Merge git://git.kernel.org/pub/scm/linux/kernel/git/davem/net-2.6
[linux-2.6] / drivers / message / fusion / mptctl.c
1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI PCI chip/adapters
5  *      running LSI Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2008 LSI Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>        /* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/smp_lock.h>
58 #include <linux/compat.h>
59
60 #include <asm/io.h>
61 #include <asm/uaccess.h>
62
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68
69 #define COPYRIGHT       "Copyright (c) 1999-2008 LSI Corporation"
70 #define MODULEAUTHOR    "LSI Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME         "Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION      MPT_LINUX_VERSION_COMMON
77 #define MYNAM           "mptctl"
78
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85
86 static u8 mptctl_id = MPT_MAX_PROTOCOL_DRIVERS;
87
88 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
89
90 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
91
92 struct buflist {
93         u8      *kptr;
94         int      len;
95 };
96
97 /*
98  * Function prototypes. Called from OS entry point mptctl_ioctl.
99  * arg contents specific to function.
100  */
101 static int mptctl_fw_download(unsigned long arg);
102 static int mptctl_getiocinfo(unsigned long arg, unsigned int cmd);
103 static int mptctl_gettargetinfo(unsigned long arg);
104 static int mptctl_readtest(unsigned long arg);
105 static int mptctl_mpt_command(unsigned long arg);
106 static int mptctl_eventquery(unsigned long arg);
107 static int mptctl_eventenable(unsigned long arg);
108 static int mptctl_eventreport(unsigned long arg);
109 static int mptctl_replace_fw(unsigned long arg);
110
111 static int mptctl_do_reset(unsigned long arg);
112 static int mptctl_hp_hostinfo(unsigned long arg, unsigned int cmd);
113 static int mptctl_hp_targetinfo(unsigned long arg);
114
115 static int  mptctl_probe(struct pci_dev *, const struct pci_device_id *);
116 static void mptctl_remove(struct pci_dev *);
117
118 #ifdef CONFIG_COMPAT
119 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
120 #endif
121 /*
122  * Private function calls.
123  */
124 static int mptctl_do_mpt_command(struct mpt_ioctl_command karg, void __user *mfPtr);
125 static int mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen);
126 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
127                 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
128 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
129                 struct buflist *buflist, MPT_ADAPTER *ioc);
130 static void mptctl_timeout_expired (MPT_IOCTL *ioctl);
131 static int  mptctl_bus_reset(MPT_IOCTL *ioctl);
132 static int mptctl_set_tm_flags(MPT_SCSI_HOST *hd);
133 static void mptctl_free_tm_flags(MPT_ADAPTER *ioc);
134
135 /*
136  * Reset Handler cleanup function
137  */
138 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
139
140 /*
141  * Event Handler function
142  */
143 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
144 static struct fasync_struct *async_queue=NULL;
145
146 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
147 /*
148  * Scatter gather list (SGL) sizes and limits...
149  */
150 //#define MAX_SCSI_FRAGS        9
151 #define MAX_FRAGS_SPILL1        9
152 #define MAX_FRAGS_SPILL2        15
153 #define FRAGS_PER_BUCKET        (MAX_FRAGS_SPILL2 + 1)
154
155 //#define MAX_CHAIN_FRAGS       64
156 //#define MAX_CHAIN_FRAGS       (15+15+15+16)
157 #define MAX_CHAIN_FRAGS         (4 * MAX_FRAGS_SPILL2 + 1)
158
159 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
160 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
161 //                  ^----------------- 80 + 512
162 #define MAX_SGL_BYTES           ((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
163
164 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
165 #define MAX_KMALLOC_SZ          (128*1024)
166
167 #define MPT_IOCTL_DEFAULT_TIMEOUT 10    /* Default timeout value (seconds) */
168
169 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
170 /**
171  *      mptctl_syscall_down - Down the MPT adapter syscall semaphore.
172  *      @ioc: Pointer to MPT adapter
173  *      @nonblock: boolean, non-zero if O_NONBLOCK is set
174  *
175  *      All of the ioctl commands can potentially sleep, which is illegal
176  *      with a spinlock held, thus we perform mutual exclusion here.
177  *
178  *      Returns negative errno on error, or zero for success.
179  */
180 static inline int
181 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
182 {
183         int rc = 0;
184
185         if (nonblock) {
186                 if (!mutex_trylock(&ioc->ioctl->ioctl_mutex))
187                         rc = -EAGAIN;
188         } else {
189                 if (mutex_lock_interruptible(&ioc->ioctl->ioctl_mutex))
190                         rc = -ERESTARTSYS;
191         }
192         return rc;
193 }
194
195 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
196 /*
197  *  This is the callback for any message we have posted. The message itself
198  *  will be returned to the message pool when we return from the IRQ
199  *
200  *  This runs in irq context so be short and sweet.
201  */
202 static int
203 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
204 {
205         char *sense_data;
206         int sz, req_index;
207         u16 iocStatus;
208         u8 cmd;
209
210         if (req)
211                  cmd = req->u.hdr.Function;
212         else
213                 return 1;
214         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tcompleting mpi function (0x%02X), req=%p, "
215             "reply=%p\n", ioc->name,  req->u.hdr.Function, req, reply));
216
217         if (ioc->ioctl) {
218
219                 if (reply==NULL) {
220
221                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_reply() NULL Reply "
222                                 "Function=%x!\n", ioc->name, cmd));
223
224                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
225                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
226
227                         /* We are done, issue wake up
228                         */
229                         ioc->ioctl->wait_done = 1;
230                         wake_up (&mptctl_wait);
231                         return 1;
232
233                 }
234
235                 /* Copy the reply frame (which much exist
236                  * for non-SCSI I/O) to the IOC structure.
237                  */
238                 memcpy(ioc->ioctl->ReplyFrame, reply,
239                         min(ioc->reply_sz, 4*reply->u.reply.MsgLength));
240                 ioc->ioctl->status |= MPT_IOCTL_STATUS_RF_VALID;
241
242                 /* Set the command status to GOOD if IOC Status is GOOD
243                  * OR if SCSI I/O cmd and data underrun or recovered error.
244                  */
245                 iocStatus = le16_to_cpu(reply->u.reply.IOCStatus) & MPI_IOCSTATUS_MASK;
246                 if (iocStatus  == MPI_IOCSTATUS_SUCCESS)
247                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
248
249                 if (iocStatus || reply->u.reply.IOCLogInfo)
250                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tiocstatus (0x%04X), "
251                                 "loginfo (0x%08X)\n", ioc->name,
252                                 iocStatus,
253                                 le32_to_cpu(reply->u.reply.IOCLogInfo)));
254
255                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) ||
256                         (cmd == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
257
258                         if (reply->u.sreply.SCSIStatus || reply->u.sreply.SCSIState)
259                                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
260                                         "\tscsi_status (0x%02x), scsi_state (0x%02x), "
261                                         "tag = (0x%04x), transfer_count (0x%08x)\n", ioc->name,
262                                         reply->u.sreply.SCSIStatus,
263                                         reply->u.sreply.SCSIState,
264                                         le16_to_cpu(reply->u.sreply.TaskTag),
265                                         le32_to_cpu(reply->u.sreply.TransferCount)));
266
267                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
268
269                         if ((iocStatus == MPI_IOCSTATUS_SCSI_DATA_UNDERRUN) ||
270                         (iocStatus == MPI_IOCSTATUS_SCSI_RECOVERED_ERROR)) {
271                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
272                         }
273                 }
274
275                 /* Copy the sense data - if present
276                  */
277                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) &&
278                         (reply->u.sreply.SCSIState &
279                          MPI_SCSI_STATE_AUTOSENSE_VALID)){
280                         sz = req->u.scsireq.SenseBufferLength;
281                         req_index =
282                             le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
283                         sense_data =
284                             ((u8 *)ioc->sense_buf_pool +
285                              (req_index * MPT_SENSE_BUFFER_ALLOC));
286                         memcpy(ioc->ioctl->sense, sense_data, sz);
287                         ioc->ioctl->status |= MPT_IOCTL_STATUS_SENSE_VALID;
288                 }
289
290                 if (cmd == MPI_FUNCTION_SCSI_TASK_MGMT)
291                         mptctl_free_tm_flags(ioc);
292
293                 /* We are done, issue wake up
294                  */
295                 ioc->ioctl->wait_done = 1;
296                 wake_up (&mptctl_wait);
297         }
298         return 1;
299 }
300
301 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
302 /* mptctl_timeout_expired
303  *
304  * Expecting an interrupt, however timed out.
305  *
306  */
307 static void mptctl_timeout_expired (MPT_IOCTL *ioctl)
308 {
309         int rc = 1;
310
311         dctlprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT ": Timeout Expired! Host %d\n",
312                                 ioctl->ioc->name, ioctl->ioc->id));
313         if (ioctl == NULL)
314                 return;
315
316         ioctl->wait_done = 0;
317         if (ioctl->reset & MPTCTL_RESET_OK)
318                 rc = mptctl_bus_reset(ioctl);
319
320         if (rc) {
321                 /* Issue a reset for this device.
322                  * The IOC is not responding.
323                  */
324                 dctlprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "Calling HardReset! \n",
325                          ioctl->ioc->name));
326                 mpt_HardResetHandler(ioctl->ioc, CAN_SLEEP);
327         }
328         return;
329
330 }
331
332 /* mptctl_bus_reset
333  *
334  * Bus reset code.
335  *
336  */
337 static int mptctl_bus_reset(MPT_IOCTL *ioctl)
338 {
339         MPT_FRAME_HDR   *mf;
340         SCSITaskMgmt_t  *pScsiTm;
341         MPT_SCSI_HOST   *hd;
342         int              ii;
343         int              retval=0;
344
345
346         ioctl->reset &= ~MPTCTL_RESET_OK;
347
348         if (ioctl->ioc->sh == NULL)
349                 return -EPERM;
350
351         hd = shost_priv(ioctl->ioc->sh);
352         if (hd == NULL)
353                 return -EPERM;
354
355         /* Single threading ....
356          */
357         if (mptctl_set_tm_flags(hd) != 0)
358                 return -EPERM;
359
360         /* Send request
361          */
362         if ((mf = mpt_get_msg_frame(mptctl_id, ioctl->ioc)) == NULL) {
363                 dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt, no msg frames!!\n",
364                                 ioctl->ioc->name));
365
366                 mptctl_free_tm_flags(ioctl->ioc);
367                 return -ENOMEM;
368         }
369
370         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt request @ %p\n",
371                         ioctl->ioc->name, mf));
372
373         pScsiTm = (SCSITaskMgmt_t *) mf;
374         pScsiTm->TargetID = ioctl->id;
375         pScsiTm->Bus = hd->port;        /* 0 */
376         pScsiTm->ChainOffset = 0;
377         pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
378         pScsiTm->Reserved = 0;
379         pScsiTm->TaskType = MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS;
380         pScsiTm->Reserved1 = 0;
381         pScsiTm->MsgFlags = MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
382
383         for (ii= 0; ii < 8; ii++)
384                 pScsiTm->LUN[ii] = 0;
385
386         for (ii=0; ii < 7; ii++)
387                 pScsiTm->Reserved2[ii] = 0;
388
389         pScsiTm->TaskMsgContext = 0;
390         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT
391                 "mptctl_bus_reset: issued.\n", ioctl->ioc->name));
392
393         DBG_DUMP_TM_REQUEST_FRAME(ioctl->ioc, (u32 *)mf);
394
395         ioctl->wait_done=0;
396
397         if ((ioctl->ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
398             (ioctl->ioc->facts.MsgVersion >= MPI_VERSION_01_05))
399                 mpt_put_msg_frame_hi_pri(mptctl_id, ioctl->ioc, mf);
400         else {
401                 retval = mpt_send_handshake_request(mptctl_id, ioctl->ioc,
402                         sizeof(SCSITaskMgmt_t), (u32*)pScsiTm, CAN_SLEEP);
403                 if (retval != 0) {
404                         dfailprintk(ioctl->ioc, printk(MYIOC_s_ERR_FMT "_send_handshake FAILED!"
405                                 " (hd %p, ioc %p, mf %p) \n", hd->ioc->name, hd,
406                                 hd->ioc, mf));
407                         goto mptctl_bus_reset_done;
408                 }
409         }
410
411         /* Now wait for the command to complete */
412         ii = wait_event_timeout(mptctl_wait,
413              ioctl->wait_done == 1,
414              HZ*5 /* 5 second timeout */);
415
416         if(ii <=0 && (ioctl->wait_done != 1 ))  {
417                 mpt_free_msg_frame(hd->ioc, mf);
418                 ioctl->wait_done = 0;
419                 retval = -1; /* return failure */
420         }
421
422 mptctl_bus_reset_done:
423
424         mptctl_free_tm_flags(ioctl->ioc);
425         return retval;
426 }
427
428 static int
429 mptctl_set_tm_flags(MPT_SCSI_HOST *hd) {
430         unsigned long flags;
431
432         spin_lock_irqsave(&hd->ioc->FreeQlock, flags);
433
434         if (hd->tmState == TM_STATE_NONE) {
435                 hd->tmState = TM_STATE_IN_PROGRESS;
436                 hd->tmPending = 1;
437                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
438         } else {
439                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
440                 return -EBUSY;
441         }
442
443         return 0;
444 }
445
446 static void
447 mptctl_free_tm_flags(MPT_ADAPTER *ioc)
448 {
449         MPT_SCSI_HOST * hd;
450         unsigned long flags;
451
452         hd = shost_priv(ioc->sh);
453         if (hd == NULL)
454                 return;
455
456         spin_lock_irqsave(&ioc->FreeQlock, flags);
457
458         hd->tmState = TM_STATE_NONE;
459         hd->tmPending = 0;
460         spin_unlock_irqrestore(&ioc->FreeQlock, flags);
461
462         return;
463 }
464
465 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
466 /* mptctl_ioc_reset
467  *
468  * Clean-up functionality. Used only if there has been a
469  * reload of the FW due.
470  *
471  */
472 static int
473 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
474 {
475         MPT_IOCTL *ioctl = ioc->ioctl;
476         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "IOC %s_reset routed to IOCTL driver!\n", ioc->name,
477                 reset_phase==MPT_IOC_SETUP_RESET ? "setup" : (
478                 reset_phase==MPT_IOC_PRE_RESET ? "pre" : "post")));
479
480         if(ioctl == NULL)
481                 return 1;
482
483         switch(reset_phase) {
484         case MPT_IOC_SETUP_RESET:
485                 ioctl->status |= MPT_IOCTL_STATUS_DID_IOCRESET;
486                 break;
487         case MPT_IOC_POST_RESET:
488                 ioctl->status &= ~MPT_IOCTL_STATUS_DID_IOCRESET;
489                 break;
490         case MPT_IOC_PRE_RESET:
491         default:
492                 break;
493         }
494
495         return 1;
496 }
497
498 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
499 /* ASYNC Event Notification Support */
500 static int
501 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
502 {
503         u8 event;
504
505         event = le32_to_cpu(pEvReply->Event) & 0xFF;
506
507         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "%s() called\n",
508             ioc->name, __func__));
509         if(async_queue == NULL)
510                 return 1;
511
512         /* Raise SIGIO for persistent events.
513          * TODO - this define is not in MPI spec yet,
514          * but they plan to set it to 0x21
515          */
516          if (event == 0x21 ) {
517                 ioc->aen_event_read_flag=1;
518                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Raised SIGIO to application\n",
519                     ioc->name));
520                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
521                     "Raised SIGIO to application\n", ioc->name));
522                 kill_fasync(&async_queue, SIGIO, POLL_IN);
523                 return 1;
524          }
525
526         /* This flag is set after SIGIO was raised, and
527          * remains set until the application has read
528          * the event log via ioctl=MPTEVENTREPORT
529          */
530         if(ioc->aen_event_read_flag)
531                 return 1;
532
533         /* Signal only for the events that are
534          * requested for by the application
535          */
536         if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
537                 ioc->aen_event_read_flag=1;
538                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
539                     "Raised SIGIO to application\n", ioc->name));
540                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
541                     "Raised SIGIO to application\n", ioc->name));
542                 kill_fasync(&async_queue, SIGIO, POLL_IN);
543         }
544         return 1;
545 }
546
547 static int
548 mptctl_fasync(int fd, struct file *filep, int mode)
549 {
550         MPT_ADAPTER     *ioc;
551         int ret;
552
553         lock_kernel();
554         list_for_each_entry(ioc, &ioc_list, list)
555                 ioc->aen_event_read_flag=0;
556
557         ret = fasync_helper(fd, filep, mode, &async_queue);
558         unlock_kernel();
559         return ret;
560 }
561
562 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
563 /*
564  *  MPT ioctl handler
565  *  cmd - specify the particular IOCTL command to be issued
566  *  arg - data specific to the command. Must not be null.
567  */
568 static long
569 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
570 {
571         mpt_ioctl_header __user *uhdr = (void __user *) arg;
572         mpt_ioctl_header         khdr;
573         int iocnum;
574         unsigned iocnumX;
575         int nonblock = (file->f_flags & O_NONBLOCK);
576         int ret;
577         MPT_ADAPTER *iocp = NULL;
578
579         if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
580                 printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d - "
581                                 "Unable to copy mpt_ioctl_header data @ %p\n",
582                                 __FILE__, __LINE__, uhdr);
583                 return -EFAULT;
584         }
585         ret = -ENXIO;                           /* (-6) No such device or address */
586
587         /* Verify intended MPT adapter - set iocnum and the adapter
588          * pointer (iocp)
589          */
590         iocnumX = khdr.iocnum & 0xFF;
591         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
592             (iocp == NULL)) {
593                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - ioc%d not found!\n",
594                                 __FILE__, __LINE__, iocnumX);
595                 return -ENODEV;
596         }
597
598         if (!iocp->active) {
599                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - Controller disabled.\n",
600                                 __FILE__, __LINE__);
601                 return -EFAULT;
602         }
603
604         /* Handle those commands that are just returning
605          * information stored in the driver.
606          * These commands should never time out and are unaffected
607          * by TM and FW reloads.
608          */
609         if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
610                 return mptctl_getiocinfo(arg, _IOC_SIZE(cmd));
611         } else if (cmd == MPTTARGETINFO) {
612                 return mptctl_gettargetinfo(arg);
613         } else if (cmd == MPTTEST) {
614                 return mptctl_readtest(arg);
615         } else if (cmd == MPTEVENTQUERY) {
616                 return mptctl_eventquery(arg);
617         } else if (cmd == MPTEVENTENABLE) {
618                 return mptctl_eventenable(arg);
619         } else if (cmd == MPTEVENTREPORT) {
620                 return mptctl_eventreport(arg);
621         } else if (cmd == MPTFWREPLACE) {
622                 return mptctl_replace_fw(arg);
623         }
624
625         /* All of these commands require an interrupt or
626          * are unknown/illegal.
627          */
628         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
629                 return ret;
630
631         if (cmd == MPTFWDOWNLOAD)
632                 ret = mptctl_fw_download(arg);
633         else if (cmd == MPTCOMMAND)
634                 ret = mptctl_mpt_command(arg);
635         else if (cmd == MPTHARDRESET)
636                 ret = mptctl_do_reset(arg);
637         else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
638                 ret = mptctl_hp_hostinfo(arg, _IOC_SIZE(cmd));
639         else if (cmd == HP_GETTARGETINFO)
640                 ret = mptctl_hp_targetinfo(arg);
641         else
642                 ret = -EINVAL;
643
644         mutex_unlock(&iocp->ioctl->ioctl_mutex);
645
646         return ret;
647 }
648
649 static long
650 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
651 {
652         long ret;
653         lock_kernel();
654         ret = __mptctl_ioctl(file, cmd, arg);
655         unlock_kernel();
656         return ret;
657 }
658
659 static int mptctl_do_reset(unsigned long arg)
660 {
661         struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
662         struct mpt_ioctl_diag_reset krinfo;
663         MPT_ADAPTER             *iocp;
664
665         if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
666                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - "
667                                 "Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
668                                 __FILE__, __LINE__, urinfo);
669                 return -EFAULT;
670         }
671
672         if (mpt_verify_adapter(krinfo.hdr.iocnum, &iocp) < 0) {
673                 printk(KERN_DEBUG MYNAM "%s@%d::mptctl_do_reset - ioc%d not found!\n",
674                                 __FILE__, __LINE__, krinfo.hdr.iocnum);
675                 return -ENODEV; /* (-6) No such device or address */
676         }
677
678         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n",
679             iocp->name));
680
681         if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
682                 printk (MYIOC_s_ERR_FMT "%s@%d::mptctl_do_reset - reset failed.\n",
683                         iocp->name, __FILE__, __LINE__);
684                 return -1;
685         }
686
687         return 0;
688 }
689
690 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
691 /*
692  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
693  * This structure contains: iocnum, firmware length (bytes),
694  *      pointer to user space memory where the fw image is stored.
695  *
696  * Outputs:     None.
697  * Return:      0 if successful
698  *              -EFAULT if data unavailable
699  *              -ENXIO  if no such device
700  *              -EAGAIN if resource problem
701  *              -ENOMEM if no memory for SGE
702  *              -EMLINK if too many chain buffers required
703  *              -EBADRQC if adapter does not support FW download
704  *              -EBUSY if adapter is busy
705  *              -ENOMSG if FW upload returned bad status
706  */
707 static int
708 mptctl_fw_download(unsigned long arg)
709 {
710         struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
711         struct mpt_fw_xfer       kfwdl;
712
713         if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
714                 printk(KERN_ERR MYNAM "%s@%d::_ioctl_fwdl - "
715                                 "Unable to copy mpt_fw_xfer struct @ %p\n",
716                                 __FILE__, __LINE__, ufwdl);
717                 return -EFAULT;
718         }
719
720         return mptctl_do_fw_download(kfwdl.iocnum, kfwdl.bufp, kfwdl.fwlen);
721 }
722
723 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
724 /*
725  * FW Download engine.
726  * Outputs:     None.
727  * Return:      0 if successful
728  *              -EFAULT if data unavailable
729  *              -ENXIO  if no such device
730  *              -EAGAIN if resource problem
731  *              -ENOMEM if no memory for SGE
732  *              -EMLINK if too many chain buffers required
733  *              -EBADRQC if adapter does not support FW download
734  *              -EBUSY if adapter is busy
735  *              -ENOMSG if FW upload returned bad status
736  */
737 static int
738 mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen)
739 {
740         FWDownload_t            *dlmsg;
741         MPT_FRAME_HDR           *mf;
742         MPT_ADAPTER             *iocp;
743         FWDownloadTCSGE_t       *ptsge;
744         MptSge_t                *sgl, *sgIn;
745         char                    *sgOut;
746         struct buflist          *buflist;
747         struct buflist          *bl;
748         dma_addr_t               sgl_dma;
749         int                      ret;
750         int                      numfrags = 0;
751         int                      maxfrags;
752         int                      n = 0;
753         u32                      sgdir;
754         u32                      nib;
755         int                      fw_bytes_copied = 0;
756         int                      i;
757         int                      sge_offset = 0;
758         u16                      iocstat;
759         pFWDownloadReply_t       ReplyMsg = NULL;
760
761         if (mpt_verify_adapter(ioc, &iocp) < 0) {
762                 printk(KERN_DEBUG MYNAM "ioctl_fwdl - ioc%d not found!\n",
763                                  ioc);
764                 return -ENODEV; /* (-6) No such device or address */
765         } else {
766
767                 /*  Valid device. Get a message frame and construct the FW download message.
768                 */
769                 if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
770                         return -EAGAIN;
771         }
772
773         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT
774             "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id));
775         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.bufp  = %p\n",
776             iocp->name, ufwbuf));
777         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n",
778             iocp->name, (int)fwlen));
779         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.ioc   = %04xh\n",
780             iocp->name, ioc));
781
782         dlmsg = (FWDownload_t*) mf;
783         ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
784         sgOut = (char *) (ptsge + 1);
785
786         /*
787          * Construct f/w download request
788          */
789         dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
790         dlmsg->Reserved = 0;
791         dlmsg->ChainOffset = 0;
792         dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
793         dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
794         if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
795                 dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
796         else
797                 dlmsg->MsgFlags = 0;
798
799
800         /* Set up the Transaction SGE.
801          */
802         ptsge->Reserved = 0;
803         ptsge->ContextSize = 0;
804         ptsge->DetailsLength = 12;
805         ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
806         ptsge->Reserved_0100_Checksum = 0;
807         ptsge->ImageOffset = 0;
808         ptsge->ImageSize = cpu_to_le32(fwlen);
809
810         /* Add the SGL
811          */
812
813         /*
814          * Need to kmalloc area(s) for holding firmware image bytes.
815          * But we need to do it piece meal, using a proper
816          * scatter gather list (with 128kB MAX hunks).
817          *
818          * A practical limit here might be # of sg hunks that fit into
819          * a single IOC request frame; 12 or 8 (see below), so:
820          * For FC9xx: 12 x 128kB == 1.5 mB (max)
821          * For C1030:  8 x 128kB == 1   mB (max)
822          * We could support chaining, but things get ugly(ier:)
823          *
824          * Set the sge_offset to the start of the sgl (bytes).
825          */
826         sgdir = 0x04000000;             /* IOC will READ from sys mem */
827         sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
828         if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
829                                     &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
830                 return -ENOMEM;
831
832         /*
833          * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
834          * for FC9xx f/w image, but calculate max number of sge hunks
835          * we can fit into a request frame, and limit ourselves to that.
836          * (currently no chain support)
837          * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
838          *      Request         maxfrags
839          *      128             12
840          *      96              8
841          *      64              4
842          */
843         maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) - sizeof(FWDownloadTCSGE_t))
844                         / (sizeof(dma_addr_t) + sizeof(u32));
845         if (numfrags > maxfrags) {
846                 ret = -EMLINK;
847                 goto fwdl_out;
848         }
849
850         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: sgl buffer = %p, sgfrags = %d\n",
851             iocp->name, sgl, numfrags));
852
853         /*
854          * Parse SG list, copying sgl itself,
855          * plus f/w image hunks from user space as we go...
856          */
857         ret = -EFAULT;
858         sgIn = sgl;
859         bl = buflist;
860         for (i=0; i < numfrags; i++) {
861
862                 /* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
863                  * Skip everything but Simple. If simple, copy from
864                  *      user space into kernel space.
865                  * Note: we should not have anything but Simple as
866                  *      Chain SGE are illegal.
867                  */
868                 nib = (sgIn->FlagsLength & 0x30000000) >> 28;
869                 if (nib == 0 || nib == 3) {
870                         ;
871                 } else if (sgIn->Address) {
872                         mpt_add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
873                         n++;
874                         if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
875                                 printk(MYIOC_s_ERR_FMT "%s@%d::_ioctl_fwdl - "
876                                         "Unable to copy f/w buffer hunk#%d @ %p\n",
877                                         iocp->name, __FILE__, __LINE__, n, ufwbuf);
878                                 goto fwdl_out;
879                         }
880                         fw_bytes_copied += bl->len;
881                 }
882                 sgIn++;
883                 bl++;
884                 sgOut += (sizeof(dma_addr_t) + sizeof(u32));
885         }
886
887         DBG_DUMP_FW_DOWNLOAD(iocp, (u32 *)mf, numfrags);
888
889         /*
890          * Finally, perform firmware download.
891          */
892         ReplyMsg = NULL;
893         mpt_put_msg_frame(mptctl_id, iocp, mf);
894
895         /* Now wait for the command to complete */
896         ret = wait_event_timeout(mptctl_wait,
897              iocp->ioctl->wait_done == 1,
898              HZ*60);
899
900         if(ret <=0 && (iocp->ioctl->wait_done != 1 )) {
901         /* Now we need to reset the board */
902                 mptctl_timeout_expired(iocp->ioctl);
903                 ret = -ENODATA;
904                 goto fwdl_out;
905         }
906
907         if (sgl)
908                 kfree_sgl(sgl, sgl_dma, buflist, iocp);
909
910         ReplyMsg = (pFWDownloadReply_t)iocp->ioctl->ReplyFrame;
911         iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
912         if (iocstat == MPI_IOCSTATUS_SUCCESS) {
913                 printk(MYIOC_s_INFO_FMT "F/W update successfull!\n", iocp->name);
914                 return 0;
915         } else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
916                 printk(MYIOC_s_WARN_FMT "Hmmm...  F/W download not supported!?!\n",
917                         iocp->name);
918                 printk(MYIOC_s_WARN_FMT "(time to go bang on somebodies door)\n",
919                         iocp->name);
920                 return -EBADRQC;
921         } else if (iocstat == MPI_IOCSTATUS_BUSY) {
922                 printk(MYIOC_s_WARN_FMT "IOC_BUSY!\n", iocp->name);
923                 printk(MYIOC_s_WARN_FMT "(try again later?)\n", iocp->name);
924                 return -EBUSY;
925         } else {
926                 printk(MYIOC_s_WARN_FMT "ioctl_fwdl() returned [bad] status = %04xh\n",
927                         iocp->name, iocstat);
928                 printk(MYIOC_s_WARN_FMT "(bad VooDoo)\n", iocp->name);
929                 return -ENOMSG;
930         }
931         return 0;
932
933 fwdl_out:
934         kfree_sgl(sgl, sgl_dma, buflist, iocp);
935         return ret;
936 }
937
938 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
939 /*
940  * SGE Allocation routine
941  *
942  * Inputs:      bytes - number of bytes to be transferred
943  *              sgdir - data direction
944  *              sge_offset - offset (in bytes) from the start of the request
945  *                      frame to the first SGE
946  *              ioc - pointer to the mptadapter
947  * Outputs:     frags - number of scatter gather elements
948  *              blp - point to the buflist pointer
949  *              sglbuf_dma - pointer to the (dma) sgl
950  * Returns:     Null if failes
951  *              pointer to the (virtual) sgl if successful.
952  */
953 static MptSge_t *
954 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
955                  struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
956 {
957         MptSge_t        *sglbuf = NULL;         /* pointer to array of SGE */
958                                                 /* and chain buffers */
959         struct buflist  *buflist = NULL;        /* kernel routine */
960         MptSge_t        *sgl;
961         int              numfrags = 0;
962         int              fragcnt = 0;
963         int              alloc_sz = min(bytes,MAX_KMALLOC_SZ);  // avoid kernel warning msg!
964         int              bytes_allocd = 0;
965         int              this_alloc;
966         dma_addr_t       pa;                                    // phys addr
967         int              i, buflist_ent;
968         int              sg_spill = MAX_FRAGS_SPILL1;
969         int              dir;
970         /* initialization */
971         *frags = 0;
972         *blp = NULL;
973
974         /* Allocate and initialize an array of kernel
975          * structures for the SG elements.
976          */
977         i = MAX_SGL_BYTES / 8;
978         buflist = kzalloc(i, GFP_USER);
979         if (!buflist)
980                 return NULL;
981         buflist_ent = 0;
982
983         /* Allocate a single block of memory to store the sg elements and
984          * the chain buffers.  The calling routine is responsible for
985          * copying the data in this array into the correct place in the
986          * request and chain buffers.
987          */
988         sglbuf = pci_alloc_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf_dma);
989         if (sglbuf == NULL)
990                 goto free_and_fail;
991
992         if (sgdir & 0x04000000)
993                 dir = PCI_DMA_TODEVICE;
994         else
995                 dir = PCI_DMA_FROMDEVICE;
996
997         /* At start:
998          *      sgl = sglbuf = point to beginning of sg buffer
999          *      buflist_ent = 0 = first kernel structure
1000          *      sg_spill = number of SGE that can be written before the first
1001          *              chain element.
1002          *
1003          */
1004         sgl = sglbuf;
1005         sg_spill = ((ioc->req_sz - sge_offset)/(sizeof(dma_addr_t) + sizeof(u32))) - 1;
1006         while (bytes_allocd < bytes) {
1007                 this_alloc = min(alloc_sz, bytes-bytes_allocd);
1008                 buflist[buflist_ent].len = this_alloc;
1009                 buflist[buflist_ent].kptr = pci_alloc_consistent(ioc->pcidev,
1010                                                                  this_alloc,
1011                                                                  &pa);
1012                 if (buflist[buflist_ent].kptr == NULL) {
1013                         alloc_sz = alloc_sz / 2;
1014                         if (alloc_sz == 0) {
1015                                 printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1016                                     "not enough memory!   :-(\n", ioc->name);
1017                                 printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1018                                         ioc->name, numfrags);
1019                                 goto free_and_fail;
1020                         }
1021                         continue;
1022                 } else {
1023                         dma_addr_t dma_addr;
1024
1025                         bytes_allocd += this_alloc;
1026                         sgl->FlagsLength = (0x10000000|MPT_SGE_FLAGS_ADDRESSING|sgdir|this_alloc);
1027                         dma_addr = pci_map_single(ioc->pcidev, buflist[buflist_ent].kptr, this_alloc, dir);
1028                         sgl->Address = dma_addr;
1029
1030                         fragcnt++;
1031                         numfrags++;
1032                         sgl++;
1033                         buflist_ent++;
1034                 }
1035
1036                 if (bytes_allocd >= bytes)
1037                         break;
1038
1039                 /* Need to chain? */
1040                 if (fragcnt == sg_spill) {
1041                         printk(MYIOC_s_WARN_FMT
1042                             "-SG: No can do - " "Chain required!   :-(\n", ioc->name);
1043                         printk(MYIOC_s_WARN_FMT "(freeing %d frags)\n", ioc->name, numfrags);
1044                         goto free_and_fail;
1045                 }
1046
1047                 /* overflow check... */
1048                 if (numfrags*8 > MAX_SGL_BYTES){
1049                         /* GRRRRR... */
1050                         printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1051                                 "too many SG frags!   :-(\n", ioc->name);
1052                         printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1053                                 ioc->name, numfrags);
1054                         goto free_and_fail;
1055                 }
1056         }
1057
1058         /* Last sge fixup: set LE+eol+eob bits */
1059         sgl[-1].FlagsLength |= 0xC1000000;
1060
1061         *frags = numfrags;
1062         *blp = buflist;
1063
1064         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1065            "%d SG frags generated!\n", ioc->name, numfrags));
1066
1067         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1068            "last (big) alloc_sz=%d\n", ioc->name, alloc_sz));
1069
1070         return sglbuf;
1071
1072 free_and_fail:
1073         if (sglbuf != NULL) {
1074                 for (i = 0; i < numfrags; i++) {
1075                         dma_addr_t dma_addr;
1076                         u8 *kptr;
1077                         int len;
1078
1079                         if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1080                                 continue;
1081
1082                         dma_addr = sglbuf[i].Address;
1083                         kptr = buflist[i].kptr;
1084                         len = buflist[i].len;
1085
1086                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1087                 }
1088                 pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf, *sglbuf_dma);
1089         }
1090         kfree(buflist);
1091         return NULL;
1092 }
1093
1094 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1095 /*
1096  * Routine to free the SGL elements.
1097  */
1098 static void
1099 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1100 {
1101         MptSge_t        *sg = sgl;
1102         struct buflist  *bl = buflist;
1103         u32              nib;
1104         int              dir;
1105         int              n = 0;
1106
1107         if (sg->FlagsLength & 0x04000000)
1108                 dir = PCI_DMA_TODEVICE;
1109         else
1110                 dir = PCI_DMA_FROMDEVICE;
1111
1112         nib = (sg->FlagsLength & 0xF0000000) >> 28;
1113         while (! (nib & 0x4)) { /* eob */
1114                 /* skip ignore/chain. */
1115                 if (nib == 0 || nib == 3) {
1116                         ;
1117                 } else if (sg->Address) {
1118                         dma_addr_t dma_addr;
1119                         void *kptr;
1120                         int len;
1121
1122                         dma_addr = sg->Address;
1123                         kptr = bl->kptr;
1124                         len = bl->len;
1125                         pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1126                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1127                         n++;
1128                 }
1129                 sg++;
1130                 bl++;
1131                 nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1132         }
1133
1134         /* we're at eob! */
1135         if (sg->Address) {
1136                 dma_addr_t dma_addr;
1137                 void *kptr;
1138                 int len;
1139
1140                 dma_addr = sg->Address;
1141                 kptr = bl->kptr;
1142                 len = bl->len;
1143                 pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1144                 pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1145                 n++;
1146         }
1147
1148         pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sgl, sgl_dma);
1149         kfree(buflist);
1150         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: Free'd 1 SGL buf + %d kbufs!\n",
1151             ioc->name, n));
1152 }
1153
1154 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1155 /*
1156  *      mptctl_getiocinfo - Query the host adapter for IOC information.
1157  *      @arg: User space argument
1158  *
1159  * Outputs:     None.
1160  * Return:      0 if successful
1161  *              -EFAULT if data unavailable
1162  *              -ENODEV  if no such device/adapter
1163  */
1164 static int
1165 mptctl_getiocinfo (unsigned long arg, unsigned int data_size)
1166 {
1167         struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1168         struct mpt_ioctl_iocinfo *karg;
1169         MPT_ADAPTER             *ioc;
1170         struct pci_dev          *pdev;
1171         int                     iocnum;
1172         unsigned int            port;
1173         int                     cim_rev;
1174         u8                      revision;
1175         struct scsi_device      *sdev;
1176         VirtDevice              *vdevice;
1177
1178         /* Add of PCI INFO results in unaligned access for
1179          * IA64 and Sparc. Reset long to int. Return no PCI
1180          * data for obsolete format.
1181          */
1182         if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1183                 cim_rev = 0;
1184         else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1185                 cim_rev = 1;
1186         else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1187                 cim_rev = 2;
1188         else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1189                 cim_rev = 0;    /* obsolete */
1190         else
1191                 return -EFAULT;
1192
1193         karg = kmalloc(data_size, GFP_KERNEL);
1194         if (karg == NULL) {
1195                 printk(KERN_ERR MYNAM "%s::mpt_ioctl_iocinfo() @%d - no memory available!\n",
1196                                 __FILE__, __LINE__);
1197                 return -ENOMEM;
1198         }
1199
1200         if (copy_from_user(karg, uarg, data_size)) {
1201                 printk(KERN_ERR MYNAM "%s@%d::mptctl_getiocinfo - "
1202                         "Unable to read in mpt_ioctl_iocinfo struct @ %p\n",
1203                                 __FILE__, __LINE__, uarg);
1204                 kfree(karg);
1205                 return -EFAULT;
1206         }
1207
1208         if (((iocnum = mpt_verify_adapter(karg->hdr.iocnum, &ioc)) < 0) ||
1209             (ioc == NULL)) {
1210                 printk(KERN_DEBUG MYNAM "%s::mptctl_getiocinfo() @%d - ioc%d not found!\n",
1211                                 __FILE__, __LINE__, iocnum);
1212                 kfree(karg);
1213                 return -ENODEV;
1214         }
1215
1216         /* Verify the data transfer size is correct. */
1217         if (karg->hdr.maxDataSize != data_size) {
1218                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1219                         "Structure size mismatch. Command not completed.\n",
1220                         ioc->name, __FILE__, __LINE__);
1221                 kfree(karg);
1222                 return -EFAULT;
1223         }
1224
1225         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_getiocinfo called.\n",
1226             ioc->name));
1227
1228         /* Fill in the data and return the structure to the calling
1229          * program
1230          */
1231         if (ioc->bus_type == SAS)
1232                 karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1233         else if (ioc->bus_type == FC)
1234                 karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1235         else
1236                 karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1237
1238         if (karg->hdr.port > 1)
1239                 return -EINVAL;
1240         port = karg->hdr.port;
1241
1242         karg->port = port;
1243         pdev = (struct pci_dev *) ioc->pcidev;
1244
1245         karg->pciId = pdev->device;
1246         pci_read_config_byte(pdev, PCI_CLASS_REVISION, &revision);
1247         karg->hwRev = revision;
1248         karg->subSystemDevice = pdev->subsystem_device;
1249         karg->subSystemVendor = pdev->subsystem_vendor;
1250
1251         if (cim_rev == 1) {
1252                 /* Get the PCI bus, device, and function numbers for the IOC
1253                  */
1254                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1255                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1256                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1257         } else if (cim_rev == 2) {
1258                 /* Get the PCI bus, device, function and segment ID numbers
1259                    for the IOC */
1260                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1261                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1262                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1263                 karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1264         }
1265
1266         /* Get number of devices
1267          */
1268         karg->numDevices = 0;
1269         if (ioc->sh) {
1270                 shost_for_each_device(sdev, ioc->sh) {
1271                         vdevice = sdev->hostdata;
1272                         if (vdevice->vtarget->tflags &
1273                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1274                                 continue;
1275                         karg->numDevices++;
1276                 }
1277         }
1278
1279         /* Set the BIOS and FW Version
1280          */
1281         karg->FWVersion = ioc->facts.FWVersion.Word;
1282         karg->BIOSVersion = ioc->biosVersion;
1283
1284         /* Set the Version Strings.
1285          */
1286         strncpy (karg->driverVersion, MPT_LINUX_PACKAGE_NAME, MPT_IOCTL_VERSION_LENGTH);
1287         karg->driverVersion[MPT_IOCTL_VERSION_LENGTH-1]='\0';
1288
1289         karg->busChangeEvent = 0;
1290         karg->hostId = ioc->pfacts[port].PortSCSIID;
1291         karg->rsvd[0] = karg->rsvd[1] = 0;
1292
1293         /* Copy the data from kernel memory to user memory
1294          */
1295         if (copy_to_user((char __user *)arg, karg, data_size)) {
1296                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1297                         "Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1298                         ioc->name, __FILE__, __LINE__, uarg);
1299                 kfree(karg);
1300                 return -EFAULT;
1301         }
1302
1303         kfree(karg);
1304         return 0;
1305 }
1306
1307 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1308 /*
1309  *      mptctl_gettargetinfo - Query the host adapter for target information.
1310  *      @arg: User space argument
1311  *
1312  * Outputs:     None.
1313  * Return:      0 if successful
1314  *              -EFAULT if data unavailable
1315  *              -ENODEV  if no such device/adapter
1316  */
1317 static int
1318 mptctl_gettargetinfo (unsigned long arg)
1319 {
1320         struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1321         struct mpt_ioctl_targetinfo karg;
1322         MPT_ADAPTER             *ioc;
1323         VirtDevice              *vdevice;
1324         char                    *pmem;
1325         int                     *pdata;
1326         int                     iocnum;
1327         int                     numDevices = 0;
1328         int                     lun;
1329         int                     maxWordsLeft;
1330         int                     numBytes;
1331         u8                      port;
1332         struct scsi_device      *sdev;
1333
1334         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1335                 printk(KERN_ERR MYNAM "%s@%d::mptctl_gettargetinfo - "
1336                         "Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1337                                 __FILE__, __LINE__, uarg);
1338                 return -EFAULT;
1339         }
1340
1341         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1342             (ioc == NULL)) {
1343                 printk(KERN_DEBUG MYNAM "%s::mptctl_gettargetinfo() @%d - ioc%d not found!\n",
1344                                 __FILE__, __LINE__, iocnum);
1345                 return -ENODEV;
1346         }
1347
1348         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n",
1349             ioc->name));
1350         /* Get the port number and set the maximum number of bytes
1351          * in the returned structure.
1352          * Ignore the port setting.
1353          */
1354         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1355         maxWordsLeft = numBytes/sizeof(int);
1356         port = karg.hdr.port;
1357
1358         if (maxWordsLeft <= 0) {
1359                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1360                         ioc->name, __FILE__, __LINE__);
1361                 return -ENOMEM;
1362         }
1363
1364         /* Fill in the data and return the structure to the calling
1365          * program
1366          */
1367
1368         /* struct mpt_ioctl_targetinfo does not contain sufficient space
1369          * for the target structures so when the IOCTL is called, there is
1370          * not sufficient stack space for the structure. Allocate memory,
1371          * populate the memory, copy back to the user, then free memory.
1372          * targetInfo format:
1373          * bits 31-24: reserved
1374          *      23-16: LUN
1375          *      15- 8: Bus Number
1376          *       7- 0: Target ID
1377          */
1378         pmem = kzalloc(numBytes, GFP_KERNEL);
1379         if (!pmem) {
1380                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1381                         ioc->name, __FILE__, __LINE__);
1382                 return -ENOMEM;
1383         }
1384         pdata =  (int *) pmem;
1385
1386         /* Get number of devices
1387          */
1388         if (ioc->sh){
1389                 shost_for_each_device(sdev, ioc->sh) {
1390                         if (!maxWordsLeft)
1391                                 continue;
1392                         vdevice = sdev->hostdata;
1393                         if (vdevice->vtarget->tflags &
1394                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1395                                 continue;
1396                         lun = (vdevice->vtarget->raidVolume) ? 0x80 : vdevice->lun;
1397                         *pdata = (((u8)lun << 16) + (vdevice->vtarget->channel << 8) +
1398                             (vdevice->vtarget->id ));
1399                         pdata++;
1400                         numDevices++;
1401                         --maxWordsLeft;
1402                 }
1403         }
1404         karg.numDevices = numDevices;
1405
1406         /* Copy part of the data from kernel memory to user memory
1407          */
1408         if (copy_to_user((char __user *)arg, &karg,
1409                                 sizeof(struct mpt_ioctl_targetinfo))) {
1410                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1411                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1412                         ioc->name, __FILE__, __LINE__, uarg);
1413                 kfree(pmem);
1414                 return -EFAULT;
1415         }
1416
1417         /* Copy the remaining data from kernel memory to user memory
1418          */
1419         if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1420                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1421                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1422                         ioc->name, __FILE__, __LINE__, pdata);
1423                 kfree(pmem);
1424                 return -EFAULT;
1425         }
1426
1427         kfree(pmem);
1428
1429         return 0;
1430 }
1431
1432 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1433 /* MPT IOCTL Test function.
1434  *
1435  * Outputs:     None.
1436  * Return:      0 if successful
1437  *              -EFAULT if data unavailable
1438  *              -ENODEV  if no such device/adapter
1439  */
1440 static int
1441 mptctl_readtest (unsigned long arg)
1442 {
1443         struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1444         struct mpt_ioctl_test    karg;
1445         MPT_ADAPTER *ioc;
1446         int iocnum;
1447
1448         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1449                 printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - "
1450                         "Unable to read in mpt_ioctl_test struct @ %p\n",
1451                                 __FILE__, __LINE__, uarg);
1452                 return -EFAULT;
1453         }
1454
1455         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1456             (ioc == NULL)) {
1457                 printk(KERN_DEBUG MYNAM "%s::mptctl_readtest() @%d - ioc%d not found!\n",
1458                                 __FILE__, __LINE__, iocnum);
1459                 return -ENODEV;
1460         }
1461
1462         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n",
1463             ioc->name));
1464         /* Fill in the data and return the structure to the calling
1465          * program
1466          */
1467
1468 #ifdef MFCNT
1469         karg.chip_type = ioc->mfcnt;
1470 #else
1471         karg.chip_type = ioc->pcidev->device;
1472 #endif
1473         strncpy (karg.name, ioc->name, MPT_MAX_NAME);
1474         karg.name[MPT_MAX_NAME-1]='\0';
1475         strncpy (karg.product, ioc->prod_name, MPT_PRODUCT_LENGTH);
1476         karg.product[MPT_PRODUCT_LENGTH-1]='\0';
1477
1478         /* Copy the data from kernel memory to user memory
1479          */
1480         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1481                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_readtest - "
1482                         "Unable to write out mpt_ioctl_test struct @ %p\n",
1483                         ioc->name, __FILE__, __LINE__, uarg);
1484                 return -EFAULT;
1485         }
1486
1487         return 0;
1488 }
1489
1490 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1491 /*
1492  *      mptctl_eventquery - Query the host adapter for the event types
1493  *      that are being logged.
1494  *      @arg: User space argument
1495  *
1496  * Outputs:     None.
1497  * Return:      0 if successful
1498  *              -EFAULT if data unavailable
1499  *              -ENODEV  if no such device/adapter
1500  */
1501 static int
1502 mptctl_eventquery (unsigned long arg)
1503 {
1504         struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1505         struct mpt_ioctl_eventquery      karg;
1506         MPT_ADAPTER *ioc;
1507         int iocnum;
1508
1509         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1510                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - "
1511                         "Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1512                                 __FILE__, __LINE__, uarg);
1513                 return -EFAULT;
1514         }
1515
1516         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1517             (ioc == NULL)) {
1518                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventquery() @%d - ioc%d not found!\n",
1519                                 __FILE__, __LINE__, iocnum);
1520                 return -ENODEV;
1521         }
1522
1523         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n",
1524             ioc->name));
1525         karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1526         karg.eventTypes = ioc->eventTypes;
1527
1528         /* Copy the data from kernel memory to user memory
1529          */
1530         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1531                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventquery - "
1532                         "Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1533                         ioc->name, __FILE__, __LINE__, uarg);
1534                 return -EFAULT;
1535         }
1536         return 0;
1537 }
1538
1539 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1540 static int
1541 mptctl_eventenable (unsigned long arg)
1542 {
1543         struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1544         struct mpt_ioctl_eventenable     karg;
1545         MPT_ADAPTER *ioc;
1546         int iocnum;
1547
1548         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1549                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - "
1550                         "Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1551                                 __FILE__, __LINE__, uarg);
1552                 return -EFAULT;
1553         }
1554
1555         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1556             (ioc == NULL)) {
1557                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventenable() @%d - ioc%d not found!\n",
1558                                 __FILE__, __LINE__, iocnum);
1559                 return -ENODEV;
1560         }
1561
1562         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n",
1563             ioc->name));
1564         if (ioc->events == NULL) {
1565                 /* Have not yet allocated memory - do so now.
1566                  */
1567                 int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1568                 ioc->events = kzalloc(sz, GFP_KERNEL);
1569                 if (!ioc->events) {
1570                         printk(MYIOC_s_ERR_FMT
1571                             ": ERROR - Insufficient memory to add adapter!\n",
1572                             ioc->name);
1573                         return -ENOMEM;
1574                 }
1575                 ioc->alloc_total += sz;
1576
1577                 ioc->eventContext = 0;
1578         }
1579
1580         /* Update the IOC event logging flag.
1581          */
1582         ioc->eventTypes = karg.eventTypes;
1583
1584         return 0;
1585 }
1586
1587 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1588 static int
1589 mptctl_eventreport (unsigned long arg)
1590 {
1591         struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1592         struct mpt_ioctl_eventreport     karg;
1593         MPT_ADAPTER              *ioc;
1594         int                      iocnum;
1595         int                      numBytes, maxEvents, max;
1596
1597         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1598                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventreport - "
1599                         "Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1600                                 __FILE__, __LINE__, uarg);
1601                 return -EFAULT;
1602         }
1603
1604         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1605             (ioc == NULL)) {
1606                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventreport() @%d - ioc%d not found!\n",
1607                                 __FILE__, __LINE__, iocnum);
1608                 return -ENODEV;
1609         }
1610         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n",
1611             ioc->name));
1612
1613         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1614         maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1615
1616
1617         max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1618
1619         /* If fewer than 1 event is requested, there must have
1620          * been some type of error.
1621          */
1622         if ((max < 1) || !ioc->events)
1623                 return -ENODATA;
1624
1625         /* reset this flag so SIGIO can restart */
1626         ioc->aen_event_read_flag=0;
1627
1628         /* Copy the data from kernel memory to user memory
1629          */
1630         numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1631         if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1632                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventreport - "
1633                         "Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1634                         ioc->name, __FILE__, __LINE__, ioc->events);
1635                 return -EFAULT;
1636         }
1637
1638         return 0;
1639 }
1640
1641 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1642 static int
1643 mptctl_replace_fw (unsigned long arg)
1644 {
1645         struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1646         struct mpt_ioctl_replace_fw      karg;
1647         MPT_ADAPTER              *ioc;
1648         int                      iocnum;
1649         int                      newFwSize;
1650
1651         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1652                 printk(KERN_ERR MYNAM "%s@%d::mptctl_replace_fw - "
1653                         "Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1654                                 __FILE__, __LINE__, uarg);
1655                 return -EFAULT;
1656         }
1657
1658         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1659             (ioc == NULL)) {
1660                 printk(KERN_DEBUG MYNAM "%s::mptctl_replace_fw() @%d - ioc%d not found!\n",
1661                                 __FILE__, __LINE__, iocnum);
1662                 return -ENODEV;
1663         }
1664
1665         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n",
1666             ioc->name));
1667         /* If caching FW, Free the old FW image
1668          */
1669         if (ioc->cached_fw == NULL)
1670                 return 0;
1671
1672         mpt_free_fw_memory(ioc);
1673
1674         /* Allocate memory for the new FW image
1675          */
1676         newFwSize = karg.newImageSize;
1677
1678         if (newFwSize & 0x01)
1679                 newFwSize += 1;
1680         if (newFwSize & 0x02)
1681                 newFwSize += 2;
1682
1683         mpt_alloc_fw_memory(ioc, newFwSize);
1684         if (ioc->cached_fw == NULL)
1685                 return -ENOMEM;
1686
1687         /* Copy the data from user memory to kernel space
1688          */
1689         if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1690                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_replace_fw - "
1691                                 "Unable to read in mpt_ioctl_replace_fw image "
1692                                 "@ %p\n", ioc->name, __FILE__, __LINE__, uarg);
1693                 mpt_free_fw_memory(ioc);
1694                 return -EFAULT;
1695         }
1696
1697         /* Update IOCFactsReply
1698          */
1699         ioc->facts.FWImageSize = newFwSize;
1700         return 0;
1701 }
1702
1703 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1704 /* MPT IOCTL MPTCOMMAND function.
1705  * Cast the arg into the mpt_ioctl_mpt_command structure.
1706  *
1707  * Outputs:     None.
1708  * Return:      0 if successful
1709  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1710  *              -EFAULT if data unavailable
1711  *              -ENODEV if no such device/adapter
1712  *              -ETIME  if timer expires
1713  *              -ENOMEM if memory allocation error
1714  */
1715 static int
1716 mptctl_mpt_command (unsigned long arg)
1717 {
1718         struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1719         struct mpt_ioctl_command  karg;
1720         MPT_ADAPTER     *ioc;
1721         int             iocnum;
1722         int             rc;
1723
1724
1725         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1726                 printk(KERN_ERR MYNAM "%s@%d::mptctl_mpt_command - "
1727                         "Unable to read in mpt_ioctl_command struct @ %p\n",
1728                                 __FILE__, __LINE__, uarg);
1729                 return -EFAULT;
1730         }
1731
1732         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1733             (ioc == NULL)) {
1734                 printk(KERN_DEBUG MYNAM "%s::mptctl_mpt_command() @%d - ioc%d not found!\n",
1735                                 __FILE__, __LINE__, iocnum);
1736                 return -ENODEV;
1737         }
1738
1739         rc = mptctl_do_mpt_command (karg, &uarg->MF);
1740
1741         return rc;
1742 }
1743
1744 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1745 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1746  *
1747  * Outputs:     None.
1748  * Return:      0 if successful
1749  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1750  *              -EFAULT if data unavailable
1751  *              -ENODEV if no such device/adapter
1752  *              -ETIME  if timer expires
1753  *              -ENOMEM if memory allocation error
1754  *              -EPERM if SCSI I/O and target is untagged
1755  */
1756 static int
1757 mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr)
1758 {
1759         MPT_ADAPTER     *ioc;
1760         MPT_FRAME_HDR   *mf = NULL;
1761         MPIHeader_t     *hdr;
1762         char            *psge;
1763         struct buflist  bufIn;  /* data In buffer */
1764         struct buflist  bufOut; /* data Out buffer */
1765         dma_addr_t      dma_addr_in;
1766         dma_addr_t      dma_addr_out;
1767         int             sgSize = 0;     /* Num SG elements */
1768         int             iocnum, flagsLength;
1769         int             sz, rc = 0;
1770         int             msgContext;
1771         u16             req_idx;
1772         ulong           timeout;
1773         struct scsi_device *sdev;
1774
1775         /* bufIn and bufOut are used for user to kernel space transfers
1776          */
1777         bufIn.kptr = bufOut.kptr = NULL;
1778         bufIn.len = bufOut.len = 0;
1779
1780         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1781             (ioc == NULL)) {
1782                 printk(KERN_DEBUG MYNAM "%s::mptctl_do_mpt_command() @%d - ioc%d not found!\n",
1783                                 __FILE__, __LINE__, iocnum);
1784                 return -ENODEV;
1785         }
1786         if (!ioc->ioctl) {
1787                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1788                         "No memory available during driver init.\n",
1789                                 __FILE__, __LINE__);
1790                 return -ENOMEM;
1791         } else if (ioc->ioctl->status & MPT_IOCTL_STATUS_DID_IOCRESET) {
1792                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1793                         "Busy with IOC Reset \n", __FILE__, __LINE__);
1794                 return -EBUSY;
1795         }
1796
1797         /* Verify that the final request frame will not be too large.
1798          */
1799         sz = karg.dataSgeOffset * 4;
1800         if (karg.dataInSize > 0)
1801                 sz += sizeof(dma_addr_t) + sizeof(u32);
1802         if (karg.dataOutSize > 0)
1803                 sz += sizeof(dma_addr_t) + sizeof(u32);
1804
1805         if (sz > ioc->req_sz) {
1806                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1807                         "Request frame too large (%d) maximum (%d)\n",
1808                         ioc->name, __FILE__, __LINE__, sz, ioc->req_sz);
1809                 return -EFAULT;
1810         }
1811
1812         /* Get a free request frame and save the message context.
1813          */
1814         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1815                 return -EAGAIN;
1816
1817         hdr = (MPIHeader_t *) mf;
1818         msgContext = le32_to_cpu(hdr->MsgContext);
1819         req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1820
1821         /* Copy the request frame
1822          * Reset the saved message context.
1823          * Request frame in user space
1824          */
1825         if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1826                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1827                         "Unable to read MF from mpt_ioctl_command struct @ %p\n",
1828                         ioc->name, __FILE__, __LINE__, mfPtr);
1829                 rc = -EFAULT;
1830                 goto done_free_mem;
1831         }
1832         hdr->MsgContext = cpu_to_le32(msgContext);
1833
1834
1835         /* Verify that this request is allowed.
1836          */
1837         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sending mpi function (0x%02X), req=%p\n",
1838             ioc->name, hdr->Function, mf));
1839
1840         switch (hdr->Function) {
1841         case MPI_FUNCTION_IOC_FACTS:
1842         case MPI_FUNCTION_PORT_FACTS:
1843                 karg.dataOutSize  = karg.dataInSize = 0;
1844                 break;
1845
1846         case MPI_FUNCTION_CONFIG:
1847         {
1848                 Config_t *config_frame;
1849                 config_frame = (Config_t *)mf;
1850                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\ttype=0x%02x ext_type=0x%02x "
1851                     "number=0x%02x action=0x%02x\n", ioc->name,
1852                     config_frame->Header.PageType,
1853                     config_frame->ExtPageType,
1854                     config_frame->Header.PageNumber,
1855                     config_frame->Action));
1856                 break;
1857         }
1858
1859         case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1860         case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1861         case MPI_FUNCTION_FW_UPLOAD:
1862         case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1863         case MPI_FUNCTION_FW_DOWNLOAD:
1864         case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1865         case MPI_FUNCTION_TOOLBOX:
1866         case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1867                 break;
1868
1869         case MPI_FUNCTION_SCSI_IO_REQUEST:
1870                 if (ioc->sh) {
1871                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1872                         int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1873                         int scsidir = 0;
1874                         int dataSize;
1875                         u32 id;
1876
1877                         id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1878                         if (pScsiReq->TargetID > id) {
1879                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1880                                         "Target ID out of bounds. \n",
1881                                         ioc->name, __FILE__, __LINE__);
1882                                 rc = -ENODEV;
1883                                 goto done_free_mem;
1884                         }
1885
1886                         if (pScsiReq->Bus >= ioc->number_of_buses) {
1887                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1888                                         "Target Bus out of bounds. \n",
1889                                         ioc->name, __FILE__, __LINE__);
1890                                 rc = -ENODEV;
1891                                 goto done_free_mem;
1892                         }
1893
1894                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1895                         pScsiReq->MsgFlags |= mpt_msg_flags();
1896
1897
1898                         /* verify that app has not requested
1899                          *      more sense data than driver
1900                          *      can provide, if so, reset this parameter
1901                          * set the sense buffer pointer low address
1902                          * update the control field to specify Q type
1903                          */
1904                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1905                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1906                         else
1907                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1908
1909                         pScsiReq->SenseBufferLowAddr =
1910                                 cpu_to_le32(ioc->sense_buf_low_dma
1911                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1912
1913                         shost_for_each_device(sdev, ioc->sh) {
1914                                 struct scsi_target *starget = scsi_target(sdev);
1915                                 VirtTarget *vtarget = starget->hostdata;
1916
1917                                 if ((pScsiReq->TargetID == vtarget->id) &&
1918                                     (pScsiReq->Bus == vtarget->channel) &&
1919                                     (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1920                                         qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1921                         }
1922
1923                         /* Have the IOCTL driver set the direction based
1924                          * on the dataOutSize (ordering issue with Sparc).
1925                          */
1926                         if (karg.dataOutSize > 0) {
1927                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
1928                                 dataSize = karg.dataOutSize;
1929                         } else {
1930                                 scsidir = MPI_SCSIIO_CONTROL_READ;
1931                                 dataSize = karg.dataInSize;
1932                         }
1933
1934                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1935                         pScsiReq->DataLength = cpu_to_le32(dataSize);
1936
1937                         ioc->ioctl->reset = MPTCTL_RESET_OK;
1938                         ioc->ioctl->id = pScsiReq->TargetID;
1939
1940                 } else {
1941                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1942                                 "SCSI driver is not loaded. \n",
1943                                 ioc->name, __FILE__, __LINE__);
1944                         rc = -EFAULT;
1945                         goto done_free_mem;
1946                 }
1947                 break;
1948
1949         case MPI_FUNCTION_SMP_PASSTHROUGH:
1950                 /* Check mf->PassthruFlags to determine if
1951                  * transfer is ImmediateMode or not.
1952                  * Immediate mode returns data in the ReplyFrame.
1953                  * Else, we are sending request and response data
1954                  * in two SGLs at the end of the mf.
1955                  */
1956                 break;
1957
1958         case MPI_FUNCTION_SATA_PASSTHROUGH:
1959                 if (!ioc->sh) {
1960                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1961                                 "SCSI driver is not loaded. \n",
1962                                 ioc->name, __FILE__, __LINE__);
1963                         rc = -EFAULT;
1964                         goto done_free_mem;
1965                 }
1966                 break;
1967
1968         case MPI_FUNCTION_RAID_ACTION:
1969                 /* Just add a SGE
1970                  */
1971                 break;
1972
1973         case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
1974                 if (ioc->sh) {
1975                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1976                         int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1977                         int scsidir = MPI_SCSIIO_CONTROL_READ;
1978                         int dataSize;
1979
1980                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1981                         pScsiReq->MsgFlags |= mpt_msg_flags();
1982
1983
1984                         /* verify that app has not requested
1985                          *      more sense data than driver
1986                          *      can provide, if so, reset this parameter
1987                          * set the sense buffer pointer low address
1988                          * update the control field to specify Q type
1989                          */
1990                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1991                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1992                         else
1993                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1994
1995                         pScsiReq->SenseBufferLowAddr =
1996                                 cpu_to_le32(ioc->sense_buf_low_dma
1997                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1998
1999                         /* All commands to physical devices are tagged
2000                          */
2001
2002                         /* Have the IOCTL driver set the direction based
2003                          * on the dataOutSize (ordering issue with Sparc).
2004                          */
2005                         if (karg.dataOutSize > 0) {
2006                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
2007                                 dataSize = karg.dataOutSize;
2008                         } else {
2009                                 scsidir = MPI_SCSIIO_CONTROL_READ;
2010                                 dataSize = karg.dataInSize;
2011                         }
2012
2013                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
2014                         pScsiReq->DataLength = cpu_to_le32(dataSize);
2015
2016                         ioc->ioctl->reset = MPTCTL_RESET_OK;
2017                         ioc->ioctl->id = pScsiReq->TargetID;
2018                 } else {
2019                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2020                                 "SCSI driver is not loaded. \n",
2021                                 ioc->name, __FILE__, __LINE__);
2022                         rc = -EFAULT;
2023                         goto done_free_mem;
2024                 }
2025                 break;
2026
2027         case MPI_FUNCTION_SCSI_TASK_MGMT:
2028                 {
2029                         MPT_SCSI_HOST *hd = NULL;
2030                         if ((ioc->sh == NULL) || ((hd = shost_priv(ioc->sh)) == NULL)) {
2031                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2032                                         "SCSI driver not loaded or SCSI host not found. \n",
2033                                         ioc->name, __FILE__, __LINE__);
2034                                 rc = -EFAULT;
2035                                 goto done_free_mem;
2036                         } else if (mptctl_set_tm_flags(hd) != 0) {
2037                                 rc = -EPERM;
2038                                 goto done_free_mem;
2039                         }
2040                 }
2041                 break;
2042
2043         case MPI_FUNCTION_IOC_INIT:
2044                 {
2045                         IOCInit_t       *pInit = (IOCInit_t *) mf;
2046                         u32             high_addr, sense_high;
2047
2048                         /* Verify that all entries in the IOC INIT match
2049                          * existing setup (and in LE format).
2050                          */
2051                         if (sizeof(dma_addr_t) == sizeof(u64)) {
2052                                 high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2053                                 sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2054                         } else {
2055                                 high_addr = 0;
2056                                 sense_high= 0;
2057                         }
2058
2059                         if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2060                                 (pInit->MaxBuses != ioc->facts.MaxBuses) ||
2061                                 (pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2062                                 (pInit->HostMfaHighAddr != high_addr) ||
2063                                 (pInit->SenseBufferHighAddr != sense_high)) {
2064                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2065                                         "IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2066                                         ioc->name, __FILE__, __LINE__);
2067                                 rc = -EFAULT;
2068                                 goto done_free_mem;
2069                         }
2070                 }
2071                 break;
2072         default:
2073                 /*
2074                  * MPI_FUNCTION_PORT_ENABLE
2075                  * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2076                  * MPI_FUNCTION_TARGET_ASSIST
2077                  * MPI_FUNCTION_TARGET_STATUS_SEND
2078                  * MPI_FUNCTION_TARGET_MODE_ABORT
2079                  * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2080                  * MPI_FUNCTION_IO_UNIT_RESET
2081                  * MPI_FUNCTION_HANDSHAKE
2082                  * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2083                  * MPI_FUNCTION_EVENT_NOTIFICATION
2084                  *  (driver handles event notification)
2085                  * MPI_FUNCTION_EVENT_ACK
2086                  */
2087
2088                 /*  What to do with these???  CHECK ME!!!
2089                         MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2090                         MPI_FUNCTION_FC_LINK_SRVC_RSP
2091                         MPI_FUNCTION_FC_ABORT
2092                         MPI_FUNCTION_LAN_SEND
2093                         MPI_FUNCTION_LAN_RECEIVE
2094                         MPI_FUNCTION_LAN_RESET
2095                 */
2096
2097                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2098                         "Illegal request (function 0x%x) \n",
2099                         ioc->name, __FILE__, __LINE__, hdr->Function);
2100                 rc = -EFAULT;
2101                 goto done_free_mem;
2102         }
2103
2104         /* Add the SGL ( at most one data in SGE and one data out SGE )
2105          * In the case of two SGE's - the data out (write) will always
2106          * preceede the data in (read) SGE. psgList is used to free the
2107          * allocated memory.
2108          */
2109         psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2110         flagsLength = 0;
2111
2112         if (karg.dataOutSize > 0)
2113                 sgSize ++;
2114
2115         if (karg.dataInSize > 0)
2116                 sgSize ++;
2117
2118         if (sgSize > 0) {
2119
2120                 /* Set up the dataOut memory allocation */
2121                 if (karg.dataOutSize > 0) {
2122                         if (karg.dataInSize > 0) {
2123                                 flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2124                                                 MPI_SGE_FLAGS_END_OF_BUFFER |
2125                                                 MPI_SGE_FLAGS_DIRECTION |
2126                                                 mpt_addr_size() )
2127                                                 << MPI_SGE_FLAGS_SHIFT;
2128                         } else {
2129                                 flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2130                         }
2131                         flagsLength |= karg.dataOutSize;
2132                         bufOut.len = karg.dataOutSize;
2133                         bufOut.kptr = pci_alloc_consistent(
2134                                         ioc->pcidev, bufOut.len, &dma_addr_out);
2135
2136                         if (bufOut.kptr == NULL) {
2137                                 rc = -ENOMEM;
2138                                 goto done_free_mem;
2139                         } else {
2140                                 /* Set up this SGE.
2141                                  * Copy to MF and to sglbuf
2142                                  */
2143                                 mpt_add_sge(psge, flagsLength, dma_addr_out);
2144                                 psge += (sizeof(u32) + sizeof(dma_addr_t));
2145
2146                                 /* Copy user data to kernel space.
2147                                  */
2148                                 if (copy_from_user(bufOut.kptr,
2149                                                 karg.dataOutBufPtr,
2150                                                 bufOut.len)) {
2151                                         printk(MYIOC_s_ERR_FMT
2152                                                 "%s@%d::mptctl_do_mpt_command - Unable "
2153                                                 "to read user data "
2154                                                 "struct @ %p\n",
2155                                                 ioc->name, __FILE__, __LINE__,karg.dataOutBufPtr);
2156                                         rc =  -EFAULT;
2157                                         goto done_free_mem;
2158                                 }
2159                         }
2160                 }
2161
2162                 if (karg.dataInSize > 0) {
2163                         flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2164                         flagsLength |= karg.dataInSize;
2165
2166                         bufIn.len = karg.dataInSize;
2167                         bufIn.kptr = pci_alloc_consistent(ioc->pcidev,
2168                                         bufIn.len, &dma_addr_in);
2169
2170                         if (bufIn.kptr == NULL) {
2171                                 rc = -ENOMEM;
2172                                 goto done_free_mem;
2173                         } else {
2174                                 /* Set up this SGE
2175                                  * Copy to MF and to sglbuf
2176                                  */
2177                                 mpt_add_sge(psge, flagsLength, dma_addr_in);
2178                         }
2179                 }
2180         } else  {
2181                 /* Add a NULL SGE
2182                  */
2183                 mpt_add_sge(psge, flagsLength, (dma_addr_t) -1);
2184         }
2185
2186         ioc->ioctl->wait_done = 0;
2187         if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2188
2189                 DBG_DUMP_TM_REQUEST_FRAME(ioc, (u32 *)mf);
2190
2191                 if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
2192                     (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
2193                         mpt_put_msg_frame_hi_pri(mptctl_id, ioc, mf);
2194                 else {
2195                         rc =mpt_send_handshake_request(mptctl_id, ioc,
2196                                 sizeof(SCSITaskMgmt_t), (u32*)mf, CAN_SLEEP);
2197                         if (rc != 0) {
2198                                 dfailprintk(ioc, printk(MYIOC_s_ERR_FMT
2199                                     "_send_handshake FAILED! (ioc %p, mf %p)\n",
2200                                     ioc->name, ioc, mf));
2201                                 mptctl_free_tm_flags(ioc);
2202                                 rc = -ENODATA;
2203                                 goto done_free_mem;
2204                         }
2205                 }
2206
2207         } else
2208                 mpt_put_msg_frame(mptctl_id, ioc, mf);
2209
2210         /* Now wait for the command to complete */
2211         timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2212         timeout = wait_event_timeout(mptctl_wait,
2213              ioc->ioctl->wait_done == 1,
2214              HZ*timeout);
2215
2216         if(timeout <=0 && (ioc->ioctl->wait_done != 1 )) {
2217         /* Now we need to reset the board */
2218
2219                 if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT)
2220                         mptctl_free_tm_flags(ioc);
2221
2222                 mptctl_timeout_expired(ioc->ioctl);
2223                 rc = -ENODATA;
2224                 goto done_free_mem;
2225         }
2226
2227         mf = NULL;
2228
2229         /* If a valid reply frame, copy to the user.
2230          * Offset 2: reply length in U32's
2231          */
2232         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID) {
2233                 if (karg.maxReplyBytes < ioc->reply_sz) {
2234                          sz = min(karg.maxReplyBytes, 4*ioc->ioctl->ReplyFrame[2]);
2235                 } else {
2236                          sz = min(ioc->reply_sz, 4*ioc->ioctl->ReplyFrame[2]);
2237                 }
2238
2239                 if (sz > 0) {
2240                         if (copy_to_user(karg.replyFrameBufPtr,
2241                                  &ioc->ioctl->ReplyFrame, sz)){
2242                                  printk(MYIOC_s_ERR_FMT
2243                                      "%s@%d::mptctl_do_mpt_command - "
2244                                  "Unable to write out reply frame %p\n",
2245                                  ioc->name, __FILE__, __LINE__, karg.replyFrameBufPtr);
2246                                  rc =  -ENODATA;
2247                                  goto done_free_mem;
2248                         }
2249                 }
2250         }
2251
2252         /* If valid sense data, copy to user.
2253          */
2254         if (ioc->ioctl->status & MPT_IOCTL_STATUS_SENSE_VALID) {
2255                 sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2256                 if (sz > 0) {
2257                         if (copy_to_user(karg.senseDataPtr, ioc->ioctl->sense, sz)) {
2258                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2259                                 "Unable to write sense data to user %p\n",
2260                                 ioc->name, __FILE__, __LINE__,
2261                                 karg.senseDataPtr);
2262                                 rc =  -ENODATA;
2263                                 goto done_free_mem;
2264                         }
2265                 }
2266         }
2267
2268         /* If the overall status is _GOOD and data in, copy data
2269          * to user.
2270          */
2271         if ((ioc->ioctl->status & MPT_IOCTL_STATUS_COMMAND_GOOD) &&
2272                                 (karg.dataInSize > 0) && (bufIn.kptr)) {
2273
2274                 if (copy_to_user(karg.dataInBufPtr,
2275                                  bufIn.kptr, karg.dataInSize)) {
2276                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2277                                 "Unable to write data to user %p\n",
2278                                 ioc->name, __FILE__, __LINE__,
2279                                 karg.dataInBufPtr);
2280                         rc =  -ENODATA;
2281                 }
2282         }
2283
2284 done_free_mem:
2285
2286         ioc->ioctl->status &= ~(MPT_IOCTL_STATUS_COMMAND_GOOD |
2287                 MPT_IOCTL_STATUS_SENSE_VALID |
2288                 MPT_IOCTL_STATUS_RF_VALID );
2289
2290         /* Free the allocated memory.
2291          */
2292         if (bufOut.kptr != NULL) {
2293                 pci_free_consistent(ioc->pcidev,
2294                         bufOut.len, (void *) bufOut.kptr, dma_addr_out);
2295         }
2296
2297         if (bufIn.kptr != NULL) {
2298                 pci_free_consistent(ioc->pcidev,
2299                         bufIn.len, (void *) bufIn.kptr, dma_addr_in);
2300         }
2301
2302         /* mf is null if command issued successfully
2303          * otherwise, failure occured after mf acquired.
2304          */
2305         if (mf)
2306                 mpt_free_msg_frame(ioc, mf);
2307
2308         return rc;
2309 }
2310
2311 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2312 /* Prototype Routine for the HOST INFO command.
2313  *
2314  * Outputs:     None.
2315  * Return:      0 if successful
2316  *              -EFAULT if data unavailable
2317  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2318  *              -ENODEV if no such device/adapter
2319  *              -ETIME  if timer expires
2320  *              -ENOMEM if memory allocation error
2321  */
2322 static int
2323 mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size)
2324 {
2325         hp_host_info_t  __user *uarg = (void __user *) arg;
2326         MPT_ADAPTER             *ioc;
2327         struct pci_dev          *pdev;
2328         char                    *pbuf=NULL;
2329         dma_addr_t              buf_dma;
2330         hp_host_info_t          karg;
2331         CONFIGPARMS             cfg;
2332         ConfigPageHeader_t      hdr;
2333         int                     iocnum;
2334         int                     rc, cim_rev;
2335         ToolboxIstwiReadWriteRequest_t  *IstwiRWRequest;
2336         MPT_FRAME_HDR           *mf = NULL;
2337         MPIHeader_t             *mpi_hdr;
2338
2339         /* Reset long to int. Should affect IA64 and SPARC only
2340          */
2341         if (data_size == sizeof(hp_host_info_t))
2342                 cim_rev = 1;
2343         else if (data_size == sizeof(hp_host_info_rev0_t))
2344                 cim_rev = 0;    /* obsolete */
2345         else
2346                 return -EFAULT;
2347
2348         if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2349                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_host_info - "
2350                         "Unable to read in hp_host_info struct @ %p\n",
2351                                 __FILE__, __LINE__, uarg);
2352                 return -EFAULT;
2353         }
2354
2355         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2356             (ioc == NULL)) {
2357                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_hostinfo() @%d - ioc%d not found!\n",
2358                                 __FILE__, __LINE__, iocnum);
2359                 return -ENODEV;
2360         }
2361         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n",
2362             ioc->name));
2363
2364         /* Fill in the data and return the structure to the calling
2365          * program
2366          */
2367         pdev = (struct pci_dev *) ioc->pcidev;
2368
2369         karg.vendor = pdev->vendor;
2370         karg.device = pdev->device;
2371         karg.subsystem_id = pdev->subsystem_device;
2372         karg.subsystem_vendor = pdev->subsystem_vendor;
2373         karg.devfn = pdev->devfn;
2374         karg.bus = pdev->bus->number;
2375
2376         /* Save the SCSI host no. if
2377          * SCSI driver loaded
2378          */
2379         if (ioc->sh != NULL)
2380                 karg.host_no = ioc->sh->host_no;
2381         else
2382                 karg.host_no =  -1;
2383
2384         /* Reformat the fw_version into a string
2385          */
2386         karg.fw_version[0] = ioc->facts.FWVersion.Struct.Major >= 10 ?
2387                 ((ioc->facts.FWVersion.Struct.Major / 10) + '0') : '0';
2388         karg.fw_version[1] = (ioc->facts.FWVersion.Struct.Major % 10 ) + '0';
2389         karg.fw_version[2] = '.';
2390         karg.fw_version[3] = ioc->facts.FWVersion.Struct.Minor >= 10 ?
2391                 ((ioc->facts.FWVersion.Struct.Minor / 10) + '0') : '0';
2392         karg.fw_version[4] = (ioc->facts.FWVersion.Struct.Minor % 10 ) + '0';
2393         karg.fw_version[5] = '.';
2394         karg.fw_version[6] = ioc->facts.FWVersion.Struct.Unit >= 10 ?
2395                 ((ioc->facts.FWVersion.Struct.Unit / 10) + '0') : '0';
2396         karg.fw_version[7] = (ioc->facts.FWVersion.Struct.Unit % 10 ) + '0';
2397         karg.fw_version[8] = '.';
2398         karg.fw_version[9] = ioc->facts.FWVersion.Struct.Dev >= 10 ?
2399                 ((ioc->facts.FWVersion.Struct.Dev / 10) + '0') : '0';
2400         karg.fw_version[10] = (ioc->facts.FWVersion.Struct.Dev % 10 ) + '0';
2401         karg.fw_version[11] = '\0';
2402
2403         /* Issue a config request to get the device serial number
2404          */
2405         hdr.PageVersion = 0;
2406         hdr.PageLength = 0;
2407         hdr.PageNumber = 0;
2408         hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2409         cfg.cfghdr.hdr = &hdr;
2410         cfg.physAddr = -1;
2411         cfg.pageAddr = 0;
2412         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2413         cfg.dir = 0;    /* read */
2414         cfg.timeout = 10;
2415
2416         strncpy(karg.serial_number, " ", 24);
2417         if (mpt_config(ioc, &cfg) == 0) {
2418                 if (cfg.cfghdr.hdr->PageLength > 0) {
2419                         /* Issue the second config page request */
2420                         cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2421
2422                         pbuf = pci_alloc_consistent(ioc->pcidev, hdr.PageLength * 4, &buf_dma);
2423                         if (pbuf) {
2424                                 cfg.physAddr = buf_dma;
2425                                 if (mpt_config(ioc, &cfg) == 0) {
2426                                         ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2427                                         if (strlen(pdata->BoardTracerNumber) > 1) {
2428                                                 strncpy(karg.serial_number,                                                                         pdata->BoardTracerNumber, 24);
2429                                                 karg.serial_number[24-1]='\0';
2430                                         }
2431                                 }
2432                                 pci_free_consistent(ioc->pcidev, hdr.PageLength * 4, pbuf, buf_dma);
2433                                 pbuf = NULL;
2434                         }
2435                 }
2436         }
2437         rc = mpt_GetIocState(ioc, 1);
2438         switch (rc) {
2439         case MPI_IOC_STATE_OPERATIONAL:
2440                 karg.ioc_status =  HP_STATUS_OK;
2441                 break;
2442
2443         case MPI_IOC_STATE_FAULT:
2444                 karg.ioc_status =  HP_STATUS_FAILED;
2445                 break;
2446
2447         case MPI_IOC_STATE_RESET:
2448         case MPI_IOC_STATE_READY:
2449         default:
2450                 karg.ioc_status =  HP_STATUS_OTHER;
2451                 break;
2452         }
2453
2454         karg.base_io_addr = pci_resource_start(pdev, 0);
2455
2456         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2457                 karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2458         else
2459                 karg.bus_phys_width = HP_BUS_WIDTH_16;
2460
2461         karg.hard_resets = 0;
2462         karg.soft_resets = 0;
2463         karg.timeouts = 0;
2464         if (ioc->sh != NULL) {
2465                 MPT_SCSI_HOST *hd =  shost_priv(ioc->sh);
2466
2467                 if (hd && (cim_rev == 1)) {
2468                         karg.hard_resets = hd->hard_resets;
2469                         karg.soft_resets = hd->soft_resets;
2470                         karg.timeouts = hd->timeouts;
2471                 }
2472         }
2473
2474         /* 
2475          * Gather ISTWI(Industry Standard Two Wire Interface) Data
2476          */
2477         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2478                 dfailprintk(ioc, printk(MYIOC_s_WARN_FMT "%s, no msg frames!!\n",
2479                     ioc->name,__func__));
2480                 goto out;
2481         }
2482
2483         IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2484         mpi_hdr = (MPIHeader_t *) mf;
2485         memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2486         IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2487         IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2488         IstwiRWRequest->MsgContext = mpi_hdr->MsgContext;
2489         IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2490         IstwiRWRequest->NumAddressBytes = 0x01;
2491         IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2492         if (pdev->devfn & 1)
2493                 IstwiRWRequest->DeviceAddr = 0xB2;
2494         else
2495                 IstwiRWRequest->DeviceAddr = 0xB0;
2496
2497         pbuf = pci_alloc_consistent(ioc->pcidev, 4, &buf_dma);
2498         if (!pbuf)
2499                 goto out;
2500         mpt_add_sge((char *)&IstwiRWRequest->SGL,
2501             (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2502
2503         ioc->ioctl->wait_done = 0;
2504         mpt_put_msg_frame(mptctl_id, ioc, mf);
2505
2506         rc = wait_event_timeout(mptctl_wait,
2507              ioc->ioctl->wait_done == 1,
2508              HZ*MPT_IOCTL_DEFAULT_TIMEOUT /* 10 sec */);
2509
2510         if(rc <=0 && (ioc->ioctl->wait_done != 1 )) {
2511                 /*
2512                  * Now we need to reset the board
2513                  */
2514                 mpt_free_msg_frame(ioc, mf);
2515                 mptctl_timeout_expired(ioc->ioctl);
2516                 goto out;
2517         }
2518
2519         /*
2520          *ISTWI Data Definition
2521          * pbuf[0] = FW_VERSION = 0x4
2522          * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2523          *  the config, you should be seeing one out of these three values
2524          * pbuf[2] = Drive Installed Map = bit pattern depend on which
2525          *   bays have drives in them
2526          * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2527          */
2528         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID)
2529                 karg.rsvd = *(u32 *)pbuf;
2530
2531  out:
2532         if (pbuf)
2533                 pci_free_consistent(ioc->pcidev, 4, pbuf, buf_dma);
2534
2535         /* Copy the data from kernel memory to user memory
2536          */
2537         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2538                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hpgethostinfo - "
2539                         "Unable to write out hp_host_info @ %p\n",
2540                         ioc->name, __FILE__, __LINE__, uarg);
2541                 return -EFAULT;
2542         }
2543
2544         return 0;
2545
2546 }
2547
2548 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2549 /* Prototype Routine for the TARGET INFO command.
2550  *
2551  * Outputs:     None.
2552  * Return:      0 if successful
2553  *              -EFAULT if data unavailable
2554  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2555  *              -ENODEV if no such device/adapter
2556  *              -ETIME  if timer expires
2557  *              -ENOMEM if memory allocation error
2558  */
2559 static int
2560 mptctl_hp_targetinfo(unsigned long arg)
2561 {
2562         hp_target_info_t __user *uarg = (void __user *) arg;
2563         SCSIDevicePage0_t       *pg0_alloc;
2564         SCSIDevicePage3_t       *pg3_alloc;
2565         MPT_ADAPTER             *ioc;
2566         MPT_SCSI_HOST           *hd = NULL;
2567         hp_target_info_t        karg;
2568         int                     iocnum;
2569         int                     data_sz;
2570         dma_addr_t              page_dma;
2571         CONFIGPARMS             cfg;
2572         ConfigPageHeader_t      hdr;
2573         int                     tmp, np, rc = 0;
2574
2575         if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2576                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_targetinfo - "
2577                         "Unable to read in hp_host_targetinfo struct @ %p\n",
2578                                 __FILE__, __LINE__, uarg);
2579                 return -EFAULT;
2580         }
2581
2582         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2583                 (ioc == NULL)) {
2584                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_targetinfo() @%d - ioc%d not found!\n",
2585                                 __FILE__, __LINE__, iocnum);
2586                 return -ENODEV;
2587         }
2588         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n",
2589             ioc->name));
2590
2591         /*  There is nothing to do for FCP parts.
2592          */
2593         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2594                 return 0;
2595
2596         if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2597                 return 0;
2598
2599         if (ioc->sh->host_no != karg.hdr.host)
2600                 return -ENODEV;
2601
2602        /* Get the data transfer speeds
2603         */
2604         data_sz = ioc->spi_data.sdp0length * 4;
2605         pg0_alloc = (SCSIDevicePage0_t *) pci_alloc_consistent(ioc->pcidev, data_sz, &page_dma);
2606         if (pg0_alloc) {
2607                 hdr.PageVersion = ioc->spi_data.sdp0version;
2608                 hdr.PageLength = data_sz;
2609                 hdr.PageNumber = 0;
2610                 hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2611
2612                 cfg.cfghdr.hdr = &hdr;
2613                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2614                 cfg.dir = 0;
2615                 cfg.timeout = 0;
2616                 cfg.physAddr = page_dma;
2617
2618                 cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2619
2620                 if ((rc = mpt_config(ioc, &cfg)) == 0) {
2621                         np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2622                         karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2623                                         HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2624
2625                         if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2626                                 tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2627                                 if (tmp < 0x09)
2628                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2629                                 else if (tmp <= 0x09)
2630                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2631                                 else if (tmp <= 0x0A)
2632                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2633                                 else if (tmp <= 0x0C)
2634                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2635                                 else if (tmp <= 0x25)
2636                                         karg.negotiated_speed = HP_DEV_SPEED_FAST;
2637                                 else
2638                                         karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2639                         } else
2640                                 karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2641                 }
2642
2643                 pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg0_alloc, page_dma);
2644         }
2645
2646         /* Set defaults
2647          */
2648         karg.message_rejects = -1;
2649         karg.phase_errors = -1;
2650         karg.parity_errors = -1;
2651         karg.select_timeouts = -1;
2652
2653         /* Get the target error parameters
2654          */
2655         hdr.PageVersion = 0;
2656         hdr.PageLength = 0;
2657         hdr.PageNumber = 3;
2658         hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2659
2660         cfg.cfghdr.hdr = &hdr;
2661         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2662         cfg.dir = 0;
2663         cfg.timeout = 0;
2664         cfg.physAddr = -1;
2665         if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2666                 /* Issue the second config page request */
2667                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2668                 data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2669                 pg3_alloc = (SCSIDevicePage3_t *) pci_alloc_consistent(
2670                                                         ioc->pcidev, data_sz, &page_dma);
2671                 if (pg3_alloc) {
2672                         cfg.physAddr = page_dma;
2673                         cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2674                         if ((rc = mpt_config(ioc, &cfg)) == 0) {
2675                                 karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2676                                 karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2677                                 karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2678                         }
2679                         pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg3_alloc, page_dma);
2680                 }
2681         }
2682         hd = shost_priv(ioc->sh);
2683         if (hd != NULL)
2684                 karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2685
2686         /* Copy the data from kernel memory to user memory
2687          */
2688         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2689                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hp_target_info - "
2690                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2691                         ioc->name, __FILE__, __LINE__, uarg);
2692                 return -EFAULT;
2693         }
2694
2695         return 0;
2696 }
2697
2698 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2699
2700 static const struct file_operations mptctl_fops = {
2701         .owner =        THIS_MODULE,
2702         .llseek =       no_llseek,
2703         .fasync =       mptctl_fasync,
2704         .unlocked_ioctl = mptctl_ioctl,
2705 #ifdef CONFIG_COMPAT
2706         .compat_ioctl = compat_mpctl_ioctl,
2707 #endif
2708 };
2709
2710 static struct miscdevice mptctl_miscdev = {
2711         MPT_MINOR,
2712         MYNAM,
2713         &mptctl_fops
2714 };
2715
2716 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2717
2718 #ifdef CONFIG_COMPAT
2719
2720 static int
2721 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2722                         unsigned long arg)
2723 {
2724         struct mpt_fw_xfer32 kfw32;
2725         struct mpt_fw_xfer kfw;
2726         MPT_ADAPTER *iocp = NULL;
2727         int iocnum, iocnumX;
2728         int nonblock = (filp->f_flags & O_NONBLOCK);
2729         int ret;
2730
2731
2732         if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2733                 return -EFAULT;
2734
2735         /* Verify intended MPT adapter */
2736         iocnumX = kfw32.iocnum & 0xFF;
2737         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2738             (iocp == NULL)) {
2739                 printk(KERN_DEBUG MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2740                         __LINE__, iocnumX);
2741                 return -ENODEV;
2742         }
2743
2744         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2745                 return ret;
2746
2747         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mptfwxfer_ioctl() called\n",
2748             iocp->name));
2749         kfw.iocnum = iocnum;
2750         kfw.fwlen = kfw32.fwlen;
2751         kfw.bufp = compat_ptr(kfw32.bufp);
2752
2753         ret = mptctl_do_fw_download(kfw.iocnum, kfw.bufp, kfw.fwlen);
2754
2755         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2756
2757         return ret;
2758 }
2759
2760 static int
2761 compat_mpt_command(struct file *filp, unsigned int cmd,
2762                         unsigned long arg)
2763 {
2764         struct mpt_ioctl_command32 karg32;
2765         struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2766         struct mpt_ioctl_command karg;
2767         MPT_ADAPTER *iocp = NULL;
2768         int iocnum, iocnumX;
2769         int nonblock = (filp->f_flags & O_NONBLOCK);
2770         int ret;
2771
2772         if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2773                 return -EFAULT;
2774
2775         /* Verify intended MPT adapter */
2776         iocnumX = karg32.hdr.iocnum & 0xFF;
2777         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2778             (iocp == NULL)) {
2779                 printk(KERN_DEBUG MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2780                         __LINE__, iocnumX);
2781                 return -ENODEV;
2782         }
2783
2784         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2785                 return ret;
2786
2787         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mpt_command() called\n",
2788             iocp->name));
2789         /* Copy data to karg */
2790         karg.hdr.iocnum = karg32.hdr.iocnum;
2791         karg.hdr.port = karg32.hdr.port;
2792         karg.timeout = karg32.timeout;
2793         karg.maxReplyBytes = karg32.maxReplyBytes;
2794
2795         karg.dataInSize = karg32.dataInSize;
2796         karg.dataOutSize = karg32.dataOutSize;
2797         karg.maxSenseBytes = karg32.maxSenseBytes;
2798         karg.dataSgeOffset = karg32.dataSgeOffset;
2799
2800         karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2801         karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2802         karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2803         karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2804
2805         /* Pass new structure to do_mpt_command
2806          */
2807         ret = mptctl_do_mpt_command (karg, &uarg->MF);
2808
2809         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2810
2811         return ret;
2812 }
2813
2814 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2815 {
2816         long ret;
2817         lock_kernel();
2818         switch (cmd) {
2819         case MPTIOCINFO:
2820         case MPTIOCINFO1:
2821         case MPTIOCINFO2:
2822         case MPTTARGETINFO:
2823         case MPTEVENTQUERY:
2824         case MPTEVENTENABLE:
2825         case MPTEVENTREPORT:
2826         case MPTHARDRESET:
2827         case HP_GETHOSTINFO:
2828         case HP_GETTARGETINFO:
2829         case MPTTEST:
2830                 ret = __mptctl_ioctl(f, cmd, arg);
2831                 break;
2832         case MPTCOMMAND32:
2833                 ret = compat_mpt_command(f, cmd, arg);
2834                 break;
2835         case MPTFWDOWNLOAD32:
2836                 ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2837                 break;
2838         default:
2839                 ret = -ENOIOCTLCMD;
2840                 break;
2841         }
2842         unlock_kernel();
2843         return ret;
2844 }
2845
2846 #endif
2847
2848
2849 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2850 /*
2851  *      mptctl_probe - Installs ioctl devices per bus.
2852  *      @pdev: Pointer to pci_dev structure
2853  *
2854  *      Returns 0 for success, non-zero for failure.
2855  *
2856  */
2857
2858 static int
2859 mptctl_probe(struct pci_dev *pdev, const struct pci_device_id *id)
2860 {
2861         MPT_IOCTL *mem;
2862         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2863
2864         /*
2865          * Allocate and inite a MPT_IOCTL structure
2866         */
2867         mem = kzalloc(sizeof(MPT_IOCTL), GFP_KERNEL);
2868         if (!mem) {
2869                 mptctl_remove(pdev);
2870                 return -ENOMEM;
2871         }
2872
2873         ioc->ioctl = mem;
2874         ioc->ioctl->ioc = ioc;
2875         mutex_init(&ioc->ioctl->ioctl_mutex);
2876         return 0;
2877 }
2878
2879 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2880 /*
2881  *      mptctl_remove - Removed ioctl devices
2882  *      @pdev: Pointer to pci_dev structure
2883  *
2884  *
2885  */
2886 static void
2887 mptctl_remove(struct pci_dev *pdev)
2888 {
2889         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2890
2891         kfree ( ioc->ioctl );
2892 }
2893
2894 static struct mpt_pci_driver mptctl_driver = {
2895   .probe                = mptctl_probe,
2896   .remove               = mptctl_remove,
2897 };
2898
2899 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2900 static int __init mptctl_init(void)
2901 {
2902         int err;
2903         int where = 1;
2904
2905         show_mptmod_ver(my_NAME, my_VERSION);
2906
2907         mpt_device_driver_register(&mptctl_driver, MPTCTL_DRIVER);
2908
2909         /* Register this device */
2910         err = misc_register(&mptctl_miscdev);
2911         if (err < 0) {
2912                 printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
2913                 goto out_fail;
2914         }
2915         printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
2916         printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
2917                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2918
2919         /*
2920          *  Install our handler
2921          */
2922         ++where;
2923         mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER);
2924         if (!mptctl_id || mptctl_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2925                 printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2926                 misc_deregister(&mptctl_miscdev);
2927                 err = -EBUSY;
2928                 goto out_fail;
2929         }
2930
2931         mpt_reset_register(mptctl_id, mptctl_ioc_reset);
2932         mpt_event_register(mptctl_id, mptctl_event_process);
2933
2934         return 0;
2935
2936 out_fail:
2937
2938         mpt_device_driver_deregister(MPTCTL_DRIVER);
2939
2940         return err;
2941 }
2942
2943 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2944 static void mptctl_exit(void)
2945 {
2946         misc_deregister(&mptctl_miscdev);
2947         printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
2948                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2949
2950         /* De-register reset handler from base module */
2951         mpt_reset_deregister(mptctl_id);
2952
2953         /* De-register callback handler from base module */
2954         mpt_deregister(mptctl_id);
2955
2956         mpt_device_driver_deregister(MPTCTL_DRIVER);
2957
2958 }
2959
2960 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2961
2962 module_init(mptctl_init);
2963 module_exit(mptctl_exit);