Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/rric/oprofile
[linux-2.6] / drivers / message / fusion / mptctl.c
1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI PCI chip/adapters
5  *      running LSI Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2008 LSI Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>        /* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/smp_lock.h>
58 #include <linux/compat.h>
59
60 #include <asm/io.h>
61 #include <asm/uaccess.h>
62
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68
69 #define COPYRIGHT       "Copyright (c) 1999-2008 LSI Corporation"
70 #define MODULEAUTHOR    "LSI Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME         "Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION      MPT_LINUX_VERSION_COMMON
77 #define MYNAM           "mptctl"
78
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85
86 static u8 mptctl_id = MPT_MAX_PROTOCOL_DRIVERS;
87
88 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
89
90 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
91
92 struct buflist {
93         u8      *kptr;
94         int      len;
95 };
96
97 /*
98  * Function prototypes. Called from OS entry point mptctl_ioctl.
99  * arg contents specific to function.
100  */
101 static int mptctl_fw_download(unsigned long arg);
102 static int mptctl_getiocinfo(unsigned long arg, unsigned int cmd);
103 static int mptctl_gettargetinfo(unsigned long arg);
104 static int mptctl_readtest(unsigned long arg);
105 static int mptctl_mpt_command(unsigned long arg);
106 static int mptctl_eventquery(unsigned long arg);
107 static int mptctl_eventenable(unsigned long arg);
108 static int mptctl_eventreport(unsigned long arg);
109 static int mptctl_replace_fw(unsigned long arg);
110
111 static int mptctl_do_reset(unsigned long arg);
112 static int mptctl_hp_hostinfo(unsigned long arg, unsigned int cmd);
113 static int mptctl_hp_targetinfo(unsigned long arg);
114
115 static int  mptctl_probe(struct pci_dev *, const struct pci_device_id *);
116 static void mptctl_remove(struct pci_dev *);
117
118 #ifdef CONFIG_COMPAT
119 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
120 #endif
121 /*
122  * Private function calls.
123  */
124 static int mptctl_do_mpt_command(struct mpt_ioctl_command karg, void __user *mfPtr);
125 static int mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen);
126 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
127                 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
128 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
129                 struct buflist *buflist, MPT_ADAPTER *ioc);
130 static void mptctl_timeout_expired (MPT_IOCTL *ioctl);
131 static int  mptctl_bus_reset(MPT_IOCTL *ioctl);
132 static int mptctl_set_tm_flags(MPT_SCSI_HOST *hd);
133 static void mptctl_free_tm_flags(MPT_ADAPTER *ioc);
134
135 /*
136  * Reset Handler cleanup function
137  */
138 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
139
140 /*
141  * Event Handler function
142  */
143 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
144 static struct fasync_struct *async_queue=NULL;
145
146 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
147 /*
148  * Scatter gather list (SGL) sizes and limits...
149  */
150 //#define MAX_SCSI_FRAGS        9
151 #define MAX_FRAGS_SPILL1        9
152 #define MAX_FRAGS_SPILL2        15
153 #define FRAGS_PER_BUCKET        (MAX_FRAGS_SPILL2 + 1)
154
155 //#define MAX_CHAIN_FRAGS       64
156 //#define MAX_CHAIN_FRAGS       (15+15+15+16)
157 #define MAX_CHAIN_FRAGS         (4 * MAX_FRAGS_SPILL2 + 1)
158
159 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
160 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
161 //                  ^----------------- 80 + 512
162 #define MAX_SGL_BYTES           ((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
163
164 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
165 #define MAX_KMALLOC_SZ          (128*1024)
166
167 #define MPT_IOCTL_DEFAULT_TIMEOUT 10    /* Default timeout value (seconds) */
168
169 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
170 /**
171  *      mptctl_syscall_down - Down the MPT adapter syscall semaphore.
172  *      @ioc: Pointer to MPT adapter
173  *      @nonblock: boolean, non-zero if O_NONBLOCK is set
174  *
175  *      All of the ioctl commands can potentially sleep, which is illegal
176  *      with a spinlock held, thus we perform mutual exclusion here.
177  *
178  *      Returns negative errno on error, or zero for success.
179  */
180 static inline int
181 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
182 {
183         int rc = 0;
184
185         if (nonblock) {
186                 if (!mutex_trylock(&ioc->ioctl->ioctl_mutex))
187                         rc = -EAGAIN;
188         } else {
189                 if (mutex_lock_interruptible(&ioc->ioctl->ioctl_mutex))
190                         rc = -ERESTARTSYS;
191         }
192         return rc;
193 }
194
195 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
196 /*
197  *  This is the callback for any message we have posted. The message itself
198  *  will be returned to the message pool when we return from the IRQ
199  *
200  *  This runs in irq context so be short and sweet.
201  */
202 static int
203 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
204 {
205         char *sense_data;
206         int sz, req_index;
207         u16 iocStatus;
208         u8 cmd;
209
210         if (req)
211                  cmd = req->u.hdr.Function;
212         else
213                 return 1;
214         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tcompleting mpi function (0x%02X), req=%p, "
215             "reply=%p\n", ioc->name,  req->u.hdr.Function, req, reply));
216
217         if (ioc->ioctl) {
218
219                 if (reply==NULL) {
220
221                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_reply() NULL Reply "
222                                 "Function=%x!\n", ioc->name, cmd));
223
224                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
225                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
226
227                         /* We are done, issue wake up
228                         */
229                         ioc->ioctl->wait_done = 1;
230                         wake_up (&mptctl_wait);
231                         return 1;
232
233                 }
234
235                 /* Copy the reply frame (which much exist
236                  * for non-SCSI I/O) to the IOC structure.
237                  */
238                 memcpy(ioc->ioctl->ReplyFrame, reply,
239                         min(ioc->reply_sz, 4*reply->u.reply.MsgLength));
240                 ioc->ioctl->status |= MPT_IOCTL_STATUS_RF_VALID;
241
242                 /* Set the command status to GOOD if IOC Status is GOOD
243                  * OR if SCSI I/O cmd and data underrun or recovered error.
244                  */
245                 iocStatus = le16_to_cpu(reply->u.reply.IOCStatus) & MPI_IOCSTATUS_MASK;
246                 if (iocStatus  == MPI_IOCSTATUS_SUCCESS)
247                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
248
249                 if (iocStatus || reply->u.reply.IOCLogInfo)
250                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tiocstatus (0x%04X), "
251                                 "loginfo (0x%08X)\n", ioc->name,
252                                 iocStatus,
253                                 le32_to_cpu(reply->u.reply.IOCLogInfo)));
254
255                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) ||
256                         (cmd == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
257
258                         if (reply->u.sreply.SCSIStatus || reply->u.sreply.SCSIState)
259                                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
260                                         "\tscsi_status (0x%02x), scsi_state (0x%02x), "
261                                         "tag = (0x%04x), transfer_count (0x%08x)\n", ioc->name,
262                                         reply->u.sreply.SCSIStatus,
263                                         reply->u.sreply.SCSIState,
264                                         le16_to_cpu(reply->u.sreply.TaskTag),
265                                         le32_to_cpu(reply->u.sreply.TransferCount)));
266
267                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
268
269                         if ((iocStatus == MPI_IOCSTATUS_SCSI_DATA_UNDERRUN) ||
270                         (iocStatus == MPI_IOCSTATUS_SCSI_RECOVERED_ERROR)) {
271                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
272                         }
273                 }
274
275                 /* Copy the sense data - if present
276                  */
277                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) &&
278                         (reply->u.sreply.SCSIState &
279                          MPI_SCSI_STATE_AUTOSENSE_VALID)){
280                         sz = req->u.scsireq.SenseBufferLength;
281                         req_index =
282                             le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
283                         sense_data =
284                             ((u8 *)ioc->sense_buf_pool +
285                              (req_index * MPT_SENSE_BUFFER_ALLOC));
286                         memcpy(ioc->ioctl->sense, sense_data, sz);
287                         ioc->ioctl->status |= MPT_IOCTL_STATUS_SENSE_VALID;
288                 }
289
290                 if (cmd == MPI_FUNCTION_SCSI_TASK_MGMT)
291                         mptctl_free_tm_flags(ioc);
292
293                 /* We are done, issue wake up
294                  */
295                 ioc->ioctl->wait_done = 1;
296                 wake_up (&mptctl_wait);
297         }
298         return 1;
299 }
300
301 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
302 /* mptctl_timeout_expired
303  *
304  * Expecting an interrupt, however timed out.
305  *
306  */
307 static void mptctl_timeout_expired (MPT_IOCTL *ioctl)
308 {
309         int rc = 1;
310
311         if (ioctl == NULL)
312                 return;
313         dctlprintk(ioctl->ioc,
314                    printk(MYIOC_s_DEBUG_FMT ": Timeout Expired! Host %d\n",
315                    ioctl->ioc->name, ioctl->ioc->id));
316
317         ioctl->wait_done = 0;
318         if (ioctl->reset & MPTCTL_RESET_OK)
319                 rc = mptctl_bus_reset(ioctl);
320
321         if (rc) {
322                 /* Issue a reset for this device.
323                  * The IOC is not responding.
324                  */
325                 dctlprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "Calling HardReset! \n",
326                          ioctl->ioc->name));
327                 mpt_HardResetHandler(ioctl->ioc, CAN_SLEEP);
328         }
329         return;
330
331 }
332
333 /* mptctl_bus_reset
334  *
335  * Bus reset code.
336  *
337  */
338 static int mptctl_bus_reset(MPT_IOCTL *ioctl)
339 {
340         MPT_FRAME_HDR   *mf;
341         SCSITaskMgmt_t  *pScsiTm;
342         MPT_SCSI_HOST   *hd;
343         int              ii;
344         int              retval=0;
345
346
347         ioctl->reset &= ~MPTCTL_RESET_OK;
348
349         if (ioctl->ioc->sh == NULL)
350                 return -EPERM;
351
352         hd = shost_priv(ioctl->ioc->sh);
353         if (hd == NULL)
354                 return -EPERM;
355
356         /* Single threading ....
357          */
358         if (mptctl_set_tm_flags(hd) != 0)
359                 return -EPERM;
360
361         /* Send request
362          */
363         if ((mf = mpt_get_msg_frame(mptctl_id, ioctl->ioc)) == NULL) {
364                 dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt, no msg frames!!\n",
365                                 ioctl->ioc->name));
366
367                 mptctl_free_tm_flags(ioctl->ioc);
368                 return -ENOMEM;
369         }
370
371         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt request @ %p\n",
372                         ioctl->ioc->name, mf));
373
374         pScsiTm = (SCSITaskMgmt_t *) mf;
375         pScsiTm->TargetID = ioctl->id;
376         pScsiTm->Bus = hd->port;        /* 0 */
377         pScsiTm->ChainOffset = 0;
378         pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
379         pScsiTm->Reserved = 0;
380         pScsiTm->TaskType = MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS;
381         pScsiTm->Reserved1 = 0;
382         pScsiTm->MsgFlags = MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
383
384         for (ii= 0; ii < 8; ii++)
385                 pScsiTm->LUN[ii] = 0;
386
387         for (ii=0; ii < 7; ii++)
388                 pScsiTm->Reserved2[ii] = 0;
389
390         pScsiTm->TaskMsgContext = 0;
391         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT
392                 "mptctl_bus_reset: issued.\n", ioctl->ioc->name));
393
394         DBG_DUMP_TM_REQUEST_FRAME(ioctl->ioc, (u32 *)mf);
395
396         ioctl->wait_done=0;
397
398         if ((ioctl->ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
399             (ioctl->ioc->facts.MsgVersion >= MPI_VERSION_01_05))
400                 mpt_put_msg_frame_hi_pri(mptctl_id, ioctl->ioc, mf);
401         else {
402                 retval = mpt_send_handshake_request(mptctl_id, ioctl->ioc,
403                         sizeof(SCSITaskMgmt_t), (u32*)pScsiTm, CAN_SLEEP);
404                 if (retval != 0) {
405                         dfailprintk(ioctl->ioc, printk(MYIOC_s_ERR_FMT "_send_handshake FAILED!"
406                                 " (hd %p, ioc %p, mf %p) \n", hd->ioc->name, hd,
407                                 hd->ioc, mf));
408                         goto mptctl_bus_reset_done;
409                 }
410         }
411
412         /* Now wait for the command to complete */
413         ii = wait_event_timeout(mptctl_wait,
414              ioctl->wait_done == 1,
415              HZ*5 /* 5 second timeout */);
416
417         if(ii <=0 && (ioctl->wait_done != 1 ))  {
418                 mpt_free_msg_frame(hd->ioc, mf);
419                 ioctl->wait_done = 0;
420                 retval = -1; /* return failure */
421         }
422
423 mptctl_bus_reset_done:
424
425         mptctl_free_tm_flags(ioctl->ioc);
426         return retval;
427 }
428
429 static int
430 mptctl_set_tm_flags(MPT_SCSI_HOST *hd) {
431         unsigned long flags;
432
433         spin_lock_irqsave(&hd->ioc->FreeQlock, flags);
434
435         if (hd->tmState == TM_STATE_NONE) {
436                 hd->tmState = TM_STATE_IN_PROGRESS;
437                 hd->tmPending = 1;
438                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
439         } else {
440                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
441                 return -EBUSY;
442         }
443
444         return 0;
445 }
446
447 static void
448 mptctl_free_tm_flags(MPT_ADAPTER *ioc)
449 {
450         MPT_SCSI_HOST * hd;
451         unsigned long flags;
452
453         hd = shost_priv(ioc->sh);
454         if (hd == NULL)
455                 return;
456
457         spin_lock_irqsave(&ioc->FreeQlock, flags);
458
459         hd->tmState = TM_STATE_NONE;
460         hd->tmPending = 0;
461         spin_unlock_irqrestore(&ioc->FreeQlock, flags);
462
463         return;
464 }
465
466 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
467 /* mptctl_ioc_reset
468  *
469  * Clean-up functionality. Used only if there has been a
470  * reload of the FW due.
471  *
472  */
473 static int
474 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
475 {
476         MPT_IOCTL *ioctl = ioc->ioctl;
477         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "IOC %s_reset routed to IOCTL driver!\n", ioc->name,
478                 reset_phase==MPT_IOC_SETUP_RESET ? "setup" : (
479                 reset_phase==MPT_IOC_PRE_RESET ? "pre" : "post")));
480
481         if(ioctl == NULL)
482                 return 1;
483
484         switch(reset_phase) {
485         case MPT_IOC_SETUP_RESET:
486                 ioctl->status |= MPT_IOCTL_STATUS_DID_IOCRESET;
487                 break;
488         case MPT_IOC_POST_RESET:
489                 ioctl->status &= ~MPT_IOCTL_STATUS_DID_IOCRESET;
490                 break;
491         case MPT_IOC_PRE_RESET:
492         default:
493                 break;
494         }
495
496         return 1;
497 }
498
499 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
500 /* ASYNC Event Notification Support */
501 static int
502 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
503 {
504         u8 event;
505
506         event = le32_to_cpu(pEvReply->Event) & 0xFF;
507
508         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "%s() called\n",
509             ioc->name, __func__));
510         if(async_queue == NULL)
511                 return 1;
512
513         /* Raise SIGIO for persistent events.
514          * TODO - this define is not in MPI spec yet,
515          * but they plan to set it to 0x21
516          */
517          if (event == 0x21 ) {
518                 ioc->aen_event_read_flag=1;
519                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Raised SIGIO to application\n",
520                     ioc->name));
521                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
522                     "Raised SIGIO to application\n", ioc->name));
523                 kill_fasync(&async_queue, SIGIO, POLL_IN);
524                 return 1;
525          }
526
527         /* This flag is set after SIGIO was raised, and
528          * remains set until the application has read
529          * the event log via ioctl=MPTEVENTREPORT
530          */
531         if(ioc->aen_event_read_flag)
532                 return 1;
533
534         /* Signal only for the events that are
535          * requested for by the application
536          */
537         if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
538                 ioc->aen_event_read_flag=1;
539                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
540                     "Raised SIGIO to application\n", ioc->name));
541                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
542                     "Raised SIGIO to application\n", ioc->name));
543                 kill_fasync(&async_queue, SIGIO, POLL_IN);
544         }
545         return 1;
546 }
547
548 static int
549 mptctl_fasync(int fd, struct file *filep, int mode)
550 {
551         MPT_ADAPTER     *ioc;
552         int ret;
553
554         lock_kernel();
555         list_for_each_entry(ioc, &ioc_list, list)
556                 ioc->aen_event_read_flag=0;
557
558         ret = fasync_helper(fd, filep, mode, &async_queue);
559         unlock_kernel();
560         return ret;
561 }
562
563 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
564 /*
565  *  MPT ioctl handler
566  *  cmd - specify the particular IOCTL command to be issued
567  *  arg - data specific to the command. Must not be null.
568  */
569 static long
570 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
571 {
572         mpt_ioctl_header __user *uhdr = (void __user *) arg;
573         mpt_ioctl_header         khdr;
574         int iocnum;
575         unsigned iocnumX;
576         int nonblock = (file->f_flags & O_NONBLOCK);
577         int ret;
578         MPT_ADAPTER *iocp = NULL;
579
580         if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
581                 printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d - "
582                                 "Unable to copy mpt_ioctl_header data @ %p\n",
583                                 __FILE__, __LINE__, uhdr);
584                 return -EFAULT;
585         }
586         ret = -ENXIO;                           /* (-6) No such device or address */
587
588         /* Verify intended MPT adapter - set iocnum and the adapter
589          * pointer (iocp)
590          */
591         iocnumX = khdr.iocnum & 0xFF;
592         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
593             (iocp == NULL)) {
594                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - ioc%d not found!\n",
595                                 __FILE__, __LINE__, iocnumX);
596                 return -ENODEV;
597         }
598
599         if (!iocp->active) {
600                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - Controller disabled.\n",
601                                 __FILE__, __LINE__);
602                 return -EFAULT;
603         }
604
605         /* Handle those commands that are just returning
606          * information stored in the driver.
607          * These commands should never time out and are unaffected
608          * by TM and FW reloads.
609          */
610         if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
611                 return mptctl_getiocinfo(arg, _IOC_SIZE(cmd));
612         } else if (cmd == MPTTARGETINFO) {
613                 return mptctl_gettargetinfo(arg);
614         } else if (cmd == MPTTEST) {
615                 return mptctl_readtest(arg);
616         } else if (cmd == MPTEVENTQUERY) {
617                 return mptctl_eventquery(arg);
618         } else if (cmd == MPTEVENTENABLE) {
619                 return mptctl_eventenable(arg);
620         } else if (cmd == MPTEVENTREPORT) {
621                 return mptctl_eventreport(arg);
622         } else if (cmd == MPTFWREPLACE) {
623                 return mptctl_replace_fw(arg);
624         }
625
626         /* All of these commands require an interrupt or
627          * are unknown/illegal.
628          */
629         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
630                 return ret;
631
632         if (cmd == MPTFWDOWNLOAD)
633                 ret = mptctl_fw_download(arg);
634         else if (cmd == MPTCOMMAND)
635                 ret = mptctl_mpt_command(arg);
636         else if (cmd == MPTHARDRESET)
637                 ret = mptctl_do_reset(arg);
638         else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
639                 ret = mptctl_hp_hostinfo(arg, _IOC_SIZE(cmd));
640         else if (cmd == HP_GETTARGETINFO)
641                 ret = mptctl_hp_targetinfo(arg);
642         else
643                 ret = -EINVAL;
644
645         mutex_unlock(&iocp->ioctl->ioctl_mutex);
646
647         return ret;
648 }
649
650 static long
651 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
652 {
653         long ret;
654         lock_kernel();
655         ret = __mptctl_ioctl(file, cmd, arg);
656         unlock_kernel();
657         return ret;
658 }
659
660 static int mptctl_do_reset(unsigned long arg)
661 {
662         struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
663         struct mpt_ioctl_diag_reset krinfo;
664         MPT_ADAPTER             *iocp;
665
666         if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
667                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - "
668                                 "Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
669                                 __FILE__, __LINE__, urinfo);
670                 return -EFAULT;
671         }
672
673         if (mpt_verify_adapter(krinfo.hdr.iocnum, &iocp) < 0) {
674                 printk(KERN_DEBUG MYNAM "%s@%d::mptctl_do_reset - ioc%d not found!\n",
675                                 __FILE__, __LINE__, krinfo.hdr.iocnum);
676                 return -ENODEV; /* (-6) No such device or address */
677         }
678
679         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n",
680             iocp->name));
681
682         if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
683                 printk (MYIOC_s_ERR_FMT "%s@%d::mptctl_do_reset - reset failed.\n",
684                         iocp->name, __FILE__, __LINE__);
685                 return -1;
686         }
687
688         return 0;
689 }
690
691 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
692 /*
693  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
694  * This structure contains: iocnum, firmware length (bytes),
695  *      pointer to user space memory where the fw image is stored.
696  *
697  * Outputs:     None.
698  * Return:      0 if successful
699  *              -EFAULT if data unavailable
700  *              -ENXIO  if no such device
701  *              -EAGAIN if resource problem
702  *              -ENOMEM if no memory for SGE
703  *              -EMLINK if too many chain buffers required
704  *              -EBADRQC if adapter does not support FW download
705  *              -EBUSY if adapter is busy
706  *              -ENOMSG if FW upload returned bad status
707  */
708 static int
709 mptctl_fw_download(unsigned long arg)
710 {
711         struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
712         struct mpt_fw_xfer       kfwdl;
713
714         if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
715                 printk(KERN_ERR MYNAM "%s@%d::_ioctl_fwdl - "
716                                 "Unable to copy mpt_fw_xfer struct @ %p\n",
717                                 __FILE__, __LINE__, ufwdl);
718                 return -EFAULT;
719         }
720
721         return mptctl_do_fw_download(kfwdl.iocnum, kfwdl.bufp, kfwdl.fwlen);
722 }
723
724 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
725 /*
726  * FW Download engine.
727  * Outputs:     None.
728  * Return:      0 if successful
729  *              -EFAULT if data unavailable
730  *              -ENXIO  if no such device
731  *              -EAGAIN if resource problem
732  *              -ENOMEM if no memory for SGE
733  *              -EMLINK if too many chain buffers required
734  *              -EBADRQC if adapter does not support FW download
735  *              -EBUSY if adapter is busy
736  *              -ENOMSG if FW upload returned bad status
737  */
738 static int
739 mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen)
740 {
741         FWDownload_t            *dlmsg;
742         MPT_FRAME_HDR           *mf;
743         MPT_ADAPTER             *iocp;
744         FWDownloadTCSGE_t       *ptsge;
745         MptSge_t                *sgl, *sgIn;
746         char                    *sgOut;
747         struct buflist          *buflist;
748         struct buflist          *bl;
749         dma_addr_t               sgl_dma;
750         int                      ret;
751         int                      numfrags = 0;
752         int                      maxfrags;
753         int                      n = 0;
754         u32                      sgdir;
755         u32                      nib;
756         int                      fw_bytes_copied = 0;
757         int                      i;
758         int                      sge_offset = 0;
759         u16                      iocstat;
760         pFWDownloadReply_t       ReplyMsg = NULL;
761
762         if (mpt_verify_adapter(ioc, &iocp) < 0) {
763                 printk(KERN_DEBUG MYNAM "ioctl_fwdl - ioc%d not found!\n",
764                                  ioc);
765                 return -ENODEV; /* (-6) No such device or address */
766         } else {
767
768                 /*  Valid device. Get a message frame and construct the FW download message.
769                 */
770                 if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
771                         return -EAGAIN;
772         }
773
774         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT
775             "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id));
776         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.bufp  = %p\n",
777             iocp->name, ufwbuf));
778         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n",
779             iocp->name, (int)fwlen));
780         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.ioc   = %04xh\n",
781             iocp->name, ioc));
782
783         dlmsg = (FWDownload_t*) mf;
784         ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
785         sgOut = (char *) (ptsge + 1);
786
787         /*
788          * Construct f/w download request
789          */
790         dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
791         dlmsg->Reserved = 0;
792         dlmsg->ChainOffset = 0;
793         dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
794         dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
795         if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
796                 dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
797         else
798                 dlmsg->MsgFlags = 0;
799
800
801         /* Set up the Transaction SGE.
802          */
803         ptsge->Reserved = 0;
804         ptsge->ContextSize = 0;
805         ptsge->DetailsLength = 12;
806         ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
807         ptsge->Reserved_0100_Checksum = 0;
808         ptsge->ImageOffset = 0;
809         ptsge->ImageSize = cpu_to_le32(fwlen);
810
811         /* Add the SGL
812          */
813
814         /*
815          * Need to kmalloc area(s) for holding firmware image bytes.
816          * But we need to do it piece meal, using a proper
817          * scatter gather list (with 128kB MAX hunks).
818          *
819          * A practical limit here might be # of sg hunks that fit into
820          * a single IOC request frame; 12 or 8 (see below), so:
821          * For FC9xx: 12 x 128kB == 1.5 mB (max)
822          * For C1030:  8 x 128kB == 1   mB (max)
823          * We could support chaining, but things get ugly(ier:)
824          *
825          * Set the sge_offset to the start of the sgl (bytes).
826          */
827         sgdir = 0x04000000;             /* IOC will READ from sys mem */
828         sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
829         if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
830                                     &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
831                 return -ENOMEM;
832
833         /*
834          * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
835          * for FC9xx f/w image, but calculate max number of sge hunks
836          * we can fit into a request frame, and limit ourselves to that.
837          * (currently no chain support)
838          * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
839          *      Request         maxfrags
840          *      128             12
841          *      96              8
842          *      64              4
843          */
844         maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) - sizeof(FWDownloadTCSGE_t))
845                         / (sizeof(dma_addr_t) + sizeof(u32));
846         if (numfrags > maxfrags) {
847                 ret = -EMLINK;
848                 goto fwdl_out;
849         }
850
851         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: sgl buffer = %p, sgfrags = %d\n",
852             iocp->name, sgl, numfrags));
853
854         /*
855          * Parse SG list, copying sgl itself,
856          * plus f/w image hunks from user space as we go...
857          */
858         ret = -EFAULT;
859         sgIn = sgl;
860         bl = buflist;
861         for (i=0; i < numfrags; i++) {
862
863                 /* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
864                  * Skip everything but Simple. If simple, copy from
865                  *      user space into kernel space.
866                  * Note: we should not have anything but Simple as
867                  *      Chain SGE are illegal.
868                  */
869                 nib = (sgIn->FlagsLength & 0x30000000) >> 28;
870                 if (nib == 0 || nib == 3) {
871                         ;
872                 } else if (sgIn->Address) {
873                         mpt_add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
874                         n++;
875                         if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
876                                 printk(MYIOC_s_ERR_FMT "%s@%d::_ioctl_fwdl - "
877                                         "Unable to copy f/w buffer hunk#%d @ %p\n",
878                                         iocp->name, __FILE__, __LINE__, n, ufwbuf);
879                                 goto fwdl_out;
880                         }
881                         fw_bytes_copied += bl->len;
882                 }
883                 sgIn++;
884                 bl++;
885                 sgOut += (sizeof(dma_addr_t) + sizeof(u32));
886         }
887
888         DBG_DUMP_FW_DOWNLOAD(iocp, (u32 *)mf, numfrags);
889
890         /*
891          * Finally, perform firmware download.
892          */
893         ReplyMsg = NULL;
894         mpt_put_msg_frame(mptctl_id, iocp, mf);
895
896         /* Now wait for the command to complete */
897         ret = wait_event_timeout(mptctl_wait,
898              iocp->ioctl->wait_done == 1,
899              HZ*60);
900
901         if(ret <=0 && (iocp->ioctl->wait_done != 1 )) {
902         /* Now we need to reset the board */
903                 mptctl_timeout_expired(iocp->ioctl);
904                 ret = -ENODATA;
905                 goto fwdl_out;
906         }
907
908         if (sgl)
909                 kfree_sgl(sgl, sgl_dma, buflist, iocp);
910
911         ReplyMsg = (pFWDownloadReply_t)iocp->ioctl->ReplyFrame;
912         iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
913         if (iocstat == MPI_IOCSTATUS_SUCCESS) {
914                 printk(MYIOC_s_INFO_FMT "F/W update successfull!\n", iocp->name);
915                 return 0;
916         } else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
917                 printk(MYIOC_s_WARN_FMT "Hmmm...  F/W download not supported!?!\n",
918                         iocp->name);
919                 printk(MYIOC_s_WARN_FMT "(time to go bang on somebodies door)\n",
920                         iocp->name);
921                 return -EBADRQC;
922         } else if (iocstat == MPI_IOCSTATUS_BUSY) {
923                 printk(MYIOC_s_WARN_FMT "IOC_BUSY!\n", iocp->name);
924                 printk(MYIOC_s_WARN_FMT "(try again later?)\n", iocp->name);
925                 return -EBUSY;
926         } else {
927                 printk(MYIOC_s_WARN_FMT "ioctl_fwdl() returned [bad] status = %04xh\n",
928                         iocp->name, iocstat);
929                 printk(MYIOC_s_WARN_FMT "(bad VooDoo)\n", iocp->name);
930                 return -ENOMSG;
931         }
932         return 0;
933
934 fwdl_out:
935         kfree_sgl(sgl, sgl_dma, buflist, iocp);
936         return ret;
937 }
938
939 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
940 /*
941  * SGE Allocation routine
942  *
943  * Inputs:      bytes - number of bytes to be transferred
944  *              sgdir - data direction
945  *              sge_offset - offset (in bytes) from the start of the request
946  *                      frame to the first SGE
947  *              ioc - pointer to the mptadapter
948  * Outputs:     frags - number of scatter gather elements
949  *              blp - point to the buflist pointer
950  *              sglbuf_dma - pointer to the (dma) sgl
951  * Returns:     Null if failes
952  *              pointer to the (virtual) sgl if successful.
953  */
954 static MptSge_t *
955 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
956                  struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
957 {
958         MptSge_t        *sglbuf = NULL;         /* pointer to array of SGE */
959                                                 /* and chain buffers */
960         struct buflist  *buflist = NULL;        /* kernel routine */
961         MptSge_t        *sgl;
962         int              numfrags = 0;
963         int              fragcnt = 0;
964         int              alloc_sz = min(bytes,MAX_KMALLOC_SZ);  // avoid kernel warning msg!
965         int              bytes_allocd = 0;
966         int              this_alloc;
967         dma_addr_t       pa;                                    // phys addr
968         int              i, buflist_ent;
969         int              sg_spill = MAX_FRAGS_SPILL1;
970         int              dir;
971         /* initialization */
972         *frags = 0;
973         *blp = NULL;
974
975         /* Allocate and initialize an array of kernel
976          * structures for the SG elements.
977          */
978         i = MAX_SGL_BYTES / 8;
979         buflist = kzalloc(i, GFP_USER);
980         if (!buflist)
981                 return NULL;
982         buflist_ent = 0;
983
984         /* Allocate a single block of memory to store the sg elements and
985          * the chain buffers.  The calling routine is responsible for
986          * copying the data in this array into the correct place in the
987          * request and chain buffers.
988          */
989         sglbuf = pci_alloc_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf_dma);
990         if (sglbuf == NULL)
991                 goto free_and_fail;
992
993         if (sgdir & 0x04000000)
994                 dir = PCI_DMA_TODEVICE;
995         else
996                 dir = PCI_DMA_FROMDEVICE;
997
998         /* At start:
999          *      sgl = sglbuf = point to beginning of sg buffer
1000          *      buflist_ent = 0 = first kernel structure
1001          *      sg_spill = number of SGE that can be written before the first
1002          *              chain element.
1003          *
1004          */
1005         sgl = sglbuf;
1006         sg_spill = ((ioc->req_sz - sge_offset)/(sizeof(dma_addr_t) + sizeof(u32))) - 1;
1007         while (bytes_allocd < bytes) {
1008                 this_alloc = min(alloc_sz, bytes-bytes_allocd);
1009                 buflist[buflist_ent].len = this_alloc;
1010                 buflist[buflist_ent].kptr = pci_alloc_consistent(ioc->pcidev,
1011                                                                  this_alloc,
1012                                                                  &pa);
1013                 if (buflist[buflist_ent].kptr == NULL) {
1014                         alloc_sz = alloc_sz / 2;
1015                         if (alloc_sz == 0) {
1016                                 printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1017                                     "not enough memory!   :-(\n", ioc->name);
1018                                 printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1019                                         ioc->name, numfrags);
1020                                 goto free_and_fail;
1021                         }
1022                         continue;
1023                 } else {
1024                         dma_addr_t dma_addr;
1025
1026                         bytes_allocd += this_alloc;
1027                         sgl->FlagsLength = (0x10000000|MPT_SGE_FLAGS_ADDRESSING|sgdir|this_alloc);
1028                         dma_addr = pci_map_single(ioc->pcidev, buflist[buflist_ent].kptr, this_alloc, dir);
1029                         sgl->Address = dma_addr;
1030
1031                         fragcnt++;
1032                         numfrags++;
1033                         sgl++;
1034                         buflist_ent++;
1035                 }
1036
1037                 if (bytes_allocd >= bytes)
1038                         break;
1039
1040                 /* Need to chain? */
1041                 if (fragcnt == sg_spill) {
1042                         printk(MYIOC_s_WARN_FMT
1043                             "-SG: No can do - " "Chain required!   :-(\n", ioc->name);
1044                         printk(MYIOC_s_WARN_FMT "(freeing %d frags)\n", ioc->name, numfrags);
1045                         goto free_and_fail;
1046                 }
1047
1048                 /* overflow check... */
1049                 if (numfrags*8 > MAX_SGL_BYTES){
1050                         /* GRRRRR... */
1051                         printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1052                                 "too many SG frags!   :-(\n", ioc->name);
1053                         printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1054                                 ioc->name, numfrags);
1055                         goto free_and_fail;
1056                 }
1057         }
1058
1059         /* Last sge fixup: set LE+eol+eob bits */
1060         sgl[-1].FlagsLength |= 0xC1000000;
1061
1062         *frags = numfrags;
1063         *blp = buflist;
1064
1065         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1066            "%d SG frags generated!\n", ioc->name, numfrags));
1067
1068         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1069            "last (big) alloc_sz=%d\n", ioc->name, alloc_sz));
1070
1071         return sglbuf;
1072
1073 free_and_fail:
1074         if (sglbuf != NULL) {
1075                 for (i = 0; i < numfrags; i++) {
1076                         dma_addr_t dma_addr;
1077                         u8 *kptr;
1078                         int len;
1079
1080                         if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1081                                 continue;
1082
1083                         dma_addr = sglbuf[i].Address;
1084                         kptr = buflist[i].kptr;
1085                         len = buflist[i].len;
1086
1087                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1088                 }
1089                 pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf, *sglbuf_dma);
1090         }
1091         kfree(buflist);
1092         return NULL;
1093 }
1094
1095 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1096 /*
1097  * Routine to free the SGL elements.
1098  */
1099 static void
1100 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1101 {
1102         MptSge_t        *sg = sgl;
1103         struct buflist  *bl = buflist;
1104         u32              nib;
1105         int              dir;
1106         int              n = 0;
1107
1108         if (sg->FlagsLength & 0x04000000)
1109                 dir = PCI_DMA_TODEVICE;
1110         else
1111                 dir = PCI_DMA_FROMDEVICE;
1112
1113         nib = (sg->FlagsLength & 0xF0000000) >> 28;
1114         while (! (nib & 0x4)) { /* eob */
1115                 /* skip ignore/chain. */
1116                 if (nib == 0 || nib == 3) {
1117                         ;
1118                 } else if (sg->Address) {
1119                         dma_addr_t dma_addr;
1120                         void *kptr;
1121                         int len;
1122
1123                         dma_addr = sg->Address;
1124                         kptr = bl->kptr;
1125                         len = bl->len;
1126                         pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1127                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1128                         n++;
1129                 }
1130                 sg++;
1131                 bl++;
1132                 nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1133         }
1134
1135         /* we're at eob! */
1136         if (sg->Address) {
1137                 dma_addr_t dma_addr;
1138                 void *kptr;
1139                 int len;
1140
1141                 dma_addr = sg->Address;
1142                 kptr = bl->kptr;
1143                 len = bl->len;
1144                 pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1145                 pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1146                 n++;
1147         }
1148
1149         pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sgl, sgl_dma);
1150         kfree(buflist);
1151         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: Free'd 1 SGL buf + %d kbufs!\n",
1152             ioc->name, n));
1153 }
1154
1155 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1156 /*
1157  *      mptctl_getiocinfo - Query the host adapter for IOC information.
1158  *      @arg: User space argument
1159  *
1160  * Outputs:     None.
1161  * Return:      0 if successful
1162  *              -EFAULT if data unavailable
1163  *              -ENODEV  if no such device/adapter
1164  */
1165 static int
1166 mptctl_getiocinfo (unsigned long arg, unsigned int data_size)
1167 {
1168         struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1169         struct mpt_ioctl_iocinfo *karg;
1170         MPT_ADAPTER             *ioc;
1171         struct pci_dev          *pdev;
1172         int                     iocnum;
1173         unsigned int            port;
1174         int                     cim_rev;
1175         u8                      revision;
1176         struct scsi_device      *sdev;
1177         VirtDevice              *vdevice;
1178
1179         /* Add of PCI INFO results in unaligned access for
1180          * IA64 and Sparc. Reset long to int. Return no PCI
1181          * data for obsolete format.
1182          */
1183         if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1184                 cim_rev = 0;
1185         else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1186                 cim_rev = 1;
1187         else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1188                 cim_rev = 2;
1189         else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1190                 cim_rev = 0;    /* obsolete */
1191         else
1192                 return -EFAULT;
1193
1194         karg = kmalloc(data_size, GFP_KERNEL);
1195         if (karg == NULL) {
1196                 printk(KERN_ERR MYNAM "%s::mpt_ioctl_iocinfo() @%d - no memory available!\n",
1197                                 __FILE__, __LINE__);
1198                 return -ENOMEM;
1199         }
1200
1201         if (copy_from_user(karg, uarg, data_size)) {
1202                 printk(KERN_ERR MYNAM "%s@%d::mptctl_getiocinfo - "
1203                         "Unable to read in mpt_ioctl_iocinfo struct @ %p\n",
1204                                 __FILE__, __LINE__, uarg);
1205                 kfree(karg);
1206                 return -EFAULT;
1207         }
1208
1209         if (((iocnum = mpt_verify_adapter(karg->hdr.iocnum, &ioc)) < 0) ||
1210             (ioc == NULL)) {
1211                 printk(KERN_DEBUG MYNAM "%s::mptctl_getiocinfo() @%d - ioc%d not found!\n",
1212                                 __FILE__, __LINE__, iocnum);
1213                 kfree(karg);
1214                 return -ENODEV;
1215         }
1216
1217         /* Verify the data transfer size is correct. */
1218         if (karg->hdr.maxDataSize != data_size) {
1219                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1220                         "Structure size mismatch. Command not completed.\n",
1221                         ioc->name, __FILE__, __LINE__);
1222                 kfree(karg);
1223                 return -EFAULT;
1224         }
1225
1226         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_getiocinfo called.\n",
1227             ioc->name));
1228
1229         /* Fill in the data and return the structure to the calling
1230          * program
1231          */
1232         if (ioc->bus_type == SAS)
1233                 karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1234         else if (ioc->bus_type == FC)
1235                 karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1236         else
1237                 karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1238
1239         if (karg->hdr.port > 1)
1240                 return -EINVAL;
1241         port = karg->hdr.port;
1242
1243         karg->port = port;
1244         pdev = (struct pci_dev *) ioc->pcidev;
1245
1246         karg->pciId = pdev->device;
1247         pci_read_config_byte(pdev, PCI_CLASS_REVISION, &revision);
1248         karg->hwRev = revision;
1249         karg->subSystemDevice = pdev->subsystem_device;
1250         karg->subSystemVendor = pdev->subsystem_vendor;
1251
1252         if (cim_rev == 1) {
1253                 /* Get the PCI bus, device, and function numbers for the IOC
1254                  */
1255                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1256                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1257                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1258         } else if (cim_rev == 2) {
1259                 /* Get the PCI bus, device, function and segment ID numbers
1260                    for the IOC */
1261                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1262                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1263                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1264                 karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1265         }
1266
1267         /* Get number of devices
1268          */
1269         karg->numDevices = 0;
1270         if (ioc->sh) {
1271                 shost_for_each_device(sdev, ioc->sh) {
1272                         vdevice = sdev->hostdata;
1273                         if (vdevice->vtarget->tflags &
1274                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1275                                 continue;
1276                         karg->numDevices++;
1277                 }
1278         }
1279
1280         /* Set the BIOS and FW Version
1281          */
1282         karg->FWVersion = ioc->facts.FWVersion.Word;
1283         karg->BIOSVersion = ioc->biosVersion;
1284
1285         /* Set the Version Strings.
1286          */
1287         strncpy (karg->driverVersion, MPT_LINUX_PACKAGE_NAME, MPT_IOCTL_VERSION_LENGTH);
1288         karg->driverVersion[MPT_IOCTL_VERSION_LENGTH-1]='\0';
1289
1290         karg->busChangeEvent = 0;
1291         karg->hostId = ioc->pfacts[port].PortSCSIID;
1292         karg->rsvd[0] = karg->rsvd[1] = 0;
1293
1294         /* Copy the data from kernel memory to user memory
1295          */
1296         if (copy_to_user((char __user *)arg, karg, data_size)) {
1297                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1298                         "Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1299                         ioc->name, __FILE__, __LINE__, uarg);
1300                 kfree(karg);
1301                 return -EFAULT;
1302         }
1303
1304         kfree(karg);
1305         return 0;
1306 }
1307
1308 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1309 /*
1310  *      mptctl_gettargetinfo - Query the host adapter for target information.
1311  *      @arg: User space argument
1312  *
1313  * Outputs:     None.
1314  * Return:      0 if successful
1315  *              -EFAULT if data unavailable
1316  *              -ENODEV  if no such device/adapter
1317  */
1318 static int
1319 mptctl_gettargetinfo (unsigned long arg)
1320 {
1321         struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1322         struct mpt_ioctl_targetinfo karg;
1323         MPT_ADAPTER             *ioc;
1324         VirtDevice              *vdevice;
1325         char                    *pmem;
1326         int                     *pdata;
1327         int                     iocnum;
1328         int                     numDevices = 0;
1329         int                     lun;
1330         int                     maxWordsLeft;
1331         int                     numBytes;
1332         u8                      port;
1333         struct scsi_device      *sdev;
1334
1335         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1336                 printk(KERN_ERR MYNAM "%s@%d::mptctl_gettargetinfo - "
1337                         "Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1338                                 __FILE__, __LINE__, uarg);
1339                 return -EFAULT;
1340         }
1341
1342         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1343             (ioc == NULL)) {
1344                 printk(KERN_DEBUG MYNAM "%s::mptctl_gettargetinfo() @%d - ioc%d not found!\n",
1345                                 __FILE__, __LINE__, iocnum);
1346                 return -ENODEV;
1347         }
1348
1349         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n",
1350             ioc->name));
1351         /* Get the port number and set the maximum number of bytes
1352          * in the returned structure.
1353          * Ignore the port setting.
1354          */
1355         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1356         maxWordsLeft = numBytes/sizeof(int);
1357         port = karg.hdr.port;
1358
1359         if (maxWordsLeft <= 0) {
1360                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1361                         ioc->name, __FILE__, __LINE__);
1362                 return -ENOMEM;
1363         }
1364
1365         /* Fill in the data and return the structure to the calling
1366          * program
1367          */
1368
1369         /* struct mpt_ioctl_targetinfo does not contain sufficient space
1370          * for the target structures so when the IOCTL is called, there is
1371          * not sufficient stack space for the structure. Allocate memory,
1372          * populate the memory, copy back to the user, then free memory.
1373          * targetInfo format:
1374          * bits 31-24: reserved
1375          *      23-16: LUN
1376          *      15- 8: Bus Number
1377          *       7- 0: Target ID
1378          */
1379         pmem = kzalloc(numBytes, GFP_KERNEL);
1380         if (!pmem) {
1381                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1382                         ioc->name, __FILE__, __LINE__);
1383                 return -ENOMEM;
1384         }
1385         pdata =  (int *) pmem;
1386
1387         /* Get number of devices
1388          */
1389         if (ioc->sh){
1390                 shost_for_each_device(sdev, ioc->sh) {
1391                         if (!maxWordsLeft)
1392                                 continue;
1393                         vdevice = sdev->hostdata;
1394                         if (vdevice->vtarget->tflags &
1395                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1396                                 continue;
1397                         lun = (vdevice->vtarget->raidVolume) ? 0x80 : vdevice->lun;
1398                         *pdata = (((u8)lun << 16) + (vdevice->vtarget->channel << 8) +
1399                             (vdevice->vtarget->id ));
1400                         pdata++;
1401                         numDevices++;
1402                         --maxWordsLeft;
1403                 }
1404         }
1405         karg.numDevices = numDevices;
1406
1407         /* Copy part of the data from kernel memory to user memory
1408          */
1409         if (copy_to_user((char __user *)arg, &karg,
1410                                 sizeof(struct mpt_ioctl_targetinfo))) {
1411                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1412                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1413                         ioc->name, __FILE__, __LINE__, uarg);
1414                 kfree(pmem);
1415                 return -EFAULT;
1416         }
1417
1418         /* Copy the remaining data from kernel memory to user memory
1419          */
1420         if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1421                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1422                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1423                         ioc->name, __FILE__, __LINE__, pdata);
1424                 kfree(pmem);
1425                 return -EFAULT;
1426         }
1427
1428         kfree(pmem);
1429
1430         return 0;
1431 }
1432
1433 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1434 /* MPT IOCTL Test function.
1435  *
1436  * Outputs:     None.
1437  * Return:      0 if successful
1438  *              -EFAULT if data unavailable
1439  *              -ENODEV  if no such device/adapter
1440  */
1441 static int
1442 mptctl_readtest (unsigned long arg)
1443 {
1444         struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1445         struct mpt_ioctl_test    karg;
1446         MPT_ADAPTER *ioc;
1447         int iocnum;
1448
1449         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1450                 printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - "
1451                         "Unable to read in mpt_ioctl_test struct @ %p\n",
1452                                 __FILE__, __LINE__, uarg);
1453                 return -EFAULT;
1454         }
1455
1456         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1457             (ioc == NULL)) {
1458                 printk(KERN_DEBUG MYNAM "%s::mptctl_readtest() @%d - ioc%d not found!\n",
1459                                 __FILE__, __LINE__, iocnum);
1460                 return -ENODEV;
1461         }
1462
1463         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n",
1464             ioc->name));
1465         /* Fill in the data and return the structure to the calling
1466          * program
1467          */
1468
1469 #ifdef MFCNT
1470         karg.chip_type = ioc->mfcnt;
1471 #else
1472         karg.chip_type = ioc->pcidev->device;
1473 #endif
1474         strncpy (karg.name, ioc->name, MPT_MAX_NAME);
1475         karg.name[MPT_MAX_NAME-1]='\0';
1476         strncpy (karg.product, ioc->prod_name, MPT_PRODUCT_LENGTH);
1477         karg.product[MPT_PRODUCT_LENGTH-1]='\0';
1478
1479         /* Copy the data from kernel memory to user memory
1480          */
1481         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1482                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_readtest - "
1483                         "Unable to write out mpt_ioctl_test struct @ %p\n",
1484                         ioc->name, __FILE__, __LINE__, uarg);
1485                 return -EFAULT;
1486         }
1487
1488         return 0;
1489 }
1490
1491 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1492 /*
1493  *      mptctl_eventquery - Query the host adapter for the event types
1494  *      that are being logged.
1495  *      @arg: User space argument
1496  *
1497  * Outputs:     None.
1498  * Return:      0 if successful
1499  *              -EFAULT if data unavailable
1500  *              -ENODEV  if no such device/adapter
1501  */
1502 static int
1503 mptctl_eventquery (unsigned long arg)
1504 {
1505         struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1506         struct mpt_ioctl_eventquery      karg;
1507         MPT_ADAPTER *ioc;
1508         int iocnum;
1509
1510         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1511                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - "
1512                         "Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1513                                 __FILE__, __LINE__, uarg);
1514                 return -EFAULT;
1515         }
1516
1517         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1518             (ioc == NULL)) {
1519                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventquery() @%d - ioc%d not found!\n",
1520                                 __FILE__, __LINE__, iocnum);
1521                 return -ENODEV;
1522         }
1523
1524         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n",
1525             ioc->name));
1526         karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1527         karg.eventTypes = ioc->eventTypes;
1528
1529         /* Copy the data from kernel memory to user memory
1530          */
1531         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1532                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventquery - "
1533                         "Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1534                         ioc->name, __FILE__, __LINE__, uarg);
1535                 return -EFAULT;
1536         }
1537         return 0;
1538 }
1539
1540 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1541 static int
1542 mptctl_eventenable (unsigned long arg)
1543 {
1544         struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1545         struct mpt_ioctl_eventenable     karg;
1546         MPT_ADAPTER *ioc;
1547         int iocnum;
1548
1549         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1550                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - "
1551                         "Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1552                                 __FILE__, __LINE__, uarg);
1553                 return -EFAULT;
1554         }
1555
1556         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1557             (ioc == NULL)) {
1558                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventenable() @%d - ioc%d not found!\n",
1559                                 __FILE__, __LINE__, iocnum);
1560                 return -ENODEV;
1561         }
1562
1563         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n",
1564             ioc->name));
1565         if (ioc->events == NULL) {
1566                 /* Have not yet allocated memory - do so now.
1567                  */
1568                 int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1569                 ioc->events = kzalloc(sz, GFP_KERNEL);
1570                 if (!ioc->events) {
1571                         printk(MYIOC_s_ERR_FMT
1572                             ": ERROR - Insufficient memory to add adapter!\n",
1573                             ioc->name);
1574                         return -ENOMEM;
1575                 }
1576                 ioc->alloc_total += sz;
1577
1578                 ioc->eventContext = 0;
1579         }
1580
1581         /* Update the IOC event logging flag.
1582          */
1583         ioc->eventTypes = karg.eventTypes;
1584
1585         return 0;
1586 }
1587
1588 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1589 static int
1590 mptctl_eventreport (unsigned long arg)
1591 {
1592         struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1593         struct mpt_ioctl_eventreport     karg;
1594         MPT_ADAPTER              *ioc;
1595         int                      iocnum;
1596         int                      numBytes, maxEvents, max;
1597
1598         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1599                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventreport - "
1600                         "Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1601                                 __FILE__, __LINE__, uarg);
1602                 return -EFAULT;
1603         }
1604
1605         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1606             (ioc == NULL)) {
1607                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventreport() @%d - ioc%d not found!\n",
1608                                 __FILE__, __LINE__, iocnum);
1609                 return -ENODEV;
1610         }
1611         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n",
1612             ioc->name));
1613
1614         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1615         maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1616
1617
1618         max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1619
1620         /* If fewer than 1 event is requested, there must have
1621          * been some type of error.
1622          */
1623         if ((max < 1) || !ioc->events)
1624                 return -ENODATA;
1625
1626         /* reset this flag so SIGIO can restart */
1627         ioc->aen_event_read_flag=0;
1628
1629         /* Copy the data from kernel memory to user memory
1630          */
1631         numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1632         if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1633                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventreport - "
1634                         "Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1635                         ioc->name, __FILE__, __LINE__, ioc->events);
1636                 return -EFAULT;
1637         }
1638
1639         return 0;
1640 }
1641
1642 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1643 static int
1644 mptctl_replace_fw (unsigned long arg)
1645 {
1646         struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1647         struct mpt_ioctl_replace_fw      karg;
1648         MPT_ADAPTER              *ioc;
1649         int                      iocnum;
1650         int                      newFwSize;
1651
1652         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1653                 printk(KERN_ERR MYNAM "%s@%d::mptctl_replace_fw - "
1654                         "Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1655                                 __FILE__, __LINE__, uarg);
1656                 return -EFAULT;
1657         }
1658
1659         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1660             (ioc == NULL)) {
1661                 printk(KERN_DEBUG MYNAM "%s::mptctl_replace_fw() @%d - ioc%d not found!\n",
1662                                 __FILE__, __LINE__, iocnum);
1663                 return -ENODEV;
1664         }
1665
1666         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n",
1667             ioc->name));
1668         /* If caching FW, Free the old FW image
1669          */
1670         if (ioc->cached_fw == NULL)
1671                 return 0;
1672
1673         mpt_free_fw_memory(ioc);
1674
1675         /* Allocate memory for the new FW image
1676          */
1677         newFwSize = karg.newImageSize;
1678
1679         if (newFwSize & 0x01)
1680                 newFwSize += 1;
1681         if (newFwSize & 0x02)
1682                 newFwSize += 2;
1683
1684         mpt_alloc_fw_memory(ioc, newFwSize);
1685         if (ioc->cached_fw == NULL)
1686                 return -ENOMEM;
1687
1688         /* Copy the data from user memory to kernel space
1689          */
1690         if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1691                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_replace_fw - "
1692                                 "Unable to read in mpt_ioctl_replace_fw image "
1693                                 "@ %p\n", ioc->name, __FILE__, __LINE__, uarg);
1694                 mpt_free_fw_memory(ioc);
1695                 return -EFAULT;
1696         }
1697
1698         /* Update IOCFactsReply
1699          */
1700         ioc->facts.FWImageSize = newFwSize;
1701         return 0;
1702 }
1703
1704 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1705 /* MPT IOCTL MPTCOMMAND function.
1706  * Cast the arg into the mpt_ioctl_mpt_command structure.
1707  *
1708  * Outputs:     None.
1709  * Return:      0 if successful
1710  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1711  *              -EFAULT if data unavailable
1712  *              -ENODEV if no such device/adapter
1713  *              -ETIME  if timer expires
1714  *              -ENOMEM if memory allocation error
1715  */
1716 static int
1717 mptctl_mpt_command (unsigned long arg)
1718 {
1719         struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1720         struct mpt_ioctl_command  karg;
1721         MPT_ADAPTER     *ioc;
1722         int             iocnum;
1723         int             rc;
1724
1725
1726         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1727                 printk(KERN_ERR MYNAM "%s@%d::mptctl_mpt_command - "
1728                         "Unable to read in mpt_ioctl_command struct @ %p\n",
1729                                 __FILE__, __LINE__, uarg);
1730                 return -EFAULT;
1731         }
1732
1733         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1734             (ioc == NULL)) {
1735                 printk(KERN_DEBUG MYNAM "%s::mptctl_mpt_command() @%d - ioc%d not found!\n",
1736                                 __FILE__, __LINE__, iocnum);
1737                 return -ENODEV;
1738         }
1739
1740         rc = mptctl_do_mpt_command (karg, &uarg->MF);
1741
1742         return rc;
1743 }
1744
1745 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1746 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1747  *
1748  * Outputs:     None.
1749  * Return:      0 if successful
1750  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1751  *              -EFAULT if data unavailable
1752  *              -ENODEV if no such device/adapter
1753  *              -ETIME  if timer expires
1754  *              -ENOMEM if memory allocation error
1755  *              -EPERM if SCSI I/O and target is untagged
1756  */
1757 static int
1758 mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr)
1759 {
1760         MPT_ADAPTER     *ioc;
1761         MPT_FRAME_HDR   *mf = NULL;
1762         MPIHeader_t     *hdr;
1763         char            *psge;
1764         struct buflist  bufIn;  /* data In buffer */
1765         struct buflist  bufOut; /* data Out buffer */
1766         dma_addr_t      dma_addr_in;
1767         dma_addr_t      dma_addr_out;
1768         int             sgSize = 0;     /* Num SG elements */
1769         int             iocnum, flagsLength;
1770         int             sz, rc = 0;
1771         int             msgContext;
1772         u16             req_idx;
1773         ulong           timeout;
1774         struct scsi_device *sdev;
1775
1776         /* bufIn and bufOut are used for user to kernel space transfers
1777          */
1778         bufIn.kptr = bufOut.kptr = NULL;
1779         bufIn.len = bufOut.len = 0;
1780
1781         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1782             (ioc == NULL)) {
1783                 printk(KERN_DEBUG MYNAM "%s::mptctl_do_mpt_command() @%d - ioc%d not found!\n",
1784                                 __FILE__, __LINE__, iocnum);
1785                 return -ENODEV;
1786         }
1787         if (!ioc->ioctl) {
1788                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1789                         "No memory available during driver init.\n",
1790                                 __FILE__, __LINE__);
1791                 return -ENOMEM;
1792         } else if (ioc->ioctl->status & MPT_IOCTL_STATUS_DID_IOCRESET) {
1793                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1794                         "Busy with IOC Reset \n", __FILE__, __LINE__);
1795                 return -EBUSY;
1796         }
1797
1798         /* Verify that the final request frame will not be too large.
1799          */
1800         sz = karg.dataSgeOffset * 4;
1801         if (karg.dataInSize > 0)
1802                 sz += sizeof(dma_addr_t) + sizeof(u32);
1803         if (karg.dataOutSize > 0)
1804                 sz += sizeof(dma_addr_t) + sizeof(u32);
1805
1806         if (sz > ioc->req_sz) {
1807                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1808                         "Request frame too large (%d) maximum (%d)\n",
1809                         ioc->name, __FILE__, __LINE__, sz, ioc->req_sz);
1810                 return -EFAULT;
1811         }
1812
1813         /* Get a free request frame and save the message context.
1814          */
1815         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1816                 return -EAGAIN;
1817
1818         hdr = (MPIHeader_t *) mf;
1819         msgContext = le32_to_cpu(hdr->MsgContext);
1820         req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1821
1822         /* Copy the request frame
1823          * Reset the saved message context.
1824          * Request frame in user space
1825          */
1826         if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1827                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1828                         "Unable to read MF from mpt_ioctl_command struct @ %p\n",
1829                         ioc->name, __FILE__, __LINE__, mfPtr);
1830                 rc = -EFAULT;
1831                 goto done_free_mem;
1832         }
1833         hdr->MsgContext = cpu_to_le32(msgContext);
1834
1835
1836         /* Verify that this request is allowed.
1837          */
1838         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sending mpi function (0x%02X), req=%p\n",
1839             ioc->name, hdr->Function, mf));
1840
1841         switch (hdr->Function) {
1842         case MPI_FUNCTION_IOC_FACTS:
1843         case MPI_FUNCTION_PORT_FACTS:
1844                 karg.dataOutSize  = karg.dataInSize = 0;
1845                 break;
1846
1847         case MPI_FUNCTION_CONFIG:
1848         {
1849                 Config_t *config_frame;
1850                 config_frame = (Config_t *)mf;
1851                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\ttype=0x%02x ext_type=0x%02x "
1852                     "number=0x%02x action=0x%02x\n", ioc->name,
1853                     config_frame->Header.PageType,
1854                     config_frame->ExtPageType,
1855                     config_frame->Header.PageNumber,
1856                     config_frame->Action));
1857                 break;
1858         }
1859
1860         case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1861         case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1862         case MPI_FUNCTION_FW_UPLOAD:
1863         case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1864         case MPI_FUNCTION_FW_DOWNLOAD:
1865         case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1866         case MPI_FUNCTION_TOOLBOX:
1867         case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1868                 break;
1869
1870         case MPI_FUNCTION_SCSI_IO_REQUEST:
1871                 if (ioc->sh) {
1872                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1873                         int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1874                         int scsidir = 0;
1875                         int dataSize;
1876                         u32 id;
1877
1878                         id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1879                         if (pScsiReq->TargetID > id) {
1880                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1881                                         "Target ID out of bounds. \n",
1882                                         ioc->name, __FILE__, __LINE__);
1883                                 rc = -ENODEV;
1884                                 goto done_free_mem;
1885                         }
1886
1887                         if (pScsiReq->Bus >= ioc->number_of_buses) {
1888                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1889                                         "Target Bus out of bounds. \n",
1890                                         ioc->name, __FILE__, __LINE__);
1891                                 rc = -ENODEV;
1892                                 goto done_free_mem;
1893                         }
1894
1895                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1896                         pScsiReq->MsgFlags |= mpt_msg_flags();
1897
1898
1899                         /* verify that app has not requested
1900                          *      more sense data than driver
1901                          *      can provide, if so, reset this parameter
1902                          * set the sense buffer pointer low address
1903                          * update the control field to specify Q type
1904                          */
1905                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1906                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1907                         else
1908                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1909
1910                         pScsiReq->SenseBufferLowAddr =
1911                                 cpu_to_le32(ioc->sense_buf_low_dma
1912                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1913
1914                         shost_for_each_device(sdev, ioc->sh) {
1915                                 struct scsi_target *starget = scsi_target(sdev);
1916                                 VirtTarget *vtarget = starget->hostdata;
1917
1918                                 if ((pScsiReq->TargetID == vtarget->id) &&
1919                                     (pScsiReq->Bus == vtarget->channel) &&
1920                                     (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1921                                         qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1922                         }
1923
1924                         /* Have the IOCTL driver set the direction based
1925                          * on the dataOutSize (ordering issue with Sparc).
1926                          */
1927                         if (karg.dataOutSize > 0) {
1928                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
1929                                 dataSize = karg.dataOutSize;
1930                         } else {
1931                                 scsidir = MPI_SCSIIO_CONTROL_READ;
1932                                 dataSize = karg.dataInSize;
1933                         }
1934
1935                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1936                         pScsiReq->DataLength = cpu_to_le32(dataSize);
1937
1938                         ioc->ioctl->reset = MPTCTL_RESET_OK;
1939                         ioc->ioctl->id = pScsiReq->TargetID;
1940
1941                 } else {
1942                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1943                                 "SCSI driver is not loaded. \n",
1944                                 ioc->name, __FILE__, __LINE__);
1945                         rc = -EFAULT;
1946                         goto done_free_mem;
1947                 }
1948                 break;
1949
1950         case MPI_FUNCTION_SMP_PASSTHROUGH:
1951                 /* Check mf->PassthruFlags to determine if
1952                  * transfer is ImmediateMode or not.
1953                  * Immediate mode returns data in the ReplyFrame.
1954                  * Else, we are sending request and response data
1955                  * in two SGLs at the end of the mf.
1956                  */
1957                 break;
1958
1959         case MPI_FUNCTION_SATA_PASSTHROUGH:
1960                 if (!ioc->sh) {
1961                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1962                                 "SCSI driver is not loaded. \n",
1963                                 ioc->name, __FILE__, __LINE__);
1964                         rc = -EFAULT;
1965                         goto done_free_mem;
1966                 }
1967                 break;
1968
1969         case MPI_FUNCTION_RAID_ACTION:
1970                 /* Just add a SGE
1971                  */
1972                 break;
1973
1974         case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
1975                 if (ioc->sh) {
1976                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1977                         int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1978                         int scsidir = MPI_SCSIIO_CONTROL_READ;
1979                         int dataSize;
1980
1981                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1982                         pScsiReq->MsgFlags |= mpt_msg_flags();
1983
1984
1985                         /* verify that app has not requested
1986                          *      more sense data than driver
1987                          *      can provide, if so, reset this parameter
1988                          * set the sense buffer pointer low address
1989                          * update the control field to specify Q type
1990                          */
1991                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1992                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1993                         else
1994                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1995
1996                         pScsiReq->SenseBufferLowAddr =
1997                                 cpu_to_le32(ioc->sense_buf_low_dma
1998                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1999
2000                         /* All commands to physical devices are tagged
2001                          */
2002
2003                         /* Have the IOCTL driver set the direction based
2004                          * on the dataOutSize (ordering issue with Sparc).
2005                          */
2006                         if (karg.dataOutSize > 0) {
2007                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
2008                                 dataSize = karg.dataOutSize;
2009                         } else {
2010                                 scsidir = MPI_SCSIIO_CONTROL_READ;
2011                                 dataSize = karg.dataInSize;
2012                         }
2013
2014                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
2015                         pScsiReq->DataLength = cpu_to_le32(dataSize);
2016
2017                         ioc->ioctl->reset = MPTCTL_RESET_OK;
2018                         ioc->ioctl->id = pScsiReq->TargetID;
2019                 } else {
2020                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2021                                 "SCSI driver is not loaded. \n",
2022                                 ioc->name, __FILE__, __LINE__);
2023                         rc = -EFAULT;
2024                         goto done_free_mem;
2025                 }
2026                 break;
2027
2028         case MPI_FUNCTION_SCSI_TASK_MGMT:
2029                 {
2030                         MPT_SCSI_HOST *hd = NULL;
2031                         if ((ioc->sh == NULL) || ((hd = shost_priv(ioc->sh)) == NULL)) {
2032                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2033                                         "SCSI driver not loaded or SCSI host not found. \n",
2034                                         ioc->name, __FILE__, __LINE__);
2035                                 rc = -EFAULT;
2036                                 goto done_free_mem;
2037                         } else if (mptctl_set_tm_flags(hd) != 0) {
2038                                 rc = -EPERM;
2039                                 goto done_free_mem;
2040                         }
2041                 }
2042                 break;
2043
2044         case MPI_FUNCTION_IOC_INIT:
2045                 {
2046                         IOCInit_t       *pInit = (IOCInit_t *) mf;
2047                         u32             high_addr, sense_high;
2048
2049                         /* Verify that all entries in the IOC INIT match
2050                          * existing setup (and in LE format).
2051                          */
2052                         if (sizeof(dma_addr_t) == sizeof(u64)) {
2053                                 high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2054                                 sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2055                         } else {
2056                                 high_addr = 0;
2057                                 sense_high= 0;
2058                         }
2059
2060                         if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2061                                 (pInit->MaxBuses != ioc->facts.MaxBuses) ||
2062                                 (pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2063                                 (pInit->HostMfaHighAddr != high_addr) ||
2064                                 (pInit->SenseBufferHighAddr != sense_high)) {
2065                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2066                                         "IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2067                                         ioc->name, __FILE__, __LINE__);
2068                                 rc = -EFAULT;
2069                                 goto done_free_mem;
2070                         }
2071                 }
2072                 break;
2073         default:
2074                 /*
2075                  * MPI_FUNCTION_PORT_ENABLE
2076                  * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2077                  * MPI_FUNCTION_TARGET_ASSIST
2078                  * MPI_FUNCTION_TARGET_STATUS_SEND
2079                  * MPI_FUNCTION_TARGET_MODE_ABORT
2080                  * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2081                  * MPI_FUNCTION_IO_UNIT_RESET
2082                  * MPI_FUNCTION_HANDSHAKE
2083                  * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2084                  * MPI_FUNCTION_EVENT_NOTIFICATION
2085                  *  (driver handles event notification)
2086                  * MPI_FUNCTION_EVENT_ACK
2087                  */
2088
2089                 /*  What to do with these???  CHECK ME!!!
2090                         MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2091                         MPI_FUNCTION_FC_LINK_SRVC_RSP
2092                         MPI_FUNCTION_FC_ABORT
2093                         MPI_FUNCTION_LAN_SEND
2094                         MPI_FUNCTION_LAN_RECEIVE
2095                         MPI_FUNCTION_LAN_RESET
2096                 */
2097
2098                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2099                         "Illegal request (function 0x%x) \n",
2100                         ioc->name, __FILE__, __LINE__, hdr->Function);
2101                 rc = -EFAULT;
2102                 goto done_free_mem;
2103         }
2104
2105         /* Add the SGL ( at most one data in SGE and one data out SGE )
2106          * In the case of two SGE's - the data out (write) will always
2107          * preceede the data in (read) SGE. psgList is used to free the
2108          * allocated memory.
2109          */
2110         psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2111         flagsLength = 0;
2112
2113         if (karg.dataOutSize > 0)
2114                 sgSize ++;
2115
2116         if (karg.dataInSize > 0)
2117                 sgSize ++;
2118
2119         if (sgSize > 0) {
2120
2121                 /* Set up the dataOut memory allocation */
2122                 if (karg.dataOutSize > 0) {
2123                         if (karg.dataInSize > 0) {
2124                                 flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2125                                                 MPI_SGE_FLAGS_END_OF_BUFFER |
2126                                                 MPI_SGE_FLAGS_DIRECTION |
2127                                                 mpt_addr_size() )
2128                                                 << MPI_SGE_FLAGS_SHIFT;
2129                         } else {
2130                                 flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2131                         }
2132                         flagsLength |= karg.dataOutSize;
2133                         bufOut.len = karg.dataOutSize;
2134                         bufOut.kptr = pci_alloc_consistent(
2135                                         ioc->pcidev, bufOut.len, &dma_addr_out);
2136
2137                         if (bufOut.kptr == NULL) {
2138                                 rc = -ENOMEM;
2139                                 goto done_free_mem;
2140                         } else {
2141                                 /* Set up this SGE.
2142                                  * Copy to MF and to sglbuf
2143                                  */
2144                                 mpt_add_sge(psge, flagsLength, dma_addr_out);
2145                                 psge += (sizeof(u32) + sizeof(dma_addr_t));
2146
2147                                 /* Copy user data to kernel space.
2148                                  */
2149                                 if (copy_from_user(bufOut.kptr,
2150                                                 karg.dataOutBufPtr,
2151                                                 bufOut.len)) {
2152                                         printk(MYIOC_s_ERR_FMT
2153                                                 "%s@%d::mptctl_do_mpt_command - Unable "
2154                                                 "to read user data "
2155                                                 "struct @ %p\n",
2156                                                 ioc->name, __FILE__, __LINE__,karg.dataOutBufPtr);
2157                                         rc =  -EFAULT;
2158                                         goto done_free_mem;
2159                                 }
2160                         }
2161                 }
2162
2163                 if (karg.dataInSize > 0) {
2164                         flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2165                         flagsLength |= karg.dataInSize;
2166
2167                         bufIn.len = karg.dataInSize;
2168                         bufIn.kptr = pci_alloc_consistent(ioc->pcidev,
2169                                         bufIn.len, &dma_addr_in);
2170
2171                         if (bufIn.kptr == NULL) {
2172                                 rc = -ENOMEM;
2173                                 goto done_free_mem;
2174                         } else {
2175                                 /* Set up this SGE
2176                                  * Copy to MF and to sglbuf
2177                                  */
2178                                 mpt_add_sge(psge, flagsLength, dma_addr_in);
2179                         }
2180                 }
2181         } else  {
2182                 /* Add a NULL SGE
2183                  */
2184                 mpt_add_sge(psge, flagsLength, (dma_addr_t) -1);
2185         }
2186
2187         ioc->ioctl->wait_done = 0;
2188         if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2189
2190                 DBG_DUMP_TM_REQUEST_FRAME(ioc, (u32 *)mf);
2191
2192                 if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
2193                     (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
2194                         mpt_put_msg_frame_hi_pri(mptctl_id, ioc, mf);
2195                 else {
2196                         rc =mpt_send_handshake_request(mptctl_id, ioc,
2197                                 sizeof(SCSITaskMgmt_t), (u32*)mf, CAN_SLEEP);
2198                         if (rc != 0) {
2199                                 dfailprintk(ioc, printk(MYIOC_s_ERR_FMT
2200                                     "_send_handshake FAILED! (ioc %p, mf %p)\n",
2201                                     ioc->name, ioc, mf));
2202                                 mptctl_free_tm_flags(ioc);
2203                                 rc = -ENODATA;
2204                                 goto done_free_mem;
2205                         }
2206                 }
2207
2208         } else
2209                 mpt_put_msg_frame(mptctl_id, ioc, mf);
2210
2211         /* Now wait for the command to complete */
2212         timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2213         timeout = wait_event_timeout(mptctl_wait,
2214              ioc->ioctl->wait_done == 1,
2215              HZ*timeout);
2216
2217         if(timeout <=0 && (ioc->ioctl->wait_done != 1 )) {
2218         /* Now we need to reset the board */
2219
2220                 if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT)
2221                         mptctl_free_tm_flags(ioc);
2222
2223                 mptctl_timeout_expired(ioc->ioctl);
2224                 rc = -ENODATA;
2225                 goto done_free_mem;
2226         }
2227
2228         mf = NULL;
2229
2230         /* If a valid reply frame, copy to the user.
2231          * Offset 2: reply length in U32's
2232          */
2233         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID) {
2234                 if (karg.maxReplyBytes < ioc->reply_sz) {
2235                          sz = min(karg.maxReplyBytes, 4*ioc->ioctl->ReplyFrame[2]);
2236                 } else {
2237                          sz = min(ioc->reply_sz, 4*ioc->ioctl->ReplyFrame[2]);
2238                 }
2239
2240                 if (sz > 0) {
2241                         if (copy_to_user(karg.replyFrameBufPtr,
2242                                  &ioc->ioctl->ReplyFrame, sz)){
2243                                  printk(MYIOC_s_ERR_FMT
2244                                      "%s@%d::mptctl_do_mpt_command - "
2245                                  "Unable to write out reply frame %p\n",
2246                                  ioc->name, __FILE__, __LINE__, karg.replyFrameBufPtr);
2247                                  rc =  -ENODATA;
2248                                  goto done_free_mem;
2249                         }
2250                 }
2251         }
2252
2253         /* If valid sense data, copy to user.
2254          */
2255         if (ioc->ioctl->status & MPT_IOCTL_STATUS_SENSE_VALID) {
2256                 sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2257                 if (sz > 0) {
2258                         if (copy_to_user(karg.senseDataPtr, ioc->ioctl->sense, sz)) {
2259                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2260                                 "Unable to write sense data to user %p\n",
2261                                 ioc->name, __FILE__, __LINE__,
2262                                 karg.senseDataPtr);
2263                                 rc =  -ENODATA;
2264                                 goto done_free_mem;
2265                         }
2266                 }
2267         }
2268
2269         /* If the overall status is _GOOD and data in, copy data
2270          * to user.
2271          */
2272         if ((ioc->ioctl->status & MPT_IOCTL_STATUS_COMMAND_GOOD) &&
2273                                 (karg.dataInSize > 0) && (bufIn.kptr)) {
2274
2275                 if (copy_to_user(karg.dataInBufPtr,
2276                                  bufIn.kptr, karg.dataInSize)) {
2277                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2278                                 "Unable to write data to user %p\n",
2279                                 ioc->name, __FILE__, __LINE__,
2280                                 karg.dataInBufPtr);
2281                         rc =  -ENODATA;
2282                 }
2283         }
2284
2285 done_free_mem:
2286
2287         ioc->ioctl->status &= ~(MPT_IOCTL_STATUS_COMMAND_GOOD |
2288                 MPT_IOCTL_STATUS_SENSE_VALID |
2289                 MPT_IOCTL_STATUS_RF_VALID );
2290
2291         /* Free the allocated memory.
2292          */
2293         if (bufOut.kptr != NULL) {
2294                 pci_free_consistent(ioc->pcidev,
2295                         bufOut.len, (void *) bufOut.kptr, dma_addr_out);
2296         }
2297
2298         if (bufIn.kptr != NULL) {
2299                 pci_free_consistent(ioc->pcidev,
2300                         bufIn.len, (void *) bufIn.kptr, dma_addr_in);
2301         }
2302
2303         /* mf is null if command issued successfully
2304          * otherwise, failure occured after mf acquired.
2305          */
2306         if (mf)
2307                 mpt_free_msg_frame(ioc, mf);
2308
2309         return rc;
2310 }
2311
2312 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2313 /* Prototype Routine for the HOST INFO command.
2314  *
2315  * Outputs:     None.
2316  * Return:      0 if successful
2317  *              -EFAULT if data unavailable
2318  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2319  *              -ENODEV if no such device/adapter
2320  *              -ETIME  if timer expires
2321  *              -ENOMEM if memory allocation error
2322  */
2323 static int
2324 mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size)
2325 {
2326         hp_host_info_t  __user *uarg = (void __user *) arg;
2327         MPT_ADAPTER             *ioc;
2328         struct pci_dev          *pdev;
2329         char                    *pbuf=NULL;
2330         dma_addr_t              buf_dma;
2331         hp_host_info_t          karg;
2332         CONFIGPARMS             cfg;
2333         ConfigPageHeader_t      hdr;
2334         int                     iocnum;
2335         int                     rc, cim_rev;
2336         ToolboxIstwiReadWriteRequest_t  *IstwiRWRequest;
2337         MPT_FRAME_HDR           *mf = NULL;
2338         MPIHeader_t             *mpi_hdr;
2339
2340         /* Reset long to int. Should affect IA64 and SPARC only
2341          */
2342         if (data_size == sizeof(hp_host_info_t))
2343                 cim_rev = 1;
2344         else if (data_size == sizeof(hp_host_info_rev0_t))
2345                 cim_rev = 0;    /* obsolete */
2346         else
2347                 return -EFAULT;
2348
2349         if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2350                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_host_info - "
2351                         "Unable to read in hp_host_info struct @ %p\n",
2352                                 __FILE__, __LINE__, uarg);
2353                 return -EFAULT;
2354         }
2355
2356         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2357             (ioc == NULL)) {
2358                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_hostinfo() @%d - ioc%d not found!\n",
2359                                 __FILE__, __LINE__, iocnum);
2360                 return -ENODEV;
2361         }
2362         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n",
2363             ioc->name));
2364
2365         /* Fill in the data and return the structure to the calling
2366          * program
2367          */
2368         pdev = (struct pci_dev *) ioc->pcidev;
2369
2370         karg.vendor = pdev->vendor;
2371         karg.device = pdev->device;
2372         karg.subsystem_id = pdev->subsystem_device;
2373         karg.subsystem_vendor = pdev->subsystem_vendor;
2374         karg.devfn = pdev->devfn;
2375         karg.bus = pdev->bus->number;
2376
2377         /* Save the SCSI host no. if
2378          * SCSI driver loaded
2379          */
2380         if (ioc->sh != NULL)
2381                 karg.host_no = ioc->sh->host_no;
2382         else
2383                 karg.host_no =  -1;
2384
2385         /* Reformat the fw_version into a string
2386          */
2387         karg.fw_version[0] = ioc->facts.FWVersion.Struct.Major >= 10 ?
2388                 ((ioc->facts.FWVersion.Struct.Major / 10) + '0') : '0';
2389         karg.fw_version[1] = (ioc->facts.FWVersion.Struct.Major % 10 ) + '0';
2390         karg.fw_version[2] = '.';
2391         karg.fw_version[3] = ioc->facts.FWVersion.Struct.Minor >= 10 ?
2392                 ((ioc->facts.FWVersion.Struct.Minor / 10) + '0') : '0';
2393         karg.fw_version[4] = (ioc->facts.FWVersion.Struct.Minor % 10 ) + '0';
2394         karg.fw_version[5] = '.';
2395         karg.fw_version[6] = ioc->facts.FWVersion.Struct.Unit >= 10 ?
2396                 ((ioc->facts.FWVersion.Struct.Unit / 10) + '0') : '0';
2397         karg.fw_version[7] = (ioc->facts.FWVersion.Struct.Unit % 10 ) + '0';
2398         karg.fw_version[8] = '.';
2399         karg.fw_version[9] = ioc->facts.FWVersion.Struct.Dev >= 10 ?
2400                 ((ioc->facts.FWVersion.Struct.Dev / 10) + '0') : '0';
2401         karg.fw_version[10] = (ioc->facts.FWVersion.Struct.Dev % 10 ) + '0';
2402         karg.fw_version[11] = '\0';
2403
2404         /* Issue a config request to get the device serial number
2405          */
2406         hdr.PageVersion = 0;
2407         hdr.PageLength = 0;
2408         hdr.PageNumber = 0;
2409         hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2410         cfg.cfghdr.hdr = &hdr;
2411         cfg.physAddr = -1;
2412         cfg.pageAddr = 0;
2413         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2414         cfg.dir = 0;    /* read */
2415         cfg.timeout = 10;
2416
2417         strncpy(karg.serial_number, " ", 24);
2418         if (mpt_config(ioc, &cfg) == 0) {
2419                 if (cfg.cfghdr.hdr->PageLength > 0) {
2420                         /* Issue the second config page request */
2421                         cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2422
2423                         pbuf = pci_alloc_consistent(ioc->pcidev, hdr.PageLength * 4, &buf_dma);
2424                         if (pbuf) {
2425                                 cfg.physAddr = buf_dma;
2426                                 if (mpt_config(ioc, &cfg) == 0) {
2427                                         ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2428                                         if (strlen(pdata->BoardTracerNumber) > 1) {
2429                                                 strncpy(karg.serial_number,                                                                         pdata->BoardTracerNumber, 24);
2430                                                 karg.serial_number[24-1]='\0';
2431                                         }
2432                                 }
2433                                 pci_free_consistent(ioc->pcidev, hdr.PageLength * 4, pbuf, buf_dma);
2434                                 pbuf = NULL;
2435                         }
2436                 }
2437         }
2438         rc = mpt_GetIocState(ioc, 1);
2439         switch (rc) {
2440         case MPI_IOC_STATE_OPERATIONAL:
2441                 karg.ioc_status =  HP_STATUS_OK;
2442                 break;
2443
2444         case MPI_IOC_STATE_FAULT:
2445                 karg.ioc_status =  HP_STATUS_FAILED;
2446                 break;
2447
2448         case MPI_IOC_STATE_RESET:
2449         case MPI_IOC_STATE_READY:
2450         default:
2451                 karg.ioc_status =  HP_STATUS_OTHER;
2452                 break;
2453         }
2454
2455         karg.base_io_addr = pci_resource_start(pdev, 0);
2456
2457         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2458                 karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2459         else
2460                 karg.bus_phys_width = HP_BUS_WIDTH_16;
2461
2462         karg.hard_resets = 0;
2463         karg.soft_resets = 0;
2464         karg.timeouts = 0;
2465         if (ioc->sh != NULL) {
2466                 MPT_SCSI_HOST *hd =  shost_priv(ioc->sh);
2467
2468                 if (hd && (cim_rev == 1)) {
2469                         karg.hard_resets = hd->hard_resets;
2470                         karg.soft_resets = hd->soft_resets;
2471                         karg.timeouts = hd->timeouts;
2472                 }
2473         }
2474
2475         /* 
2476          * Gather ISTWI(Industry Standard Two Wire Interface) Data
2477          */
2478         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2479                 dfailprintk(ioc, printk(MYIOC_s_WARN_FMT "%s, no msg frames!!\n",
2480                     ioc->name,__func__));
2481                 goto out;
2482         }
2483
2484         IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2485         mpi_hdr = (MPIHeader_t *) mf;
2486         memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2487         IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2488         IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2489         IstwiRWRequest->MsgContext = mpi_hdr->MsgContext;
2490         IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2491         IstwiRWRequest->NumAddressBytes = 0x01;
2492         IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2493         if (pdev->devfn & 1)
2494                 IstwiRWRequest->DeviceAddr = 0xB2;
2495         else
2496                 IstwiRWRequest->DeviceAddr = 0xB0;
2497
2498         pbuf = pci_alloc_consistent(ioc->pcidev, 4, &buf_dma);
2499         if (!pbuf)
2500                 goto out;
2501         mpt_add_sge((char *)&IstwiRWRequest->SGL,
2502             (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2503
2504         ioc->ioctl->wait_done = 0;
2505         mpt_put_msg_frame(mptctl_id, ioc, mf);
2506
2507         rc = wait_event_timeout(mptctl_wait,
2508              ioc->ioctl->wait_done == 1,
2509              HZ*MPT_IOCTL_DEFAULT_TIMEOUT /* 10 sec */);
2510
2511         if(rc <=0 && (ioc->ioctl->wait_done != 1 )) {
2512                 /*
2513                  * Now we need to reset the board
2514                  */
2515                 mpt_free_msg_frame(ioc, mf);
2516                 mptctl_timeout_expired(ioc->ioctl);
2517                 goto out;
2518         }
2519
2520         /*
2521          *ISTWI Data Definition
2522          * pbuf[0] = FW_VERSION = 0x4
2523          * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2524          *  the config, you should be seeing one out of these three values
2525          * pbuf[2] = Drive Installed Map = bit pattern depend on which
2526          *   bays have drives in them
2527          * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2528          */
2529         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID)
2530                 karg.rsvd = *(u32 *)pbuf;
2531
2532  out:
2533         if (pbuf)
2534                 pci_free_consistent(ioc->pcidev, 4, pbuf, buf_dma);
2535
2536         /* Copy the data from kernel memory to user memory
2537          */
2538         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2539                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hpgethostinfo - "
2540                         "Unable to write out hp_host_info @ %p\n",
2541                         ioc->name, __FILE__, __LINE__, uarg);
2542                 return -EFAULT;
2543         }
2544
2545         return 0;
2546
2547 }
2548
2549 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2550 /* Prototype Routine for the TARGET INFO command.
2551  *
2552  * Outputs:     None.
2553  * Return:      0 if successful
2554  *              -EFAULT if data unavailable
2555  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2556  *              -ENODEV if no such device/adapter
2557  *              -ETIME  if timer expires
2558  *              -ENOMEM if memory allocation error
2559  */
2560 static int
2561 mptctl_hp_targetinfo(unsigned long arg)
2562 {
2563         hp_target_info_t __user *uarg = (void __user *) arg;
2564         SCSIDevicePage0_t       *pg0_alloc;
2565         SCSIDevicePage3_t       *pg3_alloc;
2566         MPT_ADAPTER             *ioc;
2567         MPT_SCSI_HOST           *hd = NULL;
2568         hp_target_info_t        karg;
2569         int                     iocnum;
2570         int                     data_sz;
2571         dma_addr_t              page_dma;
2572         CONFIGPARMS             cfg;
2573         ConfigPageHeader_t      hdr;
2574         int                     tmp, np, rc = 0;
2575
2576         if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2577                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_targetinfo - "
2578                         "Unable to read in hp_host_targetinfo struct @ %p\n",
2579                                 __FILE__, __LINE__, uarg);
2580                 return -EFAULT;
2581         }
2582
2583         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2584                 (ioc == NULL)) {
2585                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_targetinfo() @%d - ioc%d not found!\n",
2586                                 __FILE__, __LINE__, iocnum);
2587                 return -ENODEV;
2588         }
2589         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n",
2590             ioc->name));
2591
2592         /*  There is nothing to do for FCP parts.
2593          */
2594         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2595                 return 0;
2596
2597         if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2598                 return 0;
2599
2600         if (ioc->sh->host_no != karg.hdr.host)
2601                 return -ENODEV;
2602
2603        /* Get the data transfer speeds
2604         */
2605         data_sz = ioc->spi_data.sdp0length * 4;
2606         pg0_alloc = (SCSIDevicePage0_t *) pci_alloc_consistent(ioc->pcidev, data_sz, &page_dma);
2607         if (pg0_alloc) {
2608                 hdr.PageVersion = ioc->spi_data.sdp0version;
2609                 hdr.PageLength = data_sz;
2610                 hdr.PageNumber = 0;
2611                 hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2612
2613                 cfg.cfghdr.hdr = &hdr;
2614                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2615                 cfg.dir = 0;
2616                 cfg.timeout = 0;
2617                 cfg.physAddr = page_dma;
2618
2619                 cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2620
2621                 if ((rc = mpt_config(ioc, &cfg)) == 0) {
2622                         np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2623                         karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2624                                         HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2625
2626                         if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2627                                 tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2628                                 if (tmp < 0x09)
2629                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2630                                 else if (tmp <= 0x09)
2631                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2632                                 else if (tmp <= 0x0A)
2633                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2634                                 else if (tmp <= 0x0C)
2635                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2636                                 else if (tmp <= 0x25)
2637                                         karg.negotiated_speed = HP_DEV_SPEED_FAST;
2638                                 else
2639                                         karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2640                         } else
2641                                 karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2642                 }
2643
2644                 pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg0_alloc, page_dma);
2645         }
2646
2647         /* Set defaults
2648          */
2649         karg.message_rejects = -1;
2650         karg.phase_errors = -1;
2651         karg.parity_errors = -1;
2652         karg.select_timeouts = -1;
2653
2654         /* Get the target error parameters
2655          */
2656         hdr.PageVersion = 0;
2657         hdr.PageLength = 0;
2658         hdr.PageNumber = 3;
2659         hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2660
2661         cfg.cfghdr.hdr = &hdr;
2662         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2663         cfg.dir = 0;
2664         cfg.timeout = 0;
2665         cfg.physAddr = -1;
2666         if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2667                 /* Issue the second config page request */
2668                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2669                 data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2670                 pg3_alloc = (SCSIDevicePage3_t *) pci_alloc_consistent(
2671                                                         ioc->pcidev, data_sz, &page_dma);
2672                 if (pg3_alloc) {
2673                         cfg.physAddr = page_dma;
2674                         cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2675                         if ((rc = mpt_config(ioc, &cfg)) == 0) {
2676                                 karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2677                                 karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2678                                 karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2679                         }
2680                         pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg3_alloc, page_dma);
2681                 }
2682         }
2683         hd = shost_priv(ioc->sh);
2684         if (hd != NULL)
2685                 karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2686
2687         /* Copy the data from kernel memory to user memory
2688          */
2689         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2690                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hp_target_info - "
2691                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2692                         ioc->name, __FILE__, __LINE__, uarg);
2693                 return -EFAULT;
2694         }
2695
2696         return 0;
2697 }
2698
2699 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2700
2701 static const struct file_operations mptctl_fops = {
2702         .owner =        THIS_MODULE,
2703         .llseek =       no_llseek,
2704         .fasync =       mptctl_fasync,
2705         .unlocked_ioctl = mptctl_ioctl,
2706 #ifdef CONFIG_COMPAT
2707         .compat_ioctl = compat_mpctl_ioctl,
2708 #endif
2709 };
2710
2711 static struct miscdevice mptctl_miscdev = {
2712         MPT_MINOR,
2713         MYNAM,
2714         &mptctl_fops
2715 };
2716
2717 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2718
2719 #ifdef CONFIG_COMPAT
2720
2721 static int
2722 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2723                         unsigned long arg)
2724 {
2725         struct mpt_fw_xfer32 kfw32;
2726         struct mpt_fw_xfer kfw;
2727         MPT_ADAPTER *iocp = NULL;
2728         int iocnum, iocnumX;
2729         int nonblock = (filp->f_flags & O_NONBLOCK);
2730         int ret;
2731
2732
2733         if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2734                 return -EFAULT;
2735
2736         /* Verify intended MPT adapter */
2737         iocnumX = kfw32.iocnum & 0xFF;
2738         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2739             (iocp == NULL)) {
2740                 printk(KERN_DEBUG MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2741                         __LINE__, iocnumX);
2742                 return -ENODEV;
2743         }
2744
2745         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2746                 return ret;
2747
2748         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mptfwxfer_ioctl() called\n",
2749             iocp->name));
2750         kfw.iocnum = iocnum;
2751         kfw.fwlen = kfw32.fwlen;
2752         kfw.bufp = compat_ptr(kfw32.bufp);
2753
2754         ret = mptctl_do_fw_download(kfw.iocnum, kfw.bufp, kfw.fwlen);
2755
2756         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2757
2758         return ret;
2759 }
2760
2761 static int
2762 compat_mpt_command(struct file *filp, unsigned int cmd,
2763                         unsigned long arg)
2764 {
2765         struct mpt_ioctl_command32 karg32;
2766         struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2767         struct mpt_ioctl_command karg;
2768         MPT_ADAPTER *iocp = NULL;
2769         int iocnum, iocnumX;
2770         int nonblock = (filp->f_flags & O_NONBLOCK);
2771         int ret;
2772
2773         if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2774                 return -EFAULT;
2775
2776         /* Verify intended MPT adapter */
2777         iocnumX = karg32.hdr.iocnum & 0xFF;
2778         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2779             (iocp == NULL)) {
2780                 printk(KERN_DEBUG MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2781                         __LINE__, iocnumX);
2782                 return -ENODEV;
2783         }
2784
2785         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2786                 return ret;
2787
2788         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mpt_command() called\n",
2789             iocp->name));
2790         /* Copy data to karg */
2791         karg.hdr.iocnum = karg32.hdr.iocnum;
2792         karg.hdr.port = karg32.hdr.port;
2793         karg.timeout = karg32.timeout;
2794         karg.maxReplyBytes = karg32.maxReplyBytes;
2795
2796         karg.dataInSize = karg32.dataInSize;
2797         karg.dataOutSize = karg32.dataOutSize;
2798         karg.maxSenseBytes = karg32.maxSenseBytes;
2799         karg.dataSgeOffset = karg32.dataSgeOffset;
2800
2801         karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2802         karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2803         karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2804         karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2805
2806         /* Pass new structure to do_mpt_command
2807          */
2808         ret = mptctl_do_mpt_command (karg, &uarg->MF);
2809
2810         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2811
2812         return ret;
2813 }
2814
2815 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2816 {
2817         long ret;
2818         lock_kernel();
2819         switch (cmd) {
2820         case MPTIOCINFO:
2821         case MPTIOCINFO1:
2822         case MPTIOCINFO2:
2823         case MPTTARGETINFO:
2824         case MPTEVENTQUERY:
2825         case MPTEVENTENABLE:
2826         case MPTEVENTREPORT:
2827         case MPTHARDRESET:
2828         case HP_GETHOSTINFO:
2829         case HP_GETTARGETINFO:
2830         case MPTTEST:
2831                 ret = __mptctl_ioctl(f, cmd, arg);
2832                 break;
2833         case MPTCOMMAND32:
2834                 ret = compat_mpt_command(f, cmd, arg);
2835                 break;
2836         case MPTFWDOWNLOAD32:
2837                 ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2838                 break;
2839         default:
2840                 ret = -ENOIOCTLCMD;
2841                 break;
2842         }
2843         unlock_kernel();
2844         return ret;
2845 }
2846
2847 #endif
2848
2849
2850 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2851 /*
2852  *      mptctl_probe - Installs ioctl devices per bus.
2853  *      @pdev: Pointer to pci_dev structure
2854  *
2855  *      Returns 0 for success, non-zero for failure.
2856  *
2857  */
2858
2859 static int
2860 mptctl_probe(struct pci_dev *pdev, const struct pci_device_id *id)
2861 {
2862         MPT_IOCTL *mem;
2863         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2864
2865         /*
2866          * Allocate and inite a MPT_IOCTL structure
2867         */
2868         mem = kzalloc(sizeof(MPT_IOCTL), GFP_KERNEL);
2869         if (!mem) {
2870                 mptctl_remove(pdev);
2871                 return -ENOMEM;
2872         }
2873
2874         ioc->ioctl = mem;
2875         ioc->ioctl->ioc = ioc;
2876         mutex_init(&ioc->ioctl->ioctl_mutex);
2877         return 0;
2878 }
2879
2880 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2881 /*
2882  *      mptctl_remove - Removed ioctl devices
2883  *      @pdev: Pointer to pci_dev structure
2884  *
2885  *
2886  */
2887 static void
2888 mptctl_remove(struct pci_dev *pdev)
2889 {
2890         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2891
2892         kfree ( ioc->ioctl );
2893 }
2894
2895 static struct mpt_pci_driver mptctl_driver = {
2896   .probe                = mptctl_probe,
2897   .remove               = mptctl_remove,
2898 };
2899
2900 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2901 static int __init mptctl_init(void)
2902 {
2903         int err;
2904         int where = 1;
2905
2906         show_mptmod_ver(my_NAME, my_VERSION);
2907
2908         mpt_device_driver_register(&mptctl_driver, MPTCTL_DRIVER);
2909
2910         /* Register this device */
2911         err = misc_register(&mptctl_miscdev);
2912         if (err < 0) {
2913                 printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
2914                 goto out_fail;
2915         }
2916         printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
2917         printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
2918                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2919
2920         /*
2921          *  Install our handler
2922          */
2923         ++where;
2924         mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER);
2925         if (!mptctl_id || mptctl_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2926                 printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2927                 misc_deregister(&mptctl_miscdev);
2928                 err = -EBUSY;
2929                 goto out_fail;
2930         }
2931
2932         mpt_reset_register(mptctl_id, mptctl_ioc_reset);
2933         mpt_event_register(mptctl_id, mptctl_event_process);
2934
2935         return 0;
2936
2937 out_fail:
2938
2939         mpt_device_driver_deregister(MPTCTL_DRIVER);
2940
2941         return err;
2942 }
2943
2944 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2945 static void mptctl_exit(void)
2946 {
2947         misc_deregister(&mptctl_miscdev);
2948         printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
2949                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2950
2951         /* De-register reset handler from base module */
2952         mpt_reset_deregister(mptctl_id);
2953
2954         /* De-register callback handler from base module */
2955         mpt_deregister(mptctl_id);
2956
2957         mpt_device_driver_deregister(MPTCTL_DRIVER);
2958
2959 }
2960
2961 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2962
2963 module_init(mptctl_init);
2964 module_exit(mptctl_exit);