cciss: add cciss driver sysfs entries
[linux-2.6] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP Smart Array controllers.
3  *    (C) Copyright 2000, 2007 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; version 2 of the License.
8  *
9  *    This program is distributed in the hope that it will be useful,
10  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
11  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  *    General Public License for more details.
13  *
14  *    You should have received a copy of the GNU General Public License
15  *    along with this program; if not, write to the Free Software
16  *    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17  *    02111-1307, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/module.h>
24 #include <linux/interrupt.h>
25 #include <linux/types.h>
26 #include <linux/pci.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/delay.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/bio.h>
33 #include <linux/blkpg.h>
34 #include <linux/timer.h>
35 #include <linux/proc_fs.h>
36 #include <linux/seq_file.h>
37 #include <linux/init.h>
38 #include <linux/hdreg.h>
39 #include <linux/spinlock.h>
40 #include <linux/compat.h>
41 #include <linux/blktrace_api.h>
42 #include <asm/uaccess.h>
43 #include <asm/io.h>
44
45 #include <linux/dma-mapping.h>
46 #include <linux/blkdev.h>
47 #include <linux/genhd.h>
48 #include <linux/completion.h>
49 #include <scsi/scsi.h>
50 #include <scsi/sg.h>
51 #include <scsi/scsi_ioctl.h>
52 #include <linux/cdrom.h>
53 #include <linux/scatterlist.h>
54 #include <linux/kthread.h>
55
56 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
57 #define DRIVER_NAME "HP CISS Driver (v 3.6.20)"
58 #define DRIVER_VERSION CCISS_DRIVER_VERSION(3, 6, 20)
59
60 /* Embedded module documentation macros - see modules.h */
61 MODULE_AUTHOR("Hewlett-Packard Company");
62 MODULE_DESCRIPTION("Driver for HP Smart Array Controllers");
63 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
64                         " SA6i P600 P800 P400 P400i E200 E200i E500 P700m"
65                         " Smart Array G2 Series SAS/SATA Controllers");
66 MODULE_VERSION("3.6.20");
67 MODULE_LICENSE("GPL");
68
69 #include "cciss_cmd.h"
70 #include "cciss.h"
71 #include <linux/cciss_ioctl.h>
72
73 /* define the PCI info for the cards we can control */
74 static const struct pci_device_id cciss_pci_device_id[] = {
75         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,  0x0E11, 0x4070},
76         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4080},
77         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4082},
78         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4083},
79         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x4091},
80         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409A},
81         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409B},
82         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409C},
83         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409D},
84         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSA,     0x103C, 0x3225},
85         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3223},
86         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3234},
87         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3235},
88         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3211},
89         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3212},
90         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3213},
91         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3214},
92         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3215},
93         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3237},
94         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x323D},
95         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3241},
96         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3243},
97         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3245},
98         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3247},
99         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3249},
100         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324A},
101         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324B},
102         {PCI_VENDOR_ID_HP,     PCI_ANY_ID,      PCI_ANY_ID, PCI_ANY_ID,
103                 PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
104         {0,}
105 };
106
107 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
108
109 /*  board_id = Subsystem Device ID & Vendor ID
110  *  product = Marketing Name for the board
111  *  access = Address of the struct of function pointers
112  */
113 static struct board_type products[] = {
114         {0x40700E11, "Smart Array 5300", &SA5_access},
115         {0x40800E11, "Smart Array 5i", &SA5B_access},
116         {0x40820E11, "Smart Array 532", &SA5B_access},
117         {0x40830E11, "Smart Array 5312", &SA5B_access},
118         {0x409A0E11, "Smart Array 641", &SA5_access},
119         {0x409B0E11, "Smart Array 642", &SA5_access},
120         {0x409C0E11, "Smart Array 6400", &SA5_access},
121         {0x409D0E11, "Smart Array 6400 EM", &SA5_access},
122         {0x40910E11, "Smart Array 6i", &SA5_access},
123         {0x3225103C, "Smart Array P600", &SA5_access},
124         {0x3223103C, "Smart Array P800", &SA5_access},
125         {0x3234103C, "Smart Array P400", &SA5_access},
126         {0x3235103C, "Smart Array P400i", &SA5_access},
127         {0x3211103C, "Smart Array E200i", &SA5_access},
128         {0x3212103C, "Smart Array E200", &SA5_access},
129         {0x3213103C, "Smart Array E200i", &SA5_access},
130         {0x3214103C, "Smart Array E200i", &SA5_access},
131         {0x3215103C, "Smart Array E200i", &SA5_access},
132         {0x3237103C, "Smart Array E500", &SA5_access},
133         {0x323D103C, "Smart Array P700m", &SA5_access},
134         {0x3241103C, "Smart Array P212", &SA5_access},
135         {0x3243103C, "Smart Array P410", &SA5_access},
136         {0x3245103C, "Smart Array P410i", &SA5_access},
137         {0x3247103C, "Smart Array P411", &SA5_access},
138         {0x3249103C, "Smart Array P812", &SA5_access},
139         {0x324A103C, "Smart Array P712m", &SA5_access},
140         {0x324B103C, "Smart Array P711m", &SA5_access},
141         {0xFFFF103C, "Unknown Smart Array", &SA5_access},
142 };
143
144 /* How long to wait (in milliseconds) for board to go into simple mode */
145 #define MAX_CONFIG_WAIT 30000
146 #define MAX_IOCTL_CONFIG_WAIT 1000
147
148 /*define how many times we will try a command because of bus resets */
149 #define MAX_CMD_RETRIES 3
150
151 #define MAX_CTLR        32
152
153 /* Originally cciss driver only supports 8 major numbers */
154 #define MAX_CTLR_ORIG   8
155
156 static ctlr_info_t *hba[MAX_CTLR];
157
158 static void do_cciss_request(struct request_queue *q);
159 static irqreturn_t do_cciss_intr(int irq, void *dev_id);
160 static int cciss_open(struct block_device *bdev, fmode_t mode);
161 static int cciss_release(struct gendisk *disk, fmode_t mode);
162 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
163                        unsigned int cmd, unsigned long arg);
164 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
165
166 static int cciss_revalidate(struct gendisk *disk);
167 static int rebuild_lun_table(ctlr_info_t *h, int first_time);
168 static int deregister_disk(ctlr_info_t *h, int drv_index,
169                            int clear_all);
170
171 static void cciss_read_capacity(int ctlr, int logvol, int withirq,
172                         sector_t *total_size, unsigned int *block_size);
173 static void cciss_read_capacity_16(int ctlr, int logvol, int withirq,
174                         sector_t *total_size, unsigned int *block_size);
175 static void cciss_geometry_inquiry(int ctlr, int logvol,
176                         int withirq, sector_t total_size,
177                         unsigned int block_size, InquiryData_struct *inq_buff,
178                                    drive_info_struct *drv);
179 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *,
180                                            __u32);
181 static void start_io(ctlr_info_t *h);
182 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
183                    unsigned int use_unit_num, unsigned int log_unit,
184                    __u8 page_code, unsigned char *scsi3addr, int cmd_type);
185 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
186                            unsigned int use_unit_num, unsigned int log_unit,
187                            __u8 page_code, int cmd_type);
188
189 static void fail_all_cmds(unsigned long ctlr);
190 static int scan_thread(void *data);
191 static int check_for_unit_attention(ctlr_info_t *h, CommandList_struct *c);
192
193 #ifdef CONFIG_PROC_FS
194 static void cciss_procinit(int i);
195 #else
196 static void cciss_procinit(int i)
197 {
198 }
199 #endif                          /* CONFIG_PROC_FS */
200
201 #ifdef CONFIG_COMPAT
202 static int cciss_compat_ioctl(struct block_device *, fmode_t,
203                               unsigned, unsigned long);
204 #endif
205
206 static struct block_device_operations cciss_fops = {
207         .owner = THIS_MODULE,
208         .open = cciss_open,
209         .release = cciss_release,
210         .locked_ioctl = cciss_ioctl,
211         .getgeo = cciss_getgeo,
212 #ifdef CONFIG_COMPAT
213         .compat_ioctl = cciss_compat_ioctl,
214 #endif
215         .revalidate_disk = cciss_revalidate,
216 };
217
218 /*
219  * Enqueuing and dequeuing functions for cmdlists.
220  */
221 static inline void addQ(struct hlist_head *list, CommandList_struct *c)
222 {
223         hlist_add_head(&c->list, list);
224 }
225
226 static inline void removeQ(CommandList_struct *c)
227 {
228         if (WARN_ON(hlist_unhashed(&c->list)))
229                 return;
230
231         hlist_del_init(&c->list);
232 }
233
234 #include "cciss_scsi.c"         /* For SCSI tape support */
235
236 #define RAID_UNKNOWN 6
237
238 #ifdef CONFIG_PROC_FS
239
240 /*
241  * Report information about this controller.
242  */
243 #define ENG_GIG 1000000000
244 #define ENG_GIG_FACTOR (ENG_GIG/512)
245 #define ENGAGE_SCSI     "engage scsi"
246 static const char *raid_label[] = { "0", "4", "1(1+0)", "5", "5+1", "ADG",
247         "UNKNOWN"
248 };
249
250 static struct proc_dir_entry *proc_cciss;
251
252 static void cciss_seq_show_header(struct seq_file *seq)
253 {
254         ctlr_info_t *h = seq->private;
255
256         seq_printf(seq, "%s: HP %s Controller\n"
257                 "Board ID: 0x%08lx\n"
258                 "Firmware Version: %c%c%c%c\n"
259                 "IRQ: %d\n"
260                 "Logical drives: %d\n"
261                 "Current Q depth: %d\n"
262                 "Current # commands on controller: %d\n"
263                 "Max Q depth since init: %d\n"
264                 "Max # commands on controller since init: %d\n"
265                 "Max SG entries since init: %d\n",
266                 h->devname,
267                 h->product_name,
268                 (unsigned long)h->board_id,
269                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2],
270                 h->firm_ver[3], (unsigned int)h->intr[SIMPLE_MODE_INT],
271                 h->num_luns,
272                 h->Qdepth, h->commands_outstanding,
273                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
274
275 #ifdef CONFIG_CISS_SCSI_TAPE
276         cciss_seq_tape_report(seq, h->ctlr);
277 #endif /* CONFIG_CISS_SCSI_TAPE */
278 }
279
280 static void *cciss_seq_start(struct seq_file *seq, loff_t *pos)
281 {
282         ctlr_info_t *h = seq->private;
283         unsigned ctlr = h->ctlr;
284         unsigned long flags;
285
286         /* prevent displaying bogus info during configuration
287          * or deconfiguration of a logical volume
288          */
289         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
290         if (h->busy_configuring) {
291                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
292                 return ERR_PTR(-EBUSY);
293         }
294         h->busy_configuring = 1;
295         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
296
297         if (*pos == 0)
298                 cciss_seq_show_header(seq);
299
300         return pos;
301 }
302
303 static int cciss_seq_show(struct seq_file *seq, void *v)
304 {
305         sector_t vol_sz, vol_sz_frac;
306         ctlr_info_t *h = seq->private;
307         unsigned ctlr = h->ctlr;
308         loff_t *pos = v;
309         drive_info_struct *drv = &h->drv[*pos];
310
311         if (*pos > h->highest_lun)
312                 return 0;
313
314         if (drv->heads == 0)
315                 return 0;
316
317         vol_sz = drv->nr_blocks;
318         vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
319         vol_sz_frac *= 100;
320         sector_div(vol_sz_frac, ENG_GIG_FACTOR);
321
322         if (drv->raid_level > 5)
323                 drv->raid_level = RAID_UNKNOWN;
324         seq_printf(seq, "cciss/c%dd%d:"
325                         "\t%4u.%02uGB\tRAID %s\n",
326                         ctlr, (int) *pos, (int)vol_sz, (int)vol_sz_frac,
327                         raid_label[drv->raid_level]);
328         return 0;
329 }
330
331 static void *cciss_seq_next(struct seq_file *seq, void *v, loff_t *pos)
332 {
333         ctlr_info_t *h = seq->private;
334
335         if (*pos > h->highest_lun)
336                 return NULL;
337         *pos += 1;
338
339         return pos;
340 }
341
342 static void cciss_seq_stop(struct seq_file *seq, void *v)
343 {
344         ctlr_info_t *h = seq->private;
345
346         /* Only reset h->busy_configuring if we succeeded in setting
347          * it during cciss_seq_start. */
348         if (v == ERR_PTR(-EBUSY))
349                 return;
350
351         h->busy_configuring = 0;
352 }
353
354 static struct seq_operations cciss_seq_ops = {
355         .start = cciss_seq_start,
356         .show  = cciss_seq_show,
357         .next  = cciss_seq_next,
358         .stop  = cciss_seq_stop,
359 };
360
361 static int cciss_seq_open(struct inode *inode, struct file *file)
362 {
363         int ret = seq_open(file, &cciss_seq_ops);
364         struct seq_file *seq = file->private_data;
365
366         if (!ret)
367                 seq->private = PDE(inode)->data;
368
369         return ret;
370 }
371
372 static ssize_t
373 cciss_proc_write(struct file *file, const char __user *buf,
374                  size_t length, loff_t *ppos)
375 {
376         int err;
377         char *buffer;
378
379 #ifndef CONFIG_CISS_SCSI_TAPE
380         return -EINVAL;
381 #endif
382
383         if (!buf || length > PAGE_SIZE - 1)
384                 return -EINVAL;
385
386         buffer = (char *)__get_free_page(GFP_KERNEL);
387         if (!buffer)
388                 return -ENOMEM;
389
390         err = -EFAULT;
391         if (copy_from_user(buffer, buf, length))
392                 goto out;
393         buffer[length] = '\0';
394
395 #ifdef CONFIG_CISS_SCSI_TAPE
396         if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) {
397                 struct seq_file *seq = file->private_data;
398                 ctlr_info_t *h = seq->private;
399                 int rc;
400
401                 rc = cciss_engage_scsi(h->ctlr);
402                 if (rc != 0)
403                         err = -rc;
404                 else
405                         err = length;
406         } else
407 #endif /* CONFIG_CISS_SCSI_TAPE */
408                 err = -EINVAL;
409         /* might be nice to have "disengage" too, but it's not
410            safely possible. (only 1 module use count, lock issues.) */
411
412 out:
413         free_page((unsigned long)buffer);
414         return err;
415 }
416
417 static struct file_operations cciss_proc_fops = {
418         .owner   = THIS_MODULE,
419         .open    = cciss_seq_open,
420         .read    = seq_read,
421         .llseek  = seq_lseek,
422         .release = seq_release,
423         .write   = cciss_proc_write,
424 };
425
426 static void __devinit cciss_procinit(int i)
427 {
428         struct proc_dir_entry *pde;
429
430         if (proc_cciss == NULL)
431                 proc_cciss = proc_mkdir("driver/cciss", NULL);
432         if (!proc_cciss)
433                 return;
434         pde = proc_create_data(hba[i]->devname, S_IWUSR | S_IRUSR | S_IRGRP |
435                                         S_IROTH, proc_cciss,
436                                         &cciss_proc_fops, hba[i]);
437 }
438 #endif                          /* CONFIG_PROC_FS */
439
440 #define MAX_PRODUCT_NAME_LEN 19
441
442 #define to_hba(n) container_of(n, struct ctlr_info, dev)
443 #define to_drv(n) container_of(n, drive_info_struct, dev)
444
445 static struct device_type cciss_host_type = {
446         .name           = "cciss_host",
447 };
448
449 static ssize_t dev_show_unique_id(struct device *dev,
450                                  struct device_attribute *attr,
451                                  char *buf)
452 {
453         drive_info_struct *drv = to_drv(dev);
454         struct ctlr_info *h = to_hba(drv->dev.parent);
455         __u8 sn[16];
456         unsigned long flags;
457         int ret = 0;
458
459         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
460         if (h->busy_configuring)
461                 ret = -EBUSY;
462         else
463                 memcpy(sn, drv->serial_no, sizeof(sn));
464         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
465
466         if (ret)
467                 return ret;
468         else
469                 return snprintf(buf, 16 * 2 + 2,
470                                 "%02X%02X%02X%02X%02X%02X%02X%02X"
471                                 "%02X%02X%02X%02X%02X%02X%02X%02X\n",
472                                 sn[0], sn[1], sn[2], sn[3],
473                                 sn[4], sn[5], sn[6], sn[7],
474                                 sn[8], sn[9], sn[10], sn[11],
475                                 sn[12], sn[13], sn[14], sn[15]);
476 }
477 DEVICE_ATTR(unique_id, S_IRUGO, dev_show_unique_id, NULL);
478
479 static ssize_t dev_show_vendor(struct device *dev,
480                                struct device_attribute *attr,
481                                char *buf)
482 {
483         drive_info_struct *drv = to_drv(dev);
484         struct ctlr_info *h = to_hba(drv->dev.parent);
485         char vendor[VENDOR_LEN + 1];
486         unsigned long flags;
487         int ret = 0;
488
489         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
490         if (h->busy_configuring)
491                 ret = -EBUSY;
492         else
493                 memcpy(vendor, drv->vendor, VENDOR_LEN + 1);
494         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
495
496         if (ret)
497                 return ret;
498         else
499                 return snprintf(buf, sizeof(vendor) + 1, "%s\n", drv->vendor);
500 }
501 DEVICE_ATTR(vendor, S_IRUGO, dev_show_vendor, NULL);
502
503 static ssize_t dev_show_model(struct device *dev,
504                               struct device_attribute *attr,
505                               char *buf)
506 {
507         drive_info_struct *drv = to_drv(dev);
508         struct ctlr_info *h = to_hba(drv->dev.parent);
509         char model[MODEL_LEN + 1];
510         unsigned long flags;
511         int ret = 0;
512
513         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
514         if (h->busy_configuring)
515                 ret = -EBUSY;
516         else
517                 memcpy(model, drv->model, MODEL_LEN + 1);
518         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
519
520         if (ret)
521                 return ret;
522         else
523                 return snprintf(buf, sizeof(model) + 1, "%s\n", drv->model);
524 }
525 DEVICE_ATTR(model, S_IRUGO, dev_show_model, NULL);
526
527 static ssize_t dev_show_rev(struct device *dev,
528                             struct device_attribute *attr,
529                             char *buf)
530 {
531         drive_info_struct *drv = to_drv(dev);
532         struct ctlr_info *h = to_hba(drv->dev.parent);
533         char rev[REV_LEN + 1];
534         unsigned long flags;
535         int ret = 0;
536
537         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
538         if (h->busy_configuring)
539                 ret = -EBUSY;
540         else
541                 memcpy(rev, drv->rev, REV_LEN + 1);
542         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
543
544         if (ret)
545                 return ret;
546         else
547                 return snprintf(buf, sizeof(rev) + 1, "%s\n", drv->rev);
548 }
549 DEVICE_ATTR(rev, S_IRUGO, dev_show_rev, NULL);
550
551 static struct attribute *cciss_dev_attrs[] = {
552         &dev_attr_unique_id.attr,
553         &dev_attr_model.attr,
554         &dev_attr_vendor.attr,
555         &dev_attr_rev.attr,
556         NULL
557 };
558
559 static struct attribute_group cciss_dev_attr_group = {
560         .attrs = cciss_dev_attrs,
561 };
562
563 static struct attribute_group *cciss_dev_attr_groups[] = {
564         &cciss_dev_attr_group,
565         NULL
566 };
567
568 static struct device_type cciss_dev_type = {
569         .name           = "cciss_device",
570         .groups         = cciss_dev_attr_groups,
571 };
572
573 static struct bus_type cciss_bus_type = {
574         .name           = "cciss",
575 };
576
577
578 /*
579  * Initialize sysfs entry for each controller.  This sets up and registers
580  * the 'cciss#' directory for each individual controller under
581  * /sys/bus/pci/devices/<dev>/.
582  */
583 static int cciss_create_hba_sysfs_entry(struct ctlr_info *h)
584 {
585         device_initialize(&h->dev);
586         h->dev.type = &cciss_host_type;
587         h->dev.bus = &cciss_bus_type;
588         dev_set_name(&h->dev, "%s", h->devname);
589         h->dev.parent = &h->pdev->dev;
590
591         return device_add(&h->dev);
592 }
593
594 /*
595  * Remove sysfs entries for an hba.
596  */
597 static void cciss_destroy_hba_sysfs_entry(struct ctlr_info *h)
598 {
599         device_del(&h->dev);
600 }
601
602 /*
603  * Initialize sysfs for each logical drive.  This sets up and registers
604  * the 'c#d#' directory for each individual logical drive under
605  * /sys/bus/pci/devices/<dev/ccis#/. We also create a link from
606  * /sys/block/cciss!c#d# to this entry.
607  */
608 static int cciss_create_ld_sysfs_entry(struct ctlr_info *h,
609                                        drive_info_struct *drv,
610                                        int drv_index)
611 {
612         device_initialize(&drv->dev);
613         drv->dev.type = &cciss_dev_type;
614         drv->dev.bus = &cciss_bus_type;
615         dev_set_name(&drv->dev, "c%dd%d", h->ctlr, drv_index);
616         drv->dev.parent = &h->dev;
617         return device_add(&drv->dev);
618 }
619
620 /*
621  * Remove sysfs entries for a logical drive.
622  */
623 static void cciss_destroy_ld_sysfs_entry(drive_info_struct *drv)
624 {
625         device_del(&drv->dev);
626 }
627
628 /*
629  * For operations that cannot sleep, a command block is allocated at init,
630  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
631  * which ones are free or in use.  For operations that can wait for kmalloc
632  * to possible sleep, this routine can be called with get_from_pool set to 0.
633  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was.
634  */
635 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool)
636 {
637         CommandList_struct *c;
638         int i;
639         u64bit temp64;
640         dma_addr_t cmd_dma_handle, err_dma_handle;
641
642         if (!get_from_pool) {
643                 c = (CommandList_struct *) pci_alloc_consistent(h->pdev,
644                         sizeof(CommandList_struct), &cmd_dma_handle);
645                 if (c == NULL)
646                         return NULL;
647                 memset(c, 0, sizeof(CommandList_struct));
648
649                 c->cmdindex = -1;
650
651                 c->err_info = (ErrorInfo_struct *)
652                     pci_alloc_consistent(h->pdev, sizeof(ErrorInfo_struct),
653                             &err_dma_handle);
654
655                 if (c->err_info == NULL) {
656                         pci_free_consistent(h->pdev,
657                                 sizeof(CommandList_struct), c, cmd_dma_handle);
658                         return NULL;
659                 }
660                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
661         } else {                /* get it out of the controllers pool */
662
663                 do {
664                         i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
665                         if (i == h->nr_cmds)
666                                 return NULL;
667                 } while (test_and_set_bit
668                          (i & (BITS_PER_LONG - 1),
669                           h->cmd_pool_bits + (i / BITS_PER_LONG)) != 0);
670 #ifdef CCISS_DEBUG
671                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
672 #endif
673                 c = h->cmd_pool + i;
674                 memset(c, 0, sizeof(CommandList_struct));
675                 cmd_dma_handle = h->cmd_pool_dhandle
676                     + i * sizeof(CommandList_struct);
677                 c->err_info = h->errinfo_pool + i;
678                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
679                 err_dma_handle = h->errinfo_pool_dhandle
680                     + i * sizeof(ErrorInfo_struct);
681                 h->nr_allocs++;
682
683                 c->cmdindex = i;
684         }
685
686         INIT_HLIST_NODE(&c->list);
687         c->busaddr = (__u32) cmd_dma_handle;
688         temp64.val = (__u64) err_dma_handle;
689         c->ErrDesc.Addr.lower = temp64.val32.lower;
690         c->ErrDesc.Addr.upper = temp64.val32.upper;
691         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
692
693         c->ctlr = h->ctlr;
694         return c;
695 }
696
697 /*
698  * Frees a command block that was previously allocated with cmd_alloc().
699  */
700 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
701 {
702         int i;
703         u64bit temp64;
704
705         if (!got_from_pool) {
706                 temp64.val32.lower = c->ErrDesc.Addr.lower;
707                 temp64.val32.upper = c->ErrDesc.Addr.upper;
708                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct),
709                                     c->err_info, (dma_addr_t) temp64.val);
710                 pci_free_consistent(h->pdev, sizeof(CommandList_struct),
711                                     c, (dma_addr_t) c->busaddr);
712         } else {
713                 i = c - h->cmd_pool;
714                 clear_bit(i & (BITS_PER_LONG - 1),
715                           h->cmd_pool_bits + (i / BITS_PER_LONG));
716                 h->nr_frees++;
717         }
718 }
719
720 static inline ctlr_info_t *get_host(struct gendisk *disk)
721 {
722         return disk->queue->queuedata;
723 }
724
725 static inline drive_info_struct *get_drv(struct gendisk *disk)
726 {
727         return disk->private_data;
728 }
729
730 /*
731  * Open.  Make sure the device is really there.
732  */
733 static int cciss_open(struct block_device *bdev, fmode_t mode)
734 {
735         ctlr_info_t *host = get_host(bdev->bd_disk);
736         drive_info_struct *drv = get_drv(bdev->bd_disk);
737
738 #ifdef CCISS_DEBUG
739         printk(KERN_DEBUG "cciss_open %s\n", bdev->bd_disk->disk_name);
740 #endif                          /* CCISS_DEBUG */
741
742         if (host->busy_initializing || drv->busy_configuring)
743                 return -EBUSY;
744         /*
745          * Root is allowed to open raw volume zero even if it's not configured
746          * so array config can still work. Root is also allowed to open any
747          * volume that has a LUN ID, so it can issue IOCTL to reread the
748          * disk information.  I don't think I really like this
749          * but I'm already using way to many device nodes to claim another one
750          * for "raw controller".
751          */
752         if (drv->heads == 0) {
753                 if (MINOR(bdev->bd_dev) != 0) { /* not node 0? */
754                         /* if not node 0 make sure it is a partition = 0 */
755                         if (MINOR(bdev->bd_dev) & 0x0f) {
756                                 return -ENXIO;
757                                 /* if it is, make sure we have a LUN ID */
758                         } else if (drv->LunID == 0) {
759                                 return -ENXIO;
760                         }
761                 }
762                 if (!capable(CAP_SYS_ADMIN))
763                         return -EPERM;
764         }
765         drv->usage_count++;
766         host->usage_count++;
767         return 0;
768 }
769
770 /*
771  * Close.  Sync first.
772  */
773 static int cciss_release(struct gendisk *disk, fmode_t mode)
774 {
775         ctlr_info_t *host = get_host(disk);
776         drive_info_struct *drv = get_drv(disk);
777
778 #ifdef CCISS_DEBUG
779         printk(KERN_DEBUG "cciss_release %s\n", disk->disk_name);
780 #endif                          /* CCISS_DEBUG */
781
782         drv->usage_count--;
783         host->usage_count--;
784         return 0;
785 }
786
787 #ifdef CONFIG_COMPAT
788
789 static int do_ioctl(struct block_device *bdev, fmode_t mode,
790                     unsigned cmd, unsigned long arg)
791 {
792         int ret;
793         lock_kernel();
794         ret = cciss_ioctl(bdev, mode, cmd, arg);
795         unlock_kernel();
796         return ret;
797 }
798
799 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
800                                   unsigned cmd, unsigned long arg);
801 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
802                                       unsigned cmd, unsigned long arg);
803
804 static int cciss_compat_ioctl(struct block_device *bdev, fmode_t mode,
805                               unsigned cmd, unsigned long arg)
806 {
807         switch (cmd) {
808         case CCISS_GETPCIINFO:
809         case CCISS_GETINTINFO:
810         case CCISS_SETINTINFO:
811         case CCISS_GETNODENAME:
812         case CCISS_SETNODENAME:
813         case CCISS_GETHEARTBEAT:
814         case CCISS_GETBUSTYPES:
815         case CCISS_GETFIRMVER:
816         case CCISS_GETDRIVVER:
817         case CCISS_REVALIDVOLS:
818         case CCISS_DEREGDISK:
819         case CCISS_REGNEWDISK:
820         case CCISS_REGNEWD:
821         case CCISS_RESCANDISK:
822         case CCISS_GETLUNINFO:
823                 return do_ioctl(bdev, mode, cmd, arg);
824
825         case CCISS_PASSTHRU32:
826                 return cciss_ioctl32_passthru(bdev, mode, cmd, arg);
827         case CCISS_BIG_PASSTHRU32:
828                 return cciss_ioctl32_big_passthru(bdev, mode, cmd, arg);
829
830         default:
831                 return -ENOIOCTLCMD;
832         }
833 }
834
835 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
836                                   unsigned cmd, unsigned long arg)
837 {
838         IOCTL32_Command_struct __user *arg32 =
839             (IOCTL32_Command_struct __user *) arg;
840         IOCTL_Command_struct arg64;
841         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
842         int err;
843         u32 cp;
844
845         err = 0;
846         err |=
847             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
848                            sizeof(arg64.LUN_info));
849         err |=
850             copy_from_user(&arg64.Request, &arg32->Request,
851                            sizeof(arg64.Request));
852         err |=
853             copy_from_user(&arg64.error_info, &arg32->error_info,
854                            sizeof(arg64.error_info));
855         err |= get_user(arg64.buf_size, &arg32->buf_size);
856         err |= get_user(cp, &arg32->buf);
857         arg64.buf = compat_ptr(cp);
858         err |= copy_to_user(p, &arg64, sizeof(arg64));
859
860         if (err)
861                 return -EFAULT;
862
863         err = do_ioctl(bdev, mode, CCISS_PASSTHRU, (unsigned long)p);
864         if (err)
865                 return err;
866         err |=
867             copy_in_user(&arg32->error_info, &p->error_info,
868                          sizeof(arg32->error_info));
869         if (err)
870                 return -EFAULT;
871         return err;
872 }
873
874 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
875                                       unsigned cmd, unsigned long arg)
876 {
877         BIG_IOCTL32_Command_struct __user *arg32 =
878             (BIG_IOCTL32_Command_struct __user *) arg;
879         BIG_IOCTL_Command_struct arg64;
880         BIG_IOCTL_Command_struct __user *p =
881             compat_alloc_user_space(sizeof(arg64));
882         int err;
883         u32 cp;
884
885         err = 0;
886         err |=
887             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
888                            sizeof(arg64.LUN_info));
889         err |=
890             copy_from_user(&arg64.Request, &arg32->Request,
891                            sizeof(arg64.Request));
892         err |=
893             copy_from_user(&arg64.error_info, &arg32->error_info,
894                            sizeof(arg64.error_info));
895         err |= get_user(arg64.buf_size, &arg32->buf_size);
896         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
897         err |= get_user(cp, &arg32->buf);
898         arg64.buf = compat_ptr(cp);
899         err |= copy_to_user(p, &arg64, sizeof(arg64));
900
901         if (err)
902                 return -EFAULT;
903
904         err = do_ioctl(bdev, mode, CCISS_BIG_PASSTHRU, (unsigned long)p);
905         if (err)
906                 return err;
907         err |=
908             copy_in_user(&arg32->error_info, &p->error_info,
909                          sizeof(arg32->error_info));
910         if (err)
911                 return -EFAULT;
912         return err;
913 }
914 #endif
915
916 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
917 {
918         drive_info_struct *drv = get_drv(bdev->bd_disk);
919
920         if (!drv->cylinders)
921                 return -ENXIO;
922
923         geo->heads = drv->heads;
924         geo->sectors = drv->sectors;
925         geo->cylinders = drv->cylinders;
926         return 0;
927 }
928
929 static void check_ioctl_unit_attention(ctlr_info_t *host, CommandList_struct *c)
930 {
931         if (c->err_info->CommandStatus == CMD_TARGET_STATUS &&
932                         c->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION)
933                 (void)check_for_unit_attention(host, c);
934 }
935 /*
936  * ioctl
937  */
938 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
939                        unsigned int cmd, unsigned long arg)
940 {
941         struct gendisk *disk = bdev->bd_disk;
942         ctlr_info_t *host = get_host(disk);
943         drive_info_struct *drv = get_drv(disk);
944         int ctlr = host->ctlr;
945         void __user *argp = (void __user *)arg;
946
947 #ifdef CCISS_DEBUG
948         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
949 #endif                          /* CCISS_DEBUG */
950
951         switch (cmd) {
952         case CCISS_GETPCIINFO:
953                 {
954                         cciss_pci_info_struct pciinfo;
955
956                         if (!arg)
957                                 return -EINVAL;
958                         pciinfo.domain = pci_domain_nr(host->pdev->bus);
959                         pciinfo.bus = host->pdev->bus->number;
960                         pciinfo.dev_fn = host->pdev->devfn;
961                         pciinfo.board_id = host->board_id;
962                         if (copy_to_user
963                             (argp, &pciinfo, sizeof(cciss_pci_info_struct)))
964                                 return -EFAULT;
965                         return 0;
966                 }
967         case CCISS_GETINTINFO:
968                 {
969                         cciss_coalint_struct intinfo;
970                         if (!arg)
971                                 return -EINVAL;
972                         intinfo.delay =
973                             readl(&host->cfgtable->HostWrite.CoalIntDelay);
974                         intinfo.count =
975                             readl(&host->cfgtable->HostWrite.CoalIntCount);
976                         if (copy_to_user
977                             (argp, &intinfo, sizeof(cciss_coalint_struct)))
978                                 return -EFAULT;
979                         return 0;
980                 }
981         case CCISS_SETINTINFO:
982                 {
983                         cciss_coalint_struct intinfo;
984                         unsigned long flags;
985                         int i;
986
987                         if (!arg)
988                                 return -EINVAL;
989                         if (!capable(CAP_SYS_ADMIN))
990                                 return -EPERM;
991                         if (copy_from_user
992                             (&intinfo, argp, sizeof(cciss_coalint_struct)))
993                                 return -EFAULT;
994                         if ((intinfo.delay == 0) && (intinfo.count == 0))
995                         {
996 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
997                                 return -EINVAL;
998                         }
999                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1000                         /* Update the field, and then ring the doorbell */
1001                         writel(intinfo.delay,
1002                                &(host->cfgtable->HostWrite.CoalIntDelay));
1003                         writel(intinfo.count,
1004                                &(host->cfgtable->HostWrite.CoalIntCount));
1005                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
1006
1007                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
1008                                 if (!(readl(host->vaddr + SA5_DOORBELL)
1009                                       & CFGTBL_ChangeReq))
1010                                         break;
1011                                 /* delay and try again */
1012                                 udelay(1000);
1013                         }
1014                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1015                         if (i >= MAX_IOCTL_CONFIG_WAIT)
1016                                 return -EAGAIN;
1017                         return 0;
1018                 }
1019         case CCISS_GETNODENAME:
1020                 {
1021                         NodeName_type NodeName;
1022                         int i;
1023
1024                         if (!arg)
1025                                 return -EINVAL;
1026                         for (i = 0; i < 16; i++)
1027                                 NodeName[i] =
1028                                     readb(&host->cfgtable->ServerName[i]);
1029                         if (copy_to_user(argp, NodeName, sizeof(NodeName_type)))
1030                                 return -EFAULT;
1031                         return 0;
1032                 }
1033         case CCISS_SETNODENAME:
1034                 {
1035                         NodeName_type NodeName;
1036                         unsigned long flags;
1037                         int i;
1038
1039                         if (!arg)
1040                                 return -EINVAL;
1041                         if (!capable(CAP_SYS_ADMIN))
1042                                 return -EPERM;
1043
1044                         if (copy_from_user
1045                             (NodeName, argp, sizeof(NodeName_type)))
1046                                 return -EFAULT;
1047
1048                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1049
1050                         /* Update the field, and then ring the doorbell */
1051                         for (i = 0; i < 16; i++)
1052                                 writeb(NodeName[i],
1053                                        &host->cfgtable->ServerName[i]);
1054
1055                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
1056
1057                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
1058                                 if (!(readl(host->vaddr + SA5_DOORBELL)
1059                                       & CFGTBL_ChangeReq))
1060                                         break;
1061                                 /* delay and try again */
1062                                 udelay(1000);
1063                         }
1064                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1065                         if (i >= MAX_IOCTL_CONFIG_WAIT)
1066                                 return -EAGAIN;
1067                         return 0;
1068                 }
1069
1070         case CCISS_GETHEARTBEAT:
1071                 {
1072                         Heartbeat_type heartbeat;
1073
1074                         if (!arg)
1075                                 return -EINVAL;
1076                         heartbeat = readl(&host->cfgtable->HeartBeat);
1077                         if (copy_to_user
1078                             (argp, &heartbeat, sizeof(Heartbeat_type)))
1079                                 return -EFAULT;
1080                         return 0;
1081                 }
1082         case CCISS_GETBUSTYPES:
1083                 {
1084                         BusTypes_type BusTypes;
1085
1086                         if (!arg)
1087                                 return -EINVAL;
1088                         BusTypes = readl(&host->cfgtable->BusTypes);
1089                         if (copy_to_user
1090                             (argp, &BusTypes, sizeof(BusTypes_type)))
1091                                 return -EFAULT;
1092                         return 0;
1093                 }
1094         case CCISS_GETFIRMVER:
1095                 {
1096                         FirmwareVer_type firmware;
1097
1098                         if (!arg)
1099                                 return -EINVAL;
1100                         memcpy(firmware, host->firm_ver, 4);
1101
1102                         if (copy_to_user
1103                             (argp, firmware, sizeof(FirmwareVer_type)))
1104                                 return -EFAULT;
1105                         return 0;
1106                 }
1107         case CCISS_GETDRIVVER:
1108                 {
1109                         DriverVer_type DriverVer = DRIVER_VERSION;
1110
1111                         if (!arg)
1112                                 return -EINVAL;
1113
1114                         if (copy_to_user
1115                             (argp, &DriverVer, sizeof(DriverVer_type)))
1116                                 return -EFAULT;
1117                         return 0;
1118                 }
1119
1120         case CCISS_DEREGDISK:
1121         case CCISS_REGNEWD:
1122         case CCISS_REVALIDVOLS:
1123                 return rebuild_lun_table(host, 0);
1124
1125         case CCISS_GETLUNINFO:{
1126                         LogvolInfo_struct luninfo;
1127
1128                         luninfo.LunID = drv->LunID;
1129                         luninfo.num_opens = drv->usage_count;
1130                         luninfo.num_parts = 0;
1131                         if (copy_to_user(argp, &luninfo,
1132                                          sizeof(LogvolInfo_struct)))
1133                                 return -EFAULT;
1134                         return 0;
1135                 }
1136         case CCISS_PASSTHRU:
1137                 {
1138                         IOCTL_Command_struct iocommand;
1139                         CommandList_struct *c;
1140                         char *buff = NULL;
1141                         u64bit temp64;
1142                         unsigned long flags;
1143                         DECLARE_COMPLETION_ONSTACK(wait);
1144
1145                         if (!arg)
1146                                 return -EINVAL;
1147
1148                         if (!capable(CAP_SYS_RAWIO))
1149                                 return -EPERM;
1150
1151                         if (copy_from_user
1152                             (&iocommand, argp, sizeof(IOCTL_Command_struct)))
1153                                 return -EFAULT;
1154                         if ((iocommand.buf_size < 1) &&
1155                             (iocommand.Request.Type.Direction != XFER_NONE)) {
1156                                 return -EINVAL;
1157                         }
1158 #if 0                           /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
1159                         /* Check kmalloc limits */
1160                         if (iocommand.buf_size > 128000)
1161                                 return -EINVAL;
1162 #endif
1163                         if (iocommand.buf_size > 0) {
1164                                 buff = kmalloc(iocommand.buf_size, GFP_KERNEL);
1165                                 if (buff == NULL)
1166                                         return -EFAULT;
1167                         }
1168                         if (iocommand.Request.Type.Direction == XFER_WRITE) {
1169                                 /* Copy the data into the buffer we created */
1170                                 if (copy_from_user
1171                                     (buff, iocommand.buf, iocommand.buf_size)) {
1172                                         kfree(buff);
1173                                         return -EFAULT;
1174                                 }
1175                         } else {
1176                                 memset(buff, 0, iocommand.buf_size);
1177                         }
1178                         if ((c = cmd_alloc(host, 0)) == NULL) {
1179                                 kfree(buff);
1180                                 return -ENOMEM;
1181                         }
1182                         // Fill in the command type
1183                         c->cmd_type = CMD_IOCTL_PEND;
1184                         // Fill in Command Header
1185                         c->Header.ReplyQueue = 0;       // unused in simple mode
1186                         if (iocommand.buf_size > 0)     // buffer to fill
1187                         {
1188                                 c->Header.SGList = 1;
1189                                 c->Header.SGTotal = 1;
1190                         } else  // no buffers to fill
1191                         {
1192                                 c->Header.SGList = 0;
1193                                 c->Header.SGTotal = 0;
1194                         }
1195                         c->Header.LUN = iocommand.LUN_info;
1196                         c->Header.Tag.lower = c->busaddr;       // use the kernel address the cmd block for tag
1197
1198                         // Fill in Request block
1199                         c->Request = iocommand.Request;
1200
1201                         // Fill in the scatter gather information
1202                         if (iocommand.buf_size > 0) {
1203                                 temp64.val = pci_map_single(host->pdev, buff,
1204                                         iocommand.buf_size,
1205                                         PCI_DMA_BIDIRECTIONAL);
1206                                 c->SG[0].Addr.lower = temp64.val32.lower;
1207                                 c->SG[0].Addr.upper = temp64.val32.upper;
1208                                 c->SG[0].Len = iocommand.buf_size;
1209                                 c->SG[0].Ext = 0;       // we are not chaining
1210                         }
1211                         c->waiting = &wait;
1212
1213                         /* Put the request on the tail of the request queue */
1214                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1215                         addQ(&host->reqQ, c);
1216                         host->Qdepth++;
1217                         start_io(host);
1218                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1219
1220                         wait_for_completion(&wait);
1221
1222                         /* unlock the buffers from DMA */
1223                         temp64.val32.lower = c->SG[0].Addr.lower;
1224                         temp64.val32.upper = c->SG[0].Addr.upper;
1225                         pci_unmap_single(host->pdev, (dma_addr_t) temp64.val,
1226                                          iocommand.buf_size,
1227                                          PCI_DMA_BIDIRECTIONAL);
1228
1229                         check_ioctl_unit_attention(host, c);
1230
1231                         /* Copy the error information out */
1232                         iocommand.error_info = *(c->err_info);
1233                         if (copy_to_user
1234                             (argp, &iocommand, sizeof(IOCTL_Command_struct))) {
1235                                 kfree(buff);
1236                                 cmd_free(host, c, 0);
1237                                 return -EFAULT;
1238                         }
1239
1240                         if (iocommand.Request.Type.Direction == XFER_READ) {
1241                                 /* Copy the data out of the buffer we created */
1242                                 if (copy_to_user
1243                                     (iocommand.buf, buff, iocommand.buf_size)) {
1244                                         kfree(buff);
1245                                         cmd_free(host, c, 0);
1246                                         return -EFAULT;
1247                                 }
1248                         }
1249                         kfree(buff);
1250                         cmd_free(host, c, 0);
1251                         return 0;
1252                 }
1253         case CCISS_BIG_PASSTHRU:{
1254                         BIG_IOCTL_Command_struct *ioc;
1255                         CommandList_struct *c;
1256                         unsigned char **buff = NULL;
1257                         int *buff_size = NULL;
1258                         u64bit temp64;
1259                         unsigned long flags;
1260                         BYTE sg_used = 0;
1261                         int status = 0;
1262                         int i;
1263                         DECLARE_COMPLETION_ONSTACK(wait);
1264                         __u32 left;
1265                         __u32 sz;
1266                         BYTE __user *data_ptr;
1267
1268                         if (!arg)
1269                                 return -EINVAL;
1270                         if (!capable(CAP_SYS_RAWIO))
1271                                 return -EPERM;
1272                         ioc = (BIG_IOCTL_Command_struct *)
1273                             kmalloc(sizeof(*ioc), GFP_KERNEL);
1274                         if (!ioc) {
1275                                 status = -ENOMEM;
1276                                 goto cleanup1;
1277                         }
1278                         if (copy_from_user(ioc, argp, sizeof(*ioc))) {
1279                                 status = -EFAULT;
1280                                 goto cleanup1;
1281                         }
1282                         if ((ioc->buf_size < 1) &&
1283                             (ioc->Request.Type.Direction != XFER_NONE)) {
1284                                 status = -EINVAL;
1285                                 goto cleanup1;
1286                         }
1287                         /* Check kmalloc limits  using all SGs */
1288                         if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
1289                                 status = -EINVAL;
1290                                 goto cleanup1;
1291                         }
1292                         if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
1293                                 status = -EINVAL;
1294                                 goto cleanup1;
1295                         }
1296                         buff =
1297                             kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
1298                         if (!buff) {
1299                                 status = -ENOMEM;
1300                                 goto cleanup1;
1301                         }
1302                         buff_size = kmalloc(MAXSGENTRIES * sizeof(int),
1303                                                    GFP_KERNEL);
1304                         if (!buff_size) {
1305                                 status = -ENOMEM;
1306                                 goto cleanup1;
1307                         }
1308                         left = ioc->buf_size;
1309                         data_ptr = ioc->buf;
1310                         while (left) {
1311                                 sz = (left >
1312                                       ioc->malloc_size) ? ioc->
1313                                     malloc_size : left;
1314                                 buff_size[sg_used] = sz;
1315                                 buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1316                                 if (buff[sg_used] == NULL) {
1317                                         status = -ENOMEM;
1318                                         goto cleanup1;
1319                                 }
1320                                 if (ioc->Request.Type.Direction == XFER_WRITE) {
1321                                         if (copy_from_user
1322                                             (buff[sg_used], data_ptr, sz)) {
1323                                                 status = -EFAULT;
1324                                                 goto cleanup1;
1325                                         }
1326                                 } else {
1327                                         memset(buff[sg_used], 0, sz);
1328                                 }
1329                                 left -= sz;
1330                                 data_ptr += sz;
1331                                 sg_used++;
1332                         }
1333                         if ((c = cmd_alloc(host, 0)) == NULL) {
1334                                 status = -ENOMEM;
1335                                 goto cleanup1;
1336                         }
1337                         c->cmd_type = CMD_IOCTL_PEND;
1338                         c->Header.ReplyQueue = 0;
1339
1340                         if (ioc->buf_size > 0) {
1341                                 c->Header.SGList = sg_used;
1342                                 c->Header.SGTotal = sg_used;
1343                         } else {
1344                                 c->Header.SGList = 0;
1345                                 c->Header.SGTotal = 0;
1346                         }
1347                         c->Header.LUN = ioc->LUN_info;
1348                         c->Header.Tag.lower = c->busaddr;
1349
1350                         c->Request = ioc->Request;
1351                         if (ioc->buf_size > 0) {
1352                                 int i;
1353                                 for (i = 0; i < sg_used; i++) {
1354                                         temp64.val =
1355                                             pci_map_single(host->pdev, buff[i],
1356                                                     buff_size[i],
1357                                                     PCI_DMA_BIDIRECTIONAL);
1358                                         c->SG[i].Addr.lower =
1359                                             temp64.val32.lower;
1360                                         c->SG[i].Addr.upper =
1361                                             temp64.val32.upper;
1362                                         c->SG[i].Len = buff_size[i];
1363                                         c->SG[i].Ext = 0;       /* we are not chaining */
1364                                 }
1365                         }
1366                         c->waiting = &wait;
1367                         /* Put the request on the tail of the request queue */
1368                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1369                         addQ(&host->reqQ, c);
1370                         host->Qdepth++;
1371                         start_io(host);
1372                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1373                         wait_for_completion(&wait);
1374                         /* unlock the buffers from DMA */
1375                         for (i = 0; i < sg_used; i++) {
1376                                 temp64.val32.lower = c->SG[i].Addr.lower;
1377                                 temp64.val32.upper = c->SG[i].Addr.upper;
1378                                 pci_unmap_single(host->pdev,
1379                                         (dma_addr_t) temp64.val, buff_size[i],
1380                                         PCI_DMA_BIDIRECTIONAL);
1381                         }
1382                         check_ioctl_unit_attention(host, c);
1383                         /* Copy the error information out */
1384                         ioc->error_info = *(c->err_info);
1385                         if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1386                                 cmd_free(host, c, 0);
1387                                 status = -EFAULT;
1388                                 goto cleanup1;
1389                         }
1390                         if (ioc->Request.Type.Direction == XFER_READ) {
1391                                 /* Copy the data out of the buffer we created */
1392                                 BYTE __user *ptr = ioc->buf;
1393                                 for (i = 0; i < sg_used; i++) {
1394                                         if (copy_to_user
1395                                             (ptr, buff[i], buff_size[i])) {
1396                                                 cmd_free(host, c, 0);
1397                                                 status = -EFAULT;
1398                                                 goto cleanup1;
1399                                         }
1400                                         ptr += buff_size[i];
1401                                 }
1402                         }
1403                         cmd_free(host, c, 0);
1404                         status = 0;
1405                       cleanup1:
1406                         if (buff) {
1407                                 for (i = 0; i < sg_used; i++)
1408                                         kfree(buff[i]);
1409                                 kfree(buff);
1410                         }
1411                         kfree(buff_size);
1412                         kfree(ioc);
1413                         return status;
1414                 }
1415
1416         /* scsi_cmd_ioctl handles these, below, though some are not */
1417         /* very meaningful for cciss.  SG_IO is the main one people want. */
1418
1419         case SG_GET_VERSION_NUM:
1420         case SG_SET_TIMEOUT:
1421         case SG_GET_TIMEOUT:
1422         case SG_GET_RESERVED_SIZE:
1423         case SG_SET_RESERVED_SIZE:
1424         case SG_EMULATED_HOST:
1425         case SG_IO:
1426         case SCSI_IOCTL_SEND_COMMAND:
1427                 return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp);
1428
1429         /* scsi_cmd_ioctl would normally handle these, below, but */
1430         /* they aren't a good fit for cciss, as CD-ROMs are */
1431         /* not supported, and we don't have any bus/target/lun */
1432         /* which we present to the kernel. */
1433
1434         case CDROM_SEND_PACKET:
1435         case CDROMCLOSETRAY:
1436         case CDROMEJECT:
1437         case SCSI_IOCTL_GET_IDLUN:
1438         case SCSI_IOCTL_GET_BUS_NUMBER:
1439         default:
1440                 return -ENOTTY;
1441         }
1442 }
1443
1444 static void cciss_check_queues(ctlr_info_t *h)
1445 {
1446         int start_queue = h->next_to_run;
1447         int i;
1448
1449         /* check to see if we have maxed out the number of commands that can
1450          * be placed on the queue.  If so then exit.  We do this check here
1451          * in case the interrupt we serviced was from an ioctl and did not
1452          * free any new commands.
1453          */
1454         if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds)
1455                 return;
1456
1457         /* We have room on the queue for more commands.  Now we need to queue
1458          * them up.  We will also keep track of the next queue to run so
1459          * that every queue gets a chance to be started first.
1460          */
1461         for (i = 0; i < h->highest_lun + 1; i++) {
1462                 int curr_queue = (start_queue + i) % (h->highest_lun + 1);
1463                 /* make sure the disk has been added and the drive is real
1464                  * because this can be called from the middle of init_one.
1465                  */
1466                 if (!(h->drv[curr_queue].queue) || !(h->drv[curr_queue].heads))
1467                         continue;
1468                 blk_start_queue(h->gendisk[curr_queue]->queue);
1469
1470                 /* check to see if we have maxed out the number of commands
1471                  * that can be placed on the queue.
1472                  */
1473                 if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds) {
1474                         if (curr_queue == start_queue) {
1475                                 h->next_to_run =
1476                                     (start_queue + 1) % (h->highest_lun + 1);
1477                                 break;
1478                         } else {
1479                                 h->next_to_run = curr_queue;
1480                                 break;
1481                         }
1482                 }
1483         }
1484 }
1485
1486 static void cciss_softirq_done(struct request *rq)
1487 {
1488         CommandList_struct *cmd = rq->completion_data;
1489         ctlr_info_t *h = hba[cmd->ctlr];
1490         unsigned long flags;
1491         u64bit temp64;
1492         int i, ddir;
1493
1494         if (cmd->Request.Type.Direction == XFER_READ)
1495                 ddir = PCI_DMA_FROMDEVICE;
1496         else
1497                 ddir = PCI_DMA_TODEVICE;
1498
1499         /* command did not need to be retried */
1500         /* unmap the DMA mapping for all the scatter gather elements */
1501         for (i = 0; i < cmd->Header.SGList; i++) {
1502                 temp64.val32.lower = cmd->SG[i].Addr.lower;
1503                 temp64.val32.upper = cmd->SG[i].Addr.upper;
1504                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
1505         }
1506
1507 #ifdef CCISS_DEBUG
1508         printk("Done with %p\n", rq);
1509 #endif                          /* CCISS_DEBUG */
1510
1511         /* set the residual count for pc requests */
1512         if (blk_pc_request(rq))
1513                 rq->resid_len = cmd->err_info->ResidualCnt;
1514
1515         blk_end_request_all(rq, (rq->errors == 0) ? 0 : -EIO);
1516
1517         spin_lock_irqsave(&h->lock, flags);
1518         cmd_free(h, cmd, 1);
1519         cciss_check_queues(h);
1520         spin_unlock_irqrestore(&h->lock, flags);
1521 }
1522
1523 /* This function gets the SCSI vendor, model, and revision of a logical drive
1524  * via the inquiry page 0.  Model, vendor, and rev are set to empty strings if
1525  * they cannot be read.
1526  */
1527 static void cciss_get_device_descr(int ctlr, int logvol, int withirq,
1528                                    char *vendor, char *model, char *rev)
1529 {
1530         int rc;
1531         InquiryData_struct *inq_buf;
1532
1533         *vendor = '\0';
1534         *model = '\0';
1535         *rev = '\0';
1536
1537         inq_buf = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1538         if (!inq_buf)
1539                 return;
1540
1541         if (withirq)
1542                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, inq_buf,
1543                                      sizeof(InquiryData_struct), 1, logvol,
1544                                      0, TYPE_CMD);
1545         else
1546                 rc = sendcmd(CISS_INQUIRY, ctlr, inq_buf,
1547                              sizeof(InquiryData_struct), 1, logvol, 0, NULL,
1548                              TYPE_CMD);
1549         if (rc == IO_OK) {
1550                 memcpy(vendor, &inq_buf->data_byte[8], VENDOR_LEN);
1551                 vendor[VENDOR_LEN] = '\0';
1552                 memcpy(model, &inq_buf->data_byte[16], MODEL_LEN);
1553                 model[MODEL_LEN] = '\0';
1554                 memcpy(rev, &inq_buf->data_byte[32], REV_LEN);
1555                 rev[REV_LEN] = '\0';
1556         }
1557
1558         kfree(inq_buf);
1559         return;
1560 }
1561
1562 /* This function gets the serial number of a logical drive via
1563  * inquiry page 0x83.  Serial no. is 16 bytes.  If the serial
1564  * number cannot be had, for whatever reason, 16 bytes of 0xff
1565  * are returned instead.
1566  */
1567 static void cciss_get_serial_no(int ctlr, int logvol, int withirq,
1568                                 unsigned char *serial_no, int buflen)
1569 {
1570 #define PAGE_83_INQ_BYTES 64
1571         int rc;
1572         unsigned char *buf;
1573
1574         if (buflen > 16)
1575                 buflen = 16;
1576         memset(serial_no, 0xff, buflen);
1577         buf = kzalloc(PAGE_83_INQ_BYTES, GFP_KERNEL);
1578         if (!buf)
1579                 return;
1580         memset(serial_no, 0, buflen);
1581         if (withirq)
1582                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, buf,
1583                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, TYPE_CMD);
1584         else
1585                 rc = sendcmd(CISS_INQUIRY, ctlr, buf,
1586                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, NULL, TYPE_CMD);
1587         if (rc == IO_OK)
1588                 memcpy(serial_no, &buf[8], buflen);
1589         kfree(buf);
1590         return;
1591 }
1592
1593 static void cciss_add_disk(ctlr_info_t *h, struct gendisk *disk,
1594                                 int drv_index)
1595 {
1596         disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1597         sprintf(disk->disk_name, "cciss/c%dd%d", h->ctlr, drv_index);
1598         disk->major = h->major;
1599         disk->first_minor = drv_index << NWD_SHIFT;
1600         disk->fops = &cciss_fops;
1601         disk->private_data = &h->drv[drv_index];
1602         disk->driverfs_dev = &h->drv[drv_index].dev;
1603
1604         /* Set up queue information */
1605         blk_queue_bounce_limit(disk->queue, h->pdev->dma_mask);
1606
1607         /* This is a hardware imposed limit. */
1608         blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1609
1610         /* This is a limit in the driver and could be eliminated. */
1611         blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1612
1613         blk_queue_max_sectors(disk->queue, h->cciss_max_sectors);
1614
1615         blk_queue_softirq_done(disk->queue, cciss_softirq_done);
1616
1617         disk->queue->queuedata = h;
1618
1619         blk_queue_logical_block_size(disk->queue,
1620                                      h->drv[drv_index].block_size);
1621
1622         /* Make sure all queue data is written out before */
1623         /* setting h->drv[drv_index].queue, as setting this */
1624         /* allows the interrupt handler to start the queue */
1625         wmb();
1626         h->drv[drv_index].queue = disk->queue;
1627         add_disk(disk);
1628 }
1629
1630 /* This function will check the usage_count of the drive to be updated/added.
1631  * If the usage_count is zero and it is a heretofore unknown drive, or,
1632  * the drive's capacity, geometry, or serial number has changed,
1633  * then the drive information will be updated and the disk will be
1634  * re-registered with the kernel.  If these conditions don't hold,
1635  * then it will be left alone for the next reboot.  The exception to this
1636  * is disk 0 which will always be left registered with the kernel since it
1637  * is also the controller node.  Any changes to disk 0 will show up on
1638  * the next reboot.
1639  */
1640 static void cciss_update_drive_info(int ctlr, int drv_index, int first_time)
1641 {
1642         ctlr_info_t *h = hba[ctlr];
1643         struct gendisk *disk;
1644         InquiryData_struct *inq_buff = NULL;
1645         unsigned int block_size;
1646         sector_t total_size;
1647         unsigned long flags = 0;
1648         int ret = 0;
1649         drive_info_struct *drvinfo;
1650         int was_only_controller_node;
1651
1652         /* Get information about the disk and modify the driver structure */
1653         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1654         drvinfo = kmalloc(sizeof(*drvinfo), GFP_KERNEL);
1655         if (inq_buff == NULL || drvinfo == NULL)
1656                 goto mem_msg;
1657
1658         /* See if we're trying to update the "controller node"
1659          * this will happen the when the first logical drive gets
1660          * created by ACU.
1661          */
1662         was_only_controller_node = (drv_index == 0 &&
1663                                 h->drv[0].raid_level == -1);
1664
1665         /* testing to see if 16-byte CDBs are already being used */
1666         if (h->cciss_read == CCISS_READ_16) {
1667                 cciss_read_capacity_16(h->ctlr, drv_index, 1,
1668                         &total_size, &block_size);
1669
1670         } else {
1671                 cciss_read_capacity(ctlr, drv_index, 1,
1672                                     &total_size, &block_size);
1673
1674                 /* if read_capacity returns all F's this volume is >2TB */
1675                 /* in size so we switch to 16-byte CDB's for all */
1676                 /* read/write ops */
1677                 if (total_size == 0xFFFFFFFFULL) {
1678                         cciss_read_capacity_16(ctlr, drv_index, 1,
1679                         &total_size, &block_size);
1680                         h->cciss_read = CCISS_READ_16;
1681                         h->cciss_write = CCISS_WRITE_16;
1682                 } else {
1683                         h->cciss_read = CCISS_READ_10;
1684                         h->cciss_write = CCISS_WRITE_10;
1685                 }
1686         }
1687
1688         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1689                                inq_buff, drvinfo);
1690         drvinfo->block_size = block_size;
1691         drvinfo->nr_blocks = total_size + 1;
1692
1693         cciss_get_device_descr(ctlr, drv_index, 1, drvinfo->vendor,
1694                                 drvinfo->model, drvinfo->rev);
1695         cciss_get_serial_no(ctlr, drv_index, 1, drvinfo->serial_no,
1696                         sizeof(drvinfo->serial_no));
1697
1698         /* Is it the same disk we already know, and nothing's changed? */
1699         if (h->drv[drv_index].raid_level != -1 &&
1700                 ((memcmp(drvinfo->serial_no,
1701                                 h->drv[drv_index].serial_no, 16) == 0) &&
1702                 drvinfo->block_size == h->drv[drv_index].block_size &&
1703                 drvinfo->nr_blocks == h->drv[drv_index].nr_blocks &&
1704                 drvinfo->heads == h->drv[drv_index].heads &&
1705                 drvinfo->sectors == h->drv[drv_index].sectors &&
1706                 drvinfo->cylinders == h->drv[drv_index].cylinders))
1707                         /* The disk is unchanged, nothing to update */
1708                         goto freeret;
1709
1710         /* If we get here it's not the same disk, or something's changed,
1711          * so we need to * deregister it, and re-register it, if it's not
1712          * in use.
1713          * If the disk already exists then deregister it before proceeding
1714          * (unless it's the first disk (for the controller node).
1715          */
1716         if (h->drv[drv_index].raid_level != -1 && drv_index != 0) {
1717                 printk(KERN_WARNING "disk %d has changed.\n", drv_index);
1718                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1719                 h->drv[drv_index].busy_configuring = 1;
1720                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1721
1722                 /* deregister_disk sets h->drv[drv_index].queue = NULL
1723                  * which keeps the interrupt handler from starting
1724                  * the queue.
1725                  */
1726                 ret = deregister_disk(h, drv_index, 0);
1727                 h->drv[drv_index].busy_configuring = 0;
1728         }
1729
1730         /* If the disk is in use return */
1731         if (ret)
1732                 goto freeret;
1733
1734         /* Save the new information from cciss_geometry_inquiry
1735          * and serial number inquiry.
1736          */
1737         h->drv[drv_index].block_size = drvinfo->block_size;
1738         h->drv[drv_index].nr_blocks = drvinfo->nr_blocks;
1739         h->drv[drv_index].heads = drvinfo->heads;
1740         h->drv[drv_index].sectors = drvinfo->sectors;
1741         h->drv[drv_index].cylinders = drvinfo->cylinders;
1742         h->drv[drv_index].raid_level = drvinfo->raid_level;
1743         memcpy(h->drv[drv_index].serial_no, drvinfo->serial_no, 16);
1744         memcpy(h->drv[drv_index].vendor, drvinfo->vendor, VENDOR_LEN + 1);
1745         memcpy(h->drv[drv_index].model, drvinfo->model, MODEL_LEN + 1);
1746         memcpy(h->drv[drv_index].rev, drvinfo->rev, REV_LEN + 1);
1747
1748         ++h->num_luns;
1749         disk = h->gendisk[drv_index];
1750         set_capacity(disk, h->drv[drv_index].nr_blocks);
1751
1752         /* If it's not disk 0 (drv_index != 0)
1753          * or if it was disk 0, but there was previously
1754          * no actual corresponding configured logical drive
1755          * (raid_leve == -1) then we want to update the
1756          * logical drive's information.
1757          */
1758         if (drv_index || first_time)
1759                 cciss_add_disk(h, disk, drv_index);
1760
1761 freeret:
1762         kfree(inq_buff);
1763         kfree(drvinfo);
1764         return;
1765 mem_msg:
1766         printk(KERN_ERR "cciss: out of memory\n");
1767         goto freeret;
1768 }
1769
1770 /* This function will find the first index of the controllers drive array
1771  * that has a -1 for the raid_level and will return that index.  This is
1772  * where new drives will be added.  If the index to be returned is greater
1773  * than the highest_lun index for the controller then highest_lun is set
1774  * to this new index.  If there are no available indexes then -1 is returned.
1775  * "controller_node" is used to know if this is a real logical drive, or just
1776  * the controller node, which determines if this counts towards highest_lun.
1777  */
1778 static int cciss_find_free_drive_index(int ctlr, int controller_node)
1779 {
1780         int i;
1781
1782         for (i = 0; i < CISS_MAX_LUN; i++) {
1783                 if (hba[ctlr]->drv[i].raid_level == -1) {
1784                         if (i > hba[ctlr]->highest_lun)
1785                                 if (!controller_node)
1786                                         hba[ctlr]->highest_lun = i;
1787                         return i;
1788                 }
1789         }
1790         return -1;
1791 }
1792
1793 /* cciss_add_gendisk finds a free hba[]->drv structure
1794  * and allocates a gendisk if needed, and sets the lunid
1795  * in the drvinfo structure.   It returns the index into
1796  * the ->drv[] array, or -1 if none are free.
1797  * is_controller_node indicates whether highest_lun should
1798  * count this disk, or if it's only being added to provide
1799  * a means to talk to the controller in case no logical
1800  * drives have yet been configured.
1801  */
1802 static int cciss_add_gendisk(ctlr_info_t *h, __u32 lunid, int controller_node)
1803 {
1804         int drv_index;
1805
1806         drv_index = cciss_find_free_drive_index(h->ctlr, controller_node);
1807         if (drv_index == -1)
1808                 return -1;
1809         /*Check if the gendisk needs to be allocated */
1810         if (!h->gendisk[drv_index]) {
1811                 h->gendisk[drv_index] =
1812                         alloc_disk(1 << NWD_SHIFT);
1813                 if (!h->gendisk[drv_index]) {
1814                         printk(KERN_ERR "cciss%d: could not "
1815                                 "allocate a new disk %d\n",
1816                                 h->ctlr, drv_index);
1817                         return -1;
1818                 }
1819         }
1820         h->drv[drv_index].LunID = lunid;
1821         if (cciss_create_ld_sysfs_entry(h, &h->drv[drv_index], drv_index))
1822                 goto err_free_disk;
1823
1824         /* Don't need to mark this busy because nobody */
1825         /* else knows about this disk yet to contend */
1826         /* for access to it. */
1827         h->drv[drv_index].busy_configuring = 0;
1828         wmb();
1829         return drv_index;
1830
1831 err_free_disk:
1832         put_disk(h->gendisk[drv_index]);
1833         h->gendisk[drv_index] = NULL;
1834         return -1;
1835 }
1836
1837 /* This is for the special case of a controller which
1838  * has no logical drives.  In this case, we still need
1839  * to register a disk so the controller can be accessed
1840  * by the Array Config Utility.
1841  */
1842 static void cciss_add_controller_node(ctlr_info_t *h)
1843 {
1844         struct gendisk *disk;
1845         int drv_index;
1846
1847         if (h->gendisk[0] != NULL) /* already did this? Then bail. */
1848                 return;
1849
1850         drv_index = cciss_add_gendisk(h, 0, 1);
1851         if (drv_index == -1) {
1852                 printk(KERN_WARNING "cciss%d: could not "
1853                         "add disk 0.\n", h->ctlr);
1854                 return;
1855         }
1856         h->drv[drv_index].block_size = 512;
1857         h->drv[drv_index].nr_blocks = 0;
1858         h->drv[drv_index].heads = 0;
1859         h->drv[drv_index].sectors = 0;
1860         h->drv[drv_index].cylinders = 0;
1861         h->drv[drv_index].raid_level = -1;
1862         memset(h->drv[drv_index].serial_no, 0, 16);
1863         disk = h->gendisk[drv_index];
1864         cciss_add_disk(h, disk, drv_index);
1865 }
1866
1867 /* This function will add and remove logical drives from the Logical
1868  * drive array of the controller and maintain persistency of ordering
1869  * so that mount points are preserved until the next reboot.  This allows
1870  * for the removal of logical drives in the middle of the drive array
1871  * without a re-ordering of those drives.
1872  * INPUT
1873  * h            = The controller to perform the operations on
1874  */
1875 static int rebuild_lun_table(ctlr_info_t *h, int first_time)
1876 {
1877         int ctlr = h->ctlr;
1878         int num_luns;
1879         ReportLunData_struct *ld_buff = NULL;
1880         int return_code;
1881         int listlength = 0;
1882         int i;
1883         int drv_found;
1884         int drv_index = 0;
1885         __u32 lunid = 0;
1886         unsigned long flags;
1887
1888         if (!capable(CAP_SYS_RAWIO))
1889                 return -EPERM;
1890
1891         /* Set busy_configuring flag for this operation */
1892         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1893         if (h->busy_configuring) {
1894                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1895                 return -EBUSY;
1896         }
1897         h->busy_configuring = 1;
1898         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1899
1900         ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
1901         if (ld_buff == NULL)
1902                 goto mem_msg;
1903
1904         return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
1905                                       sizeof(ReportLunData_struct), 0,
1906                                       0, 0, TYPE_CMD);
1907
1908         if (return_code == IO_OK)
1909                 listlength = be32_to_cpu(*(__be32 *) ld_buff->LUNListLength);
1910         else {  /* reading number of logical volumes failed */
1911                 printk(KERN_WARNING "cciss: report logical volume"
1912                        " command failed\n");
1913                 listlength = 0;
1914                 goto freeret;
1915         }
1916
1917         num_luns = listlength / 8;      /* 8 bytes per entry */
1918         if (num_luns > CISS_MAX_LUN) {
1919                 num_luns = CISS_MAX_LUN;
1920                 printk(KERN_WARNING "cciss: more luns configured"
1921                        " on controller than can be handled by"
1922                        " this driver.\n");
1923         }
1924
1925         if (num_luns == 0)
1926                 cciss_add_controller_node(h);
1927
1928         /* Compare controller drive array to driver's drive array
1929          * to see if any drives are missing on the controller due
1930          * to action of Array Config Utility (user deletes drive)
1931          * and deregister logical drives which have disappeared.
1932          */
1933         for (i = 0; i <= h->highest_lun; i++) {
1934                 int j;
1935                 drv_found = 0;
1936
1937                 /* skip holes in the array from already deleted drives */
1938                 if (h->drv[i].raid_level == -1)
1939                         continue;
1940
1941                 for (j = 0; j < num_luns; j++) {
1942                         memcpy(&lunid, &ld_buff->LUN[j][0], 4);
1943                         lunid = le32_to_cpu(lunid);
1944                         if (h->drv[i].LunID == lunid) {
1945                                 drv_found = 1;
1946                                 break;
1947                         }
1948                 }
1949                 if (!drv_found) {
1950                         /* Deregister it from the OS, it's gone. */
1951                         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1952                         h->drv[i].busy_configuring = 1;
1953                         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1954                         return_code = deregister_disk(h, i, 1);
1955                         cciss_destroy_ld_sysfs_entry(&h->drv[i]);
1956                         h->drv[i].busy_configuring = 0;
1957                 }
1958         }
1959
1960         /* Compare controller drive array to driver's drive array.
1961          * Check for updates in the drive information and any new drives
1962          * on the controller due to ACU adding logical drives, or changing
1963          * a logical drive's size, etc.  Reregister any new/changed drives
1964          */
1965         for (i = 0; i < num_luns; i++) {
1966                 int j;
1967
1968                 drv_found = 0;
1969
1970                 memcpy(&lunid, &ld_buff->LUN[i][0], 4);
1971                 lunid = le32_to_cpu(lunid);
1972
1973                 /* Find if the LUN is already in the drive array
1974                  * of the driver.  If so then update its info
1975                  * if not in use.  If it does not exist then find
1976                  * the first free index and add it.
1977                  */
1978                 for (j = 0; j <= h->highest_lun; j++) {
1979                         if (h->drv[j].raid_level != -1 &&
1980                                 h->drv[j].LunID == lunid) {
1981                                 drv_index = j;
1982                                 drv_found = 1;
1983                                 break;
1984                         }
1985                 }
1986
1987                 /* check if the drive was found already in the array */
1988                 if (!drv_found) {
1989                         drv_index = cciss_add_gendisk(h, lunid, 0);
1990                         if (drv_index == -1)
1991                                 goto freeret;
1992                 }
1993                 cciss_update_drive_info(ctlr, drv_index, first_time);
1994         }               /* end for */
1995
1996 freeret:
1997         kfree(ld_buff);
1998         h->busy_configuring = 0;
1999         /* We return -1 here to tell the ACU that we have registered/updated
2000          * all of the drives that we can and to keep it from calling us
2001          * additional times.
2002          */
2003         return -1;
2004 mem_msg:
2005         printk(KERN_ERR "cciss: out of memory\n");
2006         h->busy_configuring = 0;
2007         goto freeret;
2008 }
2009
2010 /* This function will deregister the disk and it's queue from the
2011  * kernel.  It must be called with the controller lock held and the
2012  * drv structures busy_configuring flag set.  It's parameters are:
2013  *
2014  * disk = This is the disk to be deregistered
2015  * drv  = This is the drive_info_struct associated with the disk to be
2016  *        deregistered.  It contains information about the disk used
2017  *        by the driver.
2018  * clear_all = This flag determines whether or not the disk information
2019  *             is going to be completely cleared out and the highest_lun
2020  *             reset.  Sometimes we want to clear out information about
2021  *             the disk in preparation for re-adding it.  In this case
2022  *             the highest_lun should be left unchanged and the LunID
2023  *             should not be cleared.
2024 */
2025 static int deregister_disk(ctlr_info_t *h, int drv_index,
2026                            int clear_all)
2027 {
2028         int i;
2029         struct gendisk *disk;
2030         drive_info_struct *drv;
2031
2032         if (!capable(CAP_SYS_RAWIO))
2033                 return -EPERM;
2034
2035         drv = &h->drv[drv_index];
2036         disk = h->gendisk[drv_index];
2037
2038         /* make sure logical volume is NOT is use */
2039         if (clear_all || (h->gendisk[0] == disk)) {
2040                 if (drv->usage_count > 1)
2041                         return -EBUSY;
2042         } else if (drv->usage_count > 0)
2043                 return -EBUSY;
2044
2045         /* invalidate the devices and deregister the disk.  If it is disk
2046          * zero do not deregister it but just zero out it's values.  This
2047          * allows us to delete disk zero but keep the controller registered.
2048          */
2049         if (h->gendisk[0] != disk) {
2050                 struct request_queue *q = disk->queue;
2051                 if (disk->flags & GENHD_FL_UP)
2052                         del_gendisk(disk);
2053                 if (q) {
2054                         blk_cleanup_queue(q);
2055                         /* Set drv->queue to NULL so that we do not try
2056                          * to call blk_start_queue on this queue in the
2057                          * interrupt handler
2058                          */
2059                         drv->queue = NULL;
2060                 }
2061                 /* If clear_all is set then we are deleting the logical
2062                  * drive, not just refreshing its info.  For drives
2063                  * other than disk 0 we will call put_disk.  We do not
2064                  * do this for disk 0 as we need it to be able to
2065                  * configure the controller.
2066                  */
2067                 if (clear_all){
2068                         /* This isn't pretty, but we need to find the
2069                          * disk in our array and NULL our the pointer.
2070                          * This is so that we will call alloc_disk if
2071                          * this index is used again later.
2072                          */
2073                         for (i=0; i < CISS_MAX_LUN; i++){
2074                                 if (h->gendisk[i] == disk) {
2075                                         h->gendisk[i] = NULL;
2076                                         break;
2077                                 }
2078                         }
2079                         put_disk(disk);
2080                 }
2081         } else {
2082                 set_capacity(disk, 0);
2083         }
2084
2085         --h->num_luns;
2086         /* zero out the disk size info */
2087         drv->nr_blocks = 0;
2088         drv->block_size = 0;
2089         drv->heads = 0;
2090         drv->sectors = 0;
2091         drv->cylinders = 0;
2092         drv->raid_level = -1;   /* This can be used as a flag variable to
2093                                  * indicate that this element of the drive
2094                                  * array is free.
2095                                  */
2096
2097         if (clear_all) {
2098                 /* check to see if it was the last disk */
2099                 if (drv == h->drv + h->highest_lun) {
2100                         /* if so, find the new hightest lun */
2101                         int i, newhighest = -1;
2102                         for (i = 0; i <= h->highest_lun; i++) {
2103                                 /* if the disk has size > 0, it is available */
2104                                 if (h->drv[i].heads)
2105                                         newhighest = i;
2106                         }
2107                         h->highest_lun = newhighest;
2108                 }
2109
2110                 drv->LunID = 0;
2111         }
2112         return 0;
2113 }
2114
2115 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
2116                                                                                                                            1: address logical volume log_unit,
2117                                                                                                                            2: periph device address is scsi3addr */
2118                     unsigned int log_unit, __u8 page_code,
2119                     unsigned char *scsi3addr, int cmd_type)
2120 {
2121         ctlr_info_t *h = hba[ctlr];
2122         u64bit buff_dma_handle;
2123         int status = IO_OK;
2124
2125         c->cmd_type = CMD_IOCTL_PEND;
2126         c->Header.ReplyQueue = 0;
2127         if (buff != NULL) {
2128                 c->Header.SGList = 1;
2129                 c->Header.SGTotal = 1;
2130         } else {
2131                 c->Header.SGList = 0;
2132                 c->Header.SGTotal = 0;
2133         }
2134         c->Header.Tag.lower = c->busaddr;
2135
2136         c->Request.Type.Type = cmd_type;
2137         if (cmd_type == TYPE_CMD) {
2138                 switch (cmd) {
2139                 case CISS_INQUIRY:
2140                         /* If the logical unit number is 0 then, this is going
2141                            to controller so It's a physical command
2142                            mode = 0 target = 0.  So we have nothing to write.
2143                            otherwise, if use_unit_num == 1,
2144                            mode = 1(volume set addressing) target = LUNID
2145                            otherwise, if use_unit_num == 2,
2146                            mode = 0(periph dev addr) target = scsi3addr */
2147                         if (use_unit_num == 1) {
2148                                 c->Header.LUN.LogDev.VolId =
2149                                     h->drv[log_unit].LunID;
2150                                 c->Header.LUN.LogDev.Mode = 1;
2151                         } else if (use_unit_num == 2) {
2152                                 memcpy(c->Header.LUN.LunAddrBytes, scsi3addr,
2153                                        8);
2154                                 c->Header.LUN.LogDev.Mode = 0;
2155                         }
2156                         /* are we trying to read a vital product page */
2157                         if (page_code != 0) {
2158                                 c->Request.CDB[1] = 0x01;
2159                                 c->Request.CDB[2] = page_code;
2160                         }
2161                         c->Request.CDBLen = 6;
2162                         c->Request.Type.Attribute = ATTR_SIMPLE;
2163                         c->Request.Type.Direction = XFER_READ;
2164                         c->Request.Timeout = 0;
2165                         c->Request.CDB[0] = CISS_INQUIRY;
2166                         c->Request.CDB[4] = size & 0xFF;
2167                         break;
2168                 case CISS_REPORT_LOG:
2169                 case CISS_REPORT_PHYS:
2170                         /* Talking to controller so It's a physical command
2171                            mode = 00 target = 0.  Nothing to write.
2172                          */
2173                         c->Request.CDBLen = 12;
2174                         c->Request.Type.Attribute = ATTR_SIMPLE;
2175                         c->Request.Type.Direction = XFER_READ;
2176                         c->Request.Timeout = 0;
2177                         c->Request.CDB[0] = cmd;
2178                         c->Request.CDB[6] = (size >> 24) & 0xFF;        //MSB
2179                         c->Request.CDB[7] = (size >> 16) & 0xFF;
2180                         c->Request.CDB[8] = (size >> 8) & 0xFF;
2181                         c->Request.CDB[9] = size & 0xFF;
2182                         break;
2183
2184                 case CCISS_READ_CAPACITY:
2185                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
2186                         c->Header.LUN.LogDev.Mode = 1;
2187                         c->Request.CDBLen = 10;
2188                         c->Request.Type.Attribute = ATTR_SIMPLE;
2189                         c->Request.Type.Direction = XFER_READ;
2190                         c->Request.Timeout = 0;
2191                         c->Request.CDB[0] = cmd;
2192                         break;
2193                 case CCISS_READ_CAPACITY_16:
2194                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
2195                         c->Header.LUN.LogDev.Mode = 1;
2196                         c->Request.CDBLen = 16;
2197                         c->Request.Type.Attribute = ATTR_SIMPLE;
2198                         c->Request.Type.Direction = XFER_READ;
2199                         c->Request.Timeout = 0;
2200                         c->Request.CDB[0] = cmd;
2201                         c->Request.CDB[1] = 0x10;
2202                         c->Request.CDB[10] = (size >> 24) & 0xFF;
2203                         c->Request.CDB[11] = (size >> 16) & 0xFF;
2204                         c->Request.CDB[12] = (size >> 8) & 0xFF;
2205                         c->Request.CDB[13] = size & 0xFF;
2206                         c->Request.Timeout = 0;
2207                         c->Request.CDB[0] = cmd;
2208                         break;
2209                 case CCISS_CACHE_FLUSH:
2210                         c->Request.CDBLen = 12;
2211                         c->Request.Type.Attribute = ATTR_SIMPLE;
2212                         c->Request.Type.Direction = XFER_WRITE;
2213                         c->Request.Timeout = 0;
2214                         c->Request.CDB[0] = BMIC_WRITE;
2215                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
2216                         break;
2217                 case TEST_UNIT_READY:
2218                         memcpy(c->Header. LUN.LunAddrBytes, scsi3addr, 8);
2219                         c->Request.CDBLen = 6;
2220                         c->Request.Type.Attribute = ATTR_SIMPLE;
2221                         c->Request.Type.Direction = XFER_NONE;
2222                         c->Request.Timeout = 0;
2223                         break;
2224                 default:
2225                         printk(KERN_WARNING
2226                                "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
2227                         return IO_ERROR;
2228                 }
2229         } else if (cmd_type == TYPE_MSG) {
2230                 switch (cmd) {
2231                 case 0: /* ABORT message */
2232                         c->Request.CDBLen = 12;
2233                         c->Request.Type.Attribute = ATTR_SIMPLE;
2234                         c->Request.Type.Direction = XFER_WRITE;
2235                         c->Request.Timeout = 0;
2236                         c->Request.CDB[0] = cmd;        /* abort */
2237                         c->Request.CDB[1] = 0;  /* abort a command */
2238                         /* buff contains the tag of the command to abort */
2239                         memcpy(&c->Request.CDB[4], buff, 8);
2240                         break;
2241                 case 1: /* RESET message */
2242                         memcpy(c->Header.LUN.LunAddrBytes, scsi3addr, 8);
2243                         c->Request.CDBLen = 16;
2244                         c->Request.Type.Attribute = ATTR_SIMPLE;
2245                         c->Request.Type.Direction = XFER_NONE;
2246                         c->Request.Timeout = 0;
2247                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
2248                         c->Request.CDB[0] = cmd;        /* reset */
2249                         c->Request.CDB[1] = 0x03;       /* reset a target */
2250                         break;
2251                 case 3: /* No-Op message */
2252                         c->Request.CDBLen = 1;
2253                         c->Request.Type.Attribute = ATTR_SIMPLE;
2254                         c->Request.Type.Direction = XFER_WRITE;
2255                         c->Request.Timeout = 0;
2256                         c->Request.CDB[0] = cmd;
2257                         break;
2258                 default:
2259                         printk(KERN_WARNING
2260                                "cciss%d: unknown message type %d\n", ctlr, cmd);
2261                         return IO_ERROR;
2262                 }
2263         } else {
2264                 printk(KERN_WARNING
2265                        "cciss%d: unknown command type %d\n", ctlr, cmd_type);
2266                 return IO_ERROR;
2267         }
2268         /* Fill in the scatter gather information */
2269         if (size > 0) {
2270                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
2271                                                              buff, size,
2272                                                              PCI_DMA_BIDIRECTIONAL);
2273                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
2274                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
2275                 c->SG[0].Len = size;
2276                 c->SG[0].Ext = 0;       /* we are not chaining */
2277         }
2278         return status;
2279 }
2280
2281 static int sendcmd_withirq(__u8 cmd,
2282                            int ctlr,
2283                            void *buff,
2284                            size_t size,
2285                            unsigned int use_unit_num,
2286                            unsigned int log_unit, __u8 page_code, int cmd_type)
2287 {
2288         ctlr_info_t *h = hba[ctlr];
2289         CommandList_struct *c;
2290         u64bit buff_dma_handle;
2291         unsigned long flags;
2292         int return_status;
2293         DECLARE_COMPLETION_ONSTACK(wait);
2294
2295         if ((c = cmd_alloc(h, 0)) == NULL)
2296                 return -ENOMEM;
2297         return_status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2298                                  log_unit, page_code, NULL, cmd_type);
2299         if (return_status != IO_OK) {
2300                 cmd_free(h, c, 0);
2301                 return return_status;
2302         }
2303       resend_cmd2:
2304         c->waiting = &wait;
2305
2306         /* Put the request on the tail of the queue and send it */
2307         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
2308         addQ(&h->reqQ, c);
2309         h->Qdepth++;
2310         start_io(h);
2311         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
2312
2313         wait_for_completion(&wait);
2314
2315         if (c->err_info->CommandStatus != 0) {  /* an error has occurred */
2316                 switch (c->err_info->CommandStatus) {
2317                 case CMD_TARGET_STATUS:
2318                         printk(KERN_WARNING "cciss: cmd %p has "
2319                                " completed with errors\n", c);
2320                         if (c->err_info->ScsiStatus) {
2321                                 printk(KERN_WARNING "cciss: cmd %p "
2322                                        "has SCSI Status = %x\n",
2323                                        c, c->err_info->ScsiStatus);
2324                         }
2325
2326                         break;
2327                 case CMD_DATA_UNDERRUN:
2328                 case CMD_DATA_OVERRUN:
2329                         /* expected for inquire and report lun commands */
2330                         break;
2331                 case CMD_INVALID:
2332                         printk(KERN_WARNING "cciss: Cmd %p is "
2333                                "reported invalid\n", c);
2334                         return_status = IO_ERROR;
2335                         break;
2336                 case CMD_PROTOCOL_ERR:
2337                         printk(KERN_WARNING "cciss: cmd %p has "
2338                                "protocol error \n", c);
2339                         return_status = IO_ERROR;
2340                         break;
2341                 case CMD_HARDWARE_ERR:
2342                         printk(KERN_WARNING "cciss: cmd %p had "
2343                                " hardware error\n", c);
2344                         return_status = IO_ERROR;
2345                         break;
2346                 case CMD_CONNECTION_LOST:
2347                         printk(KERN_WARNING "cciss: cmd %p had "
2348                                "connection lost\n", c);
2349                         return_status = IO_ERROR;
2350                         break;
2351                 case CMD_ABORTED:
2352                         printk(KERN_WARNING "cciss: cmd %p was "
2353                                "aborted\n", c);
2354                         return_status = IO_ERROR;
2355                         break;
2356                 case CMD_ABORT_FAILED:
2357                         printk(KERN_WARNING "cciss: cmd %p reports "
2358                                "abort failed\n", c);
2359                         return_status = IO_ERROR;
2360                         break;
2361                 case CMD_UNSOLICITED_ABORT:
2362                         printk(KERN_WARNING
2363                                "cciss%d: unsolicited abort %p\n", ctlr, c);
2364                         if (c->retry_count < MAX_CMD_RETRIES) {
2365                                 printk(KERN_WARNING
2366                                        "cciss%d: retrying %p\n", ctlr, c);
2367                                 c->retry_count++;
2368                                 /* erase the old error information */
2369                                 memset(c->err_info, 0,
2370                                        sizeof(ErrorInfo_struct));
2371                                 return_status = IO_OK;
2372                                 INIT_COMPLETION(wait);
2373                                 goto resend_cmd2;
2374                         }
2375                         return_status = IO_ERROR;
2376                         break;
2377                 default:
2378                         printk(KERN_WARNING "cciss: cmd %p returned "
2379                                "unknown status %x\n", c,
2380                                c->err_info->CommandStatus);
2381                         return_status = IO_ERROR;
2382                 }
2383         }
2384         /* unlock the buffers from DMA */
2385         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2386         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2387         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2388                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2389         cmd_free(h, c, 0);
2390         return return_status;
2391 }
2392
2393 static void cciss_geometry_inquiry(int ctlr, int logvol,
2394                                    int withirq, sector_t total_size,
2395                                    unsigned int block_size,
2396                                    InquiryData_struct *inq_buff,
2397                                    drive_info_struct *drv)
2398 {
2399         int return_code;
2400         unsigned long t;
2401
2402         memset(inq_buff, 0, sizeof(InquiryData_struct));
2403         if (withirq)
2404                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
2405                                               inq_buff, sizeof(*inq_buff), 1,
2406                                               logvol, 0xC1, TYPE_CMD);
2407         else
2408                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
2409                                       sizeof(*inq_buff), 1, logvol, 0xC1, NULL,
2410                                       TYPE_CMD);
2411         if (return_code == IO_OK) {
2412                 if (inq_buff->data_byte[8] == 0xFF) {
2413                         printk(KERN_WARNING
2414                                "cciss: reading geometry failed, volume "
2415                                "does not support reading geometry\n");
2416                         drv->heads = 255;
2417                         drv->sectors = 32;      // Sectors per track
2418                         drv->cylinders = total_size + 1;
2419                         drv->raid_level = RAID_UNKNOWN;
2420                 } else {
2421                         drv->heads = inq_buff->data_byte[6];
2422                         drv->sectors = inq_buff->data_byte[7];
2423                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
2424                         drv->cylinders += inq_buff->data_byte[5];
2425                         drv->raid_level = inq_buff->data_byte[8];
2426                 }
2427                 drv->block_size = block_size;
2428                 drv->nr_blocks = total_size + 1;
2429                 t = drv->heads * drv->sectors;
2430                 if (t > 1) {
2431                         sector_t real_size = total_size + 1;
2432                         unsigned long rem = sector_div(real_size, t);
2433                         if (rem)
2434                                 real_size++;
2435                         drv->cylinders = real_size;
2436                 }
2437         } else {                /* Get geometry failed */
2438                 printk(KERN_WARNING "cciss: reading geometry failed\n");
2439         }
2440         printk(KERN_INFO "      heads=%d, sectors=%d, cylinders=%d\n\n",
2441                drv->heads, drv->sectors, drv->cylinders);
2442 }
2443
2444 static void
2445 cciss_read_capacity(int ctlr, int logvol, int withirq, sector_t *total_size,
2446                     unsigned int *block_size)
2447 {
2448         ReadCapdata_struct *buf;
2449         int return_code;
2450
2451         buf = kzalloc(sizeof(ReadCapdata_struct), GFP_KERNEL);
2452         if (!buf) {
2453                 printk(KERN_WARNING "cciss: out of memory\n");
2454                 return;
2455         }
2456
2457         if (withirq)
2458                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
2459                                 ctlr, buf, sizeof(ReadCapdata_struct),
2460                                         1, logvol, 0, TYPE_CMD);
2461         else
2462                 return_code = sendcmd(CCISS_READ_CAPACITY,
2463                                 ctlr, buf, sizeof(ReadCapdata_struct),
2464                                         1, logvol, 0, NULL, TYPE_CMD);
2465         if (return_code == IO_OK) {
2466                 *total_size = be32_to_cpu(*(__be32 *) buf->total_size);
2467                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2468         } else {                /* read capacity command failed */
2469                 printk(KERN_WARNING "cciss: read capacity failed\n");
2470                 *total_size = 0;
2471                 *block_size = BLOCK_SIZE;
2472         }
2473         if (*total_size != 0)
2474                 printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2475                 (unsigned long long)*total_size+1, *block_size);
2476         kfree(buf);
2477 }
2478
2479 static void
2480 cciss_read_capacity_16(int ctlr, int logvol, int withirq, sector_t *total_size,                                 unsigned int *block_size)
2481 {
2482         ReadCapdata_struct_16 *buf;
2483         int return_code;
2484
2485         buf = kzalloc(sizeof(ReadCapdata_struct_16), GFP_KERNEL);
2486         if (!buf) {
2487                 printk(KERN_WARNING "cciss: out of memory\n");
2488                 return;
2489         }
2490
2491         if (withirq) {
2492                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY_16,
2493                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2494                                 1, logvol, 0, TYPE_CMD);
2495         }
2496         else {
2497                 return_code = sendcmd(CCISS_READ_CAPACITY_16,
2498                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2499                                 1, logvol, 0, NULL, TYPE_CMD);
2500         }
2501         if (return_code == IO_OK) {
2502                 *total_size = be64_to_cpu(*(__be64 *) buf->total_size);
2503                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2504         } else {                /* read capacity command failed */
2505                 printk(KERN_WARNING "cciss: read capacity failed\n");
2506                 *total_size = 0;
2507                 *block_size = BLOCK_SIZE;
2508         }
2509         printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2510                (unsigned long long)*total_size+1, *block_size);
2511         kfree(buf);
2512 }
2513
2514 static int cciss_revalidate(struct gendisk *disk)
2515 {
2516         ctlr_info_t *h = get_host(disk);
2517         drive_info_struct *drv = get_drv(disk);
2518         int logvol;
2519         int FOUND = 0;
2520         unsigned int block_size;
2521         sector_t total_size;
2522         InquiryData_struct *inq_buff = NULL;
2523
2524         for (logvol = 0; logvol < CISS_MAX_LUN; logvol++) {
2525                 if (h->drv[logvol].LunID == drv->LunID) {
2526                         FOUND = 1;
2527                         break;
2528                 }
2529         }
2530
2531         if (!FOUND)
2532                 return 1;
2533
2534         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
2535         if (inq_buff == NULL) {
2536                 printk(KERN_WARNING "cciss: out of memory\n");
2537                 return 1;
2538         }
2539         if (h->cciss_read == CCISS_READ_10) {
2540                 cciss_read_capacity(h->ctlr, logvol, 1,
2541                                         &total_size, &block_size);
2542         } else {
2543                 cciss_read_capacity_16(h->ctlr, logvol, 1,
2544                                         &total_size, &block_size);
2545         }
2546         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size,
2547                                inq_buff, drv);
2548
2549         blk_queue_logical_block_size(drv->queue, drv->block_size);
2550         set_capacity(disk, drv->nr_blocks);
2551
2552         kfree(inq_buff);
2553         return 0;
2554 }
2555
2556 /*
2557  *   Wait polling for a command to complete.
2558  *   The memory mapped FIFO is polled for the completion.
2559  *   Used only at init time, interrupts from the HBA are disabled.
2560  */
2561 static unsigned long pollcomplete(int ctlr)
2562 {
2563         unsigned long done;
2564         int i;
2565
2566         /* Wait (up to 20 seconds) for a command to complete */
2567
2568         for (i = 20 * HZ; i > 0; i--) {
2569                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
2570                 if (done == FIFO_EMPTY)
2571                         schedule_timeout_uninterruptible(1);
2572                 else
2573                         return done;
2574         }
2575         /* Invalid address to tell caller we ran out of time */
2576         return 1;
2577 }
2578
2579 static int add_sendcmd_reject(__u8 cmd, int ctlr, unsigned long complete)
2580 {
2581         /* We get in here if sendcmd() is polling for completions
2582            and gets some command back that it wasn't expecting --
2583            something other than that which it just sent down.
2584            Ordinarily, that shouldn't happen, but it can happen when
2585            the scsi tape stuff gets into error handling mode, and
2586            starts using sendcmd() to try to abort commands and
2587            reset tape drives.  In that case, sendcmd may pick up
2588            completions of commands that were sent to logical drives
2589            through the block i/o system, or cciss ioctls completing, etc.
2590            In that case, we need to save those completions for later
2591            processing by the interrupt handler.
2592          */
2593
2594 #ifdef CONFIG_CISS_SCSI_TAPE
2595         struct sendcmd_reject_list *srl = &hba[ctlr]->scsi_rejects;
2596
2597         /* If it's not the scsi tape stuff doing error handling, (abort */
2598         /* or reset) then we don't expect anything weird. */
2599         if (cmd != CCISS_RESET_MSG && cmd != CCISS_ABORT_MSG) {
2600 #endif
2601                 printk(KERN_WARNING "cciss cciss%d: SendCmd "
2602                        "Invalid command list address returned! (%lx)\n",
2603                        ctlr, complete);
2604                 /* not much we can do. */
2605 #ifdef CONFIG_CISS_SCSI_TAPE
2606                 return 1;
2607         }
2608
2609         /* We've sent down an abort or reset, but something else
2610            has completed */
2611         if (srl->ncompletions >= (hba[ctlr]->nr_cmds + 2)) {
2612                 /* Uh oh.  No room to save it for later... */
2613                 printk(KERN_WARNING "cciss%d: Sendcmd: Invalid command addr, "
2614                        "reject list overflow, command lost!\n", ctlr);
2615                 return 1;
2616         }
2617         /* Save it for later */
2618         srl->complete[srl->ncompletions] = complete;
2619         srl->ncompletions++;
2620 #endif
2621         return 0;
2622 }
2623
2624 /* Send command c to controller h and poll for it to complete.
2625  * Turns interrupts off on the board.  Used at driver init time
2626  * and during SCSI error recovery.
2627  */
2628 static int sendcmd_core(ctlr_info_t *h, CommandList_struct *c)
2629 {
2630         int i;
2631         unsigned long complete;
2632         int status = IO_ERROR;
2633         u64bit buff_dma_handle;
2634
2635 resend_cmd1:
2636
2637         /* Disable interrupt on the board. */
2638         h->access.set_intr_mask(h, CCISS_INTR_OFF);
2639
2640         /* Make sure there is room in the command FIFO */
2641         /* Actually it should be completely empty at this time */
2642         /* unless we are in here doing error handling for the scsi */
2643         /* tape side of the driver. */
2644         for (i = 200000; i > 0; i--) {
2645                 /* if fifo isn't full go */
2646                 if (!(h->access.fifo_full(h)))
2647                         break;
2648                 udelay(10);
2649                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2650                        " waiting!\n", h->ctlr);
2651         }
2652         h->access.submit_command(h, c); /* Send the cmd */
2653         do {
2654                 complete = pollcomplete(h->ctlr);
2655
2656 #ifdef CCISS_DEBUG
2657                 printk(KERN_DEBUG "cciss: command completed\n");
2658 #endif                          /* CCISS_DEBUG */
2659
2660                 if (complete == 1) {
2661                         printk(KERN_WARNING
2662                                "cciss cciss%d: SendCmd Timeout out, "
2663                                "No command list address returned!\n", h->ctlr);
2664                         status = IO_ERROR;
2665                         break;
2666                 }
2667
2668                 /* If it's not the cmd we're looking for, save it for later */
2669                 if ((complete & ~CISS_ERROR_BIT) != c->busaddr) {
2670                         if (add_sendcmd_reject(c->Request.CDB[0],
2671                                 h->ctlr, complete) != 0)
2672                                 BUG(); /* we are hosed if we get here. */
2673                         continue;
2674                 }
2675
2676                 /* It is our command.  If no error, we're done. */
2677                 if (!(complete & CISS_ERROR_BIT)) {
2678                         status = IO_OK;
2679                         break;
2680                 }
2681
2682                 /* There is an error... */
2683
2684                 /* if data overrun or underun on Report command ignore it */
2685                 if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2686                      (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2687                      (c->Request.CDB[0] == CISS_INQUIRY)) &&
2688                         ((c->err_info->CommandStatus == CMD_DATA_OVERRUN) ||
2689                          (c->err_info->CommandStatus == CMD_DATA_UNDERRUN))) {
2690                         complete = c->busaddr;
2691                         status = IO_OK;
2692                         break;
2693                 }
2694
2695                 if (c->err_info->CommandStatus == CMD_UNSOLICITED_ABORT) {
2696                         printk(KERN_WARNING "cciss%d: unsolicited abort %p\n",
2697                                 h->ctlr, c);
2698                         if (c->retry_count < MAX_CMD_RETRIES) {
2699                                 printk(KERN_WARNING "cciss%d: retrying %p\n",
2700                                    h->ctlr, c);
2701                                 c->retry_count++;
2702                                 /* erase the old error information */
2703                                 memset(c->err_info, 0, sizeof(c->err_info));
2704                                 goto resend_cmd1;
2705                         }
2706                         printk(KERN_WARNING "cciss%d: retried %p too many "
2707                                 "times\n", h->ctlr, c);
2708                         status = IO_ERROR;
2709                         goto cleanup1;
2710                 }
2711
2712                 if (c->err_info->CommandStatus == CMD_UNABORTABLE) {
2713                         printk(KERN_WARNING "cciss%d: command could not be "
2714                                 "aborted.\n", h->ctlr);
2715                         status = IO_ERROR;
2716                         goto cleanup1;
2717                 }
2718
2719                 printk(KERN_WARNING "cciss%d: sendcmd error\n", h->ctlr);
2720                 printk(KERN_WARNING "cmd = 0x%02x, CommandStatus = 0x%02x\n",
2721                         c->Request.CDB[0], c->err_info->CommandStatus);
2722                 if (c->err_info->CommandStatus == CMD_TARGET_STATUS) {
2723                         printk(KERN_WARNING "Target status = 0x%02x\n",
2724                         c->err_info->ScsiStatus);
2725                         if (c->err_info->ScsiStatus == 2) /* chk cond */
2726                                 printk(KERN_WARNING "Sense key = 0x%02x\n",
2727                                         0xf & c->err_info->SenseInfo[2]);
2728                 }
2729
2730                 status = IO_ERROR;
2731                 goto cleanup1;
2732
2733         } while (1);
2734
2735 cleanup1:
2736         /* unlock the data buffer from DMA */
2737         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2738         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2739         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2740                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2741 #ifdef CONFIG_CISS_SCSI_TAPE
2742         /* if we saved some commands for later, process them now. */
2743         if (h->scsi_rejects.ncompletions > 0)
2744                 do_cciss_intr(0, h);
2745 #endif
2746         return status;
2747 }
2748
2749 /*
2750  * Send a command to the controller, and wait for it to complete.
2751  * Used at init time, and during SCSI error recovery.
2752  */
2753 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
2754         unsigned int use_unit_num,/* 0: address the controller,
2755                                      1: address logical volume log_unit,
2756                                      2: periph device address is scsi3addr */
2757         unsigned int log_unit,
2758         __u8 page_code, unsigned char *scsi3addr, int cmd_type)
2759 {
2760         CommandList_struct *c;
2761         int status;
2762
2763         c = cmd_alloc(hba[ctlr], 1);
2764         if (!c) {
2765                 printk(KERN_WARNING "cciss: unable to get memory");
2766                 return IO_ERROR;
2767         }
2768         status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2769                           log_unit, page_code, scsi3addr, cmd_type);
2770         if (status == IO_OK)
2771                 status = sendcmd_core(hba[ctlr], c);
2772         cmd_free(hba[ctlr], c, 1);
2773         return status;
2774 }
2775
2776 /*
2777  * Map (physical) PCI mem into (virtual) kernel space
2778  */
2779 static void __iomem *remap_pci_mem(ulong base, ulong size)
2780 {
2781         ulong page_base = ((ulong) base) & PAGE_MASK;
2782         ulong page_offs = ((ulong) base) - page_base;
2783         void __iomem *page_remapped = ioremap(page_base, page_offs + size);
2784
2785         return page_remapped ? (page_remapped + page_offs) : NULL;
2786 }
2787
2788 /*
2789  * Takes jobs of the Q and sends them to the hardware, then puts it on
2790  * the Q to wait for completion.
2791  */
2792 static void start_io(ctlr_info_t *h)
2793 {
2794         CommandList_struct *c;
2795
2796         while (!hlist_empty(&h->reqQ)) {
2797                 c = hlist_entry(h->reqQ.first, CommandList_struct, list);
2798                 /* can't do anything if fifo is full */
2799                 if ((h->access.fifo_full(h))) {
2800                         printk(KERN_WARNING "cciss: fifo full\n");
2801                         break;
2802                 }
2803
2804                 /* Get the first entry from the Request Q */
2805                 removeQ(c);
2806                 h->Qdepth--;
2807
2808                 /* Tell the controller execute command */
2809                 h->access.submit_command(h, c);
2810
2811                 /* Put job onto the completed Q */
2812                 addQ(&h->cmpQ, c);
2813         }
2814 }
2815
2816 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2817 /* Zeros out the error record and then resends the command back */
2818 /* to the controller */
2819 static inline void resend_cciss_cmd(ctlr_info_t *h, CommandList_struct *c)
2820 {
2821         /* erase the old error information */
2822         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2823
2824         /* add it to software queue and then send it to the controller */
2825         addQ(&h->reqQ, c);
2826         h->Qdepth++;
2827         if (h->Qdepth > h->maxQsinceinit)
2828                 h->maxQsinceinit = h->Qdepth;
2829
2830         start_io(h);
2831 }
2832
2833 static inline unsigned int make_status_bytes(unsigned int scsi_status_byte,
2834         unsigned int msg_byte, unsigned int host_byte,
2835         unsigned int driver_byte)
2836 {
2837         /* inverse of macros in scsi.h */
2838         return (scsi_status_byte & 0xff) |
2839                 ((msg_byte & 0xff) << 8) |
2840                 ((host_byte & 0xff) << 16) |
2841                 ((driver_byte & 0xff) << 24);
2842 }
2843
2844 static inline int evaluate_target_status(ctlr_info_t *h,
2845                         CommandList_struct *cmd, int *retry_cmd)
2846 {
2847         unsigned char sense_key;
2848         unsigned char status_byte, msg_byte, host_byte, driver_byte;
2849         int error_value;
2850
2851         *retry_cmd = 0;
2852         /* If we get in here, it means we got "target status", that is, scsi status */
2853         status_byte = cmd->err_info->ScsiStatus;
2854         driver_byte = DRIVER_OK;
2855         msg_byte = cmd->err_info->CommandStatus; /* correct?  seems too device specific */
2856
2857         if (blk_pc_request(cmd->rq))
2858                 host_byte = DID_PASSTHROUGH;
2859         else
2860                 host_byte = DID_OK;
2861
2862         error_value = make_status_bytes(status_byte, msg_byte,
2863                 host_byte, driver_byte);
2864
2865         if (cmd->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION) {
2866                 if (!blk_pc_request(cmd->rq))
2867                         printk(KERN_WARNING "cciss: cmd %p "
2868                                "has SCSI Status 0x%x\n",
2869                                cmd, cmd->err_info->ScsiStatus);
2870                 return error_value;
2871         }
2872
2873         /* check the sense key */
2874         sense_key = 0xf & cmd->err_info->SenseInfo[2];
2875         /* no status or recovered error */
2876         if (((sense_key == 0x0) || (sense_key == 0x1)) && !blk_pc_request(cmd->rq))
2877                 error_value = 0;
2878
2879         if (check_for_unit_attention(h, cmd)) {
2880                 *retry_cmd = !blk_pc_request(cmd->rq);
2881                 return 0;
2882         }
2883
2884         if (!blk_pc_request(cmd->rq)) { /* Not SG_IO or similar? */
2885                 if (error_value != 0)
2886                         printk(KERN_WARNING "cciss: cmd %p has CHECK CONDITION"
2887                                " sense key = 0x%x\n", cmd, sense_key);
2888                 return error_value;
2889         }
2890
2891         /* SG_IO or similar, copy sense data back */
2892         if (cmd->rq->sense) {
2893                 if (cmd->rq->sense_len > cmd->err_info->SenseLen)
2894                         cmd->rq->sense_len = cmd->err_info->SenseLen;
2895                 memcpy(cmd->rq->sense, cmd->err_info->SenseInfo,
2896                         cmd->rq->sense_len);
2897         } else
2898                 cmd->rq->sense_len = 0;
2899
2900         return error_value;
2901 }
2902
2903 /* checks the status of the job and calls complete buffers to mark all
2904  * buffers for the completed job. Note that this function does not need
2905  * to hold the hba/queue lock.
2906  */
2907 static inline void complete_command(ctlr_info_t *h, CommandList_struct *cmd,
2908                                     int timeout)
2909 {
2910         int retry_cmd = 0;
2911         struct request *rq = cmd->rq;
2912
2913         rq->errors = 0;
2914
2915         if (timeout)
2916                 rq->errors = make_status_bytes(0, 0, 0, DRIVER_TIMEOUT);
2917
2918         if (cmd->err_info->CommandStatus == 0)  /* no error has occurred */
2919                 goto after_error_processing;
2920
2921         switch (cmd->err_info->CommandStatus) {
2922         case CMD_TARGET_STATUS:
2923                 rq->errors = evaluate_target_status(h, cmd, &retry_cmd);
2924                 break;
2925         case CMD_DATA_UNDERRUN:
2926                 if (blk_fs_request(cmd->rq)) {
2927                         printk(KERN_WARNING "cciss: cmd %p has"
2928                                " completed with data underrun "
2929                                "reported\n", cmd);
2930                         cmd->rq->resid_len = cmd->err_info->ResidualCnt;
2931                 }
2932                 break;
2933         case CMD_DATA_OVERRUN:
2934                 if (blk_fs_request(cmd->rq))
2935                         printk(KERN_WARNING "cciss: cmd %p has"
2936                                " completed with data overrun "
2937                                "reported\n", cmd);
2938                 break;
2939         case CMD_INVALID:
2940                 printk(KERN_WARNING "cciss: cmd %p is "
2941                        "reported invalid\n", cmd);
2942                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2943                         cmd->err_info->CommandStatus, DRIVER_OK,
2944                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2945                 break;
2946         case CMD_PROTOCOL_ERR:
2947                 printk(KERN_WARNING "cciss: cmd %p has "
2948                        "protocol error \n", cmd);
2949                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2950                         cmd->err_info->CommandStatus, DRIVER_OK,
2951                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2952                 break;
2953         case CMD_HARDWARE_ERR:
2954                 printk(KERN_WARNING "cciss: cmd %p had "
2955                        " hardware error\n", cmd);
2956                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2957                         cmd->err_info->CommandStatus, DRIVER_OK,
2958                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2959                 break;
2960         case CMD_CONNECTION_LOST:
2961                 printk(KERN_WARNING "cciss: cmd %p had "
2962                        "connection lost\n", cmd);
2963                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2964                         cmd->err_info->CommandStatus, DRIVER_OK,
2965                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2966                 break;
2967         case CMD_ABORTED:
2968                 printk(KERN_WARNING "cciss: cmd %p was "
2969                        "aborted\n", cmd);
2970                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2971                         cmd->err_info->CommandStatus, DRIVER_OK,
2972                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2973                 break;
2974         case CMD_ABORT_FAILED:
2975                 printk(KERN_WARNING "cciss: cmd %p reports "
2976                        "abort failed\n", cmd);
2977                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2978                         cmd->err_info->CommandStatus, DRIVER_OK,
2979                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2980                 break;
2981         case CMD_UNSOLICITED_ABORT:
2982                 printk(KERN_WARNING "cciss%d: unsolicited "
2983                        "abort %p\n", h->ctlr, cmd);
2984                 if (cmd->retry_count < MAX_CMD_RETRIES) {
2985                         retry_cmd = 1;
2986                         printk(KERN_WARNING
2987                                "cciss%d: retrying %p\n", h->ctlr, cmd);
2988                         cmd->retry_count++;
2989                 } else
2990                         printk(KERN_WARNING
2991                                "cciss%d: %p retried too "
2992                                "many times\n", h->ctlr, cmd);
2993                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2994                         cmd->err_info->CommandStatus, DRIVER_OK,
2995                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2996                 break;
2997         case CMD_TIMEOUT:
2998                 printk(KERN_WARNING "cciss: cmd %p timedout\n", cmd);
2999                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3000                         cmd->err_info->CommandStatus, DRIVER_OK,
3001                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3002                 break;
3003         default:
3004                 printk(KERN_WARNING "cciss: cmd %p returned "
3005                        "unknown status %x\n", cmd,
3006                        cmd->err_info->CommandStatus);
3007                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3008                         cmd->err_info->CommandStatus, DRIVER_OK,
3009                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3010         }
3011
3012 after_error_processing:
3013
3014         /* We need to return this command */
3015         if (retry_cmd) {
3016                 resend_cciss_cmd(h, cmd);
3017                 return;
3018         }
3019         cmd->rq->completion_data = cmd;
3020         blk_complete_request(cmd->rq);
3021 }
3022
3023 /*
3024  * Get a request and submit it to the controller.
3025  */
3026 static void do_cciss_request(struct request_queue *q)
3027 {
3028         ctlr_info_t *h = q->queuedata;
3029         CommandList_struct *c;
3030         sector_t start_blk;
3031         int seg;
3032         struct request *creq;
3033         u64bit temp64;
3034         struct scatterlist tmp_sg[MAXSGENTRIES];
3035         drive_info_struct *drv;
3036         int i, dir;
3037
3038         /* We call start_io here in case there is a command waiting on the
3039          * queue that has not been sent.
3040          */
3041         if (blk_queue_plugged(q))
3042                 goto startio;
3043
3044       queue:
3045         creq = blk_peek_request(q);
3046         if (!creq)
3047                 goto startio;
3048
3049         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
3050
3051         if ((c = cmd_alloc(h, 1)) == NULL)
3052                 goto full;
3053
3054         blk_start_request(creq);
3055
3056         spin_unlock_irq(q->queue_lock);
3057
3058         c->cmd_type = CMD_RWREQ;
3059         c->rq = creq;
3060
3061         /* fill in the request */
3062         drv = creq->rq_disk->private_data;
3063         c->Header.ReplyQueue = 0;       // unused in simple mode
3064         /* got command from pool, so use the command block index instead */
3065         /* for direct lookups. */
3066         /* The first 2 bits are reserved for controller error reporting. */
3067         c->Header.Tag.lower = (c->cmdindex << 3);
3068         c->Header.Tag.lower |= 0x04;    /* flag for direct lookup. */
3069         c->Header.LUN.LogDev.VolId = drv->LunID;
3070         c->Header.LUN.LogDev.Mode = 1;
3071         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
3072         c->Request.Type.Type = TYPE_CMD;        // It is a command.
3073         c->Request.Type.Attribute = ATTR_SIMPLE;
3074         c->Request.Type.Direction =
3075             (rq_data_dir(creq) == READ) ? XFER_READ : XFER_WRITE;
3076         c->Request.Timeout = 0; // Don't time out
3077         c->Request.CDB[0] =
3078             (rq_data_dir(creq) == READ) ? h->cciss_read : h->cciss_write;
3079         start_blk = blk_rq_pos(creq);
3080 #ifdef CCISS_DEBUG
3081         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n",
3082                (int)blk_rq_pos(creq), (int)blk_rq_sectors(creq));
3083 #endif                          /* CCISS_DEBUG */
3084
3085         sg_init_table(tmp_sg, MAXSGENTRIES);
3086         seg = blk_rq_map_sg(q, creq, tmp_sg);
3087
3088         /* get the DMA records for the setup */
3089         if (c->Request.Type.Direction == XFER_READ)
3090                 dir = PCI_DMA_FROMDEVICE;
3091         else
3092                 dir = PCI_DMA_TODEVICE;
3093
3094         for (i = 0; i < seg; i++) {
3095                 c->SG[i].Len = tmp_sg[i].length;
3096                 temp64.val = (__u64) pci_map_page(h->pdev, sg_page(&tmp_sg[i]),
3097                                                   tmp_sg[i].offset,
3098                                                   tmp_sg[i].length, dir);
3099                 c->SG[i].Addr.lower = temp64.val32.lower;
3100                 c->SG[i].Addr.upper = temp64.val32.upper;
3101                 c->SG[i].Ext = 0;       // we are not chaining
3102         }
3103         /* track how many SG entries we are using */
3104         if (seg > h->maxSG)
3105                 h->maxSG = seg;
3106
3107 #ifdef CCISS_DEBUG
3108         printk(KERN_DEBUG "cciss: Submitting %u sectors in %d segments\n",
3109                blk_rq_sectors(creq), seg);
3110 #endif                          /* CCISS_DEBUG */
3111
3112         c->Header.SGList = c->Header.SGTotal = seg;
3113         if (likely(blk_fs_request(creq))) {
3114                 if(h->cciss_read == CCISS_READ_10) {
3115                         c->Request.CDB[1] = 0;
3116                         c->Request.CDB[2] = (start_blk >> 24) & 0xff;   //MSB
3117                         c->Request.CDB[3] = (start_blk >> 16) & 0xff;
3118                         c->Request.CDB[4] = (start_blk >> 8) & 0xff;
3119                         c->Request.CDB[5] = start_blk & 0xff;
3120                         c->Request.CDB[6] = 0;  // (sect >> 24) & 0xff; MSB
3121                         c->Request.CDB[7] = (blk_rq_sectors(creq) >> 8) & 0xff;
3122                         c->Request.CDB[8] = blk_rq_sectors(creq) & 0xff;
3123                         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
3124                 } else {
3125                         u32 upper32 = upper_32_bits(start_blk);
3126
3127                         c->Request.CDBLen = 16;
3128                         c->Request.CDB[1]= 0;
3129                         c->Request.CDB[2]= (upper32 >> 24) & 0xff;      //MSB
3130                         c->Request.CDB[3]= (upper32 >> 16) & 0xff;
3131                         c->Request.CDB[4]= (upper32 >>  8) & 0xff;
3132                         c->Request.CDB[5]= upper32 & 0xff;
3133                         c->Request.CDB[6]= (start_blk >> 24) & 0xff;
3134                         c->Request.CDB[7]= (start_blk >> 16) & 0xff;
3135                         c->Request.CDB[8]= (start_blk >>  8) & 0xff;
3136                         c->Request.CDB[9]= start_blk & 0xff;
3137                         c->Request.CDB[10]= (blk_rq_sectors(creq) >> 24) & 0xff;
3138                         c->Request.CDB[11]= (blk_rq_sectors(creq) >> 16) & 0xff;
3139                         c->Request.CDB[12]= (blk_rq_sectors(creq) >>  8) & 0xff;
3140                         c->Request.CDB[13]= blk_rq_sectors(creq) & 0xff;
3141                         c->Request.CDB[14] = c->Request.CDB[15] = 0;
3142                 }
3143         } else if (blk_pc_request(creq)) {
3144                 c->Request.CDBLen = creq->cmd_len;
3145                 memcpy(c->Request.CDB, creq->cmd, BLK_MAX_CDB);
3146         } else {
3147                 printk(KERN_WARNING "cciss%d: bad request type %d\n", h->ctlr, creq->cmd_type);
3148                 BUG();
3149         }
3150
3151         spin_lock_irq(q->queue_lock);
3152
3153         addQ(&h->reqQ, c);
3154         h->Qdepth++;
3155         if (h->Qdepth > h->maxQsinceinit)
3156                 h->maxQsinceinit = h->Qdepth;
3157
3158         goto queue;
3159 full:
3160         blk_stop_queue(q);
3161 startio:
3162         /* We will already have the driver lock here so not need
3163          * to lock it.
3164          */
3165         start_io(h);
3166 }
3167
3168 static inline unsigned long get_next_completion(ctlr_info_t *h)
3169 {
3170 #ifdef CONFIG_CISS_SCSI_TAPE
3171         /* Any rejects from sendcmd() lying around? Process them first */
3172         if (h->scsi_rejects.ncompletions == 0)
3173                 return h->access.command_completed(h);
3174         else {
3175                 struct sendcmd_reject_list *srl;
3176                 int n;
3177                 srl = &h->scsi_rejects;
3178                 n = --srl->ncompletions;
3179                 /* printk("cciss%d: processing saved reject\n", h->ctlr); */
3180                 printk("p");
3181                 return srl->complete[n];
3182         }
3183 #else
3184         return h->access.command_completed(h);
3185 #endif
3186 }
3187
3188 static inline int interrupt_pending(ctlr_info_t *h)
3189 {
3190 #ifdef CONFIG_CISS_SCSI_TAPE
3191         return (h->access.intr_pending(h)
3192                 || (h->scsi_rejects.ncompletions > 0));
3193 #else
3194         return h->access.intr_pending(h);
3195 #endif
3196 }
3197
3198 static inline long interrupt_not_for_us(ctlr_info_t *h)
3199 {
3200 #ifdef CONFIG_CISS_SCSI_TAPE
3201         return (((h->access.intr_pending(h) == 0) ||
3202                  (h->interrupts_enabled == 0))
3203                 && (h->scsi_rejects.ncompletions == 0));
3204 #else
3205         return (((h->access.intr_pending(h) == 0) ||
3206                  (h->interrupts_enabled == 0)));
3207 #endif
3208 }
3209
3210 static irqreturn_t do_cciss_intr(int irq, void *dev_id)
3211 {
3212         ctlr_info_t *h = dev_id;
3213         CommandList_struct *c;
3214         unsigned long flags;
3215         __u32 a, a1, a2;
3216
3217         if (interrupt_not_for_us(h))
3218                 return IRQ_NONE;
3219         /*
3220          * If there are completed commands in the completion queue,
3221          * we had better do something about it.
3222          */
3223         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
3224         while (interrupt_pending(h)) {
3225                 while ((a = get_next_completion(h)) != FIFO_EMPTY) {
3226                         a1 = a;
3227                         if ((a & 0x04)) {
3228                                 a2 = (a >> 3);
3229                                 if (a2 >= h->nr_cmds) {
3230                                         printk(KERN_WARNING
3231                                                "cciss: controller cciss%d failed, stopping.\n",
3232                                                h->ctlr);
3233                                         fail_all_cmds(h->ctlr);
3234                                         return IRQ_HANDLED;
3235                                 }
3236
3237                                 c = h->cmd_pool + a2;
3238                                 a = c->busaddr;
3239
3240                         } else {
3241                                 struct hlist_node *tmp;
3242
3243                                 a &= ~3;
3244                                 c = NULL;
3245                                 hlist_for_each_entry(c, tmp, &h->cmpQ, list) {
3246                                         if (c->busaddr == a)
3247                                                 break;
3248                                 }
3249                         }
3250                         /*
3251                          * If we've found the command, take it off the
3252                          * completion Q and free it
3253                          */
3254                         if (c && c->busaddr == a) {
3255                                 removeQ(c);
3256                                 if (c->cmd_type == CMD_RWREQ) {
3257                                         complete_command(h, c, 0);
3258                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
3259                                         complete(c->waiting);
3260                                 }
3261 #                               ifdef CONFIG_CISS_SCSI_TAPE
3262                                 else if (c->cmd_type == CMD_SCSI)
3263                                         complete_scsi_command(c, 0, a1);
3264 #                               endif
3265                                 continue;
3266                         }
3267                 }
3268         }
3269
3270         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
3271         return IRQ_HANDLED;
3272 }
3273
3274 static int scan_thread(void *data)
3275 {
3276         ctlr_info_t *h = data;
3277         int rc;
3278         DECLARE_COMPLETION_ONSTACK(wait);
3279         h->rescan_wait = &wait;
3280
3281         for (;;) {
3282                 rc = wait_for_completion_interruptible(&wait);
3283                 if (kthread_should_stop())
3284                         break;
3285                 if (!rc)
3286                         rebuild_lun_table(h, 0);
3287         }
3288         return 0;
3289 }
3290
3291 static int check_for_unit_attention(ctlr_info_t *h, CommandList_struct *c)
3292 {
3293         if (c->err_info->SenseInfo[2] != UNIT_ATTENTION)
3294                 return 0;
3295
3296         switch (c->err_info->SenseInfo[12]) {
3297         case STATE_CHANGED:
3298                 printk(KERN_WARNING "cciss%d: a state change "
3299                         "detected, command retried\n", h->ctlr);
3300                 return 1;
3301         break;
3302         case LUN_FAILED:
3303                 printk(KERN_WARNING "cciss%d: LUN failure "
3304                         "detected, action required\n", h->ctlr);
3305                 return 1;
3306         break;
3307         case REPORT_LUNS_CHANGED:
3308                 printk(KERN_WARNING "cciss%d: report LUN data "
3309                         "changed\n", h->ctlr);
3310                 if (h->rescan_wait)
3311                         complete(h->rescan_wait);
3312                 return 1;
3313         break;
3314         case POWER_OR_RESET:
3315                 printk(KERN_WARNING "cciss%d: a power on "
3316                         "or device reset detected\n", h->ctlr);
3317                 return 1;
3318         break;
3319         case UNIT_ATTENTION_CLEARED:
3320                 printk(KERN_WARNING "cciss%d: unit attention "
3321                     "cleared by another initiator\n", h->ctlr);
3322                 return 1;
3323         break;
3324         default:
3325                 printk(KERN_WARNING "cciss%d: unknown "
3326                         "unit attention detected\n", h->ctlr);
3327                                 return 1;
3328         }
3329 }
3330
3331 /*
3332  *  We cannot read the structure directly, for portability we must use
3333  *   the io functions.
3334  *   This is for debug only.
3335  */
3336 #ifdef CCISS_DEBUG
3337 static void print_cfg_table(CfgTable_struct *tb)
3338 {
3339         int i;
3340         char temp_name[17];
3341
3342         printk("Controller Configuration information\n");
3343         printk("------------------------------------\n");
3344         for (i = 0; i < 4; i++)
3345                 temp_name[i] = readb(&(tb->Signature[i]));
3346         temp_name[4] = '\0';
3347         printk("   Signature = %s\n", temp_name);
3348         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
3349         printk("   Transport methods supported = 0x%x\n",
3350                readl(&(tb->TransportSupport)));
3351         printk("   Transport methods active = 0x%x\n",
3352                readl(&(tb->TransportActive)));
3353         printk("   Requested transport Method = 0x%x\n",
3354                readl(&(tb->HostWrite.TransportRequest)));
3355         printk("   Coalesce Interrupt Delay = 0x%x\n",
3356                readl(&(tb->HostWrite.CoalIntDelay)));
3357         printk("   Coalesce Interrupt Count = 0x%x\n",
3358                readl(&(tb->HostWrite.CoalIntCount)));
3359         printk("   Max outstanding commands = 0x%d\n",
3360                readl(&(tb->CmdsOutMax)));
3361         printk("   Bus Types = 0x%x\n", readl(&(tb->BusTypes)));
3362         for (i = 0; i < 16; i++)
3363                 temp_name[i] = readb(&(tb->ServerName[i]));
3364         temp_name[16] = '\0';
3365         printk("   Server Name = %s\n", temp_name);
3366         printk("   Heartbeat Counter = 0x%x\n\n\n", readl(&(tb->HeartBeat)));
3367 }
3368 #endif                          /* CCISS_DEBUG */
3369
3370 static int find_PCI_BAR_index(struct pci_dev *pdev, unsigned long pci_bar_addr)
3371 {
3372         int i, offset, mem_type, bar_type;
3373         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
3374                 return 0;
3375         offset = 0;
3376         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3377                 bar_type = pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE;
3378                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
3379                         offset += 4;
3380                 else {
3381                         mem_type = pci_resource_flags(pdev, i) &
3382                             PCI_BASE_ADDRESS_MEM_TYPE_MASK;
3383                         switch (mem_type) {
3384                         case PCI_BASE_ADDRESS_MEM_TYPE_32:
3385                         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
3386                                 offset += 4;    /* 32 bit */
3387                                 break;
3388                         case PCI_BASE_ADDRESS_MEM_TYPE_64:
3389                                 offset += 8;
3390                                 break;
3391                         default:        /* reserved in PCI 2.2 */
3392                                 printk(KERN_WARNING
3393                                        "Base address is invalid\n");
3394                                 return -1;
3395                                 break;
3396                         }
3397                 }
3398                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
3399                         return i + 1;
3400         }
3401         return -1;
3402 }
3403
3404 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
3405  * controllers that are capable. If not, we use IO-APIC mode.
3406  */
3407
3408 static void __devinit cciss_interrupt_mode(ctlr_info_t *c,
3409                                            struct pci_dev *pdev, __u32 board_id)
3410 {
3411 #ifdef CONFIG_PCI_MSI
3412         int err;
3413         struct msix_entry cciss_msix_entries[4] = { {0, 0}, {0, 1},
3414         {0, 2}, {0, 3}
3415         };
3416
3417         /* Some boards advertise MSI but don't really support it */
3418         if ((board_id == 0x40700E11) ||
3419             (board_id == 0x40800E11) ||
3420             (board_id == 0x40820E11) || (board_id == 0x40830E11))
3421                 goto default_int_mode;
3422
3423         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
3424                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
3425                 if (!err) {
3426                         c->intr[0] = cciss_msix_entries[0].vector;
3427                         c->intr[1] = cciss_msix_entries[1].vector;
3428                         c->intr[2] = cciss_msix_entries[2].vector;
3429                         c->intr[3] = cciss_msix_entries[3].vector;
3430                         c->msix_vector = 1;
3431                         return;
3432                 }
3433                 if (err > 0) {
3434                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
3435                                "available\n", err);
3436                         goto default_int_mode;
3437                 } else {
3438                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
3439                                err);
3440                         goto default_int_mode;
3441                 }
3442         }
3443         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
3444                 if (!pci_enable_msi(pdev)) {
3445                         c->msi_vector = 1;
3446                 } else {
3447                         printk(KERN_WARNING "cciss: MSI init failed\n");
3448                 }
3449         }
3450 default_int_mode:
3451 #endif                          /* CONFIG_PCI_MSI */
3452         /* if we get here we're going to use the default interrupt mode */
3453         c->intr[SIMPLE_MODE_INT] = pdev->irq;
3454         return;
3455 }
3456
3457 static int __devinit cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
3458 {
3459         ushort subsystem_vendor_id, subsystem_device_id, command;
3460         __u32 board_id, scratchpad = 0;
3461         __u64 cfg_offset;
3462         __u32 cfg_base_addr;
3463         __u64 cfg_base_addr_index;
3464         int i, err;
3465
3466         /* check to see if controller has been disabled */
3467         /* BEFORE trying to enable it */
3468         (void)pci_read_config_word(pdev, PCI_COMMAND, &command);
3469         if (!(command & 0x02)) {
3470                 printk(KERN_WARNING
3471                        "cciss: controller appears to be disabled\n");
3472                 return -ENODEV;
3473         }
3474
3475         err = pci_enable_device(pdev);
3476         if (err) {
3477                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
3478                 return err;
3479         }
3480
3481         err = pci_request_regions(pdev, "cciss");
3482         if (err) {
3483                 printk(KERN_ERR "cciss: Cannot obtain PCI resources, "
3484                        "aborting\n");
3485                 return err;
3486         }
3487
3488         subsystem_vendor_id = pdev->subsystem_vendor;
3489         subsystem_device_id = pdev->subsystem_device;
3490         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
3491                     subsystem_vendor_id);
3492
3493 #ifdef CCISS_DEBUG
3494         printk("command = %x\n", command);
3495         printk("irq = %x\n", pdev->irq);
3496         printk("board_id = %x\n", board_id);
3497 #endif                          /* CCISS_DEBUG */
3498
3499 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
3500  * else we use the IO-APIC interrupt assigned to us by system ROM.
3501  */
3502         cciss_interrupt_mode(c, pdev, board_id);
3503
3504         /* find the memory BAR */
3505         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3506                 if (pci_resource_flags(pdev, i) & IORESOURCE_MEM)
3507                         break;
3508         }
3509         if (i == DEVICE_COUNT_RESOURCE) {
3510                 printk(KERN_WARNING "cciss: No memory BAR found\n");
3511                 err = -ENODEV;
3512                 goto err_out_free_res;
3513         }
3514
3515         c->paddr = pci_resource_start(pdev, i); /* addressing mode bits
3516                                                  * already removed
3517                                                  */
3518
3519 #ifdef CCISS_DEBUG
3520         printk("address 0 = %lx\n", c->paddr);
3521 #endif                          /* CCISS_DEBUG */
3522         c->vaddr = remap_pci_mem(c->paddr, 0x250);
3523
3524         /* Wait for the board to become ready.  (PCI hotplug needs this.)
3525          * We poll for up to 120 secs, once per 100ms. */
3526         for (i = 0; i < 1200; i++) {
3527                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
3528                 if (scratchpad == CCISS_FIRMWARE_READY)
3529                         break;
3530                 set_current_state(TASK_INTERRUPTIBLE);
3531                 schedule_timeout(HZ / 10);      /* wait 100ms */
3532         }
3533         if (scratchpad != CCISS_FIRMWARE_READY) {
3534                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
3535                 err = -ENODEV;
3536                 goto err_out_free_res;
3537         }
3538
3539         /* get the address index number */
3540         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
3541         cfg_base_addr &= (__u32) 0x0000ffff;
3542 #ifdef CCISS_DEBUG
3543         printk("cfg base address = %x\n", cfg_base_addr);
3544 #endif                          /* CCISS_DEBUG */
3545         cfg_base_addr_index = find_PCI_BAR_index(pdev, cfg_base_addr);
3546 #ifdef CCISS_DEBUG
3547         printk("cfg base address index = %llx\n",
3548                 (unsigned long long)cfg_base_addr_index);
3549 #endif                          /* CCISS_DEBUG */
3550         if (cfg_base_addr_index == -1) {
3551                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
3552                 err = -ENODEV;
3553                 goto err_out_free_res;
3554         }
3555
3556         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
3557 #ifdef CCISS_DEBUG
3558         printk("cfg offset = %llx\n", (unsigned long long)cfg_offset);
3559 #endif                          /* CCISS_DEBUG */
3560         c->cfgtable = remap_pci_mem(pci_resource_start(pdev,
3561                                                        cfg_base_addr_index) +
3562                                     cfg_offset, sizeof(CfgTable_struct));
3563         c->board_id = board_id;
3564
3565 #ifdef CCISS_DEBUG
3566         print_cfg_table(c->cfgtable);
3567 #endif                          /* CCISS_DEBUG */
3568
3569         /* Some controllers support Zero Memory Raid (ZMR).
3570          * When configured in ZMR mode the number of supported
3571          * commands drops to 64. So instead of just setting an
3572          * arbitrary value we make the driver a little smarter.
3573          * We read the config table to tell us how many commands
3574          * are supported on the controller then subtract 4 to
3575          * leave a little room for ioctl calls.
3576          */
3577         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3578         for (i = 0; i < ARRAY_SIZE(products); i++) {
3579                 if (board_id == products[i].board_id) {
3580                         c->product_name = products[i].product_name;
3581                         c->access = *(products[i].access);
3582                         c->nr_cmds = c->max_commands - 4;
3583                         break;
3584                 }
3585         }
3586         if ((readb(&c->cfgtable->Signature[0]) != 'C') ||
3587             (readb(&c->cfgtable->Signature[1]) != 'I') ||
3588             (readb(&c->cfgtable->Signature[2]) != 'S') ||
3589             (readb(&c->cfgtable->Signature[3]) != 'S')) {
3590                 printk("Does not appear to be a valid CISS config table\n");
3591                 err = -ENODEV;
3592                 goto err_out_free_res;
3593         }
3594         /* We didn't find the controller in our list. We know the
3595          * signature is valid. If it's an HP device let's try to
3596          * bind to the device and fire it up. Otherwise we bail.
3597          */
3598         if (i == ARRAY_SIZE(products)) {
3599                 if (subsystem_vendor_id == PCI_VENDOR_ID_HP) {
3600                         c->product_name = products[i-1].product_name;
3601                         c->access = *(products[i-1].access);
3602                         c->nr_cmds = c->max_commands - 4;
3603                         printk(KERN_WARNING "cciss: This is an unknown "
3604                                 "Smart Array controller.\n"
3605                                 "cciss: Please update to the latest driver "
3606                                 "available from www.hp.com.\n");
3607                 } else {
3608                         printk(KERN_WARNING "cciss: Sorry, I don't know how"
3609                                 " to access the Smart Array controller %08lx\n"
3610                                         , (unsigned long)board_id);
3611                         err = -ENODEV;
3612                         goto err_out_free_res;
3613                 }
3614         }
3615 #ifdef CONFIG_X86
3616         {
3617                 /* Need to enable prefetch in the SCSI core for 6400 in x86 */
3618                 __u32 prefetch;
3619                 prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
3620                 prefetch |= 0x100;
3621                 writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
3622         }
3623 #endif
3624
3625         /* Disabling DMA prefetch and refetch for the P600.
3626          * An ASIC bug may result in accesses to invalid memory addresses.
3627          * We've disabled prefetch for some time now. Testing with XEN
3628          * kernels revealed a bug in the refetch if dom0 resides on a P600.
3629          */
3630         if(board_id == 0x3225103C) {
3631                 __u32 dma_prefetch;
3632                 __u32 dma_refetch;
3633                 dma_prefetch = readl(c->vaddr + I2O_DMA1_CFG);
3634                 dma_prefetch |= 0x8000;
3635                 writel(dma_prefetch, c->vaddr + I2O_DMA1_CFG);
3636                 pci_read_config_dword(pdev, PCI_COMMAND_PARITY, &dma_refetch);
3637                 dma_refetch |= 0x1;
3638                 pci_write_config_dword(pdev, PCI_COMMAND_PARITY, dma_refetch);
3639         }
3640
3641 #ifdef CCISS_DEBUG
3642         printk("Trying to put board into Simple mode\n");
3643 #endif                          /* CCISS_DEBUG */
3644         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3645         /* Update the field, and then ring the doorbell */
3646         writel(CFGTBL_Trans_Simple, &(c->cfgtable->HostWrite.TransportRequest));
3647         writel(CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
3648
3649         /* under certain very rare conditions, this can take awhile.
3650          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
3651          * as we enter this code.) */
3652         for (i = 0; i < MAX_CONFIG_WAIT; i++) {
3653                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
3654                         break;
3655                 /* delay and try again */
3656                 set_current_state(TASK_INTERRUPTIBLE);
3657                 schedule_timeout(10);
3658         }
3659
3660 #ifdef CCISS_DEBUG
3661         printk(KERN_DEBUG "I counter got to %d %x\n", i,
3662                readl(c->vaddr + SA5_DOORBELL));
3663 #endif                          /* CCISS_DEBUG */
3664 #ifdef CCISS_DEBUG
3665         print_cfg_table(c->cfgtable);
3666 #endif                          /* CCISS_DEBUG */
3667
3668         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple)) {
3669                 printk(KERN_WARNING "cciss: unable to get board into"
3670                        " simple mode\n");
3671                 err = -ENODEV;
3672                 goto err_out_free_res;
3673         }
3674         return 0;
3675
3676 err_out_free_res:
3677         /*
3678          * Deliberately omit pci_disable_device(): it does something nasty to
3679          * Smart Array controllers that pci_enable_device does not undo
3680          */
3681         pci_release_regions(pdev);
3682         return err;
3683 }
3684
3685 /* Function to find the first free pointer into our hba[] array
3686  * Returns -1 if no free entries are left.
3687  */
3688 static int alloc_cciss_hba(void)
3689 {
3690         int i;
3691
3692         for (i = 0; i < MAX_CTLR; i++) {
3693                 if (!hba[i]) {
3694                         ctlr_info_t *p;
3695
3696                         p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3697                         if (!p)
3698                                 goto Enomem;
3699                         hba[i] = p;
3700                         return i;
3701                 }
3702         }
3703         printk(KERN_WARNING "cciss: This driver supports a maximum"
3704                " of %d controllers.\n", MAX_CTLR);
3705         return -1;
3706 Enomem:
3707         printk(KERN_ERR "cciss: out of memory.\n");
3708         return -1;
3709 }
3710
3711 static void free_hba(int i)
3712 {
3713         ctlr_info_t *p = hba[i];
3714         int n;
3715
3716         hba[i] = NULL;
3717         for (n = 0; n < CISS_MAX_LUN; n++)
3718                 put_disk(p->gendisk[n]);
3719         kfree(p);
3720 }
3721
3722 /* Send a message CDB to the firmware. */
3723 static __devinit int cciss_message(struct pci_dev *pdev, unsigned char opcode, unsigned char type)
3724 {
3725         typedef struct {
3726                 CommandListHeader_struct CommandHeader;
3727                 RequestBlock_struct Request;
3728                 ErrDescriptor_struct ErrorDescriptor;
3729         } Command;
3730         static const size_t cmd_sz = sizeof(Command) + sizeof(ErrorInfo_struct);
3731         Command *cmd;
3732         dma_addr_t paddr64;
3733         uint32_t paddr32, tag;
3734         void __iomem *vaddr;
3735         int i, err;
3736
3737         vaddr = ioremap_nocache(pci_resource_start(pdev, 0), pci_resource_len(pdev, 0));
3738         if (vaddr == NULL)
3739                 return -ENOMEM;
3740
3741         /* The Inbound Post Queue only accepts 32-bit physical addresses for the
3742            CCISS commands, so they must be allocated from the lower 4GiB of
3743            memory. */
3744         err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32));
3745         if (err) {
3746                 iounmap(vaddr);
3747                 return -ENOMEM;
3748         }
3749
3750         cmd = pci_alloc_consistent(pdev, cmd_sz, &paddr64);
3751         if (cmd == NULL) {
3752                 iounmap(vaddr);
3753                 return -ENOMEM;
3754         }
3755
3756         /* This must fit, because of the 32-bit consistent DMA mask.  Also,
3757            although there's no guarantee, we assume that the address is at
3758            least 4-byte aligned (most likely, it's page-aligned). */
3759         paddr32 = paddr64;
3760
3761         cmd->CommandHeader.ReplyQueue = 0;
3762         cmd->CommandHeader.SGList = 0;
3763         cmd->CommandHeader.SGTotal = 0;
3764         cmd->CommandHeader.Tag.lower = paddr32;
3765         cmd->CommandHeader.Tag.upper = 0;
3766         memset(&cmd->CommandHeader.LUN.LunAddrBytes, 0, 8);
3767
3768         cmd->Request.CDBLen = 16;
3769         cmd->Request.Type.Type = TYPE_MSG;
3770         cmd->Request.Type.Attribute = ATTR_HEADOFQUEUE;
3771         cmd->Request.Type.Direction = XFER_NONE;
3772         cmd->Request.Timeout = 0; /* Don't time out */
3773         cmd->Request.CDB[0] = opcode;
3774         cmd->Request.CDB[1] = type;
3775         memset(&cmd->Request.CDB[2], 0, 14); /* the rest of the CDB is reserved */
3776
3777         cmd->ErrorDescriptor.Addr.lower = paddr32 + sizeof(Command);
3778         cmd->ErrorDescriptor.Addr.upper = 0;
3779         cmd->ErrorDescriptor.Len = sizeof(ErrorInfo_struct);
3780
3781         writel(paddr32, vaddr + SA5_REQUEST_PORT_OFFSET);
3782
3783         for (i = 0; i < 10; i++) {
3784                 tag = readl(vaddr + SA5_REPLY_PORT_OFFSET);
3785                 if ((tag & ~3) == paddr32)
3786                         break;
3787                 schedule_timeout_uninterruptible(HZ);
3788         }
3789
3790         iounmap(vaddr);
3791
3792         /* we leak the DMA buffer here ... no choice since the controller could
3793            still complete the command. */
3794         if (i == 10) {
3795                 printk(KERN_ERR "cciss: controller message %02x:%02x timed out\n",
3796                         opcode, type);
3797                 return -ETIMEDOUT;
3798         }
3799
3800         pci_free_consistent(pdev, cmd_sz, cmd, paddr64);
3801
3802         if (tag & 2) {
3803                 printk(KERN_ERR "cciss: controller message %02x:%02x failed\n",
3804                         opcode, type);
3805                 return -EIO;
3806         }
3807
3808         printk(KERN_INFO "cciss: controller message %02x:%02x succeeded\n",
3809                 opcode, type);
3810         return 0;
3811 }
3812
3813 #define cciss_soft_reset_controller(p) cciss_message(p, 1, 0)
3814 #define cciss_noop(p) cciss_message(p, 3, 0)
3815
3816 static __devinit int cciss_reset_msi(struct pci_dev *pdev)
3817 {
3818 /* the #defines are stolen from drivers/pci/msi.h. */
3819 #define msi_control_reg(base)           (base + PCI_MSI_FLAGS)
3820 #define PCI_MSIX_FLAGS_ENABLE           (1 << 15)
3821
3822         int pos;
3823         u16 control = 0;
3824
3825         pos = pci_find_capability(pdev, PCI_CAP_ID_MSI);
3826         if (pos) {
3827                 pci_read_config_word(pdev, msi_control_reg(pos), &control);
3828                 if (control & PCI_MSI_FLAGS_ENABLE) {
3829                         printk(KERN_INFO "cciss: resetting MSI\n");
3830                         pci_write_config_word(pdev, msi_control_reg(pos), control & ~PCI_MSI_FLAGS_ENABLE);
3831                 }
3832         }
3833
3834         pos = pci_find_capability(pdev, PCI_CAP_ID_MSIX);
3835         if (pos) {
3836                 pci_read_config_word(pdev, msi_control_reg(pos), &control);
3837                 if (control & PCI_MSIX_FLAGS_ENABLE) {
3838                         printk(KERN_INFO "cciss: resetting MSI-X\n");
3839                         pci_write_config_word(pdev, msi_control_reg(pos), control & ~PCI_MSIX_FLAGS_ENABLE);
3840                 }
3841         }
3842
3843         return 0;
3844 }
3845
3846 /* This does a hard reset of the controller using PCI power management
3847  * states. */
3848 static __devinit int cciss_hard_reset_controller(struct pci_dev *pdev)
3849 {
3850         u16 pmcsr, saved_config_space[32];
3851         int i, pos;
3852
3853         printk(KERN_INFO "cciss: using PCI PM to reset controller\n");
3854
3855         /* This is very nearly the same thing as
3856
3857            pci_save_state(pci_dev);
3858            pci_set_power_state(pci_dev, PCI_D3hot);
3859            pci_set_power_state(pci_dev, PCI_D0);
3860            pci_restore_state(pci_dev);
3861
3862            but we can't use these nice canned kernel routines on
3863            kexec, because they also check the MSI/MSI-X state in PCI
3864            configuration space and do the wrong thing when it is
3865            set/cleared.  Also, the pci_save/restore_state functions
3866            violate the ordering requirements for restoring the
3867            configuration space from the CCISS document (see the
3868            comment below).  So we roll our own .... */
3869
3870         for (i = 0; i < 32; i++)
3871                 pci_read_config_word(pdev, 2*i, &saved_config_space[i]);
3872
3873         pos = pci_find_capability(pdev, PCI_CAP_ID_PM);
3874         if (pos == 0) {
3875                 printk(KERN_ERR "cciss_reset_controller: PCI PM not supported\n");
3876                 return -ENODEV;
3877         }
3878
3879         /* Quoting from the Open CISS Specification: "The Power
3880          * Management Control/Status Register (CSR) controls the power
3881          * state of the device.  The normal operating state is D0,
3882          * CSR=00h.  The software off state is D3, CSR=03h.  To reset
3883          * the controller, place the interface device in D3 then to
3884          * D0, this causes a secondary PCI reset which will reset the
3885          * controller." */
3886
3887         /* enter the D3hot power management state */
3888         pci_read_config_word(pdev, pos + PCI_PM_CTRL, &pmcsr);
3889         pmcsr &= ~PCI_PM_CTRL_STATE_MASK;
3890         pmcsr |= PCI_D3hot;
3891         pci_write_config_word(pdev, pos + PCI_PM_CTRL, pmcsr);
3892
3893         schedule_timeout_uninterruptible(HZ >> 1);
3894
3895         /* enter the D0 power management state */
3896         pmcsr &= ~PCI_PM_CTRL_STATE_MASK;
3897         pmcsr |= PCI_D0;
3898         pci_write_config_word(pdev, pos + PCI_PM_CTRL, pmcsr);
3899
3900         schedule_timeout_uninterruptible(HZ >> 1);
3901
3902         /* Restore the PCI configuration space.  The Open CISS
3903          * Specification says, "Restore the PCI Configuration
3904          * Registers, offsets 00h through 60h. It is important to
3905          * restore the command register, 16-bits at offset 04h,
3906          * last. Do not restore the configuration status register,
3907          * 16-bits at offset 06h."  Note that the offset is 2*i. */
3908         for (i = 0; i < 32; i++) {
3909                 if (i == 2 || i == 3)
3910                         continue;
3911                 pci_write_config_word(pdev, 2*i, saved_config_space[i]);
3912         }
3913         wmb();
3914         pci_write_config_word(pdev, 4, saved_config_space[2]);
3915
3916         return 0;
3917 }
3918
3919 /*
3920  *  This is it.  Find all the controllers and register them.  I really hate
3921  *  stealing all these major device numbers.
3922  *  returns the number of block devices registered.
3923  */
3924 static int __devinit cciss_init_one(struct pci_dev *pdev,
3925                                     const struct pci_device_id *ent)
3926 {
3927         int i;
3928         int j = 0;
3929         int rc;
3930         int dac, return_code;
3931         InquiryData_struct *inq_buff = NULL;
3932
3933         if (reset_devices) {
3934                 /* Reset the controller with a PCI power-cycle */
3935                 if (cciss_hard_reset_controller(pdev) || cciss_reset_msi(pdev))
3936                         return -ENODEV;
3937
3938                 /* Now try to get the controller to respond to a no-op. Some
3939                    devices (notably the HP Smart Array 5i Controller) need
3940                    up to 30 seconds to respond. */
3941                 for (i=0; i<30; i++) {
3942                         if (cciss_noop(pdev) == 0)
3943                                 break;
3944
3945                         schedule_timeout_uninterruptible(HZ);
3946                 }
3947                 if (i == 30) {
3948                         printk(KERN_ERR "cciss: controller seems dead\n");
3949                         return -EBUSY;
3950                 }
3951         }
3952
3953         i = alloc_cciss_hba();
3954         if (i < 0)
3955                 return -1;
3956
3957         hba[i]->busy_initializing = 1;
3958         INIT_HLIST_HEAD(&hba[i]->cmpQ);
3959         INIT_HLIST_HEAD(&hba[i]->reqQ);
3960
3961         if (cciss_pci_init(hba[i], pdev) != 0)
3962                 goto clean0;
3963
3964         sprintf(hba[i]->devname, "cciss%d", i);
3965         hba[i]->ctlr = i;
3966         hba[i]->pdev = pdev;
3967
3968         if (cciss_create_hba_sysfs_entry(hba[i]))
3969                 goto clean0;
3970
3971         /* configure PCI DMA stuff */
3972         if (!pci_set_dma_mask(pdev, DMA_BIT_MASK(64)))
3973                 dac = 1;
3974         else if (!pci_set_dma_mask(pdev, DMA_BIT_MASK(32)))
3975                 dac = 0;
3976         else {
3977                 printk(KERN_ERR "cciss: no suitable DMA available\n");
3978                 goto clean1;
3979         }
3980
3981         /*
3982          * register with the major number, or get a dynamic major number
3983          * by passing 0 as argument.  This is done for greater than
3984          * 8 controller support.
3985          */
3986         if (i < MAX_CTLR_ORIG)
3987                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
3988         rc = register_blkdev(hba[i]->major, hba[i]->devname);
3989         if (rc == -EBUSY || rc == -EINVAL) {
3990                 printk(KERN_ERR
3991                        "cciss:  Unable to get major number %d for %s "
3992                        "on hba %d\n", hba[i]->major, hba[i]->devname, i);
3993                 goto clean1;
3994         } else {
3995                 if (i >= MAX_CTLR_ORIG)
3996                         hba[i]->major = rc;
3997         }
3998
3999         /* make sure the board interrupts are off */
4000         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
4001         if (request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
4002                         IRQF_DISABLED | IRQF_SHARED, hba[i]->devname, hba[i])) {
4003                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
4004                        hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
4005                 goto clean2;
4006         }
4007
4008         printk(KERN_INFO "%s: <0x%x> at PCI %s IRQ %d%s using DAC\n",
4009                hba[i]->devname, pdev->device, pci_name(pdev),
4010                hba[i]->intr[SIMPLE_MODE_INT], dac ? "" : " not");
4011
4012         hba[i]->cmd_pool_bits =
4013             kmalloc(DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
4014                         * sizeof(unsigned long), GFP_KERNEL);
4015         hba[i]->cmd_pool = (CommandList_struct *)
4016             pci_alloc_consistent(hba[i]->pdev,
4017                     hba[i]->nr_cmds * sizeof(CommandList_struct),
4018                     &(hba[i]->cmd_pool_dhandle));
4019         hba[i]->errinfo_pool = (ErrorInfo_struct *)
4020             pci_alloc_consistent(hba[i]->pdev,
4021                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
4022                     &(hba[i]->errinfo_pool_dhandle));
4023         if ((hba[i]->cmd_pool_bits == NULL)
4024             || (hba[i]->cmd_pool == NULL)
4025             || (hba[i]->errinfo_pool == NULL)) {
4026                 printk(KERN_ERR "cciss: out of memory");
4027                 goto clean4;
4028         }
4029 #ifdef CONFIG_CISS_SCSI_TAPE
4030         hba[i]->scsi_rejects.complete =
4031             kmalloc(sizeof(hba[i]->scsi_rejects.complete[0]) *
4032                     (hba[i]->nr_cmds + 5), GFP_KERNEL);
4033         if (hba[i]->scsi_rejects.complete == NULL) {
4034                 printk(KERN_ERR "cciss: out of memory");
4035                 goto clean4;
4036         }
4037 #endif
4038         spin_lock_init(&hba[i]->lock);
4039
4040         /* Initialize the pdev driver private data.
4041            have it point to hba[i].  */
4042         pci_set_drvdata(pdev, hba[i]);
4043         /* command and error info recs zeroed out before
4044            they are used */
4045         memset(hba[i]->cmd_pool_bits, 0,
4046                DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
4047                         * sizeof(unsigned long));
4048
4049         hba[i]->num_luns = 0;
4050         hba[i]->highest_lun = -1;
4051         for (j = 0; j < CISS_MAX_LUN; j++) {
4052                 hba[i]->drv[j].raid_level = -1;
4053                 hba[i]->drv[j].queue = NULL;
4054                 hba[i]->gendisk[j] = NULL;
4055         }
4056
4057         cciss_scsi_setup(i);
4058
4059         /* Turn the interrupts on so we can service requests */
4060         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
4061
4062         /* Get the firmware version */
4063         inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
4064         if (inq_buff == NULL) {
4065                 printk(KERN_ERR "cciss: out of memory\n");
4066                 goto clean4;
4067         }
4068
4069         return_code = sendcmd_withirq(CISS_INQUIRY, i, inq_buff,
4070                 sizeof(InquiryData_struct), 0, 0 , 0, TYPE_CMD);
4071         if (return_code == IO_OK) {
4072                 hba[i]->firm_ver[0] = inq_buff->data_byte[32];
4073                 hba[i]->firm_ver[1] = inq_buff->data_byte[33];
4074                 hba[i]->firm_ver[2] = inq_buff->data_byte[34];
4075                 hba[i]->firm_ver[3] = inq_buff->data_byte[35];
4076         } else {         /* send command failed */
4077                 printk(KERN_WARNING "cciss: unable to determine firmware"
4078                         " version of controller\n");
4079         }
4080
4081         cciss_procinit(i);
4082
4083         hba[i]->cciss_max_sectors = 2048;
4084
4085         hba[i]->busy_initializing = 0;
4086
4087         rebuild_lun_table(hba[i], 1);
4088         hba[i]->cciss_scan_thread = kthread_run(scan_thread, hba[i],
4089                                 "cciss_scan%02d", i);
4090         if (IS_ERR(hba[i]->cciss_scan_thread))
4091                 return PTR_ERR(hba[i]->cciss_scan_thread);
4092
4093         return 1;
4094
4095 clean4:
4096         kfree(inq_buff);
4097 #ifdef CONFIG_CISS_SCSI_TAPE
4098         kfree(hba[i]->scsi_rejects.complete);
4099 #endif
4100         kfree(hba[i]->cmd_pool_bits);
4101         if (hba[i]->cmd_pool)
4102                 pci_free_consistent(hba[i]->pdev,
4103                                     hba[i]->nr_cmds * sizeof(CommandList_struct),
4104                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
4105         if (hba[i]->errinfo_pool)
4106                 pci_free_consistent(hba[i]->pdev,
4107                                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
4108                                     hba[i]->errinfo_pool,
4109                                     hba[i]->errinfo_pool_dhandle);
4110         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
4111 clean2:
4112         unregister_blkdev(hba[i]->major, hba[i]->devname);
4113 clean1:
4114         cciss_destroy_hba_sysfs_entry(hba[i]);
4115 clean0:
4116         hba[i]->busy_initializing = 0;
4117         /* cleanup any queues that may have been initialized */
4118         for (j=0; j <= hba[i]->highest_lun; j++){
4119                 drive_info_struct *drv = &(hba[i]->drv[j]);
4120                 if (drv->queue)
4121                         blk_cleanup_queue(drv->queue);
4122         }
4123         /*
4124          * Deliberately omit pci_disable_device(): it does something nasty to
4125          * Smart Array controllers that pci_enable_device does not undo
4126          */
4127         pci_release_regions(pdev);
4128         pci_set_drvdata(pdev, NULL);
4129         free_hba(i);
4130         return -1;
4131 }
4132
4133 static void cciss_shutdown(struct pci_dev *pdev)
4134 {
4135         ctlr_info_t *tmp_ptr;
4136         int i;
4137         char flush_buf[4];
4138         int return_code;
4139
4140         tmp_ptr = pci_get_drvdata(pdev);
4141         if (tmp_ptr == NULL)
4142                 return;
4143         i = tmp_ptr->ctlr;
4144         if (hba[i] == NULL)
4145                 return;
4146
4147         /* Turn board interrupts off  and send the flush cache command */
4148         /* sendcmd will turn off interrupt, and send the flush...
4149          * To write all data in the battery backed cache to disks */
4150         memset(flush_buf, 0, 4);
4151         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0, 0, 0, NULL,
4152                               TYPE_CMD);
4153         if (return_code == IO_OK) {
4154                 printk(KERN_INFO "Completed flushing cache on controller %d\n", i);
4155         } else {
4156                 printk(KERN_WARNING "Error flushing cache on controller %d\n", i);
4157         }
4158         free_irq(hba[i]->intr[2], hba[i]);
4159 }
4160
4161 static void __devexit cciss_remove_one(struct pci_dev *pdev)
4162 {
4163         ctlr_info_t *tmp_ptr;
4164         int i, j;
4165
4166         if (pci_get_drvdata(pdev) == NULL) {
4167                 printk(KERN_ERR "cciss: Unable to remove device \n");
4168                 return;
4169         }
4170
4171         tmp_ptr = pci_get_drvdata(pdev);
4172         i = tmp_ptr->ctlr;
4173         if (hba[i] == NULL) {
4174                 printk(KERN_ERR "cciss: device appears to "
4175                        "already be removed \n");
4176                 return;
4177         }
4178
4179         kthread_stop(hba[i]->cciss_scan_thread);
4180
4181         remove_proc_entry(hba[i]->devname, proc_cciss);
4182         unregister_blkdev(hba[i]->major, hba[i]->devname);
4183
4184         /* remove it from the disk list */
4185         for (j = 0; j < CISS_MAX_LUN; j++) {
4186                 struct gendisk *disk = hba[i]->gendisk[j];
4187                 if (disk) {
4188                         struct request_queue *q = disk->queue;
4189
4190                         if (disk->flags & GENHD_FL_UP)
4191                                 del_gendisk(disk);
4192                         if (q)
4193                                 blk_cleanup_queue(q);
4194                 }
4195         }
4196
4197 #ifdef CONFIG_CISS_SCSI_TAPE
4198         cciss_unregister_scsi(i);       /* unhook from SCSI subsystem */
4199 #endif
4200
4201         cciss_shutdown(pdev);
4202
4203 #ifdef CONFIG_PCI_MSI
4204         if (hba[i]->msix_vector)
4205                 pci_disable_msix(hba[i]->pdev);
4206         else if (hba[i]->msi_vector)
4207                 pci_disable_msi(hba[i]->pdev);
4208 #endif                          /* CONFIG_PCI_MSI */
4209
4210         iounmap(hba[i]->vaddr);
4211
4212         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(CommandList_struct),
4213                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
4214         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
4215                             hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
4216         kfree(hba[i]->cmd_pool_bits);
4217 #ifdef CONFIG_CISS_SCSI_TAPE
4218         kfree(hba[i]->scsi_rejects.complete);
4219 #endif
4220         /*
4221          * Deliberately omit pci_disable_device(): it does something nasty to
4222          * Smart Array controllers that pci_enable_device does not undo
4223          */
4224         pci_release_regions(pdev);
4225         pci_set_drvdata(pdev, NULL);
4226         cciss_destroy_hba_sysfs_entry(hba[i]);
4227         free_hba(i);
4228 }
4229
4230 static struct pci_driver cciss_pci_driver = {
4231         .name = "cciss",
4232         .probe = cciss_init_one,
4233         .remove = __devexit_p(cciss_remove_one),
4234         .id_table = cciss_pci_device_id,        /* id_table */
4235         .shutdown = cciss_shutdown,
4236 };
4237
4238 /*
4239  *  This is it.  Register the PCI driver information for the cards we control
4240  *  the OS will call our registered routines when it finds one of our cards.
4241  */
4242 static int __init cciss_init(void)
4243 {
4244         int err;
4245
4246         /*
4247          * The hardware requires that commands are aligned on a 64-bit
4248          * boundary. Given that we use pci_alloc_consistent() to allocate an
4249          * array of them, the size must be a multiple of 8 bytes.
4250          */
4251         BUILD_BUG_ON(sizeof(CommandList_struct) % 8);
4252
4253         printk(KERN_INFO DRIVER_NAME "\n");
4254
4255         err = bus_register(&cciss_bus_type);
4256         if (err)
4257                 return err;
4258
4259         /* Register for our PCI devices */
4260         err = pci_register_driver(&cciss_pci_driver);
4261         if (err)
4262                 goto err_bus_register;
4263
4264         return 0;
4265
4266 err_bus_register:
4267         bus_unregister(&cciss_bus_type);
4268         return err;
4269 }
4270
4271 static void __exit cciss_cleanup(void)
4272 {
4273         int i;
4274
4275         pci_unregister_driver(&cciss_pci_driver);
4276         /* double check that all controller entrys have been removed */
4277         for (i = 0; i < MAX_CTLR; i++) {
4278                 if (hba[i] != NULL) {
4279                         printk(KERN_WARNING "cciss: had to remove"
4280                                " controller %d\n", i);
4281                         cciss_remove_one(hba[i]->pdev);
4282                 }
4283         }
4284         remove_proc_entry("driver/cciss", NULL);
4285         bus_unregister(&cciss_bus_type);
4286 }
4287
4288 static void fail_all_cmds(unsigned long ctlr)
4289 {
4290         /* If we get here, the board is apparently dead. */
4291         ctlr_info_t *h = hba[ctlr];
4292         CommandList_struct *c;
4293         unsigned long flags;
4294
4295         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
4296         h->alive = 0;           /* the controller apparently died... */
4297
4298         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
4299
4300         pci_disable_device(h->pdev);    /* Make sure it is really dead. */
4301
4302         /* move everything off the request queue onto the completed queue */
4303         while (!hlist_empty(&h->reqQ)) {
4304                 c = hlist_entry(h->reqQ.first, CommandList_struct, list);
4305                 removeQ(c);
4306                 h->Qdepth--;
4307                 addQ(&h->cmpQ, c);
4308         }
4309
4310         /* Now, fail everything on the completed queue with a HW error */
4311         while (!hlist_empty(&h->cmpQ)) {
4312                 c = hlist_entry(h->cmpQ.first, CommandList_struct, list);
4313                 removeQ(c);
4314                 c->err_info->CommandStatus = CMD_HARDWARE_ERR;
4315                 if (c->cmd_type == CMD_RWREQ) {
4316                         complete_command(h, c, 0);
4317                 } else if (c->cmd_type == CMD_IOCTL_PEND)
4318                         complete(c->waiting);
4319 #ifdef CONFIG_CISS_SCSI_TAPE
4320                 else if (c->cmd_type == CMD_SCSI)
4321                         complete_scsi_command(c, 0, 0);
4322 #endif
4323         }
4324         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
4325         return;
4326 }
4327
4328 module_init(cciss_init);
4329 module_exit(cciss_cleanup);