Merge branch 'upstream-linus' of git://oss.oracle.com/home/sourcebo/git/ocfs2
[linux-2.6] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP SA 5xxx and 6xxx Controllers
3  *    Copyright 2000, 2006 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; either version 2 of the License, or
8  *    (at your option) any later version.
9  *
10  *    This program is distributed in the hope that it will be useful,
11  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
12  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
13  *    NON INFRINGEMENT.  See the GNU General Public License for more details.
14  *
15  *    You should have received a copy of the GNU General Public License
16  *    along with this program; if not, write to the Free Software
17  *    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/config.h>       /* CONFIG_PROC_FS */
24 #include <linux/module.h>
25 #include <linux/interrupt.h>
26 #include <linux/types.h>
27 #include <linux/pci.h>
28 #include <linux/kernel.h>
29 #include <linux/slab.h>
30 #include <linux/delay.h>
31 #include <linux/major.h>
32 #include <linux/fs.h>
33 #include <linux/bio.h>
34 #include <linux/blkpg.h>
35 #include <linux/timer.h>
36 #include <linux/proc_fs.h>
37 #include <linux/init.h> 
38 #include <linux/hdreg.h>
39 #include <linux/spinlock.h>
40 #include <linux/compat.h>
41 #include <linux/blktrace_api.h>
42 #include <asm/uaccess.h>
43 #include <asm/io.h>
44
45 #include <linux/dma-mapping.h>
46 #include <linux/blkdev.h>
47 #include <linux/genhd.h>
48 #include <linux/completion.h>
49
50 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
51 #define DRIVER_NAME "HP CISS Driver (v 2.6.10)"
52 #define DRIVER_VERSION CCISS_DRIVER_VERSION(2,6,10)
53
54 /* Embedded module documentation macros - see modules.h */
55 MODULE_AUTHOR("Hewlett-Packard Company");
56 MODULE_DESCRIPTION("Driver for HP Controller SA5xxx SA6xxx version 2.6.10");
57 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
58                         " SA6i P600 P800 P400 P400i E200 E200i");
59 MODULE_LICENSE("GPL");
60
61 #include "cciss_cmd.h"
62 #include "cciss.h"
63 #include <linux/cciss_ioctl.h>
64
65 /* define the PCI info for the cards we can control */
66 static const struct pci_device_id cciss_pci_device_id[] = {
67         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,
68                         0x0E11, 0x4070, 0, 0, 0},
69         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB,
70                         0x0E11, 0x4080, 0, 0, 0},
71         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB,
72                         0x0E11, 0x4082, 0, 0, 0},
73         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB,
74                         0x0E11, 0x4083, 0, 0, 0},
75         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC,
76                 0x0E11, 0x409A, 0, 0, 0},
77         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC,
78                 0x0E11, 0x409B, 0, 0, 0},
79         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC,
80                 0x0E11, 0x409C, 0, 0, 0},
81         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC,
82                 0x0E11, 0x409D, 0, 0, 0},
83         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC,
84                 0x0E11, 0x4091, 0, 0, 0},
85         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSA,
86                 0x103C, 0x3225, 0, 0, 0},
87         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC,
88                 0x103c, 0x3223, 0, 0, 0},
89         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC,
90                 0x103c, 0x3234, 0, 0, 0},
91         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSC,
92                 0x103c, 0x3235, 0, 0, 0},
93         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSD,
94                 0x103c, 0x3211, 0, 0, 0},
95         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSD,
96                 0x103c, 0x3212, 0, 0, 0},
97         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSD,
98                 0x103c, 0x3213, 0, 0, 0},
99         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSD,
100                 0x103c, 0x3214, 0, 0, 0},
101         { PCI_VENDOR_ID_HP, PCI_DEVICE_ID_HP_CISSD,
102                 0x103c, 0x3215, 0, 0, 0},
103         {0,}
104 };
105 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
106
107 #define NR_PRODUCTS ARRAY_SIZE(products)
108
109 /*  board_id = Subsystem Device ID & Vendor ID
110  *  product = Marketing Name for the board
111  *  access = Address of the struct of function pointers 
112  */
113 static struct board_type products[] = {
114         { 0x40700E11, "Smart Array 5300", &SA5_access },
115         { 0x40800E11, "Smart Array 5i", &SA5B_access},
116         { 0x40820E11, "Smart Array 532", &SA5B_access},
117         { 0x40830E11, "Smart Array 5312", &SA5B_access},
118         { 0x409A0E11, "Smart Array 641", &SA5_access},
119         { 0x409B0E11, "Smart Array 642", &SA5_access},
120         { 0x409C0E11, "Smart Array 6400", &SA5_access},
121         { 0x409D0E11, "Smart Array 6400 EM", &SA5_access},
122         { 0x40910E11, "Smart Array 6i", &SA5_access},
123         { 0x3225103C, "Smart Array P600", &SA5_access},
124         { 0x3223103C, "Smart Array P800", &SA5_access},
125         { 0x3234103C, "Smart Array P400", &SA5_access},
126         { 0x3235103C, "Smart Array P400i", &SA5_access},
127         { 0x3211103C, "Smart Array E200i", &SA5_access},
128         { 0x3212103C, "Smart Array E200", &SA5_access},
129         { 0x3213103C, "Smart Array E200i", &SA5_access},
130         { 0x3214103C, "Smart Array E200i", &SA5_access},
131         { 0x3215103C, "Smart Array E200i", &SA5_access},
132 };
133
134 /* How long to wait (in millesconds) for board to go into simple mode */
135 #define MAX_CONFIG_WAIT 30000 
136 #define MAX_IOCTL_CONFIG_WAIT 1000
137
138 /*define how many times we will try a command because of bus resets */
139 #define MAX_CMD_RETRIES 3
140
141 #define READ_AHEAD       1024
142 #define NR_CMDS          384 /* #commands that can be outstanding */
143 #define MAX_CTLR        32
144
145 /* Originally cciss driver only supports 8 major numbers */
146 #define MAX_CTLR_ORIG   8
147
148
149 static ctlr_info_t *hba[MAX_CTLR];
150
151 static void do_cciss_request(request_queue_t *q);
152 static irqreturn_t do_cciss_intr(int irq, void *dev_id, struct pt_regs *regs);
153 static int cciss_open(struct inode *inode, struct file *filep);
154 static int cciss_release(struct inode *inode, struct file *filep);
155 static int cciss_ioctl(struct inode *inode, struct file *filep, 
156                 unsigned int cmd, unsigned long arg);
157 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
158
159 static int revalidate_allvol(ctlr_info_t *host);
160 static int cciss_revalidate(struct gendisk *disk);
161 static int rebuild_lun_table(ctlr_info_t *h, struct gendisk *del_disk);
162 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv, int clear_all);
163
164 static void cciss_read_capacity(int ctlr, int logvol, ReadCapdata_struct *buf,
165         int withirq, unsigned int *total_size, unsigned int *block_size);
166 static void cciss_geometry_inquiry(int ctlr, int logvol,
167                         int withirq, unsigned int total_size,
168                         unsigned int block_size, InquiryData_struct *inq_buff,
169                         drive_info_struct *drv);
170 static void cciss_getgeometry(int cntl_num);
171 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *, __u32);
172 static void start_io( ctlr_info_t *h);
173 static int sendcmd( __u8 cmd, int ctlr, void *buff, size_t size,
174         unsigned int use_unit_num, unsigned int log_unit, __u8 page_code,
175         unsigned char *scsi3addr, int cmd_type);
176 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
177         unsigned int use_unit_num, unsigned int log_unit, __u8  page_code,
178         int cmd_type);
179
180 static void fail_all_cmds(unsigned long ctlr);
181
182 #ifdef CONFIG_PROC_FS
183 static int cciss_proc_get_info(char *buffer, char **start, off_t offset, 
184                 int length, int *eof, void *data);
185 static void cciss_procinit(int i);
186 #else
187 static void cciss_procinit(int i) {}
188 #endif /* CONFIG_PROC_FS */
189
190 #ifdef CONFIG_COMPAT
191 static long cciss_compat_ioctl(struct file *f, unsigned cmd, unsigned long arg);
192 #endif
193
194 static struct block_device_operations cciss_fops  = {
195         .owner          = THIS_MODULE,
196         .open           = cciss_open, 
197         .release        = cciss_release,
198         .ioctl          = cciss_ioctl,
199         .getgeo         = cciss_getgeo,
200 #ifdef CONFIG_COMPAT
201         .compat_ioctl   = cciss_compat_ioctl,
202 #endif
203         .revalidate_disk= cciss_revalidate,
204 };
205
206 /*
207  * Enqueuing and dequeuing functions for cmdlists.
208  */
209 static inline void addQ(CommandList_struct **Qptr, CommandList_struct *c)
210 {
211         if (*Qptr == NULL) {
212                 *Qptr = c;
213                 c->next = c->prev = c;
214         } else {
215                 c->prev = (*Qptr)->prev;
216                 c->next = (*Qptr);
217                 (*Qptr)->prev->next = c;
218                 (*Qptr)->prev = c;
219         }
220 }
221
222 static inline CommandList_struct *removeQ(CommandList_struct **Qptr, 
223                                                 CommandList_struct *c)
224 {
225         if (c && c->next != c) {
226                 if (*Qptr == c) *Qptr = c->next;
227                 c->prev->next = c->next;
228                 c->next->prev = c->prev;
229         } else {
230                 *Qptr = NULL;
231         }
232         return c;
233 }
234
235 #include "cciss_scsi.c"         /* For SCSI tape support */
236
237 #ifdef CONFIG_PROC_FS
238
239 /*
240  * Report information about this controller.
241  */
242 #define ENG_GIG 1000000000
243 #define ENG_GIG_FACTOR (ENG_GIG/512)
244 #define RAID_UNKNOWN 6
245 static const char *raid_label[] = {"0","4","1(1+0)","5","5+1","ADG",
246                                            "UNKNOWN"};
247
248 static struct proc_dir_entry *proc_cciss;
249
250 static int cciss_proc_get_info(char *buffer, char **start, off_t offset, 
251                 int length, int *eof, void *data)
252 {
253         off_t pos = 0;
254         off_t len = 0;
255         int size, i, ctlr;
256         ctlr_info_t *h = (ctlr_info_t*)data;
257         drive_info_struct *drv;
258         unsigned long flags;
259         sector_t vol_sz, vol_sz_frac;
260
261         ctlr = h->ctlr;
262
263         /* prevent displaying bogus info during configuration
264          * or deconfiguration of a logical volume
265          */
266         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
267         if (h->busy_configuring) {
268                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
269         return -EBUSY;
270         }
271         h->busy_configuring = 1;
272         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
273
274         size = sprintf(buffer, "%s: HP %s Controller\n"
275                 "Board ID: 0x%08lx\n"
276                 "Firmware Version: %c%c%c%c\n"
277                 "IRQ: %d\n"
278                 "Logical drives: %d\n"
279                 "Current Q depth: %d\n"
280                 "Current # commands on controller: %d\n"
281                 "Max Q depth since init: %d\n"
282                 "Max # commands on controller since init: %d\n"
283                 "Max SG entries since init: %d\n\n",
284                 h->devname,
285                 h->product_name,
286                 (unsigned long)h->board_id,
287                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2], h->firm_ver[3],
288                 (unsigned int)h->intr[SIMPLE_MODE_INT],
289                 h->num_luns, 
290                 h->Qdepth, h->commands_outstanding,
291                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
292
293         pos += size; len += size;
294         cciss_proc_tape_report(ctlr, buffer, &pos, &len);
295         for(i=0; i<=h->highest_lun; i++) {
296
297                 drv = &h->drv[i];
298                 if (drv->heads == 0)
299                         continue;
300
301                 vol_sz = drv->nr_blocks;
302                 vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
303                 vol_sz_frac *= 100;
304                 sector_div(vol_sz_frac, ENG_GIG_FACTOR);
305
306                 if (drv->raid_level > 5)
307                         drv->raid_level = RAID_UNKNOWN;
308                 size = sprintf(buffer+len, "cciss/c%dd%d:"
309                                 "\t%4u.%02uGB\tRAID %s\n",
310                                 ctlr, i, (int)vol_sz, (int)vol_sz_frac,
311                                 raid_label[drv->raid_level]);
312                 pos += size; len += size;
313         }
314
315         *eof = 1;
316         *start = buffer+offset;
317         len -= offset;
318         if (len>length)
319                 len = length;
320         h->busy_configuring = 0;
321         return len;
322 }
323
324 static int 
325 cciss_proc_write(struct file *file, const char __user *buffer, 
326                         unsigned long count, void *data)
327 {
328         unsigned char cmd[80];
329         int len;
330 #ifdef CONFIG_CISS_SCSI_TAPE
331         ctlr_info_t *h = (ctlr_info_t *) data;
332         int rc;
333 #endif
334
335         if (count > sizeof(cmd)-1) return -EINVAL;
336         if (copy_from_user(cmd, buffer, count)) return -EFAULT;
337         cmd[count] = '\0';
338         len = strlen(cmd);      // above 3 lines ensure safety
339         if (len && cmd[len-1] == '\n')
340                 cmd[--len] = '\0';
341 #       ifdef CONFIG_CISS_SCSI_TAPE
342                 if (strcmp("engage scsi", cmd)==0) {
343                         rc = cciss_engage_scsi(h->ctlr);
344                         if (rc != 0) return -rc;
345                         return count;
346                 }
347                 /* might be nice to have "disengage" too, but it's not 
348                    safely possible. (only 1 module use count, lock issues.) */
349 #       endif
350         return -EINVAL;
351 }
352
353 /*
354  * Get us a file in /proc/cciss that says something about each controller.
355  * Create /proc/cciss if it doesn't exist yet.
356  */
357 static void __devinit cciss_procinit(int i)
358 {
359         struct proc_dir_entry *pde;
360
361         if (proc_cciss == NULL) {
362                 proc_cciss = proc_mkdir("cciss", proc_root_driver);
363                 if (!proc_cciss) 
364                         return;
365         }
366
367         pde = create_proc_read_entry(hba[i]->devname, 
368                 S_IWUSR | S_IRUSR | S_IRGRP | S_IROTH, 
369                 proc_cciss, cciss_proc_get_info, hba[i]);
370         pde->write_proc = cciss_proc_write;
371 }
372 #endif /* CONFIG_PROC_FS */
373
374 /* 
375  * For operations that cannot sleep, a command block is allocated at init, 
376  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
377  * which ones are free or in use.  For operations that can wait for kmalloc 
378  * to possible sleep, this routine can be called with get_from_pool set to 0. 
379  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was. 
380  */ 
381 static CommandList_struct * cmd_alloc(ctlr_info_t *h, int get_from_pool)
382 {
383         CommandList_struct *c;
384         int i; 
385         u64bit temp64;
386         dma_addr_t cmd_dma_handle, err_dma_handle;
387
388         if (!get_from_pool)
389         {
390                 c = (CommandList_struct *) pci_alloc_consistent(
391                         h->pdev, sizeof(CommandList_struct), &cmd_dma_handle); 
392                 if(c==NULL)
393                         return NULL;
394                 memset(c, 0, sizeof(CommandList_struct));
395
396                 c->cmdindex = -1;
397
398                 c->err_info = (ErrorInfo_struct *)pci_alloc_consistent(
399                                         h->pdev, sizeof(ErrorInfo_struct), 
400                                         &err_dma_handle);
401         
402                 if (c->err_info == NULL)
403                 {
404                         pci_free_consistent(h->pdev, 
405                                 sizeof(CommandList_struct), c, cmd_dma_handle);
406                         return NULL;
407                 }
408                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
409         } else /* get it out of the controllers pool */ 
410         {
411                 do {
412                         i = find_first_zero_bit(h->cmd_pool_bits, NR_CMDS);
413                         if (i == NR_CMDS)
414                                 return NULL;
415                 } while(test_and_set_bit(i & (BITS_PER_LONG - 1), h->cmd_pool_bits+(i/BITS_PER_LONG)) != 0);
416 #ifdef CCISS_DEBUG
417                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
418 #endif
419                 c = h->cmd_pool + i;
420                 memset(c, 0, sizeof(CommandList_struct));
421                 cmd_dma_handle = h->cmd_pool_dhandle 
422                                         + i*sizeof(CommandList_struct);
423                 c->err_info = h->errinfo_pool + i;
424                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
425                 err_dma_handle = h->errinfo_pool_dhandle 
426                                         + i*sizeof(ErrorInfo_struct);
427                 h->nr_allocs++;
428
429                 c->cmdindex = i;
430         }
431
432         c->busaddr = (__u32) cmd_dma_handle;
433         temp64.val = (__u64) err_dma_handle;    
434         c->ErrDesc.Addr.lower = temp64.val32.lower;
435         c->ErrDesc.Addr.upper = temp64.val32.upper;
436         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
437         
438         c->ctlr = h->ctlr;
439         return c;
440
441
442 }
443
444 /* 
445  * Frees a command block that was previously allocated with cmd_alloc(). 
446  */
447 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
448 {
449         int i;
450         u64bit temp64;
451
452         if( !got_from_pool)
453         { 
454                 temp64.val32.lower = c->ErrDesc.Addr.lower;
455                 temp64.val32.upper = c->ErrDesc.Addr.upper;
456                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct), 
457                         c->err_info, (dma_addr_t) temp64.val);
458                 pci_free_consistent(h->pdev, sizeof(CommandList_struct), 
459                         c, (dma_addr_t) c->busaddr);
460         } else 
461         {
462                 i = c - h->cmd_pool;
463                 clear_bit(i&(BITS_PER_LONG-1), h->cmd_pool_bits+(i/BITS_PER_LONG));
464                 h->nr_frees++;
465         }
466 }
467
468 static inline ctlr_info_t *get_host(struct gendisk *disk)
469 {
470         return disk->queue->queuedata; 
471 }
472
473 static inline drive_info_struct *get_drv(struct gendisk *disk)
474 {
475         return disk->private_data;
476 }
477
478 /*
479  * Open.  Make sure the device is really there.
480  */
481 static int cciss_open(struct inode *inode, struct file *filep)
482 {
483         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
484         drive_info_struct *drv = get_drv(inode->i_bdev->bd_disk);
485
486 #ifdef CCISS_DEBUG
487         printk(KERN_DEBUG "cciss_open %s\n", inode->i_bdev->bd_disk->disk_name);
488 #endif /* CCISS_DEBUG */ 
489
490         if (host->busy_initializing || drv->busy_configuring)
491                 return -EBUSY;
492         /*
493          * Root is allowed to open raw volume zero even if it's not configured
494          * so array config can still work. Root is also allowed to open any
495          * volume that has a LUN ID, so it can issue IOCTL to reread the
496          * disk information.  I don't think I really like this
497          * but I'm already using way to many device nodes to claim another one
498          * for "raw controller".
499          */
500         if (drv->nr_blocks == 0) {
501                 if (iminor(inode) != 0) {       /* not node 0? */
502                         /* if not node 0 make sure it is a partition = 0 */
503                         if (iminor(inode) & 0x0f) {
504                         return -ENXIO;
505                                 /* if it is, make sure we have a LUN ID */
506                         } else if (drv->LunID == 0) {
507                                 return -ENXIO;
508                         }
509                 }
510                 if (!capable(CAP_SYS_ADMIN))
511                         return -EPERM;
512         }
513         drv->usage_count++;
514         host->usage_count++;
515         return 0;
516 }
517 /*
518  * Close.  Sync first.
519  */
520 static int cciss_release(struct inode *inode, struct file *filep)
521 {
522         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
523         drive_info_struct *drv = get_drv(inode->i_bdev->bd_disk);
524
525 #ifdef CCISS_DEBUG
526         printk(KERN_DEBUG "cciss_release %s\n", inode->i_bdev->bd_disk->disk_name);
527 #endif /* CCISS_DEBUG */
528
529         drv->usage_count--;
530         host->usage_count--;
531         return 0;
532 }
533
534 #ifdef CONFIG_COMPAT
535
536 static int do_ioctl(struct file *f, unsigned cmd, unsigned long arg)
537 {
538         int ret;
539         lock_kernel();
540         ret = cciss_ioctl(f->f_dentry->d_inode, f, cmd, arg);
541         unlock_kernel();
542         return ret;
543 }
544
545 static int cciss_ioctl32_passthru(struct file *f, unsigned cmd, unsigned long arg);
546 static int cciss_ioctl32_big_passthru(struct file *f, unsigned cmd, unsigned long arg);
547
548 static long cciss_compat_ioctl(struct file *f, unsigned cmd, unsigned long arg)
549 {
550         switch (cmd) {
551         case CCISS_GETPCIINFO:
552         case CCISS_GETINTINFO:
553         case CCISS_SETINTINFO:
554         case CCISS_GETNODENAME:
555         case CCISS_SETNODENAME:
556         case CCISS_GETHEARTBEAT:
557         case CCISS_GETBUSTYPES:
558         case CCISS_GETFIRMVER:
559         case CCISS_GETDRIVVER:
560         case CCISS_REVALIDVOLS:
561         case CCISS_DEREGDISK:
562         case CCISS_REGNEWDISK:
563         case CCISS_REGNEWD:
564         case CCISS_RESCANDISK:
565         case CCISS_GETLUNINFO:
566                 return do_ioctl(f, cmd, arg);
567
568         case CCISS_PASSTHRU32:
569                 return cciss_ioctl32_passthru(f, cmd, arg);
570         case CCISS_BIG_PASSTHRU32:
571                 return cciss_ioctl32_big_passthru(f, cmd, arg);
572
573         default:
574                 return -ENOIOCTLCMD;
575         }
576 }
577
578 static int cciss_ioctl32_passthru(struct file *f, unsigned cmd, unsigned long arg)
579 {
580         IOCTL32_Command_struct __user *arg32 =
581                 (IOCTL32_Command_struct __user *) arg;
582         IOCTL_Command_struct arg64;
583         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
584         int err;
585         u32 cp;
586
587         err = 0;
588         err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, sizeof(arg64.LUN_info));
589         err |= copy_from_user(&arg64.Request, &arg32->Request, sizeof(arg64.Request));
590         err |= copy_from_user(&arg64.error_info, &arg32->error_info, sizeof(arg64.error_info));
591         err |= get_user(arg64.buf_size, &arg32->buf_size);
592         err |= get_user(cp, &arg32->buf);
593         arg64.buf = compat_ptr(cp);
594         err |= copy_to_user(p, &arg64, sizeof(arg64));
595
596         if (err)
597                 return -EFAULT;
598
599         err = do_ioctl(f, CCISS_PASSTHRU, (unsigned long) p);
600         if (err)
601                 return err;
602         err |= copy_in_user(&arg32->error_info, &p->error_info, sizeof(arg32->error_info));
603         if (err)
604                 return -EFAULT;
605         return err;
606 }
607
608 static int cciss_ioctl32_big_passthru(struct file *file, unsigned cmd, unsigned long arg)
609 {
610         BIG_IOCTL32_Command_struct __user *arg32 =
611                 (BIG_IOCTL32_Command_struct __user *) arg;
612         BIG_IOCTL_Command_struct arg64;
613         BIG_IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
614         int err;
615         u32 cp;
616
617         err = 0;
618         err |= copy_from_user(&arg64.LUN_info, &arg32->LUN_info, sizeof(arg64.LUN_info));
619         err |= copy_from_user(&arg64.Request, &arg32->Request, sizeof(arg64.Request));
620         err |= copy_from_user(&arg64.error_info, &arg32->error_info, sizeof(arg64.error_info));
621         err |= get_user(arg64.buf_size, &arg32->buf_size);
622         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
623         err |= get_user(cp, &arg32->buf);
624         arg64.buf = compat_ptr(cp);
625         err |= copy_to_user(p, &arg64, sizeof(arg64));
626
627         if (err)
628                  return -EFAULT;
629
630         err = do_ioctl(file, CCISS_BIG_PASSTHRU, (unsigned long) p);
631         if (err)
632                 return err;
633         err |= copy_in_user(&arg32->error_info, &p->error_info, sizeof(arg32->error_info));
634         if (err)
635                 return -EFAULT;
636         return err;
637 }
638 #endif
639
640 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
641 {
642         drive_info_struct *drv = get_drv(bdev->bd_disk);
643
644         if (!drv->cylinders)
645                 return -ENXIO;
646
647         geo->heads = drv->heads;
648         geo->sectors = drv->sectors;
649         geo->cylinders = drv->cylinders;
650         return 0;
651 }
652
653 /*
654  * ioctl 
655  */
656 static int cciss_ioctl(struct inode *inode, struct file *filep, 
657                 unsigned int cmd, unsigned long arg)
658 {
659         struct block_device *bdev = inode->i_bdev;
660         struct gendisk *disk = bdev->bd_disk;
661         ctlr_info_t *host = get_host(disk);
662         drive_info_struct *drv = get_drv(disk);
663         int ctlr = host->ctlr;
664         void __user *argp = (void __user *)arg;
665
666 #ifdef CCISS_DEBUG
667         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
668 #endif /* CCISS_DEBUG */ 
669         
670         switch(cmd) {
671         case CCISS_GETPCIINFO:
672         {
673                 cciss_pci_info_struct pciinfo;
674
675                 if (!arg) return -EINVAL;
676                 pciinfo.domain = pci_domain_nr(host->pdev->bus);
677                 pciinfo.bus = host->pdev->bus->number;
678                 pciinfo.dev_fn = host->pdev->devfn;
679                 pciinfo.board_id = host->board_id;
680                 if (copy_to_user(argp, &pciinfo,  sizeof( cciss_pci_info_struct )))
681                         return  -EFAULT;
682                 return(0);
683         }       
684         case CCISS_GETINTINFO:
685         {
686                 cciss_coalint_struct intinfo;
687                 if (!arg) return -EINVAL;
688                 intinfo.delay = readl(&host->cfgtable->HostWrite.CoalIntDelay);
689                 intinfo.count = readl(&host->cfgtable->HostWrite.CoalIntCount);
690                 if (copy_to_user(argp, &intinfo, sizeof( cciss_coalint_struct )))
691                         return -EFAULT;
692                 return(0);
693         }
694         case CCISS_SETINTINFO:
695         {
696                 cciss_coalint_struct intinfo;
697                 unsigned long flags;
698                 int i;
699
700                 if (!arg) return -EINVAL;       
701                 if (!capable(CAP_SYS_ADMIN)) return -EPERM;
702                 if (copy_from_user(&intinfo, argp, sizeof( cciss_coalint_struct)))
703                         return -EFAULT;
704                 if ( (intinfo.delay == 0 ) && (intinfo.count == 0))
705
706                 {
707 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
708                         return( -EINVAL);
709                 }
710                 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
711                 /* Update the field, and then ring the doorbell */ 
712                 writel( intinfo.delay, 
713                         &(host->cfgtable->HostWrite.CoalIntDelay));
714                 writel( intinfo.count, 
715                         &(host->cfgtable->HostWrite.CoalIntCount));
716                 writel( CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
717
718                 for(i=0;i<MAX_IOCTL_CONFIG_WAIT;i++) {
719                         if (!(readl(host->vaddr + SA5_DOORBELL) 
720                                         & CFGTBL_ChangeReq))
721                                 break;
722                         /* delay and try again */
723                         udelay(1000);
724                 }       
725                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
726                 if (i >= MAX_IOCTL_CONFIG_WAIT)
727                         return -EAGAIN;
728                 return(0);
729         }
730         case CCISS_GETNODENAME:
731         {
732                 NodeName_type NodeName;
733                 int i; 
734
735                 if (!arg) return -EINVAL;
736                 for(i=0;i<16;i++)
737                         NodeName[i] = readb(&host->cfgtable->ServerName[i]);
738                 if (copy_to_user(argp, NodeName, sizeof( NodeName_type)))
739                         return  -EFAULT;
740                 return(0);
741         }
742         case CCISS_SETNODENAME:
743         {
744                 NodeName_type NodeName;
745                 unsigned long flags;
746                 int i;
747
748                 if (!arg) return -EINVAL;
749                 if (!capable(CAP_SYS_ADMIN)) return -EPERM;
750                 
751                 if (copy_from_user(NodeName, argp, sizeof( NodeName_type)))
752                         return -EFAULT;
753
754                 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
755
756                         /* Update the field, and then ring the doorbell */ 
757                 for(i=0;i<16;i++)
758                         writeb( NodeName[i], &host->cfgtable->ServerName[i]);
759                         
760                 writel( CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
761
762                 for(i=0;i<MAX_IOCTL_CONFIG_WAIT;i++) {
763                         if (!(readl(host->vaddr + SA5_DOORBELL) 
764                                         & CFGTBL_ChangeReq))
765                                 break;
766                         /* delay and try again */
767                         udelay(1000);
768                 }       
769                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
770                 if (i >= MAX_IOCTL_CONFIG_WAIT)
771                         return -EAGAIN;
772                 return(0);
773         }
774
775         case CCISS_GETHEARTBEAT:
776         {
777                 Heartbeat_type heartbeat;
778
779                 if (!arg) return -EINVAL;
780                 heartbeat = readl(&host->cfgtable->HeartBeat);
781                 if (copy_to_user(argp, &heartbeat, sizeof( Heartbeat_type)))
782                         return -EFAULT;
783                 return(0);
784         }
785         case CCISS_GETBUSTYPES:
786         {
787                 BusTypes_type BusTypes;
788
789                 if (!arg) return -EINVAL;
790                 BusTypes = readl(&host->cfgtable->BusTypes);
791                 if (copy_to_user(argp, &BusTypes, sizeof( BusTypes_type) ))
792                         return  -EFAULT;
793                 return(0);
794         }
795         case CCISS_GETFIRMVER:
796         {
797                 FirmwareVer_type firmware;
798
799                 if (!arg) return -EINVAL;
800                 memcpy(firmware, host->firm_ver, 4);
801
802                 if (copy_to_user(argp, firmware, sizeof( FirmwareVer_type)))
803                         return -EFAULT;
804                 return(0);
805         }
806         case CCISS_GETDRIVVER:
807         {
808                 DriverVer_type DriverVer = DRIVER_VERSION;
809
810                 if (!arg) return -EINVAL;
811
812                 if (copy_to_user(argp, &DriverVer, sizeof( DriverVer_type) ))
813                         return -EFAULT;
814                 return(0);
815         }
816
817         case CCISS_REVALIDVOLS:
818                 if (bdev != bdev->bd_contains || drv != host->drv)
819                         return -ENXIO;
820                 return revalidate_allvol(host);
821
822         case CCISS_GETLUNINFO: {
823                 LogvolInfo_struct luninfo;
824                 
825                 luninfo.LunID = drv->LunID;
826                 luninfo.num_opens = drv->usage_count;
827                 luninfo.num_parts = 0;
828                 if (copy_to_user(argp, &luninfo,
829                                 sizeof(LogvolInfo_struct)))
830                         return -EFAULT;
831                 return(0);
832         }
833         case CCISS_DEREGDISK:
834                 return rebuild_lun_table(host, disk);
835
836         case CCISS_REGNEWD:
837                 return rebuild_lun_table(host, NULL);
838
839         case CCISS_PASSTHRU:
840         {
841                 IOCTL_Command_struct iocommand;
842                 CommandList_struct *c;
843                 char    *buff = NULL;
844                 u64bit  temp64;
845                 unsigned long flags;
846                 DECLARE_COMPLETION(wait);
847
848                 if (!arg) return -EINVAL;
849         
850                 if (!capable(CAP_SYS_RAWIO)) return -EPERM;
851
852                 if (copy_from_user(&iocommand, argp, sizeof( IOCTL_Command_struct) ))
853                         return -EFAULT;
854                 if((iocommand.buf_size < 1) && 
855                                 (iocommand.Request.Type.Direction != XFER_NONE))
856                 {       
857                         return -EINVAL;
858                 } 
859 #if 0 /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
860                 /* Check kmalloc limits */
861                 if(iocommand.buf_size > 128000)
862                         return -EINVAL;
863 #endif
864                 if(iocommand.buf_size > 0)
865                 {
866                         buff =  kmalloc(iocommand.buf_size, GFP_KERNEL);
867                         if( buff == NULL) 
868                                 return -EFAULT;
869                 }
870                 if (iocommand.Request.Type.Direction == XFER_WRITE)
871                 {
872                         /* Copy the data into the buffer we created */ 
873                         if (copy_from_user(buff, iocommand.buf, iocommand.buf_size))
874                         {
875                                 kfree(buff);
876                                 return -EFAULT;
877                         }
878                 } else {
879                         memset(buff, 0, iocommand.buf_size);
880                 }
881                 if ((c = cmd_alloc(host , 0)) == NULL)
882                 {
883                         kfree(buff);
884                         return -ENOMEM;
885                 }
886                         // Fill in the command type 
887                 c->cmd_type = CMD_IOCTL_PEND;
888                         // Fill in Command Header 
889                 c->Header.ReplyQueue = 0;  // unused in simple mode
890                 if( iocommand.buf_size > 0)     // buffer to fill 
891                 {
892                         c->Header.SGList = 1;
893                         c->Header.SGTotal= 1;
894                 } else  // no buffers to fill  
895                 {
896                         c->Header.SGList = 0;
897                         c->Header.SGTotal= 0;
898                 }
899                 c->Header.LUN = iocommand.LUN_info;
900                 c->Header.Tag.lower = c->busaddr;  // use the kernel address the cmd block for tag
901                 
902                 // Fill in Request block 
903                 c->Request = iocommand.Request; 
904         
905                 // Fill in the scatter gather information
906                 if (iocommand.buf_size > 0 ) 
907                 {
908                         temp64.val = pci_map_single( host->pdev, buff,
909                                         iocommand.buf_size, 
910                                 PCI_DMA_BIDIRECTIONAL); 
911                         c->SG[0].Addr.lower = temp64.val32.lower;
912                         c->SG[0].Addr.upper = temp64.val32.upper;
913                         c->SG[0].Len = iocommand.buf_size;
914                         c->SG[0].Ext = 0;  // we are not chaining
915                 }
916                 c->waiting = &wait;
917
918                 /* Put the request on the tail of the request queue */
919                 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
920                 addQ(&host->reqQ, c);
921                 host->Qdepth++;
922                 start_io(host);
923                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
924
925                 wait_for_completion(&wait);
926
927                 /* unlock the buffers from DMA */
928                 temp64.val32.lower = c->SG[0].Addr.lower;
929                 temp64.val32.upper = c->SG[0].Addr.upper;
930                 pci_unmap_single( host->pdev, (dma_addr_t) temp64.val,
931                         iocommand.buf_size, PCI_DMA_BIDIRECTIONAL);
932
933                 /* Copy the error information out */ 
934                 iocommand.error_info = *(c->err_info);
935                 if ( copy_to_user(argp, &iocommand, sizeof( IOCTL_Command_struct) ) )
936                 {
937                         kfree(buff);
938                         cmd_free(host, c, 0);
939                         return( -EFAULT);       
940                 }       
941
942                 if (iocommand.Request.Type.Direction == XFER_READ)
943                 {
944                         /* Copy the data out of the buffer we created */
945                         if (copy_to_user(iocommand.buf, buff, iocommand.buf_size))
946                         {
947                                 kfree(buff);
948                                 cmd_free(host, c, 0);
949                                 return -EFAULT;
950                         }
951                 }
952                 kfree(buff);
953                 cmd_free(host, c, 0);
954                 return(0);
955         } 
956         case CCISS_BIG_PASSTHRU: {
957                 BIG_IOCTL_Command_struct *ioc;
958                 CommandList_struct *c;
959                 unsigned char **buff = NULL;
960                 int     *buff_size = NULL;
961                 u64bit  temp64;
962                 unsigned long flags;
963                 BYTE sg_used = 0;
964                 int status = 0;
965                 int i;
966                 DECLARE_COMPLETION(wait);
967                 __u32   left;
968                 __u32   sz;
969                 BYTE    __user *data_ptr;
970
971                 if (!arg)
972                         return -EINVAL;
973                 if (!capable(CAP_SYS_RAWIO))
974                         return -EPERM;
975                 ioc = (BIG_IOCTL_Command_struct *) 
976                         kmalloc(sizeof(*ioc), GFP_KERNEL);
977                 if (!ioc) {
978                         status = -ENOMEM;
979                         goto cleanup1;
980                 }
981                 if (copy_from_user(ioc, argp, sizeof(*ioc))) {
982                         status = -EFAULT;
983                         goto cleanup1;
984                 }
985                 if ((ioc->buf_size < 1) &&
986                         (ioc->Request.Type.Direction != XFER_NONE)) {
987                                 status = -EINVAL;
988                                 goto cleanup1;
989                 }
990                 /* Check kmalloc limits  using all SGs */
991                 if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
992                         status = -EINVAL;
993                         goto cleanup1;
994                 }
995                 if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
996                         status = -EINVAL;
997                         goto cleanup1;
998                 }
999                 buff = (unsigned char **) kmalloc(MAXSGENTRIES * 
1000                                 sizeof(char *), GFP_KERNEL);
1001                 if (!buff) {
1002                         status = -ENOMEM;
1003                         goto cleanup1;
1004                 }
1005                 memset(buff, 0, MAXSGENTRIES);
1006                 buff_size = (int *) kmalloc(MAXSGENTRIES * sizeof(int), 
1007                                         GFP_KERNEL);
1008                 if (!buff_size) {
1009                         status = -ENOMEM;
1010                         goto cleanup1;
1011                 }
1012                 left = ioc->buf_size;
1013                 data_ptr = ioc->buf;
1014                 while (left) {
1015                         sz = (left > ioc->malloc_size) ? ioc->malloc_size : left;
1016                         buff_size[sg_used] = sz;
1017                         buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1018                         if (buff[sg_used] == NULL) {
1019                                 status = -ENOMEM;
1020                                 goto cleanup1;
1021                         }
1022                         if (ioc->Request.Type.Direction == XFER_WRITE) {
1023                                 if (copy_from_user(buff[sg_used], data_ptr, sz)) {
1024                                         status = -ENOMEM;
1025                                         goto cleanup1;
1026                                 }
1027                         } else {
1028                                 memset(buff[sg_used], 0, sz);
1029                         }
1030                         left -= sz;
1031                         data_ptr += sz;
1032                         sg_used++;
1033                 }
1034                 if ((c = cmd_alloc(host , 0)) == NULL) {
1035                         status = -ENOMEM;
1036                         goto cleanup1;  
1037                 }
1038                 c->cmd_type = CMD_IOCTL_PEND;
1039                 c->Header.ReplyQueue = 0;
1040                 
1041                 if( ioc->buf_size > 0) {
1042                         c->Header.SGList = sg_used;
1043                         c->Header.SGTotal= sg_used;
1044                 } else { 
1045                         c->Header.SGList = 0;
1046                         c->Header.SGTotal= 0;
1047                 }
1048                 c->Header.LUN = ioc->LUN_info;
1049                 c->Header.Tag.lower = c->busaddr;
1050                 
1051                 c->Request = ioc->Request;
1052                 if (ioc->buf_size > 0 ) {
1053                         int i;
1054                         for(i=0; i<sg_used; i++) {
1055                                 temp64.val = pci_map_single( host->pdev, buff[i],
1056                                         buff_size[i],
1057                                         PCI_DMA_BIDIRECTIONAL);
1058                                 c->SG[i].Addr.lower = temp64.val32.lower;
1059                                 c->SG[i].Addr.upper = temp64.val32.upper;
1060                                 c->SG[i].Len = buff_size[i];
1061                                 c->SG[i].Ext = 0;  /* we are not chaining */
1062                         }
1063                 }
1064                 c->waiting = &wait;
1065                 /* Put the request on the tail of the request queue */
1066                 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1067                 addQ(&host->reqQ, c);
1068                 host->Qdepth++;
1069                 start_io(host);
1070                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1071                 wait_for_completion(&wait);
1072                 /* unlock the buffers from DMA */
1073                 for(i=0; i<sg_used; i++) {
1074                         temp64.val32.lower = c->SG[i].Addr.lower;
1075                         temp64.val32.upper = c->SG[i].Addr.upper;
1076                         pci_unmap_single( host->pdev, (dma_addr_t) temp64.val,
1077                                 buff_size[i], PCI_DMA_BIDIRECTIONAL);
1078                 }
1079                 /* Copy the error information out */
1080                 ioc->error_info = *(c->err_info);
1081                 if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1082                         cmd_free(host, c, 0);
1083                         status = -EFAULT;
1084                         goto cleanup1;
1085                 }
1086                 if (ioc->Request.Type.Direction == XFER_READ) {
1087                         /* Copy the data out of the buffer we created */
1088                         BYTE __user *ptr = ioc->buf;
1089                         for(i=0; i< sg_used; i++) {
1090                                 if (copy_to_user(ptr, buff[i], buff_size[i])) {
1091                                         cmd_free(host, c, 0);
1092                                         status = -EFAULT;
1093                                         goto cleanup1;
1094                                 }
1095                                 ptr += buff_size[i];
1096                         }
1097                 }
1098                 cmd_free(host, c, 0);
1099                 status = 0;
1100 cleanup1:
1101                 if (buff) {
1102                         for(i=0; i<sg_used; i++)
1103                                 kfree(buff[i]);
1104                         kfree(buff);
1105                 }
1106                 kfree(buff_size);
1107                 kfree(ioc);
1108                 return(status);
1109         }
1110         default:
1111                 return -ENOTTY;
1112         }
1113         
1114 }
1115
1116 /*
1117  * revalidate_allvol is for online array config utilities.  After a
1118  * utility reconfigures the drives in the array, it can use this function
1119  * (through an ioctl) to make the driver zap any previous disk structs for
1120  * that controller and get new ones.
1121  *
1122  * Right now I'm using the getgeometry() function to do this, but this
1123  * function should probably be finer grained and allow you to revalidate one
1124  * particualar logical volume (instead of all of them on a particular
1125  * controller).
1126  */
1127 static int revalidate_allvol(ctlr_info_t *host)
1128 {
1129         int ctlr = host->ctlr, i;
1130         unsigned long flags;
1131
1132         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1133         if (host->usage_count > 1) {
1134                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1135                 printk(KERN_WARNING "cciss: Device busy for volume"
1136                         " revalidation (usage=%d)\n", host->usage_count);
1137                 return -EBUSY;
1138         }
1139         host->usage_count++;
1140         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1141
1142         for(i=0; i< NWD; i++) {
1143                 struct gendisk *disk = host->gendisk[i];
1144                 if (disk) {
1145                         request_queue_t *q = disk->queue;
1146
1147                         if (disk->flags & GENHD_FL_UP)
1148                                 del_gendisk(disk);
1149                         if (q)
1150                                 blk_cleanup_queue(q);
1151                 }
1152         }
1153
1154         /*
1155          * Set the partition and block size structures for all volumes
1156          * on this controller to zero.  We will reread all of this data
1157          */
1158         memset(host->drv,        0, sizeof(drive_info_struct)
1159                                                 * CISS_MAX_LUN);
1160         /*
1161          * Tell the array controller not to give us any interrupts while
1162          * we check the new geometry.  Then turn interrupts back on when
1163          * we're done.
1164          */
1165         host->access.set_intr_mask(host, CCISS_INTR_OFF);
1166         cciss_getgeometry(ctlr);
1167         host->access.set_intr_mask(host, CCISS_INTR_ON);
1168
1169         /* Loop through each real device */ 
1170         for (i = 0; i < NWD; i++) {
1171                 struct gendisk *disk = host->gendisk[i];
1172                 drive_info_struct *drv = &(host->drv[i]);
1173                 /* we must register the controller even if no disks exist */
1174                 /* this is for the online array utilities */
1175                 if (!drv->heads && i)
1176                         continue;
1177                 blk_queue_hardsect_size(drv->queue, drv->block_size);
1178                 set_capacity(disk, drv->nr_blocks);
1179                 add_disk(disk);
1180         }
1181         host->usage_count--;
1182         return 0;
1183 }
1184
1185 /* This function will check the usage_count of the drive to be updated/added.
1186  * If the usage_count is zero then the drive information will be updated and
1187  * the disk will be re-registered with the kernel.  If not then it will be
1188  * left alone for the next reboot.  The exception to this is disk 0 which
1189  * will always be left registered with the kernel since it is also the
1190  * controller node.  Any changes to disk 0 will show up on the next
1191  * reboot.
1192 */
1193 static void cciss_update_drive_info(int ctlr, int drv_index)
1194   {
1195         ctlr_info_t *h = hba[ctlr];
1196         struct gendisk *disk;
1197         ReadCapdata_struct *size_buff = NULL;
1198         InquiryData_struct *inq_buff = NULL;
1199         unsigned int block_size;
1200         unsigned int total_size;
1201         unsigned long flags = 0;
1202         int ret = 0;
1203
1204         /* if the disk already exists then deregister it before proceeding*/
1205         if (h->drv[drv_index].raid_level != -1){
1206                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1207                 h->drv[drv_index].busy_configuring = 1;
1208                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1209                 ret = deregister_disk(h->gendisk[drv_index],
1210                         &h->drv[drv_index], 0);
1211                 h->drv[drv_index].busy_configuring = 0;
1212         }
1213
1214         /* If the disk is in use return */
1215         if (ret)
1216                 return;
1217
1218
1219         /* Get information about the disk and modify the driver sturcture */
1220         size_buff = kmalloc(sizeof( ReadCapdata_struct), GFP_KERNEL);
1221         if (size_buff == NULL)
1222                 goto mem_msg;
1223         inq_buff = kmalloc(sizeof( InquiryData_struct), GFP_KERNEL);
1224         if (inq_buff == NULL)
1225                 goto mem_msg;
1226
1227         cciss_read_capacity(ctlr, drv_index, size_buff, 1,
1228                 &total_size, &block_size);
1229         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1230                 inq_buff, &h->drv[drv_index]);
1231
1232         ++h->num_luns;
1233         disk = h->gendisk[drv_index];
1234         set_capacity(disk, h->drv[drv_index].nr_blocks);
1235
1236
1237         /* if it's the controller it's already added */
1238         if (drv_index){
1239                 disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1240
1241                 /* Set up queue information */
1242                 disk->queue->backing_dev_info.ra_pages = READ_AHEAD;
1243                 blk_queue_bounce_limit(disk->queue, hba[ctlr]->pdev->dma_mask);
1244
1245                 /* This is a hardware imposed limit. */
1246                 blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1247
1248                 /* This is a limit in the driver and could be eliminated. */
1249                 blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1250
1251                 blk_queue_max_sectors(disk->queue, 512);
1252
1253                 disk->queue->queuedata = hba[ctlr];
1254
1255                 blk_queue_hardsect_size(disk->queue,
1256                         hba[ctlr]->drv[drv_index].block_size);
1257
1258                 h->drv[drv_index].queue = disk->queue;
1259                 add_disk(disk);
1260         }
1261
1262 freeret:
1263         kfree(size_buff);
1264         kfree(inq_buff);
1265         return;
1266 mem_msg:
1267         printk(KERN_ERR "cciss: out of memory\n");
1268         goto freeret;
1269 }
1270
1271 /* This function will find the first index of the controllers drive array
1272  * that has a -1 for the raid_level and will return that index.  This is
1273  * where new drives will be added.  If the index to be returned is greater
1274  * than the highest_lun index for the controller then highest_lun is set
1275  * to this new index.  If there are no available indexes then -1 is returned.
1276 */
1277 static int cciss_find_free_drive_index(int ctlr)
1278 {
1279         int i;
1280
1281         for (i=0; i < CISS_MAX_LUN; i++){
1282                 if (hba[ctlr]->drv[i].raid_level == -1){
1283                         if (i > hba[ctlr]->highest_lun)
1284                                 hba[ctlr]->highest_lun = i;
1285                         return i;
1286                 }
1287         }
1288         return -1;
1289 }
1290
1291 /* This function will add and remove logical drives from the Logical
1292  * drive array of the controller and maintain persistancy of ordering
1293  * so that mount points are preserved until the next reboot.  This allows
1294  * for the removal of logical drives in the middle of the drive array
1295  * without a re-ordering of those drives.
1296  * INPUT
1297  * h            = The controller to perform the operations on
1298  * del_disk     = The disk to remove if specified.  If the value given
1299  *                is NULL then no disk is removed.
1300 */
1301 static int rebuild_lun_table(ctlr_info_t *h, struct gendisk *del_disk)
1302 {
1303         int ctlr = h->ctlr;
1304         int num_luns;
1305         ReportLunData_struct *ld_buff = NULL;
1306         drive_info_struct *drv = NULL;
1307         int return_code;
1308         int listlength = 0;
1309         int i;
1310         int drv_found;
1311         int drv_index = 0;
1312         __u32 lunid = 0;
1313         unsigned long flags;
1314
1315         /* Set busy_configuring flag for this operation */
1316         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1317         if (h->num_luns >= CISS_MAX_LUN){
1318                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1319                 return -EINVAL;
1320         }
1321
1322         if (h->busy_configuring){
1323                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1324                 return -EBUSY;
1325         }
1326         h->busy_configuring = 1;
1327
1328         /* if del_disk is NULL then we are being called to add a new disk
1329          * and update the logical drive table.  If it is not NULL then
1330          * we will check if the disk is in use or not.
1331          */
1332         if (del_disk != NULL){
1333                 drv = get_drv(del_disk);
1334                 drv->busy_configuring = 1;
1335                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1336                 return_code = deregister_disk(del_disk, drv, 1);
1337                 drv->busy_configuring = 0;
1338                 h->busy_configuring = 0;
1339                 return return_code;
1340         } else {
1341                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1342                 if (!capable(CAP_SYS_RAWIO))
1343                         return -EPERM;
1344
1345                 ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
1346                 if (ld_buff == NULL)
1347                         goto mem_msg;
1348
1349                 return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
1350                                 sizeof(ReportLunData_struct), 0, 0, 0,
1351                                 TYPE_CMD);
1352
1353                 if (return_code == IO_OK){
1354                         listlength |= (0xff & (unsigned int)(ld_buff->LUNListLength[0])) << 24;
1355                         listlength |= (0xff & (unsigned int)(ld_buff->LUNListLength[1])) << 16;
1356                         listlength |= (0xff & (unsigned int)(ld_buff->LUNListLength[2])) << 8;
1357                         listlength |= 0xff & (unsigned int)(ld_buff->LUNListLength[3]);
1358                 } else{ /* reading number of logical volumes failed */
1359                         printk(KERN_WARNING "cciss: report logical volume"
1360                                 " command failed\n");
1361                         listlength = 0;
1362                         goto freeret;
1363                 }
1364
1365                 num_luns = listlength / 8;      /* 8 bytes per entry */
1366                 if (num_luns > CISS_MAX_LUN){
1367                         num_luns = CISS_MAX_LUN;
1368                         printk(KERN_WARNING "cciss: more luns configured"
1369                                 " on controller than can be handled by"
1370                                 " this driver.\n");
1371                 }
1372
1373                 /* Compare controller drive array to drivers drive array.
1374                 * Check for updates in the drive information and any new drives
1375                 * on the controller.
1376                 */
1377                 for (i=0; i < num_luns; i++){
1378                         int j;
1379
1380                         drv_found = 0;
1381
1382                         lunid = (0xff &
1383                                 (unsigned int)(ld_buff->LUN[i][3])) << 24;
1384                         lunid |= (0xff &
1385                                 (unsigned int)(ld_buff->LUN[i][2])) << 16;
1386                         lunid |= (0xff &
1387                                 (unsigned int)(ld_buff->LUN[i][1])) << 8;
1388                         lunid |= 0xff &
1389                                 (unsigned int)(ld_buff->LUN[i][0]);
1390
1391                         /* Find if the LUN is already in the drive array
1392                          * of the controller.  If so then update its info
1393                          * if not is use.  If it does not exist then find
1394                          * the first free index and add it.
1395                         */
1396                         for (j=0; j <= h->highest_lun; j++){
1397                                 if (h->drv[j].LunID == lunid){
1398                                         drv_index = j;
1399                                         drv_found = 1;
1400                                 }
1401                         }
1402
1403                         /* check if the drive was found already in the array */
1404                         if (!drv_found){
1405                                 drv_index = cciss_find_free_drive_index(ctlr);
1406                                 if (drv_index == -1)
1407                                         goto freeret;
1408
1409                         }
1410                         h->drv[drv_index].LunID = lunid;
1411                         cciss_update_drive_info(ctlr, drv_index);
1412                 } /* end for */
1413         } /* end else */
1414
1415 freeret:
1416         kfree(ld_buff);
1417         h->busy_configuring = 0;
1418         /* We return -1 here to tell the ACU that we have registered/updated
1419          * all of the drives that we can and to keep it from calling us
1420          * additional times.
1421         */
1422         return -1;
1423 mem_msg:
1424         printk(KERN_ERR "cciss: out of memory\n");
1425         goto freeret;
1426 }
1427
1428 /* This function will deregister the disk and it's queue from the
1429  * kernel.  It must be called with the controller lock held and the
1430  * drv structures busy_configuring flag set.  It's parameters are:
1431  *
1432  * disk = This is the disk to be deregistered
1433  * drv  = This is the drive_info_struct associated with the disk to be
1434  *        deregistered.  It contains information about the disk used
1435  *        by the driver.
1436  * clear_all = This flag determines whether or not the disk information
1437  *             is going to be completely cleared out and the highest_lun
1438  *             reset.  Sometimes we want to clear out information about
1439  *             the disk in preperation for re-adding it.  In this case
1440  *             the highest_lun should be left unchanged and the LunID
1441  *             should not be cleared.
1442 */
1443 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
1444                            int clear_all)
1445 {
1446         ctlr_info_t *h = get_host(disk);
1447
1448         if (!capable(CAP_SYS_RAWIO))
1449                 return -EPERM;
1450
1451         /* make sure logical volume is NOT is use */
1452         if(clear_all || (h->gendisk[0] == disk)) {
1453         if (drv->usage_count > 1)
1454                 return -EBUSY;
1455         }
1456         else
1457                 if( drv->usage_count > 0 )
1458                         return -EBUSY;
1459
1460         /* invalidate the devices and deregister the disk.  If it is disk
1461          * zero do not deregister it but just zero out it's values.  This
1462          * allows us to delete disk zero but keep the controller registered.
1463         */
1464         if (h->gendisk[0] != disk){
1465                 if (disk) {
1466                         request_queue_t *q = disk->queue;
1467                         if (disk->flags & GENHD_FL_UP)
1468                                 del_gendisk(disk);
1469                         if (q) {
1470                                 blk_cleanup_queue(q);
1471                                 drv->queue = NULL;
1472                         }
1473                 }
1474         }
1475
1476         --h->num_luns;
1477         /* zero out the disk size info */
1478         drv->nr_blocks = 0;
1479         drv->block_size = 0;
1480         drv->heads = 0;
1481         drv->sectors = 0;
1482         drv->cylinders = 0;
1483         drv->raid_level = -1;   /* This can be used as a flag variable to
1484                                  * indicate that this element of the drive
1485                                  * array is free.
1486                                 */
1487
1488         if (clear_all){
1489         /* check to see if it was the last disk */
1490         if (drv == h->drv + h->highest_lun) {
1491                 /* if so, find the new hightest lun */
1492                 int i, newhighest =-1;
1493                 for(i=0; i<h->highest_lun; i++) {
1494                         /* if the disk has size > 0, it is available */
1495                                 if (h->drv[i].heads)
1496                                 newhighest = i;
1497                 }
1498                 h->highest_lun = newhighest;
1499         }
1500
1501         drv->LunID = 0;
1502         }
1503         return(0);
1504 }
1505
1506 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff,
1507         size_t size,
1508         unsigned int use_unit_num, /* 0: address the controller,
1509                                       1: address logical volume log_unit,
1510                                       2: periph device address is scsi3addr */
1511         unsigned int log_unit, __u8 page_code, unsigned char *scsi3addr,
1512         int cmd_type)
1513 {
1514         ctlr_info_t *h= hba[ctlr];
1515         u64bit buff_dma_handle;
1516         int status = IO_OK;
1517
1518         c->cmd_type = CMD_IOCTL_PEND;
1519         c->Header.ReplyQueue = 0;
1520         if( buff != NULL) {
1521                 c->Header.SGList = 1;
1522                 c->Header.SGTotal= 1;
1523         } else {
1524                 c->Header.SGList = 0;
1525                 c->Header.SGTotal= 0;
1526         }
1527         c->Header.Tag.lower = c->busaddr;
1528
1529         c->Request.Type.Type = cmd_type;
1530         if (cmd_type == TYPE_CMD) {
1531                 switch(cmd) {
1532                 case  CISS_INQUIRY:
1533                         /* If the logical unit number is 0 then, this is going
1534                         to controller so It's a physical command
1535                         mode = 0 target = 0.  So we have nothing to write.
1536                         otherwise, if use_unit_num == 1,
1537                         mode = 1(volume set addressing) target = LUNID
1538                         otherwise, if use_unit_num == 2,
1539                         mode = 0(periph dev addr) target = scsi3addr */
1540                         if (use_unit_num == 1) {
1541                                 c->Header.LUN.LogDev.VolId=
1542                                         h->drv[log_unit].LunID;
1543                                 c->Header.LUN.LogDev.Mode = 1;
1544                         } else if (use_unit_num == 2) {
1545                                 memcpy(c->Header.LUN.LunAddrBytes,scsi3addr,8);
1546                                 c->Header.LUN.LogDev.Mode = 0;
1547                         }
1548                         /* are we trying to read a vital product page */
1549                         if(page_code != 0) {
1550                                 c->Request.CDB[1] = 0x01;
1551                                 c->Request.CDB[2] = page_code;
1552                         }
1553                         c->Request.CDBLen = 6;
1554                         c->Request.Type.Attribute = ATTR_SIMPLE;  
1555                         c->Request.Type.Direction = XFER_READ;
1556                         c->Request.Timeout = 0;
1557                         c->Request.CDB[0] =  CISS_INQUIRY;
1558                         c->Request.CDB[4] = size  & 0xFF;  
1559                 break;
1560                 case CISS_REPORT_LOG:
1561                 case CISS_REPORT_PHYS:
1562                         /* Talking to controller so It's a physical command
1563                            mode = 00 target = 0.  Nothing to write.
1564                         */
1565                         c->Request.CDBLen = 12;
1566                         c->Request.Type.Attribute = ATTR_SIMPLE;
1567                         c->Request.Type.Direction = XFER_READ;
1568                         c->Request.Timeout = 0;
1569                         c->Request.CDB[0] = cmd;
1570                         c->Request.CDB[6] = (size >> 24) & 0xFF;  //MSB
1571                         c->Request.CDB[7] = (size >> 16) & 0xFF;
1572                         c->Request.CDB[8] = (size >> 8) & 0xFF;
1573                         c->Request.CDB[9] = size & 0xFF;
1574                         break;
1575
1576                 case CCISS_READ_CAPACITY:
1577                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1578                         c->Header.LUN.LogDev.Mode = 1;
1579                         c->Request.CDBLen = 10;
1580                         c->Request.Type.Attribute = ATTR_SIMPLE;
1581                         c->Request.Type.Direction = XFER_READ;
1582                         c->Request.Timeout = 0;
1583                         c->Request.CDB[0] = cmd;
1584                 break;
1585                 case CCISS_CACHE_FLUSH:
1586                         c->Request.CDBLen = 12;
1587                         c->Request.Type.Attribute = ATTR_SIMPLE;
1588                         c->Request.Type.Direction = XFER_WRITE;
1589                         c->Request.Timeout = 0;
1590                         c->Request.CDB[0] = BMIC_WRITE;
1591                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
1592                 break;
1593                 default:
1594                         printk(KERN_WARNING
1595                                 "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
1596                         return(IO_ERROR);
1597                 }
1598         } else if (cmd_type == TYPE_MSG) {
1599                 switch (cmd) {
1600                 case 0: /* ABORT message */
1601                         c->Request.CDBLen = 12;
1602                         c->Request.Type.Attribute = ATTR_SIMPLE;
1603                         c->Request.Type.Direction = XFER_WRITE;
1604                         c->Request.Timeout = 0;
1605                         c->Request.CDB[0] = cmd; /* abort */
1606                         c->Request.CDB[1] = 0;   /* abort a command */
1607                         /* buff contains the tag of the command to abort */
1608                         memcpy(&c->Request.CDB[4], buff, 8);
1609                         break;
1610                 case 1: /* RESET message */
1611                         c->Request.CDBLen = 12;
1612                         c->Request.Type.Attribute = ATTR_SIMPLE;
1613                         c->Request.Type.Direction = XFER_WRITE;
1614                         c->Request.Timeout = 0;
1615                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
1616                         c->Request.CDB[0] = cmd;  /* reset */
1617                         c->Request.CDB[1] = 0x04; /* reset a LUN */
1618                 case 3: /* No-Op message */
1619                         c->Request.CDBLen = 1;
1620                         c->Request.Type.Attribute = ATTR_SIMPLE;
1621                         c->Request.Type.Direction = XFER_WRITE;
1622                         c->Request.Timeout = 0;
1623                         c->Request.CDB[0] = cmd;
1624                         break;
1625                 default:
1626                         printk(KERN_WARNING
1627                                 "cciss%d: unknown message type %d\n",
1628                                 ctlr, cmd);
1629                         return IO_ERROR;
1630                 }
1631         } else {
1632                 printk(KERN_WARNING
1633                         "cciss%d: unknown command type %d\n", ctlr, cmd_type);
1634                 return IO_ERROR;
1635         }
1636         /* Fill in the scatter gather information */
1637         if (size > 0) {
1638                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
1639                         buff, size, PCI_DMA_BIDIRECTIONAL);
1640                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
1641                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
1642                 c->SG[0].Len = size;
1643                 c->SG[0].Ext = 0;  /* we are not chaining */
1644         }
1645         return status;
1646 }
1647 static int sendcmd_withirq(__u8 cmd,
1648         int     ctlr,
1649         void    *buff,
1650         size_t  size,
1651         unsigned int use_unit_num,
1652         unsigned int log_unit,
1653         __u8    page_code,
1654         int cmd_type)
1655 {
1656         ctlr_info_t *h = hba[ctlr];
1657         CommandList_struct *c;
1658         u64bit  buff_dma_handle;
1659         unsigned long flags;
1660         int return_status;
1661         DECLARE_COMPLETION(wait);
1662         
1663         if ((c = cmd_alloc(h , 0)) == NULL)
1664                 return -ENOMEM;
1665         return_status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
1666                 log_unit, page_code, NULL, cmd_type);
1667         if (return_status != IO_OK) {
1668                 cmd_free(h, c, 0);
1669                 return return_status;
1670         }
1671 resend_cmd2:
1672         c->waiting = &wait;
1673         
1674         /* Put the request on the tail of the queue and send it */
1675         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1676         addQ(&h->reqQ, c);
1677         h->Qdepth++;
1678         start_io(h);
1679         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1680         
1681         wait_for_completion(&wait);
1682
1683         if(c->err_info->CommandStatus != 0) 
1684         { /* an error has occurred */ 
1685                 switch(c->err_info->CommandStatus)
1686                 {
1687                         case CMD_TARGET_STATUS:
1688                                 printk(KERN_WARNING "cciss: cmd %p has "
1689                                         " completed with errors\n", c);
1690                                 if( c->err_info->ScsiStatus)
1691                                 {
1692                                         printk(KERN_WARNING "cciss: cmd %p "
1693                                         "has SCSI Status = %x\n",
1694                                                 c,  
1695                                                 c->err_info->ScsiStatus);
1696                                 }
1697
1698                         break;
1699                         case CMD_DATA_UNDERRUN:
1700                         case CMD_DATA_OVERRUN:
1701                         /* expected for inquire and report lun commands */
1702                         break;
1703                         case CMD_INVALID:
1704                                 printk(KERN_WARNING "cciss: Cmd %p is "
1705                                         "reported invalid\n", c);
1706                                 return_status = IO_ERROR;
1707                         break;
1708                         case CMD_PROTOCOL_ERR:
1709                                 printk(KERN_WARNING "cciss: cmd %p has "
1710                                         "protocol error \n", c);
1711                                 return_status = IO_ERROR;
1712                         break;
1713 case CMD_HARDWARE_ERR:
1714                                 printk(KERN_WARNING "cciss: cmd %p had " 
1715                                         " hardware error\n", c);
1716                                 return_status = IO_ERROR;
1717                         break;
1718                         case CMD_CONNECTION_LOST:
1719                                 printk(KERN_WARNING "cciss: cmd %p had "
1720                                         "connection lost\n", c);
1721                                 return_status = IO_ERROR;
1722                         break;
1723                         case CMD_ABORTED:
1724                                 printk(KERN_WARNING "cciss: cmd %p was "
1725                                         "aborted\n", c);
1726                                 return_status = IO_ERROR;
1727                         break;
1728                         case CMD_ABORT_FAILED:
1729                                 printk(KERN_WARNING "cciss: cmd %p reports "
1730                                         "abort failed\n", c);
1731                                 return_status = IO_ERROR;
1732                         break;
1733                         case CMD_UNSOLICITED_ABORT:
1734                                 printk(KERN_WARNING 
1735                                         "cciss%d: unsolicited abort %p\n",
1736                                         ctlr, c);
1737                                 if (c->retry_count < MAX_CMD_RETRIES) {
1738                                         printk(KERN_WARNING 
1739                                                 "cciss%d: retrying %p\n", 
1740                                                 ctlr, c);
1741                                         c->retry_count++;
1742                                         /* erase the old error information */
1743                                         memset(c->err_info, 0,
1744                                                 sizeof(ErrorInfo_struct));
1745                                         return_status = IO_OK;
1746                                         INIT_COMPLETION(wait);
1747                                         goto resend_cmd2;
1748                                 }
1749                                 return_status = IO_ERROR;
1750                         break;
1751                         default:
1752                                 printk(KERN_WARNING "cciss: cmd %p returned "
1753                                         "unknown status %x\n", c, 
1754                                                 c->err_info->CommandStatus); 
1755                                 return_status = IO_ERROR;
1756                 }
1757         }       
1758         /* unlock the buffers from DMA */
1759         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
1760         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
1761         pci_unmap_single( h->pdev, (dma_addr_t) buff_dma_handle.val,
1762                         c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
1763         cmd_free(h, c, 0);
1764         return(return_status);
1765
1766 }
1767 static void cciss_geometry_inquiry(int ctlr, int logvol,
1768                         int withirq, unsigned int total_size,
1769                         unsigned int block_size, InquiryData_struct *inq_buff,
1770                         drive_info_struct *drv)
1771 {
1772         int return_code;
1773         memset(inq_buff, 0, sizeof(InquiryData_struct));
1774         if (withirq)
1775                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
1776                         inq_buff, sizeof(*inq_buff), 1, logvol ,0xC1, TYPE_CMD);
1777         else
1778                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
1779                         sizeof(*inq_buff), 1, logvol ,0xC1, NULL, TYPE_CMD);
1780         if (return_code == IO_OK) {
1781                 if(inq_buff->data_byte[8] == 0xFF) {
1782                         printk(KERN_WARNING
1783                                 "cciss: reading geometry failed, volume "
1784                                 "does not support reading geometry\n");
1785                         drv->block_size = block_size;
1786                         drv->nr_blocks = total_size;
1787                         drv->heads = 255;
1788                         drv->sectors = 32; // Sectors per track
1789                         drv->cylinders = total_size / 255 / 32;
1790                 } else {
1791                         unsigned int t;
1792
1793                         drv->block_size = block_size;
1794                         drv->nr_blocks = total_size;
1795                         drv->heads = inq_buff->data_byte[6];
1796                         drv->sectors = inq_buff->data_byte[7];
1797                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
1798                         drv->cylinders += inq_buff->data_byte[5];
1799                         drv->raid_level = inq_buff->data_byte[8];
1800                         t = drv->heads * drv->sectors;
1801                         if (t > 1) {
1802                                 drv->cylinders = total_size/t;
1803                         }
1804                 }
1805         } else { /* Get geometry failed */
1806                 printk(KERN_WARNING "cciss: reading geometry failed\n");
1807         }
1808         printk(KERN_INFO "      heads= %d, sectors= %d, cylinders= %d\n\n",
1809                 drv->heads, drv->sectors, drv->cylinders);
1810 }
1811 static void
1812 cciss_read_capacity(int ctlr, int logvol, ReadCapdata_struct *buf,
1813                 int withirq, unsigned int *total_size, unsigned int *block_size)
1814 {
1815         int return_code;
1816         memset(buf, 0, sizeof(*buf));
1817         if (withirq)
1818                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
1819                         ctlr, buf, sizeof(*buf), 1, logvol, 0, TYPE_CMD);
1820         else
1821                 return_code = sendcmd(CCISS_READ_CAPACITY,
1822                         ctlr, buf, sizeof(*buf), 1, logvol, 0, NULL, TYPE_CMD);
1823         if (return_code == IO_OK) {
1824                 *total_size = be32_to_cpu(*((__be32 *) &buf->total_size[0]))+1;
1825                 *block_size = be32_to_cpu(*((__be32 *) &buf->block_size[0]));
1826         } else { /* read capacity command failed */
1827                 printk(KERN_WARNING "cciss: read capacity failed\n");
1828                 *total_size = 0;
1829                 *block_size = BLOCK_SIZE;
1830         }
1831         printk(KERN_INFO "      blocks= %u block_size= %d\n",
1832                 *total_size, *block_size);
1833         return;
1834 }
1835
1836 static int cciss_revalidate(struct gendisk *disk)
1837 {
1838         ctlr_info_t *h = get_host(disk);
1839         drive_info_struct *drv = get_drv(disk);
1840         int logvol;
1841         int FOUND=0;
1842         unsigned int block_size;
1843         unsigned int total_size;
1844         ReadCapdata_struct *size_buff = NULL;
1845         InquiryData_struct *inq_buff = NULL;
1846
1847         for(logvol=0; logvol < CISS_MAX_LUN; logvol++)
1848         {
1849                 if(h->drv[logvol].LunID == drv->LunID) {
1850                         FOUND=1;
1851                         break;
1852                 }
1853         }
1854
1855         if (!FOUND) return 1;
1856
1857         size_buff = kmalloc(sizeof( ReadCapdata_struct), GFP_KERNEL);
1858         if (size_buff == NULL)
1859         {
1860                 printk(KERN_WARNING "cciss: out of memory\n");
1861                 return 1;
1862         }
1863         inq_buff = kmalloc(sizeof( InquiryData_struct), GFP_KERNEL);
1864         if (inq_buff == NULL)
1865         {
1866                 printk(KERN_WARNING "cciss: out of memory\n");
1867                 kfree(size_buff);
1868                 return 1;
1869         }
1870
1871         cciss_read_capacity(h->ctlr, logvol, size_buff, 1, &total_size, &block_size);
1872         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size, inq_buff, drv);
1873
1874         blk_queue_hardsect_size(drv->queue, drv->block_size);
1875         set_capacity(disk, drv->nr_blocks);
1876
1877         kfree(size_buff);
1878         kfree(inq_buff);
1879         return 0;
1880 }
1881
1882 /*
1883  *   Wait polling for a command to complete.
1884  *   The memory mapped FIFO is polled for the completion.
1885  *   Used only at init time, interrupts from the HBA are disabled.
1886  */
1887 static unsigned long pollcomplete(int ctlr)
1888 {
1889         unsigned long done;
1890         int i;
1891
1892         /* Wait (up to 20 seconds) for a command to complete */
1893
1894         for (i = 20 * HZ; i > 0; i--) {
1895                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
1896                 if (done == FIFO_EMPTY)
1897                         schedule_timeout_uninterruptible(1);
1898                 else
1899                         return (done);
1900         }
1901         /* Invalid address to tell caller we ran out of time */
1902         return 1;
1903 }
1904
1905 static int add_sendcmd_reject(__u8 cmd, int ctlr, unsigned long complete)
1906 {
1907         /* We get in here if sendcmd() is polling for completions
1908            and gets some command back that it wasn't expecting -- 
1909            something other than that which it just sent down.  
1910            Ordinarily, that shouldn't happen, but it can happen when 
1911            the scsi tape stuff gets into error handling mode, and
1912            starts using sendcmd() to try to abort commands and 
1913            reset tape drives.  In that case, sendcmd may pick up
1914            completions of commands that were sent to logical drives
1915            through the block i/o system, or cciss ioctls completing, etc. 
1916            In that case, we need to save those completions for later
1917            processing by the interrupt handler.
1918         */
1919
1920 #ifdef CONFIG_CISS_SCSI_TAPE
1921         struct sendcmd_reject_list *srl = &hba[ctlr]->scsi_rejects;     
1922
1923         /* If it's not the scsi tape stuff doing error handling, (abort */
1924         /* or reset) then we don't expect anything weird. */
1925         if (cmd != CCISS_RESET_MSG && cmd != CCISS_ABORT_MSG) {
1926 #endif
1927                 printk( KERN_WARNING "cciss cciss%d: SendCmd "
1928                       "Invalid command list address returned! (%lx)\n",
1929                         ctlr, complete);
1930                 /* not much we can do. */
1931 #ifdef CONFIG_CISS_SCSI_TAPE
1932                 return 1;
1933         }
1934
1935         /* We've sent down an abort or reset, but something else
1936            has completed */
1937         if (srl->ncompletions >= (NR_CMDS + 2)) {
1938                 /* Uh oh.  No room to save it for later... */
1939                 printk(KERN_WARNING "cciss%d: Sendcmd: Invalid command addr, "
1940                         "reject list overflow, command lost!\n", ctlr);
1941                 return 1;
1942         }
1943         /* Save it for later */
1944         srl->complete[srl->ncompletions] = complete;
1945         srl->ncompletions++;
1946 #endif
1947         return 0;
1948 }
1949
1950 /*
1951  * Send a command to the controller, and wait for it to complete.  
1952  * Only used at init time. 
1953  */
1954 static int sendcmd(
1955         __u8    cmd,
1956         int     ctlr,
1957         void    *buff,
1958         size_t  size,
1959         unsigned int use_unit_num, /* 0: address the controller,
1960                                       1: address logical volume log_unit, 
1961                                       2: periph device address is scsi3addr */
1962         unsigned int log_unit,
1963         __u8    page_code,
1964         unsigned char *scsi3addr,
1965         int cmd_type)
1966 {
1967         CommandList_struct *c;
1968         int i;
1969         unsigned long complete;
1970         ctlr_info_t *info_p= hba[ctlr];
1971         u64bit buff_dma_handle;
1972         int status, done = 0;
1973
1974         if ((c = cmd_alloc(info_p, 1)) == NULL) {
1975                 printk(KERN_WARNING "cciss: unable to get memory");
1976                 return(IO_ERROR);
1977         }
1978         status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
1979                 log_unit, page_code, scsi3addr, cmd_type);
1980         if (status != IO_OK) {
1981                 cmd_free(info_p, c, 1);
1982                 return status;
1983         }
1984 resend_cmd1:
1985         /*
1986          * Disable interrupt
1987          */
1988 #ifdef CCISS_DEBUG
1989         printk(KERN_DEBUG "cciss: turning intr off\n");
1990 #endif /* CCISS_DEBUG */ 
1991         info_p->access.set_intr_mask(info_p, CCISS_INTR_OFF);
1992         
1993         /* Make sure there is room in the command FIFO */
1994         /* Actually it should be completely empty at this time */
1995         /* unless we are in here doing error handling for the scsi */
1996         /* tape side of the driver. */
1997         for (i = 200000; i > 0; i--) 
1998         {
1999                 /* if fifo isn't full go */
2000                 if (!(info_p->access.fifo_full(info_p))) 
2001                 {
2002                         
2003                         break;
2004                 }
2005                 udelay(10);
2006                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2007                         " waiting!\n", ctlr);
2008         }
2009         /*
2010          * Send the cmd
2011          */
2012         info_p->access.submit_command(info_p, c);
2013         done = 0;
2014         do {
2015                 complete = pollcomplete(ctlr);
2016
2017 #ifdef CCISS_DEBUG
2018                 printk(KERN_DEBUG "cciss: command completed\n");
2019 #endif /* CCISS_DEBUG */
2020
2021                 if (complete == 1) {
2022                         printk( KERN_WARNING
2023                                 "cciss cciss%d: SendCmd Timeout out, "
2024                                 "No command list address returned!\n",
2025                                 ctlr);
2026                         status = IO_ERROR;
2027                         done = 1;
2028                         break;
2029                 }
2030
2031                 /* This will need to change for direct lookup completions */
2032                 if ( (complete & CISS_ERROR_BIT)
2033                      && (complete & ~CISS_ERROR_BIT) == c->busaddr)
2034                      {
2035                         /* if data overrun or underun on Report command 
2036                                 ignore it 
2037                         */
2038                         if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2039                              (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2040                              (c->Request.CDB[0] == CISS_INQUIRY)) &&
2041                                 ((c->err_info->CommandStatus == 
2042                                         CMD_DATA_OVERRUN) || 
2043                                  (c->err_info->CommandStatus == 
2044                                         CMD_DATA_UNDERRUN)
2045                                 ))
2046                         {
2047                                 complete = c->busaddr;
2048                         } else {
2049                                 if (c->err_info->CommandStatus ==
2050                                                 CMD_UNSOLICITED_ABORT) {
2051                                         printk(KERN_WARNING "cciss%d: "
2052                                                 "unsolicited abort %p\n",
2053                                                 ctlr, c);
2054                                         if (c->retry_count < MAX_CMD_RETRIES) {
2055                                                 printk(KERN_WARNING
2056                                                    "cciss%d: retrying %p\n",
2057                                                    ctlr, c);
2058                                                 c->retry_count++;
2059                                                 /* erase the old error */
2060                                                 /* information */
2061                                                 memset(c->err_info, 0,
2062                                                    sizeof(ErrorInfo_struct));
2063                                                 goto resend_cmd1;
2064                                         } else {
2065                                                 printk(KERN_WARNING
2066                                                    "cciss%d: retried %p too "
2067                                                    "many times\n", ctlr, c);
2068                                                 status = IO_ERROR;
2069                                                 goto cleanup1;
2070                                         }
2071                                 } else if (c->err_info->CommandStatus == CMD_UNABORTABLE) {
2072                                         printk(KERN_WARNING "cciss%d: command could not be aborted.\n", ctlr);
2073                                         status = IO_ERROR;
2074                                         goto cleanup1;
2075                                 }
2076                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2077                                 " Error %x \n", ctlr, 
2078                                         c->err_info->CommandStatus); 
2079                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2080                                 " offensive info\n"
2081                                 "  size %x\n   num %x   value %x\n", ctlr,
2082                                   c->err_info->MoreErrInfo.Invalid_Cmd.offense_size,
2083                                   c->err_info->MoreErrInfo.Invalid_Cmd.offense_num,
2084                                   c->err_info->MoreErrInfo.Invalid_Cmd.offense_value);
2085                                 status = IO_ERROR;
2086                                 goto cleanup1;
2087                         }
2088                 }
2089                 /* This will need changing for direct lookup completions */
2090                 if (complete != c->busaddr) {
2091                         if (add_sendcmd_reject(cmd, ctlr, complete) != 0) {
2092                                 BUG(); /* we are pretty much hosed if we get here. */
2093                         }
2094                         continue;
2095                 } else
2096                         done = 1;
2097         } while (!done);
2098                 
2099 cleanup1:       
2100         /* unlock the data buffer from DMA */
2101         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2102         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2103         pci_unmap_single(info_p->pdev, (dma_addr_t) buff_dma_handle.val,
2104                                 c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2105 #ifdef CONFIG_CISS_SCSI_TAPE
2106         /* if we saved some commands for later, process them now. */
2107         if (info_p->scsi_rejects.ncompletions > 0)
2108                 do_cciss_intr(0, info_p, NULL);
2109 #endif
2110         cmd_free(info_p, c, 1);
2111         return (status);
2112
2113 /*
2114  * Map (physical) PCI mem into (virtual) kernel space
2115  */
2116 static void __iomem *remap_pci_mem(ulong base, ulong size)
2117 {
2118         ulong page_base        = ((ulong) base) & PAGE_MASK;
2119         ulong page_offs        = ((ulong) base) - page_base;
2120         void __iomem *page_remapped = ioremap(page_base, page_offs+size);
2121
2122         return page_remapped ? (page_remapped + page_offs) : NULL;
2123 }
2124
2125 /* 
2126  * Takes jobs of the Q and sends them to the hardware, then puts it on 
2127  * the Q to wait for completion. 
2128  */ 
2129 static void start_io( ctlr_info_t *h)
2130 {
2131         CommandList_struct *c;
2132         
2133         while(( c = h->reqQ) != NULL )
2134         {
2135                 /* can't do anything if fifo is full */
2136                 if ((h->access.fifo_full(h))) {
2137                         printk(KERN_WARNING "cciss: fifo full\n");
2138                         break;
2139                 }
2140
2141                 /* Get the first entry from the Request Q */ 
2142                 removeQ(&(h->reqQ), c);
2143                 h->Qdepth--;
2144         
2145                 /* Tell the controller execute command */ 
2146                 h->access.submit_command(h, c);
2147                 
2148                 /* Put job onto the completed Q */ 
2149                 addQ (&(h->cmpQ), c); 
2150         }
2151 }
2152
2153 static inline void complete_buffers(struct bio *bio, int status)
2154 {
2155         while (bio) {
2156                 struct bio *xbh = bio->bi_next; 
2157                 int nr_sectors = bio_sectors(bio);
2158
2159                 bio->bi_next = NULL; 
2160                 blk_finished_io(len);
2161                 bio_endio(bio, nr_sectors << 9, status ? 0 : -EIO);
2162                 bio = xbh;
2163         }
2164
2165
2166 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2167 /* Zeros out the error record and then resends the command back */
2168 /* to the controller */
2169 static inline void resend_cciss_cmd( ctlr_info_t *h, CommandList_struct *c)
2170 {
2171         /* erase the old error information */
2172         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2173
2174         /* add it to software queue and then send it to the controller */
2175         addQ(&(h->reqQ),c);
2176         h->Qdepth++;
2177         if(h->Qdepth > h->maxQsinceinit)
2178                 h->maxQsinceinit = h->Qdepth;
2179
2180         start_io(h);
2181 }
2182
2183 static void cciss_softirq_done(struct request *rq)
2184 {
2185         CommandList_struct *cmd = rq->completion_data;
2186         ctlr_info_t *h = hba[cmd->ctlr];
2187         unsigned long flags;
2188         u64bit temp64;
2189         int i, ddir;
2190
2191         if (cmd->Request.Type.Direction == XFER_READ)
2192                 ddir = PCI_DMA_FROMDEVICE;
2193         else
2194                 ddir = PCI_DMA_TODEVICE;
2195
2196         /* command did not need to be retried */
2197         /* unmap the DMA mapping for all the scatter gather elements */
2198         for(i=0; i<cmd->Header.SGList; i++) {
2199                 temp64.val32.lower = cmd->SG[i].Addr.lower;
2200                 temp64.val32.upper = cmd->SG[i].Addr.upper;
2201                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
2202         }
2203
2204         complete_buffers(rq->bio, rq->errors);
2205
2206 #ifdef CCISS_DEBUG
2207         printk("Done with %p\n", rq);
2208 #endif /* CCISS_DEBUG */ 
2209
2210         spin_lock_irqsave(&h->lock, flags);
2211         end_that_request_last(rq, rq->errors);
2212         cmd_free(h, cmd,1);
2213         spin_unlock_irqrestore(&h->lock, flags);
2214 }
2215
2216 /* checks the status of the job and calls complete buffers to mark all 
2217  * buffers for the completed job. Note that this function does not need
2218  * to hold the hba/queue lock.
2219  */ 
2220 static inline void complete_command( ctlr_info_t *h, CommandList_struct *cmd,
2221                 int timeout)
2222 {
2223         int status = 1;
2224         int retry_cmd = 0;
2225                 
2226         if (timeout)
2227                 status = 0; 
2228
2229         if(cmd->err_info->CommandStatus != 0) 
2230         { /* an error has occurred */ 
2231                 switch(cmd->err_info->CommandStatus)
2232                 {
2233                         unsigned char sense_key;
2234                         case CMD_TARGET_STATUS:
2235                                 status = 0;
2236                         
2237                                 if( cmd->err_info->ScsiStatus == 0x02)
2238                                 {
2239                                         printk(KERN_WARNING "cciss: cmd %p "
2240                                                 "has CHECK CONDITION "
2241                                                 " byte 2 = 0x%x\n", cmd,
2242                                                 cmd->err_info->SenseInfo[2]
2243                                         );
2244                                         /* check the sense key */
2245                                         sense_key = 0xf & 
2246                                                 cmd->err_info->SenseInfo[2];
2247                                         /* no status or recovered error */
2248                                         if((sense_key == 0x0) ||
2249                                             (sense_key == 0x1))
2250                                         {
2251                                                         status = 1;
2252                                         }
2253                                 } else
2254                                 {
2255                                         printk(KERN_WARNING "cciss: cmd %p "
2256                                                 "has SCSI Status 0x%x\n",
2257                                                 cmd, cmd->err_info->ScsiStatus);
2258                                 }
2259                         break;
2260                         case CMD_DATA_UNDERRUN:
2261                                 printk(KERN_WARNING "cciss: cmd %p has"
2262                                         " completed with data underrun "
2263                                         "reported\n", cmd);
2264                         break;
2265                         case CMD_DATA_OVERRUN:
2266                                 printk(KERN_WARNING "cciss: cmd %p has"
2267                                         " completed with data overrun "
2268                                         "reported\n", cmd);
2269                         break;
2270                         case CMD_INVALID:
2271                                 printk(KERN_WARNING "cciss: cmd %p is "
2272                                         "reported invalid\n", cmd);
2273                                 status = 0;
2274                         break;
2275                         case CMD_PROTOCOL_ERR:
2276                                 printk(KERN_WARNING "cciss: cmd %p has "
2277                                         "protocol error \n", cmd);
2278                                 status = 0;
2279                         break;
2280                         case CMD_HARDWARE_ERR:
2281                                 printk(KERN_WARNING "cciss: cmd %p had " 
2282                                         " hardware error\n", cmd);
2283                                 status = 0;
2284                         break;
2285                         case CMD_CONNECTION_LOST:
2286                                 printk(KERN_WARNING "cciss: cmd %p had "
2287                                         "connection lost\n", cmd);
2288                                 status=0;
2289                         break;
2290                         case CMD_ABORTED:
2291                                 printk(KERN_WARNING "cciss: cmd %p was "
2292                                         "aborted\n", cmd);
2293                                 status=0;
2294                         break;
2295                         case CMD_ABORT_FAILED:
2296                                 printk(KERN_WARNING "cciss: cmd %p reports "
2297                                         "abort failed\n", cmd);
2298                                 status=0;
2299                         break;
2300                         case CMD_UNSOLICITED_ABORT:
2301                                 printk(KERN_WARNING "cciss%d: unsolicited "
2302                                         "abort %p\n", h->ctlr, cmd);
2303                                 if (cmd->retry_count < MAX_CMD_RETRIES) {
2304                                         retry_cmd=1;
2305                                         printk(KERN_WARNING
2306                                                 "cciss%d: retrying %p\n",
2307                                                 h->ctlr, cmd);
2308                                         cmd->retry_count++;
2309                                 } else
2310                                         printk(KERN_WARNING
2311                                                 "cciss%d: %p retried too "
2312                                                 "many times\n", h->ctlr, cmd);
2313                                 status=0;
2314                         break;
2315                         case CMD_TIMEOUT:
2316                                 printk(KERN_WARNING "cciss: cmd %p timedout\n",
2317                                         cmd);
2318                                 status=0;
2319                         break;
2320                         default:
2321                                 printk(KERN_WARNING "cciss: cmd %p returned "
2322                                         "unknown status %x\n", cmd, 
2323                                                 cmd->err_info->CommandStatus); 
2324                                 status=0;
2325                 }
2326         }
2327         /* We need to return this command */
2328         if(retry_cmd) {
2329                 resend_cciss_cmd(h,cmd);
2330                 return;
2331         }       
2332
2333         cmd->rq->completion_data = cmd;
2334         cmd->rq->errors = status;
2335         blk_add_trace_rq(cmd->rq->q, cmd->rq, BLK_TA_COMPLETE);
2336         blk_complete_request(cmd->rq);
2337 }
2338
2339 /* 
2340  * Get a request and submit it to the controller. 
2341  */
2342 static void do_cciss_request(request_queue_t *q)
2343 {
2344         ctlr_info_t *h= q->queuedata; 
2345         CommandList_struct *c;
2346         int start_blk, seg;
2347         struct request *creq;
2348         u64bit temp64;
2349         struct scatterlist tmp_sg[MAXSGENTRIES];
2350         drive_info_struct *drv;
2351         int i, dir;
2352
2353         /* We call start_io here in case there is a command waiting on the
2354          * queue that has not been sent.
2355         */
2356         if (blk_queue_plugged(q))
2357                 goto startio;
2358
2359 queue:
2360         creq = elv_next_request(q);
2361         if (!creq)
2362                 goto startio;
2363
2364         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
2365
2366         if (( c = cmd_alloc(h, 1)) == NULL)
2367                 goto full;
2368
2369         blkdev_dequeue_request(creq);
2370
2371         spin_unlock_irq(q->queue_lock);
2372
2373         c->cmd_type = CMD_RWREQ;
2374         c->rq = creq;
2375         
2376         /* fill in the request */ 
2377         drv = creq->rq_disk->private_data;
2378         c->Header.ReplyQueue = 0;  // unused in simple mode
2379         /* got command from pool, so use the command block index instead */
2380         /* for direct lookups. */
2381         /* The first 2 bits are reserved for controller error reporting. */
2382         c->Header.Tag.lower = (c->cmdindex << 3);
2383         c->Header.Tag.lower |= 0x04; /* flag for direct lookup. */
2384         c->Header.LUN.LogDev.VolId= drv->LunID;
2385         c->Header.LUN.LogDev.Mode = 1;
2386         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
2387         c->Request.Type.Type =  TYPE_CMD; // It is a command. 
2388         c->Request.Type.Attribute = ATTR_SIMPLE; 
2389         c->Request.Type.Direction = 
2390                 (rq_data_dir(creq) == READ) ? XFER_READ: XFER_WRITE; 
2391         c->Request.Timeout = 0; // Don't time out       
2392         c->Request.CDB[0] = (rq_data_dir(creq) == READ) ? CCISS_READ : CCISS_WRITE;
2393         start_blk = creq->sector;
2394 #ifdef CCISS_DEBUG
2395         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n",(int) creq->sector,
2396                 (int) creq->nr_sectors);        
2397 #endif /* CCISS_DEBUG */
2398
2399         seg = blk_rq_map_sg(q, creq, tmp_sg);
2400
2401         /* get the DMA records for the setup */ 
2402         if (c->Request.Type.Direction == XFER_READ)
2403                 dir = PCI_DMA_FROMDEVICE;
2404         else
2405                 dir = PCI_DMA_TODEVICE;
2406
2407         for (i=0; i<seg; i++)
2408         {
2409                 c->SG[i].Len = tmp_sg[i].length;
2410                 temp64.val = (__u64) pci_map_page(h->pdev, tmp_sg[i].page,
2411                                           tmp_sg[i].offset, tmp_sg[i].length,
2412                                           dir);
2413                 c->SG[i].Addr.lower = temp64.val32.lower;
2414                 c->SG[i].Addr.upper = temp64.val32.upper;
2415                 c->SG[i].Ext = 0;  // we are not chaining
2416         }
2417         /* track how many SG entries we are using */ 
2418         if( seg > h->maxSG)
2419                 h->maxSG = seg; 
2420
2421 #ifdef CCISS_DEBUG
2422         printk(KERN_DEBUG "cciss: Submitting %d sectors in %d segments\n", creq->nr_sectors, seg);
2423 #endif /* CCISS_DEBUG */
2424
2425         c->Header.SGList = c->Header.SGTotal = seg;
2426         c->Request.CDB[1]= 0;
2427         c->Request.CDB[2]= (start_blk >> 24) & 0xff;    //MSB
2428         c->Request.CDB[3]= (start_blk >> 16) & 0xff;
2429         c->Request.CDB[4]= (start_blk >>  8) & 0xff;
2430         c->Request.CDB[5]= start_blk & 0xff;
2431         c->Request.CDB[6]= 0; // (sect >> 24) & 0xff; MSB
2432         c->Request.CDB[7]= (creq->nr_sectors >>  8) & 0xff; 
2433         c->Request.CDB[8]= creq->nr_sectors & 0xff; 
2434         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
2435
2436         spin_lock_irq(q->queue_lock);
2437
2438         addQ(&(h->reqQ),c);
2439         h->Qdepth++;
2440         if(h->Qdepth > h->maxQsinceinit)
2441                 h->maxQsinceinit = h->Qdepth; 
2442
2443         goto queue;
2444 full:
2445         blk_stop_queue(q);
2446 startio:
2447         /* We will already have the driver lock here so not need
2448          * to lock it.
2449         */
2450         start_io(h);
2451 }
2452
2453 static inline unsigned long get_next_completion(ctlr_info_t *h)
2454 {
2455 #ifdef CONFIG_CISS_SCSI_TAPE
2456         /* Any rejects from sendcmd() lying around? Process them first */
2457         if (h->scsi_rejects.ncompletions == 0)
2458                 return h->access.command_completed(h);
2459         else {
2460                 struct sendcmd_reject_list *srl;
2461                 int n;
2462                 srl = &h->scsi_rejects;
2463                 n = --srl->ncompletions;
2464                 /* printk("cciss%d: processing saved reject\n", h->ctlr); */
2465                 printk("p");
2466                 return srl->complete[n];
2467         }
2468 #else
2469         return h->access.command_completed(h);
2470 #endif
2471 }
2472
2473 static inline int interrupt_pending(ctlr_info_t *h)
2474 {
2475 #ifdef CONFIG_CISS_SCSI_TAPE
2476         return ( h->access.intr_pending(h) 
2477                 || (h->scsi_rejects.ncompletions > 0));
2478 #else
2479         return h->access.intr_pending(h);
2480 #endif
2481 }
2482
2483 static inline long interrupt_not_for_us(ctlr_info_t *h)
2484 {
2485 #ifdef CONFIG_CISS_SCSI_TAPE
2486         return (((h->access.intr_pending(h) == 0) || 
2487                  (h->interrupts_enabled == 0)) 
2488               && (h->scsi_rejects.ncompletions == 0));
2489 #else
2490         return (((h->access.intr_pending(h) == 0) || 
2491                  (h->interrupts_enabled == 0)));
2492 #endif
2493 }
2494
2495 static irqreturn_t do_cciss_intr(int irq, void *dev_id, struct pt_regs *regs)
2496 {
2497         ctlr_info_t *h = dev_id;
2498         CommandList_struct *c;
2499         unsigned long flags;
2500         __u32 a, a1, a2;
2501         int j;
2502         int start_queue = h->next_to_run;
2503
2504         if (interrupt_not_for_us(h))
2505                 return IRQ_NONE;
2506         /*
2507          * If there are completed commands in the completion queue,
2508          * we had better do something about it.
2509          */
2510         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2511         while (interrupt_pending(h)) {
2512                 while((a = get_next_completion(h)) != FIFO_EMPTY) {
2513                         a1 = a;
2514                         if ((a & 0x04)) {
2515                                 a2 = (a >> 3);
2516                                 if (a2 >= NR_CMDS) {
2517                                         printk(KERN_WARNING "cciss: controller cciss%d failed, stopping.\n", h->ctlr);
2518                                         fail_all_cmds(h->ctlr);
2519                                         return IRQ_HANDLED;
2520                                 }
2521
2522                                 c = h->cmd_pool + a2;
2523                                 a = c->busaddr;
2524
2525                         } else {
2526                         a &= ~3;
2527                                 if ((c = h->cmpQ) == NULL) {
2528                                         printk(KERN_WARNING "cciss: Completion of %08x ignored\n", a1);
2529                                 continue;       
2530                         } 
2531                         while(c->busaddr != a) {
2532                                 c = c->next;
2533                                 if (c == h->cmpQ) 
2534                                         break;
2535                         }
2536                         }
2537                         /*
2538                          * If we've found the command, take it off the
2539                          * completion Q and free it
2540                          */
2541                          if (c->busaddr == a) {
2542                                 removeQ(&h->cmpQ, c);
2543                                 if (c->cmd_type == CMD_RWREQ) {
2544                                         complete_command(h, c, 0);
2545                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
2546                                         complete(c->waiting);
2547                                 }
2548 #                               ifdef CONFIG_CISS_SCSI_TAPE
2549                                 else if (c->cmd_type == CMD_SCSI)
2550                                         complete_scsi_command(c, 0, a1);
2551 #                               endif
2552                                 continue;
2553                         }
2554                 }
2555         }
2556
2557         /* check to see if we have maxed out the number of commands that can
2558          * be placed on the queue.  If so then exit.  We do this check here
2559          * in case the interrupt we serviced was from an ioctl and did not
2560          * free any new commands.
2561          */
2562         if ((find_first_zero_bit(h->cmd_pool_bits, NR_CMDS)) == NR_CMDS)
2563                 goto cleanup;
2564
2565         /* We have room on the queue for more commands.  Now we need to queue
2566          * them up.  We will also keep track of the next queue to run so
2567          * that every queue gets a chance to be started first.
2568         */
2569         for (j=0; j < h->highest_lun + 1; j++){
2570                 int curr_queue = (start_queue + j) % (h->highest_lun + 1);
2571                 /* make sure the disk has been added and the drive is real
2572                  * because this can be called from the middle of init_one.
2573                 */
2574                 if(!(h->drv[curr_queue].queue) ||
2575                                    !(h->drv[curr_queue].heads))
2576                         continue;
2577                 blk_start_queue(h->gendisk[curr_queue]->queue);
2578
2579                 /* check to see if we have maxed out the number of commands
2580                  * that can be placed on the queue.
2581                 */
2582                 if ((find_first_zero_bit(h->cmd_pool_bits, NR_CMDS)) == NR_CMDS)
2583                 {
2584                         if (curr_queue == start_queue){
2585                                 h->next_to_run = (start_queue + 1) % (h->highest_lun + 1);
2586                                 goto cleanup;
2587                         } else {
2588                                 h->next_to_run = curr_queue;
2589                                 goto cleanup;
2590         }
2591                 } else {
2592                         curr_queue = (curr_queue + 1) % (h->highest_lun + 1);
2593                 }
2594         }
2595
2596 cleanup:
2597         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
2598         return IRQ_HANDLED;
2599 }
2600 /* 
2601  *  We cannot read the structure directly, for portablity we must use 
2602  *   the io functions.
2603  *   This is for debug only. 
2604  */
2605 #ifdef CCISS_DEBUG
2606 static void print_cfg_table( CfgTable_struct *tb)
2607 {
2608         int i;
2609         char temp_name[17];
2610
2611         printk("Controller Configuration information\n");
2612         printk("------------------------------------\n");
2613         for(i=0;i<4;i++)
2614                 temp_name[i] = readb(&(tb->Signature[i]));
2615         temp_name[4]='\0';
2616         printk("   Signature = %s\n", temp_name); 
2617         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
2618         printk("   Transport methods supported = 0x%x\n", 
2619                                 readl(&(tb-> TransportSupport)));
2620         printk("   Transport methods active = 0x%x\n", 
2621                                 readl(&(tb->TransportActive)));
2622         printk("   Requested transport Method = 0x%x\n", 
2623                         readl(&(tb->HostWrite.TransportRequest)));
2624         printk("   Coalese Interrupt Delay = 0x%x\n", 
2625                         readl(&(tb->HostWrite.CoalIntDelay)));
2626         printk("   Coalese Interrupt Count = 0x%x\n", 
2627                         readl(&(tb->HostWrite.CoalIntCount)));
2628         printk("   Max outstanding commands = 0x%d\n", 
2629                         readl(&(tb->CmdsOutMax)));
2630         printk("   Bus Types = 0x%x\n", readl(&(tb-> BusTypes)));
2631         for(i=0;i<16;i++)
2632                 temp_name[i] = readb(&(tb->ServerName[i]));
2633         temp_name[16] = '\0';
2634         printk("   Server Name = %s\n", temp_name);
2635         printk("   Heartbeat Counter = 0x%x\n\n\n", 
2636                         readl(&(tb->HeartBeat)));
2637 }
2638 #endif /* CCISS_DEBUG */ 
2639
2640 static void release_io_mem(ctlr_info_t *c)
2641 {
2642         /* if IO mem was not protected do nothing */
2643         if( c->io_mem_addr == 0)
2644                 return;
2645         release_region(c->io_mem_addr, c->io_mem_length);
2646         c->io_mem_addr = 0;
2647         c->io_mem_length = 0;
2648 }
2649
2650 static int find_PCI_BAR_index(struct pci_dev *pdev,
2651                                 unsigned long pci_bar_addr)
2652 {
2653         int i, offset, mem_type, bar_type;
2654         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
2655                 return 0;
2656         offset = 0;
2657         for (i=0; i<DEVICE_COUNT_RESOURCE; i++) {
2658                 bar_type = pci_resource_flags(pdev, i) &
2659                         PCI_BASE_ADDRESS_SPACE;
2660                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
2661                         offset += 4;
2662                 else {
2663                         mem_type = pci_resource_flags(pdev, i) &
2664                                 PCI_BASE_ADDRESS_MEM_TYPE_MASK;
2665                         switch (mem_type) {
2666                                 case PCI_BASE_ADDRESS_MEM_TYPE_32:
2667                                 case PCI_BASE_ADDRESS_MEM_TYPE_1M:
2668                                         offset += 4; /* 32 bit */
2669                                         break;
2670                                 case PCI_BASE_ADDRESS_MEM_TYPE_64:
2671                                         offset += 8;
2672                                         break;
2673                                 default: /* reserved in PCI 2.2 */
2674                                         printk(KERN_WARNING "Base address is invalid\n");
2675                                         return -1;
2676                                 break;
2677                         }
2678                 }
2679                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
2680                         return i+1;
2681         }
2682         return -1;
2683 }
2684
2685 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
2686  * controllers that are capable. If not, we use IO-APIC mode.
2687  */
2688
2689 static void __devinit cciss_interrupt_mode(ctlr_info_t *c, struct pci_dev *pdev, __u32 board_id)
2690 {
2691 #ifdef CONFIG_PCI_MSI
2692         int err;
2693         struct msix_entry cciss_msix_entries[4] = {{0,0}, {0,1},
2694                                                    {0,2}, {0,3}};
2695
2696         /* Some boards advertise MSI but don't really support it */
2697         if ((board_id == 0x40700E11) ||
2698                 (board_id == 0x40800E11) ||
2699                 (board_id == 0x40820E11) ||
2700                 (board_id == 0x40830E11))
2701                 goto default_int_mode;
2702
2703         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
2704                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
2705                 if (!err) {
2706                         c->intr[0] = cciss_msix_entries[0].vector;
2707                         c->intr[1] = cciss_msix_entries[1].vector;
2708                         c->intr[2] = cciss_msix_entries[2].vector;
2709                         c->intr[3] = cciss_msix_entries[3].vector;
2710                         c->msix_vector = 1;
2711                         return;
2712                 }
2713                 if (err > 0) {
2714                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
2715                                         "available\n", err);
2716                 } else {
2717                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
2718                                                 err);
2719                 }
2720         }
2721         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
2722                 if (!pci_enable_msi(pdev)) {
2723                         c->intr[SIMPLE_MODE_INT] = pdev->irq;
2724                         c->msi_vector = 1;
2725                         return;
2726                 } else {
2727                         printk(KERN_WARNING "cciss: MSI init failed\n");
2728                         c->intr[SIMPLE_MODE_INT] = pdev->irq;
2729                         return;
2730                 }
2731         }
2732 #endif /* CONFIG_PCI_MSI */
2733         /* if we get here we're going to use the default interrupt mode */
2734 default_int_mode:
2735         c->intr[SIMPLE_MODE_INT] = pdev->irq;
2736         return;
2737 }
2738
2739 static int cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
2740 {
2741         ushort subsystem_vendor_id, subsystem_device_id, command;
2742         __u32 board_id, scratchpad = 0;
2743         __u64 cfg_offset;
2744         __u32 cfg_base_addr;
2745         __u64 cfg_base_addr_index;
2746         int i;
2747
2748         /* check to see if controller has been disabled */
2749         /* BEFORE trying to enable it */
2750         (void) pci_read_config_word(pdev, PCI_COMMAND,&command);
2751         if(!(command & 0x02))
2752         {
2753                 printk(KERN_WARNING "cciss: controller appears to be disabled\n");
2754                 return(-1);
2755         }
2756
2757         if (pci_enable_device(pdev))
2758         {
2759                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
2760                 return( -1);
2761         }
2762
2763         subsystem_vendor_id = pdev->subsystem_vendor;
2764         subsystem_device_id = pdev->subsystem_device;
2765         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
2766                                         subsystem_vendor_id);
2767
2768         /* search for our IO range so we can protect it */
2769         for(i=0; i<DEVICE_COUNT_RESOURCE; i++)
2770         {
2771                 /* is this an IO range */ 
2772                 if( pci_resource_flags(pdev, i) & 0x01 ) {
2773                         c->io_mem_addr = pci_resource_start(pdev, i);
2774                         c->io_mem_length = pci_resource_end(pdev, i) -
2775                                 pci_resource_start(pdev, i) +1;
2776 #ifdef CCISS_DEBUG
2777                         printk("IO value found base_addr[%d] %lx %lx\n", i,
2778                                 c->io_mem_addr, c->io_mem_length);
2779 #endif /* CCISS_DEBUG */
2780                         /* register the IO range */ 
2781                         if(!request_region( c->io_mem_addr,
2782                                         c->io_mem_length, "cciss"))
2783                         {
2784                                 printk(KERN_WARNING "cciss I/O memory range already in use addr=%lx length=%ld\n",
2785                                 c->io_mem_addr, c->io_mem_length);
2786                                 c->io_mem_addr= 0;
2787                                 c->io_mem_length = 0;
2788                         } 
2789                         break;
2790                 }
2791         }
2792
2793 #ifdef CCISS_DEBUG
2794         printk("command = %x\n", command);
2795         printk("irq = %x\n", pdev->irq);
2796         printk("board_id = %x\n", board_id);
2797 #endif /* CCISS_DEBUG */ 
2798
2799 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
2800  * else we use the IO-APIC interrupt assigned to us by system ROM.
2801  */
2802         cciss_interrupt_mode(c, pdev, board_id);
2803
2804         /*
2805          * Memory base addr is first addr , the second points to the config
2806          *   table
2807          */
2808
2809         c->paddr = pci_resource_start(pdev, 0); /* addressing mode bits already removed */
2810 #ifdef CCISS_DEBUG
2811         printk("address 0 = %x\n", c->paddr);
2812 #endif /* CCISS_DEBUG */ 
2813         c->vaddr = remap_pci_mem(c->paddr, 200);
2814
2815         /* Wait for the board to become ready.  (PCI hotplug needs this.)
2816          * We poll for up to 120 secs, once per 100ms. */
2817         for (i=0; i < 1200; i++) {
2818                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
2819                 if (scratchpad == CCISS_FIRMWARE_READY)
2820                         break;
2821                 set_current_state(TASK_INTERRUPTIBLE);
2822                 schedule_timeout(HZ / 10); /* wait 100ms */
2823         }
2824         if (scratchpad != CCISS_FIRMWARE_READY) {
2825                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
2826                 return -1;
2827         }
2828
2829         /* get the address index number */
2830         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
2831         cfg_base_addr &= (__u32) 0x0000ffff;
2832 #ifdef CCISS_DEBUG
2833         printk("cfg base address = %x\n", cfg_base_addr);
2834 #endif /* CCISS_DEBUG */
2835         cfg_base_addr_index =
2836                 find_PCI_BAR_index(pdev, cfg_base_addr);
2837 #ifdef CCISS_DEBUG
2838         printk("cfg base address index = %x\n", cfg_base_addr_index);
2839 #endif /* CCISS_DEBUG */
2840         if (cfg_base_addr_index == -1) {
2841                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
2842                 release_io_mem(c);
2843                 return -1;
2844         }
2845
2846         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
2847 #ifdef CCISS_DEBUG
2848         printk("cfg offset = %x\n", cfg_offset);
2849 #endif /* CCISS_DEBUG */
2850         c->cfgtable =  remap_pci_mem(pci_resource_start(pdev,
2851                                 cfg_base_addr_index) + cfg_offset,
2852                                 sizeof(CfgTable_struct));
2853         c->board_id = board_id;
2854
2855 #ifdef CCISS_DEBUG
2856         print_cfg_table(c->cfgtable);
2857 #endif /* CCISS_DEBUG */
2858
2859         for(i=0; i<NR_PRODUCTS; i++) {
2860                 if (board_id == products[i].board_id) {
2861                         c->product_name = products[i].product_name;
2862                         c->access = *(products[i].access);
2863                         break;
2864                 }
2865         }
2866         if (i == NR_PRODUCTS) {
2867                 printk(KERN_WARNING "cciss: Sorry, I don't know how"
2868                         " to access the Smart Array controller %08lx\n", 
2869                                 (unsigned long)board_id);
2870                 return -1;
2871         }
2872         if (  (readb(&c->cfgtable->Signature[0]) != 'C') ||
2873               (readb(&c->cfgtable->Signature[1]) != 'I') ||
2874               (readb(&c->cfgtable->Signature[2]) != 'S') ||
2875               (readb(&c->cfgtable->Signature[3]) != 'S') )
2876         {
2877                 printk("Does not appear to be a valid CISS config table\n");
2878                 return -1;
2879         }
2880
2881 #ifdef CONFIG_X86
2882 {
2883         /* Need to enable prefetch in the SCSI core for 6400 in x86 */
2884         __u32 prefetch;
2885         prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
2886         prefetch |= 0x100;
2887         writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
2888 }
2889 #endif
2890
2891 #ifdef CCISS_DEBUG
2892         printk("Trying to put board into Simple mode\n");
2893 #endif /* CCISS_DEBUG */ 
2894         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
2895         /* Update the field, and then ring the doorbell */ 
2896         writel( CFGTBL_Trans_Simple, 
2897                 &(c->cfgtable->HostWrite.TransportRequest));
2898         writel( CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
2899
2900         /* under certain very rare conditions, this can take awhile.
2901          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
2902          * as we enter this code.) */
2903         for(i=0;i<MAX_CONFIG_WAIT;i++) {
2904                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
2905                         break;
2906                 /* delay and try again */
2907                 set_current_state(TASK_INTERRUPTIBLE);
2908                 schedule_timeout(10);
2909         }       
2910
2911 #ifdef CCISS_DEBUG
2912         printk(KERN_DEBUG "I counter got to %d %x\n", i, readl(c->vaddr + SA5_DOORBELL));
2913 #endif /* CCISS_DEBUG */
2914 #ifdef CCISS_DEBUG
2915         print_cfg_table(c->cfgtable);   
2916 #endif /* CCISS_DEBUG */ 
2917
2918         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple))
2919         {
2920                 printk(KERN_WARNING "cciss: unable to get board into"
2921                                         " simple mode\n");
2922                 return -1;
2923         }
2924         return 0;
2925
2926 }
2927
2928 /* 
2929  * Gets information about the local volumes attached to the controller. 
2930  */ 
2931 static void cciss_getgeometry(int cntl_num)
2932 {
2933         ReportLunData_struct *ld_buff;
2934         ReadCapdata_struct *size_buff;
2935         InquiryData_struct *inq_buff;
2936         int return_code;
2937         int i;
2938         int listlength = 0;
2939         __u32 lunid = 0;
2940         int block_size;
2941         int total_size; 
2942
2943         ld_buff = kmalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
2944         if (ld_buff == NULL)
2945         {
2946                 printk(KERN_ERR "cciss: out of memory\n");
2947                 return;
2948         }
2949         memset(ld_buff, 0, sizeof(ReportLunData_struct));
2950         size_buff = kmalloc(sizeof( ReadCapdata_struct), GFP_KERNEL);
2951         if (size_buff == NULL)
2952         {
2953                 printk(KERN_ERR "cciss: out of memory\n");
2954                 kfree(ld_buff);
2955                 return;
2956         }
2957         inq_buff = kmalloc(sizeof( InquiryData_struct), GFP_KERNEL);
2958         if (inq_buff == NULL)
2959         {
2960                 printk(KERN_ERR "cciss: out of memory\n");
2961                 kfree(ld_buff);
2962                 kfree(size_buff);
2963                 return;
2964         }
2965         /* Get the firmware version */ 
2966         return_code = sendcmd(CISS_INQUIRY, cntl_num, inq_buff, 
2967                 sizeof(InquiryData_struct), 0, 0 ,0, NULL, TYPE_CMD);
2968         if (return_code == IO_OK)
2969         {
2970                 hba[cntl_num]->firm_ver[0] = inq_buff->data_byte[32];
2971                 hba[cntl_num]->firm_ver[1] = inq_buff->data_byte[33];
2972                 hba[cntl_num]->firm_ver[2] = inq_buff->data_byte[34];
2973                 hba[cntl_num]->firm_ver[3] = inq_buff->data_byte[35];
2974         } else /* send command failed */
2975         {
2976                 printk(KERN_WARNING "cciss: unable to determine firmware"
2977                         " version of controller\n");
2978         }
2979         /* Get the number of logical volumes */ 
2980         return_code = sendcmd(CISS_REPORT_LOG, cntl_num, ld_buff, 
2981                         sizeof(ReportLunData_struct), 0, 0, 0, NULL, TYPE_CMD);
2982
2983         if( return_code == IO_OK)
2984         {
2985 #ifdef CCISS_DEBUG
2986                 printk("LUN Data\n--------------------------\n");
2987 #endif /* CCISS_DEBUG */ 
2988
2989                 listlength |= (0xff & (unsigned int)(ld_buff->LUNListLength[0])) << 24;
2990                 listlength |= (0xff & (unsigned int)(ld_buff->LUNListLength[1])) << 16;
2991                 listlength |= (0xff & (unsigned int)(ld_buff->LUNListLength[2])) << 8;  
2992                 listlength |= 0xff & (unsigned int)(ld_buff->LUNListLength[3]);
2993         } else /* reading number of logical volumes failed */
2994         {
2995                 printk(KERN_WARNING "cciss: report logical volume"
2996                         " command failed\n");
2997                 listlength = 0;
2998         }
2999         hba[cntl_num]->num_luns = listlength / 8; // 8 bytes pre entry
3000         if (hba[cntl_num]->num_luns > CISS_MAX_LUN)
3001         {
3002                 printk(KERN_ERR "ciss:  only %d number of logical volumes supported\n",
3003                         CISS_MAX_LUN);
3004                 hba[cntl_num]->num_luns = CISS_MAX_LUN;
3005         }
3006 #ifdef CCISS_DEBUG
3007         printk(KERN_DEBUG "Length = %x %x %x %x = %d\n", ld_buff->LUNListLength[0],
3008                 ld_buff->LUNListLength[1], ld_buff->LUNListLength[2],
3009                 ld_buff->LUNListLength[3],  hba[cntl_num]->num_luns);
3010 #endif /* CCISS_DEBUG */
3011
3012         hba[cntl_num]->highest_lun = hba[cntl_num]->num_luns-1;
3013 //      for(i=0; i<  hba[cntl_num]->num_luns; i++)
3014         for(i=0; i < CISS_MAX_LUN; i++)
3015         {
3016                 if (i < hba[cntl_num]->num_luns){
3017                         lunid = (0xff & (unsigned int)(ld_buff->LUN[i][3]))
3018                                  << 24;
3019                         lunid |= (0xff & (unsigned int)(ld_buff->LUN[i][2]))
3020                                  << 16;
3021                         lunid |= (0xff & (unsigned int)(ld_buff->LUN[i][1]))
3022                                  << 8;
3023                 lunid |= 0xff & (unsigned int)(ld_buff->LUN[i][0]);
3024                 
3025                 hba[cntl_num]->drv[i].LunID = lunid;
3026
3027
3028 #ifdef CCISS_DEBUG
3029                 printk(KERN_DEBUG "LUN[%d]:  %x %x %x %x = %x\n", i, 
3030                         ld_buff->LUN[i][0], ld_buff->LUN[i][1],
3031                         ld_buff->LUN[i][2], ld_buff->LUN[i][3],
3032                         hba[cntl_num]->drv[i].LunID);
3033 #endif /* CCISS_DEBUG */
3034                 cciss_read_capacity(cntl_num, i, size_buff, 0,
3035                         &total_size, &block_size);
3036                         cciss_geometry_inquiry(cntl_num, i, 0, total_size,
3037                                 block_size, inq_buff, &hba[cntl_num]->drv[i]);
3038                 } else {
3039                         /* initialize raid_level to indicate a free space */
3040                         hba[cntl_num]->drv[i].raid_level = -1;
3041                 }
3042         }
3043         kfree(ld_buff);
3044         kfree(size_buff);
3045         kfree(inq_buff);
3046 }       
3047
3048 /* Function to find the first free pointer into our hba[] array */
3049 /* Returns -1 if no free entries are left.  */
3050 static int alloc_cciss_hba(void)
3051 {
3052         struct gendisk *disk[NWD];
3053         int i, n;
3054         for (n = 0; n < NWD; n++) {
3055                 disk[n] = alloc_disk(1 << NWD_SHIFT);
3056                 if (!disk[n])
3057                         goto out;
3058         }
3059
3060         for(i=0; i< MAX_CTLR; i++) {
3061                 if (!hba[i]) {
3062                         ctlr_info_t *p;
3063                         p = kmalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3064                         if (!p)
3065                                 goto Enomem;
3066                         memset(p, 0, sizeof(ctlr_info_t));
3067                         for (n = 0; n < NWD; n++)
3068                                 p->gendisk[n] = disk[n];
3069                         hba[i] = p;
3070                         return i;
3071                 }
3072         }
3073         printk(KERN_WARNING "cciss: This driver supports a maximum"
3074                 " of %d controllers.\n", MAX_CTLR);
3075         goto out;
3076 Enomem:
3077         printk(KERN_ERR "cciss: out of memory.\n");
3078 out:
3079         while (n--)
3080                 put_disk(disk[n]);
3081         return -1;
3082 }
3083
3084 static void free_hba(int i)
3085 {
3086         ctlr_info_t *p = hba[i];
3087         int n;
3088
3089         hba[i] = NULL;
3090         for (n = 0; n < NWD; n++)
3091                 put_disk(p->gendisk[n]);
3092         kfree(p);
3093 }
3094
3095 /*
3096  *  This is it.  Find all the controllers and register them.  I really hate
3097  *  stealing all these major device numbers.
3098  *  returns the number of block devices registered.
3099  */
3100 static int __devinit cciss_init_one(struct pci_dev *pdev,
3101         const struct pci_device_id *ent)
3102 {
3103         request_queue_t *q;
3104         int i;
3105         int j;
3106         int rc;
3107
3108         printk(KERN_DEBUG "cciss: Device 0x%x has been found at"
3109                         " bus %d dev %d func %d\n",
3110                 pdev->device, pdev->bus->number, PCI_SLOT(pdev->devfn),
3111                         PCI_FUNC(pdev->devfn));
3112         i = alloc_cciss_hba();
3113         if(i < 0)
3114                 return (-1);
3115
3116         hba[i]->busy_initializing = 1;
3117
3118         if (cciss_pci_init(hba[i], pdev) != 0)
3119                 goto clean1;
3120
3121         sprintf(hba[i]->devname, "cciss%d", i);
3122         hba[i]->ctlr = i;
3123         hba[i]->pdev = pdev;
3124
3125         /* configure PCI DMA stuff */
3126         if (!pci_set_dma_mask(pdev, DMA_64BIT_MASK))
3127                 printk("cciss: using DAC cycles\n");
3128         else if (!pci_set_dma_mask(pdev, DMA_32BIT_MASK))
3129                 printk("cciss: not using DAC cycles\n");
3130         else {
3131                 printk("cciss: no suitable DMA available\n");
3132                 goto clean1;
3133         }
3134
3135         /*
3136          * register with the major number, or get a dynamic major number
3137          * by passing 0 as argument.  This is done for greater than
3138          * 8 controller support.
3139          */
3140         if (i < MAX_CTLR_ORIG)
3141                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
3142         rc = register_blkdev(hba[i]->major, hba[i]->devname);
3143         if(rc == -EBUSY || rc == -EINVAL) {
3144                 printk(KERN_ERR
3145                         "cciss:  Unable to get major number %d for %s "
3146                         "on hba %d\n", hba[i]->major, hba[i]->devname, i);
3147                 goto clean1;
3148         }
3149         else {
3150                 if (i >= MAX_CTLR_ORIG)
3151                         hba[i]->major = rc;
3152         }
3153
3154         /* make sure the board interrupts are off */
3155         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
3156         if( request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
3157                 SA_INTERRUPT | SA_SHIRQ | SA_SAMPLE_RANDOM, 
3158                         hba[i]->devname, hba[i])) {
3159                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
3160                         hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
3161                 goto clean2;
3162         }
3163         hba[i]->cmd_pool_bits = kmalloc(((NR_CMDS+BITS_PER_LONG-1)/BITS_PER_LONG)*sizeof(unsigned long), GFP_KERNEL);
3164         hba[i]->cmd_pool = (CommandList_struct *)pci_alloc_consistent(
3165                 hba[i]->pdev, NR_CMDS * sizeof(CommandList_struct), 
3166                 &(hba[i]->cmd_pool_dhandle));
3167         hba[i]->errinfo_pool = (ErrorInfo_struct *)pci_alloc_consistent(
3168                 hba[i]->pdev, NR_CMDS * sizeof( ErrorInfo_struct), 
3169                 &(hba[i]->errinfo_pool_dhandle));
3170         if((hba[i]->cmd_pool_bits == NULL) 
3171                 || (hba[i]->cmd_pool == NULL)
3172                 || (hba[i]->errinfo_pool == NULL)) {
3173                 printk( KERN_ERR "cciss: out of memory");
3174                 goto clean4;
3175         }
3176 #ifdef CONFIG_CISS_SCSI_TAPE
3177         hba[i]->scsi_rejects.complete = 
3178                 kmalloc(sizeof(hba[i]->scsi_rejects.complete[0]) * 
3179                         (NR_CMDS + 5), GFP_KERNEL);
3180         if (hba[i]->scsi_rejects.complete == NULL) {
3181                 printk( KERN_ERR "cciss: out of memory");
3182                 goto clean4;
3183         }
3184 #endif
3185         spin_lock_init(&hba[i]->lock);
3186
3187         /* Initialize the pdev driver private data. 
3188                 have it point to hba[i].  */
3189         pci_set_drvdata(pdev, hba[i]);
3190         /* command and error info recs zeroed out before 
3191                         they are used */
3192         memset(hba[i]->cmd_pool_bits, 0, ((NR_CMDS+BITS_PER_LONG-1)/BITS_PER_LONG)*sizeof(unsigned long));
3193
3194 #ifdef CCISS_DEBUG      
3195         printk(KERN_DEBUG "Scanning for drives on controller cciss%d\n",i);
3196 #endif /* CCISS_DEBUG */
3197
3198         cciss_getgeometry(i);
3199
3200         cciss_scsi_setup(i);
3201
3202         /* Turn the interrupts on so we can service requests */
3203         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
3204
3205         cciss_procinit(i);
3206         hba[i]->busy_initializing = 0;
3207
3208         for(j=0; j < NWD; j++) { /* mfm */
3209                 drive_info_struct *drv = &(hba[i]->drv[j]);
3210                 struct gendisk *disk = hba[i]->gendisk[j];
3211
3212                 q = blk_init_queue(do_cciss_request, &hba[i]->lock);
3213                 if (!q) {
3214                         printk(KERN_ERR
3215                            "cciss:  unable to allocate queue for disk %d\n",
3216                            j);
3217                         break;
3218                 }
3219                 drv->queue = q;
3220
3221                 q->backing_dev_info.ra_pages = READ_AHEAD;
3222                 blk_queue_bounce_limit(q, hba[i]->pdev->dma_mask);
3223
3224                 /* This is a hardware imposed limit. */
3225                 blk_queue_max_hw_segments(q, MAXSGENTRIES);
3226
3227                 /* This is a limit in the driver and could be eliminated. */
3228                 blk_queue_max_phys_segments(q, MAXSGENTRIES);
3229
3230                 blk_queue_max_sectors(q, 512);
3231
3232                 blk_queue_softirq_done(q, cciss_softirq_done);
3233
3234                 q->queuedata = hba[i];
3235                 sprintf(disk->disk_name, "cciss/c%dd%d", i, j);
3236                 sprintf(disk->devfs_name, "cciss/host%d/target%d", i, j);
3237                 disk->major = hba[i]->major;
3238                 disk->first_minor = j << NWD_SHIFT;
3239                 disk->fops = &cciss_fops;
3240                 disk->queue = q;
3241                 disk->private_data = drv;
3242                 /* we must register the controller even if no disks exist */
3243                 /* this is for the online array utilities */
3244                 if(!drv->heads && j)
3245                         continue;
3246                 blk_queue_hardsect_size(q, drv->block_size);
3247                 set_capacity(disk, drv->nr_blocks);
3248                 add_disk(disk);
3249         }
3250
3251         return(1);
3252
3253 clean4:
3254 #ifdef CONFIG_CISS_SCSI_TAPE
3255         kfree(hba[i]->scsi_rejects.complete);
3256 #endif
3257         kfree(hba[i]->cmd_pool_bits);
3258         if(hba[i]->cmd_pool)
3259                 pci_free_consistent(hba[i]->pdev,
3260                         NR_CMDS * sizeof(CommandList_struct),
3261                         hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3262         if(hba[i]->errinfo_pool)
3263                 pci_free_consistent(hba[i]->pdev,
3264                         NR_CMDS * sizeof( ErrorInfo_struct),
3265                         hba[i]->errinfo_pool,
3266                         hba[i]->errinfo_pool_dhandle);
3267         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
3268 clean2:
3269         unregister_blkdev(hba[i]->major, hba[i]->devname);
3270 clean1:
3271         release_io_mem(hba[i]);
3272         hba[i]->busy_initializing = 0;
3273         free_hba(i);
3274         return(-1);
3275 }
3276
3277 static void __devexit cciss_remove_one (struct pci_dev *pdev)
3278 {
3279         ctlr_info_t *tmp_ptr;
3280         int i, j;
3281         char flush_buf[4];
3282         int return_code; 
3283
3284         if (pci_get_drvdata(pdev) == NULL)
3285         {
3286                 printk( KERN_ERR "cciss: Unable to remove device \n");
3287                 return;
3288         }
3289         tmp_ptr = pci_get_drvdata(pdev);
3290         i = tmp_ptr->ctlr;
3291         if (hba[i] == NULL) 
3292         {
3293                 printk(KERN_ERR "cciss: device appears to "
3294                         "already be removed \n");
3295                 return;
3296         }
3297         /* Turn board interrupts off  and send the flush cache command */
3298         /* sendcmd will turn off interrupt, and send the flush...
3299         * To write all data in the battery backed cache to disks */
3300         memset(flush_buf, 0, 4);
3301         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0, 0, 0, NULL,
3302                                 TYPE_CMD);
3303         if(return_code != IO_OK)
3304         {
3305                 printk(KERN_WARNING "Error Flushing cache on controller %d\n", 
3306                         i);
3307         }
3308         free_irq(hba[i]->intr[2], hba[i]);
3309
3310 #ifdef CONFIG_PCI_MSI
3311         if (hba[i]->msix_vector)
3312                 pci_disable_msix(hba[i]->pdev);
3313         else if (hba[i]->msi_vector)
3314                 pci_disable_msi(hba[i]->pdev);
3315 #endif /* CONFIG_PCI_MSI */
3316
3317         pci_set_drvdata(pdev, NULL);
3318         iounmap(hba[i]->vaddr);
3319         cciss_unregister_scsi(i);  /* unhook from SCSI subsystem */
3320         unregister_blkdev(hba[i]->major, hba[i]->devname);
3321         remove_proc_entry(hba[i]->devname, proc_cciss); 
3322         
3323         /* remove it from the disk list */
3324         for (j = 0; j < NWD; j++) {
3325                 struct gendisk *disk = hba[i]->gendisk[j];
3326                 if (disk) {
3327                         request_queue_t *q = disk->queue;
3328
3329                         if (disk->flags & GENHD_FL_UP) 
3330                                 del_gendisk(disk);
3331                         if (q)
3332                                 blk_cleanup_queue(q);
3333                 }
3334         }
3335
3336         pci_free_consistent(hba[i]->pdev, NR_CMDS * sizeof(CommandList_struct),
3337                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3338         pci_free_consistent(hba[i]->pdev, NR_CMDS * sizeof( ErrorInfo_struct),
3339                 hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
3340         kfree(hba[i]->cmd_pool_bits);
3341 #ifdef CONFIG_CISS_SCSI_TAPE
3342         kfree(hba[i]->scsi_rejects.complete);
3343 #endif
3344         release_io_mem(hba[i]);
3345         free_hba(i);
3346 }       
3347
3348 static struct pci_driver cciss_pci_driver = {
3349         .name =         "cciss",
3350         .probe =        cciss_init_one,
3351         .remove =       __devexit_p(cciss_remove_one),
3352         .id_table =     cciss_pci_device_id, /* id_table */
3353 };
3354
3355 /*
3356  *  This is it.  Register the PCI driver information for the cards we control
3357  *  the OS will call our registered routines when it finds one of our cards. 
3358  */
3359 static int __init cciss_init(void)
3360 {
3361         printk(KERN_INFO DRIVER_NAME "\n");
3362
3363         /* Register for our PCI devices */
3364         return pci_register_driver(&cciss_pci_driver);
3365 }
3366
3367 static void __exit cciss_cleanup(void)
3368 {
3369         int i;
3370
3371         pci_unregister_driver(&cciss_pci_driver);
3372         /* double check that all controller entrys have been removed */
3373         for (i=0; i< MAX_CTLR; i++) 
3374         {
3375                 if (hba[i] != NULL)
3376                 {
3377                         printk(KERN_WARNING "cciss: had to remove"
3378                                         " controller %d\n", i);
3379                         cciss_remove_one(hba[i]->pdev);
3380                 }
3381         }
3382         remove_proc_entry("cciss", proc_root_driver);
3383 }
3384
3385 static void fail_all_cmds(unsigned long ctlr)
3386 {
3387         /* If we get here, the board is apparently dead. */
3388         ctlr_info_t *h = hba[ctlr];
3389         CommandList_struct *c;
3390         unsigned long flags;
3391
3392         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
3393         h->alive = 0;   /* the controller apparently died... */
3394
3395         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
3396
3397         pci_disable_device(h->pdev); /* Make sure it is really dead. */
3398
3399         /* move everything off the request queue onto the completed queue */
3400         while( (c = h->reqQ) != NULL ) {
3401                 removeQ(&(h->reqQ), c);
3402                 h->Qdepth--;
3403                 addQ (&(h->cmpQ), c);
3404         }
3405
3406         /* Now, fail everything on the completed queue with a HW error */
3407         while( (c = h->cmpQ) != NULL ) {
3408                 removeQ(&h->cmpQ, c);
3409                 c->err_info->CommandStatus = CMD_HARDWARE_ERR;
3410                 if (c->cmd_type == CMD_RWREQ) {
3411                         complete_command(h, c, 0);
3412                 } else if (c->cmd_type == CMD_IOCTL_PEND)
3413                         complete(c->waiting);
3414 #ifdef CONFIG_CISS_SCSI_TAPE
3415                         else if (c->cmd_type == CMD_SCSI)
3416                                 complete_scsi_command(c, 0, 0);
3417 #endif
3418         }
3419         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
3420         return;
3421 }
3422
3423 module_init(cciss_init);
3424 module_exit(cciss_cleanup);