device->host->hostdata;
	struct fw_unit *unit = sd->unit;
900 901 902 903 904 905 906 907 908 909
	struct fw_device *device = fw_device(unit->device.parent);
	struct scatterlist *sg;
	int sg_len, l, i, j, count;
	size_t size;
	dma_addr_t sg_addr;

	sg = (struct scatterlist *)orb->cmd->request_buffer;
	count = dma_map_sg(device->card->device, sg, orb->cmd->use_sg,
			   orb->cmd->sc_data_direction);

910 911
	/*
	 * Handle the special case where there is only one element in
912 913 914
	 * the scatter list by converting it to an immediate block
	 * request. This is also a workaround for broken devices such
	 * as the second generation iPod which doesn't support page
915 916
	 * tables.
	 */
917 918 919 920
	if (count == 1 && sg_dma_len(sg) < SBP2_MAX_SG_ELEMENT_LENGTH) {
		orb->request.data_descriptor.high = sd->address_high;
		orb->request.data_descriptor.low  = sg_dma_address(sg);
		orb->request.misc |=
921
			COMMAND_ORB_DATA_SIZE(sg_dma_len(sg));
922 923 924
		return;
	}

925 926 927 928
	/*
	 * Convert the scatterlist to an sbp2 page table.  If any
	 * scatterlist entries are too big for sbp2 we split the as we go.
	 */
929 930 931 932 933 934 935 936 937 938 939 940 941 942 943
	for (i = 0, j = 0; i < count; i++) {
		sg_len = sg_dma_len(sg + i);
		sg_addr = sg_dma_address(sg + i);
		while (sg_len) {
			l = min(sg_len, SBP2_MAX_SG_ELEMENT_LENGTH);
			orb->page_table[j].low = sg_addr;
			orb->page_table[j].high = (l << 16);
			sg_addr += l;
			sg_len -= l;
			j++;
		}
	}

	size = sizeof orb->page_table[0] * j;

944 945
	/*
	 * The data_descriptor pointer is the one case where we need
946 947 948
	 * to fill in the node ID part of the address.  All other
	 * pointers assume that the data referenced reside on the
	 * initiator (i.e. us), but data_descriptor can refer to data
949 950
	 * on other nodes so we need to put our ID in descriptor.high.
	 */
951 952 953 954 955 956 957

	orb->page_table_bus =
		dma_map_single(device->card->device, orb->page_table,
			       size, DMA_TO_DEVICE);
	orb->request.data_descriptor.high = sd->address_high;
	orb->request.data_descriptor.low  = orb->page_table_bus;
	orb->request.misc |=
958 959
		COMMAND_ORB_PAGE_TABLE_PRESENT |
		COMMAND_ORB_DATA_SIZE(j);
960 961 962 963 964 965

	fw_memcpy_to_be32(orb->page_table, orb->page_table, size);
}

static void sbp2_command_orb_map_buffer(struct sbp2_command_orb *orb)
{
966 967 968
	struct sbp2_device *sd =
		(struct sbp2_device *)orb->cmd->device->host->hostdata;
	struct fw_unit *unit = sd->unit;
969 970
	struct fw_device *device = fw_device(unit->device.parent);

971 972 973 974
	/*
	 * As for map_scatterlist, we need to fill in the high bits of
	 * the data_descriptor pointer.
	 */
975 976 977 978 979 980 981 982 983

	orb->request_buffer_bus =
		dma_map_single(device->card->device,
			       orb->cmd->request_buffer,
			       orb->cmd->request_bufflen,
			       orb->cmd->sc_data_direction);
	orb->request.data_descriptor.high = sd->address_high;
	orb->request.data_descriptor.low  = orb->request_buffer_bus;
	orb->request.misc |=
984
		COMMAND_ORB_DATA_SIZE(orb->cmd->request_bufflen);
985 986 987 988 989 990
}

/* SCSI stack integration */

static int sbp2_scsi_queuecommand(struct scsi_cmnd *cmd, scsi_done_fn_t done)
{
991 992 993
	struct sbp2_device *sd =
		(struct sbp2_device *)cmd->device->host->hostdata;
	struct fw_unit *unit = sd->unit;
994 995 996
	struct fw_device *device = fw_device(unit->device.parent);
	struct sbp2_command_orb *orb;

997 998 999 1000
	/*
	 * Bidirectional commands are not yet implemented, and unknown
	 * transfer direction not handled.
	 */
1001 1002
	if (cmd->sc_data_direction == DMA_BIDIRECTIONAL) {
		fw_error("Cannot handle DMA_BIDIRECTIONAL - rejecting command");
1003
		goto fail_alloc;
1004 1005 1006 1007 1008
	}

	orb = kzalloc(sizeof *orb, GFP_ATOMIC);
	if (orb == NULL) {
		fw_notify("failed to alloc orb\n");
1009
		goto fail_alloc;
1010 1011
	}

1012 1013
	/* Initialize rcode to something not RCODE_COMPLETE. */
	orb->base.rcode = -1;
1014 1015 1016
	orb->base.request_bus =
		dma_map_single(device->card->device, &orb->request,
			       sizeof orb->request, DMA_TO_DEVICE);
1017 1018
	if (dma_mapping_error(orb->base.request_bus))
		goto fail_mapping;
1019 1020 1021 1022 1023 1024 1025

	orb->unit = unit;
	orb->done = done;
	orb->cmd  = cmd;

	orb->request.next.high   = SBP2_ORB_NULL;
	orb->request.next.low    = 0x0;
1026 1027
	/*
	 * At speed 100 we can do 512 bytes per packet, at speed 200,
1028 1029
	 * 1024 bytes per packet etc.  The SBP-2 max_payload field
	 * specifies the max payload size as 2 ^ (max_payload + 2), so
1030 1031
	 * if we set this to max_speed + 7, we get the right value.
	 */
1032
	orb->request.misc =
1033 1034 1035
		COMMAND_ORB_MAX_PAYLOAD(device->node->max_speed + 7) |
		COMMAND_ORB_SPEED(device->node->max_speed) |
		COMMAND_ORB_NOTIFY;
1036 1037 1038

	if (cmd->sc_data_direction == DMA_FROM_DEVICE)
		orb->request.misc |=
1039
			COMMAND_ORB_DIRECTION(SBP2_DIRECTION_FROM_MEDIA);
1040 1041
	else if (cmd->sc_data_direction == DMA_TO_DEVICE)
		orb->request.misc |=
1042
			COMMAND_ORB_DIRECTION(SBP2_DIRECTION_TO_MEDIA);
1043 1044 1045 1046

	if (cmd->use_sg) {
		sbp2_command_orb_map_scatterlist(orb);
	} else if (cmd->request_bufflen > SBP2_MAX_SG_ELEMENT_LENGTH) {
1047 1048
		/*
		 * FIXME: Need to split this into a sg list... but
1049
		 * could we get the scsi or blk layer to do that by
1050 1051
		 * reporting our max supported block size?
		 */
1052
		fw_error("command > 64k\n");
1053
		goto fail_bufflen;
1054 1055 1056 1057 1058 1059 1060 1061 1062 1063 1064 1065 1066 1067 1068 1069
	} else if (cmd->request_bufflen > 0) {
		sbp2_command_orb_map_buffer(orb);
	}

	fw_memcpy_to_be32(&orb->request, &orb->request, sizeof orb->request);

	memset(orb->request.command_block,
	       0, sizeof orb->request.command_block);
	memcpy(orb->request.command_block, cmd->cmnd, COMMAND_SIZE(*cmd->cmnd));

	orb->base.callback = complete_command_orb;

	sbp2_send_orb(&orb->base, unit, sd->node_id, sd->generation,
		      sd->command_block_agent_address + SBP2_ORB_POINTER);

	return 0;
1070 1071 1072 1073 1074 1075 1076 1077 1078 1079

 fail_bufflen:
	dma_unmap_single(device->card->device, orb->base.request_bus,
			 sizeof orb->request, DMA_TO_DEVICE);
 fail_mapping:
	kfree(orb);
 fail_alloc:
	cmd->result = DID_ERROR << 16;
	done(cmd);
	return 0;
1080 1081
}

1082 1083
static int sbp2_scsi_slave_alloc(struct scsi_device *sdev)
{
1084
	struct sbp2_device *sd = (struct sbp2_device *)sdev->host->hostdata;
1085 1086 1087 1088 1089 1090 1091 1092

	sdev->allow_restart = 1;

	if (sd->workarounds & SBP2_WORKAROUND_INQUIRY_36)
		sdev->inquiry_len = 36;
	return 0;
}

1093 1094
static int sbp2_scsi_slave_configure(struct scsi_device *sdev)
{
1095 1096
	struct sbp2_device *sd = (struct sbp2_device *)sdev->host->hostdata;
	struct fw_unit *unit = sd->unit;
1097

1098 1099 1100 1101
	sdev->use_10_for_rw = 1;

	if (sdev->type == TYPE_ROM)
		sdev->use_10_for_ms = 1;
1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118
	if (sdev->type == TYPE_DISK &&
	    sd->workarounds & SBP2_WORKAROUND_MODE_SENSE_8)
		sdev->skip_ms_page_8 = 1;
	if (sd->workarounds & SBP2_WORKAROUND_FIX_CAPACITY) {
		fw_notify("setting fix_capacity for %s\n", unit->device.bus_id);
		sdev->fix_capacity = 1;
	}

	return 0;
}

/*
 * Called by scsi stack when something has really gone wrong.  Usually
 * called when a command has timed-out for some reason.
 */
static int sbp2_scsi_abort(struct scsi_cmnd *cmd)
{
1119 1120 1121
	struct sbp2_device *sd =
		(struct sbp2_device *)cmd->device->host->hostdata;
	struct fw_unit *unit = sd->unit;
1122 1123

	fw_notify("sbp2_scsi_abort\n");
1124
	sbp2_agent_reset(unit);
1125 1126 1127 1128 1129 1130 1131 1132 1133 1134
	sbp2_cancel_orbs(unit);

	return SUCCESS;
}

static struct scsi_host_template scsi_driver_template = {
	.module			= THIS_MODULE,
	.name			= "SBP-2 IEEE-1394",
	.proc_name		= (char *)sbp2_driver_name,
	.queuecommand		= sbp2_scsi_queuecommand,
1135
	.slave_alloc		= sbp2_scsi_slave_alloc,
1136 1137 1138 1139 1140
	.slave_configure	= sbp2_scsi_slave_configure,
	.eh_abort_handler	= sbp2_scsi_abort,
	.this_id		= -1,
	.sg_tablesize		= SG_ALL,
	.use_clustering		= ENABLE_CLUSTERING,
1141 1142
	.cmd_per_lun		= 1,
	.can_queue		= 1,
1143 1144 1145 1146 1147 1148 1149
};

MODULE_AUTHOR("Kristian Hoegsberg <krh@bitplanet.net>");
MODULE_DESCRIPTION("SCSI over IEEE1394");
MODULE_LICENSE("GPL");
MODULE_DEVICE_TABLE(ieee1394, sbp2_id_table);

1150 1151 1152 1153 1154
/* Provide a module alias so root-on-sbp2 initrds don't break. */
#ifndef CONFIG_IEEE1394_SBP2_MODULE
MODULE_ALIAS("sbp2");
#endif

1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166
static int __init sbp2_init(void)
{
	return driver_register(&sbp2_driver.driver);
}

static void __exit sbp2_cleanup(void)
{
	driver_unregister(&sbp2_driver.driver);
}

module_init(sbp2_init);
module_exit(sbp2_cleanup);