1057 Commits

Author SHA1 Message Date
Kenneth D. Merry
beedaee94a Add a loader tunable, kern.cam.ctl.disable, that will disable
loading CTL.  This may be useful in very low memory installations.

MFC after:	3 days
2012-06-28 19:39:30 +00:00
Warner Losh
6e45677ab7 Add a sysctl to set the cdrom timeout. Data recovery operations from
a CD or DVD drive with a damaged disc often benefit from a shorter
timeout.  Also, when retries are set to 0, an application is expecting
errors and recovering them so do not print the error into the log.
The number of expected errors can literally be in the hundreds of
thousands which significantly slows data recovery.

Reviewed by:	ken@ (but quite some time ago).
2012-06-28 07:01:48 +00:00
Kenneth D. Merry
905cb85d78 Fix a typo in a panic() call.
PR:		kern/169497
Submitted by:	Steven Hartland <steven.hartland@multiplay.co.uk>
MFC after:	3 days
2012-06-28 03:36:13 +00:00
Kenneth D. Merry
b79dc8a8da Fix an issue that caused the kernel to panic inside CTL when trying
to attach to target capable HBAs that implement the old immediate
notify (XPT_IMMED_NOTIFY) and notify acknowledge (XPT_NOTIFY_ACK)
CCBs.  The new API has been in place since SVN change 196008 in
2009.

The solution is two-fold:  fix CTL to handle the responses from the
HBAs, and convert the HBA drivers in question to use the new API.

These drivers have not been tested with CTL, so how well they will
interoperate with CTL is unknown.

scsi_target.c:	Update the userland target example code to use the
		new immediate notify API.

scsi_ctl.c:	Detect when an immediate notify CCB is returned
		with CAM_REQ_INVALID or CAM_PROVIDE_FAIL status,
		and just free it.

		Fix a duplicate assignment.

aic79xx.c,
aic79xx_osm.c:	Update the aic79xx driver to use the new API.
		Target mode is not enabled on for this driver, so
		the changes will have no practical effect.

aic7xxx.c,
aic7xxx_osm.c:	Update the aic7xxx driver to use the new API.

sbp_targ.c:	Update the firewire target code to work with the
		new API.

mpt_cam.c:	Update the mpt(4) driver to work with the new API.
		Target mode is only enabled for Fibre Channel
		mpt(4) devices.

MFC after:	3 days
2012-06-26 14:51:35 +00:00
Kenneth D. Merry
c3fb2891f0 Fix a bug which causes a panic in daopen(). The panic is caused by
a da(4) instance going away while GEOM is still probing it.

In this case, the GEOM disk class instance has been created by
disk_create(), and the taste of the disk is queued in the GEOM
event queue.

While that event is queued, the da(4) instance goes away.  When the
open call comes into the da(4) driver, it dereferences the freed
(but non-NULL) peripheral pointer provided by GEOM, which results
in a panic.

The solution is to add a callback to the GEOM disk code that is
called when all of its resources are cleaned up.  This is
implemented inside GEOM by adding an optional callback that is
called when all consumers have detached from a provider, and the
provider is about to be deleted.

scsi_cd.c,
scsi_da.c:	In the register routine for the cd(4) and da(4)
		routines, acquire a reference to the CAM peripheral
		instance just before we call disk_create().

		Use the new GEOM disk d_gone() callback to register
		a callback (dadiskgonecb()/cddiskgonecb()) that
		decrements the peripheral reference count once GEOM
		has finished cleaning up its resources.

		In the cd(4) driver, clean up open and close
		behavior slightly.  GEOM makes sure we only get one
		open() and one close call, so there is no need to
		set an open flag and decrement the reference count
		if we are not the first open.

		In the cd(4) driver, use cam_periph_release_locked()
		in a couple of error scenarios to avoid extra mutex
		calls.

geom.h:		Add a new, optional, providergone callback that
		is called when a provider is about to be deleted.

geom_disk.h:	Add a new d_gone() callback to the GEOM disk
		interface.

		Bump the DISK_VERSION to version 2.  This probably
		should have been done after a couple of previous
		changes, especially the addition of the d_getattr()
		callback.

geom_disk.c:	Add a providergone callback for the disk class,
		g_disk_providergone(), that calls the user's
		d_gone() callback if it exists.

		Bump the DISK_VERSION to 2.

geom_subr.c:	In g_destroy_provider(), call the providergone
		callback if it has been provided.

		In g_new_geomf(), propagate the class's
		providergone callback to the new geom instance.

blkfront.c:	Callers of disk_create() are supposed to pass in
		DISK_VERSION, not an explicit disk API version
		number.  Update the blkfront driver to do that.

disk.9:		Update the disk(9) man page to include information
		on the new d_gone() callback, as well as the
		previously added d_getattr() callback, d_descr
		field, and HBA PCI ID fields.

MFC after:	5 days
2012-06-24 04:29:03 +00:00
Alexander Motin
e7493b2841 Add scsi_extract_sense_ccb() -- wrapper around scsi_extract_sense_len().
It allows to remove number of duplicate checks from several places.
2012-06-23 12:32:53 +00:00
Kenneth D. Merry
7027b9cda4 Change 'camcontrol defects' to first probe a drive to find out how much
defect information it has before grabbing the full defect list.

This works around a bug with some Hitachi drives that generate data overrun
errors when they are asked for more defect data than they have.

The change is done in a spec-compliant way, so it should have no negative
impact on drives that don't have this issue.

This is based on work originally done at Sandvine.

scsi_da.h:	Add a define for the maximum amount of data that can be
		contained in a defect list.

camcontrol.c:	Update the readdefects() function to issue an initial
		command to determine the length of the defect list, and
		then use that length in the request for the full defect
		list.

camcontrol.8:	Add a note that some drives will report 0 defects available
		if you don't request either the PLIST or GLIST.

Submitted by:	Mark Johnston <markjdb@gmail.com> (original version)
MFC after:	3 days
2012-06-22 18:57:06 +00:00
Alexander Motin
84c4de2d47 Don't print SCSI Queue Full and CAM_REQUEUE_REQ statuses as errors if they
were handled and retried. They are part of normal operation for SCSI TCQ.

MFC after:	3 days
2012-06-22 16:20:13 +00:00
Alexander Motin
aed9c88cff Make cam_periph_hold() behavior consistent: drop taken reference and
return ENXIO if periph was invalidated while we were waiting for it.

MFC after:	1 week
2012-06-21 15:14:51 +00:00
Alexander Motin
10284c8b26 In camisr() clear CAM_SIM_ON_DONEQ flag after camisr_runqueue() purged SIM
done queue. Clearing it before caused extra SIM queueing in some cases.
It was invisible during normal operation, but during USB device unplug and
respective SIM destruction it could keep pointer on SIM without having
counted reference and as result crash the system by use afer free.

Reported by:	hselasky
MFC after:	1 week
2012-06-21 14:35:46 +00:00
Alexander Motin
82887886a7 Remove unused error variables in cdclose() and daclose(). 2012-06-20 18:35:36 +00:00
Alexander Motin
5868be1e3c Check status of cam_periph_hold() inside cdclose(). If cd device was
invalidated while open, cam_periph_hold() will return error and won't
get the reference.  Following reference release will crash the system.

Sponsored by:	iXsystems, Inc.
MFC after:	3 days
2012-06-20 18:25:51 +00:00
Kenneth D. Merry
ea37f51942 Fix several reference counting and object lifetime issues between
the pass(4) and enc(4) drivers and devfs.

The pass(4) driver uses the destroy_dev_sched() routine to
schedule its device node for destruction in a separate thread
context.  It does this because the passcleanup() routine can get
called indirectly from the passclose() routine, and that would
cause a deadlock if the close routine tried to destroy its own
device node.

In any case, once a particular passthrough driver number, e.g.
pass3, is destroyed, CAM considers that unit number (3 in this
case) available for reuse.

The problem is that devfs may not be done cleaning up the previous
instance of pass3, and will panic if isn't done cleaning up the
previous instance.

The solution is to get a callback from devfs when the device node
is removed, and make sure we hold a reference to the peripheral
until that happens.

Testing exposed some other cases where we have reference counting
issues, and those were also fixed in the pass(4) driver.

cam_periph.c:	In camperiphfree(), reorder some of the operations.

		The peripheral destructor needs to be called before
		the peripheral is removed from the peripheral is
		removed from the list.  This is because once we
		remove the peripheral from the list, and drop the
		topology lock, the peripheral number may be reused.
		But if the destructor hasn't been called yet, there
		may still be resources hanging around (like devfs
		nodes) that haven't been fully cleaned up.

cam_xpt.c:	Add an argument to xpt_remove_periph() to indicate
		whether the topology lock is already held.

scsi_enc.c:	Acquire an extra reference to the peripheral during
		registration, and release it once we get a callback
		from devfs indicating that the device node is gone.

		Call destroy_dev_sched_cb() in enc_oninvalidate()
		instead of calling destroy_dev() in the cleanup
		routine.

scsi_pass.c:	Add reference counting to handle peripheral and
		devfs object lifetime issues.

		Add a reference to the peripheral and the devfs
		node in the peripheral registration.

		Don't attempt to add a physical path alias if the
		peripheral has been marked invalid.

		Release the devfs reference once the initial
		physical path alias taskqueue run has completed.

		Schedule devfs node destruction in the
		passoninvalidate(), and release our peripheral
		reference in a new routine, passdevgonecb() once
		the devfs node is gone.  This allows the peripheral
		to fully go away, and the peripheral destructor,
		passcleanup(), will get called.

MFC after:	3 days
Sponsored by:	Spectra Logic
2012-06-20 17:08:00 +00:00
Alexander Motin
ca5598a415 Remove never used CD/DA_FLAG_TAGGED_QUEUING flags.
MFC after:	1 week
2012-06-18 12:45:35 +00:00
Alexander Motin
0191d9b367 One more major cam_periph_error() rewrite to improve error handling and
reporting. It includes:
 - removing of error messages controlled by bootverbose, replacing them
with more universal and informative debugging on CAM_DEBUG_INFO level,
that is now built into the kernel by default;
 - more close following to the arguments submitted by caller, such as
SF_PRINT_ALWAYS, SF_QUIET_IR and SF_NO_PRINT; consumer knows better which
errors are usual/expected at this point and which are really informative;
 - adding two new flags SF_NO_RECOVERY and SF_NO_RETRY to allow caller
specify how much assistance it needs at this point; previously consumers
controlled that by not calling cam_periph_error() at all, but that made
behavior inconsistent and debugging complicated;
 - tuning debug messages and taken actions order to make debugging output
more readable and cause-effect relationships visible;
 - making camperiphdone() (common device recovery completion handler) to
also use cam_periph_error() in most cases, instead of own dumb code;
 - removing manual sense fetching code from cam_periph_error(); I was told
by number of people that it is SIM obligation to fetch sense data, so this
code is useless and only significantly complicates recovery logic;
 - making ada, da and pass driver to use cam_periph_error() with new limited
recovery options to handle error recovery and debugging in common way;
as one of results, CAM_REQUEUE_REQ and other retrying statuses are now
working fine with pass driver, that caused many problems before.
 - reverting r186891 by raj@ to avoid burning few seconds in tight DELAY()
loops on device probe, while device simply loads media; I think that problem
may already be fixed in other way, and even if it is not, solution must be
different.

Sponsored by:	iXsystems, Inc.
MFC after:	2 weeks
2012-06-09 13:07:44 +00:00
Alexander Motin
22c7d606d5 Add CAM_DEBUG_INFO debug messages for periph created/invalidated/destroyed
and for asyncs sent.
2012-06-07 10:53:42 +00:00
Alexander Motin
f0f25b9c80 To make CAM debugging easier, compile in some debug flags (CAM_DEBUG_INFO,
CAM_DEBUG_CDB, CAM_DEBUG_PERIPH and CAM_DEBUG_PROBE) by default.
List of these flags can be modified with CAM_DEBUG_COMPILE kernel option.
CAMDEBUG kernel option still enables all possible debug, if not overriden.

Additional 50KB of kernel size is a good price for the ability to debug
problems without rebuilding the kernel. In case where size is important,
debugging can be compiled out by setting CAM_DEBUG_COMPILE option to 0.
2012-06-07 10:05:51 +00:00
Alexander Motin
3d9a151daf Remove declaration of scsi_interpret_sense(), removed 11 years ago. 2012-06-06 17:28:46 +00:00
Kenneth D. Merry
d36f5410dd Fix a memory leak in the kernel case in scsi_command_string().
Submitted by:	Kashyap Desai <Kashyap.Desai@lsi.com>
MFC after:	3 days
2012-06-06 17:04:56 +00:00
Alexander Motin
bc1bf6e842 ATA/SATA controllers have no idea about protocol of the connected device
until transport will do some probe actions (at least soft reset).
Make ATA/SATA SIMs to not report bogus and confusing PROTO_ATA protocol.
Make ATA/SATA transport to fill that gap by reporting protocol to SIM with
XPT_SET_TRAN_SETTINGS and patching XPT_GET_TRAN_SETTINGS results if needed.
2012-06-06 06:52:51 +00:00
Alexander Motin
7642883f10 Use default error handler when flushing disk caches. 2012-06-05 20:39:12 +00:00
Alexander Motin
a4d953c44e Tune and add some more CAM_DEBUG() points for the probe sequences. 2012-06-05 11:48:32 +00:00
Alexander Motin
2d89c12567 Replace #ifdef CAMDEBUG + if + panic() with single KASSERT(). 2012-06-05 10:23:41 +00:00
Alexander Motin
62275a906f Do not reinvent a wheel and let default error handler do its job. 2012-06-05 10:08:22 +00:00
Alexander Motin
fddde2b8ef Tune and add some missing CAM_DEBUG() points for better consistency. 2012-06-05 09:45:42 +00:00
Alexander Motin
c6cba2497a Remove some dead code that I doubt will ever be implemented. 2012-06-04 09:47:19 +00:00
Alexander Motin
b9c473b2ed Rewrite enabling NCQ for SATA devices in a way more alike to SCSI TCQ.
This allows to control it with `camcontrol negotiate adaX -T (en|dis)able`
on the fly, same as for SCSI devices.

Sponsored by:	iXsystems, Inc.
2012-06-02 08:29:07 +00:00
Matt Jacob
5a1ae35dd1 Print FC PortID as a hex number. This makes it easy to
figure out domain, etc..

Zero ATIO and INOTify allocations. It makes for much
less guesswork when looking at the structure and
seeing 'deadc0de' present.

Reviewed by:	kdm
MFC after:	2 weeks
Sponsored by:	Spectralogic
2012-06-01 23:24:56 +00:00
Alexander Motin
581b2e78cf Use AC_GETDEV_CHANGED async to notify ada driver about DMA and NCQ status
change. Now that allows switching between PIO and DMA modes on the fly.
2012-06-01 09:32:37 +00:00
Eitan Adler
30563ab45e Add support for newer garmin devices
PR:		kern/163932
Submitted by:	Bartosz Fabianowski <freebsd@chillt.de>
Approved by:	cperciva
MFC after:	1 week
2012-05-30 03:50:58 +00:00
Alexander Motin
7dc3213da1 Allow to change number of openings (used tags) for ATA/SATA devices
via `camcontrol tags ... -N ...`.  There is no need to tune it in
usual cases, but some users want to have it for debugging purposes.

MFC after:	2 weeks
2012-05-29 14:28:46 +00:00
Alexander Motin
2e3f592b09 Plug request and references leak caused by race between invalidated
ond probe periph destruction and new incoming probe request.

This at least caused problems with SATA Port Multipliers hot-plug.

MFC after:	2 weeks
2012-05-29 11:22:40 +00:00
Kenneth D. Merry
c552ebe12d Work around a race condition in devfs by changing the way closes
are handled in most CAM peripheral drivers that are not handled by
GEOM's disk class.

The usual character driver open and close semantics are that the
driver gets N open calls, but only one close, when the last caller
closes the device.

CAM peripheral drivers expect that behavior to be honored to the
letter, and the CAM peripheral driver code (specifically
cam_periph_release_locked_busses()) panics if it is done incorrectly.

Since devfs has to drop its locks while it calls a driver's close
routine, and it does not have a way to delay or prevent open calls
while it is calling the close routine, there is a race.

The sequence of events, simplified a bit, is:

- devfs acquires a lock
- devfs checks the reference count, and if it is 1, continues to close.
- devfs releases the lock

- 2nd process open call on the device happens here

- devfs calls the driver's close routine

- devfs acquires a lock
- devfs decrements the reference count
- devfs releases the lock

- 2nd process close call on the device happens here

At the second close, we get a panic in
cam_periph_release_locked_busses(), complaining that peripheral
has been released when the reference count is already 0.  This is
because we have gotten two closes in a row, which should not
happen.

The fix is to add the D_TRACKCLOSE flag to the driver's cdevsw, so
that we get a close() call for each open().  That does happen
reliably, so we can make sure that our reference counts are
correct.

Note that the sa(4) and pt(4) drivers only allow one context
through the open routine.  So these drivers aren't exposed to the
same race condition.

scsi_ch.c,
scsi_enc.c,
scsi_enc_internal.h,
scsi_pass.c,
scsi_sg.c:
		For these drivers, change the open() routine to
		increment the reference count for every open, and
		just decrement the reference count in the close.

		Call cam_periph_release_locked() in some scenarios
		to avoid additional lock and unlock calls.

scsi_pt.c:	Call cam_periph_release_locked() in some scenarios
		to avoid additional lock and unlock calls.

MFC after:	3 days
2012-05-27 06:11:09 +00:00
Alexander Motin
6aca1fbc91 Add tunable/sysctl kern.cam.pmp.hide_special, controlling whether special
PMP ports such as PMP configuration or SEMB should be exposed or hidden.
These ports were always hidden before as useless and sometimes promatic.
But with updated ses driver supporting SEMB it is no longer so straight.
Keep ports hidden by default to avoid probe request ttimeouts if SEP is
not connected to PMP's SEMB via I2C, that is very often situation.
2012-05-25 08:30:09 +00:00
Alexander Motin
13cd92ccdb Remove sleep() from invalidate call in ses driver, waiting for daemon
process exit. Instead use CAM's standard reference counting to prevent
periph going away until process won't complete. I think that sleep in
single CAM SWI thread is not a good idea and may lead to deadlocks if
daemon process waits for some command completion. Combined with recent
patch avoiding use of CAM SWI for ATA it just causes panics because of
sleeps prohibited in interrupt thread context.
2012-05-25 07:57:17 +00:00
Alexander Motin
f6ad3f237a MFprojects/zfsd:
Revamp the CAM enclosure services driver.
This updated driver uses an in-kernel daemon to track state changes and
publishes physical path location information\for disk elements into the
CAM device database.

Sponsored by:   Spectra Logic Corporation
Sponsored by:   iXsystems, Inc.
Submitted by:   gibbs, will, mav
2012-05-24 14:07:44 +00:00
Alexander Motin
3089bb2e84 MFprojects/zfsd:
- Add low-level support for SATA Enclosure Management Bridge (SEMB)
devices -- SATA equivalents of the SCSI SES/SAF-TE devices.
 - Add some utility functions for SCSI SAF-TE devices access.

Sponsored by:	iXsystems, Inc.
2012-05-24 11:07:39 +00:00
Alexander Motin
711f661393 Add two functions xpt_batch_start() and xpt_batch_done() to the CAM SIM KPI
to allow drivers to handle request completion directly without passing
them to the CAM SWI thread removing extra context switch.
Modify all ATA/SATA drivers to use them.

Reviewed by:	gibbs, ken
MFC after:	2 weeks
2012-05-12 13:55:36 +00:00
Eitan Adler
c7cb82daf9 Add support for:
Olympus FE-210 camera
	LG UP3S MP3 player
	Laser MP3-2GA13 MP3

PR:		usb/119201
Submitted by:	Peter Jeremy <peterjeremy@optushome.com.au>
Approved by:	cperciva
MFC after:	1 week
2012-04-29 22:28:15 +00:00
Alexander Motin
6f48792444 Alike to SCSI make adaclose() to not return error if device gone.
This fixes KASSERT panic inside GEOM if kernel built with INVARIANTS.

MFC after:	1 week
2012-04-18 08:55:26 +00:00
Edward Tomasz Napierala
48ef856766 Fix panic at boot with SD/MMC readers with no media present, introduced
at r234177.  Note that this is a temporary fix, until I come up with something
prettier.
2012-04-17 10:44:28 +00:00
Edward Tomasz Napierala
c32b19833b Refactor da(4) to remove one of two code paths used to query capacity
data.

Reviewed by:	ken, mav (earlier version)
Sponsored by:	The FreeBSD Foundation
2012-04-12 12:58:14 +00:00
Kenneth D. Merry
bf8f8f340e Change the SCSI INQUIRY peripheral qualifier that CTL reports for LUNs
that don't exist.

Anecdotal evidence indicates that it is better to return 011b (bad LUN)
than 001b (LUN offline).  However, this change also gives the user a
sysctl/tunable, kern.cam.ctl.inquiry_pq_no_lun, to override the change
and return to the previous behavior.  (The previous behavior was to
return 001b, or LUN offline.)

ctl.c:		Change the default inquiry peripheral qualifier to 011b,
		and add a sysctl and tunable to allow the user to change
		it back to 001b if needed.

		Don't insert a Copan copyright statement in the inquiry
		data.  The copyright statements on the files are
		sufficient.

ctl_private.h:	Add sysctl variable context to the CTL softc.

ctl_cmd_table.c,
ctl_frontend_internal.c,
ctl_frontend.c,
ctl_backend.c,
ctl_error.c:	Include sys/sysctl.h.

MFC after:	3 days
2012-04-06 22:23:13 +00:00
Alexander Motin
71c8e5f440 Be more conservative in using READ CAPACITY(16) command. Previous code
checked PROTECT bit in INQUIRY data for all SPC devices, while it is defined
only since SPC-3. But there are some SPC-2 USB devices were reported, that
have PROTECT bit set, return no error for READ CAPACITY(16) command, but
return wrong sector count value in response.

MFC after:	3 days
2012-03-31 11:23:09 +00:00
Edward Tomasz Napierala
811772950f Add LUN resizing to CTL. Also make it possible to explicitly set
size when creating file-backed or device-backed LUN.

Reviewed by:	ken (earlier version)
Sponsored by:	The FreeBSD Foundation
2012-03-06 13:43:57 +00:00
Dimitry Andric
c995195062 Use a better way to silence unneeded internal declaration warnings in
several sys/cam/ctl files.

Suggested by:	ed
Reviewed by:	ken
MFC after:	1 week
2012-02-23 21:34:14 +00:00
Justin T. Gibbs
a470da8388 Limit the ST3146855LW U320 drive to 55 tags to avoid command timeouts
under load.

Submitted by:	Gelson Borsoi
MFC after:	1 day
2012-02-15 07:30:23 +00:00
Ed Maste
f0e3e0350a Avoid panic from unlocking a not locked mutex (in some error cases).
Reviewed by:	ken@
2012-02-06 18:11:00 +00:00
Alexander Motin
47bb96433c Insert ordered command every 1/4 of the current command timeout, not 1/4
of the default one.

Without this change setting kern.cam.ada.default_timeout to 1 instead of 30
allowed me to trigger several false positive command timeouts under heavy
ZFS load on a SiI3132 siis(4) controller with 5 HDDs on a port multiplier.

MFC after:	1 week
2012-02-02 19:02:15 +00:00
Alexander Motin
2121d8a585 Make CAM ATA honor old hw.ata.ata_dma and hw.ata.atapi_dma tunables.
Even having more specific hint.ata.X.mode controls, global ones are
still could be useful from some points, including compatibility.

PR:		kern/164651
MFC after:	1 week
2012-02-02 14:17:58 +00:00