Commit Graph

299 Commits

Author SHA1 Message Date
rwatson
33fdc14c0c Update kernel inclusions of capability.h to use capsicum.h instead; some
further refinement is required as some device drivers intended to be
portable over FreeBSD versions rely on __FreeBSD_version to decide whether
to include capability.h.

MFC after:	3 weeks
2014-03-16 10:55:57 +00:00
marius
36c626f331 Free the MSI again on detach if allocated. Arguably, this code would be
better off living in aac_pci.c, but it doesn't seem worth creating a
aac_pci_detach() and it's also not the first PCI-specific bit in aac.c

MFC after:	3 days
2013-12-29 17:37:32 +00:00
eadler
44c01df173 Fix undefined behavior: (1 << 31) is not defined as 1 is an int and this
shifts into the sign bit.  Instead use (1U << 31) which gets the
expected result.

This fix is not ideal as it assumes a 32 bit int, but does fix the issue
for most cases.

A similar change was made in OpenBSD.

Discussed with:	-arch, rdivacky
Reviewed by:	cperciva
2013-11-30 22:17:27 +00:00
pjd
029a6f5d92 Change the cap_rights_t type from uint64_t to a structure that we can extend
in the future in a backward compatible (API and ABI) way.

The cap_rights_t represents capability rights. We used to use one bit to
represent one right, but we are running out of spare bits. Currently the new
structure provides place for 114 rights (so 50 more than the previous
cap_rights_t), but it is possible to grow the structure to hold at least 285
rights, although we can make it even larger if 285 rights won't be enough.

The structure definition looks like this:

	struct cap_rights {
		uint64_t	cr_rights[CAP_RIGHTS_VERSION + 2];
	};

The initial CAP_RIGHTS_VERSION is 0.

The top two bits in the first element of the cr_rights[] array contain total
number of elements in the array - 2. This means if those two bits are equal to
0, we have 2 array elements.

The top two bits in all remaining array elements should be 0.
The next five bits in all array elements contain array index. Only one bit is
used and bit position in this five-bits range defines array index. This means
there can be at most five array elements in the future.

To define new right the CAPRIGHT() macro must be used. The macro takes two
arguments - an array index and a bit to set, eg.

	#define	CAP_PDKILL	CAPRIGHT(1, 0x0000000000000800ULL)

We still support aliases that combine few rights, but the rights have to belong
to the same array element, eg:

	#define	CAP_LOOKUP	CAPRIGHT(0, 0x0000000000000400ULL)
	#define	CAP_FCHMOD	CAPRIGHT(0, 0x0000000000002000ULL)

	#define	CAP_FCHMODAT	(CAP_FCHMOD | CAP_LOOKUP)

There is new API to manage the new cap_rights_t structure:

	cap_rights_t *cap_rights_init(cap_rights_t *rights, ...);
	void cap_rights_set(cap_rights_t *rights, ...);
	void cap_rights_clear(cap_rights_t *rights, ...);
	bool cap_rights_is_set(const cap_rights_t *rights, ...);

	bool cap_rights_is_valid(const cap_rights_t *rights);
	void cap_rights_merge(cap_rights_t *dst, const cap_rights_t *src);
	void cap_rights_remove(cap_rights_t *dst, const cap_rights_t *src);
	bool cap_rights_contains(const cap_rights_t *big, const cap_rights_t *little);

Capability rights to the cap_rights_init(), cap_rights_set(),
cap_rights_clear() and cap_rights_is_set() functions are provided by
separating them with commas, eg:

	cap_rights_t rights;

	cap_rights_init(&rights, CAP_READ, CAP_WRITE, CAP_FSTAT);

There is no need to terminate the list of rights, as those functions are
actually macros that take care of the termination, eg:

	#define	cap_rights_set(rights, ...)				\
		__cap_rights_set((rights), __VA_ARGS__, 0ULL)
	void __cap_rights_set(cap_rights_t *rights, ...);

Thanks to using one bit as an array index we can assert in those functions that
there are no two rights belonging to different array elements provided
together. For example this is illegal and will be detected, because CAP_LOOKUP
belongs to element 0 and CAP_PDKILL to element 1:

	cap_rights_init(&rights, CAP_LOOKUP | CAP_PDKILL);

Providing several rights that belongs to the same array's element this way is
correct, but is not advised. It should only be used for aliases definition.

This commit also breaks compatibility with some existing Capsicum system calls,
but I see no other way to do that. This should be fine as Capsicum is still
experimental and this change is not going to 9.x.

Sponsored by:	The FreeBSD Foundation
2013-09-05 00:09:56 +00:00
marius
281e37952d - Fix a bug in the MSI allocation logic so an MSI is also employed if a
controller supports only a single message. I haven't seen such an adapter
  out in the wild, though, so this change likely is a NOP.
  While at it, further simplify the MSI allocation logic; there's no need
  to check the number of available messages on our own as pci_alloc_msi(9)
  will just fail if it can't provide us with the single message we want.
- Nuke the unused softc of aacch(4).

MFC after:	1 month
2013-08-06 19:14:02 +00:00
marius
576dff05bc As it turns out, MSIs are broken with 2820SA so introduce an AAC_FLAGS_NOMSI
quirk and apply it to these controllers [1]. The same problem was reported
for 2230S, in which case it wasn't actually clear whether the culprit is the
controller or the mainboard, though. In order to be on the safe side, flag
MSIs as being broken with the latter type of controller as well. Given that
these are the only reports of MSI-related breakage with aac(4) so far and
OSes like OpenSolaris unconditionally employ MSIs for all adapters of this
family, however, it doesn't seem warranted to generally disable the use of
MSIs in aac(4).
While it, simplify the MSI allocation logic a bit; there's no need to check
for the presence of the MSI capability on our own as pci_alloc_msi(9) will
just fail when these kind of interrupts are not available.
Reported and tested by: David Boyd [1]

MFC after:	3 days
2013-08-06 18:55:59 +00:00
marius
f463a4083c Allow unmapped I/O via aacd(4). It shouldn't be too hard to add the
same support for aacp(4), I'm lacking the necessary hardware for
testing, though.
2013-05-30 00:22:07 +00:00
marius
c4a034ff8d - Remove pointless returns.
- Make cm_data a void pointer and cm_flags unsigned as appropriate.

MFC after:	3 days
2013-05-30 00:11:22 +00:00
mav
3d32e6b10c MFprojects/camlock r248982:
Stop abusing xpt_periph in random plases that really have no periph related
to CCB, for example, bus scanning.  NULL value is fine in such cases and it
is correctly logged in debug messages as "noperiph".  If at some point we
need some real XPT periphs (alike to pmpX now), quite likely they will be
per-bus, and not a single global instance as xpt_periph now.
2013-04-14 09:55:48 +00:00
marius
55ff3cee07 Initialize count in order to appease clang.
Submitted by:	delphij
2013-03-01 22:09:08 +00:00
marius
433c854393 - Make tables, device ID strings etc const. This includes #ifdef'ing 0
aac_command_status_table, which is actually unused since r111532.
  While at it, make aac_if a pointer to the now const interface tables
  instead of copying them over to the softc (this alone already reduces the
  size of aac.ko on amd64 by ~1 KiB).
- Remove redundant softc members.
- Use DEVMETHOD_END.
- Use NULL instead of 0 for pointers.
- Remove redundant bzero(9)'ing of the softc.
- Use pci_enable_busmaster(9) instead of duplicating it.
- Remove redundant checking for PCIM_CMD_MEMEN (resource allocation will
  just fail).
- Canonicalize the error messages in case of resource allocation failures.
- Add support for using MSI instead of INTx, controllable via the tunable
  hw.aac.enable_msi (defaulting to on).

MFC after:	1 month
2013-03-01 19:55:10 +00:00
kib
bd7f0fa0bb Reform the busdma API so that new types may be added without modifying
every architecture's busdma_machdep.c.  It is done by unifying the
bus_dmamap_load_buffer() routines so that they may be called from MI
code.  The MD busdma is then given a chance to do any final processing
in the complete() callback.

The cam changes unify the bus_dmamap_load* handling in cam drivers.

The arm and mips implementations are updated to track virtual
addresses for sync().  Previously this was done in a type specific
way.  Now it is done in a generic way by recording the list of
virtuals in the map.

Submitted by:	jeff (sponsored by EMC/Isilon)
Reviewed by:	kan (previous version), scottl,
	mjacob (isp(4), no objections for target mode changes)
Discussed with:	     ian (arm changes)
Tested by:	marius (sparc64), mips (jmallet), isci(4) on x86 (jharris),
	amd64 (Fabian Keil <freebsd-listen@fabiankeil.de>)
2013-02-12 16:57:20 +00:00
rdivacky
7e46da464e Give panic format string to pacify clang warning. 2012-11-09 13:58:52 +00:00
rstone
95b4367538 Some aac(4) adapters will always report that a direct access device is
offline in response to a INQUIRY command that does not retreive vital
product data(I personally have observed the behaviour on an Adaptec 2405
and a 5805).  Force the peripheral qualifier to "connected" so that upper
layers correctly recognize that a disk is present.

This bug was uncovered by r216236.  Prior to that fix, aac(4) was
accidentally clearing the peripheral qualifier for all inquiry commands.

This fixes an issue where passthrough devices were not created for
disks behind aac(4) controllers suffering from the bug.  I have
verified that if a disk is not present that we still properly detect
that and not create the passthrough device.

Sponsored by:	Sandvine Incorporated
MFC after:	1 week
2012-09-25 19:12:12 +00:00
sbruno
58e28bb84c On BIO_ERROR, set bio_resid to stop losing data in the error case.
Submitted by:	Mark Johnston <markjdb@gmail.com>
Reviewed by:	scottl@freebsd.org
MFC after:	2 weeks
2012-07-18 18:10:27 +00:00
eadler
6952466b97 Remove variables which are initialized but never used thereafter
reported by gcc46 warning

Approved by:	cperciva
MFC after:	1 week
2012-07-07 17:20:24 +00:00
jhb
19f7abda8b Use bus_get_dma_tag() to inherit the PCI bus' 4G boundary constraint.
Tested by:	emaste
2012-03-07 18:52:46 +00:00
emaste
cc5cc55506 Revert r232260.
The problem is now fixed by a general workaround in r232267.
2012-02-28 19:50:14 +00:00
emaste
5605a1003e Avoid transfers crossing a 4GB boundary, which can lead to data
corruption.  Thanks to scottl@ for the suggestion.

This change will likely be revised after consideration of a general
method to address this type of issue for other drivers.

Sponsored by:   Sandvine Incorporated
MFC after:      3 days
2012-02-28 17:29:31 +00:00
emaste
94af630d70 Add a sysctl to report the firmware build number.
Some older firmware versions have issues that can be worked around by
avoiding certain operations.  Add a sysctl dev.aac.#.firmware_build to
make it easy for scripts or userland tools to detect the firmware
version.
2012-02-13 16:48:49 +00:00
marius
17e14c6132 - There's no need to overwrite the default device method with the default
one. Interestingly, these are actually the default for quite some time
  (bus_generic_driver_added(9) since r52045 and bus_generic_print_child(9)
  since r52045) but even recently added device drivers do this unnecessarily.
  Discussed with: jhb, marcel
- While at it, use DEVMETHOD_END.
  Discussed with: jhb
- Also while at it, use __FBSDID.
2011-11-22 21:28:20 +00:00
ed
0c56cf839d Mark all SYSCTL_NODEs static that have no corresponding SYSCTL_DECLs.
The SYSCTL_NODE macro defines a list that stores all child-elements of
that node. If there's no SYSCTL_DECL macro anywhere else, there's no
reason why it shouldn't be static.
2011-11-07 15:43:11 +00:00
ed
e97eae1577 Mark MALLOC_DEFINEs static that have no corresponding MALLOC_DECLAREs.
This means that their use is restricted to a single C file.
2011-11-07 06:44:47 +00:00
marius
03f042f32e Merge from r225950:
Set the sense residual properly.

Reviewed by:	ken
2011-10-13 20:06:19 +00:00
rwatson
4af919b491 Second-to-last commit implementing Capsicum capabilities in the FreeBSD
kernel for FreeBSD 9.0:

Add a new capability mask argument to fget(9) and friends, allowing system
call code to declare what capabilities are required when an integer file
descriptor is converted into an in-kernel struct file *.  With options
CAPABILITIES compiled into the kernel, this enforces capability
protection; without, this change is effectively a no-op.

Some cases require special handling, such as mmap(2), which must preserve
information about the maximum rights at the time of mapping in the memory
map so that they can later be enforced in mprotect(2) -- this is done by
narrowing the rights in the existing max_protection field used for similar
purposes with file permissions.

In namei(9), we assert that the code is not reached from within capability
mode, as we're not yet ready to enforce namespace capabilities there.
This will follow in a later commit.

Update two capability names: CAP_EVENT and CAP_KEVENT become
CAP_POST_KEVENT and CAP_POLL_KEVENT to more accurately indicate what they
represent.

Approved by:	re (bz)
Submitted by:	jonathan
Sponsored by:	Google Inc
2011-08-11 12:30:23 +00:00
attilio
d1fcf4b34f - Fix races on detach handling of AAC_IFFLAGS_* mask
- Fix races on setting AAC_AIFFLAGS_ALLOCFIBS
- Remove some unused AAC_IFFLAGS_* bits.
  Please note that the kthread still makes a difference between the
  total mask and AAC_AIFFLAGS_ALLOCFIBS because more flags may be
  added in the future to aifflags.

Sponsored by:			Sandvine Incorporated
Reported and reviewed by:	emaste
MFC after:			2 weeks
2011-06-10 20:23:56 +00:00
emaste
3060e03b87 We can pass a format string and args to panic(), so instead of using
printf() to output some information before a panic, just include that
information in the panic.

Submitted by:	bde
Reviewed by:	bde
2011-02-04 15:45:48 +00:00
emaste
aef7d099b3 Include driver name in panic string, to make it easier to find these should
the panic ever occur.
2011-02-03 03:07:11 +00:00
emaste
dc94d2f814 Revert part of r173264. Both aac_ioctl_sendfib and aac_ioctl_send_raw_srb
make use of the aac_ioctl_event callback, if aac_alloc_command fails.  This
can end up in an infinite loop in the while loop in aac_release_command.

Further investigation into the issue mentioned by Scott Long [1] will be
necessary.

[1] http://lists.freebsd.org/pipermail/freebsd-current/2007-October/078740.html
2011-02-03 02:14:53 +00:00
jhb
7305ca5959 When masking direct and processor devices during an inquiry, properly
preserve the upper bits of the first data byte.

Reviewed by:	scottl
MFC after:	1 week
2010-12-06 17:06:21 +00:00
emaste
08029b2265 Previously, the aac driver did not handle enclosure management AIFs,
which were raised during hot-swap events. Now such events trigger cam
rescans, as is done in the mps driver.

Submitted by:	Mark Johnston <mjohnston at sandvine dot com>
2010-09-29 14:22:00 +00:00
emaste
e42c9c0204 Use device_printf where possible, and otherwise at least include the
driver name in printf strings.

Reported by:	Mark Johnston
2010-09-16 23:33:24 +00:00
attilio
ab8966e256 Implement device unbusying via a cdevpriv destructor.
Suggested by:	jhb
Tested by:	Mark Johnston <mjohnston at sandvine dot com>
Reviewed by:	emaste, jhb
MFC after:	10 days
X-MFC:		r212661
2010-09-16 17:49:10 +00:00
attilio
2eb7a3903b Fix bogus busying mechanism from cdevsw callbacks:
- D_TRACKCLOSE may be used there as d_close() are expected to match up
  d_open() calls
- Replace the hand-crafted counter and flag with the
  device_busy()/device_unbusy() proper usage.

Sponsored by:	Sandvine Incorporated
Reported by:	Mark Johnston <mjohnston at sandvine dot com>
Tested by:	Mark Johnston
Reviewed by:	emaste

MFC after:	10 days
2010-09-15 14:24:21 +00:00
emaste
25bb71a720 Add some enums and constants from Adaptec's latest driver
(build 17911).
2010-09-15 01:19:11 +00:00
emaste
2b6d501a6e Avoid repeatedly spamming the console while a timed out command is waiting
to complete.  Instead, print one message after the timeout period expires,
and one more when (if) the command eventually completes.

MFC after:	1 month
2010-09-14 01:51:04 +00:00
emaste
7dc7d3d415 Use enums in the aac_command_status_table rather than duplicating the same
values in two places.

Suggested by: Garrett Cooper
2010-04-13 12:10:55 +00:00
emaste
ae67186286 Sync some minor items with the upstream driver. Should have no functional
change.
2010-04-13 01:16:15 +00:00
emaste
6c538f5fa4 Whitespace cleanup, in advance of next sync with Adaptec's driver. No
functional change.
2010-04-13 00:33:07 +00:00
attilio
8a3325736a Make the code more readable and compiling on 64-bits arch different
than amd64.

Sponsored by:	Sandvine Incorporated
Submitted by:	emaste
MFC:		2 weeks
X-MFC:		r205160
2010-03-15 14:20:16 +00:00
attilio
500e7d9ffd Checkin a facility for specifying a passthrough FIB from userland.
arcconf tool by Adaptec already seems to use for identifying the
Serial Number of the devices.
Some simple things (like FIB setup and bound checks) are retrieved
from the Adaptec's driver, but this implementation is quite different
because it does use the normal buffer dmat area for loading segments
and not a special one (like the Adaptec's one does).

Sponsored by:	Sandvine Incorporated
Discussed with:	emaste, scottl
Reviewed by:	emaste, scottl
MFC:		2 weeks
2010-03-14 22:38:18 +00:00
emaste
de16302b40 Minor diff reduction with Adaptec's driver: in aac_release_command() set
cm_queue to AAC_ADAP_NORM_CMD_QUEUE by default.  In every place it was set,
it was set to AAC_ADAP_NORM_CMD_QUEUE anyhow.
2010-02-23 21:41:13 +00:00
emaste
4b84a18405 Include command type in COMMAND TIMEOUT messages to aid in debugging. 2010-02-17 22:28:37 +00:00
emaste
9cff85cb01 Diff reduction with Adaptec's vendor driver.
Driver version 2.1.9 chosen as that Adaptec version roughly corresponds
with the current feature set merged to the in-tree driver.
2010-02-14 17:14:11 +00:00
emaste
31c6160ef9 Garbage collect Falcon/PPC support that has not been used in released
products, based on discussion with Adaptec.
2010-02-12 18:48:18 +00:00
mbr
7450f52a57 Remove extraneous semicolons, no functional changes.
Submitted by:	Marc Balmer <marc@msys.ch>
MFC after:	1 week
2010-01-07 21:01:37 +00:00
jkim
8cefbec982 - Try pre-allocating all FIBs upfront. Previously we tried pre-allocating
128 FIBs first and allocated more later if necessary.  Remove now unused
definitions from the header file[1].
- Force sequential bus scanning.  It seems parallel scanning is in fact
slower and causes more harm than good[1].  Adjust a comment to reflect that.

PR:		kern/141269
Submitted by:	Alexander Sack (asack at niksun dot com)[1]
Reviewed by:	scottl
2009-12-08 05:35:51 +00:00
emaste
00987e76f5 Rename aac_srb32 to aac_srb, to match Adaptec's vendor driver. 2009-10-29 17:14:18 +00:00
emaste
c847bcb8bb Rename aac_fast_intr to aac_filter to reflect its current use. Eliminate
the fallback of using the filter as an interrupt handler, as it is no
longer needed.

Discussed with:	scottl, jhb
2009-10-29 14:53:45 +00:00
emaste
7cbed35629 Do first controller time sync after 1 minute, as in Adaptec's vendor
driver.
2009-10-28 13:50:28 +00:00