cciss: fix SCSI device reset handler
[linux-2.6] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP Smart Array controllers.
3  *    (C) Copyright 2000, 2007 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; version 2 of the License.
8  *
9  *    This program is distributed in the hope that it will be useful,
10  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
11  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  *    General Public License for more details.
13  *
14  *    You should have received a copy of the GNU General Public License
15  *    along with this program; if not, write to the Free Software
16  *    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17  *    02111-1307, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/module.h>
24 #include <linux/interrupt.h>
25 #include <linux/types.h>
26 #include <linux/pci.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/delay.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/bio.h>
33 #include <linux/blkpg.h>
34 #include <linux/timer.h>
35 #include <linux/proc_fs.h>
36 #include <linux/seq_file.h>
37 #include <linux/init.h>
38 #include <linux/hdreg.h>
39 #include <linux/spinlock.h>
40 #include <linux/compat.h>
41 #include <linux/blktrace_api.h>
42 #include <asm/uaccess.h>
43 #include <asm/io.h>
44
45 #include <linux/dma-mapping.h>
46 #include <linux/blkdev.h>
47 #include <linux/genhd.h>
48 #include <linux/completion.h>
49 #include <scsi/scsi.h>
50 #include <scsi/sg.h>
51 #include <scsi/scsi_ioctl.h>
52 #include <linux/cdrom.h>
53 #include <linux/scatterlist.h>
54 #include <linux/kthread.h>
55
56 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
57 #define DRIVER_NAME "HP CISS Driver (v 3.6.20)"
58 #define DRIVER_VERSION CCISS_DRIVER_VERSION(3, 6, 20)
59
60 /* Embedded module documentation macros - see modules.h */
61 MODULE_AUTHOR("Hewlett-Packard Company");
62 MODULE_DESCRIPTION("Driver for HP Smart Array Controllers");
63 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
64                         " SA6i P600 P800 P400 P400i E200 E200i E500 P700m"
65                         " Smart Array G2 Series SAS/SATA Controllers");
66 MODULE_VERSION("3.6.20");
67 MODULE_LICENSE("GPL");
68
69 #include "cciss_cmd.h"
70 #include "cciss.h"
71 #include <linux/cciss_ioctl.h>
72
73 /* define the PCI info for the cards we can control */
74 static const struct pci_device_id cciss_pci_device_id[] = {
75         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,  0x0E11, 0x4070},
76         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4080},
77         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4082},
78         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4083},
79         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x4091},
80         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409A},
81         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409B},
82         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409C},
83         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409D},
84         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSA,     0x103C, 0x3225},
85         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3223},
86         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3234},
87         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3235},
88         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3211},
89         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3212},
90         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3213},
91         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3214},
92         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3215},
93         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3237},
94         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x323D},
95         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3241},
96         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3243},
97         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3245},
98         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3247},
99         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3249},
100         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324A},
101         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324B},
102         {PCI_VENDOR_ID_HP,     PCI_ANY_ID,      PCI_ANY_ID, PCI_ANY_ID,
103                 PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
104         {0,}
105 };
106
107 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
108
109 /*  board_id = Subsystem Device ID & Vendor ID
110  *  product = Marketing Name for the board
111  *  access = Address of the struct of function pointers
112  */
113 static struct board_type products[] = {
114         {0x40700E11, "Smart Array 5300", &SA5_access},
115         {0x40800E11, "Smart Array 5i", &SA5B_access},
116         {0x40820E11, "Smart Array 532", &SA5B_access},
117         {0x40830E11, "Smart Array 5312", &SA5B_access},
118         {0x409A0E11, "Smart Array 641", &SA5_access},
119         {0x409B0E11, "Smart Array 642", &SA5_access},
120         {0x409C0E11, "Smart Array 6400", &SA5_access},
121         {0x409D0E11, "Smart Array 6400 EM", &SA5_access},
122         {0x40910E11, "Smart Array 6i", &SA5_access},
123         {0x3225103C, "Smart Array P600", &SA5_access},
124         {0x3223103C, "Smart Array P800", &SA5_access},
125         {0x3234103C, "Smart Array P400", &SA5_access},
126         {0x3235103C, "Smart Array P400i", &SA5_access},
127         {0x3211103C, "Smart Array E200i", &SA5_access},
128         {0x3212103C, "Smart Array E200", &SA5_access},
129         {0x3213103C, "Smart Array E200i", &SA5_access},
130         {0x3214103C, "Smart Array E200i", &SA5_access},
131         {0x3215103C, "Smart Array E200i", &SA5_access},
132         {0x3237103C, "Smart Array E500", &SA5_access},
133         {0x323D103C, "Smart Array P700m", &SA5_access},
134         {0x3241103C, "Smart Array P212", &SA5_access},
135         {0x3243103C, "Smart Array P410", &SA5_access},
136         {0x3245103C, "Smart Array P410i", &SA5_access},
137         {0x3247103C, "Smart Array P411", &SA5_access},
138         {0x3249103C, "Smart Array P812", &SA5_access},
139         {0x324A103C, "Smart Array P712m", &SA5_access},
140         {0x324B103C, "Smart Array P711m", &SA5_access},
141         {0xFFFF103C, "Unknown Smart Array", &SA5_access},
142 };
143
144 /* How long to wait (in milliseconds) for board to go into simple mode */
145 #define MAX_CONFIG_WAIT 30000
146 #define MAX_IOCTL_CONFIG_WAIT 1000
147
148 /*define how many times we will try a command because of bus resets */
149 #define MAX_CMD_RETRIES 3
150
151 #define MAX_CTLR        32
152
153 /* Originally cciss driver only supports 8 major numbers */
154 #define MAX_CTLR_ORIG   8
155
156 static ctlr_info_t *hba[MAX_CTLR];
157
158 static void do_cciss_request(struct request_queue *q);
159 static irqreturn_t do_cciss_intr(int irq, void *dev_id);
160 static int cciss_open(struct block_device *bdev, fmode_t mode);
161 static int cciss_release(struct gendisk *disk, fmode_t mode);
162 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
163                        unsigned int cmd, unsigned long arg);
164 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
165
166 static int cciss_revalidate(struct gendisk *disk);
167 static int rebuild_lun_table(ctlr_info_t *h, int first_time);
168 static int deregister_disk(ctlr_info_t *h, int drv_index,
169                            int clear_all);
170
171 static void cciss_read_capacity(int ctlr, int logvol, int withirq,
172                         sector_t *total_size, unsigned int *block_size);
173 static void cciss_read_capacity_16(int ctlr, int logvol, int withirq,
174                         sector_t *total_size, unsigned int *block_size);
175 static void cciss_geometry_inquiry(int ctlr, int logvol,
176                         int withirq, sector_t total_size,
177                         unsigned int block_size, InquiryData_struct *inq_buff,
178                                    drive_info_struct *drv);
179 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *,
180                                            __u32);
181 static void start_io(ctlr_info_t *h);
182 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
183                    unsigned int use_unit_num, unsigned int log_unit,
184                    __u8 page_code, unsigned char *scsi3addr, int cmd_type);
185 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
186                            unsigned int use_unit_num, unsigned int log_unit,
187                            __u8 page_code, int cmd_type);
188
189 static void fail_all_cmds(unsigned long ctlr);
190 static int scan_thread(void *data);
191 static int check_for_unit_attention(ctlr_info_t *h, CommandList_struct *c);
192
193 #ifdef CONFIG_PROC_FS
194 static void cciss_procinit(int i);
195 #else
196 static void cciss_procinit(int i)
197 {
198 }
199 #endif                          /* CONFIG_PROC_FS */
200
201 #ifdef CONFIG_COMPAT
202 static int cciss_compat_ioctl(struct block_device *, fmode_t,
203                               unsigned, unsigned long);
204 #endif
205
206 static struct block_device_operations cciss_fops = {
207         .owner = THIS_MODULE,
208         .open = cciss_open,
209         .release = cciss_release,
210         .locked_ioctl = cciss_ioctl,
211         .getgeo = cciss_getgeo,
212 #ifdef CONFIG_COMPAT
213         .compat_ioctl = cciss_compat_ioctl,
214 #endif
215         .revalidate_disk = cciss_revalidate,
216 };
217
218 /*
219  * Enqueuing and dequeuing functions for cmdlists.
220  */
221 static inline void addQ(struct hlist_head *list, CommandList_struct *c)
222 {
223         hlist_add_head(&c->list, list);
224 }
225
226 static inline void removeQ(CommandList_struct *c)
227 {
228         if (WARN_ON(hlist_unhashed(&c->list)))
229                 return;
230
231         hlist_del_init(&c->list);
232 }
233
234 #include "cciss_scsi.c"         /* For SCSI tape support */
235
236 #define RAID_UNKNOWN 6
237
238 #ifdef CONFIG_PROC_FS
239
240 /*
241  * Report information about this controller.
242  */
243 #define ENG_GIG 1000000000
244 #define ENG_GIG_FACTOR (ENG_GIG/512)
245 #define ENGAGE_SCSI     "engage scsi"
246 static const char *raid_label[] = { "0", "4", "1(1+0)", "5", "5+1", "ADG",
247         "UNKNOWN"
248 };
249
250 static struct proc_dir_entry *proc_cciss;
251
252 static void cciss_seq_show_header(struct seq_file *seq)
253 {
254         ctlr_info_t *h = seq->private;
255
256         seq_printf(seq, "%s: HP %s Controller\n"
257                 "Board ID: 0x%08lx\n"
258                 "Firmware Version: %c%c%c%c\n"
259                 "IRQ: %d\n"
260                 "Logical drives: %d\n"
261                 "Current Q depth: %d\n"
262                 "Current # commands on controller: %d\n"
263                 "Max Q depth since init: %d\n"
264                 "Max # commands on controller since init: %d\n"
265                 "Max SG entries since init: %d\n",
266                 h->devname,
267                 h->product_name,
268                 (unsigned long)h->board_id,
269                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2],
270                 h->firm_ver[3], (unsigned int)h->intr[SIMPLE_MODE_INT],
271                 h->num_luns,
272                 h->Qdepth, h->commands_outstanding,
273                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
274
275 #ifdef CONFIG_CISS_SCSI_TAPE
276         cciss_seq_tape_report(seq, h->ctlr);
277 #endif /* CONFIG_CISS_SCSI_TAPE */
278 }
279
280 static void *cciss_seq_start(struct seq_file *seq, loff_t *pos)
281 {
282         ctlr_info_t *h = seq->private;
283         unsigned ctlr = h->ctlr;
284         unsigned long flags;
285
286         /* prevent displaying bogus info during configuration
287          * or deconfiguration of a logical volume
288          */
289         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
290         if (h->busy_configuring) {
291                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
292                 return ERR_PTR(-EBUSY);
293         }
294         h->busy_configuring = 1;
295         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
296
297         if (*pos == 0)
298                 cciss_seq_show_header(seq);
299
300         return pos;
301 }
302
303 static int cciss_seq_show(struct seq_file *seq, void *v)
304 {
305         sector_t vol_sz, vol_sz_frac;
306         ctlr_info_t *h = seq->private;
307         unsigned ctlr = h->ctlr;
308         loff_t *pos = v;
309         drive_info_struct *drv = &h->drv[*pos];
310
311         if (*pos > h->highest_lun)
312                 return 0;
313
314         if (drv->heads == 0)
315                 return 0;
316
317         vol_sz = drv->nr_blocks;
318         vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
319         vol_sz_frac *= 100;
320         sector_div(vol_sz_frac, ENG_GIG_FACTOR);
321
322         if (drv->raid_level > 5)
323                 drv->raid_level = RAID_UNKNOWN;
324         seq_printf(seq, "cciss/c%dd%d:"
325                         "\t%4u.%02uGB\tRAID %s\n",
326                         ctlr, (int) *pos, (int)vol_sz, (int)vol_sz_frac,
327                         raid_label[drv->raid_level]);
328         return 0;
329 }
330
331 static void *cciss_seq_next(struct seq_file *seq, void *v, loff_t *pos)
332 {
333         ctlr_info_t *h = seq->private;
334
335         if (*pos > h->highest_lun)
336                 return NULL;
337         *pos += 1;
338
339         return pos;
340 }
341
342 static void cciss_seq_stop(struct seq_file *seq, void *v)
343 {
344         ctlr_info_t *h = seq->private;
345
346         /* Only reset h->busy_configuring if we succeeded in setting
347          * it during cciss_seq_start. */
348         if (v == ERR_PTR(-EBUSY))
349                 return;
350
351         h->busy_configuring = 0;
352 }
353
354 static struct seq_operations cciss_seq_ops = {
355         .start = cciss_seq_start,
356         .show  = cciss_seq_show,
357         .next  = cciss_seq_next,
358         .stop  = cciss_seq_stop,
359 };
360
361 static int cciss_seq_open(struct inode *inode, struct file *file)
362 {
363         int ret = seq_open(file, &cciss_seq_ops);
364         struct seq_file *seq = file->private_data;
365
366         if (!ret)
367                 seq->private = PDE(inode)->data;
368
369         return ret;
370 }
371
372 static ssize_t
373 cciss_proc_write(struct file *file, const char __user *buf,
374                  size_t length, loff_t *ppos)
375 {
376         int err;
377         char *buffer;
378
379 #ifndef CONFIG_CISS_SCSI_TAPE
380         return -EINVAL;
381 #endif
382
383         if (!buf || length > PAGE_SIZE - 1)
384                 return -EINVAL;
385
386         buffer = (char *)__get_free_page(GFP_KERNEL);
387         if (!buffer)
388                 return -ENOMEM;
389
390         err = -EFAULT;
391         if (copy_from_user(buffer, buf, length))
392                 goto out;
393         buffer[length] = '\0';
394
395 #ifdef CONFIG_CISS_SCSI_TAPE
396         if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) {
397                 struct seq_file *seq = file->private_data;
398                 ctlr_info_t *h = seq->private;
399                 int rc;
400
401                 rc = cciss_engage_scsi(h->ctlr);
402                 if (rc != 0)
403                         err = -rc;
404                 else
405                         err = length;
406         } else
407 #endif /* CONFIG_CISS_SCSI_TAPE */
408                 err = -EINVAL;
409         /* might be nice to have "disengage" too, but it's not
410            safely possible. (only 1 module use count, lock issues.) */
411
412 out:
413         free_page((unsigned long)buffer);
414         return err;
415 }
416
417 static struct file_operations cciss_proc_fops = {
418         .owner   = THIS_MODULE,
419         .open    = cciss_seq_open,
420         .read    = seq_read,
421         .llseek  = seq_lseek,
422         .release = seq_release,
423         .write   = cciss_proc_write,
424 };
425
426 static void __devinit cciss_procinit(int i)
427 {
428         struct proc_dir_entry *pde;
429
430         if (proc_cciss == NULL)
431                 proc_cciss = proc_mkdir("driver/cciss", NULL);
432         if (!proc_cciss)
433                 return;
434         pde = proc_create_data(hba[i]->devname, S_IWUSR | S_IRUSR | S_IRGRP |
435                                         S_IROTH, proc_cciss,
436                                         &cciss_proc_fops, hba[i]);
437 }
438 #endif                          /* CONFIG_PROC_FS */
439
440 /*
441  * For operations that cannot sleep, a command block is allocated at init,
442  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
443  * which ones are free or in use.  For operations that can wait for kmalloc
444  * to possible sleep, this routine can be called with get_from_pool set to 0.
445  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was.
446  */
447 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool)
448 {
449         CommandList_struct *c;
450         int i;
451         u64bit temp64;
452         dma_addr_t cmd_dma_handle, err_dma_handle;
453
454         if (!get_from_pool) {
455                 c = (CommandList_struct *) pci_alloc_consistent(h->pdev,
456                         sizeof(CommandList_struct), &cmd_dma_handle);
457                 if (c == NULL)
458                         return NULL;
459                 memset(c, 0, sizeof(CommandList_struct));
460
461                 c->cmdindex = -1;
462
463                 c->err_info = (ErrorInfo_struct *)
464                     pci_alloc_consistent(h->pdev, sizeof(ErrorInfo_struct),
465                             &err_dma_handle);
466
467                 if (c->err_info == NULL) {
468                         pci_free_consistent(h->pdev,
469                                 sizeof(CommandList_struct), c, cmd_dma_handle);
470                         return NULL;
471                 }
472                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
473         } else {                /* get it out of the controllers pool */
474
475                 do {
476                         i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
477                         if (i == h->nr_cmds)
478                                 return NULL;
479                 } while (test_and_set_bit
480                          (i & (BITS_PER_LONG - 1),
481                           h->cmd_pool_bits + (i / BITS_PER_LONG)) != 0);
482 #ifdef CCISS_DEBUG
483                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
484 #endif
485                 c = h->cmd_pool + i;
486                 memset(c, 0, sizeof(CommandList_struct));
487                 cmd_dma_handle = h->cmd_pool_dhandle
488                     + i * sizeof(CommandList_struct);
489                 c->err_info = h->errinfo_pool + i;
490                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
491                 err_dma_handle = h->errinfo_pool_dhandle
492                     + i * sizeof(ErrorInfo_struct);
493                 h->nr_allocs++;
494
495                 c->cmdindex = i;
496         }
497
498         INIT_HLIST_NODE(&c->list);
499         c->busaddr = (__u32) cmd_dma_handle;
500         temp64.val = (__u64) err_dma_handle;
501         c->ErrDesc.Addr.lower = temp64.val32.lower;
502         c->ErrDesc.Addr.upper = temp64.val32.upper;
503         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
504
505         c->ctlr = h->ctlr;
506         return c;
507 }
508
509 /*
510  * Frees a command block that was previously allocated with cmd_alloc().
511  */
512 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
513 {
514         int i;
515         u64bit temp64;
516
517         if (!got_from_pool) {
518                 temp64.val32.lower = c->ErrDesc.Addr.lower;
519                 temp64.val32.upper = c->ErrDesc.Addr.upper;
520                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct),
521                                     c->err_info, (dma_addr_t) temp64.val);
522                 pci_free_consistent(h->pdev, sizeof(CommandList_struct),
523                                     c, (dma_addr_t) c->busaddr);
524         } else {
525                 i = c - h->cmd_pool;
526                 clear_bit(i & (BITS_PER_LONG - 1),
527                           h->cmd_pool_bits + (i / BITS_PER_LONG));
528                 h->nr_frees++;
529         }
530 }
531
532 static inline ctlr_info_t *get_host(struct gendisk *disk)
533 {
534         return disk->queue->queuedata;
535 }
536
537 static inline drive_info_struct *get_drv(struct gendisk *disk)
538 {
539         return disk->private_data;
540 }
541
542 /*
543  * Open.  Make sure the device is really there.
544  */
545 static int cciss_open(struct block_device *bdev, fmode_t mode)
546 {
547         ctlr_info_t *host = get_host(bdev->bd_disk);
548         drive_info_struct *drv = get_drv(bdev->bd_disk);
549
550 #ifdef CCISS_DEBUG
551         printk(KERN_DEBUG "cciss_open %s\n", bdev->bd_disk->disk_name);
552 #endif                          /* CCISS_DEBUG */
553
554         if (host->busy_initializing || drv->busy_configuring)
555                 return -EBUSY;
556         /*
557          * Root is allowed to open raw volume zero even if it's not configured
558          * so array config can still work. Root is also allowed to open any
559          * volume that has a LUN ID, so it can issue IOCTL to reread the
560          * disk information.  I don't think I really like this
561          * but I'm already using way to many device nodes to claim another one
562          * for "raw controller".
563          */
564         if (drv->heads == 0) {
565                 if (MINOR(bdev->bd_dev) != 0) { /* not node 0? */
566                         /* if not node 0 make sure it is a partition = 0 */
567                         if (MINOR(bdev->bd_dev) & 0x0f) {
568                                 return -ENXIO;
569                                 /* if it is, make sure we have a LUN ID */
570                         } else if (drv->LunID == 0) {
571                                 return -ENXIO;
572                         }
573                 }
574                 if (!capable(CAP_SYS_ADMIN))
575                         return -EPERM;
576         }
577         drv->usage_count++;
578         host->usage_count++;
579         return 0;
580 }
581
582 /*
583  * Close.  Sync first.
584  */
585 static int cciss_release(struct gendisk *disk, fmode_t mode)
586 {
587         ctlr_info_t *host = get_host(disk);
588         drive_info_struct *drv = get_drv(disk);
589
590 #ifdef CCISS_DEBUG
591         printk(KERN_DEBUG "cciss_release %s\n", disk->disk_name);
592 #endif                          /* CCISS_DEBUG */
593
594         drv->usage_count--;
595         host->usage_count--;
596         return 0;
597 }
598
599 #ifdef CONFIG_COMPAT
600
601 static int do_ioctl(struct block_device *bdev, fmode_t mode,
602                     unsigned cmd, unsigned long arg)
603 {
604         int ret;
605         lock_kernel();
606         ret = cciss_ioctl(bdev, mode, cmd, arg);
607         unlock_kernel();
608         return ret;
609 }
610
611 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
612                                   unsigned cmd, unsigned long arg);
613 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
614                                       unsigned cmd, unsigned long arg);
615
616 static int cciss_compat_ioctl(struct block_device *bdev, fmode_t mode,
617                               unsigned cmd, unsigned long arg)
618 {
619         switch (cmd) {
620         case CCISS_GETPCIINFO:
621         case CCISS_GETINTINFO:
622         case CCISS_SETINTINFO:
623         case CCISS_GETNODENAME:
624         case CCISS_SETNODENAME:
625         case CCISS_GETHEARTBEAT:
626         case CCISS_GETBUSTYPES:
627         case CCISS_GETFIRMVER:
628         case CCISS_GETDRIVVER:
629         case CCISS_REVALIDVOLS:
630         case CCISS_DEREGDISK:
631         case CCISS_REGNEWDISK:
632         case CCISS_REGNEWD:
633         case CCISS_RESCANDISK:
634         case CCISS_GETLUNINFO:
635                 return do_ioctl(bdev, mode, cmd, arg);
636
637         case CCISS_PASSTHRU32:
638                 return cciss_ioctl32_passthru(bdev, mode, cmd, arg);
639         case CCISS_BIG_PASSTHRU32:
640                 return cciss_ioctl32_big_passthru(bdev, mode, cmd, arg);
641
642         default:
643                 return -ENOIOCTLCMD;
644         }
645 }
646
647 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
648                                   unsigned cmd, unsigned long arg)
649 {
650         IOCTL32_Command_struct __user *arg32 =
651             (IOCTL32_Command_struct __user *) arg;
652         IOCTL_Command_struct arg64;
653         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
654         int err;
655         u32 cp;
656
657         err = 0;
658         err |=
659             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
660                            sizeof(arg64.LUN_info));
661         err |=
662             copy_from_user(&arg64.Request, &arg32->Request,
663                            sizeof(arg64.Request));
664         err |=
665             copy_from_user(&arg64.error_info, &arg32->error_info,
666                            sizeof(arg64.error_info));
667         err |= get_user(arg64.buf_size, &arg32->buf_size);
668         err |= get_user(cp, &arg32->buf);
669         arg64.buf = compat_ptr(cp);
670         err |= copy_to_user(p, &arg64, sizeof(arg64));
671
672         if (err)
673                 return -EFAULT;
674
675         err = do_ioctl(bdev, mode, CCISS_PASSTHRU, (unsigned long)p);
676         if (err)
677                 return err;
678         err |=
679             copy_in_user(&arg32->error_info, &p->error_info,
680                          sizeof(arg32->error_info));
681         if (err)
682                 return -EFAULT;
683         return err;
684 }
685
686 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
687                                       unsigned cmd, unsigned long arg)
688 {
689         BIG_IOCTL32_Command_struct __user *arg32 =
690             (BIG_IOCTL32_Command_struct __user *) arg;
691         BIG_IOCTL_Command_struct arg64;
692         BIG_IOCTL_Command_struct __user *p =
693             compat_alloc_user_space(sizeof(arg64));
694         int err;
695         u32 cp;
696
697         err = 0;
698         err |=
699             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
700                            sizeof(arg64.LUN_info));
701         err |=
702             copy_from_user(&arg64.Request, &arg32->Request,
703                            sizeof(arg64.Request));
704         err |=
705             copy_from_user(&arg64.error_info, &arg32->error_info,
706                            sizeof(arg64.error_info));
707         err |= get_user(arg64.buf_size, &arg32->buf_size);
708         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
709         err |= get_user(cp, &arg32->buf);
710         arg64.buf = compat_ptr(cp);
711         err |= copy_to_user(p, &arg64, sizeof(arg64));
712
713         if (err)
714                 return -EFAULT;
715
716         err = do_ioctl(bdev, mode, CCISS_BIG_PASSTHRU, (unsigned long)p);
717         if (err)
718                 return err;
719         err |=
720             copy_in_user(&arg32->error_info, &p->error_info,
721                          sizeof(arg32->error_info));
722         if (err)
723                 return -EFAULT;
724         return err;
725 }
726 #endif
727
728 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
729 {
730         drive_info_struct *drv = get_drv(bdev->bd_disk);
731
732         if (!drv->cylinders)
733                 return -ENXIO;
734
735         geo->heads = drv->heads;
736         geo->sectors = drv->sectors;
737         geo->cylinders = drv->cylinders;
738         return 0;
739 }
740
741 static void check_ioctl_unit_attention(ctlr_info_t *host, CommandList_struct *c)
742 {
743         if (c->err_info->CommandStatus == CMD_TARGET_STATUS &&
744                         c->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION)
745                 (void)check_for_unit_attention(host, c);
746 }
747 /*
748  * ioctl
749  */
750 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
751                        unsigned int cmd, unsigned long arg)
752 {
753         struct gendisk *disk = bdev->bd_disk;
754         ctlr_info_t *host = get_host(disk);
755         drive_info_struct *drv = get_drv(disk);
756         int ctlr = host->ctlr;
757         void __user *argp = (void __user *)arg;
758
759 #ifdef CCISS_DEBUG
760         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
761 #endif                          /* CCISS_DEBUG */
762
763         switch (cmd) {
764         case CCISS_GETPCIINFO:
765                 {
766                         cciss_pci_info_struct pciinfo;
767
768                         if (!arg)
769                                 return -EINVAL;
770                         pciinfo.domain = pci_domain_nr(host->pdev->bus);
771                         pciinfo.bus = host->pdev->bus->number;
772                         pciinfo.dev_fn = host->pdev->devfn;
773                         pciinfo.board_id = host->board_id;
774                         if (copy_to_user
775                             (argp, &pciinfo, sizeof(cciss_pci_info_struct)))
776                                 return -EFAULT;
777                         return 0;
778                 }
779         case CCISS_GETINTINFO:
780                 {
781                         cciss_coalint_struct intinfo;
782                         if (!arg)
783                                 return -EINVAL;
784                         intinfo.delay =
785                             readl(&host->cfgtable->HostWrite.CoalIntDelay);
786                         intinfo.count =
787                             readl(&host->cfgtable->HostWrite.CoalIntCount);
788                         if (copy_to_user
789                             (argp, &intinfo, sizeof(cciss_coalint_struct)))
790                                 return -EFAULT;
791                         return 0;
792                 }
793         case CCISS_SETINTINFO:
794                 {
795                         cciss_coalint_struct intinfo;
796                         unsigned long flags;
797                         int i;
798
799                         if (!arg)
800                                 return -EINVAL;
801                         if (!capable(CAP_SYS_ADMIN))
802                                 return -EPERM;
803                         if (copy_from_user
804                             (&intinfo, argp, sizeof(cciss_coalint_struct)))
805                                 return -EFAULT;
806                         if ((intinfo.delay == 0) && (intinfo.count == 0))
807                         {
808 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
809                                 return -EINVAL;
810                         }
811                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
812                         /* Update the field, and then ring the doorbell */
813                         writel(intinfo.delay,
814                                &(host->cfgtable->HostWrite.CoalIntDelay));
815                         writel(intinfo.count,
816                                &(host->cfgtable->HostWrite.CoalIntCount));
817                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
818
819                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
820                                 if (!(readl(host->vaddr + SA5_DOORBELL)
821                                       & CFGTBL_ChangeReq))
822                                         break;
823                                 /* delay and try again */
824                                 udelay(1000);
825                         }
826                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
827                         if (i >= MAX_IOCTL_CONFIG_WAIT)
828                                 return -EAGAIN;
829                         return 0;
830                 }
831         case CCISS_GETNODENAME:
832                 {
833                         NodeName_type NodeName;
834                         int i;
835
836                         if (!arg)
837                                 return -EINVAL;
838                         for (i = 0; i < 16; i++)
839                                 NodeName[i] =
840                                     readb(&host->cfgtable->ServerName[i]);
841                         if (copy_to_user(argp, NodeName, sizeof(NodeName_type)))
842                                 return -EFAULT;
843                         return 0;
844                 }
845         case CCISS_SETNODENAME:
846                 {
847                         NodeName_type NodeName;
848                         unsigned long flags;
849                         int i;
850
851                         if (!arg)
852                                 return -EINVAL;
853                         if (!capable(CAP_SYS_ADMIN))
854                                 return -EPERM;
855
856                         if (copy_from_user
857                             (NodeName, argp, sizeof(NodeName_type)))
858                                 return -EFAULT;
859
860                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
861
862                         /* Update the field, and then ring the doorbell */
863                         for (i = 0; i < 16; i++)
864                                 writeb(NodeName[i],
865                                        &host->cfgtable->ServerName[i]);
866
867                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
868
869                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
870                                 if (!(readl(host->vaddr + SA5_DOORBELL)
871                                       & CFGTBL_ChangeReq))
872                                         break;
873                                 /* delay and try again */
874                                 udelay(1000);
875                         }
876                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
877                         if (i >= MAX_IOCTL_CONFIG_WAIT)
878                                 return -EAGAIN;
879                         return 0;
880                 }
881
882         case CCISS_GETHEARTBEAT:
883                 {
884                         Heartbeat_type heartbeat;
885
886                         if (!arg)
887                                 return -EINVAL;
888                         heartbeat = readl(&host->cfgtable->HeartBeat);
889                         if (copy_to_user
890                             (argp, &heartbeat, sizeof(Heartbeat_type)))
891                                 return -EFAULT;
892                         return 0;
893                 }
894         case CCISS_GETBUSTYPES:
895                 {
896                         BusTypes_type BusTypes;
897
898                         if (!arg)
899                                 return -EINVAL;
900                         BusTypes = readl(&host->cfgtable->BusTypes);
901                         if (copy_to_user
902                             (argp, &BusTypes, sizeof(BusTypes_type)))
903                                 return -EFAULT;
904                         return 0;
905                 }
906         case CCISS_GETFIRMVER:
907                 {
908                         FirmwareVer_type firmware;
909
910                         if (!arg)
911                                 return -EINVAL;
912                         memcpy(firmware, host->firm_ver, 4);
913
914                         if (copy_to_user
915                             (argp, firmware, sizeof(FirmwareVer_type)))
916                                 return -EFAULT;
917                         return 0;
918                 }
919         case CCISS_GETDRIVVER:
920                 {
921                         DriverVer_type DriverVer = DRIVER_VERSION;
922
923                         if (!arg)
924                                 return -EINVAL;
925
926                         if (copy_to_user
927                             (argp, &DriverVer, sizeof(DriverVer_type)))
928                                 return -EFAULT;
929                         return 0;
930                 }
931
932         case CCISS_DEREGDISK:
933         case CCISS_REGNEWD:
934         case CCISS_REVALIDVOLS:
935                 return rebuild_lun_table(host, 0);
936
937         case CCISS_GETLUNINFO:{
938                         LogvolInfo_struct luninfo;
939
940                         luninfo.LunID = drv->LunID;
941                         luninfo.num_opens = drv->usage_count;
942                         luninfo.num_parts = 0;
943                         if (copy_to_user(argp, &luninfo,
944                                          sizeof(LogvolInfo_struct)))
945                                 return -EFAULT;
946                         return 0;
947                 }
948         case CCISS_PASSTHRU:
949                 {
950                         IOCTL_Command_struct iocommand;
951                         CommandList_struct *c;
952                         char *buff = NULL;
953                         u64bit temp64;
954                         unsigned long flags;
955                         DECLARE_COMPLETION_ONSTACK(wait);
956
957                         if (!arg)
958                                 return -EINVAL;
959
960                         if (!capable(CAP_SYS_RAWIO))
961                                 return -EPERM;
962
963                         if (copy_from_user
964                             (&iocommand, argp, sizeof(IOCTL_Command_struct)))
965                                 return -EFAULT;
966                         if ((iocommand.buf_size < 1) &&
967                             (iocommand.Request.Type.Direction != XFER_NONE)) {
968                                 return -EINVAL;
969                         }
970 #if 0                           /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
971                         /* Check kmalloc limits */
972                         if (iocommand.buf_size > 128000)
973                                 return -EINVAL;
974 #endif
975                         if (iocommand.buf_size > 0) {
976                                 buff = kmalloc(iocommand.buf_size, GFP_KERNEL);
977                                 if (buff == NULL)
978                                         return -EFAULT;
979                         }
980                         if (iocommand.Request.Type.Direction == XFER_WRITE) {
981                                 /* Copy the data into the buffer we created */
982                                 if (copy_from_user
983                                     (buff, iocommand.buf, iocommand.buf_size)) {
984                                         kfree(buff);
985                                         return -EFAULT;
986                                 }
987                         } else {
988                                 memset(buff, 0, iocommand.buf_size);
989                         }
990                         if ((c = cmd_alloc(host, 0)) == NULL) {
991                                 kfree(buff);
992                                 return -ENOMEM;
993                         }
994                         // Fill in the command type
995                         c->cmd_type = CMD_IOCTL_PEND;
996                         // Fill in Command Header
997                         c->Header.ReplyQueue = 0;       // unused in simple mode
998                         if (iocommand.buf_size > 0)     // buffer to fill
999                         {
1000                                 c->Header.SGList = 1;
1001                                 c->Header.SGTotal = 1;
1002                         } else  // no buffers to fill
1003                         {
1004                                 c->Header.SGList = 0;
1005                                 c->Header.SGTotal = 0;
1006                         }
1007                         c->Header.LUN = iocommand.LUN_info;
1008                         c->Header.Tag.lower = c->busaddr;       // use the kernel address the cmd block for tag
1009
1010                         // Fill in Request block
1011                         c->Request = iocommand.Request;
1012
1013                         // Fill in the scatter gather information
1014                         if (iocommand.buf_size > 0) {
1015                                 temp64.val = pci_map_single(host->pdev, buff,
1016                                         iocommand.buf_size,
1017                                         PCI_DMA_BIDIRECTIONAL);
1018                                 c->SG[0].Addr.lower = temp64.val32.lower;
1019                                 c->SG[0].Addr.upper = temp64.val32.upper;
1020                                 c->SG[0].Len = iocommand.buf_size;
1021                                 c->SG[0].Ext = 0;       // we are not chaining
1022                         }
1023                         c->waiting = &wait;
1024
1025                         /* Put the request on the tail of the request queue */
1026                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1027                         addQ(&host->reqQ, c);
1028                         host->Qdepth++;
1029                         start_io(host);
1030                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1031
1032                         wait_for_completion(&wait);
1033
1034                         /* unlock the buffers from DMA */
1035                         temp64.val32.lower = c->SG[0].Addr.lower;
1036                         temp64.val32.upper = c->SG[0].Addr.upper;
1037                         pci_unmap_single(host->pdev, (dma_addr_t) temp64.val,
1038                                          iocommand.buf_size,
1039                                          PCI_DMA_BIDIRECTIONAL);
1040
1041                         check_ioctl_unit_attention(host, c);
1042
1043                         /* Copy the error information out */
1044                         iocommand.error_info = *(c->err_info);
1045                         if (copy_to_user
1046                             (argp, &iocommand, sizeof(IOCTL_Command_struct))) {
1047                                 kfree(buff);
1048                                 cmd_free(host, c, 0);
1049                                 return -EFAULT;
1050                         }
1051
1052                         if (iocommand.Request.Type.Direction == XFER_READ) {
1053                                 /* Copy the data out of the buffer we created */
1054                                 if (copy_to_user
1055                                     (iocommand.buf, buff, iocommand.buf_size)) {
1056                                         kfree(buff);
1057                                         cmd_free(host, c, 0);
1058                                         return -EFAULT;
1059                                 }
1060                         }
1061                         kfree(buff);
1062                         cmd_free(host, c, 0);
1063                         return 0;
1064                 }
1065         case CCISS_BIG_PASSTHRU:{
1066                         BIG_IOCTL_Command_struct *ioc;
1067                         CommandList_struct *c;
1068                         unsigned char **buff = NULL;
1069                         int *buff_size = NULL;
1070                         u64bit temp64;
1071                         unsigned long flags;
1072                         BYTE sg_used = 0;
1073                         int status = 0;
1074                         int i;
1075                         DECLARE_COMPLETION_ONSTACK(wait);
1076                         __u32 left;
1077                         __u32 sz;
1078                         BYTE __user *data_ptr;
1079
1080                         if (!arg)
1081                                 return -EINVAL;
1082                         if (!capable(CAP_SYS_RAWIO))
1083                                 return -EPERM;
1084                         ioc = (BIG_IOCTL_Command_struct *)
1085                             kmalloc(sizeof(*ioc), GFP_KERNEL);
1086                         if (!ioc) {
1087                                 status = -ENOMEM;
1088                                 goto cleanup1;
1089                         }
1090                         if (copy_from_user(ioc, argp, sizeof(*ioc))) {
1091                                 status = -EFAULT;
1092                                 goto cleanup1;
1093                         }
1094                         if ((ioc->buf_size < 1) &&
1095                             (ioc->Request.Type.Direction != XFER_NONE)) {
1096                                 status = -EINVAL;
1097                                 goto cleanup1;
1098                         }
1099                         /* Check kmalloc limits  using all SGs */
1100                         if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
1101                                 status = -EINVAL;
1102                                 goto cleanup1;
1103                         }
1104                         if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
1105                                 status = -EINVAL;
1106                                 goto cleanup1;
1107                         }
1108                         buff =
1109                             kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
1110                         if (!buff) {
1111                                 status = -ENOMEM;
1112                                 goto cleanup1;
1113                         }
1114                         buff_size = kmalloc(MAXSGENTRIES * sizeof(int),
1115                                                    GFP_KERNEL);
1116                         if (!buff_size) {
1117                                 status = -ENOMEM;
1118                                 goto cleanup1;
1119                         }
1120                         left = ioc->buf_size;
1121                         data_ptr = ioc->buf;
1122                         while (left) {
1123                                 sz = (left >
1124                                       ioc->malloc_size) ? ioc->
1125                                     malloc_size : left;
1126                                 buff_size[sg_used] = sz;
1127                                 buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1128                                 if (buff[sg_used] == NULL) {
1129                                         status = -ENOMEM;
1130                                         goto cleanup1;
1131                                 }
1132                                 if (ioc->Request.Type.Direction == XFER_WRITE) {
1133                                         if (copy_from_user
1134                                             (buff[sg_used], data_ptr, sz)) {
1135                                                 status = -EFAULT;
1136                                                 goto cleanup1;
1137                                         }
1138                                 } else {
1139                                         memset(buff[sg_used], 0, sz);
1140                                 }
1141                                 left -= sz;
1142                                 data_ptr += sz;
1143                                 sg_used++;
1144                         }
1145                         if ((c = cmd_alloc(host, 0)) == NULL) {
1146                                 status = -ENOMEM;
1147                                 goto cleanup1;
1148                         }
1149                         c->cmd_type = CMD_IOCTL_PEND;
1150                         c->Header.ReplyQueue = 0;
1151
1152                         if (ioc->buf_size > 0) {
1153                                 c->Header.SGList = sg_used;
1154                                 c->Header.SGTotal = sg_used;
1155                         } else {
1156                                 c->Header.SGList = 0;
1157                                 c->Header.SGTotal = 0;
1158                         }
1159                         c->Header.LUN = ioc->LUN_info;
1160                         c->Header.Tag.lower = c->busaddr;
1161
1162                         c->Request = ioc->Request;
1163                         if (ioc->buf_size > 0) {
1164                                 int i;
1165                                 for (i = 0; i < sg_used; i++) {
1166                                         temp64.val =
1167                                             pci_map_single(host->pdev, buff[i],
1168                                                     buff_size[i],
1169                                                     PCI_DMA_BIDIRECTIONAL);
1170                                         c->SG[i].Addr.lower =
1171                                             temp64.val32.lower;
1172                                         c->SG[i].Addr.upper =
1173                                             temp64.val32.upper;
1174                                         c->SG[i].Len = buff_size[i];
1175                                         c->SG[i].Ext = 0;       /* we are not chaining */
1176                                 }
1177                         }
1178                         c->waiting = &wait;
1179                         /* Put the request on the tail of the request queue */
1180                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1181                         addQ(&host->reqQ, c);
1182                         host->Qdepth++;
1183                         start_io(host);
1184                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1185                         wait_for_completion(&wait);
1186                         /* unlock the buffers from DMA */
1187                         for (i = 0; i < sg_used; i++) {
1188                                 temp64.val32.lower = c->SG[i].Addr.lower;
1189                                 temp64.val32.upper = c->SG[i].Addr.upper;
1190                                 pci_unmap_single(host->pdev,
1191                                         (dma_addr_t) temp64.val, buff_size[i],
1192                                         PCI_DMA_BIDIRECTIONAL);
1193                         }
1194                         check_ioctl_unit_attention(host, c);
1195                         /* Copy the error information out */
1196                         ioc->error_info = *(c->err_info);
1197                         if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1198                                 cmd_free(host, c, 0);
1199                                 status = -EFAULT;
1200                                 goto cleanup1;
1201                         }
1202                         if (ioc->Request.Type.Direction == XFER_READ) {
1203                                 /* Copy the data out of the buffer we created */
1204                                 BYTE __user *ptr = ioc->buf;
1205                                 for (i = 0; i < sg_used; i++) {
1206                                         if (copy_to_user
1207                                             (ptr, buff[i], buff_size[i])) {
1208                                                 cmd_free(host, c, 0);
1209                                                 status = -EFAULT;
1210                                                 goto cleanup1;
1211                                         }
1212                                         ptr += buff_size[i];
1213                                 }
1214                         }
1215                         cmd_free(host, c, 0);
1216                         status = 0;
1217                       cleanup1:
1218                         if (buff) {
1219                                 for (i = 0; i < sg_used; i++)
1220                                         kfree(buff[i]);
1221                                 kfree(buff);
1222                         }
1223                         kfree(buff_size);
1224                         kfree(ioc);
1225                         return status;
1226                 }
1227
1228         /* scsi_cmd_ioctl handles these, below, though some are not */
1229         /* very meaningful for cciss.  SG_IO is the main one people want. */
1230
1231         case SG_GET_VERSION_NUM:
1232         case SG_SET_TIMEOUT:
1233         case SG_GET_TIMEOUT:
1234         case SG_GET_RESERVED_SIZE:
1235         case SG_SET_RESERVED_SIZE:
1236         case SG_EMULATED_HOST:
1237         case SG_IO:
1238         case SCSI_IOCTL_SEND_COMMAND:
1239                 return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp);
1240
1241         /* scsi_cmd_ioctl would normally handle these, below, but */
1242         /* they aren't a good fit for cciss, as CD-ROMs are */
1243         /* not supported, and we don't have any bus/target/lun */
1244         /* which we present to the kernel. */
1245
1246         case CDROM_SEND_PACKET:
1247         case CDROMCLOSETRAY:
1248         case CDROMEJECT:
1249         case SCSI_IOCTL_GET_IDLUN:
1250         case SCSI_IOCTL_GET_BUS_NUMBER:
1251         default:
1252                 return -ENOTTY;
1253         }
1254 }
1255
1256 static void cciss_check_queues(ctlr_info_t *h)
1257 {
1258         int start_queue = h->next_to_run;
1259         int i;
1260
1261         /* check to see if we have maxed out the number of commands that can
1262          * be placed on the queue.  If so then exit.  We do this check here
1263          * in case the interrupt we serviced was from an ioctl and did not
1264          * free any new commands.
1265          */
1266         if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds)
1267                 return;
1268
1269         /* We have room on the queue for more commands.  Now we need to queue
1270          * them up.  We will also keep track of the next queue to run so
1271          * that every queue gets a chance to be started first.
1272          */
1273         for (i = 0; i < h->highest_lun + 1; i++) {
1274                 int curr_queue = (start_queue + i) % (h->highest_lun + 1);
1275                 /* make sure the disk has been added and the drive is real
1276                  * because this can be called from the middle of init_one.
1277                  */
1278                 if (!(h->drv[curr_queue].queue) || !(h->drv[curr_queue].heads))
1279                         continue;
1280                 blk_start_queue(h->gendisk[curr_queue]->queue);
1281
1282                 /* check to see if we have maxed out the number of commands
1283                  * that can be placed on the queue.
1284                  */
1285                 if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds) {
1286                         if (curr_queue == start_queue) {
1287                                 h->next_to_run =
1288                                     (start_queue + 1) % (h->highest_lun + 1);
1289                                 break;
1290                         } else {
1291                                 h->next_to_run = curr_queue;
1292                                 break;
1293                         }
1294                 }
1295         }
1296 }
1297
1298 static void cciss_softirq_done(struct request *rq)
1299 {
1300         CommandList_struct *cmd = rq->completion_data;
1301         ctlr_info_t *h = hba[cmd->ctlr];
1302         unsigned long flags;
1303         u64bit temp64;
1304         int i, ddir;
1305
1306         if (cmd->Request.Type.Direction == XFER_READ)
1307                 ddir = PCI_DMA_FROMDEVICE;
1308         else
1309                 ddir = PCI_DMA_TODEVICE;
1310
1311         /* command did not need to be retried */
1312         /* unmap the DMA mapping for all the scatter gather elements */
1313         for (i = 0; i < cmd->Header.SGList; i++) {
1314                 temp64.val32.lower = cmd->SG[i].Addr.lower;
1315                 temp64.val32.upper = cmd->SG[i].Addr.upper;
1316                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
1317         }
1318
1319 #ifdef CCISS_DEBUG
1320         printk("Done with %p\n", rq);
1321 #endif                          /* CCISS_DEBUG */
1322
1323         /* set the residual count for pc requests */
1324         if (blk_pc_request(rq))
1325                 rq->resid_len = cmd->err_info->ResidualCnt;
1326
1327         blk_end_request_all(rq, (rq->errors == 0) ? 0 : -EIO);
1328
1329         spin_lock_irqsave(&h->lock, flags);
1330         cmd_free(h, cmd, 1);
1331         cciss_check_queues(h);
1332         spin_unlock_irqrestore(&h->lock, flags);
1333 }
1334
1335 /* This function gets the serial number of a logical drive via
1336  * inquiry page 0x83.  Serial no. is 16 bytes.  If the serial
1337  * number cannot be had, for whatever reason, 16 bytes of 0xff
1338  * are returned instead.
1339  */
1340 static void cciss_get_serial_no(int ctlr, int logvol, int withirq,
1341                                 unsigned char *serial_no, int buflen)
1342 {
1343 #define PAGE_83_INQ_BYTES 64
1344         int rc;
1345         unsigned char *buf;
1346
1347         if (buflen > 16)
1348                 buflen = 16;
1349         memset(serial_no, 0xff, buflen);
1350         buf = kzalloc(PAGE_83_INQ_BYTES, GFP_KERNEL);
1351         if (!buf)
1352                 return;
1353         memset(serial_no, 0, buflen);
1354         if (withirq)
1355                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, buf,
1356                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, TYPE_CMD);
1357         else
1358                 rc = sendcmd(CISS_INQUIRY, ctlr, buf,
1359                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, NULL, TYPE_CMD);
1360         if (rc == IO_OK)
1361                 memcpy(serial_no, &buf[8], buflen);
1362         kfree(buf);
1363         return;
1364 }
1365
1366 static void cciss_add_disk(ctlr_info_t *h, struct gendisk *disk,
1367                                 int drv_index)
1368 {
1369         disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1370         sprintf(disk->disk_name, "cciss/c%dd%d", h->ctlr, drv_index);
1371         disk->major = h->major;
1372         disk->first_minor = drv_index << NWD_SHIFT;
1373         disk->fops = &cciss_fops;
1374         disk->private_data = &h->drv[drv_index];
1375         disk->driverfs_dev = &h->pdev->dev;
1376
1377         /* Set up queue information */
1378         blk_queue_bounce_limit(disk->queue, h->pdev->dma_mask);
1379
1380         /* This is a hardware imposed limit. */
1381         blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1382
1383         /* This is a limit in the driver and could be eliminated. */
1384         blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1385
1386         blk_queue_max_sectors(disk->queue, h->cciss_max_sectors);
1387
1388         blk_queue_softirq_done(disk->queue, cciss_softirq_done);
1389
1390         disk->queue->queuedata = h;
1391
1392         blk_queue_logical_block_size(disk->queue,
1393                                      h->drv[drv_index].block_size);
1394
1395         /* Make sure all queue data is written out before */
1396         /* setting h->drv[drv_index].queue, as setting this */
1397         /* allows the interrupt handler to start the queue */
1398         wmb();
1399         h->drv[drv_index].queue = disk->queue;
1400         add_disk(disk);
1401 }
1402
1403 /* This function will check the usage_count of the drive to be updated/added.
1404  * If the usage_count is zero and it is a heretofore unknown drive, or,
1405  * the drive's capacity, geometry, or serial number has changed,
1406  * then the drive information will be updated and the disk will be
1407  * re-registered with the kernel.  If these conditions don't hold,
1408  * then it will be left alone for the next reboot.  The exception to this
1409  * is disk 0 which will always be left registered with the kernel since it
1410  * is also the controller node.  Any changes to disk 0 will show up on
1411  * the next reboot.
1412  */
1413 static void cciss_update_drive_info(int ctlr, int drv_index, int first_time)
1414 {
1415         ctlr_info_t *h = hba[ctlr];
1416         struct gendisk *disk;
1417         InquiryData_struct *inq_buff = NULL;
1418         unsigned int block_size;
1419         sector_t total_size;
1420         unsigned long flags = 0;
1421         int ret = 0;
1422         drive_info_struct *drvinfo;
1423         int was_only_controller_node;
1424
1425         /* Get information about the disk and modify the driver structure */
1426         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1427         drvinfo = kmalloc(sizeof(*drvinfo), GFP_KERNEL);
1428         if (inq_buff == NULL || drvinfo == NULL)
1429                 goto mem_msg;
1430
1431         /* See if we're trying to update the "controller node"
1432          * this will happen the when the first logical drive gets
1433          * created by ACU.
1434          */
1435         was_only_controller_node = (drv_index == 0 &&
1436                                 h->drv[0].raid_level == -1);
1437
1438         /* testing to see if 16-byte CDBs are already being used */
1439         if (h->cciss_read == CCISS_READ_16) {
1440                 cciss_read_capacity_16(h->ctlr, drv_index, 1,
1441                         &total_size, &block_size);
1442
1443         } else {
1444                 cciss_read_capacity(ctlr, drv_index, 1,
1445                                     &total_size, &block_size);
1446
1447                 /* if read_capacity returns all F's this volume is >2TB */
1448                 /* in size so we switch to 16-byte CDB's for all */
1449                 /* read/write ops */
1450                 if (total_size == 0xFFFFFFFFULL) {
1451                         cciss_read_capacity_16(ctlr, drv_index, 1,
1452                         &total_size, &block_size);
1453                         h->cciss_read = CCISS_READ_16;
1454                         h->cciss_write = CCISS_WRITE_16;
1455                 } else {
1456                         h->cciss_read = CCISS_READ_10;
1457                         h->cciss_write = CCISS_WRITE_10;
1458                 }
1459         }
1460
1461         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1462                                inq_buff, drvinfo);
1463         drvinfo->block_size = block_size;
1464         drvinfo->nr_blocks = total_size + 1;
1465
1466         cciss_get_serial_no(ctlr, drv_index, 1, drvinfo->serial_no,
1467                         sizeof(drvinfo->serial_no));
1468
1469         /* Is it the same disk we already know, and nothing's changed? */
1470         if (h->drv[drv_index].raid_level != -1 &&
1471                 ((memcmp(drvinfo->serial_no,
1472                                 h->drv[drv_index].serial_no, 16) == 0) &&
1473                 drvinfo->block_size == h->drv[drv_index].block_size &&
1474                 drvinfo->nr_blocks == h->drv[drv_index].nr_blocks &&
1475                 drvinfo->heads == h->drv[drv_index].heads &&
1476                 drvinfo->sectors == h->drv[drv_index].sectors &&
1477                 drvinfo->cylinders == h->drv[drv_index].cylinders))
1478                         /* The disk is unchanged, nothing to update */
1479                         goto freeret;
1480
1481         /* If we get here it's not the same disk, or something's changed,
1482          * so we need to * deregister it, and re-register it, if it's not
1483          * in use.
1484          * If the disk already exists then deregister it before proceeding
1485          * (unless it's the first disk (for the controller node).
1486          */
1487         if (h->drv[drv_index].raid_level != -1 && drv_index != 0) {
1488                 printk(KERN_WARNING "disk %d has changed.\n", drv_index);
1489                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1490                 h->drv[drv_index].busy_configuring = 1;
1491                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1492
1493                 /* deregister_disk sets h->drv[drv_index].queue = NULL
1494                  * which keeps the interrupt handler from starting
1495                  * the queue.
1496                  */
1497                 ret = deregister_disk(h, drv_index, 0);
1498                 h->drv[drv_index].busy_configuring = 0;
1499         }
1500
1501         /* If the disk is in use return */
1502         if (ret)
1503                 goto freeret;
1504
1505         /* Save the new information from cciss_geometry_inquiry
1506          * and serial number inquiry.
1507          */
1508         h->drv[drv_index].block_size = drvinfo->block_size;
1509         h->drv[drv_index].nr_blocks = drvinfo->nr_blocks;
1510         h->drv[drv_index].heads = drvinfo->heads;
1511         h->drv[drv_index].sectors = drvinfo->sectors;
1512         h->drv[drv_index].cylinders = drvinfo->cylinders;
1513         h->drv[drv_index].raid_level = drvinfo->raid_level;
1514         memcpy(h->drv[drv_index].serial_no, drvinfo->serial_no, 16);
1515
1516         ++h->num_luns;
1517         disk = h->gendisk[drv_index];
1518         set_capacity(disk, h->drv[drv_index].nr_blocks);
1519
1520         /* If it's not disk 0 (drv_index != 0)
1521          * or if it was disk 0, but there was previously
1522          * no actual corresponding configured logical drive
1523          * (raid_leve == -1) then we want to update the
1524          * logical drive's information.
1525          */
1526         if (drv_index || first_time)
1527                 cciss_add_disk(h, disk, drv_index);
1528
1529 freeret:
1530         kfree(inq_buff);
1531         kfree(drvinfo);
1532         return;
1533 mem_msg:
1534         printk(KERN_ERR "cciss: out of memory\n");
1535         goto freeret;
1536 }
1537
1538 /* This function will find the first index of the controllers drive array
1539  * that has a -1 for the raid_level and will return that index.  This is
1540  * where new drives will be added.  If the index to be returned is greater
1541  * than the highest_lun index for the controller then highest_lun is set
1542  * to this new index.  If there are no available indexes then -1 is returned.
1543  * "controller_node" is used to know if this is a real logical drive, or just
1544  * the controller node, which determines if this counts towards highest_lun.
1545  */
1546 static int cciss_find_free_drive_index(int ctlr, int controller_node)
1547 {
1548         int i;
1549
1550         for (i = 0; i < CISS_MAX_LUN; i++) {
1551                 if (hba[ctlr]->drv[i].raid_level == -1) {
1552                         if (i > hba[ctlr]->highest_lun)
1553                                 if (!controller_node)
1554                                         hba[ctlr]->highest_lun = i;
1555                         return i;
1556                 }
1557         }
1558         return -1;
1559 }
1560
1561 /* cciss_add_gendisk finds a free hba[]->drv structure
1562  * and allocates a gendisk if needed, and sets the lunid
1563  * in the drvinfo structure.   It returns the index into
1564  * the ->drv[] array, or -1 if none are free.
1565  * is_controller_node indicates whether highest_lun should
1566  * count this disk, or if it's only being added to provide
1567  * a means to talk to the controller in case no logical
1568  * drives have yet been configured.
1569  */
1570 static int cciss_add_gendisk(ctlr_info_t *h, __u32 lunid, int controller_node)
1571 {
1572         int drv_index;
1573
1574         drv_index = cciss_find_free_drive_index(h->ctlr, controller_node);
1575         if (drv_index == -1)
1576                 return -1;
1577         /*Check if the gendisk needs to be allocated */
1578         if (!h->gendisk[drv_index]) {
1579                 h->gendisk[drv_index] =
1580                         alloc_disk(1 << NWD_SHIFT);
1581                 if (!h->gendisk[drv_index]) {
1582                         printk(KERN_ERR "cciss%d: could not "
1583                                 "allocate a new disk %d\n",
1584                                 h->ctlr, drv_index);
1585                         return -1;
1586                 }
1587         }
1588         h->drv[drv_index].LunID = lunid;
1589
1590         /* Don't need to mark this busy because nobody */
1591         /* else knows about this disk yet to contend */
1592         /* for access to it. */
1593         h->drv[drv_index].busy_configuring = 0;
1594         wmb();
1595         return drv_index;
1596 }
1597
1598 /* This is for the special case of a controller which
1599  * has no logical drives.  In this case, we still need
1600  * to register a disk so the controller can be accessed
1601  * by the Array Config Utility.
1602  */
1603 static void cciss_add_controller_node(ctlr_info_t *h)
1604 {
1605         struct gendisk *disk;
1606         int drv_index;
1607
1608         if (h->gendisk[0] != NULL) /* already did this? Then bail. */
1609                 return;
1610
1611         drv_index = cciss_add_gendisk(h, 0, 1);
1612         if (drv_index == -1) {
1613                 printk(KERN_WARNING "cciss%d: could not "
1614                         "add disk 0.\n", h->ctlr);
1615                 return;
1616         }
1617         h->drv[drv_index].block_size = 512;
1618         h->drv[drv_index].nr_blocks = 0;
1619         h->drv[drv_index].heads = 0;
1620         h->drv[drv_index].sectors = 0;
1621         h->drv[drv_index].cylinders = 0;
1622         h->drv[drv_index].raid_level = -1;
1623         memset(h->drv[drv_index].serial_no, 0, 16);
1624         disk = h->gendisk[drv_index];
1625         cciss_add_disk(h, disk, drv_index);
1626 }
1627
1628 /* This function will add and remove logical drives from the Logical
1629  * drive array of the controller and maintain persistency of ordering
1630  * so that mount points are preserved until the next reboot.  This allows
1631  * for the removal of logical drives in the middle of the drive array
1632  * without a re-ordering of those drives.
1633  * INPUT
1634  * h            = The controller to perform the operations on
1635  */
1636 static int rebuild_lun_table(ctlr_info_t *h, int first_time)
1637 {
1638         int ctlr = h->ctlr;
1639         int num_luns;
1640         ReportLunData_struct *ld_buff = NULL;
1641         int return_code;
1642         int listlength = 0;
1643         int i;
1644         int drv_found;
1645         int drv_index = 0;
1646         __u32 lunid = 0;
1647         unsigned long flags;
1648
1649         if (!capable(CAP_SYS_RAWIO))
1650                 return -EPERM;
1651
1652         /* Set busy_configuring flag for this operation */
1653         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1654         if (h->busy_configuring) {
1655                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1656                 return -EBUSY;
1657         }
1658         h->busy_configuring = 1;
1659         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1660
1661         ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
1662         if (ld_buff == NULL)
1663                 goto mem_msg;
1664
1665         return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
1666                                       sizeof(ReportLunData_struct), 0,
1667                                       0, 0, TYPE_CMD);
1668
1669         if (return_code == IO_OK)
1670                 listlength = be32_to_cpu(*(__be32 *) ld_buff->LUNListLength);
1671         else {  /* reading number of logical volumes failed */
1672                 printk(KERN_WARNING "cciss: report logical volume"
1673                        " command failed\n");
1674                 listlength = 0;
1675                 goto freeret;
1676         }
1677
1678         num_luns = listlength / 8;      /* 8 bytes per entry */
1679         if (num_luns > CISS_MAX_LUN) {
1680                 num_luns = CISS_MAX_LUN;
1681                 printk(KERN_WARNING "cciss: more luns configured"
1682                        " on controller than can be handled by"
1683                        " this driver.\n");
1684         }
1685
1686         if (num_luns == 0)
1687                 cciss_add_controller_node(h);
1688
1689         /* Compare controller drive array to driver's drive array
1690          * to see if any drives are missing on the controller due
1691          * to action of Array Config Utility (user deletes drive)
1692          * and deregister logical drives which have disappeared.
1693          */
1694         for (i = 0; i <= h->highest_lun; i++) {
1695                 int j;
1696                 drv_found = 0;
1697
1698                 /* skip holes in the array from already deleted drives */
1699                 if (h->drv[i].raid_level == -1)
1700                         continue;
1701
1702                 for (j = 0; j < num_luns; j++) {
1703                         memcpy(&lunid, &ld_buff->LUN[j][0], 4);
1704                         lunid = le32_to_cpu(lunid);
1705                         if (h->drv[i].LunID == lunid) {
1706                                 drv_found = 1;
1707                                 break;
1708                         }
1709                 }
1710                 if (!drv_found) {
1711                         /* Deregister it from the OS, it's gone. */
1712                         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1713                         h->drv[i].busy_configuring = 1;
1714                         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1715                         return_code = deregister_disk(h, i, 1);
1716                         h->drv[i].busy_configuring = 0;
1717                 }
1718         }
1719
1720         /* Compare controller drive array to driver's drive array.
1721          * Check for updates in the drive information and any new drives
1722          * on the controller due to ACU adding logical drives, or changing
1723          * a logical drive's size, etc.  Reregister any new/changed drives
1724          */
1725         for (i = 0; i < num_luns; i++) {
1726                 int j;
1727
1728                 drv_found = 0;
1729
1730                 memcpy(&lunid, &ld_buff->LUN[i][0], 4);
1731                 lunid = le32_to_cpu(lunid);
1732
1733                 /* Find if the LUN is already in the drive array
1734                  * of the driver.  If so then update its info
1735                  * if not in use.  If it does not exist then find
1736                  * the first free index and add it.
1737                  */
1738                 for (j = 0; j <= h->highest_lun; j++) {
1739                         if (h->drv[j].raid_level != -1 &&
1740                                 h->drv[j].LunID == lunid) {
1741                                 drv_index = j;
1742                                 drv_found = 1;
1743                                 break;
1744                         }
1745                 }
1746
1747                 /* check if the drive was found already in the array */
1748                 if (!drv_found) {
1749                         drv_index = cciss_add_gendisk(h, lunid, 0);
1750                         if (drv_index == -1)
1751                                 goto freeret;
1752                 }
1753                 cciss_update_drive_info(ctlr, drv_index, first_time);
1754         }               /* end for */
1755
1756 freeret:
1757         kfree(ld_buff);
1758         h->busy_configuring = 0;
1759         /* We return -1 here to tell the ACU that we have registered/updated
1760          * all of the drives that we can and to keep it from calling us
1761          * additional times.
1762          */
1763         return -1;
1764 mem_msg:
1765         printk(KERN_ERR "cciss: out of memory\n");
1766         h->busy_configuring = 0;
1767         goto freeret;
1768 }
1769
1770 /* This function will deregister the disk and it's queue from the
1771  * kernel.  It must be called with the controller lock held and the
1772  * drv structures busy_configuring flag set.  It's parameters are:
1773  *
1774  * disk = This is the disk to be deregistered
1775  * drv  = This is the drive_info_struct associated with the disk to be
1776  *        deregistered.  It contains information about the disk used
1777  *        by the driver.
1778  * clear_all = This flag determines whether or not the disk information
1779  *             is going to be completely cleared out and the highest_lun
1780  *             reset.  Sometimes we want to clear out information about
1781  *             the disk in preparation for re-adding it.  In this case
1782  *             the highest_lun should be left unchanged and the LunID
1783  *             should not be cleared.
1784 */
1785 static int deregister_disk(ctlr_info_t *h, int drv_index,
1786                            int clear_all)
1787 {
1788         int i;
1789         struct gendisk *disk;
1790         drive_info_struct *drv;
1791
1792         if (!capable(CAP_SYS_RAWIO))
1793                 return -EPERM;
1794
1795         drv = &h->drv[drv_index];
1796         disk = h->gendisk[drv_index];
1797
1798         /* make sure logical volume is NOT is use */
1799         if (clear_all || (h->gendisk[0] == disk)) {
1800                 if (drv->usage_count > 1)
1801                         return -EBUSY;
1802         } else if (drv->usage_count > 0)
1803                 return -EBUSY;
1804
1805         /* invalidate the devices and deregister the disk.  If it is disk
1806          * zero do not deregister it but just zero out it's values.  This
1807          * allows us to delete disk zero but keep the controller registered.
1808          */
1809         if (h->gendisk[0] != disk) {
1810                 struct request_queue *q = disk->queue;
1811                 if (disk->flags & GENHD_FL_UP)
1812                         del_gendisk(disk);
1813                 if (q) {
1814                         blk_cleanup_queue(q);
1815                         /* Set drv->queue to NULL so that we do not try
1816                          * to call blk_start_queue on this queue in the
1817                          * interrupt handler
1818                          */
1819                         drv->queue = NULL;
1820                 }
1821                 /* If clear_all is set then we are deleting the logical
1822                  * drive, not just refreshing its info.  For drives
1823                  * other than disk 0 we will call put_disk.  We do not
1824                  * do this for disk 0 as we need it to be able to
1825                  * configure the controller.
1826                  */
1827                 if (clear_all){
1828                         /* This isn't pretty, but we need to find the
1829                          * disk in our array and NULL our the pointer.
1830                          * This is so that we will call alloc_disk if
1831                          * this index is used again later.
1832                          */
1833                         for (i=0; i < CISS_MAX_LUN; i++){
1834                                 if (h->gendisk[i] == disk) {
1835                                         h->gendisk[i] = NULL;
1836                                         break;
1837                                 }
1838                         }
1839                         put_disk(disk);
1840                 }
1841         } else {
1842                 set_capacity(disk, 0);
1843         }
1844
1845         --h->num_luns;
1846         /* zero out the disk size info */
1847         drv->nr_blocks = 0;
1848         drv->block_size = 0;
1849         drv->heads = 0;
1850         drv->sectors = 0;
1851         drv->cylinders = 0;
1852         drv->raid_level = -1;   /* This can be used as a flag variable to
1853                                  * indicate that this element of the drive
1854                                  * array is free.
1855                                  */
1856
1857         if (clear_all) {
1858                 /* check to see if it was the last disk */
1859                 if (drv == h->drv + h->highest_lun) {
1860                         /* if so, find the new hightest lun */
1861                         int i, newhighest = -1;
1862                         for (i = 0; i <= h->highest_lun; i++) {
1863                                 /* if the disk has size > 0, it is available */
1864                                 if (h->drv[i].heads)
1865                                         newhighest = i;
1866                         }
1867                         h->highest_lun = newhighest;
1868                 }
1869
1870                 drv->LunID = 0;
1871         }
1872         return 0;
1873 }
1874
1875 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
1876                                                                                                                            1: address logical volume log_unit,
1877                                                                                                                            2: periph device address is scsi3addr */
1878                     unsigned int log_unit, __u8 page_code,
1879                     unsigned char *scsi3addr, int cmd_type)
1880 {
1881         ctlr_info_t *h = hba[ctlr];
1882         u64bit buff_dma_handle;
1883         int status = IO_OK;
1884
1885         c->cmd_type = CMD_IOCTL_PEND;
1886         c->Header.ReplyQueue = 0;
1887         if (buff != NULL) {
1888                 c->Header.SGList = 1;
1889                 c->Header.SGTotal = 1;
1890         } else {
1891                 c->Header.SGList = 0;
1892                 c->Header.SGTotal = 0;
1893         }
1894         c->Header.Tag.lower = c->busaddr;
1895
1896         c->Request.Type.Type = cmd_type;
1897         if (cmd_type == TYPE_CMD) {
1898                 switch (cmd) {
1899                 case CISS_INQUIRY:
1900                         /* If the logical unit number is 0 then, this is going
1901                            to controller so It's a physical command
1902                            mode = 0 target = 0.  So we have nothing to write.
1903                            otherwise, if use_unit_num == 1,
1904                            mode = 1(volume set addressing) target = LUNID
1905                            otherwise, if use_unit_num == 2,
1906                            mode = 0(periph dev addr) target = scsi3addr */
1907                         if (use_unit_num == 1) {
1908                                 c->Header.LUN.LogDev.VolId =
1909                                     h->drv[log_unit].LunID;
1910                                 c->Header.LUN.LogDev.Mode = 1;
1911                         } else if (use_unit_num == 2) {
1912                                 memcpy(c->Header.LUN.LunAddrBytes, scsi3addr,
1913                                        8);
1914                                 c->Header.LUN.LogDev.Mode = 0;
1915                         }
1916                         /* are we trying to read a vital product page */
1917                         if (page_code != 0) {
1918                                 c->Request.CDB[1] = 0x01;
1919                                 c->Request.CDB[2] = page_code;
1920                         }
1921                         c->Request.CDBLen = 6;
1922                         c->Request.Type.Attribute = ATTR_SIMPLE;
1923                         c->Request.Type.Direction = XFER_READ;
1924                         c->Request.Timeout = 0;
1925                         c->Request.CDB[0] = CISS_INQUIRY;
1926                         c->Request.CDB[4] = size & 0xFF;
1927                         break;
1928                 case CISS_REPORT_LOG:
1929                 case CISS_REPORT_PHYS:
1930                         /* Talking to controller so It's a physical command
1931                            mode = 00 target = 0.  Nothing to write.
1932                          */
1933                         c->Request.CDBLen = 12;
1934                         c->Request.Type.Attribute = ATTR_SIMPLE;
1935                         c->Request.Type.Direction = XFER_READ;
1936                         c->Request.Timeout = 0;
1937                         c->Request.CDB[0] = cmd;
1938                         c->Request.CDB[6] = (size >> 24) & 0xFF;        //MSB
1939                         c->Request.CDB[7] = (size >> 16) & 0xFF;
1940                         c->Request.CDB[8] = (size >> 8) & 0xFF;
1941                         c->Request.CDB[9] = size & 0xFF;
1942                         break;
1943
1944                 case CCISS_READ_CAPACITY:
1945                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1946                         c->Header.LUN.LogDev.Mode = 1;
1947                         c->Request.CDBLen = 10;
1948                         c->Request.Type.Attribute = ATTR_SIMPLE;
1949                         c->Request.Type.Direction = XFER_READ;
1950                         c->Request.Timeout = 0;
1951                         c->Request.CDB[0] = cmd;
1952                         break;
1953                 case CCISS_READ_CAPACITY_16:
1954                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1955                         c->Header.LUN.LogDev.Mode = 1;
1956                         c->Request.CDBLen = 16;
1957                         c->Request.Type.Attribute = ATTR_SIMPLE;
1958                         c->Request.Type.Direction = XFER_READ;
1959                         c->Request.Timeout = 0;
1960                         c->Request.CDB[0] = cmd;
1961                         c->Request.CDB[1] = 0x10;
1962                         c->Request.CDB[10] = (size >> 24) & 0xFF;
1963                         c->Request.CDB[11] = (size >> 16) & 0xFF;
1964                         c->Request.CDB[12] = (size >> 8) & 0xFF;
1965                         c->Request.CDB[13] = size & 0xFF;
1966                         c->Request.Timeout = 0;
1967                         c->Request.CDB[0] = cmd;
1968                         break;
1969                 case CCISS_CACHE_FLUSH:
1970                         c->Request.CDBLen = 12;
1971                         c->Request.Type.Attribute = ATTR_SIMPLE;
1972                         c->Request.Type.Direction = XFER_WRITE;
1973                         c->Request.Timeout = 0;
1974                         c->Request.CDB[0] = BMIC_WRITE;
1975                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
1976                         break;
1977                 case TEST_UNIT_READY:
1978                         memcpy(c->Header. LUN.LunAddrBytes, scsi3addr, 8);
1979                         c->Request.CDBLen = 6;
1980                         c->Request.Type.Attribute = ATTR_SIMPLE;
1981                         c->Request.Type.Direction = XFER_NONE;
1982                         c->Request.Timeout = 0;
1983                         break;
1984                 default:
1985                         printk(KERN_WARNING
1986                                "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
1987                         return IO_ERROR;
1988                 }
1989         } else if (cmd_type == TYPE_MSG) {
1990                 switch (cmd) {
1991                 case 0: /* ABORT message */
1992                         c->Request.CDBLen = 12;
1993                         c->Request.Type.Attribute = ATTR_SIMPLE;
1994                         c->Request.Type.Direction = XFER_WRITE;
1995                         c->Request.Timeout = 0;
1996                         c->Request.CDB[0] = cmd;        /* abort */
1997                         c->Request.CDB[1] = 0;  /* abort a command */
1998                         /* buff contains the tag of the command to abort */
1999                         memcpy(&c->Request.CDB[4], buff, 8);
2000                         break;
2001                 case 1: /* RESET message */
2002                         memcpy(c->Header.LUN.LunAddrBytes, scsi3addr, 8);
2003                         c->Request.CDBLen = 16;
2004                         c->Request.Type.Attribute = ATTR_SIMPLE;
2005                         c->Request.Type.Direction = XFER_NONE;
2006                         c->Request.Timeout = 0;
2007                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
2008                         c->Request.CDB[0] = cmd;        /* reset */
2009                         c->Request.CDB[1] = 0x03;       /* reset a target */
2010                         break;
2011                 case 3: /* No-Op message */
2012                         c->Request.CDBLen = 1;
2013                         c->Request.Type.Attribute = ATTR_SIMPLE;
2014                         c->Request.Type.Direction = XFER_WRITE;
2015                         c->Request.Timeout = 0;
2016                         c->Request.CDB[0] = cmd;
2017                         break;
2018                 default:
2019                         printk(KERN_WARNING
2020                                "cciss%d: unknown message type %d\n", ctlr, cmd);
2021                         return IO_ERROR;
2022                 }
2023         } else {
2024                 printk(KERN_WARNING
2025                        "cciss%d: unknown command type %d\n", ctlr, cmd_type);
2026                 return IO_ERROR;
2027         }
2028         /* Fill in the scatter gather information */
2029         if (size > 0) {
2030                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
2031                                                              buff, size,
2032                                                              PCI_DMA_BIDIRECTIONAL);
2033                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
2034                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
2035                 c->SG[0].Len = size;
2036                 c->SG[0].Ext = 0;       /* we are not chaining */
2037         }
2038         return status;
2039 }
2040
2041 static int sendcmd_withirq(__u8 cmd,
2042                            int ctlr,
2043                            void *buff,
2044                            size_t size,
2045                            unsigned int use_unit_num,
2046                            unsigned int log_unit, __u8 page_code, int cmd_type)
2047 {
2048         ctlr_info_t *h = hba[ctlr];
2049         CommandList_struct *c;
2050         u64bit buff_dma_handle;
2051         unsigned long flags;
2052         int return_status;
2053         DECLARE_COMPLETION_ONSTACK(wait);
2054
2055         if ((c = cmd_alloc(h, 0)) == NULL)
2056                 return -ENOMEM;
2057         return_status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2058                                  log_unit, page_code, NULL, cmd_type);
2059         if (return_status != IO_OK) {
2060                 cmd_free(h, c, 0);
2061                 return return_status;
2062         }
2063       resend_cmd2:
2064         c->waiting = &wait;
2065
2066         /* Put the request on the tail of the queue and send it */
2067         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
2068         addQ(&h->reqQ, c);
2069         h->Qdepth++;
2070         start_io(h);
2071         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
2072
2073         wait_for_completion(&wait);
2074
2075         if (c->err_info->CommandStatus != 0) {  /* an error has occurred */
2076                 switch (c->err_info->CommandStatus) {
2077                 case CMD_TARGET_STATUS:
2078                         printk(KERN_WARNING "cciss: cmd %p has "
2079                                " completed with errors\n", c);
2080                         if (c->err_info->ScsiStatus) {
2081                                 printk(KERN_WARNING "cciss: cmd %p "
2082                                        "has SCSI Status = %x\n",
2083                                        c, c->err_info->ScsiStatus);
2084                         }
2085
2086                         break;
2087                 case CMD_DATA_UNDERRUN:
2088                 case CMD_DATA_OVERRUN:
2089                         /* expected for inquire and report lun commands */
2090                         break;
2091                 case CMD_INVALID:
2092                         printk(KERN_WARNING "cciss: Cmd %p is "
2093                                "reported invalid\n", c);
2094                         return_status = IO_ERROR;
2095                         break;
2096                 case CMD_PROTOCOL_ERR:
2097                         printk(KERN_WARNING "cciss: cmd %p has "
2098                                "protocol error \n", c);
2099                         return_status = IO_ERROR;
2100                         break;
2101                 case CMD_HARDWARE_ERR:
2102                         printk(KERN_WARNING "cciss: cmd %p had "
2103                                " hardware error\n", c);
2104                         return_status = IO_ERROR;
2105                         break;
2106                 case CMD_CONNECTION_LOST:
2107                         printk(KERN_WARNING "cciss: cmd %p had "
2108                                "connection lost\n", c);
2109                         return_status = IO_ERROR;
2110                         break;
2111                 case CMD_ABORTED:
2112                         printk(KERN_WARNING "cciss: cmd %p was "
2113                                "aborted\n", c);
2114                         return_status = IO_ERROR;
2115                         break;
2116                 case CMD_ABORT_FAILED:
2117                         printk(KERN_WARNING "cciss: cmd %p reports "
2118                                "abort failed\n", c);
2119                         return_status = IO_ERROR;
2120                         break;
2121                 case CMD_UNSOLICITED_ABORT:
2122                         printk(KERN_WARNING
2123                                "cciss%d: unsolicited abort %p\n", ctlr, c);
2124                         if (c->retry_count < MAX_CMD_RETRIES) {
2125                                 printk(KERN_WARNING
2126                                        "cciss%d: retrying %p\n", ctlr, c);
2127                                 c->retry_count++;
2128                                 /* erase the old error information */
2129                                 memset(c->err_info, 0,
2130                                        sizeof(ErrorInfo_struct));
2131                                 return_status = IO_OK;
2132                                 INIT_COMPLETION(wait);
2133                                 goto resend_cmd2;
2134                         }
2135                         return_status = IO_ERROR;
2136                         break;
2137                 default:
2138                         printk(KERN_WARNING "cciss: cmd %p returned "
2139                                "unknown status %x\n", c,
2140                                c->err_info->CommandStatus);
2141                         return_status = IO_ERROR;
2142                 }
2143         }
2144         /* unlock the buffers from DMA */
2145         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2146         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2147         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2148                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2149         cmd_free(h, c, 0);
2150         return return_status;
2151 }
2152
2153 static void cciss_geometry_inquiry(int ctlr, int logvol,
2154                                    int withirq, sector_t total_size,
2155                                    unsigned int block_size,
2156                                    InquiryData_struct *inq_buff,
2157                                    drive_info_struct *drv)
2158 {
2159         int return_code;
2160         unsigned long t;
2161
2162         memset(inq_buff, 0, sizeof(InquiryData_struct));
2163         if (withirq)
2164                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
2165                                               inq_buff, sizeof(*inq_buff), 1,
2166                                               logvol, 0xC1, TYPE_CMD);
2167         else
2168                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
2169                                       sizeof(*inq_buff), 1, logvol, 0xC1, NULL,
2170                                       TYPE_CMD);
2171         if (return_code == IO_OK) {
2172                 if (inq_buff->data_byte[8] == 0xFF) {
2173                         printk(KERN_WARNING
2174                                "cciss: reading geometry failed, volume "
2175                                "does not support reading geometry\n");
2176                         drv->heads = 255;
2177                         drv->sectors = 32;      // Sectors per track
2178                         drv->cylinders = total_size + 1;
2179                         drv->raid_level = RAID_UNKNOWN;
2180                 } else {
2181                         drv->heads = inq_buff->data_byte[6];
2182                         drv->sectors = inq_buff->data_byte[7];
2183                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
2184                         drv->cylinders += inq_buff->data_byte[5];
2185                         drv->raid_level = inq_buff->data_byte[8];
2186                 }
2187                 drv->block_size = block_size;
2188                 drv->nr_blocks = total_size + 1;
2189                 t = drv->heads * drv->sectors;
2190                 if (t > 1) {
2191                         sector_t real_size = total_size + 1;
2192                         unsigned long rem = sector_div(real_size, t);
2193                         if (rem)
2194                                 real_size++;
2195                         drv->cylinders = real_size;
2196                 }
2197         } else {                /* Get geometry failed */
2198                 printk(KERN_WARNING "cciss: reading geometry failed\n");
2199         }
2200         printk(KERN_INFO "      heads=%d, sectors=%d, cylinders=%d\n\n",
2201                drv->heads, drv->sectors, drv->cylinders);
2202 }
2203
2204 static void
2205 cciss_read_capacity(int ctlr, int logvol, int withirq, sector_t *total_size,
2206                     unsigned int *block_size)
2207 {
2208         ReadCapdata_struct *buf;
2209         int return_code;
2210
2211         buf = kzalloc(sizeof(ReadCapdata_struct), GFP_KERNEL);
2212         if (!buf) {
2213                 printk(KERN_WARNING "cciss: out of memory\n");
2214                 return;
2215         }
2216
2217         if (withirq)
2218                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
2219                                 ctlr, buf, sizeof(ReadCapdata_struct),
2220                                         1, logvol, 0, TYPE_CMD);
2221         else
2222                 return_code = sendcmd(CCISS_READ_CAPACITY,
2223                                 ctlr, buf, sizeof(ReadCapdata_struct),
2224                                         1, logvol, 0, NULL, TYPE_CMD);
2225         if (return_code == IO_OK) {
2226                 *total_size = be32_to_cpu(*(__be32 *) buf->total_size);
2227                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2228         } else {                /* read capacity command failed */
2229                 printk(KERN_WARNING "cciss: read capacity failed\n");
2230                 *total_size = 0;
2231                 *block_size = BLOCK_SIZE;
2232         }
2233         if (*total_size != 0)
2234                 printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2235                 (unsigned long long)*total_size+1, *block_size);
2236         kfree(buf);
2237 }
2238
2239 static void
2240 cciss_read_capacity_16(int ctlr, int logvol, int withirq, sector_t *total_size,                                 unsigned int *block_size)
2241 {
2242         ReadCapdata_struct_16 *buf;
2243         int return_code;
2244
2245         buf = kzalloc(sizeof(ReadCapdata_struct_16), GFP_KERNEL);
2246         if (!buf) {
2247                 printk(KERN_WARNING "cciss: out of memory\n");
2248                 return;
2249         }
2250
2251         if (withirq) {
2252                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY_16,
2253                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2254                                 1, logvol, 0, TYPE_CMD);
2255         }
2256         else {
2257                 return_code = sendcmd(CCISS_READ_CAPACITY_16,
2258                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2259                                 1, logvol, 0, NULL, TYPE_CMD);
2260         }
2261         if (return_code == IO_OK) {
2262                 *total_size = be64_to_cpu(*(__be64 *) buf->total_size);
2263                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2264         } else {                /* read capacity command failed */
2265                 printk(KERN_WARNING "cciss: read capacity failed\n");
2266                 *total_size = 0;
2267                 *block_size = BLOCK_SIZE;
2268         }
2269         printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2270                (unsigned long long)*total_size+1, *block_size);
2271         kfree(buf);
2272 }
2273
2274 static int cciss_revalidate(struct gendisk *disk)
2275 {
2276         ctlr_info_t *h = get_host(disk);
2277         drive_info_struct *drv = get_drv(disk);
2278         int logvol;
2279         int FOUND = 0;
2280         unsigned int block_size;
2281         sector_t total_size;
2282         InquiryData_struct *inq_buff = NULL;
2283
2284         for (logvol = 0; logvol < CISS_MAX_LUN; logvol++) {
2285                 if (h->drv[logvol].LunID == drv->LunID) {
2286                         FOUND = 1;
2287                         break;
2288                 }
2289         }
2290
2291         if (!FOUND)
2292                 return 1;
2293
2294         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
2295         if (inq_buff == NULL) {
2296                 printk(KERN_WARNING "cciss: out of memory\n");
2297                 return 1;
2298         }
2299         if (h->cciss_read == CCISS_READ_10) {
2300                 cciss_read_capacity(h->ctlr, logvol, 1,
2301                                         &total_size, &block_size);
2302         } else {
2303                 cciss_read_capacity_16(h->ctlr, logvol, 1,
2304                                         &total_size, &block_size);
2305         }
2306         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size,
2307                                inq_buff, drv);
2308
2309         blk_queue_logical_block_size(drv->queue, drv->block_size);
2310         set_capacity(disk, drv->nr_blocks);
2311
2312         kfree(inq_buff);
2313         return 0;
2314 }
2315
2316 /*
2317  *   Wait polling for a command to complete.
2318  *   The memory mapped FIFO is polled for the completion.
2319  *   Used only at init time, interrupts from the HBA are disabled.
2320  */
2321 static unsigned long pollcomplete(int ctlr)
2322 {
2323         unsigned long done;
2324         int i;
2325
2326         /* Wait (up to 20 seconds) for a command to complete */
2327
2328         for (i = 20 * HZ; i > 0; i--) {
2329                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
2330                 if (done == FIFO_EMPTY)
2331                         schedule_timeout_uninterruptible(1);
2332                 else
2333                         return done;
2334         }
2335         /* Invalid address to tell caller we ran out of time */
2336         return 1;
2337 }
2338
2339 static int add_sendcmd_reject(__u8 cmd, int ctlr, unsigned long complete)
2340 {
2341         /* We get in here if sendcmd() is polling for completions
2342            and gets some command back that it wasn't expecting --
2343            something other than that which it just sent down.
2344            Ordinarily, that shouldn't happen, but it can happen when
2345            the scsi tape stuff gets into error handling mode, and
2346            starts using sendcmd() to try to abort commands and
2347            reset tape drives.  In that case, sendcmd may pick up
2348            completions of commands that were sent to logical drives
2349            through the block i/o system, or cciss ioctls completing, etc.
2350            In that case, we need to save those completions for later
2351            processing by the interrupt handler.
2352          */
2353
2354 #ifdef CONFIG_CISS_SCSI_TAPE
2355         struct sendcmd_reject_list *srl = &hba[ctlr]->scsi_rejects;
2356
2357         /* If it's not the scsi tape stuff doing error handling, (abort */
2358         /* or reset) then we don't expect anything weird. */
2359         if (cmd != CCISS_RESET_MSG && cmd != CCISS_ABORT_MSG) {
2360 #endif
2361                 printk(KERN_WARNING "cciss cciss%d: SendCmd "
2362                        "Invalid command list address returned! (%lx)\n",
2363                        ctlr, complete);
2364                 /* not much we can do. */
2365 #ifdef CONFIG_CISS_SCSI_TAPE
2366                 return 1;
2367         }
2368
2369         /* We've sent down an abort or reset, but something else
2370            has completed */
2371         if (srl->ncompletions >= (hba[ctlr]->nr_cmds + 2)) {
2372                 /* Uh oh.  No room to save it for later... */
2373                 printk(KERN_WARNING "cciss%d: Sendcmd: Invalid command addr, "
2374                        "reject list overflow, command lost!\n", ctlr);
2375                 return 1;
2376         }
2377         /* Save it for later */
2378         srl->complete[srl->ncompletions] = complete;
2379         srl->ncompletions++;
2380 #endif
2381         return 0;
2382 }
2383
2384 /* Send command c to controller h and poll for it to complete.
2385  * Turns interrupts off on the board.  Used at driver init time
2386  * and during SCSI error recovery.
2387  */
2388 static int sendcmd_core(ctlr_info_t *h, CommandList_struct *c)
2389 {
2390         int i;
2391         unsigned long complete;
2392         int status = IO_ERROR;
2393         u64bit buff_dma_handle;
2394
2395 resend_cmd1:
2396
2397         /* Disable interrupt on the board. */
2398         h->access.set_intr_mask(h, CCISS_INTR_OFF);
2399
2400         /* Make sure there is room in the command FIFO */
2401         /* Actually it should be completely empty at this time */
2402         /* unless we are in here doing error handling for the scsi */
2403         /* tape side of the driver. */
2404         for (i = 200000; i > 0; i--) {
2405                 /* if fifo isn't full go */
2406                 if (!(h->access.fifo_full(h)))
2407                         break;
2408                 udelay(10);
2409                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2410                        " waiting!\n", h->ctlr);
2411         }
2412         h->access.submit_command(h, c); /* Send the cmd */
2413         do {
2414                 complete = pollcomplete(h->ctlr);
2415
2416 #ifdef CCISS_DEBUG
2417                 printk(KERN_DEBUG "cciss: command completed\n");
2418 #endif                          /* CCISS_DEBUG */
2419
2420                 if (complete == 1) {
2421                         printk(KERN_WARNING
2422                                "cciss cciss%d: SendCmd Timeout out, "
2423                                "No command list address returned!\n", h->ctlr);
2424                         status = IO_ERROR;
2425                         break;
2426                 }
2427
2428                 /* If it's not the cmd we're looking for, save it for later */
2429                 if ((complete & ~CISS_ERROR_BIT) != c->busaddr) {
2430                         if (add_sendcmd_reject(c->Request.CDB[0],
2431                                 h->ctlr, complete) != 0)
2432                                 BUG(); /* we are hosed if we get here. */
2433                         continue;
2434                 }
2435
2436                 /* It is our command.  If no error, we're done. */
2437                 if (!(complete & CISS_ERROR_BIT)) {
2438                         status = IO_OK;
2439                         break;
2440                 }
2441
2442                 /* There is an error... */
2443
2444                 /* if data overrun or underun on Report command ignore it */
2445                 if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2446                      (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2447                      (c->Request.CDB[0] == CISS_INQUIRY)) &&
2448                         ((c->err_info->CommandStatus == CMD_DATA_OVERRUN) ||
2449                          (c->err_info->CommandStatus == CMD_DATA_UNDERRUN))) {
2450                         complete = c->busaddr;
2451                         status = IO_OK;
2452                         break;
2453                 }
2454
2455                 if (c->err_info->CommandStatus == CMD_UNSOLICITED_ABORT) {
2456                         printk(KERN_WARNING "cciss%d: unsolicited abort %p\n",
2457                                 h->ctlr, c);
2458                         if (c->retry_count < MAX_CMD_RETRIES) {
2459                                 printk(KERN_WARNING "cciss%d: retrying %p\n",
2460                                    h->ctlr, c);
2461                                 c->retry_count++;
2462                                 /* erase the old error information */
2463                                 memset(c->err_info, 0, sizeof(c->err_info));
2464                                 goto resend_cmd1;
2465                         }
2466                         printk(KERN_WARNING "cciss%d: retried %p too many "
2467                                 "times\n", h->ctlr, c);
2468                         status = IO_ERROR;
2469                         goto cleanup1;
2470                 }
2471
2472                 if (c->err_info->CommandStatus == CMD_UNABORTABLE) {
2473                         printk(KERN_WARNING "cciss%d: command could not be "
2474                                 "aborted.\n", h->ctlr);
2475                         status = IO_ERROR;
2476                         goto cleanup1;
2477                 }
2478
2479                 printk(KERN_WARNING "cciss%d: sendcmd error\n", h->ctlr);
2480                 printk(KERN_WARNING "cmd = 0x%02x, CommandStatus = 0x%02x\n",
2481                         c->Request.CDB[0], c->err_info->CommandStatus);
2482                 if (c->err_info->CommandStatus == CMD_TARGET_STATUS) {
2483                         printk(KERN_WARNING "Target status = 0x%02x\n",
2484                         c->err_info->ScsiStatus);
2485                         if (c->err_info->ScsiStatus == 2) /* chk cond */
2486                                 printk(KERN_WARNING "Sense key = 0x%02x\n",
2487                                         0xf & c->err_info->SenseInfo[2]);
2488                 }
2489
2490                 status = IO_ERROR;
2491                 goto cleanup1;
2492
2493         } while (1);
2494
2495 cleanup1:
2496         /* unlock the data buffer from DMA */
2497         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2498         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2499         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2500                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2501 #ifdef CONFIG_CISS_SCSI_TAPE
2502         /* if we saved some commands for later, process them now. */
2503         if (h->scsi_rejects.ncompletions > 0)
2504                 do_cciss_intr(0, h);
2505 #endif
2506         return status;
2507 }
2508
2509 /*
2510  * Send a command to the controller, and wait for it to complete.
2511  * Used at init time, and during SCSI error recovery.
2512  */
2513 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
2514         unsigned int use_unit_num,/* 0: address the controller,
2515                                      1: address logical volume log_unit,
2516                                      2: periph device address is scsi3addr */
2517         unsigned int log_unit,
2518         __u8 page_code, unsigned char *scsi3addr, int cmd_type)
2519 {
2520         CommandList_struct *c;
2521         int status;
2522
2523         c = cmd_alloc(hba[ctlr], 1);
2524         if (!c) {
2525                 printk(KERN_WARNING "cciss: unable to get memory");
2526                 return IO_ERROR;
2527         }
2528         status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2529                           log_unit, page_code, scsi3addr, cmd_type);
2530         if (status == IO_OK)
2531                 status = sendcmd_core(hba[ctlr], c);
2532         cmd_free(hba[ctlr], c, 1);
2533         return status;
2534 }
2535
2536 /*
2537  * Map (physical) PCI mem into (virtual) kernel space
2538  */
2539 static void __iomem *remap_pci_mem(ulong base, ulong size)
2540 {
2541         ulong page_base = ((ulong) base) & PAGE_MASK;
2542         ulong page_offs = ((ulong) base) - page_base;
2543         void __iomem *page_remapped = ioremap(page_base, page_offs + size);
2544
2545         return page_remapped ? (page_remapped + page_offs) : NULL;
2546 }
2547
2548 /*
2549  * Takes jobs of the Q and sends them to the hardware, then puts it on
2550  * the Q to wait for completion.
2551  */
2552 static void start_io(ctlr_info_t *h)
2553 {
2554         CommandList_struct *c;
2555
2556         while (!hlist_empty(&h->reqQ)) {
2557                 c = hlist_entry(h->reqQ.first, CommandList_struct, list);
2558                 /* can't do anything if fifo is full */
2559                 if ((h->access.fifo_full(h))) {
2560                         printk(KERN_WARNING "cciss: fifo full\n");
2561                         break;
2562                 }
2563
2564                 /* Get the first entry from the Request Q */
2565                 removeQ(c);
2566                 h->Qdepth--;
2567
2568                 /* Tell the controller execute command */
2569                 h->access.submit_command(h, c);
2570
2571                 /* Put job onto the completed Q */
2572                 addQ(&h->cmpQ, c);
2573         }
2574 }
2575
2576 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2577 /* Zeros out the error record and then resends the command back */
2578 /* to the controller */
2579 static inline void resend_cciss_cmd(ctlr_info_t *h, CommandList_struct *c)
2580 {
2581         /* erase the old error information */
2582         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2583
2584         /* add it to software queue and then send it to the controller */
2585         addQ(&h->reqQ, c);
2586         h->Qdepth++;
2587         if (h->Qdepth > h->maxQsinceinit)
2588                 h->maxQsinceinit = h->Qdepth;
2589
2590         start_io(h);
2591 }
2592
2593 static inline unsigned int make_status_bytes(unsigned int scsi_status_byte,
2594         unsigned int msg_byte, unsigned int host_byte,
2595         unsigned int driver_byte)
2596 {
2597         /* inverse of macros in scsi.h */
2598         return (scsi_status_byte & 0xff) |
2599                 ((msg_byte & 0xff) << 8) |
2600                 ((host_byte & 0xff) << 16) |
2601                 ((driver_byte & 0xff) << 24);
2602 }
2603
2604 static inline int evaluate_target_status(ctlr_info_t *h,
2605                         CommandList_struct *cmd, int *retry_cmd)
2606 {
2607         unsigned char sense_key;
2608         unsigned char status_byte, msg_byte, host_byte, driver_byte;
2609         int error_value;
2610
2611         *retry_cmd = 0;
2612         /* If we get in here, it means we got "target status", that is, scsi status */
2613         status_byte = cmd->err_info->ScsiStatus;
2614         driver_byte = DRIVER_OK;
2615         msg_byte = cmd->err_info->CommandStatus; /* correct?  seems too device specific */
2616
2617         if (blk_pc_request(cmd->rq))
2618                 host_byte = DID_PASSTHROUGH;
2619         else
2620                 host_byte = DID_OK;
2621
2622         error_value = make_status_bytes(status_byte, msg_byte,
2623                 host_byte, driver_byte);
2624
2625         if (cmd->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION) {
2626                 if (!blk_pc_request(cmd->rq))
2627                         printk(KERN_WARNING "cciss: cmd %p "
2628                                "has SCSI Status 0x%x\n",
2629                                cmd, cmd->err_info->ScsiStatus);
2630                 return error_value;
2631         }
2632
2633         /* check the sense key */
2634         sense_key = 0xf & cmd->err_info->SenseInfo[2];
2635         /* no status or recovered error */
2636         if (((sense_key == 0x0) || (sense_key == 0x1)) && !blk_pc_request(cmd->rq))
2637                 error_value = 0;
2638
2639         if (check_for_unit_attention(h, cmd)) {
2640                 *retry_cmd = !blk_pc_request(cmd->rq);
2641                 return 0;
2642         }
2643
2644         if (!blk_pc_request(cmd->rq)) { /* Not SG_IO or similar? */
2645                 if (error_value != 0)
2646                         printk(KERN_WARNING "cciss: cmd %p has CHECK CONDITION"
2647                                " sense key = 0x%x\n", cmd, sense_key);
2648                 return error_value;
2649         }
2650
2651         /* SG_IO or similar, copy sense data back */
2652         if (cmd->rq->sense) {
2653                 if (cmd->rq->sense_len > cmd->err_info->SenseLen)
2654                         cmd->rq->sense_len = cmd->err_info->SenseLen;
2655                 memcpy(cmd->rq->sense, cmd->err_info->SenseInfo,
2656                         cmd->rq->sense_len);
2657         } else
2658                 cmd->rq->sense_len = 0;
2659
2660         return error_value;
2661 }
2662
2663 /* checks the status of the job and calls complete buffers to mark all
2664  * buffers for the completed job. Note that this function does not need
2665  * to hold the hba/queue lock.
2666  */
2667 static inline void complete_command(ctlr_info_t *h, CommandList_struct *cmd,
2668                                     int timeout)
2669 {
2670         int retry_cmd = 0;
2671         struct request *rq = cmd->rq;
2672
2673         rq->errors = 0;
2674
2675         if (timeout)
2676                 rq->errors = make_status_bytes(0, 0, 0, DRIVER_TIMEOUT);
2677
2678         if (cmd->err_info->CommandStatus == 0)  /* no error has occurred */
2679                 goto after_error_processing;
2680
2681         switch (cmd->err_info->CommandStatus) {
2682         case CMD_TARGET_STATUS:
2683                 rq->errors = evaluate_target_status(h, cmd, &retry_cmd);
2684                 break;
2685         case CMD_DATA_UNDERRUN:
2686                 if (blk_fs_request(cmd->rq)) {
2687                         printk(KERN_WARNING "cciss: cmd %p has"
2688                                " completed with data underrun "
2689                                "reported\n", cmd);
2690                         cmd->rq->resid_len = cmd->err_info->ResidualCnt;
2691                 }
2692                 break;
2693         case CMD_DATA_OVERRUN:
2694                 if (blk_fs_request(cmd->rq))
2695                         printk(KERN_WARNING "cciss: cmd %p has"
2696                                " completed with data overrun "
2697                                "reported\n", cmd);
2698                 break;
2699         case CMD_INVALID:
2700                 printk(KERN_WARNING "cciss: cmd %p is "
2701                        "reported invalid\n", cmd);
2702                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2703                         cmd->err_info->CommandStatus, DRIVER_OK,
2704                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2705                 break;
2706         case CMD_PROTOCOL_ERR:
2707                 printk(KERN_WARNING "cciss: cmd %p has "
2708                        "protocol error \n", cmd);
2709                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2710                         cmd->err_info->CommandStatus, DRIVER_OK,
2711                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2712                 break;
2713         case CMD_HARDWARE_ERR:
2714                 printk(KERN_WARNING "cciss: cmd %p had "
2715                        " hardware error\n", cmd);
2716                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2717                         cmd->err_info->CommandStatus, DRIVER_OK,
2718                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2719                 break;
2720         case CMD_CONNECTION_LOST:
2721                 printk(KERN_WARNING "cciss: cmd %p had "
2722                        "connection lost\n", cmd);
2723                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2724                         cmd->err_info->CommandStatus, DRIVER_OK,
2725                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2726                 break;
2727         case CMD_ABORTED:
2728                 printk(KERN_WARNING "cciss: cmd %p was "
2729                        "aborted\n", cmd);
2730                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2731                         cmd->err_info->CommandStatus, DRIVER_OK,
2732                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2733                 break;
2734         case CMD_ABORT_FAILED:
2735                 printk(KERN_WARNING "cciss: cmd %p reports "
2736                        "abort failed\n", cmd);
2737                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2738                         cmd->err_info->CommandStatus, DRIVER_OK,
2739                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2740                 break;
2741         case CMD_UNSOLICITED_ABORT:
2742                 printk(KERN_WARNING "cciss%d: unsolicited "
2743                        "abort %p\n", h->ctlr, cmd);
2744                 if (cmd->retry_count < MAX_CMD_RETRIES) {
2745                         retry_cmd = 1;
2746                         printk(KERN_WARNING
2747                                "cciss%d: retrying %p\n", h->ctlr, cmd);
2748                         cmd->retry_count++;
2749                 } else
2750                         printk(KERN_WARNING
2751                                "cciss%d: %p retried too "
2752                                "many times\n", h->ctlr, cmd);
2753                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2754                         cmd->err_info->CommandStatus, DRIVER_OK,
2755                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2756                 break;
2757         case CMD_TIMEOUT:
2758                 printk(KERN_WARNING "cciss: cmd %p timedout\n", cmd);
2759                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2760                         cmd->err_info->CommandStatus, DRIVER_OK,
2761                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2762                 break;
2763         default:
2764                 printk(KERN_WARNING "cciss: cmd %p returned "
2765                        "unknown status %x\n", cmd,
2766                        cmd->err_info->CommandStatus);
2767                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2768                         cmd->err_info->CommandStatus, DRIVER_OK,
2769                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2770         }
2771
2772 after_error_processing:
2773
2774         /* We need to return this command */
2775         if (retry_cmd) {
2776                 resend_cciss_cmd(h, cmd);
2777                 return;
2778         }
2779         cmd->rq->completion_data = cmd;
2780         blk_complete_request(cmd->rq);
2781 }
2782
2783 /*
2784  * Get a request and submit it to the controller.
2785  */
2786 static void do_cciss_request(struct request_queue *q)
2787 {
2788         ctlr_info_t *h = q->queuedata;
2789         CommandList_struct *c;
2790         sector_t start_blk;
2791         int seg;
2792         struct request *creq;
2793         u64bit temp64;
2794         struct scatterlist tmp_sg[MAXSGENTRIES];
2795         drive_info_struct *drv;
2796         int i, dir;
2797
2798         /* We call start_io here in case there is a command waiting on the
2799          * queue that has not been sent.
2800          */
2801         if (blk_queue_plugged(q))
2802                 goto startio;
2803
2804       queue:
2805         creq = blk_peek_request(q);
2806         if (!creq)
2807                 goto startio;
2808
2809         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
2810
2811         if ((c = cmd_alloc(h, 1)) == NULL)
2812                 goto full;
2813
2814         blk_start_request(creq);
2815
2816         spin_unlock_irq(q->queue_lock);
2817
2818         c->cmd_type = CMD_RWREQ;
2819         c->rq = creq;
2820
2821         /* fill in the request */
2822         drv = creq->rq_disk->private_data;
2823         c->Header.ReplyQueue = 0;       // unused in simple mode
2824         /* got command from pool, so use the command block index instead */
2825         /* for direct lookups. */
2826         /* The first 2 bits are reserved for controller error reporting. */
2827         c->Header.Tag.lower = (c->cmdindex << 3);
2828         c->Header.Tag.lower |= 0x04;    /* flag for direct lookup. */
2829         c->Header.LUN.LogDev.VolId = drv->LunID;
2830         c->Header.LUN.LogDev.Mode = 1;
2831         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
2832         c->Request.Type.Type = TYPE_CMD;        // It is a command.
2833         c->Request.Type.Attribute = ATTR_SIMPLE;
2834         c->Request.Type.Direction =
2835             (rq_data_dir(creq) == READ) ? XFER_READ : XFER_WRITE;
2836         c->Request.Timeout = 0; // Don't time out
2837         c->Request.CDB[0] =
2838             (rq_data_dir(creq) == READ) ? h->cciss_read : h->cciss_write;
2839         start_blk = blk_rq_pos(creq);
2840 #ifdef CCISS_DEBUG
2841         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n",
2842                (int)blk_rq_pos(creq), (int)blk_rq_sectors(creq));
2843 #endif                          /* CCISS_DEBUG */
2844
2845         sg_init_table(tmp_sg, MAXSGENTRIES);
2846         seg = blk_rq_map_sg(q, creq, tmp_sg);
2847
2848         /* get the DMA records for the setup */
2849         if (c->Request.Type.Direction == XFER_READ)
2850                 dir = PCI_DMA_FROMDEVICE;
2851         else
2852                 dir = PCI_DMA_TODEVICE;
2853
2854         for (i = 0; i < seg; i++) {
2855                 c->SG[i].Len = tmp_sg[i].length;
2856                 temp64.val = (__u64) pci_map_page(h->pdev, sg_page(&tmp_sg[i]),
2857                                                   tmp_sg[i].offset,
2858                                                   tmp_sg[i].length, dir);
2859                 c->SG[i].Addr.lower = temp64.val32.lower;
2860                 c->SG[i].Addr.upper = temp64.val32.upper;
2861                 c->SG[i].Ext = 0;       // we are not chaining
2862         }
2863         /* track how many SG entries we are using */
2864         if (seg > h->maxSG)
2865                 h->maxSG = seg;
2866
2867 #ifdef CCISS_DEBUG
2868         printk(KERN_DEBUG "cciss: Submitting %u sectors in %d segments\n",
2869                blk_rq_sectors(creq), seg);
2870 #endif                          /* CCISS_DEBUG */
2871
2872         c->Header.SGList = c->Header.SGTotal = seg;
2873         if (likely(blk_fs_request(creq))) {
2874                 if(h->cciss_read == CCISS_READ_10) {
2875                         c->Request.CDB[1] = 0;
2876                         c->Request.CDB[2] = (start_blk >> 24) & 0xff;   //MSB
2877                         c->Request.CDB[3] = (start_blk >> 16) & 0xff;
2878                         c->Request.CDB[4] = (start_blk >> 8) & 0xff;
2879                         c->Request.CDB[5] = start_blk & 0xff;
2880                         c->Request.CDB[6] = 0;  // (sect >> 24) & 0xff; MSB
2881                         c->Request.CDB[7] = (blk_rq_sectors(creq) >> 8) & 0xff;
2882                         c->Request.CDB[8] = blk_rq_sectors(creq) & 0xff;
2883                         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
2884                 } else {
2885                         u32 upper32 = upper_32_bits(start_blk);
2886
2887                         c->Request.CDBLen = 16;
2888                         c->Request.CDB[1]= 0;
2889                         c->Request.CDB[2]= (upper32 >> 24) & 0xff;      //MSB
2890                         c->Request.CDB[3]= (upper32 >> 16) & 0xff;
2891                         c->Request.CDB[4]= (upper32 >>  8) & 0xff;
2892                         c->Request.CDB[5]= upper32 & 0xff;
2893                         c->Request.CDB[6]= (start_blk >> 24) & 0xff;
2894                         c->Request.CDB[7]= (start_blk >> 16) & 0xff;
2895                         c->Request.CDB[8]= (start_blk >>  8) & 0xff;
2896                         c->Request.CDB[9]= start_blk & 0xff;
2897                         c->Request.CDB[10]= (blk_rq_sectors(creq) >> 24) & 0xff;
2898                         c->Request.CDB[11]= (blk_rq_sectors(creq) >> 16) & 0xff;
2899                         c->Request.CDB[12]= (blk_rq_sectors(creq) >>  8) & 0xff;
2900                         c->Request.CDB[13]= blk_rq_sectors(creq) & 0xff;
2901                         c->Request.CDB[14] = c->Request.CDB[15] = 0;
2902                 }
2903         } else if (blk_pc_request(creq)) {
2904                 c->Request.CDBLen = creq->cmd_len;
2905                 memcpy(c->Request.CDB, creq->cmd, BLK_MAX_CDB);
2906         } else {
2907                 printk(KERN_WARNING "cciss%d: bad request type %d\n", h->ctlr, creq->cmd_type);
2908                 BUG();
2909         }
2910
2911         spin_lock_irq(q->queue_lock);
2912
2913         addQ(&h->reqQ, c);
2914         h->Qdepth++;
2915         if (h->Qdepth > h->maxQsinceinit)
2916                 h->maxQsinceinit = h->Qdepth;
2917
2918         goto queue;
2919 full:
2920         blk_stop_queue(q);
2921 startio:
2922         /* We will already have the driver lock here so not need
2923          * to lock it.
2924          */
2925         start_io(h);
2926 }
2927
2928 static inline unsigned long get_next_completion(ctlr_info_t *h)
2929 {
2930 #ifdef CONFIG_CISS_SCSI_TAPE
2931         /* Any rejects from sendcmd() lying around? Process them first */
2932         if (h->scsi_rejects.ncompletions == 0)
2933                 return h->access.command_completed(h);
2934         else {
2935                 struct sendcmd_reject_list *srl;
2936                 int n;
2937                 srl = &h->scsi_rejects;
2938                 n = --srl->ncompletions;
2939                 /* printk("cciss%d: processing saved reject\n", h->ctlr); */
2940                 printk("p");
2941                 return srl->complete[n];
2942         }
2943 #else
2944         return h->access.command_completed(h);
2945 #endif
2946 }
2947
2948 static inline int interrupt_pending(ctlr_info_t *h)
2949 {
2950 #ifdef CONFIG_CISS_SCSI_TAPE
2951         return (h->access.intr_pending(h)
2952                 || (h->scsi_rejects.ncompletions > 0));
2953 #else
2954         return h->access.intr_pending(h);
2955 #endif
2956 }
2957
2958 static inline long interrupt_not_for_us(ctlr_info_t *h)
2959 {
2960 #ifdef CONFIG_CISS_SCSI_TAPE
2961         return (((h->access.intr_pending(h) == 0) ||
2962                  (h->interrupts_enabled == 0))
2963                 && (h->scsi_rejects.ncompletions == 0));
2964 #else
2965         return (((h->access.intr_pending(h) == 0) ||
2966                  (h->interrupts_enabled == 0)));
2967 #endif
2968 }
2969
2970 static irqreturn_t do_cciss_intr(int irq, void *dev_id)
2971 {
2972         ctlr_info_t *h = dev_id;
2973         CommandList_struct *c;
2974         unsigned long flags;
2975         __u32 a, a1, a2;
2976
2977         if (interrupt_not_for_us(h))
2978                 return IRQ_NONE;
2979         /*
2980          * If there are completed commands in the completion queue,
2981          * we had better do something about it.
2982          */
2983         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2984         while (interrupt_pending(h)) {
2985                 while ((a = get_next_completion(h)) != FIFO_EMPTY) {
2986                         a1 = a;
2987                         if ((a & 0x04)) {
2988                                 a2 = (a >> 3);
2989                                 if (a2 >= h->nr_cmds) {
2990                                         printk(KERN_WARNING
2991                                                "cciss: controller cciss%d failed, stopping.\n",
2992                                                h->ctlr);
2993                                         fail_all_cmds(h->ctlr);
2994                                         return IRQ_HANDLED;
2995                                 }
2996
2997                                 c = h->cmd_pool + a2;
2998                                 a = c->busaddr;
2999
3000                         } else {
3001                                 struct hlist_node *tmp;
3002
3003                                 a &= ~3;
3004                                 c = NULL;
3005                                 hlist_for_each_entry(c, tmp, &h->cmpQ, list) {
3006                                         if (c->busaddr == a)
3007                                                 break;
3008                                 }
3009                         }
3010                         /*
3011                          * If we've found the command, take it off the
3012                          * completion Q and free it
3013                          */
3014                         if (c && c->busaddr == a) {
3015                                 removeQ(c);
3016                                 if (c->cmd_type == CMD_RWREQ) {
3017                                         complete_command(h, c, 0);
3018                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
3019                                         complete(c->waiting);
3020                                 }
3021 #                               ifdef CONFIG_CISS_SCSI_TAPE
3022                                 else if (c->cmd_type == CMD_SCSI)
3023                                         complete_scsi_command(c, 0, a1);
3024 #                               endif
3025                                 continue;
3026                         }
3027                 }
3028         }
3029
3030         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
3031         return IRQ_HANDLED;
3032 }
3033
3034 static int scan_thread(void *data)
3035 {
3036         ctlr_info_t *h = data;
3037         int rc;
3038         DECLARE_COMPLETION_ONSTACK(wait);
3039         h->rescan_wait = &wait;
3040
3041         for (;;) {
3042                 rc = wait_for_completion_interruptible(&wait);
3043                 if (kthread_should_stop())
3044                         break;
3045                 if (!rc)
3046                         rebuild_lun_table(h, 0);
3047         }
3048         return 0;
3049 }
3050
3051 static int check_for_unit_attention(ctlr_info_t *h, CommandList_struct *c)
3052 {
3053         if (c->err_info->SenseInfo[2] != UNIT_ATTENTION)
3054                 return 0;
3055
3056         switch (c->err_info->SenseInfo[12]) {
3057         case STATE_CHANGED:
3058                 printk(KERN_WARNING "cciss%d: a state change "
3059                         "detected, command retried\n", h->ctlr);
3060                 return 1;
3061         break;
3062         case LUN_FAILED:
3063                 printk(KERN_WARNING "cciss%d: LUN failure "
3064                         "detected, action required\n", h->ctlr);
3065                 return 1;
3066         break;
3067         case REPORT_LUNS_CHANGED:
3068                 printk(KERN_WARNING "cciss%d: report LUN data "
3069                         "changed\n", h->ctlr);
3070                 if (h->rescan_wait)
3071                         complete(h->rescan_wait);
3072                 return 1;
3073         break;
3074         case POWER_OR_RESET:
3075                 printk(KERN_WARNING "cciss%d: a power on "
3076                         "or device reset detected\n", h->ctlr);
3077                 return 1;
3078         break;
3079         case UNIT_ATTENTION_CLEARED:
3080                 printk(KERN_WARNING "cciss%d: unit attention "
3081                     "cleared by another initiator\n", h->ctlr);
3082                 return 1;
3083         break;
3084         default:
3085                 printk(KERN_WARNING "cciss%d: unknown "
3086                         "unit attention detected\n", h->ctlr);
3087                                 return 1;
3088         }
3089 }
3090
3091 /*
3092  *  We cannot read the structure directly, for portability we must use
3093  *   the io functions.
3094  *   This is for debug only.
3095  */
3096 #ifdef CCISS_DEBUG
3097 static void print_cfg_table(CfgTable_struct *tb)
3098 {
3099         int i;
3100         char temp_name[17];
3101
3102         printk("Controller Configuration information\n");
3103         printk("------------------------------------\n");
3104         for (i = 0; i < 4; i++)
3105                 temp_name[i] = readb(&(tb->Signature[i]));
3106         temp_name[4] = '\0';
3107         printk("   Signature = %s\n", temp_name);
3108         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
3109         printk("   Transport methods supported = 0x%x\n",
3110                readl(&(tb->TransportSupport)));
3111         printk("   Transport methods active = 0x%x\n",
3112                readl(&(tb->TransportActive)));
3113         printk("   Requested transport Method = 0x%x\n",
3114                readl(&(tb->HostWrite.TransportRequest)));
3115         printk("   Coalesce Interrupt Delay = 0x%x\n",
3116                readl(&(tb->HostWrite.CoalIntDelay)));
3117         printk("   Coalesce Interrupt Count = 0x%x\n",
3118                readl(&(tb->HostWrite.CoalIntCount)));
3119         printk("   Max outstanding commands = 0x%d\n",
3120                readl(&(tb->CmdsOutMax)));
3121         printk("   Bus Types = 0x%x\n", readl(&(tb->BusTypes)));
3122         for (i = 0; i < 16; i++)
3123                 temp_name[i] = readb(&(tb->ServerName[i]));
3124         temp_name[16] = '\0';
3125         printk("   Server Name = %s\n", temp_name);
3126         printk("   Heartbeat Counter = 0x%x\n\n\n", readl(&(tb->HeartBeat)));
3127 }
3128 #endif                          /* CCISS_DEBUG */
3129
3130 static int find_PCI_BAR_index(struct pci_dev *pdev, unsigned long pci_bar_addr)
3131 {
3132         int i, offset, mem_type, bar_type;
3133         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
3134                 return 0;
3135         offset = 0;
3136         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3137                 bar_type = pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE;
3138                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
3139                         offset += 4;
3140                 else {
3141                         mem_type = pci_resource_flags(pdev, i) &
3142                             PCI_BASE_ADDRESS_MEM_TYPE_MASK;
3143                         switch (mem_type) {
3144                         case PCI_BASE_ADDRESS_MEM_TYPE_32:
3145                         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
3146                                 offset += 4;    /* 32 bit */
3147                                 break;
3148                         case PCI_BASE_ADDRESS_MEM_TYPE_64:
3149                                 offset += 8;
3150                                 break;
3151                         default:        /* reserved in PCI 2.2 */
3152                                 printk(KERN_WARNING
3153                                        "Base address is invalid\n");
3154                                 return -1;
3155                                 break;
3156                         }
3157                 }
3158                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
3159                         return i + 1;
3160         }
3161         return -1;
3162 }
3163
3164 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
3165  * controllers that are capable. If not, we use IO-APIC mode.
3166  */
3167
3168 static void __devinit cciss_interrupt_mode(ctlr_info_t *c,
3169                                            struct pci_dev *pdev, __u32 board_id)
3170 {
3171 #ifdef CONFIG_PCI_MSI
3172         int err;
3173         struct msix_entry cciss_msix_entries[4] = { {0, 0}, {0, 1},
3174         {0, 2}, {0, 3}
3175         };
3176
3177         /* Some boards advertise MSI but don't really support it */
3178         if ((board_id == 0x40700E11) ||
3179             (board_id == 0x40800E11) ||
3180             (board_id == 0x40820E11) || (board_id == 0x40830E11))
3181                 goto default_int_mode;
3182
3183         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
3184                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
3185                 if (!err) {
3186                         c->intr[0] = cciss_msix_entries[0].vector;
3187                         c->intr[1] = cciss_msix_entries[1].vector;
3188                         c->intr[2] = cciss_msix_entries[2].vector;
3189                         c->intr[3] = cciss_msix_entries[3].vector;
3190                         c->msix_vector = 1;
3191                         return;
3192                 }
3193                 if (err > 0) {
3194                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
3195                                "available\n", err);
3196                         goto default_int_mode;
3197                 } else {
3198                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
3199                                err);
3200                         goto default_int_mode;
3201                 }
3202         }
3203         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
3204                 if (!pci_enable_msi(pdev)) {
3205                         c->msi_vector = 1;
3206                 } else {
3207                         printk(KERN_WARNING "cciss: MSI init failed\n");
3208                 }
3209         }
3210 default_int_mode:
3211 #endif                          /* CONFIG_PCI_MSI */
3212         /* if we get here we're going to use the default interrupt mode */
3213         c->intr[SIMPLE_MODE_INT] = pdev->irq;
3214         return;
3215 }
3216
3217 static int __devinit cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
3218 {
3219         ushort subsystem_vendor_id, subsystem_device_id, command;
3220         __u32 board_id, scratchpad = 0;
3221         __u64 cfg_offset;
3222         __u32 cfg_base_addr;
3223         __u64 cfg_base_addr_index;
3224         int i, err;
3225
3226         /* check to see if controller has been disabled */
3227         /* BEFORE trying to enable it */
3228         (void)pci_read_config_word(pdev, PCI_COMMAND, &command);
3229         if (!(command & 0x02)) {
3230                 printk(KERN_WARNING
3231                        "cciss: controller appears to be disabled\n");
3232                 return -ENODEV;
3233         }
3234
3235         err = pci_enable_device(pdev);
3236         if (err) {
3237                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
3238                 return err;
3239         }
3240
3241         err = pci_request_regions(pdev, "cciss");
3242         if (err) {
3243                 printk(KERN_ERR "cciss: Cannot obtain PCI resources, "
3244                        "aborting\n");
3245                 return err;
3246         }
3247
3248         subsystem_vendor_id = pdev->subsystem_vendor;
3249         subsystem_device_id = pdev->subsystem_device;
3250         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
3251                     subsystem_vendor_id);
3252
3253 #ifdef CCISS_DEBUG
3254         printk("command = %x\n", command);
3255         printk("irq = %x\n", pdev->irq);
3256         printk("board_id = %x\n", board_id);
3257 #endif                          /* CCISS_DEBUG */
3258
3259 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
3260  * else we use the IO-APIC interrupt assigned to us by system ROM.
3261  */
3262         cciss_interrupt_mode(c, pdev, board_id);
3263
3264         /* find the memory BAR */
3265         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3266                 if (pci_resource_flags(pdev, i) & IORESOURCE_MEM)
3267                         break;
3268         }
3269         if (i == DEVICE_COUNT_RESOURCE) {
3270                 printk(KERN_WARNING "cciss: No memory BAR found\n");
3271                 err = -ENODEV;
3272                 goto err_out_free_res;
3273         }
3274
3275         c->paddr = pci_resource_start(pdev, i); /* addressing mode bits
3276                                                  * already removed
3277                                                  */
3278
3279 #ifdef CCISS_DEBUG
3280         printk("address 0 = %lx\n", c->paddr);
3281 #endif                          /* CCISS_DEBUG */
3282         c->vaddr = remap_pci_mem(c->paddr, 0x250);
3283
3284         /* Wait for the board to become ready.  (PCI hotplug needs this.)
3285          * We poll for up to 120 secs, once per 100ms. */
3286         for (i = 0; i < 1200; i++) {
3287                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
3288                 if (scratchpad == CCISS_FIRMWARE_READY)
3289                         break;
3290                 set_current_state(TASK_INTERRUPTIBLE);
3291                 schedule_timeout(HZ / 10);      /* wait 100ms */
3292         }
3293         if (scratchpad != CCISS_FIRMWARE_READY) {
3294                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
3295                 err = -ENODEV;
3296                 goto err_out_free_res;
3297         }
3298
3299         /* get the address index number */
3300         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
3301         cfg_base_addr &= (__u32) 0x0000ffff;
3302 #ifdef CCISS_DEBUG
3303         printk("cfg base address = %x\n", cfg_base_addr);
3304 #endif                          /* CCISS_DEBUG */
3305         cfg_base_addr_index = find_PCI_BAR_index(pdev, cfg_base_addr);
3306 #ifdef CCISS_DEBUG
3307         printk("cfg base address index = %llx\n",
3308                 (unsigned long long)cfg_base_addr_index);
3309 #endif                          /* CCISS_DEBUG */
3310         if (cfg_base_addr_index == -1) {
3311                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
3312                 err = -ENODEV;
3313                 goto err_out_free_res;
3314         }
3315
3316         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
3317 #ifdef CCISS_DEBUG
3318         printk("cfg offset = %llx\n", (unsigned long long)cfg_offset);
3319 #endif                          /* CCISS_DEBUG */
3320         c->cfgtable = remap_pci_mem(pci_resource_start(pdev,
3321                                                        cfg_base_addr_index) +
3322                                     cfg_offset, sizeof(CfgTable_struct));
3323         c->board_id = board_id;
3324
3325 #ifdef CCISS_DEBUG
3326         print_cfg_table(c->cfgtable);
3327 #endif                          /* CCISS_DEBUG */
3328
3329         /* Some controllers support Zero Memory Raid (ZMR).
3330          * When configured in ZMR mode the number of supported
3331          * commands drops to 64. So instead of just setting an
3332          * arbitrary value we make the driver a little smarter.
3333          * We read the config table to tell us how many commands
3334          * are supported on the controller then subtract 4 to
3335          * leave a little room for ioctl calls.
3336          */
3337         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3338         for (i = 0; i < ARRAY_SIZE(products); i++) {
3339                 if (board_id == products[i].board_id) {
3340                         c->product_name = products[i].product_name;
3341                         c->access = *(products[i].access);
3342                         c->nr_cmds = c->max_commands - 4;
3343                         break;
3344                 }
3345         }
3346         if ((readb(&c->cfgtable->Signature[0]) != 'C') ||
3347             (readb(&c->cfgtable->Signature[1]) != 'I') ||
3348             (readb(&c->cfgtable->Signature[2]) != 'S') ||
3349             (readb(&c->cfgtable->Signature[3]) != 'S')) {
3350                 printk("Does not appear to be a valid CISS config table\n");
3351                 err = -ENODEV;
3352                 goto err_out_free_res;
3353         }
3354         /* We didn't find the controller in our list. We know the
3355          * signature is valid. If it's an HP device let's try to
3356          * bind to the device and fire it up. Otherwise we bail.
3357          */
3358         if (i == ARRAY_SIZE(products)) {
3359                 if (subsystem_vendor_id == PCI_VENDOR_ID_HP) {
3360                         c->product_name = products[i-1].product_name;
3361                         c->access = *(products[i-1].access);
3362                         c->nr_cmds = c->max_commands - 4;
3363                         printk(KERN_WARNING "cciss: This is an unknown "
3364                                 "Smart Array controller.\n"
3365                                 "cciss: Please update to the latest driver "
3366                                 "available from www.hp.com.\n");
3367                 } else {
3368                         printk(KERN_WARNING "cciss: Sorry, I don't know how"
3369                                 " to access the Smart Array controller %08lx\n"
3370                                         , (unsigned long)board_id);
3371                         err = -ENODEV;
3372                         goto err_out_free_res;
3373                 }
3374         }
3375 #ifdef CONFIG_X86
3376         {
3377                 /* Need to enable prefetch in the SCSI core for 6400 in x86 */
3378                 __u32 prefetch;
3379                 prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
3380                 prefetch |= 0x100;
3381                 writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
3382         }
3383 #endif
3384
3385         /* Disabling DMA prefetch and refetch for the P600.
3386          * An ASIC bug may result in accesses to invalid memory addresses.
3387          * We've disabled prefetch for some time now. Testing with XEN
3388          * kernels revealed a bug in the refetch if dom0 resides on a P600.
3389          */
3390         if(board_id == 0x3225103C) {
3391                 __u32 dma_prefetch;
3392                 __u32 dma_refetch;
3393                 dma_prefetch = readl(c->vaddr + I2O_DMA1_CFG);
3394                 dma_prefetch |= 0x8000;
3395                 writel(dma_prefetch, c->vaddr + I2O_DMA1_CFG);
3396                 pci_read_config_dword(pdev, PCI_COMMAND_PARITY, &dma_refetch);
3397                 dma_refetch |= 0x1;
3398                 pci_write_config_dword(pdev, PCI_COMMAND_PARITY, dma_refetch);
3399         }
3400
3401 #ifdef CCISS_DEBUG
3402         printk("Trying to put board into Simple mode\n");
3403 #endif                          /* CCISS_DEBUG */
3404         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3405         /* Update the field, and then ring the doorbell */
3406         writel(CFGTBL_Trans_Simple, &(c->cfgtable->HostWrite.TransportRequest));
3407         writel(CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
3408
3409         /* under certain very rare conditions, this can take awhile.
3410          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
3411          * as we enter this code.) */
3412         for (i = 0; i < MAX_CONFIG_WAIT; i++) {
3413                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
3414                         break;
3415                 /* delay and try again */
3416                 set_current_state(TASK_INTERRUPTIBLE);
3417                 schedule_timeout(10);
3418         }
3419
3420 #ifdef CCISS_DEBUG
3421         printk(KERN_DEBUG "I counter got to %d %x\n", i,
3422                readl(c->vaddr + SA5_DOORBELL));
3423 #endif                          /* CCISS_DEBUG */
3424 #ifdef CCISS_DEBUG
3425         print_cfg_table(c->cfgtable);
3426 #endif                          /* CCISS_DEBUG */
3427
3428         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple)) {
3429                 printk(KERN_WARNING "cciss: unable to get board into"
3430                        " simple mode\n");
3431                 err = -ENODEV;
3432                 goto err_out_free_res;
3433         }
3434         return 0;
3435
3436 err_out_free_res:
3437         /*
3438          * Deliberately omit pci_disable_device(): it does something nasty to
3439          * Smart Array controllers that pci_enable_device does not undo
3440          */
3441         pci_release_regions(pdev);
3442         return err;
3443 }
3444
3445 /* Function to find the first free pointer into our hba[] array
3446  * Returns -1 if no free entries are left.
3447  */
3448 static int alloc_cciss_hba(void)
3449 {
3450         int i;
3451
3452         for (i = 0; i < MAX_CTLR; i++) {
3453                 if (!hba[i]) {
3454                         ctlr_info_t *p;
3455
3456                         p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3457                         if (!p)
3458                                 goto Enomem;
3459                         hba[i] = p;
3460                         return i;
3461                 }
3462         }
3463         printk(KERN_WARNING "cciss: This driver supports a maximum"
3464                " of %d controllers.\n", MAX_CTLR);
3465         return -1;
3466 Enomem:
3467         printk(KERN_ERR "cciss: out of memory.\n");
3468         return -1;
3469 }
3470
3471 static void free_hba(int i)
3472 {
3473         ctlr_info_t *p = hba[i];
3474         int n;
3475
3476         hba[i] = NULL;
3477         for (n = 0; n < CISS_MAX_LUN; n++)
3478                 put_disk(p->gendisk[n]);
3479         kfree(p);
3480 }
3481
3482 /* Send a message CDB to the firmware. */
3483 static __devinit int cciss_message(struct pci_dev *pdev, unsigned char opcode, unsigned char type)
3484 {
3485         typedef struct {
3486                 CommandListHeader_struct CommandHeader;
3487                 RequestBlock_struct Request;
3488                 ErrDescriptor_struct ErrorDescriptor;
3489         } Command;
3490         static const size_t cmd_sz = sizeof(Command) + sizeof(ErrorInfo_struct);
3491         Command *cmd;
3492         dma_addr_t paddr64;
3493         uint32_t paddr32, tag;
3494         void __iomem *vaddr;
3495         int i, err;
3496
3497         vaddr = ioremap_nocache(pci_resource_start(pdev, 0), pci_resource_len(pdev, 0));
3498         if (vaddr == NULL)
3499                 return -ENOMEM;
3500
3501         /* The Inbound Post Queue only accepts 32-bit physical addresses for the
3502            CCISS commands, so they must be allocated from the lower 4GiB of
3503            memory. */
3504         err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32));
3505         if (err) {
3506                 iounmap(vaddr);
3507                 return -ENOMEM;
3508         }
3509
3510         cmd = pci_alloc_consistent(pdev, cmd_sz, &paddr64);
3511         if (cmd == NULL) {
3512                 iounmap(vaddr);
3513                 return -ENOMEM;
3514         }
3515
3516         /* This must fit, because of the 32-bit consistent DMA mask.  Also,
3517            although there's no guarantee, we assume that the address is at
3518            least 4-byte aligned (most likely, it's page-aligned). */
3519         paddr32 = paddr64;
3520
3521         cmd->CommandHeader.ReplyQueue = 0;
3522         cmd->CommandHeader.SGList = 0;
3523         cmd->CommandHeader.SGTotal = 0;
3524         cmd->CommandHeader.Tag.lower = paddr32;
3525         cmd->CommandHeader.Tag.upper = 0;
3526         memset(&cmd->CommandHeader.LUN.LunAddrBytes, 0, 8);
3527
3528         cmd->Request.CDBLen = 16;
3529         cmd->Request.Type.Type = TYPE_MSG;
3530         cmd->Request.Type.Attribute = ATTR_HEADOFQUEUE;
3531         cmd->Request.Type.Direction = XFER_NONE;
3532         cmd->Request.Timeout = 0; /* Don't time out */
3533         cmd->Request.CDB[0] = opcode;
3534         cmd->Request.CDB[1] = type;
3535         memset(&cmd->Request.CDB[2], 0, 14); /* the rest of the CDB is reserved */
3536
3537         cmd->ErrorDescriptor.Addr.lower = paddr32 + sizeof(Command);
3538         cmd->ErrorDescriptor.Addr.upper = 0;
3539         cmd->ErrorDescriptor.Len = sizeof(ErrorInfo_struct);
3540
3541         writel(paddr32, vaddr + SA5_REQUEST_PORT_OFFSET);
3542
3543         for (i = 0; i < 10; i++) {
3544                 tag = readl(vaddr + SA5_REPLY_PORT_OFFSET);
3545                 if ((tag & ~3) == paddr32)
3546                         break;
3547                 schedule_timeout_uninterruptible(HZ);
3548         }
3549
3550         iounmap(vaddr);
3551
3552         /* we leak the DMA buffer here ... no choice since the controller could
3553            still complete the command. */
3554         if (i == 10) {
3555                 printk(KERN_ERR "cciss: controller message %02x:%02x timed out\n",
3556                         opcode, type);
3557                 return -ETIMEDOUT;
3558         }
3559
3560         pci_free_consistent(pdev, cmd_sz, cmd, paddr64);
3561
3562         if (tag & 2) {
3563                 printk(KERN_ERR "cciss: controller message %02x:%02x failed\n",
3564                         opcode, type);
3565                 return -EIO;
3566         }
3567
3568         printk(KERN_INFO "cciss: controller message %02x:%02x succeeded\n",
3569                 opcode, type);
3570         return 0;
3571 }
3572
3573 #define cciss_soft_reset_controller(p) cciss_message(p, 1, 0)
3574 #define cciss_noop(p) cciss_message(p, 3, 0)
3575
3576 static __devinit int cciss_reset_msi(struct pci_dev *pdev)
3577 {
3578 /* the #defines are stolen from drivers/pci/msi.h. */
3579 #define msi_control_reg(base)           (base + PCI_MSI_FLAGS)
3580 #define PCI_MSIX_FLAGS_ENABLE           (1 << 15)
3581
3582         int pos;
3583         u16 control = 0;
3584
3585         pos = pci_find_capability(pdev, PCI_CAP_ID_MSI);
3586         if (pos) {
3587                 pci_read_config_word(pdev, msi_control_reg(pos), &control);
3588                 if (control & PCI_MSI_FLAGS_ENABLE) {
3589                         printk(KERN_INFO "cciss: resetting MSI\n");
3590                         pci_write_config_word(pdev, msi_control_reg(pos), control & ~PCI_MSI_FLAGS_ENABLE);
3591                 }
3592         }
3593
3594         pos = pci_find_capability(pdev, PCI_CAP_ID_MSIX);
3595         if (pos) {
3596                 pci_read_config_word(pdev, msi_control_reg(pos), &control);
3597                 if (control & PCI_MSIX_FLAGS_ENABLE) {
3598                         printk(KERN_INFO "cciss: resetting MSI-X\n");
3599                         pci_write_config_word(pdev, msi_control_reg(pos), control & ~PCI_MSIX_FLAGS_ENABLE);
3600                 }
3601         }
3602
3603         return 0;
3604 }
3605
3606 /* This does a hard reset of the controller using PCI power management
3607  * states. */
3608 static __devinit int cciss_hard_reset_controller(struct pci_dev *pdev)
3609 {
3610         u16 pmcsr, saved_config_space[32];
3611         int i, pos;
3612
3613         printk(KERN_INFO "cciss: using PCI PM to reset controller\n");
3614
3615         /* This is very nearly the same thing as
3616
3617            pci_save_state(pci_dev);
3618            pci_set_power_state(pci_dev, PCI_D3hot);
3619            pci_set_power_state(pci_dev, PCI_D0);
3620            pci_restore_state(pci_dev);
3621
3622            but we can't use these nice canned kernel routines on
3623            kexec, because they also check the MSI/MSI-X state in PCI
3624            configuration space and do the wrong thing when it is
3625            set/cleared.  Also, the pci_save/restore_state functions
3626            violate the ordering requirements for restoring the
3627            configuration space from the CCISS document (see the
3628            comment below).  So we roll our own .... */
3629
3630         for (i = 0; i < 32; i++)
3631                 pci_read_config_word(pdev, 2*i, &saved_config_space[i]);
3632
3633         pos = pci_find_capability(pdev, PCI_CAP_ID_PM);
3634         if (pos == 0) {
3635                 printk(KERN_ERR "cciss_reset_controller: PCI PM not supported\n");
3636                 return -ENODEV;
3637         }
3638
3639         /* Quoting from the Open CISS Specification: "The Power
3640          * Management Control/Status Register (CSR) controls the power
3641          * state of the device.  The normal operating state is D0,
3642          * CSR=00h.  The software off state is D3, CSR=03h.  To reset
3643          * the controller, place the interface device in D3 then to
3644          * D0, this causes a secondary PCI reset which will reset the
3645          * controller." */
3646
3647         /* enter the D3hot power management state */
3648         pci_read_config_word(pdev, pos + PCI_PM_CTRL, &pmcsr);
3649         pmcsr &= ~PCI_PM_CTRL_STATE_MASK;
3650         pmcsr |= PCI_D3hot;
3651         pci_write_config_word(pdev, pos + PCI_PM_CTRL, pmcsr);
3652
3653         schedule_timeout_uninterruptible(HZ >> 1);
3654
3655         /* enter the D0 power management state */
3656         pmcsr &= ~PCI_PM_CTRL_STATE_MASK;
3657         pmcsr |= PCI_D0;
3658         pci_write_config_word(pdev, pos + PCI_PM_CTRL, pmcsr);
3659
3660         schedule_timeout_uninterruptible(HZ >> 1);
3661
3662         /* Restore the PCI configuration space.  The Open CISS
3663          * Specification says, "Restore the PCI Configuration
3664          * Registers, offsets 00h through 60h. It is important to
3665          * restore the command register, 16-bits at offset 04h,
3666          * last. Do not restore the configuration status register,
3667          * 16-bits at offset 06h."  Note that the offset is 2*i. */
3668         for (i = 0; i < 32; i++) {
3669                 if (i == 2 || i == 3)
3670                         continue;
3671                 pci_write_config_word(pdev, 2*i, saved_config_space[i]);
3672         }
3673         wmb();
3674         pci_write_config_word(pdev, 4, saved_config_space[2]);
3675
3676         return 0;
3677 }
3678
3679 /*
3680  *  This is it.  Find all the controllers and register them.  I really hate
3681  *  stealing all these major device numbers.
3682  *  returns the number of block devices registered.
3683  */
3684 static int __devinit cciss_init_one(struct pci_dev *pdev,
3685                                     const struct pci_device_id *ent)
3686 {
3687         int i;
3688         int j = 0;
3689         int rc;
3690         int dac, return_code;
3691         InquiryData_struct *inq_buff = NULL;
3692
3693         if (reset_devices) {
3694                 /* Reset the controller with a PCI power-cycle */
3695                 if (cciss_hard_reset_controller(pdev) || cciss_reset_msi(pdev))
3696                         return -ENODEV;
3697
3698                 /* Now try to get the controller to respond to a no-op. Some
3699                    devices (notably the HP Smart Array 5i Controller) need
3700                    up to 30 seconds to respond. */
3701                 for (i=0; i<30; i++) {
3702                         if (cciss_noop(pdev) == 0)
3703                                 break;
3704
3705                         schedule_timeout_uninterruptible(HZ);
3706                 }
3707                 if (i == 30) {
3708                         printk(KERN_ERR "cciss: controller seems dead\n");
3709                         return -EBUSY;
3710                 }
3711         }
3712
3713         i = alloc_cciss_hba();
3714         if (i < 0)
3715                 return -1;
3716
3717         hba[i]->busy_initializing = 1;
3718         INIT_HLIST_HEAD(&hba[i]->cmpQ);
3719         INIT_HLIST_HEAD(&hba[i]->reqQ);
3720
3721         if (cciss_pci_init(hba[i], pdev) != 0)
3722                 goto clean1;
3723
3724         sprintf(hba[i]->devname, "cciss%d", i);
3725         hba[i]->ctlr = i;
3726         hba[i]->pdev = pdev;
3727
3728         /* configure PCI DMA stuff */
3729         if (!pci_set_dma_mask(pdev, DMA_BIT_MASK(64)))
3730                 dac = 1;
3731         else if (!pci_set_dma_mask(pdev, DMA_BIT_MASK(32)))
3732                 dac = 0;
3733         else {
3734                 printk(KERN_ERR "cciss: no suitable DMA available\n");
3735                 goto clean1;
3736         }
3737
3738         /*
3739          * register with the major number, or get a dynamic major number
3740          * by passing 0 as argument.  This is done for greater than
3741          * 8 controller support.
3742          */
3743         if (i < MAX_CTLR_ORIG)
3744                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
3745         rc = register_blkdev(hba[i]->major, hba[i]->devname);
3746         if (rc == -EBUSY || rc == -EINVAL) {
3747                 printk(KERN_ERR
3748                        "cciss:  Unable to get major number %d for %s "
3749                        "on hba %d\n", hba[i]->major, hba[i]->devname, i);
3750                 goto clean1;
3751         } else {
3752                 if (i >= MAX_CTLR_ORIG)
3753                         hba[i]->major = rc;
3754         }
3755
3756         /* make sure the board interrupts are off */
3757         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
3758         if (request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
3759                         IRQF_DISABLED | IRQF_SHARED, hba[i]->devname, hba[i])) {
3760                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
3761                        hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
3762                 goto clean2;
3763         }
3764
3765         printk(KERN_INFO "%s: <0x%x> at PCI %s IRQ %d%s using DAC\n",
3766                hba[i]->devname, pdev->device, pci_name(pdev),
3767                hba[i]->intr[SIMPLE_MODE_INT], dac ? "" : " not");
3768
3769         hba[i]->cmd_pool_bits =
3770             kmalloc(DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3771                         * sizeof(unsigned long), GFP_KERNEL);
3772         hba[i]->cmd_pool = (CommandList_struct *)
3773             pci_alloc_consistent(hba[i]->pdev,
3774                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3775                     &(hba[i]->cmd_pool_dhandle));
3776         hba[i]->errinfo_pool = (ErrorInfo_struct *)
3777             pci_alloc_consistent(hba[i]->pdev,
3778                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3779                     &(hba[i]->errinfo_pool_dhandle));
3780         if ((hba[i]->cmd_pool_bits == NULL)
3781             || (hba[i]->cmd_pool == NULL)
3782             || (hba[i]->errinfo_pool == NULL)) {
3783                 printk(KERN_ERR "cciss: out of memory");
3784                 goto clean4;
3785         }
3786 #ifdef CONFIG_CISS_SCSI_TAPE
3787         hba[i]->scsi_rejects.complete =
3788             kmalloc(sizeof(hba[i]->scsi_rejects.complete[0]) *
3789                     (hba[i]->nr_cmds + 5), GFP_KERNEL);
3790         if (hba[i]->scsi_rejects.complete == NULL) {
3791                 printk(KERN_ERR "cciss: out of memory");
3792                 goto clean4;
3793         }
3794 #endif
3795         spin_lock_init(&hba[i]->lock);
3796
3797         /* Initialize the pdev driver private data.
3798            have it point to hba[i].  */
3799         pci_set_drvdata(pdev, hba[i]);
3800         /* command and error info recs zeroed out before
3801            they are used */
3802         memset(hba[i]->cmd_pool_bits, 0,
3803                DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3804                         * sizeof(unsigned long));
3805
3806         hba[i]->num_luns = 0;
3807         hba[i]->highest_lun = -1;
3808         for (j = 0; j < CISS_MAX_LUN; j++) {
3809                 hba[i]->drv[j].raid_level = -1;
3810                 hba[i]->drv[j].queue = NULL;
3811                 hba[i]->gendisk[j] = NULL;
3812         }
3813
3814         cciss_scsi_setup(i);
3815
3816         /* Turn the interrupts on so we can service requests */
3817         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
3818
3819         /* Get the firmware version */
3820         inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
3821         if (inq_buff == NULL) {
3822                 printk(KERN_ERR "cciss: out of memory\n");
3823                 goto clean4;
3824         }
3825
3826         return_code = sendcmd_withirq(CISS_INQUIRY, i, inq_buff,
3827                 sizeof(InquiryData_struct), 0, 0 , 0, TYPE_CMD);
3828         if (return_code == IO_OK) {
3829                 hba[i]->firm_ver[0] = inq_buff->data_byte[32];
3830                 hba[i]->firm_ver[1] = inq_buff->data_byte[33];
3831                 hba[i]->firm_ver[2] = inq_buff->data_byte[34];
3832                 hba[i]->firm_ver[3] = inq_buff->data_byte[35];
3833         } else {         /* send command failed */
3834                 printk(KERN_WARNING "cciss: unable to determine firmware"
3835                         " version of controller\n");
3836         }
3837
3838         cciss_procinit(i);
3839
3840         hba[i]->cciss_max_sectors = 2048;
3841
3842         hba[i]->busy_initializing = 0;
3843
3844         rebuild_lun_table(hba[i], 1);
3845         hba[i]->cciss_scan_thread = kthread_run(scan_thread, hba[i],
3846                                 "cciss_scan%02d", i);
3847         if (IS_ERR(hba[i]->cciss_scan_thread))
3848                 return PTR_ERR(hba[i]->cciss_scan_thread);
3849
3850         return 1;
3851
3852 clean4:
3853         kfree(inq_buff);
3854 #ifdef CONFIG_CISS_SCSI_TAPE
3855         kfree(hba[i]->scsi_rejects.complete);
3856 #endif
3857         kfree(hba[i]->cmd_pool_bits);
3858         if (hba[i]->cmd_pool)
3859                 pci_free_consistent(hba[i]->pdev,
3860                                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3861                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3862         if (hba[i]->errinfo_pool)
3863                 pci_free_consistent(hba[i]->pdev,
3864                                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3865                                     hba[i]->errinfo_pool,
3866                                     hba[i]->errinfo_pool_dhandle);
3867         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
3868 clean2:
3869         unregister_blkdev(hba[i]->major, hba[i]->devname);
3870 clean1:
3871         hba[i]->busy_initializing = 0;
3872         /* cleanup any queues that may have been initialized */
3873         for (j=0; j <= hba[i]->highest_lun; j++){
3874                 drive_info_struct *drv = &(hba[i]->drv[j]);
3875                 if (drv->queue)
3876                         blk_cleanup_queue(drv->queue);
3877         }
3878         /*
3879          * Deliberately omit pci_disable_device(): it does something nasty to
3880          * Smart Array controllers that pci_enable_device does not undo
3881          */
3882         pci_release_regions(pdev);
3883         pci_set_drvdata(pdev, NULL);
3884         free_hba(i);
3885         return -1;
3886 }
3887
3888 static void cciss_shutdown(struct pci_dev *pdev)
3889 {
3890         ctlr_info_t *tmp_ptr;
3891         int i;
3892         char flush_buf[4];
3893         int return_code;
3894
3895         tmp_ptr = pci_get_drvdata(pdev);
3896         if (tmp_ptr == NULL)
3897                 return;
3898         i = tmp_ptr->ctlr;
3899         if (hba[i] == NULL)
3900                 return;
3901
3902         /* Turn board interrupts off  and send the flush cache command */
3903         /* sendcmd will turn off interrupt, and send the flush...
3904          * To write all data in the battery backed cache to disks */
3905         memset(flush_buf, 0, 4);
3906         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0, 0, 0, NULL,
3907                               TYPE_CMD);
3908         if (return_code == IO_OK) {
3909                 printk(KERN_INFO "Completed flushing cache on controller %d\n", i);
3910         } else {
3911                 printk(KERN_WARNING "Error flushing cache on controller %d\n", i);
3912         }
3913         free_irq(hba[i]->intr[2], hba[i]);
3914 }
3915
3916 static void __devexit cciss_remove_one(struct pci_dev *pdev)
3917 {
3918         ctlr_info_t *tmp_ptr;
3919         int i, j;
3920
3921         if (pci_get_drvdata(pdev) == NULL) {
3922                 printk(KERN_ERR "cciss: Unable to remove device \n");
3923                 return;
3924         }
3925
3926         tmp_ptr = pci_get_drvdata(pdev);
3927         i = tmp_ptr->ctlr;
3928         if (hba[i] == NULL) {
3929                 printk(KERN_ERR "cciss: device appears to "
3930                        "already be removed \n");
3931                 return;
3932         }
3933
3934         kthread_stop(hba[i]->cciss_scan_thread);
3935
3936         remove_proc_entry(hba[i]->devname, proc_cciss);
3937         unregister_blkdev(hba[i]->major, hba[i]->devname);
3938
3939         /* remove it from the disk list */
3940         for (j = 0; j < CISS_MAX_LUN; j++) {
3941                 struct gendisk *disk = hba[i]->gendisk[j];
3942                 if (disk) {
3943                         struct request_queue *q = disk->queue;
3944
3945                         if (disk->flags & GENHD_FL_UP)
3946                                 del_gendisk(disk);
3947                         if (q)
3948                                 blk_cleanup_queue(q);
3949                 }
3950         }
3951
3952 #ifdef CONFIG_CISS_SCSI_TAPE
3953         cciss_unregister_scsi(i);       /* unhook from SCSI subsystem */
3954 #endif
3955
3956         cciss_shutdown(pdev);
3957
3958 #ifdef CONFIG_PCI_MSI
3959         if (hba[i]->msix_vector)
3960                 pci_disable_msix(hba[i]->pdev);
3961         else if (hba[i]->msi_vector)
3962                 pci_disable_msi(hba[i]->pdev);
3963 #endif                          /* CONFIG_PCI_MSI */
3964
3965         iounmap(hba[i]->vaddr);
3966
3967         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(CommandList_struct),
3968                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3969         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3970                             hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
3971         kfree(hba[i]->cmd_pool_bits);
3972 #ifdef CONFIG_CISS_SCSI_TAPE
3973         kfree(hba[i]->scsi_rejects.complete);
3974 #endif
3975         /*
3976          * Deliberately omit pci_disable_device(): it does something nasty to
3977          * Smart Array controllers that pci_enable_device does not undo
3978          */
3979         pci_release_regions(pdev);
3980         pci_set_drvdata(pdev, NULL);
3981         free_hba(i);
3982 }
3983
3984 static struct pci_driver cciss_pci_driver = {
3985         .name = "cciss",
3986         .probe = cciss_init_one,
3987         .remove = __devexit_p(cciss_remove_one),
3988         .id_table = cciss_pci_device_id,        /* id_table */
3989         .shutdown = cciss_shutdown,
3990 };
3991
3992 /*
3993  *  This is it.  Register the PCI driver information for the cards we control
3994  *  the OS will call our registered routines when it finds one of our cards.
3995  */
3996 static int __init cciss_init(void)
3997 {
3998         /*
3999          * The hardware requires that commands are aligned on a 64-bit
4000          * boundary. Given that we use pci_alloc_consistent() to allocate an
4001          * array of them, the size must be a multiple of 8 bytes.
4002          */
4003         BUILD_BUG_ON(sizeof(CommandList_struct) % 8);
4004
4005         printk(KERN_INFO DRIVER_NAME "\n");
4006
4007         /* Register for our PCI devices */
4008         return pci_register_driver(&cciss_pci_driver);
4009 }
4010
4011 static void __exit cciss_cleanup(void)
4012 {
4013         int i;
4014
4015         pci_unregister_driver(&cciss_pci_driver);
4016         /* double check that all controller entrys have been removed */
4017         for (i = 0; i < MAX_CTLR; i++) {
4018                 if (hba[i] != NULL) {
4019                         printk(KERN_WARNING "cciss: had to remove"
4020                                " controller %d\n", i);
4021                         cciss_remove_one(hba[i]->pdev);
4022                 }
4023         }
4024         remove_proc_entry("driver/cciss", NULL);
4025 }
4026
4027 static void fail_all_cmds(unsigned long ctlr)
4028 {
4029         /* If we get here, the board is apparently dead. */
4030         ctlr_info_t *h = hba[ctlr];
4031         CommandList_struct *c;
4032         unsigned long flags;
4033
4034         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
4035         h->alive = 0;           /* the controller apparently died... */
4036
4037         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
4038
4039         pci_disable_device(h->pdev);    /* Make sure it is really dead. */
4040
4041         /* move everything off the request queue onto the completed queue */
4042         while (!hlist_empty(&h->reqQ)) {
4043                 c = hlist_entry(h->reqQ.first, CommandList_struct, list);
4044                 removeQ(c);
4045                 h->Qdepth--;
4046                 addQ(&h->cmpQ, c);
4047         }
4048
4049         /* Now, fail everything on the completed queue with a HW error */
4050         while (!hlist_empty(&h->cmpQ)) {
4051                 c = hlist_entry(h->cmpQ.first, CommandList_struct, list);
4052                 removeQ(c);
4053                 c->err_info->CommandStatus = CMD_HARDWARE_ERR;
4054                 if (c->cmd_type == CMD_RWREQ) {
4055                         complete_command(h, c, 0);
4056                 } else if (c->cmd_type == CMD_IOCTL_PEND)
4057                         complete(c->waiting);
4058 #ifdef CONFIG_CISS_SCSI_TAPE
4059                 else if (c->cmd_type == CMD_SCSI)
4060                         complete_scsi_command(c, 0, 0);
4061 #endif
4062         }
4063         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
4064         return;
4065 }
4066
4067 module_init(cciss_init);
4068 module_exit(cciss_cleanup);