Merge branch 'next' into for-linus
[linux-2.6] / drivers / scsi / scsi_lib.c
1 /*
2  *  scsi_lib.c Copyright (C) 1999 Eric Youngdale
3  *
4  *  SCSI queueing library.
5  *      Initial versions: Eric Youngdale (eric@andante.org).
6  *                        Based upon conversations with large numbers
7  *                        of people at Linux Expo.
8  */
9
10 #include <linux/bio.h>
11 #include <linux/bitops.h>
12 #include <linux/blkdev.h>
13 #include <linux/completion.h>
14 #include <linux/kernel.h>
15 #include <linux/mempool.h>
16 #include <linux/slab.h>
17 #include <linux/init.h>
18 #include <linux/pci.h>
19 #include <linux/delay.h>
20 #include <linux/hardirq.h>
21 #include <linux/scatterlist.h>
22
23 #include <scsi/scsi.h>
24 #include <scsi/scsi_cmnd.h>
25 #include <scsi/scsi_dbg.h>
26 #include <scsi/scsi_device.h>
27 #include <scsi/scsi_driver.h>
28 #include <scsi/scsi_eh.h>
29 #include <scsi/scsi_host.h>
30
31 #include "scsi_priv.h"
32 #include "scsi_logging.h"
33
34
35 #define SG_MEMPOOL_NR           ARRAY_SIZE(scsi_sg_pools)
36 #define SG_MEMPOOL_SIZE         2
37
38 struct scsi_host_sg_pool {
39         size_t          size;
40         char            *name;
41         struct kmem_cache       *slab;
42         mempool_t       *pool;
43 };
44
45 #define SP(x) { x, "sgpool-" __stringify(x) }
46 #if (SCSI_MAX_SG_SEGMENTS < 32)
47 #error SCSI_MAX_SG_SEGMENTS is too small (must be 32 or greater)
48 #endif
49 static struct scsi_host_sg_pool scsi_sg_pools[] = {
50         SP(8),
51         SP(16),
52 #if (SCSI_MAX_SG_SEGMENTS > 32)
53         SP(32),
54 #if (SCSI_MAX_SG_SEGMENTS > 64)
55         SP(64),
56 #if (SCSI_MAX_SG_SEGMENTS > 128)
57         SP(128),
58 #if (SCSI_MAX_SG_SEGMENTS > 256)
59 #error SCSI_MAX_SG_SEGMENTS is too large (256 MAX)
60 #endif
61 #endif
62 #endif
63 #endif
64         SP(SCSI_MAX_SG_SEGMENTS)
65 };
66 #undef SP
67
68 struct kmem_cache *scsi_sdb_cache;
69
70 static void scsi_run_queue(struct request_queue *q);
71
72 /*
73  * Function:    scsi_unprep_request()
74  *
75  * Purpose:     Remove all preparation done for a request, including its
76  *              associated scsi_cmnd, so that it can be requeued.
77  *
78  * Arguments:   req     - request to unprepare
79  *
80  * Lock status: Assumed that no locks are held upon entry.
81  *
82  * Returns:     Nothing.
83  */
84 static void scsi_unprep_request(struct request *req)
85 {
86         struct scsi_cmnd *cmd = req->special;
87
88         req->cmd_flags &= ~REQ_DONTPREP;
89         req->special = NULL;
90
91         scsi_put_command(cmd);
92 }
93
94 /*
95  * Function:    scsi_queue_insert()
96  *
97  * Purpose:     Insert a command in the midlevel queue.
98  *
99  * Arguments:   cmd    - command that we are adding to queue.
100  *              reason - why we are inserting command to queue.
101  *
102  * Lock status: Assumed that lock is not held upon entry.
103  *
104  * Returns:     Nothing.
105  *
106  * Notes:       We do this for one of two cases.  Either the host is busy
107  *              and it cannot accept any more commands for the time being,
108  *              or the device returned QUEUE_FULL and can accept no more
109  *              commands.
110  * Notes:       This could be called either from an interrupt context or a
111  *              normal process context.
112  */
113 int scsi_queue_insert(struct scsi_cmnd *cmd, int reason)
114 {
115         struct Scsi_Host *host = cmd->device->host;
116         struct scsi_device *device = cmd->device;
117         struct scsi_target *starget = scsi_target(device);
118         struct request_queue *q = device->request_queue;
119         unsigned long flags;
120
121         SCSI_LOG_MLQUEUE(1,
122                  printk("Inserting command %p into mlqueue\n", cmd));
123
124         /*
125          * Set the appropriate busy bit for the device/host.
126          *
127          * If the host/device isn't busy, assume that something actually
128          * completed, and that we should be able to queue a command now.
129          *
130          * Note that the prior mid-layer assumption that any host could
131          * always queue at least one command is now broken.  The mid-layer
132          * will implement a user specifiable stall (see
133          * scsi_host.max_host_blocked and scsi_device.max_device_blocked)
134          * if a command is requeued with no other commands outstanding
135          * either for the device or for the host.
136          */
137         switch (reason) {
138         case SCSI_MLQUEUE_HOST_BUSY:
139                 host->host_blocked = host->max_host_blocked;
140                 break;
141         case SCSI_MLQUEUE_DEVICE_BUSY:
142                 device->device_blocked = device->max_device_blocked;
143                 break;
144         case SCSI_MLQUEUE_TARGET_BUSY:
145                 starget->target_blocked = starget->max_target_blocked;
146                 break;
147         }
148
149         /*
150          * Decrement the counters, since these commands are no longer
151          * active on the host/device.
152          */
153         scsi_device_unbusy(device);
154
155         /*
156          * Requeue this command.  It will go before all other commands
157          * that are already in the queue.
158          *
159          * NOTE: there is magic here about the way the queue is plugged if
160          * we have no outstanding commands.
161          * 
162          * Although we *don't* plug the queue, we call the request
163          * function.  The SCSI request function detects the blocked condition
164          * and plugs the queue appropriately.
165          */
166         spin_lock_irqsave(q->queue_lock, flags);
167         blk_requeue_request(q, cmd->request);
168         spin_unlock_irqrestore(q->queue_lock, flags);
169
170         scsi_run_queue(q);
171
172         return 0;
173 }
174
175 /**
176  * scsi_execute - insert request and wait for the result
177  * @sdev:       scsi device
178  * @cmd:        scsi command
179  * @data_direction: data direction
180  * @buffer:     data buffer
181  * @bufflen:    len of buffer
182  * @sense:      optional sense buffer
183  * @timeout:    request timeout in seconds
184  * @retries:    number of times to retry request
185  * @flags:      or into request flags;
186  * @resid:      optional residual length
187  *
188  * returns the req->errors value which is the scsi_cmnd result
189  * field.
190  */
191 int scsi_execute(struct scsi_device *sdev, const unsigned char *cmd,
192                  int data_direction, void *buffer, unsigned bufflen,
193                  unsigned char *sense, int timeout, int retries, int flags,
194                  int *resid)
195 {
196         struct request *req;
197         int write = (data_direction == DMA_TO_DEVICE);
198         int ret = DRIVER_ERROR << 24;
199
200         req = blk_get_request(sdev->request_queue, write, __GFP_WAIT);
201
202         if (bufflen &&  blk_rq_map_kern(sdev->request_queue, req,
203                                         buffer, bufflen, __GFP_WAIT))
204                 goto out;
205
206         req->cmd_len = COMMAND_SIZE(cmd[0]);
207         memcpy(req->cmd, cmd, req->cmd_len);
208         req->sense = sense;
209         req->sense_len = 0;
210         req->retries = retries;
211         req->timeout = timeout;
212         req->cmd_type = REQ_TYPE_BLOCK_PC;
213         req->cmd_flags |= flags | REQ_QUIET | REQ_PREEMPT;
214
215         /*
216          * head injection *required* here otherwise quiesce won't work
217          */
218         blk_execute_rq(req->q, NULL, req, 1);
219
220         /*
221          * Some devices (USB mass-storage in particular) may transfer
222          * garbage data together with a residue indicating that the data
223          * is invalid.  Prevent the garbage from being misinterpreted
224          * and prevent security leaks by zeroing out the excess data.
225          */
226         if (unlikely(req->data_len > 0 && req->data_len <= bufflen))
227                 memset(buffer + (bufflen - req->data_len), 0, req->data_len);
228
229         if (resid)
230                 *resid = req->data_len;
231         ret = req->errors;
232  out:
233         blk_put_request(req);
234
235         return ret;
236 }
237 EXPORT_SYMBOL(scsi_execute);
238
239
240 int scsi_execute_req(struct scsi_device *sdev, const unsigned char *cmd,
241                      int data_direction, void *buffer, unsigned bufflen,
242                      struct scsi_sense_hdr *sshdr, int timeout, int retries,
243                      int *resid)
244 {
245         char *sense = NULL;
246         int result;
247         
248         if (sshdr) {
249                 sense = kzalloc(SCSI_SENSE_BUFFERSIZE, GFP_NOIO);
250                 if (!sense)
251                         return DRIVER_ERROR << 24;
252         }
253         result = scsi_execute(sdev, cmd, data_direction, buffer, bufflen,
254                               sense, timeout, retries, 0, resid);
255         if (sshdr)
256                 scsi_normalize_sense(sense, SCSI_SENSE_BUFFERSIZE, sshdr);
257
258         kfree(sense);
259         return result;
260 }
261 EXPORT_SYMBOL(scsi_execute_req);
262
263 struct scsi_io_context {
264         void *data;
265         void (*done)(void *data, char *sense, int result, int resid);
266         char sense[SCSI_SENSE_BUFFERSIZE];
267 };
268
269 static struct kmem_cache *scsi_io_context_cache;
270
271 static void scsi_end_async(struct request *req, int uptodate)
272 {
273         struct scsi_io_context *sioc = req->end_io_data;
274
275         if (sioc->done)
276                 sioc->done(sioc->data, sioc->sense, req->errors, req->data_len);
277
278         kmem_cache_free(scsi_io_context_cache, sioc);
279         __blk_put_request(req->q, req);
280 }
281
282 static int scsi_merge_bio(struct request *rq, struct bio *bio)
283 {
284         struct request_queue *q = rq->q;
285
286         bio->bi_flags &= ~(1 << BIO_SEG_VALID);
287         if (rq_data_dir(rq) == WRITE)
288                 bio->bi_rw |= (1 << BIO_RW);
289         blk_queue_bounce(q, &bio);
290
291         return blk_rq_append_bio(q, rq, bio);
292 }
293
294 static void scsi_bi_endio(struct bio *bio, int error)
295 {
296         bio_put(bio);
297 }
298
299 /**
300  * scsi_req_map_sg - map a scatterlist into a request
301  * @rq:         request to fill
302  * @sgl:        scatterlist
303  * @nsegs:      number of elements
304  * @bufflen:    len of buffer
305  * @gfp:        memory allocation flags
306  *
307  * scsi_req_map_sg maps a scatterlist into a request so that the
308  * request can be sent to the block layer. We do not trust the scatterlist
309  * sent to use, as some ULDs use that struct to only organize the pages.
310  */
311 static int scsi_req_map_sg(struct request *rq, struct scatterlist *sgl,
312                            int nsegs, unsigned bufflen, gfp_t gfp)
313 {
314         struct request_queue *q = rq->q;
315         int nr_pages = (bufflen + sgl[0].offset + PAGE_SIZE - 1) >> PAGE_SHIFT;
316         unsigned int data_len = bufflen, len, bytes, off;
317         struct scatterlist *sg;
318         struct page *page;
319         struct bio *bio = NULL;
320         int i, err, nr_vecs = 0;
321
322         for_each_sg(sgl, sg, nsegs, i) {
323                 page = sg_page(sg);
324                 off = sg->offset;
325                 len = sg->length;
326
327                 while (len > 0 && data_len > 0) {
328                         /*
329                          * sg sends a scatterlist that is larger than
330                          * the data_len it wants transferred for certain
331                          * IO sizes
332                          */
333                         bytes = min_t(unsigned int, len, PAGE_SIZE - off);
334                         bytes = min(bytes, data_len);
335
336                         if (!bio) {
337                                 nr_vecs = min_t(int, BIO_MAX_PAGES, nr_pages);
338                                 nr_pages -= nr_vecs;
339
340                                 bio = bio_alloc(gfp, nr_vecs);
341                                 if (!bio) {
342                                         err = -ENOMEM;
343                                         goto free_bios;
344                                 }
345                                 bio->bi_end_io = scsi_bi_endio;
346                         }
347
348                         if (bio_add_pc_page(q, bio, page, bytes, off) !=
349                             bytes) {
350                                 bio_put(bio);
351                                 err = -EINVAL;
352                                 goto free_bios;
353                         }
354
355                         if (bio->bi_vcnt >= nr_vecs) {
356                                 err = scsi_merge_bio(rq, bio);
357                                 if (err) {
358                                         bio_endio(bio, 0);
359                                         goto free_bios;
360                                 }
361                                 bio = NULL;
362                         }
363
364                         page++;
365                         len -= bytes;
366                         data_len -=bytes;
367                         off = 0;
368                 }
369         }
370
371         rq->buffer = rq->data = NULL;
372         rq->data_len = bufflen;
373         return 0;
374
375 free_bios:
376         while ((bio = rq->bio) != NULL) {
377                 rq->bio = bio->bi_next;
378                 /*
379                  * call endio instead of bio_put incase it was bounced
380                  */
381                 bio_endio(bio, 0);
382         }
383
384         return err;
385 }
386
387 /**
388  * scsi_execute_async - insert request
389  * @sdev:       scsi device
390  * @cmd:        scsi command
391  * @cmd_len:    length of scsi cdb
392  * @data_direction: DMA_TO_DEVICE, DMA_FROM_DEVICE, or DMA_NONE
393  * @buffer:     data buffer (this can be a kernel buffer or scatterlist)
394  * @bufflen:    len of buffer
395  * @use_sg:     if buffer is a scatterlist this is the number of elements
396  * @timeout:    request timeout in seconds
397  * @retries:    number of times to retry request
398  * @privdata:   data passed to done()
399  * @done:       callback function when done
400  * @gfp:        memory allocation flags
401  */
402 int scsi_execute_async(struct scsi_device *sdev, const unsigned char *cmd,
403                        int cmd_len, int data_direction, void *buffer, unsigned bufflen,
404                        int use_sg, int timeout, int retries, void *privdata,
405                        void (*done)(void *, char *, int, int), gfp_t gfp)
406 {
407         struct request *req;
408         struct scsi_io_context *sioc;
409         int err = 0;
410         int write = (data_direction == DMA_TO_DEVICE);
411
412         sioc = kmem_cache_zalloc(scsi_io_context_cache, gfp);
413         if (!sioc)
414                 return DRIVER_ERROR << 24;
415
416         req = blk_get_request(sdev->request_queue, write, gfp);
417         if (!req)
418                 goto free_sense;
419         req->cmd_type = REQ_TYPE_BLOCK_PC;
420         req->cmd_flags |= REQ_QUIET;
421
422         if (use_sg)
423                 err = scsi_req_map_sg(req, buffer, use_sg, bufflen, gfp);
424         else if (bufflen)
425                 err = blk_rq_map_kern(req->q, req, buffer, bufflen, gfp);
426
427         if (err)
428                 goto free_req;
429
430         req->cmd_len = cmd_len;
431         memset(req->cmd, 0, BLK_MAX_CDB); /* ATAPI hates garbage after CDB */
432         memcpy(req->cmd, cmd, req->cmd_len);
433         req->sense = sioc->sense;
434         req->sense_len = 0;
435         req->timeout = timeout;
436         req->retries = retries;
437         req->end_io_data = sioc;
438
439         sioc->data = privdata;
440         sioc->done = done;
441
442         blk_execute_rq_nowait(req->q, NULL, req, 1, scsi_end_async);
443         return 0;
444
445 free_req:
446         blk_put_request(req);
447 free_sense:
448         kmem_cache_free(scsi_io_context_cache, sioc);
449         return DRIVER_ERROR << 24;
450 }
451 EXPORT_SYMBOL_GPL(scsi_execute_async);
452
453 /*
454  * Function:    scsi_init_cmd_errh()
455  *
456  * Purpose:     Initialize cmd fields related to error handling.
457  *
458  * Arguments:   cmd     - command that is ready to be queued.
459  *
460  * Notes:       This function has the job of initializing a number of
461  *              fields related to error handling.   Typically this will
462  *              be called once for each command, as required.
463  */
464 static void scsi_init_cmd_errh(struct scsi_cmnd *cmd)
465 {
466         cmd->serial_number = 0;
467         scsi_set_resid(cmd, 0);
468         memset(cmd->sense_buffer, 0, SCSI_SENSE_BUFFERSIZE);
469         if (cmd->cmd_len == 0)
470                 cmd->cmd_len = scsi_command_size(cmd->cmnd);
471 }
472
473 void scsi_device_unbusy(struct scsi_device *sdev)
474 {
475         struct Scsi_Host *shost = sdev->host;
476         struct scsi_target *starget = scsi_target(sdev);
477         unsigned long flags;
478
479         spin_lock_irqsave(shost->host_lock, flags);
480         shost->host_busy--;
481         starget->target_busy--;
482         if (unlikely(scsi_host_in_recovery(shost) &&
483                      (shost->host_failed || shost->host_eh_scheduled)))
484                 scsi_eh_wakeup(shost);
485         spin_unlock(shost->host_lock);
486         spin_lock(sdev->request_queue->queue_lock);
487         sdev->device_busy--;
488         spin_unlock_irqrestore(sdev->request_queue->queue_lock, flags);
489 }
490
491 /*
492  * Called for single_lun devices on IO completion. Clear starget_sdev_user,
493  * and call blk_run_queue for all the scsi_devices on the target -
494  * including current_sdev first.
495  *
496  * Called with *no* scsi locks held.
497  */
498 static void scsi_single_lun_run(struct scsi_device *current_sdev)
499 {
500         struct Scsi_Host *shost = current_sdev->host;
501         struct scsi_device *sdev, *tmp;
502         struct scsi_target *starget = scsi_target(current_sdev);
503         unsigned long flags;
504
505         spin_lock_irqsave(shost->host_lock, flags);
506         starget->starget_sdev_user = NULL;
507         spin_unlock_irqrestore(shost->host_lock, flags);
508
509         /*
510          * Call blk_run_queue for all LUNs on the target, starting with
511          * current_sdev. We race with others (to set starget_sdev_user),
512          * but in most cases, we will be first. Ideally, each LU on the
513          * target would get some limited time or requests on the target.
514          */
515         blk_run_queue(current_sdev->request_queue);
516
517         spin_lock_irqsave(shost->host_lock, flags);
518         if (starget->starget_sdev_user)
519                 goto out;
520         list_for_each_entry_safe(sdev, tmp, &starget->devices,
521                         same_target_siblings) {
522                 if (sdev == current_sdev)
523                         continue;
524                 if (scsi_device_get(sdev))
525                         continue;
526
527                 spin_unlock_irqrestore(shost->host_lock, flags);
528                 blk_run_queue(sdev->request_queue);
529                 spin_lock_irqsave(shost->host_lock, flags);
530         
531                 scsi_device_put(sdev);
532         }
533  out:
534         spin_unlock_irqrestore(shost->host_lock, flags);
535 }
536
537 static inline int scsi_device_is_busy(struct scsi_device *sdev)
538 {
539         if (sdev->device_busy >= sdev->queue_depth || sdev->device_blocked)
540                 return 1;
541
542         return 0;
543 }
544
545 static inline int scsi_target_is_busy(struct scsi_target *starget)
546 {
547         return ((starget->can_queue > 0 &&
548                  starget->target_busy >= starget->can_queue) ||
549                  starget->target_blocked);
550 }
551
552 static inline int scsi_host_is_busy(struct Scsi_Host *shost)
553 {
554         if ((shost->can_queue > 0 && shost->host_busy >= shost->can_queue) ||
555             shost->host_blocked || shost->host_self_blocked)
556                 return 1;
557
558         return 0;
559 }
560
561 /*
562  * Function:    scsi_run_queue()
563  *
564  * Purpose:     Select a proper request queue to serve next
565  *
566  * Arguments:   q       - last request's queue
567  *
568  * Returns:     Nothing
569  *
570  * Notes:       The previous command was completely finished, start
571  *              a new one if possible.
572  */
573 static void scsi_run_queue(struct request_queue *q)
574 {
575         struct scsi_device *sdev = q->queuedata;
576         struct Scsi_Host *shost = sdev->host;
577         LIST_HEAD(starved_list);
578         unsigned long flags;
579
580         if (scsi_target(sdev)->single_lun)
581                 scsi_single_lun_run(sdev);
582
583         spin_lock_irqsave(shost->host_lock, flags);
584         list_splice_init(&shost->starved_list, &starved_list);
585
586         while (!list_empty(&starved_list)) {
587                 int flagset;
588
589                 /*
590                  * As long as shost is accepting commands and we have
591                  * starved queues, call blk_run_queue. scsi_request_fn
592                  * drops the queue_lock and can add us back to the
593                  * starved_list.
594                  *
595                  * host_lock protects the starved_list and starved_entry.
596                  * scsi_request_fn must get the host_lock before checking
597                  * or modifying starved_list or starved_entry.
598                  */
599                 if (scsi_host_is_busy(shost))
600                         break;
601
602                 sdev = list_entry(starved_list.next,
603                                   struct scsi_device, starved_entry);
604                 list_del_init(&sdev->starved_entry);
605                 if (scsi_target_is_busy(scsi_target(sdev))) {
606                         list_move_tail(&sdev->starved_entry,
607                                        &shost->starved_list);
608                         continue;
609                 }
610
611                 spin_unlock(shost->host_lock);
612
613                 spin_lock(sdev->request_queue->queue_lock);
614                 flagset = test_bit(QUEUE_FLAG_REENTER, &q->queue_flags) &&
615                                 !test_bit(QUEUE_FLAG_REENTER,
616                                         &sdev->request_queue->queue_flags);
617                 if (flagset)
618                         queue_flag_set(QUEUE_FLAG_REENTER, sdev->request_queue);
619                 __blk_run_queue(sdev->request_queue);
620                 if (flagset)
621                         queue_flag_clear(QUEUE_FLAG_REENTER, sdev->request_queue);
622                 spin_unlock(sdev->request_queue->queue_lock);
623
624                 spin_lock(shost->host_lock);
625         }
626         /* put any unprocessed entries back */
627         list_splice(&starved_list, &shost->starved_list);
628         spin_unlock_irqrestore(shost->host_lock, flags);
629
630         blk_run_queue(q);
631 }
632
633 /*
634  * Function:    scsi_requeue_command()
635  *
636  * Purpose:     Handle post-processing of completed commands.
637  *
638  * Arguments:   q       - queue to operate on
639  *              cmd     - command that may need to be requeued.
640  *
641  * Returns:     Nothing
642  *
643  * Notes:       After command completion, there may be blocks left
644  *              over which weren't finished by the previous command
645  *              this can be for a number of reasons - the main one is
646  *              I/O errors in the middle of the request, in which case
647  *              we need to request the blocks that come after the bad
648  *              sector.
649  * Notes:       Upon return, cmd is a stale pointer.
650  */
651 static void scsi_requeue_command(struct request_queue *q, struct scsi_cmnd *cmd)
652 {
653         struct request *req = cmd->request;
654         unsigned long flags;
655
656         spin_lock_irqsave(q->queue_lock, flags);
657         scsi_unprep_request(req);
658         blk_requeue_request(q, req);
659         spin_unlock_irqrestore(q->queue_lock, flags);
660
661         scsi_run_queue(q);
662 }
663
664 void scsi_next_command(struct scsi_cmnd *cmd)
665 {
666         struct scsi_device *sdev = cmd->device;
667         struct request_queue *q = sdev->request_queue;
668
669         /* need to hold a reference on the device before we let go of the cmd */
670         get_device(&sdev->sdev_gendev);
671
672         scsi_put_command(cmd);
673         scsi_run_queue(q);
674
675         /* ok to remove device now */
676         put_device(&sdev->sdev_gendev);
677 }
678
679 void scsi_run_host_queues(struct Scsi_Host *shost)
680 {
681         struct scsi_device *sdev;
682
683         shost_for_each_device(sdev, shost)
684                 scsi_run_queue(sdev->request_queue);
685 }
686
687 /*
688  * Function:    scsi_end_request()
689  *
690  * Purpose:     Post-processing of completed commands (usually invoked at end
691  *              of upper level post-processing and scsi_io_completion).
692  *
693  * Arguments:   cmd      - command that is complete.
694  *              error    - 0 if I/O indicates success, < 0 for I/O error.
695  *              bytes    - number of bytes of completed I/O
696  *              requeue  - indicates whether we should requeue leftovers.
697  *
698  * Lock status: Assumed that lock is not held upon entry.
699  *
700  * Returns:     cmd if requeue required, NULL otherwise.
701  *
702  * Notes:       This is called for block device requests in order to
703  *              mark some number of sectors as complete.
704  * 
705  *              We are guaranteeing that the request queue will be goosed
706  *              at some point during this call.
707  * Notes:       If cmd was requeued, upon return it will be a stale pointer.
708  */
709 static struct scsi_cmnd *scsi_end_request(struct scsi_cmnd *cmd, int error,
710                                           int bytes, int requeue)
711 {
712         struct request_queue *q = cmd->device->request_queue;
713         struct request *req = cmd->request;
714
715         /*
716          * If there are blocks left over at the end, set up the command
717          * to queue the remainder of them.
718          */
719         if (blk_end_request(req, error, bytes)) {
720                 int leftover = (req->hard_nr_sectors << 9);
721
722                 if (blk_pc_request(req))
723                         leftover = req->data_len;
724
725                 /* kill remainder if no retrys */
726                 if (error && scsi_noretry_cmd(cmd))
727                         blk_end_request(req, error, leftover);
728                 else {
729                         if (requeue) {
730                                 /*
731                                  * Bleah.  Leftovers again.  Stick the
732                                  * leftovers in the front of the
733                                  * queue, and goose the queue again.
734                                  */
735                                 scsi_requeue_command(q, cmd);
736                                 cmd = NULL;
737                         }
738                         return cmd;
739                 }
740         }
741
742         /*
743          * This will goose the queue request function at the end, so we don't
744          * need to worry about launching another command.
745          */
746         scsi_next_command(cmd);
747         return NULL;
748 }
749
750 static inline unsigned int scsi_sgtable_index(unsigned short nents)
751 {
752         unsigned int index;
753
754         BUG_ON(nents > SCSI_MAX_SG_SEGMENTS);
755
756         if (nents <= 8)
757                 index = 0;
758         else
759                 index = get_count_order(nents) - 3;
760
761         return index;
762 }
763
764 static void scsi_sg_free(struct scatterlist *sgl, unsigned int nents)
765 {
766         struct scsi_host_sg_pool *sgp;
767
768         sgp = scsi_sg_pools + scsi_sgtable_index(nents);
769         mempool_free(sgl, sgp->pool);
770 }
771
772 static struct scatterlist *scsi_sg_alloc(unsigned int nents, gfp_t gfp_mask)
773 {
774         struct scsi_host_sg_pool *sgp;
775
776         sgp = scsi_sg_pools + scsi_sgtable_index(nents);
777         return mempool_alloc(sgp->pool, gfp_mask);
778 }
779
780 static int scsi_alloc_sgtable(struct scsi_data_buffer *sdb, int nents,
781                               gfp_t gfp_mask)
782 {
783         int ret;
784
785         BUG_ON(!nents);
786
787         ret = __sg_alloc_table(&sdb->table, nents, SCSI_MAX_SG_SEGMENTS,
788                                gfp_mask, scsi_sg_alloc);
789         if (unlikely(ret))
790                 __sg_free_table(&sdb->table, SCSI_MAX_SG_SEGMENTS,
791                                 scsi_sg_free);
792
793         return ret;
794 }
795
796 static void scsi_free_sgtable(struct scsi_data_buffer *sdb)
797 {
798         __sg_free_table(&sdb->table, SCSI_MAX_SG_SEGMENTS, scsi_sg_free);
799 }
800
801 /*
802  * Function:    scsi_release_buffers()
803  *
804  * Purpose:     Completion processing for block device I/O requests.
805  *
806  * Arguments:   cmd     - command that we are bailing.
807  *
808  * Lock status: Assumed that no lock is held upon entry.
809  *
810  * Returns:     Nothing
811  *
812  * Notes:       In the event that an upper level driver rejects a
813  *              command, we must release resources allocated during
814  *              the __init_io() function.  Primarily this would involve
815  *              the scatter-gather table, and potentially any bounce
816  *              buffers.
817  */
818 void scsi_release_buffers(struct scsi_cmnd *cmd)
819 {
820         if (cmd->sdb.table.nents)
821                 scsi_free_sgtable(&cmd->sdb);
822
823         memset(&cmd->sdb, 0, sizeof(cmd->sdb));
824
825         if (scsi_bidi_cmnd(cmd)) {
826                 struct scsi_data_buffer *bidi_sdb =
827                         cmd->request->next_rq->special;
828                 scsi_free_sgtable(bidi_sdb);
829                 kmem_cache_free(scsi_sdb_cache, bidi_sdb);
830                 cmd->request->next_rq->special = NULL;
831         }
832
833         if (scsi_prot_sg_count(cmd))
834                 scsi_free_sgtable(cmd->prot_sdb);
835 }
836 EXPORT_SYMBOL(scsi_release_buffers);
837
838 /*
839  * Bidi commands Must be complete as a whole, both sides at once.
840  * If part of the bytes were written and lld returned
841  * scsi_in()->resid and/or scsi_out()->resid this information will be left
842  * in req->data_len and req->next_rq->data_len. The upper-layer driver can
843  * decide what to do with this information.
844  */
845 static void scsi_end_bidi_request(struct scsi_cmnd *cmd)
846 {
847         struct request *req = cmd->request;
848         unsigned int dlen = req->data_len;
849         unsigned int next_dlen = req->next_rq->data_len;
850
851         req->data_len = scsi_out(cmd)->resid;
852         req->next_rq->data_len = scsi_in(cmd)->resid;
853
854         /* The req and req->next_rq have not been completed */
855         BUG_ON(blk_end_bidi_request(req, 0, dlen, next_dlen));
856
857         scsi_release_buffers(cmd);
858
859         /*
860          * This will goose the queue request function at the end, so we don't
861          * need to worry about launching another command.
862          */
863         scsi_next_command(cmd);
864 }
865
866 /*
867  * Function:    scsi_io_completion()
868  *
869  * Purpose:     Completion processing for block device I/O requests.
870  *
871  * Arguments:   cmd   - command that is finished.
872  *
873  * Lock status: Assumed that no lock is held upon entry.
874  *
875  * Returns:     Nothing
876  *
877  * Notes:       This function is matched in terms of capabilities to
878  *              the function that created the scatter-gather list.
879  *              In other words, if there are no bounce buffers
880  *              (the normal case for most drivers), we don't need
881  *              the logic to deal with cleaning up afterwards.
882  *
883  *              We must call scsi_end_request().  This will finish off
884  *              the specified number of sectors.  If we are done, the
885  *              command block will be released and the queue function
886  *              will be goosed.  If we are not done then we have to
887  *              figure out what to do next:
888  *
889  *              a) We can call scsi_requeue_command().  The request
890  *                 will be unprepared and put back on the queue.  Then
891  *                 a new command will be created for it.  This should
892  *                 be used if we made forward progress, or if we want
893  *                 to switch from READ(10) to READ(6) for example.
894  *
895  *              b) We can call scsi_queue_insert().  The request will
896  *                 be put back on the queue and retried using the same
897  *                 command as before, possibly after a delay.
898  *
899  *              c) We can call blk_end_request() with -EIO to fail
900  *                 the remainder of the request.
901  */
902 void scsi_io_completion(struct scsi_cmnd *cmd, unsigned int good_bytes)
903 {
904         int result = cmd->result;
905         int this_count;
906         struct request_queue *q = cmd->device->request_queue;
907         struct request *req = cmd->request;
908         int error = 0;
909         struct scsi_sense_hdr sshdr;
910         int sense_valid = 0;
911         int sense_deferred = 0;
912         enum {ACTION_FAIL, ACTION_REPREP, ACTION_RETRY,
913               ACTION_DELAYED_RETRY} action;
914         char *description = NULL;
915
916         if (result) {
917                 sense_valid = scsi_command_normalize_sense(cmd, &sshdr);
918                 if (sense_valid)
919                         sense_deferred = scsi_sense_is_deferred(&sshdr);
920         }
921
922         if (blk_pc_request(req)) { /* SG_IO ioctl from block level */
923                 req->errors = result;
924                 if (result) {
925                         if (sense_valid && req->sense) {
926                                 /*
927                                  * SG_IO wants current and deferred errors
928                                  */
929                                 int len = 8 + cmd->sense_buffer[7];
930
931                                 if (len > SCSI_SENSE_BUFFERSIZE)
932                                         len = SCSI_SENSE_BUFFERSIZE;
933                                 memcpy(req->sense, cmd->sense_buffer,  len);
934                                 req->sense_len = len;
935                         }
936                         if (!sense_deferred)
937                                 error = -EIO;
938                 }
939                 if (scsi_bidi_cmnd(cmd)) {
940                         /* will also release_buffers */
941                         scsi_end_bidi_request(cmd);
942                         return;
943                 }
944                 req->data_len = scsi_get_resid(cmd);
945         }
946
947         BUG_ON(blk_bidi_rq(req)); /* bidi not support for !blk_pc_request yet */
948         scsi_release_buffers(cmd);
949
950         /*
951          * Next deal with any sectors which we were able to correctly
952          * handle.
953          */
954         SCSI_LOG_HLCOMPLETE(1, printk("%ld sectors total, "
955                                       "%d bytes done.\n",
956                                       req->nr_sectors, good_bytes));
957
958         /* A number of bytes were successfully read.  If there
959          * are leftovers and there is some kind of error
960          * (result != 0), retry the rest.
961          */
962         if (scsi_end_request(cmd, error, good_bytes, result == 0) == NULL)
963                 return;
964         this_count = blk_rq_bytes(req);
965
966         if (host_byte(result) == DID_RESET) {
967                 /* Third party bus reset or reset for error recovery
968                  * reasons.  Just retry the command and see what
969                  * happens.
970                  */
971                 action = ACTION_RETRY;
972         } else if (sense_valid && !sense_deferred) {
973                 switch (sshdr.sense_key) {
974                 case UNIT_ATTENTION:
975                         if (cmd->device->removable) {
976                                 /* Detected disc change.  Set a bit
977                                  * and quietly refuse further access.
978                                  */
979                                 cmd->device->changed = 1;
980                                 description = "Media Changed";
981                                 action = ACTION_FAIL;
982                         } else {
983                                 /* Must have been a power glitch, or a
984                                  * bus reset.  Could not have been a
985                                  * media change, so we just retry the
986                                  * command and see what happens.
987                                  */
988                                 action = ACTION_RETRY;
989                         }
990                         break;
991                 case ILLEGAL_REQUEST:
992                         /* If we had an ILLEGAL REQUEST returned, then
993                          * we may have performed an unsupported
994                          * command.  The only thing this should be
995                          * would be a ten byte read where only a six
996                          * byte read was supported.  Also, on a system
997                          * where READ CAPACITY failed, we may have
998                          * read past the end of the disk.
999                          */
1000                         if ((cmd->device->use_10_for_rw &&
1001                             sshdr.asc == 0x20 && sshdr.ascq == 0x00) &&
1002                             (cmd->cmnd[0] == READ_10 ||
1003                              cmd->cmnd[0] == WRITE_10)) {
1004                                 /* This will issue a new 6-byte command. */
1005                                 cmd->device->use_10_for_rw = 0;
1006                                 action = ACTION_REPREP;
1007                         } else
1008                                 action = ACTION_FAIL;
1009                         break;
1010                 case ABORTED_COMMAND:
1011                         if (sshdr.asc == 0x10) { /* DIF */
1012                                 action = ACTION_FAIL;
1013                                 description = "Data Integrity Failure";
1014                         } else
1015                                 action = ACTION_RETRY;
1016                         break;
1017                 case NOT_READY:
1018                         /* If the device is in the process of becoming
1019                          * ready, or has a temporary blockage, retry.
1020                          */
1021                         if (sshdr.asc == 0x04) {
1022                                 switch (sshdr.ascq) {
1023                                 case 0x01: /* becoming ready */
1024                                 case 0x04: /* format in progress */
1025                                 case 0x05: /* rebuild in progress */
1026                                 case 0x06: /* recalculation in progress */
1027                                 case 0x07: /* operation in progress */
1028                                 case 0x08: /* Long write in progress */
1029                                 case 0x09: /* self test in progress */
1030                                         action = ACTION_DELAYED_RETRY;
1031                                         break;
1032                                 }
1033                         } else {
1034                                 description = "Device not ready";
1035                                 action = ACTION_FAIL;
1036                         }
1037                         break;
1038                 case VOLUME_OVERFLOW:
1039                         /* See SSC3rXX or current. */
1040                         action = ACTION_FAIL;
1041                         break;
1042                 default:
1043                         description = "Unhandled sense code";
1044                         action = ACTION_FAIL;
1045                         break;
1046                 }
1047         } else {
1048                 description = "Unhandled error code";
1049                 action = ACTION_FAIL;
1050         }
1051
1052         switch (action) {
1053         case ACTION_FAIL:
1054                 /* Give up and fail the remainder of the request */
1055                 if (!(req->cmd_flags & REQ_QUIET)) {
1056                         if (description)
1057                                 scmd_printk(KERN_INFO, cmd, "%s",
1058                                             description);
1059                         scsi_print_result(cmd);
1060                         if (driver_byte(result) & DRIVER_SENSE)
1061                                 scsi_print_sense("", cmd);
1062                 }
1063                 blk_end_request(req, -EIO, blk_rq_bytes(req));
1064                 scsi_next_command(cmd);
1065                 break;
1066         case ACTION_REPREP:
1067                 /* Unprep the request and put it back at the head of the queue.
1068                  * A new command will be prepared and issued.
1069                  */
1070                 scsi_requeue_command(q, cmd);
1071                 break;
1072         case ACTION_RETRY:
1073                 /* Retry the same command immediately */
1074                 scsi_queue_insert(cmd, SCSI_MLQUEUE_EH_RETRY);
1075                 break;
1076         case ACTION_DELAYED_RETRY:
1077                 /* Retry the same command after a delay */
1078                 scsi_queue_insert(cmd, SCSI_MLQUEUE_DEVICE_BUSY);
1079                 break;
1080         }
1081 }
1082
1083 static int scsi_init_sgtable(struct request *req, struct scsi_data_buffer *sdb,
1084                              gfp_t gfp_mask)
1085 {
1086         int count;
1087
1088         /*
1089          * If sg table allocation fails, requeue request later.
1090          */
1091         if (unlikely(scsi_alloc_sgtable(sdb, req->nr_phys_segments,
1092                                         gfp_mask))) {
1093                 return BLKPREP_DEFER;
1094         }
1095
1096         req->buffer = NULL;
1097
1098         /* 
1099          * Next, walk the list, and fill in the addresses and sizes of
1100          * each segment.
1101          */
1102         count = blk_rq_map_sg(req->q, req, sdb->table.sgl);
1103         BUG_ON(count > sdb->table.nents);
1104         sdb->table.nents = count;
1105         if (blk_pc_request(req))
1106                 sdb->length = req->data_len;
1107         else
1108                 sdb->length = req->nr_sectors << 9;
1109         return BLKPREP_OK;
1110 }
1111
1112 /*
1113  * Function:    scsi_init_io()
1114  *
1115  * Purpose:     SCSI I/O initialize function.
1116  *
1117  * Arguments:   cmd   - Command descriptor we wish to initialize
1118  *
1119  * Returns:     0 on success
1120  *              BLKPREP_DEFER if the failure is retryable
1121  *              BLKPREP_KILL if the failure is fatal
1122  */
1123 int scsi_init_io(struct scsi_cmnd *cmd, gfp_t gfp_mask)
1124 {
1125         int error = scsi_init_sgtable(cmd->request, &cmd->sdb, gfp_mask);
1126         if (error)
1127                 goto err_exit;
1128
1129         if (blk_bidi_rq(cmd->request)) {
1130                 struct scsi_data_buffer *bidi_sdb = kmem_cache_zalloc(
1131                         scsi_sdb_cache, GFP_ATOMIC);
1132                 if (!bidi_sdb) {
1133                         error = BLKPREP_DEFER;
1134                         goto err_exit;
1135                 }
1136
1137                 cmd->request->next_rq->special = bidi_sdb;
1138                 error = scsi_init_sgtable(cmd->request->next_rq, bidi_sdb,
1139                                                                     GFP_ATOMIC);
1140                 if (error)
1141                         goto err_exit;
1142         }
1143
1144         if (blk_integrity_rq(cmd->request)) {
1145                 struct scsi_data_buffer *prot_sdb = cmd->prot_sdb;
1146                 int ivecs, count;
1147
1148                 BUG_ON(prot_sdb == NULL);
1149                 ivecs = blk_rq_count_integrity_sg(cmd->request);
1150
1151                 if (scsi_alloc_sgtable(prot_sdb, ivecs, gfp_mask)) {
1152                         error = BLKPREP_DEFER;
1153                         goto err_exit;
1154                 }
1155
1156                 count = blk_rq_map_integrity_sg(cmd->request,
1157                                                 prot_sdb->table.sgl);
1158                 BUG_ON(unlikely(count > ivecs));
1159
1160                 cmd->prot_sdb = prot_sdb;
1161                 cmd->prot_sdb->table.nents = count;
1162         }
1163
1164         return BLKPREP_OK ;
1165
1166 err_exit:
1167         scsi_release_buffers(cmd);
1168         if (error == BLKPREP_KILL)
1169                 scsi_put_command(cmd);
1170         else /* BLKPREP_DEFER */
1171                 scsi_unprep_request(cmd->request);
1172
1173         return error;
1174 }
1175 EXPORT_SYMBOL(scsi_init_io);
1176
1177 static struct scsi_cmnd *scsi_get_cmd_from_req(struct scsi_device *sdev,
1178                 struct request *req)
1179 {
1180         struct scsi_cmnd *cmd;
1181
1182         if (!req->special) {
1183                 cmd = scsi_get_command(sdev, GFP_ATOMIC);
1184                 if (unlikely(!cmd))
1185                         return NULL;
1186                 req->special = cmd;
1187         } else {
1188                 cmd = req->special;
1189         }
1190
1191         /* pull a tag out of the request if we have one */
1192         cmd->tag = req->tag;
1193         cmd->request = req;
1194
1195         cmd->cmnd = req->cmd;
1196
1197         return cmd;
1198 }
1199
1200 int scsi_setup_blk_pc_cmnd(struct scsi_device *sdev, struct request *req)
1201 {
1202         struct scsi_cmnd *cmd;
1203         int ret = scsi_prep_state_check(sdev, req);
1204
1205         if (ret != BLKPREP_OK)
1206                 return ret;
1207
1208         cmd = scsi_get_cmd_from_req(sdev, req);
1209         if (unlikely(!cmd))
1210                 return BLKPREP_DEFER;
1211
1212         /*
1213          * BLOCK_PC requests may transfer data, in which case they must
1214          * a bio attached to them.  Or they might contain a SCSI command
1215          * that does not transfer data, in which case they may optionally
1216          * submit a request without an attached bio.
1217          */
1218         if (req->bio) {
1219                 int ret;
1220
1221                 BUG_ON(!req->nr_phys_segments);
1222
1223                 ret = scsi_init_io(cmd, GFP_ATOMIC);
1224                 if (unlikely(ret))
1225                         return ret;
1226         } else {
1227                 BUG_ON(req->data_len);
1228                 BUG_ON(req->data);
1229
1230                 memset(&cmd->sdb, 0, sizeof(cmd->sdb));
1231                 req->buffer = NULL;
1232         }
1233
1234         cmd->cmd_len = req->cmd_len;
1235         if (!req->data_len)
1236                 cmd->sc_data_direction = DMA_NONE;
1237         else if (rq_data_dir(req) == WRITE)
1238                 cmd->sc_data_direction = DMA_TO_DEVICE;
1239         else
1240                 cmd->sc_data_direction = DMA_FROM_DEVICE;
1241         
1242         cmd->transfersize = req->data_len;
1243         cmd->allowed = req->retries;
1244         return BLKPREP_OK;
1245 }
1246 EXPORT_SYMBOL(scsi_setup_blk_pc_cmnd);
1247
1248 /*
1249  * Setup a REQ_TYPE_FS command.  These are simple read/write request
1250  * from filesystems that still need to be translated to SCSI CDBs from
1251  * the ULD.
1252  */
1253 int scsi_setup_fs_cmnd(struct scsi_device *sdev, struct request *req)
1254 {
1255         struct scsi_cmnd *cmd;
1256         int ret = scsi_prep_state_check(sdev, req);
1257
1258         if (ret != BLKPREP_OK)
1259                 return ret;
1260
1261         if (unlikely(sdev->scsi_dh_data && sdev->scsi_dh_data->scsi_dh
1262                          && sdev->scsi_dh_data->scsi_dh->prep_fn)) {
1263                 ret = sdev->scsi_dh_data->scsi_dh->prep_fn(sdev, req);
1264                 if (ret != BLKPREP_OK)
1265                         return ret;
1266         }
1267
1268         /*
1269          * Filesystem requests must transfer data.
1270          */
1271         BUG_ON(!req->nr_phys_segments);
1272
1273         cmd = scsi_get_cmd_from_req(sdev, req);
1274         if (unlikely(!cmd))
1275                 return BLKPREP_DEFER;
1276
1277         memset(cmd->cmnd, 0, BLK_MAX_CDB);
1278         return scsi_init_io(cmd, GFP_ATOMIC);
1279 }
1280 EXPORT_SYMBOL(scsi_setup_fs_cmnd);
1281
1282 int scsi_prep_state_check(struct scsi_device *sdev, struct request *req)
1283 {
1284         int ret = BLKPREP_OK;
1285
1286         /*
1287          * If the device is not in running state we will reject some
1288          * or all commands.
1289          */
1290         if (unlikely(sdev->sdev_state != SDEV_RUNNING)) {
1291                 switch (sdev->sdev_state) {
1292                 case SDEV_OFFLINE:
1293                         /*
1294                          * If the device is offline we refuse to process any
1295                          * commands.  The device must be brought online
1296                          * before trying any recovery commands.
1297                          */
1298                         sdev_printk(KERN_ERR, sdev,
1299                                     "rejecting I/O to offline device\n");
1300                         ret = BLKPREP_KILL;
1301                         break;
1302                 case SDEV_DEL:
1303                         /*
1304                          * If the device is fully deleted, we refuse to
1305                          * process any commands as well.
1306                          */
1307                         sdev_printk(KERN_ERR, sdev,
1308                                     "rejecting I/O to dead device\n");
1309                         ret = BLKPREP_KILL;
1310                         break;
1311                 case SDEV_QUIESCE:
1312                 case SDEV_BLOCK:
1313                 case SDEV_CREATED_BLOCK:
1314                         /*
1315                          * If the devices is blocked we defer normal commands.
1316                          */
1317                         if (!(req->cmd_flags & REQ_PREEMPT))
1318                                 ret = BLKPREP_DEFER;
1319                         break;
1320                 default:
1321                         /*
1322                          * For any other not fully online state we only allow
1323                          * special commands.  In particular any user initiated
1324                          * command is not allowed.
1325                          */
1326                         if (!(req->cmd_flags & REQ_PREEMPT))
1327                                 ret = BLKPREP_KILL;
1328                         break;
1329                 }
1330         }
1331         return ret;
1332 }
1333 EXPORT_SYMBOL(scsi_prep_state_check);
1334
1335 int scsi_prep_return(struct request_queue *q, struct request *req, int ret)
1336 {
1337         struct scsi_device *sdev = q->queuedata;
1338
1339         switch (ret) {
1340         case BLKPREP_KILL:
1341                 req->errors = DID_NO_CONNECT << 16;
1342                 /* release the command and kill it */
1343                 if (req->special) {
1344                         struct scsi_cmnd *cmd = req->special;
1345                         scsi_release_buffers(cmd);
1346                         scsi_put_command(cmd);
1347                         req->special = NULL;
1348                 }
1349                 break;
1350         case BLKPREP_DEFER:
1351                 /*
1352                  * If we defer, the elv_next_request() returns NULL, but the
1353                  * queue must be restarted, so we plug here if no returning
1354                  * command will automatically do that.
1355                  */
1356                 if (sdev->device_busy == 0)
1357                         blk_plug_device(q);
1358                 break;
1359         default:
1360                 req->cmd_flags |= REQ_DONTPREP;
1361         }
1362
1363         return ret;
1364 }
1365 EXPORT_SYMBOL(scsi_prep_return);
1366
1367 int scsi_prep_fn(struct request_queue *q, struct request *req)
1368 {
1369         struct scsi_device *sdev = q->queuedata;
1370         int ret = BLKPREP_KILL;
1371
1372         if (req->cmd_type == REQ_TYPE_BLOCK_PC)
1373                 ret = scsi_setup_blk_pc_cmnd(sdev, req);
1374         return scsi_prep_return(q, req, ret);
1375 }
1376
1377 /*
1378  * scsi_dev_queue_ready: if we can send requests to sdev, return 1 else
1379  * return 0.
1380  *
1381  * Called with the queue_lock held.
1382  */
1383 static inline int scsi_dev_queue_ready(struct request_queue *q,
1384                                   struct scsi_device *sdev)
1385 {
1386         if (sdev->device_busy == 0 && sdev->device_blocked) {
1387                 /*
1388                  * unblock after device_blocked iterates to zero
1389                  */
1390                 if (--sdev->device_blocked == 0) {
1391                         SCSI_LOG_MLQUEUE(3,
1392                                    sdev_printk(KERN_INFO, sdev,
1393                                    "unblocking device at zero depth\n"));
1394                 } else {
1395                         blk_plug_device(q);
1396                         return 0;
1397                 }
1398         }
1399         if (scsi_device_is_busy(sdev))
1400                 return 0;
1401
1402         return 1;
1403 }
1404
1405
1406 /*
1407  * scsi_target_queue_ready: checks if there we can send commands to target
1408  * @sdev: scsi device on starget to check.
1409  *
1410  * Called with the host lock held.
1411  */
1412 static inline int scsi_target_queue_ready(struct Scsi_Host *shost,
1413                                            struct scsi_device *sdev)
1414 {
1415         struct scsi_target *starget = scsi_target(sdev);
1416
1417         if (starget->single_lun) {
1418                 if (starget->starget_sdev_user &&
1419                     starget->starget_sdev_user != sdev)
1420                         return 0;
1421                 starget->starget_sdev_user = sdev;
1422         }
1423
1424         if (starget->target_busy == 0 && starget->target_blocked) {
1425                 /*
1426                  * unblock after target_blocked iterates to zero
1427                  */
1428                 if (--starget->target_blocked == 0) {
1429                         SCSI_LOG_MLQUEUE(3, starget_printk(KERN_INFO, starget,
1430                                          "unblocking target at zero depth\n"));
1431                 } else {
1432                         blk_plug_device(sdev->request_queue);
1433                         return 0;
1434                 }
1435         }
1436
1437         if (scsi_target_is_busy(starget)) {
1438                 if (list_empty(&sdev->starved_entry)) {
1439                         list_add_tail(&sdev->starved_entry,
1440                                       &shost->starved_list);
1441                         return 0;
1442                 }
1443         }
1444
1445         /* We're OK to process the command, so we can't be starved */
1446         if (!list_empty(&sdev->starved_entry))
1447                 list_del_init(&sdev->starved_entry);
1448         return 1;
1449 }
1450
1451 /*
1452  * scsi_host_queue_ready: if we can send requests to shost, return 1 else
1453  * return 0. We must end up running the queue again whenever 0 is
1454  * returned, else IO can hang.
1455  *
1456  * Called with host_lock held.
1457  */
1458 static inline int scsi_host_queue_ready(struct request_queue *q,
1459                                    struct Scsi_Host *shost,
1460                                    struct scsi_device *sdev)
1461 {
1462         if (scsi_host_in_recovery(shost))
1463                 return 0;
1464         if (shost->host_busy == 0 && shost->host_blocked) {
1465                 /*
1466                  * unblock after host_blocked iterates to zero
1467                  */
1468                 if (--shost->host_blocked == 0) {
1469                         SCSI_LOG_MLQUEUE(3,
1470                                 printk("scsi%d unblocking host at zero depth\n",
1471                                         shost->host_no));
1472                 } else {
1473                         return 0;
1474                 }
1475         }
1476         if (scsi_host_is_busy(shost)) {
1477                 if (list_empty(&sdev->starved_entry))
1478                         list_add_tail(&sdev->starved_entry, &shost->starved_list);
1479                 return 0;
1480         }
1481
1482         /* We're OK to process the command, so we can't be starved */
1483         if (!list_empty(&sdev->starved_entry))
1484                 list_del_init(&sdev->starved_entry);
1485
1486         return 1;
1487 }
1488
1489 /*
1490  * Busy state exporting function for request stacking drivers.
1491  *
1492  * For efficiency, no lock is taken to check the busy state of
1493  * shost/starget/sdev, since the returned value is not guaranteed and
1494  * may be changed after request stacking drivers call the function,
1495  * regardless of taking lock or not.
1496  *
1497  * When scsi can't dispatch I/Os anymore and needs to kill I/Os
1498  * (e.g. !sdev), scsi needs to return 'not busy'.
1499  * Otherwise, request stacking drivers may hold requests forever.
1500  */
1501 static int scsi_lld_busy(struct request_queue *q)
1502 {
1503         struct scsi_device *sdev = q->queuedata;
1504         struct Scsi_Host *shost;
1505         struct scsi_target *starget;
1506
1507         if (!sdev)
1508                 return 0;
1509
1510         shost = sdev->host;
1511         starget = scsi_target(sdev);
1512
1513         if (scsi_host_in_recovery(shost) || scsi_host_is_busy(shost) ||
1514             scsi_target_is_busy(starget) || scsi_device_is_busy(sdev))
1515                 return 1;
1516
1517         return 0;
1518 }
1519
1520 /*
1521  * Kill a request for a dead device
1522  */
1523 static void scsi_kill_request(struct request *req, struct request_queue *q)
1524 {
1525         struct scsi_cmnd *cmd = req->special;
1526         struct scsi_device *sdev = cmd->device;
1527         struct scsi_target *starget = scsi_target(sdev);
1528         struct Scsi_Host *shost = sdev->host;
1529
1530         blkdev_dequeue_request(req);
1531
1532         if (unlikely(cmd == NULL)) {
1533                 printk(KERN_CRIT "impossible request in %s.\n",
1534                                  __func__);
1535                 BUG();
1536         }
1537
1538         scsi_init_cmd_errh(cmd);
1539         cmd->result = DID_NO_CONNECT << 16;
1540         atomic_inc(&cmd->device->iorequest_cnt);
1541
1542         /*
1543          * SCSI request completion path will do scsi_device_unbusy(),
1544          * bump busy counts.  To bump the counters, we need to dance
1545          * with the locks as normal issue path does.
1546          */
1547         sdev->device_busy++;
1548         spin_unlock(sdev->request_queue->queue_lock);
1549         spin_lock(shost->host_lock);
1550         shost->host_busy++;
1551         starget->target_busy++;
1552         spin_unlock(shost->host_lock);
1553         spin_lock(sdev->request_queue->queue_lock);
1554
1555         blk_complete_request(req);
1556 }
1557
1558 static void scsi_softirq_done(struct request *rq)
1559 {
1560         struct scsi_cmnd *cmd = rq->special;
1561         unsigned long wait_for = (cmd->allowed + 1) * rq->timeout;
1562         int disposition;
1563
1564         INIT_LIST_HEAD(&cmd->eh_entry);
1565
1566         /*
1567          * Set the serial numbers back to zero
1568          */
1569         cmd->serial_number = 0;
1570
1571         atomic_inc(&cmd->device->iodone_cnt);
1572         if (cmd->result)
1573                 atomic_inc(&cmd->device->ioerr_cnt);
1574
1575         disposition = scsi_decide_disposition(cmd);
1576         if (disposition != SUCCESS &&
1577             time_before(cmd->jiffies_at_alloc + wait_for, jiffies)) {
1578                 sdev_printk(KERN_ERR, cmd->device,
1579                             "timing out command, waited %lus\n",
1580                             wait_for/HZ);
1581                 disposition = SUCCESS;
1582         }
1583                         
1584         scsi_log_completion(cmd, disposition);
1585
1586         switch (disposition) {
1587                 case SUCCESS:
1588                         scsi_finish_command(cmd);
1589                         break;
1590                 case NEEDS_RETRY:
1591                         scsi_queue_insert(cmd, SCSI_MLQUEUE_EH_RETRY);
1592                         break;
1593                 case ADD_TO_MLQUEUE:
1594                         scsi_queue_insert(cmd, SCSI_MLQUEUE_DEVICE_BUSY);
1595                         break;
1596                 default:
1597                         if (!scsi_eh_scmd_add(cmd, 0))
1598                                 scsi_finish_command(cmd);
1599         }
1600 }
1601
1602 /*
1603  * Function:    scsi_request_fn()
1604  *
1605  * Purpose:     Main strategy routine for SCSI.
1606  *
1607  * Arguments:   q       - Pointer to actual queue.
1608  *
1609  * Returns:     Nothing
1610  *
1611  * Lock status: IO request lock assumed to be held when called.
1612  */
1613 static void scsi_request_fn(struct request_queue *q)
1614 {
1615         struct scsi_device *sdev = q->queuedata;
1616         struct Scsi_Host *shost;
1617         struct scsi_cmnd *cmd;
1618         struct request *req;
1619
1620         if (!sdev) {
1621                 printk("scsi: killing requests for dead queue\n");
1622                 while ((req = elv_next_request(q)) != NULL)
1623                         scsi_kill_request(req, q);
1624                 return;
1625         }
1626
1627         if(!get_device(&sdev->sdev_gendev))
1628                 /* We must be tearing the block queue down already */
1629                 return;
1630
1631         /*
1632          * To start with, we keep looping until the queue is empty, or until
1633          * the host is no longer able to accept any more requests.
1634          */
1635         shost = sdev->host;
1636         while (!blk_queue_plugged(q)) {
1637                 int rtn;
1638                 /*
1639                  * get next queueable request.  We do this early to make sure
1640                  * that the request is fully prepared even if we cannot 
1641                  * accept it.
1642                  */
1643                 req = elv_next_request(q);
1644                 if (!req || !scsi_dev_queue_ready(q, sdev))
1645                         break;
1646
1647                 if (unlikely(!scsi_device_online(sdev))) {
1648                         sdev_printk(KERN_ERR, sdev,
1649                                     "rejecting I/O to offline device\n");
1650                         scsi_kill_request(req, q);
1651                         continue;
1652                 }
1653
1654
1655                 /*
1656                  * Remove the request from the request list.
1657                  */
1658                 if (!(blk_queue_tagged(q) && !blk_queue_start_tag(q, req)))
1659                         blkdev_dequeue_request(req);
1660                 sdev->device_busy++;
1661
1662                 spin_unlock(q->queue_lock);
1663                 cmd = req->special;
1664                 if (unlikely(cmd == NULL)) {
1665                         printk(KERN_CRIT "impossible request in %s.\n"
1666                                          "please mail a stack trace to "
1667                                          "linux-scsi@vger.kernel.org\n",
1668                                          __func__);
1669                         blk_dump_rq_flags(req, "foo");
1670                         BUG();
1671                 }
1672                 spin_lock(shost->host_lock);
1673
1674                 /*
1675                  * We hit this when the driver is using a host wide
1676                  * tag map. For device level tag maps the queue_depth check
1677                  * in the device ready fn would prevent us from trying
1678                  * to allocate a tag. Since the map is a shared host resource
1679                  * we add the dev to the starved list so it eventually gets
1680                  * a run when a tag is freed.
1681                  */
1682                 if (blk_queue_tagged(q) && !blk_rq_tagged(req)) {
1683                         if (list_empty(&sdev->starved_entry))
1684                                 list_add_tail(&sdev->starved_entry,
1685                                               &shost->starved_list);
1686                         goto not_ready;
1687                 }
1688
1689                 if (!scsi_target_queue_ready(shost, sdev))
1690                         goto not_ready;
1691
1692                 if (!scsi_host_queue_ready(q, shost, sdev))
1693                         goto not_ready;
1694
1695                 scsi_target(sdev)->target_busy++;
1696                 shost->host_busy++;
1697
1698                 /*
1699                  * XXX(hch): This is rather suboptimal, scsi_dispatch_cmd will
1700                  *              take the lock again.
1701                  */
1702                 spin_unlock_irq(shost->host_lock);
1703
1704                 /*
1705                  * Finally, initialize any error handling parameters, and set up
1706                  * the timers for timeouts.
1707                  */
1708                 scsi_init_cmd_errh(cmd);
1709
1710                 /*
1711                  * Dispatch the command to the low-level driver.
1712                  */
1713                 rtn = scsi_dispatch_cmd(cmd);
1714                 spin_lock_irq(q->queue_lock);
1715                 if(rtn) {
1716                         /* we're refusing the command; because of
1717                          * the way locks get dropped, we need to 
1718                          * check here if plugging is required */
1719                         if(sdev->device_busy == 0)
1720                                 blk_plug_device(q);
1721
1722                         break;
1723                 }
1724         }
1725
1726         goto out;
1727
1728  not_ready:
1729         spin_unlock_irq(shost->host_lock);
1730
1731         /*
1732          * lock q, handle tag, requeue req, and decrement device_busy. We
1733          * must return with queue_lock held.
1734          *
1735          * Decrementing device_busy without checking it is OK, as all such
1736          * cases (host limits or settings) should run the queue at some
1737          * later time.
1738          */
1739         spin_lock_irq(q->queue_lock);
1740         blk_requeue_request(q, req);
1741         sdev->device_busy--;
1742         if(sdev->device_busy == 0)
1743                 blk_plug_device(q);
1744  out:
1745         /* must be careful here...if we trigger the ->remove() function
1746          * we cannot be holding the q lock */
1747         spin_unlock_irq(q->queue_lock);
1748         put_device(&sdev->sdev_gendev);
1749         spin_lock_irq(q->queue_lock);
1750 }
1751
1752 u64 scsi_calculate_bounce_limit(struct Scsi_Host *shost)
1753 {
1754         struct device *host_dev;
1755         u64 bounce_limit = 0xffffffff;
1756
1757         if (shost->unchecked_isa_dma)
1758                 return BLK_BOUNCE_ISA;
1759         /*
1760          * Platforms with virtual-DMA translation
1761          * hardware have no practical limit.
1762          */
1763         if (!PCI_DMA_BUS_IS_PHYS)
1764                 return BLK_BOUNCE_ANY;
1765
1766         host_dev = scsi_get_device(shost);
1767         if (host_dev && host_dev->dma_mask)
1768                 bounce_limit = *host_dev->dma_mask;
1769
1770         return bounce_limit;
1771 }
1772 EXPORT_SYMBOL(scsi_calculate_bounce_limit);
1773
1774 struct request_queue *__scsi_alloc_queue(struct Scsi_Host *shost,
1775                                          request_fn_proc *request_fn)
1776 {
1777         struct request_queue *q;
1778         struct device *dev = shost->shost_gendev.parent;
1779
1780         q = blk_init_queue(request_fn, NULL);
1781         if (!q)
1782                 return NULL;
1783
1784         /*
1785          * this limit is imposed by hardware restrictions
1786          */
1787         blk_queue_max_hw_segments(q, shost->sg_tablesize);
1788         blk_queue_max_phys_segments(q, SCSI_MAX_SG_CHAIN_SEGMENTS);
1789
1790         blk_queue_max_sectors(q, shost->max_sectors);
1791         blk_queue_bounce_limit(q, scsi_calculate_bounce_limit(shost));
1792         blk_queue_segment_boundary(q, shost->dma_boundary);
1793         dma_set_seg_boundary(dev, shost->dma_boundary);
1794
1795         blk_queue_max_segment_size(q, dma_get_max_seg_size(dev));
1796
1797         /* New queue, no concurrency on queue_flags */
1798         if (!shost->use_clustering)
1799                 queue_flag_clear_unlocked(QUEUE_FLAG_CLUSTER, q);
1800
1801         /*
1802          * set a reasonable default alignment on word boundaries: the
1803          * host and device may alter it using
1804          * blk_queue_update_dma_alignment() later.
1805          */
1806         blk_queue_dma_alignment(q, 0x03);
1807
1808         return q;
1809 }
1810 EXPORT_SYMBOL(__scsi_alloc_queue);
1811
1812 struct request_queue *scsi_alloc_queue(struct scsi_device *sdev)
1813 {
1814         struct request_queue *q;
1815
1816         q = __scsi_alloc_queue(sdev->host, scsi_request_fn);
1817         if (!q)
1818                 return NULL;
1819
1820         blk_queue_prep_rq(q, scsi_prep_fn);
1821         blk_queue_softirq_done(q, scsi_softirq_done);
1822         blk_queue_rq_timed_out(q, scsi_times_out);
1823         blk_queue_lld_busy(q, scsi_lld_busy);
1824         return q;
1825 }
1826
1827 void scsi_free_queue(struct request_queue *q)
1828 {
1829         blk_cleanup_queue(q);
1830 }
1831
1832 /*
1833  * Function:    scsi_block_requests()
1834  *
1835  * Purpose:     Utility function used by low-level drivers to prevent further
1836  *              commands from being queued to the device.
1837  *
1838  * Arguments:   shost       - Host in question
1839  *
1840  * Returns:     Nothing
1841  *
1842  * Lock status: No locks are assumed held.
1843  *
1844  * Notes:       There is no timer nor any other means by which the requests
1845  *              get unblocked other than the low-level driver calling
1846  *              scsi_unblock_requests().
1847  */
1848 void scsi_block_requests(struct Scsi_Host *shost)
1849 {
1850         shost->host_self_blocked = 1;
1851 }
1852 EXPORT_SYMBOL(scsi_block_requests);
1853
1854 /*
1855  * Function:    scsi_unblock_requests()
1856  *
1857  * Purpose:     Utility function used by low-level drivers to allow further
1858  *              commands from being queued to the device.
1859  *
1860  * Arguments:   shost       - Host in question
1861  *
1862  * Returns:     Nothing
1863  *
1864  * Lock status: No locks are assumed held.
1865  *
1866  * Notes:       There is no timer nor any other means by which the requests
1867  *              get unblocked other than the low-level driver calling
1868  *              scsi_unblock_requests().
1869  *
1870  *              This is done as an API function so that changes to the
1871  *              internals of the scsi mid-layer won't require wholesale
1872  *              changes to drivers that use this feature.
1873  */
1874 void scsi_unblock_requests(struct Scsi_Host *shost)
1875 {
1876         shost->host_self_blocked = 0;
1877         scsi_run_host_queues(shost);
1878 }
1879 EXPORT_SYMBOL(scsi_unblock_requests);
1880
1881 int __init scsi_init_queue(void)
1882 {
1883         int i;
1884
1885         scsi_io_context_cache = kmem_cache_create("scsi_io_context",
1886                                         sizeof(struct scsi_io_context),
1887                                         0, 0, NULL);
1888         if (!scsi_io_context_cache) {
1889                 printk(KERN_ERR "SCSI: can't init scsi io context cache\n");
1890                 return -ENOMEM;
1891         }
1892
1893         scsi_sdb_cache = kmem_cache_create("scsi_data_buffer",
1894                                            sizeof(struct scsi_data_buffer),
1895                                            0, 0, NULL);
1896         if (!scsi_sdb_cache) {
1897                 printk(KERN_ERR "SCSI: can't init scsi sdb cache\n");
1898                 goto cleanup_io_context;
1899         }
1900
1901         for (i = 0; i < SG_MEMPOOL_NR; i++) {
1902                 struct scsi_host_sg_pool *sgp = scsi_sg_pools + i;
1903                 int size = sgp->size * sizeof(struct scatterlist);
1904
1905                 sgp->slab = kmem_cache_create(sgp->name, size, 0,
1906                                 SLAB_HWCACHE_ALIGN, NULL);
1907                 if (!sgp->slab) {
1908                         printk(KERN_ERR "SCSI: can't init sg slab %s\n",
1909                                         sgp->name);
1910                         goto cleanup_sdb;
1911                 }
1912
1913                 sgp->pool = mempool_create_slab_pool(SG_MEMPOOL_SIZE,
1914                                                      sgp->slab);
1915                 if (!sgp->pool) {
1916                         printk(KERN_ERR "SCSI: can't init sg mempool %s\n",
1917                                         sgp->name);
1918                         goto cleanup_sdb;
1919                 }
1920         }
1921
1922         return 0;
1923
1924 cleanup_sdb:
1925         for (i = 0; i < SG_MEMPOOL_NR; i++) {
1926                 struct scsi_host_sg_pool *sgp = scsi_sg_pools + i;
1927                 if (sgp->pool)
1928                         mempool_destroy(sgp->pool);
1929                 if (sgp->slab)
1930                         kmem_cache_destroy(sgp->slab);
1931         }
1932         kmem_cache_destroy(scsi_sdb_cache);
1933 cleanup_io_context:
1934         kmem_cache_destroy(scsi_io_context_cache);
1935
1936         return -ENOMEM;
1937 }
1938
1939 void scsi_exit_queue(void)
1940 {
1941         int i;
1942
1943         kmem_cache_destroy(scsi_io_context_cache);
1944         kmem_cache_destroy(scsi_sdb_cache);
1945
1946         for (i = 0; i < SG_MEMPOOL_NR; i++) {
1947                 struct scsi_host_sg_pool *sgp = scsi_sg_pools + i;
1948                 mempool_destroy(sgp->pool);
1949                 kmem_cache_destroy(sgp->slab);
1950         }
1951 }
1952
1953 /**
1954  *      scsi_mode_select - issue a mode select
1955  *      @sdev:  SCSI device to be queried
1956  *      @pf:    Page format bit (1 == standard, 0 == vendor specific)
1957  *      @sp:    Save page bit (0 == don't save, 1 == save)
1958  *      @modepage: mode page being requested
1959  *      @buffer: request buffer (may not be smaller than eight bytes)
1960  *      @len:   length of request buffer.
1961  *      @timeout: command timeout
1962  *      @retries: number of retries before failing
1963  *      @data: returns a structure abstracting the mode header data
1964  *      @sshdr: place to put sense data (or NULL if no sense to be collected).
1965  *              must be SCSI_SENSE_BUFFERSIZE big.
1966  *
1967  *      Returns zero if successful; negative error number or scsi
1968  *      status on error
1969  *
1970  */
1971 int
1972 scsi_mode_select(struct scsi_device *sdev, int pf, int sp, int modepage,
1973                  unsigned char *buffer, int len, int timeout, int retries,
1974                  struct scsi_mode_data *data, struct scsi_sense_hdr *sshdr)
1975 {
1976         unsigned char cmd[10];
1977         unsigned char *real_buffer;
1978         int ret;
1979
1980         memset(cmd, 0, sizeof(cmd));
1981         cmd[1] = (pf ? 0x10 : 0) | (sp ? 0x01 : 0);
1982
1983         if (sdev->use_10_for_ms) {
1984                 if (len > 65535)
1985                         return -EINVAL;
1986                 real_buffer = kmalloc(8 + len, GFP_KERNEL);
1987                 if (!real_buffer)
1988                         return -ENOMEM;
1989                 memcpy(real_buffer + 8, buffer, len);
1990                 len += 8;
1991                 real_buffer[0] = 0;
1992                 real_buffer[1] = 0;
1993                 real_buffer[2] = data->medium_type;
1994                 real_buffer[3] = data->device_specific;
1995                 real_buffer[4] = data->longlba ? 0x01 : 0;
1996                 real_buffer[5] = 0;
1997                 real_buffer[6] = data->block_descriptor_length >> 8;
1998                 real_buffer[7] = data->block_descriptor_length;
1999
2000                 cmd[0] = MODE_SELECT_10;
2001                 cmd[7] = len >> 8;
2002                 cmd[8] = len;
2003         } else {
2004                 if (len > 255 || data->block_descriptor_length > 255 ||
2005                     data->longlba)
2006                         return -EINVAL;
2007
2008                 real_buffer = kmalloc(4 + len, GFP_KERNEL);
2009                 if (!real_buffer)
2010                         return -ENOMEM;
2011                 memcpy(real_buffer + 4, buffer, len);
2012                 len += 4;
2013                 real_buffer[0] = 0;
2014                 real_buffer[1] = data->medium_type;
2015                 real_buffer[2] = data->device_specific;
2016                 real_buffer[3] = data->block_descriptor_length;
2017                 
2018
2019                 cmd[0] = MODE_SELECT;
2020                 cmd[4] = len;
2021         }
2022
2023         ret = scsi_execute_req(sdev, cmd, DMA_TO_DEVICE, real_buffer, len,
2024                                sshdr, timeout, retries, NULL);
2025         kfree(real_buffer);
2026         return ret;
2027 }
2028 EXPORT_SYMBOL_GPL(scsi_mode_select);
2029
2030 /**
2031  *      scsi_mode_sense - issue a mode sense, falling back from 10 to six bytes if necessary.
2032  *      @sdev:  SCSI device to be queried
2033  *      @dbd:   set if mode sense will allow block descriptors to be returned
2034  *      @modepage: mode page being requested
2035  *      @buffer: request buffer (may not be smaller than eight bytes)
2036  *      @len:   length of request buffer.
2037  *      @timeout: command timeout
2038  *      @retries: number of retries before failing
2039  *      @data: returns a structure abstracting the mode header data
2040  *      @sshdr: place to put sense data (or NULL if no sense to be collected).
2041  *              must be SCSI_SENSE_BUFFERSIZE big.
2042  *
2043  *      Returns zero if unsuccessful, or the header offset (either 4
2044  *      or 8 depending on whether a six or ten byte command was
2045  *      issued) if successful.
2046  */
2047 int
2048 scsi_mode_sense(struct scsi_device *sdev, int dbd, int modepage,
2049                   unsigned char *buffer, int len, int timeout, int retries,
2050                   struct scsi_mode_data *data, struct scsi_sense_hdr *sshdr)
2051 {
2052         unsigned char cmd[12];
2053         int use_10_for_ms;
2054         int header_length;
2055         int result;
2056         struct scsi_sense_hdr my_sshdr;
2057
2058         memset(data, 0, sizeof(*data));
2059         memset(&cmd[0], 0, 12);
2060         cmd[1] = dbd & 0x18;    /* allows DBD and LLBA bits */
2061         cmd[2] = modepage;
2062
2063         /* caller might not be interested in sense, but we need it */
2064         if (!sshdr)
2065                 sshdr = &my_sshdr;
2066
2067  retry:
2068         use_10_for_ms = sdev->use_10_for_ms;
2069
2070         if (use_10_for_ms) {
2071                 if (len < 8)
2072                         len = 8;
2073
2074                 cmd[0] = MODE_SENSE_10;
2075                 cmd[8] = len;
2076                 header_length = 8;
2077         } else {
2078                 if (len < 4)
2079                         len = 4;
2080
2081                 cmd[0] = MODE_SENSE;
2082                 cmd[4] = len;
2083                 header_length = 4;
2084         }
2085
2086         memset(buffer, 0, len);
2087
2088         result = scsi_execute_req(sdev, cmd, DMA_FROM_DEVICE, buffer, len,
2089                                   sshdr, timeout, retries, NULL);
2090
2091         /* This code looks awful: what it's doing is making sure an
2092          * ILLEGAL REQUEST sense return identifies the actual command
2093          * byte as the problem.  MODE_SENSE commands can return
2094          * ILLEGAL REQUEST if the code page isn't supported */
2095
2096         if (use_10_for_ms && !scsi_status_is_good(result) &&
2097             (driver_byte(result) & DRIVER_SENSE)) {
2098                 if (scsi_sense_valid(sshdr)) {
2099                         if ((sshdr->sense_key == ILLEGAL_REQUEST) &&
2100                             (sshdr->asc == 0x20) && (sshdr->ascq == 0)) {
2101                                 /* 
2102                                  * Invalid command operation code
2103                                  */
2104                                 sdev->use_10_for_ms = 0;
2105                                 goto retry;
2106                         }
2107                 }
2108         }
2109
2110         if(scsi_status_is_good(result)) {
2111                 if (unlikely(buffer[0] == 0x86 && buffer[1] == 0x0b &&
2112                              (modepage == 6 || modepage == 8))) {
2113                         /* Initio breakage? */
2114                         header_length = 0;
2115                         data->length = 13;
2116                         data->medium_type = 0;
2117                         data->device_specific = 0;
2118                         data->longlba = 0;
2119                         data->block_descriptor_length = 0;
2120                 } else if(use_10_for_ms) {
2121                         data->length = buffer[0]*256 + buffer[1] + 2;
2122                         data->medium_type = buffer[2];
2123                         data->device_specific = buffer[3];
2124                         data->longlba = buffer[4] & 0x01;
2125                         data->block_descriptor_length = buffer[6]*256
2126                                 + buffer[7];
2127                 } else {
2128                         data->length = buffer[0] + 1;
2129                         data->medium_type = buffer[1];
2130                         data->device_specific = buffer[2];
2131                         data->block_descriptor_length = buffer[3];
2132                 }
2133                 data->header_length = header_length;
2134         }
2135
2136         return result;
2137 }
2138 EXPORT_SYMBOL(scsi_mode_sense);
2139
2140 /**
2141  *      scsi_test_unit_ready - test if unit is ready
2142  *      @sdev:  scsi device to change the state of.
2143  *      @timeout: command timeout
2144  *      @retries: number of retries before failing
2145  *      @sshdr_external: Optional pointer to struct scsi_sense_hdr for
2146  *              returning sense. Make sure that this is cleared before passing
2147  *              in.
2148  *
2149  *      Returns zero if unsuccessful or an error if TUR failed.  For
2150  *      removable media, a return of NOT_READY or UNIT_ATTENTION is
2151  *      translated to success, with the ->changed flag updated.
2152  **/
2153 int
2154 scsi_test_unit_ready(struct scsi_device *sdev, int timeout, int retries,
2155                      struct scsi_sense_hdr *sshdr_external)
2156 {
2157         char cmd[] = {
2158                 TEST_UNIT_READY, 0, 0, 0, 0, 0,
2159         };
2160         struct scsi_sense_hdr *sshdr;
2161         int result;
2162
2163         if (!sshdr_external)
2164                 sshdr = kzalloc(sizeof(*sshdr), GFP_KERNEL);
2165         else
2166                 sshdr = sshdr_external;
2167
2168         /* try to eat the UNIT_ATTENTION if there are enough retries */
2169         do {
2170                 result = scsi_execute_req(sdev, cmd, DMA_NONE, NULL, 0, sshdr,
2171                                           timeout, retries, NULL);
2172                 if (sdev->removable && scsi_sense_valid(sshdr) &&
2173                     sshdr->sense_key == UNIT_ATTENTION)
2174                         sdev->changed = 1;
2175         } while (scsi_sense_valid(sshdr) &&
2176                  sshdr->sense_key == UNIT_ATTENTION && --retries);
2177
2178         if (!sshdr)
2179                 /* could not allocate sense buffer, so can't process it */
2180                 return result;
2181
2182         if (sdev->removable && scsi_sense_valid(sshdr) &&
2183             (sshdr->sense_key == UNIT_ATTENTION ||
2184              sshdr->sense_key == NOT_READY)) {
2185                 sdev->changed = 1;
2186                 result = 0;
2187         }
2188         if (!sshdr_external)
2189                 kfree(sshdr);
2190         return result;
2191 }
2192 EXPORT_SYMBOL(scsi_test_unit_ready);
2193
2194 /**
2195  *      scsi_device_set_state - Take the given device through the device state model.
2196  *      @sdev:  scsi device to change the state of.
2197  *      @state: state to change to.
2198  *
2199  *      Returns zero if unsuccessful or an error if the requested 
2200  *      transition is illegal.
2201  */
2202 int
2203 scsi_device_set_state(struct scsi_device *sdev, enum scsi_device_state state)
2204 {
2205         enum scsi_device_state oldstate = sdev->sdev_state;
2206
2207         if (state == oldstate)
2208                 return 0;
2209
2210         switch (state) {
2211         case SDEV_CREATED:
2212                 switch (oldstate) {
2213                 case SDEV_CREATED_BLOCK:
2214                         break;
2215                 default:
2216                         goto illegal;
2217                 }
2218                 break;
2219                         
2220         case SDEV_RUNNING:
2221                 switch (oldstate) {
2222                 case SDEV_CREATED:
2223                 case SDEV_OFFLINE:
2224                 case SDEV_QUIESCE:
2225                 case SDEV_BLOCK:
2226                         break;
2227                 default:
2228                         goto illegal;
2229                 }
2230                 break;
2231
2232         case SDEV_QUIESCE:
2233                 switch (oldstate) {
2234                 case SDEV_RUNNING:
2235                 case SDEV_OFFLINE:
2236                         break;
2237                 default:
2238                         goto illegal;
2239                 }
2240                 break;
2241
2242         case SDEV_OFFLINE:
2243                 switch (oldstate) {
2244                 case SDEV_CREATED:
2245                 case SDEV_RUNNING:
2246                 case SDEV_QUIESCE:
2247                 case SDEV_BLOCK:
2248                         break;
2249                 default:
2250                         goto illegal;
2251                 }
2252                 break;
2253
2254         case SDEV_BLOCK:
2255                 switch (oldstate) {
2256                 case SDEV_RUNNING:
2257                 case SDEV_CREATED_BLOCK:
2258                         break;
2259                 default:
2260                         goto illegal;
2261                 }
2262                 break;
2263
2264         case SDEV_CREATED_BLOCK:
2265                 switch (oldstate) {
2266                 case SDEV_CREATED:
2267                         break;
2268                 default:
2269                         goto illegal;
2270                 }
2271                 break;
2272
2273         case SDEV_CANCEL:
2274                 switch (oldstate) {
2275                 case SDEV_CREATED:
2276                 case SDEV_RUNNING:
2277                 case SDEV_QUIESCE:
2278                 case SDEV_OFFLINE:
2279                 case SDEV_BLOCK:
2280                         break;
2281                 default:
2282                         goto illegal;
2283                 }
2284                 break;
2285
2286         case SDEV_DEL:
2287                 switch (oldstate) {
2288                 case SDEV_CREATED:
2289                 case SDEV_RUNNING:
2290                 case SDEV_OFFLINE:
2291                 case SDEV_CANCEL:
2292                         break;
2293                 default:
2294                         goto illegal;
2295                 }
2296                 break;
2297
2298         }
2299         sdev->sdev_state = state;
2300         return 0;
2301
2302  illegal:
2303         SCSI_LOG_ERROR_RECOVERY(1, 
2304                                 sdev_printk(KERN_ERR, sdev,
2305                                             "Illegal state transition %s->%s\n",
2306                                             scsi_device_state_name(oldstate),
2307                                             scsi_device_state_name(state))
2308                                 );
2309         return -EINVAL;
2310 }
2311 EXPORT_SYMBOL(scsi_device_set_state);
2312
2313 /**
2314  *      sdev_evt_emit - emit a single SCSI device uevent
2315  *      @sdev: associated SCSI device
2316  *      @evt: event to emit
2317  *
2318  *      Send a single uevent (scsi_event) to the associated scsi_device.
2319  */
2320 static void scsi_evt_emit(struct scsi_device *sdev, struct scsi_event *evt)
2321 {
2322         int idx = 0;
2323         char *envp[3];
2324
2325         switch (evt->evt_type) {
2326         case SDEV_EVT_MEDIA_CHANGE:
2327                 envp[idx++] = "SDEV_MEDIA_CHANGE=1";
2328                 break;
2329
2330         default:
2331                 /* do nothing */
2332                 break;
2333         }
2334
2335         envp[idx++] = NULL;
2336
2337         kobject_uevent_env(&sdev->sdev_gendev.kobj, KOBJ_CHANGE, envp);
2338 }
2339
2340 /**
2341  *      sdev_evt_thread - send a uevent for each scsi event
2342  *      @work: work struct for scsi_device
2343  *
2344  *      Dispatch queued events to their associated scsi_device kobjects
2345  *      as uevents.
2346  */
2347 void scsi_evt_thread(struct work_struct *work)
2348 {
2349         struct scsi_device *sdev;
2350         LIST_HEAD(event_list);
2351
2352         sdev = container_of(work, struct scsi_device, event_work);
2353
2354         while (1) {
2355                 struct scsi_event *evt;
2356                 struct list_head *this, *tmp;
2357                 unsigned long flags;
2358
2359                 spin_lock_irqsave(&sdev->list_lock, flags);
2360                 list_splice_init(&sdev->event_list, &event_list);
2361                 spin_unlock_irqrestore(&sdev->list_lock, flags);
2362
2363                 if (list_empty(&event_list))
2364                         break;
2365
2366                 list_for_each_safe(this, tmp, &event_list) {
2367                         evt = list_entry(this, struct scsi_event, node);
2368                         list_del(&evt->node);
2369                         scsi_evt_emit(sdev, evt);
2370                         kfree(evt);
2371                 }
2372         }
2373 }
2374
2375 /**
2376  *      sdev_evt_send - send asserted event to uevent thread
2377  *      @sdev: scsi_device event occurred on
2378  *      @evt: event to send
2379  *
2380  *      Assert scsi device event asynchronously.
2381  */
2382 void sdev_evt_send(struct scsi_device *sdev, struct scsi_event *evt)
2383 {
2384         unsigned long flags;
2385
2386 #if 0
2387         /* FIXME: currently this check eliminates all media change events
2388          * for polled devices.  Need to update to discriminate between AN
2389          * and polled events */
2390         if (!test_bit(evt->evt_type, sdev->supported_events)) {
2391                 kfree(evt);
2392                 return;
2393         }
2394 #endif
2395
2396         spin_lock_irqsave(&sdev->list_lock, flags);
2397         list_add_tail(&evt->node, &sdev->event_list);
2398         schedule_work(&sdev->event_work);
2399         spin_unlock_irqrestore(&sdev->list_lock, flags);
2400 }
2401 EXPORT_SYMBOL_GPL(sdev_evt_send);
2402
2403 /**
2404  *      sdev_evt_alloc - allocate a new scsi event
2405  *      @evt_type: type of event to allocate
2406  *      @gfpflags: GFP flags for allocation
2407  *
2408  *      Allocates and returns a new scsi_event.
2409  */
2410 struct scsi_event *sdev_evt_alloc(enum scsi_device_event evt_type,
2411                                   gfp_t gfpflags)
2412 {
2413         struct scsi_event *evt = kzalloc(sizeof(struct scsi_event), gfpflags);
2414         if (!evt)
2415                 return NULL;
2416
2417         evt->evt_type = evt_type;
2418         INIT_LIST_HEAD(&evt->node);
2419
2420         /* evt_type-specific initialization, if any */
2421         switch (evt_type) {
2422         case SDEV_EVT_MEDIA_CHANGE:
2423         default:
2424                 /* do nothing */
2425                 break;
2426         }
2427
2428         return evt;
2429 }
2430 EXPORT_SYMBOL_GPL(sdev_evt_alloc);
2431
2432 /**
2433  *      sdev_evt_send_simple - send asserted event to uevent thread
2434  *      @sdev: scsi_device event occurred on
2435  *      @evt_type: type of event to send
2436  *      @gfpflags: GFP flags for allocation
2437  *
2438  *      Assert scsi device event asynchronously, given an event type.
2439  */
2440 void sdev_evt_send_simple(struct scsi_device *sdev,
2441                           enum scsi_device_event evt_type, gfp_t gfpflags)
2442 {
2443         struct scsi_event *evt = sdev_evt_alloc(evt_type, gfpflags);
2444         if (!evt) {
2445                 sdev_printk(KERN_ERR, sdev, "event %d eaten due to OOM\n",
2446                             evt_type);
2447                 return;
2448         }
2449
2450         sdev_evt_send(sdev, evt);
2451 }
2452 EXPORT_SYMBOL_GPL(sdev_evt_send_simple);
2453
2454 /**
2455  *      scsi_device_quiesce - Block user issued commands.
2456  *      @sdev:  scsi device to quiesce.
2457  *
2458  *      This works by trying to transition to the SDEV_QUIESCE state
2459  *      (which must be a legal transition).  When the device is in this
2460  *      state, only special requests will be accepted, all others will
2461  *      be deferred.  Since special requests may also be requeued requests,
2462  *      a successful return doesn't guarantee the device will be 
2463  *      totally quiescent.
2464  *
2465  *      Must be called with user context, may sleep.
2466  *
2467  *      Returns zero if unsuccessful or an error if not.
2468  */
2469 int
2470 scsi_device_quiesce(struct scsi_device *sdev)
2471 {
2472         int err = scsi_device_set_state(sdev, SDEV_QUIESCE);
2473         if (err)
2474                 return err;
2475
2476         scsi_run_queue(sdev->request_queue);
2477         while (sdev->device_busy) {
2478                 msleep_interruptible(200);
2479                 scsi_run_queue(sdev->request_queue);
2480         }
2481         return 0;
2482 }
2483 EXPORT_SYMBOL(scsi_device_quiesce);
2484
2485 /**
2486  *      scsi_device_resume - Restart user issued commands to a quiesced device.
2487  *      @sdev:  scsi device to resume.
2488  *
2489  *      Moves the device from quiesced back to running and restarts the
2490  *      queues.
2491  *
2492  *      Must be called with user context, may sleep.
2493  */
2494 void
2495 scsi_device_resume(struct scsi_device *sdev)
2496 {
2497         if(scsi_device_set_state(sdev, SDEV_RUNNING))
2498                 return;
2499         scsi_run_queue(sdev->request_queue);
2500 }
2501 EXPORT_SYMBOL(scsi_device_resume);
2502
2503 static void
2504 device_quiesce_fn(struct scsi_device *sdev, void *data)
2505 {
2506         scsi_device_quiesce(sdev);
2507 }
2508
2509 void
2510 scsi_target_quiesce(struct scsi_target *starget)
2511 {
2512         starget_for_each_device(starget, NULL, device_quiesce_fn);
2513 }
2514 EXPORT_SYMBOL(scsi_target_quiesce);
2515
2516 static void
2517 device_resume_fn(struct scsi_device *sdev, void *data)
2518 {
2519         scsi_device_resume(sdev);
2520 }
2521
2522 void
2523 scsi_target_resume(struct scsi_target *starget)
2524 {
2525         starget_for_each_device(starget, NULL, device_resume_fn);
2526 }
2527 EXPORT_SYMBOL(scsi_target_resume);
2528
2529 /**
2530  * scsi_internal_device_block - internal function to put a device temporarily into the SDEV_BLOCK state
2531  * @sdev:       device to block
2532  *
2533  * Block request made by scsi lld's to temporarily stop all
2534  * scsi commands on the specified device.  Called from interrupt
2535  * or normal process context.
2536  *
2537  * Returns zero if successful or error if not
2538  *
2539  * Notes:       
2540  *      This routine transitions the device to the SDEV_BLOCK state
2541  *      (which must be a legal transition).  When the device is in this
2542  *      state, all commands are deferred until the scsi lld reenables
2543  *      the device with scsi_device_unblock or device_block_tmo fires.
2544  *      This routine assumes the host_lock is held on entry.
2545  */
2546 int
2547 scsi_internal_device_block(struct scsi_device *sdev)
2548 {
2549         struct request_queue *q = sdev->request_queue;
2550         unsigned long flags;
2551         int err = 0;
2552
2553         err = scsi_device_set_state(sdev, SDEV_BLOCK);
2554         if (err) {
2555                 err = scsi_device_set_state(sdev, SDEV_CREATED_BLOCK);
2556
2557                 if (err)
2558                         return err;
2559         }
2560
2561         /* 
2562          * The device has transitioned to SDEV_BLOCK.  Stop the
2563          * block layer from calling the midlayer with this device's
2564          * request queue. 
2565          */
2566         spin_lock_irqsave(q->queue_lock, flags);
2567         blk_stop_queue(q);
2568         spin_unlock_irqrestore(q->queue_lock, flags);
2569
2570         return 0;
2571 }
2572 EXPORT_SYMBOL_GPL(scsi_internal_device_block);
2573  
2574 /**
2575  * scsi_internal_device_unblock - resume a device after a block request
2576  * @sdev:       device to resume
2577  *
2578  * Called by scsi lld's or the midlayer to restart the device queue
2579  * for the previously suspended scsi device.  Called from interrupt or
2580  * normal process context.
2581  *
2582  * Returns zero if successful or error if not.
2583  *
2584  * Notes:       
2585  *      This routine transitions the device to the SDEV_RUNNING state
2586  *      (which must be a legal transition) allowing the midlayer to
2587  *      goose the queue for this device.  This routine assumes the 
2588  *      host_lock is held upon entry.
2589  */
2590 int
2591 scsi_internal_device_unblock(struct scsi_device *sdev)
2592 {
2593         struct request_queue *q = sdev->request_queue; 
2594         int err;
2595         unsigned long flags;
2596         
2597         /* 
2598          * Try to transition the scsi device to SDEV_RUNNING
2599          * and goose the device queue if successful.  
2600          */
2601         err = scsi_device_set_state(sdev, SDEV_RUNNING);
2602         if (err) {
2603                 err = scsi_device_set_state(sdev, SDEV_CREATED);
2604
2605                 if (err)
2606                         return err;
2607         }
2608
2609         spin_lock_irqsave(q->queue_lock, flags);
2610         blk_start_queue(q);
2611         spin_unlock_irqrestore(q->queue_lock, flags);
2612
2613         return 0;
2614 }
2615 EXPORT_SYMBOL_GPL(scsi_internal_device_unblock);
2616
2617 static void
2618 device_block(struct scsi_device *sdev, void *data)
2619 {
2620         scsi_internal_device_block(sdev);
2621 }
2622
2623 static int
2624 target_block(struct device *dev, void *data)
2625 {
2626         if (scsi_is_target_device(dev))
2627                 starget_for_each_device(to_scsi_target(dev), NULL,
2628                                         device_block);
2629         return 0;
2630 }
2631
2632 void
2633 scsi_target_block(struct device *dev)
2634 {
2635         if (scsi_is_target_device(dev))
2636                 starget_for_each_device(to_scsi_target(dev), NULL,
2637                                         device_block);
2638         else
2639                 device_for_each_child(dev, NULL, target_block);
2640 }
2641 EXPORT_SYMBOL_GPL(scsi_target_block);
2642
2643 static void
2644 device_unblock(struct scsi_device *sdev, void *data)
2645 {
2646         scsi_internal_device_unblock(sdev);
2647 }
2648
2649 static int
2650 target_unblock(struct device *dev, void *data)
2651 {
2652         if (scsi_is_target_device(dev))
2653                 starget_for_each_device(to_scsi_target(dev), NULL,
2654                                         device_unblock);
2655         return 0;
2656 }
2657
2658 void
2659 scsi_target_unblock(struct device *dev)
2660 {
2661         if (scsi_is_target_device(dev))
2662                 starget_for_each_device(to_scsi_target(dev), NULL,
2663                                         device_unblock);
2664         else
2665                 device_for_each_child(dev, NULL, target_unblock);
2666 }
2667 EXPORT_SYMBOL_GPL(scsi_target_unblock);
2668
2669 /**
2670  * scsi_kmap_atomic_sg - find and atomically map an sg-elemnt
2671  * @sgl:        scatter-gather list
2672  * @sg_count:   number of segments in sg
2673  * @offset:     offset in bytes into sg, on return offset into the mapped area
2674  * @len:        bytes to map, on return number of bytes mapped
2675  *
2676  * Returns virtual address of the start of the mapped page
2677  */
2678 void *scsi_kmap_atomic_sg(struct scatterlist *sgl, int sg_count,
2679                           size_t *offset, size_t *len)
2680 {
2681         int i;
2682         size_t sg_len = 0, len_complete = 0;
2683         struct scatterlist *sg;
2684         struct page *page;
2685
2686         WARN_ON(!irqs_disabled());
2687
2688         for_each_sg(sgl, sg, sg_count, i) {
2689                 len_complete = sg_len; /* Complete sg-entries */
2690                 sg_len += sg->length;
2691                 if (sg_len > *offset)
2692                         break;
2693         }
2694
2695         if (unlikely(i == sg_count)) {
2696                 printk(KERN_ERR "%s: Bytes in sg: %zu, requested offset %zu, "
2697                         "elements %d\n",
2698                        __func__, sg_len, *offset, sg_count);
2699                 WARN_ON(1);
2700                 return NULL;
2701         }
2702
2703         /* Offset starting from the beginning of first page in this sg-entry */
2704         *offset = *offset - len_complete + sg->offset;
2705
2706         /* Assumption: contiguous pages can be accessed as "page + i" */
2707         page = nth_page(sg_page(sg), (*offset >> PAGE_SHIFT));
2708         *offset &= ~PAGE_MASK;
2709
2710         /* Bytes in this sg-entry from *offset to the end of the page */
2711         sg_len = PAGE_SIZE - *offset;
2712         if (*len > sg_len)
2713                 *len = sg_len;
2714
2715         return kmap_atomic(page, KM_BIO_SRC_IRQ);
2716 }
2717 EXPORT_SYMBOL(scsi_kmap_atomic_sg);
2718
2719 /**
2720  * scsi_kunmap_atomic_sg - atomically unmap a virtual address, previously mapped with scsi_kmap_atomic_sg
2721  * @virt:       virtual address to be unmapped
2722  */
2723 void scsi_kunmap_atomic_sg(void *virt)
2724 {
2725         kunmap_atomic(virt, KM_BIO_SRC_IRQ);
2726 }
2727 EXPORT_SYMBOL(scsi_kunmap_atomic_sg);