Patchwork megasas: LSI Megaraid SAS HBA emulation

login
register
mail settings
Submitter Hannes Reinecke
Date Jan. 16, 2012, 3:49 p.m.
Message ID <1326728999-6882-1-git-send-email-hare@suse.de>
Download mbox | patch
Permalink /patch/136283/
State New
Headers show

Comments

Hannes Reinecke - Jan. 16, 2012, 3:49 p.m.
This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
I've tested it to work with Linux, Windows Vista, and Windows7.

Changes since v9:
- Split off trace events into a separate patch
- Do not check for max_luns in PD Info
- Update trace events
- Clarify license statement
- Fixup coding style issues

Changes since v8:
- Remove 'disable' keyword from trace definitions
- Convert hand-crafted debugging statements with trace
  definitions
- Treat 'context' tag as little endian

Changes since v7:
- Port to new memory API
- Port to new PCI infrastructure
- Use fixed buffers for sense processing
- Update to updated SCSI infrastructure

Changes since v6:
- Preliminary patches pushed to Kevins block tree
- Implement 64bit contexts, required for Windows7
- Use iovecs for DCMD processing
- Add MSI-X support
  Latest Linux driver now happily uses MSI-X.
- Static iovec allocation
  We have a fixed upper number of iovecs, so we can
  save us the allocation. Suggested by Alex Graf.
- Update MFI header
  Latest Linux driver has some more definitions,
  add them
- Fixup AEN handling
- Update tracing details
- Remove sdev pointer from megasas_cmd_t

Changes since v5:
- megasas: Use tracing infrastructure instead of DPRINTF
- megasas: Use new PCI infrastructure
- megasas: Check for iovec mapping failure
  cpu_map_physical_memory() might fail, so we need to check for
  it when mapping iovecs.
- megasas: Trace scsi buffer overflow
  The transfer length as specified in the SCSI command might
  disagree with the length of the iovec. We should be tracing
  these issues.
- megasas: Reset frames after init firmware
  When receiving an INIT FIRMWARE command we need reset all
  frames, otherwise some frames might point to invalid memory.

Chances since v4:
- megasas: checkpatch.pl fixes and update to work with the
  changed interface in scsi_req_new(). Also included the
  suggested fixes from Alex.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 Makefile.objs           |    1 +
 default-configs/pci.mak |    1 +
 hw/megasas.c            | 1863 +++++++++++++++++++++++++++++++++++++++++++++++
 hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
 hw/pci_ids.h            |    3 +-
 5 files changed, 3148 insertions(+), 1 deletions(-)
 create mode 100644 hw/megasas.c
 create mode 100644 hw/mfi.h
Hannes Reinecke - Jan. 16, 2012, 3:51 p.m.
On 01/16/2012 04:49 PM, Hannes Reinecke wrote:
> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
> I've tested it to work with Linux, Windows Vista, and Windows7.
> 
Hmm. I bet it'll be rejected now because it doesn't say '[v10]' in
the subject :-(

Better to set low expectation here.

Cheers,

Hannes
Alexander Graf - Jan. 24, 2012, 10:10 p.m.
Ping?

Am 16.01.2012 um 16:49 schrieb Hannes Reinecke <hare@suse.de>:

> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
> I've tested it to work with Linux, Windows Vista, and Windows7.
> 
> Changes since v9:
> - Split off trace events into a separate patch
> - Do not check for max_luns in PD Info
> - Update trace events
> - Clarify license statement
> - Fixup coding style issues
> 
> Changes since v8:
> - Remove 'disable' keyword from trace definitions
> - Convert hand-crafted debugging statements with trace
>  definitions
> - Treat 'context' tag as little endian
> 
> Changes since v7:
> - Port to new memory API
> - Port to new PCI infrastructure
> - Use fixed buffers for sense processing
> - Update to updated SCSI infrastructure
> 
> Changes since v6:
> - Preliminary patches pushed to Kevins block tree
> - Implement 64bit contexts, required for Windows7
> - Use iovecs for DCMD processing
> - Add MSI-X support
>  Latest Linux driver now happily uses MSI-X.
> - Static iovec allocation
>  We have a fixed upper number of iovecs, so we can
>  save us the allocation. Suggested by Alex Graf.
> - Update MFI header
>  Latest Linux driver has some more definitions,
>  add them
> - Fixup AEN handling
> - Update tracing details
> - Remove sdev pointer from megasas_cmd_t
> 
> Changes since v5:
> - megasas: Use tracing infrastructure instead of DPRINTF
> - megasas: Use new PCI infrastructure
> - megasas: Check for iovec mapping failure
>  cpu_map_physical_memory() might fail, so we need to check for
>  it when mapping iovecs.
> - megasas: Trace scsi buffer overflow
>  The transfer length as specified in the SCSI command might
>  disagree with the length of the iovec. We should be tracing
>  these issues.
> - megasas: Reset frames after init firmware
>  When receiving an INIT FIRMWARE command we need reset all
>  frames, otherwise some frames might point to invalid memory.
> 
> Chances since v4:
> - megasas: checkpatch.pl fixes and update to work with the
>  changed interface in scsi_req_new(). Also included the
>  suggested fixes from Alex.
> 
> Signed-off-by: Hannes Reinecke <hare@suse.de>
> ---
> Makefile.objs           |    1 +
> default-configs/pci.mak |    1 +
> hw/megasas.c            | 1863 +++++++++++++++++++++++++++++++++++++++++++++++
> hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
> hw/pci_ids.h            |    3 +-
> 5 files changed, 3148 insertions(+), 1 deletions(-)
> create mode 100644 hw/megasas.c
> create mode 100644 hw/mfi.h
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index 4f6d26c..3bb2e57 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -275,6 +275,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
> 
> # SCSI layer
> hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
> +hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
> hw-obj-$(CONFIG_ESP) += esp.o
> 
> hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
> index 22bd350..fabb56c 100644
> --- a/default-configs/pci.mak
> +++ b/default-configs/pci.mak
> @@ -9,6 +9,7 @@ CONFIG_EEPRO100_PCI=y
> CONFIG_PCNET_PCI=y
> CONFIG_PCNET_COMMON=y
> CONFIG_LSI_SCSI_PCI=y
> +CONFIG_MEGASAS_SCSI_PCI=y
> CONFIG_RTL8139_PCI=y
> CONFIG_E1000_PCI=y
> CONFIG_IDE_CORE=y
> diff --git a/hw/megasas.c b/hw/megasas.c
> new file mode 100644
> index 0000000..69dac2e
> --- /dev/null
> +++ b/hw/megasas.c
> @@ -0,0 +1,1863 @@
> +/*
> + * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
> + *
> + * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "hw.h"
> +#include "pci.h"
> +#include "dma.h"
> +#include "msix.h"
> +#include "iov.h"
> +#include "scsi.h"
> +#include "scsi-defs.h"
> +#include "block_int.h"
> +
> +#include "mfi.h"
> +
> +/* Static definitions */
> +#define MEGASAS_VERSION "1.50"
> +#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
> +#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
> +#define MEGASAS_MAX_SGE 128             /* Firmware limit */
> +#define MEGASAS_DEFAULT_SGE 80
> +#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
> +#define MEGASAS_MAX_ARRAYS 128
> +
> +#define MEGASAS_FLAG_USE_JBOD      0x00000001
> +#define MEGASAS_FLAG_USE_MSIX      0x00000002
> +#define MEGASAS_FLAG_USE_QUEUE64   0x00000004
> +
> +const char *megasas_raid_modes[] = {
> +    "raid", "jbod"
> +};
> +
> +const char *mfi_frame_desc[] = {
> +    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
> +    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
> +
> +struct megasas_cmd_t {
> +    uint32_t index;
> +    uint16_t flags;
> +    uint16_t count;
> +    uint64_t context;
> +
> +    target_phys_addr_t pa;
> +    target_phys_addr_t pa_size;
> +    union mfi_frame *frame;
> +    SCSIRequest *req;
> +    struct iovec iov[MEGASAS_MAX_SGE];
> +    int iov_cnt;
> +    size_t iov_size;
> +    size_t iov_offset;
> +    struct megasas_state_t *state;
> +};
> +
> +typedef struct megasas_state_t {
> +    PCIDevice dev;
> +    MemoryRegion mmio_io;
> +    MemoryRegion port_io;
> +    MemoryRegion queue_io;
> +    MemoryRegion msix_io;
> +    uint32_t frame_hi;
> +
> +    int fw_state;
> +    uint32_t fw_sge;
> +    uint32_t fw_cmds;
> +    uint32_t flags;
> +    int fw_luns;
> +    int intr_mask;
> +    int doorbell;
> +    int busy;
> +    char *raid_mode_str;
> +
> +    struct megasas_cmd_t *event_cmd;
> +    int event_locale;
> +    int event_class;
> +    int event_count;
> +    int shutdown_event;
> +    int boot_event;
> +
> +    uint64_t reply_queue_pa;
> +    void *reply_queue;
> +    int reply_queue_len;
> +    int reply_queue_index;
> +    uint64_t consumer_pa;
> +    uint64_t producer_pa;
> +
> +    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
> +
> +    SCSIBus bus;
> +} MPTState;
> +
> +#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
> +
> +static bool megasas_intr_enabled(MPTState *s)
> +{
> +    if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
> +        MEGASAS_INTR_DISABLED_MASK) {
> +        return true;
> +    }
> +    return false;
> +}
> +
> +static bool megasas_use_queue64(MPTState *s)
> +{
> +    return s->flags & MEGASAS_FLAG_USE_QUEUE64;
> +}
> +
> +static bool megasas_use_msix(MPTState *s)
> +{
> +    return s->flags & MEGASAS_FLAG_USE_MSIX;
> +}
> +
> +static bool megasas_is_jbod(MPTState *s)
> +{
> +    return s->flags & MEGASAS_FLAG_USE_JBOD;
> +}
> +
> +static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
> +{
> +    stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
> +}
> +
> +static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
> +{
> +    stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
> +}
> +
> +static uint8_t megasas_frame_get_cmd(unsigned long frame)
> +{
> +    return ldub_phys(frame + offsetof(struct mfi_frame_header, frame_cmd));
> +}
> +
> +/*
> + * Context is considered opaque, but the emulation is running
> + * in little endian mode. So convert it to little endian, too.
> + */
> +static uint32_t megasas_frame_get_context(unsigned long frame)
> +{
> +    return ldl_le_phys(frame + offsetof(struct mfi_frame_header, context));
> +}
> +
> +static uint64_t megasas_frame_get_context64(unsigned long frame)
> +{
> +    return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
> +}
> +
> +static bool megasas_frame_is_ieee_sgl(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_IEEE_SGL;
> +}
> +
> +static bool megasas_frame_is_sgl64(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_SGL64;
> +}
> +
> +static bool megasas_frame_is_write(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_DIR_WRITE;
> +}
> +
> +static bool megasas_frame_is_sense64(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_SENSE64;
> +}
> +
> +static uint64_t megasas_sgl_get_addr(struct megasas_cmd_t *cmd,
> +                                     union mfi_sgl *sgl)
> +{
> +    uint64_t addr;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        addr = le64_to_cpu(sgl->sg_skinny->addr);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        addr = le64_to_cpu(sgl->sg64->addr);
> +    } else {
> +        addr = le32_to_cpu(sgl->sg32->addr);
> +    }
> +    return addr;
> +}
> +
> +static uint32_t megasas_sgl_get_len(struct megasas_cmd_t *cmd,
> +                                    union mfi_sgl *sgl)
> +{
> +    uint32_t len;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        len = le32_to_cpu(sgl->sg_skinny->len);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        len = le32_to_cpu(sgl->sg64->len);
> +    } else {
> +        len = le32_to_cpu(sgl->sg32->len);
> +    }
> +    return len;
> +}
> +
> +static union mfi_sgl *megasas_sgl_next(struct megasas_cmd_t *cmd,
> +                                       union mfi_sgl *sgl)
> +{
> +    uint8_t *next = (uint8_t *)sgl;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        next += sizeof(struct mfi_sg_skinny);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        next += sizeof(struct mfi_sg64);
> +    } else {
> +        next += sizeof(struct mfi_sg32);
> +    }
> +
> +    if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
> +        return NULL;
> +    }
> +    return (union mfi_sgl *)next;
> +}
> +
> +static void megasas_soft_reset(MPTState *s);
> +
> +static int megasas_map_sgl(struct megasas_cmd_t *cmd, union mfi_sgl *sgl)
> +{
> +    int i;
> +    int is_write;
> +    int iov_count = 0;
> +    size_t iov_size = 0;
> +
> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
> +    cmd->iov_cnt = iov_count = cmd->frame->header.sge_count;
> +    if (cmd->iov_cnt > MEGASAS_MAX_SGE) {
> +        cmd->iov_cnt = 0;
> +        return iov_count;
> +    }
> +    is_write = megasas_frame_is_write(cmd);
> +    for (i = 0; i < cmd->iov_cnt; i++) {
> +        target_phys_addr_t iov_pa, iov_size_p;
> +
> +        if (!sgl) {
> +            goto unmap;
> +        }
> +        iov_pa = megasas_sgl_get_addr(cmd, sgl);
> +        cmd->iov[i].iov_len = iov_size_p = megasas_sgl_get_len(cmd, sgl);
> +        if (!iov_pa || !iov_size_p) {
> +            goto unmap;
> +        }
> +        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa, &iov_size_p,
> +                                                       is_write);
> +        if (!iov_size_p || iov_size_p != cmd->iov[i].iov_len) {
> +            if (cmd->iov[i].iov_base) {
> +                cpu_physical_memory_unmap(cmd->iov[i].iov_base,
> +                                          iov_size_p, 0, 0);
> +            }
> +            goto unmap;
> +        }
> +        sgl = megasas_sgl_next(cmd, sgl);
> +        iov_size += cmd->iov[i].iov_len;
> +        iov_count--;
> +    }
> +    cmd->iov[i].iov_base = NULL;
> +    cmd->iov[i].iov_len = 0;
> +    cmd->iov_offset = 0;
> +    return 0;
> +unmap:
> +    while (i > 0) {
> +        cpu_physical_memory_unmap(cmd->iov[i-1].iov_base,
> +                                  cmd->iov[i-1].iov_len, 0, 0);
> +        i--;
> +    }
> +    cmd->iov_cnt = 0;
> +    return iov_count;
> +}
> +
> +static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
> +{
> +    int i, is_write = megasas_frame_is_write(cmd);
> +
> +    for (i = 0; i < cmd->iov_cnt; i++) {
> +        cpu_physical_memory_unmap(cmd->iov[i].iov_base, cmd->iov[i].iov_len,
> +                                  is_write, cmd->iov[i].iov_len);
> +    }
> +    cmd->iov_cnt = 0;
> +    cmd->iov_offset = 0;
> +}
> +
> +/*
> + * passthrough sense and io sense are at the same offset
> + */
> +static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t *sense_ptr,
> +    uint8_t sense_len)
> +{
> +    uint32_t pa_hi = 0, pa_lo;
> +    target_phys_addr_t pa;
> +
> +    if (sense_len > cmd->frame->header.sense_len) {
> +        sense_len = cmd->frame->header.sense_len;
> +    }
> +
> +    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
> +    if (megasas_frame_is_sense64(cmd)) {
> +        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
> +    }
> +    pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    cpu_physical_memory_write(pa, sense_ptr, sense_len);
> +    cmd->frame->header.sense_len = sense_len;
> +    return sense_len;
> +}
> +
> +static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense sense)
> +{
> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
> +    uint8_t sense_len = 18;
> +
> +    memset(sense_buf, 0, sense_len);
> +    sense_buf[0] = 0xf0;
> +    sense_buf[2] = sense.key;
> +    sense_buf[7] = 10;
> +    sense_buf[12] = sense.asc;
> +    sense_buf[13] = sense.ascq;
> +    megasas_build_sense(cmd, sense_buf, sense_len);
> +}
> +
> +static void megasas_copy_sense(struct megasas_cmd_t *cmd)
> +{
> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
> +    uint8_t sense_len;
> +
> +    sense_len = scsi_req_get_sense(cmd->req, sense_buf,
> +                                   cmd->frame->header.sense_len);
> +    megasas_build_sense(cmd, sense_buf, sense_len);
> +}
> +
> +/*
> + * Format an INQUIRY CDB
> + */
> +static int megasas_setup_inquiry(uint8_t *cdb, int pg,
> +                                 uint8_t *buf, int len)
> +{
> +    memset(cdb, 0, 6);
> +    cdb[0] = INQUIRY;
> +    if (pg > 0) {
> +        cdb[1] = 0x1;
> +        cdb[2] = pg;
> +    }
> +    cdb[3] = (len >> 8) & 0xff;
> +    cdb[4] = (len & 0xff);
> +    return len;
> +}
> +
> +/*
> + * Encode lba and len into a READ_16/WRITE_16 CDB
> + */
> +static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
> +                               uint32_t len, int is_write)
> +{
> +    memset(cdb, 0x0, 16);
> +    if (is_write) {
> +        cdb[0] = WRITE_16;
> +    } else {
> +        cdb[0] = READ_16;
> +    }
> +    cdb[2] = (lba >> 56) & 0xff;
> +    cdb[3] = (lba >> 48) & 0xff;
> +    cdb[4] = (lba >> 40) & 0xff;
> +    cdb[5] = (lba >> 32) & 0xff;
> +    cdb[6] = (lba >> 24) & 0xff;
> +    cdb[7] = (lba >> 16) & 0xff;
> +    cdb[8] = (lba >> 8) & 0xff;
> +    cdb[9] = (lba) & 0xff;
> +    cdb[10] = (len >> 24) & 0xff;
> +    cdb[11] = (len >> 16) & 0xff;
> +    cdb[12] = (len >> 8) & 0xff;
> +    cdb[13] = (len) & 0xff;
> +}
> +
> +/*
> + * Utility functions
> + */
> +static uint64_t megasas_fw_time(void)
> +{
> +    struct tm curtime;
> +    uint64_t bcd_time;
> +
> +    qemu_get_timedate(&curtime, 0);
> +    bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
> +        ((uint64_t)curtime.tm_min & 0xff)  << 40 |
> +        ((uint64_t)curtime.tm_hour & 0xff) << 32 |
> +        ((uint64_t)curtime.tm_mday & 0xff) << 24 |
> +        ((uint64_t)curtime.tm_mon & 0xff)  << 16 |
> +        ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
> +
> +    return bcd_time;
> +}
> +
> +static uint64_t megasas_gen_sas_addr(uint64_t id)
> +{
> +    uint64_t addr;
> +
> +    addr = 0x5001a4aULL << 36;
> +    addr |= id & 0xfffffffff;
> +
> +    return addr;
> +}
> +
> +/*
> + * Frame handling
> + */
> +static inline int megasas_next_index(MPTState *s, int index, int limit)
> +{
> +    index++;
> +    if (index == limit) {
> +        index = 0;
> +    }
> +    return index;
> +}
> +
> +static inline struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
> +    target_phys_addr_t frame)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int num = 0, index;
> +
> +    index = s->reply_queue_index;
> +
> +    while (num < s->fw_cmds) {
> +        if (s->frames[index].pa && s->frames[index].pa == frame) {
> +            cmd = &s->frames[index];
> +            break;
> +        }
> +        index = megasas_next_index(s, index, s->fw_cmds);
> +        num++;
> +    }
> +
> +    return cmd;
> +}
> +
> +static inline struct megasas_cmd_t *megasas_next_frame(MPTState *s,
> +    target_phys_addr_t frame)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int num = 0, index;
> +
> +    cmd = megasas_lookup_frame(s, frame);
> +    if (cmd) {
> +        return cmd;
> +    }
> +    index = s->reply_queue_index;
> +    num = 0;
> +    while (num < s->fw_cmds) {
> +        if (!s->frames[index].pa) {
> +            cmd = &s->frames[index];
> +            break;
> +        }
> +        index = megasas_next_index(s, index, s->fw_cmds);
> +        num++;
> +    }
> +    return cmd;
> +}
> +
> +static struct megasas_cmd_t *
> +megasas_enqueue_frame(MPTState *s, target_phys_addr_t frame,
> +                      uint64_t context, int count)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int frame_size = MFI_FRAME_SIZE * 16;
> +    target_phys_addr_t frame_size_p = frame_size;
> +
> +    cmd = megasas_next_frame(s, frame);
> +    /* All frames busy */
> +    if (!cmd) {
> +        return NULL;
> +    }
> +    if (!cmd->pa) {
> +        cmd->pa = frame;
> +        /* Map all possible frames */
> +        cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
> +        if (frame_size_p != frame_size) {
> +            if (cmd->frame) {
> +                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
> +                cmd->frame = NULL;
> +                cmd->pa = 0;
> +            }
> +            s->event_count++;
> +            return NULL;
> +        }
> +        cmd->pa_size = frame_size_p;
> +        cmd->context = context;
> +    }
> +    cmd->count = count;
> +    s->busy++;
> +
> +    return cmd;
> +}
> +
> +static void megasas_complete_frame(MPTState *s, uint64_t context)
> +{
> +    int tail, queue_offset;
> +
> +    /* Decrement busy count */
> +    s->busy--;
> +
> +    if (!megasas_intr_enabled(s)) {
> +        return;
> +    }
> +
> +    /*
> +     * Put command on the reply queue.
> +     * Context is opaque, but emulation is running in
> +     * little endian. So convert it.
> +     */
> +    tail = s->reply_queue_index;
> +    if (megasas_use_queue64(s)) {
> +        queue_offset = tail * sizeof(uint64_t);
> +        stq_le_phys(s->reply_queue_pa + queue_offset, context);
> +    } else {
> +        queue_offset = tail * sizeof(uint32_t);
> +        stl_le_phys(s->reply_queue_pa + queue_offset, context);
> +    }
> +
> +    s->reply_queue_index = megasas_next_index(s, tail, s->fw_cmds);
> +
> +    /* Notify HBA */
> +    s->doorbell++;
> +    if (s->doorbell == 1) {
> +        if (msix_enabled(&s->dev)) {
> +            msix_notify(&s->dev, 0);
> +        } else {
> +            qemu_irq_raise(s->dev.irq[0]);
> +        }
> +    }
> +}
> +
> +static void megasas_reset_frames(MPTState *s)
> +{
> +    int i;
> +    struct megasas_cmd_t *cmd;
> +
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        cmd = &s->frames[i];
> +        if (cmd->pa) {
> +            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
> +            cmd->frame = NULL;
> +            cmd->pa = 0;
> +        }
> +    }
> +}
> +
> +static void megasas_abort_command(struct megasas_cmd_t *cmd)
> +{
> +    if (cmd->req) {
> +        scsi_req_abort(cmd->req, ABORTED_COMMAND);
> +        cmd->req = NULL;
> +    }
> +}
> +
> +static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint32_t pa_hi, pa_lo, iq_pl;
> +    target_phys_addr_t iq_pa, initq_size;
> +    struct mfi_init_qinfo *initq;
> +    uint32_t reply_queue_tail, flags;
> +    int ret = MFI_STAT_OK;
> +
> +    iq_pl = le32_to_cpu(cmd->frame->init.header.data_len);
> +    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
> +    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
> +    iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
> +    initq_size = sizeof(*initq);
> +    initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
> +    if (initq_size != sizeof(*initq)) {
> +        if (initq) {
> +            cpu_physical_memory_unmap(initq, initq_size, 0, 0);
> +        }
> +        s->event_count++;
> +        ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
> +        goto out;
> +    }
> +    s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
> +    if (s->reply_queue_len > s->fw_cmds) {
> +        s->event_count++;
> +        ret = MFI_STAT_INVALID_PARAMETER;
> +        goto out;
> +    }
> +    pa_lo = le32_to_cpu(initq->rq_addr_lo);
> +    pa_hi = le32_to_cpu(initq->rq_addr_hi);
> +    s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    pa_lo = le32_to_cpu(initq->ci_addr_lo);
> +    pa_hi = le32_to_cpu(initq->ci_addr_hi);
> +    s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    pa_lo = le32_to_cpu(initq->pi_addr_lo);
> +    pa_hi = le32_to_cpu(initq->pi_addr_hi);
> +    s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    s->reply_queue_index = ldl_le_phys(s->producer_pa);
> +    reply_queue_tail = ldl_le_phys(s->consumer_pa);
> +    flags = le32_to_cpu(initq->flags);
> +    if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
> +        s->flags |= MEGASAS_FLAG_USE_QUEUE64;
> +    }
> +    megasas_reset_frames(s);
> +    s->fw_state = MFI_FWSTATE_OPERATIONAL;
> +out:
> +    cpu_physical_memory_unmap(initq, initq_size, 0, 0);
> +    return ret;
> +}
> +
> +static int megasas_map_dcmd(struct megasas_cmd_t *cmd)
> +{
> +    target_phys_addr_t iov_pa, iov_size;
> +
> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
> +    if (!cmd->frame->header.sge_count) {
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return 0;
> +    } else if (cmd->frame->header.sge_count > 1) {
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return -1;
> +    }
> +    iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
> +    iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
> +    cmd->iov[0].iov_len = iov_size;
> +    cmd->iov[0].iov_base = cpu_physical_memory_map(iov_pa, &iov_size, 1);
> +    if (cmd->iov[0].iov_len != iov_size) {
> +        if (cmd->iov[0].iov_base) {
> +            cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size, 1, 0);
> +        }
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return -1;
> +    }
> +    cmd->iov_cnt = 1;
> +    cmd->iov_size = iov_size;
> +    return cmd->iov_size;
> +}
> +
> +static int megasas_finish_dcmd(struct megasas_cmd_t *cmd)
> +{
> +    uint32_t iov_size = cmd->iov[0].iov_len;
> +
> +    if (!cmd->iov_cnt) {
> +        return 0;
> +    }
> +
> +    cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size,
> +                              1, cmd->iov_size);
> +
> +    cmd->iov_cnt = 0;
> +    if (iov_size > cmd->iov_size) {
> +        if (megasas_frame_is_ieee_sgl(cmd)) {
> +            cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
> +        } else if (megasas_frame_is_sgl64(cmd)) {
> +            cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
> +        } else {
> +            cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
> +        }
> +    }
> +    cmd->iov_size = 0;
> +    return iov_size;
> +}
> +
> +static int megasas_ctrl_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ctrl_info *info = cmd->iov[0].iov_base;
> +    DeviceState *qdev;
> +    int num_ld_disks = 0;
> +
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        num_ld_disks++;
> +    }
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    info->pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
> +    info->pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
> +    info->pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
> +    info->pci.subdevice = cpu_to_le16(0x1013);
> +
> +    info->host.type = MFI_INFO_HOST_PCIX;
> +    info->device.type = MFI_INFO_DEV_SAS3G;
> +    info->device.port_count = 2;
> +    info->device.port_addr[0] = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
> +
> +    memcpy(info->product_name, "MegaRAID SAS 8708EM2", 20);
> +    snprintf(info->serial_number, 32, "QEMU%08lx",
> +             (unsigned long)s & 0xFFFFFFFF);
> +    snprintf(info->package_version, 0x60, "%s-QEMU", QEMU_VERSION);
> +    memcpy(info->image_component[0].name, "APP", 8);
> +    memcpy(info->image_component[0].version, MEGASAS_VERSION "-QEMU", 32);
> +    memcpy(info->image_component[0].build_date, __DATE__, 16);
> +    memcpy(info->image_component[0].build_time, __TIME__, 16);
> +    info->image_component_count = 1;
> +    info->current_fw_time = cpu_to_le32(megasas_fw_time());
> +    info->max_arms = 32;
> +    info->max_spans = 8;
> +    info->max_arrays = MEGASAS_MAX_ARRAYS;
> +    info->max_lds = s->fw_luns;
> +    info->max_cmds = cpu_to_le16(s->fw_cmds);
> +    info->max_sg_elements = cpu_to_le16(s->fw_sge);
> +    info->max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
> +    info->lds_present = cpu_to_le16(num_ld_disks);
> +    info->pd_present = cpu_to_le16(num_ld_disks + 1);
> +    info->pd_disks_present = cpu_to_le16(num_ld_disks);
> +    info->hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
> +                                   MFI_INFO_HW_MEM |
> +                                   MFI_INFO_HW_FLASH);
> +    info->memory_size = cpu_to_le16(512);
> +    info->nvram_size = cpu_to_le16(32);
> +    info->flash_size = cpu_to_le16(16);
> +    info->raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
> +    info->adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
> +                                    MFI_INFO_AOPS_SELF_DIAGNOSTIC |
> +                                    MFI_INFO_AOPS_MIXED_ARRAY);
> +    info->ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
> +                               MFI_INFO_LDOPS_ACCESS_POLICY |
> +                               MFI_INFO_LDOPS_IO_POLICY |
> +                               MFI_INFO_LDOPS_WRITE_POLICY |
> +                               MFI_INFO_LDOPS_READ_POLICY);
> +    info->max_strips_per_io = cpu_to_le16(s->fw_sge);
> +    info->stripe_sz_ops.min = 3;
> +    info->stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
> +    info->properties.pred_fail_poll_interval = cpu_to_le16(300);
> +    info->properties.intr_throttle_cnt = cpu_to_le16(16);
> +    info->properties.intr_throttle_timeout = cpu_to_le16(50);
> +    info->properties.rebuild_rate = 30;
> +    info->properties.patrol_read_rate = 30;
> +    info->properties.bgi_rate = 30;
> +    info->properties.cc_rate = 30;
> +    info->properties.recon_rate = 30;
> +    info->properties.cache_flush_interval = 4;
> +    info->properties.spinup_drv_cnt = 2;
> +    info->properties.spinup_delay = 6;
> +    info->properties.ecc_bucket_size = 15;
> +    info->properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
> +    info->properties.expose_encl_devices = 1;
> +    info->properties.OnOffProperties.enableJBOD = 1;
> +    info->pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
> +                               MFI_INFO_PDOPS_FORCE_OFFLINE);
> +    info->pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
> +                                       MFI_INFO_PDMIX_SATA |
> +                                       MFI_INFO_PDMIX_LD);
> +    cmd->iov_size = sizeof(struct mfi_ctrl_info);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_mfc_get_defaults(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_defaults *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_defaults)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    info->sas_addr = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
> +    info->stripe_size = 3;
> +    info->flush_time = 4;
> +    info->background_rate = 30;
> +    info->allow_mix_in_enclosure = 1;
> +    info->allow_mix_in_ld = 1;
> +    info->direct_pd_mapping = 1;
> +    /* Enable for BIOS support */
> +    info->bios_enumerate_lds = 1;
> +    info->disable_ctrl_r = 1;
> +    info->expose_enclosure_devices = 1;
> +    info->disable_preboot_cli = 1;
> +    info->cluster_disable = 1;
> +
> +    cmd->iov_size = sizeof(struct mfi_defaults);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_get_bios_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_bios_data *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_bios_data)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    info->continue_on_error = 1;
> +    info->verbose = 1;
> +    if (megasas_is_jbod(s)) {
> +        info->expose_all_drives = 1;
> +    }
> +
> +    cmd->iov_size = sizeof(struct mfi_bios_data);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_get_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t fw_time;
> +
> +    fw_time = cpu_to_le64(megasas_fw_time());
> +
> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
> +    cmd->iov_size = sizeof(fw_time);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_set_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t fw_time;
> +
> +    memset(cmd->iov[0].iov_base, 0x0, cmd->iov_size);
> +    memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
> +
> +    fw_time = cpu_to_le64(megasas_fw_time());
> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
> +    cmd->iov_size = sizeof(fw_time);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_event_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_evt_log_state *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0, cmd->iov_size);
> +
> +    info->newest_seq_num = cpu_to_le32(s->event_count);
> +    info->shutdown_seq_num = cpu_to_le32(s->shutdown_event);
> +    info->boot_seq_num = cpu_to_le32(s->boot_event);
> +
> +    cmd->iov_size = sizeof(struct mfi_evt_log_state);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_event_wait(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    union mfi_evt event;
> +
> +    if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
> +    event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
> +    s->event_locale = event.members.locale;
> +    s->event_class = event.members.class;
> +    s->event_cmd = cmd;
> +    /* Decrease busy count; event frame doesn't count here */
> +    s->busy--;
> +    cmd->iov_size = sizeof(struct mfi_evt_detail);
> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_dcmd_pd_get_list(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_list *info = cmd->iov[0].iov_base;
> +    DeviceState *qdev;
> +    uint32_t offset, num_pd_disks = 0, max_luns;
> +    uint16_t dev_id;
> +
> +    memset(info, 0, cmd->iov_size);
> +    offset = 8;
> +    if (cmd->iov_size < (offset + sizeof(struct mfi_pd_address))) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    max_luns = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
> +    if (max_luns > s->fw_luns) {
> +        max_luns = s->fw_luns;
> +    }
> +
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
> +
> +        dev_id = sdev->id;
> +        info->addr[num_pd_disks].device_id = cpu_to_le16(dev_id);
> +        info->addr[num_pd_disks].encl_device_id = cpu_to_le16(dev_id);
> +        info->addr[num_pd_disks].sas_addr[0] =
> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
> +        num_pd_disks++;
> +        offset += sizeof(struct mfi_pd_address);
> +    }
> +
> +    info->size = cpu_to_le32(offset);
> +    info->count = cpu_to_le32(num_pd_disks);
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_pd_list_query(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint16_t flags;
> +
> +    /* mbox0 contains flags */
> +    flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +
> +    if (flags == MR_PD_QUERY_TYPE_ALL || megasas_is_jbod(s)) {
> +        return megasas_dcmd_pd_get_list(s, cmd);
> +    }
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
> +                                      struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
> +    uint8_t cmdbuf[6];
> +    SCSIRequest *req;
> +    size_t len;
> +
> +    if (info->inquiry_data[4] == 0) {
> +        /* Additional length is zero, resubmit */
> +        megasas_setup_inquiry(cmdbuf, 0, info->inquiry_data,
> +                              sizeof(info->inquiry_data));
> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    } else if (info->vpd_page83[3] == 0) {
> +        /* Additional length is zero, resubmit */
> +        megasas_setup_inquiry(cmdbuf, 0x83, (uint8_t *)info->vpd_page83,
> +                              sizeof(info->vpd_page83));
> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    }
> +
> +    /* Finished, set FW state */
> +    if (megasas_is_jbod(cmd->state)) {
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
> +    } else {
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
> +    }
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_pd_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
> +    uint64_t pd_size;
> +    uint16_t pd_id;
> +    SCSIDevice *sdev = NULL;
> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_pd_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    /* mbox0 has the ID */
> +    pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +    sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
> +
> +    if (sdev) {
> +        BlockConf *conf = &sdev->conf;
> +
> +        info->ref.v.device_id = pd_id;
> +        info->state.ddf.v.pd_type.in_vd = 1;
> +        info->state.ddf.v.pd_type.intf = 0x2;
> +        bdrv_get_geometry(conf->bs, &pd_size);
> +        info->raw_size = cpu_to_le64(pd_size);
> +        info->non_coerced_size = cpu_to_le64(pd_size);
> +        info->coerced_size = cpu_to_le64(pd_size);
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
> +        info->path_info.count = 1;
> +        info->path_info.sas_addr[0] =
> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
> +        /* Submit inquiry */
> +        retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
> +    }
> +
> +    return retval;
> +}
> +
> +static int megasas_dcmd_ld_get_list(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_list *info = cmd->iov[0].iov_base;
> +    uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
> +    uint64_t ld_size;
> +    int offset;
> +    DeviceState *qdev;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ld_list)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    if (megasas_is_jbod(s)) {
> +        max_ld_disks = 0;
> +    }
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
> +        BlockConf *conf = &sdev->conf;
> +
> +        bdrv_get_geometry(conf->bs, &ld_size);
> +        ld_size *= 512;
> +        info->ld_list[num_ld_disks].ld.v.target_id = sdev->id;
> +        info->ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
> +        info->ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
> +        num_ld_disks++;
> +        offset += 18;
> +    }
> +    info->ld_count = cpu_to_le32(num_ld_disks);
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
> +                                      struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
> +    uint8_t cdb[6];
> +    SCSIRequest *req;
> +    ssize_t len;
> +
> +    if (info->vpd_page83[3] == 0) {
> +        megasas_setup_inquiry(cdb, 0x83, (uint8_t *)info->vpd_page83,
> +                              sizeof(info->vpd_page83));
> +        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    }
> +    info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_ld_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
> +    uint64_t ld_size;
> +    uint16_t ld_id;
> +    uint32_t max_ld_disks = s->fw_luns;
> +    SCSIDevice *sdev = NULL;
> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ld_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    /* mbox0 has the ID */
> +    ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +
> +    if (megasas_is_jbod(s)) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (ld_id < max_ld_disks) {
> +        sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
> +    }
> +
> +    if (sdev) {
> +        BlockConf *conf = &sdev->conf;
> +
> +        info->ld_config.properties.ld.v.target_id = ld_id;
> +        info->ld_config.params.stripe_size = 3;
> +        info->ld_config.params.num_drives = 1;
> +        info->ld_config.params.state = MFI_LD_STATE_OFFLINE;
> +        info->ld_config.params.is_consistent = 1;
> +        bdrv_get_geometry(conf->bs, &ld_size);
> +        info->size = cpu_to_le64(ld_size);
> +        retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
> +    }
> +
> +    return retval;
> +}
> +
> +static int megasas_dcmd_get_properties(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ctrl_props *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_props)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    info->pred_fail_poll_interval = cpu_to_le16(300);
> +    info->intr_throttle_cnt = cpu_to_le16(16);
> +    info->intr_throttle_timeout = cpu_to_le16(50);
> +    info->rebuild_rate = 30;
> +    info->patrol_read_rate = 30;
> +    info->bgi_rate = 30;
> +    info->cc_rate = 30;
> +    info->recon_rate = 30;
> +    info->cache_flush_interval = 4;
> +    info->spinup_drv_cnt = 2;
> +    info->spinup_delay = 6;
> +    info->ecc_bucket_size = 15;
> +    info->ecc_bucket_leak_rate = cpu_to_le16(1440);
> +    info->expose_encl_devices = 1;
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_cache_flush(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    qemu_aio_flush();
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_ctrl_shutdown(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    s->fw_state = MFI_FWSTATE_READY;
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_cluster_reset_ld(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    return MFI_STAT_INVALID_DCMD;
> +}
> +
> +static int megasas_dcmd_set_properties(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_dummy(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    if (cmd->iov_size) {
> +        memset(cmd->iov[0].iov_base, 0, cmd->iov_size);
> +    }
> +    return MFI_STAT_OK;
> +}
> +
> +static const struct dcmd_cmd_tbl_t {
> +    int opcode;
> +    int (*func)(MPTState *s, struct megasas_cmd_t *cmd);
> +} dcmd_cmd_tbl[] = {
> +    { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_GET_INFO, megasas_ctrl_get_info },
> +    { MFI_DCMD_CTRL_GET_PROPERTIES, megasas_dcmd_get_properties },
> +    { MFI_DCMD_CTRL_SET_PROPERTIES, megasas_dcmd_set_properties },
> +    { MFI_DCMD_CTRL_ALARM_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_ENABLE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_DISABLE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_SILENCE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_TEST, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_EVENT_GETINFO, megasas_event_info },
> +    { MFI_DCMD_CTRL_EVENT_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_EVENT_WAIT, megasas_event_wait },
> +    { MFI_DCMD_CTRL_SHUTDOWN, megasas_ctrl_shutdown },
> +    { MFI_DCMD_HIBERNATE_STANDBY, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_GET_TIME, megasas_dcmd_get_fw_time },
> +    { MFI_DCMD_CTRL_SET_TIME, megasas_dcmd_set_fw_time },
> +    { MFI_DCMD_CTRL_BIOS_DATA_GET, megasas_dcmd_get_bios_info },
> +    { MFI_DCMD_CTRL_FACTORY_DEFAULTS, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, megasas_mfc_get_defaults },
> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_CACHE_FLUSH, megasas_cache_flush },
> +    { MFI_DCMD_PD_GET_LIST, megasas_dcmd_pd_get_list },
> +    { MFI_DCMD_PD_LIST_QUERY, megasas_dcmd_pd_list_query },
> +    { MFI_DCMD_PD_GET_INFO, megasas_dcmd_pd_get_info },
> +    { MFI_DCMD_PD_STATE_SET, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_REBUILD, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_BLINK, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_UNBLINK, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_GET_LIST, megasas_dcmd_ld_get_list},
> +    { MFI_DCMD_LD_GET_INFO, megasas_dcmd_ld_get_info },
> +    { MFI_DCMD_LD_GET_PROP, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_SET_PROP, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_DELETE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_READ, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_ADD, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_CLEAR, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_FOREIGN_READ, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_FOREIGN_IMPORT, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_STATUS, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_CAPACITY_INFO, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_DESIGN_INFO, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_PROP_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER_RESET_ALL, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER_RESET_LD, megasas_cluster_reset_ld },
> +    { -1, NULL }
> +};
> +
> +static int megasas_handle_dcmd(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    int opcode, size = 0, len;
> +    int retval = 0;
> +    const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
> +
> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
> +    len = megasas_map_dcmd(cmd);
> +    if (len < 0) {
> +        return MFI_STAT_MEMORY_NOT_AVAILABLE;
> +    }
> +    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
> +        cmdptr++;
> +    }
> +    if (cmdptr->opcode == -1) {
> +        retval = megasas_dcmd_dummy(s, cmd);
> +    } else {
> +        retval = cmdptr->func(s, cmd);
> +    }
> +    if (retval != MFI_STAT_INVALID_STATUS) {
> +        size = megasas_finish_dcmd(cmd);
> +    }
> +    return retval;
> +}
> +
> +static int megasas_finish_internal_dcmd(struct megasas_cmd_t *cmd,
> +                                        SCSIRequest *req)
> +{
> +    int opcode;
> +    int retval = MFI_STAT_OK;
> +    int lun = req->lun;
> +
> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
> +    scsi_req_unref(req);
> +    switch (opcode) {
> +    case MFI_DCMD_PD_GET_INFO:
> +        retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
> +        break;
> +    case MFI_DCMD_LD_GET_INFO:
> +        retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
> +        break;
> +    default:
> +        retval = MFI_STAT_INVALID_DCMD;
> +        break;
> +    }
> +    if (retval != MFI_STAT_INVALID_STATUS) {
> +        megasas_finish_dcmd(cmd);
> +    }
> +    return retval;
> +}
> +
> +static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd,
> +                               int is_logical)
> +{
> +    uint8_t *cdb;
> +    int len;
> +    struct SCSIDevice *sdev = NULL;
> +
> +    cdb = cmd->frame->pass.cdb;
> +
> +    if (cmd->frame->header.target_id < s->fw_luns) {
> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
> +                                cmd->frame->header.lun_id);
> +    }
> +    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
> +
> +    if (!sdev || (megasas_is_jbod(s) && is_logical)) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (cmd->frame->header.cdb_len > 16) {
> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    if (megasas_map_sgl(cmd, &cmd->frame->pass.sgl)) {
> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    cmd->req = scsi_req_new(sdev, cmd->index,
> +                            cmd->frame->header.lun_id, cdb, cmd);
> +    if (!cmd->req) {
> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
> +        cmd->frame->header.scsi_status = BUSY;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    len = scsi_req_enqueue(cmd->req);
> +    if (len > 0) {
> +        if (len < cmd->iov_size) {
> +            cmd->iov_size = len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    } else if (len < 0) {
> +        if (-len < cmd->iov_size) {
> +            cmd->iov_size = -len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    }
> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint32_t lba_count, lba_start_hi, lba_start_lo;
> +    uint64_t lba_start;
> +    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
> +    uint8_t cdb[16];
> +    int len;
> +    struct SCSIDevice *sdev = NULL;
> +
> +    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
> +    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
> +    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
> +    lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
> +
> +    if (cmd->frame->header.target_id < s->fw_luns) {
> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
> +                                cmd->frame->header.lun_id);
> +    }
> +
> +    if (!sdev) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (cmd->frame->header.cdb_len > 16) {
> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    cmd->iov_size = lba_count * sdev->blocksize;
> +    if (megasas_map_sgl(cmd, &cmd->frame->io.sgl)) {
> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    megasas_encode_lba(cdb, lba_start, lba_count, write);
> +    cmd->req = scsi_req_new(sdev, cmd->index,
> +                            cmd->frame->header.lun_id, cdb, cmd);
> +    if (!cmd->req) {
> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
> +        cmd->frame->header.scsi_status = BUSY;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    len = scsi_req_enqueue(cmd->req);
> +    if (len > 0) {
> +        if (len < cmd->iov_size) {
> +            cmd->iov_size = len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    } else if (len < 0) {
> +        if (-len < cmd->iov_size) {
> +            cmd->iov_size = -len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    }
> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
> +                                           SCSIRequest *req)
> +{
> +    int retval = MFI_STAT_INVALID_CMD;
> +
> +    if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
> +            retval = megasas_finish_internal_dcmd(cmd, req);
> +    }
> +    return retval;
> +}
> +
> +static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +    uint32_t bytes_left;
> +    uint8_t *buf;
> +
> +    if (len) {
> +        int is_write = megasas_frame_is_write(cmd);
> +        size_t bytes;
> +
> +        buf = scsi_req_get_buf(req);
> +        if (is_write) {
> +            bytes = iov_to_buf(cmd->iov, cmd->iov_cnt, buf,
> +                               cmd->iov_offset, len);
> +            if (bytes != len) {
> +                len = bytes;
> +            }
> +            cmd->iov_offset += bytes;
> +        } else {
> +            bytes = iov_from_buf(cmd->iov, cmd->iov_cnt, buf,
> +                                 cmd->iov_offset, len);
> +            if (bytes != len) {
> +                len = bytes;
> +            }
> +            cmd->iov_offset += bytes;
> +        }
> +    }
> +    bytes_left = cmd->iov_size - cmd->iov_offset;
> +    scsi_req_continue(req);
> +}
> +
> +static void megasas_command_complete(SCSIRequest *req, uint32_t status)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +    uint8_t cmd_status = MFI_STAT_OK;
> +
> +    if (cmd->req != req) {
> +        /*
> +         * Internal command complete
> +         */
> +        cmd_status = megasas_finish_internal_command(cmd, req);
> +        if (cmd_status == MFI_STAT_INVALID_STATUS) {
> +            return;
> +        }
> +    } else {
> +        req->status = status;
> +        if (req->status != GOOD) {
> +            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
> +        }
> +        if (req->status == CHECK_CONDITION) {
> +            megasas_copy_sense(cmd);
> +        }
> +
> +        megasas_unmap_sgl(cmd);
> +        cmd->frame->header.scsi_status = req->status;
> +        scsi_req_unref(cmd->req);
> +        cmd->req = NULL;
> +    }
> +    cmd->frame->header.cmd_status = cmd_status;
> +    megasas_complete_frame(cmd->state, cmd->context);
> +}
> +
> +static void megasas_command_cancel(SCSIRequest *req)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +
> +    if (cmd) {
> +        megasas_abort_command(cmd);
> +    } else {
> +        scsi_req_unref(req);
> +    }
> +    return;
> +}
> +
> +static int megasas_handle_abort(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
> +    target_phys_addr_t abort_addr, addr_hi, addr_lo;
> +    struct megasas_cmd_t *abort_cmd;
> +
> +    addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
> +    addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
> +    abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
> +
> +    abort_cmd = megasas_lookup_frame(s, abort_addr);
> +    if (!abort_cmd) {
> +        s->event_count++;
> +        return MFI_STAT_OK;
> +    }
> +    if (!megasas_use_queue64(s)) {
> +        abort_ctx &= (uint64_t)0xFFFFFFFF;
> +    }
> +    if (abort_cmd->context != abort_ctx) {
> +        s->event_count++;
> +        return MFI_STAT_ABORT_NOT_POSSIBLE;
> +    }
> +    megasas_abort_command(abort_cmd);
> +    if (!s->event_cmd || abort_cmd != s->event_cmd) {
> +        s->event_cmd = NULL;
> +    }
> +    s->event_count++;
> +    return MFI_STAT_OK;
> +}
> +
> +static void megasas_handle_frame(MPTState *s, uint64_t frame_addr,
> +                                 uint32_t frame_count)
> +{
> +    uint8_t frame_cmd;
> +    uint8_t frame_status = MFI_STAT_INVALID_CMD;
> +    uint64_t frame_context;
> +    struct megasas_cmd_t *cmd;
> +
> +    frame_cmd = megasas_frame_get_cmd(frame_addr);
> +    if (megasas_use_queue64(s)) {
> +        frame_context = megasas_frame_get_context(frame_addr);
> +    } else {
> +        frame_context = megasas_frame_get_context64(frame_addr);
> +    }
> +
> +    cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
> +    if (!cmd) {
> +        /* reply queue full */
> +        megasas_frame_set_scsi_status(frame_addr, BUSY);
> +        megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
> +        megasas_complete_frame(s, frame_context);
> +        s->event_count++;
> +        return;
> +    }
> +    switch (cmd->frame->header.frame_cmd) {
> +    case MFI_CMD_INIT:
> +        frame_status = megasas_init_firmware(s, cmd);
> +        break;
> +    case MFI_CMD_DCMD:
> +        frame_status = megasas_handle_dcmd(s, cmd);
> +        break;
> +    case MFI_CMD_ABORT:
> +        frame_status = megasas_handle_abort(s, cmd);
> +        break;
> +    case MFI_CMD_PD_SCSI_IO:
> +        frame_status = megasas_handle_scsi(s, cmd, 0);
> +        break;
> +    case MFI_CMD_LD_SCSI_IO:
> +        frame_status = megasas_handle_scsi(s, cmd, 1);
> +        break;
> +    case MFI_CMD_LD_READ:
> +    case MFI_CMD_LD_WRITE:
> +        frame_status = megasas_handle_io(s, cmd);
> +        break;
> +    default:
> +        s->event_count++;
> +        break;
> +    }
> +    if (frame_status != MFI_STAT_INVALID_STATUS) {
> +        if (cmd->frame) {
> +            cmd->frame->header.cmd_status = frame_status;
> +        } else {
> +            megasas_frame_set_cmd_status(frame_addr, frame_status);
> +        }
> +        megasas_complete_frame(s, cmd->context);
> +    }
> +}
> +
> +static uint64_t megasas_mmio_read(void *opaque, target_phys_addr_t addr,
> +                                  unsigned size)
> +{
> +    MPTState *s = opaque;
> +    uint32_t retval = 0;
> +
> +    switch (addr) {
> +    case MFI_IDB:
> +        retval = 0;
> +        break;
> +    case MFI_OMSG0:
> +    case MFI_OSP0:
> +        retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
> +            (s->fw_state & MFI_FWSTATE_MASK) |
> +            ((s->fw_sge & 0xff) << 16) |
> +            (s->fw_cmds & 0xFFFF);
> +        break;
> +    case MFI_OSTS:
> +        if (megasas_intr_enabled(s) && s->doorbell) {
> +            retval = MFI_1078_RM | 1;
> +        }
> +        break;
> +    case MFI_OMSK:
> +        retval = s->intr_mask;
> +        break;
> +    case MFI_ODCR0:
> +        retval = s->doorbell;
> +        break;
> +    default:
> +        break;
> +    }
> +    return retval;
> +}
> +
> +static void megasas_mmio_write(void *opaque, target_phys_addr_t addr,
> +                               uint64_t val, unsigned size)
> +{
> +    MPTState *s = opaque;
> +    uint64_t frame_addr;
> +    uint32_t frame_count;
> +    int i;
> +
> +    switch (addr) {
> +    case MFI_IDB:
> +        if (val & MFI_FWINIT_ABORT) {
> +            /* Abort all pending cmds */
> +            for (i = 0; i < s->fw_cmds; i++) {
> +                megasas_abort_command(&s->frames[i]);
> +            }
> +        }
> +        if (val & MFI_FWINIT_READY) {
> +            /* move to FW READY */
> +            megasas_soft_reset(s);
> +        }
> +        if (val & MFI_FWINIT_MFIMODE) {
> +            /* discard MFIs */
> +        }
> +        break;
> +    case MFI_OMSK:
> +        s->intr_mask = val;
> +        if (!megasas_intr_enabled(s) && !msix_enabled(&s->dev)) {
> +            qemu_irq_lower(s->dev.irq[0]);
> +        }
> +        break;
> +    case MFI_ODCR0:
> +        s->doorbell = 0;
> +        if (s->producer_pa && megasas_intr_enabled(s)) {
> +            /* Update reply queue pointer */
> +            stl_le_phys(s->producer_pa, s->reply_queue_index);
> +            if (!msix_enabled(&s->dev)) {
> +                qemu_irq_lower(s->dev.irq[0]);
> +            }
> +        }
> +        break;
> +    case MFI_IQPH:
> +        /* Received high 32 bits of a 64 bit MFI frame address */
> +        s->frame_hi = val;
> +        break;
> +    case MFI_IQPL:
> +        /* Received low 32 bits of a 64 bit MFI frame address */
> +    case MFI_IQP:
> +        /* Received 32 bit MFI frame address */
> +        frame_addr = (val & ~0x1F);
> +        /* Add possible 64 bit offset */
> +        frame_addr |= ((uint64_t)s->frame_hi << 32);
> +        s->frame_hi = 0;
> +        frame_count = (val >> 1) & 0xF;
> +        megasas_handle_frame(s, frame_addr, frame_count);
> +        break;
> +    default:
> +        break;
> +    }
> +}
> +
> +static const MemoryRegionOps megasas_mmio_ops = {
> +    .read = megasas_mmio_read,
> +    .write = megasas_mmio_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static uint64_t megasas_port_read(void *opaque, target_phys_addr_t addr,
> +                                  unsigned size)
> +{
> +    return megasas_mmio_read(opaque, addr & 0xff, size);
> +}
> +
> +static void megasas_port_write(void *opaque, target_phys_addr_t addr,
> +                               uint64_t val, unsigned size)
> +{
> +    megasas_mmio_write(opaque, addr & 0xff, val, size);
> +}
> +
> +static const MemoryRegionOps megasas_port_ops = {
> +    .read = megasas_port_read,
> +    .write = megasas_port_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static uint64_t megasas_queue_read(void *opaque, target_phys_addr_t addr,
> +                                   unsigned size)
> +{
> +    return 0;
> +}
> +
> +static void megasas_queue_write(void *opaque, target_phys_addr_t addr,
> +                                uint64_t val, unsigned size)
> +{
> +}
> +
> +static const MemoryRegionOps megasas_queue_ops = {
> +    .read = megasas_queue_read,
> +    .write = megasas_queue_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static void megasas_soft_reset(MPTState *s)
> +{
> +    int i;
> +    struct megasas_cmd_t *cmd;
> +
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        cmd = &s->frames[i];
> +        megasas_abort_command(cmd);
> +    }
> +    megasas_reset_frames(s);
> +    s->reply_queue_len = s->fw_cmds;
> +    s->reply_queue_pa = 0;
> +    s->consumer_pa = 0;
> +    s->producer_pa = 0;
> +    s->fw_state = MFI_FWSTATE_READY;
> +    s->doorbell = 0;
> +    s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
> +    s->frame_hi = 0;
> +    s->flags &= ~MEGASAS_FLAG_USE_QUEUE64;
> +    s->event_count++;
> +    s->boot_event = s->event_count;
> +}
> +
> +static void megasas_scsi_reset(DeviceState *dev)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev.qdev, dev);
> +
> +    megasas_soft_reset(s);
> +}
> +
> +static const VMStateDescription vmstate_megasas = {
> +    .name = "megasas",
> +    .version_id = 0,
> +    .minimum_version_id = 0,
> +    .minimum_version_id_old = 0,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_PCI_DEVICE(dev, MPTState),
> +
> +        VMSTATE_INT32(fw_state, MPTState),
> +        VMSTATE_INT32(intr_mask, MPTState),
> +        VMSTATE_INT32(doorbell, MPTState),
> +        VMSTATE_UINT64(reply_queue_pa, MPTState),
> +        VMSTATE_UINT64(consumer_pa, MPTState),
> +        VMSTATE_UINT64(producer_pa, MPTState),
> +        VMSTATE_END_OF_LIST()
> +    }
> +};
> +
> +static int megasas_scsi_uninit(PCIDevice *d)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev, d);
> +
> +    memory_region_destroy(&s->mmio_io);
> +    memory_region_destroy(&s->port_io);
> +    memory_region_destroy(&s->queue_io);
> +    return 0;
> +}
> +
> +static const struct SCSIBusInfo megasas_scsi_info = {
> +    .tcq = true,
> +    .max_target = MFI_MAX_LD,
> +    .max_lun = 255,
> +
> +    .transfer_data = megasas_xfer_complete,
> +    .complete = megasas_command_complete,
> +    .cancel = megasas_command_cancel,
> +};
> +
> +static int megasas_scsi_init(PCIDevice *dev)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev, dev);
> +    uint8_t *pci_conf;
> +    int i;
> +
> +    pci_conf = s->dev.config;
> +
> +    /* PCI latency timer = 0 */
> +    pci_conf[PCI_LATENCY_TIMER] = 0;
> +    /* Interrupt pin 1 */
> +    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
> +
> +    memory_region_init_io(&s->mmio_io, &megasas_mmio_ops, s, "megasas-mmio",
> +                          0x40000);
> +    memory_region_init_io(&s->port_io, &megasas_port_ops, s, "megasas-io", 256);
> +    memory_region_init_io(&s->queue_io, &megasas_queue_ops, s, "megasas-queue",
> +                          0x40000);
> +
> +    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
> +    s->flags |= MEGASAS_FLAG_USE_MSIX;
> +    memory_region_init(&s->msix_io, "megasas-msix", 4096);
> +    if (megasas_use_msix(s) && !msix_init(&s->dev, 1, &s->msix_io, 1, 0)) {
> +        pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY,
> +                         &s->msix_io);
> +        msix_vector_use(&s->dev, 0);
> +    } else {
> +        s->flags &= ~MEGASAS_FLAG_USE_MSIX;
> +    }
> +
> +    pci_register_bar((struct PCIDevice *)s, 2,
> +                     PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
> +    pci_register_bar((struct PCIDevice *)s, 3,
> +                     PCI_BASE_ADDRESS_SPACE_MEMORY, &s->queue_io);
> +
> +    if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
> +        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
> +    } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
> +        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
> +    } else {
> +        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
> +    }
> +    if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
> +        s->fw_cmds = MEGASAS_MAX_FRAMES;
> +    }
> +    if (s->raid_mode_str) {
> +        if (!strcmp(s->raid_mode_str, "jbod")) {
> +            s->flags |= MEGASAS_FLAG_USE_JBOD;
> +        } else {
> +            s->flags &= ~MEGASAS_FLAG_USE_JBOD;
> +            s->raid_mode_str = (char *)megasas_raid_modes[0];
> +        }
> +    } else {
> +        s->raid_mode_str = (char *)megasas_raid_modes[0];
> +    }
> +    s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
> +        MAX_SCSI_DEVS : MFI_MAX_LD;
> +    s->producer_pa = 0;
> +    s->consumer_pa = 0;
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        s->frames[i].index = i;
> +        s->frames[i].context = -1;
> +        s->frames[i].pa = 0;
> +        s->frames[i].state = s;
> +    }
> +
> +    scsi_bus_new(&s->bus, &dev->qdev, &megasas_scsi_info);
> +    scsi_bus_legacy_handle_cmdline(&s->bus);
> +    return 0;
> +}
> +
> +static PCIDeviceInfo megasas_info = {
> +    .qdev.name  = "LSI MegaRAID SAS 1078",
> +    .qdev.alias = "megasas",
> +    .qdev.size  = sizeof(MPTState),
> +    .qdev.reset = megasas_scsi_reset,
> +    .qdev.vmsd  = &vmstate_megasas,
> +    .init       = megasas_scsi_init,
> +    .exit       = megasas_scsi_uninit,
> +    .vendor_id  = PCI_VENDOR_ID_LSI_LOGIC,
> +    .device_id  = PCI_DEVICE_ID_LSI_SAS1078,
> +    .subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC,
> +    .subsystem_id = 0x1013,
> +    .class_id   = PCI_CLASS_STORAGE_RAID,
> +    .qdev.props = (Property[]) {
> +        DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
> +                           MEGASAS_DEFAULT_SGE),
> +        DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
> +                           MEGASAS_DEFAULT_FRAMES),
> +        DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
> +        DEFINE_PROP_BIT("use_msi", MPTState, flags,
> +                        MEGASAS_FLAG_USE_MSIX, true),
> +        DEFINE_PROP_END_OF_LIST(),
> +    },
> +};
> +
> +static void megaraid1078_register_devices(void)
> +{
> +    pci_qdev_register(&megasas_info);
> +}
> +
> +device_init(megaraid1078_register_devices);
> diff --git a/hw/mfi.h b/hw/mfi.h
> new file mode 100644
> index 0000000..4790c7c
> --- /dev/null
> +++ b/hw/mfi.h
> @@ -0,0 +1,1281 @@
> +/*-
> + * Copyright (c) 2006 IronPort Systems
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in the
> + *    documentation and/or other materials provided with the distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> + * SUCH DAMAGE.
> + */
> +/*-
> + * Copyright (c) 2007 LSI Corp.
> + * Copyright (c) 2007 Rajesh Prabhakaran.
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in the
> + *    documentation and/or other materials provided with the distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> + * SUCH DAMAGE.
> + */
> +
> +#ifndef _MFI_H
> +#define _MFI_H
> +
> +/*
> + * MegaRAID SAS MFI firmware definitions
> + *
> + * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a completely
> + * new firmware interface from the old AMI MegaRAID one, and there is no
> + * reason why this interface should be limited to just SAS.  In any case, LSI
> + * seems to also call this interface 'MFI', so that will be used here.
> + */
> +
> +/*
> + * Start with the register set.  All registers are 32 bits wide.
> + * The usual Intel IOP style setup.
> + */
> +#define MFI_IMSG0 0x10    /* Inbound message 0 */
> +#define MFI_IMSG1 0x14    /* Inbound message 1 */
> +#define MFI_OMSG0 0x18    /* Outbound message 0 */
> +#define MFI_OMSG1 0x1c    /* Outbound message 1 */
> +#define MFI_IDB   0x20    /* Inbound doorbell */
> +#define MFI_ISTS  0x24    /* Inbound interrupt status */
> +#define MFI_IMSK  0x28    /* Inbound interrupt mask */
> +#define MFI_ODB   0x2c    /* Outbound doorbell */
> +#define MFI_OSTS  0x30    /* Outbound interrupt status */
> +#define MFI_OMSK  0x34    /* Outbound interrupt mask */
> +#define MFI_IQP   0x40    /* Inbound queue port */
> +#define MFI_OQP   0x44    /* Outbound queue port */
> +
> +/*
> + * 1078 specific related register
> + */
> +#define MFI_ODR0        0x9c            /* outbound doorbell register0 */
> +#define MFI_ODCR0       0xa0            /* outbound doorbell clear register0  */
> +#define MFI_OSP0        0xb0            /* outbound scratch pad0  */
> +#define MFI_IQPL        0xc0            /* Inbound queue port (low bytes)  */
> +#define MFI_IQPH        0xc4            /* Inbound queue port (high bytes)  */
> +#define MFI_DIAG        0xf8            /* Host diag */
> +#define MFI_SEQ         0xfc            /* Sequencer offset */
> +#define MFI_1078_EIM    0x80000004      /* 1078 enable intrrupt mask  */
> +#define MFI_RMI         0x2             /* reply message interrupt  */
> +#define MFI_1078_RM     0x80000000      /* reply 1078 message interrupt  */
> +#define MFI_ODC         0x4             /* outbound doorbell change interrupt */
> +
> +/*
> + * gen2 specific changes
> + */
> +#define MFI_GEN2_EIM    0x00000005      /* gen2 enable interrupt mask */
> +#define MFI_GEN2_RM     0x00000001      /* reply gen2 message interrupt */
> +
> +/*
> + * skinny specific changes
> + */
> +#define MFI_SKINNY_IDB  0x00    /* Inbound doorbell is at 0x00 for skinny */
> +#define MFI_SKINNY_RM   0x00000001      /* reply skinny message interrupt */
> +
> +/* Bits for MFI_OSTS */
> +#define MFI_OSTS_INTR_VALID     0x00000002
> +
> +/*
> + * Firmware state values.  Found in OMSG0 during initialization.
> + */
> +#define MFI_FWSTATE_MASK                0xf0000000
> +#define MFI_FWSTATE_UNDEFINED           0x00000000
> +#define MFI_FWSTATE_BB_INIT             0x10000000
> +#define MFI_FWSTATE_FW_INIT             0x40000000
> +#define MFI_FWSTATE_WAIT_HANDSHAKE      0x60000000
> +#define MFI_FWSTATE_FW_INIT_2           0x70000000
> +#define MFI_FWSTATE_DEVICE_SCAN         0x80000000
> +#define MFI_FWSTATE_BOOT_MSG_PENDING    0x90000000
> +#define MFI_FWSTATE_FLUSH_CACHE         0xa0000000
> +#define MFI_FWSTATE_READY               0xb0000000
> +#define MFI_FWSTATE_OPERATIONAL         0xc0000000
> +#define MFI_FWSTATE_FAULT               0xf0000000
> +#define MFI_FWSTATE_MAXSGL_MASK         0x00ff0000
> +#define MFI_FWSTATE_MAXCMD_MASK         0x0000ffff
> +#define MFI_FWSTATE_MSIX_SUPPORTED      0x04000000
> +#define MFI_FWSTATE_HOSTMEMREQD_MASK    0x08000000
> +
> +/*
> + * Control bits to drive the card to ready state.  These go into the IDB
> + * register.
> + */
> +#define MFI_FWINIT_ABORT        0x00000001 /* Abort all pending commands */
> +#define MFI_FWINIT_READY        0x00000002 /* Move from operational to ready */
> +#define MFI_FWINIT_MFIMODE      0x00000004 /* unknown */
> +#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE */
> +#define MFI_FWINIT_HOTPLUG      0x00000010
> +#define MFI_FWINIT_STOP_ADP     0x00000020 /* Move to operational, stop */
> +#define MFI_FWINIT_ADP_RESET    0x00000040 /* Reset ADP */
> +
> +/* MFI Commands */
> +typedef enum {
> +    MFI_CMD_INIT = 0x00,
> +    MFI_CMD_LD_READ,
> +    MFI_CMD_LD_WRITE,
> +    MFI_CMD_LD_SCSI_IO,
> +    MFI_CMD_PD_SCSI_IO,
> +    MFI_CMD_DCMD,
> +    MFI_CMD_ABORT,
> +    MFI_CMD_SMP,
> +    MFI_CMD_STP
> +} mfi_cmd_t ;
> +
> +/* Direct commands */
> +typedef enum {
> +    MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =  0x0100e100,
> +    MFI_DCMD_CTRL_GET_INFO =            0x01010000,
> +    MFI_DCMD_CTRL_GET_PROPERTIES =      0x01020100,
> +    MFI_DCMD_CTRL_SET_PROPERTIES =      0x01020200,
> +    MFI_DCMD_CTRL_ALARM =               0x01030000,
> +    MFI_DCMD_CTRL_ALARM_GET =           0x01030100,
> +    MFI_DCMD_CTRL_ALARM_ENABLE =        0x01030200,
> +    MFI_DCMD_CTRL_ALARM_DISABLE =       0x01030300,
> +    MFI_DCMD_CTRL_ALARM_SILENCE =       0x01030400,
> +    MFI_DCMD_CTRL_ALARM_TEST =          0x01030500,
> +    MFI_DCMD_CTRL_EVENT_GETINFO =       0x01040100,
> +    MFI_DCMD_CTRL_EVENT_CLEAR =         0x01040200,
> +    MFI_DCMD_CTRL_EVENT_GET =           0x01040300,
> +    MFI_DCMD_CTRL_EVENT_COUNT =         0x01040400,
> +    MFI_DCMD_CTRL_EVENT_WAIT =          0x01040500,
> +    MFI_DCMD_CTRL_SHUTDOWN =            0x01050000,
> +    MFI_DCMD_HIBERNATE_STANDBY =        0x01060000,
> +    MFI_DCMD_CTRL_GET_TIME =            0x01080101,
> +    MFI_DCMD_CTRL_SET_TIME =            0x01080102,
> +    MFI_DCMD_CTRL_BIOS_DATA_GET =       0x010c0100,
> +    MFI_DCMD_CTRL_BIOS_DATA_SET =       0x010c0200,
> +    MFI_DCMD_CTRL_FACTORY_DEFAULTS =    0x010d0000,
> +    MFI_DCMD_CTRL_MFC_DEFAULTS_GET =    0x010e0201,
> +    MFI_DCMD_CTRL_MFC_DEFAULTS_SET =    0x010e0202,
> +    MFI_DCMD_CTRL_CACHE_FLUSH =         0x01101000,
> +    MFI_DCMD_PD_GET_LIST =              0x02010000,
> +    MFI_DCMD_PD_LIST_QUERY =            0x02010100,
> +    MFI_DCMD_PD_GET_INFO =              0x02020000,
> +    MFI_DCMD_PD_STATE_SET =             0x02030100,
> +    MFI_DCMD_PD_REBUILD =               0x02040100,
> +    MFI_DCMD_PD_BLINK =                 0x02070100,
> +    MFI_DCMD_PD_UNBLINK =               0x02070200,
> +    MFI_DCMD_LD_GET_LIST =              0x03010000,
> +    MFI_DCMD_LD_GET_INFO =              0x03020000,
> +    MFI_DCMD_LD_GET_PROP =              0x03030000,
> +    MFI_DCMD_LD_SET_PROP =              0x03040000,
> +    MFI_DCMD_LD_DELETE =                0x03090000,
> +    MFI_DCMD_CFG_READ =                 0x04010000,
> +    MFI_DCMD_CFG_ADD =                  0x04020000,
> +    MFI_DCMD_CFG_CLEAR =                0x04030000,
> +    MFI_DCMD_CFG_FOREIGN_READ =         0x04060100,
> +    MFI_DCMD_CFG_FOREIGN_IMPORT =       0x04060400,
> +    MFI_DCMD_BBU_STATUS =               0x05010000,
> +    MFI_DCMD_BBU_CAPACITY_INFO =        0x05020000,
> +    MFI_DCMD_BBU_DESIGN_INFO =          0x05030000,
> +    MFI_DCMD_BBU_PROP_GET =             0x05050100,
> +    MFI_DCMD_CLUSTER =                  0x08000000,
> +    MFI_DCMD_CLUSTER_RESET_ALL =        0x08010100,
> +    MFI_DCMD_CLUSTER_RESET_LD =         0x08010200
> +} mfi_dcmd_t ;
> +
> +/* Modifiers for MFI_DCMD_CTRL_FLUSHCACHE */
> +#define MFI_FLUSHCACHE_CTRL     0x01
> +#define MFI_FLUSHCACHE_DISK     0x02
> +
> +/* Modifiers for MFI_DCMD_CTRL_SHUTDOWN */
> +#define MFI_SHUTDOWN_SPINDOWN   0x01
> +
> +/*
> + * MFI Frame flags
> + */
> +typedef enum {
> +    MFI_FRAME_DONT_POST_IN_REPLY_QUEUE =        0x0001,
> +    MFI_FRAME_SGL64 =                           0x0002,
> +    MFI_FRAME_SENSE64 =                         0x0004,
> +    MFI_FRAME_DIR_WRITE =                       0x0008,
> +    MFI_FRAME_DIR_READ =                        0x0010,
> +    MFI_FRAME_IEEE_SGL =                        0x0020,
> +} mfi_frame_flags;
> +
> +/* MFI Status codes */
> +typedef enum {
> +    MFI_STAT_OK =                       0x00,
> +    MFI_STAT_INVALID_CMD,
> +    MFI_STAT_INVALID_DCMD,
> +    MFI_STAT_INVALID_PARAMETER,
> +    MFI_STAT_INVALID_SEQUENCE_NUMBER,
> +    MFI_STAT_ABORT_NOT_POSSIBLE,
> +    MFI_STAT_APP_HOST_CODE_NOT_FOUND,
> +    MFI_STAT_APP_IN_USE,
> +    MFI_STAT_APP_NOT_INITIALIZED,
> +    MFI_STAT_ARRAY_INDEX_INVALID,
> +    MFI_STAT_ARRAY_ROW_NOT_EMPTY,
> +    MFI_STAT_CONFIG_RESOURCE_CONFLICT,
> +    MFI_STAT_DEVICE_NOT_FOUND,
> +    MFI_STAT_DRIVE_TOO_SMALL,
> +    MFI_STAT_FLASH_ALLOC_FAIL,
> +    MFI_STAT_FLASH_BUSY,
> +    MFI_STAT_FLASH_ERROR =              0x10,
> +    MFI_STAT_FLASH_IMAGE_BAD,
> +    MFI_STAT_FLASH_IMAGE_INCOMPLETE,
> +    MFI_STAT_FLASH_NOT_OPEN,
> +    MFI_STAT_FLASH_NOT_STARTED,
> +    MFI_STAT_FLUSH_FAILED,
> +    MFI_STAT_HOST_CODE_NOT_FOUNT,
> +    MFI_STAT_LD_CC_IN_PROGRESS,
> +    MFI_STAT_LD_INIT_IN_PROGRESS,
> +    MFI_STAT_LD_LBA_OUT_OF_RANGE,
> +    MFI_STAT_LD_MAX_CONFIGURED,
> +    MFI_STAT_LD_NOT_OPTIMAL,
> +    MFI_STAT_LD_RBLD_IN_PROGRESS,
> +    MFI_STAT_LD_RECON_IN_PROGRESS,
> +    MFI_STAT_LD_WRONG_RAID_LEVEL,
> +    MFI_STAT_MAX_SPARES_EXCEEDED,
> +    MFI_STAT_MEMORY_NOT_AVAILABLE =     0x20,
> +    MFI_STAT_MFC_HW_ERROR,
> +    MFI_STAT_NO_HW_PRESENT,
> +    MFI_STAT_NOT_FOUND,
> +    MFI_STAT_NOT_IN_ENCL,
> +    MFI_STAT_PD_CLEAR_IN_PROGRESS,
> +    MFI_STAT_PD_TYPE_WRONG,
> +    MFI_STAT_PR_DISABLED,
> +    MFI_STAT_ROW_INDEX_INVALID,
> +    MFI_STAT_SAS_CONFIG_INVALID_ACTION,
> +    MFI_STAT_SAS_CONFIG_INVALID_DATA,
> +    MFI_STAT_SAS_CONFIG_INVALID_PAGE,
> +    MFI_STAT_SAS_CONFIG_INVALID_TYPE,
> +    MFI_STAT_SCSI_DONE_WITH_ERROR,
> +    MFI_STAT_SCSI_IO_FAILED,
> +    MFI_STAT_SCSI_RESERVATION_CONFLICT,
> +    MFI_STAT_SHUTDOWN_FAILED =          0x30,
> +    MFI_STAT_TIME_NOT_SET,
> +    MFI_STAT_WRONG_STATE,
> +    MFI_STAT_LD_OFFLINE,
> +    MFI_STAT_PEER_NOTIFICATION_REJECTED,
> +    MFI_STAT_PEER_NOTIFICATION_FAILED,
> +    MFI_STAT_RESERVATION_IN_PROGRESS,
> +    MFI_STAT_I2C_ERRORS_DETECTED,
> +    MFI_STAT_PCI_ERRORS_DETECTED,
> +    MFI_STAT_DIAG_FAILED,
> +    MFI_STAT_BOOT_MSG_PENDING,
> +    MFI_STAT_FOREIGN_CONFIG_INCOMPLETE,
> +    MFI_STAT_INVALID_SGL,
> +    MFI_STAT_UNSUPPORTED_HW,
> +    MFI_STAT_CC_SCHEDULE_DISABLED,
> +    MFI_STAT_PD_COPYBACK_IN_PROGRESS,
> +    MFI_STAT_MULTIPLE_PDS_IN_ARRAY =    0x40,
> +    MFI_STAT_FW_DOWNLOAD_ERROR,
> +    MFI_STAT_FEATURE_SECURITY_NOT_ENABLED,
> +    MFI_STAT_LOCK_KEY_ALREADY_EXISTS,
> +    MFI_STAT_LOCK_KEY_BACKUP_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_VERIFY_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_VERIFY_FAILED,
> +    MFI_STAT_LOCK_KEY_REKEY_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_INVALID,
> +    MFI_STAT_LOCK_KEY_ESCROW_INVALID,
> +    MFI_STAT_LOCK_KEY_BACKUP_REQUIRED,
> +    MFI_STAT_SECURE_LD_EXISTS,
> +    MFI_STAT_LD_SECURE_NOT_ALLOWED,
> +    MFI_STAT_REPROVISION_NOT_ALLOWED,
> +    MFI_STAT_PD_SECURITY_TYPE_WRONG,
> +    MFI_STAT_LD_ENCRYPTION_TYPE_INVALID,
> +    MFI_STAT_CONFIG_FDE_NON_FDE_MIX_NOT_ALLOWED = 0x50,
> +    MFI_STAT_CONFIG_LD_ENCRYPTION_TYPE_MIX_NOT_ALLOWED,
> +    MFI_STAT_SECRET_KEY_NOT_ALLOWED,
> +    MFI_STAT_PD_HW_ERRORS_DETECTED,
> +    MFI_STAT_LD_CACHE_PINNED,
> +    MFI_STAT_POWER_STATE_SET_IN_PROGRESS,
> +    MFI_STAT_POWER_STATE_SET_BUSY,
> +    MFI_STAT_POWER_STATE_WRONG,
> +    MFI_STAT_PR_NO_AVAILABLE_PD_FOUND,
> +    MFI_STAT_CTRL_RESET_REQUIRED,
> +    MFI_STAT_LOCK_KEY_EKM_NO_BOOT_AGENT,
> +    MFI_STAT_SNAP_NO_SPACE,
> +    MFI_STAT_SNAP_PARTIAL_FAILURE,
> +    MFI_STAT_UPGRADE_KEY_INCOMPATIBLE,
> +    MFI_STAT_PFK_INCOMPATIBLE,
> +    MFI_STAT_PD_MAX_UNCONFIGURED,
> +    MFI_STAT_IO_METRICS_DISABLED =      0x60,
> +    MFI_STAT_AEC_NOT_STOPPED,
> +    MFI_STAT_PI_TYPE_WRONG,
> +    MFI_STAT_LD_PD_PI_INCOMPATIBLE,
> +    MFI_STAT_PI_NOT_ENABLED,
> +    MFI_STAT_LD_BLOCK_SIZE_MISMATCH,
> +    MFI_STAT_INVALID_STATUS =           0xFF
> +} mfi_status_t ;
> +
> +/* Event classes */
> +typedef enum {
> +    MFI_EVT_CLASS_DEBUG =      -2,
> +    MFI_EVT_CLASS_PROGRESS =   -1,
> +    MFI_EVT_CLASS_INFO =        0,
> +    MFI_EVT_CLASS_WARNING =     1,
> +    MFI_EVT_CLASS_CRITICAL =    2,
> +    MFI_EVT_CLASS_FATAL =       3,
> +    MFI_EVT_CLASS_DEAD =        4
> +} mfi_evt_class_t ;
> +
> +/* Event locales */
> +typedef enum {
> +    MFI_EVT_LOCALE_LD =         0x0001,
> +    MFI_EVT_LOCALE_PD =         0x0002,
> +    MFI_EVT_LOCALE_ENCL =       0x0004,
> +    MFI_EVT_LOCALE_BBU =        0x0008,
> +    MFI_EVT_LOCALE_SAS =        0x0010,
> +    MFI_EVT_LOCALE_CTRL =       0x0020,
> +    MFI_EVT_LOCALE_CONFIG =     0x0040,
> +    MFI_EVT_LOCALE_CLUSTER =    0x0080,
> +    MFI_EVT_LOCALE_ALL =        0xffff
> +} mfi_evt_locale_t;
> +
> +/* Event args */
> +typedef enum {
> +    MR_EVT_ARGS_NONE =          0x00,
> +    MR_EVT_ARGS_CDB_SENSE,
> +    MR_EVT_ARGS_LD,
> +    MR_EVT_ARGS_LD_COUNT,
> +    MR_EVT_ARGS_LD_LBA,
> +    MR_EVT_ARGS_LD_OWNER,
> +    MR_EVT_ARGS_LD_LBA_PD_LBA,
> +    MR_EVT_ARGS_LD_PROG,
> +    MR_EVT_ARGS_LD_STATE,
> +    MR_EVT_ARGS_LD_STRIP,
> +    MR_EVT_ARGS_PD,
> +    MR_EVT_ARGS_PD_ERR,
> +    MR_EVT_ARGS_PD_LBA,
> +    MR_EVT_ARGS_PD_LBA_LD,
> +    MR_EVT_ARGS_PD_PROG,
> +    MR_EVT_ARGS_PD_STATE,
> +    MR_EVT_ARGS_PCI,
> +    MR_EVT_ARGS_RATE,
> +    MR_EVT_ARGS_STR,
> +    MR_EVT_ARGS_TIME,
> +    MR_EVT_ARGS_ECC,
> +    MR_EVT_ARGS_LD_PROP,
> +    MR_EVT_ARGS_PD_SPARE,
> +    MR_EVT_ARGS_PD_INDEX,
> +    MR_EVT_ARGS_DIAG_PASS,
> +    MR_EVT_ARGS_DIAG_FAIL,
> +    MR_EVT_ARGS_PD_LBA_LBA,
> +    MR_EVT_ARGS_PORT_PHY,
> +    MR_EVT_ARGS_PD_MISSING,
> +    MR_EVT_ARGS_PD_ADDRESS,
> +    MR_EVT_ARGS_BITMAP,
> +    MR_EVT_ARGS_CONNECTOR,
> +    MR_EVT_ARGS_PD_PD,
> +    MR_EVT_ARGS_PD_FRU,
> +    MR_EVT_ARGS_PD_PATHINFO,
> +    MR_EVT_ARGS_PD_POWER_STATE,
> +    MR_EVT_ARGS_GENERIC,
> +} mfi_evt_args;
> +
> +/* Event codes */
> +#define MR_EVT_CFG_CLEARED                          0x0004
> +#define MR_EVT_CTRL_SHUTDOWN                        0x002a
> +#define MR_EVT_LD_STATE_CHANGE                      0x0051
> +#define MR_EVT_PD_INSERTED                          0x005b
> +#define MR_EVT_PD_REMOVED                           0x0070
> +#define MR_EVT_PD_STATE_CHANGED                     0x0072
> +#define MR_EVT_LD_CREATED                           0x008a
> +#define MR_EVT_LD_DELETED                           0x008b
> +#define MR_EVT_FOREIGN_CFG_IMPORTED                 0x00db
> +#define MR_EVT_LD_OFFLINE                           0x00fc
> +#define MR_EVT_CTRL_HOST_BUS_SCAN_REQUESTED         0x0152
> +
> +typedef enum {
> +    MR_LD_CACHE_WRITE_BACK =            0x01,
> +    MR_LD_CACHE_WRITE_ADAPTIVE =        0x02,
> +    MR_LD_CACHE_READ_AHEAD =            0x04,
> +    MR_LD_CACHE_READ_ADAPTIVE =         0x08,
> +    MR_LD_CACHE_WRITE_CACHE_BAD_BBU =   0x10,
> +    MR_LD_CACHE_ALLOW_WRITE_CACHE =     0x20,
> +    MR_LD_CACHE_ALLOW_READ_CACHE =      0x40
> +} mfi_ld_cache;
> +
> +typedef enum {
> +    MR_PD_CACHE_UNCHANGED  =    0,
> +    MR_PD_CACHE_ENABLE =        1,
> +    MR_PD_CACHE_DISABLE =       2
> +} mfi_pd_cache;
> +
> +typedef enum {
> +    MR_PD_QUERY_TYPE_ALL =              0,
> +    MR_PD_QUERY_TYPE_STATE =            1,
> +    MR_PD_QUERY_TYPE_POWER_STATE =      2,
> +    MR_PD_QUERY_TYPE_MEDIA_TYPE =       3,
> +    MR_PD_QUERY_TYPE_SPEED =            4,
> +    MR_PD_QUERY_TYPE_EXPOSED_TO_HOST =  5, /*query for system drives */
> +} mfi_pd_query_type;
> +
> +/*
> + * Other propertities and definitions
> + */
> +#define MFI_MAX_PD_CHANNELS     2
> +#define MFI_MAX_LD_CHANNELS     2
> +#define MFI_MAX_CHANNELS        (MFI_MAX_PD_CHANNELS + MFI_MAX_LD_CHANNELS)
> +#define MFI_MAX_CHANNEL_DEVS  128
> +#define MFI_DEFAULT_ID         -1
> +#define MFI_MAX_LUN             8
> +#define MFI_MAX_LD             64
> +
> +#define MFI_FRAME_SIZE         64
> +#define MFI_MBOX_SIZE          12
> +
> +/* Firmware flashing can take 40s */
> +#define MFI_POLL_TIMEOUT_SECS  50
> +
> +/* Allow for speedier math calculations */
> +#define MFI_SECTOR_LEN        512
> +
> +/* Scatter Gather elements */
> +struct mfi_sg32 {
> +    uint32_t addr;
> +    uint32_t len;
> +} __attribute__ ((packed));
> +
> +struct mfi_sg64 {
> +    uint64_t addr;
> +    uint32_t len;
> +} __attribute__ ((packed));
> +
> +struct mfi_sg_skinny {
> +    uint64_t addr;
> +    uint32_t len;
> +    uint32_t flag;
> +} __attribute__ ((packed));
> +
> +union mfi_sgl {
> +    struct mfi_sg32 sg32[1];
> +    struct mfi_sg64 sg64[1];
> +    struct mfi_sg_skinny sg_skinny[1];
> +} __attribute__ ((packed));
> +
> +/* Message frames.  All messages have a common header */
> +struct mfi_frame_header {
> +    uint8_t frame_cmd;
> +    uint8_t sense_len;
> +    uint8_t cmd_status;
> +    uint8_t scsi_status;
> +    uint8_t target_id;
> +    uint8_t lun_id;
> +    uint8_t cdb_len;
> +    uint8_t sge_count;
> +    uint64_t context;
> +    uint16_t flags;
> +    uint16_t timeout;
> +    uint32_t data_len;
> +} __attribute__ ((packed));
> +
> +struct mfi_init_frame {
> +    struct mfi_frame_header header;
> +    uint32_t qinfo_new_addr_lo;
> +    uint32_t qinfo_new_addr_hi;
> +    uint32_t qinfo_old_addr_lo;
> +    uint32_t qinfo_old_addr_hi;
> +    uint32_t reserved[6];
> +} __attribute__ ((packed));
> +
> +#define MFI_IO_FRAME_SIZE 40
> +struct mfi_io_frame {
> +    struct mfi_frame_header header;
> +    uint32_t sense_addr_lo;
> +    uint32_t sense_addr_hi;
> +    uint32_t lba_lo;
> +    uint32_t lba_hi;
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +#define MFI_PASS_FRAME_SIZE 48
> +struct mfi_pass_frame {
> +    struct mfi_frame_header header;
> +    uint32_t sense_addr_lo;
> +    uint32_t sense_addr_hi;
> +    uint8_t cdb[16];
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +#define MFI_DCMD_FRAME_SIZE 40
> +struct mfi_dcmd_frame {
> +    struct mfi_frame_header header;
> +    uint32_t opcode;
> +    uint8_t mbox[MFI_MBOX_SIZE];
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +struct mfi_abort_frame {
> +    struct mfi_frame_header header;
> +    uint64_t abort_context;
> +    uint32_t abort_mfi_addr_lo;
> +    uint32_t abort_mfi_addr_hi;
> +    uint32_t reserved1[6];
> +} __attribute__ ((packed));
> +
> +struct mfi_smp_frame {
> +    struct mfi_frame_header header;
> +    uint64_t sas_addr;
> +    union {
> +        struct mfi_sg32 sg32[2];
> +        struct mfi_sg64 sg64[2];
> +    } sgl;
> +} __attribute__ ((packed));
> +
> +struct mfi_stp_frame {
> +    struct mfi_frame_header header;
> +    uint16_t fis[10];
> +    uint32_t stp_flags;
> +    union {
> +        struct mfi_sg32 sg32[2];
> +        struct mfi_sg64 sg64[2];
> +    } sgl;
> +} __attribute__ ((packed));
> +
> +union mfi_frame {
> +    struct mfi_frame_header header;
> +    struct mfi_init_frame init;
> +    struct mfi_io_frame io;
> +    struct mfi_pass_frame pass;
> +    struct mfi_dcmd_frame dcmd;
> +    struct mfi_abort_frame abort;
> +    struct mfi_smp_frame smp;
> +    struct mfi_stp_frame stp;
> +    uint64_t raw[8];
> +    uint8_t bytes[MFI_FRAME_SIZE];
> +};
> +
> +#define MFI_SENSE_LEN 128
> +struct mfi_sense {
> +    uint8_t     data[MFI_SENSE_LEN];
> +};
> +
> +#define MFI_QUEUE_FLAG_CONTEXT64 0x00000002
> +
> +/* The queue init structure that is passed with the init message */
> +struct mfi_init_qinfo {
> +    uint32_t flags;
> +    uint32_t rq_entries;
> +    uint32_t rq_addr_lo;
> +    uint32_t rq_addr_hi;
> +    uint32_t pi_addr_lo;
> +    uint32_t pi_addr_hi;
> +    uint32_t ci_addr_lo;
> +    uint32_t ci_addr_hi;
> +} __attribute__ ((packed));
> +
> +/* Controller properties */
> +struct mfi_ctrl_props {
> +    uint16_t seq_num;
> +    uint16_t pred_fail_poll_interval;
> +    uint16_t intr_throttle_cnt;
> +    uint16_t intr_throttle_timeout;
> +    uint8_t rebuild_rate;
> +    uint8_t patrol_read_rate;
> +    uint8_t bgi_rate;
> +    uint8_t cc_rate;
> +    uint8_t recon_rate;
> +    uint8_t cache_flush_interval;
> +    uint8_t spinup_drv_cnt;
> +    uint8_t spinup_delay;
> +    uint8_t cluster_enable;
> +    uint8_t coercion_mode;
> +    uint8_t alarm_enable;
> +    uint8_t disable_auto_rebuild;
> +    uint8_t disable_battery_warn;
> +    uint8_t ecc_bucket_size;
> +    uint16_t ecc_bucket_leak_rate;
> +    uint8_t restore_hotspare_on_insertion;
> +    uint8_t expose_encl_devices;
> +    uint8_t maintainPdFailHistory;
> +    uint8_t disallowHostRequestReordering;
> +    uint8_t abortCCOnError;
> +    uint8_t loadBalanceMode;
> +    uint8_t disableAutoDetectBackplane;
> +    uint8_t snapVDSpace;
> +    struct {
> +        /* set TRUE to disable copyBack (0=copyback enabled) */
> +        uint32_t copyBackDisabled:1,
> +            SMARTerEnabled:1,
> +            prCorrectUnconfiguredAreas:1,
> +            useFdeOnly:1,
> +            disableNCQ:1,
> +            SSDSMARTerEnabled:1,
> +            SSDPatrolReadEnabled:1,
> +            enableSpinDownUnconfigured:1,
> +            autoEnhancedImport:1,
> +            enableSecretKeyControl:1,
> +            disableOnlineCtrlReset:1,
> +            allowBootWithPinnedCache:1,
> +            disableSpinDownHS:1,
> +            enableJBOD:1,
> +            reserved:18;
> +    } OnOffProperties;
> +    uint8_t autoSnapVDSpace; /* % of source LD to be
> +                              * reserved for auto snapshot
> +                              * in snapshot repository, for
> +                              * metadata and user data
> +                              * 1=5%, 2=10%, 3=15% and so on
> +                              */
> +    uint8_t viewSpace;       /* snapshot writeable VIEWs
> +                              * capacity as a % of source LD
> +                              * capacity. 0=READ only
> +                              * 1=5%, 2=10%, 3=15% and so on
> +                              */
> +    uint16_t spinDownTime;    /* # of idle minutes before device
> +                               * is spun down (0=use FW defaults)
> +                               */
> +    uint8_t reserved[24];
> +} __attribute__ ((packed));
> +
> +/* PCI information about the card. */
> +struct mfi_info_pci {
> +    uint16_t vendor;
> +    uint16_t device;
> +    uint16_t subvendor;
> +    uint16_t subdevice;
> +    uint8_t reserved[24];
> +} __attribute__ ((packed));
> +
> +/* Host (front end) interface information */
> +struct mfi_info_host {
> +    uint8_t type;
> +#define MFI_INFO_HOST_PCIX      0x01
> +#define MFI_INFO_HOST_PCIE      0x02
> +#define MFI_INFO_HOST_ISCSI     0x04
> +#define MFI_INFO_HOST_SAS3G     0x08
> +    uint8_t reserved[6];
> +    uint8_t port_count;
> +    uint64_t port_addr[8];
> +} __attribute__ ((packed));
> +
> +/* Device (back end) interface information */
> +struct mfi_info_device {
> +    uint8_t type;
> +#define MFI_INFO_DEV_SPI        0x01
> +#define MFI_INFO_DEV_SAS3G      0x02
> +#define MFI_INFO_DEV_SATA1      0x04
> +#define MFI_INFO_DEV_SATA3G     0x08
> +    uint8_t reserved[6];
> +    uint8_t port_count;
> +    uint64_t port_addr[8];
> +} __attribute__ ((packed));
> +
> +/* Firmware component information */
> +struct mfi_info_component {
> +    char name[8];
> +    char version[32];
> +    char build_date[16];
> +    char build_time[16];
> +} __attribute__ ((packed));
> +
> +/* Controller default settings */
> +struct mfi_defaults {
> +    uint64_t sas_addr;
> +    uint8_t phy_polarity;
> +    uint8_t background_rate;
> +    uint8_t stripe_size;
> +    uint8_t flush_time;
> +    uint8_t write_back;
> +    uint8_t read_ahead;
> +    uint8_t cache_when_bbu_bad;
> +    uint8_t cached_io;
> +    uint8_t smart_mode;
> +    uint8_t alarm_disable;
> +    uint8_t coercion;
> +    uint8_t zrc_config;
> +    uint8_t dirty_led_shows_drive_activity;
> +    uint8_t bios_continue_on_error;
> +    uint8_t spindown_mode;
> +    uint8_t allowed_device_types;
> +    uint8_t allow_mix_in_enclosure;
> +    uint8_t allow_mix_in_ld;
> +    uint8_t allow_sata_in_cluster;
> +    uint8_t max_chained_enclosures;
> +    uint8_t disable_ctrl_r;
> +    uint8_t enable_web_bios;
> +    uint8_t phy_polarity_split;
> +    uint8_t direct_pd_mapping;
> +    uint8_t bios_enumerate_lds;
> +    uint8_t restored_hot_spare_on_insertion;
> +    uint8_t expose_enclosure_devices;
> +    uint8_t maintain_pd_fail_history;
> +    uint8_t disable_puncture;
> +    uint8_t zero_based_enumeration;
> +    uint8_t disable_preboot_cli;
> +    uint8_t show_drive_led_on_activity;
> +    uint8_t cluster_disable;
> +    uint8_t sas_disable;
> +    uint8_t auto_detect_backplane;
> +    uint8_t fde_only;
> +    uint8_t delay_during_post;
> +    uint8_t resv[19];
> +} __attribute__ ((packed));
> +
> +/* Controller default settings */
> +struct mfi_bios_data {
> +    uint16_t boot_target_id;
> +    uint8_t do_not_int_13;
> +    uint8_t continue_on_error;
> +    uint8_t verbose;
> +    uint8_t geometry;
> +    uint8_t expose_all_drives;
> +    uint8_t reserved[56];
> +    uint8_t check_sum;
> +} __attribute__ ((packed));
> +
> +/* SAS (?) controller info, returned from MFI_DCMD_CTRL_GETINFO. */
> +struct mfi_ctrl_info {
> +    struct mfi_info_pci pci;
> +    struct mfi_info_host host;
> +    struct mfi_info_device device;
> +
> +    /* Firmware components that are present and active. */
> +    uint32_t image_check_word;
> +    uint32_t image_component_count;
> +    struct mfi_info_component image_component[8];
> +
> +    /* Firmware components that have been flashed but are inactive */
> +    uint32_t pending_image_component_count;
> +    struct mfi_info_component pending_image_component[8];
> +
> +    uint8_t max_arms;
> +    uint8_t max_spans;
> +    uint8_t max_arrays;
> +    uint8_t max_lds;
> +    char product_name[80];
> +    char serial_number[32];
> +    uint32_t hw_present;
> +#define MFI_INFO_HW_BBU         0x01
> +#define MFI_INFO_HW_ALARM       0x02
> +#define MFI_INFO_HW_NVRAM       0x04
> +#define MFI_INFO_HW_UART        0x08
> +#define MFI_INFO_HW_MEM         0x10
> +#define MFI_INFO_HW_FLASH       0x20
> +    uint32_t current_fw_time;
> +    uint16_t max_cmds;
> +    uint16_t max_sg_elements;
> +    uint32_t max_request_size;
> +    uint16_t lds_present;
> +    uint16_t lds_degraded;
> +    uint16_t lds_offline;
> +    uint16_t pd_present;
> +    uint16_t pd_disks_present;
> +    uint16_t pd_disks_pred_failure;
> +    uint16_t pd_disks_failed;
> +    uint16_t nvram_size;
> +    uint16_t memory_size;
> +    uint16_t flash_size;
> +    uint16_t ram_correctable_errors;
> +    uint16_t ram_uncorrectable_errors;
> +    uint8_t cluster_allowed;
> +    uint8_t cluster_active;
> +    uint16_t max_strips_per_io;
> +
> +    uint32_t raid_levels;
> +#define MFI_INFO_RAID_0         0x01
> +#define MFI_INFO_RAID_1         0x02
> +#define MFI_INFO_RAID_5         0x04
> +#define MFI_INFO_RAID_1E        0x08
> +#define MFI_INFO_RAID_6         0x10
> +
> +    uint32_t adapter_ops;
> +#define MFI_INFO_AOPS_RBLD_RATE         0x0001
> +#define MFI_INFO_AOPS_CC_RATE           0x0002
> +#define MFI_INFO_AOPS_BGI_RATE          0x0004
> +#define MFI_INFO_AOPS_RECON_RATE        0x0008
> +#define MFI_INFO_AOPS_PATROL_RATE       0x0010
> +#define MFI_INFO_AOPS_ALARM_CONTROL     0x0020
> +#define MFI_INFO_AOPS_CLUSTER_SUPPORTED 0x0040
> +#define MFI_INFO_AOPS_BBU               0x0080
> +#define MFI_INFO_AOPS_SPANNING_ALLOWED  0x0100
> +#define MFI_INFO_AOPS_DEDICATED_SPARES  0x0200
> +#define MFI_INFO_AOPS_REVERTIBLE_SPARES 0x0400
> +#define MFI_INFO_AOPS_FOREIGN_IMPORT    0x0800
> +#define MFI_INFO_AOPS_SELF_DIAGNOSTIC   0x1000
> +#define MFI_INFO_AOPS_MIXED_ARRAY       0x2000
> +#define MFI_INFO_AOPS_GLOBAL_SPARES     0x4000
> +
> +    uint32_t ld_ops;
> +#define MFI_INFO_LDOPS_READ_POLICY      0x01
> +#define MFI_INFO_LDOPS_WRITE_POLICY     0x02
> +#define MFI_INFO_LDOPS_IO_POLICY        0x04
> +#define MFI_INFO_LDOPS_ACCESS_POLICY    0x08
> +#define MFI_INFO_LDOPS_DISK_CACHE_POLICY 0x10
> +
> +    struct {
> +        uint8_t min;
> +        uint8_t max;
> +        uint8_t reserved[2];
> +    } __attribute__ ((packed)) stripe_sz_ops;
> +
> +    uint32_t pd_ops;
> +#define MFI_INFO_PDOPS_FORCE_ONLINE     0x01
> +#define MFI_INFO_PDOPS_FORCE_OFFLINE    0x02
> +#define MFI_INFO_PDOPS_FORCE_REBUILD    0x04
> +
> +    uint32_t pd_mix_support;
> +#define MFI_INFO_PDMIX_SAS              0x01
> +#define MFI_INFO_PDMIX_SATA             0x02
> +#define MFI_INFO_PDMIX_ENCL             0x04
> +#define MFI_INFO_PDMIX_LD               0x08
> +#define MFI_INFO_PDMIX_SATA_CLUSTER     0x10
> +
> +    uint8_t ecc_bucket_count;
> +    uint8_t reserved2[11];
> +    struct mfi_ctrl_props properties;
> +    char package_version[0x60];
> +    uint8_t pad[0x800 - 0x6a0];
> +} __attribute__ ((packed));
> +
> +/* keep track of an event. */
> +union mfi_evt {
> +    struct {
> +        uint16_t locale;
> +        uint8_t reserved;
> +        int8_t class;
> +    } members;
> +    uint32_t word;
> +} __attribute__ ((packed));
> +
> +/* event log state. */
> +struct mfi_evt_log_state {
> +    uint32_t newest_seq_num;
> +    uint32_t oldest_seq_num;
> +    uint32_t clear_seq_num;
> +    uint32_t shutdown_seq_num;
> +    uint32_t boot_seq_num;
> +} __attribute__ ((packed));
> +
> +struct mfi_progress {
> +    uint16_t progress;
> +    uint16_t elapsed_seconds;
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_ld {
> +    uint16_t target_id;
> +    uint8_t ld_index;
> +    uint8_t reserved;
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_pd {
> +    uint16_t device_id;
> +    uint8_t enclosure_index;
> +    uint8_t slot_number;
> +} __attribute__ ((packed));
> +
> +/* event detail, returned from MFI_DCMD_CTRL_EVENT_WAIT. */
> +struct mfi_evt_detail {
> +    uint32_t seq;
> +    uint32_t time;
> +    uint32_t code;
> +    union mfi_evt class;
> +    uint8_t arg_type;
> +    uint8_t reserved1[15];
> +
> +    union {
> +        struct {
> +            struct mfi_evt_pd pd;
> +            uint8_t cdb_len;
> +            uint8_t sense_len;
> +            uint8_t reserved[2];
> +            uint8_t cdb[16];
> +            uint8_t sense[64];
> +        } cdb_sense;
> +
> +        struct mfi_evt_ld ld;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint64_t count;
> +        } ld_count;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_ld ld;
> +        } ld_lba;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint32_t pre_owner;
> +            uint32_t new_owner;
> +        } ld_owner;
> +
> +        struct {
> +            uint64_t ld_lba;
> +            uint64_t pd_lba;
> +            struct mfi_evt_ld ld;
> +            struct mfi_evt_pd pd;
> +        } ld_lba_pd_lba;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            struct mfi_progress prog;
> +        } ld_prog;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint32_t prev_state;
> +            uint32_t new_state;
> +        } ld_state;
> +
> +        struct {
> +            uint64_t strip;
> +            struct mfi_evt_ld ld;
> +        } ld_strip;
> +
> +        struct mfi_evt_pd pd;
> +
> +        struct {
> +            struct mfi_evt_pd pd;
> +            uint32_t err;
> +        } pd_err;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_pd pd;
> +        } pd_lba;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_pd pd;
> +            struct mfi_evt_ld ld;
> +        } pd_lba_ld;
> +
> +        struct {
> +            struct mfi_evt_pd pd;
> +            struct mfi_progress prog;
> +        } pd_prog;
> +
> +        struct {
> +            struct mfi_evt_pd ld;
> +            uint32_t prev_state;
> +            uint32_t new_state;
> +        } pd_state;
> +
> +        struct {
> +            uint16_t venderId;
> +            uint16_t deviceId;
> +            uint16_t subVenderId;
> +            uint16_t subDeviceId;
> +        } pci;
> +
> +        uint32_t rate;
> +
> +        char str[96];
> +
> +        struct {
> +            uint32_t rtc;
> +            uint16_t elapsedSeconds;
> +        } time;
> +
> +        struct {
> +            uint32_t ecar;
> +            uint32_t elog;
> +            char str[64];
> +        } ecc;
> +
> +        uint8_t b[96];
> +        uint16_t s[48];
> +        uint32_t w[24];
> +        uint64_t d[12];
> +    } args;
> +
> +    char description[128];
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_list {
> +    uint32_t count;
> +    uint32_t reserved;
> +    struct mfi_evt_detail event[1];
> +} __attribute__ ((packed));
> +
> +union mfi_pd_ref {
> +    struct {
> +        uint16_t device_id;
> +        uint16_t seq_num;
> +    } v;
> +    uint32_t ref;
> +} __attribute__ ((packed));
> +
> +union mfi_pd_ddf_type {
> +    struct {
> +        union {
> +            struct {
> +                uint16_t forced_pd_guid:1,
> +                    in_vd:1,
> +                    is_global_spare:1,
> +                    is_spare:1,
> +                    is_foreign:1,
> +                    reserved:7,
> +                    intf:4;
> +            } pd_type;
> +            uint16_t type;
> +        } v;
> +        uint16_t reserved;
> +    } ddf;
> +    struct {
> +        uint32_t reserved;
> +    } non_disk;
> +    uint32_t type;
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_progress {
> +    struct {
> +        uint32_t rbld:1,
> +            patrol:1 ,
> +            clear:1,
> +            reserved:29;
> +    } active;
> +    struct mfi_progress rbld;
> +    struct mfi_progress patrol;
> +    struct mfi_progress clear;
> +    struct mfi_progress reserved[4];
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_info {
> +    union mfi_pd_ref ref;
> +    uint8_t inquiry_data[96];
> +    uint8_t vpd_page83[64];
> +    uint8_t not_supported;
> +    uint8_t scsi_dev_type;
> +    uint8_t connected_port_bitmap;
> +    uint8_t device_speed;
> +    uint32_t media_err_count;
> +    uint32_t other_err_count;
> +    uint32_t pred_fail_count;
> +    uint32_t last_pred_fail_event_seq_num;
> +    uint16_t fw_state;
> +    uint8_t disable_for_removal;
> +    uint8_t link_speed;
> +    union mfi_pd_ddf_type state;
> +    struct {
> +        uint8_t count;
> +        uint8_t is_path_broken;
> +        uint8_t reserved[6];
> +        uint64_t sas_addr[4];
> +    } path_info;
> +    uint64_t raw_size;
> +    uint64_t non_coerced_size;
> +    uint64_t coerced_size;
> +    uint16_t encl_device_id;
> +    uint8_t encl_index;
> +    uint8_t slot_number;
> +    struct mfi_pd_progress prog_info;
> +    uint8_t bad_block_table_full;
> +    uint8_t unusable_in_current_config;
> +    uint8_t vpd_page83_ext[64];
> +    uint8_t reserved[512-358];
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_address {
> +    uint16_t device_id;
> +    uint16_t encl_device_id;
> +    uint8_t encl_index;
> +    uint8_t slot_number;
> +    uint8_t scsi_dev_type;
> +    uint8_t connect_port_bitmap;
> +    uint64_t sas_addr[2];
> +} __attribute__ ((packed));
> +
> +#define MAX_SYS_PDS 240
> +struct mfi_pd_list {
> +    uint32_t size;
> +    uint32_t count;
> +    struct mfi_pd_address addr[MAX_SYS_PDS];
> +} __attribute__ ((packed));
> +
> +union mfi_ld_ref {
> +    struct {
> +        uint8_t target_id;
> +        uint8_t reserved;
> +        uint16_t seq;
> +    } v;
> +    uint32_t ref;
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_list {
> +    uint32_t ld_count;
> +    uint32_t reserved1;
> +    struct {
> +        union mfi_ld_ref ld;
> +        uint8_t state;
> +        uint8_t reserved2[3];
> +        uint64_t size;
> +    } ld_list[MFI_MAX_LD];
> +} __attribute__ ((packed));
> +
> +enum mfi_ld_access {
> +    MFI_LD_ACCESS_RW =          0,
> +    MFI_LD_ACCSSS_RO =          2,
> +    MFI_LD_ACCESS_BLOCKED =     3,
> +};
> +#define MFI_LD_ACCESS_MASK      3
> +
> +enum mfi_ld_state {
> +    MFI_LD_STATE_OFFLINE =              0,
> +    MFI_LD_STATE_PARTIALLY_DEGRADED =   1,
> +    MFI_LD_STATE_DEGRADED =             2,
> +    MFI_LD_STATE_OPTIMAL =              3
> +};
> +
> +enum mfi_syspd_state {
> +    MFI_PD_STATE_UNCONFIGURED_GOOD =    0x00,
> +    MFI_PD_STATE_UNCONFIGURED_BAD =     0x01,
> +    MFI_PD_STATE_HOT_SPARE =            0x02,
> +    MFI_PD_STATE_OFFLINE =              0x10,
> +    MFI_PD_STATE_FAILED =               0x11,
> +    MFI_PD_STATE_REBUILD =              0x14,
> +    MFI_PD_STATE_ONLINE =               0x18,
> +    MFI_PD_STATE_COPYBACK =             0x20,
> +    MFI_PD_STATE_SYSTEM =               0x40
> +};
> +
> +struct mfi_ld_props {
> +    union mfi_ld_ref ld;
> +    char name[16];
> +    uint8_t default_cache_policy;
> +    uint8_t access_policy;
> +    uint8_t disk_cache_policy;
> +    uint8_t current_cache_policy;
> +    uint8_t no_bgi;
> +    uint8_t reserved[7];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_params {
> +    uint8_t primary_raid_level;
> +    uint8_t raid_level_qualifier;
> +    uint8_t secondary_raid_level;
> +    uint8_t stripe_size;
> +    uint8_t num_drives;
> +    uint8_t span_depth;
> +    uint8_t state;
> +    uint8_t init_state;
> +    uint8_t is_consistent;
> +    uint8_t reserved[23];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_progress {
> +    uint32_t            active;
> +#define MFI_LD_PROGRESS_CC      (1<<0)
> +#define MFI_LD_PROGRESS_BGI     (1<<1)
> +#define MFI_LD_PROGRESS_FGI     (1<<2)
> +#define MFI_LD_PORGRESS_RECON   (1<<3)
> +    struct mfi_progress cc;
> +    struct mfi_progress bgi;
> +    struct mfi_progress fgi;
> +    struct mfi_progress recon;
> +    struct mfi_progress reserved[4];
> +} __attribute__ ((packed));
> +
> +struct mfi_span {
> +    uint64_t start_block;
> +    uint64_t num_blocks;
> +    uint16_t array_ref;
> +    uint8_t reserved[6];
> +} __attribute__ ((packed));
> +
> +#define MFI_MAX_SPAN_DEPTH      8
> +struct mfi_ld_config {
> +    struct mfi_ld_props properties;
> +    struct mfi_ld_params params;
> +    struct mfi_span span[MFI_MAX_SPAN_DEPTH];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_info {
> +    struct mfi_ld_config ld_config;
> +    uint64_t size;
> +    struct mfi_ld_progress progress;
> +    uint16_t cluster_owner;
> +    uint8_t reconstruct_active;
> +    uint8_t reserved1[1];
> +    uint8_t vpd_page83[64];
> +    uint8_t reserved2[16];
> +} __attribute__ ((packed));
> +
> +union mfi_spare_type {
> +    struct {
> +        uint8_t is_dedicate:1,
> +            is_revertable:1,
> +            is_encl_affinity:1,
> +            reserved:5;
> +    } v;
> +    uint8_t type;
> +} __attribute__ ((packed));
> +
> +#define MAX_ARRAYS 16
> +struct mfi_spare {
> +    union mfi_pd_ref ref;
> +    union mfi_spare_type spare_type;
> +    uint8_t reserved[2];
> +    uint8_t array_count;
> +    uint16_t array_refd[MAX_ARRAYS];
> +} __attribute__ ((packed));
> +
> +#define MAX_ROW_SIZE 32
> +struct mfi_array {
> +    uint64_t size;
> +    uint8_t num_drives;
> +    uint8_t reserved;
> +    uint16_t array_ref;
> +    uint8_t pad[20];
> +    struct {
> +        union mfi_pd_ref ref;
> +        uint16_t fw_state;
> +        struct {
> +            uint8_t pd;
> +            uint8_t slot;
> +        } encl;
> +    } pd[MAX_ROW_SIZE];
> +} __attribute__ ((packed));
> +
> +struct mfi_config_data {
> +    uint32_t size;
> +    uint16_t array_count;
> +    uint16_t array_size;
> +    uint16_t log_drv_count;
> +    uint16_t log_drv_size;
> +    uint16_t spares_count;
> +    uint16_t spares_size;
> +    uint8_t reserved[16];
> +    uint8_t data;
> +    /*
> +      struct mfi_array  array[];
> +      struct mfi_ld_config ld[];
> +      struct mfi_spare  spare[];
> +    */
> +} __attribute__ ((packed));
> +
> +#define MFI_SCSI_MAX_t ARGETS  128
> +#define MFI_SCSI_MAX_LUNS       8
> +#define MFI_SCSI_INITIATOR_ID 255
> +#define MFI_SCSI_MAX_CMDS       8
> +#define MFI_SCSI_MAX_CDB_LEN   16
> +
> +#endif /* _MFI_H */
> diff --git a/hw/pci_ids.h b/hw/pci_ids.h
> index 83f3893..73fb46a 100644
> --- a/hw/pci_ids.h
> +++ b/hw/pci_ids.h
> @@ -12,9 +12,9 @@
> 
> #define PCI_BASE_CLASS_STORAGE           0x01
> #define PCI_BASE_CLASS_NETWORK           0x02
> -
> #define PCI_CLASS_STORAGE_SCSI           0x0100
> #define PCI_CLASS_STORAGE_IDE            0x0101
> +#define PCI_CLASS_STORAGE_RAID           0x0104
> #define PCI_CLASS_STORAGE_SATA           0x0106
> #define PCI_CLASS_STORAGE_OTHER          0x0180
> 
> @@ -47,6 +47,7 @@
> 
> #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
> #define PCI_DEVICE_ID_LSI_53C895A        0x0012
> +#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
> 
> #define PCI_VENDOR_ID_DEC                0x1011
> #define PCI_DEVICE_ID_DEC_21154          0x0026
> -- 
> 1.7.3.4
>

Patch

diff --git a/Makefile.objs b/Makefile.objs
index 4f6d26c..3bb2e57 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -275,6 +275,7 @@  hw-obj-$(CONFIG_AHCI) += ide/ich.o
 
 # SCSI layer
 hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
+hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
 hw-obj-$(CONFIG_ESP) += esp.o
 
 hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 22bd350..fabb56c 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -9,6 +9,7 @@  CONFIG_EEPRO100_PCI=y
 CONFIG_PCNET_PCI=y
 CONFIG_PCNET_COMMON=y
 CONFIG_LSI_SCSI_PCI=y
+CONFIG_MEGASAS_SCSI_PCI=y
 CONFIG_RTL8139_PCI=y
 CONFIG_E1000_PCI=y
 CONFIG_IDE_CORE=y
diff --git a/hw/megasas.c b/hw/megasas.c
new file mode 100644
index 0000000..69dac2e
--- /dev/null
+++ b/hw/megasas.c
@@ -0,0 +1,1863 @@ 
+/*
+ * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
+ *
+ * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw.h"
+#include "pci.h"
+#include "dma.h"
+#include "msix.h"
+#include "iov.h"
+#include "scsi.h"
+#include "scsi-defs.h"
+#include "block_int.h"
+
+#include "mfi.h"
+
+/* Static definitions */
+#define MEGASAS_VERSION "1.50"
+#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
+#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
+#define MEGASAS_MAX_SGE 128             /* Firmware limit */
+#define MEGASAS_DEFAULT_SGE 80
+#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
+#define MEGASAS_MAX_ARRAYS 128
+
+#define MEGASAS_FLAG_USE_JBOD      0x00000001
+#define MEGASAS_FLAG_USE_MSIX      0x00000002
+#define MEGASAS_FLAG_USE_QUEUE64   0x00000004
+
+const char *megasas_raid_modes[] = {
+    "raid", "jbod"
+};
+
+const char *mfi_frame_desc[] = {
+    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
+    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
+
+struct megasas_cmd_t {
+    uint32_t index;
+    uint16_t flags;
+    uint16_t count;
+    uint64_t context;
+
+    target_phys_addr_t pa;
+    target_phys_addr_t pa_size;
+    union mfi_frame *frame;
+    SCSIRequest *req;
+    struct iovec iov[MEGASAS_MAX_SGE];
+    int iov_cnt;
+    size_t iov_size;
+    size_t iov_offset;
+    struct megasas_state_t *state;
+};
+
+typedef struct megasas_state_t {
+    PCIDevice dev;
+    MemoryRegion mmio_io;
+    MemoryRegion port_io;
+    MemoryRegion queue_io;
+    MemoryRegion msix_io;
+    uint32_t frame_hi;
+
+    int fw_state;
+    uint32_t fw_sge;
+    uint32_t fw_cmds;
+    uint32_t flags;
+    int fw_luns;
+    int intr_mask;
+    int doorbell;
+    int busy;
+    char *raid_mode_str;
+
+    struct megasas_cmd_t *event_cmd;
+    int event_locale;
+    int event_class;
+    int event_count;
+    int shutdown_event;
+    int boot_event;
+
+    uint64_t reply_queue_pa;
+    void *reply_queue;
+    int reply_queue_len;
+    int reply_queue_index;
+    uint64_t consumer_pa;
+    uint64_t producer_pa;
+
+    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
+
+    SCSIBus bus;
+} MPTState;
+
+#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
+
+static bool megasas_intr_enabled(MPTState *s)
+{
+    if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
+        MEGASAS_INTR_DISABLED_MASK) {
+        return true;
+    }
+    return false;
+}
+
+static bool megasas_use_queue64(MPTState *s)
+{
+    return s->flags & MEGASAS_FLAG_USE_QUEUE64;
+}
+
+static bool megasas_use_msix(MPTState *s)
+{
+    return s->flags & MEGASAS_FLAG_USE_MSIX;
+}
+
+static bool megasas_is_jbod(MPTState *s)
+{
+    return s->flags & MEGASAS_FLAG_USE_JBOD;
+}
+
+static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
+{
+    stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
+}
+
+static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
+{
+    stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
+}
+
+static uint8_t megasas_frame_get_cmd(unsigned long frame)
+{
+    return ldub_phys(frame + offsetof(struct mfi_frame_header, frame_cmd));
+}
+
+/*
+ * Context is considered opaque, but the emulation is running
+ * in little endian mode. So convert it to little endian, too.
+ */
+static uint32_t megasas_frame_get_context(unsigned long frame)
+{
+    return ldl_le_phys(frame + offsetof(struct mfi_frame_header, context));
+}
+
+static uint64_t megasas_frame_get_context64(unsigned long frame)
+{
+    return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
+}
+
+static bool megasas_frame_is_ieee_sgl(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_IEEE_SGL;
+}
+
+static bool megasas_frame_is_sgl64(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_SGL64;
+}
+
+static bool megasas_frame_is_write(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_DIR_WRITE;
+}
+
+static bool megasas_frame_is_sense64(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_SENSE64;
+}
+
+static uint64_t megasas_sgl_get_addr(struct megasas_cmd_t *cmd,
+                                     union mfi_sgl *sgl)
+{
+    uint64_t addr;
+
+    if (megasas_frame_is_ieee_sgl(cmd)) {
+        addr = le64_to_cpu(sgl->sg_skinny->addr);
+    } else if (megasas_frame_is_sgl64(cmd)) {
+        addr = le64_to_cpu(sgl->sg64->addr);
+    } else {
+        addr = le32_to_cpu(sgl->sg32->addr);
+    }
+    return addr;
+}
+
+static uint32_t megasas_sgl_get_len(struct megasas_cmd_t *cmd,
+                                    union mfi_sgl *sgl)
+{
+    uint32_t len;
+
+    if (megasas_frame_is_ieee_sgl(cmd)) {
+        len = le32_to_cpu(sgl->sg_skinny->len);
+    } else if (megasas_frame_is_sgl64(cmd)) {
+        len = le32_to_cpu(sgl->sg64->len);
+    } else {
+        len = le32_to_cpu(sgl->sg32->len);
+    }
+    return len;
+}
+
+static union mfi_sgl *megasas_sgl_next(struct megasas_cmd_t *cmd,
+                                       union mfi_sgl *sgl)
+{
+    uint8_t *next = (uint8_t *)sgl;
+
+    if (megasas_frame_is_ieee_sgl(cmd)) {
+        next += sizeof(struct mfi_sg_skinny);
+    } else if (megasas_frame_is_sgl64(cmd)) {
+        next += sizeof(struct mfi_sg64);
+    } else {
+        next += sizeof(struct mfi_sg32);
+    }
+
+    if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
+        return NULL;
+    }
+    return (union mfi_sgl *)next;
+}
+
+static void megasas_soft_reset(MPTState *s);
+
+static int megasas_map_sgl(struct megasas_cmd_t *cmd, union mfi_sgl *sgl)
+{
+    int i;
+    int is_write;
+    int iov_count = 0;
+    size_t iov_size = 0;
+
+    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
+    cmd->iov_cnt = iov_count = cmd->frame->header.sge_count;
+    if (cmd->iov_cnt > MEGASAS_MAX_SGE) {
+        cmd->iov_cnt = 0;
+        return iov_count;
+    }
+    is_write = megasas_frame_is_write(cmd);
+    for (i = 0; i < cmd->iov_cnt; i++) {
+        target_phys_addr_t iov_pa, iov_size_p;
+
+        if (!sgl) {
+            goto unmap;
+        }
+        iov_pa = megasas_sgl_get_addr(cmd, sgl);
+        cmd->iov[i].iov_len = iov_size_p = megasas_sgl_get_len(cmd, sgl);
+        if (!iov_pa || !iov_size_p) {
+            goto unmap;
+        }
+        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa, &iov_size_p,
+                                                       is_write);
+        if (!iov_size_p || iov_size_p != cmd->iov[i].iov_len) {
+            if (cmd->iov[i].iov_base) {
+                cpu_physical_memory_unmap(cmd->iov[i].iov_base,
+                                          iov_size_p, 0, 0);
+            }
+            goto unmap;
+        }
+        sgl = megasas_sgl_next(cmd, sgl);
+        iov_size += cmd->iov[i].iov_len;
+        iov_count--;
+    }
+    cmd->iov[i].iov_base = NULL;
+    cmd->iov[i].iov_len = 0;
+    cmd->iov_offset = 0;
+    return 0;
+unmap:
+    while (i > 0) {
+        cpu_physical_memory_unmap(cmd->iov[i-1].iov_base,
+                                  cmd->iov[i-1].iov_len, 0, 0);
+        i--;
+    }
+    cmd->iov_cnt = 0;
+    return iov_count;
+}
+
+static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
+{
+    int i, is_write = megasas_frame_is_write(cmd);
+
+    for (i = 0; i < cmd->iov_cnt; i++) {
+        cpu_physical_memory_unmap(cmd->iov[i].iov_base, cmd->iov[i].iov_len,
+                                  is_write, cmd->iov[i].iov_len);
+    }
+    cmd->iov_cnt = 0;
+    cmd->iov_offset = 0;
+}
+
+/*
+ * passthrough sense and io sense are at the same offset
+ */
+static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t *sense_ptr,
+    uint8_t sense_len)
+{
+    uint32_t pa_hi = 0, pa_lo;
+    target_phys_addr_t pa;
+
+    if (sense_len > cmd->frame->header.sense_len) {
+        sense_len = cmd->frame->header.sense_len;
+    }
+
+    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
+    if (megasas_frame_is_sense64(cmd)) {
+        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
+    }
+    pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    cpu_physical_memory_write(pa, sense_ptr, sense_len);
+    cmd->frame->header.sense_len = sense_len;
+    return sense_len;
+}
+
+static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense sense)
+{
+    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
+    uint8_t sense_len = 18;
+
+    memset(sense_buf, 0, sense_len);
+    sense_buf[0] = 0xf0;
+    sense_buf[2] = sense.key;
+    sense_buf[7] = 10;
+    sense_buf[12] = sense.asc;
+    sense_buf[13] = sense.ascq;
+    megasas_build_sense(cmd, sense_buf, sense_len);
+}
+
+static void megasas_copy_sense(struct megasas_cmd_t *cmd)
+{
+    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
+    uint8_t sense_len;
+
+    sense_len = scsi_req_get_sense(cmd->req, sense_buf,
+                                   cmd->frame->header.sense_len);
+    megasas_build_sense(cmd, sense_buf, sense_len);
+}
+
+/*
+ * Format an INQUIRY CDB
+ */
+static int megasas_setup_inquiry(uint8_t *cdb, int pg,
+                                 uint8_t *buf, int len)
+{
+    memset(cdb, 0, 6);
+    cdb[0] = INQUIRY;
+    if (pg > 0) {
+        cdb[1] = 0x1;
+        cdb[2] = pg;
+    }
+    cdb[3] = (len >> 8) & 0xff;
+    cdb[4] = (len & 0xff);
+    return len;
+}
+
+/*
+ * Encode lba and len into a READ_16/WRITE_16 CDB
+ */
+static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
+                               uint32_t len, int is_write)
+{
+    memset(cdb, 0x0, 16);
+    if (is_write) {
+        cdb[0] = WRITE_16;
+    } else {
+        cdb[0] = READ_16;
+    }
+    cdb[2] = (lba >> 56) & 0xff;
+    cdb[3] = (lba >> 48) & 0xff;
+    cdb[4] = (lba >> 40) & 0xff;
+    cdb[5] = (lba >> 32) & 0xff;
+    cdb[6] = (lba >> 24) & 0xff;
+    cdb[7] = (lba >> 16) & 0xff;
+    cdb[8] = (lba >> 8) & 0xff;
+    cdb[9] = (lba) & 0xff;
+    cdb[10] = (len >> 24) & 0xff;
+    cdb[11] = (len >> 16) & 0xff;
+    cdb[12] = (len >> 8) & 0xff;
+    cdb[13] = (len) & 0xff;
+}
+
+/*
+ * Utility functions
+ */
+static uint64_t megasas_fw_time(void)
+{
+    struct tm curtime;
+    uint64_t bcd_time;
+
+    qemu_get_timedate(&curtime, 0);
+    bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
+        ((uint64_t)curtime.tm_min & 0xff)  << 40 |
+        ((uint64_t)curtime.tm_hour & 0xff) << 32 |
+        ((uint64_t)curtime.tm_mday & 0xff) << 24 |
+        ((uint64_t)curtime.tm_mon & 0xff)  << 16 |
+        ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
+
+    return bcd_time;
+}
+
+static uint64_t megasas_gen_sas_addr(uint64_t id)
+{
+    uint64_t addr;
+
+    addr = 0x5001a4aULL << 36;
+    addr |= id & 0xfffffffff;
+
+    return addr;
+}
+
+/*
+ * Frame handling
+ */
+static inline int megasas_next_index(MPTState *s, int index, int limit)
+{
+    index++;
+    if (index == limit) {
+        index = 0;
+    }
+    return index;
+}
+
+static inline struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
+    target_phys_addr_t frame)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int num = 0, index;
+
+    index = s->reply_queue_index;
+
+    while (num < s->fw_cmds) {
+        if (s->frames[index].pa && s->frames[index].pa == frame) {
+            cmd = &s->frames[index];
+            break;
+        }
+        index = megasas_next_index(s, index, s->fw_cmds);
+        num++;
+    }
+
+    return cmd;
+}
+
+static inline struct megasas_cmd_t *megasas_next_frame(MPTState *s,
+    target_phys_addr_t frame)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int num = 0, index;
+
+    cmd = megasas_lookup_frame(s, frame);
+    if (cmd) {
+        return cmd;
+    }
+    index = s->reply_queue_index;
+    num = 0;
+    while (num < s->fw_cmds) {
+        if (!s->frames[index].pa) {
+            cmd = &s->frames[index];
+            break;
+        }
+        index = megasas_next_index(s, index, s->fw_cmds);
+        num++;
+    }
+    return cmd;
+}
+
+static struct megasas_cmd_t *
+megasas_enqueue_frame(MPTState *s, target_phys_addr_t frame,
+                      uint64_t context, int count)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int frame_size = MFI_FRAME_SIZE * 16;
+    target_phys_addr_t frame_size_p = frame_size;
+
+    cmd = megasas_next_frame(s, frame);
+    /* All frames busy */
+    if (!cmd) {
+        return NULL;
+    }
+    if (!cmd->pa) {
+        cmd->pa = frame;
+        /* Map all possible frames */
+        cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
+        if (frame_size_p != frame_size) {
+            if (cmd->frame) {
+                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
+                cmd->frame = NULL;
+                cmd->pa = 0;
+            }
+            s->event_count++;
+            return NULL;
+        }
+        cmd->pa_size = frame_size_p;
+        cmd->context = context;
+    }
+    cmd->count = count;
+    s->busy++;
+
+    return cmd;
+}
+
+static void megasas_complete_frame(MPTState *s, uint64_t context)
+{
+    int tail, queue_offset;
+
+    /* Decrement busy count */
+    s->busy--;
+
+    if (!megasas_intr_enabled(s)) {
+        return;
+    }
+
+    /*
+     * Put command on the reply queue.
+     * Context is opaque, but emulation is running in
+     * little endian. So convert it.
+     */
+    tail = s->reply_queue_index;
+    if (megasas_use_queue64(s)) {
+        queue_offset = tail * sizeof(uint64_t);
+        stq_le_phys(s->reply_queue_pa + queue_offset, context);
+    } else {
+        queue_offset = tail * sizeof(uint32_t);
+        stl_le_phys(s->reply_queue_pa + queue_offset, context);
+    }
+
+    s->reply_queue_index = megasas_next_index(s, tail, s->fw_cmds);
+
+    /* Notify HBA */
+    s->doorbell++;
+    if (s->doorbell == 1) {
+        if (msix_enabled(&s->dev)) {
+            msix_notify(&s->dev, 0);
+        } else {
+            qemu_irq_raise(s->dev.irq[0]);
+        }
+    }
+}
+
+static void megasas_reset_frames(MPTState *s)
+{
+    int i;
+    struct megasas_cmd_t *cmd;
+
+    for (i = 0; i < s->fw_cmds; i++) {
+        cmd = &s->frames[i];
+        if (cmd->pa) {
+            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
+            cmd->frame = NULL;
+            cmd->pa = 0;
+        }
+    }
+}
+
+static void megasas_abort_command(struct megasas_cmd_t *cmd)
+{
+    if (cmd->req) {
+        scsi_req_abort(cmd->req, ABORTED_COMMAND);
+        cmd->req = NULL;
+    }
+}
+
+static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint32_t pa_hi, pa_lo, iq_pl;
+    target_phys_addr_t iq_pa, initq_size;
+    struct mfi_init_qinfo *initq;
+    uint32_t reply_queue_tail, flags;
+    int ret = MFI_STAT_OK;
+
+    iq_pl = le32_to_cpu(cmd->frame->init.header.data_len);
+    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
+    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
+    iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
+    initq_size = sizeof(*initq);
+    initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
+    if (initq_size != sizeof(*initq)) {
+        if (initq) {
+            cpu_physical_memory_unmap(initq, initq_size, 0, 0);
+        }
+        s->event_count++;
+        ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
+        goto out;
+    }
+    s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
+    if (s->reply_queue_len > s->fw_cmds) {
+        s->event_count++;
+        ret = MFI_STAT_INVALID_PARAMETER;
+        goto out;
+    }
+    pa_lo = le32_to_cpu(initq->rq_addr_lo);
+    pa_hi = le32_to_cpu(initq->rq_addr_hi);
+    s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    pa_lo = le32_to_cpu(initq->ci_addr_lo);
+    pa_hi = le32_to_cpu(initq->ci_addr_hi);
+    s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    pa_lo = le32_to_cpu(initq->pi_addr_lo);
+    pa_hi = le32_to_cpu(initq->pi_addr_hi);
+    s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    s->reply_queue_index = ldl_le_phys(s->producer_pa);
+    reply_queue_tail = ldl_le_phys(s->consumer_pa);
+    flags = le32_to_cpu(initq->flags);
+    if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
+        s->flags |= MEGASAS_FLAG_USE_QUEUE64;
+    }
+    megasas_reset_frames(s);
+    s->fw_state = MFI_FWSTATE_OPERATIONAL;
+out:
+    cpu_physical_memory_unmap(initq, initq_size, 0, 0);
+    return ret;
+}
+
+static int megasas_map_dcmd(struct megasas_cmd_t *cmd)
+{
+    target_phys_addr_t iov_pa, iov_size;
+
+    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
+    if (!cmd->frame->header.sge_count) {
+        cmd->iov_size = 0;
+        cmd->iov_cnt = 0;
+        return 0;
+    } else if (cmd->frame->header.sge_count > 1) {
+        cmd->iov_size = 0;
+        cmd->iov_cnt = 0;
+        return -1;
+    }
+    iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
+    iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
+    cmd->iov[0].iov_len = iov_size;
+    cmd->iov[0].iov_base = cpu_physical_memory_map(iov_pa, &iov_size, 1);
+    if (cmd->iov[0].iov_len != iov_size) {
+        if (cmd->iov[0].iov_base) {
+            cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size, 1, 0);
+        }
+        cmd->iov_size = 0;
+        cmd->iov_cnt = 0;
+        return -1;
+    }
+    cmd->iov_cnt = 1;
+    cmd->iov_size = iov_size;
+    return cmd->iov_size;
+}
+
+static int megasas_finish_dcmd(struct megasas_cmd_t *cmd)
+{
+    uint32_t iov_size = cmd->iov[0].iov_len;
+
+    if (!cmd->iov_cnt) {
+        return 0;
+    }
+
+    cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size,
+                              1, cmd->iov_size);
+
+    cmd->iov_cnt = 0;
+    if (iov_size > cmd->iov_size) {
+        if (megasas_frame_is_ieee_sgl(cmd)) {
+            cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
+        } else if (megasas_frame_is_sgl64(cmd)) {
+            cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
+        } else {
+            cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
+        }
+    }
+    cmd->iov_size = 0;
+    return iov_size;
+}
+
+static int megasas_ctrl_get_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ctrl_info *info = cmd->iov[0].iov_base;
+    DeviceState *qdev;
+    int num_ld_disks = 0;
+
+    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
+        num_ld_disks++;
+    }
+
+    memset(info, 0x0, cmd->iov_size);
+    if (cmd->iov_size < sizeof(struct mfi_ctrl_info)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    info->pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
+    info->pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
+    info->pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
+    info->pci.subdevice = cpu_to_le16(0x1013);
+
+    info->host.type = MFI_INFO_HOST_PCIX;
+    info->device.type = MFI_INFO_DEV_SAS3G;
+    info->device.port_count = 2;
+    info->device.port_addr[0] = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
+
+    memcpy(info->product_name, "MegaRAID SAS 8708EM2", 20);
+    snprintf(info->serial_number, 32, "QEMU%08lx",
+             (unsigned long)s & 0xFFFFFFFF);
+    snprintf(info->package_version, 0x60, "%s-QEMU", QEMU_VERSION);
+    memcpy(info->image_component[0].name, "APP", 8);
+    memcpy(info->image_component[0].version, MEGASAS_VERSION "-QEMU", 32);
+    memcpy(info->image_component[0].build_date, __DATE__, 16);
+    memcpy(info->image_component[0].build_time, __TIME__, 16);
+    info->image_component_count = 1;
+    info->current_fw_time = cpu_to_le32(megasas_fw_time());
+    info->max_arms = 32;
+    info->max_spans = 8;
+    info->max_arrays = MEGASAS_MAX_ARRAYS;
+    info->max_lds = s->fw_luns;
+    info->max_cmds = cpu_to_le16(s->fw_cmds);
+    info->max_sg_elements = cpu_to_le16(s->fw_sge);
+    info->max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
+    info->lds_present = cpu_to_le16(num_ld_disks);
+    info->pd_present = cpu_to_le16(num_ld_disks + 1);
+    info->pd_disks_present = cpu_to_le16(num_ld_disks);
+    info->hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
+                                   MFI_INFO_HW_MEM |
+                                   MFI_INFO_HW_FLASH);
+    info->memory_size = cpu_to_le16(512);
+    info->nvram_size = cpu_to_le16(32);
+    info->flash_size = cpu_to_le16(16);
+    info->raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
+    info->adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
+                                    MFI_INFO_AOPS_SELF_DIAGNOSTIC |
+                                    MFI_INFO_AOPS_MIXED_ARRAY);
+    info->ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
+                               MFI_INFO_LDOPS_ACCESS_POLICY |
+                               MFI_INFO_LDOPS_IO_POLICY |
+                               MFI_INFO_LDOPS_WRITE_POLICY |
+                               MFI_INFO_LDOPS_READ_POLICY);
+    info->max_strips_per_io = cpu_to_le16(s->fw_sge);
+    info->stripe_sz_ops.min = 3;
+    info->stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
+    info->properties.pred_fail_poll_interval = cpu_to_le16(300);
+    info->properties.intr_throttle_cnt = cpu_to_le16(16);
+    info->properties.intr_throttle_timeout = cpu_to_le16(50);
+    info->properties.rebuild_rate = 30;
+    info->properties.patrol_read_rate = 30;
+    info->properties.bgi_rate = 30;
+    info->properties.cc_rate = 30;
+    info->properties.recon_rate = 30;
+    info->properties.cache_flush_interval = 4;
+    info->properties.spinup_drv_cnt = 2;
+    info->properties.spinup_delay = 6;
+    info->properties.ecc_bucket_size = 15;
+    info->properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
+    info->properties.expose_encl_devices = 1;
+    info->properties.OnOffProperties.enableJBOD = 1;
+    info->pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
+                               MFI_INFO_PDOPS_FORCE_OFFLINE);
+    info->pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
+                                       MFI_INFO_PDMIX_SATA |
+                                       MFI_INFO_PDMIX_LD);
+    cmd->iov_size = sizeof(struct mfi_ctrl_info);
+    return MFI_STAT_OK;
+}
+
+static int megasas_mfc_get_defaults(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_defaults *info = cmd->iov[0].iov_base;
+
+    memset(info, 0x0, cmd->iov_size);
+    if (cmd->iov_size < sizeof(struct mfi_defaults)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    info->sas_addr = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
+    info->stripe_size = 3;
+    info->flush_time = 4;
+    info->background_rate = 30;
+    info->allow_mix_in_enclosure = 1;
+    info->allow_mix_in_ld = 1;
+    info->direct_pd_mapping = 1;
+    /* Enable for BIOS support */
+    info->bios_enumerate_lds = 1;
+    info->disable_ctrl_r = 1;
+    info->expose_enclosure_devices = 1;
+    info->disable_preboot_cli = 1;
+    info->cluster_disable = 1;
+
+    cmd->iov_size = sizeof(struct mfi_defaults);
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_get_bios_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_bios_data *info = cmd->iov[0].iov_base;
+
+    memset(info, 0x0, cmd->iov_size);
+    if (cmd->iov_size < sizeof(struct mfi_bios_data)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+    info->continue_on_error = 1;
+    info->verbose = 1;
+    if (megasas_is_jbod(s)) {
+        info->expose_all_drives = 1;
+    }
+
+    cmd->iov_size = sizeof(struct mfi_bios_data);
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_get_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint64_t fw_time;
+
+    fw_time = cpu_to_le64(megasas_fw_time());
+
+    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
+    cmd->iov_size = sizeof(fw_time);
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_set_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint64_t fw_time;
+
+    memset(cmd->iov[0].iov_base, 0x0, cmd->iov_size);
+    memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
+
+    fw_time = cpu_to_le64(megasas_fw_time());
+    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
+    cmd->iov_size = sizeof(fw_time);
+    return MFI_STAT_OK;
+}
+
+static int megasas_event_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_evt_log_state *info = cmd->iov[0].iov_base;
+
+    memset(info, 0, cmd->iov_size);
+
+    info->newest_seq_num = cpu_to_le32(s->event_count);
+    info->shutdown_seq_num = cpu_to_le32(s->shutdown_event);
+    info->boot_seq_num = cpu_to_le32(s->boot_event);
+
+    cmd->iov_size = sizeof(struct mfi_evt_log_state);
+    return MFI_STAT_OK;
+}
+
+static int megasas_event_wait(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    union mfi_evt event;
+
+    if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+    s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
+    event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
+    s->event_locale = event.members.locale;
+    s->event_class = event.members.class;
+    s->event_cmd = cmd;
+    /* Decrease busy count; event frame doesn't count here */
+    s->busy--;
+    cmd->iov_size = sizeof(struct mfi_evt_detail);
+    return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_dcmd_pd_get_list(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_pd_list *info = cmd->iov[0].iov_base;
+    DeviceState *qdev;
+    uint32_t offset, num_pd_disks = 0, max_luns;
+    uint16_t dev_id;
+
+    memset(info, 0, cmd->iov_size);
+    offset = 8;
+    if (cmd->iov_size < (offset + sizeof(struct mfi_pd_address))) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    max_luns = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
+    if (max_luns > s->fw_luns) {
+        max_luns = s->fw_luns;
+    }
+
+    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
+        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
+
+        dev_id = sdev->id;
+        info->addr[num_pd_disks].device_id = cpu_to_le16(dev_id);
+        info->addr[num_pd_disks].encl_device_id = cpu_to_le16(dev_id);
+        info->addr[num_pd_disks].sas_addr[0] =
+            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
+        num_pd_disks++;
+        offset += sizeof(struct mfi_pd_address);
+    }
+
+    info->size = cpu_to_le32(offset);
+    info->count = cpu_to_le32(num_pd_disks);
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_pd_list_query(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint16_t flags;
+
+    /* mbox0 contains flags */
+    flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+
+    if (flags == MR_PD_QUERY_TYPE_ALL || megasas_is_jbod(s)) {
+        return megasas_dcmd_pd_get_list(s, cmd);
+    }
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
+                                      struct megasas_cmd_t *cmd)
+{
+    struct mfi_pd_info *info = cmd->iov[0].iov_base;
+    uint8_t cmdbuf[6];
+    SCSIRequest *req;
+    size_t len;
+
+    if (info->inquiry_data[4] == 0) {
+        /* Additional length is zero, resubmit */
+        megasas_setup_inquiry(cmdbuf, 0, info->inquiry_data,
+                              sizeof(info->inquiry_data));
+        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+        if (!req) {
+            return MFI_STAT_FLASH_ALLOC_FAIL;
+        }
+        len = scsi_req_enqueue(req);
+        if (len > 0) {
+            cmd->iov_size = len;
+            scsi_req_continue(req);
+        }
+        return MFI_STAT_INVALID_STATUS;
+    } else if (info->vpd_page83[3] == 0) {
+        /* Additional length is zero, resubmit */
+        megasas_setup_inquiry(cmdbuf, 0x83, (uint8_t *)info->vpd_page83,
+                              sizeof(info->vpd_page83));
+        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
+        if (!req) {
+            return MFI_STAT_FLASH_ALLOC_FAIL;
+        }
+        len = scsi_req_enqueue(req);
+        if (len > 0) {
+            cmd->iov_size = len;
+            scsi_req_continue(req);
+        }
+        return MFI_STAT_INVALID_STATUS;
+    }
+
+    /* Finished, set FW state */
+    if (megasas_is_jbod(cmd->state)) {
+        info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
+    } else {
+        info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
+    }
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_pd_get_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_pd_info *info = cmd->iov[0].iov_base;
+    uint64_t pd_size;
+    uint16_t pd_id;
+    SCSIDevice *sdev = NULL;
+    int retval = MFI_STAT_DEVICE_NOT_FOUND;
+
+    memset(info, 0, cmd->iov_size);
+    if (cmd->iov_size < sizeof(struct mfi_pd_info)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    /* mbox0 has the ID */
+    pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+    sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
+
+    if (sdev) {
+        BlockConf *conf = &sdev->conf;
+
+        info->ref.v.device_id = pd_id;
+        info->state.ddf.v.pd_type.in_vd = 1;
+        info->state.ddf.v.pd_type.intf = 0x2;
+        bdrv_get_geometry(conf->bs, &pd_size);
+        info->raw_size = cpu_to_le64(pd_size);
+        info->non_coerced_size = cpu_to_le64(pd_size);
+        info->coerced_size = cpu_to_le64(pd_size);
+        info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
+        info->path_info.count = 1;
+        info->path_info.sas_addr[0] =
+            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
+        /* Submit inquiry */
+        retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
+    }
+
+    return retval;
+}
+
+static int megasas_dcmd_ld_get_list(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ld_list *info = cmd->iov[0].iov_base;
+    uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
+    uint64_t ld_size;
+    int offset;
+    DeviceState *qdev;
+
+    memset(info, 0, cmd->iov_size);
+    if (cmd->iov_size < sizeof(struct mfi_ld_list)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    if (megasas_is_jbod(s)) {
+        max_ld_disks = 0;
+    }
+    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
+        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
+        BlockConf *conf = &sdev->conf;
+
+        bdrv_get_geometry(conf->bs, &ld_size);
+        ld_size *= 512;
+        info->ld_list[num_ld_disks].ld.v.target_id = sdev->id;
+        info->ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
+        info->ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
+        num_ld_disks++;
+        offset += 18;
+    }
+    info->ld_count = cpu_to_le32(num_ld_disks);
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
+                                      struct megasas_cmd_t *cmd)
+{
+    struct mfi_ld_info *info = cmd->iov[0].iov_base;
+    uint8_t cdb[6];
+    SCSIRequest *req;
+    ssize_t len;
+
+    if (info->vpd_page83[3] == 0) {
+        megasas_setup_inquiry(cdb, 0x83, (uint8_t *)info->vpd_page83,
+                              sizeof(info->vpd_page83));
+        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
+        if (!req) {
+            return MFI_STAT_FLASH_ALLOC_FAIL;
+        }
+        len = scsi_req_enqueue(req);
+        if (len > 0) {
+            cmd->iov_size = len;
+            scsi_req_continue(req);
+        }
+        return MFI_STAT_INVALID_STATUS;
+    }
+    info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_ld_get_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ld_info *info = cmd->iov[0].iov_base;
+    uint64_t ld_size;
+    uint16_t ld_id;
+    uint32_t max_ld_disks = s->fw_luns;
+    SCSIDevice *sdev = NULL;
+    int retval = MFI_STAT_DEVICE_NOT_FOUND;
+
+    memset(info, 0, cmd->iov_size);
+    if (cmd->iov_size < sizeof(struct mfi_ld_info)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    /* mbox0 has the ID */
+    ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+
+    if (megasas_is_jbod(s)) {
+        return MFI_STAT_DEVICE_NOT_FOUND;
+    }
+
+    if (ld_id < max_ld_disks) {
+        sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
+    }
+
+    if (sdev) {
+        BlockConf *conf = &sdev->conf;
+
+        info->ld_config.properties.ld.v.target_id = ld_id;
+        info->ld_config.params.stripe_size = 3;
+        info->ld_config.params.num_drives = 1;
+        info->ld_config.params.state = MFI_LD_STATE_OFFLINE;
+        info->ld_config.params.is_consistent = 1;
+        bdrv_get_geometry(conf->bs, &ld_size);
+        info->size = cpu_to_le64(ld_size);
+        retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
+    }
+
+    return retval;
+}
+
+static int megasas_dcmd_get_properties(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ctrl_props *info = cmd->iov[0].iov_base;
+
+    memset(info, 0x0, cmd->iov_size);
+    if (cmd->iov_size < sizeof(struct mfi_ctrl_props)) {
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+    info->pred_fail_poll_interval = cpu_to_le16(300);
+    info->intr_throttle_cnt = cpu_to_le16(16);
+    info->intr_throttle_timeout = cpu_to_le16(50);
+    info->rebuild_rate = 30;
+    info->patrol_read_rate = 30;
+    info->bgi_rate = 30;
+    info->cc_rate = 30;
+    info->recon_rate = 30;
+    info->cache_flush_interval = 4;
+    info->spinup_drv_cnt = 2;
+    info->spinup_delay = 6;
+    info->ecc_bucket_size = 15;
+    info->ecc_bucket_leak_rate = cpu_to_le16(1440);
+    info->expose_encl_devices = 1;
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_cache_flush(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    qemu_aio_flush();
+    return MFI_STAT_OK;
+}
+
+static int megasas_ctrl_shutdown(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    s->fw_state = MFI_FWSTATE_READY;
+    return MFI_STAT_OK;
+}
+
+static int megasas_cluster_reset_ld(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    return MFI_STAT_INVALID_DCMD;
+}
+
+static int megasas_dcmd_set_properties(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_dummy(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    if (cmd->iov_size) {
+        memset(cmd->iov[0].iov_base, 0, cmd->iov_size);
+    }
+    return MFI_STAT_OK;
+}
+
+static const struct dcmd_cmd_tbl_t {
+    int opcode;
+    int (*func)(MPTState *s, struct megasas_cmd_t *cmd);
+} dcmd_cmd_tbl[] = {
+    { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_GET_INFO, megasas_ctrl_get_info },
+    { MFI_DCMD_CTRL_GET_PROPERTIES, megasas_dcmd_get_properties },
+    { MFI_DCMD_CTRL_SET_PROPERTIES, megasas_dcmd_set_properties },
+    { MFI_DCMD_CTRL_ALARM_GET, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_ALARM_ENABLE, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_ALARM_DISABLE, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_ALARM_SILENCE, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_ALARM_TEST, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_EVENT_GETINFO, megasas_event_info },
+    { MFI_DCMD_CTRL_EVENT_GET, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_EVENT_WAIT, megasas_event_wait },
+    { MFI_DCMD_CTRL_SHUTDOWN, megasas_ctrl_shutdown },
+    { MFI_DCMD_HIBERNATE_STANDBY, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_GET_TIME, megasas_dcmd_get_fw_time },
+    { MFI_DCMD_CTRL_SET_TIME, megasas_dcmd_set_fw_time },
+    { MFI_DCMD_CTRL_BIOS_DATA_GET, megasas_dcmd_get_bios_info },
+    { MFI_DCMD_CTRL_FACTORY_DEFAULTS, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, megasas_mfc_get_defaults },
+    { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, megasas_dcmd_dummy },
+    { MFI_DCMD_CTRL_CACHE_FLUSH, megasas_cache_flush },
+    { MFI_DCMD_PD_GET_LIST, megasas_dcmd_pd_get_list },
+    { MFI_DCMD_PD_LIST_QUERY, megasas_dcmd_pd_list_query },
+    { MFI_DCMD_PD_GET_INFO, megasas_dcmd_pd_get_info },
+    { MFI_DCMD_PD_STATE_SET, megasas_dcmd_dummy },
+    { MFI_DCMD_PD_REBUILD, megasas_dcmd_dummy },
+    { MFI_DCMD_PD_BLINK, megasas_dcmd_dummy },
+    { MFI_DCMD_PD_UNBLINK, megasas_dcmd_dummy },
+    { MFI_DCMD_LD_GET_LIST, megasas_dcmd_ld_get_list},
+    { MFI_DCMD_LD_GET_INFO, megasas_dcmd_ld_get_info },
+    { MFI_DCMD_LD_GET_PROP, megasas_dcmd_dummy },
+    { MFI_DCMD_LD_SET_PROP, megasas_dcmd_dummy },
+    { MFI_DCMD_LD_DELETE, megasas_dcmd_dummy },
+    { MFI_DCMD_CFG_READ, megasas_dcmd_dummy },
+    { MFI_DCMD_CFG_ADD, megasas_dcmd_dummy },
+    { MFI_DCMD_CFG_CLEAR, megasas_dcmd_dummy },
+    { MFI_DCMD_CFG_FOREIGN_READ, megasas_dcmd_dummy },
+    { MFI_DCMD_CFG_FOREIGN_IMPORT, megasas_dcmd_dummy },
+    { MFI_DCMD_BBU_STATUS, megasas_dcmd_dummy },
+    { MFI_DCMD_BBU_CAPACITY_INFO, megasas_dcmd_dummy },
+    { MFI_DCMD_BBU_DESIGN_INFO, megasas_dcmd_dummy },
+    { MFI_DCMD_BBU_PROP_GET, megasas_dcmd_dummy },
+    { MFI_DCMD_CLUSTER, megasas_dcmd_dummy },
+    { MFI_DCMD_CLUSTER_RESET_ALL, megasas_dcmd_dummy },
+    { MFI_DCMD_CLUSTER_RESET_LD, megasas_cluster_reset_ld },
+    { -1, NULL }
+};
+
+static int megasas_handle_dcmd(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    int opcode, size = 0, len;
+    int retval = 0;
+    const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+
+    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+    len = megasas_map_dcmd(cmd);
+    if (len < 0) {
+        return MFI_STAT_MEMORY_NOT_AVAILABLE;
+    }
+    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+        cmdptr++;
+    }
+    if (cmdptr->opcode == -1) {
+        retval = megasas_dcmd_dummy(s, cmd);
+    } else {
+        retval = cmdptr->func(s, cmd);
+    }
+    if (retval != MFI_STAT_INVALID_STATUS) {
+        size = megasas_finish_dcmd(cmd);
+    }
+    return retval;
+}
+
+static int megasas_finish_internal_dcmd(struct megasas_cmd_t *cmd,
+                                        SCSIRequest *req)
+{
+    int opcode;
+    int retval = MFI_STAT_OK;
+    int lun = req->lun;
+
+    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+    scsi_req_unref(req);
+    switch (opcode) {
+    case MFI_DCMD_PD_GET_INFO:
+        retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
+        break;
+    case MFI_DCMD_LD_GET_INFO:
+        retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
+        break;
+    default:
+        retval = MFI_STAT_INVALID_DCMD;
+        break;
+    }
+    if (retval != MFI_STAT_INVALID_STATUS) {
+        megasas_finish_dcmd(cmd);
+    }
+    return retval;
+}
+
+static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd,
+                               int is_logical)
+{
+    uint8_t *cdb;
+    int len;
+    struct SCSIDevice *sdev = NULL;
+
+    cdb = cmd->frame->pass.cdb;
+
+    if (cmd->frame->header.target_id < s->fw_luns) {
+        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
+                                cmd->frame->header.lun_id);
+    }
+    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
+
+    if (!sdev || (megasas_is_jbod(s) && is_logical)) {
+        return MFI_STAT_DEVICE_NOT_FOUND;
+    }
+
+    if (cmd->frame->header.cdb_len > 16) {
+        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
+        cmd->frame->header.scsi_status = CHECK_CONDITION;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    if (megasas_map_sgl(cmd, &cmd->frame->pass.sgl)) {
+        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
+        cmd->frame->header.scsi_status = CHECK_CONDITION;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    cmd->req = scsi_req_new(sdev, cmd->index,
+                            cmd->frame->header.lun_id, cdb, cmd);
+    if (!cmd->req) {
+        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
+        cmd->frame->header.scsi_status = BUSY;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    len = scsi_req_enqueue(cmd->req);
+    if (len > 0) {
+        if (len < cmd->iov_size) {
+            cmd->iov_size = len;
+        }
+        scsi_req_continue(cmd->req);
+    } else if (len < 0) {
+        if (-len < cmd->iov_size) {
+            cmd->iov_size = -len;
+        }
+        scsi_req_continue(cmd->req);
+    }
+    return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint32_t lba_count, lba_start_hi, lba_start_lo;
+    uint64_t lba_start;
+    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
+    uint8_t cdb[16];
+    int len;
+    struct SCSIDevice *sdev = NULL;
+
+    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
+    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
+    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
+    lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
+
+    if (cmd->frame->header.target_id < s->fw_luns) {
+        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
+                                cmd->frame->header.lun_id);
+    }
+
+    if (!sdev) {
+        return MFI_STAT_DEVICE_NOT_FOUND;
+    }
+
+    if (cmd->frame->header.cdb_len > 16) {
+        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
+        cmd->frame->header.scsi_status = CHECK_CONDITION;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    cmd->iov_size = lba_count * sdev->blocksize;
+    if (megasas_map_sgl(cmd, &cmd->frame->io.sgl)) {
+        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
+        cmd->frame->header.scsi_status = CHECK_CONDITION;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    megasas_encode_lba(cdb, lba_start, lba_count, write);
+    cmd->req = scsi_req_new(sdev, cmd->index,
+                            cmd->frame->header.lun_id, cdb, cmd);
+    if (!cmd->req) {
+        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
+        cmd->frame->header.scsi_status = BUSY;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    len = scsi_req_enqueue(cmd->req);
+    if (len > 0) {
+        if (len < cmd->iov_size) {
+            cmd->iov_size = len;
+        }
+        scsi_req_continue(cmd->req);
+    } else if (len < 0) {
+        if (-len < cmd->iov_size) {
+            cmd->iov_size = -len;
+        }
+        scsi_req_continue(cmd->req);
+    }
+    return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
+                                           SCSIRequest *req)
+{
+    int retval = MFI_STAT_INVALID_CMD;
+
+    if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
+            retval = megasas_finish_internal_dcmd(cmd, req);
+    }
+    return retval;
+}
+
+static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
+{
+    struct megasas_cmd_t *cmd = req->hba_private;
+    uint32_t bytes_left;
+    uint8_t *buf;
+
+    if (len) {
+        int is_write = megasas_frame_is_write(cmd);
+        size_t bytes;
+
+        buf = scsi_req_get_buf(req);
+        if (is_write) {
+            bytes = iov_to_buf(cmd->iov, cmd->iov_cnt, buf,
+                               cmd->iov_offset, len);
+            if (bytes != len) {
+                len = bytes;
+            }
+            cmd->iov_offset += bytes;
+        } else {
+            bytes = iov_from_buf(cmd->iov, cmd->iov_cnt, buf,
+                                 cmd->iov_offset, len);
+            if (bytes != len) {
+                len = bytes;
+            }
+            cmd->iov_offset += bytes;
+        }
+    }
+    bytes_left = cmd->iov_size - cmd->iov_offset;
+    scsi_req_continue(req);
+}
+
+static void megasas_command_complete(SCSIRequest *req, uint32_t status)
+{
+    struct megasas_cmd_t *cmd = req->hba_private;
+    uint8_t cmd_status = MFI_STAT_OK;
+
+    if (cmd->req != req) {
+        /*
+         * Internal command complete
+         */
+        cmd_status = megasas_finish_internal_command(cmd, req);
+        if (cmd_status == MFI_STAT_INVALID_STATUS) {
+            return;
+        }
+    } else {
+        req->status = status;
+        if (req->status != GOOD) {
+            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
+        }
+        if (req->status == CHECK_CONDITION) {
+            megasas_copy_sense(cmd);
+        }
+
+        megasas_unmap_sgl(cmd);
+        cmd->frame->header.scsi_status = req->status;
+        scsi_req_unref(cmd->req);
+        cmd->req = NULL;
+    }
+    cmd->frame->header.cmd_status = cmd_status;
+    megasas_complete_frame(cmd->state, cmd->context);
+}
+
+static void megasas_command_cancel(SCSIRequest *req)
+{
+    struct megasas_cmd_t *cmd = req->hba_private;
+
+    if (cmd) {
+        megasas_abort_command(cmd);
+    } else {
+        scsi_req_unref(req);
+    }
+    return;
+}
+
+static int megasas_handle_abort(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
+    target_phys_addr_t abort_addr, addr_hi, addr_lo;
+    struct megasas_cmd_t *abort_cmd;
+
+    addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
+    addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
+    abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
+
+    abort_cmd = megasas_lookup_frame(s, abort_addr);
+    if (!abort_cmd) {
+        s->event_count++;
+        return MFI_STAT_OK;
+    }
+    if (!megasas_use_queue64(s)) {
+        abort_ctx &= (uint64_t)0xFFFFFFFF;
+    }
+    if (abort_cmd->context != abort_ctx) {
+        s->event_count++;
+        return MFI_STAT_ABORT_NOT_POSSIBLE;
+    }
+    megasas_abort_command(abort_cmd);
+    if (!s->event_cmd || abort_cmd != s->event_cmd) {
+        s->event_cmd = NULL;
+    }
+    s->event_count++;
+    return MFI_STAT_OK;
+}
+
+static void megasas_handle_frame(MPTState *s, uint64_t frame_addr,
+                                 uint32_t frame_count)
+{
+    uint8_t frame_cmd;
+    uint8_t frame_status = MFI_STAT_INVALID_CMD;
+    uint64_t frame_context;
+    struct megasas_cmd_t *cmd;
+
+    frame_cmd = megasas_frame_get_cmd(frame_addr);
+    if (megasas_use_queue64(s)) {
+        frame_context = megasas_frame_get_context(frame_addr);
+    } else {
+        frame_context = megasas_frame_get_context64(frame_addr);
+    }
+
+    cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
+    if (!cmd) {
+        /* reply queue full */
+        megasas_frame_set_scsi_status(frame_addr, BUSY);
+        megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
+        megasas_complete_frame(s, frame_context);
+        s->event_count++;
+        return;
+    }
+    switch (cmd->frame->header.frame_cmd) {
+    case MFI_CMD_INIT:
+        frame_status = megasas_init_firmware(s, cmd);
+        break;
+    case MFI_CMD_DCMD:
+        frame_status = megasas_handle_dcmd(s, cmd);
+        break;
+    case MFI_CMD_ABORT:
+        frame_status = megasas_handle_abort(s, cmd);
+        break;
+    case MFI_CMD_PD_SCSI_IO:
+        frame_status = megasas_handle_scsi(s, cmd, 0);
+        break;
+    case MFI_CMD_LD_SCSI_IO:
+        frame_status = megasas_handle_scsi(s, cmd, 1);
+        break;
+    case MFI_CMD_LD_READ:
+    case MFI_CMD_LD_WRITE:
+        frame_status = megasas_handle_io(s, cmd);
+        break;
+    default:
+        s->event_count++;
+        break;
+    }
+    if (frame_status != MFI_STAT_INVALID_STATUS) {
+        if (cmd->frame) {
+            cmd->frame->header.cmd_status = frame_status;
+        } else {
+            megasas_frame_set_cmd_status(frame_addr, frame_status);
+        }
+        megasas_complete_frame(s, cmd->context);
+    }
+}
+
+static uint64_t megasas_mmio_read(void *opaque, target_phys_addr_t addr,
+                                  unsigned size)
+{
+    MPTState *s = opaque;
+    uint32_t retval = 0;
+
+    switch (addr) {
+    case MFI_IDB:
+        retval = 0;
+        break;
+    case MFI_OMSG0:
+    case MFI_OSP0:
+        retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
+            (s->fw_state & MFI_FWSTATE_MASK) |
+            ((s->fw_sge & 0xff) << 16) |
+            (s->fw_cmds & 0xFFFF);
+        break;
+    case MFI_OSTS:
+        if (megasas_intr_enabled(s) && s->doorbell) {
+            retval = MFI_1078_RM | 1;
+        }
+        break;
+    case MFI_OMSK:
+        retval = s->intr_mask;
+        break;
+    case MFI_ODCR0:
+        retval = s->doorbell;
+        break;
+    default:
+        break;
+    }
+    return retval;
+}
+
+static void megasas_mmio_write(void *opaque, target_phys_addr_t addr,
+                               uint64_t val, unsigned size)
+{
+    MPTState *s = opaque;
+    uint64_t frame_addr;
+    uint32_t frame_count;
+    int i;
+
+    switch (addr) {
+    case MFI_IDB:
+        if (val & MFI_FWINIT_ABORT) {
+            /* Abort all pending cmds */
+            for (i = 0; i < s->fw_cmds; i++) {
+                megasas_abort_command(&s->frames[i]);
+            }
+        }
+        if (val & MFI_FWINIT_READY) {
+            /* move to FW READY */
+            megasas_soft_reset(s);
+        }
+        if (val & MFI_FWINIT_MFIMODE) {
+            /* discard MFIs */
+        }
+        break;
+    case MFI_OMSK:
+        s->intr_mask = val;
+        if (!megasas_intr_enabled(s) && !msix_enabled(&s->dev)) {
+            qemu_irq_lower(s->dev.irq[0]);
+        }
+        break;
+    case MFI_ODCR0:
+        s->doorbell = 0;
+        if (s->producer_pa && megasas_intr_enabled(s)) {
+            /* Update reply queue pointer */
+            stl_le_phys(s->producer_pa, s->reply_queue_index);
+            if (!msix_enabled(&s->dev)) {
+                qemu_irq_lower(s->dev.irq[0]);
+            }
+        }
+        break;
+    case MFI_IQPH:
+        /* Received high 32 bits of a 64 bit MFI frame address */
+        s->frame_hi = val;
+        break;
+    case MFI_IQPL:
+        /* Received low 32 bits of a 64 bit MFI frame address */
+    case MFI_IQP:
+        /* Received 32 bit MFI frame address */
+        frame_addr = (val & ~0x1F);
+        /* Add possible 64 bit offset */
+        frame_addr |= ((uint64_t)s->frame_hi << 32);
+        s->frame_hi = 0;
+        frame_count = (val >> 1) & 0xF;
+        megasas_handle_frame(s, frame_addr, frame_count);
+        break;
+    default:
+        break;
+    }
+}
+
+static const MemoryRegionOps megasas_mmio_ops = {
+    .read = megasas_mmio_read,
+    .write = megasas_mmio_write,
+    .endianness = DEVICE_LITTLE_ENDIAN,
+    .impl = {
+        .min_access_size = 4,
+        .max_access_size = 4,
+    }
+};
+
+static uint64_t megasas_port_read(void *opaque, target_phys_addr_t addr,
+                                  unsigned size)
+{
+    return megasas_mmio_read(opaque, addr & 0xff, size);
+}
+
+static void megasas_port_write(void *opaque, target_phys_addr_t addr,
+                               uint64_t val, unsigned size)
+{
+    megasas_mmio_write(opaque, addr & 0xff, val, size);
+}
+
+static const MemoryRegionOps megasas_port_ops = {
+    .read = megasas_port_read,
+    .write = megasas_port_write,
+    .endianness = DEVICE_LITTLE_ENDIAN,
+    .impl = {
+        .min_access_size = 4,
+        .max_access_size = 4,
+    }
+};
+
+static uint64_t megasas_queue_read(void *opaque, target_phys_addr_t addr,
+                                   unsigned size)
+{
+    return 0;
+}
+
+static void megasas_queue_write(void *opaque, target_phys_addr_t addr,
+                                uint64_t val, unsigned size)
+{
+}
+
+static const MemoryRegionOps megasas_queue_ops = {
+    .read = megasas_queue_read,
+    .write = megasas_queue_write,
+    .endianness = DEVICE_LITTLE_ENDIAN,
+    .impl = {
+        .min_access_size = 4,
+        .max_access_size = 4,
+    }
+};
+
+static void megasas_soft_reset(MPTState *s)
+{
+    int i;
+    struct megasas_cmd_t *cmd;
+
+    for (i = 0; i < s->fw_cmds; i++) {
+        cmd = &s->frames[i];
+        megasas_abort_command(cmd);
+    }
+    megasas_reset_frames(s);
+    s->reply_queue_len = s->fw_cmds;
+    s->reply_queue_pa = 0;
+    s->consumer_pa = 0;
+    s->producer_pa = 0;
+    s->fw_state = MFI_FWSTATE_READY;
+    s->doorbell = 0;
+    s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
+    s->frame_hi = 0;
+    s->flags &= ~MEGASAS_FLAG_USE_QUEUE64;
+    s->event_count++;
+    s->boot_event = s->event_count;
+}
+
+static void megasas_scsi_reset(DeviceState *dev)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev.qdev, dev);
+
+    megasas_soft_reset(s);
+}
+
+static const VMStateDescription vmstate_megasas = {
+    .name = "megasas",
+    .version_id = 0,
+    .minimum_version_id = 0,
+    .minimum_version_id_old = 0,
+    .fields      = (VMStateField[]) {
+        VMSTATE_PCI_DEVICE(dev, MPTState),
+
+        VMSTATE_INT32(fw_state, MPTState),
+        VMSTATE_INT32(intr_mask, MPTState),
+        VMSTATE_INT32(doorbell, MPTState),
+        VMSTATE_UINT64(reply_queue_pa, MPTState),
+        VMSTATE_UINT64(consumer_pa, MPTState),
+        VMSTATE_UINT64(producer_pa, MPTState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static int megasas_scsi_uninit(PCIDevice *d)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev, d);
+
+    memory_region_destroy(&s->mmio_io);
+    memory_region_destroy(&s->port_io);
+    memory_region_destroy(&s->queue_io);
+    return 0;
+}
+
+static const struct SCSIBusInfo megasas_scsi_info = {
+    .tcq = true,
+    .max_target = MFI_MAX_LD,
+    .max_lun = 255,
+
+    .transfer_data = megasas_xfer_complete,
+    .complete = megasas_command_complete,
+    .cancel = megasas_command_cancel,
+};
+
+static int megasas_scsi_init(PCIDevice *dev)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev, dev);
+    uint8_t *pci_conf;
+    int i;
+
+    pci_conf = s->dev.config;
+
+    /* PCI latency timer = 0 */
+    pci_conf[PCI_LATENCY_TIMER] = 0;
+    /* Interrupt pin 1 */
+    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
+
+    memory_region_init_io(&s->mmio_io, &megasas_mmio_ops, s, "megasas-mmio",
+                          0x40000);
+    memory_region_init_io(&s->port_io, &megasas_port_ops, s, "megasas-io", 256);
+    memory_region_init_io(&s->queue_io, &megasas_queue_ops, s, "megasas-queue",
+                          0x40000);
+
+    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
+    s->flags |= MEGASAS_FLAG_USE_MSIX;
+    memory_region_init(&s->msix_io, "megasas-msix", 4096);
+    if (megasas_use_msix(s) && !msix_init(&s->dev, 1, &s->msix_io, 1, 0)) {
+        pci_register_bar(&s->dev, 1, PCI_BASE_ADDRESS_SPACE_MEMORY,
+                         &s->msix_io);
+        msix_vector_use(&s->dev, 0);
+    } else {
+        s->flags &= ~MEGASAS_FLAG_USE_MSIX;
+    }
+
+    pci_register_bar((struct PCIDevice *)s, 2,
+                     PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
+    pci_register_bar((struct PCIDevice *)s, 3,
+                     PCI_BASE_ADDRESS_SPACE_MEMORY, &s->queue_io);
+
+    if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
+        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
+    } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
+        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
+    } else {
+        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
+    }
+    if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
+        s->fw_cmds = MEGASAS_MAX_FRAMES;
+    }
+    if (s->raid_mode_str) {
+        if (!strcmp(s->raid_mode_str, "jbod")) {
+            s->flags |= MEGASAS_FLAG_USE_JBOD;
+        } else {
+            s->flags &= ~MEGASAS_FLAG_USE_JBOD;
+            s->raid_mode_str = (char *)megasas_raid_modes[0];
+        }
+    } else {
+        s->raid_mode_str = (char *)megasas_raid_modes[0];
+    }
+    s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
+        MAX_SCSI_DEVS : MFI_MAX_LD;
+    s->producer_pa = 0;
+    s->consumer_pa = 0;
+    for (i = 0; i < s->fw_cmds; i++) {
+        s->frames[i].index = i;
+        s->frames[i].context = -1;
+        s->frames[i].pa = 0;
+        s->frames[i].state = s;
+    }
+
+    scsi_bus_new(&s->bus, &dev->qdev, &megasas_scsi_info);
+    scsi_bus_legacy_handle_cmdline(&s->bus);
+    return 0;
+}
+
+static PCIDeviceInfo megasas_info = {
+    .qdev.name  = "LSI MegaRAID SAS 1078",
+    .qdev.alias = "megasas",
+    .qdev.size  = sizeof(MPTState),
+    .qdev.reset = megasas_scsi_reset,
+    .qdev.vmsd  = &vmstate_megasas,
+    .init       = megasas_scsi_init,
+    .exit       = megasas_scsi_uninit,
+    .vendor_id  = PCI_VENDOR_ID_LSI_LOGIC,
+    .device_id  = PCI_DEVICE_ID_LSI_SAS1078,
+    .subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC,
+    .subsystem_id = 0x1013,
+    .class_id   = PCI_CLASS_STORAGE_RAID,
+    .qdev.props = (Property[]) {
+        DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
+                           MEGASAS_DEFAULT_SGE),
+        DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
+                           MEGASAS_DEFAULT_FRAMES),
+        DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
+        DEFINE_PROP_BIT("use_msi", MPTState, flags,
+                        MEGASAS_FLAG_USE_MSIX, true),
+        DEFINE_PROP_END_OF_LIST(),
+    },
+};
+
+static void megaraid1078_register_devices(void)
+{
+    pci_qdev_register(&megasas_info);
+}
+
+device_init(megaraid1078_register_devices);
diff --git a/hw/mfi.h b/hw/mfi.h
new file mode 100644
index 0000000..4790c7c
--- /dev/null
+++ b/hw/mfi.h
@@ -0,0 +1,1281 @@ 
+/*-
+ * Copyright (c) 2006 IronPort Systems
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*-
+ * Copyright (c) 2007 LSI Corp.
+ * Copyright (c) 2007 Rajesh Prabhakaran.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _MFI_H
+#define _MFI_H
+
+/*
+ * MegaRAID SAS MFI firmware definitions
+ *
+ * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a completely
+ * new firmware interface from the old AMI MegaRAID one, and there is no
+ * reason why this interface should be limited to just SAS.  In any case, LSI
+ * seems to also call this interface 'MFI', so that will be used here.
+ */
+
+/*
+ * Start with the register set.  All registers are 32 bits wide.
+ * The usual Intel IOP style setup.
+ */
+#define MFI_IMSG0 0x10    /* Inbound message 0 */
+#define MFI_IMSG1 0x14    /* Inbound message 1 */
+#define MFI_OMSG0 0x18    /* Outbound message 0 */
+#define MFI_OMSG1 0x1c    /* Outbound message 1 */
+#define MFI_IDB   0x20    /* Inbound doorbell */
+#define MFI_ISTS  0x24    /* Inbound interrupt status */
+#define MFI_IMSK  0x28    /* Inbound interrupt mask */
+#define MFI_ODB   0x2c    /* Outbound doorbell */
+#define MFI_OSTS  0x30    /* Outbound interrupt status */
+#define MFI_OMSK  0x34    /* Outbound interrupt mask */
+#define MFI_IQP   0x40    /* Inbound queue port */
+#define MFI_OQP   0x44    /* Outbound queue port */
+
+/*
+ * 1078 specific related register
+ */
+#define MFI_ODR0        0x9c            /* outbound doorbell register0 */
+#define MFI_ODCR0       0xa0            /* outbound doorbell clear register0  */
+#define MFI_OSP0        0xb0            /* outbound scratch pad0  */
+#define MFI_IQPL        0xc0            /* Inbound queue port (low bytes)  */
+#define MFI_IQPH        0xc4            /* Inbound queue port (high bytes)  */
+#define MFI_DIAG        0xf8            /* Host diag */
+#define MFI_SEQ         0xfc            /* Sequencer offset */
+#define MFI_1078_EIM    0x80000004      /* 1078 enable intrrupt mask  */
+#define MFI_RMI         0x2             /* reply message interrupt  */
+#define MFI_1078_RM     0x80000000      /* reply 1078 message interrupt  */
+#define MFI_ODC         0x4             /* outbound doorbell change interrupt */
+
+/*
+ * gen2 specific changes
+ */
+#define MFI_GEN2_EIM    0x00000005      /* gen2 enable interrupt mask */
+#define MFI_GEN2_RM     0x00000001      /* reply gen2 message interrupt */
+
+/*
+ * skinny specific changes
+ */
+#define MFI_SKINNY_IDB  0x00    /* Inbound doorbell is at 0x00 for skinny */
+#define MFI_SKINNY_RM   0x00000001      /* reply skinny message interrupt */
+
+/* Bits for MFI_OSTS */
+#define MFI_OSTS_INTR_VALID     0x00000002
+
+/*
+ * Firmware state values.  Found in OMSG0 during initialization.
+ */
+#define MFI_FWSTATE_MASK                0xf0000000
+#define MFI_FWSTATE_UNDEFINED           0x00000000
+#define MFI_FWSTATE_BB_INIT             0x10000000
+#define MFI_FWSTATE_FW_INIT             0x40000000
+#define MFI_FWSTATE_WAIT_HANDSHAKE      0x60000000
+#define MFI_FWSTATE_FW_INIT_2           0x70000000
+#define MFI_FWSTATE_DEVICE_SCAN         0x80000000
+#define MFI_FWSTATE_BOOT_MSG_PENDING    0x90000000
+#define MFI_FWSTATE_FLUSH_CACHE         0xa0000000
+#define MFI_FWSTATE_READY               0xb0000000
+#define MFI_FWSTATE_OPERATIONAL         0xc0000000
+#define MFI_FWSTATE_FAULT               0xf0000000
+#define MFI_FWSTATE_MAXSGL_MASK         0x00ff0000
+#define MFI_FWSTATE_MAXCMD_MASK         0x0000ffff
+#define MFI_FWSTATE_MSIX_SUPPORTED      0x04000000
+#define MFI_FWSTATE_HOSTMEMREQD_MASK    0x08000000
+
+/*
+ * Control bits to drive the card to ready state.  These go into the IDB
+ * register.
+ */
+#define MFI_FWINIT_ABORT        0x00000001 /* Abort all pending commands */
+#define MFI_FWINIT_READY        0x00000002 /* Move from operational to ready */
+#define MFI_FWINIT_MFIMODE      0x00000004 /* unknown */
+#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE */
+#define MFI_FWINIT_HOTPLUG      0x00000010
+#define MFI_FWINIT_STOP_ADP     0x00000020 /* Move to operational, stop */
+#define MFI_FWINIT_ADP_RESET    0x00000040 /* Reset ADP */
+
+/* MFI Commands */
+typedef enum {
+    MFI_CMD_INIT = 0x00,
+    MFI_CMD_LD_READ,
+    MFI_CMD_LD_WRITE,
+    MFI_CMD_LD_SCSI_IO,
+    MFI_CMD_PD_SCSI_IO,
+    MFI_CMD_DCMD,
+    MFI_CMD_ABORT,
+    MFI_CMD_SMP,
+    MFI_CMD_STP
+} mfi_cmd_t ;
+
+/* Direct commands */
+typedef enum {
+    MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =  0x0100e100,
+    MFI_DCMD_CTRL_GET_INFO =            0x01010000,
+    MFI_DCMD_CTRL_GET_PROPERTIES =      0x01020100,
+    MFI_DCMD_CTRL_SET_PROPERTIES =      0x01020200,
+    MFI_DCMD_CTRL_ALARM =               0x01030000,
+    MFI_DCMD_CTRL_ALARM_GET =           0x01030100,
+    MFI_DCMD_CTRL_ALARM_ENABLE =        0x01030200,
+    MFI_DCMD_CTRL_ALARM_DISABLE =       0x01030300,
+    MFI_DCMD_CTRL_ALARM_SILENCE =       0x01030400,
+    MFI_DCMD_CTRL_ALARM_TEST =          0x01030500,
+    MFI_DCMD_CTRL_EVENT_GETINFO =       0x01040100,
+    MFI_DCMD_CTRL_EVENT_CLEAR =         0x01040200,
+    MFI_DCMD_CTRL_EVENT_GET =           0x01040300,
+    MFI_DCMD_CTRL_EVENT_COUNT =         0x01040400,
+    MFI_DCMD_CTRL_EVENT_WAIT =          0x01040500,
+    MFI_DCMD_CTRL_SHUTDOWN =            0x01050000,
+    MFI_DCMD_HIBERNATE_STANDBY =        0x01060000,
+    MFI_DCMD_CTRL_GET_TIME =            0x01080101,
+    MFI_DCMD_CTRL_SET_TIME =            0x01080102,
+    MFI_DCMD_CTRL_BIOS_DATA_GET =       0x010c0100,
+    MFI_DCMD_CTRL_BIOS_DATA_SET =       0x010c0200,
+    MFI_DCMD_CTRL_FACTORY_DEFAULTS =    0x010d0000,
+    MFI_DCMD_CTRL_MFC_DEFAULTS_GET =    0x010e0201,
+    MFI_DCMD_CTRL_MFC_DEFAULTS_SET =    0x010e0202,
+    MFI_DCMD_CTRL_CACHE_FLUSH =         0x01101000,
+    MFI_DCMD_PD_GET_LIST =              0x02010000,
+    MFI_DCMD_PD_LIST_QUERY =            0x02010100,
+    MFI_DCMD_PD_GET_INFO =              0x02020000,
+    MFI_DCMD_PD_STATE_SET =             0x02030100,
+    MFI_DCMD_PD_REBUILD =               0x02040100,
+    MFI_DCMD_PD_BLINK =                 0x02070100,
+    MFI_DCMD_PD_UNBLINK =               0x02070200,
+    MFI_DCMD_LD_GET_LIST =              0x03010000,
+    MFI_DCMD_LD_GET_INFO =              0x03020000,
+    MFI_DCMD_LD_GET_PROP =              0x03030000,
+    MFI_DCMD_LD_SET_PROP =              0x03040000,
+    MFI_DCMD_LD_DELETE =                0x03090000,
+    MFI_DCMD_CFG_READ =                 0x04010000,
+    MFI_DCMD_CFG_ADD =                  0x04020000,
+    MFI_DCMD_CFG_CLEAR =                0x04030000,
+    MFI_DCMD_CFG_FOREIGN_READ =         0x04060100,
+    MFI_DCMD_CFG_FOREIGN_IMPORT =       0x04060400,
+    MFI_DCMD_BBU_STATUS =               0x05010000,
+    MFI_DCMD_BBU_CAPACITY_INFO =        0x05020000,
+    MFI_DCMD_BBU_DESIGN_INFO =          0x05030000,
+    MFI_DCMD_BBU_PROP_GET =             0x05050100,
+    MFI_DCMD_CLUSTER =                  0x08000000,
+    MFI_DCMD_CLUSTER_RESET_ALL =        0x08010100,
+    MFI_DCMD_CLUSTER_RESET_LD =         0x08010200
+} mfi_dcmd_t ;
+
+/* Modifiers for MFI_DCMD_CTRL_FLUSHCACHE */
+#define MFI_FLUSHCACHE_CTRL     0x01
+#define MFI_FLUSHCACHE_DISK     0x02
+
+/* Modifiers for MFI_DCMD_CTRL_SHUTDOWN */
+#define MFI_SHUTDOWN_SPINDOWN   0x01
+
+/*
+ * MFI Frame flags
+ */
+typedef enum {
+    MFI_FRAME_DONT_POST_IN_REPLY_QUEUE =        0x0001,
+    MFI_FRAME_SGL64 =                           0x0002,
+    MFI_FRAME_SENSE64 =                         0x0004,
+    MFI_FRAME_DIR_WRITE =                       0x0008,
+    MFI_FRAME_DIR_READ =                        0x0010,
+    MFI_FRAME_IEEE_SGL =                        0x0020,
+} mfi_frame_flags;
+
+/* MFI Status codes */
+typedef enum {
+    MFI_STAT_OK =                       0x00,
+    MFI_STAT_INVALID_CMD,
+    MFI_STAT_INVALID_DCMD,
+    MFI_STAT_INVALID_PARAMETER,
+    MFI_STAT_INVALID_SEQUENCE_NUMBER,
+    MFI_STAT_ABORT_NOT_POSSIBLE,
+    MFI_STAT_APP_HOST_CODE_NOT_FOUND,
+    MFI_STAT_APP_IN_USE,
+    MFI_STAT_APP_NOT_INITIALIZED,
+    MFI_STAT_ARRAY_INDEX_INVALID,
+    MFI_STAT_ARRAY_ROW_NOT_EMPTY,
+    MFI_STAT_CONFIG_RESOURCE_CONFLICT,
+    MFI_STAT_DEVICE_NOT_FOUND,
+    MFI_STAT_DRIVE_TOO_SMALL,
+    MFI_STAT_FLASH_ALLOC_FAIL,
+    MFI_STAT_FLASH_BUSY,
+    MFI_STAT_FLASH_ERROR =              0x10,
+    MFI_STAT_FLASH_IMAGE_BAD,
+    MFI_STAT_FLASH_IMAGE_INCOMPLETE,
+    MFI_STAT_FLASH_NOT_OPEN,
+    MFI_STAT_FLASH_NOT_STARTED,
+    MFI_STAT_FLUSH_FAILED,
+    MFI_STAT_HOST_CODE_NOT_FOUNT,
+    MFI_STAT_LD_CC_IN_PROGRESS,
+    MFI_STAT_LD_INIT_IN_PROGRESS,
+    MFI_STAT_LD_LBA_OUT_OF_RANGE,
+    MFI_STAT_LD_MAX_CONFIGURED,
+    MFI_STAT_LD_NOT_OPTIMAL,
+    MFI_STAT_LD_RBLD_IN_PROGRESS,
+    MFI_STAT_LD_RECON_IN_PROGRESS,
+    MFI_STAT_LD_WRONG_RAID_LEVEL,
+    MFI_STAT_MAX_SPARES_EXCEEDED,
+    MFI_STAT_MEMORY_NOT_AVAILABLE =     0x20,
+    MFI_STAT_MFC_HW_ERROR,
+    MFI_STAT_NO_HW_PRESENT,
+    MFI_STAT_NOT_FOUND,
+    MFI_STAT_NOT_IN_ENCL,
+    MFI_STAT_PD_CLEAR_IN_PROGRESS,
+    MFI_STAT_PD_TYPE_WRONG,
+    MFI_STAT_PR_DISABLED,
+    MFI_STAT_ROW_INDEX_INVALID,
+    MFI_STAT_SAS_CONFIG_INVALID_ACTION,
+    MFI_STAT_SAS_CONFIG_INVALID_DATA,
+    MFI_STAT_SAS_CONFIG_INVALID_PAGE,
+    MFI_STAT_SAS_CONFIG_INVALID_TYPE,
+    MFI_STAT_SCSI_DONE_WITH_ERROR,
+    MFI_STAT_SCSI_IO_FAILED,
+    MFI_STAT_SCSI_RESERVATION_CONFLICT,
+    MFI_STAT_SHUTDOWN_FAILED =          0x30,
+    MFI_STAT_TIME_NOT_SET,
+    MFI_STAT_WRONG_STATE,
+    MFI_STAT_LD_OFFLINE,
+    MFI_STAT_PEER_NOTIFICATION_REJECTED,
+    MFI_STAT_PEER_NOTIFICATION_FAILED,
+    MFI_STAT_RESERVATION_IN_PROGRESS,
+    MFI_STAT_I2C_ERRORS_DETECTED,
+    MFI_STAT_PCI_ERRORS_DETECTED,
+    MFI_STAT_DIAG_FAILED,
+    MFI_STAT_BOOT_MSG_PENDING,
+    MFI_STAT_FOREIGN_CONFIG_INCOMPLETE,
+    MFI_STAT_INVALID_SGL,
+    MFI_STAT_UNSUPPORTED_HW,
+    MFI_STAT_CC_SCHEDULE_DISABLED,
+    MFI_STAT_PD_COPYBACK_IN_PROGRESS,
+    MFI_STAT_MULTIPLE_PDS_IN_ARRAY =    0x40,
+    MFI_STAT_FW_DOWNLOAD_ERROR,
+    MFI_STAT_FEATURE_SECURITY_NOT_ENABLED,
+    MFI_STAT_LOCK_KEY_ALREADY_EXISTS,
+    MFI_STAT_LOCK_KEY_BACKUP_NOT_ALLOWED,
+    MFI_STAT_LOCK_KEY_VERIFY_NOT_ALLOWED,
+    MFI_STAT_LOCK_KEY_VERIFY_FAILED,
+    MFI_STAT_LOCK_KEY_REKEY_NOT_ALLOWED,
+    MFI_STAT_LOCK_KEY_INVALID,
+    MFI_STAT_LOCK_KEY_ESCROW_INVALID,
+    MFI_STAT_LOCK_KEY_BACKUP_REQUIRED,
+    MFI_STAT_SECURE_LD_EXISTS,
+    MFI_STAT_LD_SECURE_NOT_ALLOWED,
+    MFI_STAT_REPROVISION_NOT_ALLOWED,
+    MFI_STAT_PD_SECURITY_TYPE_WRONG,
+    MFI_STAT_LD_ENCRYPTION_TYPE_INVALID,
+    MFI_STAT_CONFIG_FDE_NON_FDE_MIX_NOT_ALLOWED = 0x50,
+    MFI_STAT_CONFIG_LD_ENCRYPTION_TYPE_MIX_NOT_ALLOWED,
+    MFI_STAT_SECRET_KEY_NOT_ALLOWED,
+    MFI_STAT_PD_HW_ERRORS_DETECTED,
+    MFI_STAT_LD_CACHE_PINNED,
+    MFI_STAT_POWER_STATE_SET_IN_PROGRESS,
+    MFI_STAT_POWER_STATE_SET_BUSY,
+    MFI_STAT_POWER_STATE_WRONG,
+    MFI_STAT_PR_NO_AVAILABLE_PD_FOUND,
+    MFI_STAT_CTRL_RESET_REQUIRED,
+    MFI_STAT_LOCK_KEY_EKM_NO_BOOT_AGENT,
+    MFI_STAT_SNAP_NO_SPACE,
+    MFI_STAT_SNAP_PARTIAL_FAILURE,
+    MFI_STAT_UPGRADE_KEY_INCOMPATIBLE,
+    MFI_STAT_PFK_INCOMPATIBLE,
+    MFI_STAT_PD_MAX_UNCONFIGURED,
+    MFI_STAT_IO_METRICS_DISABLED =      0x60,
+    MFI_STAT_AEC_NOT_STOPPED,
+    MFI_STAT_PI_TYPE_WRONG,
+    MFI_STAT_LD_PD_PI_INCOMPATIBLE,
+    MFI_STAT_PI_NOT_ENABLED,
+    MFI_STAT_LD_BLOCK_SIZE_MISMATCH,
+    MFI_STAT_INVALID_STATUS =           0xFF
+} mfi_status_t ;
+
+/* Event classes */
+typedef enum {
+    MFI_EVT_CLASS_DEBUG =      -2,
+    MFI_EVT_CLASS_PROGRESS =   -1,
+    MFI_EVT_CLASS_INFO =        0,
+    MFI_EVT_CLASS_WARNING =     1,
+    MFI_EVT_CLASS_CRITICAL =    2,
+    MFI_EVT_CLASS_FATAL =       3,
+    MFI_EVT_CLASS_DEAD =        4
+} mfi_evt_class_t ;
+
+/* Event locales */
+typedef enum {
+    MFI_EVT_LOCALE_LD =         0x0001,
+    MFI_EVT_LOCALE_PD =         0x0002,
+    MFI_EVT_LOCALE_ENCL =       0x0004,
+    MFI_EVT_LOCALE_BBU =        0x0008,
+    MFI_EVT_LOCALE_SAS =        0x0010,
+    MFI_EVT_LOCALE_CTRL =       0x0020,
+    MFI_EVT_LOCALE_CONFIG =     0x0040,
+    MFI_EVT_LOCALE_CLUSTER =    0x0080,
+    MFI_EVT_LOCALE_ALL =        0xffff
+} mfi_evt_locale_t;
+
+/* Event args */
+typedef enum {
+    MR_EVT_ARGS_NONE =          0x00,
+    MR_EVT_ARGS_CDB_SENSE,
+    MR_EVT_ARGS_LD,
+    MR_EVT_ARGS_LD_COUNT,
+    MR_EVT_ARGS_LD_LBA,
+    MR_EVT_ARGS_LD_OWNER,
+    MR_EVT_ARGS_LD_LBA_PD_LBA,
+    MR_EVT_ARGS_LD_PROG,
+    MR_EVT_ARGS_LD_STATE,
+    MR_EVT_ARGS_LD_STRIP,
+    MR_EVT_ARGS_PD,
+    MR_EVT_ARGS_PD_ERR,
+    MR_EVT_ARGS_PD_LBA,
+    MR_EVT_ARGS_PD_LBA_LD,
+    MR_EVT_ARGS_PD_PROG,
+    MR_EVT_ARGS_PD_STATE,
+    MR_EVT_ARGS_PCI,
+    MR_EVT_ARGS_RATE,
+    MR_EVT_ARGS_STR,
+    MR_EVT_ARGS_TIME,
+    MR_EVT_ARGS_ECC,
+    MR_EVT_ARGS_LD_PROP,
+    MR_EVT_ARGS_PD_SPARE,
+    MR_EVT_ARGS_PD_INDEX,
+    MR_EVT_ARGS_DIAG_PASS,
+    MR_EVT_ARGS_DIAG_FAIL,
+    MR_EVT_ARGS_PD_LBA_LBA,
+    MR_EVT_ARGS_PORT_PHY,
+    MR_EVT_ARGS_PD_MISSING,
+    MR_EVT_ARGS_PD_ADDRESS,
+    MR_EVT_ARGS_BITMAP,
+    MR_EVT_ARGS_CONNECTOR,
+    MR_EVT_ARGS_PD_PD,
+    MR_EVT_ARGS_PD_FRU,
+    MR_EVT_ARGS_PD_PATHINFO,
+    MR_EVT_ARGS_PD_POWER_STATE,
+    MR_EVT_ARGS_GENERIC,
+} mfi_evt_args;
+
+/* Event codes */
+#define MR_EVT_CFG_CLEARED                          0x0004
+#define MR_EVT_CTRL_SHUTDOWN                        0x002a
+#define MR_EVT_LD_STATE_CHANGE                      0x0051
+#define MR_EVT_PD_INSERTED                          0x005b
+#define MR_EVT_PD_REMOVED                           0x0070
+#define MR_EVT_PD_STATE_CHANGED                     0x0072
+#define MR_EVT_LD_CREATED                           0x008a
+#define MR_EVT_LD_DELETED                           0x008b
+#define MR_EVT_FOREIGN_CFG_IMPORTED                 0x00db
+#define MR_EVT_LD_OFFLINE                           0x00fc
+#define MR_EVT_CTRL_HOST_BUS_SCAN_REQUESTED         0x0152
+
+typedef enum {
+    MR_LD_CACHE_WRITE_BACK =            0x01,
+    MR_LD_CACHE_WRITE_ADAPTIVE =        0x02,
+    MR_LD_CACHE_READ_AHEAD =            0x04,
+    MR_LD_CACHE_READ_ADAPTIVE =         0x08,
+    MR_LD_CACHE_WRITE_CACHE_BAD_BBU =   0x10,
+    MR_LD_CACHE_ALLOW_WRITE_CACHE =     0x20,
+    MR_LD_CACHE_ALLOW_READ_CACHE =      0x40
+} mfi_ld_cache;
+
+typedef enum {
+    MR_PD_CACHE_UNCHANGED  =    0,
+    MR_PD_CACHE_ENABLE =        1,
+    MR_PD_CACHE_DISABLE =       2
+} mfi_pd_cache;
+
+typedef enum {
+    MR_PD_QUERY_TYPE_ALL =              0,
+    MR_PD_QUERY_TYPE_STATE =            1,
+    MR_PD_QUERY_TYPE_POWER_STATE =      2,
+    MR_PD_QUERY_TYPE_MEDIA_TYPE =       3,
+    MR_PD_QUERY_TYPE_SPEED =            4,
+    MR_PD_QUERY_TYPE_EXPOSED_TO_HOST =  5, /*query for system drives */
+} mfi_pd_query_type;
+
+/*
+ * Other propertities and definitions
+ */
+#define MFI_MAX_PD_CHANNELS     2
+#define MFI_MAX_LD_CHANNELS     2
+#define MFI_MAX_CHANNELS        (MFI_MAX_PD_CHANNELS + MFI_MAX_LD_CHANNELS)
+#define MFI_MAX_CHANNEL_DEVS  128
+#define MFI_DEFAULT_ID         -1
+#define MFI_MAX_LUN             8
+#define MFI_MAX_LD             64
+
+#define MFI_FRAME_SIZE         64
+#define MFI_MBOX_SIZE          12
+
+/* Firmware flashing can take 40s */
+#define MFI_POLL_TIMEOUT_SECS  50
+
+/* Allow for speedier math calculations */
+#define MFI_SECTOR_LEN        512
+
+/* Scatter Gather elements */
+struct mfi_sg32 {
+    uint32_t addr;
+    uint32_t len;
+} __attribute__ ((packed));
+
+struct mfi_sg64 {
+    uint64_t addr;
+    uint32_t len;
+} __attribute__ ((packed));
+
+struct mfi_sg_skinny {
+    uint64_t addr;
+    uint32_t len;
+    uint32_t flag;
+} __attribute__ ((packed));
+
+union mfi_sgl {
+    struct mfi_sg32 sg32[1];
+    struct mfi_sg64 sg64[1];
+    struct mfi_sg_skinny sg_skinny[1];
+} __attribute__ ((packed));
+
+/* Message frames.  All messages have a common header */
+struct mfi_frame_header {
+    uint8_t frame_cmd;
+    uint8_t sense_len;
+    uint8_t cmd_status;
+    uint8_t scsi_status;
+    uint8_t target_id;
+    uint8_t lun_id;
+    uint8_t cdb_len;
+    uint8_t sge_count;
+    uint64_t context;
+    uint16_t flags;
+    uint16_t timeout;
+    uint32_t data_len;
+} __attribute__ ((packed));
+
+struct mfi_init_frame {
+    struct mfi_frame_header header;
+    uint32_t qinfo_new_addr_lo;
+    uint32_t qinfo_new_addr_hi;
+    uint32_t qinfo_old_addr_lo;
+    uint32_t qinfo_old_addr_hi;
+    uint32_t reserved[6];
+} __attribute__ ((packed));
+
+#define MFI_IO_FRAME_SIZE 40
+struct mfi_io_frame {
+    struct mfi_frame_header header;
+    uint32_t sense_addr_lo;
+    uint32_t sense_addr_hi;
+    uint32_t lba_lo;
+    uint32_t lba_hi;
+    union mfi_sgl sgl;
+} __attribute__ ((packed));
+
+#define MFI_PASS_FRAME_SIZE 48
+struct mfi_pass_frame {
+    struct mfi_frame_header header;
+    uint32_t sense_addr_lo;
+    uint32_t sense_addr_hi;
+    uint8_t cdb[16];
+    union mfi_sgl sgl;
+} __attribute__ ((packed));
+
+#define MFI_DCMD_FRAME_SIZE 40
+struct mfi_dcmd_frame {
+    struct mfi_frame_header header;
+    uint32_t opcode;
+    uint8_t mbox[MFI_MBOX_SIZE];
+    union mfi_sgl sgl;
+} __attribute__ ((packed));
+
+struct mfi_abort_frame {
+    struct mfi_frame_header header;
+    uint64_t abort_context;
+    uint32_t abort_mfi_addr_lo;
+    uint32_t abort_mfi_addr_hi;
+    uint32_t reserved1[6];
+} __attribute__ ((packed));
+
+struct mfi_smp_frame {
+    struct mfi_frame_header header;
+    uint64_t sas_addr;
+    union {
+        struct mfi_sg32 sg32[2];
+        struct mfi_sg64 sg64[2];
+    } sgl;
+} __attribute__ ((packed));
+
+struct mfi_stp_frame {
+    struct mfi_frame_header header;
+    uint16_t fis[10];
+    uint32_t stp_flags;
+    union {
+        struct mfi_sg32 sg32[2];
+        struct mfi_sg64 sg64[2];
+    } sgl;
+} __attribute__ ((packed));
+
+union mfi_frame {
+    struct mfi_frame_header header;
+    struct mfi_init_frame init;
+    struct mfi_io_frame io;
+    struct mfi_pass_frame pass;
+    struct mfi_dcmd_frame dcmd;
+    struct mfi_abort_frame abort;
+    struct mfi_smp_frame smp;
+    struct mfi_stp_frame stp;
+    uint64_t raw[8];
+    uint8_t bytes[MFI_FRAME_SIZE];
+};
+
+#define MFI_SENSE_LEN 128
+struct mfi_sense {
+    uint8_t     data[MFI_SENSE_LEN];
+};
+
+#define MFI_QUEUE_FLAG_CONTEXT64 0x00000002
+
+/* The queue init structure that is passed with the init message */
+struct mfi_init_qinfo {
+    uint32_t flags;
+    uint32_t rq_entries;
+    uint32_t rq_addr_lo;
+    uint32_t rq_addr_hi;
+    uint32_t pi_addr_lo;
+    uint32_t pi_addr_hi;
+    uint32_t ci_addr_lo;
+    uint32_t ci_addr_hi;
+} __attribute__ ((packed));
+
+/* Controller properties */
+struct mfi_ctrl_props {
+    uint16_t seq_num;
+    uint16_t pred_fail_poll_interval;
+    uint16_t intr_throttle_cnt;
+    uint16_t intr_throttle_timeout;
+    uint8_t rebuild_rate;
+    uint8_t patrol_read_rate;
+    uint8_t bgi_rate;
+    uint8_t cc_rate;
+    uint8_t recon_rate;
+    uint8_t cache_flush_interval;
+    uint8_t spinup_drv_cnt;
+    uint8_t spinup_delay;
+    uint8_t cluster_enable;
+    uint8_t coercion_mode;
+    uint8_t alarm_enable;
+    uint8_t disable_auto_rebuild;
+    uint8_t disable_battery_warn;
+    uint8_t ecc_bucket_size;
+    uint16_t ecc_bucket_leak_rate;
+    uint8_t restore_hotspare_on_insertion;
+    uint8_t expose_encl_devices;
+    uint8_t maintainPdFailHistory;
+    uint8_t disallowHostRequestReordering;
+    uint8_t abortCCOnError;
+    uint8_t loadBalanceMode;
+    uint8_t disableAutoDetectBackplane;
+    uint8_t snapVDSpace;
+    struct {
+        /* set TRUE to disable copyBack (0=copyback enabled) */
+        uint32_t copyBackDisabled:1,
+            SMARTerEnabled:1,
+            prCorrectUnconfiguredAreas:1,
+            useFdeOnly:1,
+            disableNCQ:1,
+            SSDSMARTerEnabled:1,
+            SSDPatrolReadEnabled:1,
+            enableSpinDownUnconfigured:1,
+            autoEnhancedImport:1,
+            enableSecretKeyControl:1,
+            disableOnlineCtrlReset:1,
+            allowBootWithPinnedCache:1,
+            disableSpinDownHS:1,
+            enableJBOD:1,
+            reserved:18;
+    } OnOffProperties;
+    uint8_t autoSnapVDSpace; /* % of source LD to be
+                              * reserved for auto snapshot
+                              * in snapshot repository, for
+                              * metadata and user data
+                              * 1=5%, 2=10%, 3=15% and so on
+                              */
+    uint8_t viewSpace;       /* snapshot writeable VIEWs
+                              * capacity as a % of source LD
+                              * capacity. 0=READ only
+                              * 1=5%, 2=10%, 3=15% and so on
+                              */
+    uint16_t spinDownTime;    /* # of idle minutes before device
+                               * is spun down (0=use FW defaults)
+                               */
+    uint8_t reserved[24];
+} __attribute__ ((packed));
+
+/* PCI information about the card. */
+struct mfi_info_pci {
+    uint16_t vendor;
+    uint16_t device;
+    uint16_t subvendor;
+    uint16_t subdevice;
+    uint8_t reserved[24];
+} __attribute__ ((packed));
+
+/* Host (front end) interface information */
+struct mfi_info_host {
+    uint8_t type;
+#define MFI_INFO_HOST_PCIX      0x01
+#define MFI_INFO_HOST_PCIE      0x02
+#define MFI_INFO_HOST_ISCSI     0x04
+#define MFI_INFO_HOST_SAS3G     0x08
+    uint8_t reserved[6];
+    uint8_t port_count;
+    uint64_t port_addr[8];
+} __attribute__ ((packed));
+
+/* Device (back end) interface information */
+struct mfi_info_device {
+    uint8_t type;
+#define MFI_INFO_DEV_SPI        0x01
+#define MFI_INFO_DEV_SAS3G      0x02
+#define MFI_INFO_DEV_SATA1      0x04
+#define MFI_INFO_DEV_SATA3G     0x08
+    uint8_t reserved[6];
+    uint8_t port_count;
+    uint64_t port_addr[8];
+} __attribute__ ((packed));
+
+/* Firmware component information */
+struct mfi_info_component {
+    char name[8];
+    char version[32];
+    char build_date[16];
+    char build_time[16];
+} __attribute__ ((packed));
+
+/* Controller default settings */
+struct mfi_defaults {
+    uint64_t sas_addr;
+    uint8_t phy_polarity;
+    uint8_t background_rate;
+    uint8_t stripe_size;
+    uint8_t flush_time;
+    uint8_t write_back;
+    uint8_t read_ahead;
+    uint8_t cache_when_bbu_bad;
+    uint8_t cached_io;
+    uint8_t smart_mode;
+    uint8_t alarm_disable;
+    uint8_t coercion;
+    uint8_t zrc_config;
+    uint8_t dirty_led_shows_drive_activity;
+    uint8_t bios_continue_on_error;
+    uint8_t spindown_mode;
+    uint8_t allowed_device_types;
+    uint8_t allow_mix_in_enclosure;
+    uint8_t allow_mix_in_ld;
+    uint8_t allow_sata_in_cluster;
+    uint8_t max_chained_enclosures;
+    uint8_t disable_ctrl_r;
+    uint8_t enable_web_bios;
+    uint8_t phy_polarity_split;
+    uint8_t direct_pd_mapping;
+    uint8_t bios_enumerate_lds;
+    uint8_t restored_hot_spare_on_insertion;
+    uint8_t expose_enclosure_devices;
+    uint8_t maintain_pd_fail_history;
+    uint8_t disable_puncture;
+    uint8_t zero_based_enumeration;
+    uint8_t disable_preboot_cli;
+    uint8_t show_drive_led_on_activity;
+    uint8_t cluster_disable;
+    uint8_t sas_disable;
+    uint8_t auto_detect_backplane;
+    uint8_t fde_only;
+    uint8_t delay_during_post;
+    uint8_t resv[19];
+} __attribute__ ((packed));
+
+/* Controller default settings */
+struct mfi_bios_data {
+    uint16_t boot_target_id;
+    uint8_t do_not_int_13;
+    uint8_t continue_on_error;
+    uint8_t verbose;
+    uint8_t geometry;
+    uint8_t expose_all_drives;
+    uint8_t reserved[56];
+    uint8_t check_sum;
+} __attribute__ ((packed));
+
+/* SAS (?) controller info, returned from MFI_DCMD_CTRL_GETINFO. */
+struct mfi_ctrl_info {
+    struct mfi_info_pci pci;
+    struct mfi_info_host host;
+    struct mfi_info_device device;
+
+    /* Firmware components that are present and active. */
+    uint32_t image_check_word;
+    uint32_t image_component_count;
+    struct mfi_info_component image_component[8];
+
+    /* Firmware components that have been flashed but are inactive */
+    uint32_t pending_image_component_count;
+    struct mfi_info_component pending_image_component[8];
+
+    uint8_t max_arms;
+    uint8_t max_spans;
+    uint8_t max_arrays;
+    uint8_t max_lds;
+    char product_name[80];
+    char serial_number[32];
+    uint32_t hw_present;
+#define MFI_INFO_HW_BBU         0x01
+#define MFI_INFO_HW_ALARM       0x02
+#define MFI_INFO_HW_NVRAM       0x04
+#define MFI_INFO_HW_UART        0x08
+#define MFI_INFO_HW_MEM         0x10
+#define MFI_INFO_HW_FLASH       0x20
+    uint32_t current_fw_time;
+    uint16_t max_cmds;
+    uint16_t max_sg_elements;
+    uint32_t max_request_size;
+    uint16_t lds_present;
+    uint16_t lds_degraded;
+    uint16_t lds_offline;
+    uint16_t pd_present;
+    uint16_t pd_disks_present;
+    uint16_t pd_disks_pred_failure;
+    uint16_t pd_disks_failed;
+    uint16_t nvram_size;
+    uint16_t memory_size;
+    uint16_t flash_size;
+    uint16_t ram_correctable_errors;
+    uint16_t ram_uncorrectable_errors;
+    uint8_t cluster_allowed;
+    uint8_t cluster_active;
+    uint16_t max_strips_per_io;
+
+    uint32_t raid_levels;
+#define MFI_INFO_RAID_0         0x01
+#define MFI_INFO_RAID_1         0x02
+#define MFI_INFO_RAID_5         0x04
+#define MFI_INFO_RAID_1E        0x08
+#define MFI_INFO_RAID_6         0x10
+
+    uint32_t adapter_ops;
+#define MFI_INFO_AOPS_RBLD_RATE         0x0001
+#define MFI_INFO_AOPS_CC_RATE           0x0002
+#define MFI_INFO_AOPS_BGI_RATE          0x0004
+#define MFI_INFO_AOPS_RECON_RATE        0x0008
+#define MFI_INFO_AOPS_PATROL_RATE       0x0010
+#define MFI_INFO_AOPS_ALARM_CONTROL     0x0020
+#define MFI_INFO_AOPS_CLUSTER_SUPPORTED 0x0040
+#define MFI_INFO_AOPS_BBU               0x0080
+#define MFI_INFO_AOPS_SPANNING_ALLOWED  0x0100
+#define MFI_INFO_AOPS_DEDICATED_SPARES  0x0200
+#define MFI_INFO_AOPS_REVERTIBLE_SPARES 0x0400
+#define MFI_INFO_AOPS_FOREIGN_IMPORT    0x0800
+#define MFI_INFO_AOPS_SELF_DIAGNOSTIC   0x1000
+#define MFI_INFO_AOPS_MIXED_ARRAY       0x2000
+#define MFI_INFO_AOPS_GLOBAL_SPARES     0x4000
+
+    uint32_t ld_ops;
+#define MFI_INFO_LDOPS_READ_POLICY      0x01
+#define MFI_INFO_LDOPS_WRITE_POLICY     0x02
+#define MFI_INFO_LDOPS_IO_POLICY        0x04
+#define MFI_INFO_LDOPS_ACCESS_POLICY    0x08
+#define MFI_INFO_LDOPS_DISK_CACHE_POLICY 0x10
+
+    struct {
+        uint8_t min;
+        uint8_t max;
+        uint8_t reserved[2];
+    } __attribute__ ((packed)) stripe_sz_ops;
+
+    uint32_t pd_ops;
+#define MFI_INFO_PDOPS_FORCE_ONLINE     0x01
+#define MFI_INFO_PDOPS_FORCE_OFFLINE    0x02
+#define MFI_INFO_PDOPS_FORCE_REBUILD    0x04
+
+    uint32_t pd_mix_support;
+#define MFI_INFO_PDMIX_SAS              0x01
+#define MFI_INFO_PDMIX_SATA             0x02
+#define MFI_INFO_PDMIX_ENCL             0x04
+#define MFI_INFO_PDMIX_LD               0x08
+#define MFI_INFO_PDMIX_SATA_CLUSTER     0x10
+
+    uint8_t ecc_bucket_count;
+    uint8_t reserved2[11];
+    struct mfi_ctrl_props properties;
+    char package_version[0x60];
+    uint8_t pad[0x800 - 0x6a0];
+} __attribute__ ((packed));
+
+/* keep track of an event. */
+union mfi_evt {
+    struct {
+        uint16_t locale;
+        uint8_t reserved;
+        int8_t class;
+    } members;
+    uint32_t word;
+} __attribute__ ((packed));
+
+/* event log state. */
+struct mfi_evt_log_state {
+    uint32_t newest_seq_num;
+    uint32_t oldest_seq_num;
+    uint32_t clear_seq_num;
+    uint32_t shutdown_seq_num;
+    uint32_t boot_seq_num;
+} __attribute__ ((packed));
+
+struct mfi_progress {
+    uint16_t progress;
+    uint16_t elapsed_seconds;
+} __attribute__ ((packed));
+
+struct mfi_evt_ld {
+    uint16_t target_id;
+    uint8_t ld_index;
+    uint8_t reserved;
+} __attribute__ ((packed));
+
+struct mfi_evt_pd {
+    uint16_t device_id;
+    uint8_t enclosure_index;
+    uint8_t slot_number;
+} __attribute__ ((packed));
+
+/* event detail, returned from MFI_DCMD_CTRL_EVENT_WAIT. */
+struct mfi_evt_detail {
+    uint32_t seq;
+    uint32_t time;
+    uint32_t code;
+    union mfi_evt class;
+    uint8_t arg_type;
+    uint8_t reserved1[15];
+
+    union {
+        struct {
+            struct mfi_evt_pd pd;
+            uint8_t cdb_len;
+            uint8_t sense_len;
+            uint8_t reserved[2];
+            uint8_t cdb[16];
+            uint8_t sense[64];
+        } cdb_sense;
+
+        struct mfi_evt_ld ld;
+
+        struct {
+            struct mfi_evt_ld ld;
+            uint64_t count;
+        } ld_count;
+
+        struct {
+            uint64_t lba;
+            struct mfi_evt_ld ld;
+        } ld_lba;
+
+        struct {
+            struct mfi_evt_ld ld;
+            uint32_t pre_owner;
+            uint32_t new_owner;
+        } ld_owner;
+
+        struct {
+            uint64_t ld_lba;
+            uint64_t pd_lba;
+            struct mfi_evt_ld ld;
+            struct mfi_evt_pd pd;
+        } ld_lba_pd_lba;
+
+        struct {
+            struct mfi_evt_ld ld;
+            struct mfi_progress prog;
+        } ld_prog;
+
+        struct {
+            struct mfi_evt_ld ld;
+            uint32_t prev_state;
+            uint32_t new_state;
+        } ld_state;
+
+        struct {
+            uint64_t strip;
+            struct mfi_evt_ld ld;
+        } ld_strip;
+
+        struct mfi_evt_pd pd;
+
+        struct {
+            struct mfi_evt_pd pd;
+            uint32_t err;
+        } pd_err;
+
+        struct {
+            uint64_t lba;
+            struct mfi_evt_pd pd;
+        } pd_lba;
+
+        struct {
+            uint64_t lba;
+            struct mfi_evt_pd pd;
+            struct mfi_evt_ld ld;
+        } pd_lba_ld;
+
+        struct {
+            struct mfi_evt_pd pd;
+            struct mfi_progress prog;
+        } pd_prog;
+
+        struct {
+            struct mfi_evt_pd ld;
+            uint32_t prev_state;
+            uint32_t new_state;
+        } pd_state;
+
+        struct {
+            uint16_t venderId;
+            uint16_t deviceId;
+            uint16_t subVenderId;
+            uint16_t subDeviceId;
+        } pci;
+
+        uint32_t rate;
+
+        char str[96];
+
+        struct {
+            uint32_t rtc;
+            uint16_t elapsedSeconds;
+        } time;
+
+        struct {
+            uint32_t ecar;
+            uint32_t elog;
+            char str[64];
+        } ecc;
+
+        uint8_t b[96];
+        uint16_t s[48];
+        uint32_t w[24];
+        uint64_t d[12];
+    } args;
+
+    char description[128];
+} __attribute__ ((packed));
+
+struct mfi_evt_list {
+    uint32_t count;
+    uint32_t reserved;
+    struct mfi_evt_detail event[1];
+} __attribute__ ((packed));
+
+union mfi_pd_ref {
+    struct {
+        uint16_t device_id;
+        uint16_t seq_num;
+    } v;
+    uint32_t ref;
+} __attribute__ ((packed));
+
+union mfi_pd_ddf_type {
+    struct {
+        union {
+            struct {
+                uint16_t forced_pd_guid:1,
+                    in_vd:1,
+                    is_global_spare:1,
+                    is_spare:1,
+                    is_foreign:1,
+                    reserved:7,
+                    intf:4;
+            } pd_type;
+            uint16_t type;
+        } v;
+        uint16_t reserved;
+    } ddf;
+    struct {
+        uint32_t reserved;
+    } non_disk;
+    uint32_t type;
+} __attribute__ ((packed));
+
+struct mfi_pd_progress {
+    struct {
+        uint32_t rbld:1,
+            patrol:1 ,
+            clear:1,
+            reserved:29;
+    } active;
+    struct mfi_progress rbld;
+    struct mfi_progress patrol;
+    struct mfi_progress clear;
+    struct mfi_progress reserved[4];
+} __attribute__ ((packed));
+
+struct mfi_pd_info {
+    union mfi_pd_ref ref;
+    uint8_t inquiry_data[96];
+    uint8_t vpd_page83[64];
+    uint8_t not_supported;
+    uint8_t scsi_dev_type;
+    uint8_t connected_port_bitmap;
+    uint8_t device_speed;
+    uint32_t media_err_count;
+    uint32_t other_err_count;
+    uint32_t pred_fail_count;
+    uint32_t last_pred_fail_event_seq_num;
+    uint16_t fw_state;
+    uint8_t disable_for_removal;
+    uint8_t link_speed;
+    union mfi_pd_ddf_type state;
+    struct {
+        uint8_t count;
+        uint8_t is_path_broken;
+        uint8_t reserved[6];
+        uint64_t sas_addr[4];
+    } path_info;
+    uint64_t raw_size;
+    uint64_t non_coerced_size;
+    uint64_t coerced_size;
+    uint16_t encl_device_id;
+    uint8_t encl_index;
+    uint8_t slot_number;
+    struct mfi_pd_progress prog_info;
+    uint8_t bad_block_table_full;
+    uint8_t unusable_in_current_config;
+    uint8_t vpd_page83_ext[64];
+    uint8_t reserved[512-358];
+} __attribute__ ((packed));
+
+struct mfi_pd_address {
+    uint16_t device_id;
+    uint16_t encl_device_id;
+    uint8_t encl_index;
+    uint8_t slot_number;
+    uint8_t scsi_dev_type;
+    uint8_t connect_port_bitmap;
+    uint64_t sas_addr[2];
+} __attribute__ ((packed));
+
+#define MAX_SYS_PDS 240
+struct mfi_pd_list {
+    uint32_t size;
+    uint32_t count;
+    struct mfi_pd_address addr[MAX_SYS_PDS];
+} __attribute__ ((packed));
+
+union mfi_ld_ref {
+    struct {
+        uint8_t target_id;
+        uint8_t reserved;
+        uint16_t seq;
+    } v;
+    uint32_t ref;
+} __attribute__ ((packed));
+
+struct mfi_ld_list {
+    uint32_t ld_count;
+    uint32_t reserved1;
+    struct {
+        union mfi_ld_ref ld;
+        uint8_t state;
+        uint8_t reserved2[3];
+        uint64_t size;
+    } ld_list[MFI_MAX_LD];
+} __attribute__ ((packed));
+
+enum mfi_ld_access {
+    MFI_LD_ACCESS_RW =          0,
+    MFI_LD_ACCSSS_RO =          2,
+    MFI_LD_ACCESS_BLOCKED =     3,
+};
+#define MFI_LD_ACCESS_MASK      3
+
+enum mfi_ld_state {
+    MFI_LD_STATE_OFFLINE =              0,
+    MFI_LD_STATE_PARTIALLY_DEGRADED =   1,
+    MFI_LD_STATE_DEGRADED =             2,
+    MFI_LD_STATE_OPTIMAL =              3
+};
+
+enum mfi_syspd_state {
+    MFI_PD_STATE_UNCONFIGURED_GOOD =    0x00,
+    MFI_PD_STATE_UNCONFIGURED_BAD =     0x01,
+    MFI_PD_STATE_HOT_SPARE =            0x02,
+    MFI_PD_STATE_OFFLINE =              0x10,
+    MFI_PD_STATE_FAILED =               0x11,
+    MFI_PD_STATE_REBUILD =              0x14,
+    MFI_PD_STATE_ONLINE =               0x18,
+    MFI_PD_STATE_COPYBACK =             0x20,
+    MFI_PD_STATE_SYSTEM =               0x40
+};
+
+struct mfi_ld_props {
+    union mfi_ld_ref ld;
+    char name[16];
+    uint8_t default_cache_policy;
+    uint8_t access_policy;
+    uint8_t disk_cache_policy;
+    uint8_t current_cache_policy;
+    uint8_t no_bgi;
+    uint8_t reserved[7];
+} __attribute__ ((packed));
+
+struct mfi_ld_params {
+    uint8_t primary_raid_level;
+    uint8_t raid_level_qualifier;
+    uint8_t secondary_raid_level;
+    uint8_t stripe_size;
+    uint8_t num_drives;
+    uint8_t span_depth;
+    uint8_t state;
+    uint8_t init_state;
+    uint8_t is_consistent;
+    uint8_t reserved[23];
+} __attribute__ ((packed));
+
+struct mfi_ld_progress {
+    uint32_t            active;
+#define MFI_LD_PROGRESS_CC      (1<<0)
+#define MFI_LD_PROGRESS_BGI     (1<<1)
+#define MFI_LD_PROGRESS_FGI     (1<<2)
+#define MFI_LD_PORGRESS_RECON   (1<<3)
+    struct mfi_progress cc;
+    struct mfi_progress bgi;
+    struct mfi_progress fgi;
+    struct mfi_progress recon;
+    struct mfi_progress reserved[4];
+} __attribute__ ((packed));
+
+struct mfi_span {
+    uint64_t start_block;
+    uint64_t num_blocks;
+    uint16_t array_ref;
+    uint8_t reserved[6];
+} __attribute__ ((packed));
+
+#define MFI_MAX_SPAN_DEPTH      8
+struct mfi_ld_config {
+    struct mfi_ld_props properties;
+    struct mfi_ld_params params;
+    struct mfi_span span[MFI_MAX_SPAN_DEPTH];
+} __attribute__ ((packed));
+
+struct mfi_ld_info {
+    struct mfi_ld_config ld_config;
+    uint64_t size;
+    struct mfi_ld_progress progress;
+    uint16_t cluster_owner;
+    uint8_t reconstruct_active;
+    uint8_t reserved1[1];
+    uint8_t vpd_page83[64];
+    uint8_t reserved2[16];
+} __attribute__ ((packed));
+
+union mfi_spare_type {
+    struct {
+        uint8_t is_dedicate:1,
+            is_revertable:1,
+            is_encl_affinity:1,
+            reserved:5;
+    } v;
+    uint8_t type;
+} __attribute__ ((packed));
+
+#define MAX_ARRAYS 16
+struct mfi_spare {
+    union mfi_pd_ref ref;
+    union mfi_spare_type spare_type;
+    uint8_t reserved[2];
+    uint8_t array_count;
+    uint16_t array_refd[MAX_ARRAYS];
+} __attribute__ ((packed));
+
+#define MAX_ROW_SIZE 32
+struct mfi_array {
+    uint64_t size;
+    uint8_t num_drives;
+    uint8_t reserved;
+    uint16_t array_ref;
+    uint8_t pad[20];
+    struct {
+        union mfi_pd_ref ref;
+        uint16_t fw_state;
+        struct {
+            uint8_t pd;
+            uint8_t slot;
+        } encl;
+    } pd[MAX_ROW_SIZE];
+} __attribute__ ((packed));
+
+struct mfi_config_data {
+    uint32_t size;
+    uint16_t array_count;
+    uint16_t array_size;
+    uint16_t log_drv_count;
+    uint16_t log_drv_size;
+    uint16_t spares_count;
+    uint16_t spares_size;
+    uint8_t reserved[16];
+    uint8_t data;
+    /*
+      struct mfi_array  array[];
+      struct mfi_ld_config ld[];
+      struct mfi_spare  spare[];
+    */
+} __attribute__ ((packed));
+
+#define MFI_SCSI_MAX_t ARGETS  128
+#define MFI_SCSI_MAX_LUNS       8
+#define MFI_SCSI_INITIATOR_ID 255
+#define MFI_SCSI_MAX_CMDS       8
+#define MFI_SCSI_MAX_CDB_LEN   16
+
+#endif /* _MFI_H */
diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index 83f3893..73fb46a 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -12,9 +12,9 @@ 
 
 #define PCI_BASE_CLASS_STORAGE           0x01
 #define PCI_BASE_CLASS_NETWORK           0x02
-
 #define PCI_CLASS_STORAGE_SCSI           0x0100
 #define PCI_CLASS_STORAGE_IDE            0x0101
+#define PCI_CLASS_STORAGE_RAID           0x0104
 #define PCI_CLASS_STORAGE_SATA           0x0106
 #define PCI_CLASS_STORAGE_OTHER          0x0180
 
@@ -47,6 +47,7 @@ 
 
 #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
 #define PCI_DEVICE_ID_LSI_53C895A        0x0012
+#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
 
 #define PCI_VENDOR_ID_DEC                0x1011
 #define PCI_DEVICE_ID_DEC_21154          0x0026