[SCSI] lpfc: fix potential overflow of hbqs array
[linux-2.6] / drivers / block / cpqarray.c
1 /*
2  *    Disk Array driver for Compaq SMART2 Controllers
3  *    Copyright 1998 Compaq Computer Corporation
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; either version 2 of the License, or
8  *    (at your option) any later version.
9  *
10  *    This program is distributed in the hope that it will be useful,
11  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
12  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, GOOD TITLE or
13  *    NON INFRINGEMENT.  See the GNU General Public License for more details.
14  *
15  *    You should have received a copy of the GNU General Public License
16  *    along with this program; if not, write to the Free Software
17  *    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22 #include <linux/module.h>
23 #include <linux/types.h>
24 #include <linux/pci.h>
25 #include <linux/bio.h>
26 #include <linux/interrupt.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/delay.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/blkpg.h>
33 #include <linux/timer.h>
34 #include <linux/proc_fs.h>
35 #include <linux/init.h>
36 #include <linux/hdreg.h>
37 #include <linux/spinlock.h>
38 #include <linux/blkdev.h>
39 #include <linux/genhd.h>
40 #include <asm/uaccess.h>
41 #include <asm/io.h>
42
43
44 #define SMART2_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
45
46 #define DRIVER_NAME "Compaq SMART2 Driver (v 2.6.0)"
47 #define DRIVER_VERSION SMART2_DRIVER_VERSION(2,6,0)
48
49 /* Embedded module documentation macros - see modules.h */
50 /* Original author Chris Frantz - Compaq Computer Corporation */
51 MODULE_AUTHOR("Compaq Computer Corporation");
52 MODULE_DESCRIPTION("Driver for Compaq Smart2 Array Controllers version 2.6.0");
53 MODULE_LICENSE("GPL");
54
55 #include "cpqarray.h"
56 #include "ida_cmd.h"
57 #include "smart1,2.h"
58 #include "ida_ioctl.h"
59
60 #define READ_AHEAD      128
61 #define NR_CMDS         128 /* This could probably go as high as ~400 */
62
63 #define MAX_CTLR        8
64 #define CTLR_SHIFT      8
65
66 #define CPQARRAY_DMA_MASK       0xFFFFFFFF      /* 32 bit DMA */
67
68 static int nr_ctlr;
69 static ctlr_info_t *hba[MAX_CTLR];
70
71 static int eisa[8];
72
73 #define NR_PRODUCTS ARRAY_SIZE(products)
74
75 /*  board_id = Subsystem Device ID & Vendor ID
76  *  product = Marketing Name for the board
77  *  access = Address of the struct of function pointers
78  */
79 static struct board_type products[] = {
80         { 0x0040110E, "IDA",                    &smart1_access },
81         { 0x0140110E, "IDA-2",                  &smart1_access },
82         { 0x1040110E, "IAES",                   &smart1_access },
83         { 0x2040110E, "SMART",                  &smart1_access },
84         { 0x3040110E, "SMART-2/E",              &smart2e_access },
85         { 0x40300E11, "SMART-2/P",              &smart2_access },
86         { 0x40310E11, "SMART-2SL",              &smart2_access },
87         { 0x40320E11, "Smart Array 3200",       &smart2_access },
88         { 0x40330E11, "Smart Array 3100ES",     &smart2_access },
89         { 0x40340E11, "Smart Array 221",        &smart2_access },
90         { 0x40400E11, "Integrated Array",       &smart4_access },
91         { 0x40480E11, "Compaq Raid LC2",        &smart4_access },
92         { 0x40500E11, "Smart Array 4200",       &smart4_access },
93         { 0x40510E11, "Smart Array 4250ES",     &smart4_access },
94         { 0x40580E11, "Smart Array 431",        &smart4_access },
95 };
96
97 /* define the PCI info for the PCI cards this driver can control */
98 static const struct pci_device_id cpqarray_pci_device_id[] =
99 {
100         { PCI_VENDOR_ID_DEC, PCI_DEVICE_ID_COMPAQ_42XX,
101                 0x0E11, 0x4058, 0, 0, 0},       /* SA431 */
102         { PCI_VENDOR_ID_DEC, PCI_DEVICE_ID_COMPAQ_42XX,
103                 0x0E11, 0x4051, 0, 0, 0},      /* SA4250ES */
104         { PCI_VENDOR_ID_DEC, PCI_DEVICE_ID_COMPAQ_42XX,
105                 0x0E11, 0x4050, 0, 0, 0},      /* SA4200 */
106         { PCI_VENDOR_ID_NCR, PCI_DEVICE_ID_NCR_53C1510,
107                 0x0E11, 0x4048, 0, 0, 0},       /* LC2 */
108         { PCI_VENDOR_ID_NCR, PCI_DEVICE_ID_NCR_53C1510,
109                 0x0E11, 0x4040, 0, 0, 0},      /* Integrated Array */
110         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_SMART2P,
111                 0x0E11, 0x4034, 0, 0, 0},       /* SA 221 */
112         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_SMART2P,
113                 0x0E11, 0x4033, 0, 0, 0},       /* SA 3100ES*/
114         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_SMART2P,
115                 0x0E11, 0x4032, 0, 0, 0},       /* SA 3200*/
116         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_SMART2P,
117                 0x0E11, 0x4031, 0, 0, 0},       /* SA 2SL*/
118         { PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_SMART2P,
119                 0x0E11, 0x4030, 0, 0, 0},       /* SA 2P */
120         { 0 }
121 };
122
123 MODULE_DEVICE_TABLE(pci, cpqarray_pci_device_id);
124
125 static struct gendisk *ida_gendisk[MAX_CTLR][NWD];
126
127 /* Debug... */
128 #define DBG(s)  do { s } while(0)
129 /* Debug (general info)... */
130 #define DBGINFO(s) do { } while(0)
131 /* Debug Paranoid... */
132 #define DBGP(s)  do { } while(0)
133 /* Debug Extra Paranoid... */
134 #define DBGPX(s) do { } while(0)
135
136 static int cpqarray_pci_init(ctlr_info_t *c, struct pci_dev *pdev);
137 static void __iomem *remap_pci_mem(ulong base, ulong size);
138 static int cpqarray_eisa_detect(void);
139 static int pollcomplete(int ctlr);
140 static void getgeometry(int ctlr);
141 static void start_fwbk(int ctlr);
142
143 static cmdlist_t * cmd_alloc(ctlr_info_t *h, int get_from_pool);
144 static void cmd_free(ctlr_info_t *h, cmdlist_t *c, int got_from_pool);
145
146 static void free_hba(int i);
147 static int alloc_cpqarray_hba(void);
148
149 static int sendcmd(
150         __u8    cmd,
151         int     ctlr,
152         void    *buff,
153         size_t  size,
154         unsigned int blk,
155         unsigned int blkcnt,
156         unsigned int log_unit );
157
158 static int ida_open(struct inode *inode, struct file *filep);
159 static int ida_release(struct inode *inode, struct file *filep);
160 static int ida_ioctl(struct inode *inode, struct file *filep, unsigned int cmd, unsigned long arg);
161 static int ida_getgeo(struct block_device *bdev, struct hd_geometry *geo);
162 static int ida_ctlr_ioctl(ctlr_info_t *h, int dsk, ida_ioctl_t *io);
163
164 static void do_ida_request(struct request_queue *q);
165 static void start_io(ctlr_info_t *h);
166
167 static inline void addQ(cmdlist_t **Qptr, cmdlist_t *c);
168 static inline cmdlist_t *removeQ(cmdlist_t **Qptr, cmdlist_t *c);
169 static inline void complete_buffers(struct bio *bio, int ok);
170 static inline void complete_command(cmdlist_t *cmd, int timeout);
171
172 static irqreturn_t do_ida_intr(int irq, void *dev_id);
173 static void ida_timer(unsigned long tdata);
174 static int ida_revalidate(struct gendisk *disk);
175 static int revalidate_allvol(ctlr_info_t *host);
176 static int cpqarray_register_ctlr(int ctlr, struct pci_dev *pdev);
177
178 #ifdef CONFIG_PROC_FS
179 static void ida_procinit(int i);
180 static int ida_proc_get_info(char *buffer, char **start, off_t offset, int length, int *eof, void *data);
181 #else
182 static void ida_procinit(int i) {}
183 #endif
184
185 static inline drv_info_t *get_drv(struct gendisk *disk)
186 {
187         return disk->private_data;
188 }
189
190 static inline ctlr_info_t *get_host(struct gendisk *disk)
191 {
192         return disk->queue->queuedata;
193 }
194
195
196 static struct block_device_operations ida_fops  = {
197         .owner          = THIS_MODULE,
198         .open           = ida_open,
199         .release        = ida_release,
200         .ioctl          = ida_ioctl,
201         .getgeo         = ida_getgeo,
202         .revalidate_disk= ida_revalidate,
203 };
204
205
206 #ifdef CONFIG_PROC_FS
207
208 static struct proc_dir_entry *proc_array;
209
210 /*
211  * Get us a file in /proc/array that says something about each controller.
212  * Create /proc/array if it doesn't exist yet.
213  */
214 static void __init ida_procinit(int i)
215 {
216         if (proc_array == NULL) {
217                 proc_array = proc_mkdir("cpqarray", proc_root_driver);
218                 if (!proc_array) return;
219         }
220
221         create_proc_read_entry(hba[i]->devname, 0, proc_array,
222                                ida_proc_get_info, hba[i]);
223 }
224
225 /*
226  * Report information about this controller.
227  */
228 static int ida_proc_get_info(char *buffer, char **start, off_t offset, int length, int *eof, void *data)
229 {
230         off_t pos = 0;
231         off_t len = 0;
232         int size, i, ctlr;
233         ctlr_info_t *h = (ctlr_info_t*)data;
234         drv_info_t *drv;
235 #ifdef CPQ_PROC_PRINT_QUEUES
236         cmdlist_t *c;
237         unsigned long flags;
238 #endif
239
240         ctlr = h->ctlr;
241         size = sprintf(buffer, "%s:  Compaq %s Controller\n"
242                 "       Board ID: 0x%08lx\n"
243                 "       Firmware Revision: %c%c%c%c\n"
244                 "       Controller Sig: 0x%08lx\n"
245                 "       Memory Address: 0x%08lx\n"
246                 "       I/O Port: 0x%04x\n"
247                 "       IRQ: %d\n"
248                 "       Logical drives: %d\n"
249                 "       Physical drives: %d\n\n"
250                 "       Current Q depth: %d\n"
251                 "       Max Q depth since init: %d\n\n",
252                 h->devname, 
253                 h->product_name,
254                 (unsigned long)h->board_id,
255                 h->firm_rev[0], h->firm_rev[1], h->firm_rev[2], h->firm_rev[3],
256                 (unsigned long)h->ctlr_sig, (unsigned long)h->vaddr,
257                 (unsigned int) h->io_mem_addr, (unsigned int)h->intr,
258                 h->log_drives, h->phys_drives,
259                 h->Qdepth, h->maxQsinceinit);
260
261         pos += size; len += size;
262         
263         size = sprintf(buffer+len, "Logical Drive Info:\n");
264         pos += size; len += size;
265
266         for(i=0; i<h->log_drives; i++) {
267                 drv = &h->drv[i];
268                 size = sprintf(buffer+len, "ida/c%dd%d: blksz=%d nr_blks=%d\n",
269                                 ctlr, i, drv->blk_size, drv->nr_blks);
270                 pos += size; len += size;
271         }
272
273 #ifdef CPQ_PROC_PRINT_QUEUES
274         spin_lock_irqsave(IDA_LOCK(h->ctlr), flags); 
275         size = sprintf(buffer+len, "\nCurrent Queues:\n");
276         pos += size; len += size;
277
278         c = h->reqQ;
279         size = sprintf(buffer+len, "reqQ = %p", c); pos += size; len += size;
280         if (c) c=c->next;
281         while(c && c != h->reqQ) {
282                 size = sprintf(buffer+len, "->%p", c);
283                 pos += size; len += size;
284                 c=c->next;
285         }
286
287         c = h->cmpQ;
288         size = sprintf(buffer+len, "\ncmpQ = %p", c); pos += size; len += size;
289         if (c) c=c->next;
290         while(c && c != h->cmpQ) {
291                 size = sprintf(buffer+len, "->%p", c);
292                 pos += size; len += size;
293                 c=c->next;
294         }
295
296         size = sprintf(buffer+len, "\n"); pos += size; len += size;
297         spin_unlock_irqrestore(IDA_LOCK(h->ctlr), flags); 
298 #endif
299         size = sprintf(buffer+len, "nr_allocs = %d\nnr_frees = %d\n",
300                         h->nr_allocs, h->nr_frees);
301         pos += size; len += size;
302
303         *eof = 1;
304         *start = buffer+offset;
305         len -= offset;
306         if (len>length)
307                 len = length;
308         return len;
309 }
310 #endif /* CONFIG_PROC_FS */
311
312 module_param_array(eisa, int, NULL, 0);
313
314 static void release_io_mem(ctlr_info_t *c)
315 {
316         /* if IO mem was not protected do nothing */
317         if( c->io_mem_addr == 0)
318                 return;
319         release_region(c->io_mem_addr, c->io_mem_length);
320         c->io_mem_addr = 0;
321         c->io_mem_length = 0;
322 }
323
324 static void __devexit cpqarray_remove_one(int i)
325 {
326         int j;
327         char buff[4];
328
329         /* sendcmd will turn off interrupt, and send the flush...
330          * To write all data in the battery backed cache to disks
331          * no data returned, but don't want to send NULL to sendcmd */
332         if( sendcmd(FLUSH_CACHE, i, buff, 4, 0, 0, 0))
333         {
334                 printk(KERN_WARNING "Unable to flush cache on controller %d\n",
335                                 i);
336         }
337         free_irq(hba[i]->intr, hba[i]);
338         iounmap(hba[i]->vaddr);
339         unregister_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname);
340         del_timer(&hba[i]->timer);
341         remove_proc_entry(hba[i]->devname, proc_array);
342         pci_free_consistent(hba[i]->pci_dev,
343                         NR_CMDS * sizeof(cmdlist_t), (hba[i]->cmd_pool),
344                         hba[i]->cmd_pool_dhandle);
345         kfree(hba[i]->cmd_pool_bits);
346         for(j = 0; j < NWD; j++) {
347                 if (ida_gendisk[i][j]->flags & GENHD_FL_UP)
348                         del_gendisk(ida_gendisk[i][j]);
349                 put_disk(ida_gendisk[i][j]);
350         }
351         blk_cleanup_queue(hba[i]->queue);
352         release_io_mem(hba[i]);
353         free_hba(i);
354 }
355
356 static void __devexit cpqarray_remove_one_pci (struct pci_dev *pdev)
357 {
358         int i;
359         ctlr_info_t *tmp_ptr;
360
361         if (pci_get_drvdata(pdev) == NULL) {
362                 printk( KERN_ERR "cpqarray: Unable to remove device \n");
363                 return;
364         }
365
366         tmp_ptr = pci_get_drvdata(pdev);
367         i = tmp_ptr->ctlr;
368         if (hba[i] == NULL) {
369                 printk(KERN_ERR "cpqarray: controller %d appears to have"
370                         "already been removed \n", i);
371                 return;
372         }
373         pci_set_drvdata(pdev, NULL);
374
375         cpqarray_remove_one(i);
376 }
377
378 /* removing an instance that was not removed automatically..
379  * must be an eisa card.
380  */
381 static void __devexit cpqarray_remove_one_eisa (int i)
382 {
383         if (hba[i] == NULL) {
384                 printk(KERN_ERR "cpqarray: controller %d appears to have"
385                         "already been removed \n", i);
386                 return;
387         }
388         cpqarray_remove_one(i);
389 }
390
391 /* pdev is NULL for eisa */
392 static int __init cpqarray_register_ctlr( int i, struct pci_dev *pdev)
393 {
394         struct request_queue *q;
395         int j;
396
397         /* 
398          * register block devices
399          * Find disks and fill in structs
400          * Get an interrupt, set the Q depth and get into /proc
401          */
402
403         /* If this successful it should insure that we are the only */
404         /* instance of the driver */
405         if (register_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname)) {
406                 goto Enomem4;
407         }
408         hba[i]->access.set_intr_mask(hba[i], 0);
409         if (request_irq(hba[i]->intr, do_ida_intr,
410                 IRQF_DISABLED|IRQF_SHARED, hba[i]->devname, hba[i]))
411         {
412                 printk(KERN_ERR "cpqarray: Unable to get irq %d for %s\n",
413                                 hba[i]->intr, hba[i]->devname);
414                 goto Enomem3;
415         }
416                 
417         for (j=0; j<NWD; j++) {
418                 ida_gendisk[i][j] = alloc_disk(1 << NWD_SHIFT);
419                 if (!ida_gendisk[i][j])
420                         goto Enomem2;
421         }
422
423         hba[i]->cmd_pool = pci_alloc_consistent(
424                 hba[i]->pci_dev, NR_CMDS * sizeof(cmdlist_t),
425                 &(hba[i]->cmd_pool_dhandle));
426         hba[i]->cmd_pool_bits = kcalloc(
427                 (NR_CMDS+BITS_PER_LONG-1)/BITS_PER_LONG, sizeof(unsigned long),
428                 GFP_KERNEL);
429
430         if (!hba[i]->cmd_pool_bits || !hba[i]->cmd_pool)
431                         goto Enomem1;
432
433         memset(hba[i]->cmd_pool, 0, NR_CMDS * sizeof(cmdlist_t));
434         printk(KERN_INFO "cpqarray: Finding drives on %s",
435                 hba[i]->devname);
436
437         spin_lock_init(&hba[i]->lock);
438         q = blk_init_queue(do_ida_request, &hba[i]->lock);
439         if (!q)
440                 goto Enomem1;
441
442         hba[i]->queue = q;
443         q->queuedata = hba[i];
444
445         getgeometry(i);
446         start_fwbk(i);
447
448         ida_procinit(i);
449
450         if (pdev)
451                 blk_queue_bounce_limit(q, hba[i]->pci_dev->dma_mask);
452
453         /* This is a hardware imposed limit. */
454         blk_queue_max_hw_segments(q, SG_MAX);
455
456         /* This is a driver limit and could be eliminated. */
457         blk_queue_max_phys_segments(q, SG_MAX);
458         
459         init_timer(&hba[i]->timer);
460         hba[i]->timer.expires = jiffies + IDA_TIMER;
461         hba[i]->timer.data = (unsigned long)hba[i];
462         hba[i]->timer.function = ida_timer;
463         add_timer(&hba[i]->timer);
464
465         /* Enable IRQ now that spinlock and rate limit timer are set up */
466         hba[i]->access.set_intr_mask(hba[i], FIFO_NOT_EMPTY);
467
468         for(j=0; j<NWD; j++) {
469                 struct gendisk *disk = ida_gendisk[i][j];
470                 drv_info_t *drv = &hba[i]->drv[j];
471                 sprintf(disk->disk_name, "ida/c%dd%d", i, j);
472                 disk->major = COMPAQ_SMART2_MAJOR + i;
473                 disk->first_minor = j<<NWD_SHIFT;
474                 disk->fops = &ida_fops;
475                 if (j && !drv->nr_blks)
476                         continue;
477                 blk_queue_hardsect_size(hba[i]->queue, drv->blk_size);
478                 set_capacity(disk, drv->nr_blks);
479                 disk->queue = hba[i]->queue;
480                 disk->private_data = drv;
481                 add_disk(disk);
482         }
483
484         /* done ! */
485         return(i);
486
487 Enomem1:
488         nr_ctlr = i; 
489         kfree(hba[i]->cmd_pool_bits);
490         if (hba[i]->cmd_pool)
491                 pci_free_consistent(hba[i]->pci_dev, NR_CMDS*sizeof(cmdlist_t), 
492                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
493 Enomem2:
494         while (j--) {
495                 put_disk(ida_gendisk[i][j]);
496                 ida_gendisk[i][j] = NULL;
497         }
498         free_irq(hba[i]->intr, hba[i]);
499 Enomem3:
500         unregister_blkdev(COMPAQ_SMART2_MAJOR+i, hba[i]->devname);
501 Enomem4:
502         if (pdev)
503                 pci_set_drvdata(pdev, NULL);
504         release_io_mem(hba[i]);
505         free_hba(i);
506
507         printk( KERN_ERR "cpqarray: out of memory");
508
509         return -1;
510 }
511
512 static int __init cpqarray_init_one( struct pci_dev *pdev,
513         const struct pci_device_id *ent)
514 {
515         int i;
516
517         printk(KERN_DEBUG "cpqarray: Device 0x%x has been found at"
518                         " bus %d dev %d func %d\n",
519                         pdev->device, pdev->bus->number, PCI_SLOT(pdev->devfn),
520                         PCI_FUNC(pdev->devfn));
521         i = alloc_cpqarray_hba();
522         if( i < 0 )
523                 return (-1);
524         memset(hba[i], 0, sizeof(ctlr_info_t));
525         sprintf(hba[i]->devname, "ida%d", i);
526         hba[i]->ctlr = i;
527         /* Initialize the pdev driver private data */
528         pci_set_drvdata(pdev, hba[i]);
529
530         if (cpqarray_pci_init(hba[i], pdev) != 0) {
531                 pci_set_drvdata(pdev, NULL);
532                 release_io_mem(hba[i]);
533                 free_hba(i);
534                 return -1;
535         }
536
537         return (cpqarray_register_ctlr(i, pdev));
538 }
539
540 static struct pci_driver cpqarray_pci_driver = {
541         .name = "cpqarray",
542         .probe = cpqarray_init_one,
543         .remove = __devexit_p(cpqarray_remove_one_pci),
544         .id_table = cpqarray_pci_device_id,
545 };
546
547 /*
548  *  This is it.  Find all the controllers and register them.
549  *  returns the number of block devices registered.
550  */
551 static int __init cpqarray_init(void)
552 {
553         int num_cntlrs_reg = 0;
554         int i;
555         int rc = 0;
556
557         /* detect controllers */
558         printk(DRIVER_NAME "\n");
559
560         rc = pci_register_driver(&cpqarray_pci_driver);
561         if (rc)
562                 return rc;
563         cpqarray_eisa_detect();
564         
565         for (i=0; i < MAX_CTLR; i++) {
566                 if (hba[i] != NULL)
567                         num_cntlrs_reg++;
568         }
569
570         return(num_cntlrs_reg);
571 }
572
573 /* Function to find the first free pointer into our hba[] array */
574 /* Returns -1 if no free entries are left.  */
575 static int alloc_cpqarray_hba(void)
576 {
577         int i;
578
579         for(i=0; i< MAX_CTLR; i++) {
580                 if (hba[i] == NULL) {
581                         hba[i] = kmalloc(sizeof(ctlr_info_t), GFP_KERNEL);
582                         if(hba[i]==NULL) {
583                                 printk(KERN_ERR "cpqarray: out of memory.\n");
584                                 return (-1);
585                         }
586                         return (i);
587                 }
588         }
589         printk(KERN_WARNING "cpqarray: This driver supports a maximum"
590                 " of 8 controllers.\n");
591         return(-1);
592 }
593
594 static void free_hba(int i)
595 {
596         kfree(hba[i]);
597         hba[i]=NULL;
598 }
599
600 /*
601  * Find the IO address of the controller, its IRQ and so forth.  Fill
602  * in some basic stuff into the ctlr_info_t structure.
603  */
604 static int cpqarray_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
605 {
606         ushort vendor_id, device_id, command;
607         unchar cache_line_size, latency_timer;
608         unchar irq, revision;
609         unsigned long addr[6];
610         __u32 board_id;
611
612         int i;
613
614         c->pci_dev = pdev;
615         if (pci_enable_device(pdev)) {
616                 printk(KERN_ERR "cpqarray: Unable to Enable PCI device\n");
617                 return -1;
618         }
619         vendor_id = pdev->vendor;
620         device_id = pdev->device;
621         irq = pdev->irq;
622
623         for(i=0; i<6; i++)
624                 addr[i] = pci_resource_start(pdev, i);
625
626         if (pci_set_dma_mask(pdev, CPQARRAY_DMA_MASK) != 0)
627         {
628                 printk(KERN_ERR "cpqarray: Unable to set DMA mask\n");
629                 return -1;
630         }
631
632         pci_read_config_word(pdev, PCI_COMMAND, &command);
633         pci_read_config_byte(pdev, PCI_CLASS_REVISION, &revision);
634         pci_read_config_byte(pdev, PCI_CACHE_LINE_SIZE, &cache_line_size);
635         pci_read_config_byte(pdev, PCI_LATENCY_TIMER, &latency_timer);
636
637         pci_read_config_dword(pdev, 0x2c, &board_id);
638
639         /* check to see if controller has been disabled */
640         if(!(command & 0x02)) {
641                 printk(KERN_WARNING
642                         "cpqarray: controller appears to be disabled\n");
643                 return(-1);
644         }
645
646 DBGINFO(
647         printk("vendor_id = %x\n", vendor_id);
648         printk("device_id = %x\n", device_id);
649         printk("command = %x\n", command);
650         for(i=0; i<6; i++)
651                 printk("addr[%d] = %lx\n", i, addr[i]);
652         printk("revision = %x\n", revision);
653         printk("irq = %x\n", irq);
654         printk("cache_line_size = %x\n", cache_line_size);
655         printk("latency_timer = %x\n", latency_timer);
656         printk("board_id = %x\n", board_id);
657 );
658
659         c->intr = irq;
660
661         for(i=0; i<6; i++) {
662                 if (pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE_IO)
663                 { /* IO space */
664                         c->io_mem_addr = addr[i];
665                         c->io_mem_length = pci_resource_end(pdev, i)
666                                 - pci_resource_start(pdev, i) + 1;
667                         if(!request_region( c->io_mem_addr, c->io_mem_length,
668                                 "cpqarray"))
669                         {
670                                 printk( KERN_WARNING "cpqarray I/O memory range already in use addr %lx length = %ld\n", c->io_mem_addr, c->io_mem_length);
671                                 c->io_mem_addr = 0;
672                                 c->io_mem_length = 0;
673                         }
674                         break;
675                 }
676         }
677
678         c->paddr = 0;
679         for(i=0; i<6; i++)
680                 if (!(pci_resource_flags(pdev, i) &
681                                 PCI_BASE_ADDRESS_SPACE_IO)) {
682                         c->paddr = pci_resource_start (pdev, i);
683                         break;
684                 }
685         if (!c->paddr)
686                 return -1;
687         c->vaddr = remap_pci_mem(c->paddr, 128);
688         if (!c->vaddr)
689                 return -1;
690         c->board_id = board_id;
691
692         for(i=0; i<NR_PRODUCTS; i++) {
693                 if (board_id == products[i].board_id) {
694                         c->product_name = products[i].product_name;
695                         c->access = *(products[i].access);
696                         break;
697                 }
698         }
699         if (i == NR_PRODUCTS) {
700                 printk(KERN_WARNING "cpqarray: Sorry, I don't know how"
701                         " to access the SMART Array controller %08lx\n", 
702                                 (unsigned long)board_id);
703                 return -1;
704         }
705
706         return 0;
707 }
708
709 /*
710  * Map (physical) PCI mem into (virtual) kernel space
711  */
712 static void __iomem *remap_pci_mem(ulong base, ulong size)
713 {
714         ulong page_base        = ((ulong) base) & PAGE_MASK;
715         ulong page_offs        = ((ulong) base) - page_base;
716         void __iomem *page_remapped    = ioremap(page_base, page_offs+size);
717
718         return (page_remapped ? (page_remapped + page_offs) : NULL);
719 }
720
721 #ifndef MODULE
722 /*
723  * Config string is a comma separated set of i/o addresses of EISA cards.
724  */
725 static int cpqarray_setup(char *str)
726 {
727         int i, ints[9];
728
729         (void)get_options(str, ARRAY_SIZE(ints), ints);
730
731         for(i=0; i<ints[0] && i<8; i++)
732                 eisa[i] = ints[i+1];
733         return 1;
734 }
735
736 __setup("smart2=", cpqarray_setup);
737
738 #endif
739
740 /*
741  * Find an EISA controller's signature.  Set up an hba if we find it.
742  */
743 static int __init cpqarray_eisa_detect(void)
744 {
745         int i=0, j;
746         __u32 board_id;
747         int intr;
748         int ctlr;
749         int num_ctlr = 0;
750
751         while(i<8 && eisa[i]) {
752                 ctlr = alloc_cpqarray_hba();
753                 if(ctlr == -1)
754                         break;
755                 board_id = inl(eisa[i]+0xC80);
756                 for(j=0; j < NR_PRODUCTS; j++)
757                         if (board_id == products[j].board_id) 
758                                 break;
759
760                 if (j == NR_PRODUCTS) {
761                         printk(KERN_WARNING "cpqarray: Sorry, I don't know how"
762                                 " to access the SMART Array controller %08lx\n",                                 (unsigned long)board_id);
763                         continue;
764                 }
765
766                 memset(hba[ctlr], 0, sizeof(ctlr_info_t));
767                 hba[ctlr]->io_mem_addr = eisa[i];
768                 hba[ctlr]->io_mem_length = 0x7FF;
769                 if(!request_region(hba[ctlr]->io_mem_addr,
770                                 hba[ctlr]->io_mem_length,
771                                 "cpqarray"))
772                 {
773                         printk(KERN_WARNING "cpqarray: I/O range already in "
774                                         "use addr = %lx length = %ld\n",
775                                         hba[ctlr]->io_mem_addr,
776                                         hba[ctlr]->io_mem_length);
777                         free_hba(ctlr);
778                         continue;
779                 }
780
781                 /*
782                  * Read the config register to find our interrupt
783                  */
784                 intr = inb(eisa[i]+0xCC0) >> 4;
785                 if (intr & 1) intr = 11;
786                 else if (intr & 2) intr = 10;
787                 else if (intr & 4) intr = 14;
788                 else if (intr & 8) intr = 15;
789                 
790                 hba[ctlr]->intr = intr;
791                 sprintf(hba[ctlr]->devname, "ida%d", nr_ctlr);
792                 hba[ctlr]->product_name = products[j].product_name;
793                 hba[ctlr]->access = *(products[j].access);
794                 hba[ctlr]->ctlr = ctlr;
795                 hba[ctlr]->board_id = board_id;
796                 hba[ctlr]->pci_dev = NULL; /* not PCI */
797
798 DBGINFO(
799         printk("i = %d, j = %d\n", i, j);
800         printk("irq = %x\n", intr);
801         printk("product name = %s\n", products[j].product_name);
802         printk("board_id = %x\n", board_id);
803 );
804
805                 num_ctlr++;
806                 i++;
807
808                 if (cpqarray_register_ctlr(ctlr, NULL) == -1)
809                         printk(KERN_WARNING
810                                 "cpqarray: Can't register EISA controller %d\n",
811                                 ctlr);
812
813         }
814
815         return num_ctlr;
816 }
817
818 /*
819  * Open.  Make sure the device is really there.
820  */
821 static int ida_open(struct inode *inode, struct file *filep)
822 {
823         drv_info_t *drv = get_drv(inode->i_bdev->bd_disk);
824         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
825
826         DBGINFO(printk("ida_open %s\n", inode->i_bdev->bd_disk->disk_name));
827         /*
828          * Root is allowed to open raw volume zero even if it's not configured
829          * so array config can still work.  I don't think I really like this,
830          * but I'm already using way to many device nodes to claim another one
831          * for "raw controller".
832          */
833         if (!drv->nr_blks) {
834                 if (!capable(CAP_SYS_RAWIO))
835                         return -ENXIO;
836                 if (!capable(CAP_SYS_ADMIN) && drv != host->drv)
837                         return -ENXIO;
838         }
839         host->usage_count++;
840         return 0;
841 }
842
843 /*
844  * Close.  Sync first.
845  */
846 static int ida_release(struct inode *inode, struct file *filep)
847 {
848         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
849         host->usage_count--;
850         return 0;
851 }
852
853 /*
854  * Enqueuing and dequeuing functions for cmdlists.
855  */
856 static inline void addQ(cmdlist_t **Qptr, cmdlist_t *c)
857 {
858         if (*Qptr == NULL) {
859                 *Qptr = c;
860                 c->next = c->prev = c;
861         } else {
862                 c->prev = (*Qptr)->prev;
863                 c->next = (*Qptr);
864                 (*Qptr)->prev->next = c;
865                 (*Qptr)->prev = c;
866         }
867 }
868
869 static inline cmdlist_t *removeQ(cmdlist_t **Qptr, cmdlist_t *c)
870 {
871         if (c && c->next != c) {
872                 if (*Qptr == c) *Qptr = c->next;
873                 c->prev->next = c->next;
874                 c->next->prev = c->prev;
875         } else {
876                 *Qptr = NULL;
877         }
878         return c;
879 }
880
881 /*
882  * Get a request and submit it to the controller.
883  * This routine needs to grab all the requests it possibly can from the
884  * req Q and submit them.  Interrupts are off (and need to be off) when you
885  * are in here (either via the dummy do_ida_request functions or by being
886  * called from the interrupt handler
887  */
888 static void do_ida_request(struct request_queue *q)
889 {
890         ctlr_info_t *h = q->queuedata;
891         cmdlist_t *c;
892         struct request *creq;
893         struct scatterlist tmp_sg[SG_MAX];
894         int i, dir, seg;
895
896         if (blk_queue_plugged(q))
897                 goto startio;
898
899 queue_next:
900         creq = elv_next_request(q);
901         if (!creq)
902                 goto startio;
903
904         BUG_ON(creq->nr_phys_segments > SG_MAX);
905
906         if ((c = cmd_alloc(h,1)) == NULL)
907                 goto startio;
908
909         blkdev_dequeue_request(creq);
910
911         c->ctlr = h->ctlr;
912         c->hdr.unit = (drv_info_t *)(creq->rq_disk->private_data) - h->drv;
913         c->hdr.size = sizeof(rblk_t) >> 2;
914         c->size += sizeof(rblk_t);
915
916         c->req.hdr.blk = creq->sector;
917         c->rq = creq;
918 DBGPX(
919         printk("sector=%d, nr_sectors=%d\n", creq->sector, creq->nr_sectors);
920 );
921         seg = blk_rq_map_sg(q, creq, tmp_sg);
922
923         /* Now do all the DMA Mappings */
924         if (rq_data_dir(creq) == READ)
925                 dir = PCI_DMA_FROMDEVICE;
926         else
927                 dir = PCI_DMA_TODEVICE;
928         for( i=0; i < seg; i++)
929         {
930                 c->req.sg[i].size = tmp_sg[i].length;
931                 c->req.sg[i].addr = (__u32) pci_map_page(h->pci_dev,
932                                                  tmp_sg[i].page,
933                                                  tmp_sg[i].offset,
934                                                  tmp_sg[i].length, dir);
935         }
936 DBGPX(  printk("Submitting %d sectors in %d segments\n", creq->nr_sectors, seg); );
937         c->req.hdr.sg_cnt = seg;
938         c->req.hdr.blk_cnt = creq->nr_sectors;
939         c->req.hdr.cmd = (rq_data_dir(creq) == READ) ? IDA_READ : IDA_WRITE;
940         c->type = CMD_RWREQ;
941
942         /* Put the request on the tail of the request queue */
943         addQ(&h->reqQ, c);
944         h->Qdepth++;
945         if (h->Qdepth > h->maxQsinceinit) 
946                 h->maxQsinceinit = h->Qdepth;
947
948         goto queue_next;
949
950 startio:
951         start_io(h);
952 }
953
954 /* 
955  * start_io submits everything on a controller's request queue
956  * and moves it to the completion queue.
957  *
958  * Interrupts had better be off if you're in here
959  */
960 static void start_io(ctlr_info_t *h)
961 {
962         cmdlist_t *c;
963
964         while((c = h->reqQ) != NULL) {
965                 /* Can't do anything if we're busy */
966                 if (h->access.fifo_full(h) == 0)
967                         return;
968
969                 /* Get the first entry from the request Q */
970                 removeQ(&h->reqQ, c);
971                 h->Qdepth--;
972         
973                 /* Tell the controller to do our bidding */
974                 h->access.submit_command(h, c);
975
976                 /* Get onto the completion Q */
977                 addQ(&h->cmpQ, c);
978         }
979 }
980
981 static inline void complete_buffers(struct bio *bio, int ok)
982 {
983         struct bio *xbh;
984         while(bio) {
985                 int nr_sectors = bio_sectors(bio);
986
987                 xbh = bio->bi_next;
988                 bio->bi_next = NULL;
989                 
990                 bio_endio(bio, nr_sectors << 9, ok ? 0 : -EIO);
991
992                 bio = xbh;
993         }
994 }
995 /*
996  * Mark all buffers that cmd was responsible for
997  */
998 static inline void complete_command(cmdlist_t *cmd, int timeout)
999 {
1000         struct request *rq = cmd->rq;
1001         int ok=1;
1002         int i, ddir;
1003
1004         if (cmd->req.hdr.rcode & RCODE_NONFATAL &&
1005            (hba[cmd->ctlr]->misc_tflags & MISC_NONFATAL_WARN) == 0) {
1006                 printk(KERN_NOTICE "Non Fatal error on ida/c%dd%d\n",
1007                                 cmd->ctlr, cmd->hdr.unit);
1008                 hba[cmd->ctlr]->misc_tflags |= MISC_NONFATAL_WARN;
1009         }
1010         if (cmd->req.hdr.rcode & RCODE_FATAL) {
1011                 printk(KERN_WARNING "Fatal error on ida/c%dd%d\n",
1012                                 cmd->ctlr, cmd->hdr.unit);
1013                 ok = 0;
1014         }
1015         if (cmd->req.hdr.rcode & RCODE_INVREQ) {
1016                                 printk(KERN_WARNING "Invalid request on ida/c%dd%d = (cmd=%x sect=%d cnt=%d sg=%d ret=%x)\n",
1017                                 cmd->ctlr, cmd->hdr.unit, cmd->req.hdr.cmd,
1018                                 cmd->req.hdr.blk, cmd->req.hdr.blk_cnt,
1019                                 cmd->req.hdr.sg_cnt, cmd->req.hdr.rcode);
1020                 ok = 0; 
1021         }
1022         if (timeout) ok = 0;
1023         /* unmap the DMA mapping for all the scatter gather elements */
1024         if (cmd->req.hdr.cmd == IDA_READ)
1025                 ddir = PCI_DMA_FROMDEVICE;
1026         else
1027                 ddir = PCI_DMA_TODEVICE;
1028         for(i=0; i<cmd->req.hdr.sg_cnt; i++)
1029                 pci_unmap_page(hba[cmd->ctlr]->pci_dev, cmd->req.sg[i].addr,
1030                                 cmd->req.sg[i].size, ddir);
1031
1032         complete_buffers(rq->bio, ok);
1033
1034         if (blk_fs_request(rq)) {
1035                 const int rw = rq_data_dir(rq);
1036
1037                 disk_stat_add(rq->rq_disk, sectors[rw], rq->nr_sectors);
1038         }
1039
1040         add_disk_randomness(rq->rq_disk);
1041
1042         DBGPX(printk("Done with %p\n", rq););
1043         end_that_request_last(rq, ok ? 1 : -EIO);
1044 }
1045
1046 /*
1047  *  The controller will interrupt us upon completion of commands.
1048  *  Find the command on the completion queue, remove it, tell the OS and
1049  *  try to queue up more IO
1050  */
1051 static irqreturn_t do_ida_intr(int irq, void *dev_id)
1052 {
1053         ctlr_info_t *h = dev_id;
1054         cmdlist_t *c;
1055         unsigned long istat;
1056         unsigned long flags;
1057         __u32 a,a1;
1058
1059         istat = h->access.intr_pending(h);
1060         /* Is this interrupt for us? */
1061         if (istat == 0)
1062                 return IRQ_NONE;
1063
1064         /*
1065          * If there are completed commands in the completion queue,
1066          * we had better do something about it.
1067          */
1068         spin_lock_irqsave(IDA_LOCK(h->ctlr), flags);
1069         if (istat & FIFO_NOT_EMPTY) {
1070                 while((a = h->access.command_completed(h))) {
1071                         a1 = a; a &= ~3;
1072                         if ((c = h->cmpQ) == NULL)
1073                         {  
1074                                 printk(KERN_WARNING "cpqarray: Completion of %08lx ignored\n", (unsigned long)a1);
1075                                 continue;       
1076                         } 
1077                         while(c->busaddr != a) {
1078                                 c = c->next;
1079                                 if (c == h->cmpQ) 
1080                                         break;
1081                         }
1082                         /*
1083                          * If we've found the command, take it off the
1084                          * completion Q and free it
1085                          */
1086                         if (c->busaddr == a) {
1087                                 removeQ(&h->cmpQ, c);
1088                                 /*  Check for invalid command.
1089                                  *  Controller returns command error,
1090                                  *  But rcode = 0.
1091                                  */
1092
1093                                 if((a1 & 0x03) && (c->req.hdr.rcode == 0))
1094                                 {
1095                                         c->req.hdr.rcode = RCODE_INVREQ;
1096                                 }
1097                                 if (c->type == CMD_RWREQ) {
1098                                         complete_command(c, 0);
1099                                         cmd_free(h, c, 1);
1100                                 } else if (c->type == CMD_IOCTL_PEND) {
1101                                         c->type = CMD_IOCTL_DONE;
1102                                 }
1103                                 continue;
1104                         }
1105                 }
1106         }
1107
1108         /*
1109          * See if we can queue up some more IO
1110          */
1111         do_ida_request(h->queue);
1112         spin_unlock_irqrestore(IDA_LOCK(h->ctlr), flags); 
1113         return IRQ_HANDLED;
1114 }
1115
1116 /*
1117  * This timer was for timing out requests that haven't happened after
1118  * IDA_TIMEOUT.  That wasn't such a good idea.  This timer is used to
1119  * reset a flags structure so we don't flood the user with
1120  * "Non-Fatal error" messages.
1121  */
1122 static void ida_timer(unsigned long tdata)
1123 {
1124         ctlr_info_t *h = (ctlr_info_t*)tdata;
1125
1126         h->timer.expires = jiffies + IDA_TIMER;
1127         add_timer(&h->timer);
1128         h->misc_tflags = 0;
1129 }
1130
1131 static int ida_getgeo(struct block_device *bdev, struct hd_geometry *geo)
1132 {
1133         drv_info_t *drv = get_drv(bdev->bd_disk);
1134
1135         if (drv->cylinders) {
1136                 geo->heads = drv->heads;
1137                 geo->sectors = drv->sectors;
1138                 geo->cylinders = drv->cylinders;
1139         } else {
1140                 geo->heads = 0xff;
1141                 geo->sectors = 0x3f;
1142                 geo->cylinders = drv->nr_blks / (0xff*0x3f);
1143         }
1144
1145         return 0;
1146 }
1147
1148 /*
1149  *  ida_ioctl does some miscellaneous stuff like reporting drive geometry,
1150  *  setting readahead and submitting commands from userspace to the controller.
1151  */
1152 static int ida_ioctl(struct inode *inode, struct file *filep, unsigned int cmd, unsigned long arg)
1153 {
1154         drv_info_t *drv = get_drv(inode->i_bdev->bd_disk);
1155         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
1156         int error;
1157         ida_ioctl_t __user *io = (ida_ioctl_t __user *)arg;
1158         ida_ioctl_t *my_io;
1159
1160         switch(cmd) {
1161         case IDAGETDRVINFO:
1162                 if (copy_to_user(&io->c.drv, drv, sizeof(drv_info_t)))
1163                         return -EFAULT;
1164                 return 0;
1165         case IDAPASSTHRU:
1166                 if (!capable(CAP_SYS_RAWIO))
1167                         return -EPERM;
1168                 my_io = kmalloc(sizeof(ida_ioctl_t), GFP_KERNEL);
1169                 if (!my_io)
1170                         return -ENOMEM;
1171                 error = -EFAULT;
1172                 if (copy_from_user(my_io, io, sizeof(*my_io)))
1173                         goto out_passthru;
1174                 error = ida_ctlr_ioctl(host, drv - host->drv, my_io);
1175                 if (error)
1176                         goto out_passthru;
1177                 error = -EFAULT;
1178                 if (copy_to_user(io, my_io, sizeof(*my_io)))
1179                         goto out_passthru;
1180                 error = 0;
1181 out_passthru:
1182                 kfree(my_io);
1183                 return error;
1184         case IDAGETCTLRSIG:
1185                 if (!arg) return -EINVAL;
1186                 put_user(host->ctlr_sig, (int __user *)arg);
1187                 return 0;
1188         case IDAREVALIDATEVOLS:
1189                 if (iminor(inode) != 0)
1190                         return -ENXIO;
1191                 return revalidate_allvol(host);
1192         case IDADRIVERVERSION:
1193                 if (!arg) return -EINVAL;
1194                 put_user(DRIVER_VERSION, (unsigned long __user *)arg);
1195                 return 0;
1196         case IDAGETPCIINFO:
1197         {
1198                 
1199                 ida_pci_info_struct pciinfo;
1200
1201                 if (!arg) return -EINVAL;
1202                 pciinfo.bus = host->pci_dev->bus->number;
1203                 pciinfo.dev_fn = host->pci_dev->devfn;
1204                 pciinfo.board_id = host->board_id;
1205                 if(copy_to_user((void __user *) arg, &pciinfo,  
1206                         sizeof( ida_pci_info_struct)))
1207                                 return -EFAULT;
1208                 return(0);
1209         }       
1210
1211         default:
1212                 return -EINVAL;
1213         }
1214                 
1215 }
1216 /*
1217  * ida_ctlr_ioctl is for passing commands to the controller from userspace.
1218  * The command block (io) has already been copied to kernel space for us,
1219  * however, any elements in the sglist need to be copied to kernel space
1220  * or copied back to userspace.
1221  *
1222  * Only root may perform a controller passthru command, however I'm not doing
1223  * any serious sanity checking on the arguments.  Doing an IDA_WRITE_MEDIA and
1224  * putting a 64M buffer in the sglist is probably a *bad* idea.
1225  */
1226 static int ida_ctlr_ioctl(ctlr_info_t *h, int dsk, ida_ioctl_t *io)
1227 {
1228         int ctlr = h->ctlr;
1229         cmdlist_t *c;
1230         void *p = NULL;
1231         unsigned long flags;
1232         int error;
1233
1234         if ((c = cmd_alloc(h, 0)) == NULL)
1235                 return -ENOMEM;
1236         c->ctlr = ctlr;
1237         c->hdr.unit = (io->unit & UNITVALID) ? (io->unit & ~UNITVALID) : dsk;
1238         c->hdr.size = sizeof(rblk_t) >> 2;
1239         c->size += sizeof(rblk_t);
1240
1241         c->req.hdr.cmd = io->cmd;
1242         c->req.hdr.blk = io->blk;
1243         c->req.hdr.blk_cnt = io->blk_cnt;
1244         c->type = CMD_IOCTL_PEND;
1245
1246         /* Pre submit processing */
1247         switch(io->cmd) {
1248         case PASSTHRU_A:
1249                 p = kmalloc(io->sg[0].size, GFP_KERNEL);
1250                 if (!p) 
1251                 { 
1252                         error = -ENOMEM; 
1253                         cmd_free(h, c, 0); 
1254                         return(error);
1255                 }
1256                 if (copy_from_user(p, io->sg[0].addr, io->sg[0].size)) {
1257                         kfree(p);
1258                         cmd_free(h, c, 0); 
1259                         return -EFAULT;
1260                 }
1261                 c->req.hdr.blk = pci_map_single(h->pci_dev, &(io->c), 
1262                                 sizeof(ida_ioctl_t), 
1263                                 PCI_DMA_BIDIRECTIONAL);
1264                 c->req.sg[0].size = io->sg[0].size;
1265                 c->req.sg[0].addr = pci_map_single(h->pci_dev, p, 
1266                         c->req.sg[0].size, PCI_DMA_BIDIRECTIONAL);
1267                 c->req.hdr.sg_cnt = 1;
1268                 break;
1269         case IDA_READ:
1270         case READ_FLASH_ROM:
1271         case SENSE_CONTROLLER_PERFORMANCE:
1272                 p = kmalloc(io->sg[0].size, GFP_KERNEL);
1273                 if (!p) 
1274                 { 
1275                         error = -ENOMEM; 
1276                         cmd_free(h, c, 0);
1277                         return(error);
1278                 }
1279
1280                 c->req.sg[0].size = io->sg[0].size;
1281                 c->req.sg[0].addr = pci_map_single(h->pci_dev, p, 
1282                         c->req.sg[0].size, PCI_DMA_BIDIRECTIONAL); 
1283                 c->req.hdr.sg_cnt = 1;
1284                 break;
1285         case IDA_WRITE:
1286         case IDA_WRITE_MEDIA:
1287         case DIAG_PASS_THRU:
1288         case COLLECT_BUFFER:
1289         case WRITE_FLASH_ROM:
1290                 p = kmalloc(io->sg[0].size, GFP_KERNEL);
1291                 if (!p) 
1292                 { 
1293                         error = -ENOMEM; 
1294                         cmd_free(h, c, 0);
1295                         return(error);
1296                 }
1297                 if (copy_from_user(p, io->sg[0].addr, io->sg[0].size)) {
1298                         kfree(p);
1299                         cmd_free(h, c, 0);
1300                         return -EFAULT;
1301                 }
1302                 c->req.sg[0].size = io->sg[0].size;
1303                 c->req.sg[0].addr = pci_map_single(h->pci_dev, p, 
1304                         c->req.sg[0].size, PCI_DMA_BIDIRECTIONAL); 
1305                 c->req.hdr.sg_cnt = 1;
1306                 break;
1307         default:
1308                 c->req.sg[0].size = sizeof(io->c);
1309                 c->req.sg[0].addr = pci_map_single(h->pci_dev,&io->c, 
1310                         c->req.sg[0].size, PCI_DMA_BIDIRECTIONAL);
1311                 c->req.hdr.sg_cnt = 1;
1312         }
1313         
1314         /* Put the request on the tail of the request queue */
1315         spin_lock_irqsave(IDA_LOCK(ctlr), flags);
1316         addQ(&h->reqQ, c);
1317         h->Qdepth++;
1318         start_io(h);
1319         spin_unlock_irqrestore(IDA_LOCK(ctlr), flags);
1320
1321         /* Wait for completion */
1322         while(c->type != CMD_IOCTL_DONE)
1323                 schedule();
1324
1325         /* Unmap the DMA  */
1326         pci_unmap_single(h->pci_dev, c->req.sg[0].addr, c->req.sg[0].size, 
1327                 PCI_DMA_BIDIRECTIONAL);
1328         /* Post submit processing */
1329         switch(io->cmd) {
1330         case PASSTHRU_A:
1331                 pci_unmap_single(h->pci_dev, c->req.hdr.blk,
1332                                 sizeof(ida_ioctl_t),
1333                                 PCI_DMA_BIDIRECTIONAL);
1334         case IDA_READ:
1335         case DIAG_PASS_THRU:
1336         case SENSE_CONTROLLER_PERFORMANCE:
1337         case READ_FLASH_ROM:
1338                 if (copy_to_user(io->sg[0].addr, p, io->sg[0].size)) {
1339                         kfree(p);
1340                         return -EFAULT;
1341                 }
1342                 /* fall through and free p */
1343         case IDA_WRITE:
1344         case IDA_WRITE_MEDIA:
1345         case COLLECT_BUFFER:
1346         case WRITE_FLASH_ROM:
1347                 kfree(p);
1348                 break;
1349         default:;
1350                 /* Nothing to do */
1351         }
1352
1353         io->rcode = c->req.hdr.rcode;
1354         cmd_free(h, c, 0);
1355         return(0);
1356 }
1357
1358 /*
1359  * Commands are pre-allocated in a large block.  Here we use a simple bitmap
1360  * scheme to suballocte them to the driver.  Operations that are not time
1361  * critical (and can wait for kmalloc and possibly sleep) can pass in NULL
1362  * as the first argument to get a new command.
1363  */
1364 static cmdlist_t * cmd_alloc(ctlr_info_t *h, int get_from_pool)
1365 {
1366         cmdlist_t * c;
1367         int i;
1368         dma_addr_t cmd_dhandle;
1369
1370         if (!get_from_pool) {
1371                 c = (cmdlist_t*)pci_alloc_consistent(h->pci_dev, 
1372                         sizeof(cmdlist_t), &cmd_dhandle);
1373                 if(c==NULL)
1374                         return NULL;
1375         } else {
1376                 do {
1377                         i = find_first_zero_bit(h->cmd_pool_bits, NR_CMDS);
1378                         if (i == NR_CMDS)
1379                                 return NULL;
1380                 } while(test_and_set_bit(i&(BITS_PER_LONG-1), h->cmd_pool_bits+(i/BITS_PER_LONG)) != 0);
1381                 c = h->cmd_pool + i;
1382                 cmd_dhandle = h->cmd_pool_dhandle + i*sizeof(cmdlist_t);
1383                 h->nr_allocs++;
1384         }
1385
1386         memset(c, 0, sizeof(cmdlist_t));
1387         c->busaddr = cmd_dhandle; 
1388         return c;
1389 }
1390
1391 static void cmd_free(ctlr_info_t *h, cmdlist_t *c, int got_from_pool)
1392 {
1393         int i;
1394
1395         if (!got_from_pool) {
1396                 pci_free_consistent(h->pci_dev, sizeof(cmdlist_t), c,
1397                         c->busaddr);
1398         } else {
1399                 i = c - h->cmd_pool;
1400                 clear_bit(i&(BITS_PER_LONG-1), h->cmd_pool_bits+(i/BITS_PER_LONG));
1401                 h->nr_frees++;
1402         }
1403 }
1404
1405 /***********************************************************************
1406     name:        sendcmd
1407     Send a command to an IDA using the memory mapped FIFO interface
1408     and wait for it to complete.  
1409     This routine should only be called at init time.
1410 ***********************************************************************/
1411 static int sendcmd(
1412         __u8    cmd,
1413         int     ctlr,
1414         void    *buff,
1415         size_t  size,
1416         unsigned int blk,
1417         unsigned int blkcnt,
1418         unsigned int log_unit )
1419 {
1420         cmdlist_t *c;
1421         int complete;
1422         unsigned long temp;
1423         unsigned long i;
1424         ctlr_info_t *info_p = hba[ctlr];
1425
1426         c = cmd_alloc(info_p, 1);
1427         if(!c)
1428                 return IO_ERROR;
1429         c->ctlr = ctlr;
1430         c->hdr.unit = log_unit;
1431         c->hdr.prio = 0;
1432         c->hdr.size = sizeof(rblk_t) >> 2;
1433         c->size += sizeof(rblk_t);
1434
1435         /* The request information. */
1436         c->req.hdr.next = 0;
1437         c->req.hdr.rcode = 0;
1438         c->req.bp = 0;
1439         c->req.hdr.sg_cnt = 1;
1440         c->req.hdr.reserved = 0;
1441         
1442         if (size == 0)
1443                 c->req.sg[0].size = 512;
1444         else
1445                 c->req.sg[0].size = size;
1446
1447         c->req.hdr.blk = blk;
1448         c->req.hdr.blk_cnt = blkcnt;
1449         c->req.hdr.cmd = (unsigned char) cmd;
1450         c->req.sg[0].addr = (__u32) pci_map_single(info_p->pci_dev, 
1451                 buff, c->req.sg[0].size, PCI_DMA_BIDIRECTIONAL);
1452         /*
1453          * Disable interrupt
1454          */
1455         info_p->access.set_intr_mask(info_p, 0);
1456         /* Make sure there is room in the command FIFO */
1457         /* Actually it should be completely empty at this time. */
1458         for (i = 200000; i > 0; i--) {
1459                 temp = info_p->access.fifo_full(info_p);
1460                 if (temp != 0) {
1461                         break;
1462                 }
1463                 udelay(10);
1464 DBG(
1465                 printk(KERN_WARNING "cpqarray ida%d: idaSendPciCmd FIFO full,"
1466                         " waiting!\n", ctlr);
1467 );
1468         } 
1469         /*
1470          * Send the cmd
1471          */
1472         info_p->access.submit_command(info_p, c);
1473         complete = pollcomplete(ctlr);
1474         
1475         pci_unmap_single(info_p->pci_dev, (dma_addr_t) c->req.sg[0].addr, 
1476                 c->req.sg[0].size, PCI_DMA_BIDIRECTIONAL);
1477         if (complete != 1) {
1478                 if (complete != c->busaddr) {
1479                         printk( KERN_WARNING
1480                         "cpqarray ida%d: idaSendPciCmd "
1481                       "Invalid command list address returned! (%08lx)\n",
1482                                 ctlr, (unsigned long)complete);
1483                         cmd_free(info_p, c, 1);
1484                         return (IO_ERROR);
1485                 }
1486         } else {
1487                 printk( KERN_WARNING
1488                         "cpqarray ida%d: idaSendPciCmd Timeout out, "
1489                         "No command list address returned!\n",
1490                         ctlr);
1491                 cmd_free(info_p, c, 1);
1492                 return (IO_ERROR);
1493         }
1494
1495         if (c->req.hdr.rcode & 0x00FE) {
1496                 if (!(c->req.hdr.rcode & BIG_PROBLEM)) {
1497                         printk( KERN_WARNING
1498                         "cpqarray ida%d: idaSendPciCmd, error: "
1499                                 "Controller failed at init time "
1500                                 "cmd: 0x%x, return code = 0x%x\n",
1501                                 ctlr, c->req.hdr.cmd, c->req.hdr.rcode);
1502
1503                         cmd_free(info_p, c, 1);
1504                         return (IO_ERROR);
1505                 }
1506         }
1507         cmd_free(info_p, c, 1);
1508         return (IO_OK);
1509 }
1510
1511 /*
1512  * revalidate_allvol is for online array config utilities.  After a
1513  * utility reconfigures the drives in the array, it can use this function
1514  * (through an ioctl) to make the driver zap any previous disk structs for
1515  * that controller and get new ones.
1516  *
1517  * Right now I'm using the getgeometry() function to do this, but this
1518  * function should probably be finer grained and allow you to revalidate one
1519  * particualar logical volume (instead of all of them on a particular
1520  * controller).
1521  */
1522 static int revalidate_allvol(ctlr_info_t *host)
1523 {
1524         int ctlr = host->ctlr;
1525         int i;
1526         unsigned long flags;
1527
1528         spin_lock_irqsave(IDA_LOCK(ctlr), flags);
1529         if (host->usage_count > 1) {
1530                 spin_unlock_irqrestore(IDA_LOCK(ctlr), flags);
1531                 printk(KERN_WARNING "cpqarray: Device busy for volume"
1532                         " revalidation (usage=%d)\n", host->usage_count);
1533                 return -EBUSY;
1534         }
1535         host->usage_count++;
1536         spin_unlock_irqrestore(IDA_LOCK(ctlr), flags);
1537
1538         /*
1539          * Set the partition and block size structures for all volumes
1540          * on this controller to zero.  We will reread all of this data
1541          */
1542         set_capacity(ida_gendisk[ctlr][0], 0);
1543         for (i = 1; i < NWD; i++) {
1544                 struct gendisk *disk = ida_gendisk[ctlr][i];
1545                 if (disk->flags & GENHD_FL_UP)
1546                         del_gendisk(disk);
1547         }
1548         memset(host->drv, 0, sizeof(drv_info_t)*NWD);
1549
1550         /*
1551          * Tell the array controller not to give us any interrupts while
1552          * we check the new geometry.  Then turn interrupts back on when
1553          * we're done.
1554          */
1555         host->access.set_intr_mask(host, 0);
1556         getgeometry(ctlr);
1557         host->access.set_intr_mask(host, FIFO_NOT_EMPTY);
1558
1559         for(i=0; i<NWD; i++) {
1560                 struct gendisk *disk = ida_gendisk[ctlr][i];
1561                 drv_info_t *drv = &host->drv[i];
1562                 if (i && !drv->nr_blks)
1563                         continue;
1564                 blk_queue_hardsect_size(host->queue, drv->blk_size);
1565                 set_capacity(disk, drv->nr_blks);
1566                 disk->queue = host->queue;
1567                 disk->private_data = drv;
1568                 if (i)
1569                         add_disk(disk);
1570         }
1571
1572         host->usage_count--;
1573         return 0;
1574 }
1575
1576 static int ida_revalidate(struct gendisk *disk)
1577 {
1578         drv_info_t *drv = disk->private_data;
1579         set_capacity(disk, drv->nr_blks);
1580         return 0;
1581 }
1582
1583 /********************************************************************
1584     name: pollcomplete
1585     Wait polling for a command to complete.
1586     The memory mapped FIFO is polled for the completion.
1587     Used only at init time, interrupts disabled.
1588  ********************************************************************/
1589 static int pollcomplete(int ctlr)
1590 {
1591         int done;
1592         int i;
1593
1594         /* Wait (up to 2 seconds) for a command to complete */
1595
1596         for (i = 200000; i > 0; i--) {
1597                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
1598                 if (done == 0) {
1599                         udelay(10);     /* a short fixed delay */
1600                 } else
1601                         return (done);
1602         }
1603         /* Invalid address to tell caller we ran out of time */
1604         return 1;
1605 }
1606 /*****************************************************************
1607     start_fwbk
1608     Starts controller firmwares background processing. 
1609     Currently only the Integrated Raid controller needs this done.
1610     If the PCI mem address registers are written to after this, 
1611          data corruption may occur
1612 *****************************************************************/
1613 static void start_fwbk(int ctlr)
1614 {
1615                 id_ctlr_t *id_ctlr_buf; 
1616         int ret_code;
1617
1618         if(     (hba[ctlr]->board_id != 0x40400E11)
1619                 && (hba[ctlr]->board_id != 0x40480E11) )
1620
1621         /* Not a Integrated Raid, so there is nothing for us to do */
1622                 return;
1623         printk(KERN_DEBUG "cpqarray: Starting firmware's background"
1624                 " processing\n");
1625         /* Command does not return anything, but idasend command needs a 
1626                 buffer */
1627         id_ctlr_buf = kmalloc(sizeof(id_ctlr_t), GFP_KERNEL);
1628         if(id_ctlr_buf==NULL)
1629         {
1630                 printk(KERN_WARNING "cpqarray: Out of memory. "
1631                         "Unable to start background processing.\n");
1632                 return;
1633         }               
1634         ret_code = sendcmd(RESUME_BACKGROUND_ACTIVITY, ctlr, 
1635                 id_ctlr_buf, 0, 0, 0, 0);
1636         if(ret_code != IO_OK)
1637                 printk(KERN_WARNING "cpqarray: Unable to start"
1638                         " background processing\n");
1639
1640         kfree(id_ctlr_buf);
1641 }
1642 /*****************************************************************
1643     getgeometry
1644     Get ida logical volume geometry from the controller 
1645     This is a large bit of code which once existed in two flavors,
1646     It is used only at init time.
1647 *****************************************************************/
1648 static void getgeometry(int ctlr)
1649 {                               
1650         id_log_drv_t *id_ldrive;
1651         id_ctlr_t *id_ctlr_buf;
1652         sense_log_drv_stat_t *id_lstatus_buf;
1653         config_t *sense_config_buf;
1654         unsigned int log_unit, log_index;
1655         int ret_code, size;
1656         drv_info_t *drv;
1657         ctlr_info_t *info_p = hba[ctlr];
1658         int i;
1659
1660         info_p->log_drv_map = 0;        
1661         
1662         id_ldrive = kzalloc(sizeof(id_log_drv_t), GFP_KERNEL);
1663         if (!id_ldrive) {
1664                 printk( KERN_ERR "cpqarray:  out of memory.\n");
1665                 goto err_0;
1666         }
1667
1668         id_ctlr_buf = kzalloc(sizeof(id_ctlr_t), GFP_KERNEL);
1669         if (!id_ctlr_buf) {
1670                 printk( KERN_ERR "cpqarray:  out of memory.\n");
1671                 goto err_1;
1672         }
1673
1674         id_lstatus_buf = kzalloc(sizeof(sense_log_drv_stat_t), GFP_KERNEL);
1675         if (!id_lstatus_buf) {
1676                 printk( KERN_ERR "cpqarray:  out of memory.\n");
1677                 goto err_2;
1678         }
1679
1680         sense_config_buf = kzalloc(sizeof(config_t), GFP_KERNEL);
1681         if (!sense_config_buf) {
1682                 printk( KERN_ERR "cpqarray:  out of memory.\n");
1683                 goto err_3;
1684         }
1685
1686         info_p->phys_drives = 0;
1687         info_p->log_drv_map = 0;
1688         info_p->drv_assign_map = 0;
1689         info_p->drv_spare_map = 0;
1690         info_p->mp_failed_drv_map = 0;  /* only initialized here */
1691         /* Get controllers info for this logical drive */
1692         ret_code = sendcmd(ID_CTLR, ctlr, id_ctlr_buf, 0, 0, 0, 0);
1693         if (ret_code == IO_ERROR) {
1694                 /*
1695                  * If can't get controller info, set the logical drive map to 0,
1696                  * so the idastubopen will fail on all logical drives
1697                  * on the controller.
1698                  */
1699                 printk(KERN_ERR "cpqarray: error sending ID controller\n");
1700                 goto err_4;
1701         }
1702
1703         info_p->log_drives = id_ctlr_buf->nr_drvs;
1704         for(i=0;i<4;i++)
1705                 info_p->firm_rev[i] = id_ctlr_buf->firm_rev[i];
1706         info_p->ctlr_sig = id_ctlr_buf->cfg_sig;
1707
1708         printk(" (%s)\n", info_p->product_name);
1709         /*
1710          * Initialize logical drive map to zero
1711          */
1712         log_index = 0;
1713         /*
1714          * Get drive geometry for all logical drives
1715          */
1716         if (id_ctlr_buf->nr_drvs > 16)
1717                 printk(KERN_WARNING "cpqarray ida%d:  This driver supports "
1718                         "16 logical drives per controller.\n.  "
1719                         " Additional drives will not be "
1720                         "detected\n", ctlr);
1721
1722         for (log_unit = 0;
1723              (log_index < id_ctlr_buf->nr_drvs)
1724              && (log_unit < NWD);
1725              log_unit++) {
1726                 size = sizeof(sense_log_drv_stat_t);
1727
1728                 /*
1729                    Send "Identify logical drive status" cmd
1730                  */
1731                 ret_code = sendcmd(SENSE_LOG_DRV_STAT,
1732                              ctlr, id_lstatus_buf, size, 0, 0, log_unit);
1733                 if (ret_code == IO_ERROR) {
1734                         /*
1735                            If can't get logical drive status, set
1736                            the logical drive map to 0, so the
1737                            idastubopen will fail for all logical drives
1738                            on the controller. 
1739                          */
1740                         info_p->log_drv_map = 0;        
1741                         printk( KERN_WARNING
1742                              "cpqarray ida%d: idaGetGeometry - Controller"
1743                                 " failed to report status of logical drive %d\n"
1744                          "Access to this controller has been disabled\n",
1745                                 ctlr, log_unit);
1746                         goto err_4;
1747                 }
1748                 /*
1749                    Make sure the logical drive is configured
1750                  */
1751                 if (id_lstatus_buf->status != LOG_NOT_CONF) {
1752                         ret_code = sendcmd(ID_LOG_DRV, ctlr, id_ldrive,
1753                                sizeof(id_log_drv_t), 0, 0, log_unit);
1754                         /*
1755                            If error, the bit for this
1756                            logical drive won't be set and
1757                            idastubopen will return error. 
1758                          */
1759                         if (ret_code != IO_ERROR) {
1760                                 drv = &info_p->drv[log_unit];
1761                                 drv->blk_size = id_ldrive->blk_size;
1762                                 drv->nr_blks = id_ldrive->nr_blks;
1763                                 drv->cylinders = id_ldrive->drv.cyl;
1764                                 drv->heads = id_ldrive->drv.heads;
1765                                 drv->sectors = id_ldrive->drv.sect_per_track;
1766                                 info_p->log_drv_map |=  (1 << log_unit);
1767
1768         printk(KERN_INFO "cpqarray ida/c%dd%d: blksz=%d nr_blks=%d\n",
1769                 ctlr, log_unit, drv->blk_size, drv->nr_blks);
1770                                 ret_code = sendcmd(SENSE_CONFIG,
1771                                                   ctlr, sense_config_buf,
1772                                  sizeof(config_t), 0, 0, log_unit);
1773                                 if (ret_code == IO_ERROR) {
1774                                         info_p->log_drv_map = 0;
1775                                         printk(KERN_ERR "cpqarray: error sending sense config\n");
1776                                         goto err_4;
1777                                 }
1778
1779                                 info_p->phys_drives =
1780                                     sense_config_buf->ctlr_phys_drv;
1781                                 info_p->drv_assign_map
1782                                     |= sense_config_buf->drv_asgn_map;
1783                                 info_p->drv_assign_map
1784                                     |= sense_config_buf->spare_asgn_map;
1785                                 info_p->drv_spare_map
1786                                     |= sense_config_buf->spare_asgn_map;
1787                         }       /* end of if no error on id_ldrive */
1788                         log_index = log_index + 1;
1789                 }               /* end of if logical drive configured */
1790         }                       /* end of for log_unit */
1791
1792         /* Free all the buffers and return */
1793 err_4:
1794         kfree(sense_config_buf);
1795 err_3:
1796         kfree(id_lstatus_buf);
1797 err_2:
1798         kfree(id_ctlr_buf);
1799 err_1:
1800         kfree(id_ldrive);
1801 err_0:
1802         return;
1803 }
1804
1805 static void __exit cpqarray_exit(void)
1806 {
1807         int i;
1808
1809         pci_unregister_driver(&cpqarray_pci_driver);
1810
1811         /* Double check that all controller entries have been removed */
1812         for(i=0; i<MAX_CTLR; i++) {
1813                 if (hba[i] != NULL) {
1814                         printk(KERN_WARNING "cpqarray: Removing EISA "
1815                                         "controller %d\n", i);
1816                         cpqarray_remove_one_eisa(i);
1817                 }
1818         }
1819
1820         remove_proc_entry("cpqarray", proc_root_driver);
1821 }
1822
1823 module_init(cpqarray_init)
1824 module_exit(cpqarray_exit)