[PATCH] md: fix potential memalloc deadlock in md
[linux-2.6] / drivers / ide / ide-taskfile.c
1 /*
2  * linux/drivers/ide/ide-taskfile.c     Version 0.38    March 05, 2003
3  *
4  *  Copyright (C) 2000-2002     Michael Cornwell <cornwell@acm.org>
5  *  Copyright (C) 2000-2002     Andre Hedrick <andre@linux-ide.org>
6  *  Copyright (C) 2001-2002     Klaus Smolin
7  *                                      IBM Storage Technology Division
8  *  Copyright (C) 2003-2004     Bartlomiej Zolnierkiewicz
9  *
10  *  The big the bad and the ugly.
11  *
12  *  Problems to be fixed because of BH interface or the lack therefore.
13  *
14  *  Fill me in stupid !!!
15  *
16  *  HOST:
17  *      General refers to the Controller and Driver "pair".
18  *  DATA HANDLER:
19  *      Under the context of Linux it generally refers to an interrupt handler.
20  *      However, it correctly describes the 'HOST'
21  *  DATA BLOCK:
22  *      The amount of data needed to be transfered as predefined in the
23  *      setup of the device.
24  *  STORAGE ATOMIC:
25  *      The 'DATA BLOCK' associated to the 'DATA HANDLER', and can be as
26  *      small as a single sector or as large as the entire command block
27  *      request.
28  */
29
30 #include <linux/module.h>
31 #include <linux/types.h>
32 #include <linux/string.h>
33 #include <linux/kernel.h>
34 #include <linux/timer.h>
35 #include <linux/mm.h>
36 #include <linux/sched.h>
37 #include <linux/interrupt.h>
38 #include <linux/major.h>
39 #include <linux/errno.h>
40 #include <linux/genhd.h>
41 #include <linux/blkpg.h>
42 #include <linux/slab.h>
43 #include <linux/pci.h>
44 #include <linux/delay.h>
45 #include <linux/hdreg.h>
46 #include <linux/ide.h>
47 #include <linux/bitops.h>
48
49 #include <asm/byteorder.h>
50 #include <asm/irq.h>
51 #include <asm/uaccess.h>
52 #include <asm/io.h>
53
54 static void ata_bswap_data (void *buffer, int wcount)
55 {
56         u16 *p = buffer;
57
58         while (wcount--) {
59                 *p = *p << 8 | *p >> 8; p++;
60                 *p = *p << 8 | *p >> 8; p++;
61         }
62 }
63
64 static void taskfile_input_data(ide_drive_t *drive, void *buffer, u32 wcount)
65 {
66         HWIF(drive)->ata_input_data(drive, buffer, wcount);
67         if (drive->bswap)
68                 ata_bswap_data(buffer, wcount);
69 }
70
71 static void taskfile_output_data(ide_drive_t *drive, void *buffer, u32 wcount)
72 {
73         if (drive->bswap) {
74                 ata_bswap_data(buffer, wcount);
75                 HWIF(drive)->ata_output_data(drive, buffer, wcount);
76                 ata_bswap_data(buffer, wcount);
77         } else {
78                 HWIF(drive)->ata_output_data(drive, buffer, wcount);
79         }
80 }
81
82 int taskfile_lib_get_identify (ide_drive_t *drive, u8 *buf)
83 {
84         ide_task_t args;
85         memset(&args, 0, sizeof(ide_task_t));
86         args.tfRegister[IDE_NSECTOR_OFFSET]     = 0x01;
87         if (drive->media == ide_disk)
88                 args.tfRegister[IDE_COMMAND_OFFSET]     = WIN_IDENTIFY;
89         else
90                 args.tfRegister[IDE_COMMAND_OFFSET]     = WIN_PIDENTIFY;
91         args.command_type = IDE_DRIVE_TASK_IN;
92         args.data_phase   = TASKFILE_IN;
93         args.handler      = &task_in_intr;
94         return ide_raw_taskfile(drive, &args, buf);
95 }
96
97 ide_startstop_t do_rw_taskfile (ide_drive_t *drive, ide_task_t *task)
98 {
99         ide_hwif_t *hwif        = HWIF(drive);
100         task_struct_t *taskfile = (task_struct_t *) task->tfRegister;
101         hob_struct_t *hobfile   = (hob_struct_t *) task->hobRegister;
102         u8 HIHI                 = (drive->addressing == 1) ? 0xE0 : 0xEF;
103
104         /* ALL Command Block Executions SHALL clear nIEN, unless otherwise */
105         if (IDE_CONTROL_REG) {
106                 /* clear nIEN */
107                 hwif->OUTB(drive->ctl, IDE_CONTROL_REG);
108         }
109         SELECT_MASK(drive, 0);
110
111         if (drive->addressing == 1) {
112                 hwif->OUTB(hobfile->feature, IDE_FEATURE_REG);
113                 hwif->OUTB(hobfile->sector_count, IDE_NSECTOR_REG);
114                 hwif->OUTB(hobfile->sector_number, IDE_SECTOR_REG);
115                 hwif->OUTB(hobfile->low_cylinder, IDE_LCYL_REG);
116                 hwif->OUTB(hobfile->high_cylinder, IDE_HCYL_REG);
117         }
118
119         hwif->OUTB(taskfile->feature, IDE_FEATURE_REG);
120         hwif->OUTB(taskfile->sector_count, IDE_NSECTOR_REG);
121         hwif->OUTB(taskfile->sector_number, IDE_SECTOR_REG);
122         hwif->OUTB(taskfile->low_cylinder, IDE_LCYL_REG);
123         hwif->OUTB(taskfile->high_cylinder, IDE_HCYL_REG);
124
125         hwif->OUTB((taskfile->device_head & HIHI) | drive->select.all, IDE_SELECT_REG);
126
127         if (task->handler != NULL) {
128                 if (task->prehandler != NULL) {
129                         hwif->OUTBSYNC(drive, taskfile->command, IDE_COMMAND_REG);
130                         ndelay(400);    /* FIXME */
131                         return task->prehandler(drive, task->rq);
132                 }
133                 ide_execute_command(drive, taskfile->command, task->handler, WAIT_WORSTCASE, NULL);
134                 return ide_started;
135         }
136
137         if (!drive->using_dma)
138                 return ide_stopped;
139
140         switch (taskfile->command) {
141                 case WIN_WRITEDMA_ONCE:
142                 case WIN_WRITEDMA:
143                 case WIN_WRITEDMA_EXT:
144                 case WIN_READDMA_ONCE:
145                 case WIN_READDMA:
146                 case WIN_READDMA_EXT:
147                 case WIN_IDENTIFY_DMA:
148                         if (!hwif->dma_setup(drive)) {
149                                 hwif->dma_exec_cmd(drive, taskfile->command);
150                                 hwif->dma_start(drive);
151                                 return ide_started;
152                         }
153                         break;
154                 default:
155                         if (task->handler == NULL)
156                                 return ide_stopped;
157         }
158
159         return ide_stopped;
160 }
161
162 /*
163  * set_multmode_intr() is invoked on completion of a WIN_SETMULT cmd.
164  */
165 ide_startstop_t set_multmode_intr (ide_drive_t *drive)
166 {
167         ide_hwif_t *hwif = HWIF(drive);
168         u8 stat;
169
170         if (OK_STAT(stat = hwif->INB(IDE_STATUS_REG),READY_STAT,BAD_STAT)) {
171                 drive->mult_count = drive->mult_req;
172         } else {
173                 drive->mult_req = drive->mult_count = 0;
174                 drive->special.b.recalibrate = 1;
175                 (void) ide_dump_status(drive, "set_multmode", stat);
176         }
177         return ide_stopped;
178 }
179
180 /*
181  * set_geometry_intr() is invoked on completion of a WIN_SPECIFY cmd.
182  */
183 ide_startstop_t set_geometry_intr (ide_drive_t *drive)
184 {
185         ide_hwif_t *hwif = HWIF(drive);
186         int retries = 5;
187         u8 stat;
188
189         while (((stat = hwif->INB(IDE_STATUS_REG)) & BUSY_STAT) && retries--)
190                 udelay(10);
191
192         if (OK_STAT(stat, READY_STAT, BAD_STAT))
193                 return ide_stopped;
194
195         if (stat & (ERR_STAT|DRQ_STAT))
196                 return ide_error(drive, "set_geometry_intr", stat);
197
198         BUG_ON(HWGROUP(drive)->handler != NULL);
199         ide_set_handler(drive, &set_geometry_intr, WAIT_WORSTCASE, NULL);
200         return ide_started;
201 }
202
203 /*
204  * recal_intr() is invoked on completion of a WIN_RESTORE (recalibrate) cmd.
205  */
206 ide_startstop_t recal_intr (ide_drive_t *drive)
207 {
208         ide_hwif_t *hwif = HWIF(drive);
209         u8 stat;
210
211         if (!OK_STAT(stat = hwif->INB(IDE_STATUS_REG), READY_STAT, BAD_STAT))
212                 return ide_error(drive, "recal_intr", stat);
213         return ide_stopped;
214 }
215
216 /*
217  * Handler for commands without a data phase
218  */
219 ide_startstop_t task_no_data_intr (ide_drive_t *drive)
220 {
221         ide_task_t *args        = HWGROUP(drive)->rq->special;
222         ide_hwif_t *hwif        = HWIF(drive);
223         u8 stat;
224
225         local_irq_enable_in_hardirq();
226         if (!OK_STAT(stat = hwif->INB(IDE_STATUS_REG),READY_STAT,BAD_STAT)) {
227                 return ide_error(drive, "task_no_data_intr", stat);
228                 /* calls ide_end_drive_cmd */
229         }
230         if (args)
231                 ide_end_drive_cmd(drive, stat, hwif->INB(IDE_ERROR_REG));
232
233         return ide_stopped;
234 }
235
236 EXPORT_SYMBOL(task_no_data_intr);
237
238 static u8 wait_drive_not_busy(ide_drive_t *drive)
239 {
240         ide_hwif_t *hwif = HWIF(drive);
241         int retries = 100;
242         u8 stat;
243
244         /*
245          * Last sector was transfered, wait until drive is ready.
246          * This can take up to 10 usec, but we will wait max 1 ms
247          * (drive_cmd_intr() waits that long).
248          */
249         while (((stat = hwif->INB(IDE_STATUS_REG)) & BUSY_STAT) && retries--)
250                 udelay(10);
251
252         if (!retries)
253                 printk(KERN_ERR "%s: drive still BUSY!\n", drive->name);
254
255         return stat;
256 }
257
258 static void ide_pio_sector(ide_drive_t *drive, unsigned int write)
259 {
260         ide_hwif_t *hwif = drive->hwif;
261         struct scatterlist *sg = hwif->sg_table;
262         struct page *page;
263 #ifdef CONFIG_HIGHMEM
264         unsigned long flags;
265 #endif
266         unsigned int offset;
267         u8 *buf;
268
269         page = sg[hwif->cursg].page;
270         offset = sg[hwif->cursg].offset + hwif->cursg_ofs * SECTOR_SIZE;
271
272         /* get the current page and offset */
273         page = nth_page(page, (offset >> PAGE_SHIFT));
274         offset %= PAGE_SIZE;
275
276 #ifdef CONFIG_HIGHMEM
277         local_irq_save(flags);
278 #endif
279         buf = kmap_atomic(page, KM_BIO_SRC_IRQ) + offset;
280
281         hwif->nleft--;
282         hwif->cursg_ofs++;
283
284         if ((hwif->cursg_ofs * SECTOR_SIZE) == sg[hwif->cursg].length) {
285                 hwif->cursg++;
286                 hwif->cursg_ofs = 0;
287         }
288
289         /* do the actual data transfer */
290         if (write)
291                 taskfile_output_data(drive, buf, SECTOR_WORDS);
292         else
293                 taskfile_input_data(drive, buf, SECTOR_WORDS);
294
295         kunmap_atomic(buf, KM_BIO_SRC_IRQ);
296 #ifdef CONFIG_HIGHMEM
297         local_irq_restore(flags);
298 #endif
299 }
300
301 static void ide_pio_multi(ide_drive_t *drive, unsigned int write)
302 {
303         unsigned int nsect;
304
305         nsect = min_t(unsigned int, drive->hwif->nleft, drive->mult_count);
306         while (nsect--)
307                 ide_pio_sector(drive, write);
308 }
309
310 static void ide_pio_datablock(ide_drive_t *drive, struct request *rq,
311                                      unsigned int write)
312 {
313         if (rq->bio)    /* fs request */
314                 rq->errors = 0;
315
316         touch_softlockup_watchdog();
317
318         switch (drive->hwif->data_phase) {
319         case TASKFILE_MULTI_IN:
320         case TASKFILE_MULTI_OUT:
321                 ide_pio_multi(drive, write);
322                 break;
323         default:
324                 ide_pio_sector(drive, write);
325                 break;
326         }
327 }
328
329 static ide_startstop_t task_error(ide_drive_t *drive, struct request *rq,
330                                   const char *s, u8 stat)
331 {
332         if (rq->bio) {
333                 ide_hwif_t *hwif = drive->hwif;
334                 int sectors = hwif->nsect - hwif->nleft;
335
336                 switch (hwif->data_phase) {
337                 case TASKFILE_IN:
338                         if (hwif->nleft)
339                                 break;
340                         /* fall through */
341                 case TASKFILE_OUT:
342                         sectors--;
343                         break;
344                 case TASKFILE_MULTI_IN:
345                         if (hwif->nleft)
346                                 break;
347                         /* fall through */
348                 case TASKFILE_MULTI_OUT:
349                         sectors -= drive->mult_count;
350                 default:
351                         break;
352                 }
353
354                 if (sectors > 0) {
355                         ide_driver_t *drv;
356
357                         drv = *(ide_driver_t **)rq->rq_disk->private_data;
358                         drv->end_request(drive, 1, sectors);
359                 }
360         }
361         return ide_error(drive, s, stat);
362 }
363
364 static void task_end_request(ide_drive_t *drive, struct request *rq, u8 stat)
365 {
366         if (rq->cmd_type == REQ_TYPE_ATA_TASKFILE) {
367                 ide_task_t *task = rq->special;
368
369                 if (task->tf_out_flags.all) {
370                         u8 err = drive->hwif->INB(IDE_ERROR_REG);
371                         ide_end_drive_cmd(drive, stat, err);
372                         return;
373                 }
374         }
375
376         if (rq->rq_disk) {
377                 ide_driver_t *drv;
378
379                 drv = *(ide_driver_t **)rq->rq_disk->private_data;;
380                 drv->end_request(drive, 1, rq->hard_nr_sectors);
381         } else
382                 ide_end_request(drive, 1, rq->hard_nr_sectors);
383 }
384
385 /*
386  * Handler for command with PIO data-in phase (Read/Read Multiple).
387  */
388 ide_startstop_t task_in_intr (ide_drive_t *drive)
389 {
390         ide_hwif_t *hwif = drive->hwif;
391         struct request *rq = HWGROUP(drive)->rq;
392         u8 stat = hwif->INB(IDE_STATUS_REG);
393
394         /* new way for dealing with premature shared PCI interrupts */
395         if (!OK_STAT(stat, DATA_READY, BAD_R_STAT)) {
396                 if (stat & (ERR_STAT | DRQ_STAT))
397                         return task_error(drive, rq, __FUNCTION__, stat);
398                 /* No data yet, so wait for another IRQ. */
399                 ide_set_handler(drive, &task_in_intr, WAIT_WORSTCASE, NULL);
400                 return ide_started;
401         }
402
403         ide_pio_datablock(drive, rq, 0);
404
405         /* If it was the last datablock check status and finish transfer. */
406         if (!hwif->nleft) {
407                 stat = wait_drive_not_busy(drive);
408                 if (!OK_STAT(stat, 0, BAD_R_STAT))
409                         return task_error(drive, rq, __FUNCTION__, stat);
410                 task_end_request(drive, rq, stat);
411                 return ide_stopped;
412         }
413
414         /* Still data left to transfer. */
415         ide_set_handler(drive, &task_in_intr, WAIT_WORSTCASE, NULL);
416
417         return ide_started;
418 }
419 EXPORT_SYMBOL(task_in_intr);
420
421 /*
422  * Handler for command with PIO data-out phase (Write/Write Multiple).
423  */
424 static ide_startstop_t task_out_intr (ide_drive_t *drive)
425 {
426         ide_hwif_t *hwif = drive->hwif;
427         struct request *rq = HWGROUP(drive)->rq;
428         u8 stat = hwif->INB(IDE_STATUS_REG);
429
430         if (!OK_STAT(stat, DRIVE_READY, drive->bad_wstat))
431                 return task_error(drive, rq, __FUNCTION__, stat);
432
433         /* Deal with unexpected ATA data phase. */
434         if (((stat & DRQ_STAT) == 0) ^ !hwif->nleft)
435                 return task_error(drive, rq, __FUNCTION__, stat);
436
437         if (!hwif->nleft) {
438                 task_end_request(drive, rq, stat);
439                 return ide_stopped;
440         }
441
442         /* Still data left to transfer. */
443         ide_pio_datablock(drive, rq, 1);
444         ide_set_handler(drive, &task_out_intr, WAIT_WORSTCASE, NULL);
445
446         return ide_started;
447 }
448
449 ide_startstop_t pre_task_out_intr (ide_drive_t *drive, struct request *rq)
450 {
451         ide_startstop_t startstop;
452
453         if (ide_wait_stat(&startstop, drive, DATA_READY,
454                           drive->bad_wstat, WAIT_DRQ)) {
455                 printk(KERN_ERR "%s: no DRQ after issuing %sWRITE%s\n",
456                                 drive->name,
457                                 drive->hwif->data_phase ? "MULT" : "",
458                                 drive->addressing ? "_EXT" : "");
459                 return startstop;
460         }
461
462         if (!drive->unmask)
463                 local_irq_disable();
464
465         ide_set_handler(drive, &task_out_intr, WAIT_WORSTCASE, NULL);
466         ide_pio_datablock(drive, rq, 1);
467
468         return ide_started;
469 }
470 EXPORT_SYMBOL(pre_task_out_intr);
471
472 static int ide_diag_taskfile(ide_drive_t *drive, ide_task_t *args, unsigned long data_size, u8 *buf)
473 {
474         struct request rq;
475
476         memset(&rq, 0, sizeof(rq));
477         rq.cmd_type = REQ_TYPE_ATA_TASKFILE;
478         rq.buffer = buf;
479
480         /*
481          * (ks) We transfer currently only whole sectors.
482          * This is suffient for now.  But, it would be great,
483          * if we would find a solution to transfer any size.
484          * To support special commands like READ LONG.
485          */
486         if (args->command_type != IDE_DRIVE_TASK_NO_DATA) {
487                 if (data_size == 0)
488                         rq.nr_sectors = (args->hobRegister[IDE_NSECTOR_OFFSET] << 8) | args->tfRegister[IDE_NSECTOR_OFFSET];
489                 else
490                         rq.nr_sectors = data_size / SECTOR_SIZE;
491
492                 if (!rq.nr_sectors) {
493                         printk(KERN_ERR "%s: in/out command without data\n",
494                                         drive->name);
495                         return -EFAULT;
496                 }
497
498                 rq.hard_nr_sectors = rq.nr_sectors;
499                 rq.hard_cur_sectors = rq.current_nr_sectors = rq.nr_sectors;
500
501                 if (args->command_type == IDE_DRIVE_TASK_RAW_WRITE)
502                         rq.cmd_flags |= REQ_RW;
503         }
504
505         rq.special = args;
506         args->rq = &rq;
507         return ide_do_drive_cmd(drive, &rq, ide_wait);
508 }
509
510 int ide_raw_taskfile (ide_drive_t *drive, ide_task_t *args, u8 *buf)
511 {
512         return ide_diag_taskfile(drive, args, 0, buf);
513 }
514
515 EXPORT_SYMBOL(ide_raw_taskfile);
516
517 int ide_taskfile_ioctl (ide_drive_t *drive, unsigned int cmd, unsigned long arg)
518 {
519         ide_task_request_t      *req_task;
520         ide_task_t              args;
521         u8 *outbuf              = NULL;
522         u8 *inbuf               = NULL;
523         task_ioreg_t *argsptr   = args.tfRegister;
524         task_ioreg_t *hobsptr   = args.hobRegister;
525         int err                 = 0;
526         int tasksize            = sizeof(struct ide_task_request_s);
527         unsigned int taskin     = 0;
528         unsigned int taskout    = 0;
529         u8 io_32bit             = drive->io_32bit;
530         char __user *buf = (char __user *)arg;
531
532 //      printk("IDE Taskfile ...\n");
533
534         req_task = kzalloc(tasksize, GFP_KERNEL);
535         if (req_task == NULL) return -ENOMEM;
536         if (copy_from_user(req_task, buf, tasksize)) {
537                 kfree(req_task);
538                 return -EFAULT;
539         }
540
541         taskout = req_task->out_size;
542         taskin  = req_task->in_size;
543         
544         if (taskin > 65536 || taskout > 65536) {
545                 err = -EINVAL;
546                 goto abort;
547         }
548
549         if (taskout) {
550                 int outtotal = tasksize;
551                 outbuf = kzalloc(taskout, GFP_KERNEL);
552                 if (outbuf == NULL) {
553                         err = -ENOMEM;
554                         goto abort;
555                 }
556                 if (copy_from_user(outbuf, buf + outtotal, taskout)) {
557                         err = -EFAULT;
558                         goto abort;
559                 }
560         }
561
562         if (taskin) {
563                 int intotal = tasksize + taskout;
564                 inbuf = kzalloc(taskin, GFP_KERNEL);
565                 if (inbuf == NULL) {
566                         err = -ENOMEM;
567                         goto abort;
568                 }
569                 if (copy_from_user(inbuf, buf + intotal, taskin)) {
570                         err = -EFAULT;
571                         goto abort;
572                 }
573         }
574
575         memset(&args, 0, sizeof(ide_task_t));
576         memcpy(argsptr, req_task->io_ports, HDIO_DRIVE_TASK_HDR_SIZE);
577         memcpy(hobsptr, req_task->hob_ports, HDIO_DRIVE_HOB_HDR_SIZE);
578
579         args.tf_in_flags  = req_task->in_flags;
580         args.tf_out_flags = req_task->out_flags;
581         args.data_phase   = req_task->data_phase;
582         args.command_type = req_task->req_cmd;
583
584         drive->io_32bit = 0;
585         switch(req_task->data_phase) {
586                 case TASKFILE_OUT_DMAQ:
587                 case TASKFILE_OUT_DMA:
588                         err = ide_diag_taskfile(drive, &args, taskout, outbuf);
589                         break;
590                 case TASKFILE_IN_DMAQ:
591                 case TASKFILE_IN_DMA:
592                         err = ide_diag_taskfile(drive, &args, taskin, inbuf);
593                         break;
594                 case TASKFILE_MULTI_OUT:
595                         if (!drive->mult_count) {
596                                 /* (hs): give up if multcount is not set */
597                                 printk(KERN_ERR "%s: %s Multimode Write " \
598                                         "multcount is not set\n",
599                                         drive->name, __FUNCTION__);
600                                 err = -EPERM;
601                                 goto abort;
602                         }
603                         /* fall through */
604                 case TASKFILE_OUT:
605                         args.prehandler = &pre_task_out_intr;
606                         args.handler = &task_out_intr;
607                         err = ide_diag_taskfile(drive, &args, taskout, outbuf);
608                         break;
609                 case TASKFILE_MULTI_IN:
610                         if (!drive->mult_count) {
611                                 /* (hs): give up if multcount is not set */
612                                 printk(KERN_ERR "%s: %s Multimode Read failure " \
613                                         "multcount is not set\n",
614                                         drive->name, __FUNCTION__);
615                                 err = -EPERM;
616                                 goto abort;
617                         }
618                         /* fall through */
619                 case TASKFILE_IN:
620                         args.handler = &task_in_intr;
621                         err = ide_diag_taskfile(drive, &args, taskin, inbuf);
622                         break;
623                 case TASKFILE_NO_DATA:
624                         args.handler = &task_no_data_intr;
625                         err = ide_diag_taskfile(drive, &args, 0, NULL);
626                         break;
627                 default:
628                         err = -EFAULT;
629                         goto abort;
630         }
631
632         memcpy(req_task->io_ports, &(args.tfRegister), HDIO_DRIVE_TASK_HDR_SIZE);
633         memcpy(req_task->hob_ports, &(args.hobRegister), HDIO_DRIVE_HOB_HDR_SIZE);
634         req_task->in_flags  = args.tf_in_flags;
635         req_task->out_flags = args.tf_out_flags;
636
637         if (copy_to_user(buf, req_task, tasksize)) {
638                 err = -EFAULT;
639                 goto abort;
640         }
641         if (taskout) {
642                 int outtotal = tasksize;
643                 if (copy_to_user(buf + outtotal, outbuf, taskout)) {
644                         err = -EFAULT;
645                         goto abort;
646                 }
647         }
648         if (taskin) {
649                 int intotal = tasksize + taskout;
650                 if (copy_to_user(buf + intotal, inbuf, taskin)) {
651                         err = -EFAULT;
652                         goto abort;
653                 }
654         }
655 abort:
656         kfree(req_task);
657         kfree(outbuf);
658         kfree(inbuf);
659
660 //      printk("IDE Taskfile ioctl ended. rc = %i\n", err);
661
662         drive->io_32bit = io_32bit;
663
664         return err;
665 }
666
667 int ide_wait_cmd (ide_drive_t *drive, u8 cmd, u8 nsect, u8 feature, u8 sectors, u8 *buf)
668 {
669         struct request rq;
670         u8 buffer[4];
671
672         if (!buf)
673                 buf = buffer;
674         memset(buf, 0, 4 + SECTOR_WORDS * 4 * sectors);
675         ide_init_drive_cmd(&rq);
676         rq.buffer = buf;
677         *buf++ = cmd;
678         *buf++ = nsect;
679         *buf++ = feature;
680         *buf++ = sectors;
681         return ide_do_drive_cmd(drive, &rq, ide_wait);
682 }
683
684 /*
685  * FIXME : this needs to map into at taskfile. <andre@linux-ide.org>
686  */
687 int ide_cmd_ioctl (ide_drive_t *drive, unsigned int cmd, unsigned long arg)
688 {
689         int err = 0;
690         u8 args[4], *argbuf = args;
691         u8 xfer_rate = 0;
692         int argsize = 4;
693         ide_task_t tfargs;
694
695         if (NULL == (void *) arg) {
696                 struct request rq;
697                 ide_init_drive_cmd(&rq);
698                 return ide_do_drive_cmd(drive, &rq, ide_wait);
699         }
700
701         if (copy_from_user(args, (void __user *)arg, 4))
702                 return -EFAULT;
703
704         memset(&tfargs, 0, sizeof(ide_task_t));
705         tfargs.tfRegister[IDE_FEATURE_OFFSET] = args[2];
706         tfargs.tfRegister[IDE_NSECTOR_OFFSET] = args[3];
707         tfargs.tfRegister[IDE_SECTOR_OFFSET]  = args[1];
708         tfargs.tfRegister[IDE_LCYL_OFFSET]    = 0x00;
709         tfargs.tfRegister[IDE_HCYL_OFFSET]    = 0x00;
710         tfargs.tfRegister[IDE_SELECT_OFFSET]  = 0x00;
711         tfargs.tfRegister[IDE_COMMAND_OFFSET] = args[0];
712
713         if (args[3]) {
714                 argsize = 4 + (SECTOR_WORDS * 4 * args[3]);
715                 argbuf = kzalloc(argsize, GFP_KERNEL);
716                 if (argbuf == NULL)
717                         return -ENOMEM;
718         }
719         if (set_transfer(drive, &tfargs)) {
720                 xfer_rate = args[1];
721                 if (ide_ata66_check(drive, &tfargs))
722                         goto abort;
723         }
724
725         err = ide_wait_cmd(drive, args[0], args[1], args[2], args[3], argbuf);
726
727         if (!err && xfer_rate) {
728                 /* active-retuning-calls future */
729                 ide_set_xfer_rate(drive, xfer_rate);
730                 ide_driveid_update(drive);
731         }
732 abort:
733         if (copy_to_user((void __user *)arg, argbuf, argsize))
734                 err = -EFAULT;
735         if (argsize > 4)
736                 kfree(argbuf);
737         return err;
738 }
739
740 static int ide_wait_cmd_task(ide_drive_t *drive, u8 *buf)
741 {
742         struct request rq;
743
744         ide_init_drive_cmd(&rq);
745         rq.cmd_type = REQ_TYPE_ATA_TASK;
746         rq.buffer = buf;
747         return ide_do_drive_cmd(drive, &rq, ide_wait);
748 }
749
750 /*
751  * FIXME : this needs to map into at taskfile. <andre@linux-ide.org>
752  */
753 int ide_task_ioctl (ide_drive_t *drive, unsigned int cmd, unsigned long arg)
754 {
755         void __user *p = (void __user *)arg;
756         int err = 0;
757         u8 args[7], *argbuf = args;
758         int argsize = 7;
759
760         if (copy_from_user(args, p, 7))
761                 return -EFAULT;
762         err = ide_wait_cmd_task(drive, argbuf);
763         if (copy_to_user(p, argbuf, argsize))
764                 err = -EFAULT;
765         return err;
766 }
767
768 /*
769  * NOTICE: This is additions from IBM to provide a discrete interface,
770  * for selective taskregister access operations.  Nice JOB Klaus!!!
771  * Glad to be able to work and co-develop this with you and IBM.
772  */
773 ide_startstop_t flagged_taskfile (ide_drive_t *drive, ide_task_t *task)
774 {
775         ide_hwif_t *hwif        = HWIF(drive);
776         task_struct_t *taskfile = (task_struct_t *) task->tfRegister;
777         hob_struct_t *hobfile   = (hob_struct_t *) task->hobRegister;
778
779         if (task->data_phase == TASKFILE_MULTI_IN ||
780             task->data_phase == TASKFILE_MULTI_OUT) {
781                 if (!drive->mult_count) {
782                         printk(KERN_ERR "%s: multimode not set!\n", drive->name);
783                         return ide_stopped;
784                 }
785         }
786
787         /*
788          * (ks) Check taskfile in flags.
789          * If set, then execute as it is defined.
790          * If not set, then define default settings.
791          * The default values are:
792          *      read all taskfile registers (except data)
793          *      read the hob registers (sector, nsector, lcyl, hcyl)
794          */
795         if (task->tf_in_flags.all == 0) {
796                 task->tf_in_flags.all = IDE_TASKFILE_STD_IN_FLAGS;
797                 if (drive->addressing == 1)
798                         task->tf_in_flags.all |= (IDE_HOB_STD_IN_FLAGS  << 8);
799         }
800
801         /* ALL Command Block Executions SHALL clear nIEN, unless otherwise */
802         if (IDE_CONTROL_REG)
803                 /* clear nIEN */
804                 hwif->OUTB(drive->ctl, IDE_CONTROL_REG);
805         SELECT_MASK(drive, 0);
806
807         if (task->tf_out_flags.b.data) {
808                 u16 data =  taskfile->data + (hobfile->data << 8);
809                 hwif->OUTW(data, IDE_DATA_REG);
810         }
811
812         /* (ks) send hob registers first */
813         if (task->tf_out_flags.b.nsector_hob)
814                 hwif->OUTB(hobfile->sector_count, IDE_NSECTOR_REG);
815         if (task->tf_out_flags.b.sector_hob)
816                 hwif->OUTB(hobfile->sector_number, IDE_SECTOR_REG);
817         if (task->tf_out_flags.b.lcyl_hob)
818                 hwif->OUTB(hobfile->low_cylinder, IDE_LCYL_REG);
819         if (task->tf_out_flags.b.hcyl_hob)
820                 hwif->OUTB(hobfile->high_cylinder, IDE_HCYL_REG);
821
822         /* (ks) Send now the standard registers */
823         if (task->tf_out_flags.b.error_feature)
824                 hwif->OUTB(taskfile->feature, IDE_FEATURE_REG);
825         /* refers to number of sectors to transfer */
826         if (task->tf_out_flags.b.nsector)
827                 hwif->OUTB(taskfile->sector_count, IDE_NSECTOR_REG);
828         /* refers to sector offset or start sector */
829         if (task->tf_out_flags.b.sector)
830                 hwif->OUTB(taskfile->sector_number, IDE_SECTOR_REG);
831         if (task->tf_out_flags.b.lcyl)
832                 hwif->OUTB(taskfile->low_cylinder, IDE_LCYL_REG);
833         if (task->tf_out_flags.b.hcyl)
834                 hwif->OUTB(taskfile->high_cylinder, IDE_HCYL_REG);
835
836         /*
837          * (ks) In the flagged taskfile approch, we will use all specified
838          * registers and the register value will not be changed, except the
839          * select bit (master/slave) in the drive_head register. We must make
840          * sure that the desired drive is selected.
841          */
842         hwif->OUTB(taskfile->device_head | drive->select.all, IDE_SELECT_REG);
843         switch(task->data_phase) {
844
845                 case TASKFILE_OUT_DMAQ:
846                 case TASKFILE_OUT_DMA:
847                 case TASKFILE_IN_DMAQ:
848                 case TASKFILE_IN_DMA:
849                         hwif->dma_setup(drive);
850                         hwif->dma_exec_cmd(drive, taskfile->command);
851                         hwif->dma_start(drive);
852                         break;
853
854                 default:
855                         if (task->handler == NULL)
856                                 return ide_stopped;
857
858                         /* Issue the command */
859                         if (task->prehandler) {
860                                 hwif->OUTBSYNC(drive, taskfile->command, IDE_COMMAND_REG);
861                                 ndelay(400);    /* FIXME */
862                                 return task->prehandler(drive, task->rq);
863                         }
864                         ide_execute_command(drive, taskfile->command, task->handler, WAIT_WORSTCASE, NULL);
865         }
866
867         return ide_started;
868 }