Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 03 Dec 2015 23:55:14 -0800
From:      Ravi Pokala <rpokala@mac.com>
To:        "Kenneth D. Merry" <ken@FreeBSD.org>, src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org
Subject:   Re: svn commit: r291716 - in head: share/man/man4 sys/cam sys/cam/ata sys/cam/scsi sys/dev/md sys/geom sys/kern sys/pc98/include sys/sys usr.sbin usr.sbin/camdd
Message-ID:  <75635FDB-E85F-4F0A-8EDC-8A29F8A095BE@panasas.com>
In-Reply-To: <201512032054.tB3KsuUw037541@repo.freebsd.org>
References:  <201512032054.tB3KsuUw037541@repo.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
Hi Ken,

A few questions:

>  	Although these ioctls do not have a declared argument, they
> 	both take a union ccb pointer.  If we declare a size here,
> 	the ioctl code in sys/kern/sys_generic.c will malloc and free
> 	a buffer for either the CCB or the CCB pointer (depending on
> 	how it is declared).  Since we have to keep a copy of the
> 	CCB (which is fairly large) anyway, having the ioctl malloc
> 	and free a CCB for each call is wasteful.


(a) How does that work? That is, how does the argument get to the ioctl handler in the kernel?

(b) The CCB is large, but the CCB pointer is just a pointer; shouldn't that be passed in as the arg?

Thanks,

Ravi




-----Original Message-----
From: <owner-src-committers@freebsd.org> on behalf of "Kenneth D. Merry" <ken@FreeBSD.org>
Date: 2015-12-03, Thursday at 12:54
To: <src-committers@freebsd.org>, <svn-src-all@freebsd.org>, <svn-src-head@freebsd.org>
Subject: svn commit: r291716 - in head: share/man/man4 sys/cam sys/cam/ata sys/cam/scsi sys/dev/md sys/geom sys/kern sys/pc98/include sys/sys usr.sbin usr.sbin/camdd

>Author: ken
>Date: Thu Dec  3 20:54:55 2015
>New Revision: 291716
>URL: https://svnweb.freebsd.org/changeset/base/291716
>
>Log:
>  Add asynchronous command support to the pass(4) driver, and the new
>  camdd(8) utility.
>  
>  CCBs may be queued to the driver via the new CAMIOQUEUE ioctl, and
>  completed CCBs may be retrieved via the CAMIOGET ioctl.  User
>  processes can use poll(2) or kevent(2) to get notification when
>  I/O has completed.
>  
>  While the existing CAMIOCOMMAND blocking ioctl interface only
>  supports user virtual data pointers in a CCB (generally only
>  one per CCB), the new CAMIOQUEUE ioctl supports user virtual and
>  physical address pointers, as well as user virtual and physical
>  scatter/gather lists.  This allows user applications to have more
>  flexibility in their data handling operations.
>  
>  Kernel memory for data transferred via the queued interface is
>  allocated from the zone allocator in MAXPHYS sized chunks, and user
>  data is copied in and out.  This is likely faster than the
>  vmapbuf()/vunmapbuf() method used by the CAMIOCOMMAND ioctl in
>  configurations with many processors (there are more TLB shootdowns
>  caused by the mapping/unmapping operation) but may not be as fast
>  as running with unmapped I/O.
>  
>  The new memory handling model for user requests also allows
>  applications to send CCBs with request sizes that are larger than
>  MAXPHYS.  The pass(4) driver now limits queued requests to the I/O
>  size listed by the SIM driver in the maxio field in the Path
>  Inquiry (XPT_PATH_INQ) CCB.
>  
>  There are some things things would be good to add:
>  
>  1. Come up with a way to do unmapped I/O on multiple buffers.
>     Currently the unmapped I/O interface operates on a struct bio,
>     which includes only one address and length.  It would be nice
>     to be able to send an unmapped scatter/gather list down to
>     busdma.  This would allow eliminating the copy we currently do
>     for data.
>  
>  2. Add an ioctl to list currently outstanding CCBs in the various
>     queues.
>  
>  3. Add an ioctl to cancel a request, or use the XPT_ABORT CCB to do
>     that.
>  
>  4. Test physical address support.  Virtual pointers and scatter
>     gather lists have been tested, but I have not yet tested
>     physical addresses or scatter/gather lists.
>  
>  5. Investigate multiple queue support.  At the moment there is one
>     queue of commands per pass(4) device.  If multiple processes
>     open the device, they will submit I/O into the same queue and
>     get events for the same completions.  This is probably the right
>     model for most applications, but it is something that could be
>     changed later on.
>  
>  Also, add a new utility, camdd(8) that uses the asynchronous pass(4)
>  driver interface.
>  
>  This utility is intended to be a basic data transfer/copy utility,
>  a simple benchmark utility, and an example of how to use the
>  asynchronous pass(4) interface.
>  
>  It can copy data to and from pass(4) devices using any target queue
>  depth, starting offset and blocksize for the input and ouptut devices.
>  It currently only supports SCSI devices, but could be easily extended
>  to support ATA devices.
>  
>  It can also copy data to and from regular files, block devices, tape
>  devices, pipes, stdin, and stdout.  It does not support queueing
>  multiple commands to any of those targets, since it uses the standard
>  read(2)/write(2)/writev(2)/readv(2) system calls.
>  
>  The I/O is done by two threads, one for the reader and one for the
>  writer.  The reader thread sends completed read requests to the
>  writer thread in strictly sequential order, even if they complete
>  out of order.  That could be modified later on for random I/O patterns
>  or slightly out of order I/O.
>  
>  camdd(8) uses kqueue(2)/kevent(2) to get I/O completion events from
>  the pass(4) driver and also to send request notifications internally.
>  
>  For pass(4) devcies, camdd(8) uses a single buffer (CAM_DATA_VADDR)
>  per CAM CCB on the reading side, and a scatter/gather list
>  (CAM_DATA_SG) on the writing side.  In addition to testing both
>  interfaces, this makes any potential reblocking of I/O easier.  No
>  data is copied between the reader and the writer, but rather the
>  reader's buffers are split into multiple I/O requests or combined
>  into a single I/O request depending on the input and output blocksize.
>  
>  For the file I/O path, camdd(8) also uses a single buffer (read(2),
>  write(2), pread(2) or pwrite(2)) on reads, and a scatter/gather list
>  (readv(2), writev(2), preadv(2), pwritev(2)) on writes.
>  
>  Things that would be nice to do for camdd(8) eventually:
>  
>  1.  Add support for I/O pattern generation.  Patterns like all
>      zeros, all ones, LBA-based patterns, random patterns, etc. Right
>      Now you can always use /dev/zero, /dev/random, etc.
>  
>  2.  Add support for a "sink" mode, so we do only reads with no
>      writes.  Right now, you can use /dev/null.
>  
>  3.  Add support for automatic queue depth probing, so that we can
>      figure out the right queue depth on the input and output side
>      for maximum throughput.  At the moment it defaults to 6.
>  
>  4.  Add support for SATA device passthrough I/O.
>  
>  5.  Add support for random LBAs and/or lengths on the input and
>      output sides.
>  
>  6.  Track average per-I/O latency and busy time.  The busy time
>      and latency could also feed in to the automatic queue depth
>      determination.
>  
>  sys/cam/scsi/scsi_pass.h:
>  	Define two new ioctls, CAMIOQUEUE and CAMIOGET, that queue
>  	and fetch asynchronous CAM CCBs respectively.
>  
>  	Although these ioctls do not have a declared argument, they
>  	both take a union ccb pointer.  If we declare a size here,
>  	the ioctl code in sys/kern/sys_generic.c will malloc and free
>  	a buffer for either the CCB or the CCB pointer (depending on
>  	how it is declared).  Since we have to keep a copy of the
>  	CCB (which is fairly large) anyway, having the ioctl malloc
>  	and free a CCB for each call is wasteful.
>  
>  sys/cam/scsi/scsi_pass.c:
>  	Add asynchronous CCB support.
>  
>  	Add two new ioctls, CAMIOQUEUE and CAMIOGET.
>  
>  	CAMIOQUEUE adds a CCB to the incoming queue.  The CCB is
>  	executed immediately (and moved to the active queue) if it
>  	is an immediate CCB, but otherwise it will be executed
>  	in passstart() when a CCB is available from the transport layer.
>  
>  	When CCBs are completed (because they are immediate or
>  	passdone() if they are queued), they are put on the done
>  	queue.
>  
>  	If we get the final close on the device before all pending
>  	I/O is complete, all active I/O is moved to the abandoned
>  	queue and we increment the peripheral reference count so
>  	that the peripheral driver instance doesn't go away before
>  	all pending I/O is done.
>  
>  	The new passcreatezone() function is called on the first
>  	call to the CAMIOQUEUE ioctl on a given device to allocate
>  	the UMA zones for I/O requests and S/G list buffers.  This
>  	may be good to move off to a taskqueue at some point.
>  	The new passmemsetup() function allocates memory and
>  	scatter/gather lists to hold the user's data, and copies
>  	in any data that needs to be written.  For virtual pointers
>  	(CAM_DATA_VADDR), the kernel buffer is malloced from the
>  	new pass(4) driver malloc bucket.  For virtual
>  	scatter/gather lists (CAM_DATA_SG), buffers are allocated
>  	from a new per-pass(9) UMA zone in MAXPHYS-sized chunks.
>  	Physical pointers are passed in unchanged.  We have support
>  	for up to 16 scatter/gather segments (for the user and
>  	kernel S/G lists) in the default struct pass_io_req, so
>  	requests with longer S/G lists require an extra kernel malloc.
>  
>  	The new passcopysglist() function copies a user scatter/gather
>  	list to a kernel scatter/gather list.  The number of elements
>  	in each list may be different, but (obviously) the amount of data
>  	stored has to be identical.
>  
>  	The new passmemdone() function copies data out for the
>  	CAM_DATA_VADDR and CAM_DATA_SG cases.
>  
>  	The new passiocleanup() function restores data pointers in
>  	user CCBs and frees memory.
>  
>  	Add new functions to support kqueue(2)/kevent(2):
>  
>  	passreadfilt() tells kevent whether or not the done
>  	queue is empty.
>  
>  	passkqfilter() adds a knote to our list.
>  
>  	passreadfiltdetach() removes a knote from our list.
>  
>  	Add a new function, passpoll(), for poll(2)/select(2)
>  	to use.
>  
>  	Add devstat(9) support for the queued CCB path.
>  
>  sys/cam/ata/ata_da.c:
>  	Add support for the BIO_VLIST bio type.
>  
>  sys/cam/cam_ccb.h:
>  	Add a new enumeration for the xflags field in the CCB header.
>  	(This doesn't change the CCB header, just adds an enumeration to
>  	use.)
>  
>  sys/cam/cam_xpt.c:
>  	Add a new function, xpt_setup_ccb_flags(), that allows specifying
>  	CCB flags.
>  
>  sys/cam/cam_xpt.h:
>  	Add a prototype for xpt_setup_ccb_flags().
>  
>  sys/cam/scsi/scsi_da.c:
>  	Add support for BIO_VLIST.
>  
>  sys/dev/md/md.c:
>  	Add BIO_VLIST support to md(4).
>  
>  sys/geom/geom_disk.c:
>  	Add BIO_VLIST support to the GEOM disk class.  Re-factor the I/O size
>  	limiting code in g_disk_start() a bit.
>  
>  sys/kern/subr_bus_dma.c:
>  	Change _bus_dmamap_load_vlist() to take a starting offset and
>  	length.
>  
>  	Add a new function, _bus_dmamap_load_pages(), that will load a list
>  	of physical pages starting at an offset.
>  
>  	Update _bus_dmamap_load_bio() to allow loading BIO_VLIST bios.
>  	Allow unmapped I/O to start at an offset.
>  
>  sys/kern/subr_uio.c:
>  	Add two new functions, physcopyin_vlist() and physcopyout_vlist().
>  
>  sys/pc98/include/bus.h:
>  	Guard kernel-only parts of the pc98 machine/bus.h header with
>  	#ifdef _KERNEL.
>  
>  	This allows userland programs to include <machine/bus.h> to get the
>  	definition of bus_addr_t and bus_size_t.
>  
>  sys/sys/bio.h:
>  	Add a new bio flag, BIO_VLIST.
>  
>  sys/sys/uio.h:
>  	Add prototypes for physcopyin_vlist() and physcopyout_vlist().
>  
>  share/man/man4/pass.4:
>  	Document the CAMIOQUEUE and CAMIOGET ioctls.
>  
>  usr.sbin/Makefile:
>  	Add camdd.
>  
>  usr.sbin/camdd/Makefile:
>  	Add a makefile for camdd(8).
>  
>  usr.sbin/camdd/camdd.8:
>  	Man page for camdd(8).
>  
>  usr.sbin/camdd/camdd.c:
>  	The new camdd(8) utility.
>  
>  Sponsored by:	Spectra Logic
>  MFC after:	1 week
>
>Added:
>  head/usr.sbin/camdd/
>  head/usr.sbin/camdd/Makefile   (contents, props changed)
>  head/usr.sbin/camdd/camdd.8   (contents, props changed)
>  head/usr.sbin/camdd/camdd.c   (contents, props changed)
>Modified:
>  head/share/man/man4/pass.4
>  head/sys/cam/ata/ata_da.c
>  head/sys/cam/cam_ccb.h
>  head/sys/cam/cam_xpt.c
>  head/sys/cam/cam_xpt.h
>  head/sys/cam/scsi/scsi_da.c
>  head/sys/cam/scsi/scsi_pass.c
>  head/sys/cam/scsi/scsi_pass.h
>  head/sys/dev/md/md.c
>  head/sys/geom/geom_disk.c
>  head/sys/geom/geom_io.c
>  head/sys/kern/subr_bus_dma.c
>  head/sys/kern/subr_uio.c
>  head/sys/pc98/include/bus.h
>  head/sys/sys/bio.h
>  head/sys/sys/uio.h
>  head/usr.sbin/Makefile
>
>Modified: head/share/man/man4/pass.4
>==============================================================================
>--- head/share/man/man4/pass.4	Thu Dec  3 19:52:44 2015	(r291715)
>+++ head/share/man/man4/pass.4	Thu Dec  3 20:54:55 2015	(r291716)
>@@ -27,7 +27,7 @@
> .\"
> .\" $FreeBSD$
> .\"
>-.Dd October 10, 1998
>+.Dd March 17, 2015
> .Dt PASS 4
> .Os
> .Sh NAME
>@@ -53,9 +53,13 @@ The
> .Nm
> driver attaches to every
> .Tn SCSI
>+and
>+.Tn ATA
> device found in the system.
> Since it attaches to every device, it provides a generic means of accessing
> .Tn SCSI
>+and
>+.Tn ATA
> devices, and allows the user to access devices which have no
> "standard" peripheral driver associated with them.
> .Sh KERNEL CONFIGURATION
>@@ -65,10 +69,12 @@ device in the kernel;
> .Nm
> devices are automatically allocated as
> .Tn SCSI
>+and
>+.Tn ATA
> devices are found.
> .Sh IOCTLS
>-.Bl -tag -width 012345678901234
>-.It CAMIOCOMMAND
>+.Bl -tag -width 5n
>+.It CAMIOCOMMAND union ccb *
> This ioctl takes most kinds of CAM CCBs and passes them through to the CAM
> transport layer for action.
> Note that some CCB types are not allowed
>@@ -79,7 +85,7 @@ Some examples of xpt-only CCBs are XPT_S
> XPT_DEV_MATCH, XPT_RESET_BUS, XPT_SCAN_LUN, XPT_ENG_INQ, and XPT_ENG_EXEC.
> These CCB types have various attributes that make it illogical or
> impossible to service them through the passthrough interface.
>-.It CAMGETPASSTHRU
>+.It CAMGETPASSTHRU union ccb *
> This ioctl takes an XPT_GDEVLIST CCB, and returns the passthrough device
> corresponding to the device in question.
> Although this ioctl is available through the
>@@ -90,6 +96,109 @@ ioctl.
> It is probably more useful to issue this ioctl through the
> .Xr xpt 4
> device.
>+.It CAMIOQUEUE union ccb *
>+Queue a CCB to the
>+.Xr pass 4
>+driver to be executed asynchronously.
>+The caller may use
>+.Xr select 2 ,
>+.Xr poll 2 
>+or
>+.Xr kevent 2
>+to receive notification when the CCB has completed.
>+.Pp
>+This ioctl takes most CAM CCBs, but some CCB types are not allowed through
>+the pass device, and must be sent through the
>+.Xr xpt 4
>+device instead.
>+Some examples of xpt-only CCBs are XPT_SCAN_BUS,
>+XPT_DEV_MATCH, XPT_RESET_BUS, XPT_SCAN_LUN, XPT_ENG_INQ, and XPT_ENG_EXEC.
>+These CCB types have various attributes that make it illogical or
>+impossible to service them through the passthrough interface.
>+.Pp
>+Although the
>+.Dv CAMIOQUEUE
>+ioctl is not defined to take an argument, it does require a
>+pointer to a union ccb.
>+It is not defined to take an argument to avoid an extra malloc and copy 
>+inside the generic 
>+.Xr ioctl 2
>+handler.
>+.pp
>+The completed CCB will be returned via the
>+.Dv CAMIOGET
>+ioctl.
>+An error will only be returned from the
>+.Dv CAMIOQUEUE
>+ioctl if there is an error allocating memory for the request or copying
>+memory from userland.
>+All other errors will be reported as standard CAM CCB status errors.
>+Since the CCB is not copied back to the user process from the pass driver
>+in the
>+.Dv CAMIOQUEUE
>+ioctl, the user's passed-in CCB will not be modfied.
>+This is the case even with immediate CCBs.
>+Instead, the completed CCB must be retrieved via the
>+.Dv CAMIOGET
>+ioctl and the status examined.
>+.Pp
>+Multiple CCBs may be queued via the
>+.Dv CAMIOQUEUE
>+ioctl at any given time, and they may complete in a different order than
>+the order that they were submitted.
>+The caller must take steps to identify CCBs that are queued and completed.
>+The
>+.Dv periph_priv
>+structure inside struct ccb_hdr is available for userland use with the
>+.Dv CAMIOQUEUE
>+and
>+.Dv CAMIOGET
>+ioctls, and will be preserved across calls.
>+Also, the periph_links linked list pointers inside struct ccb_hdr are
>+available for userland use with the
>+.Dv CAMIOQUEUE
>+and
>+.Dv CAMIOGET
>+ioctls and will be preserved across calls.
>+.It CAMIOGET union ccb *
>+Retrieve completed CAM CCBs queued via the
>+.Dv CAMIOQUEUE
>+ioctl.
>+An error will only be returned from the
>+.Dv CAMIOGET
>+ioctl if the
>+.Xr pass 4
>+driver fails to copy data to the user process or if there are no completed
>+CCBs available to retrieve.
>+If no CCBs are available to retrieve,
>+errno will be set to 
>+.Dv ENOENT .
>+.Pp
>+All other errors will be reported as standard CAM CCB status errors.
>+.Pp
>+Although the
>+.Dv CAMIOGET
>+ioctl is not defined to take an argument, it does require a
>+pointer to a union ccb.
>+It is not defined to take an argument to avoid an extra malloc and copy 
>+inside the generic 
>+.Xr ioctl 2
>+handler.
>+.Pp
>+The pass driver will report via
>+.Xr select 2 ,
>+.Xr poll 2 
>+or
>+.Xr kevent 2
>+when a CCB has completed.
>+One CCB may be retrieved per
>+.Dv CAMIOGET
>+call.
>+CCBs may be returned in an order different than the order they were
>+submitted.
>+So the caller should use the
>+.Dv periph_priv
>+area inside the CCB header to store pointers to identifying information.
> .El
> .Sh FILES
> .Bl -tag -width /dev/passn -compact
>@@ -103,18 +212,21 @@ CAM subsystem.
> .Sh DIAGNOSTICS
> None.
> .Sh SEE ALSO
>+.Xr kqueue 2 ,
>+.Xr poll 2 ,
>+.Xr select 2 ,
> .Xr cam 3 ,
> .Xr cam_cdbparse 3 ,
> .Xr cam 4 ,
>+.Xr cd 4 ,
>+.Xr ctl 4 ,
>+.Xr da 4 ,
>+.Xr sa 4 ,
> .Xr xpt 4 ,
>-.Xr camcontrol 8
>+.Xr camcontrol 8 ,
>+.Xr camdd 8
> .Sh HISTORY
> The CAM passthrough driver first appeared in
> .Fx 3.0 .
> .Sh AUTHORS
> .An Kenneth Merry Aq Mt ken@FreeBSD.org
>-.Sh BUGS
>-It might be nice to have a way to asynchronously send CCBs through the
>-passthrough driver.
>-This would probably require some sort of read/write
>-interface or an asynchronous ioctl interface.
>
>Modified: head/sys/cam/ata/ata_da.c
>==============================================================================
>--- head/sys/cam/ata/ata_da.c	Thu Dec  3 19:52:44 2015	(r291715)
>+++ head/sys/cam/ata/ata_da.c	Thu Dec  3 20:54:55 2015	(r291716)
>@@ -1543,12 +1543,26 @@ adastart(struct cam_periph *periph, unio
> 		}
> 		switch (bp->bio_cmd) {
> 		case BIO_WRITE:
>-			softc->flags |= ADA_FLAG_DIRTY;
>-			/* FALLTHROUGH */
> 		case BIO_READ:
> 		{
> 			uint64_t lba = bp->bio_pblkno;
> 			uint16_t count = bp->bio_bcount / softc->params.secsize;
>+			void *data_ptr;
>+			int rw_op;
>+
>+			if (bp->bio_cmd == BIO_WRITE) {
>+				softc->flags |= ADA_FLAG_DIRTY;
>+				rw_op = CAM_DIR_OUT;
>+			} else {
>+				rw_op = CAM_DIR_IN;
>+			}
>+
>+			data_ptr = bp->bio_data;
>+			if ((bp->bio_flags & (BIO_UNMAPPED|BIO_VLIST)) != 0) {
>+				rw_op |= CAM_DATA_BIO;
>+				data_ptr = bp;
>+			}
>+
> #ifdef ADA_TEST_FAILURE
> 			int fail = 0;
> 
>@@ -1593,12 +1607,9 @@ adastart(struct cam_periph *periph, unio
> 			cam_fill_ataio(ataio,
> 			    ada_retry_count,
> 			    adadone,
>-			    (bp->bio_cmd == BIO_READ ? CAM_DIR_IN :
>-				CAM_DIR_OUT) | ((bp->bio_flags & BIO_UNMAPPED)
>-				!= 0 ? CAM_DATA_BIO : 0),
>+			    rw_op,
> 			    tag_code,
>-			    ((bp->bio_flags & BIO_UNMAPPED) != 0) ? (void *)bp :
>-				bp->bio_data,
>+			    data_ptr,
> 			    bp->bio_bcount,
> 			    ada_default_timeout*1000);
> 
>
>Modified: head/sys/cam/cam_ccb.h
>==============================================================================
>--- head/sys/cam/cam_ccb.h	Thu Dec  3 19:52:44 2015	(r291715)
>+++ head/sys/cam/cam_ccb.h	Thu Dec  3 20:54:55 2015	(r291716)
>@@ -109,6 +109,12 @@ typedef enum {
> 	CAM_UNLOCKED		= 0x80000000 /* Call callback without lock.   */
> } ccb_flags;
> 
>+typedef enum {
>+	CAM_USER_DATA_ADDR	= 0x00000001,/* Userspace data pointers */
>+	CAM_SG_FORMAT_IOVEC	= 0x00000002,/* iovec instead of busdma S/G*/
>+	CAM_UNMAPPED_BUF	= 0x00000004 /* use unmapped I/O */
>+} ccb_xflags;
>+
> /* XPT Opcodes for xpt_action */
> typedef enum {
> /* Function code flags are bits greater than 0xff */
>
>Modified: head/sys/cam/cam_xpt.c
>==============================================================================
>--- head/sys/cam/cam_xpt.c	Thu Dec  3 19:52:44 2015	(r291715)
>+++ head/sys/cam/cam_xpt.c	Thu Dec  3 20:54:55 2015	(r291716)
>@@ -3333,7 +3333,8 @@ xpt_merge_ccb(union ccb *master_ccb, uni
> }
> 
> void
>-xpt_setup_ccb(struct ccb_hdr *ccb_h, struct cam_path *path, u_int32_t priority)
>+xpt_setup_ccb_flags(struct ccb_hdr *ccb_h, struct cam_path *path,
>+		    u_int32_t priority, u_int32_t flags)
> {
> 
> 	CAM_DEBUG(path, CAM_DEBUG_TRACE, ("xpt_setup_ccb\n"));
>@@ -3351,10 +3352,16 @@ xpt_setup_ccb(struct ccb_hdr *ccb_h, str
> 		ccb_h->target_lun = CAM_TARGET_WILDCARD;
> 	}
> 	ccb_h->pinfo.index = CAM_UNQUEUED_INDEX;
>-	ccb_h->flags = 0;
>+	ccb_h->flags = flags;
> 	ccb_h->xflags = 0;
> }
> 
>+void
>+xpt_setup_ccb(struct ccb_hdr *ccb_h, struct cam_path *path, u_int32_t priority)
>+{
>+	xpt_setup_ccb_flags(ccb_h, path, priority, /*flags*/ 0);
>+}
>+
> /* Path manipulation functions */
> cam_status
> xpt_create_path(struct cam_path **new_path_ptr, struct cam_periph *perph,
>
>Modified: head/sys/cam/cam_xpt.h
>==============================================================================
>--- head/sys/cam/cam_xpt.h	Thu Dec  3 19:52:44 2015	(r291715)
>+++ head/sys/cam/cam_xpt.h	Thu Dec  3 20:54:55 2015	(r291716)
>@@ -70,6 +70,10 @@ void			xpt_action_default(union ccb *new
> union ccb		*xpt_alloc_ccb(void);
> union ccb		*xpt_alloc_ccb_nowait(void);
> void			xpt_free_ccb(union ccb *free_ccb);
>+void			xpt_setup_ccb_flags(struct ccb_hdr *ccb_h,
>+					    struct cam_path *path,
>+					    u_int32_t priority,
>+					    u_int32_t flags);
> void			xpt_setup_ccb(struct ccb_hdr *ccb_h,
> 				      struct cam_path *path,
> 				      u_int32_t priority);
>
>Modified: head/sys/cam/scsi/scsi_da.c
>==============================================================================
>--- head/sys/cam/scsi/scsi_da.c	Thu Dec  3 19:52:44 2015	(r291715)
>+++ head/sys/cam/scsi/scsi_da.c	Thu Dec  3 20:54:55 2015	(r291716)
>@@ -2328,29 +2328,40 @@ skipstate:
> 
> 		switch (bp->bio_cmd) {
> 		case BIO_WRITE:
>-			softc->flags |= DA_FLAG_DIRTY;
>-			/* FALLTHROUGH */
> 		case BIO_READ:
>+		{
>+			void *data_ptr;
>+			int rw_op;
>+
>+			if (bp->bio_cmd == BIO_WRITE) {
>+				softc->flags |= DA_FLAG_DIRTY;
>+				rw_op = SCSI_RW_WRITE;
>+			} else {
>+				rw_op = SCSI_RW_READ;
>+			}
>+
>+			data_ptr = bp->bio_data;
>+			if ((bp->bio_flags & (BIO_UNMAPPED|BIO_VLIST)) != 0) {
>+				rw_op |= SCSI_RW_BIO;
>+				data_ptr = bp;
>+			}
>+
> 			scsi_read_write(&start_ccb->csio,
> 					/*retries*/da_retry_count,
> 					/*cbfcnp*/dadone,
> 					/*tag_action*/tag_code,
>-					/*read_op*/(bp->bio_cmd == BIO_READ ?
>-					SCSI_RW_READ : SCSI_RW_WRITE) |
>-					((bp->bio_flags & BIO_UNMAPPED) != 0 ?
>-					SCSI_RW_BIO : 0),
>+					rw_op,
> 					/*byte2*/0,
> 					softc->minimum_cmd_size,
> 					/*lba*/bp->bio_pblkno,
> 					/*block_count*/bp->bio_bcount /
> 					softc->params.secsize,
>-					/*data_ptr*/ (bp->bio_flags &
>-					BIO_UNMAPPED) != 0 ? (void *)bp :
>-					bp->bio_data,
>+					data_ptr,
> 					/*dxfer_len*/ bp->bio_bcount,
> 					/*sense_len*/SSD_FULL_SIZE,
> 					da_default_timeout * 1000);
> 			break;
>+		}
> 		case BIO_FLUSH:
> 			/*
> 			 * BIO_FLUSH doesn't currently communicate
>
>Modified: head/sys/cam/scsi/scsi_pass.c
>==============================================================================
>--- head/sys/cam/scsi/scsi_pass.c	Thu Dec  3 19:52:44 2015	(r291715)
>+++ head/sys/cam/scsi/scsi_pass.c	Thu Dec  3 20:54:55 2015	(r291716)
>@@ -28,27 +28,39 @@
> #include <sys/cdefs.h>
> __FBSDID("$FreeBSD$");
> 
>+#include "opt_kdtrace.h"
>+
> #include <sys/param.h>
> #include <sys/systm.h>
> #include <sys/kernel.h>
>+#include <sys/conf.h>
> #include <sys/types.h>
> #include <sys/bio.h>
>-#include <sys/malloc.h>
>-#include <sys/fcntl.h>
>-#include <sys/conf.h>
>-#include <sys/errno.h>
>+#include <sys/bus.h>
> #include <sys/devicestat.h>
>+#include <sys/errno.h>
>+#include <sys/fcntl.h>
>+#include <sys/malloc.h>
> #include <sys/proc.h>
>+#include <sys/poll.h>
>+#include <sys/selinfo.h>
>+#include <sys/sdt.h>
> #include <sys/taskqueue.h>
>+#include <vm/uma.h>
>+#include <vm/vm.h>
>+#include <vm/vm_extern.h>
>+
>+#include <machine/bus.h>
> 
> #include <cam/cam.h>
> #include <cam/cam_ccb.h>
> #include <cam/cam_periph.h>
> #include <cam/cam_queue.h>
>+#include <cam/cam_xpt.h>
> #include <cam/cam_xpt_periph.h>
> #include <cam/cam_debug.h>
>-#include <cam/cam_sim.h>
> #include <cam/cam_compat.h>
>+#include <cam/cam_xpt_periph.h>
> 
> #include <cam/scsi/scsi_all.h>
> #include <cam/scsi/scsi_pass.h>
>@@ -57,7 +69,11 @@ typedef enum {
> 	PASS_FLAG_OPEN			= 0x01,
> 	PASS_FLAG_LOCKED		= 0x02,
> 	PASS_FLAG_INVALID		= 0x04,
>-	PASS_FLAG_INITIAL_PHYSPATH	= 0x08
>+	PASS_FLAG_INITIAL_PHYSPATH	= 0x08,
>+	PASS_FLAG_ZONE_INPROG		= 0x10,
>+	PASS_FLAG_ZONE_VALID		= 0x20,
>+	PASS_FLAG_UNMAPPED_CAPABLE	= 0x40,
>+	PASS_FLAG_ABANDONED_REF_SET	= 0x80
> } pass_flags;
> 
> typedef enum {
>@@ -65,38 +81,104 @@ typedef enum {
> } pass_state;
> 
> typedef enum {
>-	PASS_CCB_BUFFER_IO
>+	PASS_CCB_BUFFER_IO,
>+	PASS_CCB_QUEUED_IO
> } pass_ccb_types;
> 
> #define ccb_type	ppriv_field0
>-#define ccb_bp		ppriv_ptr1
>+#define ccb_ioreq	ppriv_ptr1
> 
>-struct pass_softc {
>-	pass_state	 state;
>-	pass_flags	 flags;
>-	u_int8_t	 pd_type;
>-	union ccb	 saved_ccb;
>-	int		 open_count;
>-	u_int		 maxio;
>-	struct devstat	*device_stats;
>-	struct cdev	*dev;
>-	struct cdev	*alias_dev;
>-	struct task	 add_physpath_task;
>+/*
>+ * The maximum number of memory segments we preallocate.
>+ */
>+#define	PASS_MAX_SEGS	16
>+
>+typedef enum {
>+	PASS_IO_NONE		= 0x00,
>+	PASS_IO_USER_SEG_MALLOC	= 0x01,
>+	PASS_IO_KERN_SEG_MALLOC	= 0x02,
>+	PASS_IO_ABANDONED	= 0x04
>+} pass_io_flags; 
>+
>+struct pass_io_req {
>+	union ccb			 ccb;
>+	union ccb			*alloced_ccb;
>+	union ccb			*user_ccb_ptr;
>+	camq_entry			 user_periph_links;
>+	ccb_ppriv_area			 user_periph_priv;
>+	struct cam_periph_map_info	 mapinfo;
>+	pass_io_flags			 flags;
>+	ccb_flags			 data_flags;
>+	int				 num_user_segs;
>+	bus_dma_segment_t		 user_segs[PASS_MAX_SEGS];
>+	int				 num_kern_segs;
>+	bus_dma_segment_t		 kern_segs[PASS_MAX_SEGS];
>+	bus_dma_segment_t		*user_segptr;
>+	bus_dma_segment_t		*kern_segptr;
>+	int				 num_bufs;
>+	uint32_t			 dirs[CAM_PERIPH_MAXMAPS];
>+	uint32_t			 lengths[CAM_PERIPH_MAXMAPS];
>+	uint8_t				*user_bufs[CAM_PERIPH_MAXMAPS];
>+	uint8_t				*kern_bufs[CAM_PERIPH_MAXMAPS];
>+	struct bintime			 start_time;
>+	TAILQ_ENTRY(pass_io_req)	 links;
> };
> 
>+struct pass_softc {
>+	pass_state		  state;
>+	pass_flags		  flags;
>+	u_int8_t		  pd_type;
>+	union ccb		  saved_ccb;
>+	int			  open_count;
>+	u_int		 	  maxio;
>+	struct devstat		 *device_stats;
>+	struct cdev		 *dev;
>+	struct cdev		 *alias_dev;
>+	struct task		  add_physpath_task;
>+	struct task		  shutdown_kqueue_task;
>+	struct selinfo		  read_select;
>+	TAILQ_HEAD(, pass_io_req) incoming_queue;
>+	TAILQ_HEAD(, pass_io_req) active_queue;
>+	TAILQ_HEAD(, pass_io_req) abandoned_queue;
>+	TAILQ_HEAD(, pass_io_req) done_queue;
>+	struct cam_periph	 *periph;
>+	char			  zone_name[12];
>+	char			  io_zone_name[12];
>+	uma_zone_t		  pass_zone;
>+	uma_zone_t		  pass_io_zone;
>+	size_t			  io_zone_size;
>+};
> 
> static	d_open_t	passopen;
> static	d_close_t	passclose;
> static	d_ioctl_t	passioctl;
> static	d_ioctl_t	passdoioctl;
>+static	d_poll_t	passpoll;
>+static	d_kqfilter_t	passkqfilter;
>+static	void		passreadfiltdetach(struct knote *kn);
>+static	int		passreadfilt(struct knote *kn, long hint);
> 
> static	periph_init_t	passinit;
> static	periph_ctor_t	passregister;
> static	periph_oninv_t	passoninvalidate;
> static	periph_dtor_t	passcleanup;
>-static void		pass_add_physpath(void *context, int pending);
>+static	periph_start_t	passstart;
>+static	void		pass_shutdown_kqueue(void *context, int pending);
>+static	void		pass_add_physpath(void *context, int pending);
> static	void		passasync(void *callback_arg, u_int32_t code,
> 				  struct cam_path *path, void *arg);
>+static	void		passdone(struct cam_periph *periph, 
>+				 union ccb *done_ccb);
>+static	int		passcreatezone(struct cam_periph *periph);
>+static	void		passiocleanup(struct pass_softc *softc, 
>+				      struct pass_io_req *io_req);
>+static	int		passcopysglist(struct cam_periph *periph,
>+				       struct pass_io_req *io_req,
>+				       ccb_flags direction);
>+static	int		passmemsetup(struct cam_periph *periph,
>+				     struct pass_io_req *io_req);
>+static	int		passmemdone(struct cam_periph *periph,
>+				    struct pass_io_req *io_req);
> static	int		passerror(union ccb *ccb, u_int32_t cam_flags, 
> 				  u_int32_t sense_flags);
> static 	int		passsendccb(struct cam_periph *periph, union ccb *ccb,
>@@ -116,9 +198,19 @@ static struct cdevsw pass_cdevsw = {
> 	.d_open =	passopen,
> 	.d_close =	passclose,
> 	.d_ioctl =	passioctl,
>+	.d_poll = 	passpoll,
>+	.d_kqfilter = 	passkqfilter,
> 	.d_name =	"pass",
> };
> 
>+static struct filterops passread_filtops = {
>+	.f_isfd	=	1,
>+	.f_detach =	passreadfiltdetach,
>+	.f_event =	passreadfilt
>+};
>+
>+static MALLOC_DEFINE(M_SCSIPASS, "scsi_pass", "scsi passthrough buffers");
>+
> static void
> passinit(void)
> {
>@@ -138,6 +230,60 @@ passinit(void)
> }
> 
> static void
>+passrejectios(struct cam_periph *periph)
>+{
>+	struct pass_io_req *io_req, *io_req2;
>+	struct pass_softc *softc;
>+
>+	softc = (struct pass_softc *)periph->softc;
>+
>+	/*
>+	 * The user can no longer get status for I/O on the done queue, so
>+	 * clean up all outstanding I/O on the done queue.
>+	 */
>+	TAILQ_FOREACH_SAFE(io_req, &softc->done_queue, links, io_req2) {
>+		TAILQ_REMOVE(&softc->done_queue, io_req, links);
>+		passiocleanup(softc, io_req);
>+		uma_zfree(softc->pass_zone, io_req);
>+	}
>+
>+	/*
>+	 * The underlying device is gone, so we can't issue these I/Os.
>+	 * The devfs node has been shut down, so we can't return status to
>+	 * the user.  Free any I/O left on the incoming queue.
>+	 */
>+	TAILQ_FOREACH_SAFE(io_req, &softc->incoming_queue, links, io_req2) {
>+		TAILQ_REMOVE(&softc->incoming_queue, io_req, links);
>+		passiocleanup(softc, io_req);
>+		uma_zfree(softc->pass_zone, io_req);
>+	}
>+
>+	/*
>+	 * Normally we would put I/Os on the abandoned queue and acquire a
>+	 * reference when we saw the final close.  But, the device went
>+	 * away and devfs may have moved everything off to deadfs by the
>+	 * time the I/O done callback is called; as a result, we won't see
>+	 * any more closes.  So, if we have any active I/Os, we need to put
>+	 * them on the abandoned queue.  When the abandoned queue is empty,
>+	 * we'll release the remaining reference (see below) to the peripheral.
>+	 */
>+	TAILQ_FOREACH_SAFE(io_req, &softc->active_queue, links, io_req2) {
>+		TAILQ_REMOVE(&softc->active_queue, io_req, links);
>+		io_req->flags |= PASS_IO_ABANDONED;
>+		TAILQ_INSERT_TAIL(&softc->abandoned_queue, io_req, links);
>+	}
>+
>+	/*
>+	 * If we put any I/O on the abandoned queue, acquire a reference.
>+	 */
>+	if ((!TAILQ_EMPTY(&softc->abandoned_queue))
>+	 && ((softc->flags & PASS_FLAG_ABANDONED_REF_SET) == 0)) {
>+		cam_periph_doacquire(periph);
>+		softc->flags |= PASS_FLAG_ABANDONED_REF_SET;
>+	}
>+}
>+
>+static void
> passdevgonecb(void *arg)
> {
> 	struct cam_periph *periph;
>@@ -165,17 +311,26 @@ passdevgonecb(void *arg)
> 
> 	/*
> 	 * Release the reference held for the device node, it is gone now.
>+	 * Accordingly, inform all queued I/Os of their fate.
> 	 */
> 	cam_periph_release_locked(periph);
>+	passrejectios(periph);
> 
> 	/*
>-	 * We reference the lock directly here, instead of using
>+	 * We reference the SIM lock directly here, instead of using
> 	 * cam_periph_unlock().  The reason is that the final call to
> 	 * cam_periph_release_locked() above could result in the periph
> 	 * getting freed.  If that is the case, dereferencing the periph
> 	 * with a cam_periph_unlock() call would cause a page fault.
> 	 */
> 	mtx_unlock(mtx);
>+
>+	/*
>+	 * We have to remove our kqueue context from a thread because it
>+	 * may sleep.  It would be nice if we could get a callback from
>+	 * kqueue when it is done cleaning up resources.
>+	 */
>+	taskqueue_enqueue(taskqueue_thread, &softc->shutdown_kqueue_task);
> }
> 
> static void
>@@ -197,12 +352,6 @@ passoninvalidate(struct cam_periph *peri
> 	 * when it has cleaned up its state.
> 	 */
> 	destroy_dev_sched_cb(softc->dev, passdevgonecb, periph);
>-
>-	/*
>-	 * XXX Return all queued I/O with ENXIO.
>-	 * XXX Handle any transactions queued to the card
>-	 *     with XPT_ABORT_CCB.
>-	 */
> }
> 
> static void
>@@ -212,9 +361,40 @@ passcleanup(struct cam_periph *periph)
> 
> 	softc = (struct pass_softc *)periph->softc;
> 
>+	cam_periph_assert(periph, MA_OWNED);
>+	KASSERT(TAILQ_EMPTY(&softc->active_queue),
>+		("%s called when there are commands on the active queue!\n",
>+		__func__));
>+	KASSERT(TAILQ_EMPTY(&softc->abandoned_queue),
>+		("%s called when there are commands on the abandoned queue!\n",
>+		__func__));
>+	KASSERT(TAILQ_EMPTY(&softc->incoming_queue),
>+		("%s called when there are commands on the incoming queue!\n",
>+		__func__));
>+	KASSERT(TAILQ_EMPTY(&softc->done_queue),
>+		("%s called when there are commands on the done queue!\n",
>+		__func__));
>+
> 	devstat_remove_entry(softc->device_stats);
> 
> 	cam_periph_unlock(periph);
>+
>+	/*
>+	 * We call taskqueue_drain() for the physpath task to make sure it
>+	 * is complete.  We drop the lock because this can potentially
>+	 * sleep.  XXX KDM that is bad.  Need a way to get a callback when
>+	 * a taskqueue is drained.
>+	 *
>+ 	 * Note that we don't drain the kqueue shutdown task queue.  This
>+	 * is because we hold a reference on the periph for kqueue, and
>+	 * release that reference from the kqueue shutdown task queue.  So
>+	 * we cannot come into this routine unless we've released that
>+	 * reference.  Also, because that could be the last reference, we
>+	 * could be called from the cam_periph_release() call in
>+	 * pass_shutdown_kqueue().  In that case, the taskqueue_drain()
>+	 * would deadlock.  It would be preferable if we had a way to
>+	 * get a callback when a taskqueue is done.
>+	 */
> 	taskqueue_drain(taskqueue_thread, &softc->add_physpath_task);
> 
> 	cam_periph_lock(periph);
>@@ -223,10 +403,29 @@ passcleanup(struct cam_periph *periph)
> }
> 
> static void
>+pass_shutdown_kqueue(void *context, int pending)
>+{
>+	struct cam_periph *periph;
>+	struct pass_softc *softc;
>+
>+	periph = context;
>+	softc = periph->softc;
>+
>+	knlist_clear(&softc->read_select.si_note, /*is_locked*/ 0);
>+	knlist_destroy(&softc->read_select.si_note);
>+
>+	/*
>+	 * Release the reference we held for kqueue.
>+	 */
>+	cam_periph_release(periph);
>+}
>+
>+static void
> pass_add_physpath(void *context, int pending)
> {
> 	struct cam_periph *periph;
> 	struct pass_softc *softc;
>+	struct mtx *mtx;
> 	char *physpath;
> 
> 	/*
>@@ -236,34 +435,38 @@ pass_add_physpath(void *context, int pen
> 	periph = context;
> 	softc = periph->softc;
> 	physpath = malloc(MAXPATHLEN, M_DEVBUF, M_WAITOK);
>-	cam_periph_lock(periph);
>-	if (periph->flags & CAM_PERIPH_INVALID) {
>-		cam_periph_unlock(periph);
>+	mtx = cam_periph_mtx(periph);
>+	mtx_lock(mtx);
>+
>+	if (periph->flags & CAM_PERIPH_INVALID)
> 		goto out;
>-	}
>+
> 	if (xpt_getattr(physpath, MAXPATHLEN,
> 			"GEOM::physpath", periph->path) == 0
> 	 && strlen(physpath) != 0) {
> 
>-		cam_periph_unlock(periph);
>+		mtx_unlock(mtx);
> 		make_dev_physpath_alias(MAKEDEV_WAITOK, &softc->alias_dev,
> 					softc->dev, softc->alias_dev, physpath);
>-		cam_periph_lock(periph);
>+		mtx_lock(mtx);
> 	}
> 
>+out:
> 	/*
> 	 * Now that we've made our alias, we no longer have to have a
> 	 * reference to the device.
> 	 */
>-	if ((softc->flags & PASS_FLAG_INITIAL_PHYSPATH) == 0) {
>+	if ((softc->flags & PASS_FLAG_INITIAL_PHYSPATH) == 0)
> 		softc->flags |= PASS_FLAG_INITIAL_PHYSPATH;
>-		cam_periph_unlock(periph);
>-		dev_rel(softc->dev);
>-	}
>-	else
>-		cam_periph_unlock(periph);
> 
>-out:
>+	/*
>+	 * We always acquire a reference to the periph before queueing this
>+	 * task queue function, so it won't go away before we run.
>+	 */
>+	while (pending-- > 0)
>+		cam_periph_release_locked(periph);
>+	mtx_unlock(mtx);
>+
> 	free(physpath, M_DEVBUF);
> }
> 
>@@ -291,7 +494,7 @@ passasync(void *callback_arg, u_int32_t 
> 		 * process.
> 		 */
> 		status = cam_periph_alloc(passregister, passoninvalidate,
>-					  passcleanup, NULL, "pass",
>+					  passcleanup, passstart, "pass",
> 					  CAM_PERIPH_BIO, path,
> 					  passasync, AC_FOUND_DEVICE, cgd);
> 
>@@ -315,8 +518,19 @@ passasync(void *callback_arg, u_int32_t 
> 		buftype = (uintptr_t)arg;
> 		if (buftype == CDAI_TYPE_PHYS_PATH) {
> 			struct pass_softc *softc;
>+			cam_status status;
> 
> 			softc = (struct pass_softc *)periph->softc;
>+			/*
>+			 * Acquire a reference to the periph before we
>+			 * start the taskqueue, so that we don't run into
>+			 * a situation where the periph goes away before
>+			 * the task queue has a chance to run.
>+			 */
>+			status = cam_periph_acquire(periph);
>+			if (status != CAM_REQ_CMP)
>+				break;
>+
> 			taskqueue_enqueue(taskqueue_thread,
> 					  &softc->add_physpath_task);
> 		}
>@@ -361,6 +575,17 @@ passregister(struct cam_periph *periph, 
> 		softc->pd_type = T_DIRECT;
> 
> 	periph->softc = softc;
>+	softc->periph = periph;
>+	TAILQ_INIT(&softc->incoming_queue);
>+	TAILQ_INIT(&softc->active_queue);
>+	TAILQ_INIT(&softc->abandoned_queue);
>+	TAILQ_INIT(&softc->done_queue);
>+	snprintf(softc->zone_name, sizeof(softc->zone_name), "%s%d",
>+		 periph->periph_name, periph->unit_number);
>+	snprintf(softc->io_zone_name, sizeof(softc->io_zone_name), "%s%dIO",
>+		 periph->periph_name, periph->unit_number);
>+	softc->io_zone_size = MAXPHYS;
>+	knlist_init_mtx(&softc->read_select.si_note, cam_periph_mtx(periph));
> 
> 	bzero(&cpi, sizeof(cpi));
> 	xpt_setup_ccb(&cpi.ccb_h, periph->path, CAM_PRIORITY_NORMAL);
>@@ -374,6 +599,9 @@ passregister(struct cam_periph *periph, 
> 	else
> 		softc->maxio = cpi.maxio;	/* real value */
> 
>+	if (cpi.hba_misc & PIM_UNMAPPED)
>+		softc->flags |= PASS_FLAG_UNMAPPED_CAPABLE;
>+
> 	/*
> 	 * We pass in 0 for a blocksize, since we don't 
> 	 * know what the blocksize of this device is, if 
>@@ -391,6 +619,23 @@ passregister(struct cam_periph *periph, 
> 			  DEVSTAT_PRIORITY_PASS);
> 
> 	/*
>+	 * Initialize the taskqueue handler for shutting down kqueue.
>+	 */
>+	TASK_INIT(&softc->shutdown_kqueue_task, /*priority*/ 0,
>+		  pass_shutdown_kqueue, periph);
>+
>+	/*
>+	 * Acquire a reference to the periph that we can release once we've
>+	 * cleaned up the kqueue.
>+	 */
>+	if (cam_periph_acquire(periph) != CAM_REQ_CMP) {
>+		xpt_print(periph->path, "%s: lost periph during "
>+			  "registration!\n", __func__);
>+		cam_periph_lock(periph);
>+		return (CAM_REQ_CMP_ERR);
>+	}
>+
>+	/*
> 	 * Acquire a reference to the periph before we create the devfs
> 	 * instance for it.  We'll release this reference once the devfs
> 	 * instance has been freed.
>@@ -408,12 +653,15 @@ passregister(struct cam_periph *periph, 
> 			      periph->periph_name, periph->unit_number);
> 
> 	/*
>-	 * Now that we have made the devfs instance, hold a reference to it
>-	 * until the task queue has run to setup the physical path alias.
>-	 * That way devfs won't get rid of the device before we add our
>-	 * alias.
>+	 * Hold a reference to the periph before we create the physical
>+	 * path alias so it can't go away.
> 	 */
>-	dev_ref(softc->dev);
>+	if (cam_periph_acquire(periph) != CAM_REQ_CMP) {
>+		xpt_print(periph->path, "%s: lost periph during "
>+			  "registration!\n", __func__);
>+		cam_periph_lock(periph);
>+		return (CAM_REQ_CMP_ERR);
>+	}
> 
> 	cam_periph_lock(periph);
> 	softc->dev->si_drv1 = periph;
>@@ -514,6 +762,55 @@ passclose(struct cdev *dev, int flag, in
> 	softc = periph->softc;
> 	softc->open_count--;
> 
>+	if (softc->open_count == 0) {
>+		struct pass_io_req *io_req, *io_req2;
>+		int need_unlock;
>+
>+		need_unlock = 0;
>+
>+		TAILQ_FOREACH_SAFE(io_req, &softc->done_queue, links, io_req2) {
>+			TAILQ_REMOVE(&softc->done_queue, io_req, links);
>+			passiocleanup(softc, io_req);
>+			uma_zfree(softc->pass_zone, io_req);
>+		}
>+
>+		TAILQ_FOREACH_SAFE(io_req, &softc->incoming_queue, links,
>+				   io_req2) {
>+			TAILQ_REMOVE(&softc->incoming_queue, io_req, links);
>+			passiocleanup(softc, io_req);
>+			uma_zfree(softc->pass_zone, io_req);
>+		}
>+
>+		/*
>+		 * If there are any active I/Os, we need to forcibly acquire a
>+		 * reference to the peripheral so that we don't go away
>+		 * before they complete.  We'll release the reference when
>+		 * the abandoned queue is empty.
>+		 */
>+		io_req = TAILQ_FIRST(&softc->active_queue);
>+		if ((io_req != NULL)
>+		 && (softc->flags & PASS_FLAG_ABANDONED_REF_SET) == 0) {
>+			cam_periph_doacquire(periph);
>+			softc->flags |= PASS_FLAG_ABANDONED_REF_SET;
>+		}
>+
>+		/*
>+		 * Since the I/O in the active queue is not under our
>+		 * control, just set a flag so that we can clean it up when
>+		 * it completes and put it on the abandoned queue.  This
>+		 * will prevent our sending spurious completions in the
>+		 * event that the device is opened again before these I/Os
>+		 * complete.
>+		 */
>+		TAILQ_FOREACH_SAFE(io_req, &softc->active_queue, links,
>+				   io_req2) {
>+			TAILQ_REMOVE(&softc->active_queue, io_req, links);
>+			io_req->flags |= PASS_IO_ABANDONED;
>+			TAILQ_INSERT_TAIL(&softc->abandoned_queue, io_req,
>+					  links);
>+		}
>+	}
>+
> 	cam_periph_release_locked(periph);
> 
> 	/*
>@@ -533,121 +830,1338 @@ passclose(struct cdev *dev, int flag, in
> 	return (0);
> }
> 
>-static int
>-passioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td)
>-{
>-	int error;
>-
>-	if ((error = passdoioctl(dev, cmd, addr, flag, td)) == ENOTTY) {
>-		error = cam_compat_ioctl(dev, cmd, addr, flag, td, passdoioctl);
>-	}
>-	return (error);
>-}
> 
>-static int
>-passdoioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flag, struct thread *td)
>+static void
>+passstart(struct cam_periph *periph, union ccb *start_ccb)
> {
>-	struct	cam_periph *periph;
>-	int	error;
>-	uint32_t priority;
>-
>-	periph = (struct cam_periph *)dev->si_drv1;
>-	if (periph == NULL)
>-		return(ENXIO);
>-
>-	cam_periph_lock(periph);
>-
>-	error = 0;
>-
>-	switch (cmd) {
>+	struct pass_softc *softc;
> 
>-	case CAMIOCOMMAND:
>-	{
>-		union ccb *inccb;
>-		union ccb *ccb;
>-		int ccb_malloced;
>+	softc = (struct pass_softc *)periph->softc;
> 
>-		inccb = (union ccb *)addr;
>+	switch (softc->state) {
>+	case PASS_STATE_NORMAL: {
>+		struct pass_io_req *io_req;
> 
> 		/*
>-		 * Some CCB types, like scan bus and scan lun can only go
>-		 * through the transport layer device.
>+		 * Check for any queued I/O requests that require an
>+		 * allocated slot.
> 		 */
>-		if (inccb->ccb_h.func_code & XPT_FC_XPT_ONLY) {
>-			xpt_print(periph->path, "CCB function code %#x is "
>-			    "restricted to the XPT device\n",
>-			    inccb->ccb_h.func_code);
>-			error = ENODEV;
>+		io_req = TAILQ_FIRST(&softc->incoming_queue);
>+		if (io_req == NULL) {
>+			xpt_release_ccb(start_ccb);
> 			break;
> 		}
>+		TAILQ_REMOVE(&softc->incoming_queue, io_req, links);
>+		TAILQ_INSERT_TAIL(&softc->active_queue, io_req, links);
>+		/*
>+		 * Merge the user's CCB into the allocated CCB.
>+		 */
>+		xpt_merge_ccb(start_ccb, &io_req->ccb);
>+		start_ccb->ccb_h.ccb_type = PASS_CCB_QUEUED_IO;
>+		start_ccb->ccb_h.ccb_ioreq = io_req;
>+		start_ccb->ccb_h.cbfcnp = passdone;
>+		io_req->alloced_ccb = start_ccb;
>+		binuptime(&io_req->start_time);
>+		devstat_start_transaction(softc->device_stats,
>
>*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
>




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75635FDB-E85F-4F0A-8EDC-8A29F8A095BE>