Patchwork [16/16] megasas: LSI Megaraid SAS emulation

login
register
mail settings
Submitter Hannes Reinecke
Date Nov. 18, 2010, 2:47 p.m.
Message ID <20101118144755.442B2F90AB@ochil.suse.de>
Download mbox | patch
Permalink /patch/72112/
State New
Headers show

Comments

Hannes Reinecke - Nov. 18, 2010, 2:47 p.m.
This patch adds an emulation for the LSI Megaraid SAS HBA.

Signed-off-by: Hannes Reinecke <hare@suse.de>
---
 Makefile.objs |    2 +-
 hw/megasas.c  | 1826 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 hw/mfi.h      | 1197 +++++++++++++++++++++++++++++++++++++
 hw/pci_ids.h  |    2 +
 hw/scsi.h     |    1 +
 5 files changed, 3027 insertions(+), 1 deletions(-)
 create mode 100644 hw/megasas.c
 create mode 100644 hw/mfi.h
Jes Sorensen - Nov. 19, 2010, 9:20 a.m.
On 11/18/10 15:47, Hannes Reinecke wrote:
> This patch adds an emulation for the LSI Megaraid SAS HBA.
> 
> Signed-off-by: Hannes Reinecke <hare@suse.de>
> ---
>  Makefile.objs |    2 +-
>  hw/megasas.c  | 1826 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>  hw/mfi.h      | 1197 +++++++++++++++++++++++++++++++++++++
>  hw/pci_ids.h  |    2 +
>  hw/scsi.h     |    1 +
>  5 files changed, 3027 insertions(+), 1 deletions(-)
>  create mode 100644 hw/megasas.c
>  create mode 100644 hw/mfi.h
> 
> diff --git a/Makefile.objs b/Makefile.objs
> index 15569af..54c6e02 100644
> --- a/Makefile.objs
> +++ b/Makefile.objs
> @@ -231,7 +231,7 @@ hw-obj-$(CONFIG_IDE_MACIO) += ide/macio.o
>  hw-obj-$(CONFIG_IDE_VIA) += ide/via.o
>  
>  # SCSI layer
> -hw-obj-y += lsi53c895a.o
> +hw-obj-y += lsi53c895a.o megasas.o
>  hw-obj-$(CONFIG_ESP) += esp.o
>  
>  hw-obj-y += dma-helpers.o sysbus.o isa-bus.o

Just had a look through your patches and have to say nice work. Haven't
tested it though, but looks like a good step in the right direction.

Only comment, as you are adding another SCSI driver, maybe it's time to
make the driver selection configurable, rather than hard coding the build?

Cheers,
Jes
Markus Armbruster - Nov. 19, 2010, 2:06 p.m.
Jes Sorensen <Jes.Sorensen@redhat.com> writes:

> On 11/18/10 15:47, Hannes Reinecke wrote:
>> This patch adds an emulation for the LSI Megaraid SAS HBA.
>> 
>> Signed-off-by: Hannes Reinecke <hare@suse.de>
>> ---
>>  Makefile.objs |    2 +-
>>  hw/megasas.c  | 1826 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>  hw/mfi.h      | 1197 +++++++++++++++++++++++++++++++++++++
>>  hw/pci_ids.h  |    2 +
>>  hw/scsi.h     |    1 +
>>  5 files changed, 3027 insertions(+), 1 deletions(-)
>>  create mode 100644 hw/megasas.c
>>  create mode 100644 hw/mfi.h
>> 
>> diff --git a/Makefile.objs b/Makefile.objs
>> index 15569af..54c6e02 100644
>> --- a/Makefile.objs
>> +++ b/Makefile.objs
>> @@ -231,7 +231,7 @@ hw-obj-$(CONFIG_IDE_MACIO) += ide/macio.o
>>  hw-obj-$(CONFIG_IDE_VIA) += ide/via.o
>>  
>>  # SCSI layer
>> -hw-obj-y += lsi53c895a.o
>> +hw-obj-y += lsi53c895a.o megasas.o
>>  hw-obj-$(CONFIG_ESP) += esp.o
>>  
>>  hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
>
> Just had a look through your patches and have to say nice work. Haven't
> tested it though, but looks like a good step in the right direction.
>
> Only comment, as you are adding another SCSI driver, maybe it's time to
> make the driver selection configurable, rather than hard coding the build?

What do you mean by that?

We hardcode lsi53c895a in two places where we really mean "default SCSI
controller type": pc_pci_device_init(), which applies to "-drive
if=scsi", and qemu_pci_hot_add_storage(), which applies to "pci_add
storage if=scsi".  Not sure making that default configurable is worth
it.

If you want more control than -drive and pci_add provice, use -device
and device_add.
Hannes Reinecke - Nov. 19, 2010, 2:19 p.m.
On 11/19/2010 03:06 PM, Markus Armbruster wrote:
> Jes Sorensen <Jes.Sorensen@redhat.com> writes:
> 
>> On 11/18/10 15:47, Hannes Reinecke wrote:
>>> This patch adds an emulation for the LSI Megaraid SAS HBA.
>>>
>>> Signed-off-by: Hannes Reinecke <hare@suse.de>
>>> ---
>>>  Makefile.objs |    2 +-
>>>  hw/megasas.c  | 1826 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>  hw/mfi.h      | 1197 +++++++++++++++++++++++++++++++++++++
>>>  hw/pci_ids.h  |    2 +
>>>  hw/scsi.h     |    1 +
>>>  5 files changed, 3027 insertions(+), 1 deletions(-)
>>>  create mode 100644 hw/megasas.c
>>>  create mode 100644 hw/mfi.h
>>>
>>> diff --git a/Makefile.objs b/Makefile.objs
>>> index 15569af..54c6e02 100644
>>> --- a/Makefile.objs
>>> +++ b/Makefile.objs
>>> @@ -231,7 +231,7 @@ hw-obj-$(CONFIG_IDE_MACIO) += ide/macio.o
>>>  hw-obj-$(CONFIG_IDE_VIA) += ide/via.o
>>>  
>>>  # SCSI layer
>>> -hw-obj-y += lsi53c895a.o
>>> +hw-obj-y += lsi53c895a.o megasas.o
>>>  hw-obj-$(CONFIG_ESP) += esp.o
>>>  
>>>  hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
>>
>> Just had a look through your patches and have to say nice work. Haven't
>> tested it though, but looks like a good step in the right direction.
>>
>> Only comment, as you are adding another SCSI driver, maybe it's time to
>> make the driver selection configurable, rather than hard coding the build?
> 
> What do you mean by that?
> 
> We hardcode lsi53c895a in two places where we really mean "default SCSI
> controller type": pc_pci_device_init(), which applies to "-drive
> if=scsi", and qemu_pci_hot_add_storage(), which applies to "pci_add
> storage if=scsi".  Not sure making that default configurable is worth
> it.
> 
> If you want more control than -drive and pci_add provice, use -device
> and device_add.

Idea is probably to have megasas the default SCSI controller, if
configured during compile time. Basically have a configure option
'--scsi-hba=megasas' or somesuch.

But then, you can 'easily' select the megasas HBA nowadays with

-drive file=XXX,if=none,id=d1 \
-device megasas,id=m1 \
-device scsi-disk,drive=d1

So not sure if it's worthwhile.

Cheers,

Hannes
Jes Sorensen - Nov. 19, 2010, 2:31 p.m.
On 11/19/10 15:06, Markus Armbruster wrote:
>> Only comment, as you are adding another SCSI driver, maybe it's time to
>> make the driver selection configurable, rather than hard coding the build?
> 
> What do you mean by that?
> 
> We hardcode lsi53c895a in two places where we really mean "default SCSI
> controller type": pc_pci_device_init(), which applies to "-drive
> if=scsi", and qemu_pci_hot_add_storage(), which applies to "pci_add
> storage if=scsi".  Not sure making that default configurable is worth
> it.
> 
> If you want more control than -drive and pci_add provice, use -device
> and device_add.

What I mean is for most other device types we allow to specify a list of
wanted devices at the configure line, which is what I am suggesting we
added support for for SCSI as well.

Cheers,
Jes
Alexander Graf - Nov. 19, 2010, 4:36 p.m.
On 19.11.2010, at 15:31, Jes Sorensen wrote:

> On 11/19/10 15:06, Markus Armbruster wrote:
>>> Only comment, as you are adding another SCSI driver, maybe it's time to
>>> make the driver selection configurable, rather than hard coding the build?
>> 
>> What do you mean by that?
>> 
>> We hardcode lsi53c895a in two places where we really mean "default SCSI
>> controller type": pc_pci_device_init(), which applies to "-drive
>> if=scsi", and qemu_pci_hot_add_storage(), which applies to "pci_add
>> storage if=scsi".  Not sure making that default configurable is worth
>> it.
>> 
>> If you want more control than -drive and pci_add provice, use -device
>> and device_add.
> 
> What I mean is for most other device types we allow to specify a list of
> wanted devices at the configure line, which is what I am suggesting we
> added support for for SCSI as well.

Oh, you mean something like:

hw-obj-$(CONFIG_MEGASAS) += megasas.o

with respective entries in default-config/*? Yeah, makes sense.


Alex
Jes Sorensen - Nov. 19, 2010, 5:35 p.m.
On 11/19/10 17:36, Alexander Graf wrote:
> 
> On 19.11.2010, at 15:31, Jes Sorensen wrote:
>> What I mean is for most other device types we allow to specify a list of
>> wanted devices at the configure line, which is what I am suggesting we
>> added support for for SCSI as well.
> 
> Oh, you mean something like:
> 
> hw-obj-$(CONFIG_MEGASAS) += megasas.o
> 
> with respective entries in default-config/*? Yeah, makes sense.

Correct, and I suggest we add that for the 53c895 driver too.

Cheers,
Jes

Patch

diff --git a/Makefile.objs b/Makefile.objs
index 15569af..54c6e02 100644
--- a/Makefile.objs
+++ b/Makefile.objs
@@ -231,7 +231,7 @@  hw-obj-$(CONFIG_IDE_MACIO) += ide/macio.o
 hw-obj-$(CONFIG_IDE_VIA) += ide/via.o
 
 # SCSI layer
-hw-obj-y += lsi53c895a.o
+hw-obj-y += lsi53c895a.o megasas.o
 hw-obj-$(CONFIG_ESP) += esp.o
 
 hw-obj-y += dma-helpers.o sysbus.o isa-bus.o
diff --git a/hw/megasas.c b/hw/megasas.c
new file mode 100644
index 0000000..72ee8da
--- /dev/null
+++ b/hw/megasas.c
@@ -0,0 +1,1826 @@ 
+/*
+ * QEMU MegaRAID SAS 8708EM2 Host Bus Adapter emulation
+ *
+ * Copyright (c) 2009 Hannes Reinecke, SUSE Linux Products GmbH
+ *
+ * This code is licenced under the LGPL.
+ */
+
+#include <time.h>
+#include <assert.h>
+
+#include "hw.h"
+#include "pci.h"
+#include "dma.h"
+#include "scsi.h"
+#include "scsi-defs.h"
+#include "block_int.h"
+#ifdef __linux__
+# include <scsi/sg.h>
+#endif
+
+#include "mfi.h"
+
+#define DEBUG_MEGASAS
+#undef DEBUG_MEGASAS_REG
+#undef DEBUG_MEGASAS_QUEUE
+#undef DEBUG_MEGASAS_MFI
+#undef DEBUG_MEGASAS_IO
+#undef DEBUG_MEGASAS_DCMD
+
+#ifdef DEBUG_MEGASAS
+#define DPRINTF(fmt, ...) \
+do { printf("megasas: " fmt , ## __VA_ARGS__); } while (0)
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "megasas: error: " fmt , ## __VA_ARGS__); exit(1);} while (0)
+#ifdef DEBUG_MEGASAS_REG
+#define DPRINTF_REG DPRINTF
+#else
+#define DPRINTF_REG(fmt, ...) do {} while(0)
+#endif
+#ifdef DEBUG_MEGASAS_QUEUE
+#define DPRINTF_QUEUE DPRINTF
+#else
+#define DPRINTF_QUEUE(fmt, ...) do {} while(0)
+#endif
+#ifdef DEBUG_MEGASAS_MFI
+#define DPRINTF_MFI DPRINTF
+#else
+#define DPRINTF_MFI(fmt, ...) do {} while(0)
+#endif
+#ifdef DEBUG_MEGASAS_IO
+#define DPRINTF_IO DPRINTF
+#else
+#define DPRINTF_IO(fmt, ...) do {} while(0)
+#endif
+#ifdef DEBUG_MEGASAS_DCMD
+#define DPRINTF_DCMD DPRINTF
+#else
+#define DPRINTF_DCMD(fmt, ...) do {} while(0)
+#endif
+#else
+#define DPRINTF(fmt, ...) do {} while(0)
+#define DPRINTF_REG DPRINTF
+#define DPRINTF_QUEUE DPRINTF
+#define DPRINTF_MFI DPRINTF
+#define DPRINTF_IO DPRINTF
+#define DPRINTF_DCMD DPRINTF
+#define BADF(fmt, ...) \
+do { fprintf(stderr, "megasas: error: " fmt , ## __VA_ARGS__);} while (0)
+#endif
+
+/* Static definitions */
+#define MEGASAS_VERSION "1.10"
+#define MEGASAS_MAX_FRAMES 2048         /* Firmware limit at 65535 */
+#define MEGASAS_DEFAULT_FRAMES 1000     /* Windows requires this */
+#define MEGASAS_MAX_SGE 256             /* Firmware limit */
+#define MEGASAS_DEFAULT_SGE 80
+#define MEGASAS_MAX_SECTORS 0xFFFF      /* No real limit */
+#define MEGASAS_MAX_ARRAYS 128
+
+const char *mfi_frame_desc[] = {
+    "MFI init", "LD Read", "LD Write", "LD SCSI", "PD SCSI",
+    "MFI Doorbell", "MFI Abort", "MFI SMP", "MFI Stop"};
+
+struct megasas_cmd_t {
+    int index;
+    int context;
+    int count;
+
+    target_phys_addr_t pa;
+    target_phys_addr_t pa_size;
+    union mfi_frame *frame;
+    SCSIRequest *req;
+    struct iovec *iov;
+    void *iov_buf;
+    long iov_size;
+    SCSIDevice *sdev;
+    struct megasas_state_t *state;
+};
+
+typedef struct megasas_state_t {
+    PCIDevice dev;
+    int mmio_io_addr;
+    int io_addr;
+    int queue_addr;
+    uint32_t frame_hi;
+
+    int fw_state;
+    uint32_t fw_sge;
+    uint32_t fw_cmds;
+    int fw_luns;
+    int intr_mask;
+    int doorbell;
+    int busy;
+    char *raid_mode_str;
+    int is_jbod;
+
+    int event_count;
+    int shutdown_event;
+    int boot_event;
+
+    uint64_t reply_queue_pa;
+    void *reply_queue;
+    int reply_queue_len;
+    int reply_queue_index;
+    uint64_t consumer_pa;
+    uint64_t producer_pa;
+
+    struct megasas_cmd_t frames[MEGASAS_MAX_FRAMES];
+
+    SCSIBus bus;
+} MPTState;
+
+#define MEGASAS_INTR_DISABLED_MASK 0xFFFFFFFF
+
+#define MEGASAS_INTR_ENABLED(s) (((s)->intr_mask & MEGASAS_INTR_DISABLED_MASK ) != MEGASAS_INTR_DISABLED_MASK)
+
+#define megasas_frame_set_cmd_status(f,v)		\
+    stb_phys((f) + offsetof(struct mfi_frame_header, cmd_status), v);
+
+#define megasas_frame_set_scsi_status(f,v)		\
+    stb_phys((f) + offsetof(struct mfi_frame_header, scsi_status), v);
+
+#define megasas_frame_get_cmd(f)			\
+    ldub_phys((f) + offsetof(struct mfi_frame_header, frame_cmd))
+
+#define megasas_frame_get_context(f)			\
+    ldl_phys(frame_addr + offsetof(struct mfi_frame_header, context));
+
+static void megasas_soft_reset(MPTState *s);
+
+static int megasas_map_sgl(struct megasas_cmd_t *cmd, int pa_offset)
+{
+    int i;
+    uint16_t flags = le16_to_cpu(cmd->frame->header.flags);
+    int is_sgl64 = (flags & MFI_FRAME_SGL64) ? 1 : 0;
+    int is_write = (flags & MFI_FRAME_DIR_WRITE) ? 1 : 0;
+    int sgl_addr_size = is_sgl64 ? sizeof(uint64_t) : sizeof(uint32_t);
+    size_t iov_count = 0;
+
+    cmd->iov = qemu_malloc(sizeof(struct iovec) * (cmd->frame->header.sge_count + 1));
+    for (i = 0; i < cmd->frame->header.sge_count; i++) {
+        target_phys_addr_t pa, iov_pa, iov_size;
+
+        pa = cmd->pa + pa_offset;
+        if (is_sgl64)
+            iov_pa = ldq_phys(pa);
+        else
+            iov_pa = ldl_phys(pa);
+        iov_size = ldl_phys(pa + sgl_addr_size);
+        cmd->iov[i].iov_base = cpu_physical_memory_map(iov_pa, &iov_size, is_write);
+        cmd->iov[i].iov_len = iov_size;
+        pa_offset += sgl_addr_size + sizeof(uint32_t);
+        iov_count += iov_size;
+    }
+    cmd->iov[i].iov_base = NULL;
+    cmd->iov[i].iov_len = 0;
+    if (pa_offset > (cmd->count + 1) * MFI_FRAME_SIZE) {
+        DPRINTF_IO("frame %d: iov list overflow count %d sge %d offset %x\n",
+                   cmd->context, cmd->count, cmd->frame->header.sge_count,
+                   pa_offset);
+    }
+    if (iov_count > cmd->iov_size * cmd->sdev->blocksize) {
+        DPRINTF("iov list too long: is %ld should be %ld\n",
+                iov_count, cmd->iov_size * cmd->sdev->blocksize);
+    }
+    return cmd->frame->header.sge_count;
+}
+
+static void megasas_unmap_sgl(struct megasas_cmd_t *cmd)
+{
+    uint16_t flags = le16_to_cpu(cmd->frame->header.flags);
+    int i, is_write = (flags & MFI_FRAME_DIR_WRITE) ? 1 : 0;
+
+    for (i = 0; i < cmd->frame->header.sge_count; i++) {
+        cpu_physical_memory_unmap(cmd->iov[i].iov_base, cmd->iov[i].iov_len,
+                                  is_write, cmd->iov[i].iov_len);
+    }
+    qemu_free(cmd->iov);
+}
+
+/*
+ * passthrough sense and io sense are at the same offset
+ */
+static int megasas_build_sense(struct megasas_cmd_t *cmd, uint8_t *sense_ptr,
+    uint8_t sense_len)
+{
+    target_phys_addr_t pa, pa_hi = 0, pa_lo;
+    uint16_t flags = le16_to_cpu(cmd->frame->header.flags);
+    int is_sense64 = (flags & MFI_FRAME_SENSE64) ? 1 : 0;
+
+    if (sense_len > cmd->frame->header.sense_len)
+        sense_len = cmd->frame->header.sense_len;
+
+    pa_lo = le32_to_cpu(cmd->frame->pass.sense_addr_lo);
+    if (is_sense64)
+        pa_hi = le32_to_cpu(cmd->frame->pass.sense_addr_hi);
+    pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    cpu_physical_memory_write(pa, sense_ptr, sense_len);
+    cmd->frame->header.sense_len = sense_len;
+    return sense_len;
+}
+
+static void megasas_write_sense(struct megasas_cmd_t *cmd, SCSISense sense)
+{
+    uint8_t *sense_ptr;
+    uint8_t sense_len;
+
+    sense_ptr = qemu_mallocz(cmd->frame->header.sense_len);
+    sense_len = scsi_build_sense(sense, sense_ptr,
+                                 cmd->frame->header.sense_len, 0);
+    megasas_build_sense(cmd, sense_ptr, sense_len);
+    qemu_free(sense_ptr);
+}
+
+static void megasas_copy_sense(struct megasas_cmd_t *cmd)
+{
+    uint8_t *sense_ptr;
+    uint8_t sense_len;
+
+    sense_ptr = qemu_mallocz(cmd->frame->header.sense_len);
+    sense_len = cmd->req->dev->info->get_sense(cmd->req, sense_ptr,
+                                               cmd->frame->header.sense_len);
+    megasas_build_sense(cmd, sense_ptr, sense_len);
+    qemu_free(sense_ptr);
+}
+
+/*
+ * Format an INQUIRY CDB
+ */
+static int megasas_setup_inquiry(uint8_t *cdb, int pg,
+                                 uint8_t *buf, int len)
+{
+    memset(cdb, 0, 6);
+    cdb[0] = INQUIRY;
+    if (pg > 0) {
+        cdb[1] = 0x1;
+        cdb[2] = pg;
+    }
+    cdb[3] = (len >> 8) & 0xff;
+    cdb[4] = (len & 0xff);
+    return len;
+}
+
+/*
+ * Encode lba and len into a READ_16/WRITE_16 CDB
+ */
+static void megasas_encode_lba(uint8_t *cdb, uint64_t lba,
+                               uint32_t len, int is_write)
+{
+    memset(cdb, 0x0, 16);
+    if (is_write) {
+        cdb[0] = WRITE_16;
+    } else {
+        cdb[0] = READ_16;
+    }
+    cdb[2] = (lba >> 56) & 0xff;
+    cdb[3] = (lba >> 48) & 0xff;
+    cdb[4] = (lba >> 40) & 0xff;
+    cdb[5] = (lba >> 32) & 0xff;
+    cdb[6] = (lba >> 24) & 0xff;
+    cdb[7] = (lba >> 16) & 0xff;
+    cdb[8] = (lba >> 8) & 0xff;
+    cdb[9] = (lba) & 0xff;
+    cdb[10] = (len >> 24) & 0xff;
+    cdb[11] = (len >> 16) & 0xff;
+    cdb[12] = (len >> 8) & 0xff;
+    cdb[13] = (len) & 0xff;
+}
+
+/*
+ * Utility functions
+ */
+static uint64_t megasas_fw_time(void)
+{
+    const time_t now = time(NULL);
+    struct tm *curtime;
+    uint64_t bcd_time;
+
+    curtime = gmtime(&now);
+    bcd_time = ((uint64_t)curtime->tm_sec & 0xff) << 48 |
+        ((uint64_t)curtime->tm_min & 0xff)  << 40 |
+        ((uint64_t)curtime->tm_hour & 0xff) << 32 |
+        ((uint64_t)curtime->tm_mday & 0xff) << 24 |
+        ((uint64_t)curtime->tm_mon & 0xff)  << 16 |
+        ((uint64_t)(curtime->tm_year + 1900) & 0xffff);
+
+    return bcd_time;
+}
+
+static uint64_t megasas_gen_sas_addr(uint64_t id)
+{
+    uint64_t addr;
+
+    addr = 0x5001a4aULL << 36;
+    addr |= id & 0xfffffffff;
+
+    return addr;
+}
+
+/*
+ * Frame handling
+ */
+
+static void megasas_dump_frame(struct megasas_cmd_t *cmd)
+{
+    DPRINTF("Frame %x: count %d pa %p context %x\n"
+            "\t%016lx %016lx\n\t%016lx %016lx\n"
+            "\t%016lx %016lx\n\t%016lx %016lx\n",
+            cmd->index, cmd->count, cmd->frame, cmd->context,
+            be64_to_cpu(cmd->frame->raw[0]),
+            be64_to_cpu(cmd->frame->raw[1]),
+            be64_to_cpu(cmd->frame->raw[2]),
+            be64_to_cpu(cmd->frame->raw[3]),
+            be64_to_cpu(cmd->frame->raw[4]),
+            be64_to_cpu(cmd->frame->raw[5]),
+            be64_to_cpu(cmd->frame->raw[6]),
+            be64_to_cpu(cmd->frame->raw[7]));
+}
+
+static inline int megasas_next_index(MPTState *s, int index)
+{
+    index++;
+    if (index == s->fw_cmds)
+        index = 0;
+    return index;
+}
+
+static inline struct megasas_cmd_t *megasas_lookup_frame(MPTState *s,
+    target_phys_addr_t frame)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int num = 0, index;
+
+    index = s->reply_queue_index;
+
+    while (num < s->fw_cmds) {
+        if (s->frames[index].pa && s->frames[index].pa == frame) {
+            cmd = &s->frames[index];
+            break;
+        }
+        index = megasas_next_index(s, index);
+        num++;
+    }
+
+    return cmd;
+}
+
+static inline struct megasas_cmd_t *megasas_next_frame(MPTState *s,
+    target_phys_addr_t frame)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    int num = 0, index;
+
+    cmd = megasas_lookup_frame(s, frame);
+    if (cmd) {
+        DPRINTF_QUEUE("Found mapped frame %x pa %lx\n", cmd->index, cmd->pa);
+        return cmd;
+    }
+    index = s->reply_queue_index;
+    num = 0;
+    while (num < s->fw_cmds) {
+        if (!s->frames[index].pa) {
+            cmd = &s->frames[index];
+            break;
+        }
+        index = megasas_next_index(s, index);
+        num++;
+    }
+    DPRINTF_QUEUE("Return new frame %x cmd %p\n", index, cmd);
+    return cmd;
+}
+
+static struct megasas_cmd_t *
+megasas_enqueue_frame(MPTState *s, target_phys_addr_t frame, int count)
+{
+    struct megasas_cmd_t *cmd = NULL;
+    uint8_t frame_size = MFI_FRAME_SIZE;
+    target_phys_addr_t frame_size_p = frame_size;
+
+    cmd = megasas_next_frame(s, frame);
+    /* All frames busy */
+    if (!cmd)
+        return NULL;
+    if (!cmd->pa) {
+        cmd->pa = frame;
+        cmd->frame = cpu_physical_memory_map(frame, &frame_size_p, 0);
+        if (frame_size_p != frame_size) {
+            DPRINTF("failed to map frame %lu\n", (unsigned long)frame);
+            if (cmd->frame) {
+                cpu_physical_memory_unmap(cmd->frame, frame_size_p, 0, 0);
+                cmd->frame = NULL;
+                cmd->pa = 0;
+            }
+            s->event_count++;
+            return NULL;
+        }
+        cmd->pa_size = frame_size_p;
+        cmd->context = le32_to_cpu(cmd->frame->header.context);
+    }
+    cmd->count = count;
+    s->busy++;
+
+    DPRINTF_QUEUE("Enqueue frame %x count %d context %x tail %x busy %d\n",
+                  cmd->index, cmd->count, cmd->context,
+                  s->reply_queue_index, s->busy);
+
+    return cmd;
+}
+
+static void megasas_dequeue_frame(MPTState *s, int context)
+{
+    int tail;
+
+    /* Decrement busy count */
+    s->busy--;
+
+    if (!MEGASAS_INTR_ENABLED(s)) {
+        DPRINTF_QUEUE("Complete frame context %x\n", context);
+        return;
+    }
+
+    /* Put command on the reply queue */
+    tail = s->reply_queue_index;
+    stl_phys(s->reply_queue_pa + tail * sizeof(uint32_t), context);
+
+    s->reply_queue_index = megasas_next_index(s, tail);
+    DPRINTF_QUEUE("Complete frame context %x tail %x busy %d doorbell %d\n",
+                  context, tail, s->busy, s->doorbell);
+
+    /* Notify HBA */
+    s->doorbell++;
+    if (s->doorbell == 1) {
+        qemu_irq_raise(s->dev.irq[0]);
+    }
+}
+
+static void megasas_abort_command(struct megasas_cmd_t *cmd)
+{
+    if (cmd->req) {
+        cmd->req->dev->info->put_req(cmd->req);
+        cmd->req = NULL;
+    }
+}
+
+static int megasas_init_firmware(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    target_phys_addr_t iq_pa, pa_hi, pa_lo, iq_pl, initq_size;
+    struct mfi_init_qinfo *initq;
+
+    iq_pl = le32_to_cpu(cmd->frame->init.header.data_len);
+    pa_lo = le32_to_cpu(cmd->frame->init.qinfo_new_addr_lo);
+    pa_hi = le32_to_cpu(cmd->frame->init.qinfo_new_addr_hi);
+    iq_pa = (((uint64_t) pa_hi << 32) | pa_lo);
+    DPRINTF_MFI("MFI init firmware: xfer len %d pa %lx\n", (int)iq_pl,
+                (unsigned long)iq_pa);
+    initq_size = sizeof(*initq);
+    initq = cpu_physical_memory_map(iq_pa, &initq_size, 0);
+    if (initq_size != sizeof(*initq)) {
+        DPRINTF("MFI init firmware: failed to map queue mem\n");
+        if (initq)
+            cpu_physical_memory_unmap(initq, initq_size, 0, 0);
+        s->fw_state = MFI_FWSTATE_FAULT;
+        s->event_count++;
+        goto out;
+    }
+    s->reply_queue_len = le32_to_cpu(initq->rq_entries);
+    pa_lo = le32_to_cpu(initq->rq_addr_lo);
+    pa_hi = le32_to_cpu(initq->rq_addr_hi);
+    s->reply_queue_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    pa_lo = le32_to_cpu(initq->ci_addr_lo);
+    pa_hi = le32_to_cpu(initq->ci_addr_hi);
+    s->consumer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    pa_lo = le32_to_cpu(initq->pi_addr_lo);
+    pa_hi = le32_to_cpu(initq->pi_addr_hi);
+    s->producer_pa = ((uint64_t) pa_hi << 32) | pa_lo;
+    DPRINTF_MFI("MFI init firmware: queue at %lx len %d head %lx tail %lx\n",
+                (unsigned long)s->reply_queue_pa, s->reply_queue_len,
+                (unsigned long)s->producer_pa, (unsigned long)s->consumer_pa);
+    s->reply_queue_index = ldl_phys(s->producer_pa);
+    s->fw_state = MFI_FWSTATE_OPERATIONAL;
+out:
+    cpu_physical_memory_unmap(initq, initq_size, 0, 0);
+    return 0;
+}
+
+static int megasas_map_dcmd(struct megasas_cmd_t *cmd)
+{
+    target_phys_addr_t iov_pa, iov_size_p;
+    uint32_t iov_size = 0;
+    uint16_t flags = le16_to_cpu(cmd->frame->header.flags);
+    int is_sgl64 = (flags & MFI_FRAME_SGL64) ? 1 : 0;
+
+    if (!cmd->frame->header.sge_count) {
+        DPRINTF_DCMD("Zero DCMD sge count\n");
+        cmd->iov_size = 0;
+        cmd->iov_buf = NULL;
+        return 0;
+    } else if (cmd->frame->header.sge_count > 1) {
+        DPRINTF("Invalid DCMD sge count %d\n",
+                cmd->frame->header.sge_count);
+        return -1;
+    }
+    if (is_sgl64) {
+        iov_pa = le64_to_cpu(cmd->frame->dcmd.sgl.sg64[0].addr);
+        iov_size = le32_to_cpu(cmd->frame->dcmd.sgl.sg64[0].len);
+    } else {
+        iov_pa = le32_to_cpu(cmd->frame->dcmd.sgl.sg32[0].addr);
+        iov_size = le32_to_cpu(cmd->frame->dcmd.sgl.sg32[0].len);
+    }
+    iov_size_p = iov_size;
+    cmd->iov_buf = cpu_physical_memory_map(iov_pa, &iov_size_p, 1);
+    if (iov_size_p != iov_size) {
+        DPRINTF("failed to map dcmd buffer\n");
+        if (cmd->iov_buf) {
+            cpu_physical_memory_unmap(cmd->iov_buf, iov_size, 1, 0);
+            cmd->iov_buf = NULL;
+            cmd->iov_size = 0;
+        }
+        return -1;
+    }
+    cmd->iov_size = iov_size;
+    return iov_size;
+}
+
+static int megasas_finish_dcmd(struct megasas_cmd_t *cmd, uint32_t size)
+{
+    uint16_t flags = le16_to_cpu(cmd->frame->header.flags);
+    int is_sgl64 = (flags & MFI_FRAME_SGL64) ? 1 : 0;
+    int sgl_addr_size = is_sgl64 ? sizeof(uint64_t) : sizeof(uint32_t);
+
+    if (size > cmd->iov_size) {
+        DPRINTF("DCMD buffer overflow %u/%ld\n",
+                size, cmd->iov_size);
+        size = cmd->iov_size;
+    }
+    if (!cmd->iov_buf) {
+        return 0;
+    }
+
+    cpu_physical_memory_unmap(cmd->iov_buf, cmd->iov_size, 1, size);
+    if (cmd->iov_size > size) {
+        stl_phys(cmd->pa + offsetof(struct mfi_dcmd_frame,sgl)
+                 + sgl_addr_size, size);
+    }
+    return size;
+}
+
+static int megasas_ctrl_get_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ctrl_info *info = cmd->iov_buf;
+    int n, num_ld_disks = 0;
+
+    for (n = 0; n < s->fw_luns; n++) {
+        if (s->bus.devs[n])
+            num_ld_disks++;
+    }
+
+    memset(cmd->iov_buf, 0x0, cmd->iov_size);
+    if (cmd->iov_size != sizeof(struct mfi_ctrl_info)) {
+        DPRINTF_DCMD("Ctrl Get Info: invalid xfer_len %ld\n",
+                     cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    DPRINTF_DCMD("MFI DCMD get controller info\n");
+    info->pci.vendor = PCI_VENDOR_ID_LSI_LOGIC;
+    info->pci.device = PCI_DEVICE_ID_LSI_SAS1078;
+    info->pci.subvendor = PCI_VENDOR_ID_LSI_LOGIC;
+    info->pci.subdevice = 0x1013;
+
+    info->host.type = MFI_INFO_HOST_PCIX;
+    info->device.type = MFI_INFO_DEV_SAS3G;
+    info->device.port_count = 2;
+    info->device.port_addr[0] = megasas_gen_sas_addr((unsigned long)s);
+
+    memcpy(info->product_name,"MegaRAID SAS 8708EM2", 20);
+    snprintf(info->serial_number, 32, "QEMU%08lx",(unsigned long)s & 0xFFFFFFFF);
+    snprintf(info->package_version, 0x60, "%s-QEMU", QEMU_VERSION);
+    memcpy(info->image_component[0].name, "APP", 8);
+    memcpy(info->image_component[0].version, MEGASAS_VERSION "-QEMU", 32);
+    memcpy(info->image_component[0].build_date, __DATE__, 16);
+    memcpy(info->image_component[0].build_time, __TIME__, 16);
+    info->image_component_count = 1;
+    info->current_fw_time = megasas_fw_time();
+    info->max_arms = 32;
+    info->max_spans = 8;
+    info->max_arrays = MEGASAS_MAX_ARRAYS;
+    info->max_lds = s->fw_luns;
+    info->max_cmds = s->fw_cmds;
+    info->max_sg_elements = s->fw_sge;
+    info->max_request_size = MEGASAS_MAX_SECTORS;
+    info->lds_present = num_ld_disks;
+    info->pd_present = num_ld_disks + 1;
+    info->pd_disks_present = num_ld_disks;
+    info->hw_present = MFI_INFO_HW_NVRAM | MFI_INFO_HW_MEM | MFI_INFO_HW_FLASH;
+    info->memory_size = 512;
+    info->nvram_size = 32;
+    info->flash_size = 16;
+    info->raid_levels = MFI_INFO_RAID_0;
+    info->adapter_ops = MFI_INFO_AOPS_RBLD_RATE |
+        MFI_INFO_AOPS_SELF_DIAGNOSTIC |
+        MFI_INFO_AOPS_MIXED_ARRAY;
+    info->ld_ops = MFI_INFO_LDOPS_DISK_CACHE_POLICY |
+        MFI_INFO_LDOPS_ACCESS_POLICY |
+        MFI_INFO_LDOPS_IO_POLICY |
+        MFI_INFO_LDOPS_WRITE_POLICY |
+        MFI_INFO_LDOPS_READ_POLICY;
+    info->max_strips_per_io = s->fw_sge;
+    info->stripe_sz_ops.min = 3;
+    info->stripe_sz_ops.max = ffs(MEGASAS_MAX_SECTORS + 1) - 1;
+    info->properties.pred_fail_poll_interval = 300;
+    info->properties.intr_throttle_cnt = 16;
+    info->properties.intr_throttle_timeout = 50;
+    info->properties.rebuild_rate = 30;
+    info->properties.patrol_read_rate = 30;
+    info->properties.bgi_rate = 30;
+    info->properties.cc_rate = 30;
+    info->properties.recon_rate = 30;
+    info->properties.cache_flush_interval = 4;
+    info->properties.spinup_drv_cnt = 2;
+    info->properties.spinup_delay = 6;
+    info->properties.ecc_bucket_size = 15;
+    info->properties.ecc_bucket_leak_rate = 1440;
+    info->properties.expose_encl_devices = 1;
+    info->pd_ops = MFI_INFO_PDOPS_FORCE_ONLINE | MFI_INFO_PDOPS_FORCE_OFFLINE;
+    info->pd_mix_support = MFI_INFO_PDMIX_SAS | MFI_INFO_PDMIX_SATA | MFI_INFO_PDMIX_LD;
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_mfc_get_defaults(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_defaults *info = cmd->iov_buf;
+
+    memset(cmd->iov_buf, 0x0, cmd->iov_size);
+    if (cmd->iov_size != sizeof(struct mfi_defaults)) {
+        DPRINTF_DCMD("MFC Get defaults: invalid xfer_len %ld\n", cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    info->stripe_size = 3;
+    info->flush_time = 4;
+    info->background_rate = 30;
+    info->allow_mix_in_enclosure = 1;
+    info->allow_mix_in_ld = 1;
+    info->direct_pd_mapping = 1;
+    info->bios_enumerate_lds = 1;
+    info->disable_ctrl_r = 1;
+    info->expose_enclosure_devices = 1;
+    info->disable_preboot_cli = 1;
+    info->cluster_disable = 1;
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_get_bios_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_bios_data *info = cmd->iov_buf;
+
+    memset(cmd->iov_buf, 0x0, cmd->iov_size);
+    if (cmd->iov_size != sizeof(struct mfi_bios_data)) {
+        DPRINTF_DCMD("Get BIOS info: invalid xfer_len %ld\n", cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+    info->continue_on_error = 1;
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_get_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint64_t fw_time;
+
+    fw_time = megasas_fw_time();
+
+    memcpy(cmd->iov_buf, &fw_time, sizeof(fw_time));
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_set_fw_time(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint64_t fw_time;
+
+    memset(cmd->iov_buf, 0x0, cmd->iov_size);
+    memcpy(&fw_time, cmd->frame->dcmd.mbox, sizeof(fw_time));
+    DPRINTF("set fw time %lx\n", fw_time);
+    fw_time = megasas_fw_time();
+    memcpy(cmd->iov_buf, &fw_time, sizeof(fw_time));
+    return MFI_STAT_OK;
+}
+
+static int megasas_event_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_evt_log_state *info = cmd->iov_buf;
+
+    memset(info, 0, cmd->iov_size);
+    info->newest_seq_num = s->event_count;
+    info->shutdown_seq_num = s->shutdown_event;
+    info->boot_seq_num = s->boot_event;
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_pd_get_list(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_pd_list *info = cmd->iov_buf;
+    uint32_t offset, num_pd_disks = 0, max_luns;
+    uint16_t dev_id;
+
+    memset(cmd->iov_buf, 0, cmd->iov_size);
+    offset = 8;
+    if (cmd->iov_size < (offset + sizeof(struct mfi_pd_address))) {
+        DPRINTF_DCMD("PD get list: invalid xfer_len %ld\n", cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    max_luns = (cmd->iov_size - offset) / sizeof(struct mfi_pd_address);
+    if (max_luns > s->fw_luns) {
+        max_luns = s->fw_luns;
+    }
+    DPRINTF_DCMD("PD get list: returning info for %d PDs\n", max_luns);
+
+    for (dev_id = 0; dev_id < max_luns; dev_id++) {
+        SCSIDevice *sdev;
+
+        sdev = s->bus.devs[dev_id];
+        if (sdev) {
+            info->addr[num_pd_disks].device_id = dev_id;
+            info->addr[num_pd_disks].encl_device_id = dev_id;
+            info->addr[num_pd_disks].sas_addr[0] = megasas_gen_sas_addr((unsigned long)sdev);
+            num_pd_disks ++;
+            offset += sizeof(struct mfi_pd_address);
+        }
+    }
+    DPRINTF_DCMD("PD get list: %d PDs, size %d\n", num_pd_disks, offset);
+
+    info->size = offset;
+    info->count = num_pd_disks;
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_pd_list_query(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint16_t flags;
+
+    /* mbox0 contains flags */
+    flags = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+
+    DPRINTF_DCMD("PD query list: flags %x\n", flags);
+
+    if (flags == MR_PD_QUERY_TYPE_ALL || s->is_jbod) {
+        return megasas_dcmd_pd_get_list(s, cmd);
+    }
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_pd_get_info_submit(SCSIDevice * sdev, int lun,
+                                      struct megasas_cmd_t *cmd)
+{
+    struct mfi_pd_info * info = cmd->iov_buf;
+    uint8_t cmdbuf[6];
+    SCSIRequest *req;
+
+    if (info->inquiry_data[4] == 0) {
+        /* Additional length is zero, resubmit */
+        megasas_setup_inquiry(cmdbuf, 0, info->inquiry_data,
+                              sizeof(info->inquiry_data));
+        req = sdev->info->get_req(sdev, (uint32_t) -1, lun);
+        if (!req) {
+            return MFI_STAT_FLASH_ALLOC_FAIL;
+        }
+        DPRINTF_DCMD("PD get info submit std inquiry to dev %d\n", lun);
+        req->hba_private = cmd;
+        if (cmd->sdev->info->send_command(req, cmdbuf) > 0)
+            cmd->sdev->info->read_data(req);
+        return MFI_STAT_INVALID_STATUS;
+    } else if (info->vpd_page83[3] == 0) {
+        /* Additional length is zero, resubmit */
+        megasas_setup_inquiry(cmdbuf, 0x83,(uint8_t *)info->vpd_page83,
+                              sizeof(info->vpd_page83));
+        req = sdev->info->get_req(sdev, (uint32_t) -1, lun);
+        if (!req) {
+            return MFI_STAT_FLASH_ALLOC_FAIL;
+        }
+        DPRINTF_DCMD("PD get info submit vpd inquiry to dev %d\n", lun);
+        req->hba_private = cmd;
+        if (cmd->sdev->info->send_command(req, cmdbuf) > 0)
+            cmd->sdev->info->read_data(req);
+        return MFI_STAT_INVALID_STATUS;
+    }
+
+    /* Finished, set FW state */
+    if (cmd->state->is_jbod) {
+        info->fw_state = MFI_PD_STATE_SYSTEM;
+    } else {
+        info->fw_state = MFI_PD_STATE_ONLINE;
+    }
+    DPRINTF_DCMD("PD get info set state for dev %d to %x\n", lun, info->fw_state);
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_pd_get_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_pd_info *info = cmd->iov_buf;
+    uint64_t pd_size;
+    uint16_t pd_id;
+    SCSIDevice *sdev = NULL;
+    int retval = MFI_STAT_OK;
+
+    memset(cmd->iov_buf, 0, cmd->iov_size);
+    if (cmd->iov_size != sizeof(struct mfi_pd_info)) {
+        DPRINTF_DCMD("PD get info: invalid xfer_len %ld\n", cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    /* mbox0 has the ID */
+    pd_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+
+    DPRINTF_DCMD("PD get info for dev %d\n", pd_id);
+
+    if (pd_id >= s->fw_luns)
+        return MFI_STAT_DEVICE_NOT_FOUND;
+
+    sdev = s->bus.devs[pd_id];
+    info->ref.v.device_id = pd_id;
+
+    if (sdev) {
+        BlockConf *conf = &sdev->conf;
+
+        info->state.ddf.v.pd_type.in_vd = 1;
+        info->state.ddf.v.pd_type.intf = 0x2;
+        bdrv_get_geometry(conf->bs, &pd_size);
+        info->raw_size = pd_size;
+        info->non_coerced_size = pd_size;
+        info->coerced_size = pd_size;
+        info->fw_state = MFI_PD_STATE_OFFLINE;
+        info->path_info.count = 1;
+        info->path_info.sas_addr[0] = megasas_gen_sas_addr((unsigned long)sdev);
+        /* Submit inquiry */
+        retval = megasas_pd_get_info_submit(cmd->sdev, pd_id, cmd);
+    }
+
+    return retval;
+}
+
+static int megasas_dcmd_ld_get_list(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ld_list *info = cmd->iov_buf;
+    uint32_t num_ld_disks = 0, max_ld_disks = s->is_jbod ? 0 : s->fw_luns;
+    uint64_t ld_size;
+    uint8_t n;
+    int offset;
+
+    memset(cmd->iov_buf, 0, cmd->iov_size);
+    if (cmd->iov_size != sizeof(struct mfi_ld_list)) {
+        DPRINTF_DCMD("LD get list: invalid xfer_len %ld\n", cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    DPRINTF_DCMD("LD get list: returning info for %d LDs\n", max_ld_disks);
+
+    for (n = 0; n < max_ld_disks; n++) {
+        SCSIDevice *sdev;
+
+        sdev = s->bus.devs[n];
+        if (sdev) {
+            BlockConf *conf = &sdev->conf;
+
+            bdrv_get_geometry(conf->bs, &ld_size);
+            ld_size *= 512;
+            info->ld_list[num_ld_disks].ld.v.target_id = n;
+            info->ld_list[num_ld_disks].state = MFI_LD_STATE_OPTIMAL;
+            info->ld_list[num_ld_disks].size = ld_size;
+            num_ld_disks ++;
+            offset += 18;
+        }
+    }
+    info->ld_count = num_ld_disks;
+    DPRINTF_DCMD("LD get list: found %d LDs\n", num_ld_disks);
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_ld_get_info_submit(SCSIDevice * sdev, int lun,
+                                      struct megasas_cmd_t *cmd)
+{
+    struct mfi_ld_info * info = cmd->iov_buf;
+    uint8_t cdb[6];
+    SCSIRequest *req;
+
+    if (info->vpd_page83[3] == 0) {
+        megasas_setup_inquiry(cdb, 0x83,(uint8_t *)info->vpd_page83,
+                              sizeof(info->vpd_page83));
+        req = sdev->info->get_req(sdev, (uint32_t) -1, lun);
+        if (!req) {
+            return MFI_STAT_FLASH_ALLOC_FAIL;
+        }
+        DPRINTF_DCMD("LD get info submit vpd inquiry to dev %d\n", lun);
+        req->hba_private = cmd;
+        if (cmd->sdev->info->send_command(req, cdb) > 0)
+            cmd->sdev->info->read_data(req);
+        return MFI_STAT_INVALID_STATUS;
+    }
+    info->ld_config.params.state = MFI_LD_STATE_OPTIMAL;
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_ld_get_info(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ld_info *info = cmd->iov_buf;
+    uint64_t ld_size;
+    uint16_t ld_id;
+    uint32_t max_ld_disks = s->is_jbod ? 0 : s->fw_luns;
+    SCSIDevice *sdev = NULL;
+    int retval = MFI_STAT_OK;
+
+    memset(cmd->iov_buf, 0, cmd->iov_size);
+    if (cmd->iov_size != sizeof(struct mfi_ld_info)) {
+        DPRINTF_DCMD("LD get info: invalid xfer_len %ld\n", cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    /* mbox0 has the ID */
+    ld_id = le16_to_cpu(cmd->frame->dcmd.mbox[0]);
+
+    DPRINTF_DCMD("LD get info for dev %d\n", ld_id);
+    if (ld_id >= max_ld_disks)
+        return MFI_STAT_DEVICE_NOT_FOUND;
+
+    sdev = s->bus.devs[ld_id];
+    info->ld_config.properties.ld.v.target_id = ld_id;
+
+    if (sdev) {
+        BlockConf *conf = &sdev->conf;
+        info->ld_config.params.stripe_size = 3;
+        info->ld_config.params.num_drives = 1;
+        info->ld_config.params.state = MFI_LD_STATE_OFFLINE;
+        info->ld_config.params.is_consistent = 1;
+        bdrv_get_geometry(conf->bs, &ld_size);
+        info->size = ld_size;
+        retval = megasas_ld_get_info_submit(cmd->sdev, ld_id, cmd);
+    }
+
+    return retval;
+}
+
+static int megasas_dcmd_get_properties(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    struct mfi_ctrl_props *info = cmd->iov_buf;
+
+    if (cmd->iov_size != sizeof(struct mfi_ctrl_props)) {
+        DPRINTF_DCMD("DCMD get properties: invalid xfer_len %ld\n", cmd->iov_size);
+        memset(cmd->iov_buf, 0, cmd->iov_size);
+        return MFI_STAT_INVALID_PARAMETER;
+    }
+
+    DPRINTF_DCMD("DCMD get properties\n");
+    info->pred_fail_poll_interval = 300;
+    info->intr_throttle_cnt = 16;
+    info->intr_throttle_timeout = 50;
+    info->rebuild_rate = 30;
+    info->patrol_read_rate = 30;
+    info->bgi_rate = 30;
+    info->cc_rate = 30;
+    info->recon_rate = 30;
+    info->cache_flush_interval = 4;
+    info->spinup_drv_cnt = 2;
+    info->spinup_delay = 6;
+    info->ecc_bucket_size = 15;
+    info->ecc_bucket_leak_rate = 1440;
+    info->expose_encl_devices = 1;
+
+    return MFI_STAT_OK;
+}
+
+static int megasas_cache_flush(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    DPRINTF_DCMD("MFI DCMD Cache flush\n");
+    qemu_aio_flush();
+    return MFI_STAT_OK;
+}
+
+static int megasas_ctrl_shutdown(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    DPRINTF_DCMD("MFI DCMD Controller shutdown\n");
+    s->fw_state = MFI_FWSTATE_READY;
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_set_properties(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint8_t *dummy;
+
+    DPRINTF_DCMD("DCMD set properties\n");
+    dummy = cmd->iov_buf;
+    DPRINTF_DCMD("Properties dump\n");
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x00], dummy[0x01], dummy[0x02], dummy[0x03],
+            dummy[0x04], dummy[0x05], dummy[0x06], dummy[0x07]);
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x08], dummy[0x09], dummy[0x0a], dummy[0x0b],
+            dummy[0x0c], dummy[0x0d], dummy[0x0e], dummy[0x0f]);
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x10], dummy[0x11], dummy[0x12], dummy[0x13],
+            dummy[0x14], dummy[0x15], dummy[0x16], dummy[0x17]);
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x18], dummy[0x19], dummy[0x1a], dummy[0x1b],
+            dummy[0x1c], dummy[0x1d], dummy[0x1e], dummy[0x1f]);
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x20], dummy[0x21], dummy[0x22], dummy[0x23],
+            dummy[0x24], dummy[0x25], dummy[0x26], dummy[0x27]);
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x28], dummy[0x29], dummy[0x2a], dummy[0x2b],
+            dummy[0x2c], dummy[0x2d], dummy[0x2e], dummy[0x2f]);
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x30], dummy[0x31], dummy[0x32], dummy[0x33],
+            dummy[0x34], dummy[0x35], dummy[0x36], dummy[0x37]);
+    DPRINTF_DCMD("%02x %02x %02x %0x2 %02x %02x %02x %02x\n",
+            dummy[0x38], dummy[0x39], dummy[0x3a], dummy[0x3b],
+            dummy[0x3c], dummy[0x3d], dummy[0x3e], dummy[0x3f]);
+    return MFI_STAT_OK;
+}
+
+static int megasas_dcmd_dummy(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    DPRINTF_DCMD("DCMD dummy: xfer_len %ld\n", cmd->iov_size);
+    memset(cmd->iov_buf, 0, cmd->iov_size);
+
+    return MFI_STAT_OK;
+}
+
+
+static const struct dcmd_cmd_tbl_t {
+    int opcode;
+    int (*func)(MPTState *s, struct megasas_cmd_t *cmd);
+} dcmd_cmd_tbl[] = {
+    {MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC, megasas_dcmd_dummy},
+    {MFI_DCMD_CTRL_GET_INFO, megasas_ctrl_get_info},
+    {MFI_DCMD_CTRL_GET_PROPERTIES, megasas_dcmd_get_properties},
+    {MFI_DCMD_CTRL_SET_PROPERTIES, megasas_dcmd_set_properties},
+    {MFI_DCMD_SPEAKER_GET, megasas_dcmd_dummy},
+    {MFI_DCMD_SPEAKER_ENABLE, megasas_dcmd_dummy},
+    {MFI_DCMD_SPEAKER_DISABLE, megasas_dcmd_dummy},
+    {MFI_DCMD_SPEAKER_SILENCE, megasas_dcmd_dummy},
+    {MFI_DCMD_SPEAKER_TEST, megasas_dcmd_dummy},
+    {MFI_DCMD_CTRL_EVENT_GETINFO, megasas_event_info},
+    {MFI_DCMD_CTRL_EVENT_GET, megasas_dcmd_dummy},
+    {MFI_DCMD_CTRL_EVENT_WAIT, megasas_dcmd_dummy},
+    {MFI_DCMD_CTRL_SHUTDOWN, megasas_ctrl_shutdown},
+    {MFI_DCMD_HIBERNATE_SHUTDOWN, megasas_dcmd_dummy},
+    {MFI_DCMD_CTRL_GET_TIME, megasas_dcmd_get_fw_time},
+    {MFI_DCMD_CTRL_SET_TIME, megasas_dcmd_set_fw_time},
+    {MFI_DCMD_CTRL_GET_BIOS_INFO, megasas_dcmd_get_bios_info},
+    {MFI_DCMD_CTRL_FACTORY_DEFAULTS, megasas_dcmd_dummy},
+    {MFI_DCMD_CTRL_MFC_DEFAULTS_GET, megasas_mfc_get_defaults},
+    {MFI_DCMD_CTRL_MFC_DEFAULTS_SET, megasas_dcmd_dummy},
+    {MFI_DCMD_CTRL_CACHE_FLUSH, megasas_cache_flush},
+    {MFI_DCMD_PD_GET_LIST, megasas_dcmd_pd_get_list},
+    {MFI_DCMD_PD_LIST_QUERY, megasas_dcmd_pd_list_query},
+    {MFI_DCMD_PD_GET_INFO, megasas_dcmd_pd_get_info},
+    {MFI_DCMD_PD_STATE_SET, megasas_dcmd_dummy},
+    {MFI_DCMD_PD_REBUILD, megasas_dcmd_dummy},
+    {MFI_DCMD_PD_BLINK, megasas_dcmd_dummy},
+    {MFI_DCMD_PD_UNBLINK, megasas_dcmd_dummy},
+    {MFI_DCMD_LD_GET_LIST, megasas_dcmd_ld_get_list},
+    {MFI_DCMD_LD_GET_INFO, megasas_dcmd_ld_get_info},
+    {MFI_DCMD_LD_GET_PROP, megasas_dcmd_dummy},
+    {MFI_DCMD_LD_SET_PROP, megasas_dcmd_dummy},
+    {MFI_DCMD_LD_DELETE, megasas_dcmd_dummy},
+    {MFI_DCMD_CFG_READ, megasas_dcmd_dummy},
+    {MFI_DCMD_CFG_ADD, megasas_dcmd_dummy},
+    {MFI_DCMD_CFG_CLEAR, megasas_dcmd_dummy},
+    {MFI_DCMD_CFG_FOREIGN_READ, megasas_dcmd_dummy},
+    {MFI_DCMD_CFG_FOREIGN_IMPORT, megasas_dcmd_dummy},
+    {MFI_DCMD_BBU_STATUS, megasas_dcmd_dummy},
+    {MFI_DCMD_BBU_CAPACITY_INFO, megasas_dcmd_dummy},
+    {MFI_DCMD_BBU_DESIGN_INFO, megasas_dcmd_dummy},
+    {MFI_DCMD_BBU_PROP_GET, megasas_dcmd_dummy},
+    {MFI_DCMD_CLUSTER, megasas_dcmd_dummy},
+    {MFI_DCMD_CLUSTER_RESET_ALL, megasas_dcmd_dummy},
+    {MFI_DCMD_CLUSTER_RESET_LD, megasas_dcmd_dummy},
+    {-1, NULL}
+};
+
+static int megasas_handle_dcmd(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    int opcode, size = 0, len;
+    int retval = 0;
+    const struct dcmd_cmd_tbl_t *cmdptr = dcmd_cmd_tbl;
+
+    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+    DPRINTF_DCMD("frame %d: MFI DCMD opcode %x\n", cmd->index, opcode);
+    len = megasas_map_dcmd(cmd);
+    if (len < 0) {
+        return MFI_STAT_MEMORY_NOT_AVAILABLE;
+    }
+    while (cmdptr->opcode != -1 && cmdptr->opcode != opcode) {
+        cmdptr++;
+    }
+    if (cmdptr->opcode == -1) {
+        DPRINTF("MFI DCMD %x unhandled (len %d)\n", opcode, len);
+        retval = megasas_dcmd_dummy(s, cmd);
+    } else {
+        retval = cmdptr->func(s, cmd);
+    }
+    if (retval != MFI_STAT_INVALID_STATUS) {
+        size = megasas_finish_dcmd(cmd, cmd->iov_size);
+        DPRINTF_DCMD("MFI DCMD wrote %d bytes\n", size);
+    }
+    return retval;
+}
+
+static int megasas_finish_internal_dcmd(struct megasas_cmd_t *cmd,
+                                        SCSIRequest *req)
+{
+    int opcode;
+    int retval = MFI_STAT_OK;
+    int lun = req->lun;
+
+    opcode = le32_to_cpu(cmd->frame->dcmd.opcode);
+    cmd->sdev->info->put_req(req);
+    DPRINTF_DCMD("DCMD finish internal cmd %x lun %d\n", opcode, lun);
+    switch (opcode) {
+        case MFI_DCMD_PD_GET_INFO:
+            DPRINTF_DCMD("Internal DCMD PD get info\n");
+            retval = megasas_pd_get_info_submit(cmd->sdev, lun, cmd);
+            break;
+        case MFI_DCMD_LD_GET_INFO:
+            DPRINTF_DCMD("Internal DCMD LD get info\n");
+            retval = megasas_ld_get_info_submit(cmd->sdev, lun, cmd);
+            break;
+        default:
+            DPRINTF_DCMD("Invalid internal DCMD\n");
+            retval = MFI_STAT_INVALID_DCMD;
+            break;
+    }
+    if (retval != MFI_STAT_INVALID_STATUS) {
+        megasas_finish_dcmd(cmd, cmd->iov_size);
+    }
+    return retval;
+}
+
+static int megasas_handle_scsi(MPTState *s, struct megasas_cmd_t *cmd, int is_logical)
+{
+    uint8_t *cdb;
+    int sglnum, len;
+
+    cdb = cmd->frame->pass.cdb;
+
+    if (cmd->frame->header.target_id < s->fw_luns) {
+        cmd->sdev = s->bus.devs[cmd->frame->header.target_id];
+    }
+    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len);
+    DPRINTF_IO("%s %s dev %x lun %x sdev %p xfer %lu\n",
+               mfi_frame_desc[cmd->frame->header.frame_cmd],
+               is_logical ? "logical" : "physical",
+               cmd->frame->header.target_id, cmd->frame->header.lun_id,
+               cmd->sdev, cmd->iov_size);
+
+    if (!cmd->sdev || (s->is_jbod && is_logical)) {
+        DPRINTF_IO("%s %s dev %x/%x target not present\n",
+                   mfi_frame_desc[cmd->frame->header.frame_cmd],
+                   is_logical ? "logical" : "physical",
+                   cmd->frame->header.target_id,
+                   cmd->frame->header.lun_id);
+        return MFI_STAT_DEVICE_NOT_FOUND;
+    }
+
+    if (cmd->frame->header.cdb_len > 16) {
+        DPRINTF("%s dev %x/%x invalid cdb len %d\n",
+                mfi_frame_desc[cmd->frame->header.frame_cmd],
+                cmd->frame->header.target_id, cmd->frame->header.lun_id,
+                cmd->frame->header.cdb_len);
+        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
+        cmd->frame->header.scsi_status = CHECK_CONDITION;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    sglnum = megasas_map_sgl(cmd, offsetof(struct mfi_pass_frame, sgl));
+
+    cmd->req = cmd->sdev->info->get_req_iov(cmd->sdev, cmd->context,
+                                            cmd->frame->header.lun_id,
+                                            cmd->iov, sglnum);
+    cmd->req->hba_private = cmd;
+    len = cmd->sdev->info->send_command(cmd->req, cdb);
+    if (len > 0) {
+        DPRINTF_IO("%d bytes of data available for reading\n", len);
+        cmd->sdev->info->read_data(cmd->req);
+    } else if (len < 0) {
+        DPRINTF_IO("%d bytes of data available for writing\n", -len);
+        cmd->sdev->info->write_data(cmd->req);
+    } else {
+        DPRINTF_IO("No data to be transferred\n");
+    }
+    return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_handle_io(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint32_t lba_count, lba_start_hi, lba_start_lo;
+    uint64_t lba_start;
+    int write = cmd->frame->header.frame_cmd == MFI_CMD_LD_WRITE ? 1 : 0;
+    uint8_t cdb[16];
+    int sglnum, len;
+
+    lba_count = le32_to_cpu(cmd->frame->io.header.data_len);
+    lba_start_lo = le32_to_cpu(cmd->frame->io.lba_lo);
+    lba_start_hi = le32_to_cpu(cmd->frame->io.lba_hi);
+    lba_start = ((uint64_t)lba_start_hi << 32) | lba_start_lo;
+
+    if (cmd->frame->header.target_id < s->fw_luns) {
+        cmd->sdev = s->bus.devs[cmd->frame->header.target_id];
+    }
+    cmd->iov_size = le32_to_cpu(cmd->frame->header.data_len) *
+        cmd->sdev->blocksize;
+
+    DPRINTF_IO("%s dev %x lun %x lba %lx count %lx\n",
+               mfi_frame_desc[cmd->frame->header.frame_cmd],
+               cmd->frame->header.target_id, cmd->frame->header.lun_id,
+               (unsigned long)lba_start, (unsigned long)lba_count);
+    if (!cmd->sdev) {
+        DPRINTF_IO("%s dev %x/%x LUN not present\n",
+                   mfi_frame_desc[cmd->frame->header.frame_cmd],
+                   cmd->frame->header.target_id, cmd->frame->header.lun_id);
+        return MFI_STAT_DEVICE_NOT_FOUND;
+    }
+
+    if (cmd->frame->header.cdb_len > 16) {
+        DPRINTF("%s dev %x/%x invalid cdb len %d\n",
+                mfi_frame_desc[cmd->frame->header.frame_cmd],
+                cmd->frame->header.target_id, cmd->frame->header.lun_id,
+                cmd->frame->header.cdb_len);
+        megasas_write_sense(cmd, SENSE_CODE(INVALID_OPCODE));
+        cmd->frame->header.scsi_status = CHECK_CONDITION;
+        s->event_count++;
+        return MFI_STAT_SCSI_DONE_WITH_ERROR;
+    }
+
+    sglnum = megasas_map_sgl(cmd, offsetof(struct mfi_io_frame, sgl));
+    cmd->req = cmd->sdev->info->get_req_iov(cmd->sdev, cmd->context,
+                                            cmd->frame->header.lun_id,
+                                            cmd->iov, sglnum);
+    cmd->req->hba_private = cmd;
+    megasas_encode_lba(cdb, lba_start, lba_count, write);
+    len = cmd->sdev->info->send_command(cmd->req, cdb);
+    if (len > 0)
+        cmd->sdev->info->read_data(cmd->req);
+    else if (len < 0) {
+        cmd->iov_size += len;
+        cmd->sdev->info->write_data(cmd->req);
+    }
+    return MFI_STAT_INVALID_STATUS;
+}
+
+static int megasas_finish_internal_command(struct megasas_cmd_t *cmd,
+                                           SCSIRequest *req)
+{
+    int retval = MFI_STAT_INVALID_CMD;
+
+    switch (cmd->frame->header.frame_cmd) {
+        case MFI_CMD_DCMD:
+            retval = megasas_finish_internal_dcmd(cmd, req);
+            break;
+        default:
+            break;
+    }
+    return retval;
+}
+
+static void megasas_command_complete(SCSIRequest *req, int reason, uint32_t arg)
+{
+    struct megasas_cmd_t *cmd;
+    uint8_t cmd_status = MFI_STAT_OK;
+
+    cmd = req->hba_private;
+    if (!cmd) {
+        /*
+	 * Bad. A command has been completed but we couldn't find it.
+	 * Only safe way out of here is to terminate everything and
+	 * hope the HBA recovers.
+	 */
+        DPRINTF("SCSI request tag %x not found", req->tag);
+        return;
+    }
+
+    DPRINTF_IO("%s req %p cmd %p lun %p command completed, arg %u\n",
+               mfi_frame_desc[cmd->frame->header.frame_cmd], req, cmd,
+               cmd->sdev, arg);
+
+    if (cmd->req != req) {
+        /*
+	 * Internal command complete
+	 */
+        cmd_status = megasas_finish_internal_command(cmd, req);
+        if (cmd_status == MFI_STAT_INVALID_STATUS) {
+            return;
+        }
+    } else if (reason == SCSI_REASON_DATA) {
+        uint16_t flags = le16_to_cpu(cmd->frame->header.flags);
+        int is_write = (flags & MFI_FRAME_DIR_WRITE) ? 1 : 0;
+
+        if (is_write) {
+            DPRINTF_IO("%s req %p cmd %p lun %p write finished, left %u\n",
+                       mfi_frame_desc[cmd->frame->header.frame_cmd], req,
+                       cmd, cmd->sdev, arg);
+            cmd->iov_size -= arg;
+            cmd->req->dev->info->write_data(cmd->req);
+        } else {
+            DPRINTF_IO("%s req %p cmd %p lun %p read finished, len %u\n",
+                       mfi_frame_desc[cmd->frame->header.frame_cmd], req,
+                       cmd, cmd->sdev, arg);
+            cmd->iov_size -= arg;
+            cmd->req->dev->info->read_data(cmd->req);
+        }
+        return;
+    } else if (reason == SCSI_REASON_DONE) {
+        req->status = arg;
+        DPRINTF_IO("%s req %p cmd %p lun %p finished with status %x len %u\n",
+                   mfi_frame_desc[cmd->frame->header.frame_cmd], req, cmd,
+                   cmd->sdev, req->status,
+                   (unsigned)(req->cmd.xfer - cmd->iov_size));
+        if (req->status != GOOD) {
+            cmd_status = MFI_STAT_SCSI_DONE_WITH_ERROR;
+        }
+        if (req->status == CHECK_CONDITION) {
+            megasas_copy_sense(cmd);
+        }
+
+        megasas_unmap_sgl(cmd);
+        cmd->frame->header.scsi_status = req->status;
+        cmd->req->dev->info->put_req(cmd->req);
+        cmd->req = NULL;
+    }
+    cmd->frame->header.cmd_status = cmd_status;
+    megasas_dequeue_frame(cmd->state, cmd->context);
+}
+
+static int megasas_handle_abort(MPTState *s, struct megasas_cmd_t *cmd)
+{
+    uint32_t abort_ctx = le32_to_cpu(cmd->frame->abort.abort_context);
+    target_phys_addr_t abort_addr, addr_hi, addr_lo;
+    struct megasas_cmd_t *abort_cmd;
+
+    addr_hi = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_hi);
+    addr_lo = le32_to_cpu(cmd->frame->abort.abort_mfi_addr_lo);
+    abort_addr = ((uint64_t)addr_hi << 32) | addr_lo;
+
+    abort_cmd = megasas_lookup_frame(s, abort_addr);
+    if (!abort_cmd) {
+        DPRINTF("No active command for frame context %x\n", abort_ctx);
+        s->event_count++;
+        return MFI_STAT_OK;
+    }
+    if (abort_cmd->context != abort_ctx) {
+        DPRINTF("abort frame %x: invalid context %x\n", abort_cmd->index,
+                abort_cmd->context);
+        s->event_count++;
+        return MFI_STAT_ABORT_NOT_POSSIBLE;
+    }
+    DPRINTF("aborting frame %x\n", abort_cmd->index);
+    megasas_dump_frame(abort_cmd);
+    megasas_abort_command(abort_cmd);
+    s->event_count++;
+    return MFI_STAT_OK;
+}
+
+static void megasas_handle_frame(MPTState *s, target_phys_addr_t frame_addr,
+                                 uint32_t frame_count)
+{
+    uint8_t frame_cmd;
+    uint8_t frame_status = MFI_STAT_INVALID_CMD;
+    uint32_t frame_context;
+    struct megasas_cmd_t *cmd;
+
+    frame_cmd = megasas_frame_get_cmd(frame_addr);
+    frame_context = megasas_frame_get_context(frame_addr);
+
+    DPRINTF_MFI("MFI cmd %x context %x count %d\n",
+                frame_cmd, frame_context, frame_count);
+
+    cmd = megasas_enqueue_frame(s, frame_addr, frame_count);
+    if (!cmd) {
+        /* reply queue full */
+        megasas_frame_set_scsi_status(frame_addr, BUSY);
+        megasas_frame_set_cmd_status(frame_addr, MFI_STAT_SCSI_DONE_WITH_ERROR);
+        megasas_dequeue_frame(s, frame_context);
+        s->event_count++;
+        return;
+    }
+    switch (cmd->frame->header.frame_cmd) {
+        case MFI_CMD_INIT:
+            megasas_init_firmware(s, cmd);
+            frame_status = MFI_STAT_OK;
+            break;
+        case MFI_CMD_DCMD:
+            frame_status = megasas_handle_dcmd(s, cmd);
+            break;
+        case MFI_CMD_ABORT:
+            frame_status = megasas_handle_abort(s, cmd);
+            break;
+        case MFI_CMD_PD_SCSI_IO:
+            frame_status = megasas_handle_scsi(s, cmd, 0);
+            break;
+        case MFI_CMD_LD_SCSI_IO:
+            frame_status = megasas_handle_scsi(s, cmd, 1);
+            break;
+        case MFI_CMD_LD_READ:
+        case MFI_CMD_LD_WRITE:
+            frame_status = megasas_handle_io(s, cmd);
+            break;
+        default:
+            DPRINTF("Unhandled MFI cmd %x\n", cmd->frame->header.frame_cmd);
+            s->event_count++;
+            break;
+    }
+    if (frame_status != MFI_STAT_INVALID_STATUS) {
+        cmd->frame->header.cmd_status = frame_status;
+        megasas_dequeue_frame(s, cmd->context);
+    }
+}
+
+static uint32_t megasas_mmio_readb(void *opaque, target_phys_addr_t addr)
+{
+    DPRINTF_REG("readb mmio 0x%lx\n", (unsigned long)addr);
+    return 0;
+}
+
+static uint32_t megasas_mmio_readw(void *opaque, target_phys_addr_t addr)
+{
+    DPRINTF_REG("readw mmio 0x%lx\n", (unsigned long)addr);
+    return 0;
+}
+
+static uint32_t megasas_mmio_readl(void *opaque, target_phys_addr_t addr)
+{
+    MPTState *s = opaque;
+
+    DPRINTF_REG("readl mmio 0x%lx\n", (unsigned long)addr);
+    switch (addr) {
+        case MFI_IDB:
+            return 0;
+        case MFI_OMSG0:
+        case MFI_OSP0:
+            return (s->fw_state & MFI_FWSTATE_MASK) | ((s->fw_sge & 0xff) << 16) | (s->fw_cmds & 0xFFFF);
+        case MFI_OSTS:
+            if (MEGASAS_INTR_ENABLED(s) && s->doorbell)
+                return MFI_1078_RM | s->doorbell;
+            break;
+        case MFI_OMSK:
+            return s->intr_mask;
+        case MFI_ODCR0:
+            return s->doorbell;
+        default:
+            BADF("readb 0x%lx\n", (unsigned long)addr);
+            break;
+    }
+    return 0;
+}
+
+static void megasas_mmio_writeb(void *opaque, target_phys_addr_t addr,
+                                uint32_t val)
+{
+    DPRINTF_REG("writeb mmio %lx: %x\n", (unsigned long)addr, val);
+}
+
+static void megasas_mmio_writew(void *opaque, target_phys_addr_t addr,
+                                uint32_t val)
+{
+    DPRINTF_REG("writew mmio %lx: %x\n", (unsigned long)addr, val);
+}
+
+static void megasas_mmio_writel(void *opaque, target_phys_addr_t addr,
+                                uint32_t val)
+{
+    MPTState *s = opaque;
+    target_phys_addr_t frame_addr;
+    uint32_t frame_count;
+    int i;
+
+    DPRINTF_REG("writel mmio %lx: %x\n", (unsigned long)addr, val);
+
+    switch (addr) {
+        case MFI_IDB:
+            if (val & MFI_FWINIT_ABORT) {
+                /* Abort all pending cmds */
+                for (i = 0; i <= s->fw_cmds; i++)
+                    megasas_abort_command(&s->frames[i]);
+            }
+            if (val & MFI_FWINIT_READY) {
+                /* move to FW READY */
+                megasas_soft_reset(s);
+            }
+            if (val & MFI_FWINIT_MFIMODE) {
+                /* discard MFIs */
+            }
+            break;
+        case MFI_OMSK:
+            s->intr_mask = val;
+            if (!MEGASAS_INTR_ENABLED(s)) {
+                qemu_irq_lower(s->dev.irq[0]);
+            }
+            break;
+        case MFI_ODCR0:
+            /* Update reply queue pointer */
+            DPRINTF_QUEUE("Update reply queue head %x busy %d\n",
+                          s->reply_queue_index, s->busy);
+            stl_phys(s->producer_pa, s->reply_queue_index);
+            s->doorbell = 0;
+            qemu_irq_lower(s->dev.irq[0]);
+            break;
+        case MFI_IQPH:
+            s->frame_hi = val;
+            break;
+        case MFI_IQPL:
+        case MFI_IQP:
+            /* Received MFI frame address */
+            frame_addr = (val & ~0xFF);
+            /* Add possible 64 bit offset */
+            frame_addr |= (uint64_t)s->frame_hi;
+            s->frame_hi = 0;
+            frame_count = (val >> 1) & 0x7F;
+            DPRINTF_MFI("Received frame addr %lx count %d\n",
+                        (unsigned long)frame_addr, frame_count);
+            megasas_handle_frame(s, frame_addr, frame_count);
+            break;
+        default:
+            BADF("writel 0x%lx: %x\n", (unsigned long)addr, val);
+            break;
+    }
+}
+
+static CPUReadMemoryFunc * const megasas_mmio_readfn[3] = {
+    megasas_mmio_readb,
+    megasas_mmio_readw,
+    megasas_mmio_readl,
+};
+
+static CPUWriteMemoryFunc * const megasas_mmio_writefn[3] = {
+    megasas_mmio_writeb,
+    megasas_mmio_writew,
+    megasas_mmio_writel,
+};
+
+static uint32_t megasas_io_readb(void *opaque, uint32_t addr)
+{
+    DPRINTF_REG("readb reg 0x%lx\n", (unsigned long)addr);
+    return 0;
+}
+
+static uint32_t megasas_io_readw(void *opaque, uint32_t addr)
+{
+    DPRINTF_REG("readw reg 0x%lx\n", (unsigned long)addr);
+    return 0;
+}
+
+static uint32_t megasas_io_readl(void *opaque, uint32_t addr)
+{
+    DPRINTF_REG("readl reg 0x%lx\n", (unsigned long)addr);
+    return megasas_mmio_readl(opaque, addr & 0xff);
+}
+
+static void megasas_io_writeb(void *opaque, uint32_t addr, uint32_t val)
+{
+    DPRINTF_REG("writeb reg 0x%lx: %x\n", (unsigned long)addr, val);
+}
+
+static void megasas_io_writew(void *opaque, uint32_t addr, uint32_t val)
+{
+    DPRINTF_REG("writew reg 0x%lx: %x\n", (unsigned long)addr, val);
+}
+
+static void megasas_io_writel(void *opaque, uint32_t addr, uint32_t val)
+{
+    DPRINTF_REG("writel reg 0x%lx: %x\n", (unsigned long)addr, val);
+    megasas_mmio_writel(opaque, addr & 0xff, val);
+}
+
+static CPUReadMemoryFunc * const megasas_io_readfn[3] = {
+    megasas_mmio_readb,
+    megasas_mmio_readw,
+    megasas_mmio_readl,
+};
+
+static CPUWriteMemoryFunc * const megasas_io_writefn[3] = {
+    megasas_mmio_writeb,
+    megasas_mmio_writew,
+    megasas_mmio_writel,
+};
+
+static uint32_t megasas_queue_readl(void *opaque, target_phys_addr_t addr)
+{
+    DPRINTF_REG("readl queue 0x%lx\n", (unsigned long)addr);
+    return 0;
+}
+
+static void megasas_queue_writel(void *opaque, target_phys_addr_t addr,
+                                 uint32_t val)
+{
+    DPRINTF_REG("writel queue %lx: %x\n", (unsigned long)addr, val);
+}
+
+static CPUReadMemoryFunc * const megasas_queue_readfn[3] = {
+    NULL,
+    NULL,
+    megasas_queue_readl,
+};
+
+static CPUWriteMemoryFunc * const megasas_queue_writefn[3] = {
+    NULL,
+    NULL,
+    megasas_queue_writel,
+};
+
+static void megasas_soft_reset(MPTState *s)
+{
+    int i;
+    struct megasas_cmd_t *cmd;
+
+    DPRINTF("Reset\n");
+    for (i = 0; i <= s->fw_cmds; i++) {
+        cmd = &s->frames[i];
+        megasas_abort_command(cmd);
+        if (cmd->frame) {
+            cpu_physical_memory_unmap(cmd->frame, cmd->pa_size, 0, 0);
+            cmd->frame = NULL;
+            cmd->pa = 0;
+        }
+    }
+    s->reply_queue_len = 0;
+    s->reply_queue_pa = 0;
+    s->consumer_pa = 0;
+    s->producer_pa = 0;
+    s->fw_state = MFI_FWSTATE_READY;
+    s->doorbell = 0;
+    s->intr_mask = MEGASAS_INTR_DISABLED_MASK;
+    s->frame_hi = 0;
+    s->event_count++;
+    s->boot_event = s->event_count;
+}
+
+static void megasas_mmio_mapfunc(PCIDevice *pci_dev, int region_num,
+                                 pcibus_t addr, pcibus_t size, int type)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev, pci_dev);
+
+    DPRINTF_REG("Mapping MMIO region %d at %08lx\n", region_num, (unsigned long)addr);
+    cpu_register_physical_memory(addr, size, s->mmio_io_addr);
+    s->event_count++;
+}
+
+static void megasas_io_mapfunc(PCIDevice *pci_dev, int region_num,
+                               pcibus_t addr, pcibus_t size, int type)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev, pci_dev);
+
+    DPRINTF_REG("Mapping IO region %d at %08lx\n", region_num, (unsigned long)addr);
+    register_ioport_write(addr, size, 1, megasas_io_writeb, s);
+    register_ioport_write(addr, size, 2, megasas_io_writew, s);
+    register_ioport_write(addr, size, 4, megasas_io_writel, s);
+    register_ioport_read(addr, size, 1, megasas_io_readb, s);
+    register_ioport_read(addr, size, 2, megasas_io_readw, s);
+    register_ioport_read(addr, size, 4, megasas_io_readl, s);
+    s->event_count++;
+}
+
+static void megasas_queue_mapfunc(PCIDevice *pci_dev, int region_num,
+                                  pcibus_t addr, pcibus_t size, int type)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev, pci_dev);
+
+    DPRINTF_REG("Mapping QUEUE region %d at %08lx\n", region_num, (unsigned long)addr);
+    cpu_register_physical_memory(addr, size, s->queue_addr);
+    s->event_count++;
+}
+
+static void megasas_scsi_reset(DeviceState *dev)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev.qdev, dev);
+
+    megasas_soft_reset(s);
+}
+
+static const VMStateDescription vmstate_megasas = {
+    .name = "megasas",
+    .version_id = 0,
+    .minimum_version_id = 0,
+    .minimum_version_id_old = 0,
+    .fields      = (VMStateField []) {
+        VMSTATE_PCI_DEVICE(dev, MPTState),
+
+        VMSTATE_INT32(fw_state, MPTState),
+        VMSTATE_INT32(intr_mask, MPTState),
+        VMSTATE_INT32(doorbell, MPTState),
+        VMSTATE_UINT64(reply_queue_pa, MPTState),
+        VMSTATE_UINT64(consumer_pa, MPTState),
+        VMSTATE_UINT64(producer_pa, MPTState),
+        VMSTATE_END_OF_LIST()
+    }
+};
+
+static int megasas_scsi_uninit(PCIDevice *d)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev, d);
+
+    cpu_unregister_io_memory(s->mmio_io_addr);
+
+    return 0;
+}
+
+static int megasas_scsi_init(PCIDevice *dev)
+{
+    MPTState *s = DO_UPCAST(MPTState, dev, dev);
+    uint8_t *pci_conf;
+    int i;
+
+    pci_conf = s->dev.config;
+
+    /* PCI Vendor ID (word) */
+    pci_config_set_vendor_id(pci_conf, PCI_VENDOR_ID_LSI_LOGIC);
+    /* PCI device ID (word) */
+    pci_config_set_device_id(pci_conf,  PCI_DEVICE_ID_LSI_SAS1078);
+    /* PCI subsystem ID */
+    pci_set_word(&pci_conf[PCI_SUBSYSTEM_VENDOR_ID], 0x1000);
+    pci_set_word(&pci_conf[PCI_SUBSYSTEM_ID], 0x1013);
+    /* PCI base class code */
+    pci_config_set_class(pci_conf, PCI_CLASS_STORAGE_RAID);
+
+    /* PCI latency timer = 0 */
+    pci_conf[0x0d] = 0;
+    /* Interrupt pin 1 */
+    pci_conf[0x3d] = 0x01;
+
+    s->mmio_io_addr = cpu_register_io_memory(megasas_mmio_readfn,
+                                             megasas_mmio_writefn, s);
+    s->io_addr = cpu_register_io_memory(megasas_io_readfn,
+                                        megasas_io_writefn, s);
+    s->queue_addr = cpu_register_io_memory(megasas_queue_readfn,
+                                           megasas_queue_writefn, s);
+    pci_register_bar((struct PCIDevice *)s, 0, 0x40000,
+                           PCI_BASE_ADDRESS_SPACE_MEMORY, megasas_mmio_mapfunc);
+    pci_register_bar((struct PCIDevice *)s, 2, 256,
+                           PCI_BASE_ADDRESS_SPACE_IO, megasas_io_mapfunc);
+    pci_register_bar((struct PCIDevice *)s, 3, 0x40000,
+                           PCI_BASE_ADDRESS_SPACE_MEMORY, megasas_queue_mapfunc);
+    if (s->fw_sge >= MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE) {
+        s->fw_sge = MEGASAS_MAX_SGE - MFI_PASS_FRAME_SIZE;
+    } else if (s->fw_sge >= 128 - MFI_PASS_FRAME_SIZE) {
+        s->fw_sge = 128 - MFI_PASS_FRAME_SIZE;
+    } else {
+        s->fw_sge = 64 - MFI_PASS_FRAME_SIZE;
+    }
+    if (s->fw_cmds > MEGASAS_MAX_FRAMES) {
+        s->fw_cmds = MEGASAS_MAX_FRAMES;
+    }
+    if (s->raid_mode_str) {
+        if (!strcmp(s->raid_mode_str, "jbod"))
+            s->is_jbod = 1;
+        else
+            s->is_jbod = 0;
+    }
+    DPRINTF("Using %d sges, %d cmds, %s mode\n",
+            s->fw_sge, s->fw_cmds, s->is_jbod ? "jbod" : "raid");
+    s->fw_luns = (MFI_MAX_LD > MAX_SCSI_DEVS) ?
+        MAX_SCSI_DEVS : MFI_MAX_LD;
+    s->producer_pa = 0;
+    s->consumer_pa = 0;
+    for (i = 0; i < s->fw_cmds; i++) {
+        s->frames[i].index = i;
+        s->frames[i].context = -1;
+        s->frames[i].pa = 0;
+        s->frames[i].state = s;
+    }
+
+    scsi_bus_new(&s->bus, &dev->qdev, 1, s->fw_luns, megasas_command_complete);
+    scsi_bus_legacy_handle_cmdline(&s->bus);
+    return 0;
+}
+
+static PCIDeviceInfo megasas_info = {
+    .qdev.name  = "LSI MegaRAID SAS 1078",
+    .qdev.alias = "megasas",
+    .qdev.size  = sizeof(MPTState),
+    .qdev.reset = megasas_scsi_reset,
+    .qdev.vmsd  = &vmstate_megasas,
+    .init       = megasas_scsi_init,
+    .exit       = megasas_scsi_uninit,
+    .qdev.props = (Property[]) {
+        DEFINE_PROP_UINT32("max_sge", MPTState, fw_sge,
+                           MEGASAS_DEFAULT_SGE),
+        DEFINE_PROP_UINT32("max_cmds", MPTState, fw_cmds,
+                           MEGASAS_DEFAULT_FRAMES),
+        DEFINE_PROP_STRING("mode", MPTState, raid_mode_str),
+        DEFINE_PROP_END_OF_LIST(),
+    },
+};
+
+static void megaraid1078_register_devices(void)
+{
+    pci_qdev_register(&megasas_info);
+}
+
+device_init(megaraid1078_register_devices);
diff --git a/hw/mfi.h b/hw/mfi.h
new file mode 100644
index 0000000..cc71af3
--- /dev/null
+++ b/hw/mfi.h
@@ -0,0 +1,1197 @@ 
+/*-
+ * Copyright (c) 2006 IronPort Systems
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+/*-
+ * Copyright (c) 2007 LSI Corp.
+ * Copyright (c) 2007 Rajesh Prabhakaran.
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#ifndef _MFI_H
+#define _MFI_H
+
+/*
+ * MegaRAID SAS MFI firmware definitions
+ *
+ * Calling this driver 'MegaRAID SAS' is a bit misleading.  It's a completely
+ * new firmware interface from the old AMI MegaRAID one, and there is no
+ * reason why this interface should be limited to just SAS.  In any case, LSI
+ * seems to also call this interface 'MFI', so that will be used here.
+ */
+
+/*
+ * Start with the register set.  All registers are 32 bits wide.
+ * The usual Intel IOP style setup.
+ */
+#define MFI_IMSG0	0x10	/* Inbound message 0 */
+#define MFI_IMSG1	0x14	/* Inbound message 1 */
+#define MFI_OMSG0	0x18	/* Outbound message 0 */
+#define MFI_OMSG1	0x1c	/* Outbound message 1 */
+#define MFI_IDB		0x20	/* Inbound doorbell */
+#define MFI_ISTS	0x24	/* Inbound interrupt status */
+#define MFI_IMSK	0x28	/* Inbound interrupt mask */
+#define MFI_ODB		0x2c	/* Outbound doorbell */
+#define MFI_OSTS	0x30	/* Outbound interrupt status */
+#define MFI_OMSK	0x34	/* Outbound interrupt mask */
+#define MFI_IQP		0x40	/* Inbound queue port */
+#define MFI_OQP		0x44	/* Outbound queue port */
+
+/*
+ * 1078 specific related register
+ */
+#define MFI_ODR0	0x9c		/* outbound doorbell register0 */
+#define MFI_ODCR0	0xa0		/* outbound doorbell clear register0  */
+#define MFI_OSP0	0xb0		/* outbound scratch pad0  */
+#define MFI_IQPL	0xc0		/* Inbound queue port (low bytes)  */
+#define MFI_IQPH	0xc4		/* Inbound queue port (high bytes)  */
+#define MFI_1078_EIM	0x80000004	/* 1078 enable intrrupt mask  */
+#define MFI_RMI		0x2		/* reply message interrupt  */
+#define MFI_1078_RM	0x80000000	/* reply 1078 message interrupt  */
+#define MFI_ODC		0x4		/* outbound doorbell change interrupt */
+
+/*
+ * gen2 specific changes
+ */
+#define MFI_GEN2_EIM	0x00000005	/* gen2 enable interrupt mask */
+#define MFI_GEN2_RM	0x00000001	/* reply gen2 message interrupt */
+
+/*
+ * skinny specific changes
+ */
+#define MFI_SKINNY_IDB	0x00	/* Inbound doorbell is at 0x00 for skinny */
+#define MFI_SKINNY_RM	0x00000001	/* reply skinny message interrupt */
+
+/* Bits for MFI_OSTS */
+#define MFI_OSTS_INTR_VALID	0x00000002
+
+/*
+ * Firmware state values.  Found in OMSG0 during initialization.
+ */
+#define MFI_FWSTATE_MASK		0xf0000000
+#define MFI_FWSTATE_UNDEFINED		0x00000000
+#define MFI_FWSTATE_BB_INIT		0x10000000
+#define MFI_FWSTATE_FW_INIT		0x40000000
+#define MFI_FWSTATE_WAIT_HANDSHAKE	0x60000000
+#define MFI_FWSTATE_FW_INIT_2		0x70000000
+#define MFI_FWSTATE_DEVICE_SCAN		0x80000000
+#define MFI_FWSTATE_BOOT_MSG_PENDING	0x90000000
+#define MFI_FWSTATE_FLUSH_CACHE		0xa0000000
+#define MFI_FWSTATE_READY		0xb0000000
+#define MFI_FWSTATE_OPERATIONAL		0xc0000000
+#define MFI_FWSTATE_FAULT		0xf0000000
+#define MFI_FWSTATE_MAXSGL_MASK		0x00ff0000
+#define MFI_FWSTATE_MAXCMD_MASK		0x0000ffff
+#define MFI_FWSTATE_HOSTMEMREQD_MASK	0x08000000
+
+/*
+ * Control bits to drive the card to ready state.  These go into the IDB
+ * register.
+ */
+#define MFI_FWINIT_ABORT	0x00000001 /* Abort all pending commands */
+#define MFI_FWINIT_READY	0x00000002 /* Move from operational to ready */
+#define MFI_FWINIT_MFIMODE	0x00000004 /* unknown */
+#define MFI_FWINIT_CLEAR_HANDSHAKE 0x00000008 /* Respond to WAIT_HANDSHAKE */
+#define MFI_FWINIT_HOTPLUG	0x00000010
+#define MFI_FWINIT_STOP_ADP	0x00000020 /* Move to operational, stop */
+
+/* MFI Commands */
+typedef enum {
+	MFI_CMD_INIT =		0x00,
+	MFI_CMD_LD_READ,
+	MFI_CMD_LD_WRITE,
+	MFI_CMD_LD_SCSI_IO,
+	MFI_CMD_PD_SCSI_IO,
+	MFI_CMD_DCMD,
+	MFI_CMD_ABORT,
+	MFI_CMD_SMP,
+	MFI_CMD_STP
+} mfi_cmd_t;
+
+/* Direct commands */
+typedef enum {
+	MFI_DCMD_CTRL_MFI_HOST_MEM_ALLOC =	0x0100e100,
+	MFI_DCMD_CTRL_GET_INFO =		0x01010000,
+	MFI_DCMD_CTRL_GET_PROPERTIES =		0x01020100,
+	MFI_DCMD_CTRL_SET_PROPERTIES =		0x01020200,
+	MFI_DCMD_SPEAKER_GET =			0x01030100,
+	MFI_DCMD_SPEAKER_ENABLE =		0x01030200,
+	MFI_DCMD_SPEAKER_DISABLE =		0x01030300,
+	MFI_DCMD_SPEAKER_SILENCE =		0x01030400,
+	MFI_DCMD_SPEAKER_TEST =			0x01030500,
+	MFI_DCMD_CTRL_EVENT_GETINFO =		0x01040100,
+	MFI_DCMD_CTRL_EVENT_GET =		0x01040300,
+	MFI_DCMD_CTRL_EVENT_WAIT =		0x01040500,
+	MFI_DCMD_CTRL_SHUTDOWN =		0x01050000,
+	MFI_DCMD_HIBERNATE_SHUTDOWN =		0x01060000,
+	MFI_DCMD_CTRL_GET_TIME =		0x01080101,
+	MFI_DCMD_CTRL_SET_TIME =		0x01080102,
+	MFI_DCMD_CTRL_GET_BIOS_INFO =		0x010c0100,
+	MFI_DCMD_CTRL_FACTORY_DEFAULTS =	0x010d0000,
+	MFI_DCMD_CTRL_MFC_DEFAULTS_GET =	0x010e0201,
+	MFI_DCMD_CTRL_MFC_DEFAULTS_SET =	0x010e0202,
+	MFI_DCMD_CTRL_CACHE_FLUSH =		0x01101000,
+	MFI_DCMD_PD_GET_LIST =			0x02010000,
+	MFI_DCMD_PD_LIST_QUERY =		0x02010100,
+	MFI_DCMD_PD_GET_INFO =			0x02020000,
+	MFI_DCMD_PD_STATE_SET =			0x02030100,
+	MFI_DCMD_PD_REBUILD =			0x02040100,
+	MFI_DCMD_PD_BLINK =			0x02070100,
+	MFI_DCMD_PD_UNBLINK =			0x02070200,
+	MFI_DCMD_LD_GET_LIST =			0x03010000,
+	MFI_DCMD_LD_GET_INFO =			0x03020000,
+	MFI_DCMD_LD_GET_PROP =			0x03030000,
+	MFI_DCMD_LD_SET_PROP =			0x03040000,
+	MFI_DCMD_LD_DELETE =			0x03090000,
+	MFI_DCMD_CFG_READ =			0x04010000,
+	MFI_DCMD_CFG_ADD =			0x04020000,
+	MFI_DCMD_CFG_CLEAR =			0x04030000,
+	MFI_DCMD_CFG_FOREIGN_READ =		0x04060100,
+	MFI_DCMD_CFG_FOREIGN_IMPORT =		0x04060400,
+	MFI_DCMD_BBU_STATUS =			0x05010000,
+	MFI_DCMD_BBU_CAPACITY_INFO =		0x05020000,
+	MFI_DCMD_BBU_DESIGN_INFO =		0x05030000,
+	MFI_DCMD_BBU_PROP_GET =			0x05050100,
+	MFI_DCMD_CLUSTER =			0x08000000,
+	MFI_DCMD_CLUSTER_RESET_ALL =		0x08010100,
+	MFI_DCMD_CLUSTER_RESET_LD =		0x08010200
+} mfi_dcmd_t;
+
+/* Modifiers for MFI_DCMD_CTRL_FLUSHCACHE */
+#define MFI_FLUSHCACHE_CTRL	0x01
+#define MFI_FLUSHCACHE_DISK	0x02
+
+/* Modifiers for MFI_DCMD_CTRL_SHUTDOWN */
+#define MFI_SHUTDOWN_SPINDOWN	0x01
+
+/*
+ * MFI Frame flags
+ */
+typedef enum {
+    MFI_FRAME_DONT_POST_IN_REPLY_QUEUE =	0x0001,
+    MFI_FRAME_SGL64 =				0x0002,
+    MFI_FRAME_SENSE64 =				0x0004,
+    MFI_FRAME_DIR_WRITE =			0x0008,
+    MFI_FRAME_DIR_READ =			0x0010,
+    MFI_FRAME_IEEE_SGL =			0x0020,
+} mfi_frame_flags;
+
+/* MFI Status codes */
+typedef enum {
+	MFI_STAT_OK =			0x00,
+	MFI_STAT_INVALID_CMD,
+	MFI_STAT_INVALID_DCMD,
+	MFI_STAT_INVALID_PARAMETER,
+	MFI_STAT_INVALID_SEQUENCE_NUMBER,
+	MFI_STAT_ABORT_NOT_POSSIBLE,
+	MFI_STAT_APP_HOST_CODE_NOT_FOUND,
+	MFI_STAT_APP_IN_USE,
+	MFI_STAT_APP_NOT_INITIALIZED,
+	MFI_STAT_ARRAY_INDEX_INVALID,
+	MFI_STAT_ARRAY_ROW_NOT_EMPTY,
+	MFI_STAT_CONFIG_RESOURCE_CONFLICT,
+	MFI_STAT_DEVICE_NOT_FOUND,
+	MFI_STAT_DRIVE_TOO_SMALL,
+	MFI_STAT_FLASH_ALLOC_FAIL,
+	MFI_STAT_FLASH_BUSY,
+	MFI_STAT_FLASH_ERROR =		0x10,
+	MFI_STAT_FLASH_IMAGE_BAD,
+	MFI_STAT_FLASH_IMAGE_INCOMPLETE,
+	MFI_STAT_FLASH_NOT_OPEN,
+	MFI_STAT_FLASH_NOT_STARTED,
+	MFI_STAT_FLUSH_FAILED,
+	MFI_STAT_HOST_CODE_NOT_FOUNT,
+	MFI_STAT_LD_CC_IN_PROGRESS,
+	MFI_STAT_LD_INIT_IN_PROGRESS,
+	MFI_STAT_LD_LBA_OUT_OF_RANGE,
+	MFI_STAT_LD_MAX_CONFIGURED,
+	MFI_STAT_LD_NOT_OPTIMAL,
+	MFI_STAT_LD_RBLD_IN_PROGRESS,
+	MFI_STAT_LD_RECON_IN_PROGRESS,
+	MFI_STAT_LD_WRONG_RAID_LEVEL,
+	MFI_STAT_MAX_SPARES_EXCEEDED,
+	MFI_STAT_MEMORY_NOT_AVAILABLE =	0x20,
+	MFI_STAT_MFC_HW_ERROR,
+	MFI_STAT_NO_HW_PRESENT,
+	MFI_STAT_NOT_FOUND,
+	MFI_STAT_NOT_IN_ENCL,
+	MFI_STAT_PD_CLEAR_IN_PROGRESS,
+	MFI_STAT_PD_TYPE_WRONG,
+	MFI_STAT_PR_DISABLED,
+	MFI_STAT_ROW_INDEX_INVALID,
+	MFI_STAT_SAS_CONFIG_INVALID_ACTION,
+	MFI_STAT_SAS_CONFIG_INVALID_DATA,
+	MFI_STAT_SAS_CONFIG_INVALID_PAGE,
+	MFI_STAT_SAS_CONFIG_INVALID_TYPE,
+	MFI_STAT_SCSI_DONE_WITH_ERROR,
+	MFI_STAT_SCSI_IO_FAILED,
+	MFI_STAT_SCSI_RESERVATION_CONFLICT,
+	MFI_STAT_SHUTDOWN_FAILED =	0x30,
+	MFI_STAT_TIME_NOT_SET,
+	MFI_STAT_WRONG_STATE,
+	MFI_STAT_LD_OFFLINE,
+	MFI_STAT_PEER_NOTIFICATION_REJECTED,
+	MFI_STAT_PEER_NOTIFICATION_FAILED,
+	MFI_STAT_RESERVATION_IN_PROGRESS,
+	MFI_STAT_I2C_ERRORS_DETECTED,
+	MFI_STAT_PCI_ERRORS_DETECTED,
+	MFI_STAT_INVALID_STATUS =	0xFF
+} mfi_status_t;
+
+typedef enum {
+	MFI_EVT_CLASS_DEBUG =		-2,
+	MFI_EVT_CLASS_PROGRESS =	-1,
+	MFI_EVT_CLASS_INFO =		0,
+	MFI_EVT_CLASS_WARNING =		1,
+	MFI_EVT_CLASS_CRITICAL =	2,
+	MFI_EVT_CLASS_FATAL =		3,
+	MFI_EVT_CLASS_DEAD =		4
+} mfi_evt_class_t;
+
+typedef enum {
+	MFI_EVT_LOCALE_LD =		0x0001,
+	MFI_EVT_LOCALE_PD =		0x0002,
+	MFI_EVT_LOCALE_ENCL =		0x0004,
+	MFI_EVT_LOCALE_BBU =		0x0008,
+	MFI_EVT_LOCALE_SAS =		0x0010,
+	MFI_EVT_LOCALE_CTRL =		0x0020,
+	MFI_EVT_LOCALE_CONFIG =		0x0040,
+	MFI_EVT_LOCALE_CLUSTER =	0x0080,
+	MFI_EVT_LOCALE_ALL =		0xffff
+} mfi_evt_locale_t;
+
+typedef enum {
+	MR_EVT_ARGS_NONE =		0x00,
+	MR_EVT_ARGS_CDB_SENSE,
+	MR_EVT_ARGS_LD,
+	MR_EVT_ARGS_LD_COUNT,
+	MR_EVT_ARGS_LD_LBA,
+	MR_EVT_ARGS_LD_OWNER,
+	MR_EVT_ARGS_LD_LBA_PD_LBA,
+	MR_EVT_ARGS_LD_PROG,
+	MR_EVT_ARGS_LD_STATE,
+	MR_EVT_ARGS_LD_STRIP,
+	MR_EVT_ARGS_PD,
+	MR_EVT_ARGS_PD_ERR,
+	MR_EVT_ARGS_PD_LBA,
+	MR_EVT_ARGS_PD_LBA_LD,
+	MR_EVT_ARGS_PD_PROG,
+	MR_EVT_ARGS_PD_STATE,
+	MR_EVT_ARGS_PCI,
+	MR_EVT_ARGS_RATE,
+	MR_EVT_ARGS_STR,
+	MR_EVT_ARGS_TIME,
+	MR_EVT_ARGS_ECC
+} mfi_evt_args;
+
+typedef enum {
+	MR_LD_CACHE_WRITE_BACK =	0x01,
+	MR_LD_CACHE_WRITE_ADAPTIVE =	0x02,
+	MR_LD_CACHE_READ_AHEAD =	0x04,
+	MR_LD_CACHE_READ_ADAPTIVE =	0x08,
+	MR_LD_CACHE_WRITE_CACHE_BAD_BBU=0x10,
+	MR_LD_CACHE_ALLOW_WRITE_CACHE =	0x20,
+	MR_LD_CACHE_ALLOW_READ_CACHE =	0x40
+} mfi_ld_cache;
+
+typedef enum {
+	MR_PD_CACHE_UNCHANGED  =	0,
+	MR_PD_CACHE_ENABLE =		1,
+	MR_PD_CACHE_DISABLE =		2
+} mfi_pd_cache;
+
+typedef enum {
+	MR_PD_QUERY_TYPE_ALL =		0,
+	MR_PD_QUERY_TYPE_STATE =	1,
+	MR_PD_QUERY_TYPE_POWER_STATE =	2,
+	MR_PD_QUERY_TYPE_MEDIA_TYPE =	3,
+	MR_PD_QUERY_TYPE_SPEED =	4,
+	MR_PD_QUERY_TYPE_EXPOSED_TO_HOST =	5, /*query for system drives */
+}mfi_pd_query_type;
+
+/*
+ * Other propertities and definitions
+ */
+#define MFI_MAX_PD_CHANNELS	2
+#define MFI_MAX_LD_CHANNELS	2
+#define MFI_MAX_CHANNELS	(MFI_MAX_PD_CHANNELS + MFI_MAX_LD_CHANNELS)
+#define MFI_MAX_CHANNEL_DEVS	128
+#define MFI_DEFAULT_ID		-1
+#define MFI_MAX_LUN		8
+#define MFI_MAX_LD		64
+
+#define MFI_FRAME_SIZE		64
+#define MFI_MBOX_SIZE		12
+
+/* Firmware flashing can take 40s */
+#define MFI_POLL_TIMEOUT_SECS	50
+
+/* Allow for speedier math calculations */
+#define MFI_SECTOR_LEN		512
+
+/* Scatter Gather elements */
+struct mfi_sg32 {
+	uint32_t	addr;
+	uint32_t	len;
+} __attribute__ ((packed));
+
+struct mfi_sg64 {
+	uint64_t	addr;
+	uint32_t	len;
+} __attribute__ ((packed));
+
+struct mfi_sg_skinny {
+	uint64_t	addr;
+	uint32_t	len;
+	uint32_t	flag;
+} __attribute__ ((packed));
+
+union mfi_sgl {
+	struct mfi_sg32	sg32[1];
+	struct mfi_sg64	sg64[1];
+	struct mfi_sg_skinny sg_skinny[1];
+} __attribute__ ((packed));
+
+/* Message frames.  All messages have a common header */
+struct mfi_frame_header {
+	uint8_t		frame_cmd;
+	uint8_t		sense_len;
+	uint8_t		cmd_status;
+	uint8_t		scsi_status;
+	uint8_t		target_id;
+	uint8_t		lun_id;
+	uint8_t		cdb_len;
+	uint8_t		sge_count;
+	uint32_t	context;
+	/*
+	 * pad0 is MSI Specific. Not used by Driver. Zero the value before
+	 * sending the command to f/w
+	 */
+	uint32_t	pad0;
+	uint16_t	flags;
+	uint16_t	timeout;
+	uint32_t	data_len;
+} __attribute__ ((packed));
+
+struct mfi_init_frame {
+	struct mfi_frame_header	header;
+	uint32_t	qinfo_new_addr_lo;
+	uint32_t	qinfo_new_addr_hi;
+	uint32_t	qinfo_old_addr_lo;
+	uint32_t	qinfo_old_addr_hi;
+	uint32_t	reserved[6];
+} __attribute__ ((packed));
+
+#define MFI_IO_FRAME_SIZE 40
+struct mfi_io_frame {
+	struct mfi_frame_header	header;
+	uint32_t	sense_addr_lo;
+	uint32_t	sense_addr_hi;
+	uint32_t	lba_lo;
+	uint32_t	lba_hi;
+	union mfi_sgl	sgl;
+} __attribute__ ((packed));
+
+#define MFI_PASS_FRAME_SIZE 48
+struct mfi_pass_frame {
+	struct mfi_frame_header header;
+	uint32_t	sense_addr_lo;
+	uint32_t	sense_addr_hi;
+	uint8_t		cdb[16];
+	union mfi_sgl	sgl;
+} __attribute__ ((packed));
+
+#define MFI_DCMD_FRAME_SIZE 40
+struct mfi_dcmd_frame {
+	struct mfi_frame_header header;
+	uint32_t	opcode;
+	uint8_t		mbox[MFI_MBOX_SIZE];
+	union mfi_sgl	sgl;
+} __attribute__ ((packed));
+
+struct mfi_abort_frame {
+	struct mfi_frame_header header;
+	uint32_t	abort_context;
+	/* pad is changed to reserved.*/
+	uint32_t	reserved0;
+	uint32_t	abort_mfi_addr_lo;
+	uint32_t	abort_mfi_addr_hi;
+	uint32_t	reserved1[6];
+} __attribute__ ((packed));
+
+struct mfi_smp_frame {
+	struct mfi_frame_header header;
+	uint64_t	sas_addr;
+	union {
+		struct mfi_sg32 sg32[2];
+		struct mfi_sg64 sg64[2];
+	} sgl;
+} __attribute__ ((packed));
+
+struct mfi_stp_frame {
+	struct mfi_frame_header header;
+	uint16_t	fis[10];
+	uint32_t	stp_flags;
+	union {
+		struct mfi_sg32 sg32[2];
+		struct mfi_sg64 sg64[2];
+	} sgl;
+} __attribute__ ((packed));
+
+union mfi_frame {
+	struct mfi_frame_header header;
+	struct mfi_init_frame	init;
+	struct mfi_io_frame	io;
+	struct mfi_pass_frame	pass;
+	struct mfi_dcmd_frame	dcmd;
+	struct mfi_abort_frame	abort;
+	struct mfi_smp_frame	smp;
+	struct mfi_stp_frame	stp;
+	uint64_t		raw[8];
+	uint8_t			bytes[MFI_FRAME_SIZE];
+};
+
+#define MFI_SENSE_LEN 128
+struct mfi_sense {
+	uint8_t		data[MFI_SENSE_LEN];
+};
+
+/* The queue init structure that is passed with the init message */
+struct mfi_init_qinfo {
+	uint32_t	flags;
+	uint32_t	rq_entries;
+	uint32_t	rq_addr_lo;
+	uint32_t	rq_addr_hi;
+	uint32_t	pi_addr_lo;
+	uint32_t	pi_addr_hi;
+	uint32_t	ci_addr_lo;
+	uint32_t	ci_addr_hi;
+} __attribute__ ((packed));
+
+/* Controller properties */
+struct mfi_ctrl_props {
+	uint16_t	seq_num;
+	uint16_t	pred_fail_poll_interval;
+	uint16_t	intr_throttle_cnt;
+	uint16_t	intr_throttle_timeout;
+	uint8_t		rebuild_rate;
+	uint8_t		patrol_read_rate;
+	uint8_t		bgi_rate;
+	uint8_t		cc_rate;
+	uint8_t		recon_rate;
+	uint8_t		cache_flush_interval;
+	uint8_t		spinup_drv_cnt;
+	uint8_t		spinup_delay;
+	uint8_t		cluster_enable;
+	uint8_t		coercion_mode;
+	uint8_t		alarm_enable;
+	uint8_t		disable_auto_rebuild;
+	uint8_t		disable_battery_warn;
+	uint8_t		ecc_bucket_size;
+	uint16_t	ecc_bucket_leak_rate;
+	uint8_t		restore_hotspare_on_insertion;
+	uint8_t		expose_encl_devices;
+	uint8_t		maintainPdFailHistory;
+	uint8_t		disallowHostRequestReordering;
+	uint8_t		abortCCOnError;
+	uint8_t		loadBalanceMode;
+	uint8_t		disableAutoDetectBackplane;
+	uint8_t		snapVDSpace;
+	struct {
+		uint32_t	copyBackDisabled	: 1;     // set TRUE to disable copyBack (0=copback enabled)
+		uint32_t	SMARTerEnabled		: 1;
+		uint32_t	prCorrectUnconfiguredAreas  : 1;
+		uint32_t	useFdeOnly		: 1;
+		uint32_t	disableNCQ		: 1;
+		uint32_t	SSDSMARTerEnabled	: 1;
+		uint32_t	SSDPatrolReadEnabled	: 1;
+		uint32_t	enableSpinDownUnconfigured  : 1;
+		uint32_t	autoEnhancedImport	: 1;
+		uint32_t	enableSecretKeyControl	: 1;
+		uint32_t	disableOnlineCtrlReset	: 1;
+		uint32_t	allowBootWithPinnedCache : 1;
+		uint32_t	disableSpinDownHS	: 1;
+		uint32_t	enableJBOD		: 1;
+		uint32_t	reserved		:18;
+	} OnOffProperties;
+	uint8_t		autoSnapVDSpace; /* % of source LD to be
+					  * reserved for auto snapshot
+					  * in snapshot repository, for
+					  * metadata and user data
+					  * 1=5%, 2=10%, 3=15% and so on
+					  */
+	uint8_t		viewSpace;	 /* snapshot writeable VIEWs
+					  * capacity as a % of source LD
+					  * capacity. 0=READ only
+					  * 1=5%, 2=10%, 3=15% and so on
+					  */
+	uint16_t	spinDownTime;	 /* # of idle minutes before device
+					  * is spun down (0=use FW defaults)
+					  */
+	uint8_t		reserved[24];
+} __attribute__ ((packed));
+
+/* PCI information about the card. */
+struct mfi_info_pci {
+	uint16_t	vendor;
+	uint16_t	device;
+	uint16_t	subvendor;
+	uint16_t	subdevice;
+	uint8_t		reserved[24];
+} __attribute__ ((packed));
+
+/* Host (front end) interface information */
+struct mfi_info_host {
+	uint8_t		type;
+#define MFI_INFO_HOST_PCIX	0x01
+#define MFI_INFO_HOST_PCIE	0x02
+#define MFI_INFO_HOST_ISCSI	0x04
+#define MFI_INFO_HOST_SAS3G	0x08
+	uint8_t		reserved[6];
+	uint8_t		port_count;
+	uint64_t	port_addr[8];
+} __attribute__ ((packed));
+
+/* Device (back end) interface information */
+struct mfi_info_device {
+	uint8_t		type;
+#define MFI_INFO_DEV_SPI	0x01
+#define MFI_INFO_DEV_SAS3G	0x02
+#define MFI_INFO_DEV_SATA1	0x04
+#define MFI_INFO_DEV_SATA3G	0x08
+	uint8_t		reserved[6];
+	uint8_t		port_count;
+	uint64_t	port_addr[8];
+} __attribute__ ((packed));
+
+/* Firmware component information */
+struct mfi_info_component {
+	char		 name[8];
+	char		 version[32];
+	char		 build_date[16];
+	char		 build_time[16];
+} __attribute__ ((packed));
+
+/* Controller default settings */
+struct mfi_defaults {
+	uint64_t	sas_addr;
+	uint8_t		phy_polarity;
+	uint8_t		background_rate;
+	uint8_t		stripe_size;
+	uint8_t		flush_time;
+	uint8_t		write_back;
+	uint8_t		read_ahead;
+	uint8_t		cache_when_bbu_bad;
+	uint8_t		cached_io;
+	uint8_t		smart_mode;
+	uint8_t		alarm_disable;
+	uint8_t		coercion;
+	uint8_t		zrc_config;
+	uint8_t		dirty_led_shows_drive_activity;
+	uint8_t		bios_continue_on_error;
+	uint8_t		spindown_mode;
+	uint8_t		allowed_device_types;
+	uint8_t		allow_mix_in_enclosure;
+	uint8_t		allow_mix_in_ld;
+	uint8_t		allow_sata_in_cluster;
+	uint8_t		max_chained_enclosures;
+	uint8_t		disable_ctrl_r;
+	uint8_t		enable_web_bios;
+	uint8_t		phy_polarity_split;
+	uint8_t		direct_pd_mapping;
+	uint8_t		bios_enumerate_lds;
+	uint8_t		restored_hot_spare_on_insertion;
+	uint8_t		expose_enclosure_devices;
+	uint8_t		maintain_pd_fail_history;
+	uint8_t		disable_puncture;
+	uint8_t		zero_based_enumeration;
+	uint8_t		disable_preboot_cli;
+	uint8_t		show_drive_led_on_activity;
+	uint8_t		cluster_disable;
+	uint8_t		sas_disable;
+	uint8_t		auto_detect_backplane;
+	uint8_t		fde_only;
+	uint8_t		delay_during_post;
+	uint8_t		resv[19];
+} __attribute__ ((packed));
+
+/* Controller default settings */
+struct mfi_bios_data {
+	uint16_t	boot_target_id;
+	uint8_t		do_not_int_13;
+	uint8_t		continue_on_error;
+	uint8_t		verbose;
+	uint8_t		geometry;
+	uint8_t		expose_all_drives;
+	uint8_t		reserved[56];
+	uint8_t		check_sum;
+} __attribute__ ((packed));
+
+/* SAS (?) controller info, returned from MFI_DCMD_CTRL_GETINFO. */
+struct mfi_ctrl_info {
+	struct mfi_info_pci	pci;
+	struct mfi_info_host	host;
+	struct mfi_info_device	device;
+
+	/* Firmware components that are present and active. */
+	uint32_t		image_check_word;
+	uint32_t		image_component_count;
+	struct mfi_info_component image_component[8];
+
+	/* Firmware components that have been flashed but are inactive */
+	uint32_t		pending_image_component_count;
+	struct mfi_info_component pending_image_component[8];
+
+	uint8_t			max_arms;
+	uint8_t			max_spans;
+	uint8_t			max_arrays;
+	uint8_t			max_lds;
+	char			product_name[80];
+	char			serial_number[32];
+	uint32_t		hw_present;
+#define MFI_INFO_HW_BBU		0x01
+#define MFI_INFO_HW_ALARM	0x02
+#define MFI_INFO_HW_NVRAM	0x04
+#define MFI_INFO_HW_UART	0x08
+#define MFI_INFO_HW_MEM		0x10
+#define MFI_INFO_HW_FLASH	0x20
+	uint32_t		current_fw_time;
+	uint16_t		max_cmds;
+	uint16_t		max_sg_elements;
+	uint32_t		max_request_size;
+	uint16_t		lds_present;
+	uint16_t		lds_degraded;
+	uint16_t		lds_offline;
+	uint16_t		pd_present;
+	uint16_t		pd_disks_present;
+	uint16_t		pd_disks_pred_failure;
+	uint16_t		pd_disks_failed;
+	uint16_t		nvram_size;
+	uint16_t		memory_size;
+	uint16_t		flash_size;
+	uint16_t		ram_correctable_errors;
+	uint16_t		ram_uncorrectable_errors;
+	uint8_t			cluster_allowed;
+	uint8_t			cluster_active;
+	uint16_t		max_strips_per_io;
+
+	uint32_t		raid_levels;
+#define MFI_INFO_RAID_0		0x01
+#define MFI_INFO_RAID_1		0x02
+#define MFI_INFO_RAID_5		0x04
+#define MFI_INFO_RAID_1E	0x08
+#define MFI_INFO_RAID_6		0x10
+
+	uint32_t		adapter_ops;
+#define MFI_INFO_AOPS_RBLD_RATE		0x0001
+#define MFI_INFO_AOPS_CC_RATE		0x0002
+#define MFI_INFO_AOPS_BGI_RATE		0x0004
+#define MFI_INFO_AOPS_RECON_RATE	0x0008
+#define MFI_INFO_AOPS_PATROL_RATE	0x0010
+#define MFI_INFO_AOPS_ALARM_CONTROL	0x0020
+#define MFI_INFO_AOPS_CLUSTER_SUPPORTED	0x0040
+#define MFI_INFO_AOPS_BBU		0x0080
+#define MFI_INFO_AOPS_SPANNING_ALLOWED	0x0100
+#define MFI_INFO_AOPS_DEDICATED_SPARES	0x0200
+#define MFI_INFO_AOPS_REVERTIBLE_SPARES	0x0400
+#define MFI_INFO_AOPS_FOREIGN_IMPORT	0x0800
+#define MFI_INFO_AOPS_SELF_DIAGNOSTIC	0x1000
+#define MFI_INFO_AOPS_MIXED_ARRAY	0x2000
+#define MFI_INFO_AOPS_GLOBAL_SPARES	0x4000
+
+	uint32_t		ld_ops;
+#define MFI_INFO_LDOPS_READ_POLICY	0x01
+#define MFI_INFO_LDOPS_WRITE_POLICY	0x02
+#define MFI_INFO_LDOPS_IO_POLICY	0x04
+#define MFI_INFO_LDOPS_ACCESS_POLICY	0x08
+#define MFI_INFO_LDOPS_DISK_CACHE_POLICY 0x10
+
+	struct {
+		uint8_t		min;
+		uint8_t		max;
+		uint8_t		reserved[2];
+	} __attribute__ ((packed)) stripe_sz_ops;
+
+	uint32_t		pd_ops;
+#define MFI_INFO_PDOPS_FORCE_ONLINE	0x01
+#define MFI_INFO_PDOPS_FORCE_OFFLINE	0x02
+#define MFI_INFO_PDOPS_FORCE_REBUILD	0x04
+
+	uint32_t		pd_mix_support;
+#define MFI_INFO_PDMIX_SAS		0x01
+#define MFI_INFO_PDMIX_SATA		0x02
+#define MFI_INFO_PDMIX_ENCL		0x04
+#define MFI_INFO_PDMIX_LD		0x08
+#define MFI_INFO_PDMIX_SATA_CLUSTER	0x10
+
+	uint8_t			ecc_bucket_count;
+	uint8_t			reserved2[11];
+	struct mfi_ctrl_props	properties;
+	char			package_version[0x60];
+	uint8_t			pad[0x800 - 0x6a0];
+} __attribute__ ((packed));
+
+/* keep track of an event. */
+union mfi_evt {
+	struct {
+		uint16_t	locale;
+		uint8_t		reserved;
+		int8_t		class;
+	} members;
+	uint32_t		word;
+} __attribute__ ((packed));
+
+/* event log state. */
+struct mfi_evt_log_state {
+	uint32_t		newest_seq_num;
+	uint32_t		oldest_seq_num;
+	uint32_t		clear_seq_num;
+	uint32_t		shutdown_seq_num;
+	uint32_t		boot_seq_num;
+} __attribute__ ((packed));
+
+struct mfi_progress {
+	uint16_t		progress;
+	uint16_t		elapsed_seconds;
+} __attribute__ ((packed));
+
+struct mfi_evt_ld {
+	uint16_t		target_id;
+	uint8_t			ld_index;
+	uint8_t			reserved;
+} __attribute__ ((packed));
+
+struct mfi_evt_pd {
+	uint16_t		device_id;
+	uint8_t			enclosure_index;
+	uint8_t			slot_number;
+} __attribute__ ((packed));
+
+/* SAS (?) event detail, returned from MFI_DCMD_CTRL_EVENT_WAIT. */
+struct mfi_evt_detail {
+	uint32_t		seq;
+	uint32_t		time;
+	uint32_t		code;
+	union mfi_evt		class;
+	uint8_t			arg_type;
+	uint8_t			reserved1[15];
+
+	union {
+		struct {
+			struct mfi_evt_pd	pd;
+			uint8_t			cdb_len;
+			uint8_t			sense_len;
+			uint8_t			reserved[2];
+			uint8_t			cdb[16];
+			uint8_t			sense[64];
+		} cdb_sense;
+
+		struct mfi_evt_ld		ld;
+
+		struct {
+			struct mfi_evt_ld	ld;
+			uint64_t		count;
+		} ld_count;
+
+		struct {
+			uint64_t		lba;
+			struct mfi_evt_ld	ld;
+		} ld_lba;
+
+		struct {
+			struct mfi_evt_ld	ld;
+			uint32_t		pre_owner;
+			uint32_t		new_owner;
+		} ld_owner;
+
+		struct {
+			uint64_t		ld_lba;
+			uint64_t		pd_lba;
+			struct mfi_evt_ld	ld;
+			struct mfi_evt_pd	pd;
+		} ld_lba_pd_lba;
+
+		struct {
+			struct mfi_evt_ld	ld;
+			struct mfi_progress	prog;
+		} ld_prog;
+
+		struct {
+			struct mfi_evt_ld	ld;
+			uint32_t		prev_state;
+			uint32_t		new_state;
+		} ld_state;
+
+		struct {
+			uint64_t		strip;
+			struct mfi_evt_ld	ld;
+		} ld_strip;
+
+		struct mfi_evt_pd		pd;
+
+		struct {
+			struct mfi_evt_pd	pd;
+			uint32_t		err;
+		} pd_err;
+
+		struct {
+			uint64_t		lba;
+			struct mfi_evt_pd	pd;
+		} pd_lba;
+
+		struct {
+			uint64_t		lba;
+			struct mfi_evt_pd	pd;
+			struct mfi_evt_ld	ld;
+		} pd_lba_ld;
+
+		struct {
+			struct mfi_evt_pd	pd;
+			struct mfi_progress	prog;
+		} pd_prog;
+
+		struct {
+			struct mfi_evt_pd	ld;
+			uint32_t		prev_state;
+			uint32_t		new_state;
+		} pd_state;
+
+		struct {
+			uint16_t		venderId;
+			uint16_t		deviceId;
+			uint16_t		subVenderId;
+			uint16_t		subDeviceId;
+		} pci;
+
+		uint32_t			rate;
+
+		char				str[96];
+
+		struct {
+			uint32_t		rtc;
+			uint16_t		elapsedSeconds;
+		} time;
+
+		struct {
+			uint32_t		ecar;
+			uint32_t		elog;
+			char			str[64];
+		} ecc;
+
+		uint8_t		b[96];
+		uint16_t	s[48];
+		uint32_t	w[24];
+		uint64_t	d[12];
+	} args;
+
+	char description[128];
+} __attribute__ ((packed));
+
+struct mfi_evt_list {
+	uint32_t		count;
+	uint32_t		reserved;
+	struct mfi_evt_detail	event[1];
+} __attribute__ ((packed));
+
+union mfi_pd_ref {
+	struct {
+		uint16_t	device_id;
+		uint16_t	seq_num;
+	} v;
+	uint32_t	ref;
+} __attribute__ ((packed));
+
+union mfi_pd_ddf_type {
+	struct {
+		union {
+			struct {
+				uint16_t	forced_pd_guid	: 1;
+				uint16_t	in_vd		: 1;
+				uint16_t	is_global_spare	: 1;
+				uint16_t	is_spare	: 1;
+				uint16_t	is_foreign	: 1;
+				uint16_t	reserved	: 7;
+				uint16_t	intf		: 4;
+			} pd_type;
+			uint16_t	type;
+		} v;
+		uint16_t		reserved;
+	} ddf;
+	struct {
+		uint32_t		reserved;
+	} non_disk;
+	uint32_t			type;
+} __attribute__ ((packed));
+
+struct mfi_pd_progress {
+	struct {
+		uint32_t		rbld	: 1;
+		uint32_t		patrol	: 1;
+		uint32_t		clear	: 1;
+		uint32_t		reserved: 29;
+	} active;
+	struct mfi_progress		rbld;
+	struct mfi_progress		patrol;
+	struct mfi_progress		clear;
+	struct mfi_progress		reserved[4];
+} __attribute__ ((packed));
+
+struct mfi_pd_info {
+	union mfi_pd_ref		ref;
+	uint8_t				inquiry_data[96];
+	uint8_t				vpd_page83[64];
+	uint8_t				not_supported;
+	uint8_t				scsi_dev_type;
+	uint8_t				connected_port_bitmap;
+	uint8_t				device_speed;
+	uint32_t			media_err_count;
+	uint32_t			other_err_count;
+	uint32_t			pred_fail_count;
+	uint32_t			last_pred_fail_event_seq_num;
+	uint16_t			fw_state;
+	uint8_t				disable_for_removal;
+	uint8_t				link_speed;
+	union mfi_pd_ddf_type		state;
+	struct {
+		uint8_t			count;
+		uint8_t			is_path_broken;
+		uint8_t			reserved[6];
+		uint64_t		sas_addr[4];
+	} path_info;
+	uint64_t			raw_size;
+	uint64_t			non_coerced_size;
+	uint64_t			coerced_size;
+	uint16_t			encl_device_id;
+	uint8_t				encl_index;
+	uint8_t				slot_number;
+	struct mfi_pd_progress		prog_info;
+	uint8_t				bad_block_table_full;
+	uint8_t				unusable_in_current_config;
+	uint8_t				vpd_page83_ext[64];
+	uint8_t				reserved[512-358];
+} __attribute__ ((packed));
+
+struct mfi_pd_address {
+	uint16_t		device_id;
+	uint16_t		encl_device_id;
+	uint8_t			encl_index;
+	uint8_t			slot_number;
+	uint8_t			scsi_dev_type;
+	uint8_t			connect_port_bitmap;
+	uint64_t		sas_addr[2];
+} __attribute__ ((packed));
+
+#define MAX_SYS_PDS 240
+struct mfi_pd_list {
+	uint32_t		size;
+	uint32_t		count;
+	struct mfi_pd_address	addr[MAX_SYS_PDS];
+} __attribute__ ((packed));
+
+union mfi_ld_ref {
+	struct {
+		uint8_t		target_id;
+		uint8_t		reserved;
+		uint16_t	seq;
+	} v;
+	uint32_t		ref;
+} __attribute__ ((packed));
+
+struct mfi_ld_list {
+	uint32_t		ld_count;
+	uint32_t		reserved1;
+	struct {
+		union mfi_ld_ref	ld;
+		uint8_t		state;
+		uint8_t		reserved2[3];
+		uint64_t	size;
+	} ld_list[MFI_MAX_LD];
+} __attribute__ ((packed));
+
+enum mfi_ld_access {
+	MFI_LD_ACCESS_RW =	0,
+	MFI_LD_ACCSSS_RO =	2,
+	MFI_LD_ACCESS_BLOCKED =	3,
+};
+#define MFI_LD_ACCESS_MASK	3
+
+enum mfi_ld_state {
+	MFI_LD_STATE_OFFLINE =			0,
+	MFI_LD_STATE_PARTIALLY_DEGRADED =	1,
+	MFI_LD_STATE_DEGRADED =			2,
+	MFI_LD_STATE_OPTIMAL =			3
+};
+
+enum mfi_syspd_state {
+	MFI_PD_STATE_UNCONFIGURED_GOOD =	0x00,
+	MFI_PD_STATE_UNCONFIGURED_BAD =		0x01,
+	MFI_PD_STATE_OFFLINE =			0x10,
+	MFI_PD_STATE_FAILED =			0x11,
+	MFI_PD_STATE_ONLINE =			0x18,
+	MFI_PD_STATE_SYSTEM =			0x40
+};
+
+struct mfi_ld_props {
+	union mfi_ld_ref	ld;
+	char			name[16];
+	uint8_t			default_cache_policy;
+	uint8_t			access_policy;
+	uint8_t			disk_cache_policy;
+	uint8_t			current_cache_policy;
+	uint8_t			no_bgi;
+	uint8_t			reserved[7];
+} __attribute__ ((packed));
+
+struct mfi_ld_params {
+	uint8_t			primary_raid_level;
+	uint8_t			raid_level_qualifier;
+	uint8_t			secondary_raid_level;
+	uint8_t			stripe_size;
+	uint8_t			num_drives;
+	uint8_t			span_depth;
+	uint8_t			state;
+	uint8_t			init_state;
+	uint8_t			is_consistent;
+	uint8_t			reserved[23];
+} __attribute__ ((packed));
+
+struct mfi_ld_progress {
+	uint32_t		active;
+#define	MFI_LD_PROGRESS_CC	(1<<0)
+#define	MFI_LD_PROGRESS_BGI	(1<<1)
+#define	MFI_LD_PROGRESS_FGI	(1<<2)
+#define	MFI_LD_PORGRESS_RECON	(1<<3)
+	struct mfi_progress	cc;
+	struct mfi_progress	bgi;
+	struct mfi_progress	fgi;
+	struct mfi_progress	recon;
+	struct mfi_progress	reserved[4];
+} __attribute__ ((packed));
+
+struct mfi_span {
+	uint64_t		start_block;
+	uint64_t		num_blocks;
+	uint16_t		array_ref;
+	uint8_t			reserved[6];
+} __attribute__ ((packed));
+
+#define	MFI_MAX_SPAN_DEPTH	8
+struct mfi_ld_config {
+	struct mfi_ld_props	properties;
+	struct mfi_ld_params	params;
+	struct mfi_span		span[MFI_MAX_SPAN_DEPTH];
+} __attribute__ ((packed));
+
+struct mfi_ld_info {
+	struct mfi_ld_config	ld_config;
+	uint64_t		size;
+	struct mfi_ld_progress	progress;
+	uint16_t		cluster_owner;
+	uint8_t			reconstruct_active;
+	uint8_t			reserved1[1];
+	uint8_t			vpd_page83[64];
+	uint8_t			reserved2[16];
+} __attribute__ ((packed));
+
+union mfi_spare_type {
+	struct {
+		uint8_t		is_dedicate		:1;
+		uint8_t		is_revertable		:1;
+		uint8_t		is_encl_affinity	:1;
+		uint8_t		reserved		:5;
+	} v;
+	uint8_t		type;
+} __attribute__ ((packed));
+
+#define MAX_ARRAYS 16
+struct mfi_spare {
+	union mfi_pd_ref	ref;
+	union mfi_spare_type	spare_type;
+	uint8_t			reserved[2];
+	uint8_t			array_count;
+	uint16_t		array_refd[MAX_ARRAYS];
+} __attribute__ ((packed));
+
+#define MAX_ROW_SIZE 32
+struct mfi_array {
+	uint64_t			size;
+	uint8_t				num_drives;
+	uint8_t				reserved;
+	uint16_t			array_ref;
+	uint8_t				pad[20];
+	struct {
+		union mfi_pd_ref	ref;
+		uint16_t		fw_state;
+		struct {
+			uint8_t		pd;
+			uint8_t		slot;
+		} encl;
+	} pd[MAX_ROW_SIZE];
+} __attribute__ ((packed));
+
+struct mfi_config_data {
+	uint32_t		size;
+	uint16_t		array_count;
+	uint16_t		array_size;
+	uint16_t		log_drv_count;
+	uint16_t		log_drv_size;
+	uint16_t		spares_count;
+	uint16_t		spares_size;
+	uint8_t			reserved[16];
+	uint8_t			data;
+	/*
+	struct mfi_array	array[];
+	struct mfi_ld_config	ld[];
+	struct mfi_spare	spare[];
+	*/
+} __attribute__ ((packed));
+
+#define MFI_SCSI_MAX_TARGETS	128
+#define MFI_SCSI_MAX_LUNS	8
+#define MFI_SCSI_INITIATOR_ID	255
+#define MFI_SCSI_MAX_CMDS	8
+#define MFI_SCSI_MAX_CDB_LEN	16
+
+#endif /* _MFI_H */
diff --git a/hw/pci_ids.h b/hw/pci_ids.h
index 82cba7e..6b9b54e 100644
--- a/hw/pci_ids.h
+++ b/hw/pci_ids.h
@@ -15,6 +15,7 @@ 
 
 #define PCI_CLASS_STORAGE_SCSI           0x0100
 #define PCI_CLASS_STORAGE_IDE            0x0101
+#define PCI_CLASS_STORAGE_RAID           0x0104
 #define PCI_CLASS_STORAGE_OTHER          0x0180
 
 #define PCI_CLASS_NETWORK_ETHERNET       0x0200
@@ -46,6 +47,7 @@ 
 
 #define PCI_VENDOR_ID_LSI_LOGIC          0x1000
 #define PCI_DEVICE_ID_LSI_53C895A        0x0012
+#define PCI_DEVICE_ID_LSI_SAS1078        0x0060
 
 #define PCI_VENDOR_ID_DEC                0x1011
 #define PCI_DEVICE_ID_DEC_21154          0x0026
diff --git a/hw/scsi.h b/hw/scsi.h
index 10594de..7998ec5 100644
--- a/hw/scsi.h
+++ b/hw/scsi.h
@@ -47,6 +47,7 @@  struct SCSIRequest {
     } cmd;
     BlockDriverAIOCB  *aiocb;
     bool enqueued;
+    void *hba_private;
     QTAILQ_ENTRY(SCSIRequest) next;
 };