[SCSI] fix BUG when sum(scatterlist) > bufflen
[linux-2.6] / drivers / scsi / scsi_lib.c
1 /*
2  *  scsi_lib.c Copyright (C) 1999 Eric Youngdale
3  *
4  *  SCSI queueing library.
5  *      Initial versions: Eric Youngdale (eric@andante.org).
6  *                        Based upon conversations with large numbers
7  *                        of people at Linux Expo.
8  */
9
10 #include <linux/bio.h>
11 #include <linux/bitops.h>
12 #include <linux/blkdev.h>
13 #include <linux/completion.h>
14 #include <linux/kernel.h>
15 #include <linux/mempool.h>
16 #include <linux/slab.h>
17 #include <linux/init.h>
18 #include <linux/pci.h>
19 #include <linux/delay.h>
20 #include <linux/hardirq.h>
21 #include <linux/scatterlist.h>
22
23 #include <scsi/scsi.h>
24 #include <scsi/scsi_cmnd.h>
25 #include <scsi/scsi_dbg.h>
26 #include <scsi/scsi_device.h>
27 #include <scsi/scsi_driver.h>
28 #include <scsi/scsi_eh.h>
29 #include <scsi/scsi_host.h>
30
31 #include "scsi_priv.h"
32 #include "scsi_logging.h"
33
34
35 #define SG_MEMPOOL_NR           ARRAY_SIZE(scsi_sg_pools)
36 #define SG_MEMPOOL_SIZE         2
37
38 struct scsi_host_sg_pool {
39         size_t          size;
40         char            *name;
41         struct kmem_cache       *slab;
42         mempool_t       *pool;
43 };
44
45 #define SP(x) { x, "sgpool-" __stringify(x) }
46 #if (SCSI_MAX_SG_SEGMENTS < 32)
47 #error SCSI_MAX_SG_SEGMENTS is too small (must be 32 or greater)
48 #endif
49 static struct scsi_host_sg_pool scsi_sg_pools[] = {
50         SP(8),
51         SP(16),
52 #if (SCSI_MAX_SG_SEGMENTS > 32)
53         SP(32),
54 #if (SCSI_MAX_SG_SEGMENTS > 64)
55         SP(64),
56 #if (SCSI_MAX_SG_SEGMENTS > 128)
57         SP(128),
58 #if (SCSI_MAX_SG_SEGMENTS > 256)
59 #error SCSI_MAX_SG_SEGMENTS is too large (256 MAX)
60 #endif
61 #endif
62 #endif
63 #endif
64         SP(SCSI_MAX_SG_SEGMENTS)
65 };
66 #undef SP
67
68 static struct kmem_cache *scsi_bidi_sdb_cache;
69
70 static void scsi_run_queue(struct request_queue *q);
71
72 /*
73  * Function:    scsi_unprep_request()
74  *
75  * Purpose:     Remove all preparation done for a request, including its
76  *              associated scsi_cmnd, so that it can be requeued.
77  *
78  * Arguments:   req     - request to unprepare
79  *
80  * Lock status: Assumed that no locks are held upon entry.
81  *
82  * Returns:     Nothing.
83  */
84 static void scsi_unprep_request(struct request *req)
85 {
86         struct scsi_cmnd *cmd = req->special;
87
88         req->cmd_flags &= ~REQ_DONTPREP;
89         req->special = NULL;
90
91         scsi_put_command(cmd);
92 }
93
94 /*
95  * Function:    scsi_queue_insert()
96  *
97  * Purpose:     Insert a command in the midlevel queue.
98  *
99  * Arguments:   cmd    - command that we are adding to queue.
100  *              reason - why we are inserting command to queue.
101  *
102  * Lock status: Assumed that lock is not held upon entry.
103  *
104  * Returns:     Nothing.
105  *
106  * Notes:       We do this for one of two cases.  Either the host is busy
107  *              and it cannot accept any more commands for the time being,
108  *              or the device returned QUEUE_FULL and can accept no more
109  *              commands.
110  * Notes:       This could be called either from an interrupt context or a
111  *              normal process context.
112  */
113 int scsi_queue_insert(struct scsi_cmnd *cmd, int reason)
114 {
115         struct Scsi_Host *host = cmd->device->host;
116         struct scsi_device *device = cmd->device;
117         struct request_queue *q = device->request_queue;
118         unsigned long flags;
119
120         SCSI_LOG_MLQUEUE(1,
121                  printk("Inserting command %p into mlqueue\n", cmd));
122
123         /*
124          * Set the appropriate busy bit for the device/host.
125          *
126          * If the host/device isn't busy, assume that something actually
127          * completed, and that we should be able to queue a command now.
128          *
129          * Note that the prior mid-layer assumption that any host could
130          * always queue at least one command is now broken.  The mid-layer
131          * will implement a user specifiable stall (see
132          * scsi_host.max_host_blocked and scsi_device.max_device_blocked)
133          * if a command is requeued with no other commands outstanding
134          * either for the device or for the host.
135          */
136         if (reason == SCSI_MLQUEUE_HOST_BUSY)
137                 host->host_blocked = host->max_host_blocked;
138         else if (reason == SCSI_MLQUEUE_DEVICE_BUSY)
139                 device->device_blocked = device->max_device_blocked;
140
141         /*
142          * Decrement the counters, since these commands are no longer
143          * active on the host/device.
144          */
145         scsi_device_unbusy(device);
146
147         /*
148          * Requeue this command.  It will go before all other commands
149          * that are already in the queue.
150          *
151          * NOTE: there is magic here about the way the queue is plugged if
152          * we have no outstanding commands.
153          * 
154          * Although we *don't* plug the queue, we call the request
155          * function.  The SCSI request function detects the blocked condition
156          * and plugs the queue appropriately.
157          */
158         spin_lock_irqsave(q->queue_lock, flags);
159         blk_requeue_request(q, cmd->request);
160         spin_unlock_irqrestore(q->queue_lock, flags);
161
162         scsi_run_queue(q);
163
164         return 0;
165 }
166
167 /**
168  * scsi_execute - insert request and wait for the result
169  * @sdev:       scsi device
170  * @cmd:        scsi command
171  * @data_direction: data direction
172  * @buffer:     data buffer
173  * @bufflen:    len of buffer
174  * @sense:      optional sense buffer
175  * @timeout:    request timeout in seconds
176  * @retries:    number of times to retry request
177  * @flags:      or into request flags;
178  *
179  * returns the req->errors value which is the scsi_cmnd result
180  * field.
181  */
182 int scsi_execute(struct scsi_device *sdev, const unsigned char *cmd,
183                  int data_direction, void *buffer, unsigned bufflen,
184                  unsigned char *sense, int timeout, int retries, int flags)
185 {
186         struct request *req;
187         int write = (data_direction == DMA_TO_DEVICE);
188         int ret = DRIVER_ERROR << 24;
189
190         req = blk_get_request(sdev->request_queue, write, __GFP_WAIT);
191
192         if (bufflen &&  blk_rq_map_kern(sdev->request_queue, req,
193                                         buffer, bufflen, __GFP_WAIT))
194                 goto out;
195
196         req->cmd_len = COMMAND_SIZE(cmd[0]);
197         memcpy(req->cmd, cmd, req->cmd_len);
198         req->sense = sense;
199         req->sense_len = 0;
200         req->retries = retries;
201         req->timeout = timeout;
202         req->cmd_type = REQ_TYPE_BLOCK_PC;
203         req->cmd_flags |= flags | REQ_QUIET | REQ_PREEMPT;
204
205         /*
206          * head injection *required* here otherwise quiesce won't work
207          */
208         blk_execute_rq(req->q, NULL, req, 1);
209
210         ret = req->errors;
211  out:
212         blk_put_request(req);
213
214         return ret;
215 }
216 EXPORT_SYMBOL(scsi_execute);
217
218
219 int scsi_execute_req(struct scsi_device *sdev, const unsigned char *cmd,
220                      int data_direction, void *buffer, unsigned bufflen,
221                      struct scsi_sense_hdr *sshdr, int timeout, int retries)
222 {
223         char *sense = NULL;
224         int result;
225         
226         if (sshdr) {
227                 sense = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_NOIO);
228                 if (!sense)
229                         return DRIVER_ERROR << 24;
230         }
231         result = scsi_execute(sdev, cmd, data_direction, buffer, bufflen,
232                               sense, timeout, retries, 0);
233         if (sshdr)
234                 scsi_normalize_sense(sense, SCSI_SENSE_BUFFERSIZE, sshdr);
235
236         kfree(sense);
237         return result;
238 }
239 EXPORT_SYMBOL(scsi_execute_req);
240
241 struct scsi_io_context {
242         void *data;
243         void (*done)(void *data, char *sense, int result, int resid);
244         char sense[SCSI_SENSE_BUFFERSIZE];
245 };
246
247 static struct kmem_cache *scsi_io_context_cache;
248
249 static void scsi_end_async(struct request *req, int uptodate)
250 {
251         struct scsi_io_context *sioc = req->end_io_data;
252
253         if (sioc->done)
254                 sioc->done(sioc->data, sioc->sense, req->errors, req->data_len);
255
256         kmem_cache_free(scsi_io_context_cache, sioc);
257         __blk_put_request(req->q, req);
258 }
259
260 static int scsi_merge_bio(struct request *rq, struct bio *bio)
261 {
262         struct request_queue *q = rq->q;
263
264         bio->bi_flags &= ~(1 << BIO_SEG_VALID);
265         if (rq_data_dir(rq) == WRITE)
266                 bio->bi_rw |= (1 << BIO_RW);
267         blk_queue_bounce(q, &bio);
268
269         return blk_rq_append_bio(q, rq, bio);
270 }
271
272 static void scsi_bi_endio(struct bio *bio, int error)
273 {
274         bio_put(bio);
275 }
276
277 /**
278  * scsi_req_map_sg - map a scatterlist into a request
279  * @rq:         request to fill
280  * @sgl:        scatterlist
281  * @nsegs:      number of elements
282  * @bufflen:    len of buffer
283  * @gfp:        memory allocation flags
284  *
285  * scsi_req_map_sg maps a scatterlist into a request so that the
286  * request can be sent to the block layer. We do not trust the scatterlist
287  * sent to use, as some ULDs use that struct to only organize the pages.
288  */
289 static int scsi_req_map_sg(struct request *rq, struct scatterlist *sgl,
290                            int nsegs, unsigned bufflen, gfp_t gfp)
291 {
292         struct request_queue *q = rq->q;
293         int nr_pages = (bufflen + sgl[0].offset + PAGE_SIZE - 1) >> PAGE_SHIFT;
294         unsigned int data_len = bufflen, len, bytes, off;
295         struct scatterlist *sg;
296         struct page *page;
297         struct bio *bio = NULL;
298         int i, err, nr_vecs = 0;
299
300         for_each_sg(sgl, sg, nsegs, i) {
301                 page = sg_page(sg);
302                 off = sg->offset;
303                 len = sg->length;
304
305                 while (len > 0 && data_len > 0) {
306                         /*
307                          * sg sends a scatterlist that is larger than
308                          * the data_len it wants transferred for certain
309                          * IO sizes
310                          */
311                         bytes = min_t(unsigned int, len, PAGE_SIZE - off);
312                         bytes = min(bytes, data_len);
313
314                         if (!bio) {
315                                 nr_vecs = min_t(int, BIO_MAX_PAGES, nr_pages);
316                                 nr_pages -= nr_vecs;
317
318                                 bio = bio_alloc(gfp, nr_vecs);
319                                 if (!bio) {
320                                         err = -ENOMEM;
321                                         goto free_bios;
322                                 }
323                                 bio->bi_end_io = scsi_bi_endio;
324                         }
325
326                         if (bio_add_pc_page(q, bio, page, bytes, off) !=
327                             bytes) {
328                                 bio_put(bio);
329                                 err = -EINVAL;
330                                 goto free_bios;
331                         }
332
333                         if (bio->bi_vcnt >= nr_vecs) {
334                                 err = scsi_merge_bio(rq, bio);
335                                 if (err) {
336                                         bio_endio(bio, 0);
337                                         goto free_bios;
338                                 }
339                                 bio = NULL;
340                         }
341
342                         page++;
343                         len -= bytes;
344                         data_len -=bytes;
345                         off = 0;
346                 }
347         }
348
349         rq->buffer = rq->data = NULL;
350         rq->data_len = bufflen;
351         return 0;
352
353 free_bios:
354         while ((bio = rq->bio) != NULL) {
355                 rq->bio = bio->bi_next;
356                 /*
357                  * call endio instead of bio_put incase it was bounced
358                  */
359                 bio_endio(bio, 0);
360         }
361
362         return err;
363 }
364
365 /**
366  * scsi_execute_async - insert request
367  * @sdev:       scsi device
368  * @cmd:        scsi command
369  * @cmd_len:    length of scsi cdb
370  * @data_direction: DMA_TO_DEVICE, DMA_FROM_DEVICE, or DMA_NONE
371  * @buffer:     data buffer (this can be a kernel buffer or scatterlist)
372  * @bufflen:    len of buffer
373  * @use_sg:     if buffer is a scatterlist this is the number of elements
374  * @timeout:    request timeout in seconds
375  * @retries:    number of times to retry request
376  * @privdata:   data passed to done()
377  * @done:       callback function when done
378  * @gfp:        memory allocation flags
379  */
380 int scsi_execute_async(struct scsi_device *sdev, const unsigned char *cmd,
381                        int cmd_len, int data_direction, void *buffer, unsigned bufflen,
382                        int use_sg, int timeout, int retries, void *privdata,
383                        void (*done)(void *, char *, int, int), gfp_t gfp)
384 {
385         struct request *req;
386         struct scsi_io_context *sioc;
387         int err = 0;
388         int write = (data_direction == DMA_TO_DEVICE);
389
390         sioc = kmem_cache_zalloc(scsi_io_context_cache, gfp);
391         if (!sioc)
392                 return DRIVER_ERROR << 24;
393
394         req = blk_get_request(sdev->request_queue, write, gfp);
395         if (!req)
396                 goto free_sense;
397         req->cmd_type = REQ_TYPE_BLOCK_PC;
398         req->cmd_flags |= REQ_QUIET;
399
400         if (use_sg)
401                 err = scsi_req_map_sg(req, buffer, use_sg, bufflen, gfp);
402         else if (bufflen)
403                 err = blk_rq_map_kern(req->q, req, buffer, bufflen, gfp);
404
405         if (err)
406                 goto free_req;
407
408         req->cmd_len = cmd_len;
409         memset(req->cmd, 0, BLK_MAX_CDB); /* ATAPI hates garbage after CDB */
410         memcpy(req->cmd, cmd, req->cmd_len);
411         req->sense = sioc->sense;
412         req->sense_len = 0;
413         req->timeout = timeout;
414         req->retries = retries;
415         req->end_io_data = sioc;
416
417         sioc->data = privdata;
418         sioc->done = done;
419
420         blk_execute_rq_nowait(req->q, NULL, req, 1, scsi_end_async);
421         return 0;
422
423 free_req:
424         blk_put_request(req);
425 free_sense:
426         kmem_cache_free(scsi_io_context_cache, sioc);
427         return DRIVER_ERROR << 24;
428 }
429 EXPORT_SYMBOL_GPL(scsi_execute_async);
430
431 /*
432  * Function:    scsi_init_cmd_errh()
433  *
434  * Purpose:     Initialize cmd fields related to error handling.
435  *
436  * Arguments:   cmd     - command that is ready to be queued.
437  *
438  * Notes:       This function has the job of initializing a number of
439  *              fields related to error handling.   Typically this will
440  *              be called once for each command, as required.
441  */
442 static void scsi_init_cmd_errh(struct scsi_cmnd *cmd)
443 {
444         cmd->serial_number = 0;
445         scsi_set_resid(cmd, 0);
446         memset(cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
447         if (cmd->cmd_len == 0)
448                 cmd->cmd_len = COMMAND_SIZE(cmd->cmnd[0]);
449 }
450
451 void scsi_device_unbusy(struct scsi_device *sdev)
452 {
453         struct Scsi_Host *shost = sdev->host;
454         unsigned long flags;
455
456         spin_lock_irqsave(shost->host_lock, flags);
457         shost->host_busy--;
458         if (unlikely(scsi_host_in_recovery(shost) &&
459                      (shost->host_failed || shost->host_eh_scheduled)))
460                 scsi_eh_wakeup(shost);
461         spin_unlock(shost->host_lock);
462         spin_lock(sdev->request_queue->queue_lock);
463         sdev->device_busy--;
464         spin_unlock_irqrestore(sdev->request_queue->queue_lock, flags);
465 }
466
467 /*
468  * Called for single_lun devices on IO completion. Clear starget_sdev_user,
469  * and call blk_run_queue for all the scsi_devices on the target -
470  * including current_sdev first.
471  *
472  * Called with *no* scsi locks held.
473  */
474 static void scsi_single_lun_run(struct scsi_device *current_sdev)
475 {
476         struct Scsi_Host *shost = current_sdev->host;
477         struct scsi_device *sdev, *tmp;
478         struct scsi_target *starget = scsi_target(current_sdev);
479         unsigned long flags;
480
481         spin_lock_irqsave(shost->host_lock, flags);
482         starget->starget_sdev_user = NULL;
483         spin_unlock_irqrestore(shost->host_lock, flags);
484
485         /*
486          * Call blk_run_queue for all LUNs on the target, starting with
487          * current_sdev. We race with others (to set starget_sdev_user),
488          * but in most cases, we will be first. Ideally, each LU on the
489          * target would get some limited time or requests on the target.
490          */
491         blk_run_queue(current_sdev->request_queue);
492
493         spin_lock_irqsave(shost->host_lock, flags);
494         if (starget->starget_sdev_user)
495                 goto out;
496         list_for_each_entry_safe(sdev, tmp, &starget->devices,
497                         same_target_siblings) {
498                 if (sdev == current_sdev)
499                         continue;
500                 if (scsi_device_get(sdev))
501                         continue;
502
503                 spin_unlock_irqrestore(shost->host_lock, flags);
504                 blk_run_queue(sdev->request_queue);
505                 spin_lock_irqsave(shost->host_lock, flags);
506         
507                 scsi_device_put(sdev);
508         }
509  out:
510         spin_unlock_irqrestore(shost->host_lock, flags);
511 }
512
513 /*
514  * Function:    scsi_run_queue()
515  *
516  * Purpose:     Select a proper request queue to serve next
517  *
518  * Arguments:   q       - last request's queue
519  *
520  * Returns:     Nothing
521  *
522  * Notes:       The previous command was completely finished, start
523  *              a new one if possible.
524  */
525 static void scsi_run_queue(struct request_queue *q)
526 {
527         struct scsi_device *sdev = q->queuedata;
528         struct Scsi_Host *shost = sdev->host;
529         unsigned long flags;
530
531         if (scsi_target(sdev)->single_lun)
532                 scsi_single_lun_run(sdev);
533
534         spin_lock_irqsave(shost->host_lock, flags);
535         while (!list_empty(&shost->starved_list) &&
536                !shost->host_blocked && !shost->host_self_blocked &&
537                 !((shost->can_queue > 0) &&
538                   (shost->host_busy >= shost->can_queue))) {
539                 /*
540                  * As long as shost is accepting commands and we have
541                  * starved queues, call blk_run_queue. scsi_request_fn
542                  * drops the queue_lock and can add us back to the
543                  * starved_list.
544                  *
545                  * host_lock protects the starved_list and starved_entry.
546                  * scsi_request_fn must get the host_lock before checking
547                  * or modifying starved_list or starved_entry.
548                  */
549                 sdev = list_entry(shost->starved_list.next,
550                                           struct scsi_device, starved_entry);
551                 list_del_init(&sdev->starved_entry);
552                 spin_unlock_irqrestore(shost->host_lock, flags);
553
554
555                 if (test_bit(QUEUE_FLAG_REENTER, &q->queue_flags) &&
556                     !test_and_set_bit(QUEUE_FLAG_REENTER,
557                                       &sdev->request_queue->queue_flags)) {
558                         blk_run_queue(sdev->request_queue);
559                         clear_bit(QUEUE_FLAG_REENTER,
560                                   &sdev->request_queue->queue_flags);
561                 } else
562                         blk_run_queue(sdev->request_queue);
563
564                 spin_lock_irqsave(shost->host_lock, flags);
565                 if (unlikely(!list_empty(&sdev->starved_entry)))
566                         /*
567                          * sdev lost a race, and was put back on the
568                          * starved list. This is unlikely but without this
569                          * in theory we could loop forever.
570                          */
571                         break;
572         }
573         spin_unlock_irqrestore(shost->host_lock, flags);
574
575         blk_run_queue(q);
576 }
577
578 /*
579  * Function:    scsi_requeue_command()
580  *
581  * Purpose:     Handle post-processing of completed commands.
582  *
583  * Arguments:   q       - queue to operate on
584  *              cmd     - command that may need to be requeued.
585  *
586  * Returns:     Nothing
587  *
588  * Notes:       After command completion, there may be blocks left
589  *              over which weren't finished by the previous command
590  *              this can be for a number of reasons - the main one is
591  *              I/O errors in the middle of the request, in which case
592  *              we need to request the blocks that come after the bad
593  *              sector.
594  * Notes:       Upon return, cmd is a stale pointer.
595  */
596 static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd)
597 {
598         struct request *req = cmd->request;
599         unsigned long flags;
600
601         scsi_unprep_request(req);
602         spin_lock_irqsave(q->queue_lock, flags);
603         blk_requeue_request(q, req);
604         spin_unlock_irqrestore(q->queue_lock, flags);
605
606         scsi_run_queue(q);
607 }
608
609 void scsi_next_command(struct scsi_cmnd *cmd)
610 {
611         struct scsi_device *sdev = cmd->device;
612         struct request_queue *q = sdev->request_queue;
613
614         /* need to hold a reference on the device before we let go of the cmd */
615         get_device(&sdev->sdev_gendev);
616
617         scsi_put_command(cmd);
618         scsi_run_queue(q);
619
620         /* ok to remove device now */
621         put_device(&sdev->sdev_gendev);
622 }
623
624 void scsi_run_host_queues(struct Scsi_Host *shost)
625 {
626         struct scsi_device *sdev;
627
628         shost_for_each_device(sdev, shost)
629                 scsi_run_queue(sdev->request_queue);
630 }
631
632 /*
633  * Function:    scsi_end_request()
634  *
635  * Purpose:     Post-processing of completed commands (usually invoked at end
636  *              of upper level post-processing and scsi_io_completion).
637  *
638  * Arguments:   cmd      - command that is complete.
639  *              error    - 0 if I/O indicates success, < 0 for I/O error.
640  *              bytes    - number of bytes of completed I/O
641  *              requeue  - indicates whether we should requeue leftovers.
642  *
643  * Lock status: Assumed that lock is not held upon entry.
644  *
645  * Returns:     cmd if requeue required, NULL otherwise.
646  *
647  * Notes:       This is called for block device requests in order to
648  *              mark some number of sectors as complete.
649  * 
650  *              We are guaranteeing that the request queue will be goosed
651  *              at some point during this call.
652  * Notes:       If cmd was requeued, upon return it will be a stale pointer.
653  */
654 static struct scsi_cmnd *scsi_end_request(struct scsi_cmnd *cmd, int error,
655                                           int bytes, int requeue)
656 {
657         struct request_queue *q = cmd->device->request_queue;
658         struct request *req = cmd->request;
659
660         /*
661          * If there are blocks left over at the end, set up the command
662          * to queue the remainder of them.
663          */
664         if (blk_end_request(req, error, bytes)) {
665                 int leftover = (req->hard_nr_sectors << 9);
666
667                 if (blk_pc_request(req))
668                         leftover = req->data_len;
669
670                 /* kill remainder if no retrys */
671                 if (error && blk_noretry_request(req))
672                         blk_end_request(req, error, leftover);
673                 else {
674                         if (requeue) {
675                                 /*
676                                  * Bleah.  Leftovers again.  Stick the
677                                  * leftovers in the front of the
678                                  * queue, and goose the queue again.
679                                  */
680                                 scsi_requeue_command(q, cmd);
681                                 cmd = NULL;
682                         }
683                         return cmd;
684                 }
685         }
686
687         /*
688          * This will goose the queue request function at the end, so we don't
689          * need to worry about launching another command.
690          */
691         scsi_next_command(cmd);
692         return NULL;
693 }
694
695 static inline unsigned int scsi_sgtable_index(unsigned short nents)
696 {
697         unsigned int index;
698
699         BUG_ON(nents > SCSI_MAX_SG_SEGMENTS);
700
701         if (nents <= 8)
702                 index = 0;
703         else
704                 index = get_count_order(nents) - 3;
705
706         return index;
707 }
708
709 static void scsi_sg_free(struct scatterlist *sgl, unsigned int nents)
710 {
711         struct scsi_host_sg_pool *sgp;
712
713         sgp = scsi_sg_pools + scsi_sgtable_index(nents);
714         mempool_free(sgl, sgp->pool);
715 }
716
717 static struct scatterlist *scsi_sg_alloc(unsigned int nents, gfp_t gfp_mask)
718 {
719         struct scsi_host_sg_pool *sgp;
720
721         sgp = scsi_sg_pools + scsi_sgtable_index(nents);
722         return mempool_alloc(sgp->pool, gfp_mask);
723 }
724
725 static int scsi_alloc_sgtable(struct scsi_data_buffer *sdb, int nents,
726                               gfp_t gfp_mask)
727 {
728         int ret;
729
730         BUG_ON(!nents);
731
732         ret = __sg_alloc_table(&sdb->table, nents, SCSI_MAX_SG_SEGMENTS,
733                                gfp_mask, scsi_sg_alloc);
734         if (unlikely(ret))
735                 __sg_free_table(&sdb->table, SCSI_MAX_SG_SEGMENTS,
736                                 scsi_sg_free);
737
738         return ret;
739 }
740
741 static void scsi_free_sgtable(struct scsi_data_buffer *sdb)
742 {
743         __sg_free_table(&sdb->table, SCSI_MAX_SG_SEGMENTS, scsi_sg_free);
744 }
745
746 /*
747  * Function:    scsi_release_buffers()
748  *
749  * Purpose:     Completion processing for block device I/O requests.
750  *
751  * Arguments:   cmd     - command that we are bailing.
752  *
753  * Lock status: Assumed that no lock is held upon entry.
754  *
755  * Returns:     Nothing
756  *
757  * Notes:       In the event that an upper level driver rejects a
758  *              command, we must release resources allocated during
759  *              the __init_io() function.  Primarily this would involve
760  *              the scatter-gather table, and potentially any bounce
761  *              buffers.
762  */
763 void scsi_release_buffers(struct scsi_cmnd *cmd)
764 {
765         if (cmd->sdb.table.nents)
766                 scsi_free_sgtable(&cmd->sdb);
767
768         memset(&cmd->sdb, 0, sizeof(cmd->sdb));
769
770         if (scsi_bidi_cmnd(cmd)) {
771                 struct scsi_data_buffer *bidi_sdb =
772                         cmd->request->next_rq->special;
773                 scsi_free_sgtable(bidi_sdb);
774                 kmem_cache_free(scsi_bidi_sdb_cache, bidi_sdb);
775                 cmd->request->next_rq->special = NULL;
776         }
777 }
778 EXPORT_SYMBOL(scsi_release_buffers);
779
780 /*
781  * Bidi commands Must be complete as a whole, both sides at once.
782  * If part of the bytes were written and lld returned
783  * scsi_in()->resid and/or scsi_out()->resid this information will be left
784  * in req->data_len and req->next_rq->data_len. The upper-layer driver can
785  * decide what to do with this information.
786  */
787 void scsi_end_bidi_request(struct scsi_cmnd *cmd)
788 {
789         struct request *req = cmd->request;
790         unsigned int dlen = req->data_len;
791         unsigned int next_dlen = req->next_rq->data_len;
792
793         req->data_len = scsi_out(cmd)->resid;
794         req->next_rq->data_len = scsi_in(cmd)->resid;
795
796         /* The req and req->next_rq have not been completed */
797         BUG_ON(blk_end_bidi_request(req, 0, dlen, next_dlen));
798
799         scsi_release_buffers(cmd);
800
801         /*
802          * This will goose the queue request function at the end, so we don't
803          * need to worry about launching another command.
804          */
805         scsi_next_command(cmd);
806 }
807
808 /*
809  * Function:    scsi_io_completion()
810  *
811  * Purpose:     Completion processing for block device I/O requests.
812  *
813  * Arguments:   cmd   - command that is finished.
814  *
815  * Lock status: Assumed that no lock is held upon entry.
816  *
817  * Returns:     Nothing
818  *
819  * Notes:       This function is matched in terms of capabilities to
820  *              the function that created the scatter-gather list.
821  *              In other words, if there are no bounce buffers
822  *              (the normal case for most drivers), we don't need
823  *              the logic to deal with cleaning up afterwards.
824  *
825  *              We must do one of several things here:
826  *
827  *              a) Call scsi_end_request.  This will finish off the
828  *                 specified number of sectors.  If we are done, the
829  *                 command block will be released, and the queue
830  *                 function will be goosed.  If we are not done, then
831  *                 scsi_end_request will directly goose the queue.
832  *
833  *              b) We can just use scsi_requeue_command() here.  This would
834  *                 be used if we just wanted to retry, for example.
835  */
836 void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
837 {
838         int result = cmd->result;
839         int this_count = scsi_bufflen(cmd);
840         struct request_queue *q = cmd->device->request_queue;
841         struct request *req = cmd->request;
842         int clear_errors = 1;
843         struct scsi_sense_hdr sshdr;
844         int sense_valid = 0;
845         int sense_deferred = 0;
846
847         if (result) {
848                 sense_valid = scsi_command_normalize_sense(cmd, &sshdr);
849                 if (sense_valid)
850                         sense_deferred = scsi_sense_is_deferred(&sshdr);
851         }
852
853         if (blk_pc_request(req)) { /* SG_IO ioctl from block level */
854                 req->errors = result;
855                 if (result) {
856                         clear_errors = 0;
857                         if (sense_valid && req->sense) {
858                                 /*
859                                  * SG_IO wants current and deferred errors
860                                  */
861                                 int len = 8 + cmd->sense_buffer[7];
862
863                                 if (len > SCSI_SENSE_BUFFERSIZE)
864                                         len = SCSI_SENSE_BUFFERSIZE;
865                                 memcpy(req->sense, cmd->sense_buffer,  len);
866                                 req->sense_len = len;
867                         }
868                 }
869                 if (scsi_bidi_cmnd(cmd)) {
870                         /* will also release_buffers */
871                         scsi_end_bidi_request(cmd);
872                         return;
873                 }
874                 req->data_len = scsi_get_resid(cmd);
875         }
876
877         BUG_ON(blk_bidi_rq(req)); /* bidi not support for !blk_pc_request yet */
878         scsi_release_buffers(cmd);
879
880         /*
881          * Next deal with any sectors which we were able to correctly
882          * handle.
883          */
884         SCSI_LOG_HLCOMPLETE(1, printk("%ld sectors total, "
885                                       "%d bytes done.\n",
886                                       req->nr_sectors, good_bytes));
887
888         if (clear_errors)
889                 req->errors = 0;
890
891         /* A number of bytes were successfully read.  If there
892          * are leftovers and there is some kind of error
893          * (result != 0), retry the rest.
894          */
895         if (scsi_end_request(cmd, 0, good_bytes, result == 0) == NULL)
896                 return;
897
898         /* good_bytes = 0, or (inclusive) there were leftovers and
899          * result = 0, so scsi_end_request couldn't retry.
900          */
901         if (sense_valid && !sense_deferred) {
902                 switch (sshdr.sense_key) {
903                 case UNIT_ATTENTION:
904                         if (cmd->device->removable) {
905                                 /* Detected disc change.  Set a bit
906                                  * and quietly refuse further access.
907                                  */
908                                 cmd->device->changed = 1;
909                                 scsi_end_request(cmd, -EIO, this_count, 1);
910                                 return;
911                         } else {
912                                 /* Must have been a power glitch, or a
913                                  * bus reset.  Could not have been a
914                                  * media change, so we just retry the
915                                  * request and see what happens.
916                                  */
917                                 scsi_requeue_command(q, cmd);
918                                 return;
919                         }
920                         break;
921                 case ILLEGAL_REQUEST:
922                         /* If we had an ILLEGAL REQUEST returned, then
923                          * we may have performed an unsupported
924                          * command.  The only thing this should be
925                          * would be a ten byte read where only a six
926                          * byte read was supported.  Also, on a system
927                          * where READ CAPACITY failed, we may have
928                          * read past the end of the disk.
929                          */
930                         if ((cmd->device->use_10_for_rw &&
931                             sshdr.asc == 0x20 && sshdr.ascq == 0x00) &&
932                             (cmd->cmnd[0] == READ_10 ||
933                              cmd->cmnd[0] == WRITE_10)) {
934                                 cmd->device->use_10_for_rw = 0;
935                                 /* This will cause a retry with a
936                                  * 6-byte command.
937                                  */
938                                 scsi_requeue_command(q, cmd);
939                                 return;
940                         } else {
941                                 scsi_end_request(cmd, -EIO, this_count, 1);
942                                 return;
943                         }
944                         break;
945                 case NOT_READY:
946                         /* If the device is in the process of becoming
947                          * ready, or has a temporary blockage, retry.
948                          */
949                         if (sshdr.asc == 0x04) {
950                                 switch (sshdr.ascq) {
951                                 case 0x01: /* becoming ready */
952                                 case 0x04: /* format in progress */
953                                 case 0x05: /* rebuild in progress */
954                                 case 0x06: /* recalculation in progress */
955                                 case 0x07: /* operation in progress */
956                                 case 0x08: /* Long write in progress */
957                                 case 0x09: /* self test in progress */
958                                         scsi_requeue_command(q, cmd);
959                                         return;
960                                 default:
961                                         break;
962                                 }
963                         }
964                         if (!(req->cmd_flags & REQ_QUIET))
965                                 scsi_cmd_print_sense_hdr(cmd,
966                                                          "Device not ready",
967                                                          &sshdr);
968
969                         scsi_end_request(cmd, -EIO, this_count, 1);
970                         return;
971                 case VOLUME_OVERFLOW:
972                         if (!(req->cmd_flags & REQ_QUIET)) {
973                                 scmd_printk(KERN_INFO, cmd,
974                                             "Volume overflow, CDB: ");
975                                 __scsi_print_command(cmd->cmnd);
976                                 scsi_print_sense("", cmd);
977                         }
978                         /* See SSC3rXX or current. */
979                         scsi_end_request(cmd, -EIO, this_count, 1);
980                         return;
981                 default:
982                         break;
983                 }
984         }
985         if (host_byte(result) == DID_RESET) {
986                 /* Third party bus reset or reset for error recovery
987                  * reasons.  Just retry the request and see what
988                  * happens.
989                  */
990                 scsi_requeue_command(q, cmd);
991                 return;
992         }
993         if (result) {
994                 if (!(req->cmd_flags & REQ_QUIET)) {
995                         scsi_print_result(cmd);
996                         if (driver_byte(result) & DRIVER_SENSE)
997                                 scsi_print_sense("", cmd);
998                 }
999         }
1000         scsi_end_request(cmd, -EIO, this_count, !result);
1001 }
1002
1003 static int scsi_init_sgtable(struct request *req, struct scsi_data_buffer *sdb,
1004                              gfp_t gfp_mask)
1005 {
1006         int count;
1007
1008         /*
1009          * If sg table allocation fails, requeue request later.
1010          */
1011         if (unlikely(scsi_alloc_sgtable(sdb, req->nr_phys_segments,
1012                                         gfp_mask))) {
1013                 return BLKPREP_DEFER;
1014         }
1015
1016         req->buffer = NULL;
1017         if (blk_pc_request(req))
1018                 sdb->length = req->data_len;
1019         else
1020                 sdb->length = req->nr_sectors << 9;
1021
1022         /* 
1023          * Next, walk the list, and fill in the addresses and sizes of
1024          * each segment.
1025          */
1026         count = blk_rq_map_sg(req->q, req, sdb->table.sgl);
1027         BUG_ON(count > sdb->table.nents);
1028         sdb->table.nents = count;
1029         return BLKPREP_OK;
1030 }
1031
1032 /*
1033  * Function:    scsi_init_io()
1034  *
1035  * Purpose:     SCSI I/O initialize function.
1036  *
1037  * Arguments:   cmd   - Command descriptor we wish to initialize
1038  *
1039  * Returns:     0 on success
1040  *              BLKPREP_DEFER if the failure is retryable
1041  *              BLKPREP_KILL if the failure is fatal
1042  */
1043 int scsi_init_io(struct scsi_cmnd *cmd, gfp_t gfp_mask)
1044 {
1045         int error = scsi_init_sgtable(cmd->request, &cmd->sdb, gfp_mask);
1046         if (error)
1047                 goto err_exit;
1048
1049         if (blk_bidi_rq(cmd->request)) {
1050                 struct scsi_data_buffer *bidi_sdb = kmem_cache_zalloc(
1051                         scsi_bidi_sdb_cache, GFP_ATOMIC);
1052                 if (!bidi_sdb) {
1053                         error = BLKPREP_DEFER;
1054                         goto err_exit;
1055                 }
1056
1057                 cmd->request->next_rq->special = bidi_sdb;
1058                 error = scsi_init_sgtable(cmd->request->next_rq, bidi_sdb,
1059                                                                     GFP_ATOMIC);
1060                 if (error)
1061                         goto err_exit;
1062         }
1063
1064         return BLKPREP_OK ;
1065
1066 err_exit:
1067         scsi_release_buffers(cmd);
1068         if (error == BLKPREP_KILL)
1069                 scsi_put_command(cmd);
1070         else /* BLKPREP_DEFER */
1071                 scsi_unprep_request(cmd->request);
1072
1073         return error;
1074 }
1075 EXPORT_SYMBOL(scsi_init_io);
1076
1077 static struct scsi_cmnd *scsi_get_cmd_from_req(struct scsi_device *sdev,
1078                 struct request *req)
1079 {
1080         struct scsi_cmnd *cmd;
1081
1082         if (!req->special) {
1083                 cmd = scsi_get_command(sdev, GFP_ATOMIC);
1084                 if (unlikely(!cmd))
1085                         return NULL;
1086                 req->special = cmd;
1087         } else {
1088                 cmd = req->special;
1089         }
1090
1091         /* pull a tag out of the request if we have one */
1092         cmd->tag = req->tag;
1093         cmd->request = req;
1094
1095         return cmd;
1096 }
1097
1098 int scsi_setup_blk_pc_cmnd(struct scsi_device *sdev, struct request *req)
1099 {
1100         struct scsi_cmnd *cmd;
1101         int ret = scsi_prep_state_check(sdev, req);
1102
1103         if (ret != BLKPREP_OK)
1104                 return ret;
1105
1106         cmd = scsi_get_cmd_from_req(sdev, req);
1107         if (unlikely(!cmd))
1108                 return BLKPREP_DEFER;
1109
1110         /*
1111          * BLOCK_PC requests may transfer data, in which case they must
1112          * a bio attached to them.  Or they might contain a SCSI command
1113          * that does not transfer data, in which case they may optionally
1114          * submit a request without an attached bio.
1115          */
1116         if (req->bio) {
1117                 int ret;
1118
1119                 BUG_ON(!req->nr_phys_segments);
1120
1121                 ret = scsi_init_io(cmd, GFP_ATOMIC);
1122                 if (unlikely(ret))
1123                         return ret;
1124         } else {
1125                 BUG_ON(req->data_len);
1126                 BUG_ON(req->data);
1127
1128                 memset(&cmd->sdb, 0, sizeof(cmd->sdb));
1129                 req->buffer = NULL;
1130         }
1131
1132         BUILD_BUG_ON(sizeof(req->cmd) > sizeof(cmd->cmnd));
1133         memcpy(cmd->cmnd, req->cmd, sizeof(cmd->cmnd));
1134         cmd->cmd_len = req->cmd_len;
1135         if (!req->data_len)
1136                 cmd->sc_data_direction = DMA_NONE;
1137         else if (rq_data_dir(req) == WRITE)
1138                 cmd->sc_data_direction = DMA_TO_DEVICE;
1139         else
1140                 cmd->sc_data_direction = DMA_FROM_DEVICE;
1141         
1142         cmd->transfersize = req->data_len;
1143         cmd->allowed = req->retries;
1144         cmd->timeout_per_command = req->timeout;
1145         return BLKPREP_OK;
1146 }
1147 EXPORT_SYMBOL(scsi_setup_blk_pc_cmnd);
1148
1149 /*
1150  * Setup a REQ_TYPE_FS command.  These are simple read/write request
1151  * from filesystems that still need to be translated to SCSI CDBs from
1152  * the ULD.
1153  */
1154 int scsi_setup_fs_cmnd(struct scsi_device *sdev, struct request *req)
1155 {
1156         struct scsi_cmnd *cmd;
1157         int ret = scsi_prep_state_check(sdev, req);
1158
1159         if (ret != BLKPREP_OK)
1160                 return ret;
1161         /*
1162          * Filesystem requests must transfer data.
1163          */
1164         BUG_ON(!req->nr_phys_segments);
1165
1166         cmd = scsi_get_cmd_from_req(sdev, req);
1167         if (unlikely(!cmd))
1168                 return BLKPREP_DEFER;
1169
1170         return scsi_init_io(cmd, GFP_ATOMIC);
1171 }
1172 EXPORT_SYMBOL(scsi_setup_fs_cmnd);
1173
1174 int scsi_prep_state_check(struct scsi_device *sdev, struct request *req)
1175 {
1176         int ret = BLKPREP_OK;
1177
1178         /*
1179          * If the device is not in running state we will reject some
1180          * or all commands.
1181          */
1182         if (unlikely(sdev->sdev_state != SDEV_RUNNING)) {
1183                 switch (sdev->sdev_state) {
1184                 case SDEV_OFFLINE:
1185                         /*
1186                          * If the device is offline we refuse to process any
1187                          * commands.  The device must be brought online
1188                          * before trying any recovery commands.
1189                          */
1190                         sdev_printk(KERN_ERR, sdev,
1191                                     "rejecting I/O to offline device\n");
1192                         ret = BLKPREP_KILL;
1193                         break;
1194                 case SDEV_DEL:
1195                         /*
1196                          * If the device is fully deleted, we refuse to
1197                          * process any commands as well.
1198                          */
1199                         sdev_printk(KERN_ERR, sdev,
1200                                     "rejecting I/O to dead device\n");
1201                         ret = BLKPREP_KILL;
1202                         break;
1203                 case SDEV_QUIESCE:
1204                 case SDEV_BLOCK:
1205                         /*
1206                          * If the devices is blocked we defer normal commands.
1207                          */
1208                         if (!(req->cmd_flags & REQ_PREEMPT))
1209                                 ret = BLKPREP_DEFER;
1210                         break;
1211                 default:
1212                         /*
1213                          * For any other not fully online state we only allow
1214                          * special commands.  In particular any user initiated
1215                          * command is not allowed.
1216                          */
1217                         if (!(req->cmd_flags & REQ_PREEMPT))
1218                                 ret = BLKPREP_KILL;
1219                         break;
1220                 }
1221         }
1222         return ret;
1223 }
1224 EXPORT_SYMBOL(scsi_prep_state_check);
1225
1226 int scsi_prep_return(struct request_queue *q, struct request *req, int ret)
1227 {
1228         struct scsi_device *sdev = q->queuedata;
1229
1230         switch (ret) {
1231         case BLKPREP_KILL:
1232                 req->errors = DID_NO_CONNECT << 16;
1233                 /* release the command and kill it */
1234                 if (req->special) {
1235                         struct scsi_cmnd *cmd = req->special;
1236                         scsi_release_buffers(cmd);
1237                         scsi_put_command(cmd);
1238                         req->special = NULL;
1239                 }
1240                 break;
1241         case BLKPREP_DEFER:
1242                 /*
1243                  * If we defer, the elv_next_request() returns NULL, but the
1244                  * queue must be restarted, so we plug here if no returning
1245                  * command will automatically do that.
1246                  */
1247                 if (sdev->device_busy == 0)
1248                         blk_plug_device(q);
1249                 break;
1250         default:
1251                 req->cmd_flags |= REQ_DONTPREP;
1252         }
1253
1254         return ret;
1255 }
1256 EXPORT_SYMBOL(scsi_prep_return);
1257
1258 int scsi_prep_fn(struct request_queue *q, struct request *req)
1259 {
1260         struct scsi_device *sdev = q->queuedata;
1261         int ret = BLKPREP_KILL;
1262
1263         if (req->cmd_type == REQ_TYPE_BLOCK_PC)
1264                 ret = scsi_setup_blk_pc_cmnd(sdev, req);
1265         return scsi_prep_return(q, req, ret);
1266 }
1267
1268 /*
1269  * scsi_dev_queue_ready: if we can send requests to sdev, return 1 else
1270  * return 0.
1271  *
1272  * Called with the queue_lock held.
1273  */
1274 static inline int scsi_dev_queue_ready(struct request_queue *q,
1275                                   struct scsi_device *sdev)
1276 {
1277         if (sdev->device_busy >= sdev->queue_depth)
1278                 return 0;
1279         if (sdev->device_busy == 0 && sdev->device_blocked) {
1280                 /*
1281                  * unblock after device_blocked iterates to zero
1282                  */
1283                 if (--sdev->device_blocked == 0) {
1284                         SCSI_LOG_MLQUEUE(3,
1285                                    sdev_printk(KERN_INFO, sdev,
1286                                    "unblocking device at zero depth\n"));
1287                 } else {
1288                         blk_plug_device(q);
1289                         return 0;
1290                 }
1291         }
1292         if (sdev->device_blocked)
1293                 return 0;
1294
1295         return 1;
1296 }
1297
1298 /*
1299  * scsi_host_queue_ready: if we can send requests to shost, return 1 else
1300  * return 0. We must end up running the queue again whenever 0 is
1301  * returned, else IO can hang.
1302  *
1303  * Called with host_lock held.
1304  */
1305 static inline int scsi_host_queue_ready(struct request_queue *q,
1306                                    struct Scsi_Host *shost,
1307                                    struct scsi_device *sdev)
1308 {
1309         if (scsi_host_in_recovery(shost))
1310                 return 0;
1311         if (shost->host_busy == 0 && shost->host_blocked) {
1312                 /*
1313                  * unblock after host_blocked iterates to zero
1314                  */
1315                 if (--shost->host_blocked == 0) {
1316                         SCSI_LOG_MLQUEUE(3,
1317                                 printk("scsi%d unblocking host at zero depth\n",
1318                                         shost->host_no));
1319                 } else {
1320                         blk_plug_device(q);
1321                         return 0;
1322                 }
1323         }
1324         if ((shost->can_queue > 0 && shost->host_busy >= shost->can_queue) ||
1325             shost->host_blocked || shost->host_self_blocked) {
1326                 if (list_empty(&sdev->starved_entry))
1327                         list_add_tail(&sdev->starved_entry, &shost->starved_list);
1328                 return 0;
1329         }
1330
1331         /* We're OK to process the command, so we can't be starved */
1332         if (!list_empty(&sdev->starved_entry))
1333                 list_del_init(&sdev->starved_entry);
1334
1335         return 1;
1336 }
1337
1338 /*
1339  * Kill a request for a dead device
1340  */
1341 static void scsi_kill_request(struct request *req, struct request_queue *q)
1342 {
1343         struct scsi_cmnd *cmd = req->special;
1344         struct scsi_device *sdev = cmd->device;
1345         struct Scsi_Host *shost = sdev->host;
1346
1347         blkdev_dequeue_request(req);
1348
1349         if (unlikely(cmd == NULL)) {
1350                 printk(KERN_CRIT "impossible request in %s.\n",
1351                                  __FUNCTION__);
1352                 BUG();
1353         }
1354
1355         scsi_init_cmd_errh(cmd);
1356         cmd->result = DID_NO_CONNECT << 16;
1357         atomic_inc(&cmd->device->iorequest_cnt);
1358
1359         /*
1360          * SCSI request completion path will do scsi_device_unbusy(),
1361          * bump busy counts.  To bump the counters, we need to dance
1362          * with the locks as normal issue path does.
1363          */
1364         sdev->device_busy++;
1365         spin_unlock(sdev->request_queue->queue_lock);
1366         spin_lock(shost->host_lock);
1367         shost->host_busy++;
1368         spin_unlock(shost->host_lock);
1369         spin_lock(sdev->request_queue->queue_lock);
1370
1371         __scsi_done(cmd);
1372 }
1373
1374 static void scsi_softirq_done(struct request *rq)
1375 {
1376         struct scsi_cmnd *cmd = rq->completion_data;
1377         unsigned long wait_for = (cmd->allowed + 1) * cmd->timeout_per_command;
1378         int disposition;
1379
1380         INIT_LIST_HEAD(&cmd->eh_entry);
1381
1382         disposition = scsi_decide_disposition(cmd);
1383         if (disposition != SUCCESS &&
1384             time_before(cmd->jiffies_at_alloc + wait_for, jiffies)) {
1385                 sdev_printk(KERN_ERR, cmd->device,
1386                             "timing out command, waited %lus\n",
1387                             wait_for/HZ);
1388                 disposition = SUCCESS;
1389         }
1390                         
1391         scsi_log_completion(cmd, disposition);
1392
1393         switch (disposition) {
1394                 case SUCCESS:
1395                         scsi_finish_command(cmd);
1396                         break;
1397                 case NEEDS_RETRY:
1398                         scsi_queue_insert(cmd, SCSI_MLQUEUE_EH_RETRY);
1399                         break;
1400                 case ADD_TO_MLQUEUE:
1401                         scsi_queue_insert(cmd, SCSI_MLQUEUE_DEVICE_BUSY);
1402                         break;
1403                 default:
1404                         if (!scsi_eh_scmd_add(cmd, 0))
1405                                 scsi_finish_command(cmd);
1406         }
1407 }
1408
1409 /*
1410  * Function:    scsi_request_fn()
1411  *
1412  * Purpose:     Main strategy routine for SCSI.
1413  *
1414  * Arguments:   q       - Pointer to actual queue.
1415  *
1416  * Returns:     Nothing
1417  *
1418  * Lock status: IO request lock assumed to be held when called.
1419  */
1420 static void scsi_request_fn(struct request_queue *q)
1421 {
1422         struct scsi_device *sdev = q->queuedata;
1423         struct Scsi_Host *shost;
1424         struct scsi_cmnd *cmd;
1425         struct request *req;
1426
1427         if (!sdev) {
1428                 printk("scsi: killing requests for dead queue\n");
1429                 while ((req = elv_next_request(q)) != NULL)
1430                         scsi_kill_request(req, q);
1431                 return;
1432         }
1433
1434         if(!get_device(&sdev->sdev_gendev))
1435                 /* We must be tearing the block queue down already */
1436                 return;
1437
1438         /*
1439          * To start with, we keep looping until the queue is empty, or until
1440          * the host is no longer able to accept any more requests.
1441          */
1442         shost = sdev->host;
1443         while (!blk_queue_plugged(q)) {
1444                 int rtn;
1445                 /*
1446                  * get next queueable request.  We do this early to make sure
1447                  * that the request is fully prepared even if we cannot 
1448                  * accept it.
1449                  */
1450                 req = elv_next_request(q);
1451                 if (!req || !scsi_dev_queue_ready(q, sdev))
1452                         break;
1453
1454                 if (unlikely(!scsi_device_online(sdev))) {
1455                         sdev_printk(KERN_ERR, sdev,
1456                                     "rejecting I/O to offline device\n");
1457                         scsi_kill_request(req, q);
1458                         continue;
1459                 }
1460
1461
1462                 /*
1463                  * Remove the request from the request list.
1464                  */
1465                 if (!(blk_queue_tagged(q) && !blk_queue_start_tag(q, req)))
1466                         blkdev_dequeue_request(req);
1467                 sdev->device_busy++;
1468
1469                 spin_unlock(q->queue_lock);
1470                 cmd = req->special;
1471                 if (unlikely(cmd == NULL)) {
1472                         printk(KERN_CRIT "impossible request in %s.\n"
1473                                          "please mail a stack trace to "
1474                                          "linux-scsi@vger.kernel.org\n",
1475                                          __FUNCTION__);
1476                         blk_dump_rq_flags(req, "foo");
1477                         BUG();
1478                 }
1479                 spin_lock(shost->host_lock);
1480
1481                 if (!scsi_host_queue_ready(q, shost, sdev))
1482                         goto not_ready;
1483                 if (scsi_target(sdev)->single_lun) {
1484                         if (scsi_target(sdev)->starget_sdev_user &&
1485                             scsi_target(sdev)->starget_sdev_user != sdev)
1486                                 goto not_ready;
1487                         scsi_target(sdev)->starget_sdev_user = sdev;
1488                 }
1489                 shost->host_busy++;
1490
1491                 /*
1492                  * XXX(hch): This is rather suboptimal, scsi_dispatch_cmd will
1493                  *              take the lock again.
1494                  */
1495                 spin_unlock_irq(shost->host_lock);
1496
1497                 /*
1498                  * Finally, initialize any error handling parameters, and set up
1499                  * the timers for timeouts.
1500                  */
1501                 scsi_init_cmd_errh(cmd);
1502
1503                 /*
1504                  * Dispatch the command to the low-level driver.
1505                  */
1506                 rtn = scsi_dispatch_cmd(cmd);
1507                 spin_lock_irq(q->queue_lock);
1508                 if(rtn) {
1509                         /* we're refusing the command; because of
1510                          * the way locks get dropped, we need to 
1511                          * check here if plugging is required */
1512                         if(sdev->device_busy == 0)
1513                                 blk_plug_device(q);
1514
1515                         break;
1516                 }
1517         }
1518
1519         goto out;
1520
1521  not_ready:
1522         spin_unlock_irq(shost->host_lock);
1523
1524         /*
1525          * lock q, handle tag, requeue req, and decrement device_busy. We
1526          * must return with queue_lock held.
1527          *
1528          * Decrementing device_busy without checking it is OK, as all such
1529          * cases (host limits or settings) should run the queue at some
1530          * later time.
1531          */
1532         spin_lock_irq(q->queue_lock);
1533         blk_requeue_request(q, req);
1534         sdev->device_busy--;
1535         if(sdev->device_busy == 0)
1536                 blk_plug_device(q);
1537  out:
1538         /* must be careful here...if we trigger the ->remove() function
1539          * we cannot be holding the q lock */
1540         spin_unlock_irq(q->queue_lock);
1541         put_device(&sdev->sdev_gendev);
1542         spin_lock_irq(q->queue_lock);
1543 }
1544
1545 u64 scsi_calculate_bounce_limit(struct Scsi_Host *shost)
1546 {
1547         struct device *host_dev;
1548         u64 bounce_limit = 0xffffffff;
1549
1550         if (shost->unchecked_isa_dma)
1551                 return BLK_BOUNCE_ISA;
1552         /*
1553          * Platforms with virtual-DMA translation
1554          * hardware have no practical limit.
1555          */
1556         if (!PCI_DMA_BUS_IS_PHYS)
1557                 return BLK_BOUNCE_ANY;
1558
1559         host_dev = scsi_get_device(shost);
1560         if (host_dev && host_dev->dma_mask)
1561                 bounce_limit = *host_dev->dma_mask;
1562
1563         return bounce_limit;
1564 }
1565 EXPORT_SYMBOL(scsi_calculate_bounce_limit);
1566
1567 struct request_queue *__scsi_alloc_queue(struct Scsi_Host *shost,
1568                                          request_fn_proc *request_fn)
1569 {
1570         struct request_queue *q;
1571         struct device *dev = shost->shost_gendev.parent;
1572
1573         q = blk_init_queue(request_fn, NULL);
1574         if (!q)
1575                 return NULL;
1576
1577         /*
1578          * this limit is imposed by hardware restrictions
1579          */
1580         blk_queue_max_hw_segments(q, shost->sg_tablesize);
1581         blk_queue_max_phys_segments(q, SCSI_MAX_SG_CHAIN_SEGMENTS);
1582
1583         blk_queue_max_sectors(q, shost->max_sectors);
1584         blk_queue_bounce_limit(q, scsi_calculate_bounce_limit(shost));
1585         blk_queue_segment_boundary(q, shost->dma_boundary);
1586         dma_set_seg_boundary(dev, shost->dma_boundary);
1587
1588         blk_queue_max_segment_size(q, dma_get_max_seg_size(dev));
1589
1590         if (!shost->use_clustering)
1591                 clear_bit(QUEUE_FLAG_CLUSTER, &q->queue_flags);
1592
1593         /*
1594          * set a reasonable default alignment on word boundaries: the
1595          * host and device may alter it using
1596          * blk_queue_update_dma_alignment() later.
1597          */
1598         blk_queue_dma_alignment(q, 0x03);
1599
1600         return q;
1601 }
1602 EXPORT_SYMBOL(__scsi_alloc_queue);
1603
1604 struct request_queue *scsi_alloc_queue(struct scsi_device *sdev)
1605 {
1606         struct request_queue *q;
1607
1608         q = __scsi_alloc_queue(sdev->host, scsi_request_fn);
1609         if (!q)
1610                 return NULL;
1611
1612         blk_queue_prep_rq(q, scsi_prep_fn);
1613         blk_queue_softirq_done(q, scsi_softirq_done);
1614         return q;
1615 }
1616
1617 void scsi_free_queue(struct request_queue *q)
1618 {
1619         blk_cleanup_queue(q);
1620 }
1621
1622 /*
1623  * Function:    scsi_block_requests()
1624  *
1625  * Purpose:     Utility function used by low-level drivers to prevent further
1626  *              commands from being queued to the device.
1627  *
1628  * Arguments:   shost       - Host in question
1629  *
1630  * Returns:     Nothing
1631  *
1632  * Lock status: No locks are assumed held.
1633  *
1634  * Notes:       There is no timer nor any other means by which the requests
1635  *              get unblocked other than the low-level driver calling
1636  *              scsi_unblock_requests().
1637  */
1638 void scsi_block_requests(struct Scsi_Host *shost)
1639 {
1640         shost->host_self_blocked = 1;
1641 }
1642 EXPORT_SYMBOL(scsi_block_requests);
1643
1644 /*
1645  * Function:    scsi_unblock_requests()
1646  *
1647  * Purpose:     Utility function used by low-level drivers to allow further
1648  *              commands from being queued to the device.
1649  *
1650  * Arguments:   shost       - Host in question
1651  *
1652  * Returns:     Nothing
1653  *
1654  * Lock status: No locks are assumed held.
1655  *
1656  * Notes:       There is no timer nor any other means by which the requests
1657  *              get unblocked other than the low-level driver calling
1658  *              scsi_unblock_requests().
1659  *
1660  *              This is done as an API function so that changes to the
1661  *              internals of the scsi mid-layer won't require wholesale
1662  *              changes to drivers that use this feature.
1663  */
1664 void scsi_unblock_requests(struct Scsi_Host *shost)
1665 {
1666         shost->host_self_blocked = 0;
1667         scsi_run_host_queues(shost);
1668 }
1669 EXPORT_SYMBOL(scsi_unblock_requests);
1670
1671 int __init scsi_init_queue(void)
1672 {
1673         int i;
1674
1675         scsi_io_context_cache = kmem_cache_create("scsi_io_context",
1676                                         sizeof(struct scsi_io_context),
1677                                         0, 0, NULL);
1678         if (!scsi_io_context_cache) {
1679                 printk(KERN_ERR "SCSI: can't init scsi io context cache\n");
1680                 return -ENOMEM;
1681         }
1682
1683         scsi_bidi_sdb_cache = kmem_cache_create("scsi_bidi_sdb",
1684                                         sizeof(struct scsi_data_buffer),
1685                                         0, 0, NULL);
1686         if (!scsi_bidi_sdb_cache) {
1687                 printk(KERN_ERR "SCSI: can't init scsi bidi sdb cache\n");
1688                 goto cleanup_io_context;
1689         }
1690
1691         for (i = 0; i < SG_MEMPOOL_NR; i++) {
1692                 struct scsi_host_sg_pool *sgp = scsi_sg_pools + i;
1693                 int size = sgp->size * sizeof(struct scatterlist);
1694
1695                 sgp->slab = kmem_cache_create(sgp->name, size, 0,
1696                                 SLAB_HWCACHE_ALIGN, NULL);
1697                 if (!sgp->slab) {
1698                         printk(KERN_ERR "SCSI: can't init sg slab %s\n",
1699                                         sgp->name);
1700                         goto cleanup_bidi_sdb;
1701                 }
1702
1703                 sgp->pool = mempool_create_slab_pool(SG_MEMPOOL_SIZE,
1704                                                      sgp->slab);
1705                 if (!sgp->pool) {
1706                         printk(KERN_ERR "SCSI: can't init sg mempool %s\n",
1707                                         sgp->name);
1708                         goto cleanup_bidi_sdb;
1709                 }
1710         }
1711
1712         return 0;
1713
1714 cleanup_bidi_sdb:
1715         for (i = 0; i < SG_MEMPOOL_NR; i++) {
1716                 struct scsi_host_sg_pool *sgp = scsi_sg_pools + i;
1717                 if (sgp->pool)
1718                         mempool_destroy(sgp->pool);
1719                 if (sgp->slab)
1720                         kmem_cache_destroy(sgp->slab);
1721         }
1722         kmem_cache_destroy(scsi_bidi_sdb_cache);
1723 cleanup_io_context:
1724         kmem_cache_destroy(scsi_io_context_cache);
1725
1726         return -ENOMEM;
1727 }
1728
1729 void scsi_exit_queue(void)
1730 {
1731         int i;
1732
1733         kmem_cache_destroy(scsi_io_context_cache);
1734         kmem_cache_destroy(scsi_bidi_sdb_cache);
1735
1736         for (i = 0; i < SG_MEMPOOL_NR; i++) {
1737                 struct scsi_host_sg_pool *sgp = scsi_sg_pools + i;
1738                 mempool_destroy(sgp->pool);
1739                 kmem_cache_destroy(sgp->slab);
1740         }
1741 }
1742
1743 /**
1744  *      scsi_mode_select - issue a mode select
1745  *      @sdev:  SCSI device to be queried
1746  *      @pf:    Page format bit (1 == standard, 0 == vendor specific)
1747  *      @sp:    Save page bit (0 == don't save, 1 == save)
1748  *      @modepage: mode page being requested
1749  *      @buffer: request buffer (may not be smaller than eight bytes)
1750  *      @len:   length of request buffer.
1751  *      @timeout: command timeout
1752  *      @retries: number of retries before failing
1753  *      @data: returns a structure abstracting the mode header data
1754  *      @sshdr: place to put sense data (or NULL if no sense to be collected).
1755  *              must be SCSI_SENSE_BUFFERSIZE big.
1756  *
1757  *      Returns zero if successful; negative error number or scsi
1758  *      status on error
1759  *
1760  */
1761 int
1762 scsi_mode_select(struct scsi_device *sdev, int pf, int sp, int modepage,
1763                  unsigned char *buffer, int len, int timeout, int retries,
1764                  struct scsi_mode_data *data, struct scsi_sense_hdr *sshdr)
1765 {
1766         unsigned char cmd[10];
1767         unsigned char *real_buffer;
1768         int ret;
1769
1770         memset(cmd, 0, sizeof(cmd));
1771         cmd[1] = (pf ? 0x10 : 0) | (sp ? 0x01 : 0);
1772
1773         if (sdev->use_10_for_ms) {
1774                 if (len > 65535)
1775                         return -EINVAL;
1776                 real_buffer = kmalloc(8 + len, GFP_KERNEL);
1777                 if (!real_buffer)
1778                         return -ENOMEM;
1779                 memcpy(real_buffer + 8, buffer, len);
1780                 len += 8;
1781                 real_buffer[0] = 0;
1782                 real_buffer[1] = 0;
1783                 real_buffer[2] = data->medium_type;
1784                 real_buffer[3] = data->device_specific;
1785                 real_buffer[4] = data->longlba ? 0x01 : 0;
1786                 real_buffer[5] = 0;
1787                 real_buffer[6] = data->block_descriptor_length >> 8;
1788                 real_buffer[7] = data->block_descriptor_length;
1789
1790                 cmd[0] = MODE_SELECT_10;
1791                 cmd[7] = len >> 8;
1792                 cmd[8] = len;
1793         } else {
1794                 if (len > 255 || data->block_descriptor_length > 255 ||
1795                     data->longlba)
1796                         return -EINVAL;
1797
1798                 real_buffer = kmalloc(4 + len, GFP_KERNEL);
1799                 if (!real_buffer)
1800                         return -ENOMEM;
1801                 memcpy(real_buffer + 4, buffer, len);
1802                 len += 4;
1803                 real_buffer[0] = 0;
1804                 real_buffer[1] = data->medium_type;
1805                 real_buffer[2] = data->device_specific;
1806                 real_buffer[3] = data->block_descriptor_length;
1807                 
1808
1809                 cmd[0] = MODE_SELECT;
1810                 cmd[4] = len;
1811         }
1812
1813         ret = scsi_execute_req(sdev, cmd, DMA_TO_DEVICE, real_buffer, len,
1814                                sshdr, timeout, retries);
1815         kfree(real_buffer);
1816         return ret;
1817 }
1818 EXPORT_SYMBOL_GPL(scsi_mode_select);
1819
1820 /**
1821  *      scsi_mode_sense - issue a mode sense, falling back from 10 to six bytes if necessary.
1822  *      @sdev:  SCSI device to be queried
1823  *      @dbd:   set if mode sense will allow block descriptors to be returned
1824  *      @modepage: mode page being requested
1825  *      @buffer: request buffer (may not be smaller than eight bytes)
1826  *      @len:   length of request buffer.
1827  *      @timeout: command timeout
1828  *      @retries: number of retries before failing
1829  *      @data: returns a structure abstracting the mode header data
1830  *      @sshdr: place to put sense data (or NULL if no sense to be collected).
1831  *              must be SCSI_SENSE_BUFFERSIZE big.
1832  *
1833  *      Returns zero if unsuccessful, or the header offset (either 4
1834  *      or 8 depending on whether a six or ten byte command was
1835  *      issued) if successful.
1836  */
1837 int
1838 scsi_mode_sense(struct scsi_device *sdev, int dbd, int modepage,
1839                   unsigned char *buffer, int len, int timeout, int retries,
1840                   struct scsi_mode_data *data, struct scsi_sense_hdr *sshdr)
1841 {
1842         unsigned char cmd[12];
1843         int use_10_for_ms;
1844         int header_length;
1845         int result;
1846         struct scsi_sense_hdr my_sshdr;
1847
1848         memset(data, 0, sizeof(*data));
1849         memset(&cmd[0], 0, 12);
1850         cmd[1] = dbd & 0x18;    /* allows DBD and LLBA bits */
1851         cmd[2] = modepage;
1852
1853         /* caller might not be interested in sense, but we need it */
1854         if (!sshdr)
1855                 sshdr = &my_sshdr;
1856
1857  retry:
1858         use_10_for_ms = sdev->use_10_for_ms;
1859
1860         if (use_10_for_ms) {
1861                 if (len < 8)
1862                         len = 8;
1863
1864                 cmd[0] = MODE_SENSE_10;
1865                 cmd[8] = len;
1866                 header_length = 8;
1867         } else {
1868                 if (len < 4)
1869                         len = 4;
1870
1871                 cmd[0] = MODE_SENSE;
1872                 cmd[4] = len;
1873                 header_length = 4;
1874         }
1875
1876         memset(buffer, 0, len);
1877
1878         result = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buffer, len,
1879                                   sshdr, timeout, retries);
1880
1881         /* This code looks awful: what it's doing is making sure an
1882          * ILLEGAL REQUEST sense return identifies the actual command
1883          * byte as the problem.  MODE_SENSE commands can return
1884          * ILLEGAL REQUEST if the code page isn't supported */
1885
1886         if (use_10_for_ms && !scsi_status_is_good(result) &&
1887             (driver_byte(result) & DRIVER_SENSE)) {
1888                 if (scsi_sense_valid(sshdr)) {
1889                         if ((sshdr->sense_key == ILLEGAL_REQUEST) &&
1890                             (sshdr->asc == 0x20) && (sshdr->ascq == 0)) {
1891                                 /* 
1892                                  * Invalid command operation code
1893                                  */
1894                                 sdev->use_10_for_ms = 0;
1895                                 goto retry;
1896                         }
1897                 }
1898         }
1899
1900         if(scsi_status_is_good(result)) {
1901                 if (unlikely(buffer[0] == 0x86 && buffer[1] == 0x0b &&
1902                              (modepage == 6 || modepage == 8))) {
1903                         /* Initio breakage? */
1904                         header_length = 0;
1905                         data->length = 13;
1906                         data->medium_type = 0;
1907                         data->device_specific = 0;
1908                         data->longlba = 0;
1909                         data->block_descriptor_length = 0;
1910                 } else if(use_10_for_ms) {
1911                         data->length = buffer[0]*256 + buffer[1] + 2;
1912                         data->medium_type = buffer[2];
1913                         data->device_specific = buffer[3];
1914                         data->longlba = buffer[4] & 0x01;
1915                         data->block_descriptor_length = buffer[6]*256
1916                                 + buffer[7];
1917                 } else {
1918                         data->length = buffer[0] + 1;
1919                         data->medium_type = buffer[1];
1920                         data->device_specific = buffer[2];
1921                         data->block_descriptor_length = buffer[3];
1922                 }
1923                 data->header_length = header_length;
1924         }
1925
1926         return result;
1927 }
1928 EXPORT_SYMBOL(scsi_mode_sense);
1929
1930 /**
1931  *      scsi_test_unit_ready - test if unit is ready
1932  *      @sdev:  scsi device to change the state of.
1933  *      @timeout: command timeout
1934  *      @retries: number of retries before failing
1935  *      @sshdr_external: Optional pointer to struct scsi_sense_hdr for
1936  *              returning sense. Make sure that this is cleared before passing
1937  *              in.
1938  *
1939  *      Returns zero if unsuccessful or an error if TUR failed.  For
1940  *      removable media, a return of NOT_READY or UNIT_ATTENTION is
1941  *      translated to success, with the ->changed flag updated.
1942  **/
1943 int
1944 scsi_test_unit_ready(struct scsi_device *sdev, int timeout, int retries,
1945                      struct scsi_sense_hdr *sshdr_external)
1946 {
1947         char cmd[] = {
1948                 TEST_UNIT_READY, 0, 0, 0, 0, 0,
1949         };
1950         struct scsi_sense_hdr *sshdr;
1951         int result;
1952
1953         if (!sshdr_external)
1954                 sshdr = kzalloc(sizeof(*sshdr), GFP_KERNEL);
1955         else
1956                 sshdr = sshdr_external;
1957
1958         /* try to eat the UNIT_ATTENTION if there are enough retries */
1959         do {
1960                 result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0, sshdr,
1961                                           timeout, retries);
1962         } while ((driver_byte(result) & DRIVER_SENSE) &&
1963                  sshdr && sshdr->sense_key == UNIT_ATTENTION &&
1964                  --retries);
1965
1966         if (!sshdr)
1967                 /* could not allocate sense buffer, so can't process it */
1968                 return result;
1969
1970         if ((driver_byte(result) & DRIVER_SENSE) && sdev->removable) {
1971
1972                 if ((scsi_sense_valid(sshdr)) &&
1973                     ((sshdr->sense_key == UNIT_ATTENTION) ||
1974                      (sshdr->sense_key == NOT_READY))) {
1975                         sdev->changed = 1;
1976                         result = 0;
1977                 }
1978         }
1979         if (!sshdr_external)
1980                 kfree(sshdr);
1981         return result;
1982 }
1983 EXPORT_SYMBOL(scsi_test_unit_ready);
1984
1985 /**
1986  *      scsi_device_set_state - Take the given device through the device state model.
1987  *      @sdev:  scsi device to change the state of.
1988  *      @state: state to change to.
1989  *
1990  *      Returns zero if unsuccessful or an error if the requested 
1991  *      transition is illegal.
1992  */
1993 int
1994 scsi_device_set_state(struct scsi_device *sdev, enum scsi_device_state state)
1995 {
1996         enum scsi_device_state oldstate = sdev->sdev_state;
1997
1998         if (state == oldstate)
1999                 return 0;
2000
2001         switch (state) {
2002         case SDEV_CREATED:
2003                 /* There are no legal states that come back to
2004                  * created.  This is the manually initialised start
2005                  * state */
2006                 goto illegal;
2007                         
2008         case SDEV_RUNNING:
2009                 switch (oldstate) {
2010                 case SDEV_CREATED:
2011                 case SDEV_OFFLINE:
2012                 case SDEV_QUIESCE:
2013                 case SDEV_BLOCK:
2014                         break;
2015                 default:
2016                         goto illegal;
2017                 }
2018                 break;
2019
2020         case SDEV_QUIESCE:
2021                 switch (oldstate) {
2022                 case SDEV_RUNNING:
2023                 case SDEV_OFFLINE:
2024                         break;
2025                 default:
2026                         goto illegal;
2027                 }
2028                 break;
2029
2030         case SDEV_OFFLINE:
2031                 switch (oldstate) {
2032                 case SDEV_CREATED:
2033                 case SDEV_RUNNING:
2034                 case SDEV_QUIESCE:
2035                 case SDEV_BLOCK:
2036                         break;
2037                 default:
2038                         goto illegal;
2039                 }
2040                 break;
2041
2042         case SDEV_BLOCK:
2043                 switch (oldstate) {
2044                 case SDEV_CREATED:
2045                 case SDEV_RUNNING:
2046                         break;
2047                 default:
2048                         goto illegal;
2049                 }
2050                 break;
2051
2052         case SDEV_CANCEL:
2053                 switch (oldstate) {
2054                 case SDEV_CREATED:
2055                 case SDEV_RUNNING:
2056                 case SDEV_QUIESCE:
2057                 case SDEV_OFFLINE:
2058                 case SDEV_BLOCK:
2059                         break;
2060                 default:
2061                         goto illegal;
2062                 }
2063                 break;
2064
2065         case SDEV_DEL:
2066                 switch (oldstate) {
2067                 case SDEV_CREATED:
2068                 case SDEV_RUNNING:
2069                 case SDEV_OFFLINE:
2070                 case SDEV_CANCEL:
2071                         break;
2072                 default:
2073                         goto illegal;
2074                 }
2075                 break;
2076
2077         }
2078         sdev->sdev_state = state;
2079         return 0;
2080
2081  illegal:
2082         SCSI_LOG_ERROR_RECOVERY(1, 
2083                                 sdev_printk(KERN_ERR, sdev,
2084                                             "Illegal state transition %s->%s\n",
2085                                             scsi_device_state_name(oldstate),
2086                                             scsi_device_state_name(state))
2087                                 );
2088         return -EINVAL;
2089 }
2090 EXPORT_SYMBOL(scsi_device_set_state);
2091
2092 /**
2093  *      sdev_evt_emit - emit a single SCSI device uevent
2094  *      @sdev: associated SCSI device
2095  *      @evt: event to emit
2096  *
2097  *      Send a single uevent (scsi_event) to the associated scsi_device.
2098  */
2099 static void scsi_evt_emit(struct scsi_device *sdev, struct scsi_event *evt)
2100 {
2101         int idx = 0;
2102         char *envp[3];
2103
2104         switch (evt->evt_type) {
2105         case SDEV_EVT_MEDIA_CHANGE:
2106                 envp[idx++] = "SDEV_MEDIA_CHANGE=1";
2107                 break;
2108
2109         default:
2110                 /* do nothing */
2111                 break;
2112         }
2113
2114         envp[idx++] = NULL;
2115
2116         kobject_uevent_env(&sdev->sdev_gendev.kobj, KOBJ_CHANGE, envp);
2117 }
2118
2119 /**
2120  *      sdev_evt_thread - send a uevent for each scsi event
2121  *      @work: work struct for scsi_device
2122  *
2123  *      Dispatch queued events to their associated scsi_device kobjects
2124  *      as uevents.
2125  */
2126 void scsi_evt_thread(struct work_struct *work)
2127 {
2128         struct scsi_device *sdev;
2129         LIST_HEAD(event_list);
2130
2131         sdev = container_of(work, struct scsi_device, event_work);
2132
2133         while (1) {
2134                 struct scsi_event *evt;
2135                 struct list_head *this, *tmp;
2136                 unsigned long flags;
2137
2138                 spin_lock_irqsave(&sdev->list_lock, flags);
2139                 list_splice_init(&sdev->event_list, &event_list);
2140                 spin_unlock_irqrestore(&sdev->list_lock, flags);
2141
2142                 if (list_empty(&event_list))
2143                         break;
2144
2145                 list_for_each_safe(this, tmp, &event_list) {
2146                         evt = list_entry(this, struct scsi_event, node);
2147                         list_del(&evt->node);
2148                         scsi_evt_emit(sdev, evt);
2149                         kfree(evt);
2150                 }
2151         }
2152 }
2153
2154 /**
2155  *      sdev_evt_send - send asserted event to uevent thread
2156  *      @sdev: scsi_device event occurred on
2157  *      @evt: event to send
2158  *
2159  *      Assert scsi device event asynchronously.
2160  */
2161 void sdev_evt_send(struct scsi_device *sdev, struct scsi_event *evt)
2162 {
2163         unsigned long flags;
2164
2165         if (!test_bit(evt->evt_type, sdev->supported_events)) {
2166                 kfree(evt);
2167                 return;
2168         }
2169
2170         spin_lock_irqsave(&sdev->list_lock, flags);
2171         list_add_tail(&evt->node, &sdev->event_list);
2172         schedule_work(&sdev->event_work);
2173         spin_unlock_irqrestore(&sdev->list_lock, flags);
2174 }
2175 EXPORT_SYMBOL_GPL(sdev_evt_send);
2176
2177 /**
2178  *      sdev_evt_alloc - allocate a new scsi event
2179  *      @evt_type: type of event to allocate
2180  *      @gfpflags: GFP flags for allocation
2181  *
2182  *      Allocates and returns a new scsi_event.
2183  */
2184 struct scsi_event *sdev_evt_alloc(enum scsi_device_event evt_type,
2185                                   gfp_t gfpflags)
2186 {
2187         struct scsi_event *evt = kzalloc(sizeof(struct scsi_event), gfpflags);
2188         if (!evt)
2189                 return NULL;
2190
2191         evt->evt_type = evt_type;
2192         INIT_LIST_HEAD(&evt->node);
2193
2194         /* evt_type-specific initialization, if any */
2195         switch (evt_type) {
2196         case SDEV_EVT_MEDIA_CHANGE:
2197         default:
2198                 /* do nothing */
2199                 break;
2200         }
2201
2202         return evt;
2203 }
2204 EXPORT_SYMBOL_GPL(sdev_evt_alloc);
2205
2206 /**
2207  *      sdev_evt_send_simple - send asserted event to uevent thread
2208  *      @sdev: scsi_device event occurred on
2209  *      @evt_type: type of event to send
2210  *      @gfpflags: GFP flags for allocation
2211  *
2212  *      Assert scsi device event asynchronously, given an event type.
2213  */
2214 void sdev_evt_send_simple(struct scsi_device *sdev,
2215                           enum scsi_device_event evt_type, gfp_t gfpflags)
2216 {
2217         struct scsi_event *evt = sdev_evt_alloc(evt_type, gfpflags);
2218         if (!evt) {
2219                 sdev_printk(KERN_ERR, sdev, "event %d eaten due to OOM\n",
2220                             evt_type);
2221                 return;
2222         }
2223
2224         sdev_evt_send(sdev, evt);
2225 }
2226 EXPORT_SYMBOL_GPL(sdev_evt_send_simple);
2227
2228 /**
2229  *      scsi_device_quiesce - Block user issued commands.
2230  *      @sdev:  scsi device to quiesce.
2231  *
2232  *      This works by trying to transition to the SDEV_QUIESCE state
2233  *      (which must be a legal transition).  When the device is in this
2234  *      state, only special requests will be accepted, all others will
2235  *      be deferred.  Since special requests may also be requeued requests,
2236  *      a successful return doesn't guarantee the device will be 
2237  *      totally quiescent.
2238  *
2239  *      Must be called with user context, may sleep.
2240  *
2241  *      Returns zero if unsuccessful or an error if not.
2242  */
2243 int
2244 scsi_device_quiesce(struct scsi_device *sdev)
2245 {
2246         int err = scsi_device_set_state(sdev, SDEV_QUIESCE);
2247         if (err)
2248                 return err;
2249
2250         scsi_run_queue(sdev->request_queue);
2251         while (sdev->device_busy) {
2252                 msleep_interruptible(200);
2253                 scsi_run_queue(sdev->request_queue);
2254         }
2255         return 0;
2256 }
2257 EXPORT_SYMBOL(scsi_device_quiesce);
2258
2259 /**
2260  *      scsi_device_resume - Restart user issued commands to a quiesced device.
2261  *      @sdev:  scsi device to resume.
2262  *
2263  *      Moves the device from quiesced back to running and restarts the
2264  *      queues.
2265  *
2266  *      Must be called with user context, may sleep.
2267  */
2268 void
2269 scsi_device_resume(struct scsi_device *sdev)
2270 {
2271         if(scsi_device_set_state(sdev, SDEV_RUNNING))
2272                 return;
2273         scsi_run_queue(sdev->request_queue);
2274 }
2275 EXPORT_SYMBOL(scsi_device_resume);
2276
2277 static void
2278 device_quiesce_fn(struct scsi_device *sdev, void *data)
2279 {
2280         scsi_device_quiesce(sdev);
2281 }
2282
2283 void
2284 scsi_target_quiesce(struct scsi_target *starget)
2285 {
2286         starget_for_each_device(starget, NULL, device_quiesce_fn);
2287 }
2288 EXPORT_SYMBOL(scsi_target_quiesce);
2289
2290 static void
2291 device_resume_fn(struct scsi_device *sdev, void *data)
2292 {
2293         scsi_device_resume(sdev);
2294 }
2295
2296 void
2297 scsi_target_resume(struct scsi_target *starget)
2298 {
2299         starget_for_each_device(starget, NULL, device_resume_fn);
2300 }
2301 EXPORT_SYMBOL(scsi_target_resume);
2302
2303 /**
2304  * scsi_internal_device_block - internal function to put a device temporarily into the SDEV_BLOCK state
2305  * @sdev:       device to block
2306  *
2307  * Block request made by scsi lld's to temporarily stop all
2308  * scsi commands on the specified device.  Called from interrupt
2309  * or normal process context.
2310  *
2311  * Returns zero if successful or error if not
2312  *
2313  * Notes:       
2314  *      This routine transitions the device to the SDEV_BLOCK state
2315  *      (which must be a legal transition).  When the device is in this
2316  *      state, all commands are deferred until the scsi lld reenables
2317  *      the device with scsi_device_unblock or device_block_tmo fires.
2318  *      This routine assumes the host_lock is held on entry.
2319  */
2320 int
2321 scsi_internal_device_block(struct scsi_device *sdev)
2322 {
2323         struct request_queue *q = sdev->request_queue;
2324         unsigned long flags;
2325         int err = 0;
2326
2327         err = scsi_device_set_state(sdev, SDEV_BLOCK);
2328         if (err)
2329                 return err;
2330
2331         /* 
2332          * The device has transitioned to SDEV_BLOCK.  Stop the
2333          * block layer from calling the midlayer with this device's
2334          * request queue. 
2335          */
2336         spin_lock_irqsave(q->queue_lock, flags);
2337         blk_stop_queue(q);
2338         spin_unlock_irqrestore(q->queue_lock, flags);
2339
2340         return 0;
2341 }
2342 EXPORT_SYMBOL_GPL(scsi_internal_device_block);
2343  
2344 /**
2345  * scsi_internal_device_unblock - resume a device after a block request
2346  * @sdev:       device to resume
2347  *
2348  * Called by scsi lld's or the midlayer to restart the device queue
2349  * for the previously suspended scsi device.  Called from interrupt or
2350  * normal process context.
2351  *
2352  * Returns zero if successful or error if not.
2353  *
2354  * Notes:       
2355  *      This routine transitions the device to the SDEV_RUNNING state
2356  *      (which must be a legal transition) allowing the midlayer to
2357  *      goose the queue for this device.  This routine assumes the 
2358  *      host_lock is held upon entry.
2359  */
2360 int
2361 scsi_internal_device_unblock(struct scsi_device *sdev)
2362 {
2363         struct request_queue *q = sdev->request_queue; 
2364         int err;
2365         unsigned long flags;
2366         
2367         /* 
2368          * Try to transition the scsi device to SDEV_RUNNING
2369          * and goose the device queue if successful.  
2370          */
2371         err = scsi_device_set_state(sdev, SDEV_RUNNING);
2372         if (err)
2373                 return err;
2374
2375         spin_lock_irqsave(q->queue_lock, flags);
2376         blk_start_queue(q);
2377         spin_unlock_irqrestore(q->queue_lock, flags);
2378
2379         return 0;
2380 }
2381 EXPORT_SYMBOL_GPL(scsi_internal_device_unblock);
2382
2383 static void
2384 device_block(struct scsi_device *sdev, void *data)
2385 {
2386         scsi_internal_device_block(sdev);
2387 }
2388
2389 static int
2390 target_block(struct device *dev, void *data)
2391 {
2392         if (scsi_is_target_device(dev))
2393                 starget_for_each_device(to_scsi_target(dev), NULL,
2394                                         device_block);
2395         return 0;
2396 }
2397
2398 void
2399 scsi_target_block(struct device *dev)
2400 {
2401         if (scsi_is_target_device(dev))
2402                 starget_for_each_device(to_scsi_target(dev), NULL,
2403                                         device_block);
2404         else
2405                 device_for_each_child(dev, NULL, target_block);
2406 }
2407 EXPORT_SYMBOL_GPL(scsi_target_block);
2408
2409 static void
2410 device_unblock(struct scsi_device *sdev, void *data)
2411 {
2412         scsi_internal_device_unblock(sdev);
2413 }
2414
2415 static int
2416 target_unblock(struct device *dev, void *data)
2417 {
2418         if (scsi_is_target_device(dev))
2419                 starget_for_each_device(to_scsi_target(dev), NULL,
2420                                         device_unblock);
2421         return 0;
2422 }
2423
2424 void
2425 scsi_target_unblock(struct device *dev)
2426 {
2427         if (scsi_is_target_device(dev))
2428                 starget_for_each_device(to_scsi_target(dev), NULL,
2429                                         device_unblock);
2430         else
2431                 device_for_each_child(dev, NULL, target_unblock);
2432 }
2433 EXPORT_SYMBOL_GPL(scsi_target_unblock);
2434
2435 /**
2436  * scsi_kmap_atomic_sg - find and atomically map an sg-elemnt
2437  * @sgl:        scatter-gather list
2438  * @sg_count:   number of segments in sg
2439  * @offset:     offset in bytes into sg, on return offset into the mapped area
2440  * @len:        bytes to map, on return number of bytes mapped
2441  *
2442  * Returns virtual address of the start of the mapped page
2443  */
2444 void *scsi_kmap_atomic_sg(struct scatterlist *sgl, int sg_count,
2445                           size_t *offset, size_t *len)
2446 {
2447         int i;
2448         size_t sg_len = 0, len_complete = 0;
2449         struct scatterlist *sg;
2450         struct page *page;
2451
2452         WARN_ON(!irqs_disabled());
2453
2454         for_each_sg(sgl, sg, sg_count, i) {
2455                 len_complete = sg_len; /* Complete sg-entries */
2456                 sg_len += sg->length;
2457                 if (sg_len > *offset)
2458                         break;
2459         }
2460
2461         if (unlikely(i == sg_count)) {
2462                 printk(KERN_ERR "%s: Bytes in sg: %zu, requested offset %zu, "
2463                         "elements %d\n",
2464                        __FUNCTION__, sg_len, *offset, sg_count);
2465                 WARN_ON(1);
2466                 return NULL;
2467         }
2468
2469         /* Offset starting from the beginning of first page in this sg-entry */
2470         *offset = *offset - len_complete + sg->offset;
2471
2472         /* Assumption: contiguous pages can be accessed as "page + i" */
2473         page = nth_page(sg_page(sg), (*offset >> PAGE_SHIFT));
2474         *offset &= ~PAGE_MASK;
2475
2476         /* Bytes in this sg-entry from *offset to the end of the page */
2477         sg_len = PAGE_SIZE - *offset;
2478         if (*len > sg_len)
2479                 *len = sg_len;
2480
2481         return kmap_atomic(page, KM_BIO_SRC_IRQ);
2482 }
2483 EXPORT_SYMBOL(scsi_kmap_atomic_sg);
2484
2485 /**
2486  * scsi_kunmap_atomic_sg - atomically unmap a virtual address, previously mapped with scsi_kmap_atomic_sg
2487  * @virt:       virtual address to be unmapped
2488  */
2489 void scsi_kunmap_atomic_sg(void *virt)
2490 {
2491         kunmap_atomic(virt, KM_BIO_SRC_IRQ);
2492 }
2493 EXPORT_SYMBOL(scsi_kunmap_atomic_sg);