ide: remove broken/dangerous HDIO_[UNREGISTER,SCAN]_HWIF ioctls (take 3)
[linux-2.6] / drivers / message / fusion / mptctl.c
1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI PCI chip/adapters
5  *      running LSI Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2007 LSI Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>        /* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/smp_lock.h>
58 #include <linux/compat.h>
59
60 #include <asm/io.h>
61 #include <asm/uaccess.h>
62
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68
69 #define COPYRIGHT       "Copyright (c) 1999-2007 LSI Corporation"
70 #define MODULEAUTHOR    "LSI Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME         "Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION      MPT_LINUX_VERSION_COMMON
77 #define MYNAM           "mptctl"
78
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85
86 static u8 mptctl_id = MPT_MAX_PROTOCOL_DRIVERS;
87
88 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
89
90 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
91
92 struct buflist {
93         u8      *kptr;
94         int      len;
95 };
96
97 /*
98  * Function prototypes. Called from OS entry point mptctl_ioctl.
99  * arg contents specific to function.
100  */
101 static int mptctl_fw_download(unsigned long arg);
102 static int mptctl_getiocinfo(unsigned long arg, unsigned int cmd);
103 static int mptctl_gettargetinfo(unsigned long arg);
104 static int mptctl_readtest(unsigned long arg);
105 static int mptctl_mpt_command(unsigned long arg);
106 static int mptctl_eventquery(unsigned long arg);
107 static int mptctl_eventenable(unsigned long arg);
108 static int mptctl_eventreport(unsigned long arg);
109 static int mptctl_replace_fw(unsigned long arg);
110
111 static int mptctl_do_reset(unsigned long arg);
112 static int mptctl_hp_hostinfo(unsigned long arg, unsigned int cmd);
113 static int mptctl_hp_targetinfo(unsigned long arg);
114
115 static int  mptctl_probe(struct pci_dev *, const struct pci_device_id *);
116 static void mptctl_remove(struct pci_dev *);
117
118 #ifdef CONFIG_COMPAT
119 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
120 #endif
121 /*
122  * Private function calls.
123  */
124 static int mptctl_do_mpt_command(struct mpt_ioctl_command karg, void __user *mfPtr);
125 static int mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen);
126 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
127                 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
128 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
129                 struct buflist *buflist, MPT_ADAPTER *ioc);
130 static void mptctl_timeout_expired (MPT_IOCTL *ioctl);
131 static int  mptctl_bus_reset(MPT_IOCTL *ioctl);
132 static int mptctl_set_tm_flags(MPT_SCSI_HOST *hd);
133 static void mptctl_free_tm_flags(MPT_ADAPTER *ioc);
134
135 /*
136  * Reset Handler cleanup function
137  */
138 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
139
140 /*
141  * Event Handler function
142  */
143 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
144 static struct fasync_struct *async_queue=NULL;
145
146 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
147 /*
148  * Scatter gather list (SGL) sizes and limits...
149  */
150 //#define MAX_SCSI_FRAGS        9
151 #define MAX_FRAGS_SPILL1        9
152 #define MAX_FRAGS_SPILL2        15
153 #define FRAGS_PER_BUCKET        (MAX_FRAGS_SPILL2 + 1)
154
155 //#define MAX_CHAIN_FRAGS       64
156 //#define MAX_CHAIN_FRAGS       (15+15+15+16)
157 #define MAX_CHAIN_FRAGS         (4 * MAX_FRAGS_SPILL2 + 1)
158
159 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
160 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
161 //                  ^----------------- 80 + 512
162 #define MAX_SGL_BYTES           ((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
163
164 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
165 #define MAX_KMALLOC_SZ          (128*1024)
166
167 #define MPT_IOCTL_DEFAULT_TIMEOUT 10    /* Default timeout value (seconds) */
168
169 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
170 /**
171  *      mptctl_syscall_down - Down the MPT adapter syscall semaphore.
172  *      @ioc: Pointer to MPT adapter
173  *      @nonblock: boolean, non-zero if O_NONBLOCK is set
174  *
175  *      All of the ioctl commands can potentially sleep, which is illegal
176  *      with a spinlock held, thus we perform mutual exclusion here.
177  *
178  *      Returns negative errno on error, or zero for success.
179  */
180 static inline int
181 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
182 {
183         int rc = 0;
184
185         if (nonblock) {
186                 if (!mutex_trylock(&ioc->ioctl->ioctl_mutex))
187                         rc = -EAGAIN;
188         } else {
189                 if (mutex_lock_interruptible(&ioc->ioctl->ioctl_mutex))
190                         rc = -ERESTARTSYS;
191         }
192         return rc;
193 }
194
195 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
196 /*
197  *  This is the callback for any message we have posted. The message itself
198  *  will be returned to the message pool when we return from the IRQ
199  *
200  *  This runs in irq context so be short and sweet.
201  */
202 static int
203 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
204 {
205         char *sense_data;
206         int sz, req_index;
207         u16 iocStatus;
208         u8 cmd;
209
210         if (req)
211                  cmd = req->u.hdr.Function;
212         else
213                 return 1;
214         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tcompleting mpi function (0x%02X), req=%p, "
215             "reply=%p\n", ioc->name,  req->u.hdr.Function, req, reply));
216
217         if (ioc->ioctl) {
218
219                 if (reply==NULL) {
220
221                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_reply() NULL Reply "
222                                 "Function=%x!\n", ioc->name, cmd));
223
224                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
225                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
226
227                         /* We are done, issue wake up
228                         */
229                         ioc->ioctl->wait_done = 1;
230                         wake_up (&mptctl_wait);
231                         return 1;
232
233                 }
234
235                 /* Copy the reply frame (which much exist
236                  * for non-SCSI I/O) to the IOC structure.
237                  */
238                 memcpy(ioc->ioctl->ReplyFrame, reply,
239                         min(ioc->reply_sz, 4*reply->u.reply.MsgLength));
240                 ioc->ioctl->status |= MPT_IOCTL_STATUS_RF_VALID;
241
242                 /* Set the command status to GOOD if IOC Status is GOOD
243                  * OR if SCSI I/O cmd and data underrun or recovered error.
244                  */
245                 iocStatus = le16_to_cpu(reply->u.reply.IOCStatus) & MPI_IOCSTATUS_MASK;
246                 if (iocStatus  == MPI_IOCSTATUS_SUCCESS)
247                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
248
249                 if (iocStatus || reply->u.reply.IOCLogInfo)
250                         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\tiocstatus (0x%04X), "
251                                 "loginfo (0x%08X)\n", ioc->name,
252                                 iocStatus,
253                                 le32_to_cpu(reply->u.reply.IOCLogInfo)));
254
255                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) ||
256                         (cmd == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
257
258                         if (reply->u.sreply.SCSIStatus || reply->u.sreply.SCSIState)
259                                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
260                                         "\tscsi_status (0x%02x), scsi_state (0x%02x), "
261                                         "tag = (0x%04x), transfer_count (0x%08x)\n", ioc->name,
262                                         reply->u.sreply.SCSIStatus,
263                                         reply->u.sreply.SCSIState,
264                                         le16_to_cpu(reply->u.sreply.TaskTag),
265                                         le32_to_cpu(reply->u.sreply.TransferCount)));
266
267                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
268
269                         if ((iocStatus == MPI_IOCSTATUS_SCSI_DATA_UNDERRUN) ||
270                         (iocStatus == MPI_IOCSTATUS_SCSI_RECOVERED_ERROR)) {
271                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
272                         }
273                 }
274
275                 /* Copy the sense data - if present
276                  */
277                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) &&
278                         (reply->u.sreply.SCSIState &
279                          MPI_SCSI_STATE_AUTOSENSE_VALID)){
280                         sz = req->u.scsireq.SenseBufferLength;
281                         req_index =
282                             le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
283                         sense_data =
284                             ((u8 *)ioc->sense_buf_pool +
285                              (req_index * MPT_SENSE_BUFFER_ALLOC));
286                         memcpy(ioc->ioctl->sense, sense_data, sz);
287                         ioc->ioctl->status |= MPT_IOCTL_STATUS_SENSE_VALID;
288                 }
289
290                 if (cmd == MPI_FUNCTION_SCSI_TASK_MGMT)
291                         mptctl_free_tm_flags(ioc);
292
293                 /* We are done, issue wake up
294                  */
295                 ioc->ioctl->wait_done = 1;
296                 wake_up (&mptctl_wait);
297         }
298         return 1;
299 }
300
301 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
302 /* mptctl_timeout_expired
303  *
304  * Expecting an interrupt, however timed out.
305  *
306  */
307 static void mptctl_timeout_expired (MPT_IOCTL *ioctl)
308 {
309         int rc = 1;
310
311         dctlprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT ": Timeout Expired! Host %d\n",
312                                 ioctl->ioc->name, ioctl->ioc->id));
313         if (ioctl == NULL)
314                 return;
315
316         ioctl->wait_done = 0;
317         if (ioctl->reset & MPTCTL_RESET_OK)
318                 rc = mptctl_bus_reset(ioctl);
319
320         if (rc) {
321                 /* Issue a reset for this device.
322                  * The IOC is not responding.
323                  */
324                 dctlprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "Calling HardReset! \n",
325                          ioctl->ioc->name));
326                 mpt_HardResetHandler(ioctl->ioc, CAN_SLEEP);
327         }
328         return;
329
330 }
331
332 /* mptctl_bus_reset
333  *
334  * Bus reset code.
335  *
336  */
337 static int mptctl_bus_reset(MPT_IOCTL *ioctl)
338 {
339         MPT_FRAME_HDR   *mf;
340         SCSITaskMgmt_t  *pScsiTm;
341         MPT_SCSI_HOST   *hd;
342         int              ii;
343         int              retval=0;
344
345
346         ioctl->reset &= ~MPTCTL_RESET_OK;
347
348         if (ioctl->ioc->sh == NULL)
349                 return -EPERM;
350
351         hd = shost_priv(ioctl->ioc->sh);
352         if (hd == NULL)
353                 return -EPERM;
354
355         /* Single threading ....
356          */
357         if (mptctl_set_tm_flags(hd) != 0)
358                 return -EPERM;
359
360         /* Send request
361          */
362         if ((mf = mpt_get_msg_frame(mptctl_id, ioctl->ioc)) == NULL) {
363                 dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt, no msg frames!!\n",
364                                 ioctl->ioc->name));
365
366                 mptctl_free_tm_flags(ioctl->ioc);
367                 return -ENOMEM;
368         }
369
370         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT "IssueTaskMgmt request @ %p\n",
371                         ioctl->ioc->name, mf));
372
373         pScsiTm = (SCSITaskMgmt_t *) mf;
374         pScsiTm->TargetID = ioctl->id;
375         pScsiTm->Bus = hd->port;        /* 0 */
376         pScsiTm->ChainOffset = 0;
377         pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
378         pScsiTm->Reserved = 0;
379         pScsiTm->TaskType = MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS;
380         pScsiTm->Reserved1 = 0;
381         pScsiTm->MsgFlags = MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
382
383         for (ii= 0; ii < 8; ii++)
384                 pScsiTm->LUN[ii] = 0;
385
386         for (ii=0; ii < 7; ii++)
387                 pScsiTm->Reserved2[ii] = 0;
388
389         pScsiTm->TaskMsgContext = 0;
390         dtmprintk(ioctl->ioc, printk(MYIOC_s_DEBUG_FMT
391                 "mptctl_bus_reset: issued.\n", ioctl->ioc->name));
392
393         DBG_DUMP_TM_REQUEST_FRAME(ioctl->ioc, (u32 *)mf);
394
395         ioctl->wait_done=0;
396
397         if ((ioctl->ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
398             (ioctl->ioc->facts.MsgVersion >= MPI_VERSION_01_05))
399                 mpt_put_msg_frame_hi_pri(mptctl_id, ioctl->ioc, mf);
400         else {
401                 retval = mpt_send_handshake_request(mptctl_id, ioctl->ioc,
402                         sizeof(SCSITaskMgmt_t), (u32*)pScsiTm, CAN_SLEEP);
403                 if (retval != 0) {
404                         dfailprintk(ioctl->ioc, printk(MYIOC_s_ERR_FMT "_send_handshake FAILED!"
405                                 " (hd %p, ioc %p, mf %p) \n", hd->ioc->name, hd,
406                                 hd->ioc, mf));
407                         goto mptctl_bus_reset_done;
408                 }
409         }
410
411         /* Now wait for the command to complete */
412         ii = wait_event_timeout(mptctl_wait,
413              ioctl->wait_done == 1,
414              HZ*5 /* 5 second timeout */);
415
416         if(ii <=0 && (ioctl->wait_done != 1 ))  {
417                 mpt_free_msg_frame(hd->ioc, mf);
418                 ioctl->wait_done = 0;
419                 retval = -1; /* return failure */
420         }
421
422 mptctl_bus_reset_done:
423
424         mptctl_free_tm_flags(ioctl->ioc);
425         return retval;
426 }
427
428 static int
429 mptctl_set_tm_flags(MPT_SCSI_HOST *hd) {
430         unsigned long flags;
431
432         spin_lock_irqsave(&hd->ioc->FreeQlock, flags);
433
434         if (hd->tmState == TM_STATE_NONE) {
435                 hd->tmState = TM_STATE_IN_PROGRESS;
436                 hd->tmPending = 1;
437                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
438         } else {
439                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
440                 return -EBUSY;
441         }
442
443         return 0;
444 }
445
446 static void
447 mptctl_free_tm_flags(MPT_ADAPTER *ioc)
448 {
449         MPT_SCSI_HOST * hd;
450         unsigned long flags;
451
452         hd = shost_priv(ioc->sh);
453         if (hd == NULL)
454                 return;
455
456         spin_lock_irqsave(&ioc->FreeQlock, flags);
457
458         hd->tmState = TM_STATE_NONE;
459         hd->tmPending = 0;
460         spin_unlock_irqrestore(&ioc->FreeQlock, flags);
461
462         return;
463 }
464
465 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
466 /* mptctl_ioc_reset
467  *
468  * Clean-up functionality. Used only if there has been a
469  * reload of the FW due.
470  *
471  */
472 static int
473 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
474 {
475         MPT_IOCTL *ioctl = ioc->ioctl;
476         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "IOC %s_reset routed to IOCTL driver!\n", ioc->name,
477                 reset_phase==MPT_IOC_SETUP_RESET ? "setup" : (
478                 reset_phase==MPT_IOC_PRE_RESET ? "pre" : "post")));
479
480         if(ioctl == NULL)
481                 return 1;
482
483         switch(reset_phase) {
484         case MPT_IOC_SETUP_RESET:
485                 ioctl->status |= MPT_IOCTL_STATUS_DID_IOCRESET;
486                 break;
487         case MPT_IOC_POST_RESET:
488                 ioctl->status &= ~MPT_IOCTL_STATUS_DID_IOCRESET;
489                 break;
490         case MPT_IOC_PRE_RESET:
491         default:
492                 break;
493         }
494
495         return 1;
496 }
497
498 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
499 /* ASYNC Event Notification Support */
500 static int
501 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
502 {
503         u8 event;
504
505         event = le32_to_cpu(pEvReply->Event) & 0xFF;
506
507         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "%s() called\n",
508             ioc->name, __FUNCTION__));
509         if(async_queue == NULL)
510                 return 1;
511
512         /* Raise SIGIO for persistent events.
513          * TODO - this define is not in MPI spec yet,
514          * but they plan to set it to 0x21
515          */
516          if (event == 0x21 ) {
517                 ioc->aen_event_read_flag=1;
518                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Raised SIGIO to application\n",
519                     ioc->name));
520                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
521                     "Raised SIGIO to application\n", ioc->name));
522                 kill_fasync(&async_queue, SIGIO, POLL_IN);
523                 return 1;
524          }
525
526         /* This flag is set after SIGIO was raised, and
527          * remains set until the application has read
528          * the event log via ioctl=MPTEVENTREPORT
529          */
530         if(ioc->aen_event_read_flag)
531                 return 1;
532
533         /* Signal only for the events that are
534          * requested for by the application
535          */
536         if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
537                 ioc->aen_event_read_flag=1;
538                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
539                     "Raised SIGIO to application\n", ioc->name));
540                 devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
541                     "Raised SIGIO to application\n", ioc->name));
542                 kill_fasync(&async_queue, SIGIO, POLL_IN);
543         }
544         return 1;
545 }
546
547 static int
548 mptctl_fasync(int fd, struct file *filep, int mode)
549 {
550         MPT_ADAPTER     *ioc;
551
552         list_for_each_entry(ioc, &ioc_list, list)
553                 ioc->aen_event_read_flag=0;
554
555         return fasync_helper(fd, filep, mode, &async_queue);
556 }
557
558 static int
559 mptctl_release(struct inode *inode, struct file *filep)
560 {
561         return fasync_helper(-1, filep, 0, &async_queue);
562 }
563
564 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
565 /*
566  *  MPT ioctl handler
567  *  cmd - specify the particular IOCTL command to be issued
568  *  arg - data specific to the command. Must not be null.
569  */
570 static long
571 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
572 {
573         mpt_ioctl_header __user *uhdr = (void __user *) arg;
574         mpt_ioctl_header         khdr;
575         int iocnum;
576         unsigned iocnumX;
577         int nonblock = (file->f_flags & O_NONBLOCK);
578         int ret;
579         MPT_ADAPTER *iocp = NULL;
580
581         if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
582                 printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d - "
583                                 "Unable to copy mpt_ioctl_header data @ %p\n",
584                                 __FILE__, __LINE__, uhdr);
585                 return -EFAULT;
586         }
587         ret = -ENXIO;                           /* (-6) No such device or address */
588
589         /* Verify intended MPT adapter - set iocnum and the adapter
590          * pointer (iocp)
591          */
592         iocnumX = khdr.iocnum & 0xFF;
593         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
594             (iocp == NULL)) {
595                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - ioc%d not found!\n",
596                                 __FILE__, __LINE__, iocnumX);
597                 return -ENODEV;
598         }
599
600         if (!iocp->active) {
601                 printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - Controller disabled.\n",
602                                 __FILE__, __LINE__);
603                 return -EFAULT;
604         }
605
606         /* Handle those commands that are just returning
607          * information stored in the driver.
608          * These commands should never time out and are unaffected
609          * by TM and FW reloads.
610          */
611         if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
612                 return mptctl_getiocinfo(arg, _IOC_SIZE(cmd));
613         } else if (cmd == MPTTARGETINFO) {
614                 return mptctl_gettargetinfo(arg);
615         } else if (cmd == MPTTEST) {
616                 return mptctl_readtest(arg);
617         } else if (cmd == MPTEVENTQUERY) {
618                 return mptctl_eventquery(arg);
619         } else if (cmd == MPTEVENTENABLE) {
620                 return mptctl_eventenable(arg);
621         } else if (cmd == MPTEVENTREPORT) {
622                 return mptctl_eventreport(arg);
623         } else if (cmd == MPTFWREPLACE) {
624                 return mptctl_replace_fw(arg);
625         }
626
627         /* All of these commands require an interrupt or
628          * are unknown/illegal.
629          */
630         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
631                 return ret;
632
633         if (cmd == MPTFWDOWNLOAD)
634                 ret = mptctl_fw_download(arg);
635         else if (cmd == MPTCOMMAND)
636                 ret = mptctl_mpt_command(arg);
637         else if (cmd == MPTHARDRESET)
638                 ret = mptctl_do_reset(arg);
639         else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
640                 ret = mptctl_hp_hostinfo(arg, _IOC_SIZE(cmd));
641         else if (cmd == HP_GETTARGETINFO)
642                 ret = mptctl_hp_targetinfo(arg);
643         else
644                 ret = -EINVAL;
645
646         mutex_unlock(&iocp->ioctl->ioctl_mutex);
647
648         return ret;
649 }
650
651 static long
652 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
653 {
654         long ret;
655         lock_kernel();
656         ret = __mptctl_ioctl(file, cmd, arg);
657         unlock_kernel();
658         return ret;
659 }
660
661 static int mptctl_do_reset(unsigned long arg)
662 {
663         struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
664         struct mpt_ioctl_diag_reset krinfo;
665         MPT_ADAPTER             *iocp;
666
667         if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
668                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - "
669                                 "Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
670                                 __FILE__, __LINE__, urinfo);
671                 return -EFAULT;
672         }
673
674         if (mpt_verify_adapter(krinfo.hdr.iocnum, &iocp) < 0) {
675                 printk(KERN_DEBUG MYNAM "%s@%d::mptctl_do_reset - ioc%d not found!\n",
676                                 __FILE__, __LINE__, krinfo.hdr.iocnum);
677                 return -ENODEV; /* (-6) No such device or address */
678         }
679
680         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n",
681             iocp->name));
682
683         if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
684                 printk (MYIOC_s_ERR_FMT "%s@%d::mptctl_do_reset - reset failed.\n",
685                         iocp->name, __FILE__, __LINE__);
686                 return -1;
687         }
688
689         return 0;
690 }
691
692 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
693 /*
694  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
695  * This structure contains: iocnum, firmware length (bytes),
696  *      pointer to user space memory where the fw image is stored.
697  *
698  * Outputs:     None.
699  * Return:      0 if successful
700  *              -EFAULT if data unavailable
701  *              -ENXIO  if no such device
702  *              -EAGAIN if resource problem
703  *              -ENOMEM if no memory for SGE
704  *              -EMLINK if too many chain buffers required
705  *              -EBADRQC if adapter does not support FW download
706  *              -EBUSY if adapter is busy
707  *              -ENOMSG if FW upload returned bad status
708  */
709 static int
710 mptctl_fw_download(unsigned long arg)
711 {
712         struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
713         struct mpt_fw_xfer       kfwdl;
714
715         if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
716                 printk(KERN_ERR MYNAM "%s@%d::_ioctl_fwdl - "
717                                 "Unable to copy mpt_fw_xfer struct @ %p\n",
718                                 __FILE__, __LINE__, ufwdl);
719                 return -EFAULT;
720         }
721
722         return mptctl_do_fw_download(kfwdl.iocnum, kfwdl.bufp, kfwdl.fwlen);
723 }
724
725 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
726 /*
727  * FW Download engine.
728  * Outputs:     None.
729  * Return:      0 if successful
730  *              -EFAULT if data unavailable
731  *              -ENXIO  if no such device
732  *              -EAGAIN if resource problem
733  *              -ENOMEM if no memory for SGE
734  *              -EMLINK if too many chain buffers required
735  *              -EBADRQC if adapter does not support FW download
736  *              -EBUSY if adapter is busy
737  *              -ENOMSG if FW upload returned bad status
738  */
739 static int
740 mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen)
741 {
742         FWDownload_t            *dlmsg;
743         MPT_FRAME_HDR           *mf;
744         MPT_ADAPTER             *iocp;
745         FWDownloadTCSGE_t       *ptsge;
746         MptSge_t                *sgl, *sgIn;
747         char                    *sgOut;
748         struct buflist          *buflist;
749         struct buflist          *bl;
750         dma_addr_t               sgl_dma;
751         int                      ret;
752         int                      numfrags = 0;
753         int                      maxfrags;
754         int                      n = 0;
755         u32                      sgdir;
756         u32                      nib;
757         int                      fw_bytes_copied = 0;
758         int                      i;
759         int                      sge_offset = 0;
760         u16                      iocstat;
761         pFWDownloadReply_t       ReplyMsg = NULL;
762
763         if (mpt_verify_adapter(ioc, &iocp) < 0) {
764                 printk(KERN_DEBUG MYNAM "ioctl_fwdl - ioc%d not found!\n",
765                                  ioc);
766                 return -ENODEV; /* (-6) No such device or address */
767         } else {
768
769                 /*  Valid device. Get a message frame and construct the FW download message.
770                 */
771                 if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
772                         return -EAGAIN;
773         }
774
775         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT
776             "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id));
777         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.bufp  = %p\n",
778             iocp->name, ufwbuf));
779         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n",
780             iocp->name, (int)fwlen));
781         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.ioc   = %04xh\n",
782             iocp->name, ioc));
783
784         dlmsg = (FWDownload_t*) mf;
785         ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
786         sgOut = (char *) (ptsge + 1);
787
788         /*
789          * Construct f/w download request
790          */
791         dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
792         dlmsg->Reserved = 0;
793         dlmsg->ChainOffset = 0;
794         dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
795         dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
796         if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
797                 dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
798         else
799                 dlmsg->MsgFlags = 0;
800
801
802         /* Set up the Transaction SGE.
803          */
804         ptsge->Reserved = 0;
805         ptsge->ContextSize = 0;
806         ptsge->DetailsLength = 12;
807         ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
808         ptsge->Reserved_0100_Checksum = 0;
809         ptsge->ImageOffset = 0;
810         ptsge->ImageSize = cpu_to_le32(fwlen);
811
812         /* Add the SGL
813          */
814
815         /*
816          * Need to kmalloc area(s) for holding firmware image bytes.
817          * But we need to do it piece meal, using a proper
818          * scatter gather list (with 128kB MAX hunks).
819          *
820          * A practical limit here might be # of sg hunks that fit into
821          * a single IOC request frame; 12 or 8 (see below), so:
822          * For FC9xx: 12 x 128kB == 1.5 mB (max)
823          * For C1030:  8 x 128kB == 1   mB (max)
824          * We could support chaining, but things get ugly(ier:)
825          *
826          * Set the sge_offset to the start of the sgl (bytes).
827          */
828         sgdir = 0x04000000;             /* IOC will READ from sys mem */
829         sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
830         if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
831                                     &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
832                 return -ENOMEM;
833
834         /*
835          * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
836          * for FC9xx f/w image, but calculate max number of sge hunks
837          * we can fit into a request frame, and limit ourselves to that.
838          * (currently no chain support)
839          * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
840          *      Request         maxfrags
841          *      128             12
842          *      96              8
843          *      64              4
844          */
845         maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) - sizeof(FWDownloadTCSGE_t))
846                         / (sizeof(dma_addr_t) + sizeof(u32));
847         if (numfrags > maxfrags) {
848                 ret = -EMLINK;
849                 goto fwdl_out;
850         }
851
852         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: sgl buffer = %p, sgfrags = %d\n",
853             iocp->name, sgl, numfrags));
854
855         /*
856          * Parse SG list, copying sgl itself,
857          * plus f/w image hunks from user space as we go...
858          */
859         ret = -EFAULT;
860         sgIn = sgl;
861         bl = buflist;
862         for (i=0; i < numfrags; i++) {
863
864                 /* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
865                  * Skip everything but Simple. If simple, copy from
866                  *      user space into kernel space.
867                  * Note: we should not have anything but Simple as
868                  *      Chain SGE are illegal.
869                  */
870                 nib = (sgIn->FlagsLength & 0x30000000) >> 28;
871                 if (nib == 0 || nib == 3) {
872                         ;
873                 } else if (sgIn->Address) {
874                         mpt_add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
875                         n++;
876                         if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
877                                 printk(MYIOC_s_ERR_FMT "%s@%d::_ioctl_fwdl - "
878                                         "Unable to copy f/w buffer hunk#%d @ %p\n",
879                                         iocp->name, __FILE__, __LINE__, n, ufwbuf);
880                                 goto fwdl_out;
881                         }
882                         fw_bytes_copied += bl->len;
883                 }
884                 sgIn++;
885                 bl++;
886                 sgOut += (sizeof(dma_addr_t) + sizeof(u32));
887         }
888
889         DBG_DUMP_FW_DOWNLOAD(iocp, (u32 *)mf, numfrags);
890
891         /*
892          * Finally, perform firmware download.
893          */
894         ReplyMsg = NULL;
895         mpt_put_msg_frame(mptctl_id, iocp, mf);
896
897         /* Now wait for the command to complete */
898         ret = wait_event_timeout(mptctl_wait,
899              iocp->ioctl->wait_done == 1,
900              HZ*60);
901
902         if(ret <=0 && (iocp->ioctl->wait_done != 1 )) {
903         /* Now we need to reset the board */
904                 mptctl_timeout_expired(iocp->ioctl);
905                 ret = -ENODATA;
906                 goto fwdl_out;
907         }
908
909         if (sgl)
910                 kfree_sgl(sgl, sgl_dma, buflist, iocp);
911
912         ReplyMsg = (pFWDownloadReply_t)iocp->ioctl->ReplyFrame;
913         iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
914         if (iocstat == MPI_IOCSTATUS_SUCCESS) {
915                 printk(MYIOC_s_INFO_FMT "F/W update successfull!\n", iocp->name);
916                 return 0;
917         } else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
918                 printk(MYIOC_s_WARN_FMT "Hmmm...  F/W download not supported!?!\n",
919                         iocp->name);
920                 printk(MYIOC_s_WARN_FMT "(time to go bang on somebodies door)\n",
921                         iocp->name);
922                 return -EBADRQC;
923         } else if (iocstat == MPI_IOCSTATUS_BUSY) {
924                 printk(MYIOC_s_WARN_FMT "IOC_BUSY!\n", iocp->name);
925                 printk(MYIOC_s_WARN_FMT "(try again later?)\n", iocp->name);
926                 return -EBUSY;
927         } else {
928                 printk(MYIOC_s_WARN_FMT "ioctl_fwdl() returned [bad] status = %04xh\n",
929                         iocp->name, iocstat);
930                 printk(MYIOC_s_WARN_FMT "(bad VooDoo)\n", iocp->name);
931                 return -ENOMSG;
932         }
933         return 0;
934
935 fwdl_out:
936         kfree_sgl(sgl, sgl_dma, buflist, iocp);
937         return ret;
938 }
939
940 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
941 /*
942  * SGE Allocation routine
943  *
944  * Inputs:      bytes - number of bytes to be transferred
945  *              sgdir - data direction
946  *              sge_offset - offset (in bytes) from the start of the request
947  *                      frame to the first SGE
948  *              ioc - pointer to the mptadapter
949  * Outputs:     frags - number of scatter gather elements
950  *              blp - point to the buflist pointer
951  *              sglbuf_dma - pointer to the (dma) sgl
952  * Returns:     Null if failes
953  *              pointer to the (virtual) sgl if successful.
954  */
955 static MptSge_t *
956 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
957                  struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
958 {
959         MptSge_t        *sglbuf = NULL;         /* pointer to array of SGE */
960                                                 /* and chain buffers */
961         struct buflist  *buflist = NULL;        /* kernel routine */
962         MptSge_t        *sgl;
963         int              numfrags = 0;
964         int              fragcnt = 0;
965         int              alloc_sz = min(bytes,MAX_KMALLOC_SZ);  // avoid kernel warning msg!
966         int              bytes_allocd = 0;
967         int              this_alloc;
968         dma_addr_t       pa;                                    // phys addr
969         int              i, buflist_ent;
970         int              sg_spill = MAX_FRAGS_SPILL1;
971         int              dir;
972         /* initialization */
973         *frags = 0;
974         *blp = NULL;
975
976         /* Allocate and initialize an array of kernel
977          * structures for the SG elements.
978          */
979         i = MAX_SGL_BYTES / 8;
980         buflist = kzalloc(i, GFP_USER);
981         if (!buflist)
982                 return NULL;
983         buflist_ent = 0;
984
985         /* Allocate a single block of memory to store the sg elements and
986          * the chain buffers.  The calling routine is responsible for
987          * copying the data in this array into the correct place in the
988          * request and chain buffers.
989          */
990         sglbuf = pci_alloc_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf_dma);
991         if (sglbuf == NULL)
992                 goto free_and_fail;
993
994         if (sgdir & 0x04000000)
995                 dir = PCI_DMA_TODEVICE;
996         else
997                 dir = PCI_DMA_FROMDEVICE;
998
999         /* At start:
1000          *      sgl = sglbuf = point to beginning of sg buffer
1001          *      buflist_ent = 0 = first kernel structure
1002          *      sg_spill = number of SGE that can be written before the first
1003          *              chain element.
1004          *
1005          */
1006         sgl = sglbuf;
1007         sg_spill = ((ioc->req_sz - sge_offset)/(sizeof(dma_addr_t) + sizeof(u32))) - 1;
1008         while (bytes_allocd < bytes) {
1009                 this_alloc = min(alloc_sz, bytes-bytes_allocd);
1010                 buflist[buflist_ent].len = this_alloc;
1011                 buflist[buflist_ent].kptr = pci_alloc_consistent(ioc->pcidev,
1012                                                                  this_alloc,
1013                                                                  &pa);
1014                 if (buflist[buflist_ent].kptr == NULL) {
1015                         alloc_sz = alloc_sz / 2;
1016                         if (alloc_sz == 0) {
1017                                 printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1018                                     "not enough memory!   :-(\n", ioc->name);
1019                                 printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1020                                         ioc->name, numfrags);
1021                                 goto free_and_fail;
1022                         }
1023                         continue;
1024                 } else {
1025                         dma_addr_t dma_addr;
1026
1027                         bytes_allocd += this_alloc;
1028                         sgl->FlagsLength = (0x10000000|MPT_SGE_FLAGS_ADDRESSING|sgdir|this_alloc);
1029                         dma_addr = pci_map_single(ioc->pcidev, buflist[buflist_ent].kptr, this_alloc, dir);
1030                         sgl->Address = dma_addr;
1031
1032                         fragcnt++;
1033                         numfrags++;
1034                         sgl++;
1035                         buflist_ent++;
1036                 }
1037
1038                 if (bytes_allocd >= bytes)
1039                         break;
1040
1041                 /* Need to chain? */
1042                 if (fragcnt == sg_spill) {
1043                         printk(MYIOC_s_WARN_FMT
1044                             "-SG: No can do - " "Chain required!   :-(\n", ioc->name);
1045                         printk(MYIOC_s_WARN_FMT "(freeing %d frags)\n", ioc->name, numfrags);
1046                         goto free_and_fail;
1047                 }
1048
1049                 /* overflow check... */
1050                 if (numfrags*8 > MAX_SGL_BYTES){
1051                         /* GRRRRR... */
1052                         printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1053                                 "too many SG frags!   :-(\n", ioc->name);
1054                         printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1055                                 ioc->name, numfrags);
1056                         goto free_and_fail;
1057                 }
1058         }
1059
1060         /* Last sge fixup: set LE+eol+eob bits */
1061         sgl[-1].FlagsLength |= 0xC1000000;
1062
1063         *frags = numfrags;
1064         *blp = buflist;
1065
1066         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1067            "%d SG frags generated!\n", ioc->name, numfrags));
1068
1069         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1070            "last (big) alloc_sz=%d\n", ioc->name, alloc_sz));
1071
1072         return sglbuf;
1073
1074 free_and_fail:
1075         if (sglbuf != NULL) {
1076                 for (i = 0; i < numfrags; i++) {
1077                         dma_addr_t dma_addr;
1078                         u8 *kptr;
1079                         int len;
1080
1081                         if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1082                                 continue;
1083
1084                         dma_addr = sglbuf[i].Address;
1085                         kptr = buflist[i].kptr;
1086                         len = buflist[i].len;
1087
1088                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1089                 }
1090                 pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf, *sglbuf_dma);
1091         }
1092         kfree(buflist);
1093         return NULL;
1094 }
1095
1096 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1097 /*
1098  * Routine to free the SGL elements.
1099  */
1100 static void
1101 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1102 {
1103         MptSge_t        *sg = sgl;
1104         struct buflist  *bl = buflist;
1105         u32              nib;
1106         int              dir;
1107         int              n = 0;
1108
1109         if (sg->FlagsLength & 0x04000000)
1110                 dir = PCI_DMA_TODEVICE;
1111         else
1112                 dir = PCI_DMA_FROMDEVICE;
1113
1114         nib = (sg->FlagsLength & 0xF0000000) >> 28;
1115         while (! (nib & 0x4)) { /* eob */
1116                 /* skip ignore/chain. */
1117                 if (nib == 0 || nib == 3) {
1118                         ;
1119                 } else if (sg->Address) {
1120                         dma_addr_t dma_addr;
1121                         void *kptr;
1122                         int len;
1123
1124                         dma_addr = sg->Address;
1125                         kptr = bl->kptr;
1126                         len = bl->len;
1127                         pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1128                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1129                         n++;
1130                 }
1131                 sg++;
1132                 bl++;
1133                 nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1134         }
1135
1136         /* we're at eob! */
1137         if (sg->Address) {
1138                 dma_addr_t dma_addr;
1139                 void *kptr;
1140                 int len;
1141
1142                 dma_addr = sg->Address;
1143                 kptr = bl->kptr;
1144                 len = bl->len;
1145                 pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1146                 pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1147                 n++;
1148         }
1149
1150         pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sgl, sgl_dma);
1151         kfree(buflist);
1152         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: Free'd 1 SGL buf + %d kbufs!\n",
1153             ioc->name, n));
1154 }
1155
1156 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1157 /*
1158  *      mptctl_getiocinfo - Query the host adapter for IOC information.
1159  *      @arg: User space argument
1160  *
1161  * Outputs:     None.
1162  * Return:      0 if successful
1163  *              -EFAULT if data unavailable
1164  *              -ENODEV  if no such device/adapter
1165  */
1166 static int
1167 mptctl_getiocinfo (unsigned long arg, unsigned int data_size)
1168 {
1169         struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1170         struct mpt_ioctl_iocinfo *karg;
1171         MPT_ADAPTER             *ioc;
1172         struct pci_dev          *pdev;
1173         int                     iocnum;
1174         unsigned int            port;
1175         int                     cim_rev;
1176         u8                      revision;
1177         struct scsi_device      *sdev;
1178         VirtDevice              *vdevice;
1179
1180         /* Add of PCI INFO results in unaligned access for
1181          * IA64 and Sparc. Reset long to int. Return no PCI
1182          * data for obsolete format.
1183          */
1184         if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1185                 cim_rev = 0;
1186         else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1187                 cim_rev = 1;
1188         else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1189                 cim_rev = 2;
1190         else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1191                 cim_rev = 0;    /* obsolete */
1192         else
1193                 return -EFAULT;
1194
1195         karg = kmalloc(data_size, GFP_KERNEL);
1196         if (karg == NULL) {
1197                 printk(KERN_ERR MYNAM "%s::mpt_ioctl_iocinfo() @%d - no memory available!\n",
1198                                 __FILE__, __LINE__);
1199                 return -ENOMEM;
1200         }
1201
1202         if (copy_from_user(karg, uarg, data_size)) {
1203                 printk(KERN_ERR MYNAM "%s@%d::mptctl_getiocinfo - "
1204                         "Unable to read in mpt_ioctl_iocinfo struct @ %p\n",
1205                                 __FILE__, __LINE__, uarg);
1206                 kfree(karg);
1207                 return -EFAULT;
1208         }
1209
1210         if (((iocnum = mpt_verify_adapter(karg->hdr.iocnum, &ioc)) < 0) ||
1211             (ioc == NULL)) {
1212                 printk(KERN_DEBUG MYNAM "%s::mptctl_getiocinfo() @%d - ioc%d not found!\n",
1213                                 __FILE__, __LINE__, iocnum);
1214                 kfree(karg);
1215                 return -ENODEV;
1216         }
1217
1218         /* Verify the data transfer size is correct. */
1219         if (karg->hdr.maxDataSize != data_size) {
1220                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1221                         "Structure size mismatch. Command not completed.\n",
1222                         ioc->name, __FILE__, __LINE__);
1223                 kfree(karg);
1224                 return -EFAULT;
1225         }
1226
1227         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_getiocinfo called.\n",
1228             ioc->name));
1229
1230         /* Fill in the data and return the structure to the calling
1231          * program
1232          */
1233         if (ioc->bus_type == SAS)
1234                 karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1235         else if (ioc->bus_type == FC)
1236                 karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1237         else
1238                 karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1239
1240         if (karg->hdr.port > 1)
1241                 return -EINVAL;
1242         port = karg->hdr.port;
1243
1244         karg->port = port;
1245         pdev = (struct pci_dev *) ioc->pcidev;
1246
1247         karg->pciId = pdev->device;
1248         pci_read_config_byte(pdev, PCI_CLASS_REVISION, &revision);
1249         karg->hwRev = revision;
1250         karg->subSystemDevice = pdev->subsystem_device;
1251         karg->subSystemVendor = pdev->subsystem_vendor;
1252
1253         if (cim_rev == 1) {
1254                 /* Get the PCI bus, device, and function numbers for the IOC
1255                  */
1256                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1257                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1258                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1259         } else if (cim_rev == 2) {
1260                 /* Get the PCI bus, device, function and segment ID numbers
1261                    for the IOC */
1262                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1263                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1264                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1265                 karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1266         }
1267
1268         /* Get number of devices
1269          */
1270         karg->numDevices = 0;
1271         if (ioc->sh) {
1272                 shost_for_each_device(sdev, ioc->sh) {
1273                         vdevice = sdev->hostdata;
1274                         if (vdevice->vtarget->tflags &
1275                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1276                                 continue;
1277                         karg->numDevices++;
1278                 }
1279         }
1280
1281         /* Set the BIOS and FW Version
1282          */
1283         karg->FWVersion = ioc->facts.FWVersion.Word;
1284         karg->BIOSVersion = ioc->biosVersion;
1285
1286         /* Set the Version Strings.
1287          */
1288         strncpy (karg->driverVersion, MPT_LINUX_PACKAGE_NAME, MPT_IOCTL_VERSION_LENGTH);
1289         karg->driverVersion[MPT_IOCTL_VERSION_LENGTH-1]='\0';
1290
1291         karg->busChangeEvent = 0;
1292         karg->hostId = ioc->pfacts[port].PortSCSIID;
1293         karg->rsvd[0] = karg->rsvd[1] = 0;
1294
1295         /* Copy the data from kernel memory to user memory
1296          */
1297         if (copy_to_user((char __user *)arg, karg, data_size)) {
1298                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1299                         "Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1300                         ioc->name, __FILE__, __LINE__, uarg);
1301                 kfree(karg);
1302                 return -EFAULT;
1303         }
1304
1305         kfree(karg);
1306         return 0;
1307 }
1308
1309 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1310 /*
1311  *      mptctl_gettargetinfo - Query the host adapter for target information.
1312  *      @arg: User space argument
1313  *
1314  * Outputs:     None.
1315  * Return:      0 if successful
1316  *              -EFAULT if data unavailable
1317  *              -ENODEV  if no such device/adapter
1318  */
1319 static int
1320 mptctl_gettargetinfo (unsigned long arg)
1321 {
1322         struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1323         struct mpt_ioctl_targetinfo karg;
1324         MPT_ADAPTER             *ioc;
1325         VirtDevice              *vdevice;
1326         char                    *pmem;
1327         int                     *pdata;
1328         int                     iocnum;
1329         int                     numDevices = 0;
1330         int                     lun;
1331         int                     maxWordsLeft;
1332         int                     numBytes;
1333         u8                      port;
1334         struct scsi_device      *sdev;
1335
1336         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1337                 printk(KERN_ERR MYNAM "%s@%d::mptctl_gettargetinfo - "
1338                         "Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1339                                 __FILE__, __LINE__, uarg);
1340                 return -EFAULT;
1341         }
1342
1343         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1344             (ioc == NULL)) {
1345                 printk(KERN_DEBUG MYNAM "%s::mptctl_gettargetinfo() @%d - ioc%d not found!\n",
1346                                 __FILE__, __LINE__, iocnum);
1347                 return -ENODEV;
1348         }
1349
1350         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n",
1351             ioc->name));
1352         /* Get the port number and set the maximum number of bytes
1353          * in the returned structure.
1354          * Ignore the port setting.
1355          */
1356         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1357         maxWordsLeft = numBytes/sizeof(int);
1358         port = karg.hdr.port;
1359
1360         if (maxWordsLeft <= 0) {
1361                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1362                         ioc->name, __FILE__, __LINE__);
1363                 return -ENOMEM;
1364         }
1365
1366         /* Fill in the data and return the structure to the calling
1367          * program
1368          */
1369
1370         /* struct mpt_ioctl_targetinfo does not contain sufficient space
1371          * for the target structures so when the IOCTL is called, there is
1372          * not sufficient stack space for the structure. Allocate memory,
1373          * populate the memory, copy back to the user, then free memory.
1374          * targetInfo format:
1375          * bits 31-24: reserved
1376          *      23-16: LUN
1377          *      15- 8: Bus Number
1378          *       7- 0: Target ID
1379          */
1380         pmem = kzalloc(numBytes, GFP_KERNEL);
1381         if (!pmem) {
1382                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1383                         ioc->name, __FILE__, __LINE__);
1384                 return -ENOMEM;
1385         }
1386         pdata =  (int *) pmem;
1387
1388         /* Get number of devices
1389          */
1390         if (ioc->sh){
1391                 shost_for_each_device(sdev, ioc->sh) {
1392                         if (!maxWordsLeft)
1393                                 continue;
1394                         vdevice = sdev->hostdata;
1395                         if (vdevice->vtarget->tflags &
1396                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1397                                 continue;
1398                         lun = (vdevice->vtarget->raidVolume) ? 0x80 : vdevice->lun;
1399                         *pdata = (((u8)lun << 16) + (vdevice->vtarget->channel << 8) +
1400                             (vdevice->vtarget->id ));
1401                         pdata++;
1402                         numDevices++;
1403                         --maxWordsLeft;
1404                 }
1405         }
1406         karg.numDevices = numDevices;
1407
1408         /* Copy part of the data from kernel memory to user memory
1409          */
1410         if (copy_to_user((char __user *)arg, &karg,
1411                                 sizeof(struct mpt_ioctl_targetinfo))) {
1412                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1413                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1414                         ioc->name, __FILE__, __LINE__, uarg);
1415                 kfree(pmem);
1416                 return -EFAULT;
1417         }
1418
1419         /* Copy the remaining data from kernel memory to user memory
1420          */
1421         if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1422                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1423                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1424                         ioc->name, __FILE__, __LINE__, pdata);
1425                 kfree(pmem);
1426                 return -EFAULT;
1427         }
1428
1429         kfree(pmem);
1430
1431         return 0;
1432 }
1433
1434 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1435 /* MPT IOCTL Test function.
1436  *
1437  * Outputs:     None.
1438  * Return:      0 if successful
1439  *              -EFAULT if data unavailable
1440  *              -ENODEV  if no such device/adapter
1441  */
1442 static int
1443 mptctl_readtest (unsigned long arg)
1444 {
1445         struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1446         struct mpt_ioctl_test    karg;
1447         MPT_ADAPTER *ioc;
1448         int iocnum;
1449
1450         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1451                 printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - "
1452                         "Unable to read in mpt_ioctl_test struct @ %p\n",
1453                                 __FILE__, __LINE__, uarg);
1454                 return -EFAULT;
1455         }
1456
1457         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1458             (ioc == NULL)) {
1459                 printk(KERN_DEBUG MYNAM "%s::mptctl_readtest() @%d - ioc%d not found!\n",
1460                                 __FILE__, __LINE__, iocnum);
1461                 return -ENODEV;
1462         }
1463
1464         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n",
1465             ioc->name));
1466         /* Fill in the data and return the structure to the calling
1467          * program
1468          */
1469
1470 #ifdef MFCNT
1471         karg.chip_type = ioc->mfcnt;
1472 #else
1473         karg.chip_type = ioc->pcidev->device;
1474 #endif
1475         strncpy (karg.name, ioc->name, MPT_MAX_NAME);
1476         karg.name[MPT_MAX_NAME-1]='\0';
1477         strncpy (karg.product, ioc->prod_name, MPT_PRODUCT_LENGTH);
1478         karg.product[MPT_PRODUCT_LENGTH-1]='\0';
1479
1480         /* Copy the data from kernel memory to user memory
1481          */
1482         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1483                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_readtest - "
1484                         "Unable to write out mpt_ioctl_test struct @ %p\n",
1485                         ioc->name, __FILE__, __LINE__, uarg);
1486                 return -EFAULT;
1487         }
1488
1489         return 0;
1490 }
1491
1492 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1493 /*
1494  *      mptctl_eventquery - Query the host adapter for the event types
1495  *      that are being logged.
1496  *      @arg: User space argument
1497  *
1498  * Outputs:     None.
1499  * Return:      0 if successful
1500  *              -EFAULT if data unavailable
1501  *              -ENODEV  if no such device/adapter
1502  */
1503 static int
1504 mptctl_eventquery (unsigned long arg)
1505 {
1506         struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1507         struct mpt_ioctl_eventquery      karg;
1508         MPT_ADAPTER *ioc;
1509         int iocnum;
1510
1511         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1512                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - "
1513                         "Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1514                                 __FILE__, __LINE__, uarg);
1515                 return -EFAULT;
1516         }
1517
1518         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1519             (ioc == NULL)) {
1520                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventquery() @%d - ioc%d not found!\n",
1521                                 __FILE__, __LINE__, iocnum);
1522                 return -ENODEV;
1523         }
1524
1525         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n",
1526             ioc->name));
1527         karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1528         karg.eventTypes = ioc->eventTypes;
1529
1530         /* Copy the data from kernel memory to user memory
1531          */
1532         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1533                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventquery - "
1534                         "Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1535                         ioc->name, __FILE__, __LINE__, uarg);
1536                 return -EFAULT;
1537         }
1538         return 0;
1539 }
1540
1541 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1542 static int
1543 mptctl_eventenable (unsigned long arg)
1544 {
1545         struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1546         struct mpt_ioctl_eventenable     karg;
1547         MPT_ADAPTER *ioc;
1548         int iocnum;
1549
1550         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1551                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - "
1552                         "Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1553                                 __FILE__, __LINE__, uarg);
1554                 return -EFAULT;
1555         }
1556
1557         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1558             (ioc == NULL)) {
1559                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventenable() @%d - ioc%d not found!\n",
1560                                 __FILE__, __LINE__, iocnum);
1561                 return -ENODEV;
1562         }
1563
1564         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n",
1565             ioc->name));
1566         if (ioc->events == NULL) {
1567                 /* Have not yet allocated memory - do so now.
1568                  */
1569                 int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1570                 ioc->events = kzalloc(sz, GFP_KERNEL);
1571                 if (!ioc->events) {
1572                         printk(MYIOC_s_ERR_FMT
1573                             ": ERROR - Insufficient memory to add adapter!\n",
1574                             ioc->name);
1575                         return -ENOMEM;
1576                 }
1577                 ioc->alloc_total += sz;
1578
1579                 ioc->eventContext = 0;
1580         }
1581
1582         /* Update the IOC event logging flag.
1583          */
1584         ioc->eventTypes = karg.eventTypes;
1585
1586         return 0;
1587 }
1588
1589 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1590 static int
1591 mptctl_eventreport (unsigned long arg)
1592 {
1593         struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1594         struct mpt_ioctl_eventreport     karg;
1595         MPT_ADAPTER              *ioc;
1596         int                      iocnum;
1597         int                      numBytes, maxEvents, max;
1598
1599         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1600                 printk(KERN_ERR MYNAM "%s@%d::mptctl_eventreport - "
1601                         "Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1602                                 __FILE__, __LINE__, uarg);
1603                 return -EFAULT;
1604         }
1605
1606         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1607             (ioc == NULL)) {
1608                 printk(KERN_DEBUG MYNAM "%s::mptctl_eventreport() @%d - ioc%d not found!\n",
1609                                 __FILE__, __LINE__, iocnum);
1610                 return -ENODEV;
1611         }
1612         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n",
1613             ioc->name));
1614
1615         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1616         maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1617
1618
1619         max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1620
1621         /* If fewer than 1 event is requested, there must have
1622          * been some type of error.
1623          */
1624         if ((max < 1) || !ioc->events)
1625                 return -ENODATA;
1626
1627         /* reset this flag so SIGIO can restart */
1628         ioc->aen_event_read_flag=0;
1629
1630         /* Copy the data from kernel memory to user memory
1631          */
1632         numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1633         if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1634                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventreport - "
1635                         "Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1636                         ioc->name, __FILE__, __LINE__, ioc->events);
1637                 return -EFAULT;
1638         }
1639
1640         return 0;
1641 }
1642
1643 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1644 static int
1645 mptctl_replace_fw (unsigned long arg)
1646 {
1647         struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1648         struct mpt_ioctl_replace_fw      karg;
1649         MPT_ADAPTER              *ioc;
1650         int                      iocnum;
1651         int                      newFwSize;
1652
1653         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1654                 printk(KERN_ERR MYNAM "%s@%d::mptctl_replace_fw - "
1655                         "Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1656                                 __FILE__, __LINE__, uarg);
1657                 return -EFAULT;
1658         }
1659
1660         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1661             (ioc == NULL)) {
1662                 printk(KERN_DEBUG MYNAM "%s::mptctl_replace_fw() @%d - ioc%d not found!\n",
1663                                 __FILE__, __LINE__, iocnum);
1664                 return -ENODEV;
1665         }
1666
1667         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n",
1668             ioc->name));
1669         /* If caching FW, Free the old FW image
1670          */
1671         if (ioc->cached_fw == NULL)
1672                 return 0;
1673
1674         mpt_free_fw_memory(ioc);
1675
1676         /* Allocate memory for the new FW image
1677          */
1678         newFwSize = karg.newImageSize;
1679
1680         if (newFwSize & 0x01)
1681                 newFwSize += 1;
1682         if (newFwSize & 0x02)
1683                 newFwSize += 2;
1684
1685         mpt_alloc_fw_memory(ioc, newFwSize);
1686         if (ioc->cached_fw == NULL)
1687                 return -ENOMEM;
1688
1689         /* Copy the data from user memory to kernel space
1690          */
1691         if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1692                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_replace_fw - "
1693                                 "Unable to read in mpt_ioctl_replace_fw image "
1694                                 "@ %p\n", ioc->name, __FILE__, __LINE__, uarg);
1695                 mpt_free_fw_memory(ioc);
1696                 return -EFAULT;
1697         }
1698
1699         /* Update IOCFactsReply
1700          */
1701         ioc->facts.FWImageSize = newFwSize;
1702         return 0;
1703 }
1704
1705 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1706 /* MPT IOCTL MPTCOMMAND function.
1707  * Cast the arg into the mpt_ioctl_mpt_command structure.
1708  *
1709  * Outputs:     None.
1710  * Return:      0 if successful
1711  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1712  *              -EFAULT if data unavailable
1713  *              -ENODEV if no such device/adapter
1714  *              -ETIME  if timer expires
1715  *              -ENOMEM if memory allocation error
1716  */
1717 static int
1718 mptctl_mpt_command (unsigned long arg)
1719 {
1720         struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1721         struct mpt_ioctl_command  karg;
1722         MPT_ADAPTER     *ioc;
1723         int             iocnum;
1724         int             rc;
1725
1726
1727         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1728                 printk(KERN_ERR MYNAM "%s@%d::mptctl_mpt_command - "
1729                         "Unable to read in mpt_ioctl_command struct @ %p\n",
1730                                 __FILE__, __LINE__, uarg);
1731                 return -EFAULT;
1732         }
1733
1734         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1735             (ioc == NULL)) {
1736                 printk(KERN_DEBUG MYNAM "%s::mptctl_mpt_command() @%d - ioc%d not found!\n",
1737                                 __FILE__, __LINE__, iocnum);
1738                 return -ENODEV;
1739         }
1740
1741         rc = mptctl_do_mpt_command (karg, &uarg->MF);
1742
1743         return rc;
1744 }
1745
1746 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1747 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1748  *
1749  * Outputs:     None.
1750  * Return:      0 if successful
1751  *              -EBUSY  if previous command timeout and IOC reset is not complete.
1752  *              -EFAULT if data unavailable
1753  *              -ENODEV if no such device/adapter
1754  *              -ETIME  if timer expires
1755  *              -ENOMEM if memory allocation error
1756  *              -EPERM if SCSI I/O and target is untagged
1757  */
1758 static int
1759 mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr)
1760 {
1761         MPT_ADAPTER     *ioc;
1762         MPT_FRAME_HDR   *mf = NULL;
1763         MPIHeader_t     *hdr;
1764         char            *psge;
1765         struct buflist  bufIn;  /* data In buffer */
1766         struct buflist  bufOut; /* data Out buffer */
1767         dma_addr_t      dma_addr_in;
1768         dma_addr_t      dma_addr_out;
1769         int             sgSize = 0;     /* Num SG elements */
1770         int             iocnum, flagsLength;
1771         int             sz, rc = 0;
1772         int             msgContext;
1773         u16             req_idx;
1774         ulong           timeout;
1775         struct scsi_device *sdev;
1776
1777         /* bufIn and bufOut are used for user to kernel space transfers
1778          */
1779         bufIn.kptr = bufOut.kptr = NULL;
1780         bufIn.len = bufOut.len = 0;
1781
1782         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1783             (ioc == NULL)) {
1784                 printk(KERN_DEBUG MYNAM "%s::mptctl_do_mpt_command() @%d - ioc%d not found!\n",
1785                                 __FILE__, __LINE__, iocnum);
1786                 return -ENODEV;
1787         }
1788         if (!ioc->ioctl) {
1789                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1790                         "No memory available during driver init.\n",
1791                                 __FILE__, __LINE__);
1792                 return -ENOMEM;
1793         } else if (ioc->ioctl->status & MPT_IOCTL_STATUS_DID_IOCRESET) {
1794                 printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1795                         "Busy with IOC Reset \n", __FILE__, __LINE__);
1796                 return -EBUSY;
1797         }
1798
1799         /* Verify that the final request frame will not be too large.
1800          */
1801         sz = karg.dataSgeOffset * 4;
1802         if (karg.dataInSize > 0)
1803                 sz += sizeof(dma_addr_t) + sizeof(u32);
1804         if (karg.dataOutSize > 0)
1805                 sz += sizeof(dma_addr_t) + sizeof(u32);
1806
1807         if (sz > ioc->req_sz) {
1808                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1809                         "Request frame too large (%d) maximum (%d)\n",
1810                         ioc->name, __FILE__, __LINE__, sz, ioc->req_sz);
1811                 return -EFAULT;
1812         }
1813
1814         /* Get a free request frame and save the message context.
1815          */
1816         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1817                 return -EAGAIN;
1818
1819         hdr = (MPIHeader_t *) mf;
1820         msgContext = le32_to_cpu(hdr->MsgContext);
1821         req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1822
1823         /* Copy the request frame
1824          * Reset the saved message context.
1825          * Request frame in user space
1826          */
1827         if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1828                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1829                         "Unable to read MF from mpt_ioctl_command struct @ %p\n",
1830                         ioc->name, __FILE__, __LINE__, mfPtr);
1831                 rc = -EFAULT;
1832                 goto done_free_mem;
1833         }
1834         hdr->MsgContext = cpu_to_le32(msgContext);
1835
1836
1837         /* Verify that this request is allowed.
1838          */
1839         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sending mpi function (0x%02X), req=%p\n",
1840             ioc->name, hdr->Function, mf));
1841
1842         switch (hdr->Function) {
1843         case MPI_FUNCTION_IOC_FACTS:
1844         case MPI_FUNCTION_PORT_FACTS:
1845                 karg.dataOutSize  = karg.dataInSize = 0;
1846                 break;
1847
1848         case MPI_FUNCTION_CONFIG:
1849         {
1850                 Config_t *config_frame;
1851                 config_frame = (Config_t *)mf;
1852                 dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\ttype=0x%02x ext_type=0x%02x "
1853                     "number=0x%02x action=0x%02x\n", ioc->name,
1854                     config_frame->Header.PageType,
1855                     config_frame->ExtPageType,
1856                     config_frame->Header.PageNumber,
1857                     config_frame->Action));
1858                 break;
1859         }
1860
1861         case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1862         case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1863         case MPI_FUNCTION_FW_UPLOAD:
1864         case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1865         case MPI_FUNCTION_FW_DOWNLOAD:
1866         case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1867         case MPI_FUNCTION_TOOLBOX:
1868         case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1869                 break;
1870
1871         case MPI_FUNCTION_SCSI_IO_REQUEST:
1872                 if (ioc->sh) {
1873                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1874                         int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1875                         int scsidir = 0;
1876                         int dataSize;
1877                         u32 id;
1878
1879                         id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1880                         if (pScsiReq->TargetID > id) {
1881                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1882                                         "Target ID out of bounds. \n",
1883                                         ioc->name, __FILE__, __LINE__);
1884                                 rc = -ENODEV;
1885                                 goto done_free_mem;
1886                         }
1887
1888                         if (pScsiReq->Bus >= ioc->number_of_buses) {
1889                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1890                                         "Target Bus out of bounds. \n",
1891                                         ioc->name, __FILE__, __LINE__);
1892                                 rc = -ENODEV;
1893                                 goto done_free_mem;
1894                         }
1895
1896                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1897                         pScsiReq->MsgFlags |= mpt_msg_flags();
1898
1899
1900                         /* verify that app has not requested
1901                          *      more sense data than driver
1902                          *      can provide, if so, reset this parameter
1903                          * set the sense buffer pointer low address
1904                          * update the control field to specify Q type
1905                          */
1906                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1907                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1908                         else
1909                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1910
1911                         pScsiReq->SenseBufferLowAddr =
1912                                 cpu_to_le32(ioc->sense_buf_low_dma
1913                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1914
1915                         shost_for_each_device(sdev, ioc->sh) {
1916                                 struct scsi_target *starget = scsi_target(sdev);
1917                                 VirtTarget *vtarget = starget->hostdata;
1918
1919                                 if ((pScsiReq->TargetID == vtarget->id) &&
1920                                     (pScsiReq->Bus == vtarget->channel) &&
1921                                     (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1922                                         qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1923                         }
1924
1925                         /* Have the IOCTL driver set the direction based
1926                          * on the dataOutSize (ordering issue with Sparc).
1927                          */
1928                         if (karg.dataOutSize > 0) {
1929                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
1930                                 dataSize = karg.dataOutSize;
1931                         } else {
1932                                 scsidir = MPI_SCSIIO_CONTROL_READ;
1933                                 dataSize = karg.dataInSize;
1934                         }
1935
1936                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1937                         pScsiReq->DataLength = cpu_to_le32(dataSize);
1938
1939                         ioc->ioctl->reset = MPTCTL_RESET_OK;
1940                         ioc->ioctl->id = pScsiReq->TargetID;
1941
1942                 } else {
1943                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1944                                 "SCSI driver is not loaded. \n",
1945                                 ioc->name, __FILE__, __LINE__);
1946                         rc = -EFAULT;
1947                         goto done_free_mem;
1948                 }
1949                 break;
1950
1951         case MPI_FUNCTION_SMP_PASSTHROUGH:
1952                 /* Check mf->PassthruFlags to determine if
1953                  * transfer is ImmediateMode or not.
1954                  * Immediate mode returns data in the ReplyFrame.
1955                  * Else, we are sending request and response data
1956                  * in two SGLs at the end of the mf.
1957                  */
1958                 break;
1959
1960         case MPI_FUNCTION_SATA_PASSTHROUGH:
1961                 if (!ioc->sh) {
1962                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1963                                 "SCSI driver is not loaded. \n",
1964                                 ioc->name, __FILE__, __LINE__);
1965                         rc = -EFAULT;
1966                         goto done_free_mem;
1967                 }
1968                 break;
1969
1970         case MPI_FUNCTION_RAID_ACTION:
1971                 /* Just add a SGE
1972                  */
1973                 break;
1974
1975         case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
1976                 if (ioc->sh) {
1977                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1978                         int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1979                         int scsidir = MPI_SCSIIO_CONTROL_READ;
1980                         int dataSize;
1981
1982                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1983                         pScsiReq->MsgFlags |= mpt_msg_flags();
1984
1985
1986                         /* verify that app has not requested
1987                          *      more sense data than driver
1988                          *      can provide, if so, reset this parameter
1989                          * set the sense buffer pointer low address
1990                          * update the control field to specify Q type
1991                          */
1992                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1993                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1994                         else
1995                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1996
1997                         pScsiReq->SenseBufferLowAddr =
1998                                 cpu_to_le32(ioc->sense_buf_low_dma
1999                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
2000
2001                         /* All commands to physical devices are tagged
2002                          */
2003
2004                         /* Have the IOCTL driver set the direction based
2005                          * on the dataOutSize (ordering issue with Sparc).
2006                          */
2007                         if (karg.dataOutSize > 0) {
2008                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
2009                                 dataSize = karg.dataOutSize;
2010                         } else {
2011                                 scsidir = MPI_SCSIIO_CONTROL_READ;
2012                                 dataSize = karg.dataInSize;
2013                         }
2014
2015                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
2016                         pScsiReq->DataLength = cpu_to_le32(dataSize);
2017
2018                         ioc->ioctl->reset = MPTCTL_RESET_OK;
2019                         ioc->ioctl->id = pScsiReq->TargetID;
2020                 } else {
2021                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2022                                 "SCSI driver is not loaded. \n",
2023                                 ioc->name, __FILE__, __LINE__);
2024                         rc = -EFAULT;
2025                         goto done_free_mem;
2026                 }
2027                 break;
2028
2029         case MPI_FUNCTION_SCSI_TASK_MGMT:
2030                 {
2031                         MPT_SCSI_HOST *hd = NULL;
2032                         if ((ioc->sh == NULL) || ((hd = shost_priv(ioc->sh)) == NULL)) {
2033                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2034                                         "SCSI driver not loaded or SCSI host not found. \n",
2035                                         ioc->name, __FILE__, __LINE__);
2036                                 rc = -EFAULT;
2037                                 goto done_free_mem;
2038                         } else if (mptctl_set_tm_flags(hd) != 0) {
2039                                 rc = -EPERM;
2040                                 goto done_free_mem;
2041                         }
2042                 }
2043                 break;
2044
2045         case MPI_FUNCTION_IOC_INIT:
2046                 {
2047                         IOCInit_t       *pInit = (IOCInit_t *) mf;
2048                         u32             high_addr, sense_high;
2049
2050                         /* Verify that all entries in the IOC INIT match
2051                          * existing setup (and in LE format).
2052                          */
2053                         if (sizeof(dma_addr_t) == sizeof(u64)) {
2054                                 high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2055                                 sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2056                         } else {
2057                                 high_addr = 0;
2058                                 sense_high= 0;
2059                         }
2060
2061                         if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2062                                 (pInit->MaxBuses != ioc->facts.MaxBuses) ||
2063                                 (pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2064                                 (pInit->HostMfaHighAddr != high_addr) ||
2065                                 (pInit->SenseBufferHighAddr != sense_high)) {
2066                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2067                                         "IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2068                                         ioc->name, __FILE__, __LINE__);
2069                                 rc = -EFAULT;
2070                                 goto done_free_mem;
2071                         }
2072                 }
2073                 break;
2074         default:
2075                 /*
2076                  * MPI_FUNCTION_PORT_ENABLE
2077                  * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2078                  * MPI_FUNCTION_TARGET_ASSIST
2079                  * MPI_FUNCTION_TARGET_STATUS_SEND
2080                  * MPI_FUNCTION_TARGET_MODE_ABORT
2081                  * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2082                  * MPI_FUNCTION_IO_UNIT_RESET
2083                  * MPI_FUNCTION_HANDSHAKE
2084                  * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2085                  * MPI_FUNCTION_EVENT_NOTIFICATION
2086                  *  (driver handles event notification)
2087                  * MPI_FUNCTION_EVENT_ACK
2088                  */
2089
2090                 /*  What to do with these???  CHECK ME!!!
2091                         MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2092                         MPI_FUNCTION_FC_LINK_SRVC_RSP
2093                         MPI_FUNCTION_FC_ABORT
2094                         MPI_FUNCTION_LAN_SEND
2095                         MPI_FUNCTION_LAN_RECEIVE
2096                         MPI_FUNCTION_LAN_RESET
2097                 */
2098
2099                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2100                         "Illegal request (function 0x%x) \n",
2101                         ioc->name, __FILE__, __LINE__, hdr->Function);
2102                 rc = -EFAULT;
2103                 goto done_free_mem;
2104         }
2105
2106         /* Add the SGL ( at most one data in SGE and one data out SGE )
2107          * In the case of two SGE's - the data out (write) will always
2108          * preceede the data in (read) SGE. psgList is used to free the
2109          * allocated memory.
2110          */
2111         psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2112         flagsLength = 0;
2113
2114         if (karg.dataOutSize > 0)
2115                 sgSize ++;
2116
2117         if (karg.dataInSize > 0)
2118                 sgSize ++;
2119
2120         if (sgSize > 0) {
2121
2122                 /* Set up the dataOut memory allocation */
2123                 if (karg.dataOutSize > 0) {
2124                         if (karg.dataInSize > 0) {
2125                                 flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2126                                                 MPI_SGE_FLAGS_END_OF_BUFFER |
2127                                                 MPI_SGE_FLAGS_DIRECTION |
2128                                                 mpt_addr_size() )
2129                                                 << MPI_SGE_FLAGS_SHIFT;
2130                         } else {
2131                                 flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2132                         }
2133                         flagsLength |= karg.dataOutSize;
2134                         bufOut.len = karg.dataOutSize;
2135                         bufOut.kptr = pci_alloc_consistent(
2136                                         ioc->pcidev, bufOut.len, &dma_addr_out);
2137
2138                         if (bufOut.kptr == NULL) {
2139                                 rc = -ENOMEM;
2140                                 goto done_free_mem;
2141                         } else {
2142                                 /* Set up this SGE.
2143                                  * Copy to MF and to sglbuf
2144                                  */
2145                                 mpt_add_sge(psge, flagsLength, dma_addr_out);
2146                                 psge += (sizeof(u32) + sizeof(dma_addr_t));
2147
2148                                 /* Copy user data to kernel space.
2149                                  */
2150                                 if (copy_from_user(bufOut.kptr,
2151                                                 karg.dataOutBufPtr,
2152                                                 bufOut.len)) {
2153                                         printk(MYIOC_s_ERR_FMT
2154                                                 "%s@%d::mptctl_do_mpt_command - Unable "
2155                                                 "to read user data "
2156                                                 "struct @ %p\n",
2157                                                 ioc->name, __FILE__, __LINE__,karg.dataOutBufPtr);
2158                                         rc =  -EFAULT;
2159                                         goto done_free_mem;
2160                                 }
2161                         }
2162                 }
2163
2164                 if (karg.dataInSize > 0) {
2165                         flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2166                         flagsLength |= karg.dataInSize;
2167
2168                         bufIn.len = karg.dataInSize;
2169                         bufIn.kptr = pci_alloc_consistent(ioc->pcidev,
2170                                         bufIn.len, &dma_addr_in);
2171
2172                         if (bufIn.kptr == NULL) {
2173                                 rc = -ENOMEM;
2174                                 goto done_free_mem;
2175                         } else {
2176                                 /* Set up this SGE
2177                                  * Copy to MF and to sglbuf
2178                                  */
2179                                 mpt_add_sge(psge, flagsLength, dma_addr_in);
2180                         }
2181                 }
2182         } else  {
2183                 /* Add a NULL SGE
2184                  */
2185                 mpt_add_sge(psge, flagsLength, (dma_addr_t) -1);
2186         }
2187
2188         ioc->ioctl->wait_done = 0;
2189         if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2190
2191                 DBG_DUMP_TM_REQUEST_FRAME(ioc, (u32 *)mf);
2192
2193                 if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
2194                     (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
2195                         mpt_put_msg_frame_hi_pri(mptctl_id, ioc, mf);
2196                 else {
2197                         rc =mpt_send_handshake_request(mptctl_id, ioc,
2198                                 sizeof(SCSITaskMgmt_t), (u32*)mf, CAN_SLEEP);
2199                         if (rc != 0) {
2200                                 dfailprintk(ioc, printk(MYIOC_s_ERR_FMT
2201                                     "_send_handshake FAILED! (ioc %p, mf %p)\n",
2202                                     ioc->name, ioc, mf));
2203                                 mptctl_free_tm_flags(ioc);
2204                                 rc = -ENODATA;
2205                                 goto done_free_mem;
2206                         }
2207                 }
2208
2209         } else
2210                 mpt_put_msg_frame(mptctl_id, ioc, mf);
2211
2212         /* Now wait for the command to complete */
2213         timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2214         timeout = wait_event_timeout(mptctl_wait,
2215              ioc->ioctl->wait_done == 1,
2216              HZ*timeout);
2217
2218         if(timeout <=0 && (ioc->ioctl->wait_done != 1 )) {
2219         /* Now we need to reset the board */
2220
2221                 if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT)
2222                         mptctl_free_tm_flags(ioc);
2223
2224                 mptctl_timeout_expired(ioc->ioctl);
2225                 rc = -ENODATA;
2226                 goto done_free_mem;
2227         }
2228
2229         mf = NULL;
2230
2231         /* If a valid reply frame, copy to the user.
2232          * Offset 2: reply length in U32's
2233          */
2234         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID) {
2235                 if (karg.maxReplyBytes < ioc->reply_sz) {
2236                          sz = min(karg.maxReplyBytes, 4*ioc->ioctl->ReplyFrame[2]);
2237                 } else {
2238                          sz = min(ioc->reply_sz, 4*ioc->ioctl->ReplyFrame[2]);
2239                 }
2240
2241                 if (sz > 0) {
2242                         if (copy_to_user(karg.replyFrameBufPtr,
2243                                  &ioc->ioctl->ReplyFrame, sz)){
2244                                  printk(MYIOC_s_ERR_FMT
2245                                      "%s@%d::mptctl_do_mpt_command - "
2246                                  "Unable to write out reply frame %p\n",
2247                                  ioc->name, __FILE__, __LINE__, karg.replyFrameBufPtr);
2248                                  rc =  -ENODATA;
2249                                  goto done_free_mem;
2250                         }
2251                 }
2252         }
2253
2254         /* If valid sense data, copy to user.
2255          */
2256         if (ioc->ioctl->status & MPT_IOCTL_STATUS_SENSE_VALID) {
2257                 sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2258                 if (sz > 0) {
2259                         if (copy_to_user(karg.senseDataPtr, ioc->ioctl->sense, sz)) {
2260                                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2261                                 "Unable to write sense data to user %p\n",
2262                                 ioc->name, __FILE__, __LINE__,
2263                                 karg.senseDataPtr);
2264                                 rc =  -ENODATA;
2265                                 goto done_free_mem;
2266                         }
2267                 }
2268         }
2269
2270         /* If the overall status is _GOOD and data in, copy data
2271          * to user.
2272          */
2273         if ((ioc->ioctl->status & MPT_IOCTL_STATUS_COMMAND_GOOD) &&
2274                                 (karg.dataInSize > 0) && (bufIn.kptr)) {
2275
2276                 if (copy_to_user(karg.dataInBufPtr,
2277                                  bufIn.kptr, karg.dataInSize)) {
2278                         printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2279                                 "Unable to write data to user %p\n",
2280                                 ioc->name, __FILE__, __LINE__,
2281                                 karg.dataInBufPtr);
2282                         rc =  -ENODATA;
2283                 }
2284         }
2285
2286 done_free_mem:
2287
2288         ioc->ioctl->status &= ~(MPT_IOCTL_STATUS_COMMAND_GOOD |
2289                 MPT_IOCTL_STATUS_SENSE_VALID |
2290                 MPT_IOCTL_STATUS_RF_VALID );
2291
2292         /* Free the allocated memory.
2293          */
2294         if (bufOut.kptr != NULL) {
2295                 pci_free_consistent(ioc->pcidev,
2296                         bufOut.len, (void *) bufOut.kptr, dma_addr_out);
2297         }
2298
2299         if (bufIn.kptr != NULL) {
2300                 pci_free_consistent(ioc->pcidev,
2301                         bufIn.len, (void *) bufIn.kptr, dma_addr_in);
2302         }
2303
2304         /* mf is null if command issued successfully
2305          * otherwise, failure occured after mf acquired.
2306          */
2307         if (mf)
2308                 mpt_free_msg_frame(ioc, mf);
2309
2310         return rc;
2311 }
2312
2313 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2314 /* Prototype Routine for the HOST INFO command.
2315  *
2316  * Outputs:     None.
2317  * Return:      0 if successful
2318  *              -EFAULT if data unavailable
2319  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2320  *              -ENODEV if no such device/adapter
2321  *              -ETIME  if timer expires
2322  *              -ENOMEM if memory allocation error
2323  */
2324 static int
2325 mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size)
2326 {
2327         hp_host_info_t  __user *uarg = (void __user *) arg;
2328         MPT_ADAPTER             *ioc;
2329         struct pci_dev          *pdev;
2330         char                    *pbuf=NULL;
2331         dma_addr_t              buf_dma;
2332         hp_host_info_t          karg;
2333         CONFIGPARMS             cfg;
2334         ConfigPageHeader_t      hdr;
2335         int                     iocnum;
2336         int                     rc, cim_rev;
2337         ToolboxIstwiReadWriteRequest_t  *IstwiRWRequest;
2338         MPT_FRAME_HDR           *mf = NULL;
2339         MPIHeader_t             *mpi_hdr;
2340
2341         /* Reset long to int. Should affect IA64 and SPARC only
2342          */
2343         if (data_size == sizeof(hp_host_info_t))
2344                 cim_rev = 1;
2345         else if (data_size == sizeof(hp_host_info_rev0_t))
2346                 cim_rev = 0;    /* obsolete */
2347         else
2348                 return -EFAULT;
2349
2350         if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2351                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_host_info - "
2352                         "Unable to read in hp_host_info struct @ %p\n",
2353                                 __FILE__, __LINE__, uarg);
2354                 return -EFAULT;
2355         }
2356
2357         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2358             (ioc == NULL)) {
2359                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_hostinfo() @%d - ioc%d not found!\n",
2360                                 __FILE__, __LINE__, iocnum);
2361                 return -ENODEV;
2362         }
2363         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n",
2364             ioc->name));
2365
2366         /* Fill in the data and return the structure to the calling
2367          * program
2368          */
2369         pdev = (struct pci_dev *) ioc->pcidev;
2370
2371         karg.vendor = pdev->vendor;
2372         karg.device = pdev->device;
2373         karg.subsystem_id = pdev->subsystem_device;
2374         karg.subsystem_vendor = pdev->subsystem_vendor;
2375         karg.devfn = pdev->devfn;
2376         karg.bus = pdev->bus->number;
2377
2378         /* Save the SCSI host no. if
2379          * SCSI driver loaded
2380          */
2381         if (ioc->sh != NULL)
2382                 karg.host_no = ioc->sh->host_no;
2383         else
2384                 karg.host_no =  -1;
2385
2386         /* Reformat the fw_version into a string
2387          */
2388         karg.fw_version[0] = ioc->facts.FWVersion.Struct.Major >= 10 ?
2389                 ((ioc->facts.FWVersion.Struct.Major / 10) + '0') : '0';
2390         karg.fw_version[1] = (ioc->facts.FWVersion.Struct.Major % 10 ) + '0';
2391         karg.fw_version[2] = '.';
2392         karg.fw_version[3] = ioc->facts.FWVersion.Struct.Minor >= 10 ?
2393                 ((ioc->facts.FWVersion.Struct.Minor / 10) + '0') : '0';
2394         karg.fw_version[4] = (ioc->facts.FWVersion.Struct.Minor % 10 ) + '0';
2395         karg.fw_version[5] = '.';
2396         karg.fw_version[6] = ioc->facts.FWVersion.Struct.Unit >= 10 ?
2397                 ((ioc->facts.FWVersion.Struct.Unit / 10) + '0') : '0';
2398         karg.fw_version[7] = (ioc->facts.FWVersion.Struct.Unit % 10 ) + '0';
2399         karg.fw_version[8] = '.';
2400         karg.fw_version[9] = ioc->facts.FWVersion.Struct.Dev >= 10 ?
2401                 ((ioc->facts.FWVersion.Struct.Dev / 10) + '0') : '0';
2402         karg.fw_version[10] = (ioc->facts.FWVersion.Struct.Dev % 10 ) + '0';
2403         karg.fw_version[11] = '\0';
2404
2405         /* Issue a config request to get the device serial number
2406          */
2407         hdr.PageVersion = 0;
2408         hdr.PageLength = 0;
2409         hdr.PageNumber = 0;
2410         hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2411         cfg.cfghdr.hdr = &hdr;
2412         cfg.physAddr = -1;
2413         cfg.pageAddr = 0;
2414         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2415         cfg.dir = 0;    /* read */
2416         cfg.timeout = 10;
2417
2418         strncpy(karg.serial_number, " ", 24);
2419         if (mpt_config(ioc, &cfg) == 0) {
2420                 if (cfg.cfghdr.hdr->PageLength > 0) {
2421                         /* Issue the second config page request */
2422                         cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2423
2424                         pbuf = pci_alloc_consistent(ioc->pcidev, hdr.PageLength * 4, &buf_dma);
2425                         if (pbuf) {
2426                                 cfg.physAddr = buf_dma;
2427                                 if (mpt_config(ioc, &cfg) == 0) {
2428                                         ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2429                                         if (strlen(pdata->BoardTracerNumber) > 1) {
2430                                                 strncpy(karg.serial_number,                                                                         pdata->BoardTracerNumber, 24);
2431                                                 karg.serial_number[24-1]='\0';
2432                                         }
2433                                 }
2434                                 pci_free_consistent(ioc->pcidev, hdr.PageLength * 4, pbuf, buf_dma);
2435                                 pbuf = NULL;
2436                         }
2437                 }
2438         }
2439         rc = mpt_GetIocState(ioc, 1);
2440         switch (rc) {
2441         case MPI_IOC_STATE_OPERATIONAL:
2442                 karg.ioc_status =  HP_STATUS_OK;
2443                 break;
2444
2445         case MPI_IOC_STATE_FAULT:
2446                 karg.ioc_status =  HP_STATUS_FAILED;
2447                 break;
2448
2449         case MPI_IOC_STATE_RESET:
2450         case MPI_IOC_STATE_READY:
2451         default:
2452                 karg.ioc_status =  HP_STATUS_OTHER;
2453                 break;
2454         }
2455
2456         karg.base_io_addr = pci_resource_start(pdev, 0);
2457
2458         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2459                 karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2460         else
2461                 karg.bus_phys_width = HP_BUS_WIDTH_16;
2462
2463         karg.hard_resets = 0;
2464         karg.soft_resets = 0;
2465         karg.timeouts = 0;
2466         if (ioc->sh != NULL) {
2467                 MPT_SCSI_HOST *hd =  shost_priv(ioc->sh);
2468
2469                 if (hd && (cim_rev == 1)) {
2470                         karg.hard_resets = hd->hard_resets;
2471                         karg.soft_resets = hd->soft_resets;
2472                         karg.timeouts = hd->timeouts;
2473                 }
2474         }
2475
2476         /* 
2477          * Gather ISTWI(Industry Standard Two Wire Interface) Data
2478          */
2479         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2480                 dfailprintk(ioc, printk(MYIOC_s_WARN_FMT "%s, no msg frames!!\n",
2481                     ioc->name,__FUNCTION__));
2482                 goto out;
2483         }
2484
2485         IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2486         mpi_hdr = (MPIHeader_t *) mf;
2487         memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2488         IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2489         IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2490         IstwiRWRequest->MsgContext = mpi_hdr->MsgContext;
2491         IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2492         IstwiRWRequest->NumAddressBytes = 0x01;
2493         IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2494         if (pdev->devfn & 1)
2495                 IstwiRWRequest->DeviceAddr = 0xB2;
2496         else
2497                 IstwiRWRequest->DeviceAddr = 0xB0;
2498
2499         pbuf = pci_alloc_consistent(ioc->pcidev, 4, &buf_dma);
2500         if (!pbuf)
2501                 goto out;
2502         mpt_add_sge((char *)&IstwiRWRequest->SGL,
2503             (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2504
2505         ioc->ioctl->wait_done = 0;
2506         mpt_put_msg_frame(mptctl_id, ioc, mf);
2507
2508         rc = wait_event_timeout(mptctl_wait,
2509              ioc->ioctl->wait_done == 1,
2510              HZ*MPT_IOCTL_DEFAULT_TIMEOUT /* 10 sec */);
2511
2512         if(rc <=0 && (ioc->ioctl->wait_done != 1 )) {
2513                 /*
2514                  * Now we need to reset the board
2515                  */
2516                 mpt_free_msg_frame(ioc, mf);
2517                 mptctl_timeout_expired(ioc->ioctl);
2518                 goto out;
2519         }
2520
2521         /*
2522          *ISTWI Data Definition
2523          * pbuf[0] = FW_VERSION = 0x4
2524          * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2525          *  the config, you should be seeing one out of these three values
2526          * pbuf[2] = Drive Installed Map = bit pattern depend on which
2527          *   bays have drives in them
2528          * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2529          */
2530         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID)
2531                 karg.rsvd = *(u32 *)pbuf;
2532
2533  out:
2534         if (pbuf)
2535                 pci_free_consistent(ioc->pcidev, 4, pbuf, buf_dma);
2536
2537         /* Copy the data from kernel memory to user memory
2538          */
2539         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2540                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hpgethostinfo - "
2541                         "Unable to write out hp_host_info @ %p\n",
2542                         ioc->name, __FILE__, __LINE__, uarg);
2543                 return -EFAULT;
2544         }
2545
2546         return 0;
2547
2548 }
2549
2550 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2551 /* Prototype Routine for the TARGET INFO command.
2552  *
2553  * Outputs:     None.
2554  * Return:      0 if successful
2555  *              -EFAULT if data unavailable
2556  *              -EBUSY  if previous command timeout and IOC reset is not complete.
2557  *              -ENODEV if no such device/adapter
2558  *              -ETIME  if timer expires
2559  *              -ENOMEM if memory allocation error
2560  */
2561 static int
2562 mptctl_hp_targetinfo(unsigned long arg)
2563 {
2564         hp_target_info_t __user *uarg = (void __user *) arg;
2565         SCSIDevicePage0_t       *pg0_alloc;
2566         SCSIDevicePage3_t       *pg3_alloc;
2567         MPT_ADAPTER             *ioc;
2568         MPT_SCSI_HOST           *hd = NULL;
2569         hp_target_info_t        karg;
2570         int                     iocnum;
2571         int                     data_sz;
2572         dma_addr_t              page_dma;
2573         CONFIGPARMS             cfg;
2574         ConfigPageHeader_t      hdr;
2575         int                     tmp, np, rc = 0;
2576
2577         if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2578                 printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_targetinfo - "
2579                         "Unable to read in hp_host_targetinfo struct @ %p\n",
2580                                 __FILE__, __LINE__, uarg);
2581                 return -EFAULT;
2582         }
2583
2584         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2585                 (ioc == NULL)) {
2586                 printk(KERN_DEBUG MYNAM "%s::mptctl_hp_targetinfo() @%d - ioc%d not found!\n",
2587                                 __FILE__, __LINE__, iocnum);
2588                 return -ENODEV;
2589         }
2590         dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n",
2591             ioc->name));
2592
2593         /*  There is nothing to do for FCP parts.
2594          */
2595         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2596                 return 0;
2597
2598         if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2599                 return 0;
2600
2601         if (ioc->sh->host_no != karg.hdr.host)
2602                 return -ENODEV;
2603
2604        /* Get the data transfer speeds
2605         */
2606         data_sz = ioc->spi_data.sdp0length * 4;
2607         pg0_alloc = (SCSIDevicePage0_t *) pci_alloc_consistent(ioc->pcidev, data_sz, &page_dma);
2608         if (pg0_alloc) {
2609                 hdr.PageVersion = ioc->spi_data.sdp0version;
2610                 hdr.PageLength = data_sz;
2611                 hdr.PageNumber = 0;
2612                 hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2613
2614                 cfg.cfghdr.hdr = &hdr;
2615                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2616                 cfg.dir = 0;
2617                 cfg.timeout = 0;
2618                 cfg.physAddr = page_dma;
2619
2620                 cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2621
2622                 if ((rc = mpt_config(ioc, &cfg)) == 0) {
2623                         np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2624                         karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2625                                         HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2626
2627                         if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2628                                 tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2629                                 if (tmp < 0x09)
2630                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2631                                 else if (tmp <= 0x09)
2632                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2633                                 else if (tmp <= 0x0A)
2634                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2635                                 else if (tmp <= 0x0C)
2636                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2637                                 else if (tmp <= 0x25)
2638                                         karg.negotiated_speed = HP_DEV_SPEED_FAST;
2639                                 else
2640                                         karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2641                         } else
2642                                 karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2643                 }
2644
2645                 pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg0_alloc, page_dma);
2646         }
2647
2648         /* Set defaults
2649          */
2650         karg.message_rejects = -1;
2651         karg.phase_errors = -1;
2652         karg.parity_errors = -1;
2653         karg.select_timeouts = -1;
2654
2655         /* Get the target error parameters
2656          */
2657         hdr.PageVersion = 0;
2658         hdr.PageLength = 0;
2659         hdr.PageNumber = 3;
2660         hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2661
2662         cfg.cfghdr.hdr = &hdr;
2663         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2664         cfg.dir = 0;
2665         cfg.timeout = 0;
2666         cfg.physAddr = -1;
2667         if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2668                 /* Issue the second config page request */
2669                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2670                 data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2671                 pg3_alloc = (SCSIDevicePage3_t *) pci_alloc_consistent(
2672                                                         ioc->pcidev, data_sz, &page_dma);
2673                 if (pg3_alloc) {
2674                         cfg.physAddr = page_dma;
2675                         cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2676                         if ((rc = mpt_config(ioc, &cfg)) == 0) {
2677                                 karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2678                                 karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2679                                 karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2680                         }
2681                         pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg3_alloc, page_dma);
2682                 }
2683         }
2684         hd = shost_priv(ioc->sh);
2685         if (hd != NULL)
2686                 karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2687
2688         /* Copy the data from kernel memory to user memory
2689          */
2690         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2691                 printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hp_target_info - "
2692                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2693                         ioc->name, __FILE__, __LINE__, uarg);
2694                 return -EFAULT;
2695         }
2696
2697         return 0;
2698 }
2699
2700 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2701
2702 static const struct file_operations mptctl_fops = {
2703         .owner =        THIS_MODULE,
2704         .llseek =       no_llseek,
2705         .release =      mptctl_release,
2706         .fasync =       mptctl_fasync,
2707         .unlocked_ioctl = mptctl_ioctl,
2708 #ifdef CONFIG_COMPAT
2709         .compat_ioctl = compat_mpctl_ioctl,
2710 #endif
2711 };
2712
2713 static struct miscdevice mptctl_miscdev = {
2714         MPT_MINOR,
2715         MYNAM,
2716         &mptctl_fops
2717 };
2718
2719 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2720
2721 #ifdef CONFIG_COMPAT
2722
2723 static int
2724 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2725                         unsigned long arg)
2726 {
2727         struct mpt_fw_xfer32 kfw32;
2728         struct mpt_fw_xfer kfw;
2729         MPT_ADAPTER *iocp = NULL;
2730         int iocnum, iocnumX;
2731         int nonblock = (filp->f_flags & O_NONBLOCK);
2732         int ret;
2733
2734
2735         if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2736                 return -EFAULT;
2737
2738         /* Verify intended MPT adapter */
2739         iocnumX = kfw32.iocnum & 0xFF;
2740         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2741             (iocp == NULL)) {
2742                 printk(KERN_DEBUG MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2743                         __LINE__, iocnumX);
2744                 return -ENODEV;
2745         }
2746
2747         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2748                 return ret;
2749
2750         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mptfwxfer_ioctl() called\n",
2751             iocp->name));
2752         kfw.iocnum = iocnum;
2753         kfw.fwlen = kfw32.fwlen;
2754         kfw.bufp = compat_ptr(kfw32.bufp);
2755
2756         ret = mptctl_do_fw_download(kfw.iocnum, kfw.bufp, kfw.fwlen);
2757
2758         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2759
2760         return ret;
2761 }
2762
2763 static int
2764 compat_mpt_command(struct file *filp, unsigned int cmd,
2765                         unsigned long arg)
2766 {
2767         struct mpt_ioctl_command32 karg32;
2768         struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2769         struct mpt_ioctl_command karg;
2770         MPT_ADAPTER *iocp = NULL;
2771         int iocnum, iocnumX;
2772         int nonblock = (filp->f_flags & O_NONBLOCK);
2773         int ret;
2774
2775         if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2776                 return -EFAULT;
2777
2778         /* Verify intended MPT adapter */
2779         iocnumX = karg32.hdr.iocnum & 0xFF;
2780         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2781             (iocp == NULL)) {
2782                 printk(KERN_DEBUG MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2783                         __LINE__, iocnumX);
2784                 return -ENODEV;
2785         }
2786
2787         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2788                 return ret;
2789
2790         dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mpt_command() called\n",
2791             iocp->name));
2792         /* Copy data to karg */
2793         karg.hdr.iocnum = karg32.hdr.iocnum;
2794         karg.hdr.port = karg32.hdr.port;
2795         karg.timeout = karg32.timeout;
2796         karg.maxReplyBytes = karg32.maxReplyBytes;
2797
2798         karg.dataInSize = karg32.dataInSize;
2799         karg.dataOutSize = karg32.dataOutSize;
2800         karg.maxSenseBytes = karg32.maxSenseBytes;
2801         karg.dataSgeOffset = karg32.dataSgeOffset;
2802
2803         karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2804         karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2805         karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2806         karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2807
2808         /* Pass new structure to do_mpt_command
2809          */
2810         ret = mptctl_do_mpt_command (karg, &uarg->MF);
2811
2812         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2813
2814         return ret;
2815 }
2816
2817 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2818 {
2819         long ret;
2820         lock_kernel();
2821         switch (cmd) {
2822         case MPTIOCINFO:
2823         case MPTIOCINFO1:
2824         case MPTIOCINFO2:
2825         case MPTTARGETINFO:
2826         case MPTEVENTQUERY:
2827         case MPTEVENTENABLE:
2828         case MPTEVENTREPORT:
2829         case MPTHARDRESET:
2830         case HP_GETHOSTINFO:
2831         case HP_GETTARGETINFO:
2832         case MPTTEST:
2833                 ret = __mptctl_ioctl(f, cmd, arg);
2834                 break;
2835         case MPTCOMMAND32:
2836                 ret = compat_mpt_command(f, cmd, arg);
2837                 break;
2838         case MPTFWDOWNLOAD32:
2839                 ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2840                 break;
2841         default:
2842                 ret = -ENOIOCTLCMD;
2843                 break;
2844         }
2845         unlock_kernel();
2846         return ret;
2847 }
2848
2849 #endif
2850
2851
2852 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2853 /*
2854  *      mptctl_probe - Installs ioctl devices per bus.
2855  *      @pdev: Pointer to pci_dev structure
2856  *
2857  *      Returns 0 for success, non-zero for failure.
2858  *
2859  */
2860
2861 static int
2862 mptctl_probe(struct pci_dev *pdev, const struct pci_device_id *id)
2863 {
2864         MPT_IOCTL *mem;
2865         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2866
2867         /*
2868          * Allocate and inite a MPT_IOCTL structure
2869         */
2870         mem = kzalloc(sizeof(MPT_IOCTL), GFP_KERNEL);
2871         if (!mem) {
2872                 mptctl_remove(pdev);
2873                 return -ENOMEM;
2874         }
2875
2876         ioc->ioctl = mem;
2877         ioc->ioctl->ioc = ioc;
2878         mutex_init(&ioc->ioctl->ioctl_mutex);
2879         return 0;
2880 }
2881
2882 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2883 /*
2884  *      mptctl_remove - Removed ioctl devices
2885  *      @pdev: Pointer to pci_dev structure
2886  *
2887  *
2888  */
2889 static void
2890 mptctl_remove(struct pci_dev *pdev)
2891 {
2892         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2893
2894         kfree ( ioc->ioctl );
2895 }
2896
2897 static struct mpt_pci_driver mptctl_driver = {
2898   .probe                = mptctl_probe,
2899   .remove               = mptctl_remove,
2900 };
2901
2902 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2903 static int __init mptctl_init(void)
2904 {
2905         int err;
2906         int where = 1;
2907
2908         show_mptmod_ver(my_NAME, my_VERSION);
2909
2910         mpt_device_driver_register(&mptctl_driver, MPTCTL_DRIVER);
2911
2912         /* Register this device */
2913         err = misc_register(&mptctl_miscdev);
2914         if (err < 0) {
2915                 printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
2916                 goto out_fail;
2917         }
2918         printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
2919         printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
2920                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2921
2922         /*
2923          *  Install our handler
2924          */
2925         ++where;
2926         mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER);
2927         if (!mptctl_id || mptctl_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2928                 printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2929                 misc_deregister(&mptctl_miscdev);
2930                 err = -EBUSY;
2931                 goto out_fail;
2932         }
2933
2934         mpt_reset_register(mptctl_id, mptctl_ioc_reset);
2935         mpt_event_register(mptctl_id, mptctl_event_process);
2936
2937         return 0;
2938
2939 out_fail:
2940
2941         mpt_device_driver_deregister(MPTCTL_DRIVER);
2942
2943         return err;
2944 }
2945
2946 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2947 static void mptctl_exit(void)
2948 {
2949         misc_deregister(&mptctl_miscdev);
2950         printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
2951                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2952
2953         /* De-register reset handler from base module */
2954         mpt_reset_deregister(mptctl_id);
2955
2956         /* De-register callback handler from base module */
2957         mpt_deregister(mptctl_id);
2958
2959         mpt_device_driver_deregister(MPTCTL_DRIVER);
2960
2961 }
2962
2963 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2964
2965 module_init(mptctl_init);
2966 module_exit(mptctl_exit);