Staging: comedi: Move a dereference below a NULL test
[linux-2.6] / drivers / scsi / libsrp.c
1 /*
2  * SCSI RDAM Protocol lib functions
3  *
4  * Copyright (C) 2006 FUJITA Tomonori <tomof@acm.org>
5  *
6  * This program is free software; you can redistribute it and/or
7  * modify it under the terms of the GNU General Public License as
8  * published by the Free Software Foundation; either version 2 of the
9  * License, or (at your option) any later version.
10  *
11  * This program is distributed in the hope that it will be useful, but
12  * WITHOUT ANY WARRANTY; without even the implied warranty of
13  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
14  * General Public License for more details.
15  *
16  * You should have received a copy of the GNU General Public License
17  * along with this program; if not, write to the Free Software
18  * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
19  * 02110-1301 USA
20  */
21 #include <linux/err.h>
22 #include <linux/kfifo.h>
23 #include <linux/scatterlist.h>
24 #include <linux/dma-mapping.h>
25 #include <scsi/scsi.h>
26 #include <scsi/scsi_cmnd.h>
27 #include <scsi/scsi_tcq.h>
28 #include <scsi/scsi_tgt.h>
29 #include <scsi/srp.h>
30 #include <scsi/libsrp.h>
31
32 enum srp_task_attributes {
33         SRP_SIMPLE_TASK = 0,
34         SRP_HEAD_TASK = 1,
35         SRP_ORDERED_TASK = 2,
36         SRP_ACA_TASK = 4
37 };
38
39 /* tmp - will replace with SCSI logging stuff */
40 #define eprintk(fmt, args...)                                   \
41 do {                                                            \
42         printk("%s(%d) " fmt, __func__, __LINE__, ##args);      \
43 } while (0)
44 /* #define dprintk eprintk */
45 #define dprintk(fmt, args...)
46
47 static int srp_iu_pool_alloc(struct srp_queue *q, size_t max,
48                              struct srp_buf **ring)
49 {
50         int i;
51         struct iu_entry *iue;
52
53         q->pool = kcalloc(max, sizeof(struct iu_entry *), GFP_KERNEL);
54         if (!q->pool)
55                 return -ENOMEM;
56         q->items = kcalloc(max, sizeof(struct iu_entry), GFP_KERNEL);
57         if (!q->items)
58                 goto free_pool;
59
60         spin_lock_init(&q->lock);
61         q->queue = kfifo_init((void *) q->pool, max * sizeof(void *),
62                               GFP_KERNEL, &q->lock);
63         if (IS_ERR(q->queue))
64                 goto free_item;
65
66         for (i = 0, iue = q->items; i < max; i++) {
67                 __kfifo_put(q->queue, (void *) &iue, sizeof(void *));
68                 iue->sbuf = ring[i];
69                 iue++;
70         }
71         return 0;
72
73 free_item:
74         kfree(q->items);
75 free_pool:
76         kfree(q->pool);
77         return -ENOMEM;
78 }
79
80 static void srp_iu_pool_free(struct srp_queue *q)
81 {
82         kfree(q->items);
83         kfree(q->pool);
84 }
85
86 static struct srp_buf **srp_ring_alloc(struct device *dev,
87                                        size_t max, size_t size)
88 {
89         int i;
90         struct srp_buf **ring;
91
92         ring = kcalloc(max, sizeof(struct srp_buf *), GFP_KERNEL);
93         if (!ring)
94                 return NULL;
95
96         for (i = 0; i < max; i++) {
97                 ring[i] = kzalloc(sizeof(struct srp_buf), GFP_KERNEL);
98                 if (!ring[i])
99                         goto out;
100                 ring[i]->buf = dma_alloc_coherent(dev, size, &ring[i]->dma,
101                                                   GFP_KERNEL);
102                 if (!ring[i]->buf)
103                         goto out;
104         }
105         return ring;
106
107 out:
108         for (i = 0; i < max && ring[i]; i++) {
109                 if (ring[i]->buf)
110                         dma_free_coherent(dev, size, ring[i]->buf, ring[i]->dma);
111                 kfree(ring[i]);
112         }
113         kfree(ring);
114
115         return NULL;
116 }
117
118 static void srp_ring_free(struct device *dev, struct srp_buf **ring, size_t max,
119                           size_t size)
120 {
121         int i;
122
123         for (i = 0; i < max; i++) {
124                 dma_free_coherent(dev, size, ring[i]->buf, ring[i]->dma);
125                 kfree(ring[i]);
126         }
127 }
128
129 int srp_target_alloc(struct srp_target *target, struct device *dev,
130                      size_t nr, size_t iu_size)
131 {
132         int err;
133
134         spin_lock_init(&target->lock);
135         INIT_LIST_HEAD(&target->cmd_queue);
136
137         target->dev = dev;
138         target->dev->driver_data = target;
139
140         target->srp_iu_size = iu_size;
141         target->rx_ring_size = nr;
142         target->rx_ring = srp_ring_alloc(target->dev, nr, iu_size);
143         if (!target->rx_ring)
144                 return -ENOMEM;
145         err = srp_iu_pool_alloc(&target->iu_queue, nr, target->rx_ring);
146         if (err)
147                 goto free_ring;
148
149         return 0;
150
151 free_ring:
152         srp_ring_free(target->dev, target->rx_ring, nr, iu_size);
153         return -ENOMEM;
154 }
155 EXPORT_SYMBOL_GPL(srp_target_alloc);
156
157 void srp_target_free(struct srp_target *target)
158 {
159         srp_ring_free(target->dev, target->rx_ring, target->rx_ring_size,
160                       target->srp_iu_size);
161         srp_iu_pool_free(&target->iu_queue);
162 }
163 EXPORT_SYMBOL_GPL(srp_target_free);
164
165 struct iu_entry *srp_iu_get(struct srp_target *target)
166 {
167         struct iu_entry *iue = NULL;
168
169         kfifo_get(target->iu_queue.queue, (void *) &iue, sizeof(void *));
170         if (!iue)
171                 return iue;
172         iue->target = target;
173         INIT_LIST_HEAD(&iue->ilist);
174         iue->flags = 0;
175         return iue;
176 }
177 EXPORT_SYMBOL_GPL(srp_iu_get);
178
179 void srp_iu_put(struct iu_entry *iue)
180 {
181         kfifo_put(iue->target->iu_queue.queue, (void *) &iue, sizeof(void *));
182 }
183 EXPORT_SYMBOL_GPL(srp_iu_put);
184
185 static int srp_direct_data(struct scsi_cmnd *sc, struct srp_direct_buf *md,
186                            enum dma_data_direction dir, srp_rdma_t rdma_io,
187                            int dma_map, int ext_desc)
188 {
189         struct iu_entry *iue = NULL;
190         struct scatterlist *sg = NULL;
191         int err, nsg = 0, len;
192
193         if (dma_map) {
194                 iue = (struct iu_entry *) sc->SCp.ptr;
195                 sg = scsi_sglist(sc);
196
197                 dprintk("%p %u %u %d\n", iue, scsi_bufflen(sc),
198                         md->len, scsi_sg_count(sc));
199
200                 nsg = dma_map_sg(iue->target->dev, sg, scsi_sg_count(sc),
201                                  DMA_BIDIRECTIONAL);
202                 if (!nsg) {
203                         printk("fail to map %p %d\n", iue, scsi_sg_count(sc));
204                         return 0;
205                 }
206                 len = min(scsi_bufflen(sc), md->len);
207         } else
208                 len = md->len;
209
210         err = rdma_io(sc, sg, nsg, md, 1, dir, len);
211
212         if (dma_map)
213                 dma_unmap_sg(iue->target->dev, sg, nsg, DMA_BIDIRECTIONAL);
214
215         return err;
216 }
217
218 static int srp_indirect_data(struct scsi_cmnd *sc, struct srp_cmd *cmd,
219                              struct srp_indirect_buf *id,
220                              enum dma_data_direction dir, srp_rdma_t rdma_io,
221                              int dma_map, int ext_desc)
222 {
223         struct iu_entry *iue = NULL;
224         struct srp_direct_buf *md = NULL;
225         struct scatterlist dummy, *sg = NULL;
226         dma_addr_t token = 0;
227         int err = 0;
228         int nmd, nsg = 0, len;
229
230         if (dma_map || ext_desc) {
231                 iue = (struct iu_entry *) sc->SCp.ptr;
232                 sg = scsi_sglist(sc);
233
234                 dprintk("%p %u %u %d %d\n",
235                         iue, scsi_bufflen(sc), id->len,
236                         cmd->data_in_desc_cnt, cmd->data_out_desc_cnt);
237         }
238
239         nmd = id->table_desc.len / sizeof(struct srp_direct_buf);
240
241         if ((dir == DMA_FROM_DEVICE && nmd == cmd->data_in_desc_cnt) ||
242             (dir == DMA_TO_DEVICE && nmd == cmd->data_out_desc_cnt)) {
243                 md = &id->desc_list[0];
244                 goto rdma;
245         }
246
247         if (ext_desc && dma_map) {
248                 md = dma_alloc_coherent(iue->target->dev, id->table_desc.len,
249                                 &token, GFP_KERNEL);
250                 if (!md) {
251                         eprintk("Can't get dma memory %u\n", id->table_desc.len);
252                         return -ENOMEM;
253                 }
254
255                 sg_init_one(&dummy, md, id->table_desc.len);
256                 sg_dma_address(&dummy) = token;
257                 sg_dma_len(&dummy) = id->table_desc.len;
258                 err = rdma_io(sc, &dummy, 1, &id->table_desc, 1, DMA_TO_DEVICE,
259                               id->table_desc.len);
260                 if (err) {
261                         eprintk("Error copying indirect table %d\n", err);
262                         goto free_mem;
263                 }
264         } else {
265                 eprintk("This command uses external indirect buffer\n");
266                 return -EINVAL;
267         }
268
269 rdma:
270         if (dma_map) {
271                 nsg = dma_map_sg(iue->target->dev, sg, scsi_sg_count(sc),
272                                  DMA_BIDIRECTIONAL);
273                 if (!nsg) {
274                         eprintk("fail to map %p %d\n", iue, scsi_sg_count(sc));
275                         err = -EIO;
276                         goto free_mem;
277                 }
278                 len = min(scsi_bufflen(sc), id->len);
279         } else
280                 len = id->len;
281
282         err = rdma_io(sc, sg, nsg, md, nmd, dir, len);
283
284         if (dma_map)
285                 dma_unmap_sg(iue->target->dev, sg, nsg, DMA_BIDIRECTIONAL);
286
287 free_mem:
288         if (token && dma_map)
289                 dma_free_coherent(iue->target->dev, id->table_desc.len, md, token);
290
291         return err;
292 }
293
294 static int data_out_desc_size(struct srp_cmd *cmd)
295 {
296         int size = 0;
297         u8 fmt = cmd->buf_fmt >> 4;
298
299         switch (fmt) {
300         case SRP_NO_DATA_DESC:
301                 break;
302         case SRP_DATA_DESC_DIRECT:
303                 size = sizeof(struct srp_direct_buf);
304                 break;
305         case SRP_DATA_DESC_INDIRECT:
306                 size = sizeof(struct srp_indirect_buf) +
307                         sizeof(struct srp_direct_buf) * cmd->data_out_desc_cnt;
308                 break;
309         default:
310                 eprintk("client error. Invalid data_out_format %x\n", fmt);
311                 break;
312         }
313         return size;
314 }
315
316 /*
317  * TODO: this can be called multiple times for a single command if it
318  * has very long data.
319  */
320 int srp_transfer_data(struct scsi_cmnd *sc, struct srp_cmd *cmd,
321                       srp_rdma_t rdma_io, int dma_map, int ext_desc)
322 {
323         struct srp_direct_buf *md;
324         struct srp_indirect_buf *id;
325         enum dma_data_direction dir;
326         int offset, err = 0;
327         u8 format;
328
329         offset = cmd->add_cdb_len * 4;
330
331         dir = srp_cmd_direction(cmd);
332         if (dir == DMA_FROM_DEVICE)
333                 offset += data_out_desc_size(cmd);
334
335         if (dir == DMA_TO_DEVICE)
336                 format = cmd->buf_fmt >> 4;
337         else
338                 format = cmd->buf_fmt & ((1U << 4) - 1);
339
340         switch (format) {
341         case SRP_NO_DATA_DESC:
342                 break;
343         case SRP_DATA_DESC_DIRECT:
344                 md = (struct srp_direct_buf *)
345                         (cmd->add_data + offset);
346                 err = srp_direct_data(sc, md, dir, rdma_io, dma_map, ext_desc);
347                 break;
348         case SRP_DATA_DESC_INDIRECT:
349                 id = (struct srp_indirect_buf *)
350                         (cmd->add_data + offset);
351                 err = srp_indirect_data(sc, cmd, id, dir, rdma_io, dma_map,
352                                         ext_desc);
353                 break;
354         default:
355                 eprintk("Unknown format %d %x\n", dir, format);
356                 err = -EINVAL;
357         }
358
359         return err;
360 }
361 EXPORT_SYMBOL_GPL(srp_transfer_data);
362
363 static int vscsis_data_length(struct srp_cmd *cmd, enum dma_data_direction dir)
364 {
365         struct srp_direct_buf *md;
366         struct srp_indirect_buf *id;
367         int len = 0, offset = cmd->add_cdb_len * 4;
368         u8 fmt;
369
370         if (dir == DMA_TO_DEVICE)
371                 fmt = cmd->buf_fmt >> 4;
372         else {
373                 fmt = cmd->buf_fmt & ((1U << 4) - 1);
374                 offset += data_out_desc_size(cmd);
375         }
376
377         switch (fmt) {
378         case SRP_NO_DATA_DESC:
379                 break;
380         case SRP_DATA_DESC_DIRECT:
381                 md = (struct srp_direct_buf *) (cmd->add_data + offset);
382                 len = md->len;
383                 break;
384         case SRP_DATA_DESC_INDIRECT:
385                 id = (struct srp_indirect_buf *) (cmd->add_data + offset);
386                 len = id->len;
387                 break;
388         default:
389                 eprintk("invalid data format %x\n", fmt);
390                 break;
391         }
392         return len;
393 }
394
395 int srp_cmd_queue(struct Scsi_Host *shost, struct srp_cmd *cmd, void *info,
396                   u64 itn_id, u64 addr)
397 {
398         enum dma_data_direction dir;
399         struct scsi_cmnd *sc;
400         int tag, len, err;
401
402         switch (cmd->task_attr) {
403         case SRP_SIMPLE_TASK:
404                 tag = MSG_SIMPLE_TAG;
405                 break;
406         case SRP_ORDERED_TASK:
407                 tag = MSG_ORDERED_TAG;
408                 break;
409         case SRP_HEAD_TASK:
410                 tag = MSG_HEAD_TAG;
411                 break;
412         default:
413                 eprintk("Task attribute %d not supported\n", cmd->task_attr);
414                 tag = MSG_ORDERED_TAG;
415         }
416
417         dir = srp_cmd_direction(cmd);
418         len = vscsis_data_length(cmd, dir);
419
420         dprintk("%p %x %lx %d %d %d %llx\n", info, cmd->cdb[0],
421                 cmd->lun, dir, len, tag, (unsigned long long) cmd->tag);
422
423         sc = scsi_host_get_command(shost, dir, GFP_KERNEL);
424         if (!sc)
425                 return -ENOMEM;
426
427         sc->SCp.ptr = info;
428         memcpy(sc->cmnd, cmd->cdb, MAX_COMMAND_SIZE);
429         sc->sdb.length = len;
430         sc->sdb.table.sgl = (void *) (unsigned long) addr;
431         sc->tag = tag;
432         err = scsi_tgt_queue_command(sc, itn_id, (struct scsi_lun *)&cmd->lun,
433                                      cmd->tag);
434         if (err)
435                 scsi_host_put_command(shost, sc);
436
437         return err;
438 }
439 EXPORT_SYMBOL_GPL(srp_cmd_queue);
440
441 MODULE_DESCRIPTION("SCSI RDAM Protocol lib functions");
442 MODULE_AUTHOR("FUJITA Tomonori");
443 MODULE_LICENSE("GPL");