HP iLO driver
[linux-2.6] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP Smart Array controllers.
3  *    (C) Copyright 2000, 2007 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; version 2 of the License.
8  *
9  *    This program is distributed in the hope that it will be useful,
10  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
11  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  *    General Public License for more details.
13  *
14  *    You should have received a copy of the GNU General Public License
15  *    along with this program; if not, write to the Free Software
16  *    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17  *    02111-1307, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/module.h>
24 #include <linux/interrupt.h>
25 #include <linux/types.h>
26 #include <linux/pci.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/delay.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/bio.h>
33 #include <linux/blkpg.h>
34 #include <linux/timer.h>
35 #include <linux/proc_fs.h>
36 #include <linux/seq_file.h>
37 #include <linux/init.h>
38 #include <linux/hdreg.h>
39 #include <linux/spinlock.h>
40 #include <linux/compat.h>
41 #include <linux/blktrace_api.h>
42 #include <asm/uaccess.h>
43 #include <asm/io.h>
44
45 #include <linux/dma-mapping.h>
46 #include <linux/blkdev.h>
47 #include <linux/genhd.h>
48 #include <linux/completion.h>
49 #include <scsi/scsi.h>
50 #include <scsi/sg.h>
51 #include <scsi/scsi_ioctl.h>
52 #include <linux/cdrom.h>
53 #include <linux/scatterlist.h>
54
55 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
56 #define DRIVER_NAME "HP CISS Driver (v 3.6.20)"
57 #define DRIVER_VERSION CCISS_DRIVER_VERSION(3, 6, 20)
58
59 /* Embedded module documentation macros - see modules.h */
60 MODULE_AUTHOR("Hewlett-Packard Company");
61 MODULE_DESCRIPTION("Driver for HP Smart Array Controllers");
62 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
63                         " SA6i P600 P800 P400 P400i E200 E200i E500 P700m"
64                         " Smart Array G2 Series SAS/SATA Controllers");
65 MODULE_VERSION("3.6.20");
66 MODULE_LICENSE("GPL");
67
68 #include "cciss_cmd.h"
69 #include "cciss.h"
70 #include <linux/cciss_ioctl.h>
71
72 /* define the PCI info for the cards we can control */
73 static const struct pci_device_id cciss_pci_device_id[] = {
74         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,  0x0E11, 0x4070},
75         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4080},
76         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4082},
77         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4083},
78         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x4091},
79         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409A},
80         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409B},
81         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409C},
82         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409D},
83         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSA,     0x103C, 0x3225},
84         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3223},
85         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3234},
86         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3235},
87         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3211},
88         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3212},
89         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3213},
90         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3214},
91         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3215},
92         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3237},
93         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x323D},
94         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3241},
95         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3243},
96         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3245},
97         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3247},
98         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3249},
99         {PCI_VENDOR_ID_HP,     PCI_ANY_ID,      PCI_ANY_ID, PCI_ANY_ID,
100                 PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
101         {0,}
102 };
103
104 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
105
106 /*  board_id = Subsystem Device ID & Vendor ID
107  *  product = Marketing Name for the board
108  *  access = Address of the struct of function pointers
109  */
110 static struct board_type products[] = {
111         {0x40700E11, "Smart Array 5300", &SA5_access},
112         {0x40800E11, "Smart Array 5i", &SA5B_access},
113         {0x40820E11, "Smart Array 532", &SA5B_access},
114         {0x40830E11, "Smart Array 5312", &SA5B_access},
115         {0x409A0E11, "Smart Array 641", &SA5_access},
116         {0x409B0E11, "Smart Array 642", &SA5_access},
117         {0x409C0E11, "Smart Array 6400", &SA5_access},
118         {0x409D0E11, "Smart Array 6400 EM", &SA5_access},
119         {0x40910E11, "Smart Array 6i", &SA5_access},
120         {0x3225103C, "Smart Array P600", &SA5_access},
121         {0x3223103C, "Smart Array P800", &SA5_access},
122         {0x3234103C, "Smart Array P400", &SA5_access},
123         {0x3235103C, "Smart Array P400i", &SA5_access},
124         {0x3211103C, "Smart Array E200i", &SA5_access},
125         {0x3212103C, "Smart Array E200", &SA5_access},
126         {0x3213103C, "Smart Array E200i", &SA5_access},
127         {0x3214103C, "Smart Array E200i", &SA5_access},
128         {0x3215103C, "Smart Array E200i", &SA5_access},
129         {0x3237103C, "Smart Array E500", &SA5_access},
130         {0x323D103C, "Smart Array P700m", &SA5_access},
131         {0x3241103C, "Smart Array P212", &SA5_access},
132         {0x3243103C, "Smart Array P410", &SA5_access},
133         {0x3245103C, "Smart Array P410i", &SA5_access},
134         {0x3247103C, "Smart Array P411", &SA5_access},
135         {0x3249103C, "Smart Array P812", &SA5_access},
136         {0xFFFF103C, "Unknown Smart Array", &SA5_access},
137 };
138
139 /* How long to wait (in milliseconds) for board to go into simple mode */
140 #define MAX_CONFIG_WAIT 30000
141 #define MAX_IOCTL_CONFIG_WAIT 1000
142
143 /*define how many times we will try a command because of bus resets */
144 #define MAX_CMD_RETRIES 3
145
146 #define MAX_CTLR        32
147
148 /* Originally cciss driver only supports 8 major numbers */
149 #define MAX_CTLR_ORIG   8
150
151 static ctlr_info_t *hba[MAX_CTLR];
152
153 static void do_cciss_request(struct request_queue *q);
154 static irqreturn_t do_cciss_intr(int irq, void *dev_id);
155 static int cciss_open(struct inode *inode, struct file *filep);
156 static int cciss_release(struct inode *inode, struct file *filep);
157 static int cciss_ioctl(struct inode *inode, struct file *filep,
158                        unsigned int cmd, unsigned long arg);
159 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
160
161 static int cciss_revalidate(struct gendisk *disk);
162 static int rebuild_lun_table(ctlr_info_t *h, struct gendisk *del_disk);
163 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
164                            int clear_all);
165
166 static void cciss_read_capacity(int ctlr, int logvol, int withirq,
167                         sector_t *total_size, unsigned int *block_size);
168 static void cciss_read_capacity_16(int ctlr, int logvol, int withirq,
169                         sector_t *total_size, unsigned int *block_size);
170 static void cciss_geometry_inquiry(int ctlr, int logvol,
171                         int withirq, sector_t total_size,
172                         unsigned int block_size, InquiryData_struct *inq_buff,
173                                    drive_info_struct *drv);
174 static void cciss_getgeometry(int cntl_num);
175 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *,
176                                            __u32);
177 static void start_io(ctlr_info_t *h);
178 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
179                    unsigned int use_unit_num, unsigned int log_unit,
180                    __u8 page_code, unsigned char *scsi3addr, int cmd_type);
181 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
182                            unsigned int use_unit_num, unsigned int log_unit,
183                            __u8 page_code, int cmd_type);
184
185 static void fail_all_cmds(unsigned long ctlr);
186
187 #ifdef CONFIG_PROC_FS
188 static void cciss_procinit(int i);
189 #else
190 static void cciss_procinit(int i)
191 {
192 }
193 #endif                          /* CONFIG_PROC_FS */
194
195 #ifdef CONFIG_COMPAT
196 static long cciss_compat_ioctl(struct file *f, unsigned cmd, unsigned long arg);
197 #endif
198
199 static struct block_device_operations cciss_fops = {
200         .owner = THIS_MODULE,
201         .open = cciss_open,
202         .release = cciss_release,
203         .ioctl = cciss_ioctl,
204         .getgeo = cciss_getgeo,
205 #ifdef CONFIG_COMPAT
206         .compat_ioctl = cciss_compat_ioctl,
207 #endif
208         .revalidate_disk = cciss_revalidate,
209 };
210
211 /*
212  * Enqueuing and dequeuing functions for cmdlists.
213  */
214 static inline void addQ(CommandList_struct **Qptr, CommandList_struct *c)
215 {
216         if (*Qptr == NULL) {
217                 *Qptr = c;
218                 c->next = c->prev = c;
219         } else {
220                 c->prev = (*Qptr)->prev;
221                 c->next = (*Qptr);
222                 (*Qptr)->prev->next = c;
223                 (*Qptr)->prev = c;
224         }
225 }
226
227 static inline CommandList_struct *removeQ(CommandList_struct **Qptr,
228                                           CommandList_struct *c)
229 {
230         if (c && c->next != c) {
231                 if (*Qptr == c)
232                         *Qptr = c->next;
233                 c->prev->next = c->next;
234                 c->next->prev = c->prev;
235         } else {
236                 *Qptr = NULL;
237         }
238         return c;
239 }
240
241 #include "cciss_scsi.c"         /* For SCSI tape support */
242
243 #define RAID_UNKNOWN 6
244
245 #ifdef CONFIG_PROC_FS
246
247 /*
248  * Report information about this controller.
249  */
250 #define ENG_GIG 1000000000
251 #define ENG_GIG_FACTOR (ENG_GIG/512)
252 #define ENGAGE_SCSI     "engage scsi"
253 static const char *raid_label[] = { "0", "4", "1(1+0)", "5", "5+1", "ADG",
254         "UNKNOWN"
255 };
256
257 static struct proc_dir_entry *proc_cciss;
258
259 static void cciss_seq_show_header(struct seq_file *seq)
260 {
261         ctlr_info_t *h = seq->private;
262
263         seq_printf(seq, "%s: HP %s Controller\n"
264                 "Board ID: 0x%08lx\n"
265                 "Firmware Version: %c%c%c%c\n"
266                 "IRQ: %d\n"
267                 "Logical drives: %d\n"
268                 "Current Q depth: %d\n"
269                 "Current # commands on controller: %d\n"
270                 "Max Q depth since init: %d\n"
271                 "Max # commands on controller since init: %d\n"
272                 "Max SG entries since init: %d\n",
273                 h->devname,
274                 h->product_name,
275                 (unsigned long)h->board_id,
276                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2],
277                 h->firm_ver[3], (unsigned int)h->intr[SIMPLE_MODE_INT],
278                 h->num_luns,
279                 h->Qdepth, h->commands_outstanding,
280                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
281
282 #ifdef CONFIG_CISS_SCSI_TAPE
283         cciss_seq_tape_report(seq, h->ctlr);
284 #endif /* CONFIG_CISS_SCSI_TAPE */
285 }
286
287 static void *cciss_seq_start(struct seq_file *seq, loff_t *pos)
288 {
289         ctlr_info_t *h = seq->private;
290         unsigned ctlr = h->ctlr;
291         unsigned long flags;
292
293         /* prevent displaying bogus info during configuration
294          * or deconfiguration of a logical volume
295          */
296         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
297         if (h->busy_configuring) {
298                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
299                 return ERR_PTR(-EBUSY);
300         }
301         h->busy_configuring = 1;
302         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
303
304         if (*pos == 0)
305                 cciss_seq_show_header(seq);
306
307         return pos;
308 }
309
310 static int cciss_seq_show(struct seq_file *seq, void *v)
311 {
312         sector_t vol_sz, vol_sz_frac;
313         ctlr_info_t *h = seq->private;
314         unsigned ctlr = h->ctlr;
315         loff_t *pos = v;
316         drive_info_struct *drv = &h->drv[*pos];
317
318         if (*pos > h->highest_lun)
319                 return 0;
320
321         if (drv->heads == 0)
322                 return 0;
323
324         vol_sz = drv->nr_blocks;
325         vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
326         vol_sz_frac *= 100;
327         sector_div(vol_sz_frac, ENG_GIG_FACTOR);
328
329         if (drv->raid_level > 5)
330                 drv->raid_level = RAID_UNKNOWN;
331         seq_printf(seq, "cciss/c%dd%d:"
332                         "\t%4u.%02uGB\tRAID %s\n",
333                         ctlr, (int) *pos, (int)vol_sz, (int)vol_sz_frac,
334                         raid_label[drv->raid_level]);
335         return 0;
336 }
337
338 static void *cciss_seq_next(struct seq_file *seq, void *v, loff_t *pos)
339 {
340         ctlr_info_t *h = seq->private;
341
342         if (*pos > h->highest_lun)
343                 return NULL;
344         *pos += 1;
345
346         return pos;
347 }
348
349 static void cciss_seq_stop(struct seq_file *seq, void *v)
350 {
351         ctlr_info_t *h = seq->private;
352
353         /* Only reset h->busy_configuring if we succeeded in setting
354          * it during cciss_seq_start. */
355         if (v == ERR_PTR(-EBUSY))
356                 return;
357
358         h->busy_configuring = 0;
359 }
360
361 static struct seq_operations cciss_seq_ops = {
362         .start = cciss_seq_start,
363         .show  = cciss_seq_show,
364         .next  = cciss_seq_next,
365         .stop  = cciss_seq_stop,
366 };
367
368 static int cciss_seq_open(struct inode *inode, struct file *file)
369 {
370         int ret = seq_open(file, &cciss_seq_ops);
371         struct seq_file *seq = file->private_data;
372
373         if (!ret)
374                 seq->private = PDE(inode)->data;
375
376         return ret;
377 }
378
379 static ssize_t
380 cciss_proc_write(struct file *file, const char __user *buf,
381                  size_t length, loff_t *ppos)
382 {
383         int err;
384         char *buffer;
385
386 #ifndef CONFIG_CISS_SCSI_TAPE
387         return -EINVAL;
388 #endif
389
390         if (!buf || length > PAGE_SIZE - 1)
391                 return -EINVAL;
392
393         buffer = (char *)__get_free_page(GFP_KERNEL);
394         if (!buffer)
395                 return -ENOMEM;
396
397         err = -EFAULT;
398         if (copy_from_user(buffer, buf, length))
399                 goto out;
400         buffer[length] = '\0';
401
402 #ifdef CONFIG_CISS_SCSI_TAPE
403         if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) {
404                 struct seq_file *seq = file->private_data;
405                 ctlr_info_t *h = seq->private;
406                 int rc;
407
408                 rc = cciss_engage_scsi(h->ctlr);
409                 if (rc != 0)
410                         err = -rc;
411                 else
412                         err = length;
413         } else
414 #endif /* CONFIG_CISS_SCSI_TAPE */
415                 err = -EINVAL;
416         /* might be nice to have "disengage" too, but it's not
417            safely possible. (only 1 module use count, lock issues.) */
418
419 out:
420         free_page((unsigned long)buffer);
421         return err;
422 }
423
424 static struct file_operations cciss_proc_fops = {
425         .owner   = THIS_MODULE,
426         .open    = cciss_seq_open,
427         .read    = seq_read,
428         .llseek  = seq_lseek,
429         .release = seq_release,
430         .write   = cciss_proc_write,
431 };
432
433 static void __devinit cciss_procinit(int i)
434 {
435         struct proc_dir_entry *pde;
436
437         if (proc_cciss == NULL)
438                 proc_cciss = proc_mkdir("driver/cciss", NULL);
439         if (!proc_cciss)
440                 return;
441         pde = proc_create_data(hba[i]->devname, S_IWUSR | S_IRUSR | S_IRGRP |
442                                         S_IROTH, proc_cciss,
443                                         &cciss_proc_fops, hba[i]);
444 }
445 #endif                          /* CONFIG_PROC_FS */
446
447 /*
448  * For operations that cannot sleep, a command block is allocated at init,
449  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
450  * which ones are free or in use.  For operations that can wait for kmalloc
451  * to possible sleep, this routine can be called with get_from_pool set to 0.
452  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was.
453  */
454 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool)
455 {
456         CommandList_struct *c;
457         int i;
458         u64bit temp64;
459         dma_addr_t cmd_dma_handle, err_dma_handle;
460
461         if (!get_from_pool) {
462                 c = (CommandList_struct *) pci_alloc_consistent(h->pdev,
463                         sizeof(CommandList_struct), &cmd_dma_handle);
464                 if (c == NULL)
465                         return NULL;
466                 memset(c, 0, sizeof(CommandList_struct));
467
468                 c->cmdindex = -1;
469
470                 c->err_info = (ErrorInfo_struct *)
471                     pci_alloc_consistent(h->pdev, sizeof(ErrorInfo_struct),
472                             &err_dma_handle);
473
474                 if (c->err_info == NULL) {
475                         pci_free_consistent(h->pdev,
476                                 sizeof(CommandList_struct), c, cmd_dma_handle);
477                         return NULL;
478                 }
479                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
480         } else {                /* get it out of the controllers pool */
481
482                 do {
483                         i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
484                         if (i == h->nr_cmds)
485                                 return NULL;
486                 } while (test_and_set_bit
487                          (i & (BITS_PER_LONG - 1),
488                           h->cmd_pool_bits + (i / BITS_PER_LONG)) != 0);
489 #ifdef CCISS_DEBUG
490                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
491 #endif
492                 c = h->cmd_pool + i;
493                 memset(c, 0, sizeof(CommandList_struct));
494                 cmd_dma_handle = h->cmd_pool_dhandle
495                     + i * sizeof(CommandList_struct);
496                 c->err_info = h->errinfo_pool + i;
497                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
498                 err_dma_handle = h->errinfo_pool_dhandle
499                     + i * sizeof(ErrorInfo_struct);
500                 h->nr_allocs++;
501
502                 c->cmdindex = i;
503         }
504
505         c->busaddr = (__u32) cmd_dma_handle;
506         temp64.val = (__u64) err_dma_handle;
507         c->ErrDesc.Addr.lower = temp64.val32.lower;
508         c->ErrDesc.Addr.upper = temp64.val32.upper;
509         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
510
511         c->ctlr = h->ctlr;
512         return c;
513 }
514
515 /*
516  * Frees a command block that was previously allocated with cmd_alloc().
517  */
518 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
519 {
520         int i;
521         u64bit temp64;
522
523         if (!got_from_pool) {
524                 temp64.val32.lower = c->ErrDesc.Addr.lower;
525                 temp64.val32.upper = c->ErrDesc.Addr.upper;
526                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct),
527                                     c->err_info, (dma_addr_t) temp64.val);
528                 pci_free_consistent(h->pdev, sizeof(CommandList_struct),
529                                     c, (dma_addr_t) c->busaddr);
530         } else {
531                 i = c - h->cmd_pool;
532                 clear_bit(i & (BITS_PER_LONG - 1),
533                           h->cmd_pool_bits + (i / BITS_PER_LONG));
534                 h->nr_frees++;
535         }
536 }
537
538 static inline ctlr_info_t *get_host(struct gendisk *disk)
539 {
540         return disk->queue->queuedata;
541 }
542
543 static inline drive_info_struct *get_drv(struct gendisk *disk)
544 {
545         return disk->private_data;
546 }
547
548 /*
549  * Open.  Make sure the device is really there.
550  */
551 static int cciss_open(struct inode *inode, struct file *filep)
552 {
553         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
554         drive_info_struct *drv = get_drv(inode->i_bdev->bd_disk);
555
556 #ifdef CCISS_DEBUG
557         printk(KERN_DEBUG "cciss_open %s\n", inode->i_bdev->bd_disk->disk_name);
558 #endif                          /* CCISS_DEBUG */
559
560         if (host->busy_initializing || drv->busy_configuring)
561                 return -EBUSY;
562         /*
563          * Root is allowed to open raw volume zero even if it's not configured
564          * so array config can still work. Root is also allowed to open any
565          * volume that has a LUN ID, so it can issue IOCTL to reread the
566          * disk information.  I don't think I really like this
567          * but I'm already using way to many device nodes to claim another one
568          * for "raw controller".
569          */
570         if (drv->heads == 0) {
571                 if (iminor(inode) != 0) {       /* not node 0? */
572                         /* if not node 0 make sure it is a partition = 0 */
573                         if (iminor(inode) & 0x0f) {
574                                 return -ENXIO;
575                                 /* if it is, make sure we have a LUN ID */
576                         } else if (drv->LunID == 0) {
577                                 return -ENXIO;
578                         }
579                 }
580                 if (!capable(CAP_SYS_ADMIN))
581                         return -EPERM;
582         }
583         drv->usage_count++;
584         host->usage_count++;
585         return 0;
586 }
587
588 /*
589  * Close.  Sync first.
590  */
591 static int cciss_release(struct inode *inode, struct file *filep)
592 {
593         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
594         drive_info_struct *drv = get_drv(inode->i_bdev->bd_disk);
595
596 #ifdef CCISS_DEBUG
597         printk(KERN_DEBUG "cciss_release %s\n",
598                inode->i_bdev->bd_disk->disk_name);
599 #endif                          /* CCISS_DEBUG */
600
601         drv->usage_count--;
602         host->usage_count--;
603         return 0;
604 }
605
606 #ifdef CONFIG_COMPAT
607
608 static int do_ioctl(struct file *f, unsigned cmd, unsigned long arg)
609 {
610         int ret;
611         lock_kernel();
612         ret = cciss_ioctl(f->f_path.dentry->d_inode, f, cmd, arg);
613         unlock_kernel();
614         return ret;
615 }
616
617 static int cciss_ioctl32_passthru(struct file *f, unsigned cmd,
618                                   unsigned long arg);
619 static int cciss_ioctl32_big_passthru(struct file *f, unsigned cmd,
620                                       unsigned long arg);
621
622 static long cciss_compat_ioctl(struct file *f, unsigned cmd, unsigned long arg)
623 {
624         switch (cmd) {
625         case CCISS_GETPCIINFO:
626         case CCISS_GETINTINFO:
627         case CCISS_SETINTINFO:
628         case CCISS_GETNODENAME:
629         case CCISS_SETNODENAME:
630         case CCISS_GETHEARTBEAT:
631         case CCISS_GETBUSTYPES:
632         case CCISS_GETFIRMVER:
633         case CCISS_GETDRIVVER:
634         case CCISS_REVALIDVOLS:
635         case CCISS_DEREGDISK:
636         case CCISS_REGNEWDISK:
637         case CCISS_REGNEWD:
638         case CCISS_RESCANDISK:
639         case CCISS_GETLUNINFO:
640                 return do_ioctl(f, cmd, arg);
641
642         case CCISS_PASSTHRU32:
643                 return cciss_ioctl32_passthru(f, cmd, arg);
644         case CCISS_BIG_PASSTHRU32:
645                 return cciss_ioctl32_big_passthru(f, cmd, arg);
646
647         default:
648                 return -ENOIOCTLCMD;
649         }
650 }
651
652 static int cciss_ioctl32_passthru(struct file *f, unsigned cmd,
653                                   unsigned long arg)
654 {
655         IOCTL32_Command_struct __user *arg32 =
656             (IOCTL32_Command_struct __user *) arg;
657         IOCTL_Command_struct arg64;
658         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
659         int err;
660         u32 cp;
661
662         err = 0;
663         err |=
664             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
665                            sizeof(arg64.LUN_info));
666         err |=
667             copy_from_user(&arg64.Request, &arg32->Request,
668                            sizeof(arg64.Request));
669         err |=
670             copy_from_user(&arg64.error_info, &arg32->error_info,
671                            sizeof(arg64.error_info));
672         err |= get_user(arg64.buf_size, &arg32->buf_size);
673         err |= get_user(cp, &arg32->buf);
674         arg64.buf = compat_ptr(cp);
675         err |= copy_to_user(p, &arg64, sizeof(arg64));
676
677         if (err)
678                 return -EFAULT;
679
680         err = do_ioctl(f, CCISS_PASSTHRU, (unsigned long)p);
681         if (err)
682                 return err;
683         err |=
684             copy_in_user(&arg32->error_info, &p->error_info,
685                          sizeof(arg32->error_info));
686         if (err)
687                 return -EFAULT;
688         return err;
689 }
690
691 static int cciss_ioctl32_big_passthru(struct file *file, unsigned cmd,
692                                       unsigned long arg)
693 {
694         BIG_IOCTL32_Command_struct __user *arg32 =
695             (BIG_IOCTL32_Command_struct __user *) arg;
696         BIG_IOCTL_Command_struct arg64;
697         BIG_IOCTL_Command_struct __user *p =
698             compat_alloc_user_space(sizeof(arg64));
699         int err;
700         u32 cp;
701
702         err = 0;
703         err |=
704             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
705                            sizeof(arg64.LUN_info));
706         err |=
707             copy_from_user(&arg64.Request, &arg32->Request,
708                            sizeof(arg64.Request));
709         err |=
710             copy_from_user(&arg64.error_info, &arg32->error_info,
711                            sizeof(arg64.error_info));
712         err |= get_user(arg64.buf_size, &arg32->buf_size);
713         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
714         err |= get_user(cp, &arg32->buf);
715         arg64.buf = compat_ptr(cp);
716         err |= copy_to_user(p, &arg64, sizeof(arg64));
717
718         if (err)
719                 return -EFAULT;
720
721         err = do_ioctl(file, CCISS_BIG_PASSTHRU, (unsigned long)p);
722         if (err)
723                 return err;
724         err |=
725             copy_in_user(&arg32->error_info, &p->error_info,
726                          sizeof(arg32->error_info));
727         if (err)
728                 return -EFAULT;
729         return err;
730 }
731 #endif
732
733 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
734 {
735         drive_info_struct *drv = get_drv(bdev->bd_disk);
736
737         if (!drv->cylinders)
738                 return -ENXIO;
739
740         geo->heads = drv->heads;
741         geo->sectors = drv->sectors;
742         geo->cylinders = drv->cylinders;
743         return 0;
744 }
745
746 /*
747  * ioctl
748  */
749 static int cciss_ioctl(struct inode *inode, struct file *filep,
750                        unsigned int cmd, unsigned long arg)
751 {
752         struct block_device *bdev = inode->i_bdev;
753         struct gendisk *disk = bdev->bd_disk;
754         ctlr_info_t *host = get_host(disk);
755         drive_info_struct *drv = get_drv(disk);
756         int ctlr = host->ctlr;
757         void __user *argp = (void __user *)arg;
758
759 #ifdef CCISS_DEBUG
760         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
761 #endif                          /* CCISS_DEBUG */
762
763         switch (cmd) {
764         case CCISS_GETPCIINFO:
765                 {
766                         cciss_pci_info_struct pciinfo;
767
768                         if (!arg)
769                                 return -EINVAL;
770                         pciinfo.domain = pci_domain_nr(host->pdev->bus);
771                         pciinfo.bus = host->pdev->bus->number;
772                         pciinfo.dev_fn = host->pdev->devfn;
773                         pciinfo.board_id = host->board_id;
774                         if (copy_to_user
775                             (argp, &pciinfo, sizeof(cciss_pci_info_struct)))
776                                 return -EFAULT;
777                         return 0;
778                 }
779         case CCISS_GETINTINFO:
780                 {
781                         cciss_coalint_struct intinfo;
782                         if (!arg)
783                                 return -EINVAL;
784                         intinfo.delay =
785                             readl(&host->cfgtable->HostWrite.CoalIntDelay);
786                         intinfo.count =
787                             readl(&host->cfgtable->HostWrite.CoalIntCount);
788                         if (copy_to_user
789                             (argp, &intinfo, sizeof(cciss_coalint_struct)))
790                                 return -EFAULT;
791                         return 0;
792                 }
793         case CCISS_SETINTINFO:
794                 {
795                         cciss_coalint_struct intinfo;
796                         unsigned long flags;
797                         int i;
798
799                         if (!arg)
800                                 return -EINVAL;
801                         if (!capable(CAP_SYS_ADMIN))
802                                 return -EPERM;
803                         if (copy_from_user
804                             (&intinfo, argp, sizeof(cciss_coalint_struct)))
805                                 return -EFAULT;
806                         if ((intinfo.delay == 0) && (intinfo.count == 0))
807                         {
808 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
809                                 return -EINVAL;
810                         }
811                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
812                         /* Update the field, and then ring the doorbell */
813                         writel(intinfo.delay,
814                                &(host->cfgtable->HostWrite.CoalIntDelay));
815                         writel(intinfo.count,
816                                &(host->cfgtable->HostWrite.CoalIntCount));
817                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
818
819                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
820                                 if (!(readl(host->vaddr + SA5_DOORBELL)
821                                       & CFGTBL_ChangeReq))
822                                         break;
823                                 /* delay and try again */
824                                 udelay(1000);
825                         }
826                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
827                         if (i >= MAX_IOCTL_CONFIG_WAIT)
828                                 return -EAGAIN;
829                         return 0;
830                 }
831         case CCISS_GETNODENAME:
832                 {
833                         NodeName_type NodeName;
834                         int i;
835
836                         if (!arg)
837                                 return -EINVAL;
838                         for (i = 0; i < 16; i++)
839                                 NodeName[i] =
840                                     readb(&host->cfgtable->ServerName[i]);
841                         if (copy_to_user(argp, NodeName, sizeof(NodeName_type)))
842                                 return -EFAULT;
843                         return 0;
844                 }
845         case CCISS_SETNODENAME:
846                 {
847                         NodeName_type NodeName;
848                         unsigned long flags;
849                         int i;
850
851                         if (!arg)
852                                 return -EINVAL;
853                         if (!capable(CAP_SYS_ADMIN))
854                                 return -EPERM;
855
856                         if (copy_from_user
857                             (NodeName, argp, sizeof(NodeName_type)))
858                                 return -EFAULT;
859
860                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
861
862                         /* Update the field, and then ring the doorbell */
863                         for (i = 0; i < 16; i++)
864                                 writeb(NodeName[i],
865                                        &host->cfgtable->ServerName[i]);
866
867                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
868
869                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
870                                 if (!(readl(host->vaddr + SA5_DOORBELL)
871                                       & CFGTBL_ChangeReq))
872                                         break;
873                                 /* delay and try again */
874                                 udelay(1000);
875                         }
876                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
877                         if (i >= MAX_IOCTL_CONFIG_WAIT)
878                                 return -EAGAIN;
879                         return 0;
880                 }
881
882         case CCISS_GETHEARTBEAT:
883                 {
884                         Heartbeat_type heartbeat;
885
886                         if (!arg)
887                                 return -EINVAL;
888                         heartbeat = readl(&host->cfgtable->HeartBeat);
889                         if (copy_to_user
890                             (argp, &heartbeat, sizeof(Heartbeat_type)))
891                                 return -EFAULT;
892                         return 0;
893                 }
894         case CCISS_GETBUSTYPES:
895                 {
896                         BusTypes_type BusTypes;
897
898                         if (!arg)
899                                 return -EINVAL;
900                         BusTypes = readl(&host->cfgtable->BusTypes);
901                         if (copy_to_user
902                             (argp, &BusTypes, sizeof(BusTypes_type)))
903                                 return -EFAULT;
904                         return 0;
905                 }
906         case CCISS_GETFIRMVER:
907                 {
908                         FirmwareVer_type firmware;
909
910                         if (!arg)
911                                 return -EINVAL;
912                         memcpy(firmware, host->firm_ver, 4);
913
914                         if (copy_to_user
915                             (argp, firmware, sizeof(FirmwareVer_type)))
916                                 return -EFAULT;
917                         return 0;
918                 }
919         case CCISS_GETDRIVVER:
920                 {
921                         DriverVer_type DriverVer = DRIVER_VERSION;
922
923                         if (!arg)
924                                 return -EINVAL;
925
926                         if (copy_to_user
927                             (argp, &DriverVer, sizeof(DriverVer_type)))
928                                 return -EFAULT;
929                         return 0;
930                 }
931
932         case CCISS_REVALIDVOLS:
933                 return rebuild_lun_table(host, NULL);
934
935         case CCISS_GETLUNINFO:{
936                         LogvolInfo_struct luninfo;
937
938                         luninfo.LunID = drv->LunID;
939                         luninfo.num_opens = drv->usage_count;
940                         luninfo.num_parts = 0;
941                         if (copy_to_user(argp, &luninfo,
942                                          sizeof(LogvolInfo_struct)))
943                                 return -EFAULT;
944                         return 0;
945                 }
946         case CCISS_DEREGDISK:
947                 return rebuild_lun_table(host, disk);
948
949         case CCISS_REGNEWD:
950                 return rebuild_lun_table(host, NULL);
951
952         case CCISS_PASSTHRU:
953                 {
954                         IOCTL_Command_struct iocommand;
955                         CommandList_struct *c;
956                         char *buff = NULL;
957                         u64bit temp64;
958                         unsigned long flags;
959                         DECLARE_COMPLETION_ONSTACK(wait);
960
961                         if (!arg)
962                                 return -EINVAL;
963
964                         if (!capable(CAP_SYS_RAWIO))
965                                 return -EPERM;
966
967                         if (copy_from_user
968                             (&iocommand, argp, sizeof(IOCTL_Command_struct)))
969                                 return -EFAULT;
970                         if ((iocommand.buf_size < 1) &&
971                             (iocommand.Request.Type.Direction != XFER_NONE)) {
972                                 return -EINVAL;
973                         }
974 #if 0                           /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
975                         /* Check kmalloc limits */
976                         if (iocommand.buf_size > 128000)
977                                 return -EINVAL;
978 #endif
979                         if (iocommand.buf_size > 0) {
980                                 buff = kmalloc(iocommand.buf_size, GFP_KERNEL);
981                                 if (buff == NULL)
982                                         return -EFAULT;
983                         }
984                         if (iocommand.Request.Type.Direction == XFER_WRITE) {
985                                 /* Copy the data into the buffer we created */
986                                 if (copy_from_user
987                                     (buff, iocommand.buf, iocommand.buf_size)) {
988                                         kfree(buff);
989                                         return -EFAULT;
990                                 }
991                         } else {
992                                 memset(buff, 0, iocommand.buf_size);
993                         }
994                         if ((c = cmd_alloc(host, 0)) == NULL) {
995                                 kfree(buff);
996                                 return -ENOMEM;
997                         }
998                         // Fill in the command type
999                         c->cmd_type = CMD_IOCTL_PEND;
1000                         // Fill in Command Header
1001                         c->Header.ReplyQueue = 0;       // unused in simple mode
1002                         if (iocommand.buf_size > 0)     // buffer to fill
1003                         {
1004                                 c->Header.SGList = 1;
1005                                 c->Header.SGTotal = 1;
1006                         } else  // no buffers to fill
1007                         {
1008                                 c->Header.SGList = 0;
1009                                 c->Header.SGTotal = 0;
1010                         }
1011                         c->Header.LUN = iocommand.LUN_info;
1012                         c->Header.Tag.lower = c->busaddr;       // use the kernel address the cmd block for tag
1013
1014                         // Fill in Request block
1015                         c->Request = iocommand.Request;
1016
1017                         // Fill in the scatter gather information
1018                         if (iocommand.buf_size > 0) {
1019                                 temp64.val = pci_map_single(host->pdev, buff,
1020                                         iocommand.buf_size,
1021                                         PCI_DMA_BIDIRECTIONAL);
1022                                 c->SG[0].Addr.lower = temp64.val32.lower;
1023                                 c->SG[0].Addr.upper = temp64.val32.upper;
1024                                 c->SG[0].Len = iocommand.buf_size;
1025                                 c->SG[0].Ext = 0;       // we are not chaining
1026                         }
1027                         c->waiting = &wait;
1028
1029                         /* Put the request on the tail of the request queue */
1030                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1031                         addQ(&host->reqQ, c);
1032                         host->Qdepth++;
1033                         start_io(host);
1034                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1035
1036                         wait_for_completion(&wait);
1037
1038                         /* unlock the buffers from DMA */
1039                         temp64.val32.lower = c->SG[0].Addr.lower;
1040                         temp64.val32.upper = c->SG[0].Addr.upper;
1041                         pci_unmap_single(host->pdev, (dma_addr_t) temp64.val,
1042                                          iocommand.buf_size,
1043                                          PCI_DMA_BIDIRECTIONAL);
1044
1045                         /* Copy the error information out */
1046                         iocommand.error_info = *(c->err_info);
1047                         if (copy_to_user
1048                             (argp, &iocommand, sizeof(IOCTL_Command_struct))) {
1049                                 kfree(buff);
1050                                 cmd_free(host, c, 0);
1051                                 return -EFAULT;
1052                         }
1053
1054                         if (iocommand.Request.Type.Direction == XFER_READ) {
1055                                 /* Copy the data out of the buffer we created */
1056                                 if (copy_to_user
1057                                     (iocommand.buf, buff, iocommand.buf_size)) {
1058                                         kfree(buff);
1059                                         cmd_free(host, c, 0);
1060                                         return -EFAULT;
1061                                 }
1062                         }
1063                         kfree(buff);
1064                         cmd_free(host, c, 0);
1065                         return 0;
1066                 }
1067         case CCISS_BIG_PASSTHRU:{
1068                         BIG_IOCTL_Command_struct *ioc;
1069                         CommandList_struct *c;
1070                         unsigned char **buff = NULL;
1071                         int *buff_size = NULL;
1072                         u64bit temp64;
1073                         unsigned long flags;
1074                         BYTE sg_used = 0;
1075                         int status = 0;
1076                         int i;
1077                         DECLARE_COMPLETION_ONSTACK(wait);
1078                         __u32 left;
1079                         __u32 sz;
1080                         BYTE __user *data_ptr;
1081
1082                         if (!arg)
1083                                 return -EINVAL;
1084                         if (!capable(CAP_SYS_RAWIO))
1085                                 return -EPERM;
1086                         ioc = (BIG_IOCTL_Command_struct *)
1087                             kmalloc(sizeof(*ioc), GFP_KERNEL);
1088                         if (!ioc) {
1089                                 status = -ENOMEM;
1090                                 goto cleanup1;
1091                         }
1092                         if (copy_from_user(ioc, argp, sizeof(*ioc))) {
1093                                 status = -EFAULT;
1094                                 goto cleanup1;
1095                         }
1096                         if ((ioc->buf_size < 1) &&
1097                             (ioc->Request.Type.Direction != XFER_NONE)) {
1098                                 status = -EINVAL;
1099                                 goto cleanup1;
1100                         }
1101                         /* Check kmalloc limits  using all SGs */
1102                         if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
1103                                 status = -EINVAL;
1104                                 goto cleanup1;
1105                         }
1106                         if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
1107                                 status = -EINVAL;
1108                                 goto cleanup1;
1109                         }
1110                         buff =
1111                             kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
1112                         if (!buff) {
1113                                 status = -ENOMEM;
1114                                 goto cleanup1;
1115                         }
1116                         buff_size = kmalloc(MAXSGENTRIES * sizeof(int),
1117                                                    GFP_KERNEL);
1118                         if (!buff_size) {
1119                                 status = -ENOMEM;
1120                                 goto cleanup1;
1121                         }
1122                         left = ioc->buf_size;
1123                         data_ptr = ioc->buf;
1124                         while (left) {
1125                                 sz = (left >
1126                                       ioc->malloc_size) ? ioc->
1127                                     malloc_size : left;
1128                                 buff_size[sg_used] = sz;
1129                                 buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1130                                 if (buff[sg_used] == NULL) {
1131                                         status = -ENOMEM;
1132                                         goto cleanup1;
1133                                 }
1134                                 if (ioc->Request.Type.Direction == XFER_WRITE) {
1135                                         if (copy_from_user
1136                                             (buff[sg_used], data_ptr, sz)) {
1137                                                 status = -ENOMEM;
1138                                                 goto cleanup1;
1139                                         }
1140                                 } else {
1141                                         memset(buff[sg_used], 0, sz);
1142                                 }
1143                                 left -= sz;
1144                                 data_ptr += sz;
1145                                 sg_used++;
1146                         }
1147                         if ((c = cmd_alloc(host, 0)) == NULL) {
1148                                 status = -ENOMEM;
1149                                 goto cleanup1;
1150                         }
1151                         c->cmd_type = CMD_IOCTL_PEND;
1152                         c->Header.ReplyQueue = 0;
1153
1154                         if (ioc->buf_size > 0) {
1155                                 c->Header.SGList = sg_used;
1156                                 c->Header.SGTotal = sg_used;
1157                         } else {
1158                                 c->Header.SGList = 0;
1159                                 c->Header.SGTotal = 0;
1160                         }
1161                         c->Header.LUN = ioc->LUN_info;
1162                         c->Header.Tag.lower = c->busaddr;
1163
1164                         c->Request = ioc->Request;
1165                         if (ioc->buf_size > 0) {
1166                                 int i;
1167                                 for (i = 0; i < sg_used; i++) {
1168                                         temp64.val =
1169                                             pci_map_single(host->pdev, buff[i],
1170                                                     buff_size[i],
1171                                                     PCI_DMA_BIDIRECTIONAL);
1172                                         c->SG[i].Addr.lower =
1173                                             temp64.val32.lower;
1174                                         c->SG[i].Addr.upper =
1175                                             temp64.val32.upper;
1176                                         c->SG[i].Len = buff_size[i];
1177                                         c->SG[i].Ext = 0;       /* we are not chaining */
1178                                 }
1179                         }
1180                         c->waiting = &wait;
1181                         /* Put the request on the tail of the request queue */
1182                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1183                         addQ(&host->reqQ, c);
1184                         host->Qdepth++;
1185                         start_io(host);
1186                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1187                         wait_for_completion(&wait);
1188                         /* unlock the buffers from DMA */
1189                         for (i = 0; i < sg_used; i++) {
1190                                 temp64.val32.lower = c->SG[i].Addr.lower;
1191                                 temp64.val32.upper = c->SG[i].Addr.upper;
1192                                 pci_unmap_single(host->pdev,
1193                                         (dma_addr_t) temp64.val, buff_size[i],
1194                                         PCI_DMA_BIDIRECTIONAL);
1195                         }
1196                         /* Copy the error information out */
1197                         ioc->error_info = *(c->err_info);
1198                         if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1199                                 cmd_free(host, c, 0);
1200                                 status = -EFAULT;
1201                                 goto cleanup1;
1202                         }
1203                         if (ioc->Request.Type.Direction == XFER_READ) {
1204                                 /* Copy the data out of the buffer we created */
1205                                 BYTE __user *ptr = ioc->buf;
1206                                 for (i = 0; i < sg_used; i++) {
1207                                         if (copy_to_user
1208                                             (ptr, buff[i], buff_size[i])) {
1209                                                 cmd_free(host, c, 0);
1210                                                 status = -EFAULT;
1211                                                 goto cleanup1;
1212                                         }
1213                                         ptr += buff_size[i];
1214                                 }
1215                         }
1216                         cmd_free(host, c, 0);
1217                         status = 0;
1218                       cleanup1:
1219                         if (buff) {
1220                                 for (i = 0; i < sg_used; i++)
1221                                         kfree(buff[i]);
1222                                 kfree(buff);
1223                         }
1224                         kfree(buff_size);
1225                         kfree(ioc);
1226                         return status;
1227                 }
1228
1229         /* scsi_cmd_ioctl handles these, below, though some are not */
1230         /* very meaningful for cciss.  SG_IO is the main one people want. */
1231
1232         case SG_GET_VERSION_NUM:
1233         case SG_SET_TIMEOUT:
1234         case SG_GET_TIMEOUT:
1235         case SG_GET_RESERVED_SIZE:
1236         case SG_SET_RESERVED_SIZE:
1237         case SG_EMULATED_HOST:
1238         case SG_IO:
1239         case SCSI_IOCTL_SEND_COMMAND:
1240                 return scsi_cmd_ioctl(filep, disk->queue, disk, cmd, argp);
1241
1242         /* scsi_cmd_ioctl would normally handle these, below, but */
1243         /* they aren't a good fit for cciss, as CD-ROMs are */
1244         /* not supported, and we don't have any bus/target/lun */
1245         /* which we present to the kernel. */
1246
1247         case CDROM_SEND_PACKET:
1248         case CDROMCLOSETRAY:
1249         case CDROMEJECT:
1250         case SCSI_IOCTL_GET_IDLUN:
1251         case SCSI_IOCTL_GET_BUS_NUMBER:
1252         default:
1253                 return -ENOTTY;
1254         }
1255 }
1256
1257 static void cciss_check_queues(ctlr_info_t *h)
1258 {
1259         int start_queue = h->next_to_run;
1260         int i;
1261
1262         /* check to see if we have maxed out the number of commands that can
1263          * be placed on the queue.  If so then exit.  We do this check here
1264          * in case the interrupt we serviced was from an ioctl and did not
1265          * free any new commands.
1266          */
1267         if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds)
1268                 return;
1269
1270         /* We have room on the queue for more commands.  Now we need to queue
1271          * them up.  We will also keep track of the next queue to run so
1272          * that every queue gets a chance to be started first.
1273          */
1274         for (i = 0; i < h->highest_lun + 1; i++) {
1275                 int curr_queue = (start_queue + i) % (h->highest_lun + 1);
1276                 /* make sure the disk has been added and the drive is real
1277                  * because this can be called from the middle of init_one.
1278                  */
1279                 if (!(h->drv[curr_queue].queue) || !(h->drv[curr_queue].heads))
1280                         continue;
1281                 blk_start_queue(h->gendisk[curr_queue]->queue);
1282
1283                 /* check to see if we have maxed out the number of commands
1284                  * that can be placed on the queue.
1285                  */
1286                 if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds) {
1287                         if (curr_queue == start_queue) {
1288                                 h->next_to_run =
1289                                     (start_queue + 1) % (h->highest_lun + 1);
1290                                 break;
1291                         } else {
1292                                 h->next_to_run = curr_queue;
1293                                 break;
1294                         }
1295                 } else {
1296                         curr_queue = (curr_queue + 1) % (h->highest_lun + 1);
1297                 }
1298         }
1299 }
1300
1301 static void cciss_softirq_done(struct request *rq)
1302 {
1303         CommandList_struct *cmd = rq->completion_data;
1304         ctlr_info_t *h = hba[cmd->ctlr];
1305         unsigned long flags;
1306         u64bit temp64;
1307         int i, ddir;
1308
1309         if (cmd->Request.Type.Direction == XFER_READ)
1310                 ddir = PCI_DMA_FROMDEVICE;
1311         else
1312                 ddir = PCI_DMA_TODEVICE;
1313
1314         /* command did not need to be retried */
1315         /* unmap the DMA mapping for all the scatter gather elements */
1316         for (i = 0; i < cmd->Header.SGList; i++) {
1317                 temp64.val32.lower = cmd->SG[i].Addr.lower;
1318                 temp64.val32.upper = cmd->SG[i].Addr.upper;
1319                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
1320         }
1321
1322 #ifdef CCISS_DEBUG
1323         printk("Done with %p\n", rq);
1324 #endif                          /* CCISS_DEBUG */
1325
1326         if (blk_end_request(rq, (rq->errors == 0) ? 0 : -EIO, blk_rq_bytes(rq)))
1327                 BUG();
1328
1329         spin_lock_irqsave(&h->lock, flags);
1330         cmd_free(h, cmd, 1);
1331         cciss_check_queues(h);
1332         spin_unlock_irqrestore(&h->lock, flags);
1333 }
1334
1335 /* This function will check the usage_count of the drive to be updated/added.
1336  * If the usage_count is zero then the drive information will be updated and
1337  * the disk will be re-registered with the kernel.  If not then it will be
1338  * left alone for the next reboot.  The exception to this is disk 0 which
1339  * will always be left registered with the kernel since it is also the
1340  * controller node.  Any changes to disk 0 will show up on the next
1341  * reboot.
1342  */
1343 static void cciss_update_drive_info(int ctlr, int drv_index)
1344 {
1345         ctlr_info_t *h = hba[ctlr];
1346         struct gendisk *disk;
1347         InquiryData_struct *inq_buff = NULL;
1348         unsigned int block_size;
1349         sector_t total_size;
1350         unsigned long flags = 0;
1351         int ret = 0;
1352
1353         /* if the disk already exists then deregister it before proceeding */
1354         if (h->drv[drv_index].raid_level != -1) {
1355                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1356                 h->drv[drv_index].busy_configuring = 1;
1357                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1358
1359                 /* deregister_disk sets h->drv[drv_index].queue = NULL */
1360                 /* which keeps the interrupt handler from starting */
1361                 /* the queue. */
1362                 ret = deregister_disk(h->gendisk[drv_index],
1363                                       &h->drv[drv_index], 0);
1364                 h->drv[drv_index].busy_configuring = 0;
1365         }
1366
1367         /* If the disk is in use return */
1368         if (ret)
1369                 return;
1370
1371         /* Get information about the disk and modify the driver structure */
1372         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1373         if (inq_buff == NULL)
1374                 goto mem_msg;
1375
1376         /* testing to see if 16-byte CDBs are already being used */
1377         if (h->cciss_read == CCISS_READ_16) {
1378                 cciss_read_capacity_16(h->ctlr, drv_index, 1,
1379                         &total_size, &block_size);
1380                 goto geo_inq;
1381         }
1382
1383         cciss_read_capacity(ctlr, drv_index, 1,
1384                             &total_size, &block_size);
1385
1386         /* if read_capacity returns all F's this volume is >2TB in size */
1387         /* so we switch to 16-byte CDB's for all read/write ops */
1388         if (total_size == 0xFFFFFFFFULL) {
1389                 cciss_read_capacity_16(ctlr, drv_index, 1,
1390                 &total_size, &block_size);
1391                 h->cciss_read = CCISS_READ_16;
1392                 h->cciss_write = CCISS_WRITE_16;
1393         } else {
1394                 h->cciss_read = CCISS_READ_10;
1395                 h->cciss_write = CCISS_WRITE_10;
1396         }
1397 geo_inq:
1398         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1399                                inq_buff, &h->drv[drv_index]);
1400
1401         ++h->num_luns;
1402         disk = h->gendisk[drv_index];
1403         set_capacity(disk, h->drv[drv_index].nr_blocks);
1404
1405         /* if it's the controller it's already added */
1406         if (drv_index) {
1407                 disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1408                 sprintf(disk->disk_name, "cciss/c%dd%d", ctlr, drv_index);
1409                 disk->major = h->major;
1410                 disk->first_minor = drv_index << NWD_SHIFT;
1411                 disk->fops = &cciss_fops;
1412                 disk->private_data = &h->drv[drv_index];
1413
1414                 /* Set up queue information */
1415                 blk_queue_bounce_limit(disk->queue, hba[ctlr]->pdev->dma_mask);
1416
1417                 /* This is a hardware imposed limit. */
1418                 blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1419
1420                 /* This is a limit in the driver and could be eliminated. */
1421                 blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1422
1423                 blk_queue_max_sectors(disk->queue, h->cciss_max_sectors);
1424
1425                 blk_queue_softirq_done(disk->queue, cciss_softirq_done);
1426
1427                 disk->queue->queuedata = hba[ctlr];
1428
1429                 blk_queue_hardsect_size(disk->queue,
1430                                         hba[ctlr]->drv[drv_index].block_size);
1431
1432                 /* Make sure all queue data is written out before */
1433                 /* setting h->drv[drv_index].queue, as setting this */
1434                 /* allows the interrupt handler to start the queue */
1435                 wmb();
1436                 h->drv[drv_index].queue = disk->queue;
1437                 add_disk(disk);
1438         }
1439
1440       freeret:
1441         kfree(inq_buff);
1442         return;
1443       mem_msg:
1444         printk(KERN_ERR "cciss: out of memory\n");
1445         goto freeret;
1446 }
1447
1448 /* This function will find the first index of the controllers drive array
1449  * that has a -1 for the raid_level and will return that index.  This is
1450  * where new drives will be added.  If the index to be returned is greater
1451  * than the highest_lun index for the controller then highest_lun is set
1452  * to this new index.  If there are no available indexes then -1 is returned.
1453  */
1454 static int cciss_find_free_drive_index(int ctlr)
1455 {
1456         int i;
1457
1458         for (i = 0; i < CISS_MAX_LUN; i++) {
1459                 if (hba[ctlr]->drv[i].raid_level == -1) {
1460                         if (i > hba[ctlr]->highest_lun)
1461                                 hba[ctlr]->highest_lun = i;
1462                         return i;
1463                 }
1464         }
1465         return -1;
1466 }
1467
1468 /* This function will add and remove logical drives from the Logical
1469  * drive array of the controller and maintain persistency of ordering
1470  * so that mount points are preserved until the next reboot.  This allows
1471  * for the removal of logical drives in the middle of the drive array
1472  * without a re-ordering of those drives.
1473  * INPUT
1474  * h            = The controller to perform the operations on
1475  * del_disk     = The disk to remove if specified.  If the value given
1476  *                is NULL then no disk is removed.
1477  */
1478 static int rebuild_lun_table(ctlr_info_t *h, struct gendisk *del_disk)
1479 {
1480         int ctlr = h->ctlr;
1481         int num_luns;
1482         ReportLunData_struct *ld_buff = NULL;
1483         drive_info_struct *drv = NULL;
1484         int return_code;
1485         int listlength = 0;
1486         int i;
1487         int drv_found;
1488         int drv_index = 0;
1489         __u32 lunid = 0;
1490         unsigned long flags;
1491
1492         /* Set busy_configuring flag for this operation */
1493         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1494         if (h->busy_configuring) {
1495                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1496                 return -EBUSY;
1497         }
1498         h->busy_configuring = 1;
1499
1500         /* if del_disk is NULL then we are being called to add a new disk
1501          * and update the logical drive table.  If it is not NULL then
1502          * we will check if the disk is in use or not.
1503          */
1504         if (del_disk != NULL) {
1505                 drv = get_drv(del_disk);
1506                 drv->busy_configuring = 1;
1507                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1508                 return_code = deregister_disk(del_disk, drv, 1);
1509                 drv->busy_configuring = 0;
1510                 h->busy_configuring = 0;
1511                 return return_code;
1512         } else {
1513                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1514                 if (!capable(CAP_SYS_RAWIO))
1515                         return -EPERM;
1516
1517                 ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
1518                 if (ld_buff == NULL)
1519                         goto mem_msg;
1520
1521                 return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
1522                                               sizeof(ReportLunData_struct), 0,
1523                                               0, 0, TYPE_CMD);
1524
1525                 if (return_code == IO_OK) {
1526                         listlength =
1527                                 be32_to_cpu(*(__be32 *) ld_buff->LUNListLength);
1528                 } else {        /* reading number of logical volumes failed */
1529                         printk(KERN_WARNING "cciss: report logical volume"
1530                                " command failed\n");
1531                         listlength = 0;
1532                         goto freeret;
1533                 }
1534
1535                 num_luns = listlength / 8;      /* 8 bytes per entry */
1536                 if (num_luns > CISS_MAX_LUN) {
1537                         num_luns = CISS_MAX_LUN;
1538                         printk(KERN_WARNING "cciss: more luns configured"
1539                                " on controller than can be handled by"
1540                                " this driver.\n");
1541                 }
1542
1543                 /* Compare controller drive array to drivers drive array.
1544                  * Check for updates in the drive information and any new drives
1545                  * on the controller.
1546                  */
1547                 for (i = 0; i < num_luns; i++) {
1548                         int j;
1549
1550                         drv_found = 0;
1551
1552                         lunid = (0xff &
1553                                  (unsigned int)(ld_buff->LUN[i][3])) << 24;
1554                         lunid |= (0xff &
1555                                   (unsigned int)(ld_buff->LUN[i][2])) << 16;
1556                         lunid |= (0xff &
1557                                   (unsigned int)(ld_buff->LUN[i][1])) << 8;
1558                         lunid |= 0xff & (unsigned int)(ld_buff->LUN[i][0]);
1559
1560                         /* Find if the LUN is already in the drive array
1561                          * of the controller.  If so then update its info
1562                          * if not is use.  If it does not exist then find
1563                          * the first free index and add it.
1564                          */
1565                         for (j = 0; j <= h->highest_lun; j++) {
1566                                 if (h->drv[j].LunID == lunid) {
1567                                         drv_index = j;
1568                                         drv_found = 1;
1569                                 }
1570                         }
1571
1572                         /* check if the drive was found already in the array */
1573                         if (!drv_found) {
1574                                 drv_index = cciss_find_free_drive_index(ctlr);
1575                                 if (drv_index == -1)
1576                                         goto freeret;
1577
1578                                 /*Check if the gendisk needs to be allocated */
1579                                 if (!h->gendisk[drv_index]){
1580                                         h->gendisk[drv_index] = alloc_disk(1 << NWD_SHIFT);
1581                                         if (!h->gendisk[drv_index]){
1582                                                 printk(KERN_ERR "cciss: could not allocate new disk %d\n", drv_index);
1583                                                 goto mem_msg;
1584                                         }
1585                                 }
1586                         }
1587                         h->drv[drv_index].LunID = lunid;
1588                         cciss_update_drive_info(ctlr, drv_index);
1589                 }               /* end for */
1590         }                       /* end else */
1591
1592       freeret:
1593         kfree(ld_buff);
1594         h->busy_configuring = 0;
1595         /* We return -1 here to tell the ACU that we have registered/updated
1596          * all of the drives that we can and to keep it from calling us
1597          * additional times.
1598          */
1599         return -1;
1600       mem_msg:
1601         printk(KERN_ERR "cciss: out of memory\n");
1602         goto freeret;
1603 }
1604
1605 /* This function will deregister the disk and it's queue from the
1606  * kernel.  It must be called with the controller lock held and the
1607  * drv structures busy_configuring flag set.  It's parameters are:
1608  *
1609  * disk = This is the disk to be deregistered
1610  * drv  = This is the drive_info_struct associated with the disk to be
1611  *        deregistered.  It contains information about the disk used
1612  *        by the driver.
1613  * clear_all = This flag determines whether or not the disk information
1614  *             is going to be completely cleared out and the highest_lun
1615  *             reset.  Sometimes we want to clear out information about
1616  *             the disk in preparation for re-adding it.  In this case
1617  *             the highest_lun should be left unchanged and the LunID
1618  *             should not be cleared.
1619 */
1620 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
1621                            int clear_all)
1622 {
1623         int i;
1624         ctlr_info_t *h = get_host(disk);
1625
1626         if (!capable(CAP_SYS_RAWIO))
1627                 return -EPERM;
1628
1629         /* make sure logical volume is NOT is use */
1630         if (clear_all || (h->gendisk[0] == disk)) {
1631                 if (drv->usage_count > 1)
1632                         return -EBUSY;
1633         } else if (drv->usage_count > 0)
1634                 return -EBUSY;
1635
1636         /* invalidate the devices and deregister the disk.  If it is disk
1637          * zero do not deregister it but just zero out it's values.  This
1638          * allows us to delete disk zero but keep the controller registered.
1639          */
1640         if (h->gendisk[0] != disk) {
1641                 struct request_queue *q = disk->queue;
1642                 if (disk->flags & GENHD_FL_UP)
1643                         del_gendisk(disk);
1644                 if (q) {
1645                         blk_cleanup_queue(q);
1646                         /* Set drv->queue to NULL so that we do not try
1647                          * to call blk_start_queue on this queue in the
1648                          * interrupt handler
1649                          */
1650                         drv->queue = NULL;
1651                 }
1652                 /* If clear_all is set then we are deleting the logical
1653                  * drive, not just refreshing its info.  For drives
1654                  * other than disk 0 we will call put_disk.  We do not
1655                  * do this for disk 0 as we need it to be able to
1656                  * configure the controller.
1657                 */
1658                 if (clear_all){
1659                         /* This isn't pretty, but we need to find the
1660                          * disk in our array and NULL our the pointer.
1661                          * This is so that we will call alloc_disk if
1662                          * this index is used again later.
1663                         */
1664                         for (i=0; i < CISS_MAX_LUN; i++){
1665                                 if(h->gendisk[i] == disk){
1666                                         h->gendisk[i] = NULL;
1667                                         break;
1668                                 }
1669                         }
1670                         put_disk(disk);
1671                 }
1672         } else {
1673                 set_capacity(disk, 0);
1674         }
1675
1676         --h->num_luns;
1677         /* zero out the disk size info */
1678         drv->nr_blocks = 0;
1679         drv->block_size = 0;
1680         drv->heads = 0;
1681         drv->sectors = 0;
1682         drv->cylinders = 0;
1683         drv->raid_level = -1;   /* This can be used as a flag variable to
1684                                  * indicate that this element of the drive
1685                                  * array is free.
1686                                  */
1687
1688         if (clear_all) {
1689                 /* check to see if it was the last disk */
1690                 if (drv == h->drv + h->highest_lun) {
1691                         /* if so, find the new hightest lun */
1692                         int i, newhighest = -1;
1693                         for (i = 0; i < h->highest_lun; i++) {
1694                                 /* if the disk has size > 0, it is available */
1695                                 if (h->drv[i].heads)
1696                                         newhighest = i;
1697                         }
1698                         h->highest_lun = newhighest;
1699                 }
1700
1701                 drv->LunID = 0;
1702         }
1703         return 0;
1704 }
1705
1706 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
1707                                                                                                                            1: address logical volume log_unit,
1708                                                                                                                            2: periph device address is scsi3addr */
1709                     unsigned int log_unit, __u8 page_code,
1710                     unsigned char *scsi3addr, int cmd_type)
1711 {
1712         ctlr_info_t *h = hba[ctlr];
1713         u64bit buff_dma_handle;
1714         int status = IO_OK;
1715
1716         c->cmd_type = CMD_IOCTL_PEND;
1717         c->Header.ReplyQueue = 0;
1718         if (buff != NULL) {
1719                 c->Header.SGList = 1;
1720                 c->Header.SGTotal = 1;
1721         } else {
1722                 c->Header.SGList = 0;
1723                 c->Header.SGTotal = 0;
1724         }
1725         c->Header.Tag.lower = c->busaddr;
1726
1727         c->Request.Type.Type = cmd_type;
1728         if (cmd_type == TYPE_CMD) {
1729                 switch (cmd) {
1730                 case CISS_INQUIRY:
1731                         /* If the logical unit number is 0 then, this is going
1732                            to controller so It's a physical command
1733                            mode = 0 target = 0.  So we have nothing to write.
1734                            otherwise, if use_unit_num == 1,
1735                            mode = 1(volume set addressing) target = LUNID
1736                            otherwise, if use_unit_num == 2,
1737                            mode = 0(periph dev addr) target = scsi3addr */
1738                         if (use_unit_num == 1) {
1739                                 c->Header.LUN.LogDev.VolId =
1740                                     h->drv[log_unit].LunID;
1741                                 c->Header.LUN.LogDev.Mode = 1;
1742                         } else if (use_unit_num == 2) {
1743                                 memcpy(c->Header.LUN.LunAddrBytes, scsi3addr,
1744                                        8);
1745                                 c->Header.LUN.LogDev.Mode = 0;
1746                         }
1747                         /* are we trying to read a vital product page */
1748                         if (page_code != 0) {
1749                                 c->Request.CDB[1] = 0x01;
1750                                 c->Request.CDB[2] = page_code;
1751                         }
1752                         c->Request.CDBLen = 6;
1753                         c->Request.Type.Attribute = ATTR_SIMPLE;
1754                         c->Request.Type.Direction = XFER_READ;
1755                         c->Request.Timeout = 0;
1756                         c->Request.CDB[0] = CISS_INQUIRY;
1757                         c->Request.CDB[4] = size & 0xFF;
1758                         break;
1759                 case CISS_REPORT_LOG:
1760                 case CISS_REPORT_PHYS:
1761                         /* Talking to controller so It's a physical command
1762                            mode = 00 target = 0.  Nothing to write.
1763                          */
1764                         c->Request.CDBLen = 12;
1765                         c->Request.Type.Attribute = ATTR_SIMPLE;
1766                         c->Request.Type.Direction = XFER_READ;
1767                         c->Request.Timeout = 0;
1768                         c->Request.CDB[0] = cmd;
1769                         c->Request.CDB[6] = (size >> 24) & 0xFF;        //MSB
1770                         c->Request.CDB[7] = (size >> 16) & 0xFF;
1771                         c->Request.CDB[8] = (size >> 8) & 0xFF;
1772                         c->Request.CDB[9] = size & 0xFF;
1773                         break;
1774
1775                 case CCISS_READ_CAPACITY:
1776                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1777                         c->Header.LUN.LogDev.Mode = 1;
1778                         c->Request.CDBLen = 10;
1779                         c->Request.Type.Attribute = ATTR_SIMPLE;
1780                         c->Request.Type.Direction = XFER_READ;
1781                         c->Request.Timeout = 0;
1782                         c->Request.CDB[0] = cmd;
1783                         break;
1784                 case CCISS_READ_CAPACITY_16:
1785                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1786                         c->Header.LUN.LogDev.Mode = 1;
1787                         c->Request.CDBLen = 16;
1788                         c->Request.Type.Attribute = ATTR_SIMPLE;
1789                         c->Request.Type.Direction = XFER_READ;
1790                         c->Request.Timeout = 0;
1791                         c->Request.CDB[0] = cmd;
1792                         c->Request.CDB[1] = 0x10;
1793                         c->Request.CDB[10] = (size >> 24) & 0xFF;
1794                         c->Request.CDB[11] = (size >> 16) & 0xFF;
1795                         c->Request.CDB[12] = (size >> 8) & 0xFF;
1796                         c->Request.CDB[13] = size & 0xFF;
1797                         c->Request.Timeout = 0;
1798                         c->Request.CDB[0] = cmd;
1799                         break;
1800                 case CCISS_CACHE_FLUSH:
1801                         c->Request.CDBLen = 12;
1802                         c->Request.Type.Attribute = ATTR_SIMPLE;
1803                         c->Request.Type.Direction = XFER_WRITE;
1804                         c->Request.Timeout = 0;
1805                         c->Request.CDB[0] = BMIC_WRITE;
1806                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
1807                         break;
1808                 default:
1809                         printk(KERN_WARNING
1810                                "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
1811                         return IO_ERROR;
1812                 }
1813         } else if (cmd_type == TYPE_MSG) {
1814                 switch (cmd) {
1815                 case 0: /* ABORT message */
1816                         c->Request.CDBLen = 12;
1817                         c->Request.Type.Attribute = ATTR_SIMPLE;
1818                         c->Request.Type.Direction = XFER_WRITE;
1819                         c->Request.Timeout = 0;
1820                         c->Request.CDB[0] = cmd;        /* abort */
1821                         c->Request.CDB[1] = 0;  /* abort a command */
1822                         /* buff contains the tag of the command to abort */
1823                         memcpy(&c->Request.CDB[4], buff, 8);
1824                         break;
1825                 case 1: /* RESET message */
1826                         c->Request.CDBLen = 12;
1827                         c->Request.Type.Attribute = ATTR_SIMPLE;
1828                         c->Request.Type.Direction = XFER_WRITE;
1829                         c->Request.Timeout = 0;
1830                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
1831                         c->Request.CDB[0] = cmd;        /* reset */
1832                         c->Request.CDB[1] = 0x04;       /* reset a LUN */
1833                         break;
1834                 case 3: /* No-Op message */
1835                         c->Request.CDBLen = 1;
1836                         c->Request.Type.Attribute = ATTR_SIMPLE;
1837                         c->Request.Type.Direction = XFER_WRITE;
1838                         c->Request.Timeout = 0;
1839                         c->Request.CDB[0] = cmd;
1840                         break;
1841                 default:
1842                         printk(KERN_WARNING
1843                                "cciss%d: unknown message type %d\n", ctlr, cmd);
1844                         return IO_ERROR;
1845                 }
1846         } else {
1847                 printk(KERN_WARNING
1848                        "cciss%d: unknown command type %d\n", ctlr, cmd_type);
1849                 return IO_ERROR;
1850         }
1851         /* Fill in the scatter gather information */
1852         if (size > 0) {
1853                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
1854                                                              buff, size,
1855                                                              PCI_DMA_BIDIRECTIONAL);
1856                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
1857                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
1858                 c->SG[0].Len = size;
1859                 c->SG[0].Ext = 0;       /* we are not chaining */
1860         }
1861         return status;
1862 }
1863
1864 static int sendcmd_withirq(__u8 cmd,
1865                            int ctlr,
1866                            void *buff,
1867                            size_t size,
1868                            unsigned int use_unit_num,
1869                            unsigned int log_unit, __u8 page_code, int cmd_type)
1870 {
1871         ctlr_info_t *h = hba[ctlr];
1872         CommandList_struct *c;
1873         u64bit buff_dma_handle;
1874         unsigned long flags;
1875         int return_status;
1876         DECLARE_COMPLETION_ONSTACK(wait);
1877
1878         if ((c = cmd_alloc(h, 0)) == NULL)
1879                 return -ENOMEM;
1880         return_status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
1881                                  log_unit, page_code, NULL, cmd_type);
1882         if (return_status != IO_OK) {
1883                 cmd_free(h, c, 0);
1884                 return return_status;
1885         }
1886       resend_cmd2:
1887         c->waiting = &wait;
1888
1889         /* Put the request on the tail of the queue and send it */
1890         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1891         addQ(&h->reqQ, c);
1892         h->Qdepth++;
1893         start_io(h);
1894         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1895
1896         wait_for_completion(&wait);
1897
1898         if (c->err_info->CommandStatus != 0) {  /* an error has occurred */
1899                 switch (c->err_info->CommandStatus) {
1900                 case CMD_TARGET_STATUS:
1901                         printk(KERN_WARNING "cciss: cmd %p has "
1902                                " completed with errors\n", c);
1903                         if (c->err_info->ScsiStatus) {
1904                                 printk(KERN_WARNING "cciss: cmd %p "
1905                                        "has SCSI Status = %x\n",
1906                                        c, c->err_info->ScsiStatus);
1907                         }
1908
1909                         break;
1910                 case CMD_DATA_UNDERRUN:
1911                 case CMD_DATA_OVERRUN:
1912                         /* expected for inquire and report lun commands */
1913                         break;
1914                 case CMD_INVALID:
1915                         printk(KERN_WARNING "cciss: Cmd %p is "
1916                                "reported invalid\n", c);
1917                         return_status = IO_ERROR;
1918                         break;
1919                 case CMD_PROTOCOL_ERR:
1920                         printk(KERN_WARNING "cciss: cmd %p has "
1921                                "protocol error \n", c);
1922                         return_status = IO_ERROR;
1923                         break;
1924                 case CMD_HARDWARE_ERR:
1925                         printk(KERN_WARNING "cciss: cmd %p had "
1926                                " hardware error\n", c);
1927                         return_status = IO_ERROR;
1928                         break;
1929                 case CMD_CONNECTION_LOST:
1930                         printk(KERN_WARNING "cciss: cmd %p had "
1931                                "connection lost\n", c);
1932                         return_status = IO_ERROR;
1933                         break;
1934                 case CMD_ABORTED:
1935                         printk(KERN_WARNING "cciss: cmd %p was "
1936                                "aborted\n", c);
1937                         return_status = IO_ERROR;
1938                         break;
1939                 case CMD_ABORT_FAILED:
1940                         printk(KERN_WARNING "cciss: cmd %p reports "
1941                                "abort failed\n", c);
1942                         return_status = IO_ERROR;
1943                         break;
1944                 case CMD_UNSOLICITED_ABORT:
1945                         printk(KERN_WARNING
1946                                "cciss%d: unsolicited abort %p\n", ctlr, c);
1947                         if (c->retry_count < MAX_CMD_RETRIES) {
1948                                 printk(KERN_WARNING
1949                                        "cciss%d: retrying %p\n", ctlr, c);
1950                                 c->retry_count++;
1951                                 /* erase the old error information */
1952                                 memset(c->err_info, 0,
1953                                        sizeof(ErrorInfo_struct));
1954                                 return_status = IO_OK;
1955                                 INIT_COMPLETION(wait);
1956                                 goto resend_cmd2;
1957                         }
1958                         return_status = IO_ERROR;
1959                         break;
1960                 default:
1961                         printk(KERN_WARNING "cciss: cmd %p returned "
1962                                "unknown status %x\n", c,
1963                                c->err_info->CommandStatus);
1964                         return_status = IO_ERROR;
1965                 }
1966         }
1967         /* unlock the buffers from DMA */
1968         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
1969         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
1970         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
1971                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
1972         cmd_free(h, c, 0);
1973         return return_status;
1974 }
1975
1976 static void cciss_geometry_inquiry(int ctlr, int logvol,
1977                                    int withirq, sector_t total_size,
1978                                    unsigned int block_size,
1979                                    InquiryData_struct *inq_buff,
1980                                    drive_info_struct *drv)
1981 {
1982         int return_code;
1983         unsigned long t;
1984
1985         memset(inq_buff, 0, sizeof(InquiryData_struct));
1986         if (withirq)
1987                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
1988                                               inq_buff, sizeof(*inq_buff), 1,
1989                                               logvol, 0xC1, TYPE_CMD);
1990         else
1991                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
1992                                       sizeof(*inq_buff), 1, logvol, 0xC1, NULL,
1993                                       TYPE_CMD);
1994         if (return_code == IO_OK) {
1995                 if (inq_buff->data_byte[8] == 0xFF) {
1996                         printk(KERN_WARNING
1997                                "cciss: reading geometry failed, volume "
1998                                "does not support reading geometry\n");
1999                         drv->heads = 255;
2000                         drv->sectors = 32;      // Sectors per track
2001                         drv->cylinders = total_size + 1;
2002                         drv->raid_level = RAID_UNKNOWN;
2003                 } else {
2004                         drv->heads = inq_buff->data_byte[6];
2005                         drv->sectors = inq_buff->data_byte[7];
2006                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
2007                         drv->cylinders += inq_buff->data_byte[5];
2008                         drv->raid_level = inq_buff->data_byte[8];
2009                 }
2010                 drv->block_size = block_size;
2011                 drv->nr_blocks = total_size + 1;
2012                 t = drv->heads * drv->sectors;
2013                 if (t > 1) {
2014                         sector_t real_size = total_size + 1;
2015                         unsigned long rem = sector_div(real_size, t);
2016                         if (rem)
2017                                 real_size++;
2018                         drv->cylinders = real_size;
2019                 }
2020         } else {                /* Get geometry failed */
2021                 printk(KERN_WARNING "cciss: reading geometry failed\n");
2022         }
2023         printk(KERN_INFO "      heads=%d, sectors=%d, cylinders=%d\n\n",
2024                drv->heads, drv->sectors, drv->cylinders);
2025 }
2026
2027 static void
2028 cciss_read_capacity(int ctlr, int logvol, int withirq, sector_t *total_size,
2029                     unsigned int *block_size)
2030 {
2031         ReadCapdata_struct *buf;
2032         int return_code;
2033
2034         buf = kzalloc(sizeof(ReadCapdata_struct), GFP_KERNEL);
2035         if (!buf) {
2036                 printk(KERN_WARNING "cciss: out of memory\n");
2037                 return;
2038         }
2039
2040         if (withirq)
2041                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
2042                                 ctlr, buf, sizeof(ReadCapdata_struct),
2043                                         1, logvol, 0, TYPE_CMD);
2044         else
2045                 return_code = sendcmd(CCISS_READ_CAPACITY,
2046                                 ctlr, buf, sizeof(ReadCapdata_struct),
2047                                         1, logvol, 0, NULL, TYPE_CMD);
2048         if (return_code == IO_OK) {
2049                 *total_size = be32_to_cpu(*(__be32 *) buf->total_size);
2050                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2051         } else {                /* read capacity command failed */
2052                 printk(KERN_WARNING "cciss: read capacity failed\n");
2053                 *total_size = 0;
2054                 *block_size = BLOCK_SIZE;
2055         }
2056         if (*total_size != 0)
2057                 printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2058                 (unsigned long long)*total_size+1, *block_size);
2059         kfree(buf);
2060 }
2061
2062 static void
2063 cciss_read_capacity_16(int ctlr, int logvol, int withirq, sector_t *total_size,                                 unsigned int *block_size)
2064 {
2065         ReadCapdata_struct_16 *buf;
2066         int return_code;
2067
2068         buf = kzalloc(sizeof(ReadCapdata_struct_16), GFP_KERNEL);
2069         if (!buf) {
2070                 printk(KERN_WARNING "cciss: out of memory\n");
2071                 return;
2072         }
2073
2074         if (withirq) {
2075                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY_16,
2076                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2077                                 1, logvol, 0, TYPE_CMD);
2078         }
2079         else {
2080                 return_code = sendcmd(CCISS_READ_CAPACITY_16,
2081                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2082                                 1, logvol, 0, NULL, TYPE_CMD);
2083         }
2084         if (return_code == IO_OK) {
2085                 *total_size = be64_to_cpu(*(__be64 *) buf->total_size);
2086                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2087         } else {                /* read capacity command failed */
2088                 printk(KERN_WARNING "cciss: read capacity failed\n");
2089                 *total_size = 0;
2090                 *block_size = BLOCK_SIZE;
2091         }
2092         printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2093                (unsigned long long)*total_size+1, *block_size);
2094         kfree(buf);
2095 }
2096
2097 static int cciss_revalidate(struct gendisk *disk)
2098 {
2099         ctlr_info_t *h = get_host(disk);
2100         drive_info_struct *drv = get_drv(disk);
2101         int logvol;
2102         int FOUND = 0;
2103         unsigned int block_size;
2104         sector_t total_size;
2105         InquiryData_struct *inq_buff = NULL;
2106
2107         for (logvol = 0; logvol < CISS_MAX_LUN; logvol++) {
2108                 if (h->drv[logvol].LunID == drv->LunID) {
2109                         FOUND = 1;
2110                         break;
2111                 }
2112         }
2113
2114         if (!FOUND)
2115                 return 1;
2116
2117         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
2118         if (inq_buff == NULL) {
2119                 printk(KERN_WARNING "cciss: out of memory\n");
2120                 return 1;
2121         }
2122         if (h->cciss_read == CCISS_READ_10) {
2123                 cciss_read_capacity(h->ctlr, logvol, 1,
2124                                         &total_size, &block_size);
2125         } else {
2126                 cciss_read_capacity_16(h->ctlr, logvol, 1,
2127                                         &total_size, &block_size);
2128         }
2129         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size,
2130                                inq_buff, drv);
2131
2132         blk_queue_hardsect_size(drv->queue, drv->block_size);
2133         set_capacity(disk, drv->nr_blocks);
2134
2135         kfree(inq_buff);
2136         return 0;
2137 }
2138
2139 /*
2140  *   Wait polling for a command to complete.
2141  *   The memory mapped FIFO is polled for the completion.
2142  *   Used only at init time, interrupts from the HBA are disabled.
2143  */
2144 static unsigned long pollcomplete(int ctlr)
2145 {
2146         unsigned long done;
2147         int i;
2148
2149         /* Wait (up to 20 seconds) for a command to complete */
2150
2151         for (i = 20 * HZ; i > 0; i--) {
2152                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
2153                 if (done == FIFO_EMPTY)
2154                         schedule_timeout_uninterruptible(1);
2155                 else
2156                         return done;
2157         }
2158         /* Invalid address to tell caller we ran out of time */
2159         return 1;
2160 }
2161
2162 static int add_sendcmd_reject(__u8 cmd, int ctlr, unsigned long complete)
2163 {
2164         /* We get in here if sendcmd() is polling for completions
2165            and gets some command back that it wasn't expecting --
2166            something other than that which it just sent down.
2167            Ordinarily, that shouldn't happen, but it can happen when
2168            the scsi tape stuff gets into error handling mode, and
2169            starts using sendcmd() to try to abort commands and
2170            reset tape drives.  In that case, sendcmd may pick up
2171            completions of commands that were sent to logical drives
2172            through the block i/o system, or cciss ioctls completing, etc.
2173            In that case, we need to save those completions for later
2174            processing by the interrupt handler.
2175          */
2176
2177 #ifdef CONFIG_CISS_SCSI_TAPE
2178         struct sendcmd_reject_list *srl = &hba[ctlr]->scsi_rejects;
2179
2180         /* If it's not the scsi tape stuff doing error handling, (abort */
2181         /* or reset) then we don't expect anything weird. */
2182         if (cmd != CCISS_RESET_MSG && cmd != CCISS_ABORT_MSG) {
2183 #endif
2184                 printk(KERN_WARNING "cciss cciss%d: SendCmd "
2185                        "Invalid command list address returned! (%lx)\n",
2186                        ctlr, complete);
2187                 /* not much we can do. */
2188 #ifdef CONFIG_CISS_SCSI_TAPE
2189                 return 1;
2190         }
2191
2192         /* We've sent down an abort or reset, but something else
2193            has completed */
2194         if (srl->ncompletions >= (hba[ctlr]->nr_cmds + 2)) {
2195                 /* Uh oh.  No room to save it for later... */
2196                 printk(KERN_WARNING "cciss%d: Sendcmd: Invalid command addr, "
2197                        "reject list overflow, command lost!\n", ctlr);
2198                 return 1;
2199         }
2200         /* Save it for later */
2201         srl->complete[srl->ncompletions] = complete;
2202         srl->ncompletions++;
2203 #endif
2204         return 0;
2205 }
2206
2207 /*
2208  * Send a command to the controller, and wait for it to complete.
2209  * Only used at init time.
2210  */
2211 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
2212                                                                                                    1: address logical volume log_unit,
2213                                                                                                    2: periph device address is scsi3addr */
2214                    unsigned int log_unit,
2215                    __u8 page_code, unsigned char *scsi3addr, int cmd_type)
2216 {
2217         CommandList_struct *c;
2218         int i;
2219         unsigned long complete;
2220         ctlr_info_t *info_p = hba[ctlr];
2221         u64bit buff_dma_handle;
2222         int status, done = 0;
2223
2224         if ((c = cmd_alloc(info_p, 1)) == NULL) {
2225                 printk(KERN_WARNING "cciss: unable to get memory");
2226                 return IO_ERROR;
2227         }
2228         status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2229                           log_unit, page_code, scsi3addr, cmd_type);
2230         if (status != IO_OK) {
2231                 cmd_free(info_p, c, 1);
2232                 return status;
2233         }
2234       resend_cmd1:
2235         /*
2236          * Disable interrupt
2237          */
2238 #ifdef CCISS_DEBUG
2239         printk(KERN_DEBUG "cciss: turning intr off\n");
2240 #endif                          /* CCISS_DEBUG */
2241         info_p->access.set_intr_mask(info_p, CCISS_INTR_OFF);
2242
2243         /* Make sure there is room in the command FIFO */
2244         /* Actually it should be completely empty at this time */
2245         /* unless we are in here doing error handling for the scsi */
2246         /* tape side of the driver. */
2247         for (i = 200000; i > 0; i--) {
2248                 /* if fifo isn't full go */
2249                 if (!(info_p->access.fifo_full(info_p))) {
2250
2251                         break;
2252                 }
2253                 udelay(10);
2254                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2255                        " waiting!\n", ctlr);
2256         }
2257         /*
2258          * Send the cmd
2259          */
2260         info_p->access.submit_command(info_p, c);
2261         done = 0;
2262         do {
2263                 complete = pollcomplete(ctlr);
2264
2265 #ifdef CCISS_DEBUG
2266                 printk(KERN_DEBUG "cciss: command completed\n");
2267 #endif                          /* CCISS_DEBUG */
2268
2269                 if (complete == 1) {
2270                         printk(KERN_WARNING
2271                                "cciss cciss%d: SendCmd Timeout out, "
2272                                "No command list address returned!\n", ctlr);
2273                         status = IO_ERROR;
2274                         done = 1;
2275                         break;
2276                 }
2277
2278                 /* This will need to change for direct lookup completions */
2279                 if ((complete & CISS_ERROR_BIT)
2280                     && (complete & ~CISS_ERROR_BIT) == c->busaddr) {
2281                         /* if data overrun or underun on Report command
2282                            ignore it
2283                          */
2284                         if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2285                              (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2286                              (c->Request.CDB[0] == CISS_INQUIRY)) &&
2287                             ((c->err_info->CommandStatus ==
2288                               CMD_DATA_OVERRUN) ||
2289                              (c->err_info->CommandStatus == CMD_DATA_UNDERRUN)
2290                             )) {
2291                                 complete = c->busaddr;
2292                         } else {
2293                                 if (c->err_info->CommandStatus ==
2294                                     CMD_UNSOLICITED_ABORT) {
2295                                         printk(KERN_WARNING "cciss%d: "
2296                                                "unsolicited abort %p\n",
2297                                                ctlr, c);
2298                                         if (c->retry_count < MAX_CMD_RETRIES) {
2299                                                 printk(KERN_WARNING
2300                                                        "cciss%d: retrying %p\n",
2301                                                        ctlr, c);
2302                                                 c->retry_count++;
2303                                                 /* erase the old error */
2304                                                 /* information */
2305                                                 memset(c->err_info, 0,
2306                                                        sizeof
2307                                                        (ErrorInfo_struct));
2308                                                 goto resend_cmd1;
2309                                         } else {
2310                                                 printk(KERN_WARNING
2311                                                        "cciss%d: retried %p too "
2312                                                        "many times\n", ctlr, c);
2313                                                 status = IO_ERROR;
2314                                                 goto cleanup1;
2315                                         }
2316                                 } else if (c->err_info->CommandStatus ==
2317                                            CMD_UNABORTABLE) {
2318                                         printk(KERN_WARNING
2319                                                "cciss%d: command could not be aborted.\n",
2320                                                ctlr);
2321                                         status = IO_ERROR;
2322                                         goto cleanup1;
2323                                 }
2324                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2325                                        " Error %x \n", ctlr,
2326                                        c->err_info->CommandStatus);
2327                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2328                                        " offensive info\n"
2329                                        "  size %x\n   num %x   value %x\n",
2330                                        ctlr,
2331                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2332                                        offense_size,
2333                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2334                                        offense_num,
2335                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2336                                        offense_value);
2337                                 status = IO_ERROR;
2338                                 goto cleanup1;
2339                         }
2340                 }
2341                 /* This will need changing for direct lookup completions */
2342                 if (complete != c->busaddr) {
2343                         if (add_sendcmd_reject(cmd, ctlr, complete) != 0) {
2344                                 BUG();  /* we are pretty much hosed if we get here. */
2345                         }
2346                         continue;
2347                 } else
2348                         done = 1;
2349         } while (!done);
2350
2351       cleanup1:
2352         /* unlock the data buffer from DMA */
2353         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2354         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2355         pci_unmap_single(info_p->pdev, (dma_addr_t) buff_dma_handle.val,
2356                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2357 #ifdef CONFIG_CISS_SCSI_TAPE
2358         /* if we saved some commands for later, process them now. */
2359         if (info_p->scsi_rejects.ncompletions > 0)
2360                 do_cciss_intr(0, info_p);
2361 #endif
2362         cmd_free(info_p, c, 1);
2363         return status;
2364 }
2365
2366 /*
2367  * Map (physical) PCI mem into (virtual) kernel space
2368  */
2369 static void __iomem *remap_pci_mem(ulong base, ulong size)
2370 {
2371         ulong page_base = ((ulong) base) & PAGE_MASK;
2372         ulong page_offs = ((ulong) base) - page_base;
2373         void __iomem *page_remapped = ioremap(page_base, page_offs + size);
2374
2375         return page_remapped ? (page_remapped + page_offs) : NULL;
2376 }
2377
2378 /*
2379  * Takes jobs of the Q and sends them to the hardware, then puts it on
2380  * the Q to wait for completion.
2381  */
2382 static void start_io(ctlr_info_t *h)
2383 {
2384         CommandList_struct *c;
2385
2386         while ((c = h->reqQ) != NULL) {
2387                 /* can't do anything if fifo is full */
2388                 if ((h->access.fifo_full(h))) {
2389                         printk(KERN_WARNING "cciss: fifo full\n");
2390                         break;
2391                 }
2392
2393                 /* Get the first entry from the Request Q */
2394                 removeQ(&(h->reqQ), c);
2395                 h->Qdepth--;
2396
2397                 /* Tell the controller execute command */
2398                 h->access.submit_command(h, c);
2399
2400                 /* Put job onto the completed Q */
2401                 addQ(&(h->cmpQ), c);
2402         }
2403 }
2404
2405 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2406 /* Zeros out the error record and then resends the command back */
2407 /* to the controller */
2408 static inline void resend_cciss_cmd(ctlr_info_t *h, CommandList_struct *c)
2409 {
2410         /* erase the old error information */
2411         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2412
2413         /* add it to software queue and then send it to the controller */
2414         addQ(&(h->reqQ), c);
2415         h->Qdepth++;
2416         if (h->Qdepth > h->maxQsinceinit)
2417                 h->maxQsinceinit = h->Qdepth;
2418
2419         start_io(h);
2420 }
2421
2422 static inline unsigned int make_status_bytes(unsigned int scsi_status_byte,
2423         unsigned int msg_byte, unsigned int host_byte,
2424         unsigned int driver_byte)
2425 {
2426         /* inverse of macros in scsi.h */
2427         return (scsi_status_byte & 0xff) |
2428                 ((msg_byte & 0xff) << 8) |
2429                 ((host_byte & 0xff) << 16) |
2430                 ((driver_byte & 0xff) << 24);
2431 }
2432
2433 static inline int evaluate_target_status(CommandList_struct *cmd)
2434 {
2435         unsigned char sense_key;
2436         unsigned char status_byte, msg_byte, host_byte, driver_byte;
2437         int error_value;
2438
2439         /* If we get in here, it means we got "target status", that is, scsi status */
2440         status_byte = cmd->err_info->ScsiStatus;
2441         driver_byte = DRIVER_OK;
2442         msg_byte = cmd->err_info->CommandStatus; /* correct?  seems too device specific */
2443
2444         if (blk_pc_request(cmd->rq))
2445                 host_byte = DID_PASSTHROUGH;
2446         else
2447                 host_byte = DID_OK;
2448
2449         error_value = make_status_bytes(status_byte, msg_byte,
2450                 host_byte, driver_byte);
2451
2452         if (cmd->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION) {
2453                 if (!blk_pc_request(cmd->rq))
2454                         printk(KERN_WARNING "cciss: cmd %p "
2455                                "has SCSI Status 0x%x\n",
2456                                cmd, cmd->err_info->ScsiStatus);
2457                 return error_value;
2458         }
2459
2460         /* check the sense key */
2461         sense_key = 0xf & cmd->err_info->SenseInfo[2];
2462         /* no status or recovered error */
2463         if (((sense_key == 0x0) || (sense_key == 0x1)) && !blk_pc_request(cmd->rq))
2464                 error_value = 0;
2465
2466         if (!blk_pc_request(cmd->rq)) { /* Not SG_IO or similar? */
2467                 if (error_value != 0)
2468                         printk(KERN_WARNING "cciss: cmd %p has CHECK CONDITION"
2469                                " sense key = 0x%x\n", cmd, sense_key);
2470                 return error_value;
2471         }
2472
2473         /* SG_IO or similar, copy sense data back */
2474         if (cmd->rq->sense) {
2475                 if (cmd->rq->sense_len > cmd->err_info->SenseLen)
2476                         cmd->rq->sense_len = cmd->err_info->SenseLen;
2477                 memcpy(cmd->rq->sense, cmd->err_info->SenseInfo,
2478                         cmd->rq->sense_len);
2479         } else
2480                 cmd->rq->sense_len = 0;
2481
2482         return error_value;
2483 }
2484
2485 /* checks the status of the job and calls complete buffers to mark all
2486  * buffers for the completed job. Note that this function does not need
2487  * to hold the hba/queue lock.
2488  */
2489 static inline void complete_command(ctlr_info_t *h, CommandList_struct *cmd,
2490                                     int timeout)
2491 {
2492         int retry_cmd = 0;
2493         struct request *rq = cmd->rq;
2494
2495         rq->errors = 0;
2496
2497         if (timeout)
2498                 rq->errors = make_status_bytes(0, 0, 0, DRIVER_TIMEOUT);
2499
2500         if (cmd->err_info->CommandStatus == 0)  /* no error has occurred */
2501                 goto after_error_processing;
2502
2503         switch (cmd->err_info->CommandStatus) {
2504         case CMD_TARGET_STATUS:
2505                 rq->errors = evaluate_target_status(cmd);
2506                 break;
2507         case CMD_DATA_UNDERRUN:
2508                 if (blk_fs_request(cmd->rq)) {
2509                         printk(KERN_WARNING "cciss: cmd %p has"
2510                                " completed with data underrun "
2511                                "reported\n", cmd);
2512                         cmd->rq->data_len = cmd->err_info->ResidualCnt;
2513                 }
2514                 break;
2515         case CMD_DATA_OVERRUN:
2516                 if (blk_fs_request(cmd->rq))
2517                         printk(KERN_WARNING "cciss: cmd %p has"
2518                                " completed with data overrun "
2519                                "reported\n", cmd);
2520                 break;
2521         case CMD_INVALID:
2522                 printk(KERN_WARNING "cciss: cmd %p is "
2523                        "reported invalid\n", cmd);
2524                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2525                         cmd->err_info->CommandStatus, DRIVER_OK,
2526                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2527                 break;
2528         case CMD_PROTOCOL_ERR:
2529                 printk(KERN_WARNING "cciss: cmd %p has "
2530                        "protocol error \n", cmd);
2531                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2532                         cmd->err_info->CommandStatus, DRIVER_OK,
2533                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2534                 break;
2535         case CMD_HARDWARE_ERR:
2536                 printk(KERN_WARNING "cciss: cmd %p had "
2537                        " hardware error\n", cmd);
2538                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2539                         cmd->err_info->CommandStatus, DRIVER_OK,
2540                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2541                 break;
2542         case CMD_CONNECTION_LOST:
2543                 printk(KERN_WARNING "cciss: cmd %p had "
2544                        "connection lost\n", cmd);
2545                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2546                         cmd->err_info->CommandStatus, DRIVER_OK,
2547                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2548                 break;
2549         case CMD_ABORTED:
2550                 printk(KERN_WARNING "cciss: cmd %p was "
2551                        "aborted\n", cmd);
2552                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2553                         cmd->err_info->CommandStatus, DRIVER_OK,
2554                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2555                 break;
2556         case CMD_ABORT_FAILED:
2557                 printk(KERN_WARNING "cciss: cmd %p reports "
2558                        "abort failed\n", cmd);
2559                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2560                         cmd->err_info->CommandStatus, DRIVER_OK,
2561                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2562                 break;
2563         case CMD_UNSOLICITED_ABORT:
2564                 printk(KERN_WARNING "cciss%d: unsolicited "
2565                        "abort %p\n", h->ctlr, cmd);
2566                 if (cmd->retry_count < MAX_CMD_RETRIES) {
2567                         retry_cmd = 1;
2568                         printk(KERN_WARNING
2569                                "cciss%d: retrying %p\n", h->ctlr, cmd);
2570                         cmd->retry_count++;
2571                 } else
2572                         printk(KERN_WARNING
2573                                "cciss%d: %p retried too "
2574                                "many times\n", h->ctlr, cmd);
2575                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2576                         cmd->err_info->CommandStatus, DRIVER_OK,
2577                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2578                 break;
2579         case CMD_TIMEOUT:
2580                 printk(KERN_WARNING "cciss: cmd %p timedout\n", cmd);
2581                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2582                         cmd->err_info->CommandStatus, DRIVER_OK,
2583                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2584                 break;
2585         default:
2586                 printk(KERN_WARNING "cciss: cmd %p returned "
2587                        "unknown status %x\n", cmd,
2588                        cmd->err_info->CommandStatus);
2589                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2590                         cmd->err_info->CommandStatus, DRIVER_OK,
2591                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2592         }
2593
2594 after_error_processing:
2595
2596         /* We need to return this command */
2597         if (retry_cmd) {
2598                 resend_cciss_cmd(h, cmd);
2599                 return;
2600         }
2601         cmd->rq->completion_data = cmd;
2602         blk_complete_request(cmd->rq);
2603 }
2604
2605 /*
2606  * Get a request and submit it to the controller.
2607  */
2608 static void do_cciss_request(struct request_queue *q)
2609 {
2610         ctlr_info_t *h = q->queuedata;
2611         CommandList_struct *c;
2612         sector_t start_blk;
2613         int seg;
2614         struct request *creq;
2615         u64bit temp64;
2616         struct scatterlist tmp_sg[MAXSGENTRIES];
2617         drive_info_struct *drv;
2618         int i, dir;
2619
2620         /* We call start_io here in case there is a command waiting on the
2621          * queue that has not been sent.
2622          */
2623         if (blk_queue_plugged(q))
2624                 goto startio;
2625
2626       queue:
2627         creq = elv_next_request(q);
2628         if (!creq)
2629                 goto startio;
2630
2631         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
2632
2633         if ((c = cmd_alloc(h, 1)) == NULL)
2634                 goto full;
2635
2636         blkdev_dequeue_request(creq);
2637
2638         spin_unlock_irq(q->queue_lock);
2639
2640         c->cmd_type = CMD_RWREQ;
2641         c->rq = creq;
2642
2643         /* fill in the request */
2644         drv = creq->rq_disk->private_data;
2645         c->Header.ReplyQueue = 0;       // unused in simple mode
2646         /* got command from pool, so use the command block index instead */
2647         /* for direct lookups. */
2648         /* The first 2 bits are reserved for controller error reporting. */
2649         c->Header.Tag.lower = (c->cmdindex << 3);
2650         c->Header.Tag.lower |= 0x04;    /* flag for direct lookup. */
2651         c->Header.LUN.LogDev.VolId = drv->LunID;
2652         c->Header.LUN.LogDev.Mode = 1;
2653         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
2654         c->Request.Type.Type = TYPE_CMD;        // It is a command.
2655         c->Request.Type.Attribute = ATTR_SIMPLE;
2656         c->Request.Type.Direction =
2657             (rq_data_dir(creq) == READ) ? XFER_READ : XFER_WRITE;
2658         c->Request.Timeout = 0; // Don't time out
2659         c->Request.CDB[0] =
2660             (rq_data_dir(creq) == READ) ? h->cciss_read : h->cciss_write;
2661         start_blk = creq->sector;
2662 #ifdef CCISS_DEBUG
2663         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n", (int)creq->sector,
2664                (int)creq->nr_sectors);
2665 #endif                          /* CCISS_DEBUG */
2666
2667         sg_init_table(tmp_sg, MAXSGENTRIES);
2668         seg = blk_rq_map_sg(q, creq, tmp_sg);
2669
2670         /* get the DMA records for the setup */
2671         if (c->Request.Type.Direction == XFER_READ)
2672                 dir = PCI_DMA_FROMDEVICE;
2673         else
2674                 dir = PCI_DMA_TODEVICE;
2675
2676         for (i = 0; i < seg; i++) {
2677                 c->SG[i].Len = tmp_sg[i].length;
2678                 temp64.val = (__u64) pci_map_page(h->pdev, sg_page(&tmp_sg[i]),
2679                                                   tmp_sg[i].offset,
2680                                                   tmp_sg[i].length, dir);
2681                 c->SG[i].Addr.lower = temp64.val32.lower;
2682                 c->SG[i].Addr.upper = temp64.val32.upper;
2683                 c->SG[i].Ext = 0;       // we are not chaining
2684         }
2685         /* track how many SG entries we are using */
2686         if (seg > h->maxSG)
2687                 h->maxSG = seg;
2688
2689 #ifdef CCISS_DEBUG
2690         printk(KERN_DEBUG "cciss: Submitting %d sectors in %d segments\n",
2691                creq->nr_sectors, seg);
2692 #endif                          /* CCISS_DEBUG */
2693
2694         c->Header.SGList = c->Header.SGTotal = seg;
2695         if (likely(blk_fs_request(creq))) {
2696                 if(h->cciss_read == CCISS_READ_10) {
2697                         c->Request.CDB[1] = 0;
2698                         c->Request.CDB[2] = (start_blk >> 24) & 0xff;   //MSB
2699                         c->Request.CDB[3] = (start_blk >> 16) & 0xff;
2700                         c->Request.CDB[4] = (start_blk >> 8) & 0xff;
2701                         c->Request.CDB[5] = start_blk & 0xff;
2702                         c->Request.CDB[6] = 0;  // (sect >> 24) & 0xff; MSB
2703                         c->Request.CDB[7] = (creq->nr_sectors >> 8) & 0xff;
2704                         c->Request.CDB[8] = creq->nr_sectors & 0xff;
2705                         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
2706                 } else {
2707                         u32 upper32 = upper_32_bits(start_blk);
2708
2709                         c->Request.CDBLen = 16;
2710                         c->Request.CDB[1]= 0;
2711                         c->Request.CDB[2]= (upper32 >> 24) & 0xff;      //MSB
2712                         c->Request.CDB[3]= (upper32 >> 16) & 0xff;
2713                         c->Request.CDB[4]= (upper32 >>  8) & 0xff;
2714                         c->Request.CDB[5]= upper32 & 0xff;
2715                         c->Request.CDB[6]= (start_blk >> 24) & 0xff;
2716                         c->Request.CDB[7]= (start_blk >> 16) & 0xff;
2717                         c->Request.CDB[8]= (start_blk >>  8) & 0xff;
2718                         c->Request.CDB[9]= start_blk & 0xff;
2719                         c->Request.CDB[10]= (creq->nr_sectors >>  24) & 0xff;
2720                         c->Request.CDB[11]= (creq->nr_sectors >>  16) & 0xff;
2721                         c->Request.CDB[12]= (creq->nr_sectors >>  8) & 0xff;
2722                         c->Request.CDB[13]= creq->nr_sectors & 0xff;
2723                         c->Request.CDB[14] = c->Request.CDB[15] = 0;
2724                 }
2725         } else if (blk_pc_request(creq)) {
2726                 c->Request.CDBLen = creq->cmd_len;
2727                 memcpy(c->Request.CDB, creq->cmd, BLK_MAX_CDB);
2728         } else {
2729                 printk(KERN_WARNING "cciss%d: bad request type %d\n", h->ctlr, creq->cmd_type);
2730                 BUG();
2731         }
2732
2733         spin_lock_irq(q->queue_lock);
2734
2735         addQ(&(h->reqQ), c);
2736         h->Qdepth++;
2737         if (h->Qdepth > h->maxQsinceinit)
2738                 h->maxQsinceinit = h->Qdepth;
2739
2740         goto queue;
2741 full:
2742         blk_stop_queue(q);
2743 startio:
2744         /* We will already have the driver lock here so not need
2745          * to lock it.
2746          */
2747         start_io(h);
2748 }
2749
2750 static inline unsigned long get_next_completion(ctlr_info_t *h)
2751 {
2752 #ifdef CONFIG_CISS_SCSI_TAPE
2753         /* Any rejects from sendcmd() lying around? Process them first */
2754         if (h->scsi_rejects.ncompletions == 0)
2755                 return h->access.command_completed(h);
2756         else {
2757                 struct sendcmd_reject_list *srl;
2758                 int n;
2759                 srl = &h->scsi_rejects;
2760                 n = --srl->ncompletions;
2761                 /* printk("cciss%d: processing saved reject\n", h->ctlr); */
2762                 printk("p");
2763                 return srl->complete[n];
2764         }
2765 #else
2766         return h->access.command_completed(h);
2767 #endif
2768 }
2769
2770 static inline int interrupt_pending(ctlr_info_t *h)
2771 {
2772 #ifdef CONFIG_CISS_SCSI_TAPE
2773         return (h->access.intr_pending(h)
2774                 || (h->scsi_rejects.ncompletions > 0));
2775 #else
2776         return h->access.intr_pending(h);
2777 #endif
2778 }
2779
2780 static inline long interrupt_not_for_us(ctlr_info_t *h)
2781 {
2782 #ifdef CONFIG_CISS_SCSI_TAPE
2783         return (((h->access.intr_pending(h) == 0) ||
2784                  (h->interrupts_enabled == 0))
2785                 && (h->scsi_rejects.ncompletions == 0));
2786 #else
2787         return (((h->access.intr_pending(h) == 0) ||
2788                  (h->interrupts_enabled == 0)));
2789 #endif
2790 }
2791
2792 static irqreturn_t do_cciss_intr(int irq, void *dev_id)
2793 {
2794         ctlr_info_t *h = dev_id;
2795         CommandList_struct *c;
2796         unsigned long flags;
2797         __u32 a, a1, a2;
2798
2799         if (interrupt_not_for_us(h))
2800                 return IRQ_NONE;
2801         /*
2802          * If there are completed commands in the completion queue,
2803          * we had better do something about it.
2804          */
2805         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2806         while (interrupt_pending(h)) {
2807                 while ((a = get_next_completion(h)) != FIFO_EMPTY) {
2808                         a1 = a;
2809                         if ((a & 0x04)) {
2810                                 a2 = (a >> 3);
2811                                 if (a2 >= h->nr_cmds) {
2812                                         printk(KERN_WARNING
2813                                                "cciss: controller cciss%d failed, stopping.\n",
2814                                                h->ctlr);
2815                                         fail_all_cmds(h->ctlr);
2816                                         return IRQ_HANDLED;
2817                                 }
2818
2819                                 c = h->cmd_pool + a2;
2820                                 a = c->busaddr;
2821
2822                         } else {
2823                                 a &= ~3;
2824                                 if ((c = h->cmpQ) == NULL) {
2825                                         printk(KERN_WARNING
2826                                                "cciss: Completion of %08x ignored\n",
2827                                                a1);
2828                                         continue;
2829                                 }
2830                                 while (c->busaddr != a) {
2831                                         c = c->next;
2832                                         if (c == h->cmpQ)
2833                                                 break;
2834                                 }
2835                         }
2836                         /*
2837                          * If we've found the command, take it off the
2838                          * completion Q and free it
2839                          */
2840                         if (c->busaddr == a) {
2841                                 removeQ(&h->cmpQ, c);
2842                                 if (c->cmd_type == CMD_RWREQ) {
2843                                         complete_command(h, c, 0);
2844                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
2845                                         complete(c->waiting);
2846                                 }
2847 #                               ifdef CONFIG_CISS_SCSI_TAPE
2848                                 else if (c->cmd_type == CMD_SCSI)
2849                                         complete_scsi_command(c, 0, a1);
2850 #                               endif
2851                                 continue;
2852                         }
2853                 }
2854         }
2855
2856         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
2857         return IRQ_HANDLED;
2858 }
2859
2860 /*
2861  *  We cannot read the structure directly, for portability we must use
2862  *   the io functions.
2863  *   This is for debug only.
2864  */
2865 #ifdef CCISS_DEBUG
2866 static void print_cfg_table(CfgTable_struct *tb)
2867 {
2868         int i;
2869         char temp_name[17];
2870
2871         printk("Controller Configuration information\n");
2872         printk("------------------------------------\n");
2873         for (i = 0; i < 4; i++)
2874                 temp_name[i] = readb(&(tb->Signature[i]));
2875         temp_name[4] = '\0';
2876         printk("   Signature = %s\n", temp_name);
2877         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
2878         printk("   Transport methods supported = 0x%x\n",
2879                readl(&(tb->TransportSupport)));
2880         printk("   Transport methods active = 0x%x\n",
2881                readl(&(tb->TransportActive)));
2882         printk("   Requested transport Method = 0x%x\n",
2883                readl(&(tb->HostWrite.TransportRequest)));
2884         printk("   Coalesce Interrupt Delay = 0x%x\n",
2885                readl(&(tb->HostWrite.CoalIntDelay)));
2886         printk("   Coalesce Interrupt Count = 0x%x\n",
2887                readl(&(tb->HostWrite.CoalIntCount)));
2888         printk("   Max outstanding commands = 0x%d\n",
2889                readl(&(tb->CmdsOutMax)));
2890         printk("   Bus Types = 0x%x\n", readl(&(tb->BusTypes)));
2891         for (i = 0; i < 16; i++)
2892                 temp_name[i] = readb(&(tb->ServerName[i]));
2893         temp_name[16] = '\0';
2894         printk("   Server Name = %s\n", temp_name);
2895         printk("   Heartbeat Counter = 0x%x\n\n\n", readl(&(tb->HeartBeat)));
2896 }
2897 #endif                          /* CCISS_DEBUG */
2898
2899 static int find_PCI_BAR_index(struct pci_dev *pdev, unsigned long pci_bar_addr)
2900 {
2901         int i, offset, mem_type, bar_type;
2902         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
2903                 return 0;
2904         offset = 0;
2905         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
2906                 bar_type = pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE;
2907                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
2908                         offset += 4;
2909                 else {
2910                         mem_type = pci_resource_flags(pdev, i) &
2911                             PCI_BASE_ADDRESS_MEM_TYPE_MASK;
2912                         switch (mem_type) {
2913                         case PCI_BASE_ADDRESS_MEM_TYPE_32:
2914                         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
2915                                 offset += 4;    /* 32 bit */
2916                                 break;
2917                         case PCI_BASE_ADDRESS_MEM_TYPE_64:
2918                                 offset += 8;
2919                                 break;
2920                         default:        /* reserved in PCI 2.2 */
2921                                 printk(KERN_WARNING
2922                                        "Base address is invalid\n");
2923                                 return -1;
2924                                 break;
2925                         }
2926                 }
2927                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
2928                         return i + 1;
2929         }
2930         return -1;
2931 }
2932
2933 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
2934  * controllers that are capable. If not, we use IO-APIC mode.
2935  */
2936
2937 static void __devinit cciss_interrupt_mode(ctlr_info_t *c,
2938                                            struct pci_dev *pdev, __u32 board_id)
2939 {
2940 #ifdef CONFIG_PCI_MSI
2941         int err;
2942         struct msix_entry cciss_msix_entries[4] = { {0, 0}, {0, 1},
2943         {0, 2}, {0, 3}
2944         };
2945
2946         /* Some boards advertise MSI but don't really support it */
2947         if ((board_id == 0x40700E11) ||
2948             (board_id == 0x40800E11) ||
2949             (board_id == 0x40820E11) || (board_id == 0x40830E11))
2950                 goto default_int_mode;
2951
2952         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
2953                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
2954                 if (!err) {
2955                         c->intr[0] = cciss_msix_entries[0].vector;
2956                         c->intr[1] = cciss_msix_entries[1].vector;
2957                         c->intr[2] = cciss_msix_entries[2].vector;
2958                         c->intr[3] = cciss_msix_entries[3].vector;
2959                         c->msix_vector = 1;
2960                         return;
2961                 }
2962                 if (err > 0) {
2963                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
2964                                "available\n", err);
2965                         goto default_int_mode;
2966                 } else {
2967                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
2968                                err);
2969                         goto default_int_mode;
2970                 }
2971         }
2972         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
2973                 if (!pci_enable_msi(pdev)) {
2974                         c->msi_vector = 1;
2975                 } else {
2976                         printk(KERN_WARNING "cciss: MSI init failed\n");
2977                 }
2978         }
2979 default_int_mode:
2980 #endif                          /* CONFIG_PCI_MSI */
2981         /* if we get here we're going to use the default interrupt mode */
2982         c->intr[SIMPLE_MODE_INT] = pdev->irq;
2983         return;
2984 }
2985
2986 static int __devinit cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
2987 {
2988         ushort subsystem_vendor_id, subsystem_device_id, command;
2989         __u32 board_id, scratchpad = 0;
2990         __u64 cfg_offset;
2991         __u32 cfg_base_addr;
2992         __u64 cfg_base_addr_index;
2993         int i, err;
2994
2995         /* check to see if controller has been disabled */
2996         /* BEFORE trying to enable it */
2997         (void)pci_read_config_word(pdev, PCI_COMMAND, &command);
2998         if (!(command & 0x02)) {
2999                 printk(KERN_WARNING
3000                        "cciss: controller appears to be disabled\n");
3001                 return -ENODEV;
3002         }
3003
3004         err = pci_enable_device(pdev);
3005         if (err) {
3006                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
3007                 return err;
3008         }
3009
3010         err = pci_request_regions(pdev, "cciss");
3011         if (err) {
3012                 printk(KERN_ERR "cciss: Cannot obtain PCI resources, "
3013                        "aborting\n");
3014                 return err;
3015         }
3016
3017         subsystem_vendor_id = pdev->subsystem_vendor;
3018         subsystem_device_id = pdev->subsystem_device;
3019         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
3020                     subsystem_vendor_id);
3021
3022 #ifdef CCISS_DEBUG
3023         printk("command = %x\n", command);
3024         printk("irq = %x\n", pdev->irq);
3025         printk("board_id = %x\n", board_id);
3026 #endif                          /* CCISS_DEBUG */
3027
3028 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
3029  * else we use the IO-APIC interrupt assigned to us by system ROM.
3030  */
3031         cciss_interrupt_mode(c, pdev, board_id);
3032
3033         /*
3034          * Memory base addr is first addr , the second points to the config
3035          *   table
3036          */
3037
3038         c->paddr = pci_resource_start(pdev, 0); /* addressing mode bits already removed */
3039 #ifdef CCISS_DEBUG
3040         printk("address 0 = %x\n", c->paddr);
3041 #endif                          /* CCISS_DEBUG */
3042         c->vaddr = remap_pci_mem(c->paddr, 0x250);
3043
3044         /* Wait for the board to become ready.  (PCI hotplug needs this.)
3045          * We poll for up to 120 secs, once per 100ms. */
3046         for (i = 0; i < 1200; i++) {
3047                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
3048                 if (scratchpad == CCISS_FIRMWARE_READY)
3049                         break;
3050                 set_current_state(TASK_INTERRUPTIBLE);
3051                 schedule_timeout(HZ / 10);      /* wait 100ms */
3052         }
3053         if (scratchpad != CCISS_FIRMWARE_READY) {
3054                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
3055                 err = -ENODEV;
3056                 goto err_out_free_res;
3057         }
3058
3059         /* get the address index number */
3060         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
3061         cfg_base_addr &= (__u32) 0x0000ffff;
3062 #ifdef CCISS_DEBUG
3063         printk("cfg base address = %x\n", cfg_base_addr);
3064 #endif                          /* CCISS_DEBUG */
3065         cfg_base_addr_index = find_PCI_BAR_index(pdev, cfg_base_addr);
3066 #ifdef CCISS_DEBUG
3067         printk("cfg base address index = %x\n", cfg_base_addr_index);
3068 #endif                          /* CCISS_DEBUG */
3069         if (cfg_base_addr_index == -1) {
3070                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
3071                 err = -ENODEV;
3072                 goto err_out_free_res;
3073         }
3074
3075         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
3076 #ifdef CCISS_DEBUG
3077         printk("cfg offset = %x\n", cfg_offset);
3078 #endif                          /* CCISS_DEBUG */
3079         c->cfgtable = remap_pci_mem(pci_resource_start(pdev,
3080                                                        cfg_base_addr_index) +
3081                                     cfg_offset, sizeof(CfgTable_struct));
3082         c->board_id = board_id;
3083
3084 #ifdef CCISS_DEBUG
3085         print_cfg_table(c->cfgtable);
3086 #endif                          /* CCISS_DEBUG */
3087
3088         /* Some controllers support Zero Memory Raid (ZMR).
3089          * When configured in ZMR mode the number of supported
3090          * commands drops to 64. So instead of just setting an
3091          * arbitrary value we make the driver a little smarter.
3092          * We read the config table to tell us how many commands
3093          * are supported on the controller then subtract 4 to
3094          * leave a little room for ioctl calls.
3095          */
3096         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3097         for (i = 0; i < ARRAY_SIZE(products); i++) {
3098                 if (board_id == products[i].board_id) {
3099                         c->product_name = products[i].product_name;
3100                         c->access = *(products[i].access);
3101                         c->nr_cmds = c->max_commands - 4;
3102                         break;
3103                 }
3104         }
3105         if ((readb(&c->cfgtable->Signature[0]) != 'C') ||
3106             (readb(&c->cfgtable->Signature[1]) != 'I') ||
3107             (readb(&c->cfgtable->Signature[2]) != 'S') ||
3108             (readb(&c->cfgtable->Signature[3]) != 'S')) {
3109                 printk("Does not appear to be a valid CISS config table\n");
3110                 err = -ENODEV;
3111                 goto err_out_free_res;
3112         }
3113         /* We didn't find the controller in our list. We know the
3114          * signature is valid. If it's an HP device let's try to
3115          * bind to the device and fire it up. Otherwise we bail.
3116          */
3117         if (i == ARRAY_SIZE(products)) {
3118                 if (subsystem_vendor_id == PCI_VENDOR_ID_HP) {
3119                         c->product_name = products[i-1].product_name;
3120                         c->access = *(products[i-1].access);
3121                         c->nr_cmds = c->max_commands - 4;
3122                         printk(KERN_WARNING "cciss: This is an unknown "
3123                                 "Smart Array controller.\n"
3124                                 "cciss: Please update to the latest driver "
3125                                 "available from www.hp.com.\n");
3126                 } else {
3127                         printk(KERN_WARNING "cciss: Sorry, I don't know how"
3128                                 " to access the Smart Array controller %08lx\n"
3129                                         , (unsigned long)board_id);
3130                         err = -ENODEV;
3131                         goto err_out_free_res;
3132                 }
3133         }
3134 #ifdef CONFIG_X86
3135         {
3136                 /* Need to enable prefetch in the SCSI core for 6400 in x86 */
3137                 __u32 prefetch;
3138                 prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
3139                 prefetch |= 0x100;
3140                 writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
3141         }
3142 #endif
3143
3144         /* Disabling DMA prefetch and refetch for the P600.
3145          * An ASIC bug may result in accesses to invalid memory addresses.
3146          * We've disabled prefetch for some time now. Testing with XEN
3147          * kernels revealed a bug in the refetch if dom0 resides on a P600.
3148          */
3149         if(board_id == 0x3225103C) {
3150                 __u32 dma_prefetch;
3151                 __u32 dma_refetch;
3152                 dma_prefetch = readl(c->vaddr + I2O_DMA1_CFG);
3153                 dma_prefetch |= 0x8000;
3154                 writel(dma_prefetch, c->vaddr + I2O_DMA1_CFG);
3155                 pci_read_config_dword(pdev, PCI_COMMAND_PARITY, &dma_refetch);
3156                 dma_refetch |= 0x1;
3157                 pci_write_config_dword(pdev, PCI_COMMAND_PARITY, dma_refetch);
3158         }
3159
3160 #ifdef CCISS_DEBUG
3161         printk("Trying to put board into Simple mode\n");
3162 #endif                          /* CCISS_DEBUG */
3163         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3164         /* Update the field, and then ring the doorbell */
3165         writel(CFGTBL_Trans_Simple, &(c->cfgtable->HostWrite.TransportRequest));
3166         writel(CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
3167
3168         /* under certain very rare conditions, this can take awhile.
3169          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
3170          * as we enter this code.) */
3171         for (i = 0; i < MAX_CONFIG_WAIT; i++) {
3172                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
3173                         break;
3174                 /* delay and try again */
3175                 set_current_state(TASK_INTERRUPTIBLE);
3176                 schedule_timeout(10);
3177         }
3178
3179 #ifdef CCISS_DEBUG
3180         printk(KERN_DEBUG "I counter got to %d %x\n", i,
3181                readl(c->vaddr + SA5_DOORBELL));
3182 #endif                          /* CCISS_DEBUG */
3183 #ifdef CCISS_DEBUG
3184         print_cfg_table(c->cfgtable);
3185 #endif                          /* CCISS_DEBUG */
3186
3187         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple)) {
3188                 printk(KERN_WARNING "cciss: unable to get board into"
3189                        " simple mode\n");
3190                 err = -ENODEV;
3191                 goto err_out_free_res;
3192         }
3193         return 0;
3194
3195 err_out_free_res:
3196         /*
3197          * Deliberately omit pci_disable_device(): it does something nasty to
3198          * Smart Array controllers that pci_enable_device does not undo
3199          */
3200         pci_release_regions(pdev);
3201         return err;
3202 }
3203
3204 /*
3205  * Gets information about the local volumes attached to the controller.
3206  */
3207 static void cciss_getgeometry(int cntl_num)
3208 {
3209         ReportLunData_struct *ld_buff;
3210         InquiryData_struct *inq_buff;
3211         int return_code;
3212         int i;
3213         int listlength = 0;
3214         __u32 lunid = 0;
3215         unsigned block_size;
3216         sector_t total_size;
3217
3218         ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
3219         if (ld_buff == NULL) {
3220                 printk(KERN_ERR "cciss: out of memory\n");
3221                 return;
3222         }
3223         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
3224         if (inq_buff == NULL) {
3225                 printk(KERN_ERR "cciss: out of memory\n");
3226                 kfree(ld_buff);
3227                 return;
3228         }
3229         /* Get the firmware version */
3230         return_code = sendcmd(CISS_INQUIRY, cntl_num, inq_buff,
3231                               sizeof(InquiryData_struct), 0, 0, 0, NULL,
3232                               TYPE_CMD);
3233         if (return_code == IO_OK) {
3234                 hba[cntl_num]->firm_ver[0] = inq_buff->data_byte[32];
3235                 hba[cntl_num]->firm_ver[1] = inq_buff->data_byte[33];
3236                 hba[cntl_num]->firm_ver[2] = inq_buff->data_byte[34];
3237                 hba[cntl_num]->firm_ver[3] = inq_buff->data_byte[35];
3238         } else {                /* send command failed */
3239
3240                 printk(KERN_WARNING "cciss: unable to determine firmware"
3241                        " version of controller\n");
3242         }
3243         /* Get the number of logical volumes */
3244         return_code = sendcmd(CISS_REPORT_LOG, cntl_num, ld_buff,
3245                               sizeof(ReportLunData_struct), 0, 0, 0, NULL,
3246                               TYPE_CMD);
3247
3248         if (return_code == IO_OK) {
3249 #ifdef CCISS_DEBUG
3250                 printk("LUN Data\n--------------------------\n");
3251 #endif                          /* CCISS_DEBUG */
3252
3253                 listlength |=
3254                     (0xff & (unsigned int)(ld_buff->LUNListLength[0])) << 24;
3255                 listlength |=
3256                     (0xff & (unsigned int)(ld_buff->LUNListLength[1])) << 16;
3257                 listlength |=
3258                     (0xff & (unsigned int)(ld_buff->LUNListLength[2])) << 8;
3259                 listlength |= 0xff & (unsigned int)(ld_buff->LUNListLength[3]);
3260         } else {                /* reading number of logical volumes failed */
3261
3262                 printk(KERN_WARNING "cciss: report logical volume"
3263                        " command failed\n");
3264                 listlength = 0;
3265         }
3266         hba[cntl_num]->num_luns = listlength / 8;       // 8 bytes pre entry
3267         if (hba[cntl_num]->num_luns > CISS_MAX_LUN) {
3268                 printk(KERN_ERR
3269                        "ciss:  only %d number of logical volumes supported\n",
3270                        CISS_MAX_LUN);
3271                 hba[cntl_num]->num_luns = CISS_MAX_LUN;
3272         }
3273 #ifdef CCISS_DEBUG
3274         printk(KERN_DEBUG "Length = %x %x %x %x = %d\n",
3275                ld_buff->LUNListLength[0], ld_buff->LUNListLength[1],
3276                ld_buff->LUNListLength[2], ld_buff->LUNListLength[3],
3277                hba[cntl_num]->num_luns);
3278 #endif                          /* CCISS_DEBUG */
3279
3280         hba[cntl_num]->highest_lun = hba[cntl_num]->num_luns - 1;
3281         for (i = 0; i < CISS_MAX_LUN; i++) {
3282                 if (i < hba[cntl_num]->num_luns) {
3283                         lunid = (0xff & (unsigned int)(ld_buff->LUN[i][3]))
3284                             << 24;
3285                         lunid |= (0xff & (unsigned int)(ld_buff->LUN[i][2]))
3286                             << 16;
3287                         lunid |= (0xff & (unsigned int)(ld_buff->LUN[i][1]))
3288                             << 8;
3289                         lunid |= 0xff & (unsigned int)(ld_buff->LUN[i][0]);
3290
3291                         hba[cntl_num]->drv[i].LunID = lunid;
3292
3293 #ifdef CCISS_DEBUG
3294                         printk(KERN_DEBUG "LUN[%d]:  %x %x %x %x = %x\n", i,
3295                                ld_buff->LUN[i][0], ld_buff->LUN[i][1],
3296                                ld_buff->LUN[i][2], ld_buff->LUN[i][3],
3297                                hba[cntl_num]->drv[i].LunID);
3298 #endif                          /* CCISS_DEBUG */
3299
3300                 /* testing to see if 16-byte CDBs are already being used */
3301                 if(hba[cntl_num]->cciss_read == CCISS_READ_16) {
3302                         cciss_read_capacity_16(cntl_num, i, 0,
3303                                             &total_size, &block_size);
3304                         goto geo_inq;
3305                 }
3306                 cciss_read_capacity(cntl_num, i, 0, &total_size, &block_size);
3307
3308                 /* If read_capacity returns all F's the logical is >2TB */
3309                 /* so we switch to 16-byte CDBs for all read/write ops */
3310                 if(total_size == 0xFFFFFFFFULL) {
3311                         cciss_read_capacity_16(cntl_num, i, 0,
3312                         &total_size, &block_size);
3313                         hba[cntl_num]->cciss_read = CCISS_READ_16;
3314                         hba[cntl_num]->cciss_write = CCISS_WRITE_16;
3315                 } else {
3316                         hba[cntl_num]->cciss_read = CCISS_READ_10;
3317                         hba[cntl_num]->cciss_write = CCISS_WRITE_10;
3318                 }
3319 geo_inq:
3320                         cciss_geometry_inquiry(cntl_num, i, 0, total_size,
3321                                                block_size, inq_buff,
3322                                                &hba[cntl_num]->drv[i]);
3323                 } else {
3324                         /* initialize raid_level to indicate a free space */
3325                         hba[cntl_num]->drv[i].raid_level = -1;
3326                 }
3327         }
3328         kfree(ld_buff);
3329         kfree(inq_buff);
3330 }
3331
3332 /* Function to find the first free pointer into our hba[] array */
3333 /* Returns -1 if no free entries are left.  */
3334 static int alloc_cciss_hba(void)
3335 {
3336         int i;
3337
3338         for (i = 0; i < MAX_CTLR; i++) {
3339                 if (!hba[i]) {
3340                         ctlr_info_t *p;
3341
3342                         p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3343                         if (!p)
3344                                 goto Enomem;
3345                         p->gendisk[0] = alloc_disk(1 << NWD_SHIFT);
3346                         if (!p->gendisk[0]) {
3347                                 kfree(p);
3348                                 goto Enomem;
3349                         }
3350                         hba[i] = p;
3351                         return i;
3352                 }
3353         }
3354         printk(KERN_WARNING "cciss: This driver supports a maximum"
3355                " of %d controllers.\n", MAX_CTLR);
3356         return -1;
3357 Enomem:
3358         printk(KERN_ERR "cciss: out of memory.\n");
3359         return -1;
3360 }
3361
3362 static void free_hba(int i)
3363 {
3364         ctlr_info_t *p = hba[i];
3365         int n;
3366
3367         hba[i] = NULL;
3368         for (n = 0; n < CISS_MAX_LUN; n++)
3369                 put_disk(p->gendisk[n]);
3370         kfree(p);
3371 }
3372
3373 /*
3374  *  This is it.  Find all the controllers and register them.  I really hate
3375  *  stealing all these major device numbers.
3376  *  returns the number of block devices registered.
3377  */
3378 static int __devinit cciss_init_one(struct pci_dev *pdev,
3379                                     const struct pci_device_id *ent)
3380 {
3381         int i;
3382         int j = 0;
3383         int rc;
3384         int dac;
3385
3386         i = alloc_cciss_hba();
3387         if (i < 0)
3388                 return -1;
3389
3390         hba[i]->busy_initializing = 1;
3391
3392         if (cciss_pci_init(hba[i], pdev) != 0)
3393                 goto clean1;
3394
3395         sprintf(hba[i]->devname, "cciss%d", i);
3396         hba[i]->ctlr = i;
3397         hba[i]->pdev = pdev;
3398
3399         /* configure PCI DMA stuff */
3400         if (!pci_set_dma_mask(pdev, DMA_64BIT_MASK))
3401                 dac = 1;
3402         else if (!pci_set_dma_mask(pdev, DMA_32BIT_MASK))
3403                 dac = 0;
3404         else {
3405                 printk(KERN_ERR "cciss: no suitable DMA available\n");
3406                 goto clean1;
3407         }
3408
3409         /*
3410          * register with the major number, or get a dynamic major number
3411          * by passing 0 as argument.  This is done for greater than
3412          * 8 controller support.
3413          */
3414         if (i < MAX_CTLR_ORIG)
3415                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
3416         rc = register_blkdev(hba[i]->major, hba[i]->devname);
3417         if (rc == -EBUSY || rc == -EINVAL) {
3418                 printk(KERN_ERR
3419                        "cciss:  Unable to get major number %d for %s "
3420                        "on hba %d\n", hba[i]->major, hba[i]->devname, i);
3421                 goto clean1;
3422         } else {
3423                 if (i >= MAX_CTLR_ORIG)
3424                         hba[i]->major = rc;
3425         }
3426
3427         /* make sure the board interrupts are off */
3428         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
3429         if (request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
3430                         IRQF_DISABLED | IRQF_SHARED, hba[i]->devname, hba[i])) {
3431                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
3432                        hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
3433                 goto clean2;
3434         }
3435
3436         printk(KERN_INFO "%s: <0x%x> at PCI %s IRQ %d%s using DAC\n",
3437                hba[i]->devname, pdev->device, pci_name(pdev),
3438                hba[i]->intr[SIMPLE_MODE_INT], dac ? "" : " not");
3439
3440         hba[i]->cmd_pool_bits =
3441             kmalloc(((hba[i]->nr_cmds + BITS_PER_LONG -
3442                       1) / BITS_PER_LONG) * sizeof(unsigned long), GFP_KERNEL);
3443         hba[i]->cmd_pool = (CommandList_struct *)
3444             pci_alloc_consistent(hba[i]->pdev,
3445                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3446                     &(hba[i]->cmd_pool_dhandle));
3447         hba[i]->errinfo_pool = (ErrorInfo_struct *)
3448             pci_alloc_consistent(hba[i]->pdev,
3449                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3450                     &(hba[i]->errinfo_pool_dhandle));
3451         if ((hba[i]->cmd_pool_bits == NULL)
3452             || (hba[i]->cmd_pool == NULL)
3453             || (hba[i]->errinfo_pool == NULL)) {
3454                 printk(KERN_ERR "cciss: out of memory");
3455                 goto clean4;
3456         }
3457 #ifdef CONFIG_CISS_SCSI_TAPE
3458         hba[i]->scsi_rejects.complete =
3459             kmalloc(sizeof(hba[i]->scsi_rejects.complete[0]) *
3460                     (hba[i]->nr_cmds + 5), GFP_KERNEL);
3461         if (hba[i]->scsi_rejects.complete == NULL) {
3462                 printk(KERN_ERR "cciss: out of memory");
3463                 goto clean4;
3464         }
3465 #endif
3466         spin_lock_init(&hba[i]->lock);
3467
3468         /* Initialize the pdev driver private data.
3469            have it point to hba[i].  */
3470         pci_set_drvdata(pdev, hba[i]);
3471         /* command and error info recs zeroed out before
3472            they are used */
3473         memset(hba[i]->cmd_pool_bits, 0,
3474                ((hba[i]->nr_cmds + BITS_PER_LONG -
3475                  1) / BITS_PER_LONG) * sizeof(unsigned long));
3476
3477 #ifdef CCISS_DEBUG
3478         printk(KERN_DEBUG "Scanning for drives on controller cciss%d\n", i);
3479 #endif                          /* CCISS_DEBUG */
3480
3481         cciss_getgeometry(i);
3482
3483         cciss_scsi_setup(i);
3484
3485         /* Turn the interrupts on so we can service requests */
3486         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
3487
3488         cciss_procinit(i);
3489
3490         hba[i]->cciss_max_sectors = 2048;
3491
3492         hba[i]->busy_initializing = 0;
3493
3494         do {
3495                 drive_info_struct *drv = &(hba[i]->drv[j]);
3496                 struct gendisk *disk = hba[i]->gendisk[j];
3497                 struct request_queue *q;
3498
3499                 /* Check if the disk was allocated already */
3500                 if (!disk){
3501                         hba[i]->gendisk[j] = alloc_disk(1 << NWD_SHIFT);
3502                         disk = hba[i]->gendisk[j];
3503                 }
3504
3505                 /* Check that the disk was able to be allocated */
3506                 if (!disk) {
3507                         printk(KERN_ERR "cciss: unable to allocate memory for disk %d\n", j);
3508                         goto clean4;
3509                 }
3510
3511                 q = blk_init_queue(do_cciss_request, &hba[i]->lock);
3512                 if (!q) {
3513                         printk(KERN_ERR
3514                                "cciss:  unable to allocate queue for disk %d\n",
3515                                j);
3516                         goto clean4;
3517                 }
3518                 drv->queue = q;
3519
3520                 blk_queue_bounce_limit(q, hba[i]->pdev->dma_mask);
3521
3522                 /* This is a hardware imposed limit. */
3523                 blk_queue_max_hw_segments(q, MAXSGENTRIES);
3524
3525                 /* This is a limit in the driver and could be eliminated. */
3526                 blk_queue_max_phys_segments(q, MAXSGENTRIES);
3527
3528                 blk_queue_max_sectors(q, hba[i]->cciss_max_sectors);
3529
3530                 blk_queue_softirq_done(q, cciss_softirq_done);
3531
3532                 q->queuedata = hba[i];
3533                 sprintf(disk->disk_name, "cciss/c%dd%d", i, j);
3534                 disk->major = hba[i]->major;
3535                 disk->first_minor = j << NWD_SHIFT;
3536                 disk->fops = &cciss_fops;
3537                 disk->queue = q;
3538                 disk->private_data = drv;
3539                 disk->driverfs_dev = &pdev->dev;
3540                 /* we must register the controller even if no disks exist */
3541                 /* this is for the online array utilities */
3542                 if (!drv->heads && j)
3543                         continue;
3544                 blk_queue_hardsect_size(q, drv->block_size);
3545                 set_capacity(disk, drv->nr_blocks);
3546                 j++;
3547         } while (j <= hba[i]->highest_lun);
3548
3549         /* Make sure all queue data is written out before */
3550         /* interrupt handler, triggered by add_disk,  */
3551         /* is allowed to start them. */
3552         wmb();
3553
3554         for (j = 0; j <= hba[i]->highest_lun; j++)
3555                 add_disk(hba[i]->gendisk[j]);
3556
3557         /* we must register the controller even if no disks exist */
3558         if (hba[i]->highest_lun == -1)
3559                 add_disk(hba[i]->gendisk[0]);
3560
3561         return 1;
3562
3563       clean4:
3564 #ifdef CONFIG_CISS_SCSI_TAPE
3565         kfree(hba[i]->scsi_rejects.complete);
3566 #endif
3567         kfree(hba[i]->cmd_pool_bits);
3568         if (hba[i]->cmd_pool)
3569                 pci_free_consistent(hba[i]->pdev,
3570                                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3571                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3572         if (hba[i]->errinfo_pool)
3573                 pci_free_consistent(hba[i]->pdev,
3574                                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3575                                     hba[i]->errinfo_pool,
3576                                     hba[i]->errinfo_pool_dhandle);
3577         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
3578       clean2:
3579         unregister_blkdev(hba[i]->major, hba[i]->devname);
3580       clean1:
3581         hba[i]->busy_initializing = 0;
3582         /* cleanup any queues that may have been initialized */
3583         for (j=0; j <= hba[i]->highest_lun; j++){
3584                 drive_info_struct *drv = &(hba[i]->drv[j]);
3585                 if (drv->queue)
3586                         blk_cleanup_queue(drv->queue);
3587         }
3588         /*
3589          * Deliberately omit pci_disable_device(): it does something nasty to
3590          * Smart Array controllers that pci_enable_device does not undo
3591          */
3592         pci_release_regions(pdev);
3593         pci_set_drvdata(pdev, NULL);
3594         free_hba(i);
3595         return -1;
3596 }
3597
3598 static void cciss_shutdown(struct pci_dev *pdev)
3599 {
3600         ctlr_info_t *tmp_ptr;
3601         int i;
3602         char flush_buf[4];
3603         int return_code;
3604
3605         tmp_ptr = pci_get_drvdata(pdev);
3606         if (tmp_ptr == NULL)
3607                 return;
3608         i = tmp_ptr->ctlr;
3609         if (hba[i] == NULL)
3610                 return;
3611
3612         /* Turn board interrupts off  and send the flush cache command */
3613         /* sendcmd will turn off interrupt, and send the flush...
3614          * To write all data in the battery backed cache to disks */
3615         memset(flush_buf, 0, 4);
3616         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0, 0, 0, NULL,
3617                               TYPE_CMD);
3618         if (return_code == IO_OK) {
3619                 printk(KERN_INFO "Completed flushing cache on controller %d\n", i);
3620         } else {
3621                 printk(KERN_WARNING "Error flushing cache on controller %d\n", i);
3622         }
3623         free_irq(hba[i]->intr[2], hba[i]);
3624 }
3625
3626 static void __devexit cciss_remove_one(struct pci_dev *pdev)
3627 {
3628         ctlr_info_t *tmp_ptr;
3629         int i, j;
3630
3631         if (pci_get_drvdata(pdev) == NULL) {
3632                 printk(KERN_ERR "cciss: Unable to remove device \n");
3633                 return;
3634         }
3635         tmp_ptr = pci_get_drvdata(pdev);
3636         i = tmp_ptr->ctlr;
3637         if (hba[i] == NULL) {
3638                 printk(KERN_ERR "cciss: device appears to "
3639                        "already be removed \n");
3640                 return;
3641         }
3642
3643         remove_proc_entry(hba[i]->devname, proc_cciss);
3644         unregister_blkdev(hba[i]->major, hba[i]->devname);
3645
3646         /* remove it from the disk list */
3647         for (j = 0; j < CISS_MAX_LUN; j++) {
3648                 struct gendisk *disk = hba[i]->gendisk[j];
3649                 if (disk) {
3650                         struct request_queue *q = disk->queue;
3651
3652                         if (disk->flags & GENHD_FL_UP)
3653                                 del_gendisk(disk);
3654                         if (q)
3655                                 blk_cleanup_queue(q);
3656                 }
3657         }
3658
3659         cciss_unregister_scsi(i);       /* unhook from SCSI subsystem */
3660
3661         cciss_shutdown(pdev);
3662
3663 #ifdef CONFIG_PCI_MSI
3664         if (hba[i]->msix_vector)
3665                 pci_disable_msix(hba[i]->pdev);
3666         else if (hba[i]->msi_vector)
3667                 pci_disable_msi(hba[i]->pdev);
3668 #endif                          /* CONFIG_PCI_MSI */
3669
3670         iounmap(hba[i]->vaddr);
3671
3672         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(CommandList_struct),
3673                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3674         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3675                             hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
3676         kfree(hba[i]->cmd_pool_bits);
3677 #ifdef CONFIG_CISS_SCSI_TAPE
3678         kfree(hba[i]->scsi_rejects.complete);
3679 #endif
3680         /*
3681          * Deliberately omit pci_disable_device(): it does something nasty to
3682          * Smart Array controllers that pci_enable_device does not undo
3683          */
3684         pci_release_regions(pdev);
3685         pci_set_drvdata(pdev, NULL);
3686         free_hba(i);
3687 }
3688
3689 static struct pci_driver cciss_pci_driver = {
3690         .name = "cciss",
3691         .probe = cciss_init_one,
3692         .remove = __devexit_p(cciss_remove_one),
3693         .id_table = cciss_pci_device_id,        /* id_table */
3694         .shutdown = cciss_shutdown,
3695 };
3696
3697 /*
3698  *  This is it.  Register the PCI driver information for the cards we control
3699  *  the OS will call our registered routines when it finds one of our cards.
3700  */
3701 static int __init cciss_init(void)
3702 {
3703         printk(KERN_INFO DRIVER_NAME "\n");
3704
3705         /* Register for our PCI devices */
3706         return pci_register_driver(&cciss_pci_driver);
3707 }
3708
3709 static void __exit cciss_cleanup(void)
3710 {
3711         int i;
3712
3713         pci_unregister_driver(&cciss_pci_driver);
3714         /* double check that all controller entrys have been removed */
3715         for (i = 0; i < MAX_CTLR; i++) {
3716                 if (hba[i] != NULL) {
3717                         printk(KERN_WARNING "cciss: had to remove"
3718                                " controller %d\n", i);
3719                         cciss_remove_one(hba[i]->pdev);
3720                 }
3721         }
3722         remove_proc_entry("driver/cciss", NULL);
3723 }
3724
3725 static void fail_all_cmds(unsigned long ctlr)
3726 {
3727         /* If we get here, the board is apparently dead. */
3728         ctlr_info_t *h = hba[ctlr];
3729         CommandList_struct *c;
3730         unsigned long flags;
3731
3732         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
3733         h->alive = 0;           /* the controller apparently died... */
3734
3735         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
3736
3737         pci_disable_device(h->pdev);    /* Make sure it is really dead. */
3738
3739         /* move everything off the request queue onto the completed queue */
3740         while ((c = h->reqQ) != NULL) {
3741                 removeQ(&(h->reqQ), c);
3742                 h->Qdepth--;
3743                 addQ(&(h->cmpQ), c);
3744         }
3745
3746         /* Now, fail everything on the completed queue with a HW error */
3747         while ((c = h->cmpQ) != NULL) {
3748                 removeQ(&h->cmpQ, c);
3749                 c->err_info->CommandStatus = CMD_HARDWARE_ERR;
3750                 if (c->cmd_type == CMD_RWREQ) {
3751                         complete_command(h, c, 0);
3752                 } else if (c->cmd_type == CMD_IOCTL_PEND)
3753                         complete(c->waiting);
3754 #ifdef CONFIG_CISS_SCSI_TAPE
3755                 else if (c->cmd_type == CMD_SCSI)
3756                         complete_scsi_command(c, 0, 0);
3757 #endif
3758         }
3759         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
3760         return;
3761 }
3762
3763 module_init(cciss_init);
3764 module_exit(cciss_cleanup);