1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI PCI chip/adapters
5  *      running LSI Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2008 LSI Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16 
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21 
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32 
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41 
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47 
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>	/* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/mutex.h>
58 #include <linux/compat.h>
59 
60 #include <asm/io.h>
61 #include <linux/uaccess.h>
62 
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68 
69 #define COPYRIGHT	"Copyright (c) 1999-2008 LSI Corporation"
70 #define MODULEAUTHOR	"LSI Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73 
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME		"Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION	MPT_LINUX_VERSION_COMMON
77 #define MYNAM		"mptctl"
78 
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83 
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85 
86 static DEFINE_MUTEX(mpctl_mutex);
87 static u8 mptctl_id = MPT_MAX_PROTOCOL_DRIVERS;
88 static u8 mptctl_taskmgmt_id = MPT_MAX_PROTOCOL_DRIVERS;
89 
90 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
91 
92 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
93 
94 struct buflist {
95 	u8	*kptr;
96 	int	 len;
97 };
98 
99 /*
100  * Function prototypes. Called from OS entry point mptctl_ioctl.
101  * arg contents specific to function.
102  */
103 static int mptctl_fw_download(MPT_ADAPTER *iocp, unsigned long arg);
104 static int mptctl_getiocinfo(MPT_ADAPTER *iocp, unsigned long arg, unsigned int cmd);
105 static int mptctl_gettargetinfo(MPT_ADAPTER *iocp, unsigned long arg);
106 static int mptctl_readtest(MPT_ADAPTER *iocp, unsigned long arg);
107 static int mptctl_mpt_command(MPT_ADAPTER *iocp, unsigned long arg);
108 static int mptctl_eventquery(MPT_ADAPTER *iocp, unsigned long arg);
109 static int mptctl_eventenable(MPT_ADAPTER *iocp, unsigned long arg);
110 static int mptctl_eventreport(MPT_ADAPTER *iocp, unsigned long arg);
111 static int mptctl_replace_fw(MPT_ADAPTER *iocp, unsigned long arg);
112 
113 static int mptctl_do_reset(MPT_ADAPTER *iocp, unsigned long arg);
114 static int mptctl_hp_hostinfo(MPT_ADAPTER *iocp, unsigned long arg, unsigned int cmd);
115 static int mptctl_hp_targetinfo(MPT_ADAPTER *iocp, unsigned long arg);
116 
117 static int  mptctl_probe(struct pci_dev *);
118 static void mptctl_remove(struct pci_dev *);
119 
120 #ifdef CONFIG_COMPAT
121 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
122 #endif
123 /*
124  * Private function calls.
125  */
126 static int mptctl_do_mpt_command(MPT_ADAPTER *iocp, struct mpt_ioctl_command karg, void __user *mfPtr);
127 static int mptctl_do_fw_download(MPT_ADAPTER *iocp, char __user *ufwbuf, size_t fwlen);
128 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
129 		struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
130 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
131 		struct buflist *buflist, MPT_ADAPTER *ioc);
132 
133 /*
134  * Reset Handler cleanup function
135  */
136 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
137 
138 /*
139  * Event Handler function
140  */
141 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
142 static struct fasync_struct *async_queue=NULL;
143 
144 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
145 /*
146  * Scatter gather list (SGL) sizes and limits...
147  */
148 //#define MAX_SCSI_FRAGS	9
149 #define MAX_FRAGS_SPILL1	9
150 #define MAX_FRAGS_SPILL2	15
151 #define FRAGS_PER_BUCKET	(MAX_FRAGS_SPILL2 + 1)
152 
153 //#define MAX_CHAIN_FRAGS	64
154 //#define MAX_CHAIN_FRAGS	(15+15+15+16)
155 #define MAX_CHAIN_FRAGS		(4 * MAX_FRAGS_SPILL2 + 1)
156 
157 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
158 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
159 //                  ^----------------- 80 + 512
160 #define MAX_SGL_BYTES		((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
161 
162 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
163 #define MAX_KMALLOC_SZ		(128*1024)
164 
165 #define MPT_IOCTL_DEFAULT_TIMEOUT 10	/* Default timeout value (seconds) */
166 
167 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
168 /**
169  *	mptctl_syscall_down - Down the MPT adapter syscall semaphore.
170  *	@ioc: Pointer to MPT adapter
171  *	@nonblock: boolean, non-zero if O_NONBLOCK is set
172  *
173  *	All of the ioctl commands can potentially sleep, which is illegal
174  *	with a spinlock held, thus we perform mutual exclusion here.
175  *
176  *	Returns negative errno on error, or zero for success.
177  */
178 static inline int
mptctl_syscall_down(MPT_ADAPTER * ioc,int nonblock)179 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
180 {
181 	int rc = 0;
182 
183 	if (nonblock) {
184 		if (!mutex_trylock(&ioc->ioctl_cmds.mutex))
185 			rc = -EAGAIN;
186 	} else {
187 		if (mutex_lock_interruptible(&ioc->ioctl_cmds.mutex))
188 			rc = -ERESTARTSYS;
189 	}
190 	return rc;
191 }
192 
193 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
194 /*
195  *  This is the callback for any message we have posted. The message itself
196  *  will be returned to the message pool when we return from the IRQ
197  *
198  *  This runs in irq context so be short and sweet.
199  */
200 static int
mptctl_reply(MPT_ADAPTER * ioc,MPT_FRAME_HDR * req,MPT_FRAME_HDR * reply)201 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
202 {
203 	char	*sense_data;
204 	int	req_index;
205 	int	sz;
206 
207 	if (!req)
208 		return 0;
209 
210 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "completing mpi function "
211 	    "(0x%02X), req=%p, reply=%p\n", ioc->name,  req->u.hdr.Function,
212 	    req, reply));
213 
214 	/*
215 	 * Handling continuation of the same reply. Processing the first
216 	 * reply, and eating the other replys that come later.
217 	 */
218 	if (ioc->ioctl_cmds.msg_context != req->u.hdr.MsgContext)
219 		goto out_continuation;
220 
221 	ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
222 
223 	if (!reply)
224 		goto out;
225 
226 	ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
227 	sz = min(ioc->reply_sz, 4*reply->u.reply.MsgLength);
228 	memcpy(ioc->ioctl_cmds.reply, reply, sz);
229 
230 	if (reply->u.reply.IOCStatus || reply->u.reply.IOCLogInfo)
231 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
232 		    "iocstatus (0x%04X), loginfo (0x%08X)\n", ioc->name,
233 		    le16_to_cpu(reply->u.reply.IOCStatus),
234 		    le32_to_cpu(reply->u.reply.IOCLogInfo)));
235 
236 	if ((req->u.hdr.Function == MPI_FUNCTION_SCSI_IO_REQUEST) ||
237 		(req->u.hdr.Function ==
238 		 MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
239 
240 		if (reply->u.sreply.SCSIStatus || reply->u.sreply.SCSIState)
241 			dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
242 			"scsi_status (0x%02x), scsi_state (0x%02x), "
243 			"tag = (0x%04x), transfer_count (0x%08x)\n", ioc->name,
244 			reply->u.sreply.SCSIStatus,
245 			reply->u.sreply.SCSIState,
246 			le16_to_cpu(reply->u.sreply.TaskTag),
247 			le32_to_cpu(reply->u.sreply.TransferCount)));
248 
249 		if (reply->u.sreply.SCSIState &
250 			MPI_SCSI_STATE_AUTOSENSE_VALID) {
251 			sz = req->u.scsireq.SenseBufferLength;
252 			req_index =
253 			    le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
254 			sense_data = ((u8 *)ioc->sense_buf_pool +
255 			     (req_index * MPT_SENSE_BUFFER_ALLOC));
256 			memcpy(ioc->ioctl_cmds.sense, sense_data, sz);
257 			ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_SENSE_VALID;
258 		}
259 	}
260 
261  out:
262 	/* We are done, issue wake up
263 	 */
264 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_PENDING) {
265 		if (req->u.hdr.Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
266 			mpt_clear_taskmgmt_in_progress_flag(ioc);
267 			ioc->ioctl_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
268 			complete(&ioc->ioctl_cmds.done);
269 			if (ioc->bus_type == SAS)
270 				ioc->schedule_target_reset(ioc);
271 		} else {
272 			ioc->ioctl_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
273 			complete(&ioc->ioctl_cmds.done);
274 		}
275 	}
276 
277  out_continuation:
278 	if (reply && (reply->u.reply.MsgFlags &
279 	    MPI_MSGFLAGS_CONTINUATION_REPLY))
280 		return 0;
281 	return 1;
282 }
283 
284 
285 static int
mptctl_taskmgmt_reply(MPT_ADAPTER * ioc,MPT_FRAME_HDR * mf,MPT_FRAME_HDR * mr)286 mptctl_taskmgmt_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *mf, MPT_FRAME_HDR *mr)
287 {
288 	if (!mf)
289 		return 0;
290 
291 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
292 		"TaskMgmt completed (mf=%p, mr=%p)\n",
293 		ioc->name, mf, mr));
294 
295 	ioc->taskmgmt_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
296 
297 	if (!mr)
298 		goto out;
299 
300 	ioc->taskmgmt_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
301 	memcpy(ioc->taskmgmt_cmds.reply, mr,
302 	    min(MPT_DEFAULT_FRAME_SIZE, 4 * mr->u.reply.MsgLength));
303  out:
304 	if (ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_PENDING) {
305 		mpt_clear_taskmgmt_in_progress_flag(ioc);
306 		ioc->taskmgmt_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
307 		complete(&ioc->taskmgmt_cmds.done);
308 		if (ioc->bus_type == SAS)
309 			ioc->schedule_target_reset(ioc);
310 		return 1;
311 	}
312 	return 0;
313 }
314 
315 static int
mptctl_do_taskmgmt(MPT_ADAPTER * ioc,u8 tm_type,u8 bus_id,u8 target_id)316 mptctl_do_taskmgmt(MPT_ADAPTER *ioc, u8 tm_type, u8 bus_id, u8 target_id)
317 {
318 	MPT_FRAME_HDR	*mf;
319 	SCSITaskMgmt_t	*pScsiTm;
320 	SCSITaskMgmtReply_t *pScsiTmReply;
321 	int		 ii;
322 	int		 retval;
323 	unsigned long	 timeout;
324 	u16		 iocstatus;
325 
326 
327 	mutex_lock(&ioc->taskmgmt_cmds.mutex);
328 	if (mpt_set_taskmgmt_in_progress_flag(ioc) != 0) {
329 		mutex_unlock(&ioc->taskmgmt_cmds.mutex);
330 		return -EPERM;
331 	}
332 
333 	retval = 0;
334 
335 	mf = mpt_get_msg_frame(mptctl_taskmgmt_id, ioc);
336 	if (mf == NULL) {
337 		dtmprintk(ioc,
338 			printk(MYIOC_s_WARN_FMT "TaskMgmt, no msg frames!!\n",
339 			ioc->name));
340 		mpt_clear_taskmgmt_in_progress_flag(ioc);
341 		retval = -ENOMEM;
342 		goto tm_done;
343 	}
344 
345 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT "TaskMgmt request (mf=%p)\n",
346 		ioc->name, mf));
347 
348 	pScsiTm = (SCSITaskMgmt_t *) mf;
349 	memset(pScsiTm, 0, sizeof(SCSITaskMgmt_t));
350 	pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
351 	pScsiTm->TaskType = tm_type;
352 	if ((tm_type == MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS) &&
353 		(ioc->bus_type == FC))
354 		pScsiTm->MsgFlags =
355 				MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
356 	pScsiTm->TargetID = target_id;
357 	pScsiTm->Bus = bus_id;
358 	pScsiTm->ChainOffset = 0;
359 	pScsiTm->Reserved = 0;
360 	pScsiTm->Reserved1 = 0;
361 	pScsiTm->TaskMsgContext = 0;
362 	for (ii= 0; ii < 8; ii++)
363 		pScsiTm->LUN[ii] = 0;
364 	for (ii=0; ii < 7; ii++)
365 		pScsiTm->Reserved2[ii] = 0;
366 
367 	switch (ioc->bus_type) {
368 	case FC:
369 		timeout = 40;
370 		break;
371 	case SAS:
372 		timeout = 30;
373 		break;
374 	case SPI:
375 		default:
376 		timeout = 10;
377 		break;
378 	}
379 
380 	dtmprintk(ioc,
381 		printk(MYIOC_s_DEBUG_FMT "TaskMgmt type=%d timeout=%ld\n",
382 		ioc->name, tm_type, timeout));
383 
384 	INITIALIZE_MGMT_STATUS(ioc->taskmgmt_cmds.status)
385 	if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
386 	    (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
387 		mpt_put_msg_frame_hi_pri(mptctl_taskmgmt_id, ioc, mf);
388 	else {
389 		retval = mpt_send_handshake_request(mptctl_taskmgmt_id, ioc,
390 		    sizeof(SCSITaskMgmt_t), (u32 *)pScsiTm, CAN_SLEEP);
391 		if (retval != 0) {
392 			dfailprintk(ioc,
393 				printk(MYIOC_s_ERR_FMT
394 				"TaskMgmt send_handshake FAILED!"
395 				" (ioc %p, mf %p, rc=%d) \n", ioc->name,
396 				ioc, mf, retval));
397 			mpt_free_msg_frame(ioc, mf);
398 			mpt_clear_taskmgmt_in_progress_flag(ioc);
399 			goto tm_done;
400 		}
401 	}
402 
403 	/* Now wait for the command to complete */
404 	ii = wait_for_completion_timeout(&ioc->taskmgmt_cmds.done, timeout*HZ);
405 
406 	if (!(ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
407 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
408 		    "TaskMgmt failed\n", ioc->name));
409 		mpt_free_msg_frame(ioc, mf);
410 		mpt_clear_taskmgmt_in_progress_flag(ioc);
411 		if (ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET)
412 			retval = 0;
413 		else
414 			retval = -1; /* return failure */
415 		goto tm_done;
416 	}
417 
418 	if (!(ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_RF_VALID)) {
419 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
420 		    "TaskMgmt failed\n", ioc->name));
421 		retval = -1; /* return failure */
422 		goto tm_done;
423 	}
424 
425 	pScsiTmReply = (SCSITaskMgmtReply_t *) ioc->taskmgmt_cmds.reply;
426 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
427 	    "TaskMgmt fw_channel = %d, fw_id = %d, task_type=0x%02X, "
428 	    "iocstatus=0x%04X\n\tloginfo=0x%08X, response_code=0x%02X, "
429 	    "term_cmnds=%d\n", ioc->name, pScsiTmReply->Bus,
430 	    pScsiTmReply->TargetID, tm_type,
431 	    le16_to_cpu(pScsiTmReply->IOCStatus),
432 	    le32_to_cpu(pScsiTmReply->IOCLogInfo),
433 	    pScsiTmReply->ResponseCode,
434 	    le32_to_cpu(pScsiTmReply->TerminationCount)));
435 
436 	iocstatus = le16_to_cpu(pScsiTmReply->IOCStatus) & MPI_IOCSTATUS_MASK;
437 
438 	if (iocstatus == MPI_IOCSTATUS_SCSI_TASK_TERMINATED ||
439 	   iocstatus == MPI_IOCSTATUS_SCSI_IOC_TERMINATED ||
440 	   iocstatus == MPI_IOCSTATUS_SUCCESS)
441 		retval = 0;
442 	else {
443 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
444 		    "TaskMgmt failed\n", ioc->name));
445 		retval = -1; /* return failure */
446 	}
447 
448  tm_done:
449 	mutex_unlock(&ioc->taskmgmt_cmds.mutex);
450 	CLEAR_MGMT_STATUS(ioc->taskmgmt_cmds.status)
451 	return retval;
452 }
453 
454 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
455 /* mptctl_timeout_expired
456  *
457  * Expecting an interrupt, however timed out.
458  *
459  */
460 static void
mptctl_timeout_expired(MPT_ADAPTER * ioc,MPT_FRAME_HDR * mf)461 mptctl_timeout_expired(MPT_ADAPTER *ioc, MPT_FRAME_HDR *mf)
462 {
463 	unsigned long flags;
464 	int ret_val = -1;
465 	SCSIIORequest_t *scsi_req = (SCSIIORequest_t *) mf;
466 	u8 function = mf->u.hdr.Function;
467 
468 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": %s\n",
469 		ioc->name, __func__));
470 
471 	if (mpt_fwfault_debug)
472 		mpt_halt_firmware(ioc);
473 
474 	spin_lock_irqsave(&ioc->taskmgmt_lock, flags);
475 	if (ioc->ioc_reset_in_progress) {
476 		spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
477 		CLEAR_MGMT_PENDING_STATUS(ioc->ioctl_cmds.status)
478 		mpt_free_msg_frame(ioc, mf);
479 		return;
480 	}
481 	spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
482 
483 
484 	CLEAR_MGMT_PENDING_STATUS(ioc->ioctl_cmds.status)
485 
486 	if (ioc->bus_type == SAS) {
487 		if (function == MPI_FUNCTION_SCSI_IO_REQUEST)
488 			ret_val = mptctl_do_taskmgmt(ioc,
489 				MPI_SCSITASKMGMT_TASKTYPE_TARGET_RESET,
490 				scsi_req->Bus, scsi_req->TargetID);
491 		else if (function == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)
492 			ret_val = mptctl_do_taskmgmt(ioc,
493 				MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS,
494 				scsi_req->Bus, 0);
495 		if (!ret_val)
496 			return;
497 	} else {
498 		if ((function == MPI_FUNCTION_SCSI_IO_REQUEST) ||
499 			(function == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH))
500 			ret_val = mptctl_do_taskmgmt(ioc,
501 				MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS,
502 				scsi_req->Bus, 0);
503 		if (!ret_val)
504 			return;
505 	}
506 
507 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Calling Reset! \n",
508 		 ioc->name));
509 	mpt_Soft_Hard_ResetHandler(ioc, CAN_SLEEP);
510 	mpt_free_msg_frame(ioc, mf);
511 }
512 
513 
514 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
515 /* mptctl_ioc_reset
516  *
517  * Clean-up functionality. Used only if there has been a
518  * reload of the FW due.
519  *
520  */
521 static int
mptctl_ioc_reset(MPT_ADAPTER * ioc,int reset_phase)522 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
523 {
524 	switch(reset_phase) {
525 	case MPT_IOC_SETUP_RESET:
526 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
527 		    "%s: MPT_IOC_SETUP_RESET\n", ioc->name, __func__));
528 		break;
529 	case MPT_IOC_PRE_RESET:
530 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
531 		    "%s: MPT_IOC_PRE_RESET\n", ioc->name, __func__));
532 		break;
533 	case MPT_IOC_POST_RESET:
534 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
535 		    "%s: MPT_IOC_POST_RESET\n", ioc->name, __func__));
536 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_PENDING) {
537 			ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_DID_IOCRESET;
538 			complete(&ioc->ioctl_cmds.done);
539 		}
540 		break;
541 	default:
542 		break;
543 	}
544 
545 	return 1;
546 }
547 
548 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
549 /* ASYNC Event Notification Support */
550 static int
mptctl_event_process(MPT_ADAPTER * ioc,EventNotificationReply_t * pEvReply)551 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
552 {
553 	u8 event;
554 
555 	event = le32_to_cpu(pEvReply->Event) & 0xFF;
556 
557 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "%s() called\n",
558 	    ioc->name, __func__));
559 	if(async_queue == NULL)
560 		return 1;
561 
562 	/* Raise SIGIO for persistent events.
563 	 * TODO - this define is not in MPI spec yet,
564 	 * but they plan to set it to 0x21
565 	 */
566 	if (event == 0x21) {
567 		ioc->aen_event_read_flag=1;
568 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Raised SIGIO to application\n",
569 		    ioc->name));
570 		devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
571 		    "Raised SIGIO to application\n", ioc->name));
572 		kill_fasync(&async_queue, SIGIO, POLL_IN);
573 		return 1;
574 	 }
575 
576 	/* This flag is set after SIGIO was raised, and
577 	 * remains set until the application has read
578 	 * the event log via ioctl=MPTEVENTREPORT
579 	 */
580 	if(ioc->aen_event_read_flag)
581 		return 1;
582 
583 	/* Signal only for the events that are
584 	 * requested for by the application
585 	 */
586 	if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
587 		ioc->aen_event_read_flag=1;
588 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
589 		    "Raised SIGIO to application\n", ioc->name));
590 		devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
591 		    "Raised SIGIO to application\n", ioc->name));
592 		kill_fasync(&async_queue, SIGIO, POLL_IN);
593 	}
594 	return 1;
595 }
596 
597 static int
mptctl_fasync(int fd,struct file * filep,int mode)598 mptctl_fasync(int fd, struct file *filep, int mode)
599 {
600 	MPT_ADAPTER	*ioc;
601 	int ret;
602 
603 	mutex_lock(&mpctl_mutex);
604 	list_for_each_entry(ioc, &ioc_list, list)
605 		ioc->aen_event_read_flag=0;
606 
607 	ret = fasync_helper(fd, filep, mode, &async_queue);
608 	mutex_unlock(&mpctl_mutex);
609 	return ret;
610 }
611 
612 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
613 /*
614  *  MPT ioctl handler
615  *  cmd - specify the particular IOCTL command to be issued
616  *  arg - data specific to the command. Must not be null.
617  */
618 static long
__mptctl_ioctl(struct file * file,unsigned int cmd,unsigned long arg)619 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
620 {
621 	mpt_ioctl_header __user *uhdr = (void __user *) arg;
622 	mpt_ioctl_header	 khdr;
623 	unsigned iocnumX;
624 	int nonblock = (file->f_flags & O_NONBLOCK);
625 	int ret;
626 	MPT_ADAPTER *iocp = NULL;
627 
628 	if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
629 		printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d - "
630 				"Unable to copy mpt_ioctl_header data @ %p\n",
631 				__FILE__, __LINE__, uhdr);
632 		return -EFAULT;
633 	}
634 	ret = -ENXIO;				/* (-6) No such device or address */
635 
636 	/* Verify intended MPT adapter - set iocnumX and the adapter
637 	 * pointer (iocp)
638 	 */
639 	iocnumX = khdr.iocnum & 0xFF;
640 	if ((mpt_verify_adapter(iocnumX, &iocp) < 0) || (iocp == NULL))
641 		return -ENODEV;
642 
643 	if (!iocp->active) {
644 		printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - Controller disabled.\n",
645 				__FILE__, __LINE__);
646 		return -EFAULT;
647 	}
648 
649 	/* Handle those commands that are just returning
650 	 * information stored in the driver.
651 	 * These commands should never time out and are unaffected
652 	 * by TM and FW reloads.
653 	 */
654 	if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
655 		return mptctl_getiocinfo(iocp, arg, _IOC_SIZE(cmd));
656 	} else if (cmd == MPTTARGETINFO) {
657 		return mptctl_gettargetinfo(iocp, arg);
658 	} else if (cmd == MPTTEST) {
659 		return mptctl_readtest(iocp, arg);
660 	} else if (cmd == MPTEVENTQUERY) {
661 		return mptctl_eventquery(iocp, arg);
662 	} else if (cmd == MPTEVENTENABLE) {
663 		return mptctl_eventenable(iocp, arg);
664 	} else if (cmd == MPTEVENTREPORT) {
665 		return mptctl_eventreport(iocp, arg);
666 	} else if (cmd == MPTFWREPLACE) {
667 		return mptctl_replace_fw(iocp, arg);
668 	}
669 
670 	/* All of these commands require an interrupt or
671 	 * are unknown/illegal.
672 	 */
673 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
674 		return ret;
675 
676 	if (cmd == MPTFWDOWNLOAD)
677 		ret = mptctl_fw_download(iocp, arg);
678 	else if (cmd == MPTCOMMAND)
679 		ret = mptctl_mpt_command(iocp, arg);
680 	else if (cmd == MPTHARDRESET)
681 		ret = mptctl_do_reset(iocp, arg);
682 	else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
683 		ret = mptctl_hp_hostinfo(iocp, arg, _IOC_SIZE(cmd));
684 	else if (cmd == HP_GETTARGETINFO)
685 		ret = mptctl_hp_targetinfo(iocp, arg);
686 	else
687 		ret = -EINVAL;
688 
689 	mutex_unlock(&iocp->ioctl_cmds.mutex);
690 
691 	return ret;
692 }
693 
694 static long
mptctl_ioctl(struct file * file,unsigned int cmd,unsigned long arg)695 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
696 {
697 	long ret;
698 	mutex_lock(&mpctl_mutex);
699 	ret = __mptctl_ioctl(file, cmd, arg);
700 	mutex_unlock(&mpctl_mutex);
701 	return ret;
702 }
703 
mptctl_do_reset(MPT_ADAPTER * iocp,unsigned long arg)704 static int mptctl_do_reset(MPT_ADAPTER *iocp, unsigned long arg)
705 {
706 	struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
707 	struct mpt_ioctl_diag_reset krinfo;
708 
709 	if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
710 		printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - "
711 				"Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
712 				__FILE__, __LINE__, urinfo);
713 		return -EFAULT;
714 	}
715 
716 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n",
717 	    iocp->name));
718 
719 	if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
720 		printk (MYIOC_s_ERR_FMT "%s@%d::mptctl_do_reset - reset failed.\n",
721 			iocp->name, __FILE__, __LINE__);
722 		return -1;
723 	}
724 
725 	return 0;
726 }
727 
728 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
729 /*
730  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
731  * This structure contains: iocnum, firmware length (bytes),
732  *      pointer to user space memory where the fw image is stored.
733  *
734  * Outputs:	None.
735  * Return:	0 if successful
736  *		-EFAULT if data unavailable
737  *		-ENXIO  if no such device
738  *		-EAGAIN if resource problem
739  *		-ENOMEM if no memory for SGE
740  *		-EMLINK if too many chain buffers required
741  *		-EBADRQC if adapter does not support FW download
742  *		-EBUSY if adapter is busy
743  *		-ENOMSG if FW upload returned bad status
744  */
745 static int
mptctl_fw_download(MPT_ADAPTER * iocp,unsigned long arg)746 mptctl_fw_download(MPT_ADAPTER *iocp, unsigned long arg)
747 {
748 	struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
749 	struct mpt_fw_xfer	 kfwdl;
750 
751 	if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
752 		printk(KERN_ERR MYNAM "%s@%d::_ioctl_fwdl - "
753 				"Unable to copy mpt_fw_xfer struct @ %p\n",
754 				__FILE__, __LINE__, ufwdl);
755 		return -EFAULT;
756 	}
757 
758 	return mptctl_do_fw_download(iocp, kfwdl.bufp, kfwdl.fwlen);
759 }
760 
761 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
762 /*
763  * FW Download engine.
764  * Outputs:	None.
765  * Return:	0 if successful
766  *		-EFAULT if data unavailable
767  *		-ENXIO  if no such device
768  *		-EAGAIN if resource problem
769  *		-ENOMEM if no memory for SGE
770  *		-EMLINK if too many chain buffers required
771  *		-EBADRQC if adapter does not support FW download
772  *		-EBUSY if adapter is busy
773  *		-ENOMSG if FW upload returned bad status
774  */
775 static int
mptctl_do_fw_download(MPT_ADAPTER * iocp,char __user * ufwbuf,size_t fwlen)776 mptctl_do_fw_download(MPT_ADAPTER *iocp, char __user *ufwbuf, size_t fwlen)
777 {
778 	FWDownload_t		*dlmsg;
779 	MPT_FRAME_HDR		*mf;
780 	FWDownloadTCSGE_t	*ptsge;
781 	MptSge_t		*sgl, *sgIn;
782 	char			*sgOut;
783 	struct buflist		*buflist;
784 	struct buflist		*bl;
785 	dma_addr_t		 sgl_dma;
786 	int			 ret;
787 	int			 numfrags = 0;
788 	int			 maxfrags;
789 	int			 n = 0;
790 	u32			 sgdir;
791 	u32			 nib;
792 	int			 fw_bytes_copied = 0;
793 	int			 i;
794 	int			 sge_offset = 0;
795 	u16			 iocstat;
796 	pFWDownloadReply_t	 ReplyMsg = NULL;
797 	unsigned long		 timeleft;
798 
799 	/*  Valid device. Get a message frame and construct the FW download message.
800 	*/
801 	if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
802 		return -EAGAIN;
803 
804 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT
805 	    "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id));
806 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.bufp  = %p\n",
807 	    iocp->name, ufwbuf));
808 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n",
809 	    iocp->name, (int)fwlen));
810 
811 	dlmsg = (FWDownload_t*) mf;
812 	ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
813 	sgOut = (char *) (ptsge + 1);
814 
815 	/*
816 	 * Construct f/w download request
817 	 */
818 	dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
819 	dlmsg->Reserved = 0;
820 	dlmsg->ChainOffset = 0;
821 	dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
822 	dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
823 	if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
824 		dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
825 	else
826 		dlmsg->MsgFlags = 0;
827 
828 
829 	/* Set up the Transaction SGE.
830 	 */
831 	ptsge->Reserved = 0;
832 	ptsge->ContextSize = 0;
833 	ptsge->DetailsLength = 12;
834 	ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
835 	ptsge->Reserved_0100_Checksum = 0;
836 	ptsge->ImageOffset = 0;
837 	ptsge->ImageSize = cpu_to_le32(fwlen);
838 
839 	/* Add the SGL
840 	 */
841 
842 	/*
843 	 * Need to kmalloc area(s) for holding firmware image bytes.
844 	 * But we need to do it piece meal, using a proper
845 	 * scatter gather list (with 128kB MAX hunks).
846 	 *
847 	 * A practical limit here might be # of sg hunks that fit into
848 	 * a single IOC request frame; 12 or 8 (see below), so:
849 	 * For FC9xx: 12 x 128kB == 1.5 mB (max)
850 	 * For C1030:  8 x 128kB == 1   mB (max)
851 	 * We could support chaining, but things get ugly(ier:)
852 	 *
853 	 * Set the sge_offset to the start of the sgl (bytes).
854 	 */
855 	sgdir = 0x04000000;		/* IOC will READ from sys mem */
856 	sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
857 	if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
858 				    &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
859 		return -ENOMEM;
860 
861 	/*
862 	 * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
863 	 * for FC9xx f/w image, but calculate max number of sge hunks
864 	 * we can fit into a request frame, and limit ourselves to that.
865 	 * (currently no chain support)
866 	 * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
867 	 *	Request		maxfrags
868 	 *	128		12
869 	 *	96		8
870 	 *	64		4
871 	 */
872 	maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) -
873 			sizeof(FWDownloadTCSGE_t))
874 			/ iocp->SGE_size;
875 	if (numfrags > maxfrags) {
876 		ret = -EMLINK;
877 		goto fwdl_out;
878 	}
879 
880 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: sgl buffer = %p, sgfrags = %d\n",
881 	    iocp->name, sgl, numfrags));
882 
883 	/*
884 	 * Parse SG list, copying sgl itself,
885 	 * plus f/w image hunks from user space as we go...
886 	 */
887 	ret = -EFAULT;
888 	sgIn = sgl;
889 	bl = buflist;
890 	for (i=0; i < numfrags; i++) {
891 
892 		/* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
893 		 * Skip everything but Simple. If simple, copy from
894 		 *	user space into kernel space.
895 		 * Note: we should not have anything but Simple as
896 		 *	Chain SGE are illegal.
897 		 */
898 		nib = (sgIn->FlagsLength & 0x30000000) >> 28;
899 		if (nib == 0 || nib == 3) {
900 			;
901 		} else if (sgIn->Address) {
902 			iocp->add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
903 			n++;
904 			if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
905 				printk(MYIOC_s_ERR_FMT "%s@%d::_ioctl_fwdl - "
906 					"Unable to copy f/w buffer hunk#%d @ %p\n",
907 					iocp->name, __FILE__, __LINE__, n, ufwbuf);
908 				goto fwdl_out;
909 			}
910 			fw_bytes_copied += bl->len;
911 		}
912 		sgIn++;
913 		bl++;
914 		sgOut += iocp->SGE_size;
915 	}
916 
917 	DBG_DUMP_FW_DOWNLOAD(iocp, (u32 *)mf, numfrags);
918 
919 	/*
920 	 * Finally, perform firmware download.
921 	 */
922 	ReplyMsg = NULL;
923 	SET_MGMT_MSG_CONTEXT(iocp->ioctl_cmds.msg_context, dlmsg->MsgContext);
924 	INITIALIZE_MGMT_STATUS(iocp->ioctl_cmds.status)
925 	mpt_put_msg_frame(mptctl_id, iocp, mf);
926 
927 	/* Now wait for the command to complete */
928 retry_wait:
929 	timeleft = wait_for_completion_timeout(&iocp->ioctl_cmds.done, HZ*60);
930 	if (!(iocp->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
931 		ret = -ETIME;
932 		printk(MYIOC_s_WARN_FMT "%s: failed\n", iocp->name, __func__);
933 		if (iocp->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
934 			mpt_free_msg_frame(iocp, mf);
935 			goto fwdl_out;
936 		}
937 		if (!timeleft) {
938 			printk(MYIOC_s_WARN_FMT
939 			       "FW download timeout, doorbell=0x%08x\n",
940 			       iocp->name, mpt_GetIocState(iocp, 0));
941 			mptctl_timeout_expired(iocp, mf);
942 		} else
943 			goto retry_wait;
944 		goto fwdl_out;
945 	}
946 
947 	if (!(iocp->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID)) {
948 		printk(MYIOC_s_WARN_FMT "%s: failed\n", iocp->name, __func__);
949 		mpt_free_msg_frame(iocp, mf);
950 		ret = -ENODATA;
951 		goto fwdl_out;
952 	}
953 
954 	if (sgl)
955 		kfree_sgl(sgl, sgl_dma, buflist, iocp);
956 
957 	ReplyMsg = (pFWDownloadReply_t)iocp->ioctl_cmds.reply;
958 	iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
959 	if (iocstat == MPI_IOCSTATUS_SUCCESS) {
960 		printk(MYIOC_s_INFO_FMT "F/W update successful!\n", iocp->name);
961 		return 0;
962 	} else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
963 		printk(MYIOC_s_WARN_FMT "Hmmm...  F/W download not supported!?!\n",
964 			iocp->name);
965 		printk(MYIOC_s_WARN_FMT "(time to go bang on somebodies door)\n",
966 			iocp->name);
967 		return -EBADRQC;
968 	} else if (iocstat == MPI_IOCSTATUS_BUSY) {
969 		printk(MYIOC_s_WARN_FMT "IOC_BUSY!\n", iocp->name);
970 		printk(MYIOC_s_WARN_FMT "(try again later?)\n", iocp->name);
971 		return -EBUSY;
972 	} else {
973 		printk(MYIOC_s_WARN_FMT "ioctl_fwdl() returned [bad] status = %04xh\n",
974 			iocp->name, iocstat);
975 		printk(MYIOC_s_WARN_FMT "(bad VooDoo)\n", iocp->name);
976 		return -ENOMSG;
977 	}
978 	return 0;
979 
980 fwdl_out:
981 
982 	CLEAR_MGMT_STATUS(iocp->ioctl_cmds.status);
983 	SET_MGMT_MSG_CONTEXT(iocp->ioctl_cmds.msg_context, 0);
984         kfree_sgl(sgl, sgl_dma, buflist, iocp);
985 	return ret;
986 }
987 
988 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
989 /*
990  * SGE Allocation routine
991  *
992  * Inputs:	bytes - number of bytes to be transferred
993  *		sgdir - data direction
994  *		sge_offset - offset (in bytes) from the start of the request
995  *			frame to the first SGE
996  *		ioc - pointer to the mptadapter
997  * Outputs:	frags - number of scatter gather elements
998  *		blp - point to the buflist pointer
999  *		sglbuf_dma - pointer to the (dma) sgl
1000  * Returns:	Null if failes
1001  *		pointer to the (virtual) sgl if successful.
1002  */
1003 static MptSge_t *
kbuf_alloc_2_sgl(int bytes,u32 sgdir,int sge_offset,int * frags,struct buflist ** blp,dma_addr_t * sglbuf_dma,MPT_ADAPTER * ioc)1004 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
1005 		 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
1006 {
1007 	MptSge_t	*sglbuf = NULL;		/* pointer to array of SGE */
1008 						/* and chain buffers */
1009 	struct buflist	*buflist = NULL;	/* kernel routine */
1010 	MptSge_t	*sgl;
1011 	int		 numfrags = 0;
1012 	int		 fragcnt = 0;
1013 	int		 alloc_sz = min(bytes,MAX_KMALLOC_SZ);	// avoid kernel warning msg!
1014 	int		 bytes_allocd = 0;
1015 	int		 this_alloc;
1016 	dma_addr_t	 pa;					// phys addr
1017 	int		 i, buflist_ent;
1018 	int		 sg_spill = MAX_FRAGS_SPILL1;
1019 	int		 dir;
1020 
1021 	if (bytes < 0)
1022 		return NULL;
1023 
1024 	/* initialization */
1025 	*frags = 0;
1026 	*blp = NULL;
1027 
1028 	/* Allocate and initialize an array of kernel
1029 	 * structures for the SG elements.
1030 	 */
1031 	i = MAX_SGL_BYTES / 8;
1032 	buflist = kzalloc(i, GFP_USER);
1033 	if (!buflist)
1034 		return NULL;
1035 	buflist_ent = 0;
1036 
1037 	/* Allocate a single block of memory to store the sg elements and
1038 	 * the chain buffers.  The calling routine is responsible for
1039 	 * copying the data in this array into the correct place in the
1040 	 * request and chain buffers.
1041 	 */
1042 	sglbuf = dma_alloc_coherent(&ioc->pcidev->dev, MAX_SGL_BYTES,
1043 				    sglbuf_dma, GFP_KERNEL);
1044 	if (sglbuf == NULL)
1045 		goto free_and_fail;
1046 
1047 	if (sgdir & 0x04000000)
1048 		dir = DMA_TO_DEVICE;
1049 	else
1050 		dir = DMA_FROM_DEVICE;
1051 
1052 	/* At start:
1053 	 *	sgl = sglbuf = point to beginning of sg buffer
1054 	 *	buflist_ent = 0 = first kernel structure
1055 	 *	sg_spill = number of SGE that can be written before the first
1056 	 *		chain element.
1057 	 *
1058 	 */
1059 	sgl = sglbuf;
1060 	sg_spill = ((ioc->req_sz - sge_offset)/ioc->SGE_size) - 1;
1061 	while (bytes_allocd < bytes) {
1062 		this_alloc = min(alloc_sz, bytes-bytes_allocd);
1063 		buflist[buflist_ent].len = this_alloc;
1064 		buflist[buflist_ent].kptr = dma_alloc_coherent(&ioc->pcidev->dev,
1065 							       this_alloc,
1066 							       &pa, GFP_KERNEL);
1067 		if (buflist[buflist_ent].kptr == NULL) {
1068 			alloc_sz = alloc_sz / 2;
1069 			if (alloc_sz == 0) {
1070 				printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1071 				    "not enough memory!   :-(\n", ioc->name);
1072 				printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1073 					ioc->name, numfrags);
1074 				goto free_and_fail;
1075 			}
1076 			continue;
1077 		} else {
1078 			dma_addr_t dma_addr;
1079 
1080 			bytes_allocd += this_alloc;
1081 			sgl->FlagsLength = (0x10000000|sgdir|this_alloc);
1082 			dma_addr = dma_map_single(&ioc->pcidev->dev,
1083 						  buflist[buflist_ent].kptr,
1084 						  this_alloc, dir);
1085 			sgl->Address = dma_addr;
1086 
1087 			fragcnt++;
1088 			numfrags++;
1089 			sgl++;
1090 			buflist_ent++;
1091 		}
1092 
1093 		if (bytes_allocd >= bytes)
1094 			break;
1095 
1096 		/* Need to chain? */
1097 		if (fragcnt == sg_spill) {
1098 			printk(MYIOC_s_WARN_FMT
1099 			    "-SG: No can do - " "Chain required!   :-(\n", ioc->name);
1100 			printk(MYIOC_s_WARN_FMT "(freeing %d frags)\n", ioc->name, numfrags);
1101 			goto free_and_fail;
1102 		}
1103 
1104 		/* overflow check... */
1105 		if (numfrags*8 > MAX_SGL_BYTES){
1106 			/* GRRRRR... */
1107 			printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1108 				"too many SG frags!   :-(\n", ioc->name);
1109 			printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1110 				ioc->name, numfrags);
1111 			goto free_and_fail;
1112 		}
1113 	}
1114 
1115 	/* Last sge fixup: set LE+eol+eob bits */
1116 	sgl[-1].FlagsLength |= 0xC1000000;
1117 
1118 	*frags = numfrags;
1119 	*blp = buflist;
1120 
1121 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1122 	   "%d SG frags generated!\n", ioc->name, numfrags));
1123 
1124 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1125 	   "last (big) alloc_sz=%d\n", ioc->name, alloc_sz));
1126 
1127 	return sglbuf;
1128 
1129 free_and_fail:
1130 	if (sglbuf != NULL) {
1131 		for (i = 0; i < numfrags; i++) {
1132 			dma_addr_t dma_addr;
1133 			u8 *kptr;
1134 			int len;
1135 
1136 			if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1137 				continue;
1138 
1139 			dma_addr = sglbuf[i].Address;
1140 			kptr = buflist[i].kptr;
1141 			len = buflist[i].len;
1142 
1143 			dma_free_coherent(&ioc->pcidev->dev, len, kptr,
1144 					  dma_addr);
1145 		}
1146 		dma_free_coherent(&ioc->pcidev->dev, MAX_SGL_BYTES, sglbuf,
1147 				  *sglbuf_dma);
1148 	}
1149 	kfree(buflist);
1150 	return NULL;
1151 }
1152 
1153 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1154 /*
1155  * Routine to free the SGL elements.
1156  */
1157 static void
kfree_sgl(MptSge_t * sgl,dma_addr_t sgl_dma,struct buflist * buflist,MPT_ADAPTER * ioc)1158 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1159 {
1160 	MptSge_t	*sg = sgl;
1161 	struct buflist	*bl = buflist;
1162 	u32		 nib;
1163 	int		 dir;
1164 	int		 n = 0;
1165 
1166 	if (sg->FlagsLength & 0x04000000)
1167 		dir = DMA_TO_DEVICE;
1168 	else
1169 		dir = DMA_FROM_DEVICE;
1170 
1171 	nib = (sg->FlagsLength & 0xF0000000) >> 28;
1172 	while (! (nib & 0x4)) { /* eob */
1173 		/* skip ignore/chain. */
1174 		if (nib == 0 || nib == 3) {
1175 			;
1176 		} else if (sg->Address) {
1177 			dma_addr_t dma_addr;
1178 			void *kptr;
1179 			int len;
1180 
1181 			dma_addr = sg->Address;
1182 			kptr = bl->kptr;
1183 			len = bl->len;
1184 			dma_unmap_single(&ioc->pcidev->dev, dma_addr, len,
1185 					 dir);
1186 			dma_free_coherent(&ioc->pcidev->dev, len, kptr,
1187 					  dma_addr);
1188 			n++;
1189 		}
1190 		sg++;
1191 		bl++;
1192 		nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1193 	}
1194 
1195 	/* we're at eob! */
1196 	if (sg->Address) {
1197 		dma_addr_t dma_addr;
1198 		void *kptr;
1199 		int len;
1200 
1201 		dma_addr = sg->Address;
1202 		kptr = bl->kptr;
1203 		len = bl->len;
1204 		dma_unmap_single(&ioc->pcidev->dev, dma_addr, len, dir);
1205 		dma_free_coherent(&ioc->pcidev->dev, len, kptr, dma_addr);
1206 		n++;
1207 	}
1208 
1209 	dma_free_coherent(&ioc->pcidev->dev, MAX_SGL_BYTES, sgl, sgl_dma);
1210 	kfree(buflist);
1211 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: Free'd 1 SGL buf + %d kbufs!\n",
1212 	    ioc->name, n));
1213 }
1214 
1215 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1216 /*
1217  *	mptctl_getiocinfo - Query the host adapter for IOC information.
1218  *	@arg: User space argument
1219  *
1220  * Outputs:	None.
1221  * Return:	0 if successful
1222  *		-EFAULT if data unavailable
1223  *		-ENODEV  if no such device/adapter
1224  */
1225 static int
mptctl_getiocinfo(MPT_ADAPTER * ioc,unsigned long arg,unsigned int data_size)1226 mptctl_getiocinfo (MPT_ADAPTER *ioc, unsigned long arg, unsigned int data_size)
1227 {
1228 	struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1229 	struct mpt_ioctl_iocinfo *karg;
1230 	struct pci_dev		*pdev;
1231 	unsigned int		port;
1232 	int			cim_rev;
1233 	struct scsi_device 	*sdev;
1234 	VirtDevice		*vdevice;
1235 
1236 	/* Add of PCI INFO results in unaligned access for
1237 	 * IA64 and Sparc. Reset long to int. Return no PCI
1238 	 * data for obsolete format.
1239 	 */
1240 	if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1241 		cim_rev = 0;
1242 	else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1243 		cim_rev = 1;
1244 	else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1245 		cim_rev = 2;
1246 	else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1247 		cim_rev = 0;	/* obsolete */
1248 	else
1249 		return -EFAULT;
1250 
1251 	karg = memdup_user(uarg, data_size);
1252 	if (IS_ERR(karg)) {
1253 		printk(KERN_ERR MYNAM "%s@%d::mpt_ioctl_iocinfo() - memdup_user returned error [%ld]\n",
1254 				__FILE__, __LINE__, PTR_ERR(karg));
1255 		return PTR_ERR(karg);
1256 	}
1257 
1258 	/* Verify the data transfer size is correct. */
1259 	if (karg->hdr.maxDataSize != data_size) {
1260 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1261 			"Structure size mismatch. Command not completed.\n",
1262 			ioc->name, __FILE__, __LINE__);
1263 		kfree(karg);
1264 		return -EFAULT;
1265 	}
1266 
1267 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_getiocinfo called.\n",
1268 	    ioc->name));
1269 
1270 	/* Fill in the data and return the structure to the calling
1271 	 * program
1272 	 */
1273 	if (ioc->bus_type == SAS)
1274 		karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1275 	else if (ioc->bus_type == FC)
1276 		karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1277 	else
1278 		karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1279 
1280 	if (karg->hdr.port > 1) {
1281 		kfree(karg);
1282 		return -EINVAL;
1283 	}
1284 	port = karg->hdr.port;
1285 
1286 	karg->port = port;
1287 	pdev = (struct pci_dev *) ioc->pcidev;
1288 
1289 	karg->pciId = pdev->device;
1290 	karg->hwRev = pdev->revision;
1291 	karg->subSystemDevice = pdev->subsystem_device;
1292 	karg->subSystemVendor = pdev->subsystem_vendor;
1293 
1294 	if (cim_rev == 1) {
1295 		/* Get the PCI bus, device, and function numbers for the IOC
1296 		 */
1297 		karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1298 		karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1299 		karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1300 	} else if (cim_rev == 2) {
1301 		/* Get the PCI bus, device, function and segment ID numbers
1302 		   for the IOC */
1303 		karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1304 		karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1305 		karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1306 		karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1307 	}
1308 
1309 	/* Get number of devices
1310          */
1311 	karg->numDevices = 0;
1312 	if (ioc->sh) {
1313 		shost_for_each_device(sdev, ioc->sh) {
1314 			vdevice = sdev->hostdata;
1315 			if (vdevice == NULL || vdevice->vtarget == NULL)
1316 				continue;
1317 			if (vdevice->vtarget->tflags &
1318 			    MPT_TARGET_FLAGS_RAID_COMPONENT)
1319 				continue;
1320 			karg->numDevices++;
1321 		}
1322 	}
1323 
1324 	/* Set the BIOS and FW Version
1325 	 */
1326 	karg->FWVersion = ioc->facts.FWVersion.Word;
1327 	karg->BIOSVersion = ioc->biosVersion;
1328 
1329 	/* Set the Version Strings.
1330 	 */
1331 	strncpy (karg->driverVersion, MPT_LINUX_PACKAGE_NAME, MPT_IOCTL_VERSION_LENGTH);
1332 	karg->driverVersion[MPT_IOCTL_VERSION_LENGTH-1]='\0';
1333 
1334 	karg->busChangeEvent = 0;
1335 	karg->hostId = ioc->pfacts[port].PortSCSIID;
1336 	karg->rsvd[0] = karg->rsvd[1] = 0;
1337 
1338 	/* Copy the data from kernel memory to user memory
1339 	 */
1340 	if (copy_to_user((char __user *)arg, karg, data_size)) {
1341 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1342 			"Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1343 			ioc->name, __FILE__, __LINE__, uarg);
1344 		kfree(karg);
1345 		return -EFAULT;
1346 	}
1347 
1348 	kfree(karg);
1349 	return 0;
1350 }
1351 
1352 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1353 /*
1354  *	mptctl_gettargetinfo - Query the host adapter for target information.
1355  *	@arg: User space argument
1356  *
1357  * Outputs:	None.
1358  * Return:	0 if successful
1359  *		-EFAULT if data unavailable
1360  *		-ENODEV  if no such device/adapter
1361  */
1362 static int
mptctl_gettargetinfo(MPT_ADAPTER * ioc,unsigned long arg)1363 mptctl_gettargetinfo (MPT_ADAPTER *ioc, unsigned long arg)
1364 {
1365 	struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1366 	struct mpt_ioctl_targetinfo karg;
1367 	VirtDevice		*vdevice;
1368 	char			*pmem;
1369 	int			*pdata;
1370 	int			numDevices = 0;
1371 	int			lun;
1372 	int			maxWordsLeft;
1373 	int			numBytes;
1374 	struct scsi_device 	*sdev;
1375 
1376 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1377 		printk(KERN_ERR MYNAM "%s@%d::mptctl_gettargetinfo - "
1378 			"Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1379 				__FILE__, __LINE__, uarg);
1380 		return -EFAULT;
1381 	}
1382 
1383 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n",
1384 	    ioc->name));
1385 	numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1386 	maxWordsLeft = numBytes/sizeof(int);
1387 
1388 	if (maxWordsLeft <= 0) {
1389 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1390 			ioc->name, __FILE__, __LINE__);
1391 		return -ENOMEM;
1392 	}
1393 
1394 	/* Fill in the data and return the structure to the calling
1395 	 * program
1396 	 */
1397 
1398 	/* struct mpt_ioctl_targetinfo does not contain sufficient space
1399 	 * for the target structures so when the IOCTL is called, there is
1400 	 * not sufficient stack space for the structure. Allocate memory,
1401 	 * populate the memory, copy back to the user, then free memory.
1402 	 * targetInfo format:
1403 	 * bits 31-24: reserved
1404 	 *      23-16: LUN
1405 	 *      15- 8: Bus Number
1406 	 *       7- 0: Target ID
1407 	 */
1408 	pmem = kzalloc(numBytes, GFP_KERNEL);
1409 	if (!pmem) {
1410 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1411 			ioc->name, __FILE__, __LINE__);
1412 		return -ENOMEM;
1413 	}
1414 	pdata =  (int *) pmem;
1415 
1416 	/* Get number of devices
1417          */
1418 	if (ioc->sh){
1419 		shost_for_each_device(sdev, ioc->sh) {
1420 			if (!maxWordsLeft)
1421 				continue;
1422 			vdevice = sdev->hostdata;
1423 			if (vdevice == NULL || vdevice->vtarget == NULL)
1424 				continue;
1425 			if (vdevice->vtarget->tflags &
1426 			    MPT_TARGET_FLAGS_RAID_COMPONENT)
1427 				continue;
1428 			lun = (vdevice->vtarget->raidVolume) ? 0x80 : vdevice->lun;
1429 			*pdata = (((u8)lun << 16) + (vdevice->vtarget->channel << 8) +
1430 			    (vdevice->vtarget->id ));
1431 			pdata++;
1432 			numDevices++;
1433 			--maxWordsLeft;
1434 		}
1435 	}
1436 	karg.numDevices = numDevices;
1437 
1438 	/* Copy part of the data from kernel memory to user memory
1439 	 */
1440 	if (copy_to_user((char __user *)arg, &karg,
1441 				sizeof(struct mpt_ioctl_targetinfo))) {
1442 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1443 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1444 			ioc->name, __FILE__, __LINE__, uarg);
1445 		kfree(pmem);
1446 		return -EFAULT;
1447 	}
1448 
1449 	/* Copy the remaining data from kernel memory to user memory
1450 	 */
1451 	if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1452 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1453 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1454 			ioc->name, __FILE__, __LINE__, pdata);
1455 		kfree(pmem);
1456 		return -EFAULT;
1457 	}
1458 
1459 	kfree(pmem);
1460 
1461 	return 0;
1462 }
1463 
1464 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1465 /* MPT IOCTL Test function.
1466  *
1467  * Outputs:	None.
1468  * Return:	0 if successful
1469  *		-EFAULT if data unavailable
1470  *		-ENODEV  if no such device/adapter
1471  */
1472 static int
mptctl_readtest(MPT_ADAPTER * ioc,unsigned long arg)1473 mptctl_readtest (MPT_ADAPTER *ioc, unsigned long arg)
1474 {
1475 	struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1476 	struct mpt_ioctl_test	 karg;
1477 
1478 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1479 		printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - "
1480 			"Unable to read in mpt_ioctl_test struct @ %p\n",
1481 				__FILE__, __LINE__, uarg);
1482 		return -EFAULT;
1483 	}
1484 
1485 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n",
1486 	    ioc->name));
1487 	/* Fill in the data and return the structure to the calling
1488 	 * program
1489 	 */
1490 
1491 #ifdef MFCNT
1492 	karg.chip_type = ioc->mfcnt;
1493 #else
1494 	karg.chip_type = ioc->pcidev->device;
1495 #endif
1496 	strncpy (karg.name, ioc->name, MPT_MAX_NAME);
1497 	karg.name[MPT_MAX_NAME-1]='\0';
1498 	strncpy (karg.product, ioc->prod_name, MPT_PRODUCT_LENGTH);
1499 	karg.product[MPT_PRODUCT_LENGTH-1]='\0';
1500 
1501 	/* Copy the data from kernel memory to user memory
1502 	 */
1503 	if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1504 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_readtest - "
1505 			"Unable to write out mpt_ioctl_test struct @ %p\n",
1506 			ioc->name, __FILE__, __LINE__, uarg);
1507 		return -EFAULT;
1508 	}
1509 
1510 	return 0;
1511 }
1512 
1513 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1514 /*
1515  *	mptctl_eventquery - Query the host adapter for the event types
1516  *	that are being logged.
1517  *	@arg: User space argument
1518  *
1519  * Outputs:	None.
1520  * Return:	0 if successful
1521  *		-EFAULT if data unavailable
1522  *		-ENODEV  if no such device/adapter
1523  */
1524 static int
mptctl_eventquery(MPT_ADAPTER * ioc,unsigned long arg)1525 mptctl_eventquery (MPT_ADAPTER *ioc, unsigned long arg)
1526 {
1527 	struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1528 	struct mpt_ioctl_eventquery	 karg;
1529 
1530 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1531 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - "
1532 			"Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1533 				__FILE__, __LINE__, uarg);
1534 		return -EFAULT;
1535 	}
1536 
1537 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n",
1538 	    ioc->name));
1539 	karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1540 	karg.eventTypes = ioc->eventTypes;
1541 
1542 	/* Copy the data from kernel memory to user memory
1543 	 */
1544 	if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1545 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventquery - "
1546 			"Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1547 			ioc->name, __FILE__, __LINE__, uarg);
1548 		return -EFAULT;
1549 	}
1550 	return 0;
1551 }
1552 
1553 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1554 static int
mptctl_eventenable(MPT_ADAPTER * ioc,unsigned long arg)1555 mptctl_eventenable (MPT_ADAPTER *ioc, unsigned long arg)
1556 {
1557 	struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1558 	struct mpt_ioctl_eventenable	 karg;
1559 
1560 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1561 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - "
1562 			"Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1563 				__FILE__, __LINE__, uarg);
1564 		return -EFAULT;
1565 	}
1566 
1567 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n",
1568 	    ioc->name));
1569 	if (ioc->events == NULL) {
1570 		/* Have not yet allocated memory - do so now.
1571 		 */
1572 		int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1573 		ioc->events = kzalloc(sz, GFP_KERNEL);
1574 		if (!ioc->events) {
1575 			printk(MYIOC_s_ERR_FMT
1576 			    ": ERROR - Insufficient memory to add adapter!\n",
1577 			    ioc->name);
1578 			return -ENOMEM;
1579 		}
1580 		ioc->alloc_total += sz;
1581 
1582 		ioc->eventContext = 0;
1583         }
1584 
1585 	/* Update the IOC event logging flag.
1586 	 */
1587 	ioc->eventTypes = karg.eventTypes;
1588 
1589 	return 0;
1590 }
1591 
1592 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1593 static int
mptctl_eventreport(MPT_ADAPTER * ioc,unsigned long arg)1594 mptctl_eventreport (MPT_ADAPTER *ioc, unsigned long arg)
1595 {
1596 	struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1597 	struct mpt_ioctl_eventreport	 karg;
1598 	int			 numBytes, maxEvents, max;
1599 
1600 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1601 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventreport - "
1602 			"Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1603 				__FILE__, __LINE__, uarg);
1604 		return -EFAULT;
1605 	}
1606 
1607 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n",
1608 	    ioc->name));
1609 
1610 	numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1611 	maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1612 
1613 
1614 	max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1615 
1616 	/* If fewer than 1 event is requested, there must have
1617 	 * been some type of error.
1618 	 */
1619 	if ((max < 1) || !ioc->events)
1620 		return -ENODATA;
1621 
1622 	/* reset this flag so SIGIO can restart */
1623 	ioc->aen_event_read_flag=0;
1624 
1625 	/* Copy the data from kernel memory to user memory
1626 	 */
1627 	numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1628 	if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1629 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventreport - "
1630 			"Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1631 			ioc->name, __FILE__, __LINE__, ioc->events);
1632 		return -EFAULT;
1633 	}
1634 
1635 	return 0;
1636 }
1637 
1638 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1639 static int
mptctl_replace_fw(MPT_ADAPTER * ioc,unsigned long arg)1640 mptctl_replace_fw (MPT_ADAPTER *ioc, unsigned long arg)
1641 {
1642 	struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1643 	struct mpt_ioctl_replace_fw	 karg;
1644 	int			 newFwSize;
1645 
1646 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1647 		printk(KERN_ERR MYNAM "%s@%d::mptctl_replace_fw - "
1648 			"Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1649 				__FILE__, __LINE__, uarg);
1650 		return -EFAULT;
1651 	}
1652 
1653 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n",
1654 	    ioc->name));
1655 	/* If caching FW, Free the old FW image
1656 	 */
1657 	if (ioc->cached_fw == NULL)
1658 		return 0;
1659 
1660 	mpt_free_fw_memory(ioc);
1661 
1662 	/* Allocate memory for the new FW image
1663 	 */
1664 	newFwSize = ALIGN(karg.newImageSize, 4);
1665 
1666 	mpt_alloc_fw_memory(ioc, newFwSize);
1667 	if (ioc->cached_fw == NULL)
1668 		return -ENOMEM;
1669 
1670 	/* Copy the data from user memory to kernel space
1671 	 */
1672 	if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1673 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_replace_fw - "
1674 				"Unable to read in mpt_ioctl_replace_fw image "
1675 				"@ %p\n", ioc->name, __FILE__, __LINE__, uarg);
1676 		mpt_free_fw_memory(ioc);
1677 		return -EFAULT;
1678 	}
1679 
1680 	/* Update IOCFactsReply
1681 	 */
1682 	ioc->facts.FWImageSize = newFwSize;
1683 	return 0;
1684 }
1685 
1686 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1687 /* MPT IOCTL MPTCOMMAND function.
1688  * Cast the arg into the mpt_ioctl_mpt_command structure.
1689  *
1690  * Outputs:	None.
1691  * Return:	0 if successful
1692  *		-EBUSY  if previous command timeout and IOC reset is not complete.
1693  *		-EFAULT if data unavailable
1694  *		-ENODEV if no such device/adapter
1695  *		-ETIME	if timer expires
1696  *		-ENOMEM if memory allocation error
1697  */
1698 static int
mptctl_mpt_command(MPT_ADAPTER * ioc,unsigned long arg)1699 mptctl_mpt_command (MPT_ADAPTER *ioc, unsigned long arg)
1700 {
1701 	struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1702 	struct mpt_ioctl_command  karg;
1703 	int		rc;
1704 
1705 
1706 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1707 		printk(KERN_ERR MYNAM "%s@%d::mptctl_mpt_command - "
1708 			"Unable to read in mpt_ioctl_command struct @ %p\n",
1709 				__FILE__, __LINE__, uarg);
1710 		return -EFAULT;
1711 	}
1712 
1713 	rc = mptctl_do_mpt_command (ioc, karg, &uarg->MF);
1714 
1715 	return rc;
1716 }
1717 
1718 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1719 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1720  *
1721  * Outputs:	None.
1722  * Return:	0 if successful
1723  *		-EBUSY  if previous command timeout and IOC reset is not complete.
1724  *		-EFAULT if data unavailable
1725  *		-ENODEV if no such device/adapter
1726  *		-ETIME	if timer expires
1727  *		-ENOMEM if memory allocation error
1728  *		-EPERM if SCSI I/O and target is untagged
1729  */
1730 static int
mptctl_do_mpt_command(MPT_ADAPTER * ioc,struct mpt_ioctl_command karg,void __user * mfPtr)1731 mptctl_do_mpt_command (MPT_ADAPTER *ioc, struct mpt_ioctl_command karg, void __user *mfPtr)
1732 {
1733 	MPT_FRAME_HDR	*mf = NULL;
1734 	MPIHeader_t	*hdr;
1735 	char		*psge;
1736 	struct buflist	bufIn;	/* data In buffer */
1737 	struct buflist	bufOut; /* data Out buffer */
1738 	dma_addr_t	dma_addr_in;
1739 	dma_addr_t	dma_addr_out;
1740 	int		sgSize = 0;	/* Num SG elements */
1741 	int		flagsLength;
1742 	int		sz, rc = 0;
1743 	int		msgContext;
1744 	u16		req_idx;
1745 	ulong 		timeout;
1746 	unsigned long	timeleft;
1747 	struct scsi_device *sdev;
1748 	unsigned long	 flags;
1749 	u8		 function;
1750 
1751 	/* bufIn and bufOut are used for user to kernel space transfers
1752 	 */
1753 	bufIn.kptr = bufOut.kptr = NULL;
1754 	bufIn.len = bufOut.len = 0;
1755 
1756 	spin_lock_irqsave(&ioc->taskmgmt_lock, flags);
1757 	if (ioc->ioc_reset_in_progress) {
1758 		spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
1759 		printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1760 			"Busy with diagnostic reset\n", __FILE__, __LINE__);
1761 		return -EBUSY;
1762 	}
1763 	spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
1764 
1765 	/* Basic sanity checks to prevent underflows or integer overflows */
1766 	if (karg.maxReplyBytes < 0 ||
1767 	    karg.dataInSize < 0 ||
1768 	    karg.dataOutSize < 0 ||
1769 	    karg.dataSgeOffset < 0 ||
1770 	    karg.maxSenseBytes < 0 ||
1771 	    karg.dataSgeOffset > ioc->req_sz / 4)
1772 		return -EINVAL;
1773 
1774 	/* Verify that the final request frame will not be too large.
1775 	 */
1776 	sz = karg.dataSgeOffset * 4;
1777 	if (karg.dataInSize > 0)
1778 		sz += ioc->SGE_size;
1779 	if (karg.dataOutSize > 0)
1780 		sz += ioc->SGE_size;
1781 
1782 	if (sz > ioc->req_sz) {
1783 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1784 			"Request frame too large (%d) maximum (%d)\n",
1785 			ioc->name, __FILE__, __LINE__, sz, ioc->req_sz);
1786 		return -EFAULT;
1787 	}
1788 
1789 	/* Get a free request frame and save the message context.
1790 	 */
1791         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1792                 return -EAGAIN;
1793 
1794 	hdr = (MPIHeader_t *) mf;
1795 	msgContext = le32_to_cpu(hdr->MsgContext);
1796 	req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1797 
1798 	/* Copy the request frame
1799 	 * Reset the saved message context.
1800 	 * Request frame in user space
1801 	 */
1802 	if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1803 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1804 			"Unable to read MF from mpt_ioctl_command struct @ %p\n",
1805 			ioc->name, __FILE__, __LINE__, mfPtr);
1806 		function = -1;
1807 		rc = -EFAULT;
1808 		goto done_free_mem;
1809 	}
1810 	hdr->MsgContext = cpu_to_le32(msgContext);
1811 	function = hdr->Function;
1812 
1813 
1814 	/* Verify that this request is allowed.
1815 	 */
1816 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sending mpi function (0x%02X), req=%p\n",
1817 	    ioc->name, hdr->Function, mf));
1818 
1819 	switch (function) {
1820 	case MPI_FUNCTION_IOC_FACTS:
1821 	case MPI_FUNCTION_PORT_FACTS:
1822 		karg.dataOutSize  = karg.dataInSize = 0;
1823 		break;
1824 
1825 	case MPI_FUNCTION_CONFIG:
1826 	{
1827 		Config_t *config_frame;
1828 		config_frame = (Config_t *)mf;
1829 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\ttype=0x%02x ext_type=0x%02x "
1830 		    "number=0x%02x action=0x%02x\n", ioc->name,
1831 		    config_frame->Header.PageType,
1832 		    config_frame->ExtPageType,
1833 		    config_frame->Header.PageNumber,
1834 		    config_frame->Action));
1835 		break;
1836 	}
1837 
1838 	case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1839 	case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1840 	case MPI_FUNCTION_FW_UPLOAD:
1841 	case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1842 	case MPI_FUNCTION_FW_DOWNLOAD:
1843 	case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1844 	case MPI_FUNCTION_TOOLBOX:
1845 	case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1846 		break;
1847 
1848 	case MPI_FUNCTION_SCSI_IO_REQUEST:
1849 		if (ioc->sh) {
1850 			SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1851 			int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1852 			int scsidir = 0;
1853 			int dataSize;
1854 			u32 id;
1855 
1856 			id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1857 			if (pScsiReq->TargetID > id) {
1858 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1859 					"Target ID out of bounds. \n",
1860 					ioc->name, __FILE__, __LINE__);
1861 				rc = -ENODEV;
1862 				goto done_free_mem;
1863 			}
1864 
1865 			if (pScsiReq->Bus >= ioc->number_of_buses) {
1866 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1867 					"Target Bus out of bounds. \n",
1868 					ioc->name, __FILE__, __LINE__);
1869 				rc = -ENODEV;
1870 				goto done_free_mem;
1871 			}
1872 
1873 			pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1874 			pScsiReq->MsgFlags |= mpt_msg_flags(ioc);
1875 
1876 
1877 			/* verify that app has not requested
1878 			 *	more sense data than driver
1879 			 *	can provide, if so, reset this parameter
1880 			 * set the sense buffer pointer low address
1881 			 * update the control field to specify Q type
1882 			 */
1883 			if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1884 				pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1885 			else
1886 				pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1887 
1888 			pScsiReq->SenseBufferLowAddr =
1889 				cpu_to_le32(ioc->sense_buf_low_dma
1890 				   + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1891 
1892 			shost_for_each_device(sdev, ioc->sh) {
1893 				struct scsi_target *starget = scsi_target(sdev);
1894 				VirtTarget *vtarget = starget->hostdata;
1895 
1896 				if (vtarget == NULL)
1897 					continue;
1898 
1899 				if ((pScsiReq->TargetID == vtarget->id) &&
1900 				    (pScsiReq->Bus == vtarget->channel) &&
1901 				    (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1902 					qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1903 			}
1904 
1905 			/* Have the IOCTL driver set the direction based
1906 			 * on the dataOutSize (ordering issue with Sparc).
1907 			 */
1908 			if (karg.dataOutSize > 0) {
1909 				scsidir = MPI_SCSIIO_CONTROL_WRITE;
1910 				dataSize = karg.dataOutSize;
1911 			} else {
1912 				scsidir = MPI_SCSIIO_CONTROL_READ;
1913 				dataSize = karg.dataInSize;
1914 			}
1915 
1916 			pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1917 			pScsiReq->DataLength = cpu_to_le32(dataSize);
1918 
1919 
1920 		} else {
1921 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1922 				"SCSI driver is not loaded. \n",
1923 				ioc->name, __FILE__, __LINE__);
1924 			rc = -EFAULT;
1925 			goto done_free_mem;
1926 		}
1927 		break;
1928 
1929 	case MPI_FUNCTION_SMP_PASSTHROUGH:
1930 		/* Check mf->PassthruFlags to determine if
1931 		 * transfer is ImmediateMode or not.
1932 		 * Immediate mode returns data in the ReplyFrame.
1933 		 * Else, we are sending request and response data
1934 		 * in two SGLs at the end of the mf.
1935 		 */
1936 		break;
1937 
1938 	case MPI_FUNCTION_SATA_PASSTHROUGH:
1939 		if (!ioc->sh) {
1940 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1941 				"SCSI driver is not loaded. \n",
1942 				ioc->name, __FILE__, __LINE__);
1943 			rc = -EFAULT;
1944 			goto done_free_mem;
1945 		}
1946 		break;
1947 
1948 	case MPI_FUNCTION_RAID_ACTION:
1949 		/* Just add a SGE
1950 		 */
1951 		break;
1952 
1953 	case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
1954 		if (ioc->sh) {
1955 			SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1956 			int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1957 			int scsidir = MPI_SCSIIO_CONTROL_READ;
1958 			int dataSize;
1959 
1960 			pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1961 			pScsiReq->MsgFlags |= mpt_msg_flags(ioc);
1962 
1963 
1964 			/* verify that app has not requested
1965 			 *	more sense data than driver
1966 			 *	can provide, if so, reset this parameter
1967 			 * set the sense buffer pointer low address
1968 			 * update the control field to specify Q type
1969 			 */
1970 			if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1971 				pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1972 			else
1973 				pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1974 
1975 			pScsiReq->SenseBufferLowAddr =
1976 				cpu_to_le32(ioc->sense_buf_low_dma
1977 				   + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1978 
1979 			/* All commands to physical devices are tagged
1980 			 */
1981 
1982 			/* Have the IOCTL driver set the direction based
1983 			 * on the dataOutSize (ordering issue with Sparc).
1984 			 */
1985 			if (karg.dataOutSize > 0) {
1986 				scsidir = MPI_SCSIIO_CONTROL_WRITE;
1987 				dataSize = karg.dataOutSize;
1988 			} else {
1989 				scsidir = MPI_SCSIIO_CONTROL_READ;
1990 				dataSize = karg.dataInSize;
1991 			}
1992 
1993 			pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1994 			pScsiReq->DataLength = cpu_to_le32(dataSize);
1995 
1996 		} else {
1997 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1998 				"SCSI driver is not loaded. \n",
1999 				ioc->name, __FILE__, __LINE__);
2000 			rc = -EFAULT;
2001 			goto done_free_mem;
2002 		}
2003 		break;
2004 
2005 	case MPI_FUNCTION_SCSI_TASK_MGMT:
2006 	{
2007 		SCSITaskMgmt_t	*pScsiTm;
2008 		pScsiTm = (SCSITaskMgmt_t *)mf;
2009 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
2010 			"\tTaskType=0x%x MsgFlags=0x%x "
2011 			"TaskMsgContext=0x%x id=%d channel=%d\n",
2012 			ioc->name, pScsiTm->TaskType, le32_to_cpu
2013 			(pScsiTm->TaskMsgContext), pScsiTm->MsgFlags,
2014 			pScsiTm->TargetID, pScsiTm->Bus));
2015 		break;
2016 	}
2017 
2018 	case MPI_FUNCTION_IOC_INIT:
2019 		{
2020 			IOCInit_t	*pInit = (IOCInit_t *) mf;
2021 			u32		high_addr, sense_high;
2022 
2023 			/* Verify that all entries in the IOC INIT match
2024 			 * existing setup (and in LE format).
2025 			 */
2026 			if (sizeof(dma_addr_t) == sizeof(u64)) {
2027 				high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2028 				sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2029 			} else {
2030 				high_addr = 0;
2031 				sense_high= 0;
2032 			}
2033 
2034 			if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2035 				(pInit->MaxBuses != ioc->facts.MaxBuses) ||
2036 				(pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2037 				(pInit->HostMfaHighAddr != high_addr) ||
2038 				(pInit->SenseBufferHighAddr != sense_high)) {
2039 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2040 					"IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2041 					ioc->name, __FILE__, __LINE__);
2042 				rc = -EFAULT;
2043 				goto done_free_mem;
2044 			}
2045 		}
2046 		break;
2047 	default:
2048 		/*
2049 		 * MPI_FUNCTION_PORT_ENABLE
2050 		 * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2051 		 * MPI_FUNCTION_TARGET_ASSIST
2052 		 * MPI_FUNCTION_TARGET_STATUS_SEND
2053 		 * MPI_FUNCTION_TARGET_MODE_ABORT
2054 		 * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2055 		 * MPI_FUNCTION_IO_UNIT_RESET
2056 		 * MPI_FUNCTION_HANDSHAKE
2057 		 * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2058 		 * MPI_FUNCTION_EVENT_NOTIFICATION
2059 		 *  (driver handles event notification)
2060 		 * MPI_FUNCTION_EVENT_ACK
2061 		 */
2062 
2063 		/*  What to do with these???  CHECK ME!!!
2064 			MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2065 			MPI_FUNCTION_FC_LINK_SRVC_RSP
2066 			MPI_FUNCTION_FC_ABORT
2067 			MPI_FUNCTION_LAN_SEND
2068 			MPI_FUNCTION_LAN_RECEIVE
2069 		 	MPI_FUNCTION_LAN_RESET
2070 		*/
2071 
2072 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2073 			"Illegal request (function 0x%x) \n",
2074 			ioc->name, __FILE__, __LINE__, hdr->Function);
2075 		rc = -EFAULT;
2076 		goto done_free_mem;
2077 	}
2078 
2079 	/* Add the SGL ( at most one data in SGE and one data out SGE )
2080 	 * In the case of two SGE's - the data out (write) will always
2081 	 * preceede the data in (read) SGE. psgList is used to free the
2082 	 * allocated memory.
2083 	 */
2084 	psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2085 	flagsLength = 0;
2086 
2087 	if (karg.dataOutSize > 0)
2088 		sgSize ++;
2089 
2090 	if (karg.dataInSize > 0)
2091 		sgSize ++;
2092 
2093 	if (sgSize > 0) {
2094 
2095 		/* Set up the dataOut memory allocation */
2096 		if (karg.dataOutSize > 0) {
2097 			if (karg.dataInSize > 0) {
2098 				flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2099 						MPI_SGE_FLAGS_END_OF_BUFFER |
2100 						MPI_SGE_FLAGS_DIRECTION)
2101 						<< MPI_SGE_FLAGS_SHIFT;
2102 			} else {
2103 				flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2104 			}
2105 			flagsLength |= karg.dataOutSize;
2106 			bufOut.len = karg.dataOutSize;
2107 			bufOut.kptr = dma_alloc_coherent(&ioc->pcidev->dev,
2108 							 bufOut.len,
2109 							 &dma_addr_out, GFP_KERNEL);
2110 
2111 			if (bufOut.kptr == NULL) {
2112 				rc = -ENOMEM;
2113 				goto done_free_mem;
2114 			} else {
2115 				/* Set up this SGE.
2116 				 * Copy to MF and to sglbuf
2117 				 */
2118 				ioc->add_sge(psge, flagsLength, dma_addr_out);
2119 				psge += ioc->SGE_size;
2120 
2121 				/* Copy user data to kernel space.
2122 				 */
2123 				if (copy_from_user(bufOut.kptr,
2124 						karg.dataOutBufPtr,
2125 						bufOut.len)) {
2126 					printk(MYIOC_s_ERR_FMT
2127 						"%s@%d::mptctl_do_mpt_command - Unable "
2128 						"to read user data "
2129 						"struct @ %p\n",
2130 						ioc->name, __FILE__, __LINE__,karg.dataOutBufPtr);
2131 					rc =  -EFAULT;
2132 					goto done_free_mem;
2133 				}
2134 			}
2135 		}
2136 
2137 		if (karg.dataInSize > 0) {
2138 			flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2139 			flagsLength |= karg.dataInSize;
2140 
2141 			bufIn.len = karg.dataInSize;
2142 			bufIn.kptr = dma_alloc_coherent(&ioc->pcidev->dev,
2143 							bufIn.len,
2144 							&dma_addr_in, GFP_KERNEL);
2145 
2146 			if (bufIn.kptr == NULL) {
2147 				rc = -ENOMEM;
2148 				goto done_free_mem;
2149 			} else {
2150 				/* Set up this SGE
2151 				 * Copy to MF and to sglbuf
2152 				 */
2153 				ioc->add_sge(psge, flagsLength, dma_addr_in);
2154 			}
2155 		}
2156 	} else  {
2157 		/* Add a NULL SGE
2158 		 */
2159 		ioc->add_sge(psge, flagsLength, (dma_addr_t) -1);
2160 	}
2161 
2162 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, hdr->MsgContext);
2163 	INITIALIZE_MGMT_STATUS(ioc->ioctl_cmds.status)
2164 	if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2165 
2166 		mutex_lock(&ioc->taskmgmt_cmds.mutex);
2167 		if (mpt_set_taskmgmt_in_progress_flag(ioc) != 0) {
2168 			mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2169 			goto done_free_mem;
2170 		}
2171 
2172 		DBG_DUMP_TM_REQUEST_FRAME(ioc, (u32 *)mf);
2173 
2174 		if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
2175 		    (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
2176 			mpt_put_msg_frame_hi_pri(mptctl_id, ioc, mf);
2177 		else {
2178 			rc =mpt_send_handshake_request(mptctl_id, ioc,
2179 				sizeof(SCSITaskMgmt_t), (u32*)mf, CAN_SLEEP);
2180 			if (rc != 0) {
2181 				dfailprintk(ioc, printk(MYIOC_s_ERR_FMT
2182 				    "send_handshake FAILED! (ioc %p, mf %p)\n",
2183 				    ioc->name, ioc, mf));
2184 				mpt_clear_taskmgmt_in_progress_flag(ioc);
2185 				rc = -ENODATA;
2186 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2187 				goto done_free_mem;
2188 			}
2189 		}
2190 
2191 	} else
2192 		mpt_put_msg_frame(mptctl_id, ioc, mf);
2193 
2194 	/* Now wait for the command to complete */
2195 	timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2196 retry_wait:
2197 	timeleft = wait_for_completion_timeout(&ioc->ioctl_cmds.done,
2198 				HZ*timeout);
2199 	if (!(ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
2200 		rc = -ETIME;
2201 		dfailprintk(ioc, printk(MYIOC_s_ERR_FMT "%s: TIMED OUT!\n",
2202 		    ioc->name, __func__));
2203 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
2204 			if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2205 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2206 			goto done_free_mem;
2207 		}
2208 		if (!timeleft) {
2209 			printk(MYIOC_s_WARN_FMT
2210 			       "mpt cmd timeout, doorbell=0x%08x"
2211 			       " function=0x%x\n",
2212 			       ioc->name, mpt_GetIocState(ioc, 0), function);
2213 			if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2214 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2215 			mptctl_timeout_expired(ioc, mf);
2216 			mf = NULL;
2217 		} else
2218 			goto retry_wait;
2219 		goto done_free_mem;
2220 	}
2221 
2222 	if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2223 		mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2224 
2225 
2226 	mf = NULL;
2227 
2228 	/* If a valid reply frame, copy to the user.
2229 	 * Offset 2: reply length in U32's
2230 	 */
2231 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID) {
2232 		if (karg.maxReplyBytes < ioc->reply_sz) {
2233 			sz = min(karg.maxReplyBytes,
2234 				4*ioc->ioctl_cmds.reply[2]);
2235 		} else {
2236 			 sz = min(ioc->reply_sz, 4*ioc->ioctl_cmds.reply[2]);
2237 		}
2238 		if (sz > 0) {
2239 			if (copy_to_user(karg.replyFrameBufPtr,
2240 				 ioc->ioctl_cmds.reply, sz)){
2241 				 printk(MYIOC_s_ERR_FMT
2242 				     "%s@%d::mptctl_do_mpt_command - "
2243 				 "Unable to write out reply frame %p\n",
2244 				 ioc->name, __FILE__, __LINE__, karg.replyFrameBufPtr);
2245 				 rc =  -ENODATA;
2246 				 goto done_free_mem;
2247 			}
2248 		}
2249 	}
2250 
2251 	/* If valid sense data, copy to user.
2252 	 */
2253 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_SENSE_VALID) {
2254 		sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2255 		if (sz > 0) {
2256 			if (copy_to_user(karg.senseDataPtr,
2257 				ioc->ioctl_cmds.sense, sz)) {
2258 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2259 				"Unable to write sense data to user %p\n",
2260 				ioc->name, __FILE__, __LINE__,
2261 				karg.senseDataPtr);
2262 				rc =  -ENODATA;
2263 				goto done_free_mem;
2264 			}
2265 		}
2266 	}
2267 
2268 	/* If the overall status is _GOOD and data in, copy data
2269 	 * to user.
2270 	 */
2271 	if ((ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD) &&
2272 				(karg.dataInSize > 0) && (bufIn.kptr)) {
2273 
2274 		if (copy_to_user(karg.dataInBufPtr,
2275 				 bufIn.kptr, karg.dataInSize)) {
2276 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2277 				"Unable to write data to user %p\n",
2278 				ioc->name, __FILE__, __LINE__,
2279 				karg.dataInBufPtr);
2280 			rc =  -ENODATA;
2281 		}
2282 	}
2283 
2284 done_free_mem:
2285 
2286 	CLEAR_MGMT_STATUS(ioc->ioctl_cmds.status)
2287 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, 0);
2288 
2289 	/* Free the allocated memory.
2290 	 */
2291 	if (bufOut.kptr != NULL) {
2292 		dma_free_coherent(&ioc->pcidev->dev, bufOut.len,
2293 				  (void *)bufOut.kptr, dma_addr_out);
2294 	}
2295 
2296 	if (bufIn.kptr != NULL) {
2297 		dma_free_coherent(&ioc->pcidev->dev, bufIn.len,
2298 				  (void *)bufIn.kptr, dma_addr_in);
2299 	}
2300 
2301 	/* mf is null if command issued successfully
2302 	 * otherwise, failure occurred after mf acquired.
2303 	 */
2304 	if (mf)
2305 		mpt_free_msg_frame(ioc, mf);
2306 
2307 	return rc;
2308 }
2309 
2310 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2311 /* Prototype Routine for the HOST INFO command.
2312  *
2313  * Outputs:	None.
2314  * Return:	0 if successful
2315  *		-EFAULT if data unavailable
2316  *		-EBUSY  if previous command timeout and IOC reset is not complete.
2317  *		-ENODEV if no such device/adapter
2318  *		-ETIME	if timer expires
2319  *		-ENOMEM if memory allocation error
2320  */
2321 static int
mptctl_hp_hostinfo(MPT_ADAPTER * ioc,unsigned long arg,unsigned int data_size)2322 mptctl_hp_hostinfo(MPT_ADAPTER *ioc, unsigned long arg, unsigned int data_size)
2323 {
2324 	hp_host_info_t	__user *uarg = (void __user *) arg;
2325 	struct pci_dev		*pdev;
2326 	char                    *pbuf=NULL;
2327 	dma_addr_t		buf_dma;
2328 	hp_host_info_t		karg;
2329 	CONFIGPARMS		cfg;
2330 	ConfigPageHeader_t	hdr;
2331 	int			rc, cim_rev;
2332 	ToolboxIstwiReadWriteRequest_t	*IstwiRWRequest;
2333 	MPT_FRAME_HDR		*mf = NULL;
2334 	unsigned long		timeleft;
2335 	u32			msgcontext;
2336 
2337 	/* Reset long to int. Should affect IA64 and SPARC only
2338 	 */
2339 	if (data_size == sizeof(hp_host_info_t))
2340 		cim_rev = 1;
2341 	else if (data_size == sizeof(hp_host_info_rev0_t))
2342 		cim_rev = 0;	/* obsolete */
2343 	else
2344 		return -EFAULT;
2345 
2346 	if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2347 		printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_host_info - "
2348 			"Unable to read in hp_host_info struct @ %p\n",
2349 				__FILE__, __LINE__, uarg);
2350 		return -EFAULT;
2351 	}
2352 
2353 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n",
2354 	    ioc->name));
2355 
2356 	/* Fill in the data and return the structure to the calling
2357 	 * program
2358 	 */
2359 	pdev = (struct pci_dev *) ioc->pcidev;
2360 
2361 	karg.vendor = pdev->vendor;
2362 	karg.device = pdev->device;
2363 	karg.subsystem_id = pdev->subsystem_device;
2364 	karg.subsystem_vendor = pdev->subsystem_vendor;
2365 	karg.devfn = pdev->devfn;
2366 	karg.bus = pdev->bus->number;
2367 
2368 	/* Save the SCSI host no. if
2369 	 * SCSI driver loaded
2370 	 */
2371 	if (ioc->sh != NULL)
2372 		karg.host_no = ioc->sh->host_no;
2373 	else
2374 		karg.host_no =  -1;
2375 
2376 	/* Reformat the fw_version into a string */
2377 	snprintf(karg.fw_version, sizeof(karg.fw_version),
2378 		 "%.2hhu.%.2hhu.%.2hhu.%.2hhu",
2379 		 ioc->facts.FWVersion.Struct.Major,
2380 		 ioc->facts.FWVersion.Struct.Minor,
2381 		 ioc->facts.FWVersion.Struct.Unit,
2382 		 ioc->facts.FWVersion.Struct.Dev);
2383 
2384 	/* Issue a config request to get the device serial number
2385 	 */
2386 	hdr.PageVersion = 0;
2387 	hdr.PageLength = 0;
2388 	hdr.PageNumber = 0;
2389 	hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2390 	cfg.cfghdr.hdr = &hdr;
2391 	cfg.physAddr = -1;
2392 	cfg.pageAddr = 0;
2393 	cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2394 	cfg.dir = 0;	/* read */
2395 	cfg.timeout = 10;
2396 
2397 	strncpy(karg.serial_number, " ", 24);
2398 	if (mpt_config(ioc, &cfg) == 0) {
2399 		if (cfg.cfghdr.hdr->PageLength > 0) {
2400 			/* Issue the second config page request */
2401 			cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2402 
2403 			pbuf = dma_alloc_coherent(&ioc->pcidev->dev,
2404 						  hdr.PageLength * 4,
2405 						  &buf_dma, GFP_KERNEL);
2406 			if (pbuf) {
2407 				cfg.physAddr = buf_dma;
2408 				if (mpt_config(ioc, &cfg) == 0) {
2409 					ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2410 					if (strlen(pdata->BoardTracerNumber) > 1) {
2411 						strscpy(karg.serial_number,
2412 							pdata->BoardTracerNumber, 24);
2413 					}
2414 				}
2415 				dma_free_coherent(&ioc->pcidev->dev,
2416 						  hdr.PageLength * 4, pbuf,
2417 						  buf_dma);
2418 				pbuf = NULL;
2419 			}
2420 		}
2421 	}
2422 	rc = mpt_GetIocState(ioc, 1);
2423 	switch (rc) {
2424 	case MPI_IOC_STATE_OPERATIONAL:
2425 		karg.ioc_status =  HP_STATUS_OK;
2426 		break;
2427 
2428 	case MPI_IOC_STATE_FAULT:
2429 		karg.ioc_status =  HP_STATUS_FAILED;
2430 		break;
2431 
2432 	case MPI_IOC_STATE_RESET:
2433 	case MPI_IOC_STATE_READY:
2434 	default:
2435 		karg.ioc_status =  HP_STATUS_OTHER;
2436 		break;
2437 	}
2438 
2439 	karg.base_io_addr = pci_resource_start(pdev, 0);
2440 
2441 	if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2442 		karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2443 	else
2444 		karg.bus_phys_width = HP_BUS_WIDTH_16;
2445 
2446 	karg.hard_resets = 0;
2447 	karg.soft_resets = 0;
2448 	karg.timeouts = 0;
2449 	if (ioc->sh != NULL) {
2450 		MPT_SCSI_HOST *hd =  shost_priv(ioc->sh);
2451 
2452 		if (hd && (cim_rev == 1)) {
2453 			karg.hard_resets = ioc->hard_resets;
2454 			karg.soft_resets = ioc->soft_resets;
2455 			karg.timeouts = ioc->timeouts;
2456 		}
2457 	}
2458 
2459 	/*
2460 	 * Gather ISTWI(Industry Standard Two Wire Interface) Data
2461 	 */
2462 	if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2463 		dfailprintk(ioc, printk(MYIOC_s_WARN_FMT
2464 			"%s, no msg frames!!\n", ioc->name, __func__));
2465 		goto out;
2466 	}
2467 
2468 	IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2469 	msgcontext = IstwiRWRequest->MsgContext;
2470 	memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2471 	IstwiRWRequest->MsgContext = msgcontext;
2472 	IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2473 	IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2474 	IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2475 	IstwiRWRequest->NumAddressBytes = 0x01;
2476 	IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2477 	if (pdev->devfn & 1)
2478 		IstwiRWRequest->DeviceAddr = 0xB2;
2479 	else
2480 		IstwiRWRequest->DeviceAddr = 0xB0;
2481 
2482 	pbuf = dma_alloc_coherent(&ioc->pcidev->dev, 4, &buf_dma, GFP_KERNEL);
2483 	if (!pbuf)
2484 		goto out;
2485 	ioc->add_sge((char *)&IstwiRWRequest->SGL,
2486 	    (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2487 
2488 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context,
2489 				IstwiRWRequest->MsgContext);
2490 	INITIALIZE_MGMT_STATUS(ioc->ioctl_cmds.status)
2491 	mpt_put_msg_frame(mptctl_id, ioc, mf);
2492 
2493 retry_wait:
2494 	timeleft = wait_for_completion_timeout(&ioc->ioctl_cmds.done,
2495 			HZ*MPT_IOCTL_DEFAULT_TIMEOUT);
2496 	if (!(ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
2497 		printk(MYIOC_s_WARN_FMT "%s: failed\n", ioc->name, __func__);
2498 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
2499 			mpt_free_msg_frame(ioc, mf);
2500 			goto out;
2501 		}
2502 		if (!timeleft) {
2503 			printk(MYIOC_s_WARN_FMT
2504 			       "HOST INFO command timeout, doorbell=0x%08x\n",
2505 			       ioc->name, mpt_GetIocState(ioc, 0));
2506 			mptctl_timeout_expired(ioc, mf);
2507 		} else
2508 			goto retry_wait;
2509 		goto out;
2510 	}
2511 
2512 	/*
2513 	 *ISTWI Data Definition
2514 	 * pbuf[0] = FW_VERSION = 0x4
2515 	 * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2516 	 *  the config, you should be seeing one out of these three values
2517 	 * pbuf[2] = Drive Installed Map = bit pattern depend on which
2518 	 *   bays have drives in them
2519 	 * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2520 	 */
2521 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID)
2522 		karg.rsvd = *(u32 *)pbuf;
2523 
2524  out:
2525 	CLEAR_MGMT_STATUS(ioc->ioctl_cmds.status)
2526 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, 0);
2527 
2528 	if (pbuf)
2529 		dma_free_coherent(&ioc->pcidev->dev, 4, pbuf, buf_dma);
2530 
2531 	/* Copy the data from kernel memory to user memory
2532 	 */
2533 	if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2534 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hpgethostinfo - "
2535 			"Unable to write out hp_host_info @ %p\n",
2536 			ioc->name, __FILE__, __LINE__, uarg);
2537 		return -EFAULT;
2538 	}
2539 
2540 	return 0;
2541 
2542 }
2543 
2544 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2545 /* Prototype Routine for the TARGET INFO command.
2546  *
2547  * Outputs:	None.
2548  * Return:	0 if successful
2549  *		-EFAULT if data unavailable
2550  *		-EBUSY  if previous command timeout and IOC reset is not complete.
2551  *		-ENODEV if no such device/adapter
2552  *		-ETIME	if timer expires
2553  *		-ENOMEM if memory allocation error
2554  */
2555 static int
mptctl_hp_targetinfo(MPT_ADAPTER * ioc,unsigned long arg)2556 mptctl_hp_targetinfo(MPT_ADAPTER *ioc, unsigned long arg)
2557 {
2558 	hp_target_info_t __user *uarg = (void __user *) arg;
2559 	SCSIDevicePage0_t	*pg0_alloc;
2560 	SCSIDevicePage3_t	*pg3_alloc;
2561 	MPT_SCSI_HOST 		*hd = NULL;
2562 	hp_target_info_t	karg;
2563 	int			data_sz;
2564 	dma_addr_t		page_dma;
2565 	CONFIGPARMS	 	cfg;
2566 	ConfigPageHeader_t	hdr;
2567 	int			tmp, np, rc = 0;
2568 
2569 	if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2570 		printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_targetinfo - "
2571 			"Unable to read in hp_host_targetinfo struct @ %p\n",
2572 				__FILE__, __LINE__, uarg);
2573 		return -EFAULT;
2574 	}
2575 
2576 	if (karg.hdr.id >= MPT_MAX_FC_DEVICES)
2577 		return -EINVAL;
2578 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n",
2579 	    ioc->name));
2580 
2581 	/*  There is nothing to do for FCP parts.
2582 	 */
2583 	if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2584 		return 0;
2585 
2586 	if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2587 		return 0;
2588 
2589 	if (ioc->sh->host_no != karg.hdr.host)
2590 		return -ENODEV;
2591 
2592        /* Get the data transfer speeds
2593         */
2594 	data_sz = ioc->spi_data.sdp0length * 4;
2595 	pg0_alloc = dma_alloc_coherent(&ioc->pcidev->dev, data_sz, &page_dma,
2596 				       GFP_KERNEL);
2597 	if (pg0_alloc) {
2598 		hdr.PageVersion = ioc->spi_data.sdp0version;
2599 		hdr.PageLength = data_sz;
2600 		hdr.PageNumber = 0;
2601 		hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2602 
2603 		cfg.cfghdr.hdr = &hdr;
2604 		cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2605 		cfg.dir = 0;
2606 		cfg.timeout = 0;
2607 		cfg.physAddr = page_dma;
2608 
2609 		cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2610 
2611 		if ((rc = mpt_config(ioc, &cfg)) == 0) {
2612 			np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2613 			karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2614 					HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2615 
2616 			if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2617 				tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2618 				if (tmp < 0x09)
2619 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2620 				else if (tmp <= 0x09)
2621 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2622 				else if (tmp <= 0x0A)
2623 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2624 				else if (tmp <= 0x0C)
2625 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2626 				else if (tmp <= 0x25)
2627 					karg.negotiated_speed = HP_DEV_SPEED_FAST;
2628 				else
2629 					karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2630 			} else
2631 				karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2632 		}
2633 
2634 		dma_free_coherent(&ioc->pcidev->dev, data_sz, (u8 *)pg0_alloc,
2635 				  page_dma);
2636 	}
2637 
2638 	/* Set defaults
2639 	 */
2640 	karg.message_rejects = -1;
2641 	karg.phase_errors = -1;
2642 	karg.parity_errors = -1;
2643 	karg.select_timeouts = -1;
2644 
2645 	/* Get the target error parameters
2646 	 */
2647 	hdr.PageVersion = 0;
2648 	hdr.PageLength = 0;
2649 	hdr.PageNumber = 3;
2650 	hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2651 
2652 	cfg.cfghdr.hdr = &hdr;
2653 	cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2654 	cfg.dir = 0;
2655 	cfg.timeout = 0;
2656 	cfg.physAddr = -1;
2657 	if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2658 		/* Issue the second config page request */
2659 		cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2660 		data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2661 		pg3_alloc = dma_alloc_coherent(&ioc->pcidev->dev, data_sz,
2662 					       &page_dma, GFP_KERNEL);
2663 		if (pg3_alloc) {
2664 			cfg.physAddr = page_dma;
2665 			cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2666 			if ((rc = mpt_config(ioc, &cfg)) == 0) {
2667 				karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2668 				karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2669 				karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2670 			}
2671 			dma_free_coherent(&ioc->pcidev->dev, data_sz,
2672 					  (u8 *)pg3_alloc, page_dma);
2673 		}
2674 	}
2675 	hd = shost_priv(ioc->sh);
2676 	if (hd != NULL)
2677 		karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2678 
2679 	/* Copy the data from kernel memory to user memory
2680 	 */
2681 	if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2682 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hp_target_info - "
2683 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2684 			ioc->name, __FILE__, __LINE__, uarg);
2685 		return -EFAULT;
2686 	}
2687 
2688 	return 0;
2689 }
2690 
2691 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2692 
2693 static const struct file_operations mptctl_fops = {
2694 	.owner =	THIS_MODULE,
2695 	.llseek =	no_llseek,
2696 	.fasync = 	mptctl_fasync,
2697 	.unlocked_ioctl = mptctl_ioctl,
2698 #ifdef CONFIG_COMPAT
2699 	.compat_ioctl = compat_mpctl_ioctl,
2700 #endif
2701 };
2702 
2703 static struct miscdevice mptctl_miscdev = {
2704 	MPT_MINOR,
2705 	MYNAM,
2706 	&mptctl_fops
2707 };
2708 
2709 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2710 
2711 #ifdef CONFIG_COMPAT
2712 
2713 static int
compat_mptfwxfer_ioctl(struct file * filp,unsigned int cmd,unsigned long arg)2714 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2715 			unsigned long arg)
2716 {
2717 	struct mpt_fw_xfer32 kfw32;
2718 	struct mpt_fw_xfer kfw;
2719 	MPT_ADAPTER *iocp = NULL;
2720 	int iocnum, iocnumX;
2721 	int nonblock = (filp->f_flags & O_NONBLOCK);
2722 	int ret;
2723 
2724 
2725 	if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2726 		return -EFAULT;
2727 
2728 	/* Verify intended MPT adapter */
2729 	iocnumX = kfw32.iocnum & 0xFF;
2730 	if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2731 	    (iocp == NULL)) {
2732 		printk(KERN_DEBUG MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2733 			__LINE__, iocnumX);
2734 		return -ENODEV;
2735 	}
2736 
2737 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2738 		return ret;
2739 
2740 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mptfwxfer_ioctl() called\n",
2741 	    iocp->name));
2742 	kfw.iocnum = iocnum;
2743 	kfw.fwlen = kfw32.fwlen;
2744 	kfw.bufp = compat_ptr(kfw32.bufp);
2745 
2746 	ret = mptctl_do_fw_download(iocp, kfw.bufp, kfw.fwlen);
2747 
2748 	mutex_unlock(&iocp->ioctl_cmds.mutex);
2749 
2750 	return ret;
2751 }
2752 
2753 static int
compat_mpt_command(struct file * filp,unsigned int cmd,unsigned long arg)2754 compat_mpt_command(struct file *filp, unsigned int cmd,
2755 			unsigned long arg)
2756 {
2757 	struct mpt_ioctl_command32 karg32;
2758 	struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2759 	struct mpt_ioctl_command karg;
2760 	MPT_ADAPTER *iocp = NULL;
2761 	int iocnum, iocnumX;
2762 	int nonblock = (filp->f_flags & O_NONBLOCK);
2763 	int ret;
2764 
2765 	if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2766 		return -EFAULT;
2767 
2768 	/* Verify intended MPT adapter */
2769 	iocnumX = karg32.hdr.iocnum & 0xFF;
2770 	if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2771 	    (iocp == NULL)) {
2772 		printk(KERN_DEBUG MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2773 			__LINE__, iocnumX);
2774 		return -ENODEV;
2775 	}
2776 
2777 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2778 		return ret;
2779 
2780 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mpt_command() called\n",
2781 	    iocp->name));
2782 	/* Copy data to karg */
2783 	karg.hdr.iocnum = karg32.hdr.iocnum;
2784 	karg.hdr.port = karg32.hdr.port;
2785 	karg.timeout = karg32.timeout;
2786 	karg.maxReplyBytes = karg32.maxReplyBytes;
2787 
2788 	karg.dataInSize = karg32.dataInSize;
2789 	karg.dataOutSize = karg32.dataOutSize;
2790 	karg.maxSenseBytes = karg32.maxSenseBytes;
2791 	karg.dataSgeOffset = karg32.dataSgeOffset;
2792 
2793 	karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2794 	karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2795 	karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2796 	karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2797 
2798 	/* Pass new structure to do_mpt_command
2799 	 */
2800 	ret = mptctl_do_mpt_command (iocp, karg, &uarg->MF);
2801 
2802 	mutex_unlock(&iocp->ioctl_cmds.mutex);
2803 
2804 	return ret;
2805 }
2806 
compat_mpctl_ioctl(struct file * f,unsigned int cmd,unsigned long arg)2807 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2808 {
2809 	long ret;
2810 	mutex_lock(&mpctl_mutex);
2811 	switch (cmd) {
2812 	case MPTIOCINFO:
2813 	case MPTIOCINFO1:
2814 	case MPTIOCINFO2:
2815 	case MPTTARGETINFO:
2816 	case MPTEVENTQUERY:
2817 	case MPTEVENTENABLE:
2818 	case MPTEVENTREPORT:
2819 	case MPTHARDRESET:
2820 	case HP_GETHOSTINFO:
2821 	case HP_GETTARGETINFO:
2822 	case MPTTEST:
2823 		ret = __mptctl_ioctl(f, cmd, arg);
2824 		break;
2825 	case MPTCOMMAND32:
2826 		ret = compat_mpt_command(f, cmd, arg);
2827 		break;
2828 	case MPTFWDOWNLOAD32:
2829 		ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2830 		break;
2831 	default:
2832 		ret = -ENOIOCTLCMD;
2833 		break;
2834 	}
2835 	mutex_unlock(&mpctl_mutex);
2836 	return ret;
2837 }
2838 
2839 #endif
2840 
2841 
2842 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2843 /*
2844  *	mptctl_probe - Installs ioctl devices per bus.
2845  *	@pdev: Pointer to pci_dev structure
2846  *
2847  *	Returns 0 for success, non-zero for failure.
2848  *
2849  */
2850 
2851 static int
mptctl_probe(struct pci_dev * pdev)2852 mptctl_probe(struct pci_dev *pdev)
2853 {
2854 	MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2855 
2856 	mutex_init(&ioc->ioctl_cmds.mutex);
2857 	init_completion(&ioc->ioctl_cmds.done);
2858 	return 0;
2859 }
2860 
2861 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2862 /*
2863  *	mptctl_remove - Removed ioctl devices
2864  *	@pdev: Pointer to pci_dev structure
2865  *
2866  *
2867  */
2868 static void
mptctl_remove(struct pci_dev * pdev)2869 mptctl_remove(struct pci_dev *pdev)
2870 {
2871 }
2872 
2873 static struct mpt_pci_driver mptctl_driver = {
2874   .probe		= mptctl_probe,
2875   .remove		= mptctl_remove,
2876 };
2877 
2878 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
mptctl_init(void)2879 static int __init mptctl_init(void)
2880 {
2881 	int err;
2882 
2883 	show_mptmod_ver(my_NAME, my_VERSION);
2884 
2885 	mpt_device_driver_register(&mptctl_driver, MPTCTL_DRIVER);
2886 
2887 	/* Register this device */
2888 	err = misc_register(&mptctl_miscdev);
2889 	if (err < 0) {
2890 		printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
2891 		goto out_fail;
2892 	}
2893 	printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
2894 	printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
2895 			 mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2896 
2897 	/*
2898 	 *  Install our handler
2899 	 */
2900 	mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER,
2901 	    "mptctl_reply");
2902 	if (!mptctl_id || mptctl_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2903 		printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2904 		misc_deregister(&mptctl_miscdev);
2905 		err = -EBUSY;
2906 		goto out_fail;
2907 	}
2908 
2909 	mptctl_taskmgmt_id = mpt_register(mptctl_taskmgmt_reply, MPTCTL_DRIVER,
2910 	    "mptctl_taskmgmt_reply");
2911 	if (!mptctl_taskmgmt_id || mptctl_taskmgmt_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2912 		printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2913 		mpt_deregister(mptctl_id);
2914 		misc_deregister(&mptctl_miscdev);
2915 		err = -EBUSY;
2916 		goto out_fail;
2917 	}
2918 
2919 	mpt_reset_register(mptctl_id, mptctl_ioc_reset);
2920 	mpt_event_register(mptctl_id, mptctl_event_process);
2921 
2922 	return 0;
2923 
2924 out_fail:
2925 
2926 	mpt_device_driver_deregister(MPTCTL_DRIVER);
2927 
2928 	return err;
2929 }
2930 
2931 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
mptctl_exit(void)2932 static void mptctl_exit(void)
2933 {
2934 	misc_deregister(&mptctl_miscdev);
2935 	printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
2936 			 mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2937 
2938 	/* De-register event handler from base module */
2939 	mpt_event_deregister(mptctl_id);
2940 
2941 	/* De-register reset handler from base module */
2942 	mpt_reset_deregister(mptctl_id);
2943 
2944 	/* De-register callback handler from base module */
2945 	mpt_deregister(mptctl_taskmgmt_id);
2946 	mpt_deregister(mptctl_id);
2947 
2948         mpt_device_driver_deregister(MPTCTL_DRIVER);
2949 
2950 }
2951 
2952 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2953 
2954 module_init(mptctl_init);
2955 module_exit(mptctl_exit);
2956