Patchwork [v14] megasas: LSI Megaraid SAS HBA emulation

login
register
mail settings
Submitter Hannes Reinecke
Date Feb. 21, 2012, 9:36 a.m.
Message ID <1329817003-31125-1-git-send-email-hare@suse.de>
Download mbox | patch
Permalink /patch/142271/
State New
Headers show

Comments

Hannes Reinecke - Feb. 21, 2012, 9:36 a.m.
This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
I've tested it to work with Linux, Windows Vista, and Windows7.
MSI-X support is currently broken; have to investigate.

Changes since v13:
- Remove separate MSI-X BAR
- Simplify BAR allocation

Changes since v12:
- Fixup flag setting via properties
- Fixup MSI-X handling
- Disable MSI-X per default

Changes since v11:
- Remove unneeded variables

Changes since v10:
- Port to new device type API
- Include suggestion from Alex Graf:
- Remove 'inline' function declaration
- Queue setup and interrupt enablement needs to be treated
  independently
- Always read in 64 bit context and just mask out the top
  bits if required

Changes since v9:
- Split off trace events into a separate patch
- Do not check for max_luns in PD Info
- Update trace events
- Clarify license statement
- Fixup coding style issues

Changes since v8:
- Remove 'disable' keyword from trace definitions
- Convert hand-crafted debugging statements with trace
  definitions
- Treat 'context' tag as little endian

Changes since v7:
- Port to new memory API
- Port to new PCI infrastructure
- Use fixed buffers for sense processing
- Update to updated SCSI infrastructure

Changes since v6:
- Preliminary patches pushed to Kevins block tree
- Implement 64bit contexts, required for Windows7
- Use iovecs for DCMD processing
- Add MSI-X support
  Latest Linux driver now happily uses MSI-X.
- Static iovec allocation
  We have a fixed upper number of iovecs, so we can
  save us the allocation. Suggested by Alex Graf.
- Update MFI header
  Latest Linux driver has some more definitions,
  add them
- Fixup AEN handling
- Update tracing details
- Remove sdev pointer from megasas_cmd_t

Changes since v5:
- megasas: Use tracing infrastructure instead of DPRINTF
- megasas: Use new PCI infrastructure
- megasas: Check for iovec mapping failure
  cpu_map_physical_memory() might fail, so we need to check for
  it when mapping iovecs.
- megasas: Trace scsi buffer overflow
  The transfer length as specified in the SCSI command might
  disagree with the length of the iovec. We should be tracing
  these issues.
- megasas: Reset frames after init firmware
  When receiving an INIT FIRMWARE command we need reset all
  frames, otherwise some frames might point to invalid memory.

Chances since v4:
- megasas: checkpatch.pl fixes and update to work with the
  changed interface in scsi_req_new(). Also included the
  suggested fixes from Alex.

Signed-off-by: Hannes Reinecke <hare@suse.de>
Cc: Alexander Graf <agraf@suse.de>
Cc: Andreas Faerber <afaerber@suse.de>
Cc: Gerhard Wiesinger <lists@wiesinger.com>
---
 Makefile.objs           |    1 +
 default-configs/pci.mak |    1 +
 hw/megasas.c            | 1865 +++++++++++++++++++++++++++++++++++++++++++++++
 hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
 hw/pci_ids.h            |    3 +-
 5 files changed, 3150 insertions(+), 1 deletions(-)
 create mode 100644 hw/megasas.c
 create mode 100644 hw/mfi.h
Gerhard Wiesinger - Feb. 21, 2012, 6:54 p.m.
Hello Hannes,

Can confirm that all issues are fixed now and v14 is ready for commit :-)

Thank you for your support.

Ciao,
Gerhard

--
http://www.wiesinger.com/

On Tue, 21 Feb 2012, Hannes Reinecke wrote:

> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
> I've tested it to work with Linux, Windows Vista, and Windows7.
> MSI-X support is currently broken; have to investigate.
>
> Changes since v13:
> - Remove separate MSI-X BAR
> - Simplify BAR allocation
>
> Changes since v12:
> - Fixup flag setting via properties
> - Fixup MSI-X handling
> - Disable MSI-X per default
>
> Changes since v11:
> - Remove unneeded variables
>
> Changes since v10:
> - Port to new device type API
> - Include suggestion from Alex Graf:
> - Remove 'inline' function declaration
> - Queue setup and interrupt enablement needs to be treated
>  independently
> - Always read in 64 bit context and just mask out the top
>  bits if required
>
> Changes since v9:
> - Split off trace events into a separate patch
> - Do not check for max_luns in PD Info
> - Update trace events
> - Clarify license statement
> - Fixup coding style issues
>
> Changes since v8:
> - Remove 'disable' keyword from trace definitions
> - Convert hand-crafted debugging statements with trace
>  definitions
> - Treat 'context' tag as little endian
>
> Changes since v7:
> - Port to new memory API
> - Port to new PCI infrastructure
> - Use fixed buffers for sense processing
> - Update to updated SCSI infrastructure
>
> Changes since v6:
> - Preliminary patches pushed to Kevins block tree
> - Implement 64bit contexts, required for Windows7
> - Use iovecs for DCMD processing
> - Add MSI-X support
>  Latest Linux driver now happily uses MSI-X.
> - Static iovec allocation
>  We have a fixed upper number of iovecs, so we can
>  save us the allocation. Suggested by Alex Graf.
> - Update MFI header
>  Latest Linux driver has some more definitions,
>  add them
> - Fixup AEN handling
> - Update tracing details
> - Remove sdev pointer from megasas_cmd_t
>
> Changes since v5:
> - megasas: Use tracing infrastructure instead of DPRINTF
> - megasas: Use new PCI infrastructure
> - megasas: Check for iovec mapping failure
>  cpu_map_physical_memory() might fail, so we need to check for
>  it when mapping iovecs.
> - megasas: Trace scsi buffer overflow
>  The transfer length as specified in the SCSI command might
>  disagree with the length of the iovec. We should be tracing
>  these issues.
> - megasas: Reset frames after init firmware
>  When receiving an INIT FIRMWARE command we need reset all
>  frames, otherwise some frames might point to invalid memory.
>
> Chances since v4:
> - megasas: checkpatch.pl fixes and update to work with the
>  changed interface in scsi_req_new(). Also included the
>  suggested fixes from Alex.
>
> Signed-off-by: Hannes Reinecke <hare@suse.de>
> Cc: Alexander Graf <agraf@suse.de>
> Cc: Andreas Faerber <afaerber@suse.de>
> Cc: Gerhard Wiesinger <lists@wiesinger.com>
> ---
> Makefile.objs           |    1 +
> default-configs/pci.mak |    1 +
> hw/megasas.c            | 1865 +++++++++++++++++++++++++++++++++++++++++++++++
> hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
> hw/pci_ids.h            |    3 +-
> 5 files changed, 3150 insertions(+), 1 deletions(-)
> create mode 100644 hw/megasas.c
> create mode 100644 hw/mfi.h
>
> diff --git a/Makefile.objs b/Makefile.objs
> index 391e524..5841998 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -283,6 +283,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
>
> # SCSI layer
> hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
> +hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
> hw-obj-$(CONFIG_ESP) += esp.o
>
> hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
> index 9d3e1db..4b49c00 100644
> --- a/default-configs/pci.mak
> +++ b/default-configs/pci.mak
> @@ -10,6 +10,7 @@ CONFIG_EEPRO100_PCI=y
> CONFIG_PCNET_PCI=y
> CONFIG_PCNET_COMMON=y
> CONFIG_LSI_SCSI_PCI=y
> +CONFIG_MEGASAS_SCSI_PCI=y
> CONFIG_RTL8139_PCI=y
> CONFIG_E1000_PCI=y
> CONFIG_IDE_CORE=y
> diff --git a/hw/megasas.c b/hw/megasas.c
> new file mode 100644
> index 0000000..083c3d3
> --- /dev/null
> +++ b/hw/megasas.c
> @@ -0,0 +1,1865 @@
> +/*
> + * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
> + *
> + * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "hw.h"
> +#include "pci.h"
> +#include "dma.h"
> +#include "msix.h"
> +#include "iov.h"
> +#include "scsi.h"
> +#include "scsi-defs.h"
> +#include "block_int.h"
> +
> +#include "mfi.h"
> +
> +/* Static definitions */
> +#define MEGASAS_VERSION "1.60"
> +#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
> +#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
> +#define MEGASAS_MAX_SGE 128             /* Firmware limit */
> +#define MEGASAS_DEFAULT_SGE 80
> +#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
> +#define MEGASAS_MAX_ARRAYS 128
> +
> +#define MEGASAS_FLAG_USE_JBOD      0
> +#define MEGASAS_MASK_USE_JBOD      (1 << MEGASAS_FLAG_USE_JBOD)
> +#define MEGASAS_FLAG_USE_MSIX      1
> +#define MEGASAS_MASK_USE_MSIX      (1 << MEGASAS_FLAG_USE_MSIX)
> +#define MEGASAS_FLAG_USE_QUEUE64   2
> +#define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
> +
> +const char *megasas_raid_modes[] = {
> +    "raid", "jbod"
> +};
> +
> +const char *mfi_frame_desc[] = {
> +    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
> +    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
> +
> +struct megasas_cmd_t {
> +    uint32_t index;
> +    uint16_t flags;
> +    uint16_t count;
> +    uint64_t context;
> +
> +    target_phys_addr_t pa;
> +    target_phys_addr_t pa_size;
> +    union mfi_frame *frame;
> +    SCSIRequest *req;
> +    struct iovec iov[MEGASAS_MAX_SGE];
> +    int iov_cnt;
> +    size_t iov_size;
> +    size_t iov_offset;
> +    struct megasas_state_t *state;
> +};
> +
> +typedef struct megasas_state_t {
> +    PCIDevice dev;
> +    MemoryRegion mmio_io;
> +    MemoryRegion port_io;
> +    MemoryRegion queue_io;
> +    uint32_t frame_hi;
> +
> +    int fw_state;
> +    uint32_t fw_sge;
> +    uint32_t fw_cmds;
> +    uint32_t flags;
> +    int fw_luns;
> +    int intr_mask;
> +    int doorbell;
> +    int busy;
> +    char *raid_mode_str;
> +
> +    struct megasas_cmd_t *event_cmd;
> +    int event_locale;
> +    int event_class;
> +    int event_count;
> +    int shutdown_event;
> +    int boot_event;
> +
> +    uint64_t reply_queue_pa;
> +    void *reply_queue;
> +    int reply_queue_len;
> +    int reply_queue_head;
> +    int reply_queue_tail;
> +    uint64_t consumer_pa;
> +    uint64_t producer_pa;
> +
> +    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
> +
> +    SCSIBus bus;
> +} MPTState;
> +
> +#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
> +
> +static bool megasas_intr_enabled(MPTState *s)
> +{
> +    if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
> +        MEGASAS_INTR_DISABLED_MASK) {
> +        return true;
> +    }
> +    return false;
> +}
> +
> +static bool megasas_use_queue64(MPTState *s)
> +{
> +    return s->flags & MEGASAS_MASK_USE_QUEUE64;
> +}
> +
> +static bool megasas_use_msix(MPTState *s)
> +{
> +    return s->flags & MEGASAS_MASK_USE_MSIX;
> +}
> +
> +static bool megasas_is_jbod(MPTState *s)
> +{
> +    return s->flags & MEGASAS_MASK_USE_JBOD;
> +}
> +
> +static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
> +{
> +    stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
> +}
> +
> +static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
> +{
> +    stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
> +}
> +
> +/*
> + * Context is considered opaque, but the HBA firmware is running
> + * in little endian mode. So convert it to little endian, too.
> + */
> +static uint64_t megasas_frame_get_context(unsigned long frame)
> +{
> +    return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
> +}
> +
> +static bool megasas_frame_is_ieee_sgl(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_IEEE_SGL;
> +}
> +
> +static bool megasas_frame_is_sgl64(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_SGL64;
> +}
> +
> +static bool megasas_frame_is_write(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_DIR_WRITE;
> +}
> +
> +static bool megasas_frame_is_sense64(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_SENSE64;
> +}
> +
> +static uint64_t megasas_sgl_get_addr(struct megasas_cmd_t *cmd,
> +                                     union mfi_sgl *sgl)
> +{
> +    uint64_t addr;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        addr = le64_to_cpu(sgl->sg_skinny->addr);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        addr = le64_to_cpu(sgl->sg64->addr);
> +    } else {
> +        addr = le32_to_cpu(sgl->sg32->addr);
> +    }
> +    return addr;
> +}
> +
> +static uint32_t megasas_sgl_get_len(struct megasas_cmd_t *cmd,
> +                                    union mfi_sgl *sgl)
> +{
> +    uint32_t len;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        len = le32_to_cpu(sgl->sg_skinny->len);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        len = le32_to_cpu(sgl->sg64->len);
> +    } else {
> +        len = le32_to_cpu(sgl->sg32->len);
> +    }
> +    return len;
> +}
> +
> +static union mfi_sgl *megasas_sgl_next(struct megasas_cmd_t *cmd,
> +                                       union mfi_sgl *sgl)
> +{
> +    uint8_t *next = (uint8_t *)sgl;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        next += sizeof(struct mfi_sg_skinny);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        next += sizeof(struct mfi_sg64);
> +    } else {
> +        next += sizeof(struct mfi_sg32);
> +    }
> +
> +    if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
> +        return NULL;
> +    }
> +    return (union mfi_sgl *)next;
> +}
> +
> +static void megasas_soft_reset(MPTState *s);
> +
> +static int megasas_map_sgl(struct megasas_cmd_t *cmd, union mfi_sgl *sgl)
> +{
> +    int i;
> +    int is_write;
> +    int iov_count = 0;
> +    size_t iov_size = 0;
> +
> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
> +    cmd->iov_cnt = iov_count = cmd->frame->header.sge_count;
> +    if (cmd->iov_cnt > MEGASAS_MAX_SGE) {
> +        cmd->iov_cnt = 0;
> +        return iov_count;
> +    }
> +    is_write = megasas_frame_is_write(cmd);
> +    for (i = 0; i < cmd->iov_cnt; i++) {
> +        target_phys_addr_t iov_pa, iov_size_p;
> +
> +        if (!sgl) {
> +            goto unmap;
> +        }
> +        iov_pa = megasas_sgl_get_addr(cmd, sgl);
> +        cmd->iov[i].iov_len = iov_size_p = megasas_sgl_get_len(cmd, sgl);
> +        if (!iov_pa || !iov_size_p) {
> +            goto unmap;
> +        }
> +        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa, &iov_size_p,
> +                                                       is_write);
> +        if (!iov_size_p || iov_size_p != cmd->iov[i].iov_len) {
> +            if (cmd->iov[i].iov_base) {
> +                cpu_physical_memory_unmap(cmd->iov[i].iov_base,
> +                                          iov_size_p, 0, 0);
> +            }
> +            goto unmap;
> +        }
> +        sgl = megasas_sgl_next(cmd, sgl);
> +        iov_size += cmd->iov[i].iov_len;
> +        iov_count--;
> +    }
> +    cmd->iov[i].iov_base = NULL;
> +    cmd->iov[i].iov_len = 0;
> +    cmd->iov_offset = 0;
> +    return 0;
> +unmap:
> +    while (i > 0) {
> +        cpu_physical_memory_unmap(cmd->iov[i-1].iov_base,
> +                                  cmd->iov[i-1].iov_len, 0, 0);
> +        i--;
> +    }
> +    cmd->iov_cnt = 0;
> +    return iov_count;
> +}
> +
> +static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
> +{
> +    int i, is_write = megasas_frame_is_write(cmd);
> +
> +    for (i = 0; i < cmd->iov_cnt; i++) {
> +        cpu_physical_memory_unmap(cmd->iov[i].iov_base, cmd->iov[i].iov_len,
> +                                  is_write, cmd->iov[i].iov_len);
> +    }
> +    cmd->iov_cnt = 0;
> +    cmd->iov_offset = 0;
> +}
> +
> +/*
> + * passthrough sense and io sense are at the same offset
> + */
> +static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t *sense_ptr,
> +    uint8_t sense_len)
> +{
> +    uint32_t pa_hi = 0, pa_lo;
> +    target_phys_addr_t pa;
> +
> +    if (sense_len > cmd->frame->header.sense_len) {
> +        sense_len = cmd->frame->header.sense_len;
> +    }
> +
> +    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
> +    if (megasas_frame_is_sense64(cmd)) {
> +        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
> +    }
> +    pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    cpu_physical_memory_write(pa, sense_ptr, sense_len);
> +    cmd->frame->header.sense_len = sense_len;
> +    return sense_len;
> +}
> +
> +static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense sense)
> +{
> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
> +    uint8_t sense_len = 18;
> +
> +    memset(sense_buf, 0, sense_len);
> +    sense_buf[0] = 0xf0;
> +    sense_buf[2] = sense.key;
> +    sense_buf[7] = 10;
> +    sense_buf[12] = sense.asc;
> +    sense_buf[13] = sense.ascq;
> +    megasas_build_sense(cmd, sense_buf, sense_len);
> +}
> +
> +static void megasas_copy_sense(struct megasas_cmd_t *cmd)
> +{
> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
> +    uint8_t sense_len;
> +
> +    sense_len = scsi_req_get_sense(cmd->req, sense_buf,
> +                                   cmd->frame->header.sense_len);
> +    megasas_build_sense(cmd, sense_buf, sense_len);
> +}
> +
> +/*
> + * Format an INQUIRY CDB
> + */
> +static int megasas_setup_inquiry(uint8_t *cdb, int pg,
> +                                 uint8_t *buf, int len)
> +{
> +    memset(cdb, 0, 6);
> +    cdb[0] = INQUIRY;
> +    if (pg > 0) {
> +        cdb[1] = 0x1;
> +        cdb[2] = pg;
> +    }
> +    cdb[3] = (len >> 8) & 0xff;
> +    cdb[4] = (len & 0xff);
> +    return len;
> +}
> +
> +/*
> + * Encode lba and len into a READ_16/WRITE_16 CDB
> + */
> +static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
> +                               uint32_t len, int is_write)
> +{
> +    memset(cdb, 0x0, 16);
> +    if (is_write) {
> +        cdb[0] = WRITE_16;
> +    } else {
> +        cdb[0] = READ_16;
> +    }
> +    cdb[2] = (lba >> 56) & 0xff;
> +    cdb[3] = (lba >> 48) & 0xff;
> +    cdb[4] = (lba >> 40) & 0xff;
> +    cdb[5] = (lba >> 32) & 0xff;
> +    cdb[6] = (lba >> 24) & 0xff;
> +    cdb[7] = (lba >> 16) & 0xff;
> +    cdb[8] = (lba >> 8) & 0xff;
> +    cdb[9] = (lba) & 0xff;
> +    cdb[10] = (len >> 24) & 0xff;
> +    cdb[11] = (len >> 16) & 0xff;
> +    cdb[12] = (len >> 8) & 0xff;
> +    cdb[13] = (len) & 0xff;
> +}
> +
> +/*
> + * Utility functions
> + */
> +static uint64_t megasas_fw_time(void)
> +{
> +    struct tm curtime;
> +    uint64_t bcd_time;
> +
> +    qemu_get_timedate(&curtime, 0);
> +    bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
> +        ((uint64_t)curtime.tm_min & 0xff)  << 40 |
> +        ((uint64_t)curtime.tm_hour & 0xff) << 32 |
> +        ((uint64_t)curtime.tm_mday & 0xff) << 24 |
> +        ((uint64_t)curtime.tm_mon & 0xff)  << 16 |
> +        ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
> +
> +    return bcd_time;
> +}
> +
> +static uint64_t megasas_gen_sas_addr(uint64_t id)
> +{
> +    uint64_t addr;
> +
> +    addr = 0x5001a4aULL << 36;
> +    addr |= id & 0xfffffffff;
> +
> +    return addr;
> +}
> +
> +/*
> + * Frame handling
> + */
> +static int megasas_next_index(MPTState *s, int index, int limit)
> +{
> +    index++;
> +    if (index == limit) {
> +        index = 0;
> +    }
> +    return index;
> +}
> +
> +static struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
> +    target_phys_addr_t frame)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int num = 0, index;
> +
> +    index = s->reply_queue_head;
> +
> +    while (num < s->fw_cmds) {
> +        if (s->frames[index].pa && s->frames[index].pa == frame) {
> +            cmd = &s->frames[index];
> +            break;
> +        }
> +        index = megasas_next_index(s, index, s->fw_cmds);
> +        num++;
> +    }
> +
> +    return cmd;
> +}
> +
> +static struct megasas_cmd_t *megasas_next_frame(MPTState *s,
> +    target_phys_addr_t frame)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int num = 0, index;
> +
> +    cmd = megasas_lookup_frame(s, frame);
> +    if (cmd) {
> +        return cmd;
> +    }
> +    index = s->reply_queue_head;
> +    num = 0;
> +    while (num < s->fw_cmds) {
> +        if (!s->frames[index].pa) {
> +            cmd = &s->frames[index];
> +            break;
> +        }
> +        index = megasas_next_index(s, index, s->fw_cmds);
> +        num++;
> +    }
> +    return cmd;
> +}
> +
> +static struct megasas_cmd_t *megasas_enqueue_frame(MPTState *s,
> +    target_phys_addr_t frame, uint64_t context, int count)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int frame_size = MFI_FRAME_SIZE * 16;
> +    target_phys_addr_t frame_size_p = frame_size;
> +
> +    cmd = megasas_next_frame(s, frame);
> +    /* All frames busy */
> +    if (!cmd) {
> +        return NULL;
> +    }
> +    if (!cmd->pa) {
> +        cmd->pa = frame;
> +        /* Map all possible frames */
> +        cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
> +        if (frame_size_p != frame_size) {
> +            if (cmd->frame) {
> +                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
> +                cmd->frame = NULL;
> +                cmd->pa = 0;
> +            }
> +            s->event_count++;
> +            return NULL;
> +        }
> +        cmd->pa_size = frame_size_p;
> +        cmd->context = context;
> +        if (!megasas_use_queue64(s)) {
> +            cmd->context &= (uint64_t)0xFFFFFFFF;
> +        }
> +    }
> +    cmd->count = count;
> +    s->busy++;
> +
> +    return cmd;
> +}
> +
> +static void megasas_complete_frame(MPTState *s, uint64_t context)
> +{
> +    int tail, queue_offset;
> +
> +    /* Decrement busy count */
> +    s->busy--;
> +
> +    if (s->reply_queue_pa) {
> +        /*
> +         * Put command on the reply queue.
> +         * Context is opaque, but emulation is running in
> +         * little endian. So convert it.
> +         */
> +        tail = s->reply_queue_head;
> +        if (megasas_use_queue64(s)) {
> +            queue_offset = tail * sizeof(uint64_t);
> +            stq_le_phys(s->reply_queue_pa + queue_offset, context);
> +        } else {
> +            queue_offset = tail * sizeof(uint32_t);
> +            stl_le_phys(s->reply_queue_pa + queue_offset, context);
> +        }
> +
> +        s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
> +    }
> +
> +    if (megasas_intr_enabled(s)) {
> +        /* Notify HBA */
> +        s->doorbell++;
> +        if (s->doorbell == 1) {
> +            if (msix_enabled(&s->dev)) {
> +                msix_notify(&s->dev, 0);
> +            } else {
> +                qemu_irq_raise(s->dev.irq[0]);
> +            }
> +        }
> +    }
> +}
> +
> +static void megasas_reset_frames(MPTState *s)
> +{
> +    int i;
> +    struct megasas_cmd_t *cmd;
> +
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        cmd = &s->frames[i];
> +        if (cmd->pa) {
> +            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
> +            cmd->frame = NULL;
> +            cmd->pa = 0;
> +        }
> +    }
> +}
> +
> +static void megasas_abort_command(struct megasas_cmd_t *cmd)
> +{
> +    if (cmd->req) {
> +        scsi_req_abort(cmd->req, ABORTED_COMMAND);
> +        cmd->req = NULL;
> +    }
> +}
> +
> +static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint32_t pa_hi, pa_lo;
> +    target_phys_addr_t iq_pa, initq_size;
> +    struct mfi_init_qinfo *initq;
> +    uint32_t flags;
> +    int ret = MFI_STAT_OK;
> +
> +    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
> +    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
> +    iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
> +    initq_size = sizeof(*initq);
> +    initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
> +    if (!initq || initq_size != sizeof(*initq)) {
> +        s->event_count++;
> +        ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
> +        goto out;
> +    }
> +    s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
> +    if (s->reply_queue_len > s->fw_cmds) {
> +        s->event_count++;
> +        ret = MFI_STAT_INVALID_PARAMETER;
> +        goto out;
> +    }
> +    pa_lo = le32_to_cpu(initq->rq_addr_lo);
> +    pa_hi = le32_to_cpu(initq->rq_addr_hi);
> +    s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    pa_lo = le32_to_cpu(initq->ci_addr_lo);
> +    pa_hi = le32_to_cpu(initq->ci_addr_hi);
> +    s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    pa_lo = le32_to_cpu(initq->pi_addr_lo);
> +    pa_hi = le32_to_cpu(initq->pi_addr_hi);
> +    s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    s->reply_queue_head = ldl_le_phys(s->producer_pa);
> +    s->reply_queue_tail = ldl_le_phys(s->consumer_pa);
> +    flags = le32_to_cpu(initq->flags);
> +    if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
> +        s->flags |= MEGASAS_MASK_USE_QUEUE64;
> +    }
> +    megasas_reset_frames(s);
> +    s->fw_state = MFI_FWSTATE_OPERATIONAL;
> +out:
> +    if (initq) {
> +        cpu_physical_memory_unmap(initq, initq_size, 0, 0);
> +    }
> +    return ret;
> +}
> +
> +static int megasas_map_dcmd(struct megasas_cmd_t *cmd)
> +{
> +    target_phys_addr_t iov_pa, iov_size;
> +
> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
> +    if (!cmd->frame->header.sge_count) {
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return 0;
> +    } else if (cmd->frame->header.sge_count > 1) {
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return -1;
> +    }
> +    iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
> +    iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
> +    cmd->iov[0].iov_len = iov_size;
> +    cmd->iov[0].iov_base = cpu_physical_memory_map(iov_pa, &iov_size, 1);
> +    if (cmd->iov[0].iov_len != iov_size) {
> +        if (cmd->iov[0].iov_base) {
> +            cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size, 1, 0);
> +        }
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return -1;
> +    }
> +    cmd->iov_cnt = 1;
> +    cmd->iov_size = iov_size;
> +    return cmd->iov_size;
> +}
> +
> +static void megasas_finish_dcmd(struct megasas_cmd_t *cmd)
> +{
> +    uint32_t iov_size = cmd->iov[0].iov_len;
> +
> +    if (!cmd->iov_cnt) {
> +        return;
> +    }
> +
> +    cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size,
> +                              1, cmd->iov_size);
> +
> +    cmd->iov_cnt = 0;
> +    if (iov_size > cmd->iov_size) {
> +        if (megasas_frame_is_ieee_sgl(cmd)) {
> +            cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
> +        } else if (megasas_frame_is_sgl64(cmd)) {
> +            cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
> +        } else {
> +            cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
> +        }
> +    }
> +    cmd->iov_size = 0;
> +    return;
> +}
> +
> +static int megasas_ctrl_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ctrl_info *info = cmd->iov[0].iov_base;
> +    DeviceState *qdev;
> +    int num_ld_disks = 0;
> +
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        num_ld_disks++;
> +    }
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    info->pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
> +    info->pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
> +    info->pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
> +    info->pci.subdevice = cpu_to_le16(0x1013);
> +
> +    info->host.type = MFI_INFO_HOST_PCIX;
> +    info->device.type = MFI_INFO_DEV_SAS3G;
> +    info->device.port_count = 2;
> +    info->device.port_addr[0] = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
> +
> +    memcpy(info->product_name, "MegaRAID SAS 8708EM2", 20);
> +    snprintf(info->serial_number, 32, "QEMU%08lx",
> +             (unsigned long)s & 0xFFFFFFFF);
> +    snprintf(info->package_version, 0x60, "%s-QEMU", QEMU_VERSION);
> +    memcpy(info->image_component[0].name, "APP", 8);
> +    memcpy(info->image_component[0].version, MEGASAS_VERSION "-QEMU", 32);
> +    memcpy(info->image_component[0].build_date, __DATE__, 16);
> +    memcpy(info->image_component[0].build_time, __TIME__, 16);
> +    info->image_component_count = 1;
> +    info->current_fw_time = cpu_to_le32(megasas_fw_time());
> +    info->max_arms = 32;
> +    info->max_spans = 8;
> +    info->max_arrays = MEGASAS_MAX_ARRAYS;
> +    info->max_lds = s->fw_luns;
> +    info->max_cmds = cpu_to_le16(s->fw_cmds);
> +    info->max_sg_elements = cpu_to_le16(s->fw_sge);
> +    info->max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
> +    info->lds_present = cpu_to_le16(num_ld_disks);
> +    info->pd_present = cpu_to_le16(num_ld_disks + 1);
> +    info->pd_disks_present = cpu_to_le16(num_ld_disks);
> +    info->hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
> +                                   MFI_INFO_HW_MEM |
> +                                   MFI_INFO_HW_FLASH);
> +    info->memory_size = cpu_to_le16(512);
> +    info->nvram_size = cpu_to_le16(32);
> +    info->flash_size = cpu_to_le16(16);
> +    info->raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
> +    info->adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
> +                                    MFI_INFO_AOPS_SELF_DIAGNOSTIC |
> +                                    MFI_INFO_AOPS_MIXED_ARRAY);
> +    info->ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
> +                               MFI_INFO_LDOPS_ACCESS_POLICY |
> +                               MFI_INFO_LDOPS_IO_POLICY |
> +                               MFI_INFO_LDOPS_WRITE_POLICY |
> +                               MFI_INFO_LDOPS_READ_POLICY);
> +    info->max_strips_per_io = cpu_to_le16(s->fw_sge);
> +    info->stripe_sz_ops.min = 3;
> +    info->stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
> +    info->properties.pred_fail_poll_interval = cpu_to_le16(300);
> +    info->properties.intr_throttle_cnt = cpu_to_le16(16);
> +    info->properties.intr_throttle_timeout = cpu_to_le16(50);
> +    info->properties.rebuild_rate = 30;
> +    info->properties.patrol_read_rate = 30;
> +    info->properties.bgi_rate = 30;
> +    info->properties.cc_rate = 30;
> +    info->properties.recon_rate = 30;
> +    info->properties.cache_flush_interval = 4;
> +    info->properties.spinup_drv_cnt = 2;
> +    info->properties.spinup_delay = 6;
> +    info->properties.ecc_bucket_size = 15;
> +    info->properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
> +    info->properties.expose_encl_devices = 1;
> +    info->properties.OnOffProperties.enableJBOD = 1;
> +    info->pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
> +                               MFI_INFO_PDOPS_FORCE_OFFLINE);
> +    info->pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
> +                                       MFI_INFO_PDMIX_SATA |
> +                                       MFI_INFO_PDMIX_LD);
> +    cmd->iov_size = sizeof(struct mfi_ctrl_info);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_mfc_get_defaults(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_defaults *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_defaults)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    info->sas_addr = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
> +    info->stripe_size = 3;
> +    info->flush_time = 4;
> +    info->background_rate = 30;
> +    info->allow_mix_in_enclosure = 1;
> +    info->allow_mix_in_ld = 1;
> +    info->direct_pd_mapping = 1;
> +    /* Enable for BIOS support */
> +    info->bios_enumerate_lds = 1;
> +    info->disable_ctrl_r = 1;
> +    info->expose_enclosure_devices = 1;
> +    info->disable_preboot_cli = 1;
> +    info->cluster_disable = 1;
> +
> +    cmd->iov_size = sizeof(struct mfi_defaults);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_get_bios_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_bios_data *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_bios_data)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    info->continue_on_error = 1;
> +    info->verbose = 1;
> +    if (megasas_is_jbod(s)) {
> +        info->expose_all_drives = 1;
> +    }
> +
> +    cmd->iov_size = sizeof(struct mfi_bios_data);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_get_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t fw_time;
> +
> +    fw_time = cpu_to_le64(megasas_fw_time());
> +
> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
> +    cmd->iov_size = sizeof(fw_time);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_set_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t fw_time;
> +
> +    /* This is a dummy; setting of firmware time is not allowed */
> +    memset(cmd->iov[0].iov_base, 0x0, cmd->iov_size);
> +    memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
> +
> +    fw_time = cpu_to_le64(megasas_fw_time());
> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
> +    cmd->iov_size = sizeof(fw_time);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_event_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_evt_log_state *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0, cmd->iov_size);
> +
> +    info->newest_seq_num = cpu_to_le32(s->event_count);
> +    info->shutdown_seq_num = cpu_to_le32(s->shutdown_event);
> +    info->boot_seq_num = cpu_to_le32(s->boot_event);
> +
> +    cmd->iov_size = sizeof(struct mfi_evt_log_state);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_event_wait(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    union mfi_evt event;
> +
> +    if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
> +    event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
> +    s->event_locale = event.members.locale;
> +    s->event_class = event.members.class;
> +    s->event_cmd = cmd;
> +    /* Decrease busy count; event frame doesn't count here */
> +    s->busy--;
> +    cmd->iov_size = sizeof(struct mfi_evt_detail);
> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_dcmd_pd_get_list(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_list *info = cmd->iov[0].iov_base;
> +    DeviceState *qdev;
> +    uint32_t offset, num_pd_disks = 0, max_luns;
> +    uint16_t dev_id;
> +
> +    memset(info, 0, cmd->iov_size);
> +    offset = 8;
> +    if (cmd->iov_size < (offset + sizeof(struct mfi_pd_address))) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    max_luns = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
> +    if (max_luns > s->fw_luns) {
> +        max_luns = s->fw_luns;
> +    }
> +
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
> +
> +        dev_id = sdev->id;
> +        info->addr[num_pd_disks].device_id = cpu_to_le16(dev_id);
> +        info->addr[num_pd_disks].encl_device_id = cpu_to_le16(dev_id);
> +        info->addr[num_pd_disks].sas_addr[0] =
> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
> +        num_pd_disks++;
> +        offset += sizeof(struct mfi_pd_address);
> +    }
> +
> +    info->size = cpu_to_le32(offset);
> +    info->count = cpu_to_le32(num_pd_disks);
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_pd_list_query(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint16_t flags;
> +
> +    /* mbox0 contains flags */
> +    flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +
> +    if (flags == MR_PD_QUERY_TYPE_ALL || megasas_is_jbod(s)) {
> +        return megasas_dcmd_pd_get_list(s, cmd);
> +    }
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
> +                                      struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
> +    uint8_t cmdbuf[6];
> +    SCSIRequest *req;
> +    size_t len;
> +
> +    if (info->inquiry_data[4] == 0) {
> +        /* Additional length is zero, resubmit */
> +        megasas_setup_inquiry(cmdbuf, 0, info->inquiry_data,
> +                              sizeof(info->inquiry_data));
> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    } else if (info->vpd_page83[3] == 0) {
> +        /* Additional length is zero, resubmit */
> +        megasas_setup_inquiry(cmdbuf, 0x83, (uint8_t *)info->vpd_page83,
> +                              sizeof(info->vpd_page83));
> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    }
> +
> +    /* Finished, set FW state */
> +    if (megasas_is_jbod(cmd->state)) {
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
> +    } else {
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
> +    }
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_pd_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
> +    uint64_t pd_size;
> +    uint16_t pd_id;
> +    SCSIDevice *sdev = NULL;
> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_pd_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    /* mbox0 has the ID */
> +    pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +    sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
> +
> +    if (sdev) {
> +        BlockConf *conf = &sdev->conf;
> +
> +        info->ref.v.device_id = pd_id;
> +        info->state.ddf.v.pd_type.in_vd = 1;
> +        info->state.ddf.v.pd_type.intf = 0x2;
> +        bdrv_get_geometry(conf->bs, &pd_size);
> +        info->raw_size = cpu_to_le64(pd_size);
> +        info->non_coerced_size = cpu_to_le64(pd_size);
> +        info->coerced_size = cpu_to_le64(pd_size);
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
> +        info->path_info.count = 1;
> +        info->path_info.sas_addr[0] =
> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
> +        /* Submit inquiry */
> +        retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
> +    }
> +
> +    return retval;
> +}
> +
> +static int megasas_dcmd_ld_get_list(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_list *info = cmd->iov[0].iov_base;
> +    uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
> +    uint64_t ld_size;
> +    int offset;
> +    DeviceState *qdev;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ld_list)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    if (megasas_is_jbod(s)) {
> +        max_ld_disks = 0;
> +    }
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
> +        BlockConf *conf = &sdev->conf;
> +
> +        if (num_ld_disks >= max_ld_disks)
> +            break;
> +        bdrv_get_geometry(conf->bs, &ld_size);
> +        ld_size *= 512;
> +        info->ld_list[num_ld_disks].ld.v.target_id = sdev->id;
> +        info->ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
> +        info->ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
> +        num_ld_disks++;
> +        offset += 18;
> +    }
> +    info->ld_count = cpu_to_le32(num_ld_disks);
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
> +                                      struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
> +    uint8_t cdb[6];
> +    SCSIRequest *req;
> +    ssize_t len;
> +
> +    if (info->vpd_page83[3] == 0) {
> +        megasas_setup_inquiry(cdb, 0x83, (uint8_t *)info->vpd_page83,
> +                              sizeof(info->vpd_page83));
> +        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    }
> +    info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_ld_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
> +    uint64_t ld_size;
> +    uint16_t ld_id;
> +    uint32_t max_ld_disks = s->fw_luns;
> +    SCSIDevice *sdev = NULL;
> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ld_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    /* mbox0 has the ID */
> +    ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +
> +    if (megasas_is_jbod(s)) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (ld_id < max_ld_disks) {
> +        sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
> +    }
> +
> +    if (sdev) {
> +        BlockConf *conf = &sdev->conf;
> +
> +        info->ld_config.properties.ld.v.target_id = ld_id;
> +        info->ld_config.params.stripe_size = 3;
> +        info->ld_config.params.num_drives = 1;
> +        info->ld_config.params.state = MFI_LD_STATE_OFFLINE;
> +        info->ld_config.params.is_consistent = 1;
> +        bdrv_get_geometry(conf->bs, &ld_size);
> +        ld_size *= 512;
> +        info->size = cpu_to_le64(ld_size);
> +        retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
> +    }
> +
> +    return retval;
> +}
> +
> +static int megasas_dcmd_get_properties(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ctrl_props *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_props)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    info->pred_fail_poll_interval = cpu_to_le16(300);
> +    info->intr_throttle_cnt = cpu_to_le16(16);
> +    info->intr_throttle_timeout = cpu_to_le16(50);
> +    info->rebuild_rate = 30;
> +    info->patrol_read_rate = 30;
> +    info->bgi_rate = 30;
> +    info->cc_rate = 30;
> +    info->recon_rate = 30;
> +    info->cache_flush_interval = 4;
> +    info->spinup_drv_cnt = 2;
> +    info->spinup_delay = 6;
> +    info->ecc_bucket_size = 15;
> +    info->ecc_bucket_leak_rate = cpu_to_le16(1440);
> +    info->expose_encl_devices = 1;
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_cache_flush(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    qemu_aio_flush();
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_ctrl_shutdown(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    s->fw_state = MFI_FWSTATE_READY;
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_cluster_reset_ld(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    return MFI_STAT_INVALID_DCMD;
> +}
> +
> +static int megasas_dcmd_set_properties(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_dummy(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    if (cmd->iov_size) {
> +        memset(cmd->iov[0].iov_base, 0, cmd->iov_size);
> +    }
> +    return MFI_STAT_OK;
> +}
> +
> +static const struct dcmd_cmd_tbl_t {
> +    int opcode;
> +    int (*func)(MPTState *s, struct megasas_cmd_t *cmd);
> +} dcmd_cmd_tbl[] = {
> +    { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_GET_INFO, megasas_ctrl_get_info },
> +    { MFI_DCMD_CTRL_GET_PROPERTIES, megasas_dcmd_get_properties },
> +    { MFI_DCMD_CTRL_SET_PROPERTIES, megasas_dcmd_set_properties },
> +    { MFI_DCMD_CTRL_ALARM_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_ENABLE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_DISABLE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_SILENCE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_TEST, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_EVENT_GETINFO, megasas_event_info },
> +    { MFI_DCMD_CTRL_EVENT_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_EVENT_WAIT, megasas_event_wait },
> +    { MFI_DCMD_CTRL_SHUTDOWN, megasas_ctrl_shutdown },
> +    { MFI_DCMD_HIBERNATE_STANDBY, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_GET_TIME, megasas_dcmd_get_fw_time },
> +    { MFI_DCMD_CTRL_SET_TIME, megasas_dcmd_set_fw_time },
> +    { MFI_DCMD_CTRL_BIOS_DATA_GET, megasas_dcmd_get_bios_info },
> +    { MFI_DCMD_CTRL_FACTORY_DEFAULTS, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, megasas_mfc_get_defaults },
> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_CACHE_FLUSH, megasas_cache_flush },
> +    { MFI_DCMD_PD_GET_LIST, megasas_dcmd_pd_get_list },
> +    { MFI_DCMD_PD_LIST_QUERY, megasas_dcmd_pd_list_query },
> +    { MFI_DCMD_PD_GET_INFO, megasas_dcmd_pd_get_info },
> +    { MFI_DCMD_PD_STATE_SET, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_REBUILD, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_BLINK, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_UNBLINK, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_GET_LIST, megasas_dcmd_ld_get_list},
> +    { MFI_DCMD_LD_GET_INFO, megasas_dcmd_ld_get_info },
> +    { MFI_DCMD_LD_GET_PROP, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_SET_PROP, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_DELETE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_READ, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_ADD, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_CLEAR, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_FOREIGN_READ, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_FOREIGN_IMPORT, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_STATUS, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_CAPACITY_INFO, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_DESIGN_INFO, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_PROP_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER_RESET_ALL, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER_RESET_LD, megasas_cluster_reset_ld },
> +    { -1, NULL }
> +};
> +
> +static int megasas_handle_dcmd(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    int opcode, len;
> +    int retval = 0;
> +    const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
> +
> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
> +    len = megasas_map_dcmd(cmd);
> +    if (len < 0) {
> +        return MFI_STAT_MEMORY_NOT_AVAILABLE;
> +    }
> +    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
> +        cmdptr++;
> +    }
> +    if (cmdptr->opcode == -1) {
> +        retval = megasas_dcmd_dummy(s, cmd);
> +    } else {
> +        retval = cmdptr->func(s, cmd);
> +    }
> +    if (retval != MFI_STAT_INVALID_STATUS) {
> +        megasas_finish_dcmd(cmd);
> +    }
> +    return retval;
> +}
> +
> +static int megasas_finish_internal_dcmd(struct megasas_cmd_t *cmd,
> +                                        SCSIRequest *req)
> +{
> +    int opcode;
> +    int retval = MFI_STAT_OK;
> +    int lun = req->lun;
> +
> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
> +    scsi_req_unref(req);
> +    switch (opcode) {
> +    case MFI_DCMD_PD_GET_INFO:
> +        retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
> +        break;
> +    case MFI_DCMD_LD_GET_INFO:
> +        retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
> +        break;
> +    default:
> +        retval = MFI_STAT_INVALID_DCMD;
> +        break;
> +    }
> +    if (retval != MFI_STAT_INVALID_STATUS) {
> +        megasas_finish_dcmd(cmd);
> +    }
> +    return retval;
> +}
> +
> +static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd,
> +                               int is_logical)
> +{
> +    uint8_t *cdb;
> +    int len;
> +    struct SCSIDevice *sdev = NULL;
> +
> +    cdb = cmd->frame->pass.cdb;
> +
> +    if (cmd->frame->header.target_id < s->fw_luns) {
> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
> +                                cmd->frame->header.lun_id);
> +    }
> +    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
> +
> +    if (!sdev || (megasas_is_jbod(s) && is_logical)) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (cmd->frame->header.cdb_len > 16) {
> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    if (megasas_map_sgl(cmd, &cmd->frame->pass.sgl)) {
> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    cmd->req = scsi_req_new(sdev, cmd->index,
> +                            cmd->frame->header.lun_id, cdb, cmd);
> +    if (!cmd->req) {
> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
> +        cmd->frame->header.scsi_status = BUSY;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    len = scsi_req_enqueue(cmd->req);
> +    if (len > 0) {
> +        if (len < cmd->iov_size) {
> +            cmd->iov_size = len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    } else if (len < 0) {
> +        if (-len < cmd->iov_size) {
> +            cmd->iov_size = -len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    }
> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint32_t lba_count, lba_start_hi, lba_start_lo;
> +    uint64_t lba_start;
> +    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
> +    uint8_t cdb[16];
> +    int len;
> +    struct SCSIDevice *sdev = NULL;
> +
> +    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
> +    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
> +    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
> +    lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
> +
> +    if (cmd->frame->header.target_id < s->fw_luns) {
> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
> +                                cmd->frame->header.lun_id);
> +    }
> +
> +    if (!sdev) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (cmd->frame->header.cdb_len > 16) {
> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    cmd->iov_size = lba_count * sdev->blocksize;
> +    if (megasas_map_sgl(cmd, &cmd->frame->io.sgl)) {
> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    megasas_encode_lba(cdb, lba_start, lba_count, write);
> +    cmd->req = scsi_req_new(sdev, cmd->index,
> +                            cmd->frame->header.lun_id, cdb, cmd);
> +    if (!cmd->req) {
> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
> +        cmd->frame->header.scsi_status = BUSY;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    len = scsi_req_enqueue(cmd->req);
> +    if (len > 0) {
> +        if (len < cmd->iov_size) {
> +            cmd->iov_size = len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    } else if (len < 0) {
> +        if (-len < cmd->iov_size) {
> +            cmd->iov_size = -len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    }
> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
> +                                           SCSIRequest *req)
> +{
> +    int retval = MFI_STAT_INVALID_CMD;
> +
> +    if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
> +            retval = megasas_finish_internal_dcmd(cmd, req);
> +    }
> +    return retval;
> +}
> +
> +static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +    uint8_t *buf;
> +
> +    if (len) {
> +        int is_write = megasas_frame_is_write(cmd);
> +        size_t bytes;
> +
> +        buf = scsi_req_get_buf(req);
> +        if (is_write) {
> +            bytes = iov_to_buf(cmd->iov, cmd->iov_cnt, buf,
> +                               cmd->iov_offset, len);
> +            if (bytes != len) {
> +                len = bytes;
> +            }
> +            cmd->iov_offset += bytes;
> +        } else {
> +            bytes = iov_from_buf(cmd->iov, cmd->iov_cnt, buf,
> +                                 cmd->iov_offset, len);
> +            if (bytes != len) {
> +                len = bytes;
> +            }
> +            cmd->iov_offset += bytes;
> +        }
> +    }
> +    scsi_req_continue(req);
> +}
> +
> +static void megasas_command_complete(SCSIRequest *req, uint32_t status)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +    uint8_t cmd_status = MFI_STAT_OK;
> +
> +    if (cmd->req != req) {
> +        /*
> +         * Internal command complete
> +         */
> +        cmd_status = megasas_finish_internal_command(cmd, req);
> +        if (cmd_status == MFI_STAT_INVALID_STATUS) {
> +            return;
> +        }
> +    } else {
> +        req->status = status;
> +        if (req->status != GOOD) {
> +            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
> +        }
> +        if (req->status == CHECK_CONDITION) {
> +            megasas_copy_sense(cmd);
> +        }
> +
> +        megasas_unmap_sgl(cmd);
> +        cmd->frame->header.scsi_status = req->status;
> +        scsi_req_unref(cmd->req);
> +        cmd->req = NULL;
> +    }
> +    cmd->frame->header.cmd_status = cmd_status;
> +    megasas_complete_frame(cmd->state, cmd->context);
> +}
> +
> +static void megasas_command_cancel(SCSIRequest *req)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +
> +    if (cmd) {
> +        megasas_abort_command(cmd);
> +    } else {
> +        scsi_req_unref(req);
> +    }
> +    return;
> +}
> +
> +static int megasas_handle_abort(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
> +    target_phys_addr_t abort_addr, addr_hi, addr_lo;
> +    struct megasas_cmd_t *abort_cmd;
> +
> +    addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
> +    addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
> +    abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
> +
> +    abort_cmd = megasas_lookup_frame(s, abort_addr);
> +    if (!abort_cmd) {
> +        s->event_count++;
> +        return MFI_STAT_OK;
> +    }
> +    if (!megasas_use_queue64(s)) {
> +        abort_ctx &= (uint64_t)0xFFFFFFFF;
> +    }
> +    if (abort_cmd->context != abort_ctx) {
> +        s->event_count++;
> +        return MFI_STAT_ABORT_NOT_POSSIBLE;
> +    }
> +    megasas_abort_command(abort_cmd);
> +    if (!s->event_cmd || abort_cmd != s->event_cmd) {
> +        s->event_cmd = NULL;
> +    }
> +    s->event_count++;
> +    return MFI_STAT_OK;
> +}
> +
> +static void megasas_handle_frame(MPTState *s, uint64_t frame_addr,
> +                                 uint32_t frame_count)
> +{
> +    uint8_t frame_status = MFI_STAT_INVALID_CMD;
> +    uint64_t frame_context;
> +    struct megasas_cmd_t *cmd;
> +
> +    /*
> +     * Always read 64bit context, top bits will be
> +     * masked out if required in megasas_enqueue_frame()
> +     */
> +    frame_context = megasas_frame_get_context(frame_addr);
> +
> +    cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
> +    if (!cmd) {
> +        /* reply queue full */
> +        megasas_frame_set_scsi_status(frame_addr, BUSY);
> +        megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
> +        megasas_complete_frame(s, frame_context);
> +        s->event_count++;
> +        return;
> +    }
> +    switch (cmd->frame->header.frame_cmd) {
> +    case MFI_CMD_INIT:
> +        frame_status = megasas_init_firmware(s, cmd);
> +        break;
> +    case MFI_CMD_DCMD:
> +        frame_status = megasas_handle_dcmd(s, cmd);
> +        break;
> +    case MFI_CMD_ABORT:
> +        frame_status = megasas_handle_abort(s, cmd);
> +        break;
> +    case MFI_CMD_PD_SCSI_IO:
> +        frame_status = megasas_handle_scsi(s, cmd, 0);
> +        break;
> +    case MFI_CMD_LD_SCSI_IO:
> +        frame_status = megasas_handle_scsi(s, cmd, 1);
> +        break;
> +    case MFI_CMD_LD_READ:
> +    case MFI_CMD_LD_WRITE:
> +        frame_status = megasas_handle_io(s, cmd);
> +        break;
> +    default:
> +        s->event_count++;
> +        break;
> +    }
> +    if (frame_status != MFI_STAT_INVALID_STATUS) {
> +        if (cmd->frame) {
> +            cmd->frame->header.cmd_status = frame_status;
> +        } else {
> +            megasas_frame_set_cmd_status(frame_addr, frame_status);
> +        }
> +        megasas_complete_frame(s, cmd->context);
> +    }
> +}
> +
> +static uint64_t megasas_mmio_read(void *opaque, target_phys_addr_t addr,
> +                                  unsigned size)
> +{
> +    MPTState *s = opaque;
> +    uint32_t retval = 0;
> +
> +    switch (addr) {
> +    case MFI_IDB:
> +        retval = 0;
> +        break;
> +    case MFI_OMSG0:
> +    case MFI_OSP0:
> +        retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
> +            (s->fw_state & MFI_FWSTATE_MASK) |
> +            ((s->fw_sge & 0xff) << 16) |
> +            (s->fw_cmds & 0xFFFF);
> +        break;
> +    case MFI_OSTS:
> +        if (megasas_intr_enabled(s) && s->doorbell) {
> +            retval = MFI_1078_RM | 1;
> +        }
> +        break;
> +    case MFI_OMSK:
> +        retval = s->intr_mask;
> +        break;
> +    case MFI_ODCR0:
> +        retval = s->doorbell;
> +        break;
> +    default:
> +        break;
> +    }
> +    return retval;
> +}
> +
> +static void megasas_mmio_write(void *opaque, target_phys_addr_t addr,
> +                               uint64_t val, unsigned size)
> +{
> +    MPTState *s = opaque;
> +    uint64_t frame_addr;
> +    uint32_t frame_count;
> +    int i;
> +
> +    switch (addr) {
> +    case MFI_IDB:
> +        if (val & MFI_FWINIT_ABORT) {
> +            /* Abort all pending cmds */
> +            for (i = 0; i < s->fw_cmds; i++) {
> +                megasas_abort_command(&s->frames[i]);
> +            }
> +        }
> +        if (val & MFI_FWINIT_READY) {
> +            /* move to FW READY */
> +            megasas_soft_reset(s);
> +        }
> +        if (val & MFI_FWINIT_MFIMODE) {
> +            /* discard MFIs */
> +        }
> +        break;
> +    case MFI_OMSK:
> +        s->intr_mask = val;
> +        if (!megasas_intr_enabled(s) && !msix_enabled(&s->dev)) {
> +            qemu_irq_lower(s->dev.irq[0]);
> +        }
> +        break;
> +    case MFI_ODCR0:
> +        s->doorbell = 0;
> +        if (s->producer_pa && megasas_intr_enabled(s)) {
> +            /* Update reply queue pointer */
> +            stl_le_phys(s->producer_pa, s->reply_queue_head);
> +            if (!msix_enabled(&s->dev)) {
> +                qemu_irq_lower(s->dev.irq[0]);
> +            }
> +        }
> +        break;
> +    case MFI_IQPH:
> +        /* Received high 32 bits of a 64 bit MFI frame address */
> +        s->frame_hi = val;
> +        break;
> +    case MFI_IQPL:
> +        /* Received low 32 bits of a 64 bit MFI frame address */
> +    case MFI_IQP:
> +        /* Received 32 bit MFI frame address */
> +        frame_addr = (val & ~0x1F);
> +        /* Add possible 64 bit offset */
> +        frame_addr |= ((uint64_t)s->frame_hi << 32);
> +        s->frame_hi = 0;
> +        frame_count = (val >> 1) & 0xF;
> +        megasas_handle_frame(s, frame_addr, frame_count);
> +        break;
> +    default:
> +        break;
> +    }
> +}
> +
> +static const MemoryRegionOps megasas_mmio_ops = {
> +    .read = megasas_mmio_read,
> +    .write = megasas_mmio_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static uint64_t megasas_port_read(void *opaque, target_phys_addr_t addr,
> +                                  unsigned size)
> +{
> +    return megasas_mmio_read(opaque, addr & 0xff, size);
> +}
> +
> +static void megasas_port_write(void *opaque, target_phys_addr_t addr,
> +                               uint64_t val, unsigned size)
> +{
> +    megasas_mmio_write(opaque, addr & 0xff, val, size);
> +}
> +
> +static const MemoryRegionOps megasas_port_ops = {
> +    .read = megasas_port_read,
> +    .write = megasas_port_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static uint64_t megasas_queue_read(void *opaque, target_phys_addr_t addr,
> +                                   unsigned size)
> +{
> +    return 0;
> +}
> +
> +static void megasas_queue_write(void *opaque, target_phys_addr_t addr,
> +                                uint64_t val, unsigned size)
> +{
> +}
> +
> +static const MemoryRegionOps megasas_queue_ops = {
> +    .read = megasas_queue_read,
> +    .write = megasas_queue_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static void megasas_soft_reset(MPTState *s)
> +{
> +    int i;
> +    struct megasas_cmd_t *cmd;
> +
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        cmd = &s->frames[i];
> +        megasas_abort_command(cmd);
> +    }
> +    megasas_reset_frames(s);
> +    s->reply_queue_len = s->fw_cmds;
> +    s->reply_queue_pa = 0;
> +    s->consumer_pa = 0;
> +    s->producer_pa = 0;
> +    s->fw_state = MFI_FWSTATE_READY;
> +    s->doorbell = 0;
> +    s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
> +    s->frame_hi = 0;
> +    s->flags &= ~MEGASAS_MASK_USE_QUEUE64;
> +    s->event_count++;
> +    s->boot_event = s->event_count;
> +}
> +
> +static void megasas_scsi_reset(DeviceState *dev)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev.qdev, dev);
> +
> +    megasas_soft_reset(s);
> +}
> +
> +static const VMStateDescription vmstate_megasas = {
> +    .name = "megasas",
> +    .version_id = 0,
> +    .minimum_version_id = 0,
> +    .minimum_version_id_old = 0,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_PCI_DEVICE(dev, MPTState),
> +
> +        VMSTATE_INT32(fw_state, MPTState),
> +        VMSTATE_INT32(intr_mask, MPTState),
> +        VMSTATE_INT32(doorbell, MPTState),
> +        VMSTATE_UINT64(reply_queue_pa, MPTState),
> +        VMSTATE_UINT64(consumer_pa, MPTState),
> +        VMSTATE_UINT64(producer_pa, MPTState),
> +        VMSTATE_END_OF_LIST()
> +    }
> +};
> +
> +static int megasas_scsi_uninit(PCIDevice *d)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev, d);
> +
> +    memory_region_destroy(&s->mmio_io);
> +    memory_region_destroy(&s->port_io);
> +    memory_region_destroy(&s->queue_io);
> +    return 0;
> +}
> +
> +static const struct SCSIBusInfo megasas_scsi_info = {
> +    .tcq = true,
> +    .max_target = MFI_MAX_LD,
> +    .max_lun = 255,
> +
> +    .transfer_data = megasas_xfer_complete,
> +    .complete = megasas_command_complete,
> +    .cancel = megasas_command_cancel,
> +};
> +
> +static int megasas_scsi_init(PCIDevice *dev)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev, dev);
> +    uint8_t *pci_conf;
> +    int i;
> +
> +    pci_conf = s->dev.config;
> +
> +    /* PCI latency timer = 0 */
> +    pci_conf[PCI_LATENCY_TIMER] = 0;
> +    /* Interrupt pin 1 */
> +    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
> +
> +    memory_region_init_io(&s->mmio_io, &megasas_mmio_ops, s,
> +                          "megasas-mmio", 0x4000);
> +    memory_region_init_io(&s->port_io, &megasas_port_ops, s,
> +                          "megasas-io", 256);
> +    memory_region_init_io(&s->queue_io, &megasas_queue_ops, s,
> +                          "megasas-queue", 0x40000);
> +
> +    if (megasas_use_msix(s) &&
> +        msix_init(&s->dev, 15, &s->mmio_io, 0, 0x2000)) {
> +        s->flags &= ~MEGASAS_MASK_USE_MSIX;
> +    }
> +
> +    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
> +    pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
> +    pci_register_bar(&s->dev, 3, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->queue_io);
> +
> +    if (megasas_use_msix(s)) {
> +        msix_vector_use(&s->dev, 0);
> +    }
> +
> +    if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
> +        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
> +    } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
> +        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
> +    } else {
> +        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
> +    }
> +    if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
> +        s->fw_cmds = MEGASAS_MAX_FRAMES;
> +    }
> +    if (s->raid_mode_str) {
> +        if (!strcmp(s->raid_mode_str, "jbod")) {
> +            s->flags |= MEGASAS_MASK_USE_JBOD;
> +        } else {
> +            s->flags &= ~MEGASAS_MASK_USE_JBOD;
> +            s->raid_mode_str = (char *)megasas_raid_modes[0];
> +        }
> +    } else {
> +        s->raid_mode_str = (char *)megasas_raid_modes[0];
> +    }
> +    s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
> +        MAX_SCSI_DEVS : MFI_MAX_LD;
> +    s->producer_pa = 0;
> +    s->consumer_pa = 0;
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        s->frames[i].index = i;
> +        s->frames[i].context = -1;
> +        s->frames[i].pa = 0;
> +        s->frames[i].state = s;
> +    }
> +
> +    scsi_bus_new(&s->bus, &dev->qdev, &megasas_scsi_info);
> +    scsi_bus_legacy_handle_cmdline(&s->bus);
> +    return 0;
> +}
> +
> +static Property megasas_properties[] = {
> +    DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
> +                       MEGASAS_DEFAULT_SGE),
> +    DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
> +                       MEGASAS_DEFAULT_FRAMES),
> +    DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
> +    DEFINE_PROP_BIT("use_msix", MPTState, flags,
> +                    MEGASAS_FLAG_USE_MSIX, false),
> +    DEFINE_PROP_END_OF_LIST(),
> +};
> +
> +static void megasas_class_init(ObjectClass *oc, void *data)
> +{
> +    DeviceClass *dc = DEVICE_CLASS(oc);
> +    PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
> +
> +    pc->init = megasas_scsi_init;
> +    pc->exit = megasas_scsi_uninit;
> +    pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
> +    pc->device_id = PCI_DEVICE_ID_LSI_SAS1078;
> +    pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
> +    pc->subsystem_id = 0x1013;
> +    pc->class_id = PCI_CLASS_STORAGE_RAID;
> +    dc->props = megasas_properties;
> +    dc->reset = megasas_scsi_reset;
> +    dc->vmsd = &vmstate_megasas;
> +    dc->desc = "LSI MegaRAID SAS 1078";
> +}
> +
> +static TypeInfo megasas_info = {
> +    .name  = "megasas",
> +    .parent = TYPE_PCI_DEVICE,
> +    .instance_size = sizeof(MPTState),
> +    .class_init = megasas_class_init,
> +};
> +
> +static void megaraid1078_register_types(void)
> +{
> +    type_register_static(&megasas_info);
> +}
> +
> +type_init(megaraid1078_register_types);
> diff --git a/hw/mfi.h b/hw/mfi.h
> new file mode 100644
> index 0000000..4790c7c
> --- /dev/null
> +++ b/hw/mfi.h
> @@ -0,0 +1,1281 @@
> +/*-
> + * Copyright (c) 2006 IronPort Systems
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in the
> + *    documentation and/or other materials provided with the distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> + * SUCH DAMAGE.
> + */
> +/*-
> + * Copyright (c) 2007 LSI Corp.
> + * Copyright (c) 2007 Rajesh Prabhakaran.
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in the
> + *    documentation and/or other materials provided with the distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> + * SUCH DAMAGE.
> + */
> +
> +#ifndef _MFI_H
> +#define _MFI_H
> +
> +/*
> + * MegaRAID SAS MFI firmware definitions
> + *
> + * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a completely
> + * new firmware interface from the old AMI MegaRAID one, and there is no
> + * reason why this interface should be limited to just SAS.  In any case, LSI
> + * seems to also call this interface 'MFI', so that will be used here.
> + */
> +
> +/*
> + * Start with the register set.  All registers are 32 bits wide.
> + * The usual Intel IOP style setup.
> + */
> +#define MFI_IMSG0 0x10    /* Inbound message 0 */
> +#define MFI_IMSG1 0x14    /* Inbound message 1 */
> +#define MFI_OMSG0 0x18    /* Outbound message 0 */
> +#define MFI_OMSG1 0x1c    /* Outbound message 1 */
> +#define MFI_IDB   0x20    /* Inbound doorbell */
> +#define MFI_ISTS  0x24    /* Inbound interrupt status */
> +#define MFI_IMSK  0x28    /* Inbound interrupt mask */
> +#define MFI_ODB   0x2c    /* Outbound doorbell */
> +#define MFI_OSTS  0x30    /* Outbound interrupt status */
> +#define MFI_OMSK  0x34    /* Outbound interrupt mask */
> +#define MFI_IQP   0x40    /* Inbound queue port */
> +#define MFI_OQP   0x44    /* Outbound queue port */
> +
> +/*
> + * 1078 specific related register
> + */
> +#define MFI_ODR0        0x9c            /* outbound doorbell register0 */
> +#define MFI_ODCR0       0xa0            /* outbound doorbell clear register0  */
> +#define MFI_OSP0        0xb0            /* outbound scratch pad0  */
> +#define MFI_IQPL        0xc0            /* Inbound queue port (low bytes)  */
> +#define MFI_IQPH        0xc4            /* Inbound queue port (high bytes)  */
> +#define MFI_DIAG        0xf8            /* Host diag */
> +#define MFI_SEQ         0xfc            /* Sequencer offset */
> +#define MFI_1078_EIM    0x80000004      /* 1078 enable intrrupt mask  */
> +#define MFI_RMI         0x2             /* reply message interrupt  */
> +#define MFI_1078_RM     0x80000000      /* reply 1078 message interrupt  */
> +#define MFI_ODC         0x4             /* outbound doorbell change interrupt */
> +
> +/*
> + * gen2 specific changes
> + */
> +#define MFI_GEN2_EIM    0x00000005      /* gen2 enable interrupt mask */
> +#define MFI_GEN2_RM     0x00000001      /* reply gen2 message interrupt */
> +
> +/*
> + * skinny specific changes
> + */
> +#define MFI_SKINNY_IDB  0x00    /* Inbound doorbell is at 0x00 for skinny */
> +#define MFI_SKINNY_RM   0x00000001      /* reply skinny message interrupt */
> +
> +/* Bits for MFI_OSTS */
> +#define MFI_OSTS_INTR_VALID     0x00000002
> +
> +/*
> + * Firmware state values.  Found in OMSG0 during initialization.
> + */
> +#define MFI_FWSTATE_MASK                0xf0000000
> +#define MFI_FWSTATE_UNDEFINED           0x00000000
> +#define MFI_FWSTATE_BB_INIT             0x10000000
> +#define MFI_FWSTATE_FW_INIT             0x40000000
> +#define MFI_FWSTATE_WAIT_HANDSHAKE      0x60000000
> +#define MFI_FWSTATE_FW_INIT_2           0x70000000
> +#define MFI_FWSTATE_DEVICE_SCAN         0x80000000
> +#define MFI_FWSTATE_BOOT_MSG_PENDING    0x90000000
> +#define MFI_FWSTATE_FLUSH_CACHE         0xa0000000
> +#define MFI_FWSTATE_READY               0xb0000000
> +#define MFI_FWSTATE_OPERATIONAL         0xc0000000
> +#define MFI_FWSTATE_FAULT               0xf0000000
> +#define MFI_FWSTATE_MAXSGL_MASK         0x00ff0000
> +#define MFI_FWSTATE_MAXCMD_MASK         0x0000ffff
> +#define MFI_FWSTATE_MSIX_SUPPORTED      0x04000000
> +#define MFI_FWSTATE_HOSTMEMREQD_MASK    0x08000000
> +
> +/*
> + * Control bits to drive the card to ready state.  These go into the IDB
> + * register.
> + */
> +#define MFI_FWINIT_ABORT        0x00000001 /* Abort all pending commands */
> +#define MFI_FWINIT_READY        0x00000002 /* Move from operational to ready */
> +#define MFI_FWINIT_MFIMODE      0x00000004 /* unknown */
> +#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE */
> +#define MFI_FWINIT_HOTPLUG      0x00000010
> +#define MFI_FWINIT_STOP_ADP     0x00000020 /* Move to operational, stop */
> +#define MFI_FWINIT_ADP_RESET    0x00000040 /* Reset ADP */
> +
> +/* MFI Commands */
> +typedef enum {
> +    MFI_CMD_INIT = 0x00,
> +    MFI_CMD_LD_READ,
> +    MFI_CMD_LD_WRITE,
> +    MFI_CMD_LD_SCSI_IO,
> +    MFI_CMD_PD_SCSI_IO,
> +    MFI_CMD_DCMD,
> +    MFI_CMD_ABORT,
> +    MFI_CMD_SMP,
> +    MFI_CMD_STP
> +} mfi_cmd_t ;
> +
> +/* Direct commands */
> +typedef enum {
> +    MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =  0x0100e100,
> +    MFI_DCMD_CTRL_GET_INFO =            0x01010000,
> +    MFI_DCMD_CTRL_GET_PROPERTIES =      0x01020100,
> +    MFI_DCMD_CTRL_SET_PROPERTIES =      0x01020200,
> +    MFI_DCMD_CTRL_ALARM =               0x01030000,
> +    MFI_DCMD_CTRL_ALARM_GET =           0x01030100,
> +    MFI_DCMD_CTRL_ALARM_ENABLE =        0x01030200,
> +    MFI_DCMD_CTRL_ALARM_DISABLE =       0x01030300,
> +    MFI_DCMD_CTRL_ALARM_SILENCE =       0x01030400,
> +    MFI_DCMD_CTRL_ALARM_TEST =          0x01030500,
> +    MFI_DCMD_CTRL_EVENT_GETINFO =       0x01040100,
> +    MFI_DCMD_CTRL_EVENT_CLEAR =         0x01040200,
> +    MFI_DCMD_CTRL_EVENT_GET =           0x01040300,
> +    MFI_DCMD_CTRL_EVENT_COUNT =         0x01040400,
> +    MFI_DCMD_CTRL_EVENT_WAIT =          0x01040500,
> +    MFI_DCMD_CTRL_SHUTDOWN =            0x01050000,
> +    MFI_DCMD_HIBERNATE_STANDBY =        0x01060000,
> +    MFI_DCMD_CTRL_GET_TIME =            0x01080101,
> +    MFI_DCMD_CTRL_SET_TIME =            0x01080102,
> +    MFI_DCMD_CTRL_BIOS_DATA_GET =       0x010c0100,
> +    MFI_DCMD_CTRL_BIOS_DATA_SET =       0x010c0200,
> +    MFI_DCMD_CTRL_FACTORY_DEFAULTS =    0x010d0000,
> +    MFI_DCMD_CTRL_MFC_DEFAULTS_GET =    0x010e0201,
> +    MFI_DCMD_CTRL_MFC_DEFAULTS_SET =    0x010e0202,
> +    MFI_DCMD_CTRL_CACHE_FLUSH =         0x01101000,
> +    MFI_DCMD_PD_GET_LIST =              0x02010000,
> +    MFI_DCMD_PD_LIST_QUERY =            0x02010100,
> +    MFI_DCMD_PD_GET_INFO =              0x02020000,
> +    MFI_DCMD_PD_STATE_SET =             0x02030100,
> +    MFI_DCMD_PD_REBUILD =               0x02040100,
> +    MFI_DCMD_PD_BLINK =                 0x02070100,
> +    MFI_DCMD_PD_UNBLINK =               0x02070200,
> +    MFI_DCMD_LD_GET_LIST =              0x03010000,
> +    MFI_DCMD_LD_GET_INFO =              0x03020000,
> +    MFI_DCMD_LD_GET_PROP =              0x03030000,
> +    MFI_DCMD_LD_SET_PROP =              0x03040000,
> +    MFI_DCMD_LD_DELETE =                0x03090000,
> +    MFI_DCMD_CFG_READ =                 0x04010000,
> +    MFI_DCMD_CFG_ADD =                  0x04020000,
> +    MFI_DCMD_CFG_CLEAR =                0x04030000,
> +    MFI_DCMD_CFG_FOREIGN_READ =         0x04060100,
> +    MFI_DCMD_CFG_FOREIGN_IMPORT =       0x04060400,
> +    MFI_DCMD_BBU_STATUS =               0x05010000,
> +    MFI_DCMD_BBU_CAPACITY_INFO =        0x05020000,
> +    MFI_DCMD_BBU_DESIGN_INFO =          0x05030000,
> +    MFI_DCMD_BBU_PROP_GET =             0x05050100,
> +    MFI_DCMD_CLUSTER =                  0x08000000,
> +    MFI_DCMD_CLUSTER_RESET_ALL =        0x08010100,
> +    MFI_DCMD_CLUSTER_RESET_LD =         0x08010200
> +} mfi_dcmd_t ;
> +
> +/* Modifiers for MFI_DCMD_CTRL_FLUSHCACHE */
> +#define MFI_FLUSHCACHE_CTRL     0x01
> +#define MFI_FLUSHCACHE_DISK     0x02
> +
> +/* Modifiers for MFI_DCMD_CTRL_SHUTDOWN */
> +#define MFI_SHUTDOWN_SPINDOWN   0x01
> +
> +/*
> + * MFI Frame flags
> + */
> +typedef enum {
> +    MFI_FRAME_DONT_POST_IN_REPLY_QUEUE =        0x0001,
> +    MFI_FRAME_SGL64 =                           0x0002,
> +    MFI_FRAME_SENSE64 =                         0x0004,
> +    MFI_FRAME_DIR_WRITE =                       0x0008,
> +    MFI_FRAME_DIR_READ =                        0x0010,
> +    MFI_FRAME_IEEE_SGL =                        0x0020,
> +} mfi_frame_flags;
> +
> +/* MFI Status codes */
> +typedef enum {
> +    MFI_STAT_OK =                       0x00,
> +    MFI_STAT_INVALID_CMD,
> +    MFI_STAT_INVALID_DCMD,
> +    MFI_STAT_INVALID_PARAMETER,
> +    MFI_STAT_INVALID_SEQUENCE_NUMBER,
> +    MFI_STAT_ABORT_NOT_POSSIBLE,
> +    MFI_STAT_APP_HOST_CODE_NOT_FOUND,
> +    MFI_STAT_APP_IN_USE,
> +    MFI_STAT_APP_NOT_INITIALIZED,
> +    MFI_STAT_ARRAY_INDEX_INVALID,
> +    MFI_STAT_ARRAY_ROW_NOT_EMPTY,
> +    MFI_STAT_CONFIG_RESOURCE_CONFLICT,
> +    MFI_STAT_DEVICE_NOT_FOUND,
> +    MFI_STAT_DRIVE_TOO_SMALL,
> +    MFI_STAT_FLASH_ALLOC_FAIL,
> +    MFI_STAT_FLASH_BUSY,
> +    MFI_STAT_FLASH_ERROR =              0x10,
> +    MFI_STAT_FLASH_IMAGE_BAD,
> +    MFI_STAT_FLASH_IMAGE_INCOMPLETE,
> +    MFI_STAT_FLASH_NOT_OPEN,
> +    MFI_STAT_FLASH_NOT_STARTED,
> +    MFI_STAT_FLUSH_FAILED,
> +    MFI_STAT_HOST_CODE_NOT_FOUNT,
> +    MFI_STAT_LD_CC_IN_PROGRESS,
> +    MFI_STAT_LD_INIT_IN_PROGRESS,
> +    MFI_STAT_LD_LBA_OUT_OF_RANGE,
> +    MFI_STAT_LD_MAX_CONFIGURED,
> +    MFI_STAT_LD_NOT_OPTIMAL,
> +    MFI_STAT_LD_RBLD_IN_PROGRESS,
> +    MFI_STAT_LD_RECON_IN_PROGRESS,
> +    MFI_STAT_LD_WRONG_RAID_LEVEL,
> +    MFI_STAT_MAX_SPARES_EXCEEDED,
> +    MFI_STAT_MEMORY_NOT_AVAILABLE =     0x20,
> +    MFI_STAT_MFC_HW_ERROR,
> +    MFI_STAT_NO_HW_PRESENT,
> +    MFI_STAT_NOT_FOUND,
> +    MFI_STAT_NOT_IN_ENCL,
> +    MFI_STAT_PD_CLEAR_IN_PROGRESS,
> +    MFI_STAT_PD_TYPE_WRONG,
> +    MFI_STAT_PR_DISABLED,
> +    MFI_STAT_ROW_INDEX_INVALID,
> +    MFI_STAT_SAS_CONFIG_INVALID_ACTION,
> +    MFI_STAT_SAS_CONFIG_INVALID_DATA,
> +    MFI_STAT_SAS_CONFIG_INVALID_PAGE,
> +    MFI_STAT_SAS_CONFIG_INVALID_TYPE,
> +    MFI_STAT_SCSI_DONE_WITH_ERROR,
> +    MFI_STAT_SCSI_IO_FAILED,
> +    MFI_STAT_SCSI_RESERVATION_CONFLICT,
> +    MFI_STAT_SHUTDOWN_FAILED =          0x30,
> +    MFI_STAT_TIME_NOT_SET,
> +    MFI_STAT_WRONG_STATE,
> +    MFI_STAT_LD_OFFLINE,
> +    MFI_STAT_PEER_NOTIFICATION_REJECTED,
> +    MFI_STAT_PEER_NOTIFICATION_FAILED,
> +    MFI_STAT_RESERVATION_IN_PROGRESS,
> +    MFI_STAT_I2C_ERRORS_DETECTED,
> +    MFI_STAT_PCI_ERRORS_DETECTED,
> +    MFI_STAT_DIAG_FAILED,
> +    MFI_STAT_BOOT_MSG_PENDING,
> +    MFI_STAT_FOREIGN_CONFIG_INCOMPLETE,
> +    MFI_STAT_INVALID_SGL,
> +    MFI_STAT_UNSUPPORTED_HW,
> +    MFI_STAT_CC_SCHEDULE_DISABLED,
> +    MFI_STAT_PD_COPYBACK_IN_PROGRESS,
> +    MFI_STAT_MULTIPLE_PDS_IN_ARRAY =    0x40,
> +    MFI_STAT_FW_DOWNLOAD_ERROR,
> +    MFI_STAT_FEATURE_SECURITY_NOT_ENABLED,
> +    MFI_STAT_LOCK_KEY_ALREADY_EXISTS,
> +    MFI_STAT_LOCK_KEY_BACKUP_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_VERIFY_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_VERIFY_FAILED,
> +    MFI_STAT_LOCK_KEY_REKEY_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_INVALID,
> +    MFI_STAT_LOCK_KEY_ESCROW_INVALID,
> +    MFI_STAT_LOCK_KEY_BACKUP_REQUIRED,
> +    MFI_STAT_SECURE_LD_EXISTS,
> +    MFI_STAT_LD_SECURE_NOT_ALLOWED,
> +    MFI_STAT_REPROVISION_NOT_ALLOWED,
> +    MFI_STAT_PD_SECURITY_TYPE_WRONG,
> +    MFI_STAT_LD_ENCRYPTION_TYPE_INVALID,
> +    MFI_STAT_CONFIG_FDE_NON_FDE_MIX_NOT_ALLOWED = 0x50,
> +    MFI_STAT_CONFIG_LD_ENCRYPTION_TYPE_MIX_NOT_ALLOWED,
> +    MFI_STAT_SECRET_KEY_NOT_ALLOWED,
> +    MFI_STAT_PD_HW_ERRORS_DETECTED,
> +    MFI_STAT_LD_CACHE_PINNED,
> +    MFI_STAT_POWER_STATE_SET_IN_PROGRESS,
> +    MFI_STAT_POWER_STATE_SET_BUSY,
> +    MFI_STAT_POWER_STATE_WRONG,
> +    MFI_STAT_PR_NO_AVAILABLE_PD_FOUND,
> +    MFI_STAT_CTRL_RESET_REQUIRED,
> +    MFI_STAT_LOCK_KEY_EKM_NO_BOOT_AGENT,
> +    MFI_STAT_SNAP_NO_SPACE,
> +    MFI_STAT_SNAP_PARTIAL_FAILURE,
> +    MFI_STAT_UPGRADE_KEY_INCOMPATIBLE,
> +    MFI_STAT_PFK_INCOMPATIBLE,
> +    MFI_STAT_PD_MAX_UNCONFIGURED,
> +    MFI_STAT_IO_METRICS_DISABLED =      0x60,
> +    MFI_STAT_AEC_NOT_STOPPED,
> +    MFI_STAT_PI_TYPE_WRONG,
> +    MFI_STAT_LD_PD_PI_INCOMPATIBLE,
> +    MFI_STAT_PI_NOT_ENABLED,
> +    MFI_STAT_LD_BLOCK_SIZE_MISMATCH,
> +    MFI_STAT_INVALID_STATUS =           0xFF
> +} mfi_status_t ;
> +
> +/* Event classes */
> +typedef enum {
> +    MFI_EVT_CLASS_DEBUG =      -2,
> +    MFI_EVT_CLASS_PROGRESS =   -1,
> +    MFI_EVT_CLASS_INFO =        0,
> +    MFI_EVT_CLASS_WARNING =     1,
> +    MFI_EVT_CLASS_CRITICAL =    2,
> +    MFI_EVT_CLASS_FATAL =       3,
> +    MFI_EVT_CLASS_DEAD =        4
> +} mfi_evt_class_t ;
> +
> +/* Event locales */
> +typedef enum {
> +    MFI_EVT_LOCALE_LD =         0x0001,
> +    MFI_EVT_LOCALE_PD =         0x0002,
> +    MFI_EVT_LOCALE_ENCL =       0x0004,
> +    MFI_EVT_LOCALE_BBU =        0x0008,
> +    MFI_EVT_LOCALE_SAS =        0x0010,
> +    MFI_EVT_LOCALE_CTRL =       0x0020,
> +    MFI_EVT_LOCALE_CONFIG =     0x0040,
> +    MFI_EVT_LOCALE_CLUSTER =    0x0080,
> +    MFI_EVT_LOCALE_ALL =        0xffff
> +} mfi_evt_locale_t;
> +
> +/* Event args */
> +typedef enum {
> +    MR_EVT_ARGS_NONE =          0x00,
> +    MR_EVT_ARGS_CDB_SENSE,
> +    MR_EVT_ARGS_LD,
> +    MR_EVT_ARGS_LD_COUNT,
> +    MR_EVT_ARGS_LD_LBA,
> +    MR_EVT_ARGS_LD_OWNER,
> +    MR_EVT_ARGS_LD_LBA_PD_LBA,
> +    MR_EVT_ARGS_LD_PROG,
> +    MR_EVT_ARGS_LD_STATE,
> +    MR_EVT_ARGS_LD_STRIP,
> +    MR_EVT_ARGS_PD,
> +    MR_EVT_ARGS_PD_ERR,
> +    MR_EVT_ARGS_PD_LBA,
> +    MR_EVT_ARGS_PD_LBA_LD,
> +    MR_EVT_ARGS_PD_PROG,
> +    MR_EVT_ARGS_PD_STATE,
> +    MR_EVT_ARGS_PCI,
> +    MR_EVT_ARGS_RATE,
> +    MR_EVT_ARGS_STR,
> +    MR_EVT_ARGS_TIME,
> +    MR_EVT_ARGS_ECC,
> +    MR_EVT_ARGS_LD_PROP,
> +    MR_EVT_ARGS_PD_SPARE,
> +    MR_EVT_ARGS_PD_INDEX,
> +    MR_EVT_ARGS_DIAG_PASS,
> +    MR_EVT_ARGS_DIAG_FAIL,
> +    MR_EVT_ARGS_PD_LBA_LBA,
> +    MR_EVT_ARGS_PORT_PHY,
> +    MR_EVT_ARGS_PD_MISSING,
> +    MR_EVT_ARGS_PD_ADDRESS,
> +    MR_EVT_ARGS_BITMAP,
> +    MR_EVT_ARGS_CONNECTOR,
> +    MR_EVT_ARGS_PD_PD,
> +    MR_EVT_ARGS_PD_FRU,
> +    MR_EVT_ARGS_PD_PATHINFO,
> +    MR_EVT_ARGS_PD_POWER_STATE,
> +    MR_EVT_ARGS_GENERIC,
> +} mfi_evt_args;
> +
> +/* Event codes */
> +#define MR_EVT_CFG_CLEARED                          0x0004
> +#define MR_EVT_CTRL_SHUTDOWN                        0x002a
> +#define MR_EVT_LD_STATE_CHANGE                      0x0051
> +#define MR_EVT_PD_INSERTED                          0x005b
> +#define MR_EVT_PD_REMOVED                           0x0070
> +#define MR_EVT_PD_STATE_CHANGED                     0x0072
> +#define MR_EVT_LD_CREATED                           0x008a
> +#define MR_EVT_LD_DELETED                           0x008b
> +#define MR_EVT_FOREIGN_CFG_IMPORTED                 0x00db
> +#define MR_EVT_LD_OFFLINE                           0x00fc
> +#define MR_EVT_CTRL_HOST_BUS_SCAN_REQUESTED         0x0152
> +
> +typedef enum {
> +    MR_LD_CACHE_WRITE_BACK =            0x01,
> +    MR_LD_CACHE_WRITE_ADAPTIVE =        0x02,
> +    MR_LD_CACHE_READ_AHEAD =            0x04,
> +    MR_LD_CACHE_READ_ADAPTIVE =         0x08,
> +    MR_LD_CACHE_WRITE_CACHE_BAD_BBU =   0x10,
> +    MR_LD_CACHE_ALLOW_WRITE_CACHE =     0x20,
> +    MR_LD_CACHE_ALLOW_READ_CACHE =      0x40
> +} mfi_ld_cache;
> +
> +typedef enum {
> +    MR_PD_CACHE_UNCHANGED  =    0,
> +    MR_PD_CACHE_ENABLE =        1,
> +    MR_PD_CACHE_DISABLE =       2
> +} mfi_pd_cache;
> +
> +typedef enum {
> +    MR_PD_QUERY_TYPE_ALL =              0,
> +    MR_PD_QUERY_TYPE_STATE =            1,
> +    MR_PD_QUERY_TYPE_POWER_STATE =      2,
> +    MR_PD_QUERY_TYPE_MEDIA_TYPE =       3,
> +    MR_PD_QUERY_TYPE_SPEED =            4,
> +    MR_PD_QUERY_TYPE_EXPOSED_TO_HOST =  5, /*query for system drives */
> +} mfi_pd_query_type;
> +
> +/*
> + * Other propertities and definitions
> + */
> +#define MFI_MAX_PD_CHANNELS     2
> +#define MFI_MAX_LD_CHANNELS     2
> +#define MFI_MAX_CHANNELS        (MFI_MAX_PD_CHANNELS + MFI_MAX_LD_CHANNELS)
> +#define MFI_MAX_CHANNEL_DEVS  128
> +#define MFI_DEFAULT_ID         -1
> +#define MFI_MAX_LUN             8
> +#define MFI_MAX_LD             64
> +
> +#define MFI_FRAME_SIZE         64
> +#define MFI_MBOX_SIZE          12
> +
> +/* Firmware flashing can take 40s */
> +#define MFI_POLL_TIMEOUT_SECS  50
> +
> +/* Allow for speedier math calculations */
> +#define MFI_SECTOR_LEN        512
> +
> +/* Scatter Gather elements */
> +struct mfi_sg32 {
> +    uint32_t addr;
> +    uint32_t len;
> +} __attribute__ ((packed));
> +
> +struct mfi_sg64 {
> +    uint64_t addr;
> +    uint32_t len;
> +} __attribute__ ((packed));
> +
> +struct mfi_sg_skinny {
> +    uint64_t addr;
> +    uint32_t len;
> +    uint32_t flag;
> +} __attribute__ ((packed));
> +
> +union mfi_sgl {
> +    struct mfi_sg32 sg32[1];
> +    struct mfi_sg64 sg64[1];
> +    struct mfi_sg_skinny sg_skinny[1];
> +} __attribute__ ((packed));
> +
> +/* Message frames.  All messages have a common header */
> +struct mfi_frame_header {
> +    uint8_t frame_cmd;
> +    uint8_t sense_len;
> +    uint8_t cmd_status;
> +    uint8_t scsi_status;
> +    uint8_t target_id;
> +    uint8_t lun_id;
> +    uint8_t cdb_len;
> +    uint8_t sge_count;
> +    uint64_t context;
> +    uint16_t flags;
> +    uint16_t timeout;
> +    uint32_t data_len;
> +} __attribute__ ((packed));
> +
> +struct mfi_init_frame {
> +    struct mfi_frame_header header;
> +    uint32_t qinfo_new_addr_lo;
> +    uint32_t qinfo_new_addr_hi;
> +    uint32_t qinfo_old_addr_lo;
> +    uint32_t qinfo_old_addr_hi;
> +    uint32_t reserved[6];
> +} __attribute__ ((packed));
> +
> +#define MFI_IO_FRAME_SIZE 40
> +struct mfi_io_frame {
> +    struct mfi_frame_header header;
> +    uint32_t sense_addr_lo;
> +    uint32_t sense_addr_hi;
> +    uint32_t lba_lo;
> +    uint32_t lba_hi;
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +#define MFI_PASS_FRAME_SIZE 48
> +struct mfi_pass_frame {
> +    struct mfi_frame_header header;
> +    uint32_t sense_addr_lo;
> +    uint32_t sense_addr_hi;
> +    uint8_t cdb[16];
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +#define MFI_DCMD_FRAME_SIZE 40
> +struct mfi_dcmd_frame {
> +    struct mfi_frame_header header;
> +    uint32_t opcode;
> +    uint8_t mbox[MFI_MBOX_SIZE];
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +struct mfi_abort_frame {
> +    struct mfi_frame_header header;
> +    uint64_t abort_context;
> +    uint32_t abort_mfi_addr_lo;
> +    uint32_t abort_mfi_addr_hi;
> +    uint32_t reserved1[6];
> +} __attribute__ ((packed));
> +
> +struct mfi_smp_frame {
> +    struct mfi_frame_header header;
> +    uint64_t sas_addr;
> +    union {
> +        struct mfi_sg32 sg32[2];
> +        struct mfi_sg64 sg64[2];
> +    } sgl;
> +} __attribute__ ((packed));
> +
> +struct mfi_stp_frame {
> +    struct mfi_frame_header header;
> +    uint16_t fis[10];
> +    uint32_t stp_flags;
> +    union {
> +        struct mfi_sg32 sg32[2];
> +        struct mfi_sg64 sg64[2];
> +    } sgl;
> +} __attribute__ ((packed));
> +
> +union mfi_frame {
> +    struct mfi_frame_header header;
> +    struct mfi_init_frame init;
> +    struct mfi_io_frame io;
> +    struct mfi_pass_frame pass;
> +    struct mfi_dcmd_frame dcmd;
> +    struct mfi_abort_frame abort;
> +    struct mfi_smp_frame smp;
> +    struct mfi_stp_frame stp;
> +    uint64_t raw[8];
> +    uint8_t bytes[MFI_FRAME_SIZE];
> +};
> +
> +#define MFI_SENSE_LEN 128
> +struct mfi_sense {
> +    uint8_t     data[MFI_SENSE_LEN];
> +};
> +
> +#define MFI_QUEUE_FLAG_CONTEXT64 0x00000002
> +
> +/* The queue init structure that is passed with the init message */
> +struct mfi_init_qinfo {
> +    uint32_t flags;
> +    uint32_t rq_entries;
> +    uint32_t rq_addr_lo;
> +    uint32_t rq_addr_hi;
> +    uint32_t pi_addr_lo;
> +    uint32_t pi_addr_hi;
> +    uint32_t ci_addr_lo;
> +    uint32_t ci_addr_hi;
> +} __attribute__ ((packed));
> +
> +/* Controller properties */
> +struct mfi_ctrl_props {
> +    uint16_t seq_num;
> +    uint16_t pred_fail_poll_interval;
> +    uint16_t intr_throttle_cnt;
> +    uint16_t intr_throttle_timeout;
> +    uint8_t rebuild_rate;
> +    uint8_t patrol_read_rate;
> +    uint8_t bgi_rate;
> +    uint8_t cc_rate;
> +    uint8_t recon_rate;
> +    uint8_t cache_flush_interval;
> +    uint8_t spinup_drv_cnt;
> +    uint8_t spinup_delay;
> +    uint8_t cluster_enable;
> +    uint8_t coercion_mode;
> +    uint8_t alarm_enable;
> +    uint8_t disable_auto_rebuild;
> +    uint8_t disable_battery_warn;
> +    uint8_t ecc_bucket_size;
> +    uint16_t ecc_bucket_leak_rate;
> +    uint8_t restore_hotspare_on_insertion;
> +    uint8_t expose_encl_devices;
> +    uint8_t maintainPdFailHistory;
> +    uint8_t disallowHostRequestReordering;
> +    uint8_t abortCCOnError;
> +    uint8_t loadBalanceMode;
> +    uint8_t disableAutoDetectBackplane;
> +    uint8_t snapVDSpace;
> +    struct {
> +        /* set TRUE to disable copyBack (0=copyback enabled) */
> +        uint32_t copyBackDisabled:1,
> +            SMARTerEnabled:1,
> +            prCorrectUnconfiguredAreas:1,
> +            useFdeOnly:1,
> +            disableNCQ:1,
> +            SSDSMARTerEnabled:1,
> +            SSDPatrolReadEnabled:1,
> +            enableSpinDownUnconfigured:1,
> +            autoEnhancedImport:1,
> +            enableSecretKeyControl:1,
> +            disableOnlineCtrlReset:1,
> +            allowBootWithPinnedCache:1,
> +            disableSpinDownHS:1,
> +            enableJBOD:1,
> +            reserved:18;
> +    } OnOffProperties;
> +    uint8_t autoSnapVDSpace; /* % of source LD to be
> +                              * reserved for auto snapshot
> +                              * in snapshot repository, for
> +                              * metadata and user data
> +                              * 1=5%, 2=10%, 3=15% and so on
> +                              */
> +    uint8_t viewSpace;       /* snapshot writeable VIEWs
> +                              * capacity as a % of source LD
> +                              * capacity. 0=READ only
> +                              * 1=5%, 2=10%, 3=15% and so on
> +                              */
> +    uint16_t spinDownTime;    /* # of idle minutes before device
> +                               * is spun down (0=use FW defaults)
> +                               */
> +    uint8_t reserved[24];
> +} __attribute__ ((packed));
> +
> +/* PCI information about the card. */
> +struct mfi_info_pci {
> +    uint16_t vendor;
> +    uint16_t device;
> +    uint16_t subvendor;
> +    uint16_t subdevice;
> +    uint8_t reserved[24];
> +} __attribute__ ((packed));
> +
> +/* Host (front end) interface information */
> +struct mfi_info_host {
> +    uint8_t type;
> +#define MFI_INFO_HOST_PCIX      0x01
> +#define MFI_INFO_HOST_PCIE      0x02
> +#define MFI_INFO_HOST_ISCSI     0x04
> +#define MFI_INFO_HOST_SAS3G     0x08
> +    uint8_t reserved[6];
> +    uint8_t port_count;
> +    uint64_t port_addr[8];
> +} __attribute__ ((packed));
> +
> +/* Device (back end) interface information */
> +struct mfi_info_device {
> +    uint8_t type;
> +#define MFI_INFO_DEV_SPI        0x01
> +#define MFI_INFO_DEV_SAS3G      0x02
> +#define MFI_INFO_DEV_SATA1      0x04
> +#define MFI_INFO_DEV_SATA3G     0x08
> +    uint8_t reserved[6];
> +    uint8_t port_count;
> +    uint64_t port_addr[8];
> +} __attribute__ ((packed));
> +
> +/* Firmware component information */
> +struct mfi_info_component {
> +    char name[8];
> +    char version[32];
> +    char build_date[16];
> +    char build_time[16];
> +} __attribute__ ((packed));
> +
> +/* Controller default settings */
> +struct mfi_defaults {
> +    uint64_t sas_addr;
> +    uint8_t phy_polarity;
> +    uint8_t background_rate;
> +    uint8_t stripe_size;
> +    uint8_t flush_time;
> +    uint8_t write_back;
> +    uint8_t read_ahead;
> +    uint8_t cache_when_bbu_bad;
> +    uint8_t cached_io;
> +    uint8_t smart_mode;
> +    uint8_t alarm_disable;
> +    uint8_t coercion;
> +    uint8_t zrc_config;
> +    uint8_t dirty_led_shows_drive_activity;
> +    uint8_t bios_continue_on_error;
> +    uint8_t spindown_mode;
> +    uint8_t allowed_device_types;
> +    uint8_t allow_mix_in_enclosure;
> +    uint8_t allow_mix_in_ld;
> +    uint8_t allow_sata_in_cluster;
> +    uint8_t max_chained_enclosures;
> +    uint8_t disable_ctrl_r;
> +    uint8_t enable_web_bios;
> +    uint8_t phy_polarity_split;
> +    uint8_t direct_pd_mapping;
> +    uint8_t bios_enumerate_lds;
> +    uint8_t restored_hot_spare_on_insertion;
> +    uint8_t expose_enclosure_devices;
> +    uint8_t maintain_pd_fail_history;
> +    uint8_t disable_puncture;
> +    uint8_t zero_based_enumeration;
> +    uint8_t disable_preboot_cli;
> +    uint8_t show_drive_led_on_activity;
> +    uint8_t cluster_disable;
> +    uint8_t sas_disable;
> +    uint8_t auto_detect_backplane;
> +    uint8_t fde_only;
> +    uint8_t delay_during_post;
> +    uint8_t resv[19];
> +} __attribute__ ((packed));
> +
> +/* Controller default settings */
> +struct mfi_bios_data {
> +    uint16_t boot_target_id;
> +    uint8_t do_not_int_13;
> +    uint8_t continue_on_error;
> +    uint8_t verbose;
> +    uint8_t geometry;
> +    uint8_t expose_all_drives;
> +    uint8_t reserved[56];
> +    uint8_t check_sum;
> +} __attribute__ ((packed));
> +
> +/* SAS (?) controller info, returned from MFI_DCMD_CTRL_GETINFO. */
> +struct mfi_ctrl_info {
> +    struct mfi_info_pci pci;
> +    struct mfi_info_host host;
> +    struct mfi_info_device device;
> +
> +    /* Firmware components that are present and active. */
> +    uint32_t image_check_word;
> +    uint32_t image_component_count;
> +    struct mfi_info_component image_component[8];
> +
> +    /* Firmware components that have been flashed but are inactive */
> +    uint32_t pending_image_component_count;
> +    struct mfi_info_component pending_image_component[8];
> +
> +    uint8_t max_arms;
> +    uint8_t max_spans;
> +    uint8_t max_arrays;
> +    uint8_t max_lds;
> +    char product_name[80];
> +    char serial_number[32];
> +    uint32_t hw_present;
> +#define MFI_INFO_HW_BBU         0x01
> +#define MFI_INFO_HW_ALARM       0x02
> +#define MFI_INFO_HW_NVRAM       0x04
> +#define MFI_INFO_HW_UART        0x08
> +#define MFI_INFO_HW_MEM         0x10
> +#define MFI_INFO_HW_FLASH       0x20
> +    uint32_t current_fw_time;
> +    uint16_t max_cmds;
> +    uint16_t max_sg_elements;
> +    uint32_t max_request_size;
> +    uint16_t lds_present;
> +    uint16_t lds_degraded;
> +    uint16_t lds_offline;
> +    uint16_t pd_present;
> +    uint16_t pd_disks_present;
> +    uint16_t pd_disks_pred_failure;
> +    uint16_t pd_disks_failed;
> +    uint16_t nvram_size;
> +    uint16_t memory_size;
> +    uint16_t flash_size;
> +    uint16_t ram_correctable_errors;
> +    uint16_t ram_uncorrectable_errors;
> +    uint8_t cluster_allowed;
> +    uint8_t cluster_active;
> +    uint16_t max_strips_per_io;
> +
> +    uint32_t raid_levels;
> +#define MFI_INFO_RAID_0         0x01
> +#define MFI_INFO_RAID_1         0x02
> +#define MFI_INFO_RAID_5         0x04
> +#define MFI_INFO_RAID_1E        0x08
> +#define MFI_INFO_RAID_6         0x10
> +
> +    uint32_t adapter_ops;
> +#define MFI_INFO_AOPS_RBLD_RATE         0x0001
> +#define MFI_INFO_AOPS_CC_RATE           0x0002
> +#define MFI_INFO_AOPS_BGI_RATE          0x0004
> +#define MFI_INFO_AOPS_RECON_RATE        0x0008
> +#define MFI_INFO_AOPS_PATROL_RATE       0x0010
> +#define MFI_INFO_AOPS_ALARM_CONTROL     0x0020
> +#define MFI_INFO_AOPS_CLUSTER_SUPPORTED 0x0040
> +#define MFI_INFO_AOPS_BBU               0x0080
> +#define MFI_INFO_AOPS_SPANNING_ALLOWED  0x0100
> +#define MFI_INFO_AOPS_DEDICATED_SPARES  0x0200
> +#define MFI_INFO_AOPS_REVERTIBLE_SPARES 0x0400
> +#define MFI_INFO_AOPS_FOREIGN_IMPORT    0x0800
> +#define MFI_INFO_AOPS_SELF_DIAGNOSTIC   0x1000
> +#define MFI_INFO_AOPS_MIXED_ARRAY       0x2000
> +#define MFI_INFO_AOPS_GLOBAL_SPARES     0x4000
> +
> +    uint32_t ld_ops;
> +#define MFI_INFO_LDOPS_READ_POLICY      0x01
> +#define MFI_INFO_LDOPS_WRITE_POLICY     0x02
> +#define MFI_INFO_LDOPS_IO_POLICY        0x04
> +#define MFI_INFO_LDOPS_ACCESS_POLICY    0x08
> +#define MFI_INFO_LDOPS_DISK_CACHE_POLICY 0x10
> +
> +    struct {
> +        uint8_t min;
> +        uint8_t max;
> +        uint8_t reserved[2];
> +    } __attribute__ ((packed)) stripe_sz_ops;
> +
> +    uint32_t pd_ops;
> +#define MFI_INFO_PDOPS_FORCE_ONLINE     0x01
> +#define MFI_INFO_PDOPS_FORCE_OFFLINE    0x02
> +#define MFI_INFO_PDOPS_FORCE_REBUILD    0x04
> +
> +    uint32_t pd_mix_support;
> +#define MFI_INFO_PDMIX_SAS              0x01
> +#define MFI_INFO_PDMIX_SATA             0x02
> +#define MFI_INFO_PDMIX_ENCL             0x04
> +#define MFI_INFO_PDMIX_LD               0x08
> +#define MFI_INFO_PDMIX_SATA_CLUSTER     0x10
> +
> +    uint8_t ecc_bucket_count;
> +    uint8_t reserved2[11];
> +    struct mfi_ctrl_props properties;
> +    char package_version[0x60];
> +    uint8_t pad[0x800 - 0x6a0];
> +} __attribute__ ((packed));
> +
> +/* keep track of an event. */
> +union mfi_evt {
> +    struct {
> +        uint16_t locale;
> +        uint8_t reserved;
> +        int8_t class;
> +    } members;
> +    uint32_t word;
> +} __attribute__ ((packed));
> +
> +/* event log state. */
> +struct mfi_evt_log_state {
> +    uint32_t newest_seq_num;
> +    uint32_t oldest_seq_num;
> +    uint32_t clear_seq_num;
> +    uint32_t shutdown_seq_num;
> +    uint32_t boot_seq_num;
> +} __attribute__ ((packed));
> +
> +struct mfi_progress {
> +    uint16_t progress;
> +    uint16_t elapsed_seconds;
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_ld {
> +    uint16_t target_id;
> +    uint8_t ld_index;
> +    uint8_t reserved;
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_pd {
> +    uint16_t device_id;
> +    uint8_t enclosure_index;
> +    uint8_t slot_number;
> +} __attribute__ ((packed));
> +
> +/* event detail, returned from MFI_DCMD_CTRL_EVENT_WAIT. */
> +struct mfi_evt_detail {
> +    uint32_t seq;
> +    uint32_t time;
> +    uint32_t code;
> +    union mfi_evt class;
> +    uint8_t arg_type;
> +    uint8_t reserved1[15];
> +
> +    union {
> +        struct {
> +            struct mfi_evt_pd pd;
> +            uint8_t cdb_len;
> +            uint8_t sense_len;
> +            uint8_t reserved[2];
> +            uint8_t cdb[16];
> +            uint8_t sense[64];
> +        } cdb_sense;
> +
> +        struct mfi_evt_ld ld;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint64_t count;
> +        } ld_count;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_ld ld;
> +        } ld_lba;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint32_t pre_owner;
> +            uint32_t new_owner;
> +        } ld_owner;
> +
> +        struct {
> +            uint64_t ld_lba;
> +            uint64_t pd_lba;
> +            struct mfi_evt_ld ld;
> +            struct mfi_evt_pd pd;
> +        } ld_lba_pd_lba;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            struct mfi_progress prog;
> +        } ld_prog;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint32_t prev_state;
> +            uint32_t new_state;
> +        } ld_state;
> +
> +        struct {
> +            uint64_t strip;
> +            struct mfi_evt_ld ld;
> +        } ld_strip;
> +
> +        struct mfi_evt_pd pd;
> +
> +        struct {
> +            struct mfi_evt_pd pd;
> +            uint32_t err;
> +        } pd_err;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_pd pd;
> +        } pd_lba;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_pd pd;
> +            struct mfi_evt_ld ld;
> +        } pd_lba_ld;
> +
> +        struct {
> +            struct mfi_evt_pd pd;
> +            struct mfi_progress prog;
> +        } pd_prog;
> +
> +        struct {
> +            struct mfi_evt_pd ld;
> +            uint32_t prev_state;
> +            uint32_t new_state;
> +        } pd_state;
> +
> +        struct {
> +            uint16_t venderId;
> +            uint16_t deviceId;
> +            uint16_t subVenderId;
> +            uint16_t subDeviceId;
> +        } pci;
> +
> +        uint32_t rate;
> +
> +        char str[96];
> +
> +        struct {
> +            uint32_t rtc;
> +            uint16_t elapsedSeconds;
> +        } time;
> +
> +        struct {
> +            uint32_t ecar;
> +            uint32_t elog;
> +            char str[64];
> +        } ecc;
> +
> +        uint8_t b[96];
> +        uint16_t s[48];
> +        uint32_t w[24];
> +        uint64_t d[12];
> +    } args;
> +
> +    char description[128];
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_list {
> +    uint32_t count;
> +    uint32_t reserved;
> +    struct mfi_evt_detail event[1];
> +} __attribute__ ((packed));
> +
> +union mfi_pd_ref {
> +    struct {
> +        uint16_t device_id;
> +        uint16_t seq_num;
> +    } v;
> +    uint32_t ref;
> +} __attribute__ ((packed));
> +
> +union mfi_pd_ddf_type {
> +    struct {
> +        union {
> +            struct {
> +                uint16_t forced_pd_guid:1,
> +                    in_vd:1,
> +                    is_global_spare:1,
> +                    is_spare:1,
> +                    is_foreign:1,
> +                    reserved:7,
> +                    intf:4;
> +            } pd_type;
> +            uint16_t type;
> +        } v;
> +        uint16_t reserved;
> +    } ddf;
> +    struct {
> +        uint32_t reserved;
> +    } non_disk;
> +    uint32_t type;
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_progress {
> +    struct {
> +        uint32_t rbld:1,
> +            patrol:1 ,
> +            clear:1,
> +            reserved:29;
> +    } active;
> +    struct mfi_progress rbld;
> +    struct mfi_progress patrol;
> +    struct mfi_progress clear;
> +    struct mfi_progress reserved[4];
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_info {
> +    union mfi_pd_ref ref;
> +    uint8_t inquiry_data[96];
> +    uint8_t vpd_page83[64];
> +    uint8_t not_supported;
> +    uint8_t scsi_dev_type;
> +    uint8_t connected_port_bitmap;
> +    uint8_t device_speed;
> +    uint32_t media_err_count;
> +    uint32_t other_err_count;
> +    uint32_t pred_fail_count;
> +    uint32_t last_pred_fail_event_seq_num;
> +    uint16_t fw_state;
> +    uint8_t disable_for_removal;
> +    uint8_t link_speed;
> +    union mfi_pd_ddf_type state;
> +    struct {
> +        uint8_t count;
> +        uint8_t is_path_broken;
> +        uint8_t reserved[6];
> +        uint64_t sas_addr[4];
> +    } path_info;
> +    uint64_t raw_size;
> +    uint64_t non_coerced_size;
> +    uint64_t coerced_size;
> +    uint16_t encl_device_id;
> +    uint8_t encl_index;
> +    uint8_t slot_number;
> +    struct mfi_pd_progress prog_info;
> +    uint8_t bad_block_table_full;
> +    uint8_t unusable_in_current_config;
> +    uint8_t vpd_page83_ext[64];
> +    uint8_t reserved[512-358];
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_address {
> +    uint16_t device_id;
> +    uint16_t encl_device_id;
> +    uint8_t encl_index;
> +    uint8_t slot_number;
> +    uint8_t scsi_dev_type;
> +    uint8_t connect_port_bitmap;
> +    uint64_t sas_addr[2];
> +} __attribute__ ((packed));
> +
> +#define MAX_SYS_PDS 240
> +struct mfi_pd_list {
> +    uint32_t size;
> +    uint32_t count;
> +    struct mfi_pd_address addr[MAX_SYS_PDS];
> +} __attribute__ ((packed));
> +
> +union mfi_ld_ref {
> +    struct {
> +        uint8_t target_id;
> +        uint8_t reserved;
> +        uint16_t seq;
> +    } v;
> +    uint32_t ref;
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_list {
> +    uint32_t ld_count;
> +    uint32_t reserved1;
> +    struct {
> +        union mfi_ld_ref ld;
> +        uint8_t state;
> +        uint8_t reserved2[3];
> +        uint64_t size;
> +    } ld_list[MFI_MAX_LD];
> +} __attribute__ ((packed));
> +
> +enum mfi_ld_access {
> +    MFI_LD_ACCESS_RW =          0,
> +    MFI_LD_ACCSSS_RO =          2,
> +    MFI_LD_ACCESS_BLOCKED =     3,
> +};
> +#define MFI_LD_ACCESS_MASK      3
> +
> +enum mfi_ld_state {
> +    MFI_LD_STATE_OFFLINE =              0,
> +    MFI_LD_STATE_PARTIALLY_DEGRADED =   1,
> +    MFI_LD_STATE_DEGRADED =             2,
> +    MFI_LD_STATE_OPTIMAL =              3
> +};
> +
> +enum mfi_syspd_state {
> +    MFI_PD_STATE_UNCONFIGURED_GOOD =    0x00,
> +    MFI_PD_STATE_UNCONFIGURED_BAD =     0x01,
> +    MFI_PD_STATE_HOT_SPARE =            0x02,
> +    MFI_PD_STATE_OFFLINE =              0x10,
> +    MFI_PD_STATE_FAILED =               0x11,
> +    MFI_PD_STATE_REBUILD =              0x14,
> +    MFI_PD_STATE_ONLINE =               0x18,
> +    MFI_PD_STATE_COPYBACK =             0x20,
> +    MFI_PD_STATE_SYSTEM =               0x40
> +};
> +
> +struct mfi_ld_props {
> +    union mfi_ld_ref ld;
> +    char name[16];
> +    uint8_t default_cache_policy;
> +    uint8_t access_policy;
> +    uint8_t disk_cache_policy;
> +    uint8_t current_cache_policy;
> +    uint8_t no_bgi;
> +    uint8_t reserved[7];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_params {
> +    uint8_t primary_raid_level;
> +    uint8_t raid_level_qualifier;
> +    uint8_t secondary_raid_level;
> +    uint8_t stripe_size;
> +    uint8_t num_drives;
> +    uint8_t span_depth;
> +    uint8_t state;
> +    uint8_t init_state;
> +    uint8_t is_consistent;
> +    uint8_t reserved[23];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_progress {
> +    uint32_t            active;
> +#define MFI_LD_PROGRESS_CC      (1<<0)
> +#define MFI_LD_PROGRESS_BGI     (1<<1)
> +#define MFI_LD_PROGRESS_FGI     (1<<2)
> +#define MFI_LD_PORGRESS_RECON   (1<<3)
> +    struct mfi_progress cc;
> +    struct mfi_progress bgi;
> +    struct mfi_progress fgi;
> +    struct mfi_progress recon;
> +    struct mfi_progress reserved[4];
> +} __attribute__ ((packed));
> +
> +struct mfi_span {
> +    uint64_t start_block;
> +    uint64_t num_blocks;
> +    uint16_t array_ref;
> +    uint8_t reserved[6];
> +} __attribute__ ((packed));
> +
> +#define MFI_MAX_SPAN_DEPTH      8
> +struct mfi_ld_config {
> +    struct mfi_ld_props properties;
> +    struct mfi_ld_params params;
> +    struct mfi_span span[MFI_MAX_SPAN_DEPTH];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_info {
> +    struct mfi_ld_config ld_config;
> +    uint64_t size;
> +    struct mfi_ld_progress progress;
> +    uint16_t cluster_owner;
> +    uint8_t reconstruct_active;
> +    uint8_t reserved1[1];
> +    uint8_t vpd_page83[64];
> +    uint8_t reserved2[16];
> +} __attribute__ ((packed));
> +
> +union mfi_spare_type {
> +    struct {
> +        uint8_t is_dedicate:1,
> +            is_revertable:1,
> +            is_encl_affinity:1,
> +            reserved:5;
> +    } v;
> +    uint8_t type;
> +} __attribute__ ((packed));
> +
> +#define MAX_ARRAYS 16
> +struct mfi_spare {
> +    union mfi_pd_ref ref;
> +    union mfi_spare_type spare_type;
> +    uint8_t reserved[2];
> +    uint8_t array_count;
> +    uint16_t array_refd[MAX_ARRAYS];
> +} __attribute__ ((packed));
> +
> +#define MAX_ROW_SIZE 32
> +struct mfi_array {
> +    uint64_t size;
> +    uint8_t num_drives;
> +    uint8_t reserved;
> +    uint16_t array_ref;
> +    uint8_t pad[20];
> +    struct {
> +        union mfi_pd_ref ref;
> +        uint16_t fw_state;
> +        struct {
> +            uint8_t pd;
> +            uint8_t slot;
> +        } encl;
> +    } pd[MAX_ROW_SIZE];
> +} __attribute__ ((packed));
> +
> +struct mfi_config_data {
> +    uint32_t size;
> +    uint16_t array_count;
> +    uint16_t array_size;
> +    uint16_t log_drv_count;
> +    uint16_t log_drv_size;
> +    uint16_t spares_count;
> +    uint16_t spares_size;
> +    uint8_t reserved[16];
> +    uint8_t data;
> +    /*
> +      struct mfi_array  array[];
> +      struct mfi_ld_config ld[];
> +      struct mfi_spare  spare[];
> +    */
> +} __attribute__ ((packed));
> +
> +#define MFI_SCSI_MAX_t ARGETS  128
> +#define MFI_SCSI_MAX_LUNS       8
> +#define MFI_SCSI_INITIATOR_ID 255
> +#define MFI_SCSI_MAX_CMDS       8
> +#define MFI_SCSI_MAX_CDB_LEN   16
> +
> +#endif /* _MFI_H */
> diff --git a/hw/pci_ids.h b/hw/pci_ids.h
> index e8235a7..0306255 100644
> --- a/hw/pci_ids.h
> +++ b/hw/pci_ids.h
> @@ -12,9 +12,9 @@
>
> #define PCI_BASE_CLASS_STORAGE           0x01
> #define PCI_BASE_CLASS_NETWORK           0x02
> -
> #define PCI_CLASS_STORAGE_SCSI           0x0100
> #define PCI_CLASS_STORAGE_IDE            0x0101
> +#define PCI_CLASS_STORAGE_RAID           0x0104
> #define PCI_CLASS_STORAGE_SATA           0x0106
> #define PCI_CLASS_STORAGE_OTHER          0x0180
>
> @@ -47,6 +47,7 @@
>
> #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
> #define PCI_DEVICE_ID_LSI_53C895A        0x0012
> +#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
>
> #define PCI_VENDOR_ID_DEC                0x1011
> #define PCI_DEVICE_ID_DEC_21154          0x0026
> -- 
> 1.7.3.4
>
>
>
Gerhard Wiesinger - Feb. 23, 2012, 7:03 a.m.
Ping?

Ciao,
Gerhard

--
http://www.wiesinger.com/


On Tue, 21 Feb 2012, Gerhard Wiesinger wrote:

> Hello Hannes,
>
> Can confirm that all issues are fixed now and v14 is ready for commit :-)
>
> Thank you for your support.
>
> Ciao,
> Gerhard
>
> --
> http://www.wiesinger.com/
>
> On Tue, 21 Feb 2012, Hannes Reinecke wrote:
>
>> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
>> I've tested it to work with Linux, Windows Vista, and Windows7.
>> MSI-X support is currently broken; have to investigate.
>> 
>> Changes since v13:
>> - Remove separate MSI-X BAR
>> - Simplify BAR allocation
>> 
>> Changes since v12:
>> - Fixup flag setting via properties
>> - Fixup MSI-X handling
>> - Disable MSI-X per default
>> 
>> Changes since v11:
>> - Remove unneeded variables
>> 
>> Changes since v10:
>> - Port to new device type API
>> - Include suggestion from Alex Graf:
>> - Remove 'inline' function declaration
>> - Queue setup and interrupt enablement needs to be treated
>>  independently
>> - Always read in 64 bit context and just mask out the top
>>  bits if required
>> 
>> Changes since v9:
>> - Split off trace events into a separate patch
>> - Do not check for max_luns in PD Info
>> - Update trace events
>> - Clarify license statement
>> - Fixup coding style issues
>> 
>> Changes since v8:
>> - Remove 'disable' keyword from trace definitions
>> - Convert hand-crafted debugging statements with trace
>>  definitions
>> - Treat 'context' tag as little endian
>> 
>> Changes since v7:
>> - Port to new memory API
>> - Port to new PCI infrastructure
>> - Use fixed buffers for sense processing
>> - Update to updated SCSI infrastructure
>> 
>> Changes since v6:
>> - Preliminary patches pushed to Kevins block tree
>> - Implement 64bit contexts, required for Windows7
>> - Use iovecs for DCMD processing
>> - Add MSI-X support
>>  Latest Linux driver now happily uses MSI-X.
>> - Static iovec allocation
>>  We have a fixed upper number of iovecs, so we can
>>  save us the allocation. Suggested by Alex Graf.
>> - Update MFI header
>>  Latest Linux driver has some more definitions,
>>  add them
>> - Fixup AEN handling
>> - Update tracing details
>> - Remove sdev pointer from megasas_cmd_t
>> 
>> Changes since v5:
>> - megasas: Use tracing infrastructure instead of DPRINTF
>> - megasas: Use new PCI infrastructure
>> - megasas: Check for iovec mapping failure
>>  cpu_map_physical_memory() might fail, so we need to check for
>>  it when mapping iovecs.
>> - megasas: Trace scsi buffer overflow
>>  The transfer length as specified in the SCSI command might
>>  disagree with the length of the iovec. We should be tracing
>>  these issues.
>> - megasas: Reset frames after init firmware
>>  When receiving an INIT FIRMWARE command we need reset all
>>  frames, otherwise some frames might point to invalid memory.
>> 
>> Chances since v4:
>> - megasas: checkpatch.pl fixes and update to work with the
>>  changed interface in scsi_req_new(). Also included the
>>  suggested fixes from Alex.
>> 
>> Signed-off-by: Hannes Reinecke <hare@suse.de>
>> Cc: Alexander Graf <agraf@suse.de>
>> Cc: Andreas Faerber <afaerber@suse.de>
>> Cc: Gerhard Wiesinger <lists@wiesinger.com>
>> ---
>> Makefile.objs           |    1 +
>> default-configs/pci.mak |    1 +
>> hw/megasas.c            | 1865 
>> +++++++++++++++++++++++++++++++++++++++++++++++
>> hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
>> hw/pci_ids.h            |    3 +-
>> 5 files changed, 3150 insertions(+), 1 deletions(-)
>> create mode 100644 hw/megasas.c
>> create mode 100644 hw/mfi.h
>> 
>> diff --git a/Makefile.objs b/Makefile.objs
>> index 391e524..5841998 100644
>> --- a/Makefile.objs
>> +++ b/Makefile.objs
>> @@ -283,6 +283,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
>> 
>> # SCSI layer
>> hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
>> +hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
>> hw-obj-$(CONFIG_ESP) += esp.o
>> 
>> hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
>> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
>> index 9d3e1db..4b49c00 100644
>> --- a/default-configs/pci.mak
>> +++ b/default-configs/pci.mak
>> @@ -10,6 +10,7 @@ CONFIG_EEPRO100_PCI=y
>> CONFIG_PCNET_PCI=y
>> CONFIG_PCNET_COMMON=y
>> CONFIG_LSI_SCSI_PCI=y
>> +CONFIG_MEGASAS_SCSI_PCI=y
>> CONFIG_RTL8139_PCI=y
>> CONFIG_E1000_PCI=y
>> CONFIG_IDE_CORE=y
>> diff --git a/hw/megasas.c b/hw/megasas.c
>> new file mode 100644
>> index 0000000..083c3d3
>> --- /dev/null
>> +++ b/hw/megasas.c
>> @@ -0,0 +1,1865 @@
>> +/*
>> + * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
>> + *
>> + * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
>> + *
>> + * This library is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU Lesser General Public
>> + * License as published by the Free Software Foundation; either
>> + * version 2 of the License, or (at your option) any later version.
>> + *
>> + * This library is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> + * Lesser General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU Lesser General Public
>> + * License along with this library; if not, see 
>> <http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#include "hw.h"
>> +#include "pci.h"
>> +#include "dma.h"
>> +#include "msix.h"
>> +#include "iov.h"
>> +#include "scsi.h"
>> +#include "scsi-defs.h"
>> +#include "block_int.h"
>> +
>> +#include "mfi.h"
>> +
>> +/* Static definitions */
>> +#define MEGASAS_VERSION "1.60"
>> +#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
>> +#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
>> +#define MEGASAS_MAX_SGE 128             /* Firmware limit */
>> +#define MEGASAS_DEFAULT_SGE 80
>> +#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
>> +#define MEGASAS_MAX_ARRAYS 128
>> +
>> +#define MEGASAS_FLAG_USE_JBOD      0
>> +#define MEGASAS_MASK_USE_JBOD      (1 << MEGASAS_FLAG_USE_JBOD)
>> +#define MEGASAS_FLAG_USE_MSIX      1
>> +#define MEGASAS_MASK_USE_MSIX      (1 << MEGASAS_FLAG_USE_MSIX)
>> +#define MEGASAS_FLAG_USE_QUEUE64   2
>> +#define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
>> +
>> +const char *megasas_raid_modes[] = {
>> +    "raid", "jbod"
>> +};
>> +
>> +const char *mfi_frame_desc[] = {
>> +    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
>> +    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
>> +
>> +struct megasas_cmd_t {
>> +    uint32_t index;
>> +    uint16_t flags;
>> +    uint16_t count;
>> +    uint64_t context;
>> +
>> +    target_phys_addr_t pa;
>> +    target_phys_addr_t pa_size;
>> +    union mfi_frame *frame;
>> +    SCSIRequest *req;
>> +    struct iovec iov[MEGASAS_MAX_SGE];
>> +    int iov_cnt;
>> +    size_t iov_size;
>> +    size_t iov_offset;
>> +    struct megasas_state_t *state;
>> +};
>> +
>> +typedef struct megasas_state_t {
>> +    PCIDevice dev;
>> +    MemoryRegion mmio_io;
>> +    MemoryRegion port_io;
>> +    MemoryRegion queue_io;
>> +    uint32_t frame_hi;
>> +
>> +    int fw_state;
>> +    uint32_t fw_sge;
>> +    uint32_t fw_cmds;
>> +    uint32_t flags;
>> +    int fw_luns;
>> +    int intr_mask;
>> +    int doorbell;
>> +    int busy;
>> +    char *raid_mode_str;
>> +
>> +    struct megasas_cmd_t *event_cmd;
>> +    int event_locale;
>> +    int event_class;
>> +    int event_count;
>> +    int shutdown_event;
>> +    int boot_event;
>> +
>> +    uint64_t reply_queue_pa;
>> +    void *reply_queue;
>> +    int reply_queue_len;
>> +    int reply_queue_head;
>> +    int reply_queue_tail;
>> +    uint64_t consumer_pa;
>> +    uint64_t producer_pa;
>> +
>> +    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
>> +
>> +    SCSIBus bus;
>> +} MPTState;
>> +
>> +#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
>> +
>> +static bool megasas_intr_enabled(MPTState *s)
>> +{
>> +    if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
>> +        MEGASAS_INTR_DISABLED_MASK) {
>> +        return true;
>> +    }
>> +    return false;
>> +}
>> +
>> +static bool megasas_use_queue64(MPTState *s)
>> +{
>> +    return s->flags & MEGASAS_MASK_USE_QUEUE64;
>> +}
>> +
>> +static bool megasas_use_msix(MPTState *s)
>> +{
>> +    return s->flags & MEGASAS_MASK_USE_MSIX;
>> +}
>> +
>> +static bool megasas_is_jbod(MPTState *s)
>> +{
>> +    return s->flags & MEGASAS_MASK_USE_JBOD;
>> +}
>> +
>> +static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
>> +{
>> +    stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
>> +}
>> +
>> +static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
>> +{
>> +    stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
>> +}
>> +
>> +/*
>> + * Context is considered opaque, but the HBA firmware is running
>> + * in little endian mode. So convert it to little endian, too.
>> + */
>> +static uint64_t megasas_frame_get_context(unsigned long frame)
>> +{
>> +    return ldq_le_phys(frame + offsetof(struct mfi_frame_header, 
>> context));
>> +}
>> +
>> +static bool megasas_frame_is_ieee_sgl(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags & MFI_FRAME_IEEE_SGL;
>> +}
>> +
>> +static bool megasas_frame_is_sgl64(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags & MFI_FRAME_SGL64;
>> +}
>> +
>> +static bool megasas_frame_is_write(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags & MFI_FRAME_DIR_WRITE;
>> +}
>> +
>> +static bool megasas_frame_is_sense64(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags & MFI_FRAME_SENSE64;
>> +}
>> +
>> +static uint64_t megasas_sgl_get_addr(struct megasas_cmd_t *cmd,
>> +                                     union mfi_sgl *sgl)
>> +{
>> +    uint64_t addr;
>> +
>> +    if (megasas_frame_is_ieee_sgl(cmd)) {
>> +        addr = le64_to_cpu(sgl->sg_skinny->addr);
>> +    } else if (megasas_frame_is_sgl64(cmd)) {
>> +        addr = le64_to_cpu(sgl->sg64->addr);
>> +    } else {
>> +        addr = le32_to_cpu(sgl->sg32->addr);
>> +    }
>> +    return addr;
>> +}
>> +
>> +static uint32_t megasas_sgl_get_len(struct megasas_cmd_t *cmd,
>> +                                    union mfi_sgl *sgl)
>> +{
>> +    uint32_t len;
>> +
>> +    if (megasas_frame_is_ieee_sgl(cmd)) {
>> +        len = le32_to_cpu(sgl->sg_skinny->len);
>> +    } else if (megasas_frame_is_sgl64(cmd)) {
>> +        len = le32_to_cpu(sgl->sg64->len);
>> +    } else {
>> +        len = le32_to_cpu(sgl->sg32->len);
>> +    }
>> +    return len;
>> +}
>> +
>> +static union mfi_sgl *megasas_sgl_next(struct megasas_cmd_t *cmd,
>> +                                       union mfi_sgl *sgl)
>> +{
>> +    uint8_t *next = (uint8_t *)sgl;
>> +
>> +    if (megasas_frame_is_ieee_sgl(cmd)) {
>> +        next += sizeof(struct mfi_sg_skinny);
>> +    } else if (megasas_frame_is_sgl64(cmd)) {
>> +        next += sizeof(struct mfi_sg64);
>> +    } else {
>> +        next += sizeof(struct mfi_sg32);
>> +    }
>> +
>> +    if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
>> +        return NULL;
>> +    }
>> +    return (union mfi_sgl *)next;
>> +}
>> +
>> +static void megasas_soft_reset(MPTState *s);
>> +
>> +static int megasas_map_sgl(struct megasas_cmd_t *cmd, union mfi_sgl *sgl)
>> +{
>> +    int i;
>> +    int is_write;
>> +    int iov_count = 0;
>> +    size_t iov_size = 0;
>> +
>> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
>> +    cmd->iov_cnt = iov_count = cmd->frame->header.sge_count;
>> +    if (cmd->iov_cnt > MEGASAS_MAX_SGE) {
>> +        cmd->iov_cnt = 0;
>> +        return iov_count;
>> +    }
>> +    is_write = megasas_frame_is_write(cmd);
>> +    for (i = 0; i < cmd->iov_cnt; i++) {
>> +        target_phys_addr_t iov_pa, iov_size_p;
>> +
>> +        if (!sgl) {
>> +            goto unmap;
>> +        }
>> +        iov_pa = megasas_sgl_get_addr(cmd, sgl);
>> +        cmd->iov[i].iov_len = iov_size_p = megasas_sgl_get_len(cmd, sgl);
>> +        if (!iov_pa || !iov_size_p) {
>> +            goto unmap;
>> +        }
>> +        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa, 
>> &iov_size_p,
>> +                                                       is_write);
>> +        if (!iov_size_p || iov_size_p != cmd->iov[i].iov_len) {
>> +            if (cmd->iov[i].iov_base) {
>> +                cpu_physical_memory_unmap(cmd->iov[i].iov_base,
>> +                                          iov_size_p, 0, 0);
>> +            }
>> +            goto unmap;
>> +        }
>> +        sgl = megasas_sgl_next(cmd, sgl);
>> +        iov_size += cmd->iov[i].iov_len;
>> +        iov_count--;
>> +    }
>> +    cmd->iov[i].iov_base = NULL;
>> +    cmd->iov[i].iov_len = 0;
>> +    cmd->iov_offset = 0;
>> +    return 0;
>> +unmap:
>> +    while (i > 0) {
>> +        cpu_physical_memory_unmap(cmd->iov[i-1].iov_base,
>> +                                  cmd->iov[i-1].iov_len, 0, 0);
>> +        i--;
>> +    }
>> +    cmd->iov_cnt = 0;
>> +    return iov_count;
>> +}
>> +
>> +static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
>> +{
>> +    int i, is_write = megasas_frame_is_write(cmd);
>> +
>> +    for (i = 0; i < cmd->iov_cnt; i++) {
>> +        cpu_physical_memory_unmap(cmd->iov[i].iov_base, 
>> cmd->iov[i].iov_len,
>> +                                  is_write, cmd->iov[i].iov_len);
>> +    }
>> +    cmd->iov_cnt = 0;
>> +    cmd->iov_offset = 0;
>> +}
>> +
>> +/*
>> + * passthrough sense and io sense are at the same offset
>> + */
>> +static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t 
>> *sense_ptr,
>> +    uint8_t sense_len)
>> +{
>> +    uint32_t pa_hi = 0, pa_lo;
>> +    target_phys_addr_t pa;
>> +
>> +    if (sense_len > cmd->frame->header.sense_len) {
>> +        sense_len = cmd->frame->header.sense_len;
>> +    }
>> +
>> +    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
>> +    if (megasas_frame_is_sense64(cmd)) {
>> +        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
>> +    }
>> +    pa = ((uint64_t) pa_hi << 32) | pa_lo;
>> +    cpu_physical_memory_write(pa, sense_ptr, sense_len);
>> +    cmd->frame->header.sense_len = sense_len;
>> +    return sense_len;
>> +}
>> +
>> +static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense 
>> sense)
>> +{
>> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
>> +    uint8_t sense_len = 18;
>> +
>> +    memset(sense_buf, 0, sense_len);
>> +    sense_buf[0] = 0xf0;
>> +    sense_buf[2] = sense.key;
>> +    sense_buf[7] = 10;
>> +    sense_buf[12] = sense.asc;
>> +    sense_buf[13] = sense.ascq;
>> +    megasas_build_sense(cmd, sense_buf, sense_len);
>> +}
>> +
>> +static void megasas_copy_sense(struct megasas_cmd_t *cmd)
>> +{
>> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
>> +    uint8_t sense_len;
>> +
>> +    sense_len = scsi_req_get_sense(cmd->req, sense_buf,
>> +                                   cmd->frame->header.sense_len);
>> +    megasas_build_sense(cmd, sense_buf, sense_len);
>> +}
>> +
>> +/*
>> + * Format an INQUIRY CDB
>> + */
>> +static int megasas_setup_inquiry(uint8_t *cdb, int pg,
>> +                                 uint8_t *buf, int len)
>> +{
>> +    memset(cdb, 0, 6);
>> +    cdb[0] = INQUIRY;
>> +    if (pg > 0) {
>> +        cdb[1] = 0x1;
>> +        cdb[2] = pg;
>> +    }
>> +    cdb[3] = (len >> 8) & 0xff;
>> +    cdb[4] = (len & 0xff);
>> +    return len;
>> +}
>> +
>> +/*
>> + * Encode lba and len into a READ_16/WRITE_16 CDB
>> + */
>> +static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
>> +                               uint32_t len, int is_write)
>> +{
>> +    memset(cdb, 0x0, 16);
>> +    if (is_write) {
>> +        cdb[0] = WRITE_16;
>> +    } else {
>> +        cdb[0] = READ_16;
>> +    }
>> +    cdb[2] = (lba >> 56) & 0xff;
>> +    cdb[3] = (lba >> 48) & 0xff;
>> +    cdb[4] = (lba >> 40) & 0xff;
>> +    cdb[5] = (lba >> 32) & 0xff;
>> +    cdb[6] = (lba >> 24) & 0xff;
>> +    cdb[7] = (lba >> 16) & 0xff;
>> +    cdb[8] = (lba >> 8) & 0xff;
>> +    cdb[9] = (lba) & 0xff;
>> +    cdb[10] = (len >> 24) & 0xff;
>> +    cdb[11] = (len >> 16) & 0xff;
>> +    cdb[12] = (len >> 8) & 0xff;
>> +    cdb[13] = (len) & 0xff;
>> +}
>> +
>> +/*
>> + * Utility functions
>> + */
>> +static uint64_t megasas_fw_time(void)
>> +{
>> +    struct tm curtime;
>> +    uint64_t bcd_time;
>> +
>> +    qemu_get_timedate(&curtime, 0);
>> +    bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
>> +        ((uint64_t)curtime.tm_min & 0xff)  << 40 |
>> +        ((uint64_t)curtime.tm_hour & 0xff) << 32 |
>> +        ((uint64_t)curtime.tm_mday & 0xff) << 24 |
>> +        ((uint64_t)curtime.tm_mon & 0xff)  << 16 |
>> +        ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
>> +
>> +    return bcd_time;
>> +}
>> +
>> +static uint64_t megasas_gen_sas_addr(uint64_t id)
>> +{
>> +    uint64_t addr;
>> +
>> +    addr = 0x5001a4aULL << 36;
>> +    addr |= id & 0xfffffffff;
>> +
>> +    return addr;
>> +}
>> +
>> +/*
>> + * Frame handling
>> + */
>> +static int megasas_next_index(MPTState *s, int index, int limit)
>> +{
>> +    index++;
>> +    if (index == limit) {
>> +        index = 0;
>> +    }
>> +    return index;
>> +}
>> +
>> +static struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
>> +    target_phys_addr_t frame)
>> +{
>> +    struct megasas_cmd_t *cmd = NULL;
>> +    int num = 0, index;
>> +
>> +    index = s->reply_queue_head;
>> +
>> +    while (num < s->fw_cmds) {
>> +        if (s->frames[index].pa && s->frames[index].pa == frame) {
>> +            cmd = &s->frames[index];
>> +            break;
>> +        }
>> +        index = megasas_next_index(s, index, s->fw_cmds);
>> +        num++;
>> +    }
>> +
>> +    return cmd;
>> +}
>> +
>> +static struct megasas_cmd_t *megasas_next_frame(MPTState *s,
>> +    target_phys_addr_t frame)
>> +{
>> +    struct megasas_cmd_t *cmd = NULL;
>> +    int num = 0, index;
>> +
>> +    cmd = megasas_lookup_frame(s, frame);
>> +    if (cmd) {
>> +        return cmd;
>> +    }
>> +    index = s->reply_queue_head;
>> +    num = 0;
>> +    while (num < s->fw_cmds) {
>> +        if (!s->frames[index].pa) {
>> +            cmd = &s->frames[index];
>> +            break;
>> +        }
>> +        index = megasas_next_index(s, index, s->fw_cmds);
>> +        num++;
>> +    }
>> +    return cmd;
>> +}
>> +
>> +static struct megasas_cmd_t *megasas_enqueue_frame(MPTState *s,
>> +    target_phys_addr_t frame, uint64_t context, int count)
>> +{
>> +    struct megasas_cmd_t *cmd = NULL;
>> +    int frame_size = MFI_FRAME_SIZE * 16;
>> +    target_phys_addr_t frame_size_p = frame_size;
>> +
>> +    cmd = megasas_next_frame(s, frame);
>> +    /* All frames busy */
>> +    if (!cmd) {
>> +        return NULL;
>> +    }
>> +    if (!cmd->pa) {
>> +        cmd->pa = frame;
>> +        /* Map all possible frames */
>> +        cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
>> +        if (frame_size_p != frame_size) {
>> +            if (cmd->frame) {
>> +                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
>> +                cmd->frame = NULL;
>> +                cmd->pa = 0;
>> +            }
>> +            s->event_count++;
>> +            return NULL;
>> +        }
>> +        cmd->pa_size = frame_size_p;
>> +        cmd->context = context;
>> +        if (!megasas_use_queue64(s)) {
>> +            cmd->context &= (uint64_t)0xFFFFFFFF;
>> +        }
>> +    }
>> +    cmd->count = count;
>> +    s->busy++;
>> +
>> +    return cmd;
>> +}
>> +
>> +static void megasas_complete_frame(MPTState *s, uint64_t context)
>> +{
>> +    int tail, queue_offset;
>> +
>> +    /* Decrement busy count */
>> +    s->busy--;
>> +
>> +    if (s->reply_queue_pa) {
>> +        /*
>> +         * Put command on the reply queue.
>> +         * Context is opaque, but emulation is running in
>> +         * little endian. So convert it.
>> +         */
>> +        tail = s->reply_queue_head;
>> +        if (megasas_use_queue64(s)) {
>> +            queue_offset = tail * sizeof(uint64_t);
>> +            stq_le_phys(s->reply_queue_pa + queue_offset, context);
>> +        } else {
>> +            queue_offset = tail * sizeof(uint32_t);
>> +            stl_le_phys(s->reply_queue_pa + queue_offset, context);
>> +        }
>> +
>> +        s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
>> +    }
>> +
>> +    if (megasas_intr_enabled(s)) {
>> +        /* Notify HBA */
>> +        s->doorbell++;
>> +        if (s->doorbell == 1) {
>> +            if (msix_enabled(&s->dev)) {
>> +                msix_notify(&s->dev, 0);
>> +            } else {
>> +                qemu_irq_raise(s->dev.irq[0]);
>> +            }
>> +        }
>> +    }
>> +}
>> +
>> +static void megasas_reset_frames(MPTState *s)
>> +{
>> +    int i;
>> +    struct megasas_cmd_t *cmd;
>> +
>> +    for (i = 0; i < s->fw_cmds; i++) {
>> +        cmd = &s->frames[i];
>> +        if (cmd->pa) {
>> +            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
>> +            cmd->frame = NULL;
>> +            cmd->pa = 0;
>> +        }
>> +    }
>> +}
>> +
>> +static void megasas_abort_command(struct megasas_cmd_t *cmd)
>> +{
>> +    if (cmd->req) {
>> +        scsi_req_abort(cmd->req, ABORTED_COMMAND);
>> +        cmd->req = NULL;
>> +    }
>> +}
>> +
>> +static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint32_t pa_hi, pa_lo;
>> +    target_phys_addr_t iq_pa, initq_size;
>> +    struct mfi_init_qinfo *initq;
>> +    uint32_t flags;
>> +    int ret = MFI_STAT_OK;
>> +
>> +    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
>> +    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
>> +    iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
>> +    initq_size = sizeof(*initq);
>> +    initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
>> +    if (!initq || initq_size != sizeof(*initq)) {
>> +        s->event_count++;
>> +        ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
>> +        goto out;
>> +    }
>> +    s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
>> +    if (s->reply_queue_len > s->fw_cmds) {
>> +        s->event_count++;
>> +        ret = MFI_STAT_INVALID_PARAMETER;
>> +        goto out;
>> +    }
>> +    pa_lo = le32_to_cpu(initq->rq_addr_lo);
>> +    pa_hi = le32_to_cpu(initq->rq_addr_hi);
>> +    s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
>> +    pa_lo = le32_to_cpu(initq->ci_addr_lo);
>> +    pa_hi = le32_to_cpu(initq->ci_addr_hi);
>> +    s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
>> +    pa_lo = le32_to_cpu(initq->pi_addr_lo);
>> +    pa_hi = le32_to_cpu(initq->pi_addr_hi);
>> +    s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
>> +    s->reply_queue_head = ldl_le_phys(s->producer_pa);
>> +    s->reply_queue_tail = ldl_le_phys(s->consumer_pa);
>> +    flags = le32_to_cpu(initq->flags);
>> +    if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
>> +        s->flags |= MEGASAS_MASK_USE_QUEUE64;
>> +    }
>> +    megasas_reset_frames(s);
>> +    s->fw_state = MFI_FWSTATE_OPERATIONAL;
>> +out:
>> +    if (initq) {
>> +        cpu_physical_memory_unmap(initq, initq_size, 0, 0);
>> +    }
>> +    return ret;
>> +}
>> +
>> +static int megasas_map_dcmd(struct megasas_cmd_t *cmd)
>> +{
>> +    target_phys_addr_t iov_pa, iov_size;
>> +
>> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
>> +    if (!cmd->frame->header.sge_count) {
>> +        cmd->iov_size = 0;
>> +        cmd->iov_cnt = 0;
>> +        return 0;
>> +    } else if (cmd->frame->header.sge_count > 1) {
>> +        cmd->iov_size = 0;
>> +        cmd->iov_cnt = 0;
>> +        return -1;
>> +    }
>> +    iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
>> +    iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
>> +    cmd->iov[0].iov_len = iov_size;
>> +    cmd->iov[0].iov_base = cpu_physical_memory_map(iov_pa, &iov_size, 1);
>> +    if (cmd->iov[0].iov_len != iov_size) {
>> +        if (cmd->iov[0].iov_base) {
>> +            cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size, 1, 
>> 0);
>> +        }
>> +        cmd->iov_size = 0;
>> +        cmd->iov_cnt = 0;
>> +        return -1;
>> +    }
>> +    cmd->iov_cnt = 1;
>> +    cmd->iov_size = iov_size;
>> +    return cmd->iov_size;
>> +}
>> +
>> +static void megasas_finish_dcmd(struct megasas_cmd_t *cmd)
>> +{
>> +    uint32_t iov_size = cmd->iov[0].iov_len;
>> +
>> +    if (!cmd->iov_cnt) {
>> +        return;
>> +    }
>> +
>> +    cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size,
>> +                              1, cmd->iov_size);
>> +
>> +    cmd->iov_cnt = 0;
>> +    if (iov_size > cmd->iov_size) {
>> +        if (megasas_frame_is_ieee_sgl(cmd)) {
>> +            cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
>> +        } else if (megasas_frame_is_sgl64(cmd)) {
>> +            cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
>> +        } else {
>> +            cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
>> +        }
>> +    }
>> +    cmd->iov_size = 0;
>> +    return;
>> +}
>> +
>> +static int megasas_ctrl_get_info(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_ctrl_info *info = cmd->iov[0].iov_base;
>> +    DeviceState *qdev;
>> +    int num_ld_disks = 0;
>> +
>> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
>> +        num_ld_disks++;
>> +    }
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_info)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    info->pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
>> +    info->pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
>> +    info->pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
>> +    info->pci.subdevice = cpu_to_le16(0x1013);
>> +
>> +    info->host.type = MFI_INFO_HOST_PCIX;
>> +    info->device.type = MFI_INFO_DEV_SAS3G;
>> +    info->device.port_count = 2;
>> +    info->device.port_addr[0] = 
>> cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
>> +
>> +    memcpy(info->product_name, "MegaRAID SAS 8708EM2", 20);
>> +    snprintf(info->serial_number, 32, "QEMU%08lx",
>> +             (unsigned long)s & 0xFFFFFFFF);
>> +    snprintf(info->package_version, 0x60, "%s-QEMU", QEMU_VERSION);
>> +    memcpy(info->image_component[0].name, "APP", 8);
>> +    memcpy(info->image_component[0].version, MEGASAS_VERSION "-QEMU", 32);
>> +    memcpy(info->image_component[0].build_date, __DATE__, 16);
>> +    memcpy(info->image_component[0].build_time, __TIME__, 16);
>> +    info->image_component_count = 1;
>> +    info->current_fw_time = cpu_to_le32(megasas_fw_time());
>> +    info->max_arms = 32;
>> +    info->max_spans = 8;
>> +    info->max_arrays = MEGASAS_MAX_ARRAYS;
>> +    info->max_lds = s->fw_luns;
>> +    info->max_cmds = cpu_to_le16(s->fw_cmds);
>> +    info->max_sg_elements = cpu_to_le16(s->fw_sge);
>> +    info->max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
>> +    info->lds_present = cpu_to_le16(num_ld_disks);
>> +    info->pd_present = cpu_to_le16(num_ld_disks + 1);
>> +    info->pd_disks_present = cpu_to_le16(num_ld_disks);
>> +    info->hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
>> +                                   MFI_INFO_HW_MEM |
>> +                                   MFI_INFO_HW_FLASH);
>> +    info->memory_size = cpu_to_le16(512);
>> +    info->nvram_size = cpu_to_le16(32);
>> +    info->flash_size = cpu_to_le16(16);
>> +    info->raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
>> +    info->adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
>> +                                    MFI_INFO_AOPS_SELF_DIAGNOSTIC |
>> +                                    MFI_INFO_AOPS_MIXED_ARRAY);
>> +    info->ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
>> +                               MFI_INFO_LDOPS_ACCESS_POLICY |
>> +                               MFI_INFO_LDOPS_IO_POLICY |
>> +                               MFI_INFO_LDOPS_WRITE_POLICY |
>> +                               MFI_INFO_LDOPS_READ_POLICY);
>> +    info->max_strips_per_io = cpu_to_le16(s->fw_sge);
>> +    info->stripe_sz_ops.min = 3;
>> +    info->stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
>> +    info->properties.pred_fail_poll_interval = cpu_to_le16(300);
>> +    info->properties.intr_throttle_cnt = cpu_to_le16(16);
>> +    info->properties.intr_throttle_timeout = cpu_to_le16(50);
>> +    info->properties.rebuild_rate = 30;
>> +    info->properties.patrol_read_rate = 30;
>> +    info->properties.bgi_rate = 30;
>> +    info->properties.cc_rate = 30;
>> +    info->properties.recon_rate = 30;
>> +    info->properties.cache_flush_interval = 4;
>> +    info->properties.spinup_drv_cnt = 2;
>> +    info->properties.spinup_delay = 6;
>> +    info->properties.ecc_bucket_size = 15;
>> +    info->properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
>> +    info->properties.expose_encl_devices = 1;
>> +    info->properties.OnOffProperties.enableJBOD = 1;
>> +    info->pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
>> +                               MFI_INFO_PDOPS_FORCE_OFFLINE);
>> +    info->pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
>> +                                       MFI_INFO_PDMIX_SATA |
>> +                                       MFI_INFO_PDMIX_LD);
>> +    cmd->iov_size = sizeof(struct mfi_ctrl_info);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_mfc_get_defaults(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    struct mfi_defaults *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size < sizeof(struct mfi_defaults)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    info->sas_addr = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
>> +    info->stripe_size = 3;
>> +    info->flush_time = 4;
>> +    info->background_rate = 30;
>> +    info->allow_mix_in_enclosure = 1;
>> +    info->allow_mix_in_ld = 1;
>> +    info->direct_pd_mapping = 1;
>> +    /* Enable for BIOS support */
>> +    info->bios_enumerate_lds = 1;
>> +    info->disable_ctrl_r = 1;
>> +    info->expose_enclosure_devices = 1;
>> +    info->disable_preboot_cli = 1;
>> +    info->cluster_disable = 1;
>> +
>> +    cmd->iov_size = sizeof(struct mfi_defaults);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_get_bios_info(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    struct mfi_bios_data *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size < sizeof(struct mfi_bios_data)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +    info->continue_on_error = 1;
>> +    info->verbose = 1;
>> +    if (megasas_is_jbod(s)) {
>> +        info->expose_all_drives = 1;
>> +    }
>> +
>> +    cmd->iov_size = sizeof(struct mfi_bios_data);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_get_fw_time(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    uint64_t fw_time;
>> +
>> +    fw_time = cpu_to_le64(megasas_fw_time());
>> +
>> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
>> +    cmd->iov_size = sizeof(fw_time);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_set_fw_time(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    uint64_t fw_time;
>> +
>> +    /* This is a dummy; setting of firmware time is not allowed */
>> +    memset(cmd->iov[0].iov_base, 0x0, cmd->iov_size);
>> +    memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
>> +
>> +    fw_time = cpu_to_le64(megasas_fw_time());
>> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
>> +    cmd->iov_size = sizeof(fw_time);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_event_info(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_evt_log_state *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +
>> +    info->newest_seq_num = cpu_to_le32(s->event_count);
>> +    info->shutdown_seq_num = cpu_to_le32(s->shutdown_event);
>> +    info->boot_seq_num = cpu_to_le32(s->boot_event);
>> +
>> +    cmd->iov_size = sizeof(struct mfi_evt_log_state);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_event_wait(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    union mfi_evt event;
>> +
>> +    if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +    s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
>> +    event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
>> +    s->event_locale = event.members.locale;
>> +    s->event_class = event.members.class;
>> +    s->event_cmd = cmd;
>> +    /* Decrease busy count; event frame doesn't count here */
>> +    s->busy--;
>> +    cmd->iov_size = sizeof(struct mfi_evt_detail);
>> +    return MFI_STAT_INVALID_STATUS;
>> +}
>> +
>> +static int megasas_dcmd_pd_get_list(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    struct mfi_pd_list *info = cmd->iov[0].iov_base;
>> +    DeviceState *qdev;
>> +    uint32_t offset, num_pd_disks = 0, max_luns;
>> +    uint16_t dev_id;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    offset = 8;
>> +    if (cmd->iov_size < (offset + sizeof(struct mfi_pd_address))) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    max_luns = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
>> +    if (max_luns > s->fw_luns) {
>> +        max_luns = s->fw_luns;
>> +    }
>> +
>> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
>> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
>> +
>> +        dev_id = sdev->id;
>> +        info->addr[num_pd_disks].device_id = cpu_to_le16(dev_id);
>> +        info->addr[num_pd_disks].encl_device_id = cpu_to_le16(dev_id);
>> +        info->addr[num_pd_disks].sas_addr[0] =
>> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
>> +        num_pd_disks++;
>> +        offset += sizeof(struct mfi_pd_address);
>> +    }
>> +
>> +    info->size = cpu_to_le32(offset);
>> +    info->count = cpu_to_le32(num_pd_disks);
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_pd_list_query(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    uint16_t flags;
>> +
>> +    /* mbox0 contains flags */
>> +    flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
>> +
>> +    if (flags == MR_PD_QUERY_TYPE_ALL || megasas_is_jbod(s)) {
>> +        return megasas_dcmd_pd_get_list(s, cmd);
>> +    }
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
>> +                                      struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
>> +    uint8_t cmdbuf[6];
>> +    SCSIRequest *req;
>> +    size_t len;
>> +
>> +    if (info->inquiry_data[4] == 0) {
>> +        /* Additional length is zero, resubmit */
>> +        megasas_setup_inquiry(cmdbuf, 0, info->inquiry_data,
>> +                              sizeof(info->inquiry_data));
>> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
>> +        if (!req) {
>> +            return MFI_STAT_FLASH_ALLOC_FAIL;
>> +        }
>> +        len = scsi_req_enqueue(req);
>> +        if (len > 0) {
>> +            cmd->iov_size = len;
>> +            scsi_req_continue(req);
>> +        }
>> +        return MFI_STAT_INVALID_STATUS;
>> +    } else if (info->vpd_page83[3] == 0) {
>> +        /* Additional length is zero, resubmit */
>> +        megasas_setup_inquiry(cmdbuf, 0x83, (uint8_t *)info->vpd_page83,
>> +                              sizeof(info->vpd_page83));
>> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
>> +        if (!req) {
>> +            return MFI_STAT_FLASH_ALLOC_FAIL;
>> +        }
>> +        len = scsi_req_enqueue(req);
>> +        if (len > 0) {
>> +            cmd->iov_size = len;
>> +            scsi_req_continue(req);
>> +        }
>> +        return MFI_STAT_INVALID_STATUS;
>> +    }
>> +
>> +    /* Finished, set FW state */
>> +    if (megasas_is_jbod(cmd->state)) {
>> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
>> +    } else {
>> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
>> +    }
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_pd_get_info(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
>> +    uint64_t pd_size;
>> +    uint16_t pd_id;
>> +    SCSIDevice *sdev = NULL;
>> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    if (cmd->iov_size < sizeof(struct mfi_pd_info)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    /* mbox0 has the ID */
>> +    pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
>> +    sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
>> +
>> +    if (sdev) {
>> +        BlockConf *conf = &sdev->conf;
>> +
>> +        info->ref.v.device_id = pd_id;
>> +        info->state.ddf.v.pd_type.in_vd = 1;
>> +        info->state.ddf.v.pd_type.intf = 0x2;
>> +        bdrv_get_geometry(conf->bs, &pd_size);
>> +        info->raw_size = cpu_to_le64(pd_size);
>> +        info->non_coerced_size = cpu_to_le64(pd_size);
>> +        info->coerced_size = cpu_to_le64(pd_size);
>> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
>> +        info->path_info.count = 1;
>> +        info->path_info.sas_addr[0] =
>> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
>> +        /* Submit inquiry */
>> +        retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
>> +    }
>> +
>> +    return retval;
>> +}
>> +
>> +static int megasas_dcmd_ld_get_list(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    struct mfi_ld_list *info = cmd->iov[0].iov_base;
>> +    uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
>> +    uint64_t ld_size;
>> +    int offset;
>> +    DeviceState *qdev;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    if (cmd->iov_size < sizeof(struct mfi_ld_list)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    if (megasas_is_jbod(s)) {
>> +        max_ld_disks = 0;
>> +    }
>> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
>> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
>> +        BlockConf *conf = &sdev->conf;
>> +
>> +        if (num_ld_disks >= max_ld_disks)
>> +            break;
>> +        bdrv_get_geometry(conf->bs, &ld_size);
>> +        ld_size *= 512;
>> +        info->ld_list[num_ld_disks].ld.v.target_id = sdev->id;
>> +        info->ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
>> +        info->ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
>> +        num_ld_disks++;
>> +        offset += 18;
>> +    }
>> +    info->ld_count = cpu_to_le32(num_ld_disks);
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
>> +                                      struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
>> +    uint8_t cdb[6];
>> +    SCSIRequest *req;
>> +    ssize_t len;
>> +
>> +    if (info->vpd_page83[3] == 0) {
>> +        megasas_setup_inquiry(cdb, 0x83, (uint8_t *)info->vpd_page83,
>> +                              sizeof(info->vpd_page83));
>> +        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
>> +        if (!req) {
>> +            return MFI_STAT_FLASH_ALLOC_FAIL;
>> +        }
>> +        len = scsi_req_enqueue(req);
>> +        if (len > 0) {
>> +            cmd->iov_size = len;
>> +            scsi_req_continue(req);
>> +        }
>> +        return MFI_STAT_INVALID_STATUS;
>> +    }
>> +    info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_ld_get_info(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
>> +    uint64_t ld_size;
>> +    uint16_t ld_id;
>> +    uint32_t max_ld_disks = s->fw_luns;
>> +    SCSIDevice *sdev = NULL;
>> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    if (cmd->iov_size < sizeof(struct mfi_ld_info)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    /* mbox0 has the ID */
>> +    ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
>> +
>> +    if (megasas_is_jbod(s)) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (ld_id < max_ld_disks) {
>> +        sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
>> +    }
>> +
>> +    if (sdev) {
>> +        BlockConf *conf = &sdev->conf;
>> +
>> +        info->ld_config.properties.ld.v.target_id = ld_id;
>> +        info->ld_config.params.stripe_size = 3;
>> +        info->ld_config.params.num_drives = 1;
>> +        info->ld_config.params.state = MFI_LD_STATE_OFFLINE;
>> +        info->ld_config.params.is_consistent = 1;
>> +        bdrv_get_geometry(conf->bs, &ld_size);
>> +        ld_size *= 512;
>> +        info->size = cpu_to_le64(ld_size);
>> +        retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
>> +    }
>> +
>> +    return retval;
>> +}
>> +
>> +static int megasas_dcmd_get_properties(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    struct mfi_ctrl_props *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_props)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +    info->pred_fail_poll_interval = cpu_to_le16(300);
>> +    info->intr_throttle_cnt = cpu_to_le16(16);
>> +    info->intr_throttle_timeout = cpu_to_le16(50);
>> +    info->rebuild_rate = 30;
>> +    info->patrol_read_rate = 30;
>> +    info->bgi_rate = 30;
>> +    info->cc_rate = 30;
>> +    info->recon_rate = 30;
>> +    info->cache_flush_interval = 4;
>> +    info->spinup_drv_cnt = 2;
>> +    info->spinup_delay = 6;
>> +    info->ecc_bucket_size = 15;
>> +    info->ecc_bucket_leak_rate = cpu_to_le16(1440);
>> +    info->expose_encl_devices = 1;
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_cache_flush(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    qemu_aio_flush();
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_ctrl_shutdown(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    s->fw_state = MFI_FWSTATE_READY;
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_cluster_reset_ld(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    return MFI_STAT_INVALID_DCMD;
>> +}
>> +
>> +static int megasas_dcmd_set_properties(MPTState *s, struct megasas_cmd_t 
>> *cmd)
>> +{
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_dummy(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    if (cmd->iov_size) {
>> +        memset(cmd->iov[0].iov_base, 0, cmd->iov_size);
>> +    }
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static const struct dcmd_cmd_tbl_t {
>> +    int opcode;
>> +    int (*func)(MPTState *s, struct megasas_cmd_t *cmd);
>> +} dcmd_cmd_tbl[] = {
>> +    { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_GET_INFO, megasas_ctrl_get_info },
>> +    { MFI_DCMD_CTRL_GET_PROPERTIES, megasas_dcmd_get_properties },
>> +    { MFI_DCMD_CTRL_SET_PROPERTIES, megasas_dcmd_set_properties },
>> +    { MFI_DCMD_CTRL_ALARM_GET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_ENABLE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_DISABLE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_SILENCE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_TEST, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_EVENT_GETINFO, megasas_event_info },
>> +    { MFI_DCMD_CTRL_EVENT_GET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_EVENT_WAIT, megasas_event_wait },
>> +    { MFI_DCMD_CTRL_SHUTDOWN, megasas_ctrl_shutdown },
>> +    { MFI_DCMD_HIBERNATE_STANDBY, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_GET_TIME, megasas_dcmd_get_fw_time },
>> +    { MFI_DCMD_CTRL_SET_TIME, megasas_dcmd_set_fw_time },
>> +    { MFI_DCMD_CTRL_BIOS_DATA_GET, megasas_dcmd_get_bios_info },
>> +    { MFI_DCMD_CTRL_FACTORY_DEFAULTS, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, megasas_mfc_get_defaults },
>> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_CACHE_FLUSH, megasas_cache_flush },
>> +    { MFI_DCMD_PD_GET_LIST, megasas_dcmd_pd_get_list },
>> +    { MFI_DCMD_PD_LIST_QUERY, megasas_dcmd_pd_list_query },
>> +    { MFI_DCMD_PD_GET_INFO, megasas_dcmd_pd_get_info },
>> +    { MFI_DCMD_PD_STATE_SET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_PD_REBUILD, megasas_dcmd_dummy },
>> +    { MFI_DCMD_PD_BLINK, megasas_dcmd_dummy },
>> +    { MFI_DCMD_PD_UNBLINK, megasas_dcmd_dummy },
>> +    { MFI_DCMD_LD_GET_LIST, megasas_dcmd_ld_get_list},
>> +    { MFI_DCMD_LD_GET_INFO, megasas_dcmd_ld_get_info },
>> +    { MFI_DCMD_LD_GET_PROP, megasas_dcmd_dummy },
>> +    { MFI_DCMD_LD_SET_PROP, megasas_dcmd_dummy },
>> +    { MFI_DCMD_LD_DELETE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_READ, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_ADD, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_CLEAR, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_FOREIGN_READ, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_FOREIGN_IMPORT, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_STATUS, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_CAPACITY_INFO, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_DESIGN_INFO, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_PROP_GET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CLUSTER, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CLUSTER_RESET_ALL, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CLUSTER_RESET_LD, megasas_cluster_reset_ld },
>> +    { -1, NULL }
>> +};
>> +
>> +static int megasas_handle_dcmd(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    int opcode, len;
>> +    int retval = 0;
>> +    const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
>> +
>> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
>> +    len = megasas_map_dcmd(cmd);
>> +    if (len < 0) {
>> +        return MFI_STAT_MEMORY_NOT_AVAILABLE;
>> +    }
>> +    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
>> +        cmdptr++;
>> +    }
>> +    if (cmdptr->opcode == -1) {
>> +        retval = megasas_dcmd_dummy(s, cmd);
>> +    } else {
>> +        retval = cmdptr->func(s, cmd);
>> +    }
>> +    if (retval != MFI_STAT_INVALID_STATUS) {
>> +        megasas_finish_dcmd(cmd);
>> +    }
>> +    return retval;
>> +}
>> +
>> +static int megasas_finish_internal_dcmd(struct megasas_cmd_t *cmd,
>> +                                        SCSIRequest *req)
>> +{
>> +    int opcode;
>> +    int retval = MFI_STAT_OK;
>> +    int lun = req->lun;
>> +
>> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
>> +    scsi_req_unref(req);
>> +    switch (opcode) {
>> +    case MFI_DCMD_PD_GET_INFO:
>> +        retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
>> +        break;
>> +    case MFI_DCMD_LD_GET_INFO:
>> +        retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
>> +        break;
>> +    default:
>> +        retval = MFI_STAT_INVALID_DCMD;
>> +        break;
>> +    }
>> +    if (retval != MFI_STAT_INVALID_STATUS) {
>> +        megasas_finish_dcmd(cmd);
>> +    }
>> +    return retval;
>> +}
>> +
>> +static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd,
>> +                               int is_logical)
>> +{
>> +    uint8_t *cdb;
>> +    int len;
>> +    struct SCSIDevice *sdev = NULL;
>> +
>> +    cdb = cmd->frame->pass.cdb;
>> +
>> +    if (cmd->frame->header.target_id < s->fw_luns) {
>> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
>> +                                cmd->frame->header.lun_id);
>> +    }
>> +    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
>> +
>> +    if (!sdev || (megasas_is_jbod(s) && is_logical)) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (cmd->frame->header.cdb_len > 16) {
>> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    if (megasas_map_sgl(cmd, &cmd->frame->pass.sgl)) {
>> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    cmd->req = scsi_req_new(sdev, cmd->index,
>> +                            cmd->frame->header.lun_id, cdb, cmd);
>> +    if (!cmd->req) {
>> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
>> +        cmd->frame->header.scsi_status = BUSY;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    len = scsi_req_enqueue(cmd->req);
>> +    if (len > 0) {
>> +        if (len < cmd->iov_size) {
>> +            cmd->iov_size = len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    } else if (len < 0) {
>> +        if (-len < cmd->iov_size) {
>> +            cmd->iov_size = -len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    }
>> +    return MFI_STAT_INVALID_STATUS;
>> +}
>> +
>> +static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint32_t lba_count, lba_start_hi, lba_start_lo;
>> +    uint64_t lba_start;
>> +    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
>> +    uint8_t cdb[16];
>> +    int len;
>> +    struct SCSIDevice *sdev = NULL;
>> +
>> +    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
>> +    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
>> +    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
>> +    lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
>> +
>> +    if (cmd->frame->header.target_id < s->fw_luns) {
>> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
>> +                                cmd->frame->header.lun_id);
>> +    }
>> +
>> +    if (!sdev) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (cmd->frame->header.cdb_len > 16) {
>> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    cmd->iov_size = lba_count * sdev->blocksize;
>> +    if (megasas_map_sgl(cmd, &cmd->frame->io.sgl)) {
>> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    megasas_encode_lba(cdb, lba_start, lba_count, write);
>> +    cmd->req = scsi_req_new(sdev, cmd->index,
>> +                            cmd->frame->header.lun_id, cdb, cmd);
>> +    if (!cmd->req) {
>> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
>> +        cmd->frame->header.scsi_status = BUSY;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    len = scsi_req_enqueue(cmd->req);
>> +    if (len > 0) {
>> +        if (len < cmd->iov_size) {
>> +            cmd->iov_size = len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    } else if (len < 0) {
>> +        if (-len < cmd->iov_size) {
>> +            cmd->iov_size = -len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    }
>> +    return MFI_STAT_INVALID_STATUS;
>> +}
>> +
>> +static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
>> +                                           SCSIRequest *req)
>> +{
>> +    int retval = MFI_STAT_INVALID_CMD;
>> +
>> +    if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
>> +            retval = megasas_finish_internal_dcmd(cmd, req);
>> +    }
>> +    return retval;
>> +}
>> +
>> +static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +    uint8_t *buf;
>> +
>> +    if (len) {
>> +        int is_write = megasas_frame_is_write(cmd);
>> +        size_t bytes;
>> +
>> +        buf = scsi_req_get_buf(req);
>> +        if (is_write) {
>> +            bytes = iov_to_buf(cmd->iov, cmd->iov_cnt, buf,
>> +                               cmd->iov_offset, len);
>> +            if (bytes != len) {
>> +                len = bytes;
>> +            }
>> +            cmd->iov_offset += bytes;
>> +        } else {
>> +            bytes = iov_from_buf(cmd->iov, cmd->iov_cnt, buf,
>> +                                 cmd->iov_offset, len);
>> +            if (bytes != len) {
>> +                len = bytes;
>> +            }
>> +            cmd->iov_offset += bytes;
>> +        }
>> +    }
>> +    scsi_req_continue(req);
>> +}
>> +
>> +static void megasas_command_complete(SCSIRequest *req, uint32_t status)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +    uint8_t cmd_status = MFI_STAT_OK;
>> +
>> +    if (cmd->req != req) {
>> +        /*
>> +         * Internal command complete
>> +         */
>> +        cmd_status = megasas_finish_internal_command(cmd, req);
>> +        if (cmd_status == MFI_STAT_INVALID_STATUS) {
>> +            return;
>> +        }
>> +    } else {
>> +        req->status = status;
>> +        if (req->status != GOOD) {
>> +            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +        }
>> +        if (req->status == CHECK_CONDITION) {
>> +            megasas_copy_sense(cmd);
>> +        }
>> +
>> +        megasas_unmap_sgl(cmd);
>> +        cmd->frame->header.scsi_status = req->status;
>> +        scsi_req_unref(cmd->req);
>> +        cmd->req = NULL;
>> +    }
>> +    cmd->frame->header.cmd_status = cmd_status;
>> +    megasas_complete_frame(cmd->state, cmd->context);
>> +}
>> +
>> +static void megasas_command_cancel(SCSIRequest *req)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +
>> +    if (cmd) {
>> +        megasas_abort_command(cmd);
>> +    } else {
>> +        scsi_req_unref(req);
>> +    }
>> +    return;
>> +}
>> +
>> +static int megasas_handle_abort(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
>> +    target_phys_addr_t abort_addr, addr_hi, addr_lo;
>> +    struct megasas_cmd_t *abort_cmd;
>> +
>> +    addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
>> +    addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
>> +    abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
>> +
>> +    abort_cmd = megasas_lookup_frame(s, abort_addr);
>> +    if (!abort_cmd) {
>> +        s->event_count++;
>> +        return MFI_STAT_OK;
>> +    }
>> +    if (!megasas_use_queue64(s)) {
>> +        abort_ctx &= (uint64_t)0xFFFFFFFF;
>> +    }
>> +    if (abort_cmd->context != abort_ctx) {
>> +        s->event_count++;
>> +        return MFI_STAT_ABORT_NOT_POSSIBLE;
>> +    }
>> +    megasas_abort_command(abort_cmd);
>> +    if (!s->event_cmd || abort_cmd != s->event_cmd) {
>> +        s->event_cmd = NULL;
>> +    }
>> +    s->event_count++;
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static void megasas_handle_frame(MPTState *s, uint64_t frame_addr,
>> +                                 uint32_t frame_count)
>> +{
>> +    uint8_t frame_status = MFI_STAT_INVALID_CMD;
>> +    uint64_t frame_context;
>> +    struct megasas_cmd_t *cmd;
>> +
>> +    /*
>> +     * Always read 64bit context, top bits will be
>> +     * masked out if required in megasas_enqueue_frame()
>> +     */
>> +    frame_context = megasas_frame_get_context(frame_addr);
>> +
>> +    cmd = megasas_enqueue_frame(s, frame_addr, frame_context, 
>> frame_count);
>> +    if (!cmd) {
>> +        /* reply queue full */
>> +        megasas_frame_set_scsi_status(frame_addr, BUSY);
>> +        megasas_frame_set_cmd_status(frame_addr, 
>> MFI_STAT_SCSI_DONE_WITH_ERROR);
>> +        megasas_complete_frame(s, frame_context);
>> +        s->event_count++;
>> +        return;
>> +    }
>> +    switch (cmd->frame->header.frame_cmd) {
>> +    case MFI_CMD_INIT:
>> +        frame_status = megasas_init_firmware(s, cmd);
>> +        break;
>> +    case MFI_CMD_DCMD:
>> +        frame_status = megasas_handle_dcmd(s, cmd);
>> +        break;
>> +    case MFI_CMD_ABORT:
>> +        frame_status = megasas_handle_abort(s, cmd);
>> +        break;
>> +    case MFI_CMD_PD_SCSI_IO:
>> +        frame_status = megasas_handle_scsi(s, cmd, 0);
>> +        break;
>> +    case MFI_CMD_LD_SCSI_IO:
>> +        frame_status = megasas_handle_scsi(s, cmd, 1);
>> +        break;
>> +    case MFI_CMD_LD_READ:
>> +    case MFI_CMD_LD_WRITE:
>> +        frame_status = megasas_handle_io(s, cmd);
>> +        break;
>> +    default:
>> +        s->event_count++;
>> +        break;
>> +    }
>> +    if (frame_status != MFI_STAT_INVALID_STATUS) {
>> +        if (cmd->frame) {
>> +            cmd->frame->header.cmd_status = frame_status;
>> +        } else {
>> +            megasas_frame_set_cmd_status(frame_addr, frame_status);
>> +        }
>> +        megasas_complete_frame(s, cmd->context);
>> +    }
>> +}
>> +
>> +static uint64_t megasas_mmio_read(void *opaque, target_phys_addr_t addr,
>> +                                  unsigned size)
>> +{
>> +    MPTState *s = opaque;
>> +    uint32_t retval = 0;
>> +
>> +    switch (addr) {
>> +    case MFI_IDB:
>> +        retval = 0;
>> +        break;
>> +    case MFI_OMSG0:
>> +    case MFI_OSP0:
>> +        retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
>> +            (s->fw_state & MFI_FWSTATE_MASK) |
>> +            ((s->fw_sge & 0xff) << 16) |
>> +            (s->fw_cmds & 0xFFFF);
>> +        break;
>> +    case MFI_OSTS:
>> +        if (megasas_intr_enabled(s) && s->doorbell) {
>> +            retval = MFI_1078_RM | 1;
>> +        }
>> +        break;
>> +    case MFI_OMSK:
>> +        retval = s->intr_mask;
>> +        break;
>> +    case MFI_ODCR0:
>> +        retval = s->doorbell;
>> +        break;
>> +    default:
>> +        break;
>> +    }
>> +    return retval;
>> +}
>> +
>> +static void megasas_mmio_write(void *opaque, target_phys_addr_t addr,
>> +                               uint64_t val, unsigned size)
>> +{
>> +    MPTState *s = opaque;
>> +    uint64_t frame_addr;
>> +    uint32_t frame_count;
>> +    int i;
>> +
>> +    switch (addr) {
>> +    case MFI_IDB:
>> +        if (val & MFI_FWINIT_ABORT) {
>> +            /* Abort all pending cmds */
>> +            for (i = 0; i < s->fw_cmds; i++) {
>> +                megasas_abort_command(&s->frames[i]);
>> +            }
>> +        }
>> +        if (val & MFI_FWINIT_READY) {
>> +            /* move to FW READY */
>> +            megasas_soft_reset(s);
>> +        }
>> +        if (val & MFI_FWINIT_MFIMODE) {
>> +            /* discard MFIs */
>> +        }
>> +        break;
>> +    case MFI_OMSK:
>> +        s->intr_mask = val;
>> +        if (!megasas_intr_enabled(s) && !msix_enabled(&s->dev)) {
>> +            qemu_irq_lower(s->dev.irq[0]);
>> +        }
>> +        break;
>> +    case MFI_ODCR0:
>> +        s->doorbell = 0;
>> +        if (s->producer_pa && megasas_intr_enabled(s)) {
>> +            /* Update reply queue pointer */
>> +            stl_le_phys(s->producer_pa, s->reply_queue_head);
>> +            if (!msix_enabled(&s->dev)) {
>> +                qemu_irq_lower(s->dev.irq[0]);
>> +            }
>> +        }
>> +        break;
>> +    case MFI_IQPH:
>> +        /* Received high 32 bits of a 64 bit MFI frame address */
>> +        s->frame_hi = val;
>> +        break;
>> +    case MFI_IQPL:
>> +        /* Received low 32 bits of a 64 bit MFI frame address */
>> +    case MFI_IQP:
>> +        /* Received 32 bit MFI frame address */
>> +        frame_addr = (val & ~0x1F);
>> +        /* Add possible 64 bit offset */
>> +        frame_addr |= ((uint64_t)s->frame_hi << 32);
>> +        s->frame_hi = 0;
>> +        frame_count = (val >> 1) & 0xF;
>> +        megasas_handle_frame(s, frame_addr, frame_count);
>> +        break;
>> +    default:
>> +        break;
>> +    }
>> +}
>> +
>> +static const MemoryRegionOps megasas_mmio_ops = {
>> +    .read = megasas_mmio_read,
>> +    .write = megasas_mmio_write,
>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>> +    .impl = {
>> +        .min_access_size = 4,
>> +        .max_access_size = 4,
>> +    }
>> +};
>> +
>> +static uint64_t megasas_port_read(void *opaque, target_phys_addr_t addr,
>> +                                  unsigned size)
>> +{
>> +    return megasas_mmio_read(opaque, addr & 0xff, size);
>> +}
>> +
>> +static void megasas_port_write(void *opaque, target_phys_addr_t addr,
>> +                               uint64_t val, unsigned size)
>> +{
>> +    megasas_mmio_write(opaque, addr & 0xff, val, size);
>> +}
>> +
>> +static const MemoryRegionOps megasas_port_ops = {
>> +    .read = megasas_port_read,
>> +    .write = megasas_port_write,
>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>> +    .impl = {
>> +        .min_access_size = 4,
>> +        .max_access_size = 4,
>> +    }
>> +};
>> +
>> +static uint64_t megasas_queue_read(void *opaque, target_phys_addr_t addr,
>> +                                   unsigned size)
>> +{
>> +    return 0;
>> +}
>> +
>> +static void megasas_queue_write(void *opaque, target_phys_addr_t addr,
>> +                                uint64_t val, unsigned size)
>> +{
>> +}
>> +
>> +static const MemoryRegionOps megasas_queue_ops = {
>> +    .read = megasas_queue_read,
>> +    .write = megasas_queue_write,
>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>> +    .impl = {
>> +        .min_access_size = 4,
>> +        .max_access_size = 4,
>> +    }
>> +};
>> +
>> +static void megasas_soft_reset(MPTState *s)
>> +{
>> +    int i;
>> +    struct megasas_cmd_t *cmd;
>> +
>> +    for (i = 0; i < s->fw_cmds; i++) {
>> +        cmd = &s->frames[i];
>> +        megasas_abort_command(cmd);
>> +    }
>> +    megasas_reset_frames(s);
>> +    s->reply_queue_len = s->fw_cmds;
>> +    s->reply_queue_pa = 0;
>> +    s->consumer_pa = 0;
>> +    s->producer_pa = 0;
>> +    s->fw_state = MFI_FWSTATE_READY;
>> +    s->doorbell = 0;
>> +    s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
>> +    s->frame_hi = 0;
>> +    s->flags &= ~MEGASAS_MASK_USE_QUEUE64;
>> +    s->event_count++;
>> +    s->boot_event = s->event_count;
>> +}
>> +
>> +static void megasas_scsi_reset(DeviceState *dev)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev.qdev, dev);
>> +
>> +    megasas_soft_reset(s);
>> +}
>> +
>> +static const VMStateDescription vmstate_megasas = {
>> +    .name = "megasas",
>> +    .version_id = 0,
>> +    .minimum_version_id = 0,
>> +    .minimum_version_id_old = 0,
>> +    .fields      = (VMStateField[]) {
>> +        VMSTATE_PCI_DEVICE(dev, MPTState),
>> +
>> +        VMSTATE_INT32(fw_state, MPTState),
>> +        VMSTATE_INT32(intr_mask, MPTState),
>> +        VMSTATE_INT32(doorbell, MPTState),
>> +        VMSTATE_UINT64(reply_queue_pa, MPTState),
>> +        VMSTATE_UINT64(consumer_pa, MPTState),
>> +        VMSTATE_UINT64(producer_pa, MPTState),
>> +        VMSTATE_END_OF_LIST()
>> +    }
>> +};
>> +
>> +static int megasas_scsi_uninit(PCIDevice *d)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev, d);
>> +
>> +    memory_region_destroy(&s->mmio_io);
>> +    memory_region_destroy(&s->port_io);
>> +    memory_region_destroy(&s->queue_io);
>> +    return 0;
>> +}
>> +
>> +static const struct SCSIBusInfo megasas_scsi_info = {
>> +    .tcq = true,
>> +    .max_target = MFI_MAX_LD,
>> +    .max_lun = 255,
>> +
>> +    .transfer_data = megasas_xfer_complete,
>> +    .complete = megasas_command_complete,
>> +    .cancel = megasas_command_cancel,
>> +};
>> +
>> +static int megasas_scsi_init(PCIDevice *dev)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev, dev);
>> +    uint8_t *pci_conf;
>> +    int i;
>> +
>> +    pci_conf = s->dev.config;
>> +
>> +    /* PCI latency timer = 0 */
>> +    pci_conf[PCI_LATENCY_TIMER] = 0;
>> +    /* Interrupt pin 1 */
>> +    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
>> +
>> +    memory_region_init_io(&s->mmio_io, &megasas_mmio_ops, s,
>> +                          "megasas-mmio", 0x4000);
>> +    memory_region_init_io(&s->port_io, &megasas_port_ops, s,
>> +                          "megasas-io", 256);
>> +    memory_region_init_io(&s->queue_io, &megasas_queue_ops, s,
>> +                          "megasas-queue", 0x40000);
>> +
>> +    if (megasas_use_msix(s) &&
>> +        msix_init(&s->dev, 15, &s->mmio_io, 0, 0x2000)) {
>> +        s->flags &= ~MEGASAS_MASK_USE_MSIX;
>> +    }
>> +
>> +    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, 
>> &s->mmio_io);
>> +    pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
>> +    pci_register_bar(&s->dev, 3, PCI_BASE_ADDRESS_SPACE_MEMORY, 
>> &s->queue_io);
>> +
>> +    if (megasas_use_msix(s)) {
>> +        msix_vector_use(&s->dev, 0);
>> +    }
>> +
>> +    if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
>> +        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
>> +    } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
>> +        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
>> +    } else {
>> +        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
>> +    }
>> +    if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
>> +        s->fw_cmds = MEGASAS_MAX_FRAMES;
>> +    }
>> +    if (s->raid_mode_str) {
>> +        if (!strcmp(s->raid_mode_str, "jbod")) {
>> +            s->flags |= MEGASAS_MASK_USE_JBOD;
>> +        } else {
>> +            s->flags &= ~MEGASAS_MASK_USE_JBOD;
>> +            s->raid_mode_str = (char *)megasas_raid_modes[0];
>> +        }
>> +    } else {
>> +        s->raid_mode_str = (char *)megasas_raid_modes[0];
>> +    }
>> +    s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
>> +        MAX_SCSI_DEVS : MFI_MAX_LD;
>> +    s->producer_pa = 0;
>> +    s->consumer_pa = 0;
>> +    for (i = 0; i < s->fw_cmds; i++) {
>> +        s->frames[i].index = i;
>> +        s->frames[i].context = -1;
>> +        s->frames[i].pa = 0;
>> +        s->frames[i].state = s;
>> +    }
>> +
>> +    scsi_bus_new(&s->bus, &dev->qdev, &megasas_scsi_info);
>> +    scsi_bus_legacy_handle_cmdline(&s->bus);
>> +    return 0;
>> +}
>> +
>> +static Property megasas_properties[] = {
>> +    DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
>> +                       MEGASAS_DEFAULT_SGE),
>> +    DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
>> +                       MEGASAS_DEFAULT_FRAMES),
>> +    DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
>> +    DEFINE_PROP_BIT("use_msix", MPTState, flags,
>> +                    MEGASAS_FLAG_USE_MSIX, false),
>> +    DEFINE_PROP_END_OF_LIST(),
>> +};
>> +
>> +static void megasas_class_init(ObjectClass *oc, void *data)
>> +{
>> +    DeviceClass *dc = DEVICE_CLASS(oc);
>> +    PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
>> +
>> +    pc->init = megasas_scsi_init;
>> +    pc->exit = megasas_scsi_uninit;
>> +    pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
>> +    pc->device_id = PCI_DEVICE_ID_LSI_SAS1078;
>> +    pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
>> +    pc->subsystem_id = 0x1013;
>> +    pc->class_id = PCI_CLASS_STORAGE_RAID;
>> +    dc->props = megasas_properties;
>> +    dc->reset = megasas_scsi_reset;
>> +    dc->vmsd = &vmstate_megasas;
>> +    dc->desc = "LSI MegaRAID SAS 1078";
>> +}
>> +
>> +static TypeInfo megasas_info = {
>> +    .name  = "megasas",
>> +    .parent = TYPE_PCI_DEVICE,
>> +    .instance_size = sizeof(MPTState),
>> +    .class_init = megasas_class_init,
>> +};
>> +
>> +static void megaraid1078_register_types(void)
>> +{
>> +    type_register_static(&megasas_info);
>> +}
>> +
>> +type_init(megaraid1078_register_types);
>> diff --git a/hw/mfi.h b/hw/mfi.h
>> new file mode 100644
>> index 0000000..4790c7c
>> --- /dev/null
>> +++ b/hw/mfi.h
>> @@ -0,0 +1,1281 @@
>> +/*-
>> + * Copyright (c) 2006 IronPort Systems
>> + * All rights reserved.
>> + *
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + * 1. Redistributions of source code must retain the above copyright
>> + *    notice, this list of conditions and the following disclaimer.
>> + * 2. Redistributions in binary form must reproduce the above copyright
>> + *    notice, this list of conditions and the following disclaimer in the
>> + *    documentation and/or other materials provided with the distribution.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
>> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
>> PURPOSE
>> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
>> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
>> CONSEQUENTIAL
>> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
>> STRICT
>> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY 
>> WAY
>> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>> + * SUCH DAMAGE.
>> + */
>> +/*-
>> + * Copyright (c) 2007 LSI Corp.
>> + * Copyright (c) 2007 Rajesh Prabhakaran.
>> + * All rights reserved.
>> + *
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + * 1. Redistributions of source code must retain the above copyright
>> + *    notice, this list of conditions and the following disclaimer.
>> + * 2. Redistributions in binary form must reproduce the above copyright
>> + *    notice, this list of conditions and the following disclaimer in the
>> + *    documentation and/or other materials provided with the distribution.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
>> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 
>> PURPOSE
>> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
>> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 
>> CONSEQUENTIAL
>> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 
>> STRICT
>> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY 
>> WAY
>> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>> + * SUCH DAMAGE.
>> + */
>> +
>> +#ifndef _MFI_H
>> +#define _MFI_H
>> +
>> +/*
>> + * MegaRAID SAS MFI firmware definitions
>> + *
>> + * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a 
>> completely
>> + * new firmware interface from the old AMI MegaRAID one, and there is no
>> + * reason why this interface should be limited to just SAS.  In any case, 
>> LSI
>> + * seems to also call this interface 'MFI', so that will be used here.
>> + */
>> +
>> +/*
>> + * Start with the register set.  All registers are 32 bits wide.
>> + * The usual Intel IOP style setup.
>> + */
>> +#define MFI_IMSG0 0x10    /* Inbound message 0 */
>> +#define MFI_IMSG1 0x14    /* Inbound message 1 */
>> +#define MFI_OMSG0 0x18    /* Outbound message 0 */
>> +#define MFI_OMSG1 0x1c    /* Outbound message 1 */
>> +#define MFI_IDB   0x20    /* Inbound doorbell */
>> +#define MFI_ISTS  0x24    /* Inbound interrupt status */
>> +#define MFI_IMSK  0x28    /* Inbound interrupt mask */
>> +#define MFI_ODB   0x2c    /* Outbound doorbell */
>> +#define MFI_OSTS  0x30    /* Outbound interrupt status */
>> +#define MFI_OMSK  0x34    /* Outbound interrupt mask */
>> +#define MFI_IQP   0x40    /* Inbound queue port */
>> +#define MFI_OQP   0x44    /* Outbound queue port */
>> +
>> +/*
>> + * 1078 specific related register
>> + */
>> +#define MFI_ODR0        0x9c            /* outbound doorbell register0 */
>> +#define MFI_ODCR0       0xa0            /* outbound doorbell clear 
>> register0  */
>> +#define MFI_OSP0        0xb0            /* outbound scratch pad0  */
>> +#define MFI_IQPL        0xc0            /* Inbound queue port (low bytes) 
>> */
>> +#define MFI_IQPH        0xc4            /* Inbound queue port (high bytes) 
>> */
>> +#define MFI_DIAG        0xf8            /* Host diag */
>> +#define MFI_SEQ         0xfc            /* Sequencer offset */
>> +#define MFI_1078_EIM    0x80000004      /* 1078 enable intrrupt mask  */
>> +#define MFI_RMI         0x2             /* reply message interrupt  */
>> +#define MFI_1078_RM     0x80000000      /* reply 1078 message interrupt 
>> */
>> +#define MFI_ODC         0x4             /* outbound doorbell change 
>> interrupt */
>> +
>> +/*
>> + * gen2 specific changes
>> + */
>> +#define MFI_GEN2_EIM    0x00000005      /* gen2 enable interrupt mask */
>> +#define MFI_GEN2_RM     0x00000001      /* reply gen2 message interrupt */
>> +
>> +/*
>> + * skinny specific changes
>> + */
>> +#define MFI_SKINNY_IDB  0x00    /* Inbound doorbell is at 0x00 for skinny 
>> */
>> +#define MFI_SKINNY_RM   0x00000001      /* reply skinny message interrupt 
>> */
>> +
>> +/* Bits for MFI_OSTS */
>> +#define MFI_OSTS_INTR_VALID     0x00000002
>> +
>> +/*
>> + * Firmware state values.  Found in OMSG0 during initialization.
>> + */
>> +#define MFI_FWSTATE_MASK                0xf0000000
>> +#define MFI_FWSTATE_UNDEFINED           0x00000000
>> +#define MFI_FWSTATE_BB_INIT             0x10000000
>> +#define MFI_FWSTATE_FW_INIT             0x40000000
>> +#define MFI_FWSTATE_WAIT_HANDSHAKE      0x60000000
>> +#define MFI_FWSTATE_FW_INIT_2           0x70000000
>> +#define MFI_FWSTATE_DEVICE_SCAN         0x80000000
>> +#define MFI_FWSTATE_BOOT_MSG_PENDING    0x90000000
>> +#define MFI_FWSTATE_FLUSH_CACHE         0xa0000000
>> +#define MFI_FWSTATE_READY               0xb0000000
>> +#define MFI_FWSTATE_OPERATIONAL         0xc0000000
>> +#define MFI_FWSTATE_FAULT               0xf0000000
>> +#define MFI_FWSTATE_MAXSGL_MASK         0x00ff0000
>> +#define MFI_FWSTATE_MAXCMD_MASK         0x0000ffff
>> +#define MFI_FWSTATE_MSIX_SUPPORTED      0x04000000
>> +#define MFI_FWSTATE_HOSTMEMREQD_MASK    0x08000000
>> +
>> +/*
>> + * Control bits to drive the card to ready state.  These go into the IDB
>> + * register.
>> + */
>> +#define MFI_FWINIT_ABORT        0x00000001 /* Abort all pending commands 
>> */
>> +#define MFI_FWINIT_READY        0x00000002 /* Move from operational to 
>> ready */
>> +#define MFI_FWINIT_MFIMODE      0x00000004 /* unknown */
>> +#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE 
>> */
>> +#define MFI_FWINIT_HOTPLUG      0x00000010
>> +#define MFI_FWINIT_STOP_ADP     0x00000020 /* Move to operational, stop */
>> +#define MFI_FWINIT_ADP_RESET    0x00000040 /* Reset ADP */
>> +
>> +/* MFI Commands */
>> +typedef enum {
>> +    MFI_CMD_INIT = 0x00,
>> +    MFI_CMD_LD_READ,
>> +    MFI_CMD_LD_WRITE,
>> +    MFI_CMD_LD_SCSI_IO,
>> +    MFI_CMD_PD_SCSI_IO,
>> +    MFI_CMD_DCMD,
>> +    MFI_CMD_ABORT,
>> +    MFI_CMD_SMP,
>> +    MFI_CMD_STP
>> +} mfi_cmd_t ;
>> +
>> +/* Direct commands */
>> +typedef enum {
>> +    MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =  0x0100e100,
>> +    MFI_DCMD_CTRL_GET_INFO =            0x01010000,
>> +    MFI_DCMD_CTRL_GET_PROPERTIES =      0x01020100,
>> +    MFI_DCMD_CTRL_SET_PROPERTIES =      0x01020200,
>> +    MFI_DCMD_CTRL_ALARM =               0x01030000,
>> +    MFI_DCMD_CTRL_ALARM_GET =           0x01030100,
>> +    MFI_DCMD_CTRL_ALARM_ENABLE =        0x01030200,
>> +    MFI_DCMD_CTRL_ALARM_DISABLE =       0x01030300,
>> +    MFI_DCMD_CTRL_ALARM_SILENCE =       0x01030400,
>> +    MFI_DCMD_CTRL_ALARM_TEST =          0x01030500,
>> +    MFI_DCMD_CTRL_EVENT_GETINFO =       0x01040100,
>> +    MFI_DCMD_CTRL_EVENT_CLEAR =         0x01040200,
>> +    MFI_DCMD_CTRL_EVENT_GET =           0x01040300,
>> +    MFI_DCMD_CTRL_EVENT_COUNT =         0x01040400,
>> +    MFI_DCMD_CTRL_EVENT_WAIT =          0x01040500,
>> +    MFI_DCMD_CTRL_SHUTDOWN =            0x01050000,
>> +    MFI_DCMD_HIBERNATE_STANDBY =        0x01060000,
>> +    MFI_DCMD_CTRL_GET_TIME =            0x01080101,
>> +    MFI_DCMD_CTRL_SET_TIME =            0x01080102,
>> +    MFI_DCMD_CTRL_BIOS_DATA_GET =       0x010c0100,
>> +    MFI_DCMD_CTRL_BIOS_DATA_SET =       0x010c0200,
>> +    MFI_DCMD_CTRL_FACTORY_DEFAULTS =    0x010d0000,
>> +    MFI_DCMD_CTRL_MFC_DEFAULTS_GET =    0x010e0201,
>> +    MFI_DCMD_CTRL_MFC_DEFAULTS_SET =    0x010e0202,
>> +    MFI_DCMD_CTRL_CACHE_FLUSH =         0x01101000,
>> +    MFI_DCMD_PD_GET_LIST =              0x02010000,
>> +    MFI_DCMD_PD_LIST_QUERY =            0x02010100,
>> +    MFI_DCMD_PD_GET_INFO =              0x02020000,
>> +    MFI_DCMD_PD_STATE_SET =             0x02030100,
>> +    MFI_DCMD_PD_REBUILD =               0x02040100,
>> +    MFI_DCMD_PD_BLINK =                 0x02070100,
>> +    MFI_DCMD_PD_UNBLINK =               0x02070200,
>> +    MFI_DCMD_LD_GET_LIST =              0x03010000,
>> +    MFI_DCMD_LD_GET_INFO =              0x03020000,
>> +    MFI_DCMD_LD_GET_PROP =              0x03030000,
>> +    MFI_DCMD_LD_SET_PROP =              0x03040000,
>> +    MFI_DCMD_LD_DELETE =                0x03090000,
>> +    MFI_DCMD_CFG_READ =                 0x04010000,
>> +    MFI_DCMD_CFG_ADD =                  0x04020000,
>> +    MFI_DCMD_CFG_CLEAR =                0x04030000,
>> +    MFI_DCMD_CFG_FOREIGN_READ =         0x04060100,
>> +    MFI_DCMD_CFG_FOREIGN_IMPORT =       0x04060400,
>> +    MFI_DCMD_BBU_STATUS =               0x05010000,
>> +    MFI_DCMD_BBU_CAPACITY_INFO =        0x05020000,
>> +    MFI_DCMD_BBU_DESIGN_INFO =          0x05030000,
>> +    MFI_DCMD_BBU_PROP_GET =             0x05050100,
>> +    MFI_DCMD_CLUSTER =                  0x08000000,
>> +    MFI_DCMD_CLUSTER_RESET_ALL =        0x08010100,
>> +    MFI_DCMD_CLUSTER_RESET_LD =         0x08010200
>> +} mfi_dcmd_t ;
>> +
>> +/* Modifiers for MFI_DCMD_CTRL_FLUSHCACHE */
>> +#define MFI_FLUSHCACHE_CTRL     0x01
>> +#define MFI_FLUSHCACHE_DISK     0x02
>> +
>> +/* Modifiers for MFI_DCMD_CTRL_SHUTDOWN */
>> +#define MFI_SHUTDOWN_SPINDOWN   0x01
>> +
>> +/*
>> + * MFI Frame flags
>> + */
>> +typedef enum {
>> +    MFI_FRAME_DONT_POST_IN_REPLY_QUEUE =        0x0001,
>> +    MFI_FRAME_SGL64 =                           0x0002,
>> +    MFI_FRAME_SENSE64 =                         0x0004,
>> +    MFI_FRAME_DIR_WRITE =                       0x0008,
>> +    MFI_FRAME_DIR_READ =                        0x0010,
>> +    MFI_FRAME_IEEE_SGL =                        0x0020,
>> +} mfi_frame_flags;
>> +
>> +/* MFI Status codes */
>> +typedef enum {
>> +    MFI_STAT_OK =                       0x00,
>> +    MFI_STAT_INVALID_CMD,
>> +    MFI_STAT_INVALID_DCMD,
>> +    MFI_STAT_INVALID_PARAMETER,
>> +    MFI_STAT_INVALID_SEQUENCE_NUMBER,
>> +    MFI_STAT_ABORT_NOT_POSSIBLE,
>> +    MFI_STAT_APP_HOST_CODE_NOT_FOUND,
>> +    MFI_STAT_APP_IN_USE,
>> +    MFI_STAT_APP_NOT_INITIALIZED,
>> +    MFI_STAT_ARRAY_INDEX_INVALID,
>> +    MFI_STAT_ARRAY_ROW_NOT_EMPTY,
>> +    MFI_STAT_CONFIG_RESOURCE_CONFLICT,
>> +    MFI_STAT_DEVICE_NOT_FOUND,
>> +    MFI_STAT_DRIVE_TOO_SMALL,
>> +    MFI_STAT_FLASH_ALLOC_FAIL,
>> +    MFI_STAT_FLASH_BUSY,
>> +    MFI_STAT_FLASH_ERROR =              0x10,
>> +    MFI_STAT_FLASH_IMAGE_BAD,
>> +    MFI_STAT_FLASH_IMAGE_INCOMPLETE,
>> +    MFI_STAT_FLASH_NOT_OPEN,
>> +    MFI_STAT_FLASH_NOT_STARTED,
>> +    MFI_STAT_FLUSH_FAILED,
>> +    MFI_STAT_HOST_CODE_NOT_FOUNT,
>> +    MFI_STAT_LD_CC_IN_PROGRESS,
>> +    MFI_STAT_LD_INIT_IN_PROGRESS,
>> +    MFI_STAT_LD_LBA_OUT_OF_RANGE,
>> +    MFI_STAT_LD_MAX_CONFIGURED,
>> +    MFI_STAT_LD_NOT_OPTIMAL,
>> +    MFI_STAT_LD_RBLD_IN_PROGRESS,
>> +    MFI_STAT_LD_RECON_IN_PROGRESS,
>> +    MFI_STAT_LD_WRONG_RAID_LEVEL,
>> +    MFI_STAT_MAX_SPARES_EXCEEDED,
>> +    MFI_STAT_MEMORY_NOT_AVAILABLE =     0x20,
>> +    MFI_STAT_MFC_HW_ERROR,
>> +    MFI_STAT_NO_HW_PRESENT,
>> +    MFI_STAT_NOT_FOUND,
>> +    MFI_STAT_NOT_IN_ENCL,
>> +    MFI_STAT_PD_CLEAR_IN_PROGRESS,
>> +    MFI_STAT_PD_TYPE_WRONG,
>> +    MFI_STAT_PR_DISABLED,
>> +    MFI_STAT_ROW_INDEX_INVALID,
>> +    MFI_STAT_SAS_CONFIG_INVALID_ACTION,
>> +    MFI_STAT_SAS_CONFIG_INVALID_DATA,
>> +    MFI_STAT_SAS_CONFIG_INVALID_PAGE,
>> +    MFI_STAT_SAS_CONFIG_INVALID_TYPE,
>> +    MFI_STAT_SCSI_DONE_WITH_ERROR,
>> +    MFI_STAT_SCSI_IO_FAILED,
>> +    MFI_STAT_SCSI_RESERVATION_CONFLICT,
>> +    MFI_STAT_SHUTDOWN_FAILED =          0x30,
>> +    MFI_STAT_TIME_NOT_SET,
>> +    MFI_STAT_WRONG_STATE,
>> +    MFI_STAT_LD_OFFLINE,
>> +    MFI_STAT_PEER_NOTIFICATION_REJECTED,
>> +    MFI_STAT_PEER_NOTIFICATION_FAILED,
>> +    MFI_STAT_RESERVATION_IN_PROGRESS,
>> +    MFI_STAT_I2C_ERRORS_DETECTED,
>> +    MFI_STAT_PCI_ERRORS_DETECTED,
>> +    MFI_STAT_DIAG_FAILED,
>> +    MFI_STAT_BOOT_MSG_PENDING,
>> +    MFI_STAT_FOREIGN_CONFIG_INCOMPLETE,
>> +    MFI_STAT_INVALID_SGL,
>> +    MFI_STAT_UNSUPPORTED_HW,
>> +    MFI_STAT_CC_SCHEDULE_DISABLED,
>> +    MFI_STAT_PD_COPYBACK_IN_PROGRESS,
>> +    MFI_STAT_MULTIPLE_PDS_IN_ARRAY =    0x40,
>> +    MFI_STAT_FW_DOWNLOAD_ERROR,
>> +    MFI_STAT_FEATURE_SECURITY_NOT_ENABLED,
>> +    MFI_STAT_LOCK_KEY_ALREADY_EXISTS,
>> +    MFI_STAT_LOCK_KEY_BACKUP_NOT_ALLOWED,
>> +    MFI_STAT_LOCK_KEY_VERIFY_NOT_ALLOWED,
>> +    MFI_STAT_LOCK_KEY_VERIFY_FAILED,
>> +    MFI_STAT_LOCK_KEY_REKEY_NOT_ALLOWED,
>> +    MFI_STAT_LOCK_KEY_INVALID,
>> +    MFI_STAT_LOCK_KEY_ESCROW_INVALID,
>> +    MFI_STAT_LOCK_KEY_BACKUP_REQUIRED,
>> +    MFI_STAT_SECURE_LD_EXISTS,
>> +    MFI_STAT_LD_SECURE_NOT_ALLOWED,
>> +    MFI_STAT_REPROVISION_NOT_ALLOWED,
>> +    MFI_STAT_PD_SECURITY_TYPE_WRONG,
>> +    MFI_STAT_LD_ENCRYPTION_TYPE_INVALID,
>> +    MFI_STAT_CONFIG_FDE_NON_FDE_MIX_NOT_ALLOWED = 0x50,
>> +    MFI_STAT_CONFIG_LD_ENCRYPTION_TYPE_MIX_NOT_ALLOWED,
>> +    MFI_STAT_SECRET_KEY_NOT_ALLOWED,
>> +    MFI_STAT_PD_HW_ERRORS_DETECTED,
>> +    MFI_STAT_LD_CACHE_PINNED,
>> +    MFI_STAT_POWER_STATE_SET_IN_PROGRESS,
>> +    MFI_STAT_POWER_STATE_SET_BUSY,
>> +    MFI_STAT_POWER_STATE_WRONG,
>> +    MFI_STAT_PR_NO_AVAILABLE_PD_FOUND,
>> +    MFI_STAT_CTRL_RESET_REQUIRED,
>> +    MFI_STAT_LOCK_KEY_EKM_NO_BOOT_AGENT,
>> +    MFI_STAT_SNAP_NO_SPACE,
>> +    MFI_STAT_SNAP_PARTIAL_FAILURE,
>> +    MFI_STAT_UPGRADE_KEY_INCOMPATIBLE,
>> +    MFI_STAT_PFK_INCOMPATIBLE,
>> +    MFI_STAT_PD_MAX_UNCONFIGURED,
>> +    MFI_STAT_IO_METRICS_DISABLED =      0x60,
>> +    MFI_STAT_AEC_NOT_STOPPED,
>> +    MFI_STAT_PI_TYPE_WRONG,
>> +    MFI_STAT_LD_PD_PI_INCOMPATIBLE,
>> +    MFI_STAT_PI_NOT_ENABLED,
>> +    MFI_STAT_LD_BLOCK_SIZE_MISMATCH,
>> +    MFI_STAT_INVALID_STATUS =           0xFF
>> +} mfi_status_t ;
>> +
>> +/* Event classes */
>> +typedef enum {
>> +    MFI_EVT_CLASS_DEBUG =      -2,
>> +    MFI_EVT_CLASS_PROGRESS =   -1,
>> +    MFI_EVT_CLASS_INFO =        0,
>> +    MFI_EVT_CLASS_WARNING =     1,
>> +    MFI_EVT_CLASS_CRITICAL =    2,
>> +    MFI_EVT_CLASS_FATAL =       3,
>> +    MFI_EVT_CLASS_DEAD =        4
>> +} mfi_evt_class_t ;
>> +
>> +/* Event locales */
>> +typedef enum {
>> +    MFI_EVT_LOCALE_LD =         0x0001,
>> +    MFI_EVT_LOCALE_PD =         0x0002,
>> +    MFI_EVT_LOCALE_ENCL =       0x0004,
>> +    MFI_EVT_LOCALE_BBU =        0x0008,
>> +    MFI_EVT_LOCALE_SAS =        0x0010,
>> +    MFI_EVT_LOCALE_CTRL =       0x0020,
>> +    MFI_EVT_LOCALE_CONFIG =     0x0040,
>> +    MFI_EVT_LOCALE_CLUSTER =    0x0080,
>> +    MFI_EVT_LOCALE_ALL =        0xffff
>> +} mfi_evt_locale_t;
>> +
>> +/* Event args */
>> +typedef enum {
>> +    MR_EVT_ARGS_NONE =          0x00,
>> +    MR_EVT_ARGS_CDB_SENSE,
>> +    MR_EVT_ARGS_LD,
>> +    MR_EVT_ARGS_LD_COUNT,
>> +    MR_EVT_ARGS_LD_LBA,
>> +    MR_EVT_ARGS_LD_OWNER,
>> +    MR_EVT_ARGS_LD_LBA_PD_LBA,
>> +    MR_EVT_ARGS_LD_PROG,
>> +    MR_EVT_ARGS_LD_STATE,
>> +    MR_EVT_ARGS_LD_STRIP,
>> +    MR_EVT_ARGS_PD,
>> +    MR_EVT_ARGS_PD_ERR,
>> +    MR_EVT_ARGS_PD_LBA,
>> +    MR_EVT_ARGS_PD_LBA_LD,
>> +    MR_EVT_ARGS_PD_PROG,
>> +    MR_EVT_ARGS_PD_STATE,
>> +    MR_EVT_ARGS_PCI,
>> +    MR_EVT_ARGS_RATE,
>> +    MR_EVT_ARGS_STR,
>> +    MR_EVT_ARGS_TIME,
>> +    MR_EVT_ARGS_ECC,
>> +    MR_EVT_ARGS_LD_PROP,
>> +    MR_EVT_ARGS_PD_SPARE,
>> +    MR_EVT_ARGS_PD_INDEX,
>> +    MR_EVT_ARGS_DIAG_PASS,
>> +    MR_EVT_ARGS_DIAG_FAIL,
>> +    MR_EVT_ARGS_PD_LBA_LBA,
>> +    MR_EVT_ARGS_PORT_PHY,
>> +    MR_EVT_ARGS_PD_MISSING,
>> +    MR_EVT_ARGS_PD_ADDRESS,
>> +    MR_EVT_ARGS_BITMAP,
>> +    MR_EVT_ARGS_CONNECTOR,
>> +    MR_EVT_ARGS_PD_PD,
>> +    MR_EVT_ARGS_PD_FRU,
>> +    MR_EVT_ARGS_PD_PATHINFO,
>> +    MR_EVT_ARGS_PD_POWER_STATE,
>> +    MR_EVT_ARGS_GENERIC,
>> +} mfi_evt_args;
>> +
>> +/* Event codes */
>> +#define MR_EVT_CFG_CLEARED                          0x0004
>> +#define MR_EVT_CTRL_SHUTDOWN                        0x002a
>> +#define MR_EVT_LD_STATE_CHANGE                      0x0051
>> +#define MR_EVT_PD_INSERTED                          0x005b
>> +#define MR_EVT_PD_REMOVED                           0x0070
>> +#define MR_EVT_PD_STATE_CHANGED                     0x0072
>> +#define MR_EVT_LD_CREATED                           0x008a
>> +#define MR_EVT_LD_DELETED                           0x008b
>> +#define MR_EVT_FOREIGN_CFG_IMPORTED                 0x00db
>> +#define MR_EVT_LD_OFFLINE                           0x00fc
>> +#define MR_EVT_CTRL_HOST_BUS_SCAN_REQUESTED         0x0152
>> +
>> +typedef enum {
>> +    MR_LD_CACHE_WRITE_BACK =            0x01,
>> +    MR_LD_CACHE_WRITE_ADAPTIVE =        0x02,
>> +    MR_LD_CACHE_READ_AHEAD =            0x04,
>> +    MR_LD_CACHE_READ_ADAPTIVE =         0x08,
>> +    MR_LD_CACHE_WRITE_CACHE_BAD_BBU =   0x10,
>> +    MR_LD_CACHE_ALLOW_WRITE_CACHE =     0x20,
>> +    MR_LD_CACHE_ALLOW_READ_CACHE =      0x40
>> +} mfi_ld_cache;
>> +
>> +typedef enum {
>> +    MR_PD_CACHE_UNCHANGED  =    0,
>> +    MR_PD_CACHE_ENABLE =        1,
>> +    MR_PD_CACHE_DISABLE =       2
>> +} mfi_pd_cache;
>> +
>> +typedef enum {
>> +    MR_PD_QUERY_TYPE_ALL =              0,
>> +    MR_PD_QUERY_TYPE_STATE =            1,
>> +    MR_PD_QUERY_TYPE_POWER_STATE =      2,
>> +    MR_PD_QUERY_TYPE_MEDIA_TYPE =       3,
>> +    MR_PD_QUERY_TYPE_SPEED =            4,
>> +    MR_PD_QUERY_TYPE_EXPOSED_TO_HOST =  5, /*query for system drives */
>> +} mfi_pd_query_type;
>> +
>> +/*
>> + * Other propertities and definitions
>> + */
>> +#define MFI_MAX_PD_CHANNELS     2
>> +#define MFI_MAX_LD_CHANNELS     2
>> +#define MFI_MAX_CHANNELS        (MFI_MAX_PD_CHANNELS + 
>> MFI_MAX_LD_CHANNELS)
>> +#define MFI_MAX_CHANNEL_DEVS  128
>> +#define MFI_DEFAULT_ID         -1
>> +#define MFI_MAX_LUN             8
>> +#define MFI_MAX_LD             64
>> +
>> +#define MFI_FRAME_SIZE         64
>> +#define MFI_MBOX_SIZE          12
>> +
>> +/* Firmware flashing can take 40s */
>> +#define MFI_POLL_TIMEOUT_SECS  50
>> +
>> +/* Allow for speedier math calculations */
>> +#define MFI_SECTOR_LEN        512
>> +
>> +/* Scatter Gather elements */
>> +struct mfi_sg32 {
>> +    uint32_t addr;
>> +    uint32_t len;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_sg64 {
>> +    uint64_t addr;
>> +    uint32_t len;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_sg_skinny {
>> +    uint64_t addr;
>> +    uint32_t len;
>> +    uint32_t flag;
>> +} __attribute__ ((packed));
>> +
>> +union mfi_sgl {
>> +    struct mfi_sg32 sg32[1];
>> +    struct mfi_sg64 sg64[1];
>> +    struct mfi_sg_skinny sg_skinny[1];
>> +} __attribute__ ((packed));
>> +
>> +/* Message frames.  All messages have a common header */
>> +struct mfi_frame_header {
>> +    uint8_t frame_cmd;
>> +    uint8_t sense_len;
>> +    uint8_t cmd_status;
>> +    uint8_t scsi_status;
>> +    uint8_t target_id;
>> +    uint8_t lun_id;
>> +    uint8_t cdb_len;
>> +    uint8_t sge_count;
>> +    uint64_t context;
>> +    uint16_t flags;
>> +    uint16_t timeout;
>> +    uint32_t data_len;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_init_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t qinfo_new_addr_lo;
>> +    uint32_t qinfo_new_addr_hi;
>> +    uint32_t qinfo_old_addr_lo;
>> +    uint32_t qinfo_old_addr_hi;
>> +    uint32_t reserved[6];
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_IO_FRAME_SIZE 40
>> +struct mfi_io_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t sense_addr_lo;
>> +    uint32_t sense_addr_hi;
>> +    uint32_t lba_lo;
>> +    uint32_t lba_hi;
>> +    union mfi_sgl sgl;
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_PASS_FRAME_SIZE 48
>> +struct mfi_pass_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t sense_addr_lo;
>> +    uint32_t sense_addr_hi;
>> +    uint8_t cdb[16];
>> +    union mfi_sgl sgl;
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_DCMD_FRAME_SIZE 40
>> +struct mfi_dcmd_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t opcode;
>> +    uint8_t mbox[MFI_MBOX_SIZE];
>> +    union mfi_sgl sgl;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_abort_frame {
>> +    struct mfi_frame_header header;
>> +    uint64_t abort_context;
>> +    uint32_t abort_mfi_addr_lo;
>> +    uint32_t abort_mfi_addr_hi;
>> +    uint32_t reserved1[6];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_smp_frame {
>> +    struct mfi_frame_header header;
>> +    uint64_t sas_addr;
>> +    union {
>> +        struct mfi_sg32 sg32[2];
>> +        struct mfi_sg64 sg64[2];
>> +    } sgl;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_stp_frame {
>> +    struct mfi_frame_header header;
>> +    uint16_t fis[10];
>> +    uint32_t stp_flags;
>> +    union {
>> +        struct mfi_sg32 sg32[2];
>> +        struct mfi_sg64 sg64[2];
>> +    } sgl;
>> +} __attribute__ ((packed));
>> +
>> +union mfi_frame {
>> +    struct mfi_frame_header header;
>> +    struct mfi_init_frame init;
>> +    struct mfi_io_frame io;
>> +    struct mfi_pass_frame pass;
>> +    struct mfi_dcmd_frame dcmd;
>> +    struct mfi_abort_frame abort;
>> +    struct mfi_smp_frame smp;
>> +    struct mfi_stp_frame stp;
>> +    uint64_t raw[8];
>> +    uint8_t bytes[MFI_FRAME_SIZE];
>> +};
>> +
>> +#define MFI_SENSE_LEN 128
>> +struct mfi_sense {
>> +    uint8_t     data[MFI_SENSE_LEN];
>> +};
>> +
>> +#define MFI_QUEUE_FLAG_CONTEXT64 0x00000002
>> +
>> +/* The queue init structure that is passed with the init message */
>> +struct mfi_init_qinfo {
>> +    uint32_t flags;
>> +    uint32_t rq_entries;
>> +    uint32_t rq_addr_lo;
>> +    uint32_t rq_addr_hi;
>> +    uint32_t pi_addr_lo;
>> +    uint32_t pi_addr_hi;
>> +    uint32_t ci_addr_lo;
>> +    uint32_t ci_addr_hi;
>> +} __attribute__ ((packed));
>> +
>> +/* Controller properties */
>> +struct mfi_ctrl_props {
>> +    uint16_t seq_num;
>> +    uint16_t pred_fail_poll_interval;
>> +    uint16_t intr_throttle_cnt;
>> +    uint16_t intr_throttle_timeout;
>> +    uint8_t rebuild_rate;
>> +    uint8_t patrol_read_rate;
>> +    uint8_t bgi_rate;
>> +    uint8_t cc_rate;
>> +    uint8_t recon_rate;
>> +    uint8_t cache_flush_interval;
>> +    uint8_t spinup_drv_cnt;
>> +    uint8_t spinup_delay;
>> +    uint8_t cluster_enable;
>> +    uint8_t coercion_mode;
>> +    uint8_t alarm_enable;
>> +    uint8_t disable_auto_rebuild;
>> +    uint8_t disable_battery_warn;
>> +    uint8_t ecc_bucket_size;
>> +    uint16_t ecc_bucket_leak_rate;
>> +    uint8_t restore_hotspare_on_insertion;
>> +    uint8_t expose_encl_devices;
>> +    uint8_t maintainPdFailHistory;
>> +    uint8_t disallowHostRequestReordering;
>> +    uint8_t abortCCOnError;
>> +    uint8_t loadBalanceMode;
>> +    uint8_t disableAutoDetectBackplane;
>> +    uint8_t snapVDSpace;
>> +    struct {
>> +        /* set TRUE to disable copyBack (0=copyback enabled) */
>> +        uint32_t copyBackDisabled:1,
>> +            SMARTerEnabled:1,
>> +            prCorrectUnconfiguredAreas:1,
>> +            useFdeOnly:1,
>> +            disableNCQ:1,
>> +            SSDSMARTerEnabled:1,
>> +            SSDPatrolReadEnabled:1,
>> +            enableSpinDownUnconfigured:1,
>> +            autoEnhancedImport:1,
>> +            enableSecretKeyControl:1,
>> +            disableOnlineCtrlReset:1,
>> +            allowBootWithPinnedCache:1,
>> +            disableSpinDownHS:1,
>> +            enableJBOD:1,
>> +            reserved:18;
>> +    } OnOffProperties;
>> +    uint8_t autoSnapVDSpace; /* % of source LD to be
>> +                              * reserved for auto snapshot
>> +                              * in snapshot repository, for
>> +                              * metadata and user data
>> +                              * 1=5%, 2=10%, 3=15% and so on
>> +                              */
>> +    uint8_t viewSpace;       /* snapshot writeable VIEWs
>> +                              * capacity as a % of source LD
>> +                              * capacity. 0=READ only
>> +                              * 1=5%, 2=10%, 3=15% and so on
>> +                              */
>> +    uint16_t spinDownTime;    /* # of idle minutes before device
>> +                               * is spun down (0=use FW defaults)
>> +                               */
>> +    uint8_t reserved[24];
>> +} __attribute__ ((packed));
>> +
>> +/* PCI information about the card. */
>> +struct mfi_info_pci {
>> +    uint16_t vendor;
>> +    uint16_t device;
>> +    uint16_t subvendor;
>> +    uint16_t subdevice;
>> +    uint8_t reserved[24];
>> +} __attribute__ ((packed));
>> +
>> +/* Host (front end) interface information */
>> +struct mfi_info_host {
>> +    uint8_t type;
>> +#define MFI_INFO_HOST_PCIX      0x01
>> +#define MFI_INFO_HOST_PCIE      0x02
>> +#define MFI_INFO_HOST_ISCSI     0x04
>> +#define MFI_INFO_HOST_SAS3G     0x08
>> +    uint8_t reserved[6];
>> +    uint8_t port_count;
>> +    uint64_t port_addr[8];
>> +} __attribute__ ((packed));
>> +
>> +/* Device (back end) interface information */
>> +struct mfi_info_device {
>> +    uint8_t type;
>> +#define MFI_INFO_DEV_SPI        0x01
>> +#define MFI_INFO_DEV_SAS3G      0x02
>> +#define MFI_INFO_DEV_SATA1      0x04
>> +#define MFI_INFO_DEV_SATA3G     0x08
>> +    uint8_t reserved[6];
>> +    uint8_t port_count;
>> +    uint64_t port_addr[8];
>> +} __attribute__ ((packed));
>> +
>> +/* Firmware component information */
>> +struct mfi_info_component {
>> +    char name[8];
>> +    char version[32];
>> +    char build_date[16];
>> +    char build_time[16];
>> +} __attribute__ ((packed));
>> +
>> +/* Controller default settings */
>> +struct mfi_defaults {
>> +    uint64_t sas_addr;
>> +    uint8_t phy_polarity;
>> +    uint8_t background_rate;
>> +    uint8_t stripe_size;
>> +    uint8_t flush_time;
>> +    uint8_t write_back;
>> +    uint8_t read_ahead;
>> +    uint8_t cache_when_bbu_bad;
>> +    uint8_t cached_io;
>> +    uint8_t smart_mode;
>> +    uint8_t alarm_disable;
>> +    uint8_t coercion;
>> +    uint8_t zrc_config;
>> +    uint8_t dirty_led_shows_drive_activity;
>> +    uint8_t bios_continue_on_error;
>> +    uint8_t spindown_mode;
>> +    uint8_t allowed_device_types;
>> +    uint8_t allow_mix_in_enclosure;
>> +    uint8_t allow_mix_in_ld;
>> +    uint8_t allow_sata_in_cluster;
>> +    uint8_t max_chained_enclosures;
>> +    uint8_t disable_ctrl_r;
>> +    uint8_t enable_web_bios;
>> +    uint8_t phy_polarity_split;
>> +    uint8_t direct_pd_mapping;
>> +    uint8_t bios_enumerate_lds;
>> +    uint8_t restored_hot_spare_on_insertion;
>> +    uint8_t expose_enclosure_devices;
>> +    uint8_t maintain_pd_fail_history;
>> +    uint8_t disable_puncture;
>> +    uint8_t zero_based_enumeration;
>> +    uint8_t disable_preboot_cli;
>> +    uint8_t show_drive_led_on_activity;
>> +    uint8_t cluster_disable;
>> +    uint8_t sas_disable;
>> +    uint8_t auto_detect_backplane;
>> +    uint8_t fde_only;
>> +    uint8_t delay_during_post;
>> +    uint8_t resv[19];
>> +} __attribute__ ((packed));
>> +
>> +/* Controller default settings */
>> +struct mfi_bios_data {
>> +    uint16_t boot_target_id;
>> +    uint8_t do_not_int_13;
>> +    uint8_t continue_on_error;
>> +    uint8_t verbose;
>> +    uint8_t geometry;
>> +    uint8_t expose_all_drives;
>> +    uint8_t reserved[56];
>> +    uint8_t check_sum;
>> +} __attribute__ ((packed));
>> +
>> +/* SAS (?) controller info, returned from MFI_DCMD_CTRL_GETINFO. */
>> +struct mfi_ctrl_info {
>> +    struct mfi_info_pci pci;
>> +    struct mfi_info_host host;
>> +    struct mfi_info_device device;
>> +
>> +    /* Firmware components that are present and active. */
>> +    uint32_t image_check_word;
>> +    uint32_t image_component_count;
>> +    struct mfi_info_component image_component[8];
>> +
>> +    /* Firmware components that have been flashed but are inactive */
>> +    uint32_t pending_image_component_count;
>> +    struct mfi_info_component pending_image_component[8];
>> +
>> +    uint8_t max_arms;
>> +    uint8_t max_spans;
>> +    uint8_t max_arrays;
>> +    uint8_t max_lds;
>> +    char product_name[80];
>> +    char serial_number[32];
>> +    uint32_t hw_present;
>> +#define MFI_INFO_HW_BBU         0x01
>> +#define MFI_INFO_HW_ALARM       0x02
>> +#define MFI_INFO_HW_NVRAM       0x04
>> +#define MFI_INFO_HW_UART        0x08
>> +#define MFI_INFO_HW_MEM         0x10
>> +#define MFI_INFO_HW_FLASH       0x20
>> +    uint32_t current_fw_time;
>> +    uint16_t max_cmds;
>> +    uint16_t max_sg_elements;
>> +    uint32_t max_request_size;
>> +    uint16_t lds_present;
>> +    uint16_t lds_degraded;
>> +    uint16_t lds_offline;
>> +    uint16_t pd_present;
>> +    uint16_t pd_disks_present;
>> +    uint16_t pd_disks_pred_failure;
>> +    uint16_t pd_disks_failed;
>> +    uint16_t nvram_size;
>> +    uint16_t memory_size;
>> +    uint16_t flash_size;
>> +    uint16_t ram_correctable_errors;
>> +    uint16_t ram_uncorrectable_errors;
>> +    uint8_t cluster_allowed;
>> +    uint8_t cluster_active;
>> +    uint16_t max_strips_per_io;
>> +
>> +    uint32_t raid_levels;
>> +#define MFI_INFO_RAID_0         0x01
>> +#define MFI_INFO_RAID_1         0x02
>> +#define MFI_INFO_RAID_5         0x04
>> +#define MFI_INFO_RAID_1E        0x08
>> +#define MFI_INFO_RAID_6         0x10
>> +
>> +    uint32_t adapter_ops;
>> +#define MFI_INFO_AOPS_RBLD_RATE         0x0001
>> +#define MFI_INFO_AOPS_CC_RATE           0x0002
>> +#define MFI_INFO_AOPS_BGI_RATE          0x0004
>> +#define MFI_INFO_AOPS_RECON_RATE        0x0008
>> +#define MFI_INFO_AOPS_PATROL_RATE       0x0010
>> +#define MFI_INFO_AOPS_ALARM_CONTROL     0x0020
>> +#define MFI_INFO_AOPS_CLUSTER_SUPPORTED 0x0040
>> +#define MFI_INFO_AOPS_BBU               0x0080
>> +#define MFI_INFO_AOPS_SPANNING_ALLOWED  0x0100
>> +#define MFI_INFO_AOPS_DEDICATED_SPARES  0x0200
>> +#define MFI_INFO_AOPS_REVERTIBLE_SPARES 0x0400
>> +#define MFI_INFO_AOPS_FOREIGN_IMPORT    0x0800
>> +#define MFI_INFO_AOPS_SELF_DIAGNOSTIC   0x1000
>> +#define MFI_INFO_AOPS_MIXED_ARRAY       0x2000
>> +#define MFI_INFO_AOPS_GLOBAL_SPARES     0x4000
>> +
>> +    uint32_t ld_ops;
>> +#define MFI_INFO_LDOPS_READ_POLICY      0x01
>> +#define MFI_INFO_LDOPS_WRITE_POLICY     0x02
>> +#define MFI_INFO_LDOPS_IO_POLICY        0x04
>> +#define MFI_INFO_LDOPS_ACCESS_POLICY    0x08
>> +#define MFI_INFO_LDOPS_DISK_CACHE_POLICY 0x10
>> +
>> +    struct {
>> +        uint8_t min;
>> +        uint8_t max;
>> +        uint8_t reserved[2];
>> +    } __attribute__ ((packed)) stripe_sz_ops;
>> +
>> +    uint32_t pd_ops;
>> +#define MFI_INFO_PDOPS_FORCE_ONLINE     0x01
>> +#define MFI_INFO_PDOPS_FORCE_OFFLINE    0x02
>> +#define MFI_INFO_PDOPS_FORCE_REBUILD    0x04
>> +
>> +    uint32_t pd_mix_support;
>> +#define MFI_INFO_PDMIX_SAS              0x01
>> +#define MFI_INFO_PDMIX_SATA             0x02
>> +#define MFI_INFO_PDMIX_ENCL             0x04
>> +#define MFI_INFO_PDMIX_LD               0x08
>> +#define MFI_INFO_PDMIX_SATA_CLUSTER     0x10
>> +
>> +    uint8_t ecc_bucket_count;
>> +    uint8_t reserved2[11];
>> +    struct mfi_ctrl_props properties;
>> +    char package_version[0x60];
>> +    uint8_t pad[0x800 - 0x6a0];
>> +} __attribute__ ((packed));
>> +
>> +/* keep track of an event. */
>> +union mfi_evt {
>> +    struct {
>> +        uint16_t locale;
>> +        uint8_t reserved;
>> +        int8_t class;
>> +    } members;
>> +    uint32_t word;
>> +} __attribute__ ((packed));
>> +
>> +/* event log state. */
>> +struct mfi_evt_log_state {
>> +    uint32_t newest_seq_num;
>> +    uint32_t oldest_seq_num;
>> +    uint32_t clear_seq_num;
>> +    uint32_t shutdown_seq_num;
>> +    uint32_t boot_seq_num;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_progress {
>> +    uint16_t progress;
>> +    uint16_t elapsed_seconds;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_evt_ld {
>> +    uint16_t target_id;
>> +    uint8_t ld_index;
>> +    uint8_t reserved;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_evt_pd {
>> +    uint16_t device_id;
>> +    uint8_t enclosure_index;
>> +    uint8_t slot_number;
>> +} __attribute__ ((packed));
>> +
>> +/* event detail, returned from MFI_DCMD_CTRL_EVENT_WAIT. */
>> +struct mfi_evt_detail {
>> +    uint32_t seq;
>> +    uint32_t time;
>> +    uint32_t code;
>> +    union mfi_evt class;
>> +    uint8_t arg_type;
>> +    uint8_t reserved1[15];
>> +
>> +    union {
>> +        struct {
>> +            struct mfi_evt_pd pd;
>> +            uint8_t cdb_len;
>> +            uint8_t sense_len;
>> +            uint8_t reserved[2];
>> +            uint8_t cdb[16];
>> +            uint8_t sense[64];
>> +        } cdb_sense;
>> +
>> +        struct mfi_evt_ld ld;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            uint64_t count;
>> +        } ld_count;
>> +
>> +        struct {
>> +            uint64_t lba;
>> +            struct mfi_evt_ld ld;
>> +        } ld_lba;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            uint32_t pre_owner;
>> +            uint32_t new_owner;
>> +        } ld_owner;
>> +
>> +        struct {
>> +            uint64_t ld_lba;
>> +            uint64_t pd_lba;
>> +            struct mfi_evt_ld ld;
>> +            struct mfi_evt_pd pd;
>> +        } ld_lba_pd_lba;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            struct mfi_progress prog;
>> +        } ld_prog;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            uint32_t prev_state;
>> +            uint32_t new_state;
>> +        } ld_state;
>> +
>> +        struct {
>> +            uint64_t strip;
>> +            struct mfi_evt_ld ld;
>> +        } ld_strip;
>> +
>> +        struct mfi_evt_pd pd;
>> +
>> +        struct {
>> +            struct mfi_evt_pd pd;
>> +            uint32_t err;
>> +        } pd_err;
>> +
>> +        struct {
>> +            uint64_t lba;
>> +            struct mfi_evt_pd pd;
>> +        } pd_lba;
>> +
>> +        struct {
>> +            uint64_t lba;
>> +            struct mfi_evt_pd pd;
>> +            struct mfi_evt_ld ld;
>> +        } pd_lba_ld;
>> +
>> +        struct {
>> +            struct mfi_evt_pd pd;
>> +            struct mfi_progress prog;
>> +        } pd_prog;
>> +
>> +        struct {
>> +            struct mfi_evt_pd ld;
>> +            uint32_t prev_state;
>> +            uint32_t new_state;
>> +        } pd_state;
>> +
>> +        struct {
>> +            uint16_t venderId;
>> +            uint16_t deviceId;
>> +            uint16_t subVenderId;
>> +            uint16_t subDeviceId;
>> +        } pci;
>> +
>> +        uint32_t rate;
>> +
>> +        char str[96];
>> +
>> +        struct {
>> +            uint32_t rtc;
>> +            uint16_t elapsedSeconds;
>> +        } time;
>> +
>> +        struct {
>> +            uint32_t ecar;
>> +            uint32_t elog;
>> +            char str[64];
>> +        } ecc;
>> +
>> +        uint8_t b[96];
>> +        uint16_t s[48];
>> +        uint32_t w[24];
>> +        uint64_t d[12];
>> +    } args;
>> +
>> +    char description[128];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_evt_list {
>> +    uint32_t count;
>> +    uint32_t reserved;
>> +    struct mfi_evt_detail event[1];
>> +} __attribute__ ((packed));
>> +
>> +union mfi_pd_ref {
>> +    struct {
>> +        uint16_t device_id;
>> +        uint16_t seq_num;
>> +    } v;
>> +    uint32_t ref;
>> +} __attribute__ ((packed));
>> +
>> +union mfi_pd_ddf_type {
>> +    struct {
>> +        union {
>> +            struct {
>> +                uint16_t forced_pd_guid:1,
>> +                    in_vd:1,
>> +                    is_global_spare:1,
>> +                    is_spare:1,
>> +                    is_foreign:1,
>> +                    reserved:7,
>> +                    intf:4;
>> +            } pd_type;
>> +            uint16_t type;
>> +        } v;
>> +        uint16_t reserved;
>> +    } ddf;
>> +    struct {
>> +        uint32_t reserved;
>> +    } non_disk;
>> +    uint32_t type;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_pd_progress {
>> +    struct {
>> +        uint32_t rbld:1,
>> +            patrol:1 ,
>> +            clear:1,
>> +            reserved:29;
>> +    } active;
>> +    struct mfi_progress rbld;
>> +    struct mfi_progress patrol;
>> +    struct mfi_progress clear;
>> +    struct mfi_progress reserved[4];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_pd_info {
>> +    union mfi_pd_ref ref;
>> +    uint8_t inquiry_data[96];
>> +    uint8_t vpd_page83[64];
>> +    uint8_t not_supported;
>> +    uint8_t scsi_dev_type;
>> +    uint8_t connected_port_bitmap;
>> +    uint8_t device_speed;
>> +    uint32_t media_err_count;
>> +    uint32_t other_err_count;
>> +    uint32_t pred_fail_count;
>> +    uint32_t last_pred_fail_event_seq_num;
>> +    uint16_t fw_state;
>> +    uint8_t disable_for_removal;
>> +    uint8_t link_speed;
>> +    union mfi_pd_ddf_type state;
>> +    struct {
>> +        uint8_t count;
>> +        uint8_t is_path_broken;
>> +        uint8_t reserved[6];
>> +        uint64_t sas_addr[4];
>> +    } path_info;
>> +    uint64_t raw_size;
>> +    uint64_t non_coerced_size;
>> +    uint64_t coerced_size;
>> +    uint16_t encl_device_id;
>> +    uint8_t encl_index;
>> +    uint8_t slot_number;
>> +    struct mfi_pd_progress prog_info;
>> +    uint8_t bad_block_table_full;
>> +    uint8_t unusable_in_current_config;
>> +    uint8_t vpd_page83_ext[64];
>> +    uint8_t reserved[512-358];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_pd_address {
>> +    uint16_t device_id;
>> +    uint16_t encl_device_id;
>> +    uint8_t encl_index;
>> +    uint8_t slot_number;
>> +    uint8_t scsi_dev_type;
>> +    uint8_t connect_port_bitmap;
>> +    uint64_t sas_addr[2];
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_SYS_PDS 240
>> +struct mfi_pd_list {
>> +    uint32_t size;
>> +    uint32_t count;
>> +    struct mfi_pd_address addr[MAX_SYS_PDS];
>> +} __attribute__ ((packed));
>> +
>> +union mfi_ld_ref {
>> +    struct {
>> +        uint8_t target_id;
>> +        uint8_t reserved;
>> +        uint16_t seq;
>> +    } v;
>> +    uint32_t ref;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_list {
>> +    uint32_t ld_count;
>> +    uint32_t reserved1;
>> +    struct {
>> +        union mfi_ld_ref ld;
>> +        uint8_t state;
>> +        uint8_t reserved2[3];
>> +        uint64_t size;
>> +    } ld_list[MFI_MAX_LD];
>> +} __attribute__ ((packed));
>> +
>> +enum mfi_ld_access {
>> +    MFI_LD_ACCESS_RW =          0,
>> +    MFI_LD_ACCSSS_RO =          2,
>> +    MFI_LD_ACCESS_BLOCKED =     3,
>> +};
>> +#define MFI_LD_ACCESS_MASK      3
>> +
>> +enum mfi_ld_state {
>> +    MFI_LD_STATE_OFFLINE =              0,
>> +    MFI_LD_STATE_PARTIALLY_DEGRADED =   1,
>> +    MFI_LD_STATE_DEGRADED =             2,
>> +    MFI_LD_STATE_OPTIMAL =              3
>> +};
>> +
>> +enum mfi_syspd_state {
>> +    MFI_PD_STATE_UNCONFIGURED_GOOD =    0x00,
>> +    MFI_PD_STATE_UNCONFIGURED_BAD =     0x01,
>> +    MFI_PD_STATE_HOT_SPARE =            0x02,
>> +    MFI_PD_STATE_OFFLINE =              0x10,
>> +    MFI_PD_STATE_FAILED =               0x11,
>> +    MFI_PD_STATE_REBUILD =              0x14,
>> +    MFI_PD_STATE_ONLINE =               0x18,
>> +    MFI_PD_STATE_COPYBACK =             0x20,
>> +    MFI_PD_STATE_SYSTEM =               0x40
>> +};
>> +
>> +struct mfi_ld_props {
>> +    union mfi_ld_ref ld;
>> +    char name[16];
>> +    uint8_t default_cache_policy;
>> +    uint8_t access_policy;
>> +    uint8_t disk_cache_policy;
>> +    uint8_t current_cache_policy;
>> +    uint8_t no_bgi;
>> +    uint8_t reserved[7];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_params {
>> +    uint8_t primary_raid_level;
>> +    uint8_t raid_level_qualifier;
>> +    uint8_t secondary_raid_level;
>> +    uint8_t stripe_size;
>> +    uint8_t num_drives;
>> +    uint8_t span_depth;
>> +    uint8_t state;
>> +    uint8_t init_state;
>> +    uint8_t is_consistent;
>> +    uint8_t reserved[23];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_progress {
>> +    uint32_t            active;
>> +#define MFI_LD_PROGRESS_CC      (1<<0)
>> +#define MFI_LD_PROGRESS_BGI     (1<<1)
>> +#define MFI_LD_PROGRESS_FGI     (1<<2)
>> +#define MFI_LD_PORGRESS_RECON   (1<<3)
>> +    struct mfi_progress cc;
>> +    struct mfi_progress bgi;
>> +    struct mfi_progress fgi;
>> +    struct mfi_progress recon;
>> +    struct mfi_progress reserved[4];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_span {
>> +    uint64_t start_block;
>> +    uint64_t num_blocks;
>> +    uint16_t array_ref;
>> +    uint8_t reserved[6];
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_MAX_SPAN_DEPTH      8
>> +struct mfi_ld_config {
>> +    struct mfi_ld_props properties;
>> +    struct mfi_ld_params params;
>> +    struct mfi_span span[MFI_MAX_SPAN_DEPTH];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_info {
>> +    struct mfi_ld_config ld_config;
>> +    uint64_t size;
>> +    struct mfi_ld_progress progress;
>> +    uint16_t cluster_owner;
>> +    uint8_t reconstruct_active;
>> +    uint8_t reserved1[1];
>> +    uint8_t vpd_page83[64];
>> +    uint8_t reserved2[16];
>> +} __attribute__ ((packed));
>> +
>> +union mfi_spare_type {
>> +    struct {
>> +        uint8_t is_dedicate:1,
>> +            is_revertable:1,
>> +            is_encl_affinity:1,
>> +            reserved:5;
>> +    } v;
>> +    uint8_t type;
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_ARRAYS 16
>> +struct mfi_spare {
>> +    union mfi_pd_ref ref;
>> +    union mfi_spare_type spare_type;
>> +    uint8_t reserved[2];
>> +    uint8_t array_count;
>> +    uint16_t array_refd[MAX_ARRAYS];
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_ROW_SIZE 32
>> +struct mfi_array {
>> +    uint64_t size;
>> +    uint8_t num_drives;
>> +    uint8_t reserved;
>> +    uint16_t array_ref;
>> +    uint8_t pad[20];
>> +    struct {
>> +        union mfi_pd_ref ref;
>> +        uint16_t fw_state;
>> +        struct {
>> +            uint8_t pd;
>> +            uint8_t slot;
>> +        } encl;
>> +    } pd[MAX_ROW_SIZE];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_config_data {
>> +    uint32_t size;
>> +    uint16_t array_count;
>> +    uint16_t array_size;
>> +    uint16_t log_drv_count;
>> +    uint16_t log_drv_size;
>> +    uint16_t spares_count;
>> +    uint16_t spares_size;
>> +    uint8_t reserved[16];
>> +    uint8_t data;
>> +    /*
>> +      struct mfi_array  array[];
>> +      struct mfi_ld_config ld[];
>> +      struct mfi_spare  spare[];
>> +    */
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_SCSI_MAX_t ARGETS  128
>> +#define MFI_SCSI_MAX_LUNS       8
>> +#define MFI_SCSI_INITIATOR_ID 255
>> +#define MFI_SCSI_MAX_CMDS       8
>> +#define MFI_SCSI_MAX_CDB_LEN   16
>> +
>> +#endif /* _MFI_H */
>> diff --git a/hw/pci_ids.h b/hw/pci_ids.h
>> index e8235a7..0306255 100644
>> --- a/hw/pci_ids.h
>> +++ b/hw/pci_ids.h
>> @@ -12,9 +12,9 @@
>> 
>> #define PCI_BASE_CLASS_STORAGE           0x01
>> #define PCI_BASE_CLASS_NETWORK           0x02
>> -
>> #define PCI_CLASS_STORAGE_SCSI           0x0100
>> #define PCI_CLASS_STORAGE_IDE            0x0101
>> +#define PCI_CLASS_STORAGE_RAID           0x0104
>> #define PCI_CLASS_STORAGE_SATA           0x0106
>> #define PCI_CLASS_STORAGE_OTHER          0x0180
>> 
>> @@ -47,6 +47,7 @@
>> 
>> #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
>> #define PCI_DEVICE_ID_LSI_53C895A        0x0012
>> +#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
>> 
>> #define PCI_VENDOR_ID_DEC                0x1011
>> #define PCI_DEVICE_ID_DEC_21154          0x0026
>> -- 
>> 1.7.3.4
>> 
>> 
>> 
>
>
Alexander Graf - Feb. 23, 2012, 7:12 a.m.
On 21.02.2012, at 10:36, Hannes Reinecke wrote:

> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
> I've tested it to work with Linux, Windows Vista, and Windows7.
> MSI-X support is currently broken; have to investigate.
> 
> Changes since v13:
> - Remove separate MSI-X BAR
> - Simplify BAR allocation
> 
> Changes since v12:
> - Fixup flag setting via properties
> - Fixup MSI-X handling
> - Disable MSI-X per default
> 
> Changes since v11:
> - Remove unneeded variables
> 
> Changes since v10:
> - Port to new device type API
> - Include suggestion from Alex Graf:
> - Remove 'inline' function declaration
> - Queue setup and interrupt enablement needs to be treated
>  independently
> - Always read in 64 bit context and just mask out the top
>  bits if required
> 
> Changes since v9:
> - Split off trace events into a separate patch
> - Do not check for max_luns in PD Info
> - Update trace events
> - Clarify license statement
> - Fixup coding style issues
> 
> Changes since v8:
> - Remove 'disable' keyword from trace definitions
> - Convert hand-crafted debugging statements with trace
>  definitions
> - Treat 'context' tag as little endian
> 
> Changes since v7:
> - Port to new memory API
> - Port to new PCI infrastructure
> - Use fixed buffers for sense processing
> - Update to updated SCSI infrastructure
> 
> Changes since v6:
> - Preliminary patches pushed to Kevins block tree
> - Implement 64bit contexts, required for Windows7
> - Use iovecs for DCMD processing
> - Add MSI-X support
>  Latest Linux driver now happily uses MSI-X.
> - Static iovec allocation
>  We have a fixed upper number of iovecs, so we can
>  save us the allocation. Suggested by Alex Graf.
> - Update MFI header
>  Latest Linux driver has some more definitions,
>  add them
> - Fixup AEN handling
> - Update tracing details
> - Remove sdev pointer from megasas_cmd_t
> 
> Changes since v5:
> - megasas: Use tracing infrastructure instead of DPRINTF
> - megasas: Use new PCI infrastructure
> - megasas: Check for iovec mapping failure
>  cpu_map_physical_memory() might fail, so we need to check for
>  it when mapping iovecs.
> - megasas: Trace scsi buffer overflow
>  The transfer length as specified in the SCSI command might
>  disagree with the length of the iovec. We should be tracing
>  these issues.
> - megasas: Reset frames after init firmware
>  When receiving an INIT FIRMWARE command we need reset all
>  frames, otherwise some frames might point to invalid memory.
> 
> Chances since v4:
> - megasas: checkpatch.pl fixes and update to work with the
>  changed interface in scsi_req_new(). Also included the
>  suggested fixes from Alex.
> 
> Signed-off-by: Hannes Reinecke <hare@suse.de>
> Cc: Alexander Graf <agraf@suse.de>
> Cc: Andreas Faerber <afaerber@suse.de>
> Cc: Gerhard Wiesinger <lists@wiesinger.com>

Kevin, Michael, Paul, Paolo, who wants to take this one up? :)


Alex
Andreas Färber - Feb. 23, 2012, 7:14 a.m.
Am 23.02.2012 08:03, schrieb Gerhard Wiesinger:
> Ping?

> On Tue, 21 Feb 2012, Gerhard Wiesinger wrote:
> 
>> Can confirm that all issues are fixed now and v14 is ready for commit :-)

A formal Tested-by may help. :)

Andreas

>> On Tue, 21 Feb 2012, Hannes Reinecke wrote:
>>
>>> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
>>> I've tested it to work with Linux, Windows Vista, and Windows7.
>>> MSI-X support is currently broken; have to investigate.
Gerhard Wiesinger - Feb. 23, 2012, 7:20 a.m.
Tested-by: Gerhard Wiesinger <lists@wiesinger.com>

Ciao,
Gerhard
--
http://www.wiesinger.com/


On Thu, 23 Feb 2012, Andreas Färber wrote:

> Am 23.02.2012 08:03, schrieb Gerhard Wiesinger:
>> Ping?
>
>> On Tue, 21 Feb 2012, Gerhard Wiesinger wrote:
>>
>>> Can confirm that all issues are fixed now and v14 is ready for commit :-)
>
> A formal Tested-by may help. :)
>
> Andreas
>
>>> On Tue, 21 Feb 2012, Hannes Reinecke wrote:
>>>
>>>> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
>>>> I've tested it to work with Linux, Windows Vista, and Windows7.
>>>> MSI-X support is currently broken; have to investigate.
>
> -- 
> SUSE LINUX Products GmbH, Maxfeldstr. 5, 90409 Nürnberg, Germany
> GF: Jeff Hawn, Jennifer Guild, Felix Imendörffer; HRB 16746 AG Nürnberg
>
>
>
Michael S. Tsirkin - Feb. 23, 2012, 3:34 p.m.
On Tue, Feb 21, 2012 at 10:36:43AM +0100, Hannes Reinecke wrote:
> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
> I've tested it to work with Linux, Windows Vista, and Windows7.
> MSI-X support is currently broken; have to investigate.
> 
> Changes since v13:
> - Remove separate MSI-X BAR
> - Simplify BAR allocation
> 
> Changes since v12:
> - Fixup flag setting via properties
> - Fixup MSI-X handling
> - Disable MSI-X per default
> 
> Changes since v11:
> - Remove unneeded variables
> 
> Changes since v10:
> - Port to new device type API
> - Include suggestion from Alex Graf:
> - Remove 'inline' function declaration
> - Queue setup and interrupt enablement needs to be treated
>   independently
> - Always read in 64 bit context and just mask out the top
>   bits if required
> 
> Changes since v9:
> - Split off trace events into a separate patch
> - Do not check for max_luns in PD Info
> - Update trace events
> - Clarify license statement
> - Fixup coding style issues
> 
> Changes since v8:
> - Remove 'disable' keyword from trace definitions
> - Convert hand-crafted debugging statements with trace
>   definitions
> - Treat 'context' tag as little endian
> 
> Changes since v7:
> - Port to new memory API
> - Port to new PCI infrastructure
> - Use fixed buffers for sense processing
> - Update to updated SCSI infrastructure
> 
> Changes since v6:
> - Preliminary patches pushed to Kevins block tree
> - Implement 64bit contexts, required for Windows7
> - Use iovecs for DCMD processing
> - Add MSI-X support
>   Latest Linux driver now happily uses MSI-X.
> - Static iovec allocation
>   We have a fixed upper number of iovecs, so we can
>   save us the allocation. Suggested by Alex Graf.
> - Update MFI header
>   Latest Linux driver has some more definitions,
>   add them
> - Fixup AEN handling
> - Update tracing details
> - Remove sdev pointer from megasas_cmd_t
> 
> Changes since v5:
> - megasas: Use tracing infrastructure instead of DPRINTF
> - megasas: Use new PCI infrastructure
> - megasas: Check for iovec mapping failure
>   cpu_map_physical_memory() might fail, so we need to check for
>   it when mapping iovecs.
> - megasas: Trace scsi buffer overflow
>   The transfer length as specified in the SCSI command might
>   disagree with the length of the iovec. We should be tracing
>   these issues.
> - megasas: Reset frames after init firmware
>   When receiving an INIT FIRMWARE command we need reset all
>   frames, otherwise some frames might point to invalid memory.
> 
> Chances since v4:
> - megasas: checkpatch.pl fixes and update to work with the
>   changed interface in scsi_req_new(). Also included the
>   suggested fixes from Alex.
> 
> Signed-off-by: Hannes Reinecke <hare@suse.de>
> Cc: Alexander Graf <agraf@suse.de>
> Cc: Andreas Faerber <afaerber@suse.de>
> Cc: Gerhard Wiesinger <lists@wiesinger.com>

So Alex asked whether I can merge this, which made me
take a look. I don't know much about what this does
so just general comments on all of the code.

Also, some issues related to msix - want to rip that code
out for now since it does not work anyway?

qemu has two styles for struct and enum types:
1. documented: typedef struct CamelCase CamelCase;
2. undocumented but still widely used: struct lower_case; (no typedef)
*_t type typedef is used for numeric types such as target_phys_addr_t.

This code mixes them in arbitrary ways. Pls don't do that,
pls be consistent.




> ---
>  Makefile.objs           |    1 +
>  default-configs/pci.mak |    1 +
>  hw/megasas.c            | 1865 +++++++++++++++++++++++++++++++++++++++++++++++
>  hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
>  hw/pci_ids.h            |    3 +-
>  5 files changed, 3150 insertions(+), 1 deletions(-)
>  create mode 100644 hw/megasas.c
>  create mode 100644 hw/mfi.h
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index 391e524..5841998 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -283,6 +283,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
>  
>  # SCSI layer
>  hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
> +hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
>  hw-obj-$(CONFIG_ESP) += esp.o
>  
>  hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
> index 9d3e1db..4b49c00 100644
> --- a/default-configs/pci.mak
> +++ b/default-configs/pci.mak
> @@ -10,6 +10,7 @@ CONFIG_EEPRO100_PCI=y
>  CONFIG_PCNET_PCI=y
>  CONFIG_PCNET_COMMON=y
>  CONFIG_LSI_SCSI_PCI=y
> +CONFIG_MEGASAS_SCSI_PCI=y
>  CONFIG_RTL8139_PCI=y
>  CONFIG_E1000_PCI=y
>  CONFIG_IDE_CORE=y
> diff --git a/hw/megasas.c b/hw/megasas.c
> new file mode 100644
> index 0000000..083c3d3
> --- /dev/null
> +++ b/hw/megasas.c
> @@ -0,0 +1,1865 @@
> +/*
> + * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation

Link to documentation/hardware spec/driver code?

> + *
> + * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
> + *
> + * This library is free software; you can redistribute it and/or
> + * modify it under the terms of the GNU Lesser General Public
> + * License as published by the Free Software Foundation; either
> + * version 2 of the License, or (at your option) any later version.
> + *
> + * This library is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> + * Lesser General Public License for more details.
> + *
> + * You should have received a copy of the GNU Lesser General Public
> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> + */
> +
> +#include "hw.h"
> +#include "pci.h"
> +#include "dma.h"
> +#include "msix.h"
> +#include "iov.h"
> +#include "scsi.h"
> +#include "scsi-defs.h"
> +#include "block_int.h"
> +
> +#include "mfi.h"
> +
> +/* Static definitions */

Remove above comment.

> +#define MEGASAS_VERSION "1.60"
> +#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
> +#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
> +#define MEGASAS_MAX_SGE 128             /* Firmware limit */
> +#define MEGASAS_DEFAULT_SGE 80
> +#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
> +#define MEGASAS_MAX_ARRAYS 128
> +
> +#define MEGASAS_FLAG_USE_JBOD      0
> +#define MEGASAS_MASK_USE_JBOD      (1 << MEGASAS_FLAG_USE_JBOD)
> +#define MEGASAS_FLAG_USE_MSIX      1
> +#define MEGASAS_MASK_USE_MSIX      (1 << MEGASAS_FLAG_USE_MSIX)
> +#define MEGASAS_FLAG_USE_QUEUE64   2
> +#define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
> +
> +const char *megasas_raid_modes[] = {
> +    "raid", "jbod"
> +};
> +
> +const char *mfi_frame_desc[] = {
> +    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
> +    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};

Can't the above go into mfi.h?

> +
> +struct megasas_cmd_t {
> +    uint32_t index;
> +    uint16_t flags;
> +    uint16_t count;
> +    uint64_t context;
> +
> +    target_phys_addr_t pa;
> +    target_phys_addr_t pa_size;
> +    union mfi_frame *frame;
> +    SCSIRequest *req;
> +    struct iovec iov[MEGASAS_MAX_SGE];
> +    int iov_cnt;
> +    size_t iov_size;
> +    size_t iov_offset;
> +    struct megasas_state_t *state;
> +};
> +
> +typedef struct megasas_state_t {
> +    PCIDevice dev;
> +    MemoryRegion mmio_io;
> +    MemoryRegion port_io;
> +    MemoryRegion queue_io;
> +    uint32_t frame_hi;
> +
> +    int fw_state;
> +    uint32_t fw_sge;
> +    uint32_t fw_cmds;
> +    uint32_t flags;
> +    int fw_luns;
> +    int intr_mask;
> +    int doorbell;
> +    int busy;
> +    char *raid_mode_str;

make it const char * and you will not need
casts from const char * to char * which are just wrong.

> +
> +    struct megasas_cmd_t *event_cmd;
> +    int event_locale;
> +    int event_class;
> +    int event_count;
> +    int shutdown_event;
> +    int boot_event;
> +
> +    uint64_t reply_queue_pa;
> +    void *reply_queue;
> +    int reply_queue_len;
> +    int reply_queue_head;
> +    int reply_queue_tail;
> +    uint64_t consumer_pa;
> +    uint64_t producer_pa;
> +
> +    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
> +
> +    SCSIBus bus;
> +} MPTState;

Prefix with megasas or mfi, consistently.

> +
> +#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
> +
> +static bool megasas_intr_enabled(MPTState *s)
> +{
> +    if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
> +        MEGASAS_INTR_DISABLED_MASK) {
> +        return true;
> +    }
> +    return false;
> +}
> +
> +static bool megasas_use_queue64(MPTState *s)
> +{
> +    return s->flags & MEGASAS_MASK_USE_QUEUE64;
> +}
> +
> +static bool megasas_use_msix(MPTState *s)
> +{
> +    return s->flags & MEGASAS_MASK_USE_MSIX;
> +}
> +
> +static bool megasas_is_jbod(MPTState *s)
> +{
> +    return s->flags & MEGASAS_MASK_USE_JBOD;
> +}
> +
> +static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
> +{
> +    stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
> +}
> +
> +static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
> +{
> +    stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
> +}
> +
> +/*
> + * Context is considered opaque, but the HBA firmware is running
> + * in little endian mode. So convert it to little endian, too.
> + */
> +static uint64_t megasas_frame_get_context(unsigned long frame)
> +{
> +    return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
> +}
> +
> +static bool megasas_frame_is_ieee_sgl(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_IEEE_SGL;
> +}
> +
> +static bool megasas_frame_is_sgl64(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_SGL64;
> +}
> +
> +static bool megasas_frame_is_write(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_DIR_WRITE;
> +}
> +
> +static bool megasas_frame_is_sense64(struct megasas_cmd_t *cmd)
> +{
> +    return cmd->flags & MFI_FRAME_SENSE64;
> +}
> +
> +static uint64_t megasas_sgl_get_addr(struct megasas_cmd_t *cmd,
> +                                     union mfi_sgl *sgl)
> +{
> +    uint64_t addr;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        addr = le64_to_cpu(sgl->sg_skinny->addr);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        addr = le64_to_cpu(sgl->sg64->addr);
> +    } else {
> +        addr = le32_to_cpu(sgl->sg32->addr);
> +    }
> +    return addr;
> +}
> +
> +static uint32_t megasas_sgl_get_len(struct megasas_cmd_t *cmd,
> +                                    union mfi_sgl *sgl)
> +{
> +    uint32_t len;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        len = le32_to_cpu(sgl->sg_skinny->len);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        len = le32_to_cpu(sgl->sg64->len);
> +    } else {
> +        len = le32_to_cpu(sgl->sg32->len);
> +    }
> +    return len;
> +}
> +
> +static union mfi_sgl *megasas_sgl_next(struct megasas_cmd_t *cmd,
> +                                       union mfi_sgl *sgl)
> +{
> +    uint8_t *next = (uint8_t *)sgl;
> +
> +    if (megasas_frame_is_ieee_sgl(cmd)) {
> +        next += sizeof(struct mfi_sg_skinny);
> +    } else if (megasas_frame_is_sgl64(cmd)) {
> +        next += sizeof(struct mfi_sg64);
> +    } else {
> +        next += sizeof(struct mfi_sg32);
> +    }
> +
> +    if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
> +        return NULL;
> +    }
> +    return (union mfi_sgl *)next;
> +}
> +
> +static void megasas_soft_reset(MPTState *s);
> +
> +static int megasas_map_sgl(struct megasas_cmd_t *cmd, union mfi_sgl *sgl)
> +{
> +    int i;
> +    int is_write;
> +    int iov_count = 0;
> +    size_t iov_size = 0;
> +
> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
> +    cmd->iov_cnt = iov_count = cmd->frame->header.sge_count;
> +    if (cmd->iov_cnt > MEGASAS_MAX_SGE) {
> +        cmd->iov_cnt = 0;
> +        return iov_count;
> +    }
> +    is_write = megasas_frame_is_write(cmd);
> +    for (i = 0; i < cmd->iov_cnt; i++) {
> +        target_phys_addr_t iov_pa, iov_size_p;
> +
> +        if (!sgl) {
> +            goto unmap;
> +        }
> +        iov_pa = megasas_sgl_get_addr(cmd, sgl);
> +        cmd->iov[i].iov_len = iov_size_p = megasas_sgl_get_len(cmd, sgl);
> +        if (!iov_pa || !iov_size_p) {
> +            goto unmap;
> +        }
> +        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa, &iov_size_p,
> +                                                       is_write);
> +        if (!iov_size_p || iov_size_p != cmd->iov[i].iov_len) {
> +            if (cmd->iov[i].iov_base) {
> +                cpu_physical_memory_unmap(cmd->iov[i].iov_base,
> +                                          iov_size_p, 0, 0);
> +            }
> +            goto unmap;
> +        }
> +        sgl = megasas_sgl_next(cmd, sgl);
> +        iov_size += cmd->iov[i].iov_len;
> +        iov_count--;
> +    }
> +    cmd->iov[i].iov_base = NULL;
> +    cmd->iov[i].iov_len = 0;
> +    cmd->iov_offset = 0;
> +    return 0;
> +unmap:
> +    while (i > 0) {
> +        cpu_physical_memory_unmap(cmd->iov[i-1].iov_base,
> +                                  cmd->iov[i-1].iov_len, 0, 0);
> +        i--;
> +    }
> +    cmd->iov_cnt = 0;
> +    return iov_count;
> +}
> +
> +static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
> +{
> +    int i, is_write = megasas_frame_is_write(cmd);
> +
> +    for (i = 0; i < cmd->iov_cnt; i++) {
> +        cpu_physical_memory_unmap(cmd->iov[i].iov_base, cmd->iov[i].iov_len,
> +                                  is_write, cmd->iov[i].iov_len);
> +    }
> +    cmd->iov_cnt = 0;
> +    cmd->iov_offset = 0;
> +}
> +
> +/*
> + * passthrough sense and io sense are at the same offset
> + */
> +static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t *sense_ptr,
> +    uint8_t sense_len)
> +{
> +    uint32_t pa_hi = 0, pa_lo;
> +    target_phys_addr_t pa;
> +
> +    if (sense_len > cmd->frame->header.sense_len) {
> +        sense_len = cmd->frame->header.sense_len;
> +    }
> +
> +    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
> +    if (megasas_frame_is_sense64(cmd)) {
> +        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
> +    }
> +    pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    cpu_physical_memory_write(pa, sense_ptr, sense_len);
> +    cmd->frame->header.sense_len = sense_len;
> +    return sense_len;
> +}
> +
> +static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense sense)
> +{
> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
> +    uint8_t sense_len = 18;
> +
> +    memset(sense_buf, 0, sense_len);
> +    sense_buf[0] = 0xf0;
> +    sense_buf[2] = sense.key;
> +    sense_buf[7] = 10;
> +    sense_buf[12] = sense.asc;
> +    sense_buf[13] = sense.ascq;
> +    megasas_build_sense(cmd, sense_buf, sense_len);
> +}
> +
> +static void megasas_copy_sense(struct megasas_cmd_t *cmd)
> +{
> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
> +    uint8_t sense_len;
> +
> +    sense_len = scsi_req_get_sense(cmd->req, sense_buf,
> +                                   cmd->frame->header.sense_len);
> +    megasas_build_sense(cmd, sense_buf, sense_len);
> +}
> +
> +/*
> + * Format an INQUIRY CDB
> + */
> +static int megasas_setup_inquiry(uint8_t *cdb, int pg,
> +                                 uint8_t *buf, int len)
> +{
> +    memset(cdb, 0, 6);
> +    cdb[0] = INQUIRY;
> +    if (pg > 0) {
> +        cdb[1] = 0x1;
> +        cdb[2] = pg;
> +    }
> +    cdb[3] = (len >> 8) & 0xff;
> +    cdb[4] = (len & 0xff);
> +    return len;
> +}
> +
> +/*
> + * Encode lba and len into a READ_16/WRITE_16 CDB
> + */
> +static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
> +                               uint32_t len, int is_write)
> +{
> +    memset(cdb, 0x0, 16);
> +    if (is_write) {
> +        cdb[0] = WRITE_16;
> +    } else {
> +        cdb[0] = READ_16;
> +    }
> +    cdb[2] = (lba >> 56) & 0xff;
> +    cdb[3] = (lba >> 48) & 0xff;
> +    cdb[4] = (lba >> 40) & 0xff;
> +    cdb[5] = (lba >> 32) & 0xff;
> +    cdb[6] = (lba >> 24) & 0xff;
> +    cdb[7] = (lba >> 16) & 0xff;
> +    cdb[8] = (lba >> 8) & 0xff;
> +    cdb[9] = (lba) & 0xff;
> +    cdb[10] = (len >> 24) & 0xff;
> +    cdb[11] = (len >> 16) & 0xff;
> +    cdb[12] = (len >> 8) & 0xff;
> +    cdb[13] = (len) & 0xff;
> +}
> +
> +/*
> + * Utility functions
> + */
> +static uint64_t megasas_fw_time(void)
> +{
> +    struct tm curtime;
> +    uint64_t bcd_time;
> +
> +    qemu_get_timedate(&curtime, 0);
> +    bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
> +        ((uint64_t)curtime.tm_min & 0xff)  << 40 |
> +        ((uint64_t)curtime.tm_hour & 0xff) << 32 |
> +        ((uint64_t)curtime.tm_mday & 0xff) << 24 |
> +        ((uint64_t)curtime.tm_mon & 0xff)  << 16 |
> +        ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
> +
> +    return bcd_time;
> +}
> +
> +static uint64_t megasas_gen_sas_addr(uint64_t id)
> +{
> +    uint64_t addr;
> +
> +    addr = 0x5001a4aULL << 36;
> +    addr |= id & 0xfffffffff;
> +
> +    return addr;
> +}
> +
> +/*
> + * Frame handling
> + */
> +static int megasas_next_index(MPTState *s, int index, int limit)
> +{
> +    index++;
> +    if (index == limit) {
> +        index = 0;
> +    }
> +    return index;
> +}
> +
> +static struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
> +    target_phys_addr_t frame)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int num = 0, index;
> +
> +    index = s->reply_queue_head;
> +
> +    while (num < s->fw_cmds) {
> +        if (s->frames[index].pa && s->frames[index].pa == frame) {
> +            cmd = &s->frames[index];
> +            break;
> +        }
> +        index = megasas_next_index(s, index, s->fw_cmds);
> +        num++;
> +    }
> +
> +    return cmd;
> +}
> +
> +static struct megasas_cmd_t *megasas_next_frame(MPTState *s,
> +    target_phys_addr_t frame)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int num = 0, index;
> +
> +    cmd = megasas_lookup_frame(s, frame);
> +    if (cmd) {
> +        return cmd;
> +    }
> +    index = s->reply_queue_head;
> +    num = 0;
> +    while (num < s->fw_cmds) {
> +        if (!s->frames[index].pa) {
> +            cmd = &s->frames[index];
> +            break;
> +        }
> +        index = megasas_next_index(s, index, s->fw_cmds);
> +        num++;
> +    }
> +    return cmd;
> +}
> +
> +static struct megasas_cmd_t *megasas_enqueue_frame(MPTState *s,
> +    target_phys_addr_t frame, uint64_t context, int count)
> +{
> +    struct megasas_cmd_t *cmd = NULL;
> +    int frame_size = MFI_FRAME_SIZE * 16;
> +    target_phys_addr_t frame_size_p = frame_size;
> +
> +    cmd = megasas_next_frame(s, frame);
> +    /* All frames busy */
> +    if (!cmd) {
> +        return NULL;
> +    }
> +    if (!cmd->pa) {
> +        cmd->pa = frame;
> +        /* Map all possible frames */
> +        cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
> +        if (frame_size_p != frame_size) {
> +            if (cmd->frame) {
> +                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
> +                cmd->frame = NULL;
> +                cmd->pa = 0;
> +            }
> +            s->event_count++;
> +            return NULL;
> +        }
> +        cmd->pa_size = frame_size_p;
> +        cmd->context = context;
> +        if (!megasas_use_queue64(s)) {
> +            cmd->context &= (uint64_t)0xFFFFFFFF;
> +        }
> +    }
> +    cmd->count = count;
> +    s->busy++;
> +
> +    return cmd;
> +}
> +
> +static void megasas_complete_frame(MPTState *s, uint64_t context)
> +{
> +    int tail, queue_offset;
> +
> +    /* Decrement busy count */
> +    s->busy--;
> +
> +    if (s->reply_queue_pa) {
> +        /*
> +         * Put command on the reply queue.
> +         * Context is opaque, but emulation is running in
> +         * little endian. So convert it.
> +         */
> +        tail = s->reply_queue_head;
> +        if (megasas_use_queue64(s)) {
> +            queue_offset = tail * sizeof(uint64_t);
> +            stq_le_phys(s->reply_queue_pa + queue_offset, context);
> +        } else {
> +            queue_offset = tail * sizeof(uint32_t);
> +            stl_le_phys(s->reply_queue_pa + queue_offset, context);
> +        }
> +
> +        s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
> +    }
> +
> +    if (megasas_intr_enabled(s)) {
> +        /* Notify HBA */
> +        s->doorbell++;
> +        if (s->doorbell == 1) {
> +            if (msix_enabled(&s->dev)) {
> +                msix_notify(&s->dev, 0);
> +            } else {
> +                qemu_irq_raise(s->dev.irq[0]);
> +            }
> +        }
> +    }
> +}
> +
> +static void megasas_reset_frames(MPTState *s)
> +{
> +    int i;
> +    struct megasas_cmd_t *cmd;
> +
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        cmd = &s->frames[i];
> +        if (cmd->pa) {
> +            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
> +            cmd->frame = NULL;
> +            cmd->pa = 0;
> +        }
> +    }
> +}
> +
> +static void megasas_abort_command(struct megasas_cmd_t *cmd)
> +{
> +    if (cmd->req) {
> +        scsi_req_abort(cmd->req, ABORTED_COMMAND);
> +        cmd->req = NULL;
> +    }
> +}
> +
> +static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint32_t pa_hi, pa_lo;
> +    target_phys_addr_t iq_pa, initq_size;
> +    struct mfi_init_qinfo *initq;
> +    uint32_t flags;
> +    int ret = MFI_STAT_OK;
> +
> +    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
> +    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
> +    iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
> +    initq_size = sizeof(*initq);
> +    initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
> +    if (!initq || initq_size != sizeof(*initq)) {
> +        s->event_count++;
> +        ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
> +        goto out;
> +    }
> +    s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
> +    if (s->reply_queue_len > s->fw_cmds) {
> +        s->event_count++;
> +        ret = MFI_STAT_INVALID_PARAMETER;
> +        goto out;
> +    }
> +    pa_lo = le32_to_cpu(initq->rq_addr_lo);
> +    pa_hi = le32_to_cpu(initq->rq_addr_hi);
> +    s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    pa_lo = le32_to_cpu(initq->ci_addr_lo);
> +    pa_hi = le32_to_cpu(initq->ci_addr_hi);
> +    s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    pa_lo = le32_to_cpu(initq->pi_addr_lo);
> +    pa_hi = le32_to_cpu(initq->pi_addr_hi);
> +    s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
> +    s->reply_queue_head = ldl_le_phys(s->producer_pa);
> +    s->reply_queue_tail = ldl_le_phys(s->consumer_pa);
> +    flags = le32_to_cpu(initq->flags);
> +    if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
> +        s->flags |= MEGASAS_MASK_USE_QUEUE64;
> +    }
> +    megasas_reset_frames(s);
> +    s->fw_state = MFI_FWSTATE_OPERATIONAL;
> +out:
> +    if (initq) {
> +        cpu_physical_memory_unmap(initq, initq_size, 0, 0);
> +    }
> +    return ret;
> +}
> +
> +static int megasas_map_dcmd(struct megasas_cmd_t *cmd)
> +{
> +    target_phys_addr_t iov_pa, iov_size;
> +
> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
> +    if (!cmd->frame->header.sge_count) {
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return 0;
> +    } else if (cmd->frame->header.sge_count > 1) {
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return -1;
> +    }
> +    iov_pa = megasas_sgl_get_addr(cmd, &cmd->frame->dcmd.sgl);
> +    iov_size = megasas_sgl_get_len(cmd, &cmd->frame->dcmd.sgl);
> +    cmd->iov[0].iov_len = iov_size;
> +    cmd->iov[0].iov_base = cpu_physical_memory_map(iov_pa, &iov_size, 1);
> +    if (cmd->iov[0].iov_len != iov_size) {
> +        if (cmd->iov[0].iov_base) {
> +            cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size, 1, 0);
> +        }
> +        cmd->iov_size = 0;
> +        cmd->iov_cnt = 0;
> +        return -1;
> +    }
> +    cmd->iov_cnt = 1;
> +    cmd->iov_size = iov_size;
> +    return cmd->iov_size;
> +}
> +
> +static void megasas_finish_dcmd(struct megasas_cmd_t *cmd)
> +{
> +    uint32_t iov_size = cmd->iov[0].iov_len;
> +
> +    if (!cmd->iov_cnt) {
> +        return;
> +    }
> +
> +    cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size,
> +                              1, cmd->iov_size);
> +
> +    cmd->iov_cnt = 0;
> +    if (iov_size > cmd->iov_size) {
> +        if (megasas_frame_is_ieee_sgl(cmd)) {
> +            cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
> +        } else if (megasas_frame_is_sgl64(cmd)) {
> +            cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
> +        } else {
> +            cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
> +        }
> +    }
> +    cmd->iov_size = 0;
> +    return;
> +}
> +
> +static int megasas_ctrl_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ctrl_info *info = cmd->iov[0].iov_base;
> +    DeviceState *qdev;
> +    int num_ld_disks = 0;
> +
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        num_ld_disks++;
> +    }
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    info->pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
> +    info->pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
> +    info->pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
> +    info->pci.subdevice = cpu_to_le16(0x1013);
> +
> +    info->host.type = MFI_INFO_HOST_PCIX;
> +    info->device.type = MFI_INFO_DEV_SAS3G;
> +    info->device.port_count = 2;
> +    info->device.port_addr[0] = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
> +
> +    memcpy(info->product_name, "MegaRAID SAS 8708EM2", 20);
> +    snprintf(info->serial_number, 32, "QEMU%08lx",
> +             (unsigned long)s & 0xFFFFFFFF);
> +    snprintf(info->package_version, 0x60, "%s-QEMU", QEMU_VERSION);
> +    memcpy(info->image_component[0].name, "APP", 8);
> +    memcpy(info->image_component[0].version, MEGASAS_VERSION "-QEMU", 32);
> +    memcpy(info->image_component[0].build_date, __DATE__, 16);
> +    memcpy(info->image_component[0].build_time, __TIME__, 16);
> +    info->image_component_count = 1;
> +    info->current_fw_time = cpu_to_le32(megasas_fw_time());
> +    info->max_arms = 32;
> +    info->max_spans = 8;
> +    info->max_arrays = MEGASAS_MAX_ARRAYS;
> +    info->max_lds = s->fw_luns;
> +    info->max_cmds = cpu_to_le16(s->fw_cmds);
> +    info->max_sg_elements = cpu_to_le16(s->fw_sge);
> +    info->max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
> +    info->lds_present = cpu_to_le16(num_ld_disks);
> +    info->pd_present = cpu_to_le16(num_ld_disks + 1);
> +    info->pd_disks_present = cpu_to_le16(num_ld_disks);
> +    info->hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
> +                                   MFI_INFO_HW_MEM |
> +                                   MFI_INFO_HW_FLASH);
> +    info->memory_size = cpu_to_le16(512);
> +    info->nvram_size = cpu_to_le16(32);
> +    info->flash_size = cpu_to_le16(16);
> +    info->raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
> +    info->adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
> +                                    MFI_INFO_AOPS_SELF_DIAGNOSTIC |
> +                                    MFI_INFO_AOPS_MIXED_ARRAY);
> +    info->ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
> +                               MFI_INFO_LDOPS_ACCESS_POLICY |
> +                               MFI_INFO_LDOPS_IO_POLICY |
> +                               MFI_INFO_LDOPS_WRITE_POLICY |
> +                               MFI_INFO_LDOPS_READ_POLICY);
> +    info->max_strips_per_io = cpu_to_le16(s->fw_sge);
> +    info->stripe_sz_ops.min = 3;
> +    info->stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
> +    info->properties.pred_fail_poll_interval = cpu_to_le16(300);
> +    info->properties.intr_throttle_cnt = cpu_to_le16(16);
> +    info->properties.intr_throttle_timeout = cpu_to_le16(50);
> +    info->properties.rebuild_rate = 30;
> +    info->properties.patrol_read_rate = 30;
> +    info->properties.bgi_rate = 30;
> +    info->properties.cc_rate = 30;
> +    info->properties.recon_rate = 30;
> +    info->properties.cache_flush_interval = 4;
> +    info->properties.spinup_drv_cnt = 2;
> +    info->properties.spinup_delay = 6;
> +    info->properties.ecc_bucket_size = 15;
> +    info->properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
> +    info->properties.expose_encl_devices = 1;
> +    info->properties.OnOffProperties.enableJBOD = 1;
> +    info->pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
> +                               MFI_INFO_PDOPS_FORCE_OFFLINE);
> +    info->pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
> +                                       MFI_INFO_PDMIX_SATA |
> +                                       MFI_INFO_PDMIX_LD);
> +    cmd->iov_size = sizeof(struct mfi_ctrl_info);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_mfc_get_defaults(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_defaults *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_defaults)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    info->sas_addr = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
> +    info->stripe_size = 3;
> +    info->flush_time = 4;
> +    info->background_rate = 30;
> +    info->allow_mix_in_enclosure = 1;
> +    info->allow_mix_in_ld = 1;
> +    info->direct_pd_mapping = 1;
> +    /* Enable for BIOS support */
> +    info->bios_enumerate_lds = 1;
> +    info->disable_ctrl_r = 1;
> +    info->expose_enclosure_devices = 1;
> +    info->disable_preboot_cli = 1;
> +    info->cluster_disable = 1;
> +
> +    cmd->iov_size = sizeof(struct mfi_defaults);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_get_bios_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_bios_data *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_bios_data)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    info->continue_on_error = 1;
> +    info->verbose = 1;
> +    if (megasas_is_jbod(s)) {
> +        info->expose_all_drives = 1;
> +    }
> +
> +    cmd->iov_size = sizeof(struct mfi_bios_data);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_get_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t fw_time;
> +
> +    fw_time = cpu_to_le64(megasas_fw_time());
> +
> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
> +    cmd->iov_size = sizeof(fw_time);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_set_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t fw_time;
> +
> +    /* This is a dummy; setting of firmware time is not allowed */
> +    memset(cmd->iov[0].iov_base, 0x0, cmd->iov_size);
> +    memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
> +
> +    fw_time = cpu_to_le64(megasas_fw_time());
> +    memcpy(cmd->iov[0].iov_base, &fw_time, sizeof(fw_time));
> +    cmd->iov_size = sizeof(fw_time);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_event_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_evt_log_state *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0, cmd->iov_size);
> +
> +    info->newest_seq_num = cpu_to_le32(s->event_count);
> +    info->shutdown_seq_num = cpu_to_le32(s->shutdown_event);
> +    info->boot_seq_num = cpu_to_le32(s->boot_event);
> +
> +    cmd->iov_size = sizeof(struct mfi_evt_log_state);
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_event_wait(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    union mfi_evt event;
> +
> +    if (cmd->iov_size < sizeof(struct mfi_evt_detail)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
> +    event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
> +    s->event_locale = event.members.locale;
> +    s->event_class = event.members.class;
> +    s->event_cmd = cmd;
> +    /* Decrease busy count; event frame doesn't count here */
> +    s->busy--;
> +    cmd->iov_size = sizeof(struct mfi_evt_detail);
> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_dcmd_pd_get_list(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_list *info = cmd->iov[0].iov_base;
> +    DeviceState *qdev;
> +    uint32_t offset, num_pd_disks = 0, max_luns;
> +    uint16_t dev_id;
> +
> +    memset(info, 0, cmd->iov_size);
> +    offset = 8;
> +    if (cmd->iov_size < (offset + sizeof(struct mfi_pd_address))) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    max_luns = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
> +    if (max_luns > s->fw_luns) {
> +        max_luns = s->fw_luns;
> +    }
> +
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
> +
> +        dev_id = sdev->id;
> +        info->addr[num_pd_disks].device_id = cpu_to_le16(dev_id);
> +        info->addr[num_pd_disks].encl_device_id = cpu_to_le16(dev_id);
> +        info->addr[num_pd_disks].sas_addr[0] =
> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
> +        num_pd_disks++;
> +        offset += sizeof(struct mfi_pd_address);
> +    }
> +
> +    info->size = cpu_to_le32(offset);
> +    info->count = cpu_to_le32(num_pd_disks);
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_pd_list_query(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint16_t flags;
> +
> +    /* mbox0 contains flags */
> +    flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +
> +    if (flags == MR_PD_QUERY_TYPE_ALL || megasas_is_jbod(s)) {
> +        return megasas_dcmd_pd_get_list(s, cmd);
> +    }
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
> +                                      struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
> +    uint8_t cmdbuf[6];
> +    SCSIRequest *req;
> +    size_t len;
> +
> +    if (info->inquiry_data[4] == 0) {
> +        /* Additional length is zero, resubmit */
> +        megasas_setup_inquiry(cmdbuf, 0, info->inquiry_data,
> +                              sizeof(info->inquiry_data));
> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    } else if (info->vpd_page83[3] == 0) {
> +        /* Additional length is zero, resubmit */
> +        megasas_setup_inquiry(cmdbuf, 0x83, (uint8_t *)info->vpd_page83,
> +                              sizeof(info->vpd_page83));
> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    }
> +
> +    /* Finished, set FW state */
> +    if (megasas_is_jbod(cmd->state)) {
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
> +    } else {
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
> +    }
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_pd_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
> +    uint64_t pd_size;
> +    uint16_t pd_id;
> +    SCSIDevice *sdev = NULL;
> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_pd_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    /* mbox0 has the ID */
> +    pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +    sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
> +
> +    if (sdev) {
> +        BlockConf *conf = &sdev->conf;
> +
> +        info->ref.v.device_id = pd_id;
> +        info->state.ddf.v.pd_type.in_vd = 1;
> +        info->state.ddf.v.pd_type.intf = 0x2;
> +        bdrv_get_geometry(conf->bs, &pd_size);
> +        info->raw_size = cpu_to_le64(pd_size);
> +        info->non_coerced_size = cpu_to_le64(pd_size);
> +        info->coerced_size = cpu_to_le64(pd_size);
> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
> +        info->path_info.count = 1;
> +        info->path_info.sas_addr[0] =
> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
> +        /* Submit inquiry */
> +        retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
> +    }
> +
> +    return retval;
> +}
> +
> +static int megasas_dcmd_ld_get_list(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_list *info = cmd->iov[0].iov_base;
> +    uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
> +    uint64_t ld_size;
> +    int offset;
> +    DeviceState *qdev;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ld_list)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    if (megasas_is_jbod(s)) {
> +        max_ld_disks = 0;
> +    }
> +    QTAILQ_FOREACH(qdev, &s->bus.qbus.children, sibling) {
> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
> +        BlockConf *conf = &sdev->conf;
> +
> +        if (num_ld_disks >= max_ld_disks)
> +            break;
> +        bdrv_get_geometry(conf->bs, &ld_size);
> +        ld_size *= 512;
> +        info->ld_list[num_ld_disks].ld.v.target_id = sdev->id;
> +        info->ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
> +        info->ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
> +        num_ld_disks++;
> +        offset += 18;
> +    }
> +    info->ld_count = cpu_to_le32(num_ld_disks);
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
> +                                      struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
> +    uint8_t cdb[6];
> +    SCSIRequest *req;
> +    ssize_t len;
> +
> +    if (info->vpd_page83[3] == 0) {
> +        megasas_setup_inquiry(cdb, 0x83, (uint8_t *)info->vpd_page83,
> +                              sizeof(info->vpd_page83));
> +        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
> +        if (!req) {
> +            return MFI_STAT_FLASH_ALLOC_FAIL;
> +        }
> +        len = scsi_req_enqueue(req);
> +        if (len > 0) {
> +            cmd->iov_size = len;
> +            scsi_req_continue(req);
> +        }
> +        return MFI_STAT_INVALID_STATUS;
> +    }
> +    info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_ld_get_info(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
> +    uint64_t ld_size;
> +    uint16_t ld_id;
> +    uint32_t max_ld_disks = s->fw_luns;
> +    SCSIDevice *sdev = NULL;
> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
> +
> +    memset(info, 0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ld_info)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +
> +    /* mbox0 has the ID */
> +    ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
> +
> +    if (megasas_is_jbod(s)) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (ld_id < max_ld_disks) {
> +        sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
> +    }
> +
> +    if (sdev) {
> +        BlockConf *conf = &sdev->conf;
> +
> +        info->ld_config.properties.ld.v.target_id = ld_id;
> +        info->ld_config.params.stripe_size = 3;
> +        info->ld_config.params.num_drives = 1;
> +        info->ld_config.params.state = MFI_LD_STATE_OFFLINE;
> +        info->ld_config.params.is_consistent = 1;
> +        bdrv_get_geometry(conf->bs, &ld_size);
> +        ld_size *= 512;
> +        info->size = cpu_to_le64(ld_size);
> +        retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
> +    }
> +
> +    return retval;
> +}
> +
> +static int megasas_dcmd_get_properties(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    struct mfi_ctrl_props *info = cmd->iov[0].iov_base;
> +
> +    memset(info, 0x0, cmd->iov_size);
> +    if (cmd->iov_size < sizeof(struct mfi_ctrl_props)) {
> +        return MFI_STAT_INVALID_PARAMETER;
> +    }
> +    info->pred_fail_poll_interval = cpu_to_le16(300);
> +    info->intr_throttle_cnt = cpu_to_le16(16);
> +    info->intr_throttle_timeout = cpu_to_le16(50);
> +    info->rebuild_rate = 30;
> +    info->patrol_read_rate = 30;
> +    info->bgi_rate = 30;
> +    info->cc_rate = 30;
> +    info->recon_rate = 30;
> +    info->cache_flush_interval = 4;
> +    info->spinup_drv_cnt = 2;
> +    info->spinup_delay = 6;
> +    info->ecc_bucket_size = 15;
> +    info->ecc_bucket_leak_rate = cpu_to_le16(1440);
> +    info->expose_encl_devices = 1;
> +
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_cache_flush(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    qemu_aio_flush();
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_ctrl_shutdown(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    s->fw_state = MFI_FWSTATE_READY;
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_cluster_reset_ld(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    return MFI_STAT_INVALID_DCMD;
> +}
> +
> +static int megasas_dcmd_set_properties(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    return MFI_STAT_OK;
> +}
> +
> +static int megasas_dcmd_dummy(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    if (cmd->iov_size) {
> +        memset(cmd->iov[0].iov_base, 0, cmd->iov_size);
> +    }
> +    return MFI_STAT_OK;
> +}
> +
> +static const struct dcmd_cmd_tbl_t {
> +    int opcode;
> +    int (*func)(MPTState *s, struct megasas_cmd_t *cmd);
> +} dcmd_cmd_tbl[] = {
> +    { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_GET_INFO, megasas_ctrl_get_info },
> +    { MFI_DCMD_CTRL_GET_PROPERTIES, megasas_dcmd_get_properties },
> +    { MFI_DCMD_CTRL_SET_PROPERTIES, megasas_dcmd_set_properties },
> +    { MFI_DCMD_CTRL_ALARM_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_ENABLE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_DISABLE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_SILENCE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_ALARM_TEST, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_EVENT_GETINFO, megasas_event_info },
> +    { MFI_DCMD_CTRL_EVENT_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_EVENT_WAIT, megasas_event_wait },
> +    { MFI_DCMD_CTRL_SHUTDOWN, megasas_ctrl_shutdown },
> +    { MFI_DCMD_HIBERNATE_STANDBY, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_GET_TIME, megasas_dcmd_get_fw_time },
> +    { MFI_DCMD_CTRL_SET_TIME, megasas_dcmd_set_fw_time },
> +    { MFI_DCMD_CTRL_BIOS_DATA_GET, megasas_dcmd_get_bios_info },
> +    { MFI_DCMD_CTRL_FACTORY_DEFAULTS, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, megasas_mfc_get_defaults },
> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CTRL_CACHE_FLUSH, megasas_cache_flush },
> +    { MFI_DCMD_PD_GET_LIST, megasas_dcmd_pd_get_list },
> +    { MFI_DCMD_PD_LIST_QUERY, megasas_dcmd_pd_list_query },
> +    { MFI_DCMD_PD_GET_INFO, megasas_dcmd_pd_get_info },
> +    { MFI_DCMD_PD_STATE_SET, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_REBUILD, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_BLINK, megasas_dcmd_dummy },
> +    { MFI_DCMD_PD_UNBLINK, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_GET_LIST, megasas_dcmd_ld_get_list},
> +    { MFI_DCMD_LD_GET_INFO, megasas_dcmd_ld_get_info },
> +    { MFI_DCMD_LD_GET_PROP, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_SET_PROP, megasas_dcmd_dummy },
> +    { MFI_DCMD_LD_DELETE, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_READ, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_ADD, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_CLEAR, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_FOREIGN_READ, megasas_dcmd_dummy },
> +    { MFI_DCMD_CFG_FOREIGN_IMPORT, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_STATUS, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_CAPACITY_INFO, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_DESIGN_INFO, megasas_dcmd_dummy },
> +    { MFI_DCMD_BBU_PROP_GET, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER_RESET_ALL, megasas_dcmd_dummy },
> +    { MFI_DCMD_CLUSTER_RESET_LD, megasas_cluster_reset_ld },
> +    { -1, NULL }
> +};
> +
> +static int megasas_handle_dcmd(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    int opcode, len;
> +    int retval = 0;
> +    const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
> +
> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
> +    len = megasas_map_dcmd(cmd);
> +    if (len < 0) {
> +        return MFI_STAT_MEMORY_NOT_AVAILABLE;
> +    }
> +    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
> +        cmdptr++;
> +    }
> +    if (cmdptr->opcode == -1) {
> +        retval = megasas_dcmd_dummy(s, cmd);
> +    } else {
> +        retval = cmdptr->func(s, cmd);
> +    }
> +    if (retval != MFI_STAT_INVALID_STATUS) {
> +        megasas_finish_dcmd(cmd);
> +    }
> +    return retval;
> +}
> +
> +static int megasas_finish_internal_dcmd(struct megasas_cmd_t *cmd,
> +                                        SCSIRequest *req)
> +{
> +    int opcode;
> +    int retval = MFI_STAT_OK;
> +    int lun = req->lun;
> +
> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
> +    scsi_req_unref(req);
> +    switch (opcode) {
> +    case MFI_DCMD_PD_GET_INFO:
> +        retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
> +        break;
> +    case MFI_DCMD_LD_GET_INFO:
> +        retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
> +        break;
> +    default:
> +        retval = MFI_STAT_INVALID_DCMD;
> +        break;
> +    }
> +    if (retval != MFI_STAT_INVALID_STATUS) {
> +        megasas_finish_dcmd(cmd);
> +    }
> +    return retval;
> +}
> +
> +static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd,
> +                               int is_logical)
> +{
> +    uint8_t *cdb;
> +    int len;
> +    struct SCSIDevice *sdev = NULL;
> +
> +    cdb = cmd->frame->pass.cdb;
> +
> +    if (cmd->frame->header.target_id < s->fw_luns) {
> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
> +                                cmd->frame->header.lun_id);
> +    }
> +    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
> +
> +    if (!sdev || (megasas_is_jbod(s) && is_logical)) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (cmd->frame->header.cdb_len > 16) {
> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    if (megasas_map_sgl(cmd, &cmd->frame->pass.sgl)) {
> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    cmd->req = scsi_req_new(sdev, cmd->index,
> +                            cmd->frame->header.lun_id, cdb, cmd);
> +    if (!cmd->req) {
> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
> +        cmd->frame->header.scsi_status = BUSY;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    len = scsi_req_enqueue(cmd->req);
> +    if (len > 0) {
> +        if (len < cmd->iov_size) {
> +            cmd->iov_size = len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    } else if (len < 0) {
> +        if (-len < cmd->iov_size) {
> +            cmd->iov_size = -len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    }

Shorter:

if (len < 0) {
    len = -len;
}

if (len) {
    cmd->iov_size = MIN(len, cmd->iov_size);
    scsi_req_continue(cmd->req);
}


> +            cmd->iov_size = -len;
> +        }

> +    return MFI_STAT_INVALID_STATUS;
> +}
> +
> +static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint32_t lba_count, lba_start_hi, lba_start_lo;
> +    uint64_t lba_start;
> +    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
> +    uint8_t cdb[16];
> +    int len;
> +    struct SCSIDevice *sdev = NULL;
> +
> +    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
> +    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
> +    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
> +    lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
> +
> +    if (cmd->frame->header.target_id < s->fw_luns) {
> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
> +                                cmd->frame->header.lun_id);
> +    }
> +
> +    if (!sdev) {
> +        return MFI_STAT_DEVICE_NOT_FOUND;
> +    }
> +
> +    if (cmd->frame->header.cdb_len > 16) {
> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    cmd->iov_size = lba_count * sdev->blocksize;
> +    if (megasas_map_sgl(cmd, &cmd->frame->io.sgl)) {
> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    megasas_encode_lba(cdb, lba_start, lba_count, write);
> +    cmd->req = scsi_req_new(sdev, cmd->index,
> +                            cmd->frame->header.lun_id, cdb, cmd);
> +    if (!cmd->req) {
> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
> +        cmd->frame->header.scsi_status = BUSY;
> +        s->event_count++;
> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
> +    }
> +
> +    len = scsi_req_enqueue(cmd->req);
> +    if (len > 0) {
> +        if (len < cmd->iov_size) {
> +            cmd->iov_size = len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    } else if (len < 0) {
> +        if (-len < cmd->iov_size) {
> +            cmd->iov_size = -len;
> +        }
> +        scsi_req_continue(cmd->req);
> +    }
> +    return MFI_STAT_INVALID_STATUS;

code duplicated from above. make it a function?

> +}
> +
> +static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
> +                                           SCSIRequest *req)
> +{
> +    int retval = MFI_STAT_INVALID_CMD;
> +
> +    if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
> +            retval = megasas_finish_internal_dcmd(cmd, req);
> +    }
> +    return retval;
> +}
> +
> +static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +    uint8_t *buf;
> +
> +    if (len) {
> +        int is_write = megasas_frame_is_write(cmd);
> +        size_t bytes;
> +
> +        buf = scsi_req_get_buf(req);
> +        if (is_write) {
> +            bytes = iov_to_buf(cmd->iov, cmd->iov_cnt, buf,
> +                               cmd->iov_offset, len);
> +            if (bytes != len) {
> +                len = bytes;
> +            }

as len is unused below this is dead code?

> +            cmd->iov_offset += bytes;
> +        } else {
> +            bytes = iov_from_buf(cmd->iov, cmd->iov_cnt, buf,
> +                                 cmd->iov_offset, len);
> +            if (bytes != len) {
> +                len = bytes;
> +            }

as len is unused below this is dead code?

> +            cmd->iov_offset += bytes;
> +        }
> +    }

so do we discard 0 length or continue?
previous functions discard this one continues.
Intentional?

> +    scsi_req_continue(req);
> +}
> +
> +static void megasas_command_complete(SCSIRequest *req, uint32_t status)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +    uint8_t cmd_status = MFI_STAT_OK;
> +
> +    if (cmd->req != req) {
> +        /*
> +         * Internal command complete
> +         */
> +        cmd_status = megasas_finish_internal_command(cmd, req);
> +        if (cmd_status == MFI_STAT_INVALID_STATUS) {
> +            return;
> +        }
> +    } else {
> +        req->status = status;
> +        if (req->status != GOOD) {
> +            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
> +        }
> +        if (req->status == CHECK_CONDITION) {
> +            megasas_copy_sense(cmd);
> +        }
> +
> +        megasas_unmap_sgl(cmd);
> +        cmd->frame->header.scsi_status = req->status;
> +        scsi_req_unref(cmd->req);
> +        cmd->req = NULL;
> +    }
> +    cmd->frame->header.cmd_status = cmd_status;
> +    megasas_complete_frame(cmd->state, cmd->context);
> +}
> +
> +static void megasas_command_cancel(SCSIRequest *req)
> +{
> +    struct megasas_cmd_t *cmd = req->hba_private;
> +
> +    if (cmd) {
> +        megasas_abort_command(cmd);
> +    } else {
> +        scsi_req_unref(req);
> +    }
> +    return;

return here is useless

> +}
> +
> +static int megasas_handle_abort(MPTState *s, struct megasas_cmd_t *cmd)
> +{
> +    uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
> +    target_phys_addr_t abort_addr, addr_hi, addr_lo;
> +    struct megasas_cmd_t *abort_cmd;
> +
> +    addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
> +    addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
> +    abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
> +
> +    abort_cmd = megasas_lookup_frame(s, abort_addr);
> +    if (!abort_cmd) {
> +        s->event_count++;
> +        return MFI_STAT_OK;
> +    }
> +    if (!megasas_use_queue64(s)) {
> +        abort_ctx &= (uint64_t)0xFFFFFFFF;
> +    }
> +    if (abort_cmd->context != abort_ctx) {
> +        s->event_count++;
> +        return MFI_STAT_ABORT_NOT_POSSIBLE;
> +    }
> +    megasas_abort_command(abort_cmd);
> +    if (!s->event_cmd || abort_cmd != s->event_cmd) {
> +        s->event_cmd = NULL;
> +    }
> +    s->event_count++;
> +    return MFI_STAT_OK;
> +}
> +
> +static void megasas_handle_frame(MPTState *s, uint64_t frame_addr,
> +                                 uint32_t frame_count)
> +{
> +    uint8_t frame_status = MFI_STAT_INVALID_CMD;
> +    uint64_t frame_context;
> +    struct megasas_cmd_t *cmd;
> +
> +    /*
> +     * Always read 64bit context, top bits will be
> +     * masked out if required in megasas_enqueue_frame()
> +     */
> +    frame_context = megasas_frame_get_context(frame_addr);
> +
> +    cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
> +    if (!cmd) {
> +        /* reply queue full */
> +        megasas_frame_set_scsi_status(frame_addr, BUSY);
> +        megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
> +        megasas_complete_frame(s, frame_context);
> +        s->event_count++;
> +        return;
> +    }
> +    switch (cmd->frame->header.frame_cmd) {
> +    case MFI_CMD_INIT:
> +        frame_status = megasas_init_firmware(s, cmd);
> +        break;
> +    case MFI_CMD_DCMD:
> +        frame_status = megasas_handle_dcmd(s, cmd);
> +        break;
> +    case MFI_CMD_ABORT:
> +        frame_status = megasas_handle_abort(s, cmd);
> +        break;
> +    case MFI_CMD_PD_SCSI_IO:
> +        frame_status = megasas_handle_scsi(s, cmd, 0);
> +        break;
> +    case MFI_CMD_LD_SCSI_IO:
> +        frame_status = megasas_handle_scsi(s, cmd, 1);
> +        break;
> +    case MFI_CMD_LD_READ:
> +    case MFI_CMD_LD_WRITE:
> +        frame_status = megasas_handle_io(s, cmd);
> +        break;
> +    default:
> +        s->event_count++;
> +        break;
> +    }
> +    if (frame_status != MFI_STAT_INVALID_STATUS) {
> +        if (cmd->frame) {
> +            cmd->frame->header.cmd_status = frame_status;
> +        } else {
> +            megasas_frame_set_cmd_status(frame_addr, frame_status);
> +        }
> +        megasas_complete_frame(s, cmd->context);
> +    }
> +}
> +
> +static uint64_t megasas_mmio_read(void *opaque, target_phys_addr_t addr,
> +                                  unsigned size)
> +{
> +    MPTState *s = opaque;
> +    uint32_t retval = 0;
> +
> +    switch (addr) {
> +    case MFI_IDB:
> +        retval = 0;
> +        break;
> +    case MFI_OMSG0:
> +    case MFI_OSP0:
> +        retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
> +            (s->fw_state & MFI_FWSTATE_MASK) |
> +            ((s->fw_sge & 0xff) << 16) |
> +            (s->fw_cmds & 0xFFFF);
> +        break;
> +    case MFI_OSTS:
> +        if (megasas_intr_enabled(s) && s->doorbell) {
> +            retval = MFI_1078_RM | 1;
> +        }
> +        break;
> +    case MFI_OMSK:
> +        retval = s->intr_mask;
> +        break;
> +    case MFI_ODCR0:
> +        retval = s->doorbell;
> +        break;
> +    default:
> +        break;
> +    }
> +    return retval;
> +}
> +
> +static void megasas_mmio_write(void *opaque, target_phys_addr_t addr,
> +                               uint64_t val, unsigned size)
> +{
> +    MPTState *s = opaque;
> +    uint64_t frame_addr;
> +    uint32_t frame_count;
> +    int i;
> +
> +    switch (addr) {
> +    case MFI_IDB:
> +        if (val & MFI_FWINIT_ABORT) {
> +            /* Abort all pending cmds */
> +            for (i = 0; i < s->fw_cmds; i++) {
> +                megasas_abort_command(&s->frames[i]);
> +            }
> +        }
> +        if (val & MFI_FWINIT_READY) {
> +            /* move to FW READY */
> +            megasas_soft_reset(s);
> +        }
> +        if (val & MFI_FWINIT_MFIMODE) {
> +            /* discard MFIs */
> +        }
> +        break;
> +    case MFI_OMSK:
> +        s->intr_mask = val;
> +        if (!megasas_intr_enabled(s) && !msix_enabled(&s->dev)) {
> +            qemu_irq_lower(s->dev.irq[0]);
> +        }
> +        break;
> +    case MFI_ODCR0:
> +        s->doorbell = 0;
> +        if (s->producer_pa && megasas_intr_enabled(s)) {
> +            /* Update reply queue pointer */
> +            stl_le_phys(s->producer_pa, s->reply_queue_head);
> +            if (!msix_enabled(&s->dev)) {
> +                qemu_irq_lower(s->dev.irq[0]);
> +            }
> +        }
> +        break;
> +    case MFI_IQPH:
> +        /* Received high 32 bits of a 64 bit MFI frame address */
> +        s->frame_hi = val;
> +        break;
> +    case MFI_IQPL:
> +        /* Received low 32 bits of a 64 bit MFI frame address */
> +    case MFI_IQP:
> +        /* Received 32 bit MFI frame address */
> +        frame_addr = (val & ~0x1F);
> +        /* Add possible 64 bit offset */
> +        frame_addr |= ((uint64_t)s->frame_hi << 32);
> +        s->frame_hi = 0;
> +        frame_count = (val >> 1) & 0xF;
> +        megasas_handle_frame(s, frame_addr, frame_count);
> +        break;
> +    default:
> +        break;
> +    }
> +}
> +
> +static const MemoryRegionOps megasas_mmio_ops = {
> +    .read = megasas_mmio_read,
> +    .write = megasas_mmio_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static uint64_t megasas_port_read(void *opaque, target_phys_addr_t addr,
> +                                  unsigned size)
> +{
> +    return megasas_mmio_read(opaque, addr & 0xff, size);
> +}
> +
> +static void megasas_port_write(void *opaque, target_phys_addr_t addr,
> +                               uint64_t val, unsigned size)
> +{
> +    megasas_mmio_write(opaque, addr & 0xff, val, size);
> +}
> +
> +static const MemoryRegionOps megasas_port_ops = {
> +    .read = megasas_port_read,
> +    .write = megasas_port_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static uint64_t megasas_queue_read(void *opaque, target_phys_addr_t addr,
> +                                   unsigned size)
> +{
> +    return 0;
> +}
> +
> +static void megasas_queue_write(void *opaque, target_phys_addr_t addr,
> +                                uint64_t val, unsigned size)
> +{
> +}
> +
> +static const MemoryRegionOps megasas_queue_ops = {
> +    .read = megasas_queue_read,
> +    .write = megasas_queue_write,
> +    .endianness = DEVICE_LITTLE_ENDIAN,
> +    .impl = {
> +        .min_access_size = 4,
> +        .max_access_size = 4,
> +    }
> +};
> +
> +static void megasas_soft_reset(MPTState *s)
> +{
> +    int i;
> +    struct megasas_cmd_t *cmd;
> +
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        cmd = &s->frames[i];
> +        megasas_abort_command(cmd);
> +    }
> +    megasas_reset_frames(s);
> +    s->reply_queue_len = s->fw_cmds;
> +    s->reply_queue_pa = 0;
> +    s->consumer_pa = 0;
> +    s->producer_pa = 0;
> +    s->fw_state = MFI_FWSTATE_READY;
> +    s->doorbell = 0;
> +    s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
> +    s->frame_hi = 0;
> +    s->flags &= ~MEGASAS_MASK_USE_QUEUE64;
> +    s->event_count++;
> +    s->boot_event = s->event_count;
> +}
> +
> +static void megasas_scsi_reset(DeviceState *dev)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev.qdev, dev);
> +
> +    megasas_soft_reset(s);
> +}
> +
> +static const VMStateDescription vmstate_megasas = {
> +    .name = "megasas",
> +    .version_id = 0,
> +    .minimum_version_id = 0,
> +    .minimum_version_id_old = 0,
> +    .fields      = (VMStateField[]) {
> +        VMSTATE_PCI_DEVICE(dev, MPTState),
> +
> +        VMSTATE_INT32(fw_state, MPTState),
> +        VMSTATE_INT32(intr_mask, MPTState),
> +        VMSTATE_INT32(doorbell, MPTState),
> +        VMSTATE_UINT64(reply_queue_pa, MPTState),
> +        VMSTATE_UINT64(consumer_pa, MPTState),
> +        VMSTATE_UINT64(producer_pa, MPTState),
> +        VMSTATE_END_OF_LIST()
> +    }
> +};
> +
> +static int megasas_scsi_uninit(PCIDevice *d)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev, d);

You must also uinit msix.
It is harmless to do this uncoditionally.


> +
> +    memory_region_destroy(&s->mmio_io);
> +    memory_region_destroy(&s->port_io);
> +    memory_region_destroy(&s->queue_io);
> +    return 0;
> +}
> +
> +static const struct SCSIBusInfo megasas_scsi_info = {
> +    .tcq = true,
> +    .max_target = MFI_MAX_LD,
> +    .max_lun = 255,
> +
> +    .transfer_data = megasas_xfer_complete,
> +    .complete = megasas_command_complete,
> +    .cancel = megasas_command_cancel,
> +};
> +
> +static int megasas_scsi_init(PCIDevice *dev)
> +{
> +    MPTState *s = DO_UPCAST(MPTState, dev, dev);
> +    uint8_t *pci_conf;
> +    int i;
> +
> +    pci_conf = s->dev.config;
> +
> +    /* PCI latency timer = 0 */
> +    pci_conf[PCI_LATENCY_TIMER] = 0;
> +    /* Interrupt pin 1 */
> +    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
> +
> +    memory_region_init_io(&s->mmio_io, &megasas_mmio_ops, s,
> +                          "megasas-mmio", 0x4000);
> +    memory_region_init_io(&s->port_io, &megasas_port_ops, s,
> +                          "megasas-io", 256);
> +    memory_region_init_io(&s->queue_io, &megasas_queue_ops, s,
> +                          "megasas-queue", 0x40000);
> +
> +    if (megasas_use_msix(s) &&
> +        msix_init(&s->dev, 15, &s->mmio_io, 0, 0x2000)) {
> +        s->flags &= ~MEGASAS_MASK_USE_MSIX;

You'd want an error message here. maybe even fail init.

> +    }
> +
> +    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
> +    pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
> +    pci_register_bar(&s->dev, 3, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->queue_io);
> +
> +    if (megasas_use_msix(s)) {
> +        msix_vector_use(&s->dev, 0);

You can do this unconditionally.  But I have a question: are you using a
single vector? I note that you request 15 vectors from the OS.
The vector allocator 

> +    }
> +
> +    if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
> +        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
> +    } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
> +        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
> +    } else {
> +        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
> +    }
> +    if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
> +        s->fw_cmds = MEGASAS_MAX_FRAMES;
> +    }
> +    if (s->raid_mode_str) {
> +        if (!strcmp(s->raid_mode_str, "jbod")) {
> +            s->flags |= MEGASAS_MASK_USE_JBOD;
> +        } else {
> +            s->flags &= ~MEGASAS_MASK_USE_JBOD;
> +            s->raid_mode_str = (char *)megasas_raid_modes[0];
> +        }

validate mode value. Anything that is not raid or jbod
should fail.

> +    } else {
> +        s->raid_mode_str = (char *)megasas_raid_modes[0];
> +    }

Don't cast, use consisten styles.

> +    s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
> +        MAX_SCSI_DEVS : MFI_MAX_LD;
> +    s->producer_pa = 0;
> +    s->consumer_pa = 0;
> +    for (i = 0; i < s->fw_cmds; i++) {
> +        s->frames[i].index = i;
> +        s->frames[i].context = -1;
> +        s->frames[i].pa = 0;
> +        s->frames[i].state = s;
> +    }
> +
> +    scsi_bus_new(&s->bus, &dev->qdev, &megasas_scsi_info);
> +    scsi_bus_legacy_handle_cmdline(&s->bus);
> +    return 0;
> +}
> +
> +static Property megasas_properties[] = {
> +    DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
> +                       MEGASAS_DEFAULT_SGE),
> +    DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
> +                       MEGASAS_DEFAULT_FRAMES),
> +    DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
> +    DEFINE_PROP_BIT("use_msix", MPTState, flags,
> +                    MEGASAS_FLAG_USE_MSIX, false),

This is just a workaround for debugging, right?
So either just remove all msix code for now,
if 0 all msix code, or name property x-use_msix

> +    DEFINE_PROP_END_OF_LIST(),
> +};
> +
> +static void megasas_class_init(ObjectClass *oc, void *data)
> +{
> +    DeviceClass *dc = DEVICE_CLASS(oc);
> +    PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
> +
> +    pc->init = megasas_scsi_init;
> +    pc->exit = megasas_scsi_uninit;
> +    pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
> +    pc->device_id = PCI_DEVICE_ID_LSI_SAS1078;
> +    pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
> +    pc->subsystem_id = 0x1013;
> +    pc->class_id = PCI_CLASS_STORAGE_RAID;
> +    dc->props = megasas_properties;
> +    dc->reset = megasas_scsi_reset;
> +    dc->vmsd = &vmstate_megasas;
> +    dc->desc = "LSI MegaRAID SAS 1078";
> +}
> +
> +static TypeInfo megasas_info = {
> +    .name  = "megasas",
> +    .parent = TYPE_PCI_DEVICE,
> +    .instance_size = sizeof(MPTState),
> +    .class_init = megasas_class_init,
> +};
> +
> +static void megaraid1078_register_types(void)
> +{
> +    type_register_static(&megasas_info);
> +}
> +
> +type_init(megaraid1078_register_types);


why not megasas_ ?

> diff --git a/hw/mfi.h b/hw/mfi.h
> new file mode 100644
> index 0000000..4790c7c
> --- /dev/null
> +++ b/hw/mfi.h

Sorry if this was discussed already, where is this
code from? freebsd? it seems to have this:
http://gitorious.org/freebsd/freebsd/blobs/HEAD/sys/dev/mfi/mfireg.h
Want to name the file the same and add a link?
This would be an explanation why we keep the
file in a weird style incompatible with qemu.

Still some things I think are better off fixed.
Noted below.

> @@ -0,0 +1,1281 @@
> +/*-
> + * Copyright (c) 2006 IronPort Systems
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in the
> + *    documentation and/or other materials provided with the distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> + * SUCH DAMAGE.
> + */
> +/*-
> + * Copyright (c) 2007 LSI Corp.
> + * Copyright (c) 2007 Rajesh Prabhakaran.
> + * All rights reserved.
> + *
> + * Redistribution and use in source and binary forms, with or without
> + * modification, are permitted provided that the following conditions
> + * are met:
> + * 1. Redistributions of source code must retain the above copyright
> + *    notice, this list of conditions and the following disclaimer.
> + * 2. Redistributions in binary form must reproduce the above copyright
> + *    notice, this list of conditions and the following disclaimer in the
> + *    documentation and/or other materials provided with the distribution.
> + *
> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
> + * SUCH DAMAGE.
> + */

Why do we need two of these? They appear identical.
Just combine all copyrights.

> +
> +#ifndef _MFI_H
> +#define _MFI_H

Don't start identifiers with a single _ followed
by an upper case letter. MFI_REG_H would be a better name.

> +
> +/*
> + * MegaRAID SAS MFI firmware definitions
> + *
> + * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a completely
> + * new firmware interface from the old AMI MegaRAID one, and there is no
> + * reason why this interface should be limited to just SAS.  In any case, LSI
> + * seems to also call this interface 'MFI', so that will be used here.
> + */

*Which* driver name is misleading?
I'd suggest droping this comment that argues with itself,
and explaining what this header *is*. E.g. is the below right?
/*
  MFI is a common firmware interface used by MegaRAID
  family of controllers by SAS and LSI
 */
> +
> +/*
> + * Start with the register set.
>  All registers are 32 bits wide.
> + * The usual Intel IOP style setup.
> + */
> +#define MFI_IMSG0 0x10    /* Inbound message 0 */
> +#define MFI_IMSG1 0x14    /* Inbound message 1 */
> +#define MFI_OMSG0 0x18    /* Outbound message 0 */
> +#define MFI_OMSG1 0x1c    /* Outbound message 1 */
> +#define MFI_IDB   0x20    /* Inbound doorbell */
> +#define MFI_ISTS  0x24    /* Inbound interrupt status */
> +#define MFI_IMSK  0x28    /* Inbound interrupt mask */
> +#define MFI_ODB   0x2c    /* Outbound doorbell */
> +#define MFI_OSTS  0x30    /* Outbound interrupt status */
> +#define MFI_OMSK  0x34    /* Outbound interrupt mask */
> +#define MFI_IQP   0x40    /* Inbound queue port */
> +#define MFI_OQP   0x44    /* Outbound queue port */
> +
> +/*
> + * 1078 specific related register
> + */
> +#define MFI_ODR0        0x9c            /* outbound doorbell register0 */
> +#define MFI_ODCR0       0xa0            /* outbound doorbell clear register0  */
> +#define MFI_OSP0        0xb0            /* outbound scratch pad0  */
> +#define MFI_IQPL        0xc0            /* Inbound queue port (low bytes)  */
> +#define MFI_IQPH        0xc4            /* Inbound queue port (high bytes)  */
> +#define MFI_DIAG        0xf8            /* Host diag */
> +#define MFI_SEQ         0xfc            /* Sequencer offset */
> +#define MFI_1078_EIM    0x80000004      /* 1078 enable intrrupt mask  */
> +#define MFI_RMI         0x2             /* reply message interrupt  */
> +#define MFI_1078_RM     0x80000000      /* reply 1078 message interrupt  */
> +#define MFI_ODC         0x4             /* outbound doorbell change interrupt */
> +
> +/*
> + * gen2 specific changes
> + */
> +#define MFI_GEN2_EIM    0x00000005      /* gen2 enable interrupt mask */
> +#define MFI_GEN2_RM     0x00000001      /* reply gen2 message interrupt */
> +
> +/*
> + * skinny specific changes
> + */
> +#define MFI_SKINNY_IDB  0x00    /* Inbound doorbell is at 0x00 for skinny */
> +#define MFI_SKINNY_RM   0x00000001      /* reply skinny message interrupt */
> +
> +/* Bits for MFI_OSTS */
> +#define MFI_OSTS_INTR_VALID     0x00000002
> +
> +/*
> + * Firmware state values.  Found in OMSG0 during initialization.
> + */
> +#define MFI_FWSTATE_MASK                0xf0000000
> +#define MFI_FWSTATE_UNDEFINED           0x00000000
> +#define MFI_FWSTATE_BB_INIT             0x10000000
> +#define MFI_FWSTATE_FW_INIT             0x40000000
> +#define MFI_FWSTATE_WAIT_HANDSHAKE      0x60000000
> +#define MFI_FWSTATE_FW_INIT_2           0x70000000
> +#define MFI_FWSTATE_DEVICE_SCAN         0x80000000
> +#define MFI_FWSTATE_BOOT_MSG_PENDING    0x90000000
> +#define MFI_FWSTATE_FLUSH_CACHE         0xa0000000
> +#define MFI_FWSTATE_READY               0xb0000000
> +#define MFI_FWSTATE_OPERATIONAL         0xc0000000
> +#define MFI_FWSTATE_FAULT               0xf0000000
> +#define MFI_FWSTATE_MAXSGL_MASK         0x00ff0000
> +#define MFI_FWSTATE_MAXCMD_MASK         0x0000ffff
> +#define MFI_FWSTATE_MSIX_SUPPORTED      0x04000000
> +#define MFI_FWSTATE_HOSTMEMREQD_MASK    0x08000000
> +
> +/*
> + * Control bits to drive the card to ready state.  These go into the IDB
> + * register.
> + */
> +#define MFI_FWINIT_ABORT        0x00000001 /* Abort all pending commands */
> +#define MFI_FWINIT_READY        0x00000002 /* Move from operational to ready */
> +#define MFI_FWINIT_MFIMODE      0x00000004 /* unknown */
> +#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE */
> +#define MFI_FWINIT_HOTPLUG      0x00000010
> +#define MFI_FWINIT_STOP_ADP     0x00000020 /* Move to operational, stop */
> +#define MFI_FWINIT_ADP_RESET    0x00000040 /* Reset ADP */
> +
> +/* MFI Commands */
> +typedef enum {
> +    MFI_CMD_INIT = 0x00,
> +    MFI_CMD_LD_READ,
> +    MFI_CMD_LD_WRITE,
> +    MFI_CMD_LD_SCSI_IO,
> +    MFI_CMD_PD_SCSI_IO,
> +    MFI_CMD_DCMD,
> +    MFI_CMD_ABORT,
> +    MFI_CMD_SMP,
> +    MFI_CMD_STP
> +} mfi_cmd_t ;

space before ;, here and elsewhere.


> +
> +/* Direct commands */
> +typedef enum {
> +    MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =  0x0100e100,
> +    MFI_DCMD_CTRL_GET_INFO =            0x01010000,
> +    MFI_DCMD_CTRL_GET_PROPERTIES =      0x01020100,
> +    MFI_DCMD_CTRL_SET_PROPERTIES =      0x01020200,
> +    MFI_DCMD_CTRL_ALARM =               0x01030000,
> +    MFI_DCMD_CTRL_ALARM_GET =           0x01030100,
> +    MFI_DCMD_CTRL_ALARM_ENABLE =        0x01030200,
> +    MFI_DCMD_CTRL_ALARM_DISABLE =       0x01030300,
> +    MFI_DCMD_CTRL_ALARM_SILENCE =       0x01030400,
> +    MFI_DCMD_CTRL_ALARM_TEST =          0x01030500,
> +    MFI_DCMD_CTRL_EVENT_GETINFO =       0x01040100,
> +    MFI_DCMD_CTRL_EVENT_CLEAR =         0x01040200,
> +    MFI_DCMD_CTRL_EVENT_GET =           0x01040300,
> +    MFI_DCMD_CTRL_EVENT_COUNT =         0x01040400,
> +    MFI_DCMD_CTRL_EVENT_WAIT =          0x01040500,
> +    MFI_DCMD_CTRL_SHUTDOWN =            0x01050000,
> +    MFI_DCMD_HIBERNATE_STANDBY =        0x01060000,
> +    MFI_DCMD_CTRL_GET_TIME =            0x01080101,
> +    MFI_DCMD_CTRL_SET_TIME =            0x01080102,
> +    MFI_DCMD_CTRL_BIOS_DATA_GET =       0x010c0100,
> +    MFI_DCMD_CTRL_BIOS_DATA_SET =       0x010c0200,
> +    MFI_DCMD_CTRL_FACTORY_DEFAULTS =    0x010d0000,
> +    MFI_DCMD_CTRL_MFC_DEFAULTS_GET =    0x010e0201,
> +    MFI_DCMD_CTRL_MFC_DEFAULTS_SET =    0x010e0202,
> +    MFI_DCMD_CTRL_CACHE_FLUSH =         0x01101000,
> +    MFI_DCMD_PD_GET_LIST =              0x02010000,
> +    MFI_DCMD_PD_LIST_QUERY =            0x02010100,
> +    MFI_DCMD_PD_GET_INFO =              0x02020000,
> +    MFI_DCMD_PD_STATE_SET =             0x02030100,
> +    MFI_DCMD_PD_REBUILD =               0x02040100,
> +    MFI_DCMD_PD_BLINK =                 0x02070100,
> +    MFI_DCMD_PD_UNBLINK =               0x02070200,
> +    MFI_DCMD_LD_GET_LIST =              0x03010000,
> +    MFI_DCMD_LD_GET_INFO =              0x03020000,
> +    MFI_DCMD_LD_GET_PROP =              0x03030000,
> +    MFI_DCMD_LD_SET_PROP =              0x03040000,
> +    MFI_DCMD_LD_DELETE =                0x03090000,
> +    MFI_DCMD_CFG_READ =                 0x04010000,
> +    MFI_DCMD_CFG_ADD =                  0x04020000,
> +    MFI_DCMD_CFG_CLEAR =                0x04030000,
> +    MFI_DCMD_CFG_FOREIGN_READ =         0x04060100,
> +    MFI_DCMD_CFG_FOREIGN_IMPORT =       0x04060400,
> +    MFI_DCMD_BBU_STATUS =               0x05010000,
> +    MFI_DCMD_BBU_CAPACITY_INFO =        0x05020000,
> +    MFI_DCMD_BBU_DESIGN_INFO =          0x05030000,
> +    MFI_DCMD_BBU_PROP_GET =             0x05050100,
> +    MFI_DCMD_CLUSTER =                  0x08000000,
> +    MFI_DCMD_CLUSTER_RESET_ALL =        0x08010100,
> +    MFI_DCMD_CLUSTER_RESET_LD =         0x08010200
> +} mfi_dcmd_t ;


space before ;

> +
> +/* Modifiers for MFI_DCMD_CTRL_FLUSHCACHE */
> +#define MFI_FLUSHCACHE_CTRL     0x01
> +#define MFI_FLUSHCACHE_DISK     0x02
> +
> +/* Modifiers for MFI_DCMD_CTRL_SHUTDOWN */
> +#define MFI_SHUTDOWN_SPINDOWN   0x01
> +
> +/*
> + * MFI Frame flags
> + */
> +typedef enum {
> +    MFI_FRAME_DONT_POST_IN_REPLY_QUEUE =        0x0001,
> +    MFI_FRAME_SGL64 =                           0x0002,
> +    MFI_FRAME_SENSE64 =                         0x0004,
> +    MFI_FRAME_DIR_WRITE =                       0x0008,
> +    MFI_FRAME_DIR_READ =                        0x0010,
> +    MFI_FRAME_IEEE_SGL =                        0x0020,
> +} mfi_frame_flags;
> +
> +/* MFI Status codes */
> +typedef enum {
> +    MFI_STAT_OK =                       0x00,
> +    MFI_STAT_INVALID_CMD,
> +    MFI_STAT_INVALID_DCMD,
> +    MFI_STAT_INVALID_PARAMETER,
> +    MFI_STAT_INVALID_SEQUENCE_NUMBER,
> +    MFI_STAT_ABORT_NOT_POSSIBLE,
> +    MFI_STAT_APP_HOST_CODE_NOT_FOUND,
> +    MFI_STAT_APP_IN_USE,
> +    MFI_STAT_APP_NOT_INITIALIZED,
> +    MFI_STAT_ARRAY_INDEX_INVALID,
> +    MFI_STAT_ARRAY_ROW_NOT_EMPTY,
> +    MFI_STAT_CONFIG_RESOURCE_CONFLICT,
> +    MFI_STAT_DEVICE_NOT_FOUND,
> +    MFI_STAT_DRIVE_TOO_SMALL,
> +    MFI_STAT_FLASH_ALLOC_FAIL,
> +    MFI_STAT_FLASH_BUSY,
> +    MFI_STAT_FLASH_ERROR =              0x10,
> +    MFI_STAT_FLASH_IMAGE_BAD,
> +    MFI_STAT_FLASH_IMAGE_INCOMPLETE,
> +    MFI_STAT_FLASH_NOT_OPEN,
> +    MFI_STAT_FLASH_NOT_STARTED,
> +    MFI_STAT_FLUSH_FAILED,
> +    MFI_STAT_HOST_CODE_NOT_FOUNT,
> +    MFI_STAT_LD_CC_IN_PROGRESS,
> +    MFI_STAT_LD_INIT_IN_PROGRESS,
> +    MFI_STAT_LD_LBA_OUT_OF_RANGE,
> +    MFI_STAT_LD_MAX_CONFIGURED,
> +    MFI_STAT_LD_NOT_OPTIMAL,
> +    MFI_STAT_LD_RBLD_IN_PROGRESS,
> +    MFI_STAT_LD_RECON_IN_PROGRESS,
> +    MFI_STAT_LD_WRONG_RAID_LEVEL,
> +    MFI_STAT_MAX_SPARES_EXCEEDED,
> +    MFI_STAT_MEMORY_NOT_AVAILABLE =     0x20,
> +    MFI_STAT_MFC_HW_ERROR,
> +    MFI_STAT_NO_HW_PRESENT,
> +    MFI_STAT_NOT_FOUND,
> +    MFI_STAT_NOT_IN_ENCL,
> +    MFI_STAT_PD_CLEAR_IN_PROGRESS,
> +    MFI_STAT_PD_TYPE_WRONG,
> +    MFI_STAT_PR_DISABLED,
> +    MFI_STAT_ROW_INDEX_INVALID,
> +    MFI_STAT_SAS_CONFIG_INVALID_ACTION,
> +    MFI_STAT_SAS_CONFIG_INVALID_DATA,
> +    MFI_STAT_SAS_CONFIG_INVALID_PAGE,
> +    MFI_STAT_SAS_CONFIG_INVALID_TYPE,
> +    MFI_STAT_SCSI_DONE_WITH_ERROR,
> +    MFI_STAT_SCSI_IO_FAILED,
> +    MFI_STAT_SCSI_RESERVATION_CONFLICT,
> +    MFI_STAT_SHUTDOWN_FAILED =          0x30,
> +    MFI_STAT_TIME_NOT_SET,
> +    MFI_STAT_WRONG_STATE,
> +    MFI_STAT_LD_OFFLINE,
> +    MFI_STAT_PEER_NOTIFICATION_REJECTED,
> +    MFI_STAT_PEER_NOTIFICATION_FAILED,
> +    MFI_STAT_RESERVATION_IN_PROGRESS,
> +    MFI_STAT_I2C_ERRORS_DETECTED,
> +    MFI_STAT_PCI_ERRORS_DETECTED,
> +    MFI_STAT_DIAG_FAILED,
> +    MFI_STAT_BOOT_MSG_PENDING,
> +    MFI_STAT_FOREIGN_CONFIG_INCOMPLETE,
> +    MFI_STAT_INVALID_SGL,
> +    MFI_STAT_UNSUPPORTED_HW,
> +    MFI_STAT_CC_SCHEDULE_DISABLED,
> +    MFI_STAT_PD_COPYBACK_IN_PROGRESS,
> +    MFI_STAT_MULTIPLE_PDS_IN_ARRAY =    0x40,
> +    MFI_STAT_FW_DOWNLOAD_ERROR,
> +    MFI_STAT_FEATURE_SECURITY_NOT_ENABLED,
> +    MFI_STAT_LOCK_KEY_ALREADY_EXISTS,
> +    MFI_STAT_LOCK_KEY_BACKUP_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_VERIFY_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_VERIFY_FAILED,
> +    MFI_STAT_LOCK_KEY_REKEY_NOT_ALLOWED,
> +    MFI_STAT_LOCK_KEY_INVALID,
> +    MFI_STAT_LOCK_KEY_ESCROW_INVALID,
> +    MFI_STAT_LOCK_KEY_BACKUP_REQUIRED,
> +    MFI_STAT_SECURE_LD_EXISTS,
> +    MFI_STAT_LD_SECURE_NOT_ALLOWED,
> +    MFI_STAT_REPROVISION_NOT_ALLOWED,
> +    MFI_STAT_PD_SECURITY_TYPE_WRONG,
> +    MFI_STAT_LD_ENCRYPTION_TYPE_INVALID,
> +    MFI_STAT_CONFIG_FDE_NON_FDE_MIX_NOT_ALLOWED = 0x50,
> +    MFI_STAT_CONFIG_LD_ENCRYPTION_TYPE_MIX_NOT_ALLOWED,
> +    MFI_STAT_SECRET_KEY_NOT_ALLOWED,
> +    MFI_STAT_PD_HW_ERRORS_DETECTED,
> +    MFI_STAT_LD_CACHE_PINNED,
> +    MFI_STAT_POWER_STATE_SET_IN_PROGRESS,
> +    MFI_STAT_POWER_STATE_SET_BUSY,
> +    MFI_STAT_POWER_STATE_WRONG,
> +    MFI_STAT_PR_NO_AVAILABLE_PD_FOUND,
> +    MFI_STAT_CTRL_RESET_REQUIRED,
> +    MFI_STAT_LOCK_KEY_EKM_NO_BOOT_AGENT,
> +    MFI_STAT_SNAP_NO_SPACE,
> +    MFI_STAT_SNAP_PARTIAL_FAILURE,
> +    MFI_STAT_UPGRADE_KEY_INCOMPATIBLE,
> +    MFI_STAT_PFK_INCOMPATIBLE,
> +    MFI_STAT_PD_MAX_UNCONFIGURED,
> +    MFI_STAT_IO_METRICS_DISABLED =      0x60,
> +    MFI_STAT_AEC_NOT_STOPPED,
> +    MFI_STAT_PI_TYPE_WRONG,
> +    MFI_STAT_LD_PD_PI_INCOMPATIBLE,
> +    MFI_STAT_PI_NOT_ENABLED,
> +    MFI_STAT_LD_BLOCK_SIZE_MISMATCH,
> +    MFI_STAT_INVALID_STATUS =           0xFF
> +} mfi_status_t ;
> +
> +/* Event classes */
> +typedef enum {
> +    MFI_EVT_CLASS_DEBUG =      -2,
> +    MFI_EVT_CLASS_PROGRESS =   -1,
> +    MFI_EVT_CLASS_INFO =        0,
> +    MFI_EVT_CLASS_WARNING =     1,
> +    MFI_EVT_CLASS_CRITICAL =    2,
> +    MFI_EVT_CLASS_FATAL =       3,
> +    MFI_EVT_CLASS_DEAD =        4
> +} mfi_evt_class_t ;
> +
> +/* Event locales */
> +typedef enum {
> +    MFI_EVT_LOCALE_LD =         0x0001,
> +    MFI_EVT_LOCALE_PD =         0x0002,
> +    MFI_EVT_LOCALE_ENCL =       0x0004,
> +    MFI_EVT_LOCALE_BBU =        0x0008,
> +    MFI_EVT_LOCALE_SAS =        0x0010,
> +    MFI_EVT_LOCALE_CTRL =       0x0020,
> +    MFI_EVT_LOCALE_CONFIG =     0x0040,
> +    MFI_EVT_LOCALE_CLUSTER =    0x0080,
> +    MFI_EVT_LOCALE_ALL =        0xffff
> +} mfi_evt_locale_t;
> +
> +/* Event args */
> +typedef enum {
> +    MR_EVT_ARGS_NONE =          0x00,
> +    MR_EVT_ARGS_CDB_SENSE,
> +    MR_EVT_ARGS_LD,
> +    MR_EVT_ARGS_LD_COUNT,
> +    MR_EVT_ARGS_LD_LBA,
> +    MR_EVT_ARGS_LD_OWNER,
> +    MR_EVT_ARGS_LD_LBA_PD_LBA,
> +    MR_EVT_ARGS_LD_PROG,
> +    MR_EVT_ARGS_LD_STATE,
> +    MR_EVT_ARGS_LD_STRIP,
> +    MR_EVT_ARGS_PD,
> +    MR_EVT_ARGS_PD_ERR,
> +    MR_EVT_ARGS_PD_LBA,
> +    MR_EVT_ARGS_PD_LBA_LD,
> +    MR_EVT_ARGS_PD_PROG,
> +    MR_EVT_ARGS_PD_STATE,
> +    MR_EVT_ARGS_PCI,
> +    MR_EVT_ARGS_RATE,
> +    MR_EVT_ARGS_STR,
> +    MR_EVT_ARGS_TIME,
> +    MR_EVT_ARGS_ECC,
> +    MR_EVT_ARGS_LD_PROP,
> +    MR_EVT_ARGS_PD_SPARE,
> +    MR_EVT_ARGS_PD_INDEX,
> +    MR_EVT_ARGS_DIAG_PASS,
> +    MR_EVT_ARGS_DIAG_FAIL,
> +    MR_EVT_ARGS_PD_LBA_LBA,
> +    MR_EVT_ARGS_PORT_PHY,
> +    MR_EVT_ARGS_PD_MISSING,
> +    MR_EVT_ARGS_PD_ADDRESS,
> +    MR_EVT_ARGS_BITMAP,
> +    MR_EVT_ARGS_CONNECTOR,
> +    MR_EVT_ARGS_PD_PD,
> +    MR_EVT_ARGS_PD_FRU,
> +    MR_EVT_ARGS_PD_PATHINFO,
> +    MR_EVT_ARGS_PD_POWER_STATE,
> +    MR_EVT_ARGS_GENERIC,
> +} mfi_evt_args;
> +
> +/* Event codes */
> +#define MR_EVT_CFG_CLEARED                          0x0004
> +#define MR_EVT_CTRL_SHUTDOWN                        0x002a
> +#define MR_EVT_LD_STATE_CHANGE                      0x0051
> +#define MR_EVT_PD_INSERTED                          0x005b
> +#define MR_EVT_PD_REMOVED                           0x0070
> +#define MR_EVT_PD_STATE_CHANGED                     0x0072
> +#define MR_EVT_LD_CREATED                           0x008a
> +#define MR_EVT_LD_DELETED                           0x008b
> +#define MR_EVT_FOREIGN_CFG_IMPORTED                 0x00db
> +#define MR_EVT_LD_OFFLINE                           0x00fc
> +#define MR_EVT_CTRL_HOST_BUS_SCAN_REQUESTED         0x0152
> +
> +typedef enum {
> +    MR_LD_CACHE_WRITE_BACK =            0x01,
> +    MR_LD_CACHE_WRITE_ADAPTIVE =        0x02,
> +    MR_LD_CACHE_READ_AHEAD =            0x04,
> +    MR_LD_CACHE_READ_ADAPTIVE =         0x08,
> +    MR_LD_CACHE_WRITE_CACHE_BAD_BBU =   0x10,
> +    MR_LD_CACHE_ALLOW_WRITE_CACHE =     0x20,
> +    MR_LD_CACHE_ALLOW_READ_CACHE =      0x40
> +} mfi_ld_cache;
> +
> +typedef enum {
> +    MR_PD_CACHE_UNCHANGED  =    0,
> +    MR_PD_CACHE_ENABLE =        1,
> +    MR_PD_CACHE_DISABLE =       2
> +} mfi_pd_cache;
> +
> +typedef enum {
> +    MR_PD_QUERY_TYPE_ALL =              0,
> +    MR_PD_QUERY_TYPE_STATE =            1,
> +    MR_PD_QUERY_TYPE_POWER_STATE =      2,
> +    MR_PD_QUERY_TYPE_MEDIA_TYPE =       3,
> +    MR_PD_QUERY_TYPE_SPEED =            4,
> +    MR_PD_QUERY_TYPE_EXPOSED_TO_HOST =  5, /*query for system drives */
> +} mfi_pd_query_type;
> +
> +/*
> + * Other propertities and definitions
> + */
> +#define MFI_MAX_PD_CHANNELS     2
> +#define MFI_MAX_LD_CHANNELS     2
> +#define MFI_MAX_CHANNELS        (MFI_MAX_PD_CHANNELS + MFI_MAX_LD_CHANNELS)
> +#define MFI_MAX_CHANNEL_DEVS  128
> +#define MFI_DEFAULT_ID         -1
> +#define MFI_MAX_LUN             8
> +#define MFI_MAX_LD             64
> +
> +#define MFI_FRAME_SIZE         64
> +#define MFI_MBOX_SIZE          12
> +
> +/* Firmware flashing can take 40s */
> +#define MFI_POLL_TIMEOUT_SECS  50
> +
> +/* Allow for speedier math calculations */
> +#define MFI_SECTOR_LEN        512
> +
> +/* Scatter Gather elements */
> +struct mfi_sg32 {
> +    uint32_t addr;
> +    uint32_t len;
> +} __attribute__ ((packed));
> +
> +struct mfi_sg64 {
> +    uint64_t addr;
> +    uint32_t len;
> +} __attribute__ ((packed));
> +
> +struct mfi_sg_skinny {
> +    uint64_t addr;
> +    uint32_t len;
> +    uint32_t flag;
> +} __attribute__ ((packed));
> +
> +union mfi_sgl {
> +    struct mfi_sg32 sg32[1];
> +    struct mfi_sg64 sg64[1];
> +    struct mfi_sg_skinny sg_skinny[1];
> +} __attribute__ ((packed));
> +
> +/* Message frames.  All messages have a common header */
> +struct mfi_frame_header {
> +    uint8_t frame_cmd;
> +    uint8_t sense_len;
> +    uint8_t cmd_status;
> +    uint8_t scsi_status;
> +    uint8_t target_id;
> +    uint8_t lun_id;
> +    uint8_t cdb_len;
> +    uint8_t sge_count;
> +    uint64_t context;
> +    uint16_t flags;
> +    uint16_t timeout;
> +    uint32_t data_len;
> +} __attribute__ ((packed));
> +
> +struct mfi_init_frame {
> +    struct mfi_frame_header header;
> +    uint32_t qinfo_new_addr_lo;
> +    uint32_t qinfo_new_addr_hi;
> +    uint32_t qinfo_old_addr_lo;
> +    uint32_t qinfo_old_addr_hi;
> +    uint32_t reserved[6];
> +} __attribute__ ((packed));
> +
> +#define MFI_IO_FRAME_SIZE 40
> +struct mfi_io_frame {
> +    struct mfi_frame_header header;
> +    uint32_t sense_addr_lo;
> +    uint32_t sense_addr_hi;
> +    uint32_t lba_lo;
> +    uint32_t lba_hi;
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +#define MFI_PASS_FRAME_SIZE 48
> +struct mfi_pass_frame {
> +    struct mfi_frame_header header;
> +    uint32_t sense_addr_lo;
> +    uint32_t sense_addr_hi;
> +    uint8_t cdb[16];
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +#define MFI_DCMD_FRAME_SIZE 40
> +struct mfi_dcmd_frame {
> +    struct mfi_frame_header header;
> +    uint32_t opcode;
> +    uint8_t mbox[MFI_MBOX_SIZE];
> +    union mfi_sgl sgl;
> +} __attribute__ ((packed));
> +
> +struct mfi_abort_frame {
> +    struct mfi_frame_header header;
> +    uint64_t abort_context;
> +    uint32_t abort_mfi_addr_lo;
> +    uint32_t abort_mfi_addr_hi;
> +    uint32_t reserved1[6];
> +} __attribute__ ((packed));
> +
> +struct mfi_smp_frame {
> +    struct mfi_frame_header header;
> +    uint64_t sas_addr;
> +    union {
> +        struct mfi_sg32 sg32[2];
> +        struct mfi_sg64 sg64[2];
> +    } sgl;
> +} __attribute__ ((packed));
> +
> +struct mfi_stp_frame {
> +    struct mfi_frame_header header;
> +    uint16_t fis[10];
> +    uint32_t stp_flags;
> +    union {
> +        struct mfi_sg32 sg32[2];
> +        struct mfi_sg64 sg64[2];
> +    } sgl;
> +} __attribute__ ((packed));
> +
> +union mfi_frame {
> +    struct mfi_frame_header header;
> +    struct mfi_init_frame init;
> +    struct mfi_io_frame io;
> +    struct mfi_pass_frame pass;
> +    struct mfi_dcmd_frame dcmd;
> +    struct mfi_abort_frame abort;
> +    struct mfi_smp_frame smp;
> +    struct mfi_stp_frame stp;
> +    uint64_t raw[8];
> +    uint8_t bytes[MFI_FRAME_SIZE];
> +};
> +
> +#define MFI_SENSE_LEN 128
> +struct mfi_sense {
> +    uint8_t     data[MFI_SENSE_LEN];
> +};
> +
> +#define MFI_QUEUE_FLAG_CONTEXT64 0x00000002
> +
> +/* The queue init structure that is passed with the init message */
> +struct mfi_init_qinfo {
> +    uint32_t flags;
> +    uint32_t rq_entries;
> +    uint32_t rq_addr_lo;
> +    uint32_t rq_addr_hi;
> +    uint32_t pi_addr_lo;
> +    uint32_t pi_addr_hi;
> +    uint32_t ci_addr_lo;
> +    uint32_t ci_addr_hi;
> +} __attribute__ ((packed));

Don't use a packed attribute - it's not necessary here and creates
much worse code as gcc must then assume unaligned struct address.
You had to tweak the attribute anyway, just drop it.

> +
> +/* Controller properties */
> +struct mfi_ctrl_props {
> +    uint16_t seq_num;
> +    uint16_t pred_fail_poll_interval;
> +    uint16_t intr_throttle_cnt;
> +    uint16_t intr_throttle_timeout;
> +    uint8_t rebuild_rate;
> +    uint8_t patrol_read_rate;
> +    uint8_t bgi_rate;
> +    uint8_t cc_rate;
> +    uint8_t recon_rate;
> +    uint8_t cache_flush_interval;
> +    uint8_t spinup_drv_cnt;
> +    uint8_t spinup_delay;
> +    uint8_t cluster_enable;
> +    uint8_t coercion_mode;
> +    uint8_t alarm_enable;
> +    uint8_t disable_auto_rebuild;
> +    uint8_t disable_battery_warn;
> +    uint8_t ecc_bucket_size;
> +    uint16_t ecc_bucket_leak_rate;
> +    uint8_t restore_hotspare_on_insertion;
> +    uint8_t expose_encl_devices;
> +    uint8_t maintainPdFailHistory;
> +    uint8_t disallowHostRequestReordering;
> +    uint8_t abortCCOnError;
> +    uint8_t loadBalanceMode;
> +    uint8_t disableAutoDetectBackplane;
> +    uint8_t snapVDSpace;
> +    struct {
> +        /* set TRUE to disable copyBack (0=copyback enabled) */
> +        uint32_t copyBackDisabled:1,
> +            SMARTerEnabled:1,
> +            prCorrectUnconfiguredAreas:1,
> +            useFdeOnly:1,
> +            disableNCQ:1,
> +            SSDSMARTerEnabled:1,
> +            SSDPatrolReadEnabled:1,
> +            enableSpinDownUnconfigured:1,
> +            autoEnhancedImport:1,
> +            enableSecretKeyControl:1,
> +            disableOnlineCtrlReset:1,
> +            allowBootWithPinnedCache:1,
> +            disableSpinDownHS:1,
> +            enableJBOD:1,
> +            reserved:18;
> +    } OnOffProperties;

Using bitfields for anything where you care about endian-ness
is IMO wrong, and you normally do care for BE host + LE guest.
No idea what bsd does to handle this.

> +    uint8_t autoSnapVDSpace; /* % of source LD to be
> +                              * reserved for auto snapshot
> +                              * in snapshot repository, for
> +                              * metadata and user data
> +                              * 1=5%, 2=10%, 3=15% and so on
> +                              */
> +    uint8_t viewSpace;       /* snapshot writeable VIEWs
> +                              * capacity as a % of source LD
> +                              * capacity. 0=READ only
> +                              * 1=5%, 2=10%, 3=15% and so on
> +                              */
> +    uint16_t spinDownTime;    /* # of idle minutes before device
> +                               * is spun down (0=use FW defaults)
> +                               */
> +    uint8_t reserved[24];
> +} __attribute__ ((packed));
> +
> +/* PCI information about the card. */
> +struct mfi_info_pci {
> +    uint16_t vendor;
> +    uint16_t device;
> +    uint16_t subvendor;
> +    uint16_t subdevice;
> +    uint8_t reserved[24];
> +} __attribute__ ((packed));
> +
> +/* Host (front end) interface information */
> +struct mfi_info_host {
> +    uint8_t type;
> +#define MFI_INFO_HOST_PCIX      0x01
> +#define MFI_INFO_HOST_PCIE      0x02
> +#define MFI_INFO_HOST_ISCSI     0x04
> +#define MFI_INFO_HOST_SAS3G     0x08
> +    uint8_t reserved[6];
> +    uint8_t port_count;
> +    uint64_t port_addr[8];
> +} __attribute__ ((packed));
> +
> +/* Device (back end) interface information */
> +struct mfi_info_device {
> +    uint8_t type;
> +#define MFI_INFO_DEV_SPI        0x01
> +#define MFI_INFO_DEV_SAS3G      0x02
> +#define MFI_INFO_DEV_SATA1      0x04
> +#define MFI_INFO_DEV_SATA3G     0x08
> +    uint8_t reserved[6];
> +    uint8_t port_count;
> +    uint64_t port_addr[8];
> +} __attribute__ ((packed));
> +
> +/* Firmware component information */
> +struct mfi_info_component {
> +    char name[8];
> +    char version[32];
> +    char build_date[16];
> +    char build_time[16];
> +} __attribute__ ((packed));
> +
> +/* Controller default settings */
> +struct mfi_defaults {
> +    uint64_t sas_addr;
> +    uint8_t phy_polarity;
> +    uint8_t background_rate;
> +    uint8_t stripe_size;
> +    uint8_t flush_time;
> +    uint8_t write_back;
> +    uint8_t read_ahead;
> +    uint8_t cache_when_bbu_bad;
> +    uint8_t cached_io;
> +    uint8_t smart_mode;
> +    uint8_t alarm_disable;
> +    uint8_t coercion;
> +    uint8_t zrc_config;
> +    uint8_t dirty_led_shows_drive_activity;
> +    uint8_t bios_continue_on_error;
> +    uint8_t spindown_mode;
> +    uint8_t allowed_device_types;
> +    uint8_t allow_mix_in_enclosure;
> +    uint8_t allow_mix_in_ld;
> +    uint8_t allow_sata_in_cluster;
> +    uint8_t max_chained_enclosures;
> +    uint8_t disable_ctrl_r;
> +    uint8_t enable_web_bios;
> +    uint8_t phy_polarity_split;
> +    uint8_t direct_pd_mapping;
> +    uint8_t bios_enumerate_lds;
> +    uint8_t restored_hot_spare_on_insertion;
> +    uint8_t expose_enclosure_devices;
> +    uint8_t maintain_pd_fail_history;
> +    uint8_t disable_puncture;
> +    uint8_t zero_based_enumeration;
> +    uint8_t disable_preboot_cli;
> +    uint8_t show_drive_led_on_activity;
> +    uint8_t cluster_disable;
> +    uint8_t sas_disable;
> +    uint8_t auto_detect_backplane;
> +    uint8_t fde_only;
> +    uint8_t delay_during_post;
> +    uint8_t resv[19];
> +} __attribute__ ((packed));
> +
> +/* Controller default settings */
> +struct mfi_bios_data {
> +    uint16_t boot_target_id;
> +    uint8_t do_not_int_13;
> +    uint8_t continue_on_error;
> +    uint8_t verbose;
> +    uint8_t geometry;
> +    uint8_t expose_all_drives;
> +    uint8_t reserved[56];
> +    uint8_t check_sum;
> +} __attribute__ ((packed));
> +
> +/* SAS (?) controller info, returned from MFI_DCMD_CTRL_GETINFO. */
> +struct mfi_ctrl_info {
> +    struct mfi_info_pci pci;
> +    struct mfi_info_host host;
> +    struct mfi_info_device device;
> +
> +    /* Firmware components that are present and active. */
> +    uint32_t image_check_word;
> +    uint32_t image_component_count;
> +    struct mfi_info_component image_component[8];
> +
> +    /* Firmware components that have been flashed but are inactive */
> +    uint32_t pending_image_component_count;
> +    struct mfi_info_component pending_image_component[8];
> +
> +    uint8_t max_arms;
> +    uint8_t max_spans;
> +    uint8_t max_arrays;
> +    uint8_t max_lds;
> +    char product_name[80];
> +    char serial_number[32];
> +    uint32_t hw_present;
> +#define MFI_INFO_HW_BBU         0x01
> +#define MFI_INFO_HW_ALARM       0x02
> +#define MFI_INFO_HW_NVRAM       0x04
> +#define MFI_INFO_HW_UART        0x08
> +#define MFI_INFO_HW_MEM         0x10
> +#define MFI_INFO_HW_FLASH       0x20
> +    uint32_t current_fw_time;
> +    uint16_t max_cmds;
> +    uint16_t max_sg_elements;
> +    uint32_t max_request_size;
> +    uint16_t lds_present;
> +    uint16_t lds_degraded;
> +    uint16_t lds_offline;
> +    uint16_t pd_present;
> +    uint16_t pd_disks_present;
> +    uint16_t pd_disks_pred_failure;
> +    uint16_t pd_disks_failed;
> +    uint16_t nvram_size;
> +    uint16_t memory_size;
> +    uint16_t flash_size;
> +    uint16_t ram_correctable_errors;
> +    uint16_t ram_uncorrectable_errors;
> +    uint8_t cluster_allowed;
> +    uint8_t cluster_active;
> +    uint16_t max_strips_per_io;
> +
> +    uint32_t raid_levels;
> +#define MFI_INFO_RAID_0         0x01
> +#define MFI_INFO_RAID_1         0x02
> +#define MFI_INFO_RAID_5         0x04
> +#define MFI_INFO_RAID_1E        0x08
> +#define MFI_INFO_RAID_6         0x10
> +
> +    uint32_t adapter_ops;
> +#define MFI_INFO_AOPS_RBLD_RATE         0x0001
> +#define MFI_INFO_AOPS_CC_RATE           0x0002
> +#define MFI_INFO_AOPS_BGI_RATE          0x0004
> +#define MFI_INFO_AOPS_RECON_RATE        0x0008
> +#define MFI_INFO_AOPS_PATROL_RATE       0x0010
> +#define MFI_INFO_AOPS_ALARM_CONTROL     0x0020
> +#define MFI_INFO_AOPS_CLUSTER_SUPPORTED 0x0040
> +#define MFI_INFO_AOPS_BBU               0x0080
> +#define MFI_INFO_AOPS_SPANNING_ALLOWED  0x0100
> +#define MFI_INFO_AOPS_DEDICATED_SPARES  0x0200
> +#define MFI_INFO_AOPS_REVERTIBLE_SPARES 0x0400
> +#define MFI_INFO_AOPS_FOREIGN_IMPORT    0x0800
> +#define MFI_INFO_AOPS_SELF_DIAGNOSTIC   0x1000
> +#define MFI_INFO_AOPS_MIXED_ARRAY       0x2000
> +#define MFI_INFO_AOPS_GLOBAL_SPARES     0x4000
> +
> +    uint32_t ld_ops;
> +#define MFI_INFO_LDOPS_READ_POLICY      0x01
> +#define MFI_INFO_LDOPS_WRITE_POLICY     0x02
> +#define MFI_INFO_LDOPS_IO_POLICY        0x04
> +#define MFI_INFO_LDOPS_ACCESS_POLICY    0x08
> +#define MFI_INFO_LDOPS_DISK_CACHE_POLICY 0x10
> +
> +    struct {
> +        uint8_t min;
> +        uint8_t max;
> +        uint8_t reserved[2];
> +    } __attribute__ ((packed)) stripe_sz_ops;
> +
> +    uint32_t pd_ops;
> +#define MFI_INFO_PDOPS_FORCE_ONLINE     0x01
> +#define MFI_INFO_PDOPS_FORCE_OFFLINE    0x02
> +#define MFI_INFO_PDOPS_FORCE_REBUILD    0x04
> +
> +    uint32_t pd_mix_support;
> +#define MFI_INFO_PDMIX_SAS              0x01
> +#define MFI_INFO_PDMIX_SATA             0x02
> +#define MFI_INFO_PDMIX_ENCL             0x04
> +#define MFI_INFO_PDMIX_LD               0x08
> +#define MFI_INFO_PDMIX_SATA_CLUSTER     0x10
> +
> +    uint8_t ecc_bucket_count;
> +    uint8_t reserved2[11];
> +    struct mfi_ctrl_props properties;
> +    char package_version[0x60];
> +    uint8_t pad[0x800 - 0x6a0];
> +} __attribute__ ((packed));
> +
> +/* keep track of an event. */
> +union mfi_evt {
> +    struct {
> +        uint16_t locale;
> +        uint8_t reserved;
> +        int8_t class;
> +    } members;
> +    uint32_t word;
> +} __attribute__ ((packed));
> +
> +/* event log state. */
> +struct mfi_evt_log_state {
> +    uint32_t newest_seq_num;
> +    uint32_t oldest_seq_num;
> +    uint32_t clear_seq_num;
> +    uint32_t shutdown_seq_num;
> +    uint32_t boot_seq_num;
> +} __attribute__ ((packed));
> +
> +struct mfi_progress {
> +    uint16_t progress;
> +    uint16_t elapsed_seconds;
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_ld {
> +    uint16_t target_id;
> +    uint8_t ld_index;
> +    uint8_t reserved;
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_pd {
> +    uint16_t device_id;
> +    uint8_t enclosure_index;
> +    uint8_t slot_number;
> +} __attribute__ ((packed));
> +
> +/* event detail, returned from MFI_DCMD_CTRL_EVENT_WAIT. */
> +struct mfi_evt_detail {
> +    uint32_t seq;
> +    uint32_t time;
> +    uint32_t code;
> +    union mfi_evt class;
> +    uint8_t arg_type;
> +    uint8_t reserved1[15];
> +
> +    union {
> +        struct {
> +            struct mfi_evt_pd pd;
> +            uint8_t cdb_len;
> +            uint8_t sense_len;
> +            uint8_t reserved[2];
> +            uint8_t cdb[16];
> +            uint8_t sense[64];
> +        } cdb_sense;
> +
> +        struct mfi_evt_ld ld;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint64_t count;
> +        } ld_count;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_ld ld;
> +        } ld_lba;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint32_t pre_owner;
> +            uint32_t new_owner;
> +        } ld_owner;
> +
> +        struct {
> +            uint64_t ld_lba;
> +            uint64_t pd_lba;
> +            struct mfi_evt_ld ld;
> +            struct mfi_evt_pd pd;
> +        } ld_lba_pd_lba;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            struct mfi_progress prog;
> +        } ld_prog;
> +
> +        struct {
> +            struct mfi_evt_ld ld;
> +            uint32_t prev_state;
> +            uint32_t new_state;
> +        } ld_state;
> +
> +        struct {
> +            uint64_t strip;
> +            struct mfi_evt_ld ld;
> +        } ld_strip;
> +
> +        struct mfi_evt_pd pd;
> +
> +        struct {
> +            struct mfi_evt_pd pd;
> +            uint32_t err;
> +        } pd_err;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_pd pd;
> +        } pd_lba;
> +
> +        struct {
> +            uint64_t lba;
> +            struct mfi_evt_pd pd;
> +            struct mfi_evt_ld ld;
> +        } pd_lba_ld;
> +
> +        struct {
> +            struct mfi_evt_pd pd;
> +            struct mfi_progress prog;
> +        } pd_prog;
> +
> +        struct {
> +            struct mfi_evt_pd ld;
> +            uint32_t prev_state;
> +            uint32_t new_state;
> +        } pd_state;
> +
> +        struct {
> +            uint16_t venderId;
> +            uint16_t deviceId;
> +            uint16_t subVenderId;
> +            uint16_t subDeviceId;
> +        } pci;
> +
> +        uint32_t rate;
> +
> +        char str[96];
> +
> +        struct {
> +            uint32_t rtc;
> +            uint16_t elapsedSeconds;
> +        } time;
> +
> +        struct {
> +            uint32_t ecar;
> +            uint32_t elog;
> +            char str[64];
> +        } ecc;
> +
> +        uint8_t b[96];
> +        uint16_t s[48];
> +        uint32_t w[24];
> +        uint64_t d[12];
> +    } args;
> +
> +    char description[128];
> +} __attribute__ ((packed));
> +
> +struct mfi_evt_list {
> +    uint32_t count;
> +    uint32_t reserved;
> +    struct mfi_evt_detail event[1];
> +} __attribute__ ((packed));
> +
> +union mfi_pd_ref {
> +    struct {
> +        uint16_t device_id;
> +        uint16_t seq_num;
> +    } v;
> +    uint32_t ref;
> +} __attribute__ ((packed));
> +
> +union mfi_pd_ddf_type {
> +    struct {
> +        union {
> +            struct {
> +                uint16_t forced_pd_guid:1,
> +                    in_vd:1,
> +                    is_global_spare:1,
> +                    is_spare:1,
> +                    is_foreign:1,
> +                    reserved:7,
> +                    intf:4;
> +            } pd_type;
> +            uint16_t type;
> +        } v;
> +        uint16_t reserved;
> +    } ddf;
> +    struct {
> +        uint32_t reserved;
> +    } non_disk;
> +    uint32_t type;
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_progress {
> +    struct {
> +        uint32_t rbld:1,
> +            patrol:1 ,
> +            clear:1,
> +            reserved:29;
> +    } active;
> +    struct mfi_progress rbld;
> +    struct mfi_progress patrol;
> +    struct mfi_progress clear;
> +    struct mfi_progress reserved[4];
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_info {
> +    union mfi_pd_ref ref;
> +    uint8_t inquiry_data[96];
> +    uint8_t vpd_page83[64];
> +    uint8_t not_supported;
> +    uint8_t scsi_dev_type;
> +    uint8_t connected_port_bitmap;
> +    uint8_t device_speed;
> +    uint32_t media_err_count;
> +    uint32_t other_err_count;
> +    uint32_t pred_fail_count;
> +    uint32_t last_pred_fail_event_seq_num;
> +    uint16_t fw_state;
> +    uint8_t disable_for_removal;
> +    uint8_t link_speed;
> +    union mfi_pd_ddf_type state;
> +    struct {
> +        uint8_t count;
> +        uint8_t is_path_broken;
> +        uint8_t reserved[6];
> +        uint64_t sas_addr[4];
> +    } path_info;
> +    uint64_t raw_size;
> +    uint64_t non_coerced_size;
> +    uint64_t coerced_size;
> +    uint16_t encl_device_id;
> +    uint8_t encl_index;
> +    uint8_t slot_number;
> +    struct mfi_pd_progress prog_info;
> +    uint8_t bad_block_table_full;
> +    uint8_t unusable_in_current_config;
> +    uint8_t vpd_page83_ext[64];
> +    uint8_t reserved[512-358];
> +} __attribute__ ((packed));
> +
> +struct mfi_pd_address {
> +    uint16_t device_id;
> +    uint16_t encl_device_id;
> +    uint8_t encl_index;
> +    uint8_t slot_number;
> +    uint8_t scsi_dev_type;
> +    uint8_t connect_port_bitmap;
> +    uint64_t sas_addr[2];
> +} __attribute__ ((packed));
> +
> +#define MAX_SYS_PDS 240
> +struct mfi_pd_list {
> +    uint32_t size;
> +    uint32_t count;
> +    struct mfi_pd_address addr[MAX_SYS_PDS];
> +} __attribute__ ((packed));
> +
> +union mfi_ld_ref {
> +    struct {
> +        uint8_t target_id;
> +        uint8_t reserved;
> +        uint16_t seq;
> +    } v;
> +    uint32_t ref;
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_list {
> +    uint32_t ld_count;
> +    uint32_t reserved1;
> +    struct {
> +        union mfi_ld_ref ld;
> +        uint8_t state;
> +        uint8_t reserved2[3];
> +        uint64_t size;
> +    } ld_list[MFI_MAX_LD];
> +} __attribute__ ((packed));
> +
> +enum mfi_ld_access {
> +    MFI_LD_ACCESS_RW =          0,
> +    MFI_LD_ACCSSS_RO =          2,
> +    MFI_LD_ACCESS_BLOCKED =     3,
> +};
> +#define MFI_LD_ACCESS_MASK      3
> +
> +enum mfi_ld_state {
> +    MFI_LD_STATE_OFFLINE =              0,
> +    MFI_LD_STATE_PARTIALLY_DEGRADED =   1,
> +    MFI_LD_STATE_DEGRADED =             2,
> +    MFI_LD_STATE_OPTIMAL =              3
> +};
> +
> +enum mfi_syspd_state {
> +    MFI_PD_STATE_UNCONFIGURED_GOOD =    0x00,
> +    MFI_PD_STATE_UNCONFIGURED_BAD =     0x01,
> +    MFI_PD_STATE_HOT_SPARE =            0x02,
> +    MFI_PD_STATE_OFFLINE =              0x10,
> +    MFI_PD_STATE_FAILED =               0x11,
> +    MFI_PD_STATE_REBUILD =              0x14,
> +    MFI_PD_STATE_ONLINE =               0x18,
> +    MFI_PD_STATE_COPYBACK =             0x20,
> +    MFI_PD_STATE_SYSTEM =               0x40
> +};
> +
> +struct mfi_ld_props {
> +    union mfi_ld_ref ld;
> +    char name[16];
> +    uint8_t default_cache_policy;
> +    uint8_t access_policy;
> +    uint8_t disk_cache_policy;
> +    uint8_t current_cache_policy;
> +    uint8_t no_bgi;
> +    uint8_t reserved[7];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_params {
> +    uint8_t primary_raid_level;
> +    uint8_t raid_level_qualifier;
> +    uint8_t secondary_raid_level;
> +    uint8_t stripe_size;
> +    uint8_t num_drives;
> +    uint8_t span_depth;
> +    uint8_t state;
> +    uint8_t init_state;
> +    uint8_t is_consistent;
> +    uint8_t reserved[23];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_progress {
> +    uint32_t            active;
> +#define MFI_LD_PROGRESS_CC      (1<<0)
> +#define MFI_LD_PROGRESS_BGI     (1<<1)
> +#define MFI_LD_PROGRESS_FGI     (1<<2)
> +#define MFI_LD_PORGRESS_RECON   (1<<3)
> +    struct mfi_progress cc;
> +    struct mfi_progress bgi;
> +    struct mfi_progress fgi;
> +    struct mfi_progress recon;
> +    struct mfi_progress reserved[4];
> +} __attribute__ ((packed));
> +
> +struct mfi_span {
> +    uint64_t start_block;
> +    uint64_t num_blocks;
> +    uint16_t array_ref;
> +    uint8_t reserved[6];
> +} __attribute__ ((packed));
> +
> +#define MFI_MAX_SPAN_DEPTH      8
> +struct mfi_ld_config {
> +    struct mfi_ld_props properties;
> +    struct mfi_ld_params params;
> +    struct mfi_span span[MFI_MAX_SPAN_DEPTH];
> +} __attribute__ ((packed));
> +
> +struct mfi_ld_info {
> +    struct mfi_ld_config ld_config;
> +    uint64_t size;
> +    struct mfi_ld_progress progress;
> +    uint16_t cluster_owner;
> +    uint8_t reconstruct_active;
> +    uint8_t reserved1[1];
> +    uint8_t vpd_page83[64];
> +    uint8_t reserved2[16];
> +} __attribute__ ((packed));
> +
> +union mfi_spare_type {
> +    struct {
> +        uint8_t is_dedicate:1,
> +            is_revertable:1,
> +            is_encl_affinity:1,
> +            reserved:5;
> +    } v;
> +    uint8_t type;
> +} __attribute__ ((packed));
> +
> +#define MAX_ARRAYS 16

Use a prefix to avoid global namespace pollution.

> +struct mfi_spare {
> +    union mfi_pd_ref ref;
> +    union mfi_spare_type spare_type;
> +    uint8_t reserved[2];
> +    uint8_t array_count;
> +    uint16_t array_refd[MAX_ARRAYS];
> +} __attribute__ ((packed));
> +
> +#define MAX_ROW_SIZE 32

Use a prefix to avoid global namespace pollution.

> +struct mfi_array {
> +    uint64_t size;
> +    uint8_t num_drives;
> +    uint8_t reserved;
> +    uint16_t array_ref;
> +    uint8_t pad[20];
> +    struct {
> +        union mfi_pd_ref ref;
> +        uint16_t fw_state;
> +        struct {
> +            uint8_t pd;
> +            uint8_t slot;
> +        } encl;
> +    } pd[MAX_ROW_SIZE];
> +} __attribute__ ((packed));
> +
> +struct mfi_config_data {
> +    uint32_t size;
> +    uint16_t array_count;
> +    uint16_t array_size;
> +    uint16_t log_drv_count;
> +    uint16_t log_drv_size;
> +    uint16_t spares_count;
> +    uint16_t spares_size;
> +    uint8_t reserved[16];
> +    uint8_t data;
> +    /*
> +      struct mfi_array  array[];
> +      struct mfi_ld_config ld[];
> +      struct mfi_spare  spare[];
> +    */
> +} __attribute__ ((packed));
> +
> +#define MFI_SCSI_MAX_t ARGETS  128

What's this?

> +#define MFI_SCSI_MAX_LUNS       8
> +#define MFI_SCSI_INITIATOR_ID 255
> +#define MFI_SCSI_MAX_CMDS       8
> +#define MFI_SCSI_MAX_CDB_LEN   16
> +
> +#endif /* _MFI_H */

make below a separate patch pls.

> diff --git a/hw/pci_ids.h b/hw/pci_ids.h
> index e8235a7..0306255 100644
> --- a/hw/pci_ids.h
> +++ b/hw/pci_ids.h
> @@ -12,9 +12,9 @@
>  
>  #define PCI_BASE_CLASS_STORAGE           0x01
>  #define PCI_BASE_CLASS_NETWORK           0x02
> -

Why? This separates base class list from storage
subclasses.

>  #define PCI_CLASS_STORAGE_SCSI           0x0100
>  #define PCI_CLASS_STORAGE_IDE            0x0101
> +#define PCI_CLASS_STORAGE_RAID           0x0104
>  #define PCI_CLASS_STORAGE_SATA           0x0106
>  #define PCI_CLASS_STORAGE_OTHER          0x0180
>  
> @@ -47,6 +47,7 @@
>  
>  #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
>  #define PCI_DEVICE_ID_LSI_53C895A        0x0012
> +#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
>  
>  #define PCI_VENDOR_ID_DEC                0x1011
>  #define PCI_DEVICE_ID_DEC_21154          0x0026
> -- 
> 1.7.3.4
>
Anthony Liguori - Feb. 24, 2012, 3:58 p.m.
On 02/23/2012 09:34 AM, Michael S. Tsirkin wrote:
> On Tue, Feb 21, 2012 at 10:36:43AM +0100, Hannes Reinecke wrote:
>> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
>> I've tested it to work with Linux, Windows Vista, and Windows7.
>> MSI-X support is currently broken; have to investigate.
>>
>> Changes since v13:
>> - Remove separate MSI-X BAR
>> - Simplify BAR allocation
>>
>> Changes since v12:
>> - Fixup flag setting via properties
>> - Fixup MSI-X handling
>> - Disable MSI-X per default
>>
>> Changes since v11:
>> - Remove unneeded variables
>>
>> Changes since v10:
>> - Port to new device type API
>> - Include suggestion from Alex Graf:
>> - Remove 'inline' function declaration
>> - Queue setup and interrupt enablement needs to be treated
>>    independently
>> - Always read in 64 bit context and just mask out the top
>>    bits if required
>>
>> Changes since v9:
>> - Split off trace events into a separate patch
>> - Do not check for max_luns in PD Info
>> - Update trace events
>> - Clarify license statement
>> - Fixup coding style issues
>>
>> Changes since v8:
>> - Remove 'disable' keyword from trace definitions
>> - Convert hand-crafted debugging statements with trace
>>    definitions
>> - Treat 'context' tag as little endian
>>
>> Changes since v7:
>> - Port to new memory API
>> - Port to new PCI infrastructure
>> - Use fixed buffers for sense processing
>> - Update to updated SCSI infrastructure
>>
>> Changes since v6:
>> - Preliminary patches pushed to Kevins block tree
>> - Implement 64bit contexts, required for Windows7
>> - Use iovecs for DCMD processing
>> - Add MSI-X support
>>    Latest Linux driver now happily uses MSI-X.
>> - Static iovec allocation
>>    We have a fixed upper number of iovecs, so we can
>>    save us the allocation. Suggested by Alex Graf.
>> - Update MFI header
>>    Latest Linux driver has some more definitions,
>>    add them
>> - Fixup AEN handling
>> - Update tracing details
>> - Remove sdev pointer from megasas_cmd_t
>>
>> Changes since v5:
>> - megasas: Use tracing infrastructure instead of DPRINTF
>> - megasas: Use new PCI infrastructure
>> - megasas: Check for iovec mapping failure
>>    cpu_map_physical_memory() might fail, so we need to check for
>>    it when mapping iovecs.
>> - megasas: Trace scsi buffer overflow
>>    The transfer length as specified in the SCSI command might
>>    disagree with the length of the iovec. We should be tracing
>>    these issues.
>> - megasas: Reset frames after init firmware
>>    When receiving an INIT FIRMWARE command we need reset all
>>    frames, otherwise some frames might point to invalid memory.
>>
>> Chances since v4:
>> - megasas: checkpatch.pl fixes and update to work with the
>>    changed interface in scsi_req_new(). Also included the
>>    suggested fixes from Alex.
>>
>> Signed-off-by: Hannes Reinecke<hare@suse.de>
>> Cc: Alexander Graf<agraf@suse.de>
>> Cc: Andreas Faerber<afaerber@suse.de>
>> Cc: Gerhard Wiesinger<lists@wiesinger.com>
>
> So Alex asked whether I can merge this, which made me
> take a look. I don't know much about what this does
> so just general comments on all of the code.

This should come through Paolo's new SCSI tree.

And while I defended this before, I now think it really ought to be split after 
trying (and failing) to trim the bits below in Thunderbird.

Regards,

Anthony Liguori

> Also, some issues related to msix - want to rip that code
> out for now since it does not work anyway?
>
> qemu has two styles for struct and enum types:
> 1. documented: typedef struct CamelCase CamelCase;
> 2. undocumented but still widely used: struct lower_case; (no typedef)
> *_t type typedef is used for numeric types such as target_phys_addr_t.
>
> This code mixes them in arbitrary ways. Pls don't do that,
> pls be consistent.
>
>
>
>
>> ---
>>   Makefile.objs           |    1 +
>>   default-configs/pci.mak |    1 +
>>   hw/megasas.c            | 1865 +++++++++++++++++++++++++++++++++++++++++++++++
>>   hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
>>   hw/pci_ids.h            |    3 +-
>>   5 files changed, 3150 insertions(+), 1 deletions(-)
>>   create mode 100644 hw/megasas.c
>>   create mode 100644 hw/mfi.h
>>
>> diff --git a/Makefile.objs b/Makefile.objs
>> index 391e524..5841998 100644
>> --- a/Makefile.objs
>> +++ b/Makefile.objs
>> @@ -283,6 +283,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
>>
>>   # SCSI layer
>>   hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
>> +hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
>>   hw-obj-$(CONFIG_ESP) += esp.o
>>
>>   hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
>> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
>> index 9d3e1db..4b49c00 100644
>> --- a/default-configs/pci.mak
>> +++ b/default-configs/pci.mak
>> @@ -10,6 +10,7 @@ CONFIG_EEPRO100_PCI=y
>>   CONFIG_PCNET_PCI=y
>>   CONFIG_PCNET_COMMON=y
>>   CONFIG_LSI_SCSI_PCI=y
>> +CONFIG_MEGASAS_SCSI_PCI=y
>>   CONFIG_RTL8139_PCI=y
>>   CONFIG_E1000_PCI=y
>>   CONFIG_IDE_CORE=y
>> diff --git a/hw/megasas.c b/hw/megasas.c
>> new file mode 100644
>> index 0000000..083c3d3
>> --- /dev/null
>> +++ b/hw/megasas.c
>> @@ -0,0 +1,1865 @@
>> +/*
>> + * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
>
> Link to documentation/hardware spec/driver code?
>
>> + *
>> + * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
>> + *
>> + * This library is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU Lesser General Public
>> + * License as published by the Free Software Foundation; either
>> + * version 2 of the License, or (at your option) any later version.
>> + *
>> + * This library is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> + * Lesser General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU Lesser General Public
>> + * License along with this library; if not, see<http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#include "hw.h"
>> +#include "pci.h"
>> +#include "dma.h"
>> +#include "msix.h"
>> +#include "iov.h"
>> +#include "scsi.h"
>> +#include "scsi-defs.h"
>> +#include "block_int.h"
>> +
>> +#include "mfi.h"
>> +
>> +/* Static definitions */
>
> Remove above comment.
>
>> +#define MEGASAS_VERSION "1.60"
>> +#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
>> +#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
>> +#define MEGASAS_MAX_SGE 128             /* Firmware limit */
>> +#define MEGASAS_DEFAULT_SGE 80
>> +#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
>> +#define MEGASAS_MAX_ARRAYS 128
>> +
>> +#define MEGASAS_FLAG_USE_JBOD      0
>> +#define MEGASAS_MASK_USE_JBOD      (1<<  MEGASAS_FLAG_USE_JBOD)
>> +#define MEGASAS_FLAG_USE_MSIX      1
>> +#define MEGASAS_MASK_USE_MSIX      (1<<  MEGASAS_FLAG_USE_MSIX)
>> +#define MEGASAS_FLAG_USE_QUEUE64   2
>> +#define MEGASAS_MASK_USE_QUEUE64   (1<<  MEGASAS_FLAG_USE_QUEUE64)
>> +
>> +const char *megasas_raid_modes[] = {
>> +    "raid", "jbod"
>> +};
>> +
>> +const char *mfi_frame_desc[] = {
>> +    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
>> +    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
>
> Can't the above go into mfi.h?
>
>> +
>> +struct megasas_cmd_t {
>> +    uint32_t index;
>> +    uint16_t flags;
>> +    uint16_t count;
>> +    uint64_t context;
>> +
>> +    target_phys_addr_t pa;
>> +    target_phys_addr_t pa_size;
>> +    union mfi_frame *frame;
>> +    SCSIRequest *req;
>> +    struct iovec iov[MEGASAS_MAX_SGE];
>> +    int iov_cnt;
>> +    size_t iov_size;
>> +    size_t iov_offset;
>> +    struct megasas_state_t *state;
>> +};
>> +
>> +typedef struct megasas_state_t {
>> +    PCIDevice dev;
>> +    MemoryRegion mmio_io;
>> +    MemoryRegion port_io;
>> +    MemoryRegion queue_io;
>> +    uint32_t frame_hi;
>> +
>> +    int fw_state;
>> +    uint32_t fw_sge;
>> +    uint32_t fw_cmds;
>> +    uint32_t flags;
>> +    int fw_luns;
>> +    int intr_mask;
>> +    int doorbell;
>> +    int busy;
>> +    char *raid_mode_str;
>
> make it const char * and you will not need
> casts from const char * to char * which are just wrong.
>
>> +
>> +    struct megasas_cmd_t *event_cmd;
>> +    int event_locale;
>> +    int event_class;
>> +    int event_count;
>> +    int shutdown_event;
>> +    int boot_event;
>> +
>> +    uint64_t reply_queue_pa;
>> +    void *reply_queue;
>> +    int reply_queue_len;
>> +    int reply_queue_head;
>> +    int reply_queue_tail;
>> +    uint64_t consumer_pa;
>> +    uint64_t producer_pa;
>> +
>> +    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
>> +
>> +    SCSIBus bus;
>> +} MPTState;
>
> Prefix with megasas or mfi, consistently.
>
>> +
>> +#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
>> +
>> +static bool megasas_intr_enabled(MPTState *s)
>> +{
>> +    if ((s->intr_mask&  MEGASAS_INTR_DISABLED_MASK) !=
>> +        MEGASAS_INTR_DISABLED_MASK) {
>> +        return true;
>> +    }
>> +    return false;
>> +}
>> +
>> +static bool megasas_use_queue64(MPTState *s)
>> +{
>> +    return s->flags&  MEGASAS_MASK_USE_QUEUE64;
>> +}
>> +
>> +static bool megasas_use_msix(MPTState *s)
>> +{
>> +    return s->flags&  MEGASAS_MASK_USE_MSIX;
>> +}
>> +
>> +static bool megasas_is_jbod(MPTState *s)
>> +{
>> +    return s->flags&  MEGASAS_MASK_USE_JBOD;
>> +}
>> +
>> +static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
>> +{
>> +    stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
>> +}
>> +
>> +static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
>> +{
>> +    stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
>> +}
>> +
>> +/*
>> + * Context is considered opaque, but the HBA firmware is running
>> + * in little endian mode. So convert it to little endian, too.
>> + */
>> +static uint64_t megasas_frame_get_context(unsigned long frame)
>> +{
>> +    return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
>> +}
>> +
>> +static bool megasas_frame_is_ieee_sgl(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags&  MFI_FRAME_IEEE_SGL;
>> +}
>> +
>> +static bool megasas_frame_is_sgl64(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags&  MFI_FRAME_SGL64;
>> +}
>> +
>> +static bool megasas_frame_is_write(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags&  MFI_FRAME_DIR_WRITE;
>> +}
>> +
>> +static bool megasas_frame_is_sense64(struct megasas_cmd_t *cmd)
>> +{
>> +    return cmd->flags&  MFI_FRAME_SENSE64;
>> +}
>> +
>> +static uint64_t megasas_sgl_get_addr(struct megasas_cmd_t *cmd,
>> +                                     union mfi_sgl *sgl)
>> +{
>> +    uint64_t addr;
>> +
>> +    if (megasas_frame_is_ieee_sgl(cmd)) {
>> +        addr = le64_to_cpu(sgl->sg_skinny->addr);
>> +    } else if (megasas_frame_is_sgl64(cmd)) {
>> +        addr = le64_to_cpu(sgl->sg64->addr);
>> +    } else {
>> +        addr = le32_to_cpu(sgl->sg32->addr);
>> +    }
>> +    return addr;
>> +}
>> +
>> +static uint32_t megasas_sgl_get_len(struct megasas_cmd_t *cmd,
>> +                                    union mfi_sgl *sgl)
>> +{
>> +    uint32_t len;
>> +
>> +    if (megasas_frame_is_ieee_sgl(cmd)) {
>> +        len = le32_to_cpu(sgl->sg_skinny->len);
>> +    } else if (megasas_frame_is_sgl64(cmd)) {
>> +        len = le32_to_cpu(sgl->sg64->len);
>> +    } else {
>> +        len = le32_to_cpu(sgl->sg32->len);
>> +    }
>> +    return len;
>> +}
>> +
>> +static union mfi_sgl *megasas_sgl_next(struct megasas_cmd_t *cmd,
>> +                                       union mfi_sgl *sgl)
>> +{
>> +    uint8_t *next = (uint8_t *)sgl;
>> +
>> +    if (megasas_frame_is_ieee_sgl(cmd)) {
>> +        next += sizeof(struct mfi_sg_skinny);
>> +    } else if (megasas_frame_is_sgl64(cmd)) {
>> +        next += sizeof(struct mfi_sg64);
>> +    } else {
>> +        next += sizeof(struct mfi_sg32);
>> +    }
>> +
>> +    if (next>= (uint8_t *)cmd->frame + cmd->pa_size) {
>> +        return NULL;
>> +    }
>> +    return (union mfi_sgl *)next;
>> +}
>> +
>> +static void megasas_soft_reset(MPTState *s);
>> +
>> +static int megasas_map_sgl(struct megasas_cmd_t *cmd, union mfi_sgl *sgl)
>> +{
>> +    int i;
>> +    int is_write;
>> +    int iov_count = 0;
>> +    size_t iov_size = 0;
>> +
>> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
>> +    cmd->iov_cnt = iov_count = cmd->frame->header.sge_count;
>> +    if (cmd->iov_cnt>  MEGASAS_MAX_SGE) {
>> +        cmd->iov_cnt = 0;
>> +        return iov_count;
>> +    }
>> +    is_write = megasas_frame_is_write(cmd);
>> +    for (i = 0; i<  cmd->iov_cnt; i++) {
>> +        target_phys_addr_t iov_pa, iov_size_p;
>> +
>> +        if (!sgl) {
>> +            goto unmap;
>> +        }
>> +        iov_pa = megasas_sgl_get_addr(cmd, sgl);
>> +        cmd->iov[i].iov_len = iov_size_p = megasas_sgl_get_len(cmd, sgl);
>> +        if (!iov_pa || !iov_size_p) {
>> +            goto unmap;
>> +        }
>> +        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa,&iov_size_p,
>> +                                                       is_write);
>> +        if (!iov_size_p || iov_size_p != cmd->iov[i].iov_len) {
>> +            if (cmd->iov[i].iov_base) {
>> +                cpu_physical_memory_unmap(cmd->iov[i].iov_base,
>> +                                          iov_size_p, 0, 0);
>> +            }
>> +            goto unmap;
>> +        }
>> +        sgl = megasas_sgl_next(cmd, sgl);
>> +        iov_size += cmd->iov[i].iov_len;
>> +        iov_count--;
>> +    }
>> +    cmd->iov[i].iov_base = NULL;
>> +    cmd->iov[i].iov_len = 0;
>> +    cmd->iov_offset = 0;
>> +    return 0;
>> +unmap:
>> +    while (i>  0) {
>> +        cpu_physical_memory_unmap(cmd->iov[i-1].iov_base,
>> +                                  cmd->iov[i-1].iov_len, 0, 0);
>> +        i--;
>> +    }
>> +    cmd->iov_cnt = 0;
>> +    return iov_count;
>> +}
>> +
>> +static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
>> +{
>> +    int i, is_write = megasas_frame_is_write(cmd);
>> +
>> +    for (i = 0; i<  cmd->iov_cnt; i++) {
>> +        cpu_physical_memory_unmap(cmd->iov[i].iov_base, cmd->iov[i].iov_len,
>> +                                  is_write, cmd->iov[i].iov_len);
>> +    }
>> +    cmd->iov_cnt = 0;
>> +    cmd->iov_offset = 0;
>> +}
>> +
>> +/*
>> + * passthrough sense and io sense are at the same offset
>> + */
>> +static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t *sense_ptr,
>> +    uint8_t sense_len)
>> +{
>> +    uint32_t pa_hi = 0, pa_lo;
>> +    target_phys_addr_t pa;
>> +
>> +    if (sense_len>  cmd->frame->header.sense_len) {
>> +        sense_len = cmd->frame->header.sense_len;
>> +    }
>> +
>> +    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
>> +    if (megasas_frame_is_sense64(cmd)) {
>> +        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
>> +    }
>> +    pa = ((uint64_t) pa_hi<<  32) | pa_lo;
>> +    cpu_physical_memory_write(pa, sense_ptr, sense_len);
>> +    cmd->frame->header.sense_len = sense_len;
>> +    return sense_len;
>> +}
>> +
>> +static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense sense)
>> +{
>> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
>> +    uint8_t sense_len = 18;
>> +
>> +    memset(sense_buf, 0, sense_len);
>> +    sense_buf[0] = 0xf0;
>> +    sense_buf[2] = sense.key;
>> +    sense_buf[7] = 10;
>> +    sense_buf[12] = sense.asc;
>> +    sense_buf[13] = sense.ascq;
>> +    megasas_build_sense(cmd, sense_buf, sense_len);
>> +}
>> +
>> +static void megasas_copy_sense(struct megasas_cmd_t *cmd)
>> +{
>> +    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
>> +    uint8_t sense_len;
>> +
>> +    sense_len = scsi_req_get_sense(cmd->req, sense_buf,
>> +                                   cmd->frame->header.sense_len);
>> +    megasas_build_sense(cmd, sense_buf, sense_len);
>> +}
>> +
>> +/*
>> + * Format an INQUIRY CDB
>> + */
>> +static int megasas_setup_inquiry(uint8_t *cdb, int pg,
>> +                                 uint8_t *buf, int len)
>> +{
>> +    memset(cdb, 0, 6);
>> +    cdb[0] = INQUIRY;
>> +    if (pg>  0) {
>> +        cdb[1] = 0x1;
>> +        cdb[2] = pg;
>> +    }
>> +    cdb[3] = (len>>  8)&  0xff;
>> +    cdb[4] = (len&  0xff);
>> +    return len;
>> +}
>> +
>> +/*
>> + * Encode lba and len into a READ_16/WRITE_16 CDB
>> + */
>> +static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
>> +                               uint32_t len, int is_write)
>> +{
>> +    memset(cdb, 0x0, 16);
>> +    if (is_write) {
>> +        cdb[0] = WRITE_16;
>> +    } else {
>> +        cdb[0] = READ_16;
>> +    }
>> +    cdb[2] = (lba>>  56)&  0xff;
>> +    cdb[3] = (lba>>  48)&  0xff;
>> +    cdb[4] = (lba>>  40)&  0xff;
>> +    cdb[5] = (lba>>  32)&  0xff;
>> +    cdb[6] = (lba>>  24)&  0xff;
>> +    cdb[7] = (lba>>  16)&  0xff;
>> +    cdb[8] = (lba>>  8)&  0xff;
>> +    cdb[9] = (lba)&  0xff;
>> +    cdb[10] = (len>>  24)&  0xff;
>> +    cdb[11] = (len>>  16)&  0xff;
>> +    cdb[12] = (len>>  8)&  0xff;
>> +    cdb[13] = (len)&  0xff;
>> +}
>> +
>> +/*
>> + * Utility functions
>> + */
>> +static uint64_t megasas_fw_time(void)
>> +{
>> +    struct tm curtime;
>> +    uint64_t bcd_time;
>> +
>> +    qemu_get_timedate(&curtime, 0);
>> +    bcd_time = ((uint64_t)curtime.tm_sec&  0xff)<<  48 |
>> +        ((uint64_t)curtime.tm_min&  0xff)<<  40 |
>> +        ((uint64_t)curtime.tm_hour&  0xff)<<  32 |
>> +        ((uint64_t)curtime.tm_mday&  0xff)<<  24 |
>> +        ((uint64_t)curtime.tm_mon&  0xff)<<  16 |
>> +        ((uint64_t)(curtime.tm_year + 1900)&  0xffff);
>> +
>> +    return bcd_time;
>> +}
>> +
>> +static uint64_t megasas_gen_sas_addr(uint64_t id)
>> +{
>> +    uint64_t addr;
>> +
>> +    addr = 0x5001a4aULL<<  36;
>> +    addr |= id&  0xfffffffff;
>> +
>> +    return addr;
>> +}
>> +
>> +/*
>> + * Frame handling
>> + */
>> +static int megasas_next_index(MPTState *s, int index, int limit)
>> +{
>> +    index++;
>> +    if (index == limit) {
>> +        index = 0;
>> +    }
>> +    return index;
>> +}
>> +
>> +static struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
>> +    target_phys_addr_t frame)
>> +{
>> +    struct megasas_cmd_t *cmd = NULL;
>> +    int num = 0, index;
>> +
>> +    index = s->reply_queue_head;
>> +
>> +    while (num<  s->fw_cmds) {
>> +        if (s->frames[index].pa&&  s->frames[index].pa == frame) {
>> +            cmd =&s->frames[index];
>> +            break;
>> +        }
>> +        index = megasas_next_index(s, index, s->fw_cmds);
>> +        num++;
>> +    }
>> +
>> +    return cmd;
>> +}
>> +
>> +static struct megasas_cmd_t *megasas_next_frame(MPTState *s,
>> +    target_phys_addr_t frame)
>> +{
>> +    struct megasas_cmd_t *cmd = NULL;
>> +    int num = 0, index;
>> +
>> +    cmd = megasas_lookup_frame(s, frame);
>> +    if (cmd) {
>> +        return cmd;
>> +    }
>> +    index = s->reply_queue_head;
>> +    num = 0;
>> +    while (num<  s->fw_cmds) {
>> +        if (!s->frames[index].pa) {
>> +            cmd =&s->frames[index];
>> +            break;
>> +        }
>> +        index = megasas_next_index(s, index, s->fw_cmds);
>> +        num++;
>> +    }
>> +    return cmd;
>> +}
>> +
>> +static struct megasas_cmd_t *megasas_enqueue_frame(MPTState *s,
>> +    target_phys_addr_t frame, uint64_t context, int count)
>> +{
>> +    struct megasas_cmd_t *cmd = NULL;
>> +    int frame_size = MFI_FRAME_SIZE * 16;
>> +    target_phys_addr_t frame_size_p = frame_size;
>> +
>> +    cmd = megasas_next_frame(s, frame);
>> +    /* All frames busy */
>> +    if (!cmd) {
>> +        return NULL;
>> +    }
>> +    if (!cmd->pa) {
>> +        cmd->pa = frame;
>> +        /* Map all possible frames */
>> +        cmd->frame = cpu_physical_memory_map(frame,&frame_size_p, 0);
>> +        if (frame_size_p != frame_size) {
>> +            if (cmd->frame) {
>> +                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
>> +                cmd->frame = NULL;
>> +                cmd->pa = 0;
>> +            }
>> +            s->event_count++;
>> +            return NULL;
>> +        }
>> +        cmd->pa_size = frame_size_p;
>> +        cmd->context = context;
>> +        if (!megasas_use_queue64(s)) {
>> +            cmd->context&= (uint64_t)0xFFFFFFFF;
>> +        }
>> +    }
>> +    cmd->count = count;
>> +    s->busy++;
>> +
>> +    return cmd;
>> +}
>> +
>> +static void megasas_complete_frame(MPTState *s, uint64_t context)
>> +{
>> +    int tail, queue_offset;
>> +
>> +    /* Decrement busy count */
>> +    s->busy--;
>> +
>> +    if (s->reply_queue_pa) {
>> +        /*
>> +         * Put command on the reply queue.
>> +         * Context is opaque, but emulation is running in
>> +         * little endian. So convert it.
>> +         */
>> +        tail = s->reply_queue_head;
>> +        if (megasas_use_queue64(s)) {
>> +            queue_offset = tail * sizeof(uint64_t);
>> +            stq_le_phys(s->reply_queue_pa + queue_offset, context);
>> +        } else {
>> +            queue_offset = tail * sizeof(uint32_t);
>> +            stl_le_phys(s->reply_queue_pa + queue_offset, context);
>> +        }
>> +
>> +        s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
>> +    }
>> +
>> +    if (megasas_intr_enabled(s)) {
>> +        /* Notify HBA */
>> +        s->doorbell++;
>> +        if (s->doorbell == 1) {
>> +            if (msix_enabled(&s->dev)) {
>> +                msix_notify(&s->dev, 0);
>> +            } else {
>> +                qemu_irq_raise(s->dev.irq[0]);
>> +            }
>> +        }
>> +    }
>> +}
>> +
>> +static void megasas_reset_frames(MPTState *s)
>> +{
>> +    int i;
>> +    struct megasas_cmd_t *cmd;
>> +
>> +    for (i = 0; i<  s->fw_cmds; i++) {
>> +        cmd =&s->frames[i];
>> +        if (cmd->pa) {
>> +            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
>> +            cmd->frame = NULL;
>> +            cmd->pa = 0;
>> +        }
>> +    }
>> +}
>> +
>> +static void megasas_abort_command(struct megasas_cmd_t *cmd)
>> +{
>> +    if (cmd->req) {
>> +        scsi_req_abort(cmd->req, ABORTED_COMMAND);
>> +        cmd->req = NULL;
>> +    }
>> +}
>> +
>> +static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint32_t pa_hi, pa_lo;
>> +    target_phys_addr_t iq_pa, initq_size;
>> +    struct mfi_init_qinfo *initq;
>> +    uint32_t flags;
>> +    int ret = MFI_STAT_OK;
>> +
>> +    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
>> +    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
>> +    iq_pa = (((uint64_t) pa_hi<<  32) | pa_lo);
>> +    initq_size = sizeof(*initq);
>> +    initq = cpu_physical_memory_map(iq_pa,&initq_size, 0);
>> +    if (!initq || initq_size != sizeof(*initq)) {
>> +        s->event_count++;
>> +        ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
>> +        goto out;
>> +    }
>> +    s->reply_queue_len = le32_to_cpu(initq->rq_entries)&  0xFFFF;
>> +    if (s->reply_queue_len>  s->fw_cmds) {
>> +        s->event_count++;
>> +        ret = MFI_STAT_INVALID_PARAMETER;
>> +        goto out;
>> +    }
>> +    pa_lo = le32_to_cpu(initq->rq_addr_lo);
>> +    pa_hi = le32_to_cpu(initq->rq_addr_hi);
>> +    s->reply_queue_pa = ((uint64_t) pa_hi<<  32) | pa_lo;
>> +    pa_lo = le32_to_cpu(initq->ci_addr_lo);
>> +    pa_hi = le32_to_cpu(initq->ci_addr_hi);
>> +    s->consumer_pa = ((uint64_t) pa_hi<<  32) | pa_lo;
>> +    pa_lo = le32_to_cpu(initq->pi_addr_lo);
>> +    pa_hi = le32_to_cpu(initq->pi_addr_hi);
>> +    s->producer_pa = ((uint64_t) pa_hi<<  32) | pa_lo;
>> +    s->reply_queue_head = ldl_le_phys(s->producer_pa);
>> +    s->reply_queue_tail = ldl_le_phys(s->consumer_pa);
>> +    flags = le32_to_cpu(initq->flags);
>> +    if (flags&  MFI_QUEUE_FLAG_CONTEXT64) {
>> +        s->flags |= MEGASAS_MASK_USE_QUEUE64;
>> +    }
>> +    megasas_reset_frames(s);
>> +    s->fw_state = MFI_FWSTATE_OPERATIONAL;
>> +out:
>> +    if (initq) {
>> +        cpu_physical_memory_unmap(initq, initq_size, 0, 0);
>> +    }
>> +    return ret;
>> +}
>> +
>> +static int megasas_map_dcmd(struct megasas_cmd_t *cmd)
>> +{
>> +    target_phys_addr_t iov_pa, iov_size;
>> +
>> +    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
>> +    if (!cmd->frame->header.sge_count) {
>> +        cmd->iov_size = 0;
>> +        cmd->iov_cnt = 0;
>> +        return 0;
>> +    } else if (cmd->frame->header.sge_count>  1) {
>> +        cmd->iov_size = 0;
>> +        cmd->iov_cnt = 0;
>> +        return -1;
>> +    }
>> +    iov_pa = megasas_sgl_get_addr(cmd,&cmd->frame->dcmd.sgl);
>> +    iov_size = megasas_sgl_get_len(cmd,&cmd->frame->dcmd.sgl);
>> +    cmd->iov[0].iov_len = iov_size;
>> +    cmd->iov[0].iov_base = cpu_physical_memory_map(iov_pa,&iov_size, 1);
>> +    if (cmd->iov[0].iov_len != iov_size) {
>> +        if (cmd->iov[0].iov_base) {
>> +            cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size, 1, 0);
>> +        }
>> +        cmd->iov_size = 0;
>> +        cmd->iov_cnt = 0;
>> +        return -1;
>> +    }
>> +    cmd->iov_cnt = 1;
>> +    cmd->iov_size = iov_size;
>> +    return cmd->iov_size;
>> +}
>> +
>> +static void megasas_finish_dcmd(struct megasas_cmd_t *cmd)
>> +{
>> +    uint32_t iov_size = cmd->iov[0].iov_len;
>> +
>> +    if (!cmd->iov_cnt) {
>> +        return;
>> +    }
>> +
>> +    cpu_physical_memory_unmap(cmd->iov[0].iov_base, iov_size,
>> +                              1, cmd->iov_size);
>> +
>> +    cmd->iov_cnt = 0;
>> +    if (iov_size>  cmd->iov_size) {
>> +        if (megasas_frame_is_ieee_sgl(cmd)) {
>> +            cmd->frame->dcmd.sgl.sg_skinny->len = cpu_to_le32(iov_size);
>> +        } else if (megasas_frame_is_sgl64(cmd)) {
>> +            cmd->frame->dcmd.sgl.sg64->len = cpu_to_le32(iov_size);
>> +        } else {
>> +            cmd->frame->dcmd.sgl.sg32->len = cpu_to_le32(iov_size);
>> +        }
>> +    }
>> +    cmd->iov_size = 0;
>> +    return;
>> +}
>> +
>> +static int megasas_ctrl_get_info(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_ctrl_info *info = cmd->iov[0].iov_base;
>> +    DeviceState *qdev;
>> +    int num_ld_disks = 0;
>> +
>> +    QTAILQ_FOREACH(qdev,&s->bus.qbus.children, sibling) {
>> +        num_ld_disks++;
>> +    }
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size<  sizeof(struct mfi_ctrl_info)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    info->pci.vendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
>> +    info->pci.device = cpu_to_le16(PCI_DEVICE_ID_LSI_SAS1078);
>> +    info->pci.subvendor = cpu_to_le16(PCI_VENDOR_ID_LSI_LOGIC);
>> +    info->pci.subdevice = cpu_to_le16(0x1013);
>> +
>> +    info->host.type = MFI_INFO_HOST_PCIX;
>> +    info->device.type = MFI_INFO_DEV_SAS3G;
>> +    info->device.port_count = 2;
>> +    info->device.port_addr[0] = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
>> +
>> +    memcpy(info->product_name, "MegaRAID SAS 8708EM2", 20);
>> +    snprintf(info->serial_number, 32, "QEMU%08lx",
>> +             (unsigned long)s&  0xFFFFFFFF);
>> +    snprintf(info->package_version, 0x60, "%s-QEMU", QEMU_VERSION);
>> +    memcpy(info->image_component[0].name, "APP", 8);
>> +    memcpy(info->image_component[0].version, MEGASAS_VERSION "-QEMU", 32);
>> +    memcpy(info->image_component[0].build_date, __DATE__, 16);
>> +    memcpy(info->image_component[0].build_time, __TIME__, 16);
>> +    info->image_component_count = 1;
>> +    info->current_fw_time = cpu_to_le32(megasas_fw_time());
>> +    info->max_arms = 32;
>> +    info->max_spans = 8;
>> +    info->max_arrays = MEGASAS_MAX_ARRAYS;
>> +    info->max_lds = s->fw_luns;
>> +    info->max_cmds = cpu_to_le16(s->fw_cmds);
>> +    info->max_sg_elements = cpu_to_le16(s->fw_sge);
>> +    info->max_request_size = cpu_to_le32(MEGASAS_MAX_SECTORS);
>> +    info->lds_present = cpu_to_le16(num_ld_disks);
>> +    info->pd_present = cpu_to_le16(num_ld_disks + 1);
>> +    info->pd_disks_present = cpu_to_le16(num_ld_disks);
>> +    info->hw_present = cpu_to_le32(MFI_INFO_HW_NVRAM |
>> +                                   MFI_INFO_HW_MEM |
>> +                                   MFI_INFO_HW_FLASH);
>> +    info->memory_size = cpu_to_le16(512);
>> +    info->nvram_size = cpu_to_le16(32);
>> +    info->flash_size = cpu_to_le16(16);
>> +    info->raid_levels = cpu_to_le32(MFI_INFO_RAID_0);
>> +    info->adapter_ops = cpu_to_le32(MFI_INFO_AOPS_RBLD_RATE |
>> +                                    MFI_INFO_AOPS_SELF_DIAGNOSTIC |
>> +                                    MFI_INFO_AOPS_MIXED_ARRAY);
>> +    info->ld_ops = cpu_to_le32(MFI_INFO_LDOPS_DISK_CACHE_POLICY |
>> +                               MFI_INFO_LDOPS_ACCESS_POLICY |
>> +                               MFI_INFO_LDOPS_IO_POLICY |
>> +                               MFI_INFO_LDOPS_WRITE_POLICY |
>> +                               MFI_INFO_LDOPS_READ_POLICY);
>> +    info->max_strips_per_io = cpu_to_le16(s->fw_sge);
>> +    info->stripe_sz_ops.min = 3;
>> +    info->stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
>> +    info->properties.pred_fail_poll_interval = cpu_to_le16(300);
>> +    info->properties.intr_throttle_cnt = cpu_to_le16(16);
>> +    info->properties.intr_throttle_timeout = cpu_to_le16(50);
>> +    info->properties.rebuild_rate = 30;
>> +    info->properties.patrol_read_rate = 30;
>> +    info->properties.bgi_rate = 30;
>> +    info->properties.cc_rate = 30;
>> +    info->properties.recon_rate = 30;
>> +    info->properties.cache_flush_interval = 4;
>> +    info->properties.spinup_drv_cnt = 2;
>> +    info->properties.spinup_delay = 6;
>> +    info->properties.ecc_bucket_size = 15;
>> +    info->properties.ecc_bucket_leak_rate = cpu_to_le16(1440);
>> +    info->properties.expose_encl_devices = 1;
>> +    info->properties.OnOffProperties.enableJBOD = 1;
>> +    info->pd_ops = cpu_to_le32(MFI_INFO_PDOPS_FORCE_ONLINE |
>> +                               MFI_INFO_PDOPS_FORCE_OFFLINE);
>> +    info->pd_mix_support = cpu_to_le32(MFI_INFO_PDMIX_SAS |
>> +                                       MFI_INFO_PDMIX_SATA |
>> +                                       MFI_INFO_PDMIX_LD);
>> +    cmd->iov_size = sizeof(struct mfi_ctrl_info);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_mfc_get_defaults(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_defaults *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size<  sizeof(struct mfi_defaults)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    info->sas_addr = cpu_to_le64(megasas_gen_sas_addr((uint64_t)s));
>> +    info->stripe_size = 3;
>> +    info->flush_time = 4;
>> +    info->background_rate = 30;
>> +    info->allow_mix_in_enclosure = 1;
>> +    info->allow_mix_in_ld = 1;
>> +    info->direct_pd_mapping = 1;
>> +    /* Enable for BIOS support */
>> +    info->bios_enumerate_lds = 1;
>> +    info->disable_ctrl_r = 1;
>> +    info->expose_enclosure_devices = 1;
>> +    info->disable_preboot_cli = 1;
>> +    info->cluster_disable = 1;
>> +
>> +    cmd->iov_size = sizeof(struct mfi_defaults);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_get_bios_info(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_bios_data *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size<  sizeof(struct mfi_bios_data)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +    info->continue_on_error = 1;
>> +    info->verbose = 1;
>> +    if (megasas_is_jbod(s)) {
>> +        info->expose_all_drives = 1;
>> +    }
>> +
>> +    cmd->iov_size = sizeof(struct mfi_bios_data);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_get_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint64_t fw_time;
>> +
>> +    fw_time = cpu_to_le64(megasas_fw_time());
>> +
>> +    memcpy(cmd->iov[0].iov_base,&fw_time, sizeof(fw_time));
>> +    cmd->iov_size = sizeof(fw_time);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_set_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint64_t fw_time;
>> +
>> +    /* This is a dummy; setting of firmware time is not allowed */
>> +    memset(cmd->iov[0].iov_base, 0x0, cmd->iov_size);
>> +    memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
>> +
>> +    fw_time = cpu_to_le64(megasas_fw_time());
>> +    memcpy(cmd->iov[0].iov_base,&fw_time, sizeof(fw_time));
>> +    cmd->iov_size = sizeof(fw_time);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_event_info(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_evt_log_state *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +
>> +    info->newest_seq_num = cpu_to_le32(s->event_count);
>> +    info->shutdown_seq_num = cpu_to_le32(s->shutdown_event);
>> +    info->boot_seq_num = cpu_to_le32(s->boot_event);
>> +
>> +    cmd->iov_size = sizeof(struct mfi_evt_log_state);
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_event_wait(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    union mfi_evt event;
>> +
>> +    if (cmd->iov_size<  sizeof(struct mfi_evt_detail)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +    s->event_count = cpu_to_le32(cmd->frame->dcmd.mbox[0]);
>> +    event.word = cpu_to_le32(cmd->frame->dcmd.mbox[4]);
>> +    s->event_locale = event.members.locale;
>> +    s->event_class = event.members.class;
>> +    s->event_cmd = cmd;
>> +    /* Decrease busy count; event frame doesn't count here */
>> +    s->busy--;
>> +    cmd->iov_size = sizeof(struct mfi_evt_detail);
>> +    return MFI_STAT_INVALID_STATUS;
>> +}
>> +
>> +static int megasas_dcmd_pd_get_list(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_pd_list *info = cmd->iov[0].iov_base;
>> +    DeviceState *qdev;
>> +    uint32_t offset, num_pd_disks = 0, max_luns;
>> +    uint16_t dev_id;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    offset = 8;
>> +    if (cmd->iov_size<  (offset + sizeof(struct mfi_pd_address))) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    max_luns = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
>> +    if (max_luns>  s->fw_luns) {
>> +        max_luns = s->fw_luns;
>> +    }
>> +
>> +    QTAILQ_FOREACH(qdev,&s->bus.qbus.children, sibling) {
>> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
>> +
>> +        dev_id = sdev->id;
>> +        info->addr[num_pd_disks].device_id = cpu_to_le16(dev_id);
>> +        info->addr[num_pd_disks].encl_device_id = cpu_to_le16(dev_id);
>> +        info->addr[num_pd_disks].sas_addr[0] =
>> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
>> +        num_pd_disks++;
>> +        offset += sizeof(struct mfi_pd_address);
>> +    }
>> +
>> +    info->size = cpu_to_le32(offset);
>> +    info->count = cpu_to_le32(num_pd_disks);
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_pd_list_query(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint16_t flags;
>> +
>> +    /* mbox0 contains flags */
>> +    flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
>> +
>> +    if (flags == MR_PD_QUERY_TYPE_ALL || megasas_is_jbod(s)) {
>> +        return megasas_dcmd_pd_get_list(s, cmd);
>> +    }
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_pd_get_info_submit(SCSIDevice *sdev, int lun,
>> +                                      struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
>> +    uint8_t cmdbuf[6];
>> +    SCSIRequest *req;
>> +    size_t len;
>> +
>> +    if (info->inquiry_data[4] == 0) {
>> +        /* Additional length is zero, resubmit */
>> +        megasas_setup_inquiry(cmdbuf, 0, info->inquiry_data,
>> +                              sizeof(info->inquiry_data));
>> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
>> +        if (!req) {
>> +            return MFI_STAT_FLASH_ALLOC_FAIL;
>> +        }
>> +        len = scsi_req_enqueue(req);
>> +        if (len>  0) {
>> +            cmd->iov_size = len;
>> +            scsi_req_continue(req);
>> +        }
>> +        return MFI_STAT_INVALID_STATUS;
>> +    } else if (info->vpd_page83[3] == 0) {
>> +        /* Additional length is zero, resubmit */
>> +        megasas_setup_inquiry(cmdbuf, 0x83, (uint8_t *)info->vpd_page83,
>> +                              sizeof(info->vpd_page83));
>> +        req = scsi_req_new(sdev, cmd->index, lun, cmdbuf, cmd);
>> +        if (!req) {
>> +            return MFI_STAT_FLASH_ALLOC_FAIL;
>> +        }
>> +        len = scsi_req_enqueue(req);
>> +        if (len>  0) {
>> +            cmd->iov_size = len;
>> +            scsi_req_continue(req);
>> +        }
>> +        return MFI_STAT_INVALID_STATUS;
>> +    }
>> +
>> +    /* Finished, set FW state */
>> +    if (megasas_is_jbod(cmd->state)) {
>> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_SYSTEM);
>> +    } else {
>> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_ONLINE);
>> +    }
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_pd_get_info(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_pd_info *info = cmd->iov[0].iov_base;
>> +    uint64_t pd_size;
>> +    uint16_t pd_id;
>> +    SCSIDevice *sdev = NULL;
>> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    if (cmd->iov_size<  sizeof(struct mfi_pd_info)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    /* mbox0 has the ID */
>> +    pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
>> +    sdev = scsi_device_find(&s->bus, 0, pd_id, 0);
>> +
>> +    if (sdev) {
>> +        BlockConf *conf =&sdev->conf;
>> +
>> +        info->ref.v.device_id = pd_id;
>> +        info->state.ddf.v.pd_type.in_vd = 1;
>> +        info->state.ddf.v.pd_type.intf = 0x2;
>> +        bdrv_get_geometry(conf->bs,&pd_size);
>> +        info->raw_size = cpu_to_le64(pd_size);
>> +        info->non_coerced_size = cpu_to_le64(pd_size);
>> +        info->coerced_size = cpu_to_le64(pd_size);
>> +        info->fw_state = cpu_to_le16(MFI_PD_STATE_OFFLINE);
>> +        info->path_info.count = 1;
>> +        info->path_info.sas_addr[0] =
>> +            cpu_to_le64(megasas_gen_sas_addr((uint64_t)sdev));
>> +        /* Submit inquiry */
>> +        retval = megasas_pd_get_info_submit(sdev, pd_id, cmd);
>> +    }
>> +
>> +    return retval;
>> +}
>> +
>> +static int megasas_dcmd_ld_get_list(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_ld_list *info = cmd->iov[0].iov_base;
>> +    uint32_t num_ld_disks = 0, max_ld_disks = s->fw_luns;
>> +    uint64_t ld_size;
>> +    int offset;
>> +    DeviceState *qdev;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    if (cmd->iov_size<  sizeof(struct mfi_ld_list)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    if (megasas_is_jbod(s)) {
>> +        max_ld_disks = 0;
>> +    }
>> +    QTAILQ_FOREACH(qdev,&s->bus.qbus.children, sibling) {
>> +        SCSIDevice *sdev = DO_UPCAST(SCSIDevice, qdev, qdev);
>> +        BlockConf *conf =&sdev->conf;
>> +
>> +        if (num_ld_disks>= max_ld_disks)
>> +            break;
>> +        bdrv_get_geometry(conf->bs,&ld_size);
>> +        ld_size *= 512;
>> +        info->ld_list[num_ld_disks].ld.v.target_id = sdev->id;
>> +        info->ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
>> +        info->ld_list[num_ld_disks].size = cpu_to_le64(ld_size);
>> +        num_ld_disks++;
>> +        offset += 18;
>> +    }
>> +    info->ld_count = cpu_to_le32(num_ld_disks);
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_ld_get_info_submit(SCSIDevice *sdev, int lun,
>> +                                      struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
>> +    uint8_t cdb[6];
>> +    SCSIRequest *req;
>> +    ssize_t len;
>> +
>> +    if (info->vpd_page83[3] == 0) {
>> +        megasas_setup_inquiry(cdb, 0x83, (uint8_t *)info->vpd_page83,
>> +                              sizeof(info->vpd_page83));
>> +        req = scsi_req_new(sdev, cmd->index, lun, cdb, cmd);
>> +        if (!req) {
>> +            return MFI_STAT_FLASH_ALLOC_FAIL;
>> +        }
>> +        len = scsi_req_enqueue(req);
>> +        if (len>  0) {
>> +            cmd->iov_size = len;
>> +            scsi_req_continue(req);
>> +        }
>> +        return MFI_STAT_INVALID_STATUS;
>> +    }
>> +    info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_ld_get_info(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_ld_info *info = cmd->iov[0].iov_base;
>> +    uint64_t ld_size;
>> +    uint16_t ld_id;
>> +    uint32_t max_ld_disks = s->fw_luns;
>> +    SCSIDevice *sdev = NULL;
>> +    int retval = MFI_STAT_DEVICE_NOT_FOUND;
>> +
>> +    memset(info, 0, cmd->iov_size);
>> +    if (cmd->iov_size<  sizeof(struct mfi_ld_info)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +
>> +    /* mbox0 has the ID */
>> +    ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
>> +
>> +    if (megasas_is_jbod(s)) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (ld_id<  max_ld_disks) {
>> +        sdev = scsi_device_find(&s->bus, 0, ld_id, 0);
>> +    }
>> +
>> +    if (sdev) {
>> +        BlockConf *conf =&sdev->conf;
>> +
>> +        info->ld_config.properties.ld.v.target_id = ld_id;
>> +        info->ld_config.params.stripe_size = 3;
>> +        info->ld_config.params.num_drives = 1;
>> +        info->ld_config.params.state = MFI_LD_STATE_OFFLINE;
>> +        info->ld_config.params.is_consistent = 1;
>> +        bdrv_get_geometry(conf->bs,&ld_size);
>> +        ld_size *= 512;
>> +        info->size = cpu_to_le64(ld_size);
>> +        retval = megasas_ld_get_info_submit(sdev, ld_id, cmd);
>> +    }
>> +
>> +    return retval;
>> +}
>> +
>> +static int megasas_dcmd_get_properties(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    struct mfi_ctrl_props *info = cmd->iov[0].iov_base;
>> +
>> +    memset(info, 0x0, cmd->iov_size);
>> +    if (cmd->iov_size<  sizeof(struct mfi_ctrl_props)) {
>> +        return MFI_STAT_INVALID_PARAMETER;
>> +    }
>> +    info->pred_fail_poll_interval = cpu_to_le16(300);
>> +    info->intr_throttle_cnt = cpu_to_le16(16);
>> +    info->intr_throttle_timeout = cpu_to_le16(50);
>> +    info->rebuild_rate = 30;
>> +    info->patrol_read_rate = 30;
>> +    info->bgi_rate = 30;
>> +    info->cc_rate = 30;
>> +    info->recon_rate = 30;
>> +    info->cache_flush_interval = 4;
>> +    info->spinup_drv_cnt = 2;
>> +    info->spinup_delay = 6;
>> +    info->ecc_bucket_size = 15;
>> +    info->ecc_bucket_leak_rate = cpu_to_le16(1440);
>> +    info->expose_encl_devices = 1;
>> +
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_cache_flush(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    qemu_aio_flush();
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_ctrl_shutdown(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    s->fw_state = MFI_FWSTATE_READY;
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_cluster_reset_ld(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    return MFI_STAT_INVALID_DCMD;
>> +}
>> +
>> +static int megasas_dcmd_set_properties(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static int megasas_dcmd_dummy(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    if (cmd->iov_size) {
>> +        memset(cmd->iov[0].iov_base, 0, cmd->iov_size);
>> +    }
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static const struct dcmd_cmd_tbl_t {
>> +    int opcode;
>> +    int (*func)(MPTState *s, struct megasas_cmd_t *cmd);
>> +} dcmd_cmd_tbl[] = {
>> +    { MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_GET_INFO, megasas_ctrl_get_info },
>> +    { MFI_DCMD_CTRL_GET_PROPERTIES, megasas_dcmd_get_properties },
>> +    { MFI_DCMD_CTRL_SET_PROPERTIES, megasas_dcmd_set_properties },
>> +    { MFI_DCMD_CTRL_ALARM_GET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_ENABLE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_DISABLE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_SILENCE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_ALARM_TEST, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_EVENT_GETINFO, megasas_event_info },
>> +    { MFI_DCMD_CTRL_EVENT_GET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_EVENT_WAIT, megasas_event_wait },
>> +    { MFI_DCMD_CTRL_SHUTDOWN, megasas_ctrl_shutdown },
>> +    { MFI_DCMD_HIBERNATE_STANDBY, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_GET_TIME, megasas_dcmd_get_fw_time },
>> +    { MFI_DCMD_CTRL_SET_TIME, megasas_dcmd_set_fw_time },
>> +    { MFI_DCMD_CTRL_BIOS_DATA_GET, megasas_dcmd_get_bios_info },
>> +    { MFI_DCMD_CTRL_FACTORY_DEFAULTS, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_GET, megasas_mfc_get_defaults },
>> +    { MFI_DCMD_CTRL_MFC_DEFAULTS_SET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CTRL_CACHE_FLUSH, megasas_cache_flush },
>> +    { MFI_DCMD_PD_GET_LIST, megasas_dcmd_pd_get_list },
>> +    { MFI_DCMD_PD_LIST_QUERY, megasas_dcmd_pd_list_query },
>> +    { MFI_DCMD_PD_GET_INFO, megasas_dcmd_pd_get_info },
>> +    { MFI_DCMD_PD_STATE_SET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_PD_REBUILD, megasas_dcmd_dummy },
>> +    { MFI_DCMD_PD_BLINK, megasas_dcmd_dummy },
>> +    { MFI_DCMD_PD_UNBLINK, megasas_dcmd_dummy },
>> +    { MFI_DCMD_LD_GET_LIST, megasas_dcmd_ld_get_list},
>> +    { MFI_DCMD_LD_GET_INFO, megasas_dcmd_ld_get_info },
>> +    { MFI_DCMD_LD_GET_PROP, megasas_dcmd_dummy },
>> +    { MFI_DCMD_LD_SET_PROP, megasas_dcmd_dummy },
>> +    { MFI_DCMD_LD_DELETE, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_READ, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_ADD, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_CLEAR, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_FOREIGN_READ, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CFG_FOREIGN_IMPORT, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_STATUS, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_CAPACITY_INFO, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_DESIGN_INFO, megasas_dcmd_dummy },
>> +    { MFI_DCMD_BBU_PROP_GET, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CLUSTER, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CLUSTER_RESET_ALL, megasas_dcmd_dummy },
>> +    { MFI_DCMD_CLUSTER_RESET_LD, megasas_cluster_reset_ld },
>> +    { -1, NULL }
>> +};
>> +
>> +static int megasas_handle_dcmd(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    int opcode, len;
>> +    int retval = 0;
>> +    const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
>> +
>> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
>> +    len = megasas_map_dcmd(cmd);
>> +    if (len<  0) {
>> +        return MFI_STAT_MEMORY_NOT_AVAILABLE;
>> +    }
>> +    while (cmdptr->opcode != -1&&  cmdptr->opcode != opcode) {
>> +        cmdptr++;
>> +    }
>> +    if (cmdptr->opcode == -1) {
>> +        retval = megasas_dcmd_dummy(s, cmd);
>> +    } else {
>> +        retval = cmdptr->func(s, cmd);
>> +    }
>> +    if (retval != MFI_STAT_INVALID_STATUS) {
>> +        megasas_finish_dcmd(cmd);
>> +    }
>> +    return retval;
>> +}
>> +
>> +static int megasas_finish_internal_dcmd(struct megasas_cmd_t *cmd,
>> +                                        SCSIRequest *req)
>> +{
>> +    int opcode;
>> +    int retval = MFI_STAT_OK;
>> +    int lun = req->lun;
>> +
>> +    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
>> +    scsi_req_unref(req);
>> +    switch (opcode) {
>> +    case MFI_DCMD_PD_GET_INFO:
>> +        retval = megasas_pd_get_info_submit(req->dev, lun, cmd);
>> +        break;
>> +    case MFI_DCMD_LD_GET_INFO:
>> +        retval = megasas_ld_get_info_submit(req->dev, lun, cmd);
>> +        break;
>> +    default:
>> +        retval = MFI_STAT_INVALID_DCMD;
>> +        break;
>> +    }
>> +    if (retval != MFI_STAT_INVALID_STATUS) {
>> +        megasas_finish_dcmd(cmd);
>> +    }
>> +    return retval;
>> +}
>> +
>> +static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd,
>> +                               int is_logical)
>> +{
>> +    uint8_t *cdb;
>> +    int len;
>> +    struct SCSIDevice *sdev = NULL;
>> +
>> +    cdb = cmd->frame->pass.cdb;
>> +
>> +    if (cmd->frame->header.target_id<  s->fw_luns) {
>> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
>> +                                cmd->frame->header.lun_id);
>> +    }
>> +    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
>> +
>> +    if (!sdev || (megasas_is_jbod(s)&&  is_logical)) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (cmd->frame->header.cdb_len>  16) {
>> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    if (megasas_map_sgl(cmd,&cmd->frame->pass.sgl)) {
>> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    cmd->req = scsi_req_new(sdev, cmd->index,
>> +                            cmd->frame->header.lun_id, cdb, cmd);
>> +    if (!cmd->req) {
>> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
>> +        cmd->frame->header.scsi_status = BUSY;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    len = scsi_req_enqueue(cmd->req);
>> +    if (len>  0) {
>> +        if (len<  cmd->iov_size) {
>> +            cmd->iov_size = len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    } else if (len<  0) {
>> +        if (-len<  cmd->iov_size) {
>> +            cmd->iov_size = -len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    }
>
> Shorter:
>
> if (len<  0) {
>      len = -len;
> }
>
> if (len) {
>      cmd->iov_size = MIN(len, cmd->iov_size);
>      scsi_req_continue(cmd->req);
> }
>
>
>> +            cmd->iov_size = -len;
>> +        }
>
>> +    return MFI_STAT_INVALID_STATUS;
>> +}
>> +
>> +static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint32_t lba_count, lba_start_hi, lba_start_lo;
>> +    uint64_t lba_start;
>> +    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
>> +    uint8_t cdb[16];
>> +    int len;
>> +    struct SCSIDevice *sdev = NULL;
>> +
>> +    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
>> +    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
>> +    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
>> +    lba_start = ((uint64_t)lba_start_hi<<  32) | lba_start_lo;
>> +
>> +    if (cmd->frame->header.target_id<  s->fw_luns) {
>> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
>> +                                cmd->frame->header.lun_id);
>> +    }
>> +
>> +    if (!sdev) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (cmd->frame->header.cdb_len>  16) {
>> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    cmd->iov_size = lba_count * sdev->blocksize;
>> +    if (megasas_map_sgl(cmd,&cmd->frame->io.sgl)) {
>> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    megasas_encode_lba(cdb, lba_start, lba_count, write);
>> +    cmd->req = scsi_req_new(sdev, cmd->index,
>> +                            cmd->frame->header.lun_id, cdb, cmd);
>> +    if (!cmd->req) {
>> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
>> +        cmd->frame->header.scsi_status = BUSY;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    len = scsi_req_enqueue(cmd->req);
>> +    if (len>  0) {
>> +        if (len<  cmd->iov_size) {
>> +            cmd->iov_size = len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    } else if (len<  0) {
>> +        if (-len<  cmd->iov_size) {
>> +            cmd->iov_size = -len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    }
>> +    return MFI_STAT_INVALID_STATUS;
>
> code duplicated from above. make it a function?
>
>> +}
>> +
>> +static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
>> +                                           SCSIRequest *req)
>> +{
>> +    int retval = MFI_STAT_INVALID_CMD;
>> +
>> +    if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
>> +            retval = megasas_finish_internal_dcmd(cmd, req);
>> +    }
>> +    return retval;
>> +}
>> +
>> +static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +    uint8_t *buf;
>> +
>> +    if (len) {
>> +        int is_write = megasas_frame_is_write(cmd);
>> +        size_t bytes;
>> +
>> +        buf = scsi_req_get_buf(req);
>> +        if (is_write) {
>> +            bytes = iov_to_buf(cmd->iov, cmd->iov_cnt, buf,
>> +                               cmd->iov_offset, len);
>> +            if (bytes != len) {
>> +                len = bytes;
>> +            }
>
> as len is unused below this is dead code?
>
>> +            cmd->iov_offset += bytes;
>> +        } else {
>> +            bytes = iov_from_buf(cmd->iov, cmd->iov_cnt, buf,
>> +                                 cmd->iov_offset, len);
>> +            if (bytes != len) {
>> +                len = bytes;
>> +            }
>
> as len is unused below this is dead code?
>
>> +            cmd->iov_offset += bytes;
>> +        }
>> +    }
>
> so do we discard 0 length or continue?
> previous functions discard this one continues.
> Intentional?
>
>> +    scsi_req_continue(req);
>> +}
>> +
>> +static void megasas_command_complete(SCSIRequest *req, uint32_t status)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +    uint8_t cmd_status = MFI_STAT_OK;
>> +
>> +    if (cmd->req != req) {
>> +        /*
>> +         * Internal command complete
>> +         */
>> +        cmd_status = megasas_finish_internal_command(cmd, req);
>> +        if (cmd_status == MFI_STAT_INVALID_STATUS) {
>> +            return;
>> +        }
>> +    } else {
>> +        req->status = status;
>> +        if (req->status != GOOD) {
>> +            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +        }
>> +        if (req->status == CHECK_CONDITION) {
>> +            megasas_copy_sense(cmd);
>> +        }
>> +
>> +        megasas_unmap_sgl(cmd);
>> +        cmd->frame->header.scsi_status = req->status;
>> +        scsi_req_unref(cmd->req);
>> +        cmd->req = NULL;
>> +    }
>> +    cmd->frame->header.cmd_status = cmd_status;
>> +    megasas_complete_frame(cmd->state, cmd->context);
>> +}
>> +
>> +static void megasas_command_cancel(SCSIRequest *req)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +
>> +    if (cmd) {
>> +        megasas_abort_command(cmd);
>> +    } else {
>> +        scsi_req_unref(req);
>> +    }
>> +    return;
>
> return here is useless
>
>> +}
>> +
>> +static int megasas_handle_abort(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint64_t abort_ctx = le64_to_cpu(cmd->frame->abort.abort_context);
>> +    target_phys_addr_t abort_addr, addr_hi, addr_lo;
>> +    struct megasas_cmd_t *abort_cmd;
>> +
>> +    addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
>> +    addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
>> +    abort_addr = ((uint64_t)addr_hi<<  32) | addr_lo;
>> +
>> +    abort_cmd = megasas_lookup_frame(s, abort_addr);
>> +    if (!abort_cmd) {
>> +        s->event_count++;
>> +        return MFI_STAT_OK;
>> +    }
>> +    if (!megasas_use_queue64(s)) {
>> +        abort_ctx&= (uint64_t)0xFFFFFFFF;
>> +    }
>> +    if (abort_cmd->context != abort_ctx) {
>> +        s->event_count++;
>> +        return MFI_STAT_ABORT_NOT_POSSIBLE;
>> +    }
>> +    megasas_abort_command(abort_cmd);
>> +    if (!s->event_cmd || abort_cmd != s->event_cmd) {
>> +        s->event_cmd = NULL;
>> +    }
>> +    s->event_count++;
>> +    return MFI_STAT_OK;
>> +}
>> +
>> +static void megasas_handle_frame(MPTState *s, uint64_t frame_addr,
>> +                                 uint32_t frame_count)
>> +{
>> +    uint8_t frame_status = MFI_STAT_INVALID_CMD;
>> +    uint64_t frame_context;
>> +    struct megasas_cmd_t *cmd;
>> +
>> +    /*
>> +     * Always read 64bit context, top bits will be
>> +     * masked out if required in megasas_enqueue_frame()
>> +     */
>> +    frame_context = megasas_frame_get_context(frame_addr);
>> +
>> +    cmd = megasas_enqueue_frame(s, frame_addr, frame_context, frame_count);
>> +    if (!cmd) {
>> +        /* reply queue full */
>> +        megasas_frame_set_scsi_status(frame_addr, BUSY);
>> +        megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
>> +        megasas_complete_frame(s, frame_context);
>> +        s->event_count++;
>> +        return;
>> +    }
>> +    switch (cmd->frame->header.frame_cmd) {
>> +    case MFI_CMD_INIT:
>> +        frame_status = megasas_init_firmware(s, cmd);
>> +        break;
>> +    case MFI_CMD_DCMD:
>> +        frame_status = megasas_handle_dcmd(s, cmd);
>> +        break;
>> +    case MFI_CMD_ABORT:
>> +        frame_status = megasas_handle_abort(s, cmd);
>> +        break;
>> +    case MFI_CMD_PD_SCSI_IO:
>> +        frame_status = megasas_handle_scsi(s, cmd, 0);
>> +        break;
>> +    case MFI_CMD_LD_SCSI_IO:
>> +        frame_status = megasas_handle_scsi(s, cmd, 1);
>> +        break;
>> +    case MFI_CMD_LD_READ:
>> +    case MFI_CMD_LD_WRITE:
>> +        frame_status = megasas_handle_io(s, cmd);
>> +        break;
>> +    default:
>> +        s->event_count++;
>> +        break;
>> +    }
>> +    if (frame_status != MFI_STAT_INVALID_STATUS) {
>> +        if (cmd->frame) {
>> +            cmd->frame->header.cmd_status = frame_status;
>> +        } else {
>> +            megasas_frame_set_cmd_status(frame_addr, frame_status);
>> +        }
>> +        megasas_complete_frame(s, cmd->context);
>> +    }
>> +}
>> +
>> +static uint64_t megasas_mmio_read(void *opaque, target_phys_addr_t addr,
>> +                                  unsigned size)
>> +{
>> +    MPTState *s = opaque;
>> +    uint32_t retval = 0;
>> +
>> +    switch (addr) {
>> +    case MFI_IDB:
>> +        retval = 0;
>> +        break;
>> +    case MFI_OMSG0:
>> +    case MFI_OSP0:
>> +        retval = (megasas_use_msix(s) ? MFI_FWSTATE_MSIX_SUPPORTED : 0) |
>> +            (s->fw_state&  MFI_FWSTATE_MASK) |
>> +            ((s->fw_sge&  0xff)<<  16) |
>> +            (s->fw_cmds&  0xFFFF);
>> +        break;
>> +    case MFI_OSTS:
>> +        if (megasas_intr_enabled(s)&&  s->doorbell) {
>> +            retval = MFI_1078_RM | 1;
>> +        }
>> +        break;
>> +    case MFI_OMSK:
>> +        retval = s->intr_mask;
>> +        break;
>> +    case MFI_ODCR0:
>> +        retval = s->doorbell;
>> +        break;
>> +    default:
>> +        break;
>> +    }
>> +    return retval;
>> +}
>> +
>> +static void megasas_mmio_write(void *opaque, target_phys_addr_t addr,
>> +                               uint64_t val, unsigned size)
>> +{
>> +    MPTState *s = opaque;
>> +    uint64_t frame_addr;
>> +    uint32_t frame_count;
>> +    int i;
>> +
>> +    switch (addr) {
>> +    case MFI_IDB:
>> +        if (val&  MFI_FWINIT_ABORT) {
>> +            /* Abort all pending cmds */
>> +            for (i = 0; i<  s->fw_cmds; i++) {
>> +                megasas_abort_command(&s->frames[i]);
>> +            }
>> +        }
>> +        if (val&  MFI_FWINIT_READY) {
>> +            /* move to FW READY */
>> +            megasas_soft_reset(s);
>> +        }
>> +        if (val&  MFI_FWINIT_MFIMODE) {
>> +            /* discard MFIs */
>> +        }
>> +        break;
>> +    case MFI_OMSK:
>> +        s->intr_mask = val;
>> +        if (!megasas_intr_enabled(s)&&  !msix_enabled(&s->dev)) {
>> +            qemu_irq_lower(s->dev.irq[0]);
>> +        }
>> +        break;
>> +    case MFI_ODCR0:
>> +        s->doorbell = 0;
>> +        if (s->producer_pa&&  megasas_intr_enabled(s)) {
>> +            /* Update reply queue pointer */
>> +            stl_le_phys(s->producer_pa, s->reply_queue_head);
>> +            if (!msix_enabled(&s->dev)) {
>> +                qemu_irq_lower(s->dev.irq[0]);
>> +            }
>> +        }
>> +        break;
>> +    case MFI_IQPH:
>> +        /* Received high 32 bits of a 64 bit MFI frame address */
>> +        s->frame_hi = val;
>> +        break;
>> +    case MFI_IQPL:
>> +        /* Received low 32 bits of a 64 bit MFI frame address */
>> +    case MFI_IQP:
>> +        /* Received 32 bit MFI frame address */
>> +        frame_addr = (val&  ~0x1F);
>> +        /* Add possible 64 bit offset */
>> +        frame_addr |= ((uint64_t)s->frame_hi<<  32);
>> +        s->frame_hi = 0;
>> +        frame_count = (val>>  1)&  0xF;
>> +        megasas_handle_frame(s, frame_addr, frame_count);
>> +        break;
>> +    default:
>> +        break;
>> +    }
>> +}
>> +
>> +static const MemoryRegionOps megasas_mmio_ops = {
>> +    .read = megasas_mmio_read,
>> +    .write = megasas_mmio_write,
>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>> +    .impl = {
>> +        .min_access_size = 4,
>> +        .max_access_size = 4,
>> +    }
>> +};
>> +
>> +static uint64_t megasas_port_read(void *opaque, target_phys_addr_t addr,
>> +                                  unsigned size)
>> +{
>> +    return megasas_mmio_read(opaque, addr&  0xff, size);
>> +}
>> +
>> +static void megasas_port_write(void *opaque, target_phys_addr_t addr,
>> +                               uint64_t val, unsigned size)
>> +{
>> +    megasas_mmio_write(opaque, addr&  0xff, val, size);
>> +}
>> +
>> +static const MemoryRegionOps megasas_port_ops = {
>> +    .read = megasas_port_read,
>> +    .write = megasas_port_write,
>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>> +    .impl = {
>> +        .min_access_size = 4,
>> +        .max_access_size = 4,
>> +    }
>> +};
>> +
>> +static uint64_t megasas_queue_read(void *opaque, target_phys_addr_t addr,
>> +                                   unsigned size)
>> +{
>> +    return 0;
>> +}
>> +
>> +static void megasas_queue_write(void *opaque, target_phys_addr_t addr,
>> +                                uint64_t val, unsigned size)
>> +{
>> +}
>> +
>> +static const MemoryRegionOps megasas_queue_ops = {
>> +    .read = megasas_queue_read,
>> +    .write = megasas_queue_write,
>> +    .endianness = DEVICE_LITTLE_ENDIAN,
>> +    .impl = {
>> +        .min_access_size = 4,
>> +        .max_access_size = 4,
>> +    }
>> +};
>> +
>> +static void megasas_soft_reset(MPTState *s)
>> +{
>> +    int i;
>> +    struct megasas_cmd_t *cmd;
>> +
>> +    for (i = 0; i<  s->fw_cmds; i++) {
>> +        cmd =&s->frames[i];
>> +        megasas_abort_command(cmd);
>> +    }
>> +    megasas_reset_frames(s);
>> +    s->reply_queue_len = s->fw_cmds;
>> +    s->reply_queue_pa = 0;
>> +    s->consumer_pa = 0;
>> +    s->producer_pa = 0;
>> +    s->fw_state = MFI_FWSTATE_READY;
>> +    s->doorbell = 0;
>> +    s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
>> +    s->frame_hi = 0;
>> +    s->flags&= ~MEGASAS_MASK_USE_QUEUE64;
>> +    s->event_count++;
>> +    s->boot_event = s->event_count;
>> +}
>> +
>> +static void megasas_scsi_reset(DeviceState *dev)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev.qdev, dev);
>> +
>> +    megasas_soft_reset(s);
>> +}
>> +
>> +static const VMStateDescription vmstate_megasas = {
>> +    .name = "megasas",
>> +    .version_id = 0,
>> +    .minimum_version_id = 0,
>> +    .minimum_version_id_old = 0,
>> +    .fields      = (VMStateField[]) {
>> +        VMSTATE_PCI_DEVICE(dev, MPTState),
>> +
>> +        VMSTATE_INT32(fw_state, MPTState),
>> +        VMSTATE_INT32(intr_mask, MPTState),
>> +        VMSTATE_INT32(doorbell, MPTState),
>> +        VMSTATE_UINT64(reply_queue_pa, MPTState),
>> +        VMSTATE_UINT64(consumer_pa, MPTState),
>> +        VMSTATE_UINT64(producer_pa, MPTState),
>> +        VMSTATE_END_OF_LIST()
>> +    }
>> +};
>> +
>> +static int megasas_scsi_uninit(PCIDevice *d)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev, d);
>
> You must also uinit msix.
> It is harmless to do this uncoditionally.
>
>
>> +
>> +    memory_region_destroy(&s->mmio_io);
>> +    memory_region_destroy(&s->port_io);
>> +    memory_region_destroy(&s->queue_io);
>> +    return 0;
>> +}
>> +
>> +static const struct SCSIBusInfo megasas_scsi_info = {
>> +    .tcq = true,
>> +    .max_target = MFI_MAX_LD,
>> +    .max_lun = 255,
>> +
>> +    .transfer_data = megasas_xfer_complete,
>> +    .complete = megasas_command_complete,
>> +    .cancel = megasas_command_cancel,
>> +};
>> +
>> +static int megasas_scsi_init(PCIDevice *dev)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev, dev);
>> +    uint8_t *pci_conf;
>> +    int i;
>> +
>> +    pci_conf = s->dev.config;
>> +
>> +    /* PCI latency timer = 0 */
>> +    pci_conf[PCI_LATENCY_TIMER] = 0;
>> +    /* Interrupt pin 1 */
>> +    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
>> +
>> +    memory_region_init_io(&s->mmio_io,&megasas_mmio_ops, s,
>> +                          "megasas-mmio", 0x4000);
>> +    memory_region_init_io(&s->port_io,&megasas_port_ops, s,
>> +                          "megasas-io", 256);
>> +    memory_region_init_io(&s->queue_io,&megasas_queue_ops, s,
>> +                          "megasas-queue", 0x40000);
>> +
>> +    if (megasas_use_msix(s)&&
>> +        msix_init(&s->dev, 15,&s->mmio_io, 0, 0x2000)) {
>> +        s->flags&= ~MEGASAS_MASK_USE_MSIX;
>
> You'd want an error message here. maybe even fail init.
>
>> +    }
>> +
>> +    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY,&s->mmio_io);
>> +    pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_IO,&s->port_io);
>> +    pci_register_bar(&s->dev, 3, PCI_BASE_ADDRESS_SPACE_MEMORY,&s->queue_io);
>> +
>> +    if (megasas_use_msix(s)) {
>> +        msix_vector_use(&s->dev, 0);
>
> You can do this unconditionally.  But I have a question: are you using a
> single vector? I note that you request 15 vectors from the OS.
> The vector allocator
>
>> +    }
>> +
>> +    if (s->fw_sge>= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
>> +        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
>> +    } else if (s->fw_sge>= 128 - MFI_PASS_FRAME_SIZE) {
>> +        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
>> +    } else {
>> +        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
>> +    }
>> +    if (s->fw_cmds>  MEGASAS_MAX_FRAMES) {
>> +        s->fw_cmds = MEGASAS_MAX_FRAMES;
>> +    }
>> +    if (s->raid_mode_str) {
>> +        if (!strcmp(s->raid_mode_str, "jbod")) {
>> +            s->flags |= MEGASAS_MASK_USE_JBOD;
>> +        } else {
>> +            s->flags&= ~MEGASAS_MASK_USE_JBOD;
>> +            s->raid_mode_str = (char *)megasas_raid_modes[0];
>> +        }
>
> validate mode value. Anything that is not raid or jbod
> should fail.
>
>> +    } else {
>> +        s->raid_mode_str = (char *)megasas_raid_modes[0];
>> +    }
>
> Don't cast, use consisten styles.
>
>> +    s->fw_luns = (MFI_MAX_LD>  MAX_SCSI_DEVS) ?
>> +        MAX_SCSI_DEVS : MFI_MAX_LD;
>> +    s->producer_pa = 0;
>> +    s->consumer_pa = 0;
>> +    for (i = 0; i<  s->fw_cmds; i++) {
>> +        s->frames[i].index = i;
>> +        s->frames[i].context = -1;
>> +        s->frames[i].pa = 0;
>> +        s->frames[i].state = s;
>> +    }
>> +
>> +    scsi_bus_new(&s->bus,&dev->qdev,&megasas_scsi_info);
>> +    scsi_bus_legacy_handle_cmdline(&s->bus);
>> +    return 0;
>> +}
>> +
>> +static Property megasas_properties[] = {
>> +    DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
>> +                       MEGASAS_DEFAULT_SGE),
>> +    DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
>> +                       MEGASAS_DEFAULT_FRAMES),
>> +    DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
>> +    DEFINE_PROP_BIT("use_msix", MPTState, flags,
>> +                    MEGASAS_FLAG_USE_MSIX, false),
>
> This is just a workaround for debugging, right?
> So either just remove all msix code for now,
> if 0 all msix code, or name property x-use_msix
>
>> +    DEFINE_PROP_END_OF_LIST(),
>> +};
>> +
>> +static void megasas_class_init(ObjectClass *oc, void *data)
>> +{
>> +    DeviceClass *dc = DEVICE_CLASS(oc);
>> +    PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
>> +
>> +    pc->init = megasas_scsi_init;
>> +    pc->exit = megasas_scsi_uninit;
>> +    pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
>> +    pc->device_id = PCI_DEVICE_ID_LSI_SAS1078;
>> +    pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
>> +    pc->subsystem_id = 0x1013;
>> +    pc->class_id = PCI_CLASS_STORAGE_RAID;
>> +    dc->props = megasas_properties;
>> +    dc->reset = megasas_scsi_reset;
>> +    dc->vmsd =&vmstate_megasas;
>> +    dc->desc = "LSI MegaRAID SAS 1078";
>> +}
>> +
>> +static TypeInfo megasas_info = {
>> +    .name  = "megasas",
>> +    .parent = TYPE_PCI_DEVICE,
>> +    .instance_size = sizeof(MPTState),
>> +    .class_init = megasas_class_init,
>> +};
>> +
>> +static void megaraid1078_register_types(void)
>> +{
>> +    type_register_static(&megasas_info);
>> +}
>> +
>> +type_init(megaraid1078_register_types);
>
>
> why not megasas_ ?
>
>> diff --git a/hw/mfi.h b/hw/mfi.h
>> new file mode 100644
>> index 0000000..4790c7c
>> --- /dev/null
>> +++ b/hw/mfi.h
>
> Sorry if this was discussed already, where is this
> code from? freebsd? it seems to have this:
> http://gitorious.org/freebsd/freebsd/blobs/HEAD/sys/dev/mfi/mfireg.h
> Want to name the file the same and add a link?
> This would be an explanation why we keep the
> file in a weird style incompatible with qemu.
>
> Still some things I think are better off fixed.
> Noted below.
>
>> @@ -0,0 +1,1281 @@
>> +/*-
>> + * Copyright (c) 2006 IronPort Systems
>> + * All rights reserved.
>> + *
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + * 1. Redistributions of source code must retain the above copyright
>> + *    notice, this list of conditions and the following disclaimer.
>> + * 2. Redistributions in binary form must reproduce the above copyright
>> + *    notice, this list of conditions and the following disclaimer in the
>> + *    documentation and/or other materials provided with the distribution.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
>> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
>> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
>> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
>> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>> + * SUCH DAMAGE.
>> + */
>> +/*-
>> + * Copyright (c) 2007 LSI Corp.
>> + * Copyright (c) 2007 Rajesh Prabhakaran.
>> + * All rights reserved.
>> + *
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + * 1. Redistributions of source code must retain the above copyright
>> + *    notice, this list of conditions and the following disclaimer.
>> + * 2. Redistributions in binary form must reproduce the above copyright
>> + *    notice, this list of conditions and the following disclaimer in the
>> + *    documentation and/or other materials provided with the distribution.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
>> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
>> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
>> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
>> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>> + * SUCH DAMAGE.
>> + */
>
> Why do we need two of these? They appear identical.
> Just combine all copyrights.
>
>> +
>> +#ifndef _MFI_H
>> +#define _MFI_H
>
> Don't start identifiers with a single _ followed
> by an upper case letter. MFI_REG_H would be a better name.
>
>> +
>> +/*
>> + * MegaRAID SAS MFI firmware definitions
>> + *
>> + * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a completely
>> + * new firmware interface from the old AMI MegaRAID one, and there is no
>> + * reason why this interface should be limited to just SAS.  In any case, LSI
>> + * seems to also call this interface 'MFI', so that will be used here.
>> + */
>
> *Which* driver name is misleading?
> I'd suggest droping this comment that argues with itself,
> and explaining what this header *is*. E.g. is the below right?
> /*
>    MFI is a common firmware interface used by MegaRAID
>    family of controllers by SAS and LSI
>   */
>> +
>> +/*
>> + * Start with the register set.
>>   All registers are 32 bits wide.
>> + * The usual Intel IOP style setup.
>> + */
>> +#define MFI_IMSG0 0x10    /* Inbound message 0 */
>> +#define MFI_IMSG1 0x14    /* Inbound message 1 */
>> +#define MFI_OMSG0 0x18    /* Outbound message 0 */
>> +#define MFI_OMSG1 0x1c    /* Outbound message 1 */
>> +#define MFI_IDB   0x20    /* Inbound doorbell */
>> +#define MFI_ISTS  0x24    /* Inbound interrupt status */
>> +#define MFI_IMSK  0x28    /* Inbound interrupt mask */
>> +#define MFI_ODB   0x2c    /* Outbound doorbell */
>> +#define MFI_OSTS  0x30    /* Outbound interrupt status */
>> +#define MFI_OMSK  0x34    /* Outbound interrupt mask */
>> +#define MFI_IQP   0x40    /* Inbound queue port */
>> +#define MFI_OQP   0x44    /* Outbound queue port */
>> +
>> +/*
>> + * 1078 specific related register
>> + */
>> +#define MFI_ODR0        0x9c            /* outbound doorbell register0 */
>> +#define MFI_ODCR0       0xa0            /* outbound doorbell clear register0  */
>> +#define MFI_OSP0        0xb0            /* outbound scratch pad0  */
>> +#define MFI_IQPL        0xc0            /* Inbound queue port (low bytes)  */
>> +#define MFI_IQPH        0xc4            /* Inbound queue port (high bytes)  */
>> +#define MFI_DIAG        0xf8            /* Host diag */
>> +#define MFI_SEQ         0xfc            /* Sequencer offset */
>> +#define MFI_1078_EIM    0x80000004      /* 1078 enable intrrupt mask  */
>> +#define MFI_RMI         0x2             /* reply message interrupt  */
>> +#define MFI_1078_RM     0x80000000      /* reply 1078 message interrupt  */
>> +#define MFI_ODC         0x4             /* outbound doorbell change interrupt */
>> +
>> +/*
>> + * gen2 specific changes
>> + */
>> +#define MFI_GEN2_EIM    0x00000005      /* gen2 enable interrupt mask */
>> +#define MFI_GEN2_RM     0x00000001      /* reply gen2 message interrupt */
>> +
>> +/*
>> + * skinny specific changes
>> + */
>> +#define MFI_SKINNY_IDB  0x00    /* Inbound doorbell is at 0x00 for skinny */
>> +#define MFI_SKINNY_RM   0x00000001      /* reply skinny message interrupt */
>> +
>> +/* Bits for MFI_OSTS */
>> +#define MFI_OSTS_INTR_VALID     0x00000002
>> +
>> +/*
>> + * Firmware state values.  Found in OMSG0 during initialization.
>> + */
>> +#define MFI_FWSTATE_MASK                0xf0000000
>> +#define MFI_FWSTATE_UNDEFINED           0x00000000
>> +#define MFI_FWSTATE_BB_INIT             0x10000000
>> +#define MFI_FWSTATE_FW_INIT             0x40000000
>> +#define MFI_FWSTATE_WAIT_HANDSHAKE      0x60000000
>> +#define MFI_FWSTATE_FW_INIT_2           0x70000000
>> +#define MFI_FWSTATE_DEVICE_SCAN         0x80000000
>> +#define MFI_FWSTATE_BOOT_MSG_PENDING    0x90000000
>> +#define MFI_FWSTATE_FLUSH_CACHE         0xa0000000
>> +#define MFI_FWSTATE_READY               0xb0000000
>> +#define MFI_FWSTATE_OPERATIONAL         0xc0000000
>> +#define MFI_FWSTATE_FAULT               0xf0000000
>> +#define MFI_FWSTATE_MAXSGL_MASK         0x00ff0000
>> +#define MFI_FWSTATE_MAXCMD_MASK         0x0000ffff
>> +#define MFI_FWSTATE_MSIX_SUPPORTED      0x04000000
>> +#define MFI_FWSTATE_HOSTMEMREQD_MASK    0x08000000
>> +
>> +/*
>> + * Control bits to drive the card to ready state.  These go into the IDB
>> + * register.
>> + */
>> +#define MFI_FWINIT_ABORT        0x00000001 /* Abort all pending commands */
>> +#define MFI_FWINIT_READY        0x00000002 /* Move from operational to ready */
>> +#define MFI_FWINIT_MFIMODE      0x00000004 /* unknown */
>> +#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE */
>> +#define MFI_FWINIT_HOTPLUG      0x00000010
>> +#define MFI_FWINIT_STOP_ADP     0x00000020 /* Move to operational, stop */
>> +#define MFI_FWINIT_ADP_RESET    0x00000040 /* Reset ADP */
>> +
>> +/* MFI Commands */
>> +typedef enum {
>> +    MFI_CMD_INIT = 0x00,
>> +    MFI_CMD_LD_READ,
>> +    MFI_CMD_LD_WRITE,
>> +    MFI_CMD_LD_SCSI_IO,
>> +    MFI_CMD_PD_SCSI_IO,
>> +    MFI_CMD_DCMD,
>> +    MFI_CMD_ABORT,
>> +    MFI_CMD_SMP,
>> +    MFI_CMD_STP
>> +} mfi_cmd_t ;
>
> space before ;, here and elsewhere.
>
>
>> +
>> +/* Direct commands */
>> +typedef enum {
>> +    MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =  0x0100e100,
>> +    MFI_DCMD_CTRL_GET_INFO =            0x01010000,
>> +    MFI_DCMD_CTRL_GET_PROPERTIES =      0x01020100,
>> +    MFI_DCMD_CTRL_SET_PROPERTIES =      0x01020200,
>> +    MFI_DCMD_CTRL_ALARM =               0x01030000,
>> +    MFI_DCMD_CTRL_ALARM_GET =           0x01030100,
>> +    MFI_DCMD_CTRL_ALARM_ENABLE =        0x01030200,
>> +    MFI_DCMD_CTRL_ALARM_DISABLE =       0x01030300,
>> +    MFI_DCMD_CTRL_ALARM_SILENCE =       0x01030400,
>> +    MFI_DCMD_CTRL_ALARM_TEST =          0x01030500,
>> +    MFI_DCMD_CTRL_EVENT_GETINFO =       0x01040100,
>> +    MFI_DCMD_CTRL_EVENT_CLEAR =         0x01040200,
>> +    MFI_DCMD_CTRL_EVENT_GET =           0x01040300,
>> +    MFI_DCMD_CTRL_EVENT_COUNT =         0x01040400,
>> +    MFI_DCMD_CTRL_EVENT_WAIT =          0x01040500,
>> +    MFI_DCMD_CTRL_SHUTDOWN =            0x01050000,
>> +    MFI_DCMD_HIBERNATE_STANDBY =        0x01060000,
>> +    MFI_DCMD_CTRL_GET_TIME =            0x01080101,
>> +    MFI_DCMD_CTRL_SET_TIME =            0x01080102,
>> +    MFI_DCMD_CTRL_BIOS_DATA_GET =       0x010c0100,
>> +    MFI_DCMD_CTRL_BIOS_DATA_SET =       0x010c0200,
>> +    MFI_DCMD_CTRL_FACTORY_DEFAULTS =    0x010d0000,
>> +    MFI_DCMD_CTRL_MFC_DEFAULTS_GET =    0x010e0201,
>> +    MFI_DCMD_CTRL_MFC_DEFAULTS_SET =    0x010e0202,
>> +    MFI_DCMD_CTRL_CACHE_FLUSH =         0x01101000,
>> +    MFI_DCMD_PD_GET_LIST =              0x02010000,
>> +    MFI_DCMD_PD_LIST_QUERY =            0x02010100,
>> +    MFI_DCMD_PD_GET_INFO =              0x02020000,
>> +    MFI_DCMD_PD_STATE_SET =             0x02030100,
>> +    MFI_DCMD_PD_REBUILD =               0x02040100,
>> +    MFI_DCMD_PD_BLINK =                 0x02070100,
>> +    MFI_DCMD_PD_UNBLINK =               0x02070200,
>> +    MFI_DCMD_LD_GET_LIST =              0x03010000,
>> +    MFI_DCMD_LD_GET_INFO =              0x03020000,
>> +    MFI_DCMD_LD_GET_PROP =              0x03030000,
>> +    MFI_DCMD_LD_SET_PROP =              0x03040000,
>> +    MFI_DCMD_LD_DELETE =                0x03090000,
>> +    MFI_DCMD_CFG_READ =                 0x04010000,
>> +    MFI_DCMD_CFG_ADD =                  0x04020000,
>> +    MFI_DCMD_CFG_CLEAR =                0x04030000,
>> +    MFI_DCMD_CFG_FOREIGN_READ =         0x04060100,
>> +    MFI_DCMD_CFG_FOREIGN_IMPORT =       0x04060400,
>> +    MFI_DCMD_BBU_STATUS =               0x05010000,
>> +    MFI_DCMD_BBU_CAPACITY_INFO =        0x05020000,
>> +    MFI_DCMD_BBU_DESIGN_INFO =          0x05030000,
>> +    MFI_DCMD_BBU_PROP_GET =             0x05050100,
>> +    MFI_DCMD_CLUSTER =                  0x08000000,
>> +    MFI_DCMD_CLUSTER_RESET_ALL =        0x08010100,
>> +    MFI_DCMD_CLUSTER_RESET_LD =         0x08010200
>> +} mfi_dcmd_t ;
>
>
> space before ;
>
>> +
>> +/* Modifiers for MFI_DCMD_CTRL_FLUSHCACHE */
>> +#define MFI_FLUSHCACHE_CTRL     0x01
>> +#define MFI_FLUSHCACHE_DISK     0x02
>> +
>> +/* Modifiers for MFI_DCMD_CTRL_SHUTDOWN */
>> +#define MFI_SHUTDOWN_SPINDOWN   0x01
>> +
>> +/*
>> + * MFI Frame flags
>> + */
>> +typedef enum {
>> +    MFI_FRAME_DONT_POST_IN_REPLY_QUEUE =        0x0001,
>> +    MFI_FRAME_SGL64 =                           0x0002,
>> +    MFI_FRAME_SENSE64 =                         0x0004,
>> +    MFI_FRAME_DIR_WRITE =                       0x0008,
>> +    MFI_FRAME_DIR_READ =                        0x0010,
>> +    MFI_FRAME_IEEE_SGL =                        0x0020,
>> +} mfi_frame_flags;
>> +
>> +/* MFI Status codes */
>> +typedef enum {
>> +    MFI_STAT_OK =                       0x00,
>> +    MFI_STAT_INVALID_CMD,
>> +    MFI_STAT_INVALID_DCMD,
>> +    MFI_STAT_INVALID_PARAMETER,
>> +    MFI_STAT_INVALID_SEQUENCE_NUMBER,
>> +    MFI_STAT_ABORT_NOT_POSSIBLE,
>> +    MFI_STAT_APP_HOST_CODE_NOT_FOUND,
>> +    MFI_STAT_APP_IN_USE,
>> +    MFI_STAT_APP_NOT_INITIALIZED,
>> +    MFI_STAT_ARRAY_INDEX_INVALID,
>> +    MFI_STAT_ARRAY_ROW_NOT_EMPTY,
>> +    MFI_STAT_CONFIG_RESOURCE_CONFLICT,
>> +    MFI_STAT_DEVICE_NOT_FOUND,
>> +    MFI_STAT_DRIVE_TOO_SMALL,
>> +    MFI_STAT_FLASH_ALLOC_FAIL,
>> +    MFI_STAT_FLASH_BUSY,
>> +    MFI_STAT_FLASH_ERROR =              0x10,
>> +    MFI_STAT_FLASH_IMAGE_BAD,
>> +    MFI_STAT_FLASH_IMAGE_INCOMPLETE,
>> +    MFI_STAT_FLASH_NOT_OPEN,
>> +    MFI_STAT_FLASH_NOT_STARTED,
>> +    MFI_STAT_FLUSH_FAILED,
>> +    MFI_STAT_HOST_CODE_NOT_FOUNT,
>> +    MFI_STAT_LD_CC_IN_PROGRESS,
>> +    MFI_STAT_LD_INIT_IN_PROGRESS,
>> +    MFI_STAT_LD_LBA_OUT_OF_RANGE,
>> +    MFI_STAT_LD_MAX_CONFIGURED,
>> +    MFI_STAT_LD_NOT_OPTIMAL,
>> +    MFI_STAT_LD_RBLD_IN_PROGRESS,
>> +    MFI_STAT_LD_RECON_IN_PROGRESS,
>> +    MFI_STAT_LD_WRONG_RAID_LEVEL,
>> +    MFI_STAT_MAX_SPARES_EXCEEDED,
>> +    MFI_STAT_MEMORY_NOT_AVAILABLE =     0x20,
>> +    MFI_STAT_MFC_HW_ERROR,
>> +    MFI_STAT_NO_HW_PRESENT,
>> +    MFI_STAT_NOT_FOUND,
>> +    MFI_STAT_NOT_IN_ENCL,
>> +    MFI_STAT_PD_CLEAR_IN_PROGRESS,
>> +    MFI_STAT_PD_TYPE_WRONG,
>> +    MFI_STAT_PR_DISABLED,
>> +    MFI_STAT_ROW_INDEX_INVALID,
>> +    MFI_STAT_SAS_CONFIG_INVALID_ACTION,
>> +    MFI_STAT_SAS_CONFIG_INVALID_DATA,
>> +    MFI_STAT_SAS_CONFIG_INVALID_PAGE,
>> +    MFI_STAT_SAS_CONFIG_INVALID_TYPE,
>> +    MFI_STAT_SCSI_DONE_WITH_ERROR,
>> +    MFI_STAT_SCSI_IO_FAILED,
>> +    MFI_STAT_SCSI_RESERVATION_CONFLICT,
>> +    MFI_STAT_SHUTDOWN_FAILED =          0x30,
>> +    MFI_STAT_TIME_NOT_SET,
>> +    MFI_STAT_WRONG_STATE,
>> +    MFI_STAT_LD_OFFLINE,
>> +    MFI_STAT_PEER_NOTIFICATION_REJECTED,
>> +    MFI_STAT_PEER_NOTIFICATION_FAILED,
>> +    MFI_STAT_RESERVATION_IN_PROGRESS,
>> +    MFI_STAT_I2C_ERRORS_DETECTED,
>> +    MFI_STAT_PCI_ERRORS_DETECTED,
>> +    MFI_STAT_DIAG_FAILED,
>> +    MFI_STAT_BOOT_MSG_PENDING,
>> +    MFI_STAT_FOREIGN_CONFIG_INCOMPLETE,
>> +    MFI_STAT_INVALID_SGL,
>> +    MFI_STAT_UNSUPPORTED_HW,
>> +    MFI_STAT_CC_SCHEDULE_DISABLED,
>> +    MFI_STAT_PD_COPYBACK_IN_PROGRESS,
>> +    MFI_STAT_MULTIPLE_PDS_IN_ARRAY =    0x40,
>> +    MFI_STAT_FW_DOWNLOAD_ERROR,
>> +    MFI_STAT_FEATURE_SECURITY_NOT_ENABLED,
>> +    MFI_STAT_LOCK_KEY_ALREADY_EXISTS,
>> +    MFI_STAT_LOCK_KEY_BACKUP_NOT_ALLOWED,
>> +    MFI_STAT_LOCK_KEY_VERIFY_NOT_ALLOWED,
>> +    MFI_STAT_LOCK_KEY_VERIFY_FAILED,
>> +    MFI_STAT_LOCK_KEY_REKEY_NOT_ALLOWED,
>> +    MFI_STAT_LOCK_KEY_INVALID,
>> +    MFI_STAT_LOCK_KEY_ESCROW_INVALID,
>> +    MFI_STAT_LOCK_KEY_BACKUP_REQUIRED,
>> +    MFI_STAT_SECURE_LD_EXISTS,
>> +    MFI_STAT_LD_SECURE_NOT_ALLOWED,
>> +    MFI_STAT_REPROVISION_NOT_ALLOWED,
>> +    MFI_STAT_PD_SECURITY_TYPE_WRONG,
>> +    MFI_STAT_LD_ENCRYPTION_TYPE_INVALID,
>> +    MFI_STAT_CONFIG_FDE_NON_FDE_MIX_NOT_ALLOWED = 0x50,
>> +    MFI_STAT_CONFIG_LD_ENCRYPTION_TYPE_MIX_NOT_ALLOWED,
>> +    MFI_STAT_SECRET_KEY_NOT_ALLOWED,
>> +    MFI_STAT_PD_HW_ERRORS_DETECTED,
>> +    MFI_STAT_LD_CACHE_PINNED,
>> +    MFI_STAT_POWER_STATE_SET_IN_PROGRESS,
>> +    MFI_STAT_POWER_STATE_SET_BUSY,
>> +    MFI_STAT_POWER_STATE_WRONG,
>> +    MFI_STAT_PR_NO_AVAILABLE_PD_FOUND,
>> +    MFI_STAT_CTRL_RESET_REQUIRED,
>> +    MFI_STAT_LOCK_KEY_EKM_NO_BOOT_AGENT,
>> +    MFI_STAT_SNAP_NO_SPACE,
>> +    MFI_STAT_SNAP_PARTIAL_FAILURE,
>> +    MFI_STAT_UPGRADE_KEY_INCOMPATIBLE,
>> +    MFI_STAT_PFK_INCOMPATIBLE,
>> +    MFI_STAT_PD_MAX_UNCONFIGURED,
>> +    MFI_STAT_IO_METRICS_DISABLED =      0x60,
>> +    MFI_STAT_AEC_NOT_STOPPED,
>> +    MFI_STAT_PI_TYPE_WRONG,
>> +    MFI_STAT_LD_PD_PI_INCOMPATIBLE,
>> +    MFI_STAT_PI_NOT_ENABLED,
>> +    MFI_STAT_LD_BLOCK_SIZE_MISMATCH,
>> +    MFI_STAT_INVALID_STATUS =           0xFF
>> +} mfi_status_t ;
>> +
>> +/* Event classes */
>> +typedef enum {
>> +    MFI_EVT_CLASS_DEBUG =      -2,
>> +    MFI_EVT_CLASS_PROGRESS =   -1,
>> +    MFI_EVT_CLASS_INFO =        0,
>> +    MFI_EVT_CLASS_WARNING =     1,
>> +    MFI_EVT_CLASS_CRITICAL =    2,
>> +    MFI_EVT_CLASS_FATAL =       3,
>> +    MFI_EVT_CLASS_DEAD =        4
>> +} mfi_evt_class_t ;
>> +
>> +/* Event locales */
>> +typedef enum {
>> +    MFI_EVT_LOCALE_LD =         0x0001,
>> +    MFI_EVT_LOCALE_PD =         0x0002,
>> +    MFI_EVT_LOCALE_ENCL =       0x0004,
>> +    MFI_EVT_LOCALE_BBU =        0x0008,
>> +    MFI_EVT_LOCALE_SAS =        0x0010,
>> +    MFI_EVT_LOCALE_CTRL =       0x0020,
>> +    MFI_EVT_LOCALE_CONFIG =     0x0040,
>> +    MFI_EVT_LOCALE_CLUSTER =    0x0080,
>> +    MFI_EVT_LOCALE_ALL =        0xffff
>> +} mfi_evt_locale_t;
>> +
>> +/* Event args */
>> +typedef enum {
>> +    MR_EVT_ARGS_NONE =          0x00,
>> +    MR_EVT_ARGS_CDB_SENSE,
>> +    MR_EVT_ARGS_LD,
>> +    MR_EVT_ARGS_LD_COUNT,
>> +    MR_EVT_ARGS_LD_LBA,
>> +    MR_EVT_ARGS_LD_OWNER,
>> +    MR_EVT_ARGS_LD_LBA_PD_LBA,
>> +    MR_EVT_ARGS_LD_PROG,
>> +    MR_EVT_ARGS_LD_STATE,
>> +    MR_EVT_ARGS_LD_STRIP,
>> +    MR_EVT_ARGS_PD,
>> +    MR_EVT_ARGS_PD_ERR,
>> +    MR_EVT_ARGS_PD_LBA,
>> +    MR_EVT_ARGS_PD_LBA_LD,
>> +    MR_EVT_ARGS_PD_PROG,
>> +    MR_EVT_ARGS_PD_STATE,
>> +    MR_EVT_ARGS_PCI,
>> +    MR_EVT_ARGS_RATE,
>> +    MR_EVT_ARGS_STR,
>> +    MR_EVT_ARGS_TIME,
>> +    MR_EVT_ARGS_ECC,
>> +    MR_EVT_ARGS_LD_PROP,
>> +    MR_EVT_ARGS_PD_SPARE,
>> +    MR_EVT_ARGS_PD_INDEX,
>> +    MR_EVT_ARGS_DIAG_PASS,
>> +    MR_EVT_ARGS_DIAG_FAIL,
>> +    MR_EVT_ARGS_PD_LBA_LBA,
>> +    MR_EVT_ARGS_PORT_PHY,
>> +    MR_EVT_ARGS_PD_MISSING,
>> +    MR_EVT_ARGS_PD_ADDRESS,
>> +    MR_EVT_ARGS_BITMAP,
>> +    MR_EVT_ARGS_CONNECTOR,
>> +    MR_EVT_ARGS_PD_PD,
>> +    MR_EVT_ARGS_PD_FRU,
>> +    MR_EVT_ARGS_PD_PATHINFO,
>> +    MR_EVT_ARGS_PD_POWER_STATE,
>> +    MR_EVT_ARGS_GENERIC,
>> +} mfi_evt_args;
>> +
>> +/* Event codes */
>> +#define MR_EVT_CFG_CLEARED                          0x0004
>> +#define MR_EVT_CTRL_SHUTDOWN                        0x002a
>> +#define MR_EVT_LD_STATE_CHANGE                      0x0051
>> +#define MR_EVT_PD_INSERTED                          0x005b
>> +#define MR_EVT_PD_REMOVED                           0x0070
>> +#define MR_EVT_PD_STATE_CHANGED                     0x0072
>> +#define MR_EVT_LD_CREATED                           0x008a
>> +#define MR_EVT_LD_DELETED                           0x008b
>> +#define MR_EVT_FOREIGN_CFG_IMPORTED                 0x00db
>> +#define MR_EVT_LD_OFFLINE                           0x00fc
>> +#define MR_EVT_CTRL_HOST_BUS_SCAN_REQUESTED         0x0152
>> +
>> +typedef enum {
>> +    MR_LD_CACHE_WRITE_BACK =            0x01,
>> +    MR_LD_CACHE_WRITE_ADAPTIVE =        0x02,
>> +    MR_LD_CACHE_READ_AHEAD =            0x04,
>> +    MR_LD_CACHE_READ_ADAPTIVE =         0x08,
>> +    MR_LD_CACHE_WRITE_CACHE_BAD_BBU =   0x10,
>> +    MR_LD_CACHE_ALLOW_WRITE_CACHE =     0x20,
>> +    MR_LD_CACHE_ALLOW_READ_CACHE =      0x40
>> +} mfi_ld_cache;
>> +
>> +typedef enum {
>> +    MR_PD_CACHE_UNCHANGED  =    0,
>> +    MR_PD_CACHE_ENABLE =        1,
>> +    MR_PD_CACHE_DISABLE =       2
>> +} mfi_pd_cache;
>> +
>> +typedef enum {
>> +    MR_PD_QUERY_TYPE_ALL =              0,
>> +    MR_PD_QUERY_TYPE_STATE =            1,
>> +    MR_PD_QUERY_TYPE_POWER_STATE =      2,
>> +    MR_PD_QUERY_TYPE_MEDIA_TYPE =       3,
>> +    MR_PD_QUERY_TYPE_SPEED =            4,
>> +    MR_PD_QUERY_TYPE_EXPOSED_TO_HOST =  5, /*query for system drives */
>> +} mfi_pd_query_type;
>> +
>> +/*
>> + * Other propertities and definitions
>> + */
>> +#define MFI_MAX_PD_CHANNELS     2
>> +#define MFI_MAX_LD_CHANNELS     2
>> +#define MFI_MAX_CHANNELS        (MFI_MAX_PD_CHANNELS + MFI_MAX_LD_CHANNELS)
>> +#define MFI_MAX_CHANNEL_DEVS  128
>> +#define MFI_DEFAULT_ID         -1
>> +#define MFI_MAX_LUN             8
>> +#define MFI_MAX_LD             64
>> +
>> +#define MFI_FRAME_SIZE         64
>> +#define MFI_MBOX_SIZE          12
>> +
>> +/* Firmware flashing can take 40s */
>> +#define MFI_POLL_TIMEOUT_SECS  50
>> +
>> +/* Allow for speedier math calculations */
>> +#define MFI_SECTOR_LEN        512
>> +
>> +/* Scatter Gather elements */
>> +struct mfi_sg32 {
>> +    uint32_t addr;
>> +    uint32_t len;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_sg64 {
>> +    uint64_t addr;
>> +    uint32_t len;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_sg_skinny {
>> +    uint64_t addr;
>> +    uint32_t len;
>> +    uint32_t flag;
>> +} __attribute__ ((packed));
>> +
>> +union mfi_sgl {
>> +    struct mfi_sg32 sg32[1];
>> +    struct mfi_sg64 sg64[1];
>> +    struct mfi_sg_skinny sg_skinny[1];
>> +} __attribute__ ((packed));
>> +
>> +/* Message frames.  All messages have a common header */
>> +struct mfi_frame_header {
>> +    uint8_t frame_cmd;
>> +    uint8_t sense_len;
>> +    uint8_t cmd_status;
>> +    uint8_t scsi_status;
>> +    uint8_t target_id;
>> +    uint8_t lun_id;
>> +    uint8_t cdb_len;
>> +    uint8_t sge_count;
>> +    uint64_t context;
>> +    uint16_t flags;
>> +    uint16_t timeout;
>> +    uint32_t data_len;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_init_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t qinfo_new_addr_lo;
>> +    uint32_t qinfo_new_addr_hi;
>> +    uint32_t qinfo_old_addr_lo;
>> +    uint32_t qinfo_old_addr_hi;
>> +    uint32_t reserved[6];
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_IO_FRAME_SIZE 40
>> +struct mfi_io_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t sense_addr_lo;
>> +    uint32_t sense_addr_hi;
>> +    uint32_t lba_lo;
>> +    uint32_t lba_hi;
>> +    union mfi_sgl sgl;
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_PASS_FRAME_SIZE 48
>> +struct mfi_pass_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t sense_addr_lo;
>> +    uint32_t sense_addr_hi;
>> +    uint8_t cdb[16];
>> +    union mfi_sgl sgl;
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_DCMD_FRAME_SIZE 40
>> +struct mfi_dcmd_frame {
>> +    struct mfi_frame_header header;
>> +    uint32_t opcode;
>> +    uint8_t mbox[MFI_MBOX_SIZE];
>> +    union mfi_sgl sgl;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_abort_frame {
>> +    struct mfi_frame_header header;
>> +    uint64_t abort_context;
>> +    uint32_t abort_mfi_addr_lo;
>> +    uint32_t abort_mfi_addr_hi;
>> +    uint32_t reserved1[6];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_smp_frame {
>> +    struct mfi_frame_header header;
>> +    uint64_t sas_addr;
>> +    union {
>> +        struct mfi_sg32 sg32[2];
>> +        struct mfi_sg64 sg64[2];
>> +    } sgl;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_stp_frame {
>> +    struct mfi_frame_header header;
>> +    uint16_t fis[10];
>> +    uint32_t stp_flags;
>> +    union {
>> +        struct mfi_sg32 sg32[2];
>> +        struct mfi_sg64 sg64[2];
>> +    } sgl;
>> +} __attribute__ ((packed));
>> +
>> +union mfi_frame {
>> +    struct mfi_frame_header header;
>> +    struct mfi_init_frame init;
>> +    struct mfi_io_frame io;
>> +    struct mfi_pass_frame pass;
>> +    struct mfi_dcmd_frame dcmd;
>> +    struct mfi_abort_frame abort;
>> +    struct mfi_smp_frame smp;
>> +    struct mfi_stp_frame stp;
>> +    uint64_t raw[8];
>> +    uint8_t bytes[MFI_FRAME_SIZE];
>> +};
>> +
>> +#define MFI_SENSE_LEN 128
>> +struct mfi_sense {
>> +    uint8_t     data[MFI_SENSE_LEN];
>> +};
>> +
>> +#define MFI_QUEUE_FLAG_CONTEXT64 0x00000002
>> +
>> +/* The queue init structure that is passed with the init message */
>> +struct mfi_init_qinfo {
>> +    uint32_t flags;
>> +    uint32_t rq_entries;
>> +    uint32_t rq_addr_lo;
>> +    uint32_t rq_addr_hi;
>> +    uint32_t pi_addr_lo;
>> +    uint32_t pi_addr_hi;
>> +    uint32_t ci_addr_lo;
>> +    uint32_t ci_addr_hi;
>> +} __attribute__ ((packed));
>
> Don't use a packed attribute - it's not necessary here and creates
> much worse code as gcc must then assume unaligned struct address.
> You had to tweak the attribute anyway, just drop it.
>
>> +
>> +/* Controller properties */
>> +struct mfi_ctrl_props {
>> +    uint16_t seq_num;
>> +    uint16_t pred_fail_poll_interval;
>> +    uint16_t intr_throttle_cnt;
>> +    uint16_t intr_throttle_timeout;
>> +    uint8_t rebuild_rate;
>> +    uint8_t patrol_read_rate;
>> +    uint8_t bgi_rate;
>> +    uint8_t cc_rate;
>> +    uint8_t recon_rate;
>> +    uint8_t cache_flush_interval;
>> +    uint8_t spinup_drv_cnt;
>> +    uint8_t spinup_delay;
>> +    uint8_t cluster_enable;
>> +    uint8_t coercion_mode;
>> +    uint8_t alarm_enable;
>> +    uint8_t disable_auto_rebuild;
>> +    uint8_t disable_battery_warn;
>> +    uint8_t ecc_bucket_size;
>> +    uint16_t ecc_bucket_leak_rate;
>> +    uint8_t restore_hotspare_on_insertion;
>> +    uint8_t expose_encl_devices;
>> +    uint8_t maintainPdFailHistory;
>> +    uint8_t disallowHostRequestReordering;
>> +    uint8_t abortCCOnError;
>> +    uint8_t loadBalanceMode;
>> +    uint8_t disableAutoDetectBackplane;
>> +    uint8_t snapVDSpace;
>> +    struct {
>> +        /* set TRUE to disable copyBack (0=copyback enabled) */
>> +        uint32_t copyBackDisabled:1,
>> +            SMARTerEnabled:1,
>> +            prCorrectUnconfiguredAreas:1,
>> +            useFdeOnly:1,
>> +            disableNCQ:1,
>> +            SSDSMARTerEnabled:1,
>> +            SSDPatrolReadEnabled:1,
>> +            enableSpinDownUnconfigured:1,
>> +            autoEnhancedImport:1,
>> +            enableSecretKeyControl:1,
>> +            disableOnlineCtrlReset:1,
>> +            allowBootWithPinnedCache:1,
>> +            disableSpinDownHS:1,
>> +            enableJBOD:1,
>> +            reserved:18;
>> +    } OnOffProperties;
>
> Using bitfields for anything where you care about endian-ness
> is IMO wrong, and you normally do care for BE host + LE guest.
> No idea what bsd does to handle this.
>
>> +    uint8_t autoSnapVDSpace; /* % of source LD to be
>> +                              * reserved for auto snapshot
>> +                              * in snapshot repository, for
>> +                              * metadata and user data
>> +                              * 1=5%, 2=10%, 3=15% and so on
>> +                              */
>> +    uint8_t viewSpace;       /* snapshot writeable VIEWs
>> +                              * capacity as a % of source LD
>> +                              * capacity. 0=READ only
>> +                              * 1=5%, 2=10%, 3=15% and so on
>> +                              */
>> +    uint16_t spinDownTime;    /* # of idle minutes before device
>> +                               * is spun down (0=use FW defaults)
>> +                               */
>> +    uint8_t reserved[24];
>> +} __attribute__ ((packed));
>> +
>> +/* PCI information about the card. */
>> +struct mfi_info_pci {
>> +    uint16_t vendor;
>> +    uint16_t device;
>> +    uint16_t subvendor;
>> +    uint16_t subdevice;
>> +    uint8_t reserved[24];
>> +} __attribute__ ((packed));
>> +
>> +/* Host (front end) interface information */
>> +struct mfi_info_host {
>> +    uint8_t type;
>> +#define MFI_INFO_HOST_PCIX      0x01
>> +#define MFI_INFO_HOST_PCIE      0x02
>> +#define MFI_INFO_HOST_ISCSI     0x04
>> +#define MFI_INFO_HOST_SAS3G     0x08
>> +    uint8_t reserved[6];
>> +    uint8_t port_count;
>> +    uint64_t port_addr[8];
>> +} __attribute__ ((packed));
>> +
>> +/* Device (back end) interface information */
>> +struct mfi_info_device {
>> +    uint8_t type;
>> +#define MFI_INFO_DEV_SPI        0x01
>> +#define MFI_INFO_DEV_SAS3G      0x02
>> +#define MFI_INFO_DEV_SATA1      0x04
>> +#define MFI_INFO_DEV_SATA3G     0x08
>> +    uint8_t reserved[6];
>> +    uint8_t port_count;
>> +    uint64_t port_addr[8];
>> +} __attribute__ ((packed));
>> +
>> +/* Firmware component information */
>> +struct mfi_info_component {
>> +    char name[8];
>> +    char version[32];
>> +    char build_date[16];
>> +    char build_time[16];
>> +} __attribute__ ((packed));
>> +
>> +/* Controller default settings */
>> +struct mfi_defaults {
>> +    uint64_t sas_addr;
>> +    uint8_t phy_polarity;
>> +    uint8_t background_rate;
>> +    uint8_t stripe_size;
>> +    uint8_t flush_time;
>> +    uint8_t write_back;
>> +    uint8_t read_ahead;
>> +    uint8_t cache_when_bbu_bad;
>> +    uint8_t cached_io;
>> +    uint8_t smart_mode;
>> +    uint8_t alarm_disable;
>> +    uint8_t coercion;
>> +    uint8_t zrc_config;
>> +    uint8_t dirty_led_shows_drive_activity;
>> +    uint8_t bios_continue_on_error;
>> +    uint8_t spindown_mode;
>> +    uint8_t allowed_device_types;
>> +    uint8_t allow_mix_in_enclosure;
>> +    uint8_t allow_mix_in_ld;
>> +    uint8_t allow_sata_in_cluster;
>> +    uint8_t max_chained_enclosures;
>> +    uint8_t disable_ctrl_r;
>> +    uint8_t enable_web_bios;
>> +    uint8_t phy_polarity_split;
>> +    uint8_t direct_pd_mapping;
>> +    uint8_t bios_enumerate_lds;
>> +    uint8_t restored_hot_spare_on_insertion;
>> +    uint8_t expose_enclosure_devices;
>> +    uint8_t maintain_pd_fail_history;
>> +    uint8_t disable_puncture;
>> +    uint8_t zero_based_enumeration;
>> +    uint8_t disable_preboot_cli;
>> +    uint8_t show_drive_led_on_activity;
>> +    uint8_t cluster_disable;
>> +    uint8_t sas_disable;
>> +    uint8_t auto_detect_backplane;
>> +    uint8_t fde_only;
>> +    uint8_t delay_during_post;
>> +    uint8_t resv[19];
>> +} __attribute__ ((packed));
>> +
>> +/* Controller default settings */
>> +struct mfi_bios_data {
>> +    uint16_t boot_target_id;
>> +    uint8_t do_not_int_13;
>> +    uint8_t continue_on_error;
>> +    uint8_t verbose;
>> +    uint8_t geometry;
>> +    uint8_t expose_all_drives;
>> +    uint8_t reserved[56];
>> +    uint8_t check_sum;
>> +} __attribute__ ((packed));
>> +
>> +/* SAS (?) controller info, returned from MFI_DCMD_CTRL_GETINFO. */
>> +struct mfi_ctrl_info {
>> +    struct mfi_info_pci pci;
>> +    struct mfi_info_host host;
>> +    struct mfi_info_device device;
>> +
>> +    /* Firmware components that are present and active. */
>> +    uint32_t image_check_word;
>> +    uint32_t image_component_count;
>> +    struct mfi_info_component image_component[8];
>> +
>> +    /* Firmware components that have been flashed but are inactive */
>> +    uint32_t pending_image_component_count;
>> +    struct mfi_info_component pending_image_component[8];
>> +
>> +    uint8_t max_arms;
>> +    uint8_t max_spans;
>> +    uint8_t max_arrays;
>> +    uint8_t max_lds;
>> +    char product_name[80];
>> +    char serial_number[32];
>> +    uint32_t hw_present;
>> +#define MFI_INFO_HW_BBU         0x01
>> +#define MFI_INFO_HW_ALARM       0x02
>> +#define MFI_INFO_HW_NVRAM       0x04
>> +#define MFI_INFO_HW_UART        0x08
>> +#define MFI_INFO_HW_MEM         0x10
>> +#define MFI_INFO_HW_FLASH       0x20
>> +    uint32_t current_fw_time;
>> +    uint16_t max_cmds;
>> +    uint16_t max_sg_elements;
>> +    uint32_t max_request_size;
>> +    uint16_t lds_present;
>> +    uint16_t lds_degraded;
>> +    uint16_t lds_offline;
>> +    uint16_t pd_present;
>> +    uint16_t pd_disks_present;
>> +    uint16_t pd_disks_pred_failure;
>> +    uint16_t pd_disks_failed;
>> +    uint16_t nvram_size;
>> +    uint16_t memory_size;
>> +    uint16_t flash_size;
>> +    uint16_t ram_correctable_errors;
>> +    uint16_t ram_uncorrectable_errors;
>> +    uint8_t cluster_allowed;
>> +    uint8_t cluster_active;
>> +    uint16_t max_strips_per_io;
>> +
>> +    uint32_t raid_levels;
>> +#define MFI_INFO_RAID_0         0x01
>> +#define MFI_INFO_RAID_1         0x02
>> +#define MFI_INFO_RAID_5         0x04
>> +#define MFI_INFO_RAID_1E        0x08
>> +#define MFI_INFO_RAID_6         0x10
>> +
>> +    uint32_t adapter_ops;
>> +#define MFI_INFO_AOPS_RBLD_RATE         0x0001
>> +#define MFI_INFO_AOPS_CC_RATE           0x0002
>> +#define MFI_INFO_AOPS_BGI_RATE          0x0004
>> +#define MFI_INFO_AOPS_RECON_RATE        0x0008
>> +#define MFI_INFO_AOPS_PATROL_RATE       0x0010
>> +#define MFI_INFO_AOPS_ALARM_CONTROL     0x0020
>> +#define MFI_INFO_AOPS_CLUSTER_SUPPORTED 0x0040
>> +#define MFI_INFO_AOPS_BBU               0x0080
>> +#define MFI_INFO_AOPS_SPANNING_ALLOWED  0x0100
>> +#define MFI_INFO_AOPS_DEDICATED_SPARES  0x0200
>> +#define MFI_INFO_AOPS_REVERTIBLE_SPARES 0x0400
>> +#define MFI_INFO_AOPS_FOREIGN_IMPORT    0x0800
>> +#define MFI_INFO_AOPS_SELF_DIAGNOSTIC   0x1000
>> +#define MFI_INFO_AOPS_MIXED_ARRAY       0x2000
>> +#define MFI_INFO_AOPS_GLOBAL_SPARES     0x4000
>> +
>> +    uint32_t ld_ops;
>> +#define MFI_INFO_LDOPS_READ_POLICY      0x01
>> +#define MFI_INFO_LDOPS_WRITE_POLICY     0x02
>> +#define MFI_INFO_LDOPS_IO_POLICY        0x04
>> +#define MFI_INFO_LDOPS_ACCESS_POLICY    0x08
>> +#define MFI_INFO_LDOPS_DISK_CACHE_POLICY 0x10
>> +
>> +    struct {
>> +        uint8_t min;
>> +        uint8_t max;
>> +        uint8_t reserved[2];
>> +    } __attribute__ ((packed)) stripe_sz_ops;
>> +
>> +    uint32_t pd_ops;
>> +#define MFI_INFO_PDOPS_FORCE_ONLINE     0x01
>> +#define MFI_INFO_PDOPS_FORCE_OFFLINE    0x02
>> +#define MFI_INFO_PDOPS_FORCE_REBUILD    0x04
>> +
>> +    uint32_t pd_mix_support;
>> +#define MFI_INFO_PDMIX_SAS              0x01
>> +#define MFI_INFO_PDMIX_SATA             0x02
>> +#define MFI_INFO_PDMIX_ENCL             0x04
>> +#define MFI_INFO_PDMIX_LD               0x08
>> +#define MFI_INFO_PDMIX_SATA_CLUSTER     0x10
>> +
>> +    uint8_t ecc_bucket_count;
>> +    uint8_t reserved2[11];
>> +    struct mfi_ctrl_props properties;
>> +    char package_version[0x60];
>> +    uint8_t pad[0x800 - 0x6a0];
>> +} __attribute__ ((packed));
>> +
>> +/* keep track of an event. */
>> +union mfi_evt {
>> +    struct {
>> +        uint16_t locale;
>> +        uint8_t reserved;
>> +        int8_t class;
>> +    } members;
>> +    uint32_t word;
>> +} __attribute__ ((packed));
>> +
>> +/* event log state. */
>> +struct mfi_evt_log_state {
>> +    uint32_t newest_seq_num;
>> +    uint32_t oldest_seq_num;
>> +    uint32_t clear_seq_num;
>> +    uint32_t shutdown_seq_num;
>> +    uint32_t boot_seq_num;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_progress {
>> +    uint16_t progress;
>> +    uint16_t elapsed_seconds;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_evt_ld {
>> +    uint16_t target_id;
>> +    uint8_t ld_index;
>> +    uint8_t reserved;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_evt_pd {
>> +    uint16_t device_id;
>> +    uint8_t enclosure_index;
>> +    uint8_t slot_number;
>> +} __attribute__ ((packed));
>> +
>> +/* event detail, returned from MFI_DCMD_CTRL_EVENT_WAIT. */
>> +struct mfi_evt_detail {
>> +    uint32_t seq;
>> +    uint32_t time;
>> +    uint32_t code;
>> +    union mfi_evt class;
>> +    uint8_t arg_type;
>> +    uint8_t reserved1[15];
>> +
>> +    union {
>> +        struct {
>> +            struct mfi_evt_pd pd;
>> +            uint8_t cdb_len;
>> +            uint8_t sense_len;
>> +            uint8_t reserved[2];
>> +            uint8_t cdb[16];
>> +            uint8_t sense[64];
>> +        } cdb_sense;
>> +
>> +        struct mfi_evt_ld ld;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            uint64_t count;
>> +        } ld_count;
>> +
>> +        struct {
>> +            uint64_t lba;
>> +            struct mfi_evt_ld ld;
>> +        } ld_lba;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            uint32_t pre_owner;
>> +            uint32_t new_owner;
>> +        } ld_owner;
>> +
>> +        struct {
>> +            uint64_t ld_lba;
>> +            uint64_t pd_lba;
>> +            struct mfi_evt_ld ld;
>> +            struct mfi_evt_pd pd;
>> +        } ld_lba_pd_lba;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            struct mfi_progress prog;
>> +        } ld_prog;
>> +
>> +        struct {
>> +            struct mfi_evt_ld ld;
>> +            uint32_t prev_state;
>> +            uint32_t new_state;
>> +        } ld_state;
>> +
>> +        struct {
>> +            uint64_t strip;
>> +            struct mfi_evt_ld ld;
>> +        } ld_strip;
>> +
>> +        struct mfi_evt_pd pd;
>> +
>> +        struct {
>> +            struct mfi_evt_pd pd;
>> +            uint32_t err;
>> +        } pd_err;
>> +
>> +        struct {
>> +            uint64_t lba;
>> +            struct mfi_evt_pd pd;
>> +        } pd_lba;
>> +
>> +        struct {
>> +            uint64_t lba;
>> +            struct mfi_evt_pd pd;
>> +            struct mfi_evt_ld ld;
>> +        } pd_lba_ld;
>> +
>> +        struct {
>> +            struct mfi_evt_pd pd;
>> +            struct mfi_progress prog;
>> +        } pd_prog;
>> +
>> +        struct {
>> +            struct mfi_evt_pd ld;
>> +            uint32_t prev_state;
>> +            uint32_t new_state;
>> +        } pd_state;
>> +
>> +        struct {
>> +            uint16_t venderId;
>> +            uint16_t deviceId;
>> +            uint16_t subVenderId;
>> +            uint16_t subDeviceId;
>> +        } pci;
>> +
>> +        uint32_t rate;
>> +
>> +        char str[96];
>> +
>> +        struct {
>> +            uint32_t rtc;
>> +            uint16_t elapsedSeconds;
>> +        } time;
>> +
>> +        struct {
>> +            uint32_t ecar;
>> +            uint32_t elog;
>> +            char str[64];
>> +        } ecc;
>> +
>> +        uint8_t b[96];
>> +        uint16_t s[48];
>> +        uint32_t w[24];
>> +        uint64_t d[12];
>> +    } args;
>> +
>> +    char description[128];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_evt_list {
>> +    uint32_t count;
>> +    uint32_t reserved;
>> +    struct mfi_evt_detail event[1];
>> +} __attribute__ ((packed));
>> +
>> +union mfi_pd_ref {
>> +    struct {
>> +        uint16_t device_id;
>> +        uint16_t seq_num;
>> +    } v;
>> +    uint32_t ref;
>> +} __attribute__ ((packed));
>> +
>> +union mfi_pd_ddf_type {
>> +    struct {
>> +        union {
>> +            struct {
>> +                uint16_t forced_pd_guid:1,
>> +                    in_vd:1,
>> +                    is_global_spare:1,
>> +                    is_spare:1,
>> +                    is_foreign:1,
>> +                    reserved:7,
>> +                    intf:4;
>> +            } pd_type;
>> +            uint16_t type;
>> +        } v;
>> +        uint16_t reserved;
>> +    } ddf;
>> +    struct {
>> +        uint32_t reserved;
>> +    } non_disk;
>> +    uint32_t type;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_pd_progress {
>> +    struct {
>> +        uint32_t rbld:1,
>> +            patrol:1 ,
>> +            clear:1,
>> +            reserved:29;
>> +    } active;
>> +    struct mfi_progress rbld;
>> +    struct mfi_progress patrol;
>> +    struct mfi_progress clear;
>> +    struct mfi_progress reserved[4];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_pd_info {
>> +    union mfi_pd_ref ref;
>> +    uint8_t inquiry_data[96];
>> +    uint8_t vpd_page83[64];
>> +    uint8_t not_supported;
>> +    uint8_t scsi_dev_type;
>> +    uint8_t connected_port_bitmap;
>> +    uint8_t device_speed;
>> +    uint32_t media_err_count;
>> +    uint32_t other_err_count;
>> +    uint32_t pred_fail_count;
>> +    uint32_t last_pred_fail_event_seq_num;
>> +    uint16_t fw_state;
>> +    uint8_t disable_for_removal;
>> +    uint8_t link_speed;
>> +    union mfi_pd_ddf_type state;
>> +    struct {
>> +        uint8_t count;
>> +        uint8_t is_path_broken;
>> +        uint8_t reserved[6];
>> +        uint64_t sas_addr[4];
>> +    } path_info;
>> +    uint64_t raw_size;
>> +    uint64_t non_coerced_size;
>> +    uint64_t coerced_size;
>> +    uint16_t encl_device_id;
>> +    uint8_t encl_index;
>> +    uint8_t slot_number;
>> +    struct mfi_pd_progress prog_info;
>> +    uint8_t bad_block_table_full;
>> +    uint8_t unusable_in_current_config;
>> +    uint8_t vpd_page83_ext[64];
>> +    uint8_t reserved[512-358];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_pd_address {
>> +    uint16_t device_id;
>> +    uint16_t encl_device_id;
>> +    uint8_t encl_index;
>> +    uint8_t slot_number;
>> +    uint8_t scsi_dev_type;
>> +    uint8_t connect_port_bitmap;
>> +    uint64_t sas_addr[2];
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_SYS_PDS 240
>> +struct mfi_pd_list {
>> +    uint32_t size;
>> +    uint32_t count;
>> +    struct mfi_pd_address addr[MAX_SYS_PDS];
>> +} __attribute__ ((packed));
>> +
>> +union mfi_ld_ref {
>> +    struct {
>> +        uint8_t target_id;
>> +        uint8_t reserved;
>> +        uint16_t seq;
>> +    } v;
>> +    uint32_t ref;
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_list {
>> +    uint32_t ld_count;
>> +    uint32_t reserved1;
>> +    struct {
>> +        union mfi_ld_ref ld;
>> +        uint8_t state;
>> +        uint8_t reserved2[3];
>> +        uint64_t size;
>> +    } ld_list[MFI_MAX_LD];
>> +} __attribute__ ((packed));
>> +
>> +enum mfi_ld_access {
>> +    MFI_LD_ACCESS_RW =          0,
>> +    MFI_LD_ACCSSS_RO =          2,
>> +    MFI_LD_ACCESS_BLOCKED =     3,
>> +};
>> +#define MFI_LD_ACCESS_MASK      3
>> +
>> +enum mfi_ld_state {
>> +    MFI_LD_STATE_OFFLINE =              0,
>> +    MFI_LD_STATE_PARTIALLY_DEGRADED =   1,
>> +    MFI_LD_STATE_DEGRADED =             2,
>> +    MFI_LD_STATE_OPTIMAL =              3
>> +};
>> +
>> +enum mfi_syspd_state {
>> +    MFI_PD_STATE_UNCONFIGURED_GOOD =    0x00,
>> +    MFI_PD_STATE_UNCONFIGURED_BAD =     0x01,
>> +    MFI_PD_STATE_HOT_SPARE =            0x02,
>> +    MFI_PD_STATE_OFFLINE =              0x10,
>> +    MFI_PD_STATE_FAILED =               0x11,
>> +    MFI_PD_STATE_REBUILD =              0x14,
>> +    MFI_PD_STATE_ONLINE =               0x18,
>> +    MFI_PD_STATE_COPYBACK =             0x20,
>> +    MFI_PD_STATE_SYSTEM =               0x40
>> +};
>> +
>> +struct mfi_ld_props {
>> +    union mfi_ld_ref ld;
>> +    char name[16];
>> +    uint8_t default_cache_policy;
>> +    uint8_t access_policy;
>> +    uint8_t disk_cache_policy;
>> +    uint8_t current_cache_policy;
>> +    uint8_t no_bgi;
>> +    uint8_t reserved[7];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_params {
>> +    uint8_t primary_raid_level;
>> +    uint8_t raid_level_qualifier;
>> +    uint8_t secondary_raid_level;
>> +    uint8_t stripe_size;
>> +    uint8_t num_drives;
>> +    uint8_t span_depth;
>> +    uint8_t state;
>> +    uint8_t init_state;
>> +    uint8_t is_consistent;
>> +    uint8_t reserved[23];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_progress {
>> +    uint32_t            active;
>> +#define MFI_LD_PROGRESS_CC      (1<<0)
>> +#define MFI_LD_PROGRESS_BGI     (1<<1)
>> +#define MFI_LD_PROGRESS_FGI     (1<<2)
>> +#define MFI_LD_PORGRESS_RECON   (1<<3)
>> +    struct mfi_progress cc;
>> +    struct mfi_progress bgi;
>> +    struct mfi_progress fgi;
>> +    struct mfi_progress recon;
>> +    struct mfi_progress reserved[4];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_span {
>> +    uint64_t start_block;
>> +    uint64_t num_blocks;
>> +    uint16_t array_ref;
>> +    uint8_t reserved[6];
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_MAX_SPAN_DEPTH      8
>> +struct mfi_ld_config {
>> +    struct mfi_ld_props properties;
>> +    struct mfi_ld_params params;
>> +    struct mfi_span span[MFI_MAX_SPAN_DEPTH];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_ld_info {
>> +    struct mfi_ld_config ld_config;
>> +    uint64_t size;
>> +    struct mfi_ld_progress progress;
>> +    uint16_t cluster_owner;
>> +    uint8_t reconstruct_active;
>> +    uint8_t reserved1[1];
>> +    uint8_t vpd_page83[64];
>> +    uint8_t reserved2[16];
>> +} __attribute__ ((packed));
>> +
>> +union mfi_spare_type {
>> +    struct {
>> +        uint8_t is_dedicate:1,
>> +            is_revertable:1,
>> +            is_encl_affinity:1,
>> +            reserved:5;
>> +    } v;
>> +    uint8_t type;
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_ARRAYS 16
>
> Use a prefix to avoid global namespace pollution.
>
>> +struct mfi_spare {
>> +    union mfi_pd_ref ref;
>> +    union mfi_spare_type spare_type;
>> +    uint8_t reserved[2];
>> +    uint8_t array_count;
>> +    uint16_t array_refd[MAX_ARRAYS];
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_ROW_SIZE 32
>
> Use a prefix to avoid global namespace pollution.
>
>> +struct mfi_array {
>> +    uint64_t size;
>> +    uint8_t num_drives;
>> +    uint8_t reserved;
>> +    uint16_t array_ref;
>> +    uint8_t pad[20];
>> +    struct {
>> +        union mfi_pd_ref ref;
>> +        uint16_t fw_state;
>> +        struct {
>> +            uint8_t pd;
>> +            uint8_t slot;
>> +        } encl;
>> +    } pd[MAX_ROW_SIZE];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_config_data {
>> +    uint32_t size;
>> +    uint16_t array_count;
>> +    uint16_t array_size;
>> +    uint16_t log_drv_count;
>> +    uint16_t log_drv_size;
>> +    uint16_t spares_count;
>> +    uint16_t spares_size;
>> +    uint8_t reserved[16];
>> +    uint8_t data;
>> +    /*
>> +      struct mfi_array  array[];
>> +      struct mfi_ld_config ld[];
>> +      struct mfi_spare  spare[];
>> +    */
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_SCSI_MAX_t ARGETS  128
>
> What's this?
>
>> +#define MFI_SCSI_MAX_LUNS       8
>> +#define MFI_SCSI_INITIATOR_ID 255
>> +#define MFI_SCSI_MAX_CMDS       8
>> +#define MFI_SCSI_MAX_CDB_LEN   16
>> +
>> +#endif /* _MFI_H */
>
> make below a separate patch pls.
>
>> diff --git a/hw/pci_ids.h b/hw/pci_ids.h
>> index e8235a7..0306255 100644
>> --- a/hw/pci_ids.h
>> +++ b/hw/pci_ids.h
>> @@ -12,9 +12,9 @@
>>
>>   #define PCI_BASE_CLASS_STORAGE           0x01
>>   #define PCI_BASE_CLASS_NETWORK           0x02
>> -
>
> Why? This separates base class list from storage
> subclasses.
>
>>   #define PCI_CLASS_STORAGE_SCSI           0x0100
>>   #define PCI_CLASS_STORAGE_IDE            0x0101
>> +#define PCI_CLASS_STORAGE_RAID           0x0104
>>   #define PCI_CLASS_STORAGE_SATA           0x0106
>>   #define PCI_CLASS_STORAGE_OTHER          0x0180
>>
>> @@ -47,6 +47,7 @@
>>
>>   #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
>>   #define PCI_DEVICE_ID_LSI_53C895A        0x0012
>> +#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
>>
>>   #define PCI_VENDOR_ID_DEC                0x1011
>>   #define PCI_DEVICE_ID_DEC_21154          0x0026
>> --
>> 1.7.3.4
>>
>
>
Alexander Graf - Feb. 24, 2012, 4:05 p.m.
On 24.02.2012, at 16:58, Anthony Liguori wrote:

> On 02/23/2012 09:34 AM, Michael S. Tsirkin wrote:
>> On Tue, Feb 21, 2012 at 10:36:43AM +0100, Hannes Reinecke wrote:
>>> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
>>> I've tested it to work with Linux, Windows Vista, and Windows7.
>>> MSI-X support is currently broken; have to investigate.
>>> 
>>> Changes since v13:
>>> - Remove separate MSI-X BAR
>>> - Simplify BAR allocation
>>> 
>>> Changes since v12:
>>> - Fixup flag setting via properties
>>> - Fixup MSI-X handling
>>> - Disable MSI-X per default
>>> 
>>> Changes since v11:
>>> - Remove unneeded variables
>>> 
>>> Changes since v10:
>>> - Port to new device type API
>>> - Include suggestion from Alex Graf:
>>> - Remove 'inline' function declaration
>>> - Queue setup and interrupt enablement needs to be treated
>>>   independently
>>> - Always read in 64 bit context and just mask out the top
>>>   bits if required
>>> 
>>> Changes since v9:
>>> - Split off trace events into a separate patch
>>> - Do not check for max_luns in PD Info
>>> - Update trace events
>>> - Clarify license statement
>>> - Fixup coding style issues
>>> 
>>> Changes since v8:
>>> - Remove 'disable' keyword from trace definitions
>>> - Convert hand-crafted debugging statements with trace
>>>   definitions
>>> - Treat 'context' tag as little endian
>>> 
>>> Changes since v7:
>>> - Port to new memory API
>>> - Port to new PCI infrastructure
>>> - Use fixed buffers for sense processing
>>> - Update to updated SCSI infrastructure
>>> 
>>> Changes since v6:
>>> - Preliminary patches pushed to Kevins block tree
>>> - Implement 64bit contexts, required for Windows7
>>> - Use iovecs for DCMD processing
>>> - Add MSI-X support
>>>   Latest Linux driver now happily uses MSI-X.
>>> - Static iovec allocation
>>>   We have a fixed upper number of iovecs, so we can
>>>   save us the allocation. Suggested by Alex Graf.
>>> - Update MFI header
>>>   Latest Linux driver has some more definitions,
>>>   add them
>>> - Fixup AEN handling
>>> - Update tracing details
>>> - Remove sdev pointer from megasas_cmd_t
>>> 
>>> Changes since v5:
>>> - megasas: Use tracing infrastructure instead of DPRINTF
>>> - megasas: Use new PCI infrastructure
>>> - megasas: Check for iovec mapping failure
>>>   cpu_map_physical_memory() might fail, so we need to check for
>>>   it when mapping iovecs.
>>> - megasas: Trace scsi buffer overflow
>>>   The transfer length as specified in the SCSI command might
>>>   disagree with the length of the iovec. We should be tracing
>>>   these issues.
>>> - megasas: Reset frames after init firmware
>>>   When receiving an INIT FIRMWARE command we need reset all
>>>   frames, otherwise some frames might point to invalid memory.
>>> 
>>> Chances since v4:
>>> - megasas: checkpatch.pl fixes and update to work with the
>>>   changed interface in scsi_req_new(). Also included the
>>>   suggested fixes from Alex.
>>> 
>>> Signed-off-by: Hannes Reinecke<hare@suse.de>
>>> Cc: Alexander Graf<agraf@suse.de>
>>> Cc: Andreas Faerber<afaerber@suse.de>
>>> Cc: Gerhard Wiesinger<lists@wiesinger.com>
>> 
>> So Alex asked whether I can merge this, which made me
>> take a look. I don't know much about what this does
>> so just general comments on all of the code.
> 
> This should come through Paolo's new SCSI tree.
> 
> And while I defended this before, I now think it really ought to be split after trying (and failing) to trim the bits below in Thunderbird.

Split up in what pieces? The only natural split I could think of would be mfi.h and megasas.c. Splitting megasas.c inside of itself doesn't really make sense, as it's just a new device and useless when not complete.

Alex
Anthony Liguori - Feb. 24, 2012, 4:13 p.m.
On 02/24/2012 10:05 AM, Alexander Graf wrote:
>
>>>
>>> So Alex asked whether I can merge this, which made me
>>> take a look. I don't know much about what this does
>>> so just general comments on all of the code.
>>
>> This should come through Paolo's new SCSI tree.
>>
>> And while I defended this before, I now think it really ought to be split after trying (and failing) to trim the bits below in Thunderbird.
>
> Split up in what pieces? The only natural split I could think of would be mfi.h and megasas.c.

That would certainly help.

> Splitting megasas.c inside of itself doesn't really make sense, as it's just a new device and useless when not complete.

That doesn't mean that splitting it isn't the right strategy.  But I bet just 
pulling out mfi.h would make it a lot more reasonable to handle.

Regards,

Anthony Liguori
Hannes Reinecke - Feb. 27, 2012, 9:17 a.m.
Hi Micheal,

thanks for your review.
You'll find the answers inline.

On 02/23/2012 04:34 PM, Michael S. Tsirkin wrote:
> On Tue, Feb 21, 2012 at 10:36:43AM +0100, Hannes Reinecke wrote:
>> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
>> I've tested it to work with Linux, Windows Vista, and Windows7.
>> MSI-X support is currently broken; have to investigate.
>>
[ .. ]
> 
> So Alex asked whether I can merge this, which made me
> take a look. I don't know much about what this does
> so just general comments on all of the code.
> 
> Also, some issues related to msix - want to rip that code
> out for now since it does not work anyway?
> 
Well, I left it in as a reminder how things _should_ be coded.
I was hoping to get it to work eventually.

But then I didn't so maybe you're right.

> qemu has two styles for struct and enum types:
> 1. documented: typedef struct CamelCase CamelCase;
> 2. undocumented but still widely used: struct lower_case; (no typedef)
> *_t type typedef is used for numeric types such as target_phys_addr_t.
> 
> This code mixes them in arbitrary ways. Pls don't do that,
> pls be consistent.
> 
Ok, done.

> 
> 
> 
>> ---
>>  Makefile.objs           |    1 +
>>  default-configs/pci.mak |    1 +
>>  hw/megasas.c            | 1865 +++++++++++++++++++++++++++++++++++++++++++++++
>>  hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
>>  hw/pci_ids.h            |    3 +-
>>  5 files changed, 3150 insertions(+), 1 deletions(-)
>>  create mode 100644 hw/megasas.c
>>  create mode 100644 hw/mfi.h
>>
>> diff --git a/Makefile.objs b/Makefile.objs
>> index 391e524..5841998 100644
>> --- a/Makefile.objs
>> +++ b/Makefile.objs
>> @@ -283,6 +283,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
>>  
>>  # SCSI layer
>>  hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
>> +hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
>>  hw-obj-$(CONFIG_ESP) += esp.o
>>  
>>  hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
>> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
>> index 9d3e1db..4b49c00 100644
>> --- a/default-configs/pci.mak
>> +++ b/default-configs/pci.mak
>> @@ -10,6 +10,7 @@ CONFIG_EEPRO100_PCI=y
>>  CONFIG_PCNET_PCI=y
>>  CONFIG_PCNET_COMMON=y
>>  CONFIG_LSI_SCSI_PCI=y
>> +CONFIG_MEGASAS_SCSI_PCI=y
>>  CONFIG_RTL8139_PCI=y
>>  CONFIG_E1000_PCI=y
>>  CONFIG_IDE_CORE=y
>> diff --git a/hw/megasas.c b/hw/megasas.c
>> new file mode 100644
>> index 0000000..083c3d3
>> --- /dev/null
>> +++ b/hw/megasas.c
>> @@ -0,0 +1,1865 @@
>> +/*
>> + * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
> 
> Link to documentation/hardware spec/driver code?
> 
I would if I had some.
The only reference I had is the Linux megaraid_sas.c driver.

>> + *
>> + * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
>> + *
>> + * This library is free software; you can redistribute it and/or
>> + * modify it under the terms of the GNU Lesser General Public
>> + * License as published by the Free Software Foundation; either
>> + * version 2 of the License, or (at your option) any later version.
>> + *
>> + * This library is distributed in the hope that it will be useful,
>> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
>> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
>> + * Lesser General Public License for more details.
>> + *
>> + * You should have received a copy of the GNU Lesser General Public
>> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
>> + */
>> +
>> +#include "hw.h"
>> +#include "pci.h"
>> +#include "dma.h"
>> +#include "msix.h"
>> +#include "iov.h"
>> +#include "scsi.h"
>> +#include "scsi-defs.h"
>> +#include "block_int.h"
>> +
>> +#include "mfi.h"
>> +
>> +/* Static definitions */
> 
> Remove above comment.
> 
Ok.

>> +#define MEGASAS_VERSION "1.60"
>> +#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
>> +#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
>> +#define MEGASAS_MAX_SGE 128             /* Firmware limit */
>> +#define MEGASAS_DEFAULT_SGE 80
>> +#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
>> +#define MEGASAS_MAX_ARRAYS 128
>> +
>> +#define MEGASAS_FLAG_USE_JBOD      0
>> +#define MEGASAS_MASK_USE_JBOD      (1 << MEGASAS_FLAG_USE_JBOD)
>> +#define MEGASAS_FLAG_USE_MSIX      1
>> +#define MEGASAS_MASK_USE_MSIX      (1 << MEGASAS_FLAG_USE_MSIX)
>> +#define MEGASAS_FLAG_USE_QUEUE64   2
>> +#define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
>> +
>> +const char *megasas_raid_modes[] = {
>> +    "raid", "jbod"
>> +};
>> +
>> +const char *mfi_frame_desc[] = {
>> +    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
>> +    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
> 
> Can't the above go into mfi.h?
> 
Hmm. Well.

The problem with mfi.h is that it's not actually _my_ file, but
rather copied over from NetBSD. I felt a bit stupid doing a recoding
of all the values which are already present in NetBSD ...
Hence the name 'mfi.h', and the different copyright.
For the same reason I try to keep the differences between the
NetBSD and my version as small as possible.

If you have a better solution on how I should handle this
I'm willing to listen ...

>> +
>> +struct megasas_cmd_t {
>> +    uint32_t index;
>> +    uint16_t flags;
>> +    uint16_t count;
>> +    uint64_t context;
>> +
>> +    target_phys_addr_t pa;
>> +    target_phys_addr_t pa_size;
>> +    union mfi_frame *frame;
>> +    SCSIRequest *req;
>> +    struct iovec iov[MEGASAS_MAX_SGE];
>> +    int iov_cnt;
>> +    size_t iov_size;
>> +    size_t iov_offset;
>> +    struct megasas_state_t *state;
>> +};
>> +
>> +typedef struct megasas_state_t {
>> +    PCIDevice dev;
>> +    MemoryRegion mmio_io;
>> +    MemoryRegion port_io;
>> +    MemoryRegion queue_io;
>> +    uint32_t frame_hi;
>> +
>> +    int fw_state;
>> +    uint32_t fw_sge;
>> +    uint32_t fw_cmds;
>> +    uint32_t flags;
>> +    int fw_luns;
>> +    int intr_mask;
>> +    int doorbell;
>> +    int busy;
>> +    char *raid_mode_str;
> 
> make it const char * and you will not need
> casts from const char * to char * which are just wrong.
> 
I've replaced it by using the flag directly, so the
pointer and the values above are removed.

>> +
>> +    struct megasas_cmd_t *event_cmd;
>> +    int event_locale;
>> +    int event_class;
>> +    int event_count;
>> +    int shutdown_event;
>> +    int boot_event;
>> +
>> +    uint64_t reply_queue_pa;
>> +    void *reply_queue;
>> +    int reply_queue_len;
>> +    int reply_queue_head;
>> +    int reply_queue_tail;
>> +    uint64_t consumer_pa;
>> +    uint64_t producer_pa;
>> +
>> +    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
>> +
>> +    SCSIBus bus;
>> +} MPTState;
> 
> Prefix with megasas or mfi, consistently.
> 
D'accord. Leftover from the original code, which was a copy of the
LSI SCSI driver.

[ .. ]
>> +
>> +static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd,
>> +                               int is_logical)
>> +{
>> +    uint8_t *cdb;
>> +    int len;
>> +    struct SCSIDevice *sdev = NULL;
>> +
>> +    cdb = cmd->frame->pass.cdb;
>> +
>> +    if (cmd->frame->header.target_id < s->fw_luns) {
>> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
>> +                                cmd->frame->header.lun_id);
>> +    }
>> +    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
>> +
>> +    if (!sdev || (megasas_is_jbod(s) && is_logical)) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (cmd->frame->header.cdb_len > 16) {
>> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    if (megasas_map_sgl(cmd, &cmd->frame->pass.sgl)) {
>> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    cmd->req = scsi_req_new(sdev, cmd->index,
>> +                            cmd->frame->header.lun_id, cdb, cmd);
>> +    if (!cmd->req) {
>> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
>> +        cmd->frame->header.scsi_status = BUSY;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    len = scsi_req_enqueue(cmd->req);
>> +    if (len > 0) {
>> +        if (len < cmd->iov_size) {
>> +            cmd->iov_size = len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    } else if (len < 0) {
>> +        if (-len < cmd->iov_size) {
>> +            cmd->iov_size = -len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    }
> 
> Shorter:
> 
> if (len < 0) {
>     len = -len;
> }
> 
> if (len) {
>     cmd->iov_size = MIN(len, cmd->iov_size);
>     scsi_req_continue(cmd->req);
> }
> 
> 
Ok.

>> +            cmd->iov_size = -len;
>> +        }
> 
>> +    return MFI_STAT_INVALID_STATUS;
>> +}
>> +
>> +static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
>> +{
>> +    uint32_t lba_count, lba_start_hi, lba_start_lo;
>> +    uint64_t lba_start;
>> +    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
>> +    uint8_t cdb[16];
>> +    int len;
>> +    struct SCSIDevice *sdev = NULL;
>> +
>> +    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
>> +    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
>> +    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
>> +    lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
>> +
>> +    if (cmd->frame->header.target_id < s->fw_luns) {
>> +        sdev = scsi_device_find(&s->bus, 0, cmd->frame->header.target_id,
>> +                                cmd->frame->header.lun_id);
>> +    }
>> +
>> +    if (!sdev) {
>> +        return MFI_STAT_DEVICE_NOT_FOUND;
>> +    }
>> +
>> +    if (cmd->frame->header.cdb_len > 16) {
>> +        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    cmd->iov_size = lba_count * sdev->blocksize;
>> +    if (megasas_map_sgl(cmd, &cmd->frame->io.sgl)) {
>> +        megasas_write_sense(cmd, SENSE_CODE(TARGET_FAILURE));
>> +        cmd->frame->header.scsi_status = CHECK_CONDITION;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    megasas_encode_lba(cdb, lba_start, lba_count, write);
>> +    cmd->req = scsi_req_new(sdev, cmd->index,
>> +                            cmd->frame->header.lun_id, cdb, cmd);
>> +    if (!cmd->req) {
>> +        megasas_write_sense(cmd, SENSE_CODE(NO_SENSE));
>> +        cmd->frame->header.scsi_status = BUSY;
>> +        s->event_count++;
>> +        return MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +    }
>> +
>> +    len = scsi_req_enqueue(cmd->req);
>> +    if (len > 0) {
>> +        if (len < cmd->iov_size) {
>> +            cmd->iov_size = len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    } else if (len < 0) {
>> +        if (-len < cmd->iov_size) {
>> +            cmd->iov_size = -len;
>> +        }
>> +        scsi_req_continue(cmd->req);
>> +    }
>> +    return MFI_STAT_INVALID_STATUS;
> 
> code duplicated from above. make it a function?
> 
Yes, can do.

>> +}
>> +
>> +static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
>> +                                           SCSIRequest *req)
>> +{
>> +    int retval = MFI_STAT_INVALID_CMD;
>> +
>> +    if (cmd->frame->header.frame_cmd == MFI_CMD_DCMD) {
>> +            retval = megasas_finish_internal_dcmd(cmd, req);
>> +    }
>> +    return retval;
>> +}
>> +
>> +static void megasas_xfer_complete(SCSIRequest *req, uint32_t len)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +    uint8_t *buf;
>> +
>> +    if (len) {
>> +        int is_write = megasas_frame_is_write(cmd);
>> +        size_t bytes;
>> +
>> +        buf = scsi_req_get_buf(req);
>> +        if (is_write) {
>> +            bytes = iov_to_buf(cmd->iov, cmd->iov_cnt, buf,
>> +                               cmd->iov_offset, len);
>> +            if (bytes != len) {
>> +                len = bytes;
>> +            }
> 
> as len is unused below this is dead code?
> 
Yes, can be removed.

>> +            cmd->iov_offset += bytes;
>> +        } else {
>> +            bytes = iov_from_buf(cmd->iov, cmd->iov_cnt, buf,
>> +                                 cmd->iov_offset, len);
>> +            if (bytes != len) {
>> +                len = bytes;
>> +            }
> 
> as len is unused below this is dead code?
> 
>> +            cmd->iov_offset += bytes;
>> +        }
>> +    }
> 
> so do we discard 0 length or continue?
> previous functions discard this one continues.
> Intentional?
> 
yes. SCSI magic. The previous function kick off data transfer
(which they only have to if there _is_ data to transfer), hence
the discard.
This one is the callback once data transfer is finished, hence we
need to continue.

Wasn't me who designed this ...

>> +    scsi_req_continue(req);
>> +}
>> +
>> +static void megasas_command_complete(SCSIRequest *req, uint32_t status)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +    uint8_t cmd_status = MFI_STAT_OK;
>> +
>> +    if (cmd->req != req) {
>> +        /*
>> +         * Internal command complete
>> +         */
>> +        cmd_status = megasas_finish_internal_command(cmd, req);
>> +        if (cmd_status == MFI_STAT_INVALID_STATUS) {
>> +            return;
>> +        }
>> +    } else {
>> +        req->status = status;
>> +        if (req->status != GOOD) {
>> +            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
>> +        }
>> +        if (req->status == CHECK_CONDITION) {
>> +            megasas_copy_sense(cmd);
>> +        }
>> +
>> +        megasas_unmap_sgl(cmd);
>> +        cmd->frame->header.scsi_status = req->status;
>> +        scsi_req_unref(cmd->req);
>> +        cmd->req = NULL;
>> +    }
>> +    cmd->frame->header.cmd_status = cmd_status;
>> +    megasas_complete_frame(cmd->state, cmd->context);
>> +}
>> +
>> +static void megasas_command_cancel(SCSIRequest *req)
>> +{
>> +    struct megasas_cmd_t *cmd = req->hba_private;
>> +
>> +    if (cmd) {
>> +        megasas_abort_command(cmd);
>> +    } else {
>> +        scsi_req_unref(req);
>> +    }
>> +    return;
> 
> return here is useless
> 
Indeed.

[ .. ]
>> +
>> +static int megasas_scsi_uninit(PCIDevice *d)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev, d);
> 
> You must also uinit msix.
> It is harmless to do this uncoditionally.
> 
Ok.

> 
>> +
>> +    memory_region_destroy(&s->mmio_io);
>> +    memory_region_destroy(&s->port_io);
>> +    memory_region_destroy(&s->queue_io);
>> +    return 0;
>> +}
>> +
>> +static const struct SCSIBusInfo megasas_scsi_info = {
>> +    .tcq = true,
>> +    .max_target = MFI_MAX_LD,
>> +    .max_lun = 255,
>> +
>> +    .transfer_data = megasas_xfer_complete,
>> +    .complete = megasas_command_complete,
>> +    .cancel = megasas_command_cancel,
>> +};
>> +
>> +static int megasas_scsi_init(PCIDevice *dev)
>> +{
>> +    MPTState *s = DO_UPCAST(MPTState, dev, dev);
>> +    uint8_t *pci_conf;
>> +    int i;
>> +
>> +    pci_conf = s->dev.config;
>> +
>> +    /* PCI latency timer = 0 */
>> +    pci_conf[PCI_LATENCY_TIMER] = 0;
>> +    /* Interrupt pin 1 */
>> +    pci_conf[PCI_INTERRUPT_PIN] = 0x01;
>> +
>> +    memory_region_init_io(&s->mmio_io, &megasas_mmio_ops, s,
>> +                          "megasas-mmio", 0x4000);
>> +    memory_region_init_io(&s->port_io, &megasas_port_ops, s,
>> +                          "megasas-io", 256);
>> +    memory_region_init_io(&s->queue_io, &megasas_queue_ops, s,
>> +                          "megasas-queue", 0x40000);
>> +
>> +    if (megasas_use_msix(s) &&
>> +        msix_init(&s->dev, 15, &s->mmio_io, 0, 0x2000)) {
>> +        s->flags &= ~MEGASAS_MASK_USE_MSIX;
> 
> You'd want an error message here. maybe even fail init.
> 
But why? The driver continues happily without MSI-X.
And the failure message will be printed out via trace events,
in case someone is interested.

>> +    }
>> +
>> +    pci_register_bar(&s->dev, 0, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->mmio_io);
>> +    pci_register_bar(&s->dev, 2, PCI_BASE_ADDRESS_SPACE_IO, &s->port_io);
>> +    pci_register_bar(&s->dev, 3, PCI_BASE_ADDRESS_SPACE_MEMORY, &s->queue_io);
>> +
>> +    if (megasas_use_msix(s)) {
>> +        msix_vector_use(&s->dev, 0);
> 
> You can do this unconditionally.  But I have a question: are you using a
> single vector? I note that you request 15 vectors from the OS.
The original hardware does. So I thought it best to simulate this as
close as possible.

> The vector allocator 
> 
>> +    }
>> +
>> +    if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
>> +        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
>> +    } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
>> +        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
>> +    } else {
>> +        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
>> +    }
>> +    if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
>> +        s->fw_cmds = MEGASAS_MAX_FRAMES;
>> +    }
>> +    if (s->raid_mode_str) {
>> +        if (!strcmp(s->raid_mode_str, "jbod")) {
>> +            s->flags |= MEGASAS_MASK_USE_JBOD;
>> +        } else {
>> +            s->flags &= ~MEGASAS_MASK_USE_JBOD;
>> +            s->raid_mode_str = (char *)megasas_raid_modes[0];
>> +        }
> 
> validate mode value. Anything that is not raid or jbod
> should fail.
> 
See above. Code has been removed.

>> +    } else {
>> +        s->raid_mode_str = (char *)megasas_raid_modes[0];
>> +    }
> 
> Don't cast, use consisten styles.
> 
>> +    s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
>> +        MAX_SCSI_DEVS : MFI_MAX_LD;
>> +    s->producer_pa = 0;
>> +    s->consumer_pa = 0;
>> +    for (i = 0; i < s->fw_cmds; i++) {
>> +        s->frames[i].index = i;
>> +        s->frames[i].context = -1;
>> +        s->frames[i].pa = 0;
>> +        s->frames[i].state = s;
>> +    }
>> +
>> +    scsi_bus_new(&s->bus, &dev->qdev, &megasas_scsi_info);
>> +    scsi_bus_legacy_handle_cmdline(&s->bus);
>> +    return 0;
>> +}
>> +
>> +static Property megasas_properties[] = {
>> +    DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
>> +                       MEGASAS_DEFAULT_SGE),
>> +    DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
>> +                       MEGASAS_DEFAULT_FRAMES),
>> +    DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
>> +    DEFINE_PROP_BIT("use_msix", MPTState, flags,
>> +                    MEGASAS_FLAG_USE_MSIX, false),
> 
> This is just a workaround for debugging, right?
> So either just remove all msix code for now,
> if 0 all msix code, or name property x-use_msix
> 
Ok. I'll go for the '#if 0'.

>> +    DEFINE_PROP_END_OF_LIST(),
>> +};
>> +
>> +static void megasas_class_init(ObjectClass *oc, void *data)
>> +{
>> +    DeviceClass *dc = DEVICE_CLASS(oc);
>> +    PCIDeviceClass *pc = PCI_DEVICE_CLASS(oc);
>> +
>> +    pc->init = megasas_scsi_init;
>> +    pc->exit = megasas_scsi_uninit;
>> +    pc->vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
>> +    pc->device_id = PCI_DEVICE_ID_LSI_SAS1078;
>> +    pc->subsystem_vendor_id = PCI_VENDOR_ID_LSI_LOGIC;
>> +    pc->subsystem_id = 0x1013;
>> +    pc->class_id = PCI_CLASS_STORAGE_RAID;
>> +    dc->props = megasas_properties;
>> +    dc->reset = megasas_scsi_reset;
>> +    dc->vmsd = &vmstate_megasas;
>> +    dc->desc = "LSI MegaRAID SAS 1078";
>> +}
>> +
>> +static TypeInfo megasas_info = {
>> +    .name  = "megasas",
>> +    .parent = TYPE_PCI_DEVICE,
>> +    .instance_size = sizeof(MPTState),
>> +    .class_init = megasas_class_init,
>> +};
>> +
>> +static void megaraid1078_register_types(void)
>> +{
>> +    type_register_static(&megasas_info);
>> +}
>> +
>> +type_init(megaraid1078_register_types);
> 
> 
> why not megasas_ ?
> 
Because?
But yes, good point.

>> diff --git a/hw/mfi.h b/hw/mfi.h
>> new file mode 100644
>> index 0000000..4790c7c
>> --- /dev/null
>> +++ b/hw/mfi.h
> 
> Sorry if this was discussed already, where is this
> code from? freebsd? it seems to have this:
> http://gitorious.org/freebsd/freebsd/blobs/HEAD/sys/dev/mfi/mfireg.h
Yes, that's the case.

> Want to name the file the same and add a link?
> This would be an explanation why we keep the
> file in a weird style incompatible with qemu.
> 
> Still some things I think are better off fixed.
> Noted below.
> 
>> @@ -0,0 +1,1281 @@
>> +/*-
>> + * Copyright (c) 2006 IronPort Systems
>> + * All rights reserved.
>> + *
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + * 1. Redistributions of source code must retain the above copyright
>> + *    notice, this list of conditions and the following disclaimer.
>> + * 2. Redistributions in binary form must reproduce the above copyright
>> + *    notice, this list of conditions and the following disclaimer in the
>> + *    documentation and/or other materials provided with the distribution.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
>> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
>> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
>> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
>> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>> + * SUCH DAMAGE.
>> + */
>> +/*-
>> + * Copyright (c) 2007 LSI Corp.
>> + * Copyright (c) 2007 Rajesh Prabhakaran.
>> + * All rights reserved.
>> + *
>> + * Redistribution and use in source and binary forms, with or without
>> + * modification, are permitted provided that the following conditions
>> + * are met:
>> + * 1. Redistributions of source code must retain the above copyright
>> + *    notice, this list of conditions and the following disclaimer.
>> + * 2. Redistributions in binary form must reproduce the above copyright
>> + *    notice, this list of conditions and the following disclaimer in the
>> + *    documentation and/or other materials provided with the distribution.
>> + *
>> + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
>> + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
>> + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
>> + * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
>> + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
>> + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
>> + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
>> + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
>> + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
>> + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
>> + * SUCH DAMAGE.
>> + */
> 
> Why do we need two of these? They appear identical.
> Just combine all copyrights.
> 
Ok.

>> +
>> +#ifndef _MFI_H
>> +#define _MFI_H
> 
> Don't start identifiers with a single _ followed
> by an upper case letter. MFI_REG_H would be a better name.
> 
>> +
>> +/*
>> + * MegaRAID SAS MFI firmware definitions
>> + *
>> + * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a completely
>> + * new firmware interface from the old AMI MegaRAID one, and there is no
>> + * reason why this interface should be limited to just SAS.  In any case, LSI
>> + * seems to also call this interface 'MFI', so that will be used here.
>> + */
> 
> *Which* driver name is misleading?
> I'd suggest droping this comment that argues with itself,
> and explaining what this header *is*. E.g. is the below right?
> /*
>   MFI is a common firmware interface used by MegaRAID
>   family of controllers by SAS and LSI
>  */
>> +
>> +/*
>> + * Start with the register set.
>>  All registers are 32 bits wide.
>> + * The usual Intel IOP style setup.
>> + */
>> +#define MFI_IMSG0 0x10    /* Inbound message 0 */
>> +#define MFI_IMSG1 0x14    /* Inbound message 1 */
>> +#define MFI_OMSG0 0x18    /* Outbound message 0 */
>> +#define MFI_OMSG1 0x1c    /* Outbound message 1 */
>> +#define MFI_IDB   0x20    /* Inbound doorbell */
>> +#define MFI_ISTS  0x24    /* Inbound interrupt status */
>> +#define MFI_IMSK  0x28    /* Inbound interrupt mask */
>> +#define MFI_ODB   0x2c    /* Outbound doorbell */
>> +#define MFI_OSTS  0x30    /* Outbound interrupt status */
>> +#define MFI_OMSK  0x34    /* Outbound interrupt mask */
>> +#define MFI_IQP   0x40    /* Inbound queue port */
>> +#define MFI_OQP   0x44    /* Outbound queue port */
>> +
>> +/*
>> + * 1078 specific related register
>> + */
>> +#define MFI_ODR0        0x9c            /* outbound doorbell register0 */
>> +#define MFI_ODCR0       0xa0            /* outbound doorbell clear register0  */
>> +#define MFI_OSP0        0xb0            /* outbound scratch pad0  */
>> +#define MFI_IQPL        0xc0            /* Inbound queue port (low bytes)  */
>> +#define MFI_IQPH        0xc4            /* Inbound queue port (high bytes)  */
>> +#define MFI_DIAG        0xf8            /* Host diag */
>> +#define MFI_SEQ         0xfc            /* Sequencer offset */
>> +#define MFI_1078_EIM    0x80000004      /* 1078 enable intrrupt mask  */
>> +#define MFI_RMI         0x2             /* reply message interrupt  */
>> +#define MFI_1078_RM     0x80000000      /* reply 1078 message interrupt  */
>> +#define MFI_ODC         0x4             /* outbound doorbell change interrupt */
>> +
>> +/*
>> + * gen2 specific changes
>> + */
>> +#define MFI_GEN2_EIM    0x00000005      /* gen2 enable interrupt mask */
>> +#define MFI_GEN2_RM     0x00000001      /* reply gen2 message interrupt */
>> +
>> +/*
>> + * skinny specific changes
>> + */
>> +#define MFI_SKINNY_IDB  0x00    /* Inbound doorbell is at 0x00 for skinny */
>> +#define MFI_SKINNY_RM   0x00000001      /* reply skinny message interrupt */
>> +
>> +/* Bits for MFI_OSTS */
>> +#define MFI_OSTS_INTR_VALID     0x00000002
>> +
>> +/*
>> + * Firmware state values.  Found in OMSG0 during initialization.
>> + */
>> +#define MFI_FWSTATE_MASK                0xf0000000
>> +#define MFI_FWSTATE_UNDEFINED           0x00000000
>> +#define MFI_FWSTATE_BB_INIT             0x10000000
>> +#define MFI_FWSTATE_FW_INIT             0x40000000
>> +#define MFI_FWSTATE_WAIT_HANDSHAKE      0x60000000
>> +#define MFI_FWSTATE_FW_INIT_2           0x70000000
>> +#define MFI_FWSTATE_DEVICE_SCAN         0x80000000
>> +#define MFI_FWSTATE_BOOT_MSG_PENDING    0x90000000
>> +#define MFI_FWSTATE_FLUSH_CACHE         0xa0000000
>> +#define MFI_FWSTATE_READY               0xb0000000
>> +#define MFI_FWSTATE_OPERATIONAL         0xc0000000
>> +#define MFI_FWSTATE_FAULT               0xf0000000
>> +#define MFI_FWSTATE_MAXSGL_MASK         0x00ff0000
>> +#define MFI_FWSTATE_MAXCMD_MASK         0x0000ffff
>> +#define MFI_FWSTATE_MSIX_SUPPORTED      0x04000000
>> +#define MFI_FWSTATE_HOSTMEMREQD_MASK    0x08000000
>> +
>> +/*
>> + * Control bits to drive the card to ready state.  These go into the IDB
>> + * register.
>> + */
>> +#define MFI_FWINIT_ABORT        0x00000001 /* Abort all pending commands */
>> +#define MFI_FWINIT_READY        0x00000002 /* Move from operational to ready */
>> +#define MFI_FWINIT_MFIMODE      0x00000004 /* unknown */
>> +#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE */
>> +#define MFI_FWINIT_HOTPLUG      0x00000010
>> +#define MFI_FWINIT_STOP_ADP     0x00000020 /* Move to operational, stop */
>> +#define MFI_FWINIT_ADP_RESET    0x00000040 /* Reset ADP */
>> +
>> +/* MFI Commands */
>> +typedef enum {
>> +    MFI_CMD_INIT = 0x00,
>> +    MFI_CMD_LD_READ,
>> +    MFI_CMD_LD_WRITE,
>> +    MFI_CMD_LD_SCSI_IO,
>> +    MFI_CMD_PD_SCSI_IO,
>> +    MFI_CMD_DCMD,
>> +    MFI_CMD_ABORT,
>> +    MFI_CMD_SMP,
>> +    MFI_CMD_STP
>> +} mfi_cmd_t ;
> 
> space before ;, here and elsewhere.
> 
Fixed.

> 
>> +
>> +/* Direct commands */
>> +typedef enum {
>> +    MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =  0x0100e100,
>> +    MFI_DCMD_CTRL_GET_INFO =            0x01010000,
>> +    MFI_DCMD_CTRL_GET_PROPERTIES =      0x01020100,
>> +    MFI_DCMD_CTRL_SET_PROPERTIES =      0x01020200,
>> +    MFI_DCMD_CTRL_ALARM =               0x01030000,
>> +    MFI_DCMD_CTRL_ALARM_GET =           0x01030100,
>> +    MFI_DCMD_CTRL_ALARM_ENABLE =        0x01030200,
>> +    MFI_DCMD_CTRL_ALARM_DISABLE =       0x01030300,
>> +    MFI_DCMD_CTRL_ALARM_SILENCE =       0x01030400,
>> +    MFI_DCMD_CTRL_ALARM_TEST =          0x01030500,
>> +    MFI_DCMD_CTRL_EVENT_GETINFO =       0x01040100,
>> +    MFI_DCMD_CTRL_EVENT_CLEAR =         0x01040200,
>> +    MFI_DCMD_CTRL_EVENT_GET =           0x01040300,
>> +    MFI_DCMD_CTRL_EVENT_COUNT =         0x01040400,
>> +    MFI_DCMD_CTRL_EVENT_WAIT =          0x01040500,
>> +    MFI_DCMD_CTRL_SHUTDOWN =            0x01050000,
>> +    MFI_DCMD_HIBERNATE_STANDBY =        0x01060000,
>> +    MFI_DCMD_CTRL_GET_TIME =            0x01080101,
>> +    MFI_DCMD_CTRL_SET_TIME =            0x01080102,
>> +    MFI_DCMD_CTRL_BIOS_DATA_GET =       0x010c0100,
>> +    MFI_DCMD_CTRL_BIOS_DATA_SET =       0x010c0200,
>> +    MFI_DCMD_CTRL_FACTORY_DEFAULTS =    0x010d0000,
>> +    MFI_DCMD_CTRL_MFC_DEFAULTS_GET =    0x010e0201,
>> +    MFI_DCMD_CTRL_MFC_DEFAULTS_SET =    0x010e0202,
>> +    MFI_DCMD_CTRL_CACHE_FLUSH =         0x01101000,
>> +    MFI_DCMD_PD_GET_LIST =              0x02010000,
>> +    MFI_DCMD_PD_LIST_QUERY =            0x02010100,
>> +    MFI_DCMD_PD_GET_INFO =              0x02020000,
>> +    MFI_DCMD_PD_STATE_SET =             0x02030100,
>> +    MFI_DCMD_PD_REBUILD =               0x02040100,
>> +    MFI_DCMD_PD_BLINK =                 0x02070100,
>> +    MFI_DCMD_PD_UNBLINK =               0x02070200,
>> +    MFI_DCMD_LD_GET_LIST =              0x03010000,
>> +    MFI_DCMD_LD_GET_INFO =              0x03020000,
>> +    MFI_DCMD_LD_GET_PROP =              0x03030000,
>> +    MFI_DCMD_LD_SET_PROP =              0x03040000,
>> +    MFI_DCMD_LD_DELETE =                0x03090000,
>> +    MFI_DCMD_CFG_READ =                 0x04010000,
>> +    MFI_DCMD_CFG_ADD =                  0x04020000,
>> +    MFI_DCMD_CFG_CLEAR =                0x04030000,
>> +    MFI_DCMD_CFG_FOREIGN_READ =         0x04060100,
>> +    MFI_DCMD_CFG_FOREIGN_IMPORT =       0x04060400,
>> +    MFI_DCMD_BBU_STATUS =               0x05010000,
>> +    MFI_DCMD_BBU_CAPACITY_INFO =        0x05020000,
>> +    MFI_DCMD_BBU_DESIGN_INFO =          0x05030000,
>> +    MFI_DCMD_BBU_PROP_GET =             0x05050100,
>> +    MFI_DCMD_CLUSTER =                  0x08000000,
>> +    MFI_DCMD_CLUSTER_RESET_ALL =        0x08010100,
>> +    MFI_DCMD_CLUSTER_RESET_LD =         0x08010200
>> +} mfi_dcmd_t ;
> 
> 
> space before ;
> 
Fixed.

>> +
>> +/* The queue init structure that is passed with the init message */
>> +struct mfi_init_qinfo {
>> +    uint32_t flags;
>> +    uint32_t rq_entries;
>> +    uint32_t rq_addr_lo;
>> +    uint32_t rq_addr_hi;
>> +    uint32_t pi_addr_lo;
>> +    uint32_t pi_addr_hi;
>> +    uint32_t ci_addr_lo;
>> +    uint32_t ci_addr_hi;
>> +} __attribute__ ((packed));
> 
> Don't use a packed attribute - it's not necessary here and creates
> much worse code as gcc must then assume unaligned struct address.
> You had to tweak the attribute anyway, just drop it.
> 
Ok. Just had it there for consistency.

>> +
>> +/* Controller properties */
>> +struct mfi_ctrl_props {
>> +    uint16_t seq_num;
>> +    uint16_t pred_fail_poll_interval;
>> +    uint16_t intr_throttle_cnt;
>> +    uint16_t intr_throttle_timeout;
>> +    uint8_t rebuild_rate;
>> +    uint8_t patrol_read_rate;
>> +    uint8_t bgi_rate;
>> +    uint8_t cc_rate;
>> +    uint8_t recon_rate;
>> +    uint8_t cache_flush_interval;
>> +    uint8_t spinup_drv_cnt;
>> +    uint8_t spinup_delay;
>> +    uint8_t cluster_enable;
>> +    uint8_t coercion_mode;
>> +    uint8_t alarm_enable;
>> +    uint8_t disable_auto_rebuild;
>> +    uint8_t disable_battery_warn;
>> +    uint8_t ecc_bucket_size;
>> +    uint16_t ecc_bucket_leak_rate;
>> +    uint8_t restore_hotspare_on_insertion;
>> +    uint8_t expose_encl_devices;
>> +    uint8_t maintainPdFailHistory;
>> +    uint8_t disallowHostRequestReordering;
>> +    uint8_t abortCCOnError;
>> +    uint8_t loadBalanceMode;
>> +    uint8_t disableAutoDetectBackplane;
>> +    uint8_t snapVDSpace;
>> +    struct {
>> +        /* set TRUE to disable copyBack (0=copyback enabled) */
>> +        uint32_t copyBackDisabled:1,
>> +            SMARTerEnabled:1,
>> +            prCorrectUnconfiguredAreas:1,
>> +            useFdeOnly:1,
>> +            disableNCQ:1,
>> +            SSDSMARTerEnabled:1,
>> +            SSDPatrolReadEnabled:1,
>> +            enableSpinDownUnconfigured:1,
>> +            autoEnhancedImport:1,
>> +            enableSecretKeyControl:1,
>> +            disableOnlineCtrlReset:1,
>> +            allowBootWithPinnedCache:1,
>> +            disableSpinDownHS:1,
>> +            enableJBOD:1,
>> +            reserved:18;
>> +    } OnOffProperties;
> 
> Using bitfields for anything where you care about endian-ness
> is IMO wrong, and you normally do care for BE host + LE guest.
> No idea what bsd does to handle this.
> 
Well, I don't really have a choice. That the firmware interface,
which is using this kind of construct.
So I'm getting passed in a bitfield, which I then have to evaluate.
I should be okay as I'll be doing a byteshuffle before evaluation.
But yes, this interface is absolutely horrible.

[ .. ]
>> +union mfi_spare_type {
>> +    struct {
>> +        uint8_t is_dedicate:1,
>> +            is_revertable:1,
>> +            is_encl_affinity:1,
>> +            reserved:5;
>> +    } v;
>> +    uint8_t type;
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_ARRAYS 16
> 
> Use a prefix to avoid global namespace pollution.
> 
>> +struct mfi_spare {
>> +    union mfi_pd_ref ref;
>> +    union mfi_spare_type spare_type;
>> +    uint8_t reserved[2];
>> +    uint8_t array_count;
>> +    uint16_t array_refd[MAX_ARRAYS];
>> +} __attribute__ ((packed));
>> +
>> +#define MAX_ROW_SIZE 32
> 
> Use a prefix to avoid global namespace pollution.
> 
Prefixed with MFI_

>> +struct mfi_array {
>> +    uint64_t size;
>> +    uint8_t num_drives;
>> +    uint8_t reserved;
>> +    uint16_t array_ref;
>> +    uint8_t pad[20];
>> +    struct {
>> +        union mfi_pd_ref ref;
>> +        uint16_t fw_state;
>> +        struct {
>> +            uint8_t pd;
>> +            uint8_t slot;
>> +        } encl;
>> +    } pd[MAX_ROW_SIZE];
>> +} __attribute__ ((packed));
>> +
>> +struct mfi_config_data {
>> +    uint32_t size;
>> +    uint16_t array_count;
>> +    uint16_t array_size;
>> +    uint16_t log_drv_count;
>> +    uint16_t log_drv_size;
>> +    uint16_t spares_count;
>> +    uint16_t spares_size;
>> +    uint8_t reserved[16];
>> +    uint8_t data;
>> +    /*
>> +      struct mfi_array  array[];
>> +      struct mfi_ld_config ld[];
>> +      struct mfi_spare  spare[];
>> +    */
>> +} __attribute__ ((packed));
>> +
>> +#define MFI_SCSI_MAX_t ARGETS  128
> 
> What's this?
> 
Ouch.

sed script gone bonkers.

>> +#define MFI_SCSI_MAX_LUNS       8
>> +#define MFI_SCSI_INITIATOR_ID 255
>> +#define MFI_SCSI_MAX_CMDS       8
>> +#define MFI_SCSI_MAX_CDB_LEN   16
>> +
>> +#endif /* _MFI_H */
> 
> make below a separate patch pls.
> 
Yeah, convinced me. Will be doing so.

>> diff --git a/hw/pci_ids.h b/hw/pci_ids.h
>> index e8235a7..0306255 100644
>> --- a/hw/pci_ids.h
>> +++ b/hw/pci_ids.h
>> @@ -12,9 +12,9 @@
>>  
>>  #define PCI_BASE_CLASS_STORAGE           0x01
>>  #define PCI_BASE_CLASS_NETWORK           0x02
>> -
> 
> Why? This separates base class list from storage
> subclasses.
> 
Oversight. sorry.

>>  #define PCI_CLASS_STORAGE_SCSI           0x0100
>>  #define PCI_CLASS_STORAGE_IDE            0x0101
>> +#define PCI_CLASS_STORAGE_RAID           0x0104
>>  #define PCI_CLASS_STORAGE_SATA           0x0106
>>  #define PCI_CLASS_STORAGE_OTHER          0x0180
>>  
>> @@ -47,6 +47,7 @@
>>  
>>  #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
>>  #define PCI_DEVICE_ID_LSI_53C895A        0x0012
>> +#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
>>  
>>  #define PCI_VENDOR_ID_DEC                0x1011
>>  #define PCI_DEVICE_ID_DEC_21154          0x0026
>> -- 
>> 1.7.3.4
>>

Again, thanks for the review.
Will be merged in the next version.

Cheers,

Hannes
Michael S. Tsirkin - Feb. 27, 2012, 10:31 a.m.
On Mon, Feb 27, 2012 at 10:17:21AM +0100, Hannes Reinecke wrote:
> Hi Micheal,
> 
> thanks for your review.
> You'll find the answers inline.
> 
> On 02/23/2012 04:34 PM, Michael S. Tsirkin wrote:
> > On Tue, Feb 21, 2012 at 10:36:43AM +0100, Hannes Reinecke wrote:
> >> This patch adds an emulation for the LSI Megaraid SAS 8708EM2 HBA.
> >> I've tested it to work with Linux, Windows Vista, and Windows7.
> >> MSI-X support is currently broken; have to investigate.
> >>
> [ .. ]
> > 
> > So Alex asked whether I can merge this, which made me
> > take a look. I don't know much about what this does
> > so just general comments on all of the code.
> > 
> > Also, some issues related to msix - want to rip that code
> > out for now since it does not work anyway?
> > 
> Well, I left it in as a reminder how things _should_ be coded.
> I was hoping to get it to work eventually.
> 
> But then I didn't so maybe you're right.
> 
> > qemu has two styles for struct and enum types:
> > 1. documented: typedef struct CamelCase CamelCase;
> > 2. undocumented but still widely used: struct lower_case; (no typedef)
> > *_t type typedef is used for numeric types such as target_phys_addr_t.
> > 
> > This code mixes them in arbitrary ways. Pls don't do that,
> > pls be consistent.
> > 
> Ok, done.
> 
> > 
> > 
> > 
> >> ---
> >>  Makefile.objs           |    1 +
> >>  default-configs/pci.mak |    1 +
> >>  hw/megasas.c            | 1865 +++++++++++++++++++++++++++++++++++++++++++++++
> >>  hw/mfi.h                | 1281 ++++++++++++++++++++++++++++++++
> >>  hw/pci_ids.h            |    3 +-
> >>  5 files changed, 3150 insertions(+), 1 deletions(-)
> >>  create mode 100644 hw/megasas.c
> >>  create mode 100644 hw/mfi.h
> >>
> >> diff --git a/Makefile.objs b/Makefile.objs
> >> index 391e524..5841998 100644
> >> --- a/Makefile.objs
> >> +++ b/Makefile.objs
> >> @@ -283,6 +283,7 @@ hw-obj-$(CONFIG_AHCI) += ide/ich.o
> >>  
> >>  # SCSI layer
> >>  hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
> >> +hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
> >>  hw-obj-$(CONFIG_ESP) += esp.o
> >>  
> >>  hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
> >> diff --git a/default-configs/pci.mak b/default-configs/pci.mak
> >> index 9d3e1db..4b49c00 100644
> >> --- a/default-configs/pci.mak
> >> +++ b/default-configs/pci.mak
> >> @@ -10,6 +10,7 @@ CONFIG_EEPRO100_PCI=y
> >>  CONFIG_PCNET_PCI=y
> >>  CONFIG_PCNET_COMMON=y
> >>  CONFIG_LSI_SCSI_PCI=y
> >> +CONFIG_MEGASAS_SCSI_PCI=y
> >>  CONFIG_RTL8139_PCI=y
> >>  CONFIG_E1000_PCI=y
> >>  CONFIG_IDE_CORE=y
> >> diff --git a/hw/megasas.c b/hw/megasas.c
> >> new file mode 100644
> >> index 0000000..083c3d3
> >> --- /dev/null
> >> +++ b/hw/megasas.c
> >> @@ -0,0 +1,1865 @@
> >> +/*
> >> + * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
> > 
> > Link to documentation/hardware spec/driver code?
> > 
> I would if I had some.
> The only reference I had is the Linux megaraid_sas.c driver.
> 
> >> + *
> >> + * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
> >> + *
> >> + * This library is free software; you can redistribute it and/or
> >> + * modify it under the terms of the GNU Lesser General Public
> >> + * License as published by the Free Software Foundation; either
> >> + * version 2 of the License, or (at your option) any later version.
> >> + *
> >> + * This library is distributed in the hope that it will be useful,
> >> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> >> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
> >> + * Lesser General Public License for more details.
> >> + *
> >> + * You should have received a copy of the GNU Lesser General Public
> >> + * License along with this library; if not, see <http://www.gnu.org/licenses/>.
> >> + */
> >> +
> >> +#include "hw.h"
> >> +#include "pci.h"
> >> +#include "dma.h"
> >> +#include "msix.h"
> >> +#include "iov.h"
> >> +#include "scsi.h"
> >> +#include "scsi-defs.h"
> >> +#include "block_int.h"
> >> +
> >> +#include "mfi.h"
> >> +
> >> +/* Static definitions */
> > 
> > Remove above comment.
> > 
> Ok.
> 
> >> +#define MEGASAS_VERSION "1.60"
> >> +#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
> >> +#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
> >> +#define MEGASAS_MAX_SGE 128             /* Firmware limit */
> >> +#define MEGASAS_DEFAULT_SGE 80
> >> +#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
> >> +#define MEGASAS_MAX_ARRAYS 128
> >> +
> >> +#define MEGASAS_FLAG_USE_JBOD      0
> >> +#define MEGASAS_MASK_USE_JBOD      (1 << MEGASAS_FLAG_USE_JBOD)
> >> +#define MEGASAS_FLAG_USE_MSIX      1
> >> +#define MEGASAS_MASK_USE_MSIX      (1 << MEGASAS_FLAG_USE_MSIX)
> >> +#define MEGASAS_FLAG_USE_QUEUE64   2
> >> +#define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
> >> +
> >> +const char *megasas_raid_modes[] = {
> >> +    "raid", "jbod"
> >> +};
> >> +
> >> +const char *mfi_frame_desc[] = {
> >> +    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
> >> +    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
> > 
> > Can't the above go into mfi.h?
> > 
> Hmm. Well.
> 
> The problem with mfi.h is that it's not actually _my_ file, but
> rather copied over from NetBSD. I felt a bit stupid doing a recoding
> of all the values which are already present in NetBSD ...
> Hence the name 'mfi.h', and the different copyright.
> For the same reason I try to keep the differences between the
> NetBSD and my version as small as possible.
> 
> If you have a better solution on how I should handle this
> I'm willing to listen ...

Document where's the file from as suggested below.

> >> +    if (megasas_use_msix(s) &&
> >> +        msix_init(&s->dev, 15, &s->mmio_io, 0, 0x2000)) {
> >> +        s->flags &= ~MEGASAS_MASK_USE_MSIX;
> > 
> > You'd want an error message here. maybe even fail init.
> > 
> But why? The driver continues happily without MSI-X.
> And the failure message will be printed out via trace events,
> in case someone is interested.

It is important that the configuration is fully specified
by the flags.
For example, otherwise migration to another host where
MSIX does work will then fail.


> >> diff --git a/hw/mfi.h b/hw/mfi.h
> >> new file mode 100644
> >> index 0000000..4790c7c
> >> --- /dev/null
> >> +++ b/hw/mfi.h
> > 
> > Sorry if this was discussed already, where is this
> > code from? freebsd? it seems to have this:
> > http://gitorious.org/freebsd/freebsd/blobs/HEAD/sys/dev/mfi/mfireg.h
> Yes, that's the case.
> 
> > Want to name the file the same and add a link?
> > This would be an explanation why we keep the
> > file in a weird style incompatible with qemu.
> > 
> > Still some things I think are better off fixed.
> > Noted below.
> > 
> >> +
> >> +/* Controller properties */
> >> +struct mfi_ctrl_props {
> >> +    uint16_t seq_num;
> >> +    uint16_t pred_fail_poll_interval;
> >> +    uint16_t intr_throttle_cnt;
> >> +    uint16_t intr_throttle_timeout;
> >> +    uint8_t rebuild_rate;
> >> +    uint8_t patrol_read_rate;
> >> +    uint8_t bgi_rate;
> >> +    uint8_t cc_rate;
> >> +    uint8_t recon_rate;
> >> +    uint8_t cache_flush_interval;
> >> +    uint8_t spinup_drv_cnt;
> >> +    uint8_t spinup_delay;
> >> +    uint8_t cluster_enable;
> >> +    uint8_t coercion_mode;
> >> +    uint8_t alarm_enable;
> >> +    uint8_t disable_auto_rebuild;
> >> +    uint8_t disable_battery_warn;
> >> +    uint8_t ecc_bucket_size;
> >> +    uint16_t ecc_bucket_leak_rate;
> >> +    uint8_t restore_hotspare_on_insertion;
> >> +    uint8_t expose_encl_devices;
> >> +    uint8_t maintainPdFailHistory;
> >> +    uint8_t disallowHostRequestReordering;
> >> +    uint8_t abortCCOnError;
> >> +    uint8_t loadBalanceMode;
> >> +    uint8_t disableAutoDetectBackplane;
> >> +    uint8_t snapVDSpace;
> >> +    struct {
> >> +        /* set TRUE to disable copyBack (0=copyback enabled) */
> >> +        uint32_t copyBackDisabled:1,
> >> +            SMARTerEnabled:1,
> >> +            prCorrectUnconfiguredAreas:1,
> >> +            useFdeOnly:1,
> >> +            disableNCQ:1,
> >> +            SSDSMARTerEnabled:1,
> >> +            SSDPatrolReadEnabled:1,
> >> +            enableSpinDownUnconfigured:1,
> >> +            autoEnhancedImport:1,
> >> +            enableSecretKeyControl:1,
> >> +            disableOnlineCtrlReset:1,
> >> +            allowBootWithPinnedCache:1,
> >> +            disableSpinDownHS:1,
> >> +            enableJBOD:1,
> >> +            reserved:18;
> >> +    } OnOffProperties;
> > 
> > Using bitfields for anything where you care about endian-ness
> > is IMO wrong, and you normally do care for BE host + LE guest.
> > No idea what bsd does to handle this.
> > 
> Well, I don't really have a choice. That the firmware interface,
> which is using this kind of construct.
> So I'm getting passed in a bitfield, which I then have to evaluate.
> I should be okay as I'll be doing a byteshuffle before evaluation.
> But yes, this interface is absolutely horrible.

Bits are pretty comment as an interface.
The sane thing to do is to have some macros or enums
specifying the bits. Then you can do
le32_to_cpu(x) & MFI_DISABLE_SPIN_DOWN_HS

I don't see the shuffle in code.
E.g. info->properties.OnOffProperties.enableJBOD = 1
and no shuffle in sight.  Add a comment
here and where you do the shuffle?
Andreas Färber - Feb. 27, 2012, 1:47 p.m.
Am 23.02.2012 16:34, schrieb Michael S. Tsirkin:
> On Tue, Feb 21, 2012 at 10:36:43AM +0100, Hannes Reinecke wrote:
>> diff --git a/hw/megasas.c b/hw/megasas.c
>> new file mode 100644
>> index 0000000..083c3d3
>> --- /dev/null
>> +++ b/hw/megasas.c

>> +static void megaraid1078_register_types(void)
>> +{
>> +    type_register_static(&megasas_info);
>> +}
>> +
>> +type_init(megaraid1078_register_types);
> 
> 
> why not megasas_ ?

And while at it, no semicolon after type_init() please. It defines a
function and I recently cleaned up all callers.

Andreas
Hannes Reinecke - Feb. 27, 2012, 3:24 p.m.
On 02/27/2012 11:31 AM, Michael S. Tsirkin wrote:
> On Mon, Feb 27, 2012 at 10:17:21AM +0100, Hannes Reinecke wrote:
[ .. ]
>>
>> The problem with mfi.h is that it's not actually _my_ file, but
>> rather copied over from NetBSD. I felt a bit stupid doing a recoding
>> of all the values which are already present in NetBSD ...
>> Hence the name 'mfi.h', and the different copyright.
>> For the same reason I try to keep the differences between the
>> NetBSD and my version as small as possible.
>>
>> If you have a better solution on how I should handle this
>> I'm willing to listen ...
> 
> Document where's the file from as suggested below.
> 
Yes, done.

>>>> +    if (megasas_use_msix(s) &&
>>>> +        msix_init(&s->dev, 15, &s->mmio_io, 0, 0x2000)) {
>>>> +        s->flags &= ~MEGASAS_MASK_USE_MSIX;
>>>
>>> You'd want an error message here. maybe even fail init.
>>>
>> But why? The driver continues happily without MSI-X.
>> And the failure message will be printed out via trace events,
>> in case someone is interested.
> 
> It is important that the configuration is fully specified
> by the flags.
> For example, otherwise migration to another host where
> MSIX does work will then fail.
> 
> 
Ok, thanks for the explanation.
But I'll be #ifdef'inf MSI-X support for the time being anyway.

>>>> diff --git a/hw/mfi.h b/hw/mfi.h
>>>> new file mode 100644
>>>> index 0000000..4790c7c
>>>> --- /dev/null
>>>> +++ b/hw/mfi.h
>>>
>>> Sorry if this was discussed already, where is this
>>> code from? freebsd? it seems to have this:
>>> http://gitorious.org/freebsd/freebsd/blobs/HEAD/sys/dev/mfi/mfireg.h
>> Yes, that's the case.
>>
>>> Want to name the file the same and add a link?
>>> This would be an explanation why we keep the
>>> file in a weird style incompatible with qemu.
>>>
>>> Still some things I think are better off fixed.
>>> Noted below.
>>>
>>>> +
>>>> +/* Controller properties */
>>>> +struct mfi_ctrl_props {
>>>> +    uint16_t seq_num;
>>>> +    uint16_t pred_fail_poll_interval;
>>>> +    uint16_t intr_throttle_cnt;
>>>> +    uint16_t intr_throttle_timeout;
>>>> +    uint8_t rebuild_rate;
>>>> +    uint8_t patrol_read_rate;
>>>> +    uint8_t bgi_rate;
>>>> +    uint8_t cc_rate;
>>>> +    uint8_t recon_rate;
>>>> +    uint8_t cache_flush_interval;
>>>> +    uint8_t spinup_drv_cnt;
>>>> +    uint8_t spinup_delay;
>>>> +    uint8_t cluster_enable;
>>>> +    uint8_t coercion_mode;
>>>> +    uint8_t alarm_enable;
>>>> +    uint8_t disable_auto_rebuild;
>>>> +    uint8_t disable_battery_warn;
>>>> +    uint8_t ecc_bucket_size;
>>>> +    uint16_t ecc_bucket_leak_rate;
>>>> +    uint8_t restore_hotspare_on_insertion;
>>>> +    uint8_t expose_encl_devices;
>>>> +    uint8_t maintainPdFailHistory;
>>>> +    uint8_t disallowHostRequestReordering;
>>>> +    uint8_t abortCCOnError;
>>>> +    uint8_t loadBalanceMode;
>>>> +    uint8_t disableAutoDetectBackplane;
>>>> +    uint8_t snapVDSpace;
>>>> +    struct {
>>>> +        /* set TRUE to disable copyBack (0=copyback enabled) */
>>>> +        uint32_t copyBackDisabled:1,
>>>> +            SMARTerEnabled:1,
>>>> +            prCorrectUnconfiguredAreas:1,
>>>> +            useFdeOnly:1,
>>>> +            disableNCQ:1,
>>>> +            SSDSMARTerEnabled:1,
>>>> +            SSDPatrolReadEnabled:1,
>>>> +            enableSpinDownUnconfigured:1,
>>>> +            autoEnhancedImport:1,
>>>> +            enableSecretKeyControl:1,
>>>> +            disableOnlineCtrlReset:1,
>>>> +            allowBootWithPinnedCache:1,
>>>> +            disableSpinDownHS:1,
>>>> +            enableJBOD:1,
>>>> +            reserved:18;
>>>> +    } OnOffProperties;
>>>
>>> Using bitfields for anything where you care about endian-ness
>>> is IMO wrong, and you normally do care for BE host + LE guest.
>>> No idea what bsd does to handle this.
>>>
>> Well, I don't really have a choice. That the firmware interface,
>> which is using this kind of construct.
>> So I'm getting passed in a bitfield, which I then have to evaluate.
>> I should be okay as I'll be doing a byteshuffle before evaluation.
>> But yes, this interface is absolutely horrible.
> 
> Bits are pretty comment as an interface.
> The sane thing to do is to have some macros or enums
> specifying the bits. Then you can do
> le32_to_cpu(x) & MFI_DISABLE_SPIN_DOWN_HS
> 
Yes, that's a good idea. Will be doing it.

> I don't see the shuffle in code.
> E.g. info->properties.OnOffProperties.enableJBOD = 1
> and no shuffle in sight.  Add a comment
> here and where you do the shuffle?
> 
Oh. Looks like wishful thinking here.
I _thought_ I did ...

Anyway, will be fixing it up.

Thanks for the review.

Cheers,

Hannes
Gerhard Wiesinger - March 2, 2012, 7:20 a.m.
Hello Hannes,

When can we expect a V15?

BTW: signature/patch must also be rebased due to SCSI interface chances:
static void megasas_command_complete(SCSIRequest *req, uint32_t status, size_t resid)

Ciao,
Gerhard

--
http://www.wiesinger.com/

Patch

diff --git a/Makefile.objs b/Makefile.objs
index 391e524..5841998 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -283,6 +283,7 @@  hw-obj-$(CONFIG_AHCI) += ide/ich.o
 
 # SCSI layer
 hw-obj-$(CONFIG_LSI_SCSI_PCI) += lsi53c895a.o
+hw-obj-$(CONFIG_MEGASAS_SCSI_PCI) += megasas.o
 hw-obj-$(CONFIG_ESP) += esp.o
 
 hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
diff --git a/default-configs/pci.mak b/default-configs/pci.mak
index 9d3e1db..4b49c00 100644
--- a/default-configs/pci.mak
+++ b/default-configs/pci.mak
@@ -10,6 +10,7 @@  CONFIG_EEPRO100_PCI=y
 CONFIG_PCNET_PCI=y
 CONFIG_PCNET_COMMON=y
 CONFIG_LSI_SCSI_PCI=y
+CONFIG_MEGASAS_SCSI_PCI=y
 CONFIG_RTL8139_PCI=y
 CONFIG_E1000_PCI=y
 CONFIG_IDE_CORE=y
diff --git a/hw/megasas.c b/hw/megasas.c
new file mode 100644
index 0000000..083c3d3
--- /dev/null
+++ b/hw/megasas.c
@@ -0,0 +1,1865 @@ 
+/*
+ * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
+ *
+ * Copyright (c) 2009-2012 Hannes Reinecke, SUSE Labs
+ *
+ * This library is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either
+ * version 2 of the License, or (at your option) any later version.
+ *
+ * This library is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this library; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "hw.h"
+#include "pci.h"
+#include "dma.h"
+#include "msix.h"
+#include "iov.h"
+#include "scsi.h"
+#include "scsi-defs.h"
+#include "block_int.h"
+
+#include "mfi.h"
+
+/* Static definitions */
+#define MEGASAS_VERSION "1.60"
+#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
+#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
+#define MEGASAS_MAX_SGE 128             /* Firmware limit */
+#define MEGASAS_DEFAULT_SGE 80
+#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
+#define MEGASAS_MAX_ARRAYS 128
+
+#define MEGASAS_FLAG_USE_JBOD      0
+#define MEGASAS_MASK_USE_JBOD      (1 << MEGASAS_FLAG_USE_JBOD)
+#define MEGASAS_FLAG_USE_MSIX      1
+#define MEGASAS_MASK_USE_MSIX      (1 << MEGASAS_FLAG_USE_MSIX)
+#define MEGASAS_FLAG_USE_QUEUE64   2
+#define MEGASAS_MASK_USE_QUEUE64   (1 << MEGASAS_FLAG_USE_QUEUE64)
+
+const char *megasas_raid_modes[] = {
+    "raid", "jbod"
+};
+
+const char *mfi_frame_desc[] = {
+    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
+    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
+
+struct megasas_cmd_t {
+    uint32_t index;
+    uint16_t flags;
+    uint16_t count;
+    uint64_t context;
+
+    target_phys_addr_t pa;
+    target_phys_addr_t pa_size;
+    union mfi_frame *frame;
+    SCSIRequest *req;
+    struct iovec iov[MEGASAS_MAX_SGE];
+    int iov_cnt;
+    size_t iov_size;
+    size_t iov_offset;
+    struct megasas_state_t *state;
+};
+
+typedef struct megasas_state_t {
+    PCIDevice dev;
+    MemoryRegion mmio_io;
+    MemoryRegion port_io;
+    MemoryRegion queue_io;
+    uint32_t frame_hi;
+
+    int fw_state;
+    uint32_t fw_sge;
+    uint32_t fw_cmds;
+    uint32_t flags;
+    int fw_luns;
+    int intr_mask;
+    int doorbell;
+    int busy;
+    char *raid_mode_str;
+
+    struct megasas_cmd_t *event_cmd;
+    int event_locale;
+    int event_class;
+    int event_count;
+    int shutdown_event;
+    int boot_event;
+
+    uint64_t reply_queue_pa;
+    void *reply_queue;
+    int reply_queue_len;
+    int reply_queue_head;
+    int reply_queue_tail;
+    uint64_t consumer_pa;
+    uint64_t producer_pa;
+
+    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
+
+    SCSIBus bus;
+} MPTState;
+
+#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
+
+static bool megasas_intr_enabled(MPTState *s)
+{
+    if ((s->intr_mask & MEGASAS_INTR_DISABLED_MASK) !=
+        MEGASAS_INTR_DISABLED_MASK) {
+        return true;
+    }
+    return false;
+}
+
+static bool megasas_use_queue64(MPTState *s)
+{
+    return s->flags & MEGASAS_MASK_USE_QUEUE64;
+}
+
+static bool megasas_use_msix(MPTState *s)
+{
+    return s->flags & MEGASAS_MASK_USE_MSIX;
+}
+
+static bool megasas_is_jbod(MPTState *s)
+{
+    return s->flags & MEGASAS_MASK_USE_JBOD;
+}
+
+static void megasas_frame_set_cmd_status(unsigned long frame, uint8_t v)
+{
+    stb_phys(frame + offsetof(struct mfi_frame_header, cmd_status), v);
+}
+
+static void megasas_frame_set_scsi_status(unsigned long frame, uint8_t v)
+{
+    stb_phys(frame + offsetof(struct mfi_frame_header, scsi_status), v);
+}
+
+/*
+ * Context is considered opaque, but the HBA firmware is running
+ * in little endian mode. So convert it to little endian, too.
+ */
+static uint64_t megasas_frame_get_context(unsigned long frame)
+{
+    return ldq_le_phys(frame + offsetof(struct mfi_frame_header, context));
+}
+
+static bool megasas_frame_is_ieee_sgl(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_IEEE_SGL;
+}
+
+static bool megasas_frame_is_sgl64(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_SGL64;
+}
+
+static bool megasas_frame_is_write(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_DIR_WRITE;
+}
+
+static bool megasas_frame_is_sense64(struct megasas_cmd_t *cmd)
+{
+    return cmd->flags & MFI_FRAME_SENSE64;
+}
+
+static uint64_t megasas_sgl_get_addr(struct megasas_cmd_t *cmd,
+                                     union mfi_sgl *sgl)
+{
+    uint64_t addr;
+
+    if (megasas_frame_is_ieee_sgl(cmd)) {
+        addr = le64_to_cpu(sgl->sg_skinny->addr);
+    } else if (megasas_frame_is_sgl64(cmd)) {
+        addr = le64_to_cpu(sgl->sg64->addr);
+    } else {
+        addr = le32_to_cpu(sgl->sg32->addr);
+    }
+    return addr;
+}
+
+static uint32_t megasas_sgl_get_len(struct megasas_cmd_t *cmd,
+                                    union mfi_sgl *sgl)
+{
+    uint32_t len;
+
+    if (megasas_frame_is_ieee_sgl(cmd)) {
+        len = le32_to_cpu(sgl->sg_skinny->len);
+    } else if (megasas_frame_is_sgl64(cmd)) {
+        len = le32_to_cpu(sgl->sg64->len);
+    } else {
+        len = le32_to_cpu(sgl->sg32->len);
+    }
+    return len;
+}
+
+static union mfi_sgl *megasas_sgl_next(struct megasas_cmd_t *cmd,
+                                       union mfi_sgl *sgl)
+{
+    uint8_t *next = (uint8_t *)sgl;
+
+    if (megasas_frame_is_ieee_sgl(cmd)) {
+        next += sizeof(struct mfi_sg_skinny);
+    } else if (megasas_frame_is_sgl64(cmd)) {
+        next += sizeof(struct mfi_sg64);
+    } else {
+        next += sizeof(struct mfi_sg32);
+    }
+
+    if (next >= (uint8_t *)cmd->frame + cmd->pa_size) {
+        return NULL;
+    }
+    return (union mfi_sgl *)next;
+}
+
+static void megasas_soft_reset(MPTState *s);
+
+static int megasas_map_sgl(struct megasas_cmd_t *cmd, union mfi_sgl *sgl)
+{
+    int i;
+    int is_write;
+    int iov_count = 0;
+    size_t iov_size = 0;
+
+    cmd->flags = le16_to_cpu(cmd->frame->header.flags);
+    cmd->iov_cnt = iov_count = cmd->frame->header.sge_count;
+    if (cmd->iov_cnt > MEGASAS_MAX_SGE) {
+        cmd->iov_cnt = 0;
+        return iov_count;
+    }
+    is_write = megasas_frame_is_write(cmd);
+    for (i = 0; i < cmd->iov_cnt; i++) {
+        target_phys_addr_t iov_pa, iov_size_p;
+
+        if (!sgl) {
+            goto unmap;
+        }
+        iov_pa = megasas_sgl_get_addr(cmd, sgl);
+        cmd->iov[i].iov_len = iov_size_p = megasas_sgl_get_len(cmd, sgl);
+        if (!iov_pa || !iov_size_p) {
+            goto unmap;
+        }
+        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa, &iov_size_p,
+                                                       is_write);
+        if (!iov_size_p || iov_size_p != cmd->iov[i].iov_len) {
+            if (cmd->iov[i].iov_base) {
+                cpu_physical_memory_unmap(cmd->iov[i].iov_base,
+                                          iov_size_p, 0, 0);
+            }
+            goto unmap;
+        }
+        sgl = megasas_sgl_next(cmd, sgl);
+        iov_size += cmd->iov[i].iov_len;
+        iov_count--;
+    }
+    cmd->iov[i].iov_base = NULL;
+    cmd->iov[i].iov_len = 0;
+    cmd->iov_offset = 0;
+    return 0;
+unmap:
+    while (i > 0) {
+        cpu_physical_memory_unmap(cmd->iov[i-1].iov_base,
+                                  cmd->iov[i-1].iov_len, 0, 0);
+        i--;
+    }
+    cmd->iov_cnt = 0;
+    return iov_count;
+}
+
+static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
+{
+    int i, is_write = megasas_frame_is_write(cmd);
+
+    for (i = 0; i < cmd->iov_cnt; i++) {
+        cpu_physical_memory_unmap(cmd->iov[i].iov_base, cmd->iov[i].iov_len,
+                                  is_write, cmd->iov[i].iov_len);
+    }
+    cmd->iov_cnt = 0;
+    cmd->iov_offset = 0;
+}
+
+/*
+ * passthrough sense and io sense are at the same offset
+ */
+static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t *sense_ptr,
+    uint8_t sense_len)
+{
+    uint32_t pa_hi = 0, pa_lo;
+    target_phys_addr_t pa;
+
+    if (sense_len > cmd->frame->header.sense_len) {
+        sense_len = cmd->frame->header.sense_len;
+    }
+
+    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
+    if (megasas_frame_is_sense64(cmd)) {
+        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
+    }
+    pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    cpu_physical_memory_write(pa, sense_ptr, sense_len);
+    cmd->frame->header.sense_len = sense_len;
+    return sense_len;
+}
+
+static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense sense)
+{
+    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
+    uint8_t sense_len = 18;
+
+    memset(sense_buf, 0, sense_len);
+    sense_buf[0] = 0xf0;
+    sense_buf[2] = sense.key;
+    sense_buf[7] = 10;
+    sense_buf[12] = sense.asc;
+    sense_buf[13] = sense.ascq;
+    megasas_build_sense(cmd, sense_buf, sense_len);
+}
+
+static void megasas_copy_sense(struct megasas_cmd_t *cmd)
+{
+    uint8_t sense_buf[SCSI_SENSE_BUF_SIZE];
+    uint8_t sense_len;
+
+    sense_len = scsi_req_get_sense(cmd->req, sense_buf,
+                                   cmd->frame->header.sense_len);
+    megasas_build_sense(cmd, sense_buf, sense_len);
+}
+
+/*
+ * Format an INQUIRY CDB
+ */
+static int megasas_setup_inquiry(uint8_t *cdb, int pg,
+                                 uint8_t *buf, int len)
+{
+    memset(cdb, 0, 6);
+    cdb[0] = INQUIRY;
+    if (pg > 0) {
+        cdb[1] = 0x1;
+        cdb[2] = pg;
+    }
+    cdb[3] = (len >> 8) & 0xff;
+    cdb[4] = (len & 0xff);
+    return len;
+}
+
+/*
+ * Encode lba and len into a READ_16/WRITE_16 CDB
+ */
+static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
+                               uint32_t len, int is_write)
+{
+    memset(cdb, 0x0, 16);
+    if (is_write) {
+        cdb[0] = WRITE_16;
+    } else {
+        cdb[0] = READ_16;
+    }
+    cdb[2] = (lba >> 56) & 0xff;
+    cdb[3] = (lba >> 48) & 0xff;
+    cdb[4] = (lba >> 40) & 0xff;
+    cdb[5] = (lba >> 32) & 0xff;
+    cdb[6] = (lba >> 24) & 0xff;
+    cdb[7] = (lba >> 16) & 0xff;
+    cdb[8] = (lba >> 8) & 0xff;
+    cdb[9] = (lba) & 0xff;
+    cdb[10] = (len >> 24) & 0xff;
+    cdb[11] = (len >> 16) & 0xff;
+    cdb[12] = (len >> 8) & 0xff;
+    cdb[13] = (len) & 0xff;
+}
+
+/*
+ * Utility functions
+ */
+static uint64_t megasas_fw_time(void)
+{
+    struct tm curtime;
+    uint64_t bcd_time;
+
+    qemu_get_timedate(&curtime, 0);
+    bcd_time = ((uint64_t)curtime.tm_sec & 0xff) << 48 |
+        ((uint64_t)curtime.tm_min & 0xff)  << 40 |
+        ((uint64_t)curtime.tm_hour & 0xff) << 32 |
+        ((uint64_t)curtime.tm_mday & 0xff) << 24 |
+        ((uint64_t)curtime.tm_mon & 0xff)  << 16 |
+        ((uint64_t)(curtime.tm_year + 1900) & 0xffff);
+
+    return bcd_time;
+}
+
+static uint64_t megasas_gen_sas_addr(uint64_t id)
+{
+    uint64_t addr;
+
+    addr = 0x5001a4aULL << 36;
+    addr |= id & 0xfffffffff;
+
+    return addr;
+}
+
+/*
+ * Frame handling
+ */
+static int megasas_next_index(MPTState *s, int index, int limit)
+{
+    index++;
+    if (index == limit) {
+        index = 0;
+    }
+    return index;
+}
+
+static struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
+    target_phys_addr_t frame)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int num = 0, index;
+
+    index = s->reply_queue_head;
+
+    while (num < s->fw_cmds) {
+        if (s->frames[index].pa && s->frames[index].pa == frame) {
+            cmd = &s->frames[index];
+            break;
+        }
+        index = megasas_next_index(s, index, s->fw_cmds);
+        num++;
+    }
+
+    return cmd;
+}
+
+static struct megasas_cmd_t *megasas_next_frame(MPTState *s,
+    target_phys_addr_t frame)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int num = 0, index;
+
+    cmd = megasas_lookup_frame(s, frame);
+    if (cmd) {
+        return cmd;
+    }
+    index = s->reply_queue_head;
+    num = 0;
+    while (num < s->fw_cmds) {
+        if (!s->frames[index].pa) {
+            cmd = &s->frames[index];
+            break;
+        }
+        index = megasas_next_index(s, index, s->fw_cmds);
+        num++;
+    }
+    return cmd;
+}
+
+static struct megasas_cmd_t *megasas_enqueue_frame(MPTState *s,
+    target_phys_addr_t frame, uint64_t context, int count)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int frame_size = MFI_FRAME_SIZE * 16;
+    target_phys_addr_t frame_size_p = frame_size;
+
+    cmd = megasas_next_frame(s, frame);
+    /* All frames busy */
+    if (!cmd) {
+        return NULL;
+    }
+    if (!cmd->pa) {
+        cmd->pa = frame;
+        /* Map all possible frames */
+        cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
+        if (frame_size_p != frame_size) {
+            if (cmd->frame) {
+                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
+                cmd->frame = NULL;
+                cmd->pa = 0;
+            }
+            s->event_count++;
+            return NULL;
+        }
+        cmd->pa_size = frame_size_p;
+        cmd->context = context;
+        if (!megasas_use_queue64(s)) {
+            cmd->context &= (uint64_t)0xFFFFFFFF;
+        }
+    }
+    cmd->count = count;
+    s->busy++;
+
+    return cmd;
+}
+
+static void megasas_complete_frame(MPTState *s, uint64_t context)
+{
+    int tail, queue_offset;
+
+    /* Decrement busy count */
+    s->busy--;
+
+    if (s->reply_queue_pa) {
+        /*
+         * Put command on the reply queue.
+         * Context is opaque, but emulation is running in
+         * little endian. So convert it.
+         */
+        tail = s->reply_queue_head;
+        if (megasas_use_queue64(s)) {
+            queue_offset = tail * sizeof(uint64_t);
+            stq_le_phys(s->reply_queue_pa + queue_offset, context);
+        } else {
+            queue_offset = tail * sizeof(uint32_t);
+            stl_le_phys(s->reply_queue_pa + queue_offset, context);
+        }
+
+        s->reply_queue_head = megasas_next_index(s, tail, s->fw_cmds);
+    }
+
+    if (megasas_intr_enabled(s)) {
+        /* Notify HBA */
+        s->doorbell++;
+        if (s->doorbell == 1) {
+            if (msix_enabled(&s->dev)) {
+                msix_notify(&s->dev, 0);
+            } else {
+                qemu_irq_raise(s->dev.irq[0]);
+            }
+        }
+    }
+}
+
+static void megasas_reset_frames(MPTState *s)
+{
+    int i;
+    struct megasas_cmd_t *cmd;
+
+    for (i = 0; i < s->fw_cmds; i++) {
+        cmd = &s->frames[i];
+        if (cmd->pa) {
+            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
+            cmd->frame = NULL;
+            cmd->pa = 0;
+        }
+    }
+}
+
+static void megasas_abort_command(struct megasas_cmd_t *cmd)
+{
+    if (cmd->req) {
+        scsi_req_abort(cmd->req, ABORTED_COMMAND);
+        cmd->req = NULL;
+    }
+}
+
+static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint32_t pa_hi, pa_lo;
+    target_phys_addr_t iq_pa, initq_size;
+    struct mfi_init_qinfo *initq;
+    uint32_t flags;
+    int ret = MFI_STAT_OK;
+
+    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
+    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
+    iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
+    initq_size = sizeof(*initq);
+    initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
+    if (!initq || initq_size != sizeof(*initq)) {
+        s->event_count++;
+        ret = MFI_STAT_MEMORY_NOT_AVAILABLE;
+        goto out;
+    }
+    s->reply_queue_len = le32_to_cpu(initq->rq_entries) & 0xFFFF;
+    if (s->reply_queue_len > s->fw_cmds) {
+        s->event_count++;
+        ret = MFI_STAT_INVALID_PARAMETER;
+        goto out;
+    }
+    pa_lo = le32_to_cpu(initq->rq_addr_lo);
+    pa_hi = le32_to_cpu(initq->rq_addr_hi);
+    s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    pa_lo = le32_to_cpu(initq->ci_addr_lo);
+    pa_hi = le32_to_cpu(initq->ci_addr_hi);
+    s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    pa_lo = le32_to_cpu(initq->pi_addr_lo);
+    pa_hi = le32_to_cpu(initq->pi_addr_hi);
+    s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    s->reply_queue_head = ldl_le_phys(s->producer_pa);
+    s->reply_queue_tail = ldl_le_phys(s->consumer_pa);
+    flags = le32_to_cpu(initq->flags);
+    if (flags & MFI_QUEUE_FLAG_CONTEXT64) {
+        s->flags |= MEGASAS_MASK_USE_QUEUE64;
+    }
+    megasas_reset_frames(s);
+    s->fw_state = MFI_FWSTATE_OPERATIONAL;