Btrfs: Raise thresholds for metadata writeback
[linux-2.6] / drivers / message / fusion / mptctl.c
1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI PCI chip/adapters
5  *      running LSI Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2008 LSI Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>        /* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/smp_lock.h>
58 #include <linux/compat.h>
59
60 #include <asm/io.h>
61 #include <asm/uaccess.h>
62
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68
69 #define COPYRIGHT       "Copyright (c) 1999-2008 LSI Corporation"
70 #define MODULEAUTHOR    "LSI Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME         "Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION      MPT_LINUX_VERSION_COMMON
77 #define MYNAM           "mptctl"
78
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85
86 static u8 mptctl_id = MPT_MAX_PROTOCOL_DRIVERS;
87
88 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
89
90 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
91
92 struct buflist {
93         u8      *kptr;
94         int      len;
95 };
96
97 /*
98  * Function prototypes. Called from OS entry point mptctl_ioctl.
99  * arg contents specific to function.
100  */
101 static int mptctl_fw_download(unsigned long arg);
102 static int mptctl_getiocinfo(unsigned long arg, unsigned int cmd);
103 static int mptctl_gettargetinfo(unsigned long arg);
104 static int mptctl_readtest(unsigned long arg);
105 static int mptctl_mpt_command(unsigned long arg);
106 static int mptctl_eventquery(unsigned long arg);
107 static int mptctl_eventenable(unsigned long arg);
108 static int mptctl_eventreport(unsigned long arg);
109 static int mptctl_replace_fw(unsigned long arg);
110
111 static int mptctl_do_reset(unsigned long arg);
112 static int mptctl_hp_hostinfo(unsigned long arg, unsigned int cmd);
113 static int mptctl_hp_targetinfo(unsigned long arg);
114
115 static int  mptctl_probe(struct pci_dev *, const struct pci_device_id *);
116 static void mptctl_remove(struct pci_dev *);
117
118 #ifdef CONFIG_COMPAT
119 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
120 #endif
121 /*
122  * Private function calls.
123  */
124 static int mptctl_do_mpt_command(struct mpt_ioctl_command karg, void __user *mfPtr);
125 static int mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen);
126 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
127                 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
128 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
129                 struct buflist *buflist, MPT_ADAPTER *ioc);
130 static void mptctl_timeout_expired (MPT_IOCTL *ioctl);
131 static int  mptctl_bus_reset(MPT_IOCTL *ioctl);
132 static int mptctl_set_tm_flags(MPT_SCSI_HOST *hd);
133 static void mptctl_free_tm_flags(MPT_ADAPTER *ioc);
134
135 /*
136  * Reset Handler cleanup function
137  */
138 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
139
140 /*
141  * Event Handler function
142  */
143 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
144 static struct fasync_struct *async_queue=NULL;
145
146 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
147 /*
148  * Scatter gather list (SGL) sizes and limits...
149  */
150 //#define MAX_SCSI_FRAGS        9
151 #define MAX_FRAGS_SPILL1        9
152 #define MAX_FRAGS_SPILL2        15
153 #define FRAGS_PER_BUCKET        (MAX_FRAGS_SPILL2 + 1)
154
155 //#define MAX_CHAIN_FRAGS       64
156 //#define MAX_CHAIN_FRAGS       (15+15+15+16)
157 #define MAX_CHAIN_FRAGS         (4 * MAX_FRAGS_SPILL2 + 1)
158
159 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
160 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
161 //                  ^----------------- 80 + 512
162 #define MAX_SGL_BYTES           ((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
163
164 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
165 #define MAX_KMALLOC_SZ          (128*1024)
166
167 #define MPT_IOCTL_DEFAULT_TIMEOUT 10    /* Default timeout value (seconds) */
168
169 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
170 /**
171  *      mptctl_syscall_down - Down the MPT adapter syscall semaphore.
172  *      @ioc: Pointer to MPT adapter
173  *      @nonblock: boolean, non-zero if O_NONBLOCK is set
174  *
175  *      All of the ioctl commands can potentially sleep, which is illegal
176  *      with a spinlock held, thus we perform mutual exclusion here.
177  *
178  *      Returns negative errno on error, or zero for success.
179  */
180 static inline int
181 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
182 {
183         int rc = 0;
184
185         if (nonblock) {
186                 if (!mutex_trylock(&ioc->ioctl->ioctl_mutex))
187                         rc = -EAGAIN;
188         } else {
189                 if (mutex_lock_interruptible(&ioc->ioctl->ioctl_mutex))
190                         rc = -ERESTARTSYS;
191         }
192         return rc;
193 }
194
195 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
196 /*
197  *  This is the callback for any message we have posted. The message itself
198  *  will be returned to the message pool when we return from the IRQ
199  *
200  *  This runs in irq context so be short and sweet.
201  */
202 static int
203 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
204 {
205         char *sense_data;
206         int sz, req_index;
207         u16 iocStatus;
208         u8 cmd;
209
210         if (req)
211                  cmd = req->u.hdr.Function;
212         else
213                 return 1;
214         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tcompleting mpi function (0x%02X), req=%p, "
215             "reply=%p\n", ioc->name,  req->u.hdr.Function, req, reply));
216
217         if (ioc->ioctl) {
218
219                 if (reply==NULL) {
220
221                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_reply() NULL Reply "
222                                 "Function=%x!\n", ioc->name, cmd));
223
224                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
225                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
226
227                         /* We are done, issue wake up
228                         */
229                         ioc->ioctl->wait_done = 1;
230                         wake_up (&mptctl_wait);
231                         return 1;
232
233                 }
234
235                 /* Copy the reply frame (which much exist
236                  * for non-SCSI I/O) to the IOC structure.
237                  */
238                 memcpy(ioc->ioctl->ReplyFrame, reply,
239                         min(ioc->reply_sz, 4*reply->u.reply.MsgLength));
240                 ioc->ioctl->status |= MPT_IOCTL_STATUS_RF_VALID;
241
242                 /* Set the command status to GOOD if IOC Status is GOOD
243                  * OR if SCSI I/O cmd and data underrun or recovered error.
244                  */
245                 iocStatus = le16_to_cpu(reply->u.reply.IOCStatus) & MPI_IOCSTATUS_MASK;
246                 if (iocStatus  == MPI_IOCSTATUS_SUCCESS)
247                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
248
249                 if (iocStatus || reply->u.reply.IOCLogInfo)
250                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tiocstatus (0x%04X), "
251                                 "loginfo (0x%08X)\n", ioc->name,
252                                 iocStatus,
253                                 le32_to_cpu(reply->u.reply.IOCLogInfo)));
254
255                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) ||
256                         (cmd == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
257
258                         if (reply->u.sreply.SCSIStatus || reply->u.sreply.SCSIState)
259                                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
260                                         "\tscsi_status (0x%02x), scsi_state (0x%02x), "
261                                         "tag = (0x%04x), transfer_count (0x%08x)\n", ioc->name,
262                                         reply->u.sreply.SCSIStatus,
263                                         reply->u.sreply.SCSIState,
264                                         le16_to_cpu(reply->u.sreply.TaskTag),
265                                         le32_to_cpu(reply->u.sreply.TransferCount)));
266
267                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
268
269                         if ((iocStatus == MPI_IOCSTATUS_SCSI_DATA_UNDERRUN) ||
270                         (iocStatus == MPI_IOCSTATUS_SCSI_RECOVERED_ERROR)) {
271                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
272                         }
273                 }
274
275                 /* Copy the sense data - if present
276                  */
277                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) &&
278                         (reply->u.sreply.SCSIState &
279                          MPI_SCSI_STATE_AUTOSENSE_VALID)){
280                         sz = req->u.scsireq.SenseBufferLength;
281                         req_index =
282                             le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
283                         sense_data =
284                             ((u8 *)ioc->sense_buf_pool +
285                              (req_index * MPT_SENSE_BUFFER_ALLOC));
286                         memcpy(ioc->ioctl->sense, sense_data, sz);
287                         ioc->ioctl->status |= MPT_IOCTL_STATUS_SENSE_VALID;
288                 }
289
290                 if (cmd == MPI_FUNCTION_SCSI_TASK_MGMT)
291                         mptctl_free_tm_flags(ioc);
292
293                 /* We are done, issue wake up
294                  */
295                 ioc->ioctl->wait_done = 1;
296                 wake_up (&mptctl_wait);
297         }
298         return 1;
299 }
300
301 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
302 /* mptctl_timeout_expired
303  *
304  * Expecting an interrupt, however timed out.
305  *
306  */
307 static void mptctl_timeout_expired (MPT_IOCTL *ioctl)
308 {
309         int rc = 1;
310
311         dctlprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT ": Timeout Expired! Host %d\n",
312                                 ioctl->ioc->name, ioctl->ioc->id));
313         if (ioctl == NULL)
314                 return;
315
316         ioctl->wait_done = 0;
317         if (ioctl->reset & MPTCTL_RESET_OK)
318                 rc = mptctl_bus_reset(ioctl);
319
320         if (rc) {
321                 /* Issue a reset for this device.
322                  * The IOC is not responding.
323                  */
324                 dctlprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "Calling HardReset! \n",
325                          ioctl->ioc->name));
326                 mpt_HardResetHandler(ioctl->ioc, CAN_SLEEP);
327         }
328         return;
329
330 }
331
332 /* mptctl_bus_reset
333  *
334  * Bus reset code.
335  *
336  */
337 static int mptctl_bus_reset(MPT_IOCTL *ioctl)
338 {
339         MPT_FRAME_HDR   *mf;
340         SCSITaskMgmt_t  *pScsiTm;
341         MPT_SCSI_HOST   *hd;
342         int              ii;
343         int              retval=0;
344
345
346         ioctl->reset &= ~MPTCTL_RESET_OK;
347
348         if (ioctl->ioc->sh == NULL)
349                 return -EPERM;
350
351         hd = shost_priv(ioctl->ioc->sh);
352         if (hd == NULL)
353                 return -EPERM;
354
355         /* Single threading ....
356          */
357         if (mptctl_set_tm_flags(hd) != 0)
358                 return -EPERM;
359
360         /* Send request
361          */
362         if ((mf = mpt_get_msg_frame(mptctl_id, ioctl->ioc)) == NULL) {
363                 dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt, no msg frames!!\n",
364                                 ioctl->ioc->name));
365
366                 mptctl_free_tm_flags(ioctl->ioc);
367                 return -ENOMEM;
368         }
369
370         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt request @ %p\n",
371                         ioctl->ioc->name, mf));
372
373         pScsiTm = (SCSITaskMgmt_t *) mf;
374         pScsiTm->TargetID = ioctl->id;
375         pScsiTm->Bus = hd->port;        /* 0 */
376         pScsiTm->ChainOffset = 0;
377         pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
378         pScsiTm->Reserved = 0;
379         pScsiTm->TaskType = MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS;
380         pScsiTm->Reserved1 = 0;
381         pScsiTm->MsgFlags = MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
382
383         for (ii= 0; ii < 8; ii++)
384                 pScsiTm->LUN[ii] = 0;
385
386         for (ii=0; ii < 7; ii++)
387                 pScsiTm->Reserved2[ii] = 0;
388
389         pScsiTm->TaskMsgContext = 0;
390         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT
391                 "mptctl_bus_reset: issued.\n", ioctl->ioc->name));
392
393         DBG_DUMP_TM_REQUEST_FRAME(ioctl->ioc, (u32 *)mf);
394
395         ioctl->wait_done=0;
396
397         if ((ioctl->ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
398             (ioctl->ioc->facts.MsgVersion >= MPI_VERSION_01_05))
399                 mpt_put_msg_frame_hi_pri(mptctl_id, ioctl->ioc, mf);
400         else {
401                 retval = mpt_send_handshake_request(mptctl_id, ioctl->ioc,
402                         sizeof(SCSITaskMgmt_t), (u32*)pScsiTm, CAN_SLEEP);
403                 if (retval != 0) {
404                         dfailprintk(ioctl->ioc, printk(MYIOC_s_ERR_FMT "_send_handshake FAILED!"
405                                 " (hd %p, ioc %p, mf %p) \n", hd->ioc->name, hd,
406                                 hd->ioc, mf));
407                         goto mptctl_bus_reset_done;
408                 }
409         }
410
411         /* Now wait for the command to complete */
412         ii = wait_event_timeout(mptctl_wait,
413              ioctl->wait_done == 1,
414              HZ*5 /* 5 second timeout */);
415
416         if(ii <=0 && (ioctl->wait_done != 1 ))  {
417                 mpt_free_msg_frame(hd->ioc, mf);
418                 ioctl->wait_done = 0;
419                 retval = -1; /* return failure */
420         }
421
422 mptctl_bus_reset_done:
423
424         mptctl_free_tm_flags(ioctl->ioc);
425         return retval;
426 }
427
428 static int
429 mptctl_set_tm_flags(MPT_SCSI_HOST *hd) {
430         unsigned long flags;
431
432         spin_lock_irqsave(&hd->ioc->FreeQlock, flags);
433
434         if (hd->tmState == TM_STATE_NONE) {
435                 hd->tmState = TM_STATE_IN_PROGRESS;
436                 hd->tmPending = 1;
437                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
438         } else {
439                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
440                 return -EBUSY;
441         }
442
443         return 0;
444 }
445
446 static void
447 mptctl_free_tm_flags(MPT_ADAPTER *ioc)
448 {
449         MPT_SCSI_HOST * hd;
450         unsigned long flags;
451
452         hd = shost_priv(ioc->sh);
453         if (hd == NULL)
454                 return;
455
456         spin_lock_irqsave(&ioc->FreeQlock, flags);
457
458         hd->tmState = TM_STATE_NONE;
459         hd->tmPending = 0;
460         spin_unlock_irqrestore(&ioc->FreeQlock, flags);
461
462         return;
463 }
464
465 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
466 /* mptctl_ioc_reset
467  *
468  * Clean-up functionality. Used only if there has been a
469  * reload of the FW due.
470  *
471  */
472 static int
473 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
474 {
475         MPT_IOCTL *ioctl = ioc->ioctl;
476         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "IOC %s_reset routed to IOCTL driver!\n", ioc->name,
477                 reset_phase==MPT_IOC_SETUP_RESET ? "setup" : (
478                 reset_phase==MPT_IOC_PRE_RESET ? "pre" : "post")));
479
480         if(ioctl == NULL)
481                 return 1;
482
483         switch(reset_phase) {
484         case MPT_IOC_SETUP_RESET:
485                 ioctl->status |= MPT_IOCTL_STATUS_DID_IOCRESET;
486                 break;
487         case MPT_IOC_POST_RESET:
488                 ioctl->status &= ~MPT_IOCTL_STATUS_DID_IOCRESET;
489                 break;
490         case MPT_IOC_PRE_RESET:
491         default:
492                 break;
493         }
494
495         return 1;
496 }
497
498 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
499 /* ASYNC Event Notification Support */
500 static int
501 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
502 {
503         u8 event;
504
505         event = le32_to_cpu(pEvReply->Event) & 0xFF;
506
507         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "%s() called\n",
508             ioc->name, __func__));
509         if(async_queue == NULL)
510                 return 1;
511
512         /* Raise SIGIO for persistent events.
513          * TODO - this define is not in MPI spec yet,
514          * but they plan to set it to 0x21
515          */
516          if (event == 0x21 ) {
517                 ioc->aen_event_read_flag=1;
518                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Raised SIGIO to application\n",
519                     ioc->name));
520                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
521                     "Raised SIGIO to application\n", ioc->name));
522                 kill_fasync(&async_queue, SIGIO, POLL_IN);
523                 return 1;
524          }
525
526         /* This flag is set after SIGIO was raised, and
527          * remains set until the application has read
528          * the event log via ioctl=MPTEVENTREPORT
529          */
530         if(ioc->aen_event_read_flag)
531                 return 1;
532
533         /* Signal only for the events that are
534          * requested for by the application
535          */
536         if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
537                 ioc->aen_event_read_flag=1;
538                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
539                     "Raised SIGIO to application\n", ioc->name));
540                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
541                     "Raised SIGIO to application\n", ioc->name));
542                 kill_fasync(&async_queue, SIGIO, POLL_IN);
543         }
544         return 1;
545 }
546
547 static int
548 mptctl_fasync(int fd, struct file *filep, int mode)
549 {
550         MPT_ADAPTER     *ioc;
551         int ret;
552
553         lock_kernel();
554         list_for_each_entry(ioc, &ioc_list, list)
555                 ioc->aen_event_read_flag=0;
556
557         ret = fasync_helper(fd, filep, mode, &async_queue);
558         unlock_kernel();
559         return ret;
560 }
561
562 static int
563 mptctl_release(struct inode *inode, struct file *filep)
564 {
565         return fasync_helper(-1, filep, 0, &async_queue);
566 }
567
568 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
569 /*
570  *  MPT ioctl handler
571  *  cmd - specify the particular IOCTL command to be issued
572  *  arg - data specific to the command. Must not be null.
573  */
574 static long
575 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
576 {
577         mpt_ioctl_header __user *uhdr = (void __user *) arg;
578         mpt_ioctl_header         khdr;
579         int iocnum;
580         unsigned iocnumX;
581         int nonblock = (file->f_flags & O_NONBLOCK);
582         int ret;
583         MPT_ADAPTER *iocp = NULL;
584
585         if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
586                 printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d - "
587                                 "Unable to copy mpt_ioctl_header data @ %p\n",
588                                 __FILE__, __LINE__, uhdr);
589                 return -EFAULT;
590         }
591         ret = -ENXIO;                           /* (-6) No such device or address */
592
593         /* Verify intended MPT adapter - set iocnum and the adapter
594          * pointer (iocp)
595          */
596         iocnumX = khdr.iocnum & 0xFF;
597         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
598             (iocp == NULL)) {
599                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - ioc%d not found!\n",
600                                 __FILE__, __LINE__, iocnumX);
601                 return -ENODEV;
602         }
603
604         if (!iocp->active) {
605                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - Controller disabled.\n",
606                                 __FILE__, __LINE__);
607                 return -EFAULT;
608         }
609
610         /* Handle those commands that are just returning
611          * information stored in the driver.
612          * These commands should never time out and are unaffected
613          * by TM and FW reloads.
614          */
615         if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
616                 return mptctl_getiocinfo(arg, _IOC_SIZE(cmd));
617         } else if (cmd == MPTTARGETINFO) {
618                 return mptctl_gettargetinfo(arg);
619         } else if (cmd == MPTTEST) {
620                 return mptctl_readtest(arg);
621         } else if (cmd == MPTEVENTQUERY) {
622                 return mptctl_eventquery(arg);
623         } else if (cmd == MPTEVENTENABLE) {
624                 return mptctl_eventenable(arg);
625         } else if (cmd == MPTEVENTREPORT) {
626                 return mptctl_eventreport(arg);
627         } else if (cmd == MPTFWREPLACE) {
628                 return mptctl_replace_fw(arg);
629         }
630
631         /* All of these commands require an interrupt or
632          * are unknown/illegal.
633          */
634         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
635                 return ret;
636
637         if (cmd == MPTFWDOWNLOAD)
638                 ret = mptctl_fw_download(arg);
639         else if (cmd == MPTCOMMAND)
640                 ret = mptctl_mpt_command(arg);
641         else if (cmd == MPTHARDRESET)
642                 ret = mptctl_do_reset(arg);
643         else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
644                 ret = mptctl_hp_hostinfo(arg, _IOC_SIZE(cmd));
645         else if (cmd == HP_GETTARGETINFO)
646                 ret = mptctl_hp_targetinfo(arg);
647         else
648                 ret = -EINVAL;
649
650         mutex_unlock(&iocp->ioctl->ioctl_mutex);
651
652         return ret;
653 }
654
655 static long
656 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
657 {
658         long ret;
659         lock_kernel();
660         ret = __mptctl_ioctl(file, cmd, arg);
661         unlock_kernel();
662         return ret;
663 }
664
665 static int mptctl_do_reset(unsigned long arg)
666 {
667         struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
668         struct mpt_ioctl_diag_reset krinfo;
669         MPT_ADAPTER             *iocp;
670
671         if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
672                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - "
673                                 "Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
674                                 __FILE__, __LINE__, urinfo);
675                 return -EFAULT;
676         }
677
678         if (mpt_verify_adapter(krinfo.hdr.iocnum, &iocp) < 0) {
679                 printk(KERN_DEBUG MYNAM "%s@%d::mptctl_do_reset - ioc%d not found!\n",
680                                 __FILE__, __LINE__, krinfo.hdr.iocnum);
681                 return -ENODEV; /* (-6) No such device or address */
682         }
683
684         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n",
685             iocp->name));
686
687         if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
688                 printk (MYIOC_s_ERR_FMT "%s@%d::mptctl_do_reset - reset failed.\n",
689                         iocp->name, __FILE__, __LINE__);
690                 return -1;
691         }
692
693         return 0;
694 }
695
696 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
697 /*
698  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
699  * This structure contains: iocnum, firmware length (bytes),
700  *      pointer to user space memory where the fw image is stored.
701  *
702  * Outputs:     None.
703  * Return:      0 if successful
704  *              -EFAULT if data unavailable
705  *              -ENXIO  if no such device
706  *              -EAGAIN if resource problem
707  *              -ENOMEM if no memory for SGE
708  *              -EMLINK if too many chain buffers required
709  *              -EBADRQC if adapter does not support FW download
710  *              -EBUSY if adapter is busy
711  *              -ENOMSG if FW upload returned bad status
712  */
713 static int
714 mptctl_fw_download(unsigned long arg)
715 {
716         struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
717         struct mpt_fw_xfer       kfwdl;
718
719         if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
720                 printk(KERN_ERR MYNAM "%s@%d::_ioctl_fwdl - "
721                                 "Unable to copy mpt_fw_xfer struct @ %p\n",
722                                 __FILE__, __LINE__, ufwdl);
723                 return -EFAULT;
724         }
725
726         return mptctl_do_fw_download(kfwdl.iocnum, kfwdl.bufp, kfwdl.fwlen);
727 }
728
729 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
730 /*
731  * FW Download engine.
732  * Outputs:     None.
733  * Return:      0 if successful
734  *              -EFAULT if data unavailable
735  *              -ENXIO  if no such device
736  *              -EAGAIN if resource problem
737  *              -ENOMEM if no memory for SGE
738  *              -EMLINK if too many chain buffers required
739  *              -EBADRQC if adapter does not support FW download
740  *              -EBUSY if adapter is busy
741  *              -ENOMSG if FW upload returned bad status
742  */
743 static int
744 mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen)
745 {
746         FWDownload_t            *dlmsg;
747         MPT_FRAME_HDR           *mf;
748         MPT_ADAPTER             *iocp;
749         FWDownloadTCSGE_t       *ptsge;
750         MptSge_t                *sgl, *sgIn;
751         char                    *sgOut;
752         struct buflist          *buflist;
753         struct buflist          *bl;
754         dma_addr_t               sgl_dma;
755         int                      ret;
756         int                      numfrags = 0;
757         int                      maxfrags;
758         int                      n = 0;
759         u32                      sgdir;
760         u32                      nib;
761         int                      fw_bytes_copied = 0;
762         int                      i;
763         int                      sge_offset = 0;
764         u16                      iocstat;
765         pFWDownloadReply_t       ReplyMsg = NULL;
766
767         if (mpt_verify_adapter(ioc, &iocp) < 0) {
768                 printk(KERN_DEBUG MYNAM "ioctl_fwdl - ioc%d not found!\n",
769                                  ioc);
770                 return -ENODEV; /* (-6) No such device or address */
771         } else {
772
773                 /*  Valid device. Get a message frame and construct the FW download message.
774                 */
775                 if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
776                         return -EAGAIN;
777         }
778
779         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT
780             "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id));
781         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.bufp  = %p\n",
782             iocp->name, ufwbuf));
783         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n",
784             iocp->name, (int)fwlen));
785         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.ioc   = %04xh\n",
786             iocp->name, ioc));
787
788         dlmsg = (FWDownload_t*) mf;
789         ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
790         sgOut = (char *) (ptsge + 1);
791
792         /*
793          * Construct f/w download request
794          */
795         dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
796         dlmsg->Reserved = 0;
797         dlmsg->ChainOffset = 0;
798         dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
799         dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
800         if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
801                 dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
802         else
803                 dlmsg->MsgFlags = 0;
804
805
806         /* Set up the Transaction SGE.
807          */
808         ptsge->Reserved = 0;
809         ptsge->ContextSize = 0;
810         ptsge->DetailsLength = 12;
811         ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
812         ptsge->Reserved_0100_Checksum = 0;
813         ptsge->ImageOffset = 0;
814         ptsge->ImageSize = cpu_to_le32(fwlen);
815
816         /* Add the SGL
817          */
818
819         /*
820          * Need to kmalloc area(s) for holding firmware image bytes.
821          * But we need to do it piece meal, using a proper
822          * scatter gather list (with 128kB MAX hunks).
823          *
824          * A practical limit here might be # of sg hunks that fit into
825          * a single IOC request frame; 12 or 8 (see below), so:
826          * For FC9xx: 12 x 128kB == 1.5 mB (max)
827          * For C1030:  8 x 128kB == 1   mB (max)
828          * We could support chaining, but things get ugly(ier:)
829          *
830          * Set the sge_offset to the start of the sgl (bytes).
831          */
832         sgdir = 0x04000000;             /* IOC will READ from sys mem */
833         sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
834         if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
835                                     &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
836                 return -ENOMEM;
837
838         /*
839          * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
840          * for FC9xx f/w image, but calculate max number of sge hunks
841          * we can fit into a request frame, and limit ourselves to that.
842          * (currently no chain support)
843          * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
844          *      Request         maxfrags
845          *      128             12
846          *      96              8
847          *      64              4
848          */
849         maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) - sizeof(FWDownloadTCSGE_t))
850                         / (sizeof(dma_addr_t) + sizeof(u32));
851         if (numfrags > maxfrags) {
852                 ret = -EMLINK;
853                 goto fwdl_out;
854         }
855
856         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: sgl buffer = %p, sgfrags = %d\n",
857             iocp->name, sgl, numfrags));
858
859         /*
860          * Parse SG list, copying sgl itself,
861          * plus f/w image hunks from user space as we go...
862          */
863         ret = -EFAULT;
864         sgIn = sgl;
865         bl = buflist;
866         for (i=0; i < numfrags; i++) {
867
868                 /* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
869                  * Skip everything but Simple. If simple, copy from
870                  *      user space into kernel space.
871                  * Note: we should not have anything but Simple as
872                  *      Chain SGE are illegal.
873                  */
874                 nib = (sgIn->FlagsLength & 0x30000000) >> 28;
875                 if (nib == 0 || nib == 3) {
876                         ;
877                 } else if (sgIn->Address) {
878                         mpt_add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
879                         n++;
880                         if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
881                                 printk(MYIOC_s_ERR_FMT "%s@%d::_ioctl_fwdl - "
882                                         "Unable to copy f/w buffer hunk#%d @ %p\n",
883                                         iocp->name, __FILE__, __LINE__, n, ufwbuf);
884                                 goto fwdl_out;
885                         }
886                         fw_bytes_copied += bl->len;
887                 }
888                 sgIn++;
889                 bl++;
890                 sgOut += (sizeof(dma_addr_t) + sizeof(u32));
891         }
892
893         DBG_DUMP_FW_DOWNLOAD(iocp, (u32 *)mf, numfrags);
894
895         /*
896          * Finally, perform firmware download.
897          */
898         ReplyMsg = NULL;
899         mpt_put_msg_frame(mptctl_id, iocp, mf);
900
901         /* Now wait for the command to complete */
902         ret = wait_event_timeout(mptctl_wait,
903              iocp->ioctl->wait_done == 1,
904              HZ*60);
905
906         if(ret <=0 && (iocp->ioctl->wait_done != 1 )) {
907         /* Now we need to reset the board */
908                 mptctl_timeout_expired(iocp->ioctl);
909                 ret = -ENODATA;
910                 goto fwdl_out;
911         }
912
913         if (sgl)
914                 kfree_sgl(sgl, sgl_dma, buflist, iocp);
915
916         ReplyMsg = (pFWDownloadReply_t)iocp->ioctl->ReplyFrame;
917         iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
918         if (iocstat == MPI_IOCSTATUS_SUCCESS) {
919                 printk(MYIOC_s_INFO_FMT "F/W update successfull!\n", iocp->name);
920                 return 0;
921         } else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
922                 printk(MYIOC_s_WARN_FMT "Hmmm...  F/W download not supported!?!\n",
923                         iocp->name);
924                 printk(MYIOC_s_WARN_FMT "(time to go bang on somebodies door)\n",
925                         iocp->name);
926                 return -EBADRQC;
927         } else if (iocstat == MPI_IOCSTATUS_BUSY) {
928                 printk(MYIOC_s_WARN_FMT "IOC_BUSY!\n", iocp->name);
929                 printk(MYIOC_s_WARN_FMT "(try again later?)\n", iocp->name);
930                 return -EBUSY;
931         } else {
932                 printk(MYIOC_s_WARN_FMT "ioctl_fwdl() returned [bad] status = %04xh\n",
933                         iocp->name, iocstat);
934                 printk(MYIOC_s_WARN_FMT "(bad VooDoo)\n", iocp->name);
935                 return -ENOMSG;
936         }
937         return 0;
938
939 fwdl_out:
940         kfree_sgl(sgl, sgl_dma, buflist, iocp);
941         return ret;
942 }
943
944 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
945 /*
946  * SGE Allocation routine
947  *
948  * Inputs:      bytes - number of bytes to be transferred
949  *              sgdir - data direction
950  *              sge_offset - offset (in bytes) from the start of the request
951  *                      frame to the first SGE
952  *              ioc - pointer to the mptadapter
953  * Outputs:     frags - number of scatter gather elements
954  *              blp - point to the buflist pointer
955  *              sglbuf_dma - pointer to the (dma) sgl
956  * Returns:     Null if failes
957  *              pointer to the (virtual) sgl if successful.
958  */
959 static MptSge_t *
960 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
961                  struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
962 {
963         MptSge_t        *sglbuf = NULL;         /* pointer to array of SGE */
964                                                 /* and chain buffers */
965         struct buflist  *buflist = NULL;        /* kernel routine */
966         MptSge_t        *sgl;
967         int              numfrags = 0;
968         int              fragcnt = 0;
969         int              alloc_sz = min(bytes,MAX_KMALLOC_SZ);  // avoid kernel warning msg!
970         int              bytes_allocd = 0;
971         int              this_alloc;
972         dma_addr_t       pa;                                    // phys addr
973         int              i, buflist_ent;
974         int              sg_spill = MAX_FRAGS_SPILL1;
975         int              dir;
976         /* initialization */
977         *frags = 0;
978         *blp = NULL;
979
980         /* Allocate and initialize an array of kernel
981          * structures for the SG elements.
982          */
983         i = MAX_SGL_BYTES / 8;
984         buflist = kzalloc(i, GFP_USER);
985         if (!buflist)
986                 return NULL;
987         buflist_ent = 0;
988
989         /* Allocate a single block of memory to store the sg elements and
990          * the chain buffers.  The calling routine is responsible for
991          * copying the data in this array into the correct place in the
992          * request and chain buffers.
993          */
994         sglbuf = pci_alloc_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf_dma);
995         if (sglbuf == NULL)
996                 goto free_and_fail;
997
998         if (sgdir & 0x04000000)
999                 dir = PCI_DMA_TODEVICE;
1000         else
1001                 dir = PCI_DMA_FROMDEVICE;
1002
1003         /* At start:
1004          *      sgl = sglbuf = point to beginning of sg buffer
1005          *      buflist_ent = 0 = first kernel structure
1006          *      sg_spill = number of SGE that can be written before the first
1007          *              chain element.
1008          *
1009          */
1010         sgl = sglbuf;
1011         sg_spill = ((ioc->req_sz - sge_offset)/(sizeof(dma_addr_t) + sizeof(u32))) - 1;
1012         while (bytes_allocd < bytes) {
1013                 this_alloc = min(alloc_sz, bytes-bytes_allocd);
1014                 buflist[buflist_ent].len = this_alloc;
1015                 buflist[buflist_ent].kptr = pci_alloc_consistent(ioc->pcidev,
1016                                                                  this_alloc,
1017                                                                  &pa);
1018                 if (buflist[buflist_ent].kptr == NULL) {
1019                         alloc_sz = alloc_sz / 2;
1020                         if (alloc_sz == 0) {
1021                                 printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1022                                     "not enough memory!   :-(\n", ioc->name);
1023                                 printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1024                                         ioc->name, numfrags);
1025                                 goto free_and_fail;
1026                         }
1027                         continue;
1028                 } else {
1029                         dma_addr_t dma_addr;
1030
1031                         bytes_allocd += this_alloc;
1032                         sgl->FlagsLength = (0x10000000|MPT_SGE_FLAGS_ADDRESSING|sgdir|this_alloc);
1033                         dma_addr = pci_map_single(ioc->pcidev, buflist[buflist_ent].kptr, this_alloc, dir);
1034                         sgl->Address = dma_addr;
1035
1036                         fragcnt++;
1037                         numfrags++;
1038                         sgl++;
1039                         buflist_ent++;
1040                 }
1041
1042                 if (bytes_allocd >= bytes)
1043                         break;
1044
1045                 /* Need to chain? */
1046                 if (fragcnt == sg_spill) {
1047                         printk(MYIOC_s_WARN_FMT
1048                             "-SG: No can do - " "Chain required!   :-(\n", ioc->name);
1049                         printk(MYIOC_s_WARN_FMT "(freeing %d frags)\n", ioc->name, numfrags);
1050                         goto free_and_fail;
1051                 }
1052
1053                 /* overflow check... */
1054                 if (numfrags*8 > MAX_SGL_BYTES){
1055                         /* GRRRRR... */
1056                         printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1057                                 "too many SG frags!   :-(\n", ioc->name);
1058                         printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1059                                 ioc->name, numfrags);
1060                         goto free_and_fail;
1061                 }
1062         }
1063
1064         /* Last sge fixup: set LE+eol+eob bits */
1065         sgl[-1].FlagsLength |= 0xC1000000;
1066
1067         *frags = numfrags;
1068         *blp = buflist;
1069
1070         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1071            "%d SG frags generated!\n", ioc->name, numfrags));
1072
1073         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1074            "last (big) alloc_sz=%d\n", ioc->name, alloc_sz));
1075
1076         return sglbuf;
1077
1078 free_and_fail:
1079         if (sglbuf != NULL) {
1080                 for (i = 0; i < numfrags; i++) {
1081                         dma_addr_t dma_addr;
1082                         u8 *kptr;
1083                         int len;
1084
1085                         if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1086                                 continue;
1087
1088                         dma_addr = sglbuf[i].Address;
1089                         kptr = buflist[i].kptr;
1090                         len = buflist[i].len;
1091
1092                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1093                 }
1094                 pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf, *sglbuf_dma);
1095         }
1096         kfree(buflist);
1097         return NULL;
1098 }
1099
1100 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1101 /*
1102  * Routine to free the SGL elements.
1103  */
1104 static void
1105 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1106 {
1107         MptSge_t        *sg = sgl;
1108         struct buflist  *bl = buflist;
1109         u32              nib;
1110         int              dir;
1111         int              n = 0;
1112
1113         if (sg->FlagsLength & 0x04000000)
1114                 dir = PCI_DMA_TODEVICE;
1115         else
1116                 dir = PCI_DMA_FROMDEVICE;
1117
1118         nib = (sg->FlagsLength & 0xF0000000) >> 28;
1119         while (! (nib & 0x4)) { /* eob */
1120                 /* skip ignore/chain. */
1121                 if (nib == 0 || nib == 3) {
1122                         ;
1123                 } else if (sg->Address) {
1124                         dma_addr_t dma_addr;
1125                         void *kptr;
1126                         int len;
1127
1128                         dma_addr = sg->Address;
1129                         kptr = bl->kptr;
1130                         len = bl->len;
1131                         pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1132                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1133                         n++;
1134                 }
1135                 sg++;
1136                 bl++;
1137                 nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1138         }
1139
1140         /* we're at eob! */
1141         if (sg->Address) {
1142                 dma_addr_t dma_addr;
1143                 void *kptr;
1144                 int len;
1145
1146                 dma_addr = sg->Address;
1147                 kptr = bl->kptr;
1148                 len = bl->len;
1149                 pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1150                 pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1151                 n++;
1152         }
1153
1154         pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sgl, sgl_dma);
1155         kfree(buflist);
1156         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: Free'd 1 SGL buf + %d kbufs!\n",
1157             ioc->name, n));
1158 }
1159
1160 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1161 /*
1162  *      mptctl_getiocinfo - Query the host adapter for IOC information.
1163  *      @arg: User space argument
1164  *
1165  * Outputs:     None.
1166  * Return:      0 if successful
1167  *              -EFAULT if data unavailable
1168  *              -ENODEV  if no such device/adapter
1169  */
1170 static int
1171 mptctl_getiocinfo (unsigned long arg, unsigned int data_size)
1172 {
1173         struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1174         struct mpt_ioctl_iocinfo *karg;
1175         MPT_ADAPTER             *ioc;
1176         struct pci_dev          *pdev;
1177         int                     iocnum;
1178         unsigned int            port;
1179         int                     cim_rev;
1180         u8                      revision;
1181         struct scsi_device      *sdev;
1182         VirtDevice              *vdevice;
1183
1184         /* Add of PCI INFO results in unaligned access for
1185          * IA64 and Sparc. Reset long to int. Return no PCI
1186          * data for obsolete format.
1187          */
1188         if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1189                 cim_rev = 0;
1190         else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1191                 cim_rev = 1;
1192         else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1193                 cim_rev = 2;
1194         else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1195                 cim_rev = 0;    /* obsolete */
1196         else
1197                 return -EFAULT;
1198
1199         karg = kmalloc(data_size, GFP_KERNEL);
1200         if (karg == NULL) {
1201                 printk(KERN_ERR MYNAM "%s::mpt_ioctl_iocinfo() @%d - no memory available!\n",
1202                                 __FILE__, __LINE__);
1203                 return -ENOMEM;
1204         }
1205
1206         if (copy_from_user(karg, uarg, data_size)) {
1207                 printk(KERN_ERR MYNAM "%s@%d::mptctl_getiocinfo - "
1208                         "Unable to read in mpt_ioctl_iocinfo struct @ %p\n",
1209                                 __FILE__, __LINE__, uarg);
1210                 kfree(karg);
1211                 return -EFAULT;
1212         }
1213
1214         if (((iocnum = mpt_verify_adapter(karg->hdr.iocnum, &ioc)) < 0) ||
1215             (ioc == NULL)) {
1216                 printk(KERN_DEBUG MYNAM "%s::mptctl_getiocinfo() @%d - ioc%d not found!\n",
1217                                 __FILE__, __LINE__, iocnum);
1218                 kfree(karg);
1219                 return -ENODEV;
1220         }
1221
1222         /* Verify the data transfer size is correct. */
1223         if (karg->hdr.maxDataSize != data_size) {
1224                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1225                         "Structure size mismatch. Command not completed.\n",
1226                         ioc->name, __FILE__, __LINE__);
1227                 kfree(karg);
1228                 return -EFAULT;
1229         }
1230
1231         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_getiocinfo called.\n",
1232             ioc->name));
1233
1234         /* Fill in the data and return the structure to the calling
1235          * program
1236          */
1237         if (ioc->bus_type == SAS)
1238                 karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1239         else if (ioc->bus_type == FC)
1240                 karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1241         else
1242                 karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1243
1244         if (karg->hdr.port > 1)
1245                 return -EINVAL;
1246         port = karg->hdr.port;
1247
1248         karg->port = port;
1249         pdev = (struct pci_dev *) ioc->pcidev;
1250
1251         karg->pciId = pdev->device;
1252         pci_read_config_byte(pdev, PCI_CLASS_REVISION, &revision);
1253         karg->hwRev = revision;
1254         karg->subSystemDevice = pdev->subsystem_device;
1255         karg->subSystemVendor = pdev->subsystem_vendor;
1256
1257         if (cim_rev == 1) {
1258                 /* Get the PCI bus, device, and function numbers for the IOC
1259                  */
1260                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1261                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1262                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1263         } else if (cim_rev == 2) {
1264                 /* Get the PCI bus, device, function and segment ID numbers
1265                    for the IOC */
1266                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1267                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1268                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1269                 karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1270         }
1271
1272         /* Get number of devices
1273          */
1274         karg->numDevices = 0;
1275         if (ioc->sh) {
1276                 shost_for_each_device(sdev, ioc->sh) {
1277                         vdevice = sdev->hostdata;
1278                         if (vdevice->vtarget->tflags &
1279                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1280                                 continue;
1281                         karg->numDevices++;
1282                 }
1283         }
1284
1285         /* Set the BIOS and FW Version
1286          */
1287         karg->FWVersion = ioc->facts.FWVersion.Word;
1288         karg->BIOSVersion = ioc->biosVersion;
1289
1290         /* Set the Version Strings.
1291          */
1292         strncpy (karg->driverVersion, MPT_LINUX_PACKAGE_NAME, MPT_IOCTL_VERSION_LENGTH);
1293         karg->driverVersion[MPT_IOCTL_VERSION_LENGTH-1]='\0';
1294
1295         karg->busChangeEvent = 0;
1296         karg->hostId = ioc->pfacts[port].PortSCSIID;
1297         karg->rsvd[0] = karg->rsvd[1] = 0;
1298
1299         /* Copy the data from kernel memory to user memory
1300          */
1301         if (copy_to_user((char __user *)arg, karg, data_size)) {
1302                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1303                         "Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1304                         ioc->name, __FILE__, __LINE__, uarg);
1305                 kfree(karg);
1306                 return -EFAULT;
1307         }
1308
1309         kfree(karg);
1310         return 0;
1311 }
1312
1313 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1314 /*
1315  *      mptctl_gettargetinfo - Query the host adapter for target information.
1316  *      @arg: User space argument
1317  *
1318  * Outputs:     None.
1319  * Return:      0 if successful
1320  *              -EFAULT if data unavailable
1321  *              -ENODEV  if no such device/adapter
1322  */
1323 static int
1324 mptctl_gettargetinfo (unsigned long arg)
1325 {
1326         struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1327         struct mpt_ioctl_targetinfo karg;
1328         MPT_ADAPTER             *ioc;
1329         VirtDevice              *vdevice;
1330         char                    *pmem;
1331         int                     *pdata;
1332         int                     iocnum;
1333         int                     numDevices = 0;
1334         int                     lun;
1335         int                     maxWordsLeft;
1336         int                     numBytes;
1337         u8                      port;
1338         struct scsi_device      *sdev;
1339
1340         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1341                 printk(KERN_ERR MYNAM "%s@%d::mptctl_gettargetinfo - "
1342                         "Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1343                                 __FILE__, __LINE__, uarg);
1344                 return -EFAULT;
1345         }
1346
1347         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1348             (ioc == NULL)) {
1349                 printk(KERN_DEBUG MYNAM "%s::mptctl_gettargetinfo() @%d - ioc%d not found!\n",
1350                                 __FILE__, __LINE__, iocnum);
1351                 return -ENODEV;
1352         }
1353
1354         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n",
1355             ioc->name));
1356         /* Get the port number and set the maximum number of bytes
1357          * in the returned structure.
1358          * Ignore the port setting.
1359          */
1360         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1361         maxWordsLeft = numBytes/sizeof(int);
1362         port = karg.hdr.port;
1363
1364         if (maxWordsLeft <= 0) {
1365                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1366                         ioc->name, __FILE__, __LINE__);
1367                 return -ENOMEM;
1368         }
1369
1370         /* Fill in the data and return the structure to the calling
1371          * program
1372          */
1373
1374         /* struct mpt_ioctl_targetinfo does not contain sufficient space
1375          * for the target structures so when the IOCTL is called, there is
1376          * not sufficient stack space for the structure. Allocate memory,
1377          * populate the memory, copy back to the user, then free memory.
1378          * targetInfo format:
1379          * bits 31-24: reserved
1380          *      23-16: LUN
1381          *      15- 8: Bus Number
1382          *       7- 0: Target ID
1383          */
1384         pmem = kzalloc(numBytes, GFP_KERNEL);
1385         if (!pmem) {
1386                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1387                         ioc->name, __FILE__, __LINE__);
1388                 return -ENOMEM;
1389         }
1390         pdata =  (int *) pmem;
1391
1392         /* Get number of devices
1393          */
1394         if (ioc->sh){
1395                 shost_for_each_device(sdev, ioc->sh) {
1396                         if (!maxWordsLeft)
1397                                 continue;
1398                         vdevice = sdev->hostdata;
1399                         if (vdevice->vtarget->tflags &
1400                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1401                                 continue;
1402                         lun = (vdevice->vtarget->raidVolume) ? 0x80 : vdevice->lun;
1403                         *pdata = (((u8)lun << 16) + (vdevice->vtarget->channel << 8) +
1404                             (vdevice->vtarget->id ));
1405                         pdata++;
1406                         numDevices++;
1407                         --maxWordsLeft;
1408                 }
1409         }
1410         karg.numDevices = numDevices;
1411
1412         /* Copy part of the data from kernel memory to user memory
1413          */
1414         if (copy_to_user((char __user *)arg, &karg,
1415                                 sizeof(struct mpt_ioctl_targetinfo))) {
1416                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1417                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1418                         ioc->name, __FILE__, __LINE__, uarg);
1419                 kfree(pmem);
1420                 return -EFAULT;
1421         }
1422
1423         /* Copy the remaining data from kernel memory to user memory
1424          */
1425         if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1426                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1427                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1428                         ioc->name, __FILE__, __LINE__, pdata);
1429                 kfree(pmem);
1430                 return -EFAULT;
1431         }
1432
1433         kfree(pmem);
1434
1435         return 0;
1436 }
1437
1438 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1439 /* MPT IOCTL Test function.
1440  *
1441  * Outputs:     None.
1442  * Return:      0 if successful
1443  *              -EFAULT if data unavailable
1444  *              -ENODEV  if no such device/adapter
1445  */
1446 static int
1447 mptctl_readtest (unsigned long arg)
1448 {
1449         struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1450         struct mpt_ioctl_test    karg;
1451         MPT_ADAPTER *ioc;
1452         int iocnum;
1453
1454         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1455                 printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - "
1456                         "Unable to read in mpt_ioctl_test struct @ %p\n",
1457                                 __FILE__, __LINE__, uarg);
1458                 return -EFAULT;
1459         }
1460
1461         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1462             (ioc == NULL)) {
1463                 printk(KERN_DEBUG MYNAM "%s::mptctl_readtest() @%d - ioc%d not found!\n",
1464                                 __FILE__, __LINE__, iocnum);
1465                 return -ENODEV;
1466         }
1467
1468         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n",
1469             ioc->name));
1470         /* Fill in the data and return the structure to the calling
1471          * program
1472          */
1473
1474 #ifdef MFCNT
1475         karg.chip_type = ioc->mfcnt;
1476 #else
1477         karg.chip_type = ioc->pcidev->device;
1478 #endif
1479         strncpy (karg.name, ioc->name, MPT_MAX_NAME);
1480         karg.name[MPT_MAX_NAME-1]='\0';
1481         strncpy (karg.product, ioc->prod_name, MPT_PRODUCT_LENGTH);
1482         karg.product[MPT_PRODUCT_LENGTH-1]='\0';
1483
1484         /* Copy the data from kernel memory to user memory
1485          */
1486         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1487                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_readtest - "
1488                         "Unable to write out mpt_ioctl_test struct @ %p\n",
1489                         ioc->name, __FILE__, __LINE__, uarg);
1490                 return -EFAULT;
1491         }
1492
1493         return 0;
1494 }
1495
1496 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1497 /*
1498  *      mptctl_eventquery - Query the host adapter for the event types
1499  *      that are being logged.
1500  *      @arg: User space argument
1501  *
1502  * Outputs:     None.
1503  * Return:      0 if successful
1504  *              -EFAULT if data unavailable
1505  *              -ENODEV  if no such device/adapter
1506  */
1507 static int
1508 mptctl_eventquery (unsigned long arg)
1509 {
1510         struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1511         struct mpt_ioctl_eventquery      karg;
1512         MPT_ADAPTER *ioc;
1513         int iocnum;
1514
1515         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1516                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - "
1517                         "Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1518                                 __FILE__, __LINE__, uarg);
1519                 return -EFAULT;
1520         }
1521
1522         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1523             (ioc == NULL)) {
1524                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventquery() @%d - ioc%d not found!\n",
1525                                 __FILE__, __LINE__, iocnum);
1526                 return -ENODEV;
1527         }
1528
1529         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n",
1530             ioc->name));
1531         karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1532         karg.eventTypes = ioc->eventTypes;
1533
1534         /* Copy the data from kernel memory to user memory
1535          */
1536         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1537                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventquery - "
1538                         "Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1539                         ioc->name, __FILE__, __LINE__, uarg);
1540                 return -EFAULT;
1541         }
1542         return 0;
1543 }
1544
1545 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1546 static int
1547 mptctl_eventenable (unsigned long arg)
1548 {
1549         struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1550         struct mpt_ioctl_eventenable     karg;
1551         MPT_ADAPTER *ioc;
1552         int iocnum;
1553
1554         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1555                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - "
1556                         "Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1557                                 __FILE__, __LINE__, uarg);
1558                 return -EFAULT;
1559         }
1560
1561         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1562             (ioc == NULL)) {
1563                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventenable() @%d - ioc%d not found!\n",
1564                                 __FILE__, __LINE__, iocnum);
1565                 return -ENODEV;
1566         }
1567
1568         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n",
1569             ioc->name));
1570         if (ioc->events == NULL) {
1571                 /* Have not yet allocated memory - do so now.
1572                  */
1573                 int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1574                 ioc->events = kzalloc(sz, GFP_KERNEL);
1575                 if (!ioc->events) {
1576                         printk(MYIOC_s_ERR_FMT
1577                             ": ERROR - Insufficient memory to add adapter!\n",
1578                             ioc->name);
1579                         return -ENOMEM;
1580                 }
1581                 ioc->alloc_total += sz;
1582
1583                 ioc->eventContext = 0;
1584         }
1585
1586         /* Update the IOC event logging flag.
1587          */
1588         ioc->eventTypes = karg.eventTypes;
1589
1590         return 0;
1591 }
1592
1593 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1594 static int
1595 mptctl_eventreport (unsigned long arg)
1596 {
1597         struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1598         struct mpt_ioctl_eventreport     karg;
1599         MPT_ADAPTER              *ioc;
1600         int                      iocnum;
1601         int                      numBytes, maxEvents, max;
1602
1603         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1604                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventreport - "
1605                         "Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1606                                 __FILE__, __LINE__, uarg);
1607                 return -EFAULT;
1608         }
1609
1610         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1611             (ioc == NULL)) {
1612                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventreport() @%d - ioc%d not found!\n",
1613                                 __FILE__, __LINE__, iocnum);
1614                 return -ENODEV;
1615         }
1616         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n",
1617             ioc->name));
1618
1619         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1620         maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1621
1622
1623         max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1624
1625         /* If fewer than 1 event is requested, there must have
1626          * been some type of error.
1627          */
1628         if ((max < 1) || !ioc->events)
1629                 return -ENODATA;
1630
1631         /* reset this flag so SIGIO can restart */
1632         ioc->aen_event_read_flag=0;
1633
1634         /* Copy the data from kernel memory to user memory
1635          */
1636         numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1637         if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1638                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventreport - "
1639                         "Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1640                         ioc->name, __FILE__, __LINE__, ioc->events);
1641                 return -EFAULT;
1642         }
1643
1644         return 0;
1645 }
1646
1647 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1648 static int
1649 mptctl_replace_fw (unsigned long arg)
1650 {
1651         struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1652         struct mpt_ioctl_replace_fw      karg;
1653         MPT_ADAPTER              *ioc;
1654         int                      iocnum;
1655         int                      newFwSize;
1656
1657         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1658                 printk(KERN_ERR MYNAM "%s@%d::mptctl_replace_fw - "
1659                         "Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1660                                 __FILE__, __LINE__, uarg);
1661                 return -EFAULT;
1662         }
1663
1664         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1665             (ioc == NULL)) {
1666                 printk(KERN_DEBUG MYNAM "%s::mptctl_replace_fw() @%d - ioc%d not found!\n",
1667                                 __FILE__, __LINE__, iocnum);
1668                 return -ENODEV;
1669         }
1670
1671         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n",
1672             ioc->name));
1673         /* If caching FW, Free the old FW image
1674          */
1675         if (ioc->cached_fw == NULL)
1676                 return 0;
1677
1678         mpt_free_fw_memory(ioc);
1679
1680         /* Allocate memory for the new FW image
1681          */
1682         newFwSize = karg.newImageSize;
1683
1684         if (newFwSize & 0x01)
1685                 newFwSize += 1;
1686         if (newFwSize & 0x02)
1687                 newFwSize += 2;
1688
1689         mpt_alloc_fw_memory(ioc, newFwSize);
1690         if (ioc->cached_fw == NULL)
1691                 return -ENOMEM;
1692
1693         /* Copy the data from user memory to kernel space
1694          */
1695         if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1696                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_replace_fw - "
1697                                 "Unable to read in mpt_ioctl_replace_fw image "
1698                                 "@ %p\n", ioc->name, __FILE__, __LINE__, uarg);
1699                 mpt_free_fw_memory(ioc);
1700                 return -EFAULT;
1701         }
1702
1703         /* Update IOCFactsReply
1704          */
1705         ioc->facts.FWImageSize = newFwSize;
1706         return 0;
1707 }
1708
1709 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1710 /* MPT IOCTL MPTCOMMAND function.
1711  * Cast the arg into the mpt_ioctl_mpt_command structure.
1712  *
1713  * Outputs:     None.
1714  * Return:      0 if successful
1715  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1716  *              -EFAULT if data unavailable
1717  *              -ENODEV if no such device/adapter
1718  *              -ETIME  if timer expires
1719  *              -ENOMEM if memory allocation error
1720  */
1721 static int
1722 mptctl_mpt_command (unsigned long arg)
1723 {
1724         struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1725         struct mpt_ioctl_command  karg;
1726         MPT_ADAPTER     *ioc;
1727         int             iocnum;
1728         int             rc;
1729
1730
1731         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1732                 printk(KERN_ERR MYNAM "%s@%d::mptctl_mpt_command - "
1733                         "Unable to read in mpt_ioctl_command struct @ %p\n",
1734                                 __FILE__, __LINE__, uarg);
1735                 return -EFAULT;
1736         }
1737
1738         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1739             (ioc == NULL)) {
1740                 printk(KERN_DEBUG MYNAM "%s::mptctl_mpt_command() @%d - ioc%d not found!\n",
1741                                 __FILE__, __LINE__, iocnum);
1742                 return -ENODEV;
1743         }
1744
1745         rc = mptctl_do_mpt_command (karg, &uarg->MF);
1746
1747         return rc;
1748 }
1749
1750 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1751 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1752  *
1753  * Outputs:     None.
1754  * Return:      0 if successful
1755  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1756  *              -EFAULT if data unavailable
1757  *              -ENODEV if no such device/adapter
1758  *              -ETIME  if timer expires
1759  *              -ENOMEM if memory allocation error
1760  *              -EPERM if SCSI I/O and target is untagged
1761  */
1762 static int
1763 mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr)
1764 {
1765         MPT_ADAPTER     *ioc;
1766         MPT_FRAME_HDR   *mf = NULL;
1767         MPIHeader_t     *hdr;
1768         char            *psge;
1769         struct buflist  bufIn;  /* data In buffer */
1770         struct buflist  bufOut; /* data Out buffer */
1771         dma_addr_t      dma_addr_in;
1772         dma_addr_t      dma_addr_out;
1773         int             sgSize = 0;     /* Num SG elements */
1774         int             iocnum, flagsLength;
1775         int             sz, rc = 0;
1776         int             msgContext;
1777         u16             req_idx;
1778         ulong           timeout;
1779         struct scsi_device *sdev;
1780
1781         /* bufIn and bufOut are used for user to kernel space transfers
1782          */
1783         bufIn.kptr = bufOut.kptr = NULL;
1784         bufIn.len = bufOut.len = 0;
1785
1786         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1787             (ioc == NULL)) {
1788                 printk(KERN_DEBUG MYNAM "%s::mptctl_do_mpt_command() @%d - ioc%d not found!\n",
1789                                 __FILE__, __LINE__, iocnum);
1790                 return -ENODEV;
1791         }
1792         if (!ioc->ioctl) {
1793                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1794                         "No memory available during driver init.\n",
1795                                 __FILE__, __LINE__);
1796                 return -ENOMEM;
1797         } else if (ioc->ioctl->status & MPT_IOCTL_STATUS_DID_IOCRESET) {
1798                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1799                         "Busy with IOC Reset \n", __FILE__, __LINE__);
1800                 return -EBUSY;
1801         }
1802
1803         /* Verify that the final request frame will not be too large.
1804          */
1805         sz = karg.dataSgeOffset * 4;
1806         if (karg.dataInSize > 0)
1807                 sz += sizeof(dma_addr_t) + sizeof(u32);
1808         if (karg.dataOutSize > 0)
1809                 sz += sizeof(dma_addr_t) + sizeof(u32);
1810
1811         if (sz > ioc->req_sz) {
1812                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1813                         "Request frame too large (%d) maximum (%d)\n",
1814                         ioc->name, __FILE__, __LINE__, sz, ioc->req_sz);
1815                 return -EFAULT;
1816         }
1817
1818         /* Get a free request frame and save the message context.
1819          */
1820         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1821                 return -EAGAIN;
1822
1823         hdr = (MPIHeader_t *) mf;
1824         msgContext = le32_to_cpu(hdr->MsgContext);
1825         req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1826
1827         /* Copy the request frame
1828          * Reset the saved message context.
1829          * Request frame in user space
1830          */
1831         if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1832                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1833                         "Unable to read MF from mpt_ioctl_command struct @ %p\n",
1834                         ioc->name, __FILE__, __LINE__, mfPtr);
1835                 rc = -EFAULT;
1836                 goto done_free_mem;
1837         }
1838         hdr->MsgContext = cpu_to_le32(msgContext);
1839
1840
1841         /* Verify that this request is allowed.
1842          */
1843         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sending mpi function (0x%02X), req=%p\n",
1844             ioc->name, hdr->Function, mf));
1845
1846         switch (hdr->Function) {
1847         case MPI_FUNCTION_IOC_FACTS:
1848         case MPI_FUNCTION_PORT_FACTS:
1849                 karg.dataOutSize  = karg.dataInSize = 0;
1850                 break;
1851
1852         case MPI_FUNCTION_CONFIG:
1853         {
1854                 Config_t *config_frame;
1855                 config_frame = (Config_t *)mf;
1856                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\ttype=0x%02x ext_type=0x%02x "
1857                     "number=0x%02x action=0x%02x\n", ioc->name,
1858                     config_frame->Header.PageType,
1859                     config_frame->ExtPageType,
1860                     config_frame->Header.PageNumber,
1861                     config_frame->Action));
1862                 break;
1863         }
1864
1865         case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1866         case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1867         case MPI_FUNCTION_FW_UPLOAD:
1868         case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1869         case MPI_FUNCTION_FW_DOWNLOAD:
1870         case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1871         case MPI_FUNCTION_TOOLBOX:
1872         case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1873                 break;
1874
1875         case MPI_FUNCTION_SCSI_IO_REQUEST:
1876                 if (ioc->sh) {
1877                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1878                         int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1879                         int scsidir = 0;
1880                         int dataSize;
1881                         u32 id;
1882
1883                         id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1884                         if (pScsiReq->TargetID > id) {
1885                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1886                                         "Target ID out of bounds. \n",
1887                                         ioc->name, __FILE__, __LINE__);
1888                                 rc = -ENODEV;
1889                                 goto done_free_mem;
1890                         }
1891
1892                         if (pScsiReq->Bus >= ioc->number_of_buses) {
1893                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1894                                         "Target Bus out of bounds. \n",
1895                                         ioc->name, __FILE__, __LINE__);
1896                                 rc = -ENODEV;
1897                                 goto done_free_mem;
1898                         }
1899
1900                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1901                         pScsiReq->MsgFlags |= mpt_msg_flags();
1902
1903
1904                         /* verify that app has not requested
1905                          *      more sense data than driver
1906                          *      can provide, if so, reset this parameter
1907                          * set the sense buffer pointer low address
1908                          * update the control field to specify Q type
1909                          */
1910                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1911                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1912                         else
1913                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1914
1915                         pScsiReq->SenseBufferLowAddr =
1916                                 cpu_to_le32(ioc->sense_buf_low_dma
1917                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1918
1919                         shost_for_each_device(sdev, ioc->sh) {
1920                                 struct scsi_target *starget = scsi_target(sdev);
1921                                 VirtTarget *vtarget = starget->hostdata;
1922
1923                                 if ((pScsiReq->TargetID == vtarget->id) &&
1924                                     (pScsiReq->Bus == vtarget->channel) &&
1925                                     (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1926                                         qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1927                         }
1928
1929                         /* Have the IOCTL driver set the direction based
1930                          * on the dataOutSize (ordering issue with Sparc).
1931                          */
1932                         if (karg.dataOutSize > 0) {
1933                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
1934                                 dataSize = karg.dataOutSize;
1935                         } else {
1936                                 scsidir = MPI_SCSIIO_CONTROL_READ;
1937                                 dataSize = karg.dataInSize;
1938                         }
1939
1940                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1941                         pScsiReq->DataLength = cpu_to_le32(dataSize);
1942
1943                         ioc->ioctl->reset = MPTCTL_RESET_OK;
1944                         ioc->ioctl->id = pScsiReq->TargetID;
1945
1946                 } else {
1947                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1948                                 "SCSI driver is not loaded. \n",
1949                                 ioc->name, __FILE__, __LINE__);
1950                         rc = -EFAULT;
1951                         goto done_free_mem;
1952                 }
1953                 break;
1954
1955         case MPI_FUNCTION_SMP_PASSTHROUGH:
1956                 /* Check mf->PassthruFlags to determine if
1957                  * transfer is ImmediateMode or not.
1958                  * Immediate mode returns data in the ReplyFrame.
1959                  * Else, we are sending request and response data
1960                  * in two SGLs at the end of the mf.
1961                  */
1962                 break;
1963
1964         case MPI_FUNCTION_SATA_PASSTHROUGH:
1965                 if (!ioc->sh) {
1966                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1967                                 "SCSI driver is not loaded. \n",
1968                                 ioc->name, __FILE__, __LINE__);
1969                         rc = -EFAULT;
1970                         goto done_free_mem;
1971                 }
1972                 break;
1973
1974         case MPI_FUNCTION_RAID_ACTION:
1975                 /* Just add a SGE
1976                  */
1977                 break;
1978
1979         case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
1980                 if (ioc->sh) {
1981                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1982                         int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1983                         int scsidir = MPI_SCSIIO_CONTROL_READ;
1984                         int dataSize;
1985
1986                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1987                         pScsiReq->MsgFlags |= mpt_msg_flags();
1988
1989
1990                         /* verify that app has not requested
1991                          *      more sense data than driver
1992                          *      can provide, if so, reset this parameter
1993                          * set the sense buffer pointer low address
1994                          * update the control field to specify Q type
1995                          */
1996                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1997                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1998                         else
1999                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
2000
2001                         pScsiReq->SenseBufferLowAddr =
2002                                 cpu_to_le32(ioc->sense_buf_low_dma
2003                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
2004
2005                         /* All commands to physical devices are tagged
2006                          */
2007
2008                         /* Have the IOCTL driver set the direction based
2009                          * on the dataOutSize (ordering issue with Sparc).
2010                          */
2011                         if (karg.dataOutSize > 0) {
2012                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
2013                                 dataSize = karg.dataOutSize;
2014                         } else {
2015                                 scsidir = MPI_SCSIIO_CONTROL_READ;
2016                                 dataSize = karg.dataInSize;
2017                         }
2018
2019                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
2020                         pScsiReq->DataLength = cpu_to_le32(dataSize);
2021
2022                         ioc->ioctl->reset = MPTCTL_RESET_OK;
2023                         ioc->ioctl->id = pScsiReq->TargetID;
2024                 } else {
2025                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2026                                 "SCSI driver is not loaded. \n",
2027                                 ioc->name, __FILE__, __LINE__);
2028                         rc = -EFAULT;
2029                         goto done_free_mem;
2030                 }
2031                 break;
2032
2033         case MPI_FUNCTION_SCSI_TASK_MGMT:
2034                 {
2035                         MPT_SCSI_HOST *hd = NULL;
2036                         if ((ioc->sh == NULL) || ((hd = shost_priv(ioc->sh)) == NULL)) {
2037                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2038                                         "SCSI driver not loaded or SCSI host not found. \n",
2039                                         ioc->name, __FILE__, __LINE__);
2040                                 rc = -EFAULT;
2041                                 goto done_free_mem;
2042                         } else if (mptctl_set_tm_flags(hd) != 0) {
2043                                 rc = -EPERM;
2044                                 goto done_free_mem;
2045                         }
2046                 }
2047                 break;
2048
2049         case MPI_FUNCTION_IOC_INIT:
2050                 {
2051                         IOCInit_t       *pInit = (IOCInit_t *) mf;
2052                         u32             high_addr, sense_high;
2053
2054                         /* Verify that all entries in the IOC INIT match
2055                          * existing setup (and in LE format).
2056                          */
2057                         if (sizeof(dma_addr_t) == sizeof(u64)) {
2058                                 high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2059                                 sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2060                         } else {
2061                                 high_addr = 0;
2062                                 sense_high= 0;
2063                         }
2064
2065                         if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2066                                 (pInit->MaxBuses != ioc->facts.MaxBuses) ||
2067                                 (pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2068                                 (pInit->HostMfaHighAddr != high_addr) ||
2069                                 (pInit->SenseBufferHighAddr != sense_high)) {
2070                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2071                                         "IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2072                                         ioc->name, __FILE__, __LINE__);
2073                                 rc = -EFAULT;
2074                                 goto done_free_mem;
2075                         }
2076                 }
2077                 break;
2078         default:
2079                 /*
2080                  * MPI_FUNCTION_PORT_ENABLE
2081                  * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2082                  * MPI_FUNCTION_TARGET_ASSIST
2083                  * MPI_FUNCTION_TARGET_STATUS_SEND
2084                  * MPI_FUNCTION_TARGET_MODE_ABORT
2085                  * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2086                  * MPI_FUNCTION_IO_UNIT_RESET
2087                  * MPI_FUNCTION_HANDSHAKE
2088                  * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2089                  * MPI_FUNCTION_EVENT_NOTIFICATION
2090                  *  (driver handles event notification)
2091                  * MPI_FUNCTION_EVENT_ACK
2092                  */
2093
2094                 /*  What to do with these???  CHECK ME!!!
2095                         MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2096                         MPI_FUNCTION_FC_LINK_SRVC_RSP
2097                         MPI_FUNCTION_FC_ABORT
2098                         MPI_FUNCTION_LAN_SEND
2099                         MPI_FUNCTION_LAN_RECEIVE
2100                         MPI_FUNCTION_LAN_RESET
2101                 */
2102
2103                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2104                         "Illegal request (function 0x%x) \n",
2105                         ioc->name, __FILE__, __LINE__, hdr->Function);
2106                 rc = -EFAULT;
2107                 goto done_free_mem;
2108         }
2109
2110         /* Add the SGL ( at most one data in SGE and one data out SGE )
2111          * In the case of two SGE's - the data out (write) will always
2112          * preceede the data in (read) SGE. psgList is used to free the
2113          * allocated memory.
2114          */
2115         psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2116         flagsLength = 0;
2117
2118         if (karg.dataOutSize > 0)
2119                 sgSize ++;
2120
2121         if (karg.dataInSize > 0)
2122                 sgSize ++;
2123
2124         if (sgSize > 0) {
2125
2126                 /* Set up the dataOut memory allocation */
2127                 if (karg.dataOutSize > 0) {
2128                         if (karg.dataInSize > 0) {
2129                                 flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2130                                                 MPI_SGE_FLAGS_END_OF_BUFFER |
2131                                                 MPI_SGE_FLAGS_DIRECTION |
2132                                                 mpt_addr_size() )
2133                                                 << MPI_SGE_FLAGS_SHIFT;
2134                         } else {
2135                                 flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2136                         }
2137                         flagsLength |= karg.dataOutSize;
2138                         bufOut.len = karg.dataOutSize;
2139                         bufOut.kptr = pci_alloc_consistent(
2140                                         ioc->pcidev, bufOut.len, &dma_addr_out);
2141
2142                         if (bufOut.kptr == NULL) {
2143                                 rc = -ENOMEM;
2144                                 goto done_free_mem;
2145                         } else {
2146                                 /* Set up this SGE.
2147                                  * Copy to MF and to sglbuf
2148                                  */
2149                                 mpt_add_sge(psge, flagsLength, dma_addr_out);
2150                                 psge += (sizeof(u32) + sizeof(dma_addr_t));
2151
2152                                 /* Copy user data to kernel space.
2153                                  */
2154                                 if (copy_from_user(bufOut.kptr,
2155                                                 karg.dataOutBufPtr,
2156                                                 bufOut.len)) {
2157                                         printk(MYIOC_s_ERR_FMT
2158                                                 "%s@%d::mptctl_do_mpt_command - Unable "
2159                                                 "to read user data "
2160                                                 "struct @ %p\n",
2161                                                 ioc->name, __FILE__, __LINE__,karg.dataOutBufPtr);
2162                                         rc =  -EFAULT;
2163                                         goto done_free_mem;
2164                                 }
2165                         }
2166                 }
2167
2168                 if (karg.dataInSize > 0) {
2169                         flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2170                         flagsLength |= karg.dataInSize;
2171
2172                         bufIn.len = karg.dataInSize;
2173                         bufIn.kptr = pci_alloc_consistent(ioc->pcidev,
2174                                         bufIn.len, &dma_addr_in);
2175
2176                         if (bufIn.kptr == NULL) {
2177                                 rc = -ENOMEM;
2178                                 goto done_free_mem;
2179                         } else {
2180                                 /* Set up this SGE
2181                                  * Copy to MF and to sglbuf
2182                                  */
2183                                 mpt_add_sge(psge, flagsLength, dma_addr_in);
2184                         }
2185                 }
2186         } else  {
2187                 /* Add a NULL SGE
2188                  */
2189                 mpt_add_sge(psge, flagsLength, (dma_addr_t) -1);
2190         }
2191
2192         ioc->ioctl->wait_done = 0;
2193         if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2194
2195                 DBG_DUMP_TM_REQUEST_FRAME(ioc, (u32 *)mf);
2196
2197                 if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
2198                     (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
2199                         mpt_put_msg_frame_hi_pri(mptctl_id, ioc, mf);
2200                 else {
2201                         rc =mpt_send_handshake_request(mptctl_id, ioc,
2202                                 sizeof(SCSITaskMgmt_t), (u32*)mf, CAN_SLEEP);
2203                         if (rc != 0) {
2204                                 dfailprintk(ioc, printk(MYIOC_s_ERR_FMT
2205                                     "_send_handshake FAILED! (ioc %p, mf %p)\n",
2206                                     ioc->name, ioc, mf));
2207                                 mptctl_free_tm_flags(ioc);
2208                                 rc = -ENODATA;
2209                                 goto done_free_mem;
2210                         }
2211                 }
2212
2213         } else
2214                 mpt_put_msg_frame(mptctl_id, ioc, mf);
2215
2216         /* Now wait for the command to complete */
2217         timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2218         timeout = wait_event_timeout(mptctl_wait,
2219              ioc->ioctl->wait_done == 1,
2220              HZ*timeout);
2221
2222         if(timeout <=0 && (ioc->ioctl->wait_done != 1 )) {
2223         /* Now we need to reset the board */
2224
2225                 if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT)
2226                         mptctl_free_tm_flags(ioc);
2227
2228                 mptctl_timeout_expired(ioc->ioctl);
2229                 rc = -ENODATA;
2230                 goto done_free_mem;
2231         }
2232
2233         mf = NULL;
2234
2235         /* If a valid reply frame, copy to the user.
2236          * Offset 2: reply length in U32's
2237          */
2238         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID) {
2239                 if (karg.maxReplyBytes < ioc->reply_sz) {
2240                          sz = min(karg.maxReplyBytes, 4*ioc->ioctl->ReplyFrame[2]);
2241                 } else {
2242                          sz = min(ioc->reply_sz, 4*ioc->ioctl->ReplyFrame[2]);
2243                 }
2244
2245                 if (sz > 0) {
2246                         if (copy_to_user(karg.replyFrameBufPtr,
2247                                  &ioc->ioctl->ReplyFrame, sz)){
2248                                  printk(MYIOC_s_ERR_FMT
2249                                      "%s@%d::mptctl_do_mpt_command - "
2250                                  "Unable to write out reply frame %p\n",
2251                                  ioc->name, __FILE__, __LINE__, karg.replyFrameBufPtr);
2252                                  rc =  -ENODATA;
2253                                  goto done_free_mem;
2254                         }
2255                 }
2256         }
2257
2258         /* If valid sense data, copy to user.
2259          */
2260         if (ioc->ioctl->status & MPT_IOCTL_STATUS_SENSE_VALID) {
2261                 sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2262                 if (sz > 0) {
2263                         if (copy_to_user(karg.senseDataPtr, ioc->ioctl->sense, sz)) {
2264                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2265                                 "Unable to write sense data to user %p\n",
2266                                 ioc->name, __FILE__, __LINE__,
2267                                 karg.senseDataPtr);
2268                                 rc =  -ENODATA;
2269                                 goto done_free_mem;
2270                         }
2271                 }
2272         }
2273
2274         /* If the overall status is _GOOD and data in, copy data
2275          * to user.
2276          */
2277         if ((ioc->ioctl->status & MPT_IOCTL_STATUS_COMMAND_GOOD) &&
2278                                 (karg.dataInSize > 0) && (bufIn.kptr)) {
2279
2280                 if (copy_to_user(karg.dataInBufPtr,
2281                                  bufIn.kptr, karg.dataInSize)) {
2282                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2283                                 "Unable to write data to user %p\n",
2284                                 ioc->name, __FILE__, __LINE__,
2285                                 karg.dataInBufPtr);
2286                         rc =  -ENODATA;
2287                 }
2288         }
2289
2290 done_free_mem:
2291
2292         ioc->ioctl->status &= ~(MPT_IOCTL_STATUS_COMMAND_GOOD |
2293                 MPT_IOCTL_STATUS_SENSE_VALID |
2294                 MPT_IOCTL_STATUS_RF_VALID );
2295
2296         /* Free the allocated memory.
2297          */
2298         if (bufOut.kptr != NULL) {
2299                 pci_free_consistent(ioc->pcidev,
2300                         bufOut.len, (void *) bufOut.kptr, dma_addr_out);
2301         }
2302
2303         if (bufIn.kptr != NULL) {
2304                 pci_free_consistent(ioc->pcidev,
2305                         bufIn.len, (void *) bufIn.kptr, dma_addr_in);
2306         }
2307
2308         /* mf is null if command issued successfully
2309          * otherwise, failure occured after mf acquired.
2310          */
2311         if (mf)
2312                 mpt_free_msg_frame(ioc, mf);
2313
2314         return rc;
2315 }
2316
2317 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2318 /* Prototype Routine for the HOST INFO command.
2319  *
2320  * Outputs:     None.
2321  * Return:      0 if successful
2322  *              -EFAULT if data unavailable
2323  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2324  *              -ENODEV if no such device/adapter
2325  *              -ETIME  if timer expires
2326  *              -ENOMEM if memory allocation error
2327  */
2328 static int
2329 mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size)
2330 {
2331         hp_host_info_t  __user *uarg = (void __user *) arg;
2332         MPT_ADAPTER             *ioc;
2333         struct pci_dev          *pdev;
2334         char                    *pbuf=NULL;
2335         dma_addr_t              buf_dma;
2336         hp_host_info_t          karg;
2337         CONFIGPARMS             cfg;
2338         ConfigPageHeader_t      hdr;
2339         int                     iocnum;
2340         int                     rc, cim_rev;
2341         ToolboxIstwiReadWriteRequest_t  *IstwiRWRequest;
2342         MPT_FRAME_HDR           *mf = NULL;
2343         MPIHeader_t             *mpi_hdr;
2344
2345         /* Reset long to int. Should affect IA64 and SPARC only
2346          */
2347         if (data_size == sizeof(hp_host_info_t))
2348                 cim_rev = 1;
2349         else if (data_size == sizeof(hp_host_info_rev0_t))
2350                 cim_rev = 0;    /* obsolete */
2351         else
2352                 return -EFAULT;
2353
2354         if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2355                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_host_info - "
2356                         "Unable to read in hp_host_info struct @ %p\n",
2357                                 __FILE__, __LINE__, uarg);
2358                 return -EFAULT;
2359         }
2360
2361         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2362             (ioc == NULL)) {
2363                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_hostinfo() @%d - ioc%d not found!\n",
2364                                 __FILE__, __LINE__, iocnum);
2365                 return -ENODEV;
2366         }
2367         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n",
2368             ioc->name));
2369
2370         /* Fill in the data and return the structure to the calling
2371          * program
2372          */
2373         pdev = (struct pci_dev *) ioc->pcidev;
2374
2375         karg.vendor = pdev->vendor;
2376         karg.device = pdev->device;
2377         karg.subsystem_id = pdev->subsystem_device;
2378         karg.subsystem_vendor = pdev->subsystem_vendor;
2379         karg.devfn = pdev->devfn;
2380         karg.bus = pdev->bus->number;
2381
2382         /* Save the SCSI host no. if
2383          * SCSI driver loaded
2384          */
2385         if (ioc->sh != NULL)
2386                 karg.host_no = ioc->sh->host_no;
2387         else
2388                 karg.host_no =  -1;
2389
2390         /* Reformat the fw_version into a string
2391          */
2392         karg.fw_version[0] = ioc->facts.FWVersion.Struct.Major >= 10 ?
2393                 ((ioc->facts.FWVersion.Struct.Major / 10) + '0') : '0';
2394         karg.fw_version[1] = (ioc->facts.FWVersion.Struct.Major % 10 ) + '0';
2395         karg.fw_version[2] = '.';
2396         karg.fw_version[3] = ioc->facts.FWVersion.Struct.Minor >= 10 ?
2397                 ((ioc->facts.FWVersion.Struct.Minor / 10) + '0') : '0';
2398         karg.fw_version[4] = (ioc->facts.FWVersion.Struct.Minor % 10 ) + '0';
2399         karg.fw_version[5] = '.';
2400         karg.fw_version[6] = ioc->facts.FWVersion.Struct.Unit >= 10 ?
2401                 ((ioc->facts.FWVersion.Struct.Unit / 10) + '0') : '0';
2402         karg.fw_version[7] = (ioc->facts.FWVersion.Struct.Unit % 10 ) + '0';
2403         karg.fw_version[8] = '.';
2404         karg.fw_version[9] = ioc->facts.FWVersion.Struct.Dev >= 10 ?
2405                 ((ioc->facts.FWVersion.Struct.Dev / 10) + '0') : '0';
2406         karg.fw_version[10] = (ioc->facts.FWVersion.Struct.Dev % 10 ) + '0';
2407         karg.fw_version[11] = '\0';
2408
2409         /* Issue a config request to get the device serial number
2410          */
2411         hdr.PageVersion = 0;
2412         hdr.PageLength = 0;
2413         hdr.PageNumber = 0;
2414         hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2415         cfg.cfghdr.hdr = &hdr;
2416         cfg.physAddr = -1;
2417         cfg.pageAddr = 0;
2418         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2419         cfg.dir = 0;    /* read */
2420         cfg.timeout = 10;
2421
2422         strncpy(karg.serial_number, " ", 24);
2423         if (mpt_config(ioc, &cfg) == 0) {
2424                 if (cfg.cfghdr.hdr->PageLength > 0) {
2425                         /* Issue the second config page request */
2426                         cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2427
2428                         pbuf = pci_alloc_consistent(ioc->pcidev, hdr.PageLength * 4, &buf_dma);
2429                         if (pbuf) {
2430                                 cfg.physAddr = buf_dma;
2431                                 if (mpt_config(ioc, &cfg) == 0) {
2432                                         ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2433                                         if (strlen(pdata->BoardTracerNumber) > 1) {
2434                                                 strncpy(karg.serial_number,                                                                         pdata->BoardTracerNumber, 24);
2435                                                 karg.serial_number[24-1]='\0';
2436                                         }
2437                                 }
2438                                 pci_free_consistent(ioc->pcidev, hdr.PageLength * 4, pbuf, buf_dma);
2439                                 pbuf = NULL;
2440                         }
2441                 }
2442         }
2443         rc = mpt_GetIocState(ioc, 1);
2444         switch (rc) {
2445         case MPI_IOC_STATE_OPERATIONAL:
2446                 karg.ioc_status =  HP_STATUS_OK;
2447                 break;
2448
2449         case MPI_IOC_STATE_FAULT:
2450                 karg.ioc_status =  HP_STATUS_FAILED;
2451                 break;
2452
2453         case MPI_IOC_STATE_RESET:
2454         case MPI_IOC_STATE_READY:
2455         default:
2456                 karg.ioc_status =  HP_STATUS_OTHER;
2457                 break;
2458         }
2459
2460         karg.base_io_addr = pci_resource_start(pdev, 0);
2461
2462         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2463                 karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2464         else
2465                 karg.bus_phys_width = HP_BUS_WIDTH_16;
2466
2467         karg.hard_resets = 0;
2468         karg.soft_resets = 0;
2469         karg.timeouts = 0;
2470         if (ioc->sh != NULL) {
2471                 MPT_SCSI_HOST *hd =  shost_priv(ioc->sh);
2472
2473                 if (hd && (cim_rev == 1)) {
2474                         karg.hard_resets = hd->hard_resets;
2475                         karg.soft_resets = hd->soft_resets;
2476                         karg.timeouts = hd->timeouts;
2477                 }
2478         }
2479
2480         /* 
2481          * Gather ISTWI(Industry Standard Two Wire Interface) Data
2482          */
2483         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2484                 dfailprintk(ioc, printk(MYIOC_s_WARN_FMT "%s, no msg frames!!\n",
2485                     ioc->name,__func__));
2486                 goto out;
2487         }
2488
2489         IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2490         mpi_hdr = (MPIHeader_t *) mf;
2491         memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2492         IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2493         IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2494         IstwiRWRequest->MsgContext = mpi_hdr->MsgContext;
2495         IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2496         IstwiRWRequest->NumAddressBytes = 0x01;
2497         IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2498         if (pdev->devfn & 1)
2499                 IstwiRWRequest->DeviceAddr = 0xB2;
2500         else
2501                 IstwiRWRequest->DeviceAddr = 0xB0;
2502
2503         pbuf = pci_alloc_consistent(ioc->pcidev, 4, &buf_dma);
2504         if (!pbuf)
2505                 goto out;
2506         mpt_add_sge((char *)&IstwiRWRequest->SGL,
2507             (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2508
2509         ioc->ioctl->wait_done = 0;
2510         mpt_put_msg_frame(mptctl_id, ioc, mf);
2511
2512         rc = wait_event_timeout(mptctl_wait,
2513              ioc->ioctl->wait_done == 1,
2514              HZ*MPT_IOCTL_DEFAULT_TIMEOUT /* 10 sec */);
2515
2516         if(rc <=0 && (ioc->ioctl->wait_done != 1 )) {
2517                 /*
2518                  * Now we need to reset the board
2519                  */
2520                 mpt_free_msg_frame(ioc, mf);
2521                 mptctl_timeout_expired(ioc->ioctl);
2522                 goto out;
2523         }
2524
2525         /*
2526          *ISTWI Data Definition
2527          * pbuf[0] = FW_VERSION = 0x4
2528          * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2529          *  the config, you should be seeing one out of these three values
2530          * pbuf[2] = Drive Installed Map = bit pattern depend on which
2531          *   bays have drives in them
2532          * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2533          */
2534         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID)
2535                 karg.rsvd = *(u32 *)pbuf;
2536
2537  out:
2538         if (pbuf)
2539                 pci_free_consistent(ioc->pcidev, 4, pbuf, buf_dma);
2540
2541         /* Copy the data from kernel memory to user memory
2542          */
2543         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2544                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hpgethostinfo - "
2545                         "Unable to write out hp_host_info @ %p\n",
2546                         ioc->name, __FILE__, __LINE__, uarg);
2547                 return -EFAULT;
2548         }
2549
2550         return 0;
2551
2552 }
2553
2554 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2555 /* Prototype Routine for the TARGET INFO command.
2556  *
2557  * Outputs:     None.
2558  * Return:      0 if successful
2559  *              -EFAULT if data unavailable
2560  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2561  *              -ENODEV if no such device/adapter
2562  *              -ETIME  if timer expires
2563  *              -ENOMEM if memory allocation error
2564  */
2565 static int
2566 mptctl_hp_targetinfo(unsigned long arg)
2567 {
2568         hp_target_info_t __user *uarg = (void __user *) arg;
2569         SCSIDevicePage0_t       *pg0_alloc;
2570         SCSIDevicePage3_t       *pg3_alloc;
2571         MPT_ADAPTER             *ioc;
2572         MPT_SCSI_HOST           *hd = NULL;
2573         hp_target_info_t        karg;
2574         int                     iocnum;
2575         int                     data_sz;
2576         dma_addr_t              page_dma;
2577         CONFIGPARMS             cfg;
2578         ConfigPageHeader_t      hdr;
2579         int                     tmp, np, rc = 0;
2580
2581         if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2582                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_targetinfo - "
2583                         "Unable to read in hp_host_targetinfo struct @ %p\n",
2584                                 __FILE__, __LINE__, uarg);
2585                 return -EFAULT;
2586         }
2587
2588         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2589                 (ioc == NULL)) {
2590                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_targetinfo() @%d - ioc%d not found!\n",
2591                                 __FILE__, __LINE__, iocnum);
2592                 return -ENODEV;
2593         }
2594         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n",
2595             ioc->name));
2596
2597         /*  There is nothing to do for FCP parts.
2598          */
2599         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2600                 return 0;
2601
2602         if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2603                 return 0;
2604
2605         if (ioc->sh->host_no != karg.hdr.host)
2606                 return -ENODEV;
2607
2608        /* Get the data transfer speeds
2609         */
2610         data_sz = ioc->spi_data.sdp0length * 4;
2611         pg0_alloc = (SCSIDevicePage0_t *) pci_alloc_consistent(ioc->pcidev, data_sz, &page_dma);
2612         if (pg0_alloc) {
2613                 hdr.PageVersion = ioc->spi_data.sdp0version;
2614                 hdr.PageLength = data_sz;
2615                 hdr.PageNumber = 0;
2616                 hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2617
2618                 cfg.cfghdr.hdr = &hdr;
2619                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2620                 cfg.dir = 0;
2621                 cfg.timeout = 0;
2622                 cfg.physAddr = page_dma;
2623
2624                 cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2625
2626                 if ((rc = mpt_config(ioc, &cfg)) == 0) {
2627                         np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2628                         karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2629                                         HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2630
2631                         if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2632                                 tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2633                                 if (tmp < 0x09)
2634                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2635                                 else if (tmp <= 0x09)
2636                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2637                                 else if (tmp <= 0x0A)
2638                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2639                                 else if (tmp <= 0x0C)
2640                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2641                                 else if (tmp <= 0x25)
2642                                         karg.negotiated_speed = HP_DEV_SPEED_FAST;
2643                                 else
2644                                         karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2645                         } else
2646                                 karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2647                 }
2648
2649                 pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg0_alloc, page_dma);
2650         }
2651
2652         /* Set defaults
2653          */
2654         karg.message_rejects = -1;
2655         karg.phase_errors = -1;
2656         karg.parity_errors = -1;
2657         karg.select_timeouts = -1;
2658
2659         /* Get the target error parameters
2660          */
2661         hdr.PageVersion = 0;
2662         hdr.PageLength = 0;
2663         hdr.PageNumber = 3;
2664         hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2665
2666         cfg.cfghdr.hdr = &hdr;
2667         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2668         cfg.dir = 0;
2669         cfg.timeout = 0;
2670         cfg.physAddr = -1;
2671         if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2672                 /* Issue the second config page request */
2673                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2674                 data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2675                 pg3_alloc = (SCSIDevicePage3_t *) pci_alloc_consistent(
2676                                                         ioc->pcidev, data_sz, &page_dma);
2677                 if (pg3_alloc) {
2678                         cfg.physAddr = page_dma;
2679                         cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2680                         if ((rc = mpt_config(ioc, &cfg)) == 0) {
2681                                 karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2682                                 karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2683                                 karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2684                         }
2685                         pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg3_alloc, page_dma);
2686                 }
2687         }
2688         hd = shost_priv(ioc->sh);
2689         if (hd != NULL)
2690                 karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2691
2692         /* Copy the data from kernel memory to user memory
2693          */
2694         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2695                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hp_target_info - "
2696                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2697                         ioc->name, __FILE__, __LINE__, uarg);
2698                 return -EFAULT;
2699         }
2700
2701         return 0;
2702 }
2703
2704 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2705
2706 static const struct file_operations mptctl_fops = {
2707         .owner =        THIS_MODULE,
2708         .llseek =       no_llseek,
2709         .release =      mptctl_release,
2710         .fasync =       mptctl_fasync,
2711         .unlocked_ioctl = mptctl_ioctl,
2712 #ifdef CONFIG_COMPAT
2713         .compat_ioctl = compat_mpctl_ioctl,
2714 #endif
2715 };
2716
2717 static struct miscdevice mptctl_miscdev = {
2718         MPT_MINOR,
2719         MYNAM,
2720         &mptctl_fops
2721 };
2722
2723 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2724
2725 #ifdef CONFIG_COMPAT
2726
2727 static int
2728 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2729                         unsigned long arg)
2730 {
2731         struct mpt_fw_xfer32 kfw32;
2732         struct mpt_fw_xfer kfw;
2733         MPT_ADAPTER *iocp = NULL;
2734         int iocnum, iocnumX;
2735         int nonblock = (filp->f_flags & O_NONBLOCK);
2736         int ret;
2737
2738
2739         if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2740                 return -EFAULT;
2741
2742         /* Verify intended MPT adapter */
2743         iocnumX = kfw32.iocnum & 0xFF;
2744         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2745             (iocp == NULL)) {
2746                 printk(KERN_DEBUG MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2747                         __LINE__, iocnumX);
2748                 return -ENODEV;
2749         }
2750
2751         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2752                 return ret;
2753
2754         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mptfwxfer_ioctl() called\n",
2755             iocp->name));
2756         kfw.iocnum = iocnum;
2757         kfw.fwlen = kfw32.fwlen;
2758         kfw.bufp = compat_ptr(kfw32.bufp);
2759
2760         ret = mptctl_do_fw_download(kfw.iocnum, kfw.bufp, kfw.fwlen);
2761
2762         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2763
2764         return ret;
2765 }
2766
2767 static int
2768 compat_mpt_command(struct file *filp, unsigned int cmd,
2769                         unsigned long arg)
2770 {
2771         struct mpt_ioctl_command32 karg32;
2772         struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2773         struct mpt_ioctl_command karg;
2774         MPT_ADAPTER *iocp = NULL;
2775         int iocnum, iocnumX;
2776         int nonblock = (filp->f_flags & O_NONBLOCK);
2777         int ret;
2778
2779         if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2780                 return -EFAULT;
2781
2782         /* Verify intended MPT adapter */
2783         iocnumX = karg32.hdr.iocnum & 0xFF;
2784         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2785             (iocp == NULL)) {
2786                 printk(KERN_DEBUG MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2787                         __LINE__, iocnumX);
2788                 return -ENODEV;
2789         }
2790
2791         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2792                 return ret;
2793
2794         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mpt_command() called\n",
2795             iocp->name));
2796         /* Copy data to karg */
2797         karg.hdr.iocnum = karg32.hdr.iocnum;
2798         karg.hdr.port = karg32.hdr.port;
2799         karg.timeout = karg32.timeout;
2800         karg.maxReplyBytes = karg32.maxReplyBytes;
2801
2802         karg.dataInSize = karg32.dataInSize;
2803         karg.dataOutSize = karg32.dataOutSize;
2804         karg.maxSenseBytes = karg32.maxSenseBytes;
2805         karg.dataSgeOffset = karg32.dataSgeOffset;
2806
2807         karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2808         karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2809         karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2810         karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2811
2812         /* Pass new structure to do_mpt_command
2813          */
2814         ret = mptctl_do_mpt_command (karg, &uarg->MF);
2815
2816         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2817
2818         return ret;
2819 }
2820
2821 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2822 {
2823         long ret;
2824         lock_kernel();
2825         switch (cmd) {
2826         case MPTIOCINFO:
2827         case MPTIOCINFO1:
2828         case MPTIOCINFO2:
2829         case MPTTARGETINFO:
2830         case MPTEVENTQUERY:
2831         case MPTEVENTENABLE:
2832         case MPTEVENTREPORT:
2833         case MPTHARDRESET:
2834         case HP_GETHOSTINFO:
2835         case HP_GETTARGETINFO:
2836         case MPTTEST:
2837                 ret = __mptctl_ioctl(f, cmd, arg);
2838                 break;
2839         case MPTCOMMAND32:
2840                 ret = compat_mpt_command(f, cmd, arg);
2841                 break;
2842         case MPTFWDOWNLOAD32:
2843                 ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2844                 break;
2845         default:
2846                 ret = -ENOIOCTLCMD;
2847                 break;
2848         }
2849         unlock_kernel();
2850         return ret;
2851 }
2852
2853 #endif
2854
2855
2856 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2857 /*
2858  *      mptctl_probe - Installs ioctl devices per bus.
2859  *      @pdev: Pointer to pci_dev structure
2860  *
2861  *      Returns 0 for success, non-zero for failure.
2862  *
2863  */
2864
2865 static int
2866 mptctl_probe(struct pci_dev *pdev, const struct pci_device_id *id)
2867 {
2868         MPT_IOCTL *mem;
2869         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2870
2871         /*
2872          * Allocate and inite a MPT_IOCTL structure
2873         */
2874         mem = kzalloc(sizeof(MPT_IOCTL), GFP_KERNEL);
2875         if (!mem) {
2876                 mptctl_remove(pdev);
2877                 return -ENOMEM;
2878         }
2879
2880         ioc->ioctl = mem;
2881         ioc->ioctl->ioc = ioc;
2882         mutex_init(&ioc->ioctl->ioctl_mutex);
2883         return 0;
2884 }
2885
2886 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2887 /*
2888  *      mptctl_remove - Removed ioctl devices
2889  *      @pdev: Pointer to pci_dev structure
2890  *
2891  *
2892  */
2893 static void
2894 mptctl_remove(struct pci_dev *pdev)
2895 {
2896         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2897
2898         kfree ( ioc->ioctl );
2899 }
2900
2901 static struct mpt_pci_driver mptctl_driver = {
2902   .probe                = mptctl_probe,
2903   .remove               = mptctl_remove,
2904 };
2905
2906 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2907 static int __init mptctl_init(void)
2908 {
2909         int err;
2910         int where = 1;
2911
2912         show_mptmod_ver(my_NAME, my_VERSION);
2913
2914         mpt_device_driver_register(&mptctl_driver, MPTCTL_DRIVER);
2915
2916         /* Register this device */
2917         err = misc_register(&mptctl_miscdev);
2918         if (err < 0) {
2919                 printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
2920                 goto out_fail;
2921         }
2922         printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
2923         printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
2924                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2925
2926         /*
2927          *  Install our handler
2928          */
2929         ++where;
2930         mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER);
2931         if (!mptctl_id || mptctl_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2932                 printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2933                 misc_deregister(&mptctl_miscdev);
2934                 err = -EBUSY;
2935                 goto out_fail;
2936         }
2937
2938         mpt_reset_register(mptctl_id, mptctl_ioc_reset);
2939         mpt_event_register(mptctl_id, mptctl_event_process);
2940
2941         return 0;
2942
2943 out_fail:
2944
2945         mpt_device_driver_deregister(MPTCTL_DRIVER);
2946
2947         return err;
2948 }
2949
2950 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2951 static void mptctl_exit(void)
2952 {
2953         misc_deregister(&mptctl_miscdev);
2954         printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
2955                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2956
2957         /* De-register reset handler from base module */
2958         mpt_reset_deregister(mptctl_id);
2959
2960         /* De-register callback handler from base module */
2961         mpt_deregister(mptctl_id);
2962
2963         mpt_device_driver_deregister(MPTCTL_DRIVER);
2964
2965 }
2966
2967 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2968
2969 module_init(mptctl_init);
2970 module_exit(mptctl_exit);