Merge branch 'master' of git://git.kernel.org/pub/scm/linux/kernel/git/mason/btrfs...
[linux-2.6] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP Smart Array controllers.
3  *    (C) Copyright 2000, 2007 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; version 2 of the License.
8  *
9  *    This program is distributed in the hope that it will be useful,
10  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
11  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  *    General Public License for more details.
13  *
14  *    You should have received a copy of the GNU General Public License
15  *    along with this program; if not, write to the Free Software
16  *    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17  *    02111-1307, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/module.h>
24 #include <linux/interrupt.h>
25 #include <linux/types.h>
26 #include <linux/pci.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/delay.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/bio.h>
33 #include <linux/blkpg.h>
34 #include <linux/timer.h>
35 #include <linux/proc_fs.h>
36 #include <linux/seq_file.h>
37 #include <linux/init.h>
38 #include <linux/hdreg.h>
39 #include <linux/spinlock.h>
40 #include <linux/compat.h>
41 #include <linux/blktrace_api.h>
42 #include <asm/uaccess.h>
43 #include <asm/io.h>
44
45 #include <linux/dma-mapping.h>
46 #include <linux/blkdev.h>
47 #include <linux/genhd.h>
48 #include <linux/completion.h>
49 #include <scsi/scsi.h>
50 #include <scsi/sg.h>
51 #include <scsi/scsi_ioctl.h>
52 #include <linux/cdrom.h>
53 #include <linux/scatterlist.h>
54
55 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
56 #define DRIVER_NAME "HP CISS Driver (v 3.6.20)"
57 #define DRIVER_VERSION CCISS_DRIVER_VERSION(3, 6, 20)
58
59 /* Embedded module documentation macros - see modules.h */
60 MODULE_AUTHOR("Hewlett-Packard Company");
61 MODULE_DESCRIPTION("Driver for HP Smart Array Controllers");
62 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
63                         " SA6i P600 P800 P400 P400i E200 E200i E500 P700m"
64                         " Smart Array G2 Series SAS/SATA Controllers");
65 MODULE_VERSION("3.6.20");
66 MODULE_LICENSE("GPL");
67
68 #include "cciss_cmd.h"
69 #include "cciss.h"
70 #include <linux/cciss_ioctl.h>
71
72 /* define the PCI info for the cards we can control */
73 static const struct pci_device_id cciss_pci_device_id[] = {
74         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,  0x0E11, 0x4070},
75         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4080},
76         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4082},
77         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4083},
78         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x4091},
79         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409A},
80         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409B},
81         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409C},
82         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409D},
83         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSA,     0x103C, 0x3225},
84         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3223},
85         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3234},
86         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3235},
87         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3211},
88         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3212},
89         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3213},
90         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3214},
91         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3215},
92         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3237},
93         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x323D},
94         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3241},
95         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3243},
96         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3245},
97         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3247},
98         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3249},
99         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324A},
100         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324B},
101         {PCI_VENDOR_ID_HP,     PCI_ANY_ID,      PCI_ANY_ID, PCI_ANY_ID,
102                 PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
103         {0,}
104 };
105
106 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
107
108 /*  board_id = Subsystem Device ID & Vendor ID
109  *  product = Marketing Name for the board
110  *  access = Address of the struct of function pointers
111  */
112 static struct board_type products[] = {
113         {0x40700E11, "Smart Array 5300", &SA5_access},
114         {0x40800E11, "Smart Array 5i", &SA5B_access},
115         {0x40820E11, "Smart Array 532", &SA5B_access},
116         {0x40830E11, "Smart Array 5312", &SA5B_access},
117         {0x409A0E11, "Smart Array 641", &SA5_access},
118         {0x409B0E11, "Smart Array 642", &SA5_access},
119         {0x409C0E11, "Smart Array 6400", &SA5_access},
120         {0x409D0E11, "Smart Array 6400 EM", &SA5_access},
121         {0x40910E11, "Smart Array 6i", &SA5_access},
122         {0x3225103C, "Smart Array P600", &SA5_access},
123         {0x3223103C, "Smart Array P800", &SA5_access},
124         {0x3234103C, "Smart Array P400", &SA5_access},
125         {0x3235103C, "Smart Array P400i", &SA5_access},
126         {0x3211103C, "Smart Array E200i", &SA5_access},
127         {0x3212103C, "Smart Array E200", &SA5_access},
128         {0x3213103C, "Smart Array E200i", &SA5_access},
129         {0x3214103C, "Smart Array E200i", &SA5_access},
130         {0x3215103C, "Smart Array E200i", &SA5_access},
131         {0x3237103C, "Smart Array E500", &SA5_access},
132         {0x323D103C, "Smart Array P700m", &SA5_access},
133         {0x3241103C, "Smart Array P212", &SA5_access},
134         {0x3243103C, "Smart Array P410", &SA5_access},
135         {0x3245103C, "Smart Array P410i", &SA5_access},
136         {0x3247103C, "Smart Array P411", &SA5_access},
137         {0x3249103C, "Smart Array P812", &SA5_access},
138         {0x324A103C, "Smart Array P712m", &SA5_access},
139         {0x324B103C, "Smart Array P711m", &SA5_access},
140         {0xFFFF103C, "Unknown Smart Array", &SA5_access},
141 };
142
143 /* How long to wait (in milliseconds) for board to go into simple mode */
144 #define MAX_CONFIG_WAIT 30000
145 #define MAX_IOCTL_CONFIG_WAIT 1000
146
147 /*define how many times we will try a command because of bus resets */
148 #define MAX_CMD_RETRIES 3
149
150 #define MAX_CTLR        32
151
152 /* Originally cciss driver only supports 8 major numbers */
153 #define MAX_CTLR_ORIG   8
154
155 static ctlr_info_t *hba[MAX_CTLR];
156
157 static void do_cciss_request(struct request_queue *q);
158 static irqreturn_t do_cciss_intr(int irq, void *dev_id);
159 static int cciss_open(struct block_device *bdev, fmode_t mode);
160 static int cciss_release(struct gendisk *disk, fmode_t mode);
161 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
162                        unsigned int cmd, unsigned long arg);
163 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
164
165 static int cciss_revalidate(struct gendisk *disk);
166 static int rebuild_lun_table(ctlr_info_t *h, int first_time);
167 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
168                            int clear_all);
169
170 static void cciss_read_capacity(int ctlr, int logvol, int withirq,
171                         sector_t *total_size, unsigned int *block_size);
172 static void cciss_read_capacity_16(int ctlr, int logvol, int withirq,
173                         sector_t *total_size, unsigned int *block_size);
174 static void cciss_geometry_inquiry(int ctlr, int logvol,
175                         int withirq, sector_t total_size,
176                         unsigned int block_size, InquiryData_struct *inq_buff,
177                                    drive_info_struct *drv);
178 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *,
179                                            __u32);
180 static void start_io(ctlr_info_t *h);
181 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
182                    unsigned int use_unit_num, unsigned int log_unit,
183                    __u8 page_code, unsigned char *scsi3addr, int cmd_type);
184 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
185                            unsigned int use_unit_num, unsigned int log_unit,
186                            __u8 page_code, int cmd_type);
187
188 static void fail_all_cmds(unsigned long ctlr);
189
190 #ifdef CONFIG_PROC_FS
191 static void cciss_procinit(int i);
192 #else
193 static void cciss_procinit(int i)
194 {
195 }
196 #endif                          /* CONFIG_PROC_FS */
197
198 #ifdef CONFIG_COMPAT
199 static int cciss_compat_ioctl(struct block_device *, fmode_t,
200                               unsigned, unsigned long);
201 #endif
202
203 static struct block_device_operations cciss_fops = {
204         .owner = THIS_MODULE,
205         .open = cciss_open,
206         .release = cciss_release,
207         .locked_ioctl = cciss_ioctl,
208         .getgeo = cciss_getgeo,
209 #ifdef CONFIG_COMPAT
210         .compat_ioctl = cciss_compat_ioctl,
211 #endif
212         .revalidate_disk = cciss_revalidate,
213 };
214
215 /*
216  * Enqueuing and dequeuing functions for cmdlists.
217  */
218 static inline void addQ(CommandList_struct **Qptr, CommandList_struct *c)
219 {
220         if (*Qptr == NULL) {
221                 *Qptr = c;
222                 c->next = c->prev = c;
223         } else {
224                 c->prev = (*Qptr)->prev;
225                 c->next = (*Qptr);
226                 (*Qptr)->prev->next = c;
227                 (*Qptr)->prev = c;
228         }
229 }
230
231 static inline CommandList_struct *removeQ(CommandList_struct **Qptr,
232                                           CommandList_struct *c)
233 {
234         if (c && c->next != c) {
235                 if (*Qptr == c)
236                         *Qptr = c->next;
237                 c->prev->next = c->next;
238                 c->next->prev = c->prev;
239         } else {
240                 *Qptr = NULL;
241         }
242         return c;
243 }
244
245 #include "cciss_scsi.c"         /* For SCSI tape support */
246
247 #define RAID_UNKNOWN 6
248
249 #ifdef CONFIG_PROC_FS
250
251 /*
252  * Report information about this controller.
253  */
254 #define ENG_GIG 1000000000
255 #define ENG_GIG_FACTOR (ENG_GIG/512)
256 #define ENGAGE_SCSI     "engage scsi"
257 static const char *raid_label[] = { "0", "4", "1(1+0)", "5", "5+1", "ADG",
258         "UNKNOWN"
259 };
260
261 static struct proc_dir_entry *proc_cciss;
262
263 static void cciss_seq_show_header(struct seq_file *seq)
264 {
265         ctlr_info_t *h = seq->private;
266
267         seq_printf(seq, "%s: HP %s Controller\n"
268                 "Board ID: 0x%08lx\n"
269                 "Firmware Version: %c%c%c%c\n"
270                 "IRQ: %d\n"
271                 "Logical drives: %d\n"
272                 "Current Q depth: %d\n"
273                 "Current # commands on controller: %d\n"
274                 "Max Q depth since init: %d\n"
275                 "Max # commands on controller since init: %d\n"
276                 "Max SG entries since init: %d\n",
277                 h->devname,
278                 h->product_name,
279                 (unsigned long)h->board_id,
280                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2],
281                 h->firm_ver[3], (unsigned int)h->intr[SIMPLE_MODE_INT],
282                 h->num_luns,
283                 h->Qdepth, h->commands_outstanding,
284                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
285
286 #ifdef CONFIG_CISS_SCSI_TAPE
287         cciss_seq_tape_report(seq, h->ctlr);
288 #endif /* CONFIG_CISS_SCSI_TAPE */
289 }
290
291 static void *cciss_seq_start(struct seq_file *seq, loff_t *pos)
292 {
293         ctlr_info_t *h = seq->private;
294         unsigned ctlr = h->ctlr;
295         unsigned long flags;
296
297         /* prevent displaying bogus info during configuration
298          * or deconfiguration of a logical volume
299          */
300         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
301         if (h->busy_configuring) {
302                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
303                 return ERR_PTR(-EBUSY);
304         }
305         h->busy_configuring = 1;
306         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
307
308         if (*pos == 0)
309                 cciss_seq_show_header(seq);
310
311         return pos;
312 }
313
314 static int cciss_seq_show(struct seq_file *seq, void *v)
315 {
316         sector_t vol_sz, vol_sz_frac;
317         ctlr_info_t *h = seq->private;
318         unsigned ctlr = h->ctlr;
319         loff_t *pos = v;
320         drive_info_struct *drv = &h->drv[*pos];
321
322         if (*pos > h->highest_lun)
323                 return 0;
324
325         if (drv->heads == 0)
326                 return 0;
327
328         vol_sz = drv->nr_blocks;
329         vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
330         vol_sz_frac *= 100;
331         sector_div(vol_sz_frac, ENG_GIG_FACTOR);
332
333         if (drv->raid_level > 5)
334                 drv->raid_level = RAID_UNKNOWN;
335         seq_printf(seq, "cciss/c%dd%d:"
336                         "\t%4u.%02uGB\tRAID %s\n",
337                         ctlr, (int) *pos, (int)vol_sz, (int)vol_sz_frac,
338                         raid_label[drv->raid_level]);
339         return 0;
340 }
341
342 static void *cciss_seq_next(struct seq_file *seq, void *v, loff_t *pos)
343 {
344         ctlr_info_t *h = seq->private;
345
346         if (*pos > h->highest_lun)
347                 return NULL;
348         *pos += 1;
349
350         return pos;
351 }
352
353 static void cciss_seq_stop(struct seq_file *seq, void *v)
354 {
355         ctlr_info_t *h = seq->private;
356
357         /* Only reset h->busy_configuring if we succeeded in setting
358          * it during cciss_seq_start. */
359         if (v == ERR_PTR(-EBUSY))
360                 return;
361
362         h->busy_configuring = 0;
363 }
364
365 static struct seq_operations cciss_seq_ops = {
366         .start = cciss_seq_start,
367         .show  = cciss_seq_show,
368         .next  = cciss_seq_next,
369         .stop  = cciss_seq_stop,
370 };
371
372 static int cciss_seq_open(struct inode *inode, struct file *file)
373 {
374         int ret = seq_open(file, &cciss_seq_ops);
375         struct seq_file *seq = file->private_data;
376
377         if (!ret)
378                 seq->private = PDE(inode)->data;
379
380         return ret;
381 }
382
383 static ssize_t
384 cciss_proc_write(struct file *file, const char __user *buf,
385                  size_t length, loff_t *ppos)
386 {
387         int err;
388         char *buffer;
389
390 #ifndef CONFIG_CISS_SCSI_TAPE
391         return -EINVAL;
392 #endif
393
394         if (!buf || length > PAGE_SIZE - 1)
395                 return -EINVAL;
396
397         buffer = (char *)__get_free_page(GFP_KERNEL);
398         if (!buffer)
399                 return -ENOMEM;
400
401         err = -EFAULT;
402         if (copy_from_user(buffer, buf, length))
403                 goto out;
404         buffer[length] = '\0';
405
406 #ifdef CONFIG_CISS_SCSI_TAPE
407         if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) {
408                 struct seq_file *seq = file->private_data;
409                 ctlr_info_t *h = seq->private;
410                 int rc;
411
412                 rc = cciss_engage_scsi(h->ctlr);
413                 if (rc != 0)
414                         err = -rc;
415                 else
416                         err = length;
417         } else
418 #endif /* CONFIG_CISS_SCSI_TAPE */
419                 err = -EINVAL;
420         /* might be nice to have "disengage" too, but it's not
421            safely possible. (only 1 module use count, lock issues.) */
422
423 out:
424         free_page((unsigned long)buffer);
425         return err;
426 }
427
428 static struct file_operations cciss_proc_fops = {
429         .owner   = THIS_MODULE,
430         .open    = cciss_seq_open,
431         .read    = seq_read,
432         .llseek  = seq_lseek,
433         .release = seq_release,
434         .write   = cciss_proc_write,
435 };
436
437 static void __devinit cciss_procinit(int i)
438 {
439         struct proc_dir_entry *pde;
440
441         if (proc_cciss == NULL)
442                 proc_cciss = proc_mkdir("driver/cciss", NULL);
443         if (!proc_cciss)
444                 return;
445         pde = proc_create_data(hba[i]->devname, S_IWUSR | S_IRUSR | S_IRGRP |
446                                         S_IROTH, proc_cciss,
447                                         &cciss_proc_fops, hba[i]);
448 }
449 #endif                          /* CONFIG_PROC_FS */
450
451 /*
452  * For operations that cannot sleep, a command block is allocated at init,
453  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
454  * which ones are free or in use.  For operations that can wait for kmalloc
455  * to possible sleep, this routine can be called with get_from_pool set to 0.
456  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was.
457  */
458 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool)
459 {
460         CommandList_struct *c;
461         int i;
462         u64bit temp64;
463         dma_addr_t cmd_dma_handle, err_dma_handle;
464
465         if (!get_from_pool) {
466                 c = (CommandList_struct *) pci_alloc_consistent(h->pdev,
467                         sizeof(CommandList_struct), &cmd_dma_handle);
468                 if (c == NULL)
469                         return NULL;
470                 memset(c, 0, sizeof(CommandList_struct));
471
472                 c->cmdindex = -1;
473
474                 c->err_info = (ErrorInfo_struct *)
475                     pci_alloc_consistent(h->pdev, sizeof(ErrorInfo_struct),
476                             &err_dma_handle);
477
478                 if (c->err_info == NULL) {
479                         pci_free_consistent(h->pdev,
480                                 sizeof(CommandList_struct), c, cmd_dma_handle);
481                         return NULL;
482                 }
483                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
484         } else {                /* get it out of the controllers pool */
485
486                 do {
487                         i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
488                         if (i == h->nr_cmds)
489                                 return NULL;
490                 } while (test_and_set_bit
491                          (i & (BITS_PER_LONG - 1),
492                           h->cmd_pool_bits + (i / BITS_PER_LONG)) != 0);
493 #ifdef CCISS_DEBUG
494                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
495 #endif
496                 c = h->cmd_pool + i;
497                 memset(c, 0, sizeof(CommandList_struct));
498                 cmd_dma_handle = h->cmd_pool_dhandle
499                     + i * sizeof(CommandList_struct);
500                 c->err_info = h->errinfo_pool + i;
501                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
502                 err_dma_handle = h->errinfo_pool_dhandle
503                     + i * sizeof(ErrorInfo_struct);
504                 h->nr_allocs++;
505
506                 c->cmdindex = i;
507         }
508
509         c->busaddr = (__u32) cmd_dma_handle;
510         temp64.val = (__u64) err_dma_handle;
511         c->ErrDesc.Addr.lower = temp64.val32.lower;
512         c->ErrDesc.Addr.upper = temp64.val32.upper;
513         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
514
515         c->ctlr = h->ctlr;
516         return c;
517 }
518
519 /*
520  * Frees a command block that was previously allocated with cmd_alloc().
521  */
522 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
523 {
524         int i;
525         u64bit temp64;
526
527         if (!got_from_pool) {
528                 temp64.val32.lower = c->ErrDesc.Addr.lower;
529                 temp64.val32.upper = c->ErrDesc.Addr.upper;
530                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct),
531                                     c->err_info, (dma_addr_t) temp64.val);
532                 pci_free_consistent(h->pdev, sizeof(CommandList_struct),
533                                     c, (dma_addr_t) c->busaddr);
534         } else {
535                 i = c - h->cmd_pool;
536                 clear_bit(i & (BITS_PER_LONG - 1),
537                           h->cmd_pool_bits + (i / BITS_PER_LONG));
538                 h->nr_frees++;
539         }
540 }
541
542 static inline ctlr_info_t *get_host(struct gendisk *disk)
543 {
544         return disk->queue->queuedata;
545 }
546
547 static inline drive_info_struct *get_drv(struct gendisk *disk)
548 {
549         return disk->private_data;
550 }
551
552 /*
553  * Open.  Make sure the device is really there.
554  */
555 static int cciss_open(struct block_device *bdev, fmode_t mode)
556 {
557         ctlr_info_t *host = get_host(bdev->bd_disk);
558         drive_info_struct *drv = get_drv(bdev->bd_disk);
559
560 #ifdef CCISS_DEBUG
561         printk(KERN_DEBUG "cciss_open %s\n", bdev->bd_disk->disk_name);
562 #endif                          /* CCISS_DEBUG */
563
564         if (host->busy_initializing || drv->busy_configuring)
565                 return -EBUSY;
566         /*
567          * Root is allowed to open raw volume zero even if it's not configured
568          * so array config can still work. Root is also allowed to open any
569          * volume that has a LUN ID, so it can issue IOCTL to reread the
570          * disk information.  I don't think I really like this
571          * but I'm already using way to many device nodes to claim another one
572          * for "raw controller".
573          */
574         if (drv->heads == 0) {
575                 if (MINOR(bdev->bd_dev) != 0) { /* not node 0? */
576                         /* if not node 0 make sure it is a partition = 0 */
577                         if (MINOR(bdev->bd_dev) & 0x0f) {
578                                 return -ENXIO;
579                                 /* if it is, make sure we have a LUN ID */
580                         } else if (drv->LunID == 0) {
581                                 return -ENXIO;
582                         }
583                 }
584                 if (!capable(CAP_SYS_ADMIN))
585                         return -EPERM;
586         }
587         drv->usage_count++;
588         host->usage_count++;
589         return 0;
590 }
591
592 /*
593  * Close.  Sync first.
594  */
595 static int cciss_release(struct gendisk *disk, fmode_t mode)
596 {
597         ctlr_info_t *host = get_host(disk);
598         drive_info_struct *drv = get_drv(disk);
599
600 #ifdef CCISS_DEBUG
601         printk(KERN_DEBUG "cciss_release %s\n", disk->disk_name);
602 #endif                          /* CCISS_DEBUG */
603
604         drv->usage_count--;
605         host->usage_count--;
606         return 0;
607 }
608
609 #ifdef CONFIG_COMPAT
610
611 static int do_ioctl(struct block_device *bdev, fmode_t mode,
612                     unsigned cmd, unsigned long arg)
613 {
614         int ret;
615         lock_kernel();
616         ret = cciss_ioctl(bdev, mode, cmd, arg);
617         unlock_kernel();
618         return ret;
619 }
620
621 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
622                                   unsigned cmd, unsigned long arg);
623 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
624                                       unsigned cmd, unsigned long arg);
625
626 static int cciss_compat_ioctl(struct block_device *bdev, fmode_t mode,
627                               unsigned cmd, unsigned long arg)
628 {
629         switch (cmd) {
630         case CCISS_GETPCIINFO:
631         case CCISS_GETINTINFO:
632         case CCISS_SETINTINFO:
633         case CCISS_GETNODENAME:
634         case CCISS_SETNODENAME:
635         case CCISS_GETHEARTBEAT:
636         case CCISS_GETBUSTYPES:
637         case CCISS_GETFIRMVER:
638         case CCISS_GETDRIVVER:
639         case CCISS_REVALIDVOLS:
640         case CCISS_DEREGDISK:
641         case CCISS_REGNEWDISK:
642         case CCISS_REGNEWD:
643         case CCISS_RESCANDISK:
644         case CCISS_GETLUNINFO:
645                 return do_ioctl(bdev, mode, cmd, arg);
646
647         case CCISS_PASSTHRU32:
648                 return cciss_ioctl32_passthru(bdev, mode, cmd, arg);
649         case CCISS_BIG_PASSTHRU32:
650                 return cciss_ioctl32_big_passthru(bdev, mode, cmd, arg);
651
652         default:
653                 return -ENOIOCTLCMD;
654         }
655 }
656
657 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
658                                   unsigned cmd, unsigned long arg)
659 {
660         IOCTL32_Command_struct __user *arg32 =
661             (IOCTL32_Command_struct __user *) arg;
662         IOCTL_Command_struct arg64;
663         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
664         int err;
665         u32 cp;
666
667         err = 0;
668         err |=
669             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
670                            sizeof(arg64.LUN_info));
671         err |=
672             copy_from_user(&arg64.Request, &arg32->Request,
673                            sizeof(arg64.Request));
674         err |=
675             copy_from_user(&arg64.error_info, &arg32->error_info,
676                            sizeof(arg64.error_info));
677         err |= get_user(arg64.buf_size, &arg32->buf_size);
678         err |= get_user(cp, &arg32->buf);
679         arg64.buf = compat_ptr(cp);
680         err |= copy_to_user(p, &arg64, sizeof(arg64));
681
682         if (err)
683                 return -EFAULT;
684
685         err = do_ioctl(bdev, mode, CCISS_PASSTHRU, (unsigned long)p);
686         if (err)
687                 return err;
688         err |=
689             copy_in_user(&arg32->error_info, &p->error_info,
690                          sizeof(arg32->error_info));
691         if (err)
692                 return -EFAULT;
693         return err;
694 }
695
696 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
697                                       unsigned cmd, unsigned long arg)
698 {
699         BIG_IOCTL32_Command_struct __user *arg32 =
700             (BIG_IOCTL32_Command_struct __user *) arg;
701         BIG_IOCTL_Command_struct arg64;
702         BIG_IOCTL_Command_struct __user *p =
703             compat_alloc_user_space(sizeof(arg64));
704         int err;
705         u32 cp;
706
707         err = 0;
708         err |=
709             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
710                            sizeof(arg64.LUN_info));
711         err |=
712             copy_from_user(&arg64.Request, &arg32->Request,
713                            sizeof(arg64.Request));
714         err |=
715             copy_from_user(&arg64.error_info, &arg32->error_info,
716                            sizeof(arg64.error_info));
717         err |= get_user(arg64.buf_size, &arg32->buf_size);
718         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
719         err |= get_user(cp, &arg32->buf);
720         arg64.buf = compat_ptr(cp);
721         err |= copy_to_user(p, &arg64, sizeof(arg64));
722
723         if (err)
724                 return -EFAULT;
725
726         err = do_ioctl(bdev, mode, CCISS_BIG_PASSTHRU, (unsigned long)p);
727         if (err)
728                 return err;
729         err |=
730             copy_in_user(&arg32->error_info, &p->error_info,
731                          sizeof(arg32->error_info));
732         if (err)
733                 return -EFAULT;
734         return err;
735 }
736 #endif
737
738 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
739 {
740         drive_info_struct *drv = get_drv(bdev->bd_disk);
741
742         if (!drv->cylinders)
743                 return -ENXIO;
744
745         geo->heads = drv->heads;
746         geo->sectors = drv->sectors;
747         geo->cylinders = drv->cylinders;
748         return 0;
749 }
750
751 /*
752  * ioctl
753  */
754 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
755                        unsigned int cmd, unsigned long arg)
756 {
757         struct gendisk *disk = bdev->bd_disk;
758         ctlr_info_t *host = get_host(disk);
759         drive_info_struct *drv = get_drv(disk);
760         int ctlr = host->ctlr;
761         void __user *argp = (void __user *)arg;
762
763 #ifdef CCISS_DEBUG
764         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
765 #endif                          /* CCISS_DEBUG */
766
767         switch (cmd) {
768         case CCISS_GETPCIINFO:
769                 {
770                         cciss_pci_info_struct pciinfo;
771
772                         if (!arg)
773                                 return -EINVAL;
774                         pciinfo.domain = pci_domain_nr(host->pdev->bus);
775                         pciinfo.bus = host->pdev->bus->number;
776                         pciinfo.dev_fn = host->pdev->devfn;
777                         pciinfo.board_id = host->board_id;
778                         if (copy_to_user
779                             (argp, &pciinfo, sizeof(cciss_pci_info_struct)))
780                                 return -EFAULT;
781                         return 0;
782                 }
783         case CCISS_GETINTINFO:
784                 {
785                         cciss_coalint_struct intinfo;
786                         if (!arg)
787                                 return -EINVAL;
788                         intinfo.delay =
789                             readl(&host->cfgtable->HostWrite.CoalIntDelay);
790                         intinfo.count =
791                             readl(&host->cfgtable->HostWrite.CoalIntCount);
792                         if (copy_to_user
793                             (argp, &intinfo, sizeof(cciss_coalint_struct)))
794                                 return -EFAULT;
795                         return 0;
796                 }
797         case CCISS_SETINTINFO:
798                 {
799                         cciss_coalint_struct intinfo;
800                         unsigned long flags;
801                         int i;
802
803                         if (!arg)
804                                 return -EINVAL;
805                         if (!capable(CAP_SYS_ADMIN))
806                                 return -EPERM;
807                         if (copy_from_user
808                             (&intinfo, argp, sizeof(cciss_coalint_struct)))
809                                 return -EFAULT;
810                         if ((intinfo.delay == 0) && (intinfo.count == 0))
811                         {
812 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
813                                 return -EINVAL;
814                         }
815                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
816                         /* Update the field, and then ring the doorbell */
817                         writel(intinfo.delay,
818                                &(host->cfgtable->HostWrite.CoalIntDelay));
819                         writel(intinfo.count,
820                                &(host->cfgtable->HostWrite.CoalIntCount));
821                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
822
823                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
824                                 if (!(readl(host->vaddr + SA5_DOORBELL)
825                                       & CFGTBL_ChangeReq))
826                                         break;
827                                 /* delay and try again */
828                                 udelay(1000);
829                         }
830                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
831                         if (i >= MAX_IOCTL_CONFIG_WAIT)
832                                 return -EAGAIN;
833                         return 0;
834                 }
835         case CCISS_GETNODENAME:
836                 {
837                         NodeName_type NodeName;
838                         int i;
839
840                         if (!arg)
841                                 return -EINVAL;
842                         for (i = 0; i < 16; i++)
843                                 NodeName[i] =
844                                     readb(&host->cfgtable->ServerName[i]);
845                         if (copy_to_user(argp, NodeName, sizeof(NodeName_type)))
846                                 return -EFAULT;
847                         return 0;
848                 }
849         case CCISS_SETNODENAME:
850                 {
851                         NodeName_type NodeName;
852                         unsigned long flags;
853                         int i;
854
855                         if (!arg)
856                                 return -EINVAL;
857                         if (!capable(CAP_SYS_ADMIN))
858                                 return -EPERM;
859
860                         if (copy_from_user
861                             (NodeName, argp, sizeof(NodeName_type)))
862                                 return -EFAULT;
863
864                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
865
866                         /* Update the field, and then ring the doorbell */
867                         for (i = 0; i < 16; i++)
868                                 writeb(NodeName[i],
869                                        &host->cfgtable->ServerName[i]);
870
871                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
872
873                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
874                                 if (!(readl(host->vaddr + SA5_DOORBELL)
875                                       & CFGTBL_ChangeReq))
876                                         break;
877                                 /* delay and try again */
878                                 udelay(1000);
879                         }
880                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
881                         if (i >= MAX_IOCTL_CONFIG_WAIT)
882                                 return -EAGAIN;
883                         return 0;
884                 }
885
886         case CCISS_GETHEARTBEAT:
887                 {
888                         Heartbeat_type heartbeat;
889
890                         if (!arg)
891                                 return -EINVAL;
892                         heartbeat = readl(&host->cfgtable->HeartBeat);
893                         if (copy_to_user
894                             (argp, &heartbeat, sizeof(Heartbeat_type)))
895                                 return -EFAULT;
896                         return 0;
897                 }
898         case CCISS_GETBUSTYPES:
899                 {
900                         BusTypes_type BusTypes;
901
902                         if (!arg)
903                                 return -EINVAL;
904                         BusTypes = readl(&host->cfgtable->BusTypes);
905                         if (copy_to_user
906                             (argp, &BusTypes, sizeof(BusTypes_type)))
907                                 return -EFAULT;
908                         return 0;
909                 }
910         case CCISS_GETFIRMVER:
911                 {
912                         FirmwareVer_type firmware;
913
914                         if (!arg)
915                                 return -EINVAL;
916                         memcpy(firmware, host->firm_ver, 4);
917
918                         if (copy_to_user
919                             (argp, firmware, sizeof(FirmwareVer_type)))
920                                 return -EFAULT;
921                         return 0;
922                 }
923         case CCISS_GETDRIVVER:
924                 {
925                         DriverVer_type DriverVer = DRIVER_VERSION;
926
927                         if (!arg)
928                                 return -EINVAL;
929
930                         if (copy_to_user
931                             (argp, &DriverVer, sizeof(DriverVer_type)))
932                                 return -EFAULT;
933                         return 0;
934                 }
935
936         case CCISS_DEREGDISK:
937         case CCISS_REGNEWD:
938         case CCISS_REVALIDVOLS:
939                 return rebuild_lun_table(host, 0);
940
941         case CCISS_GETLUNINFO:{
942                         LogvolInfo_struct luninfo;
943
944                         luninfo.LunID = drv->LunID;
945                         luninfo.num_opens = drv->usage_count;
946                         luninfo.num_parts = 0;
947                         if (copy_to_user(argp, &luninfo,
948                                          sizeof(LogvolInfo_struct)))
949                                 return -EFAULT;
950                         return 0;
951                 }
952         case CCISS_PASSTHRU:
953                 {
954                         IOCTL_Command_struct iocommand;
955                         CommandList_struct *c;
956                         char *buff = NULL;
957                         u64bit temp64;
958                         unsigned long flags;
959                         DECLARE_COMPLETION_ONSTACK(wait);
960
961                         if (!arg)
962                                 return -EINVAL;
963
964                         if (!capable(CAP_SYS_RAWIO))
965                                 return -EPERM;
966
967                         if (copy_from_user
968                             (&iocommand, argp, sizeof(IOCTL_Command_struct)))
969                                 return -EFAULT;
970                         if ((iocommand.buf_size < 1) &&
971                             (iocommand.Request.Type.Direction != XFER_NONE)) {
972                                 return -EINVAL;
973                         }
974 #if 0                           /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
975                         /* Check kmalloc limits */
976                         if (iocommand.buf_size > 128000)
977                                 return -EINVAL;
978 #endif
979                         if (iocommand.buf_size > 0) {
980                                 buff = kmalloc(iocommand.buf_size, GFP_KERNEL);
981                                 if (buff == NULL)
982                                         return -EFAULT;
983                         }
984                         if (iocommand.Request.Type.Direction == XFER_WRITE) {
985                                 /* Copy the data into the buffer we created */
986                                 if (copy_from_user
987                                     (buff, iocommand.buf, iocommand.buf_size)) {
988                                         kfree(buff);
989                                         return -EFAULT;
990                                 }
991                         } else {
992                                 memset(buff, 0, iocommand.buf_size);
993                         }
994                         if ((c = cmd_alloc(host, 0)) == NULL) {
995                                 kfree(buff);
996                                 return -ENOMEM;
997                         }
998                         // Fill in the command type
999                         c->cmd_type = CMD_IOCTL_PEND;
1000                         // Fill in Command Header
1001                         c->Header.ReplyQueue = 0;       // unused in simple mode
1002                         if (iocommand.buf_size > 0)     // buffer to fill
1003                         {
1004                                 c->Header.SGList = 1;
1005                                 c->Header.SGTotal = 1;
1006                         } else  // no buffers to fill
1007                         {
1008                                 c->Header.SGList = 0;
1009                                 c->Header.SGTotal = 0;
1010                         }
1011                         c->Header.LUN = iocommand.LUN_info;
1012                         c->Header.Tag.lower = c->busaddr;       // use the kernel address the cmd block for tag
1013
1014                         // Fill in Request block
1015                         c->Request = iocommand.Request;
1016
1017                         // Fill in the scatter gather information
1018                         if (iocommand.buf_size > 0) {
1019                                 temp64.val = pci_map_single(host->pdev, buff,
1020                                         iocommand.buf_size,
1021                                         PCI_DMA_BIDIRECTIONAL);
1022                                 c->SG[0].Addr.lower = temp64.val32.lower;
1023                                 c->SG[0].Addr.upper = temp64.val32.upper;
1024                                 c->SG[0].Len = iocommand.buf_size;
1025                                 c->SG[0].Ext = 0;       // we are not chaining
1026                         }
1027                         c->waiting = &wait;
1028
1029                         /* Put the request on the tail of the request queue */
1030                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1031                         addQ(&host->reqQ, c);
1032                         host->Qdepth++;
1033                         start_io(host);
1034                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1035
1036                         wait_for_completion(&wait);
1037
1038                         /* unlock the buffers from DMA */
1039                         temp64.val32.lower = c->SG[0].Addr.lower;
1040                         temp64.val32.upper = c->SG[0].Addr.upper;
1041                         pci_unmap_single(host->pdev, (dma_addr_t) temp64.val,
1042                                          iocommand.buf_size,
1043                                          PCI_DMA_BIDIRECTIONAL);
1044
1045                         /* Copy the error information out */
1046                         iocommand.error_info = *(c->err_info);
1047                         if (copy_to_user
1048                             (argp, &iocommand, sizeof(IOCTL_Command_struct))) {
1049                                 kfree(buff);
1050                                 cmd_free(host, c, 0);
1051                                 return -EFAULT;
1052                         }
1053
1054                         if (iocommand.Request.Type.Direction == XFER_READ) {
1055                                 /* Copy the data out of the buffer we created */
1056                                 if (copy_to_user
1057                                     (iocommand.buf, buff, iocommand.buf_size)) {
1058                                         kfree(buff);
1059                                         cmd_free(host, c, 0);
1060                                         return -EFAULT;
1061                                 }
1062                         }
1063                         kfree(buff);
1064                         cmd_free(host, c, 0);
1065                         return 0;
1066                 }
1067         case CCISS_BIG_PASSTHRU:{
1068                         BIG_IOCTL_Command_struct *ioc;
1069                         CommandList_struct *c;
1070                         unsigned char **buff = NULL;
1071                         int *buff_size = NULL;
1072                         u64bit temp64;
1073                         unsigned long flags;
1074                         BYTE sg_used = 0;
1075                         int status = 0;
1076                         int i;
1077                         DECLARE_COMPLETION_ONSTACK(wait);
1078                         __u32 left;
1079                         __u32 sz;
1080                         BYTE __user *data_ptr;
1081
1082                         if (!arg)
1083                                 return -EINVAL;
1084                         if (!capable(CAP_SYS_RAWIO))
1085                                 return -EPERM;
1086                         ioc = (BIG_IOCTL_Command_struct *)
1087                             kmalloc(sizeof(*ioc), GFP_KERNEL);
1088                         if (!ioc) {
1089                                 status = -ENOMEM;
1090                                 goto cleanup1;
1091                         }
1092                         if (copy_from_user(ioc, argp, sizeof(*ioc))) {
1093                                 status = -EFAULT;
1094                                 goto cleanup1;
1095                         }
1096                         if ((ioc->buf_size < 1) &&
1097                             (ioc->Request.Type.Direction != XFER_NONE)) {
1098                                 status = -EINVAL;
1099                                 goto cleanup1;
1100                         }
1101                         /* Check kmalloc limits  using all SGs */
1102                         if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
1103                                 status = -EINVAL;
1104                                 goto cleanup1;
1105                         }
1106                         if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
1107                                 status = -EINVAL;
1108                                 goto cleanup1;
1109                         }
1110                         buff =
1111                             kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
1112                         if (!buff) {
1113                                 status = -ENOMEM;
1114                                 goto cleanup1;
1115                         }
1116                         buff_size = kmalloc(MAXSGENTRIES * sizeof(int),
1117                                                    GFP_KERNEL);
1118                         if (!buff_size) {
1119                                 status = -ENOMEM;
1120                                 goto cleanup1;
1121                         }
1122                         left = ioc->buf_size;
1123                         data_ptr = ioc->buf;
1124                         while (left) {
1125                                 sz = (left >
1126                                       ioc->malloc_size) ? ioc->
1127                                     malloc_size : left;
1128                                 buff_size[sg_used] = sz;
1129                                 buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1130                                 if (buff[sg_used] == NULL) {
1131                                         status = -ENOMEM;
1132                                         goto cleanup1;
1133                                 }
1134                                 if (ioc->Request.Type.Direction == XFER_WRITE) {
1135                                         if (copy_from_user
1136                                             (buff[sg_used], data_ptr, sz)) {
1137                                                 status = -EFAULT;
1138                                                 goto cleanup1;
1139                                         }
1140                                 } else {
1141                                         memset(buff[sg_used], 0, sz);
1142                                 }
1143                                 left -= sz;
1144                                 data_ptr += sz;
1145                                 sg_used++;
1146                         }
1147                         if ((c = cmd_alloc(host, 0)) == NULL) {
1148                                 status = -ENOMEM;
1149                                 goto cleanup1;
1150                         }
1151                         c->cmd_type = CMD_IOCTL_PEND;
1152                         c->Header.ReplyQueue = 0;
1153
1154                         if (ioc->buf_size > 0) {
1155                                 c->Header.SGList = sg_used;
1156                                 c->Header.SGTotal = sg_used;
1157                         } else {
1158                                 c->Header.SGList = 0;
1159                                 c->Header.SGTotal = 0;
1160                         }
1161                         c->Header.LUN = ioc->LUN_info;
1162                         c->Header.Tag.lower = c->busaddr;
1163
1164                         c->Request = ioc->Request;
1165                         if (ioc->buf_size > 0) {
1166                                 int i;
1167                                 for (i = 0; i < sg_used; i++) {
1168                                         temp64.val =
1169                                             pci_map_single(host->pdev, buff[i],
1170                                                     buff_size[i],
1171                                                     PCI_DMA_BIDIRECTIONAL);
1172                                         c->SG[i].Addr.lower =
1173                                             temp64.val32.lower;
1174                                         c->SG[i].Addr.upper =
1175                                             temp64.val32.upper;
1176                                         c->SG[i].Len = buff_size[i];
1177                                         c->SG[i].Ext = 0;       /* we are not chaining */
1178                                 }
1179                         }
1180                         c->waiting = &wait;
1181                         /* Put the request on the tail of the request queue */
1182                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1183                         addQ(&host->reqQ, c);
1184                         host->Qdepth++;
1185                         start_io(host);
1186                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1187                         wait_for_completion(&wait);
1188                         /* unlock the buffers from DMA */
1189                         for (i = 0; i < sg_used; i++) {
1190                                 temp64.val32.lower = c->SG[i].Addr.lower;
1191                                 temp64.val32.upper = c->SG[i].Addr.upper;
1192                                 pci_unmap_single(host->pdev,
1193                                         (dma_addr_t) temp64.val, buff_size[i],
1194                                         PCI_DMA_BIDIRECTIONAL);
1195                         }
1196                         /* Copy the error information out */
1197                         ioc->error_info = *(c->err_info);
1198                         if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1199                                 cmd_free(host, c, 0);
1200                                 status = -EFAULT;
1201                                 goto cleanup1;
1202                         }
1203                         if (ioc->Request.Type.Direction == XFER_READ) {
1204                                 /* Copy the data out of the buffer we created */
1205                                 BYTE __user *ptr = ioc->buf;
1206                                 for (i = 0; i < sg_used; i++) {
1207                                         if (copy_to_user
1208                                             (ptr, buff[i], buff_size[i])) {
1209                                                 cmd_free(host, c, 0);
1210                                                 status = -EFAULT;
1211                                                 goto cleanup1;
1212                                         }
1213                                         ptr += buff_size[i];
1214                                 }
1215                         }
1216                         cmd_free(host, c, 0);
1217                         status = 0;
1218                       cleanup1:
1219                         if (buff) {
1220                                 for (i = 0; i < sg_used; i++)
1221                                         kfree(buff[i]);
1222                                 kfree(buff);
1223                         }
1224                         kfree(buff_size);
1225                         kfree(ioc);
1226                         return status;
1227                 }
1228
1229         /* scsi_cmd_ioctl handles these, below, though some are not */
1230         /* very meaningful for cciss.  SG_IO is the main one people want. */
1231
1232         case SG_GET_VERSION_NUM:
1233         case SG_SET_TIMEOUT:
1234         case SG_GET_TIMEOUT:
1235         case SG_GET_RESERVED_SIZE:
1236         case SG_SET_RESERVED_SIZE:
1237         case SG_EMULATED_HOST:
1238         case SG_IO:
1239         case SCSI_IOCTL_SEND_COMMAND:
1240                 return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp);
1241
1242         /* scsi_cmd_ioctl would normally handle these, below, but */
1243         /* they aren't a good fit for cciss, as CD-ROMs are */
1244         /* not supported, and we don't have any bus/target/lun */
1245         /* which we present to the kernel. */
1246
1247         case CDROM_SEND_PACKET:
1248         case CDROMCLOSETRAY:
1249         case CDROMEJECT:
1250         case SCSI_IOCTL_GET_IDLUN:
1251         case SCSI_IOCTL_GET_BUS_NUMBER:
1252         default:
1253                 return -ENOTTY;
1254         }
1255 }
1256
1257 static void cciss_check_queues(ctlr_info_t *h)
1258 {
1259         int start_queue = h->next_to_run;
1260         int i;
1261
1262         /* check to see if we have maxed out the number of commands that can
1263          * be placed on the queue.  If so then exit.  We do this check here
1264          * in case the interrupt we serviced was from an ioctl and did not
1265          * free any new commands.
1266          */
1267         if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds)
1268                 return;
1269
1270         /* We have room on the queue for more commands.  Now we need to queue
1271          * them up.  We will also keep track of the next queue to run so
1272          * that every queue gets a chance to be started first.
1273          */
1274         for (i = 0; i < h->highest_lun + 1; i++) {
1275                 int curr_queue = (start_queue + i) % (h->highest_lun + 1);
1276                 /* make sure the disk has been added and the drive is real
1277                  * because this can be called from the middle of init_one.
1278                  */
1279                 if (!(h->drv[curr_queue].queue) || !(h->drv[curr_queue].heads))
1280                         continue;
1281                 blk_start_queue(h->gendisk[curr_queue]->queue);
1282
1283                 /* check to see if we have maxed out the number of commands
1284                  * that can be placed on the queue.
1285                  */
1286                 if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds) {
1287                         if (curr_queue == start_queue) {
1288                                 h->next_to_run =
1289                                     (start_queue + 1) % (h->highest_lun + 1);
1290                                 break;
1291                         } else {
1292                                 h->next_to_run = curr_queue;
1293                                 break;
1294                         }
1295                 }
1296         }
1297 }
1298
1299 static void cciss_softirq_done(struct request *rq)
1300 {
1301         CommandList_struct *cmd = rq->completion_data;
1302         ctlr_info_t *h = hba[cmd->ctlr];
1303         unsigned long flags;
1304         u64bit temp64;
1305         int i, ddir;
1306
1307         if (cmd->Request.Type.Direction == XFER_READ)
1308                 ddir = PCI_DMA_FROMDEVICE;
1309         else
1310                 ddir = PCI_DMA_TODEVICE;
1311
1312         /* command did not need to be retried */
1313         /* unmap the DMA mapping for all the scatter gather elements */
1314         for (i = 0; i < cmd->Header.SGList; i++) {
1315                 temp64.val32.lower = cmd->SG[i].Addr.lower;
1316                 temp64.val32.upper = cmd->SG[i].Addr.upper;
1317                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
1318         }
1319
1320 #ifdef CCISS_DEBUG
1321         printk("Done with %p\n", rq);
1322 #endif                          /* CCISS_DEBUG */
1323
1324         if (blk_end_request(rq, (rq->errors == 0) ? 0 : -EIO, blk_rq_bytes(rq)))
1325                 BUG();
1326
1327         spin_lock_irqsave(&h->lock, flags);
1328         cmd_free(h, cmd, 1);
1329         cciss_check_queues(h);
1330         spin_unlock_irqrestore(&h->lock, flags);
1331 }
1332
1333 /* This function gets the serial number of a logical drive via
1334  * inquiry page 0x83.  Serial no. is 16 bytes.  If the serial
1335  * number cannot be had, for whatever reason, 16 bytes of 0xff
1336  * are returned instead.
1337  */
1338 static void cciss_get_serial_no(int ctlr, int logvol, int withirq,
1339                                 unsigned char *serial_no, int buflen)
1340 {
1341 #define PAGE_83_INQ_BYTES 64
1342         int rc;
1343         unsigned char *buf;
1344
1345         if (buflen > 16)
1346                 buflen = 16;
1347         memset(serial_no, 0xff, buflen);
1348         buf = kzalloc(PAGE_83_INQ_BYTES, GFP_KERNEL);
1349         if (!buf)
1350                 return;
1351         memset(serial_no, 0, buflen);
1352         if (withirq)
1353                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, buf,
1354                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, TYPE_CMD);
1355         else
1356                 rc = sendcmd(CISS_INQUIRY, ctlr, buf,
1357                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, NULL, TYPE_CMD);
1358         if (rc == IO_OK)
1359                 memcpy(serial_no, &buf[8], buflen);
1360         kfree(buf);
1361         return;
1362 }
1363
1364 static void cciss_add_disk(ctlr_info_t *h, struct gendisk *disk,
1365                                 int drv_index)
1366 {
1367         disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1368         sprintf(disk->disk_name, "cciss/c%dd%d", h->ctlr, drv_index);
1369         disk->major = h->major;
1370         disk->first_minor = drv_index << NWD_SHIFT;
1371         disk->fops = &cciss_fops;
1372         disk->private_data = &h->drv[drv_index];
1373         disk->driverfs_dev = &h->pdev->dev;
1374
1375         /* Set up queue information */
1376         blk_queue_bounce_limit(disk->queue, h->pdev->dma_mask);
1377
1378         /* This is a hardware imposed limit. */
1379         blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1380
1381         /* This is a limit in the driver and could be eliminated. */
1382         blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1383
1384         blk_queue_max_sectors(disk->queue, h->cciss_max_sectors);
1385
1386         blk_queue_softirq_done(disk->queue, cciss_softirq_done);
1387
1388         disk->queue->queuedata = h;
1389
1390         blk_queue_hardsect_size(disk->queue,
1391                                 h->drv[drv_index].block_size);
1392
1393         /* Make sure all queue data is written out before */
1394         /* setting h->drv[drv_index].queue, as setting this */
1395         /* allows the interrupt handler to start the queue */
1396         wmb();
1397         h->drv[drv_index].queue = disk->queue;
1398         add_disk(disk);
1399 }
1400
1401 /* This function will check the usage_count of the drive to be updated/added.
1402  * If the usage_count is zero and it is a heretofore unknown drive, or,
1403  * the drive's capacity, geometry, or serial number has changed,
1404  * then the drive information will be updated and the disk will be
1405  * re-registered with the kernel.  If these conditions don't hold,
1406  * then it will be left alone for the next reboot.  The exception to this
1407  * is disk 0 which will always be left registered with the kernel since it
1408  * is also the controller node.  Any changes to disk 0 will show up on
1409  * the next reboot.
1410  */
1411 static void cciss_update_drive_info(int ctlr, int drv_index, int first_time)
1412 {
1413         ctlr_info_t *h = hba[ctlr];
1414         struct gendisk *disk;
1415         InquiryData_struct *inq_buff = NULL;
1416         unsigned int block_size;
1417         sector_t total_size;
1418         unsigned long flags = 0;
1419         int ret = 0;
1420         drive_info_struct *drvinfo;
1421         int was_only_controller_node;
1422
1423         /* Get information about the disk and modify the driver structure */
1424         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1425         drvinfo = kmalloc(sizeof(*drvinfo), GFP_KERNEL);
1426         if (inq_buff == NULL || drvinfo == NULL)
1427                 goto mem_msg;
1428
1429         /* See if we're trying to update the "controller node"
1430          * this will happen the when the first logical drive gets
1431          * created by ACU.
1432          */
1433         was_only_controller_node = (drv_index == 0 &&
1434                                 h->drv[0].raid_level == -1);
1435
1436         /* testing to see if 16-byte CDBs are already being used */
1437         if (h->cciss_read == CCISS_READ_16) {
1438                 cciss_read_capacity_16(h->ctlr, drv_index, 1,
1439                         &total_size, &block_size);
1440
1441         } else {
1442                 cciss_read_capacity(ctlr, drv_index, 1,
1443                                     &total_size, &block_size);
1444
1445                 /* if read_capacity returns all F's this volume is >2TB */
1446                 /* in size so we switch to 16-byte CDB's for all */
1447                 /* read/write ops */
1448                 if (total_size == 0xFFFFFFFFULL) {
1449                         cciss_read_capacity_16(ctlr, drv_index, 1,
1450                         &total_size, &block_size);
1451                         h->cciss_read = CCISS_READ_16;
1452                         h->cciss_write = CCISS_WRITE_16;
1453                 } else {
1454                         h->cciss_read = CCISS_READ_10;
1455                         h->cciss_write = CCISS_WRITE_10;
1456                 }
1457         }
1458
1459         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1460                                inq_buff, drvinfo);
1461         drvinfo->block_size = block_size;
1462         drvinfo->nr_blocks = total_size + 1;
1463
1464         cciss_get_serial_no(ctlr, drv_index, 1, drvinfo->serial_no,
1465                         sizeof(drvinfo->serial_no));
1466
1467         /* Is it the same disk we already know, and nothing's changed? */
1468         if (h->drv[drv_index].raid_level != -1 &&
1469                 ((memcmp(drvinfo->serial_no,
1470                                 h->drv[drv_index].serial_no, 16) == 0) &&
1471                 drvinfo->block_size == h->drv[drv_index].block_size &&
1472                 drvinfo->nr_blocks == h->drv[drv_index].nr_blocks &&
1473                 drvinfo->heads == h->drv[drv_index].heads &&
1474                 drvinfo->sectors == h->drv[drv_index].sectors &&
1475                 drvinfo->cylinders == h->drv[drv_index].cylinders))
1476                         /* The disk is unchanged, nothing to update */
1477                         goto freeret;
1478
1479         /* If we get here it's not the same disk, or something's changed,
1480          * so we need to * deregister it, and re-register it, if it's not
1481          * in use.
1482          * If the disk already exists then deregister it before proceeding
1483          * (unless it's the first disk (for the controller node).
1484          */
1485         if (h->drv[drv_index].raid_level != -1 && drv_index != 0) {
1486                 printk(KERN_WARNING "disk %d has changed.\n", drv_index);
1487                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1488                 h->drv[drv_index].busy_configuring = 1;
1489                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1490
1491                 /* deregister_disk sets h->drv[drv_index].queue = NULL
1492                  * which keeps the interrupt handler from starting
1493                  * the queue.
1494                  */
1495                 ret = deregister_disk(h->gendisk[drv_index],
1496                                       &h->drv[drv_index], 0);
1497                 h->drv[drv_index].busy_configuring = 0;
1498         }
1499
1500         /* If the disk is in use return */
1501         if (ret)
1502                 goto freeret;
1503
1504         /* Save the new information from cciss_geometry_inquiry
1505          * and serial number inquiry.
1506          */
1507         h->drv[drv_index].block_size = drvinfo->block_size;
1508         h->drv[drv_index].nr_blocks = drvinfo->nr_blocks;
1509         h->drv[drv_index].heads = drvinfo->heads;
1510         h->drv[drv_index].sectors = drvinfo->sectors;
1511         h->drv[drv_index].cylinders = drvinfo->cylinders;
1512         h->drv[drv_index].raid_level = drvinfo->raid_level;
1513         memcpy(h->drv[drv_index].serial_no, drvinfo->serial_no, 16);
1514
1515         ++h->num_luns;
1516         disk = h->gendisk[drv_index];
1517         set_capacity(disk, h->drv[drv_index].nr_blocks);
1518
1519         /* If it's not disk 0 (drv_index != 0)
1520          * or if it was disk 0, but there was previously
1521          * no actual corresponding configured logical drive
1522          * (raid_leve == -1) then we want to update the
1523          * logical drive's information.
1524          */
1525         if (drv_index || first_time)
1526                 cciss_add_disk(h, disk, drv_index);
1527
1528 freeret:
1529         kfree(inq_buff);
1530         kfree(drvinfo);
1531         return;
1532 mem_msg:
1533         printk(KERN_ERR "cciss: out of memory\n");
1534         goto freeret;
1535 }
1536
1537 /* This function will find the first index of the controllers drive array
1538  * that has a -1 for the raid_level and will return that index.  This is
1539  * where new drives will be added.  If the index to be returned is greater
1540  * than the highest_lun index for the controller then highest_lun is set
1541  * to this new index.  If there are no available indexes then -1 is returned.
1542  * "controller_node" is used to know if this is a real logical drive, or just
1543  * the controller node, which determines if this counts towards highest_lun.
1544  */
1545 static int cciss_find_free_drive_index(int ctlr, int controller_node)
1546 {
1547         int i;
1548
1549         for (i = 0; i < CISS_MAX_LUN; i++) {
1550                 if (hba[ctlr]->drv[i].raid_level == -1) {
1551                         if (i > hba[ctlr]->highest_lun)
1552                                 if (!controller_node)
1553                                         hba[ctlr]->highest_lun = i;
1554                         return i;
1555                 }
1556         }
1557         return -1;
1558 }
1559
1560 /* cciss_add_gendisk finds a free hba[]->drv structure
1561  * and allocates a gendisk if needed, and sets the lunid
1562  * in the drvinfo structure.   It returns the index into
1563  * the ->drv[] array, or -1 if none are free.
1564  * is_controller_node indicates whether highest_lun should
1565  * count this disk, or if it's only being added to provide
1566  * a means to talk to the controller in case no logical
1567  * drives have yet been configured.
1568  */
1569 static int cciss_add_gendisk(ctlr_info_t *h, __u32 lunid, int controller_node)
1570 {
1571         int drv_index;
1572
1573         drv_index = cciss_find_free_drive_index(h->ctlr, controller_node);
1574         if (drv_index == -1)
1575                 return -1;
1576         /*Check if the gendisk needs to be allocated */
1577         if (!h->gendisk[drv_index]) {
1578                 h->gendisk[drv_index] =
1579                         alloc_disk(1 << NWD_SHIFT);
1580                 if (!h->gendisk[drv_index]) {
1581                         printk(KERN_ERR "cciss%d: could not "
1582                                 "allocate a new disk %d\n",
1583                                 h->ctlr, drv_index);
1584                         return -1;
1585                 }
1586         }
1587         h->drv[drv_index].LunID = lunid;
1588
1589         /* Don't need to mark this busy because nobody */
1590         /* else knows about this disk yet to contend */
1591         /* for access to it. */
1592         h->drv[drv_index].busy_configuring = 0;
1593         wmb();
1594         return drv_index;
1595 }
1596
1597 /* This is for the special case of a controller which
1598  * has no logical drives.  In this case, we still need
1599  * to register a disk so the controller can be accessed
1600  * by the Array Config Utility.
1601  */
1602 static void cciss_add_controller_node(ctlr_info_t *h)
1603 {
1604         struct gendisk *disk;
1605         int drv_index;
1606
1607         if (h->gendisk[0] != NULL) /* already did this? Then bail. */
1608                 return;
1609
1610         drv_index = cciss_add_gendisk(h, 0, 1);
1611         if (drv_index == -1) {
1612                 printk(KERN_WARNING "cciss%d: could not "
1613                         "add disk 0.\n", h->ctlr);
1614                 return;
1615         }
1616         h->drv[drv_index].block_size = 512;
1617         h->drv[drv_index].nr_blocks = 0;
1618         h->drv[drv_index].heads = 0;
1619         h->drv[drv_index].sectors = 0;
1620         h->drv[drv_index].cylinders = 0;
1621         h->drv[drv_index].raid_level = -1;
1622         memset(h->drv[drv_index].serial_no, 0, 16);
1623         disk = h->gendisk[drv_index];
1624         cciss_add_disk(h, disk, drv_index);
1625 }
1626
1627 /* This function will add and remove logical drives from the Logical
1628  * drive array of the controller and maintain persistency of ordering
1629  * so that mount points are preserved until the next reboot.  This allows
1630  * for the removal of logical drives in the middle of the drive array
1631  * without a re-ordering of those drives.
1632  * INPUT
1633  * h            = The controller to perform the operations on
1634  */
1635 static int rebuild_lun_table(ctlr_info_t *h, int first_time)
1636 {
1637         int ctlr = h->ctlr;
1638         int num_luns;
1639         ReportLunData_struct *ld_buff = NULL;
1640         int return_code;
1641         int listlength = 0;
1642         int i;
1643         int drv_found;
1644         int drv_index = 0;
1645         __u32 lunid = 0;
1646         unsigned long flags;
1647
1648         if (!capable(CAP_SYS_RAWIO))
1649                 return -EPERM;
1650
1651         /* Set busy_configuring flag for this operation */
1652         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1653         if (h->busy_configuring) {
1654                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1655                 return -EBUSY;
1656         }
1657         h->busy_configuring = 1;
1658         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1659
1660         ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
1661         if (ld_buff == NULL)
1662                 goto mem_msg;
1663
1664         return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
1665                                       sizeof(ReportLunData_struct), 0,
1666                                       0, 0, TYPE_CMD);
1667
1668         if (return_code == IO_OK)
1669                 listlength = be32_to_cpu(*(__be32 *) ld_buff->LUNListLength);
1670         else {  /* reading number of logical volumes failed */
1671                 printk(KERN_WARNING "cciss: report logical volume"
1672                        " command failed\n");
1673                 listlength = 0;
1674                 goto freeret;
1675         }
1676
1677         num_luns = listlength / 8;      /* 8 bytes per entry */
1678         if (num_luns > CISS_MAX_LUN) {
1679                 num_luns = CISS_MAX_LUN;
1680                 printk(KERN_WARNING "cciss: more luns configured"
1681                        " on controller than can be handled by"
1682                        " this driver.\n");
1683         }
1684
1685         if (num_luns == 0)
1686                 cciss_add_controller_node(h);
1687
1688         /* Compare controller drive array to driver's drive array
1689          * to see if any drives are missing on the controller due
1690          * to action of Array Config Utility (user deletes drive)
1691          * and deregister logical drives which have disappeared.
1692          */
1693         for (i = 0; i <= h->highest_lun; i++) {
1694                 int j;
1695                 drv_found = 0;
1696                 for (j = 0; j < num_luns; j++) {
1697                         memcpy(&lunid, &ld_buff->LUN[j][0], 4);
1698                         lunid = le32_to_cpu(lunid);
1699                         if (h->drv[i].LunID == lunid) {
1700                                 drv_found = 1;
1701                                 break;
1702                         }
1703                 }
1704                 if (!drv_found) {
1705                         /* Deregister it from the OS, it's gone. */
1706                         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1707                         h->drv[i].busy_configuring = 1;
1708                         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1709                         return_code = deregister_disk(h->gendisk[i],
1710                                 &h->drv[i], 1);
1711                         h->drv[i].busy_configuring = 0;
1712                 }
1713         }
1714
1715         /* Compare controller drive array to driver's drive array.
1716          * Check for updates in the drive information and any new drives
1717          * on the controller due to ACU adding logical drives, or changing
1718          * a logical drive's size, etc.  Reregister any new/changed drives
1719          */
1720         for (i = 0; i < num_luns; i++) {
1721                 int j;
1722
1723                 drv_found = 0;
1724
1725                 memcpy(&lunid, &ld_buff->LUN[i][0], 4);
1726                 lunid = le32_to_cpu(lunid);
1727
1728                 /* Find if the LUN is already in the drive array
1729                  * of the driver.  If so then update its info
1730                  * if not in use.  If it does not exist then find
1731                  * the first free index and add it.
1732                  */
1733                 for (j = 0; j <= h->highest_lun; j++) {
1734                         if (h->drv[j].raid_level != -1 &&
1735                                 h->drv[j].LunID == lunid) {
1736                                 drv_index = j;
1737                                 drv_found = 1;
1738                                 break;
1739                         }
1740                 }
1741
1742                 /* check if the drive was found already in the array */
1743                 if (!drv_found) {
1744                         drv_index = cciss_add_gendisk(h, lunid, 0);
1745                         if (drv_index == -1)
1746                                 goto freeret;
1747                 }
1748                 cciss_update_drive_info(ctlr, drv_index, first_time);
1749         }               /* end for */
1750
1751 freeret:
1752         kfree(ld_buff);
1753         h->busy_configuring = 0;
1754         /* We return -1 here to tell the ACU that we have registered/updated
1755          * all of the drives that we can and to keep it from calling us
1756          * additional times.
1757          */
1758         return -1;
1759 mem_msg:
1760         printk(KERN_ERR "cciss: out of memory\n");
1761         h->busy_configuring = 0;
1762         goto freeret;
1763 }
1764
1765 /* This function will deregister the disk and it's queue from the
1766  * kernel.  It must be called with the controller lock held and the
1767  * drv structures busy_configuring flag set.  It's parameters are:
1768  *
1769  * disk = This is the disk to be deregistered
1770  * drv  = This is the drive_info_struct associated with the disk to be
1771  *        deregistered.  It contains information about the disk used
1772  *        by the driver.
1773  * clear_all = This flag determines whether or not the disk information
1774  *             is going to be completely cleared out and the highest_lun
1775  *             reset.  Sometimes we want to clear out information about
1776  *             the disk in preparation for re-adding it.  In this case
1777  *             the highest_lun should be left unchanged and the LunID
1778  *             should not be cleared.
1779 */
1780 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
1781                            int clear_all)
1782 {
1783         int i;
1784         ctlr_info_t *h = get_host(disk);
1785
1786         if (!capable(CAP_SYS_RAWIO))
1787                 return -EPERM;
1788
1789         /* make sure logical volume is NOT is use */
1790         if (clear_all || (h->gendisk[0] == disk)) {
1791                 if (drv->usage_count > 1)
1792                         return -EBUSY;
1793         } else if (drv->usage_count > 0)
1794                 return -EBUSY;
1795
1796         /* invalidate the devices and deregister the disk.  If it is disk
1797          * zero do not deregister it but just zero out it's values.  This
1798          * allows us to delete disk zero but keep the controller registered.
1799          */
1800         if (h->gendisk[0] != disk) {
1801                 struct request_queue *q = disk->queue;
1802                 if (disk->flags & GENHD_FL_UP)
1803                         del_gendisk(disk);
1804                 if (q) {
1805                         blk_cleanup_queue(q);
1806                         /* Set drv->queue to NULL so that we do not try
1807                          * to call blk_start_queue on this queue in the
1808                          * interrupt handler
1809                          */
1810                         drv->queue = NULL;
1811                 }
1812                 /* If clear_all is set then we are deleting the logical
1813                  * drive, not just refreshing its info.  For drives
1814                  * other than disk 0 we will call put_disk.  We do not
1815                  * do this for disk 0 as we need it to be able to
1816                  * configure the controller.
1817                  */
1818                 if (clear_all){
1819                         /* This isn't pretty, but we need to find the
1820                          * disk in our array and NULL our the pointer.
1821                          * This is so that we will call alloc_disk if
1822                          * this index is used again later.
1823                          */
1824                         for (i=0; i < CISS_MAX_LUN; i++){
1825                                 if (h->gendisk[i] == disk) {
1826                                         h->gendisk[i] = NULL;
1827                                         break;
1828                                 }
1829                         }
1830                         put_disk(disk);
1831                 }
1832         } else {
1833                 set_capacity(disk, 0);
1834         }
1835
1836         --h->num_luns;
1837         /* zero out the disk size info */
1838         drv->nr_blocks = 0;
1839         drv->block_size = 0;
1840         drv->heads = 0;
1841         drv->sectors = 0;
1842         drv->cylinders = 0;
1843         drv->raid_level = -1;   /* This can be used as a flag variable to
1844                                  * indicate that this element of the drive
1845                                  * array is free.
1846                                  */
1847
1848         if (clear_all) {
1849                 /* check to see if it was the last disk */
1850                 if (drv == h->drv + h->highest_lun) {
1851                         /* if so, find the new hightest lun */
1852                         int i, newhighest = -1;
1853                         for (i = 0; i <= h->highest_lun; i++) {
1854                                 /* if the disk has size > 0, it is available */
1855                                 if (h->drv[i].heads)
1856                                         newhighest = i;
1857                         }
1858                         h->highest_lun = newhighest;
1859                 }
1860
1861                 drv->LunID = 0;
1862         }
1863         return 0;
1864 }
1865
1866 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
1867                                                                                                                            1: address logical volume log_unit,
1868                                                                                                                            2: periph device address is scsi3addr */
1869                     unsigned int log_unit, __u8 page_code,
1870                     unsigned char *scsi3addr, int cmd_type)
1871 {
1872         ctlr_info_t *h = hba[ctlr];
1873         u64bit buff_dma_handle;
1874         int status = IO_OK;
1875
1876         c->cmd_type = CMD_IOCTL_PEND;
1877         c->Header.ReplyQueue = 0;
1878         if (buff != NULL) {
1879                 c->Header.SGList = 1;
1880                 c->Header.SGTotal = 1;
1881         } else {
1882                 c->Header.SGList = 0;
1883                 c->Header.SGTotal = 0;
1884         }
1885         c->Header.Tag.lower = c->busaddr;
1886
1887         c->Request.Type.Type = cmd_type;
1888         if (cmd_type == TYPE_CMD) {
1889                 switch (cmd) {
1890                 case CISS_INQUIRY:
1891                         /* If the logical unit number is 0 then, this is going
1892                            to controller so It's a physical command
1893                            mode = 0 target = 0.  So we have nothing to write.
1894                            otherwise, if use_unit_num == 1,
1895                            mode = 1(volume set addressing) target = LUNID
1896                            otherwise, if use_unit_num == 2,
1897                            mode = 0(periph dev addr) target = scsi3addr */
1898                         if (use_unit_num == 1) {
1899                                 c->Header.LUN.LogDev.VolId =
1900                                     h->drv[log_unit].LunID;
1901                                 c->Header.LUN.LogDev.Mode = 1;
1902                         } else if (use_unit_num == 2) {
1903                                 memcpy(c->Header.LUN.LunAddrBytes, scsi3addr,
1904                                        8);
1905                                 c->Header.LUN.LogDev.Mode = 0;
1906                         }
1907                         /* are we trying to read a vital product page */
1908                         if (page_code != 0) {
1909                                 c->Request.CDB[1] = 0x01;
1910                                 c->Request.CDB[2] = page_code;
1911                         }
1912                         c->Request.CDBLen = 6;
1913                         c->Request.Type.Attribute = ATTR_SIMPLE;
1914                         c->Request.Type.Direction = XFER_READ;
1915                         c->Request.Timeout = 0;
1916                         c->Request.CDB[0] = CISS_INQUIRY;
1917                         c->Request.CDB[4] = size & 0xFF;
1918                         break;
1919                 case CISS_REPORT_LOG:
1920                 case CISS_REPORT_PHYS:
1921                         /* Talking to controller so It's a physical command
1922                            mode = 00 target = 0.  Nothing to write.
1923                          */
1924                         c->Request.CDBLen = 12;
1925                         c->Request.Type.Attribute = ATTR_SIMPLE;
1926                         c->Request.Type.Direction = XFER_READ;
1927                         c->Request.Timeout = 0;
1928                         c->Request.CDB[0] = cmd;
1929                         c->Request.CDB[6] = (size >> 24) & 0xFF;        //MSB
1930                         c->Request.CDB[7] = (size >> 16) & 0xFF;
1931                         c->Request.CDB[8] = (size >> 8) & 0xFF;
1932                         c->Request.CDB[9] = size & 0xFF;
1933                         break;
1934
1935                 case CCISS_READ_CAPACITY:
1936                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1937                         c->Header.LUN.LogDev.Mode = 1;
1938                         c->Request.CDBLen = 10;
1939                         c->Request.Type.Attribute = ATTR_SIMPLE;
1940                         c->Request.Type.Direction = XFER_READ;
1941                         c->Request.Timeout = 0;
1942                         c->Request.CDB[0] = cmd;
1943                         break;
1944                 case CCISS_READ_CAPACITY_16:
1945                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1946                         c->Header.LUN.LogDev.Mode = 1;
1947                         c->Request.CDBLen = 16;
1948                         c->Request.Type.Attribute = ATTR_SIMPLE;
1949                         c->Request.Type.Direction = XFER_READ;
1950                         c->Request.Timeout = 0;
1951                         c->Request.CDB[0] = cmd;
1952                         c->Request.CDB[1] = 0x10;
1953                         c->Request.CDB[10] = (size >> 24) & 0xFF;
1954                         c->Request.CDB[11] = (size >> 16) & 0xFF;
1955                         c->Request.CDB[12] = (size >> 8) & 0xFF;
1956                         c->Request.CDB[13] = size & 0xFF;
1957                         c->Request.Timeout = 0;
1958                         c->Request.CDB[0] = cmd;
1959                         break;
1960                 case CCISS_CACHE_FLUSH:
1961                         c->Request.CDBLen = 12;
1962                         c->Request.Type.Attribute = ATTR_SIMPLE;
1963                         c->Request.Type.Direction = XFER_WRITE;
1964                         c->Request.Timeout = 0;
1965                         c->Request.CDB[0] = BMIC_WRITE;
1966                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
1967                         break;
1968                 default:
1969                         printk(KERN_WARNING
1970                                "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
1971                         return IO_ERROR;
1972                 }
1973         } else if (cmd_type == TYPE_MSG) {
1974                 switch (cmd) {
1975                 case 0: /* ABORT message */
1976                         c->Request.CDBLen = 12;
1977                         c->Request.Type.Attribute = ATTR_SIMPLE;
1978                         c->Request.Type.Direction = XFER_WRITE;
1979                         c->Request.Timeout = 0;
1980                         c->Request.CDB[0] = cmd;        /* abort */
1981                         c->Request.CDB[1] = 0;  /* abort a command */
1982                         /* buff contains the tag of the command to abort */
1983                         memcpy(&c->Request.CDB[4], buff, 8);
1984                         break;
1985                 case 1: /* RESET message */
1986                         c->Request.CDBLen = 12;
1987                         c->Request.Type.Attribute = ATTR_SIMPLE;
1988                         c->Request.Type.Direction = XFER_WRITE;
1989                         c->Request.Timeout = 0;
1990                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
1991                         c->Request.CDB[0] = cmd;        /* reset */
1992                         c->Request.CDB[1] = 0x04;       /* reset a LUN */
1993                         break;
1994                 case 3: /* No-Op message */
1995                         c->Request.CDBLen = 1;
1996                         c->Request.Type.Attribute = ATTR_SIMPLE;
1997                         c->Request.Type.Direction = XFER_WRITE;
1998                         c->Request.Timeout = 0;
1999                         c->Request.CDB[0] = cmd;
2000                         break;
2001                 default:
2002                         printk(KERN_WARNING
2003                                "cciss%d: unknown message type %d\n", ctlr, cmd);
2004                         return IO_ERROR;
2005                 }
2006         } else {
2007                 printk(KERN_WARNING
2008                        "cciss%d: unknown command type %d\n", ctlr, cmd_type);
2009                 return IO_ERROR;
2010         }
2011         /* Fill in the scatter gather information */
2012         if (size > 0) {
2013                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
2014                                                              buff, size,
2015                                                              PCI_DMA_BIDIRECTIONAL);
2016                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
2017                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
2018                 c->SG[0].Len = size;
2019                 c->SG[0].Ext = 0;       /* we are not chaining */
2020         }
2021         return status;
2022 }
2023
2024 static int sendcmd_withirq(__u8 cmd,
2025                            int ctlr,
2026                            void *buff,
2027                            size_t size,
2028                            unsigned int use_unit_num,
2029                            unsigned int log_unit, __u8 page_code, int cmd_type)
2030 {
2031         ctlr_info_t *h = hba[ctlr];
2032         CommandList_struct *c;
2033         u64bit buff_dma_handle;
2034         unsigned long flags;
2035         int return_status;
2036         DECLARE_COMPLETION_ONSTACK(wait);
2037
2038         if ((c = cmd_alloc(h, 0)) == NULL)
2039                 return -ENOMEM;
2040         return_status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2041                                  log_unit, page_code, NULL, cmd_type);
2042         if (return_status != IO_OK) {
2043                 cmd_free(h, c, 0);
2044                 return return_status;
2045         }
2046       resend_cmd2:
2047         c->waiting = &wait;
2048
2049         /* Put the request on the tail of the queue and send it */
2050         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
2051         addQ(&h->reqQ, c);
2052         h->Qdepth++;
2053         start_io(h);
2054         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
2055
2056         wait_for_completion(&wait);
2057
2058         if (c->err_info->CommandStatus != 0) {  /* an error has occurred */
2059                 switch (c->err_info->CommandStatus) {
2060                 case CMD_TARGET_STATUS:
2061                         printk(KERN_WARNING "cciss: cmd %p has "
2062                                " completed with errors\n", c);
2063                         if (c->err_info->ScsiStatus) {
2064                                 printk(KERN_WARNING "cciss: cmd %p "
2065                                        "has SCSI Status = %x\n",
2066                                        c, c->err_info->ScsiStatus);
2067                         }
2068
2069                         break;
2070                 case CMD_DATA_UNDERRUN:
2071                 case CMD_DATA_OVERRUN:
2072                         /* expected for inquire and report lun commands */
2073                         break;
2074                 case CMD_INVALID:
2075                         printk(KERN_WARNING "cciss: Cmd %p is "
2076                                "reported invalid\n", c);
2077                         return_status = IO_ERROR;
2078                         break;
2079                 case CMD_PROTOCOL_ERR:
2080                         printk(KERN_WARNING "cciss: cmd %p has "
2081                                "protocol error \n", c);
2082                         return_status = IO_ERROR;
2083                         break;
2084                 case CMD_HARDWARE_ERR:
2085                         printk(KERN_WARNING "cciss: cmd %p had "
2086                                " hardware error\n", c);
2087                         return_status = IO_ERROR;
2088                         break;
2089                 case CMD_CONNECTION_LOST:
2090                         printk(KERN_WARNING "cciss: cmd %p had "
2091                                "connection lost\n", c);
2092                         return_status = IO_ERROR;
2093                         break;
2094                 case CMD_ABORTED:
2095                         printk(KERN_WARNING "cciss: cmd %p was "
2096                                "aborted\n", c);
2097                         return_status = IO_ERROR;
2098                         break;
2099                 case CMD_ABORT_FAILED:
2100                         printk(KERN_WARNING "cciss: cmd %p reports "
2101                                "abort failed\n", c);
2102                         return_status = IO_ERROR;
2103                         break;
2104                 case CMD_UNSOLICITED_ABORT:
2105                         printk(KERN_WARNING
2106                                "cciss%d: unsolicited abort %p\n", ctlr, c);
2107                         if (c->retry_count < MAX_CMD_RETRIES) {
2108                                 printk(KERN_WARNING
2109                                        "cciss%d: retrying %p\n", ctlr, c);
2110                                 c->retry_count++;
2111                                 /* erase the old error information */
2112                                 memset(c->err_info, 0,
2113                                        sizeof(ErrorInfo_struct));
2114                                 return_status = IO_OK;
2115                                 INIT_COMPLETION(wait);
2116                                 goto resend_cmd2;
2117                         }
2118                         return_status = IO_ERROR;
2119                         break;
2120                 default:
2121                         printk(KERN_WARNING "cciss: cmd %p returned "
2122                                "unknown status %x\n", c,
2123                                c->err_info->CommandStatus);
2124                         return_status = IO_ERROR;
2125                 }
2126         }
2127         /* unlock the buffers from DMA */
2128         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2129         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2130         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2131                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2132         cmd_free(h, c, 0);
2133         return return_status;
2134 }
2135
2136 static void cciss_geometry_inquiry(int ctlr, int logvol,
2137                                    int withirq, sector_t total_size,
2138                                    unsigned int block_size,
2139                                    InquiryData_struct *inq_buff,
2140                                    drive_info_struct *drv)
2141 {
2142         int return_code;
2143         unsigned long t;
2144
2145         memset(inq_buff, 0, sizeof(InquiryData_struct));
2146         if (withirq)
2147                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
2148                                               inq_buff, sizeof(*inq_buff), 1,
2149                                               logvol, 0xC1, TYPE_CMD);
2150         else
2151                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
2152                                       sizeof(*inq_buff), 1, logvol, 0xC1, NULL,
2153                                       TYPE_CMD);
2154         if (return_code == IO_OK) {
2155                 if (inq_buff->data_byte[8] == 0xFF) {
2156                         printk(KERN_WARNING
2157                                "cciss: reading geometry failed, volume "
2158                                "does not support reading geometry\n");
2159                         drv->heads = 255;
2160                         drv->sectors = 32;      // Sectors per track
2161                         drv->cylinders = total_size + 1;
2162                         drv->raid_level = RAID_UNKNOWN;
2163                 } else {
2164                         drv->heads = inq_buff->data_byte[6];
2165                         drv->sectors = inq_buff->data_byte[7];
2166                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
2167                         drv->cylinders += inq_buff->data_byte[5];
2168                         drv->raid_level = inq_buff->data_byte[8];
2169                 }
2170                 drv->block_size = block_size;
2171                 drv->nr_blocks = total_size + 1;
2172                 t = drv->heads * drv->sectors;
2173                 if (t > 1) {
2174                         sector_t real_size = total_size + 1;
2175                         unsigned long rem = sector_div(real_size, t);
2176                         if (rem)
2177                                 real_size++;
2178                         drv->cylinders = real_size;
2179                 }
2180         } else {                /* Get geometry failed */
2181                 printk(KERN_WARNING "cciss: reading geometry failed\n");
2182         }
2183         printk(KERN_INFO "      heads=%d, sectors=%d, cylinders=%d\n\n",
2184                drv->heads, drv->sectors, drv->cylinders);
2185 }
2186
2187 static void
2188 cciss_read_capacity(int ctlr, int logvol, int withirq, sector_t *total_size,
2189                     unsigned int *block_size)
2190 {
2191         ReadCapdata_struct *buf;
2192         int return_code;
2193
2194         buf = kzalloc(sizeof(ReadCapdata_struct), GFP_KERNEL);
2195         if (!buf) {
2196                 printk(KERN_WARNING "cciss: out of memory\n");
2197                 return;
2198         }
2199
2200         if (withirq)
2201                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
2202                                 ctlr, buf, sizeof(ReadCapdata_struct),
2203                                         1, logvol, 0, TYPE_CMD);
2204         else
2205                 return_code = sendcmd(CCISS_READ_CAPACITY,
2206                                 ctlr, buf, sizeof(ReadCapdata_struct),
2207                                         1, logvol, 0, NULL, TYPE_CMD);
2208         if (return_code == IO_OK) {
2209                 *total_size = be32_to_cpu(*(__be32 *) buf->total_size);
2210                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2211         } else {                /* read capacity command failed */
2212                 printk(KERN_WARNING "cciss: read capacity failed\n");
2213                 *total_size = 0;
2214                 *block_size = BLOCK_SIZE;
2215         }
2216         if (*total_size != 0)
2217                 printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2218                 (unsigned long long)*total_size+1, *block_size);
2219         kfree(buf);
2220 }
2221
2222 static void
2223 cciss_read_capacity_16(int ctlr, int logvol, int withirq, sector_t *total_size,                                 unsigned int *block_size)
2224 {
2225         ReadCapdata_struct_16 *buf;
2226         int return_code;
2227
2228         buf = kzalloc(sizeof(ReadCapdata_struct_16), GFP_KERNEL);
2229         if (!buf) {
2230                 printk(KERN_WARNING "cciss: out of memory\n");
2231                 return;
2232         }
2233
2234         if (withirq) {
2235                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY_16,
2236                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2237                                 1, logvol, 0, TYPE_CMD);
2238         }
2239         else {
2240                 return_code = sendcmd(CCISS_READ_CAPACITY_16,
2241                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2242                                 1, logvol, 0, NULL, TYPE_CMD);
2243         }
2244         if (return_code == IO_OK) {
2245                 *total_size = be64_to_cpu(*(__be64 *) buf->total_size);
2246                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2247         } else {                /* read capacity command failed */
2248                 printk(KERN_WARNING "cciss: read capacity failed\n");
2249                 *total_size = 0;
2250                 *block_size = BLOCK_SIZE;
2251         }
2252         printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2253                (unsigned long long)*total_size+1, *block_size);
2254         kfree(buf);
2255 }
2256
2257 static int cciss_revalidate(struct gendisk *disk)
2258 {
2259         ctlr_info_t *h = get_host(disk);
2260         drive_info_struct *drv = get_drv(disk);
2261         int logvol;
2262         int FOUND = 0;
2263         unsigned int block_size;
2264         sector_t total_size;
2265         InquiryData_struct *inq_buff = NULL;
2266
2267         for (logvol = 0; logvol < CISS_MAX_LUN; logvol++) {
2268                 if (h->drv[logvol].LunID == drv->LunID) {
2269                         FOUND = 1;
2270                         break;
2271                 }
2272         }
2273
2274         if (!FOUND)
2275                 return 1;
2276
2277         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
2278         if (inq_buff == NULL) {
2279                 printk(KERN_WARNING "cciss: out of memory\n");
2280                 return 1;
2281         }
2282         if (h->cciss_read == CCISS_READ_10) {
2283                 cciss_read_capacity(h->ctlr, logvol, 1,
2284                                         &total_size, &block_size);
2285         } else {
2286                 cciss_read_capacity_16(h->ctlr, logvol, 1,
2287                                         &total_size, &block_size);
2288         }
2289         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size,
2290                                inq_buff, drv);
2291
2292         blk_queue_hardsect_size(drv->queue, drv->block_size);
2293         set_capacity(disk, drv->nr_blocks);
2294
2295         kfree(inq_buff);
2296         return 0;
2297 }
2298
2299 /*
2300  *   Wait polling for a command to complete.
2301  *   The memory mapped FIFO is polled for the completion.
2302  *   Used only at init time, interrupts from the HBA are disabled.
2303  */
2304 static unsigned long pollcomplete(int ctlr)
2305 {
2306         unsigned long done;
2307         int i;
2308
2309         /* Wait (up to 20 seconds) for a command to complete */
2310
2311         for (i = 20 * HZ; i > 0; i--) {
2312                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
2313                 if (done == FIFO_EMPTY)
2314                         schedule_timeout_uninterruptible(1);
2315                 else
2316                         return done;
2317         }
2318         /* Invalid address to tell caller we ran out of time */
2319         return 1;
2320 }
2321
2322 static int add_sendcmd_reject(__u8 cmd, int ctlr, unsigned long complete)
2323 {
2324         /* We get in here if sendcmd() is polling for completions
2325            and gets some command back that it wasn't expecting --
2326            something other than that which it just sent down.
2327            Ordinarily, that shouldn't happen, but it can happen when
2328            the scsi tape stuff gets into error handling mode, and
2329            starts using sendcmd() to try to abort commands and
2330            reset tape drives.  In that case, sendcmd may pick up
2331            completions of commands that were sent to logical drives
2332            through the block i/o system, or cciss ioctls completing, etc.
2333            In that case, we need to save those completions for later
2334            processing by the interrupt handler.
2335          */
2336
2337 #ifdef CONFIG_CISS_SCSI_TAPE
2338         struct sendcmd_reject_list *srl = &hba[ctlr]->scsi_rejects;
2339
2340         /* If it's not the scsi tape stuff doing error handling, (abort */
2341         /* or reset) then we don't expect anything weird. */
2342         if (cmd != CCISS_RESET_MSG && cmd != CCISS_ABORT_MSG) {
2343 #endif
2344                 printk(KERN_WARNING "cciss cciss%d: SendCmd "
2345                        "Invalid command list address returned! (%lx)\n",
2346                        ctlr, complete);
2347                 /* not much we can do. */
2348 #ifdef CONFIG_CISS_SCSI_TAPE
2349                 return 1;
2350         }
2351
2352         /* We've sent down an abort or reset, but something else
2353            has completed */
2354         if (srl->ncompletions >= (hba[ctlr]->nr_cmds + 2)) {
2355                 /* Uh oh.  No room to save it for later... */
2356                 printk(KERN_WARNING "cciss%d: Sendcmd: Invalid command addr, "
2357                        "reject list overflow, command lost!\n", ctlr);
2358                 return 1;
2359         }
2360         /* Save it for later */
2361         srl->complete[srl->ncompletions] = complete;
2362         srl->ncompletions++;
2363 #endif
2364         return 0;
2365 }
2366
2367 /*
2368  * Send a command to the controller, and wait for it to complete.
2369  * Only used at init time.
2370  */
2371 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
2372                                                                                                    1: address logical volume log_unit,
2373                                                                                                    2: periph device address is scsi3addr */
2374                    unsigned int log_unit,
2375                    __u8 page_code, unsigned char *scsi3addr, int cmd_type)
2376 {
2377         CommandList_struct *c;
2378         int i;
2379         unsigned long complete;
2380         ctlr_info_t *info_p = hba[ctlr];
2381         u64bit buff_dma_handle;
2382         int status, done = 0;
2383
2384         if ((c = cmd_alloc(info_p, 1)) == NULL) {
2385                 printk(KERN_WARNING "cciss: unable to get memory");
2386                 return IO_ERROR;
2387         }
2388         status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2389                           log_unit, page_code, scsi3addr, cmd_type);
2390         if (status != IO_OK) {
2391                 cmd_free(info_p, c, 1);
2392                 return status;
2393         }
2394       resend_cmd1:
2395         /*
2396          * Disable interrupt
2397          */
2398 #ifdef CCISS_DEBUG
2399         printk(KERN_DEBUG "cciss: turning intr off\n");
2400 #endif                          /* CCISS_DEBUG */
2401         info_p->access.set_intr_mask(info_p, CCISS_INTR_OFF);
2402
2403         /* Make sure there is room in the command FIFO */
2404         /* Actually it should be completely empty at this time */
2405         /* unless we are in here doing error handling for the scsi */
2406         /* tape side of the driver. */
2407         for (i = 200000; i > 0; i--) {
2408                 /* if fifo isn't full go */
2409                 if (!(info_p->access.fifo_full(info_p))) {
2410
2411                         break;
2412                 }
2413                 udelay(10);
2414                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2415                        " waiting!\n", ctlr);
2416         }
2417         /*
2418          * Send the cmd
2419          */
2420         info_p->access.submit_command(info_p, c);
2421         done = 0;
2422         do {
2423                 complete = pollcomplete(ctlr);
2424
2425 #ifdef CCISS_DEBUG
2426                 printk(KERN_DEBUG "cciss: command completed\n");
2427 #endif                          /* CCISS_DEBUG */
2428
2429                 if (complete == 1) {
2430                         printk(KERN_WARNING
2431                                "cciss cciss%d: SendCmd Timeout out, "
2432                                "No command list address returned!\n", ctlr);
2433                         status = IO_ERROR;
2434                         done = 1;
2435                         break;
2436                 }
2437
2438                 /* This will need to change for direct lookup completions */
2439                 if ((complete & CISS_ERROR_BIT)
2440                     && (complete & ~CISS_ERROR_BIT) == c->busaddr) {
2441                         /* if data overrun or underun on Report command
2442                            ignore it
2443                          */
2444                         if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2445                              (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2446                              (c->Request.CDB[0] == CISS_INQUIRY)) &&
2447                             ((c->err_info->CommandStatus ==
2448                               CMD_DATA_OVERRUN) ||
2449                              (c->err_info->CommandStatus == CMD_DATA_UNDERRUN)
2450                             )) {
2451                                 complete = c->busaddr;
2452                         } else {
2453                                 if (c->err_info->CommandStatus ==
2454                                     CMD_UNSOLICITED_ABORT) {
2455                                         printk(KERN_WARNING "cciss%d: "
2456                                                "unsolicited abort %p\n",
2457                                                ctlr, c);
2458                                         if (c->retry_count < MAX_CMD_RETRIES) {
2459                                                 printk(KERN_WARNING
2460                                                        "cciss%d: retrying %p\n",
2461                                                        ctlr, c);
2462                                                 c->retry_count++;
2463                                                 /* erase the old error */
2464                                                 /* information */
2465                                                 memset(c->err_info, 0,
2466                                                        sizeof
2467                                                        (ErrorInfo_struct));
2468                                                 goto resend_cmd1;
2469                                         } else {
2470                                                 printk(KERN_WARNING
2471                                                        "cciss%d: retried %p too "
2472                                                        "many times\n", ctlr, c);
2473                                                 status = IO_ERROR;
2474                                                 goto cleanup1;
2475                                         }
2476                                 } else if (c->err_info->CommandStatus ==
2477                                            CMD_UNABORTABLE) {
2478                                         printk(KERN_WARNING
2479                                                "cciss%d: command could not be aborted.\n",
2480                                                ctlr);
2481                                         status = IO_ERROR;
2482                                         goto cleanup1;
2483                                 }
2484                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2485                                        " Error %x \n", ctlr,
2486                                        c->err_info->CommandStatus);
2487                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2488                                        " offensive info\n"
2489                                        "  size %x\n   num %x   value %x\n",
2490                                        ctlr,
2491                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2492                                        offense_size,
2493                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2494                                        offense_num,
2495                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2496                                        offense_value);
2497                                 status = IO_ERROR;
2498                                 goto cleanup1;
2499                         }
2500                 }
2501                 /* This will need changing for direct lookup completions */
2502                 if (complete != c->busaddr) {
2503                         if (add_sendcmd_reject(cmd, ctlr, complete) != 0) {
2504                                 BUG();  /* we are pretty much hosed if we get here. */
2505                         }
2506                         continue;
2507                 } else
2508                         done = 1;
2509         } while (!done);
2510
2511       cleanup1:
2512         /* unlock the data buffer from DMA */
2513         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2514         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2515         pci_unmap_single(info_p->pdev, (dma_addr_t) buff_dma_handle.val,
2516                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2517 #ifdef CONFIG_CISS_SCSI_TAPE
2518         /* if we saved some commands for later, process them now. */
2519         if (info_p->scsi_rejects.ncompletions > 0)
2520                 do_cciss_intr(0, info_p);
2521 #endif
2522         cmd_free(info_p, c, 1);
2523         return status;
2524 }
2525
2526 /*
2527  * Map (physical) PCI mem into (virtual) kernel space
2528  */
2529 static void __iomem *remap_pci_mem(ulong base, ulong size)
2530 {
2531         ulong page_base = ((ulong) base) & PAGE_MASK;
2532         ulong page_offs = ((ulong) base) - page_base;
2533         void __iomem *page_remapped = ioremap(page_base, page_offs + size);
2534
2535         return page_remapped ? (page_remapped + page_offs) : NULL;
2536 }
2537
2538 /*
2539  * Takes jobs of the Q and sends them to the hardware, then puts it on
2540  * the Q to wait for completion.
2541  */
2542 static void start_io(ctlr_info_t *h)
2543 {
2544         CommandList_struct *c;
2545
2546         while ((c = h->reqQ) != NULL) {
2547                 /* can't do anything if fifo is full */
2548                 if ((h->access.fifo_full(h))) {
2549                         printk(KERN_WARNING "cciss: fifo full\n");
2550                         break;
2551                 }
2552
2553                 /* Get the first entry from the Request Q */
2554                 removeQ(&(h->reqQ), c);
2555                 h->Qdepth--;
2556
2557                 /* Tell the controller execute command */
2558                 h->access.submit_command(h, c);
2559
2560                 /* Put job onto the completed Q */
2561                 addQ(&(h->cmpQ), c);
2562         }
2563 }
2564
2565 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2566 /* Zeros out the error record and then resends the command back */
2567 /* to the controller */
2568 static inline void resend_cciss_cmd(ctlr_info_t *h, CommandList_struct *c)
2569 {
2570         /* erase the old error information */
2571         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2572
2573         /* add it to software queue and then send it to the controller */
2574         addQ(&(h->reqQ), c);
2575         h->Qdepth++;
2576         if (h->Qdepth > h->maxQsinceinit)
2577                 h->maxQsinceinit = h->Qdepth;
2578
2579         start_io(h);
2580 }
2581
2582 static inline unsigned int make_status_bytes(unsigned int scsi_status_byte,
2583         unsigned int msg_byte, unsigned int host_byte,
2584         unsigned int driver_byte)
2585 {
2586         /* inverse of macros in scsi.h */
2587         return (scsi_status_byte & 0xff) |
2588                 ((msg_byte & 0xff) << 8) |
2589                 ((host_byte & 0xff) << 16) |
2590                 ((driver_byte & 0xff) << 24);
2591 }
2592
2593 static inline int evaluate_target_status(CommandList_struct *cmd)
2594 {
2595         unsigned char sense_key;
2596         unsigned char status_byte, msg_byte, host_byte, driver_byte;
2597         int error_value;
2598
2599         /* If we get in here, it means we got "target status", that is, scsi status */
2600         status_byte = cmd->err_info->ScsiStatus;
2601         driver_byte = DRIVER_OK;
2602         msg_byte = cmd->err_info->CommandStatus; /* correct?  seems too device specific */
2603
2604         if (blk_pc_request(cmd->rq))
2605                 host_byte = DID_PASSTHROUGH;
2606         else
2607                 host_byte = DID_OK;
2608
2609         error_value = make_status_bytes(status_byte, msg_byte,
2610                 host_byte, driver_byte);
2611
2612         if (cmd->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION) {
2613                 if (!blk_pc_request(cmd->rq))
2614                         printk(KERN_WARNING "cciss: cmd %p "
2615                                "has SCSI Status 0x%x\n",
2616                                cmd, cmd->err_info->ScsiStatus);
2617                 return error_value;
2618         }
2619
2620         /* check the sense key */
2621         sense_key = 0xf & cmd->err_info->SenseInfo[2];
2622         /* no status or recovered error */
2623         if (((sense_key == 0x0) || (sense_key == 0x1)) && !blk_pc_request(cmd->rq))
2624                 error_value = 0;
2625
2626         if (!blk_pc_request(cmd->rq)) { /* Not SG_IO or similar? */
2627                 if (error_value != 0)
2628                         printk(KERN_WARNING "cciss: cmd %p has CHECK CONDITION"
2629                                " sense key = 0x%x\n", cmd, sense_key);
2630                 return error_value;
2631         }
2632
2633         /* SG_IO or similar, copy sense data back */
2634         if (cmd->rq->sense) {
2635                 if (cmd->rq->sense_len > cmd->err_info->SenseLen)
2636                         cmd->rq->sense_len = cmd->err_info->SenseLen;
2637                 memcpy(cmd->rq->sense, cmd->err_info->SenseInfo,
2638                         cmd->rq->sense_len);
2639         } else
2640                 cmd->rq->sense_len = 0;
2641
2642         return error_value;
2643 }
2644
2645 /* checks the status of the job and calls complete buffers to mark all
2646  * buffers for the completed job. Note that this function does not need
2647  * to hold the hba/queue lock.
2648  */
2649 static inline void complete_command(ctlr_info_t *h, CommandList_struct *cmd,
2650                                     int timeout)
2651 {
2652         int retry_cmd = 0;
2653         struct request *rq = cmd->rq;
2654
2655         rq->errors = 0;
2656
2657         if (timeout)
2658                 rq->errors = make_status_bytes(0, 0, 0, DRIVER_TIMEOUT);
2659
2660         if (cmd->err_info->CommandStatus == 0)  /* no error has occurred */
2661                 goto after_error_processing;
2662
2663         switch (cmd->err_info->CommandStatus) {
2664         case CMD_TARGET_STATUS:
2665                 rq->errors = evaluate_target_status(cmd);
2666                 break;
2667         case CMD_DATA_UNDERRUN:
2668                 if (blk_fs_request(cmd->rq)) {
2669                         printk(KERN_WARNING "cciss: cmd %p has"
2670                                " completed with data underrun "
2671                                "reported\n", cmd);
2672                         cmd->rq->data_len = cmd->err_info->ResidualCnt;
2673                 }
2674                 break;
2675         case CMD_DATA_OVERRUN:
2676                 if (blk_fs_request(cmd->rq))
2677                         printk(KERN_WARNING "cciss: cmd %p has"
2678                                " completed with data overrun "
2679                                "reported\n", cmd);
2680                 break;
2681         case CMD_INVALID:
2682                 printk(KERN_WARNING "cciss: cmd %p is "
2683                        "reported invalid\n", cmd);
2684                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2685                         cmd->err_info->CommandStatus, DRIVER_OK,
2686                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2687                 break;
2688         case CMD_PROTOCOL_ERR:
2689                 printk(KERN_WARNING "cciss: cmd %p has "
2690                        "protocol error \n", cmd);
2691                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2692                         cmd->err_info->CommandStatus, DRIVER_OK,
2693                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2694                 break;
2695         case CMD_HARDWARE_ERR:
2696                 printk(KERN_WARNING "cciss: cmd %p had "
2697                        " hardware error\n", cmd);
2698                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2699                         cmd->err_info->CommandStatus, DRIVER_OK,
2700                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2701                 break;
2702         case CMD_CONNECTION_LOST:
2703                 printk(KERN_WARNING "cciss: cmd %p had "
2704                        "connection lost\n", cmd);
2705                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2706                         cmd->err_info->CommandStatus, DRIVER_OK,
2707                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2708                 break;
2709         case CMD_ABORTED:
2710                 printk(KERN_WARNING "cciss: cmd %p was "
2711                        "aborted\n", cmd);
2712                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2713                         cmd->err_info->CommandStatus, DRIVER_OK,
2714                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2715                 break;
2716         case CMD_ABORT_FAILED:
2717                 printk(KERN_WARNING "cciss: cmd %p reports "
2718                        "abort failed\n", cmd);
2719                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2720                         cmd->err_info->CommandStatus, DRIVER_OK,
2721                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2722                 break;
2723         case CMD_UNSOLICITED_ABORT:
2724                 printk(KERN_WARNING "cciss%d: unsolicited "
2725                        "abort %p\n", h->ctlr, cmd);
2726                 if (cmd->retry_count < MAX_CMD_RETRIES) {
2727                         retry_cmd = 1;
2728                         printk(KERN_WARNING
2729                                "cciss%d: retrying %p\n", h->ctlr, cmd);
2730                         cmd->retry_count++;
2731                 } else
2732                         printk(KERN_WARNING
2733                                "cciss%d: %p retried too "
2734                                "many times\n", h->ctlr, cmd);
2735                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2736                         cmd->err_info->CommandStatus, DRIVER_OK,
2737                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2738                 break;
2739         case CMD_TIMEOUT:
2740                 printk(KERN_WARNING "cciss: cmd %p timedout\n", cmd);
2741                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2742                         cmd->err_info->CommandStatus, DRIVER_OK,
2743                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2744                 break;
2745         default:
2746                 printk(KERN_WARNING "cciss: cmd %p returned "
2747                        "unknown status %x\n", cmd,
2748                        cmd->err_info->CommandStatus);
2749                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2750                         cmd->err_info->CommandStatus, DRIVER_OK,
2751                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2752         }
2753
2754 after_error_processing:
2755
2756         /* We need to return this command */
2757         if (retry_cmd) {
2758                 resend_cciss_cmd(h, cmd);
2759                 return;
2760         }
2761         cmd->rq->completion_data = cmd;
2762         blk_complete_request(cmd->rq);
2763 }
2764
2765 /*
2766  * Get a request and submit it to the controller.
2767  */
2768 static void do_cciss_request(struct request_queue *q)
2769 {
2770         ctlr_info_t *h = q->queuedata;
2771         CommandList_struct *c;
2772         sector_t start_blk;
2773         int seg;
2774         struct request *creq;
2775         u64bit temp64;
2776         struct scatterlist tmp_sg[MAXSGENTRIES];
2777         drive_info_struct *drv;
2778         int i, dir;
2779
2780         /* We call start_io here in case there is a command waiting on the
2781          * queue that has not been sent.
2782          */
2783         if (blk_queue_plugged(q))
2784                 goto startio;
2785
2786       queue:
2787         creq = elv_next_request(q);
2788         if (!creq)
2789                 goto startio;
2790
2791         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
2792
2793         if ((c = cmd_alloc(h, 1)) == NULL)
2794                 goto full;
2795
2796         blkdev_dequeue_request(creq);
2797
2798         spin_unlock_irq(q->queue_lock);
2799
2800         c->cmd_type = CMD_RWREQ;
2801         c->rq = creq;
2802
2803         /* fill in the request */
2804         drv = creq->rq_disk->private_data;
2805         c->Header.ReplyQueue = 0;       // unused in simple mode
2806         /* got command from pool, so use the command block index instead */
2807         /* for direct lookups. */
2808         /* The first 2 bits are reserved for controller error reporting. */
2809         c->Header.Tag.lower = (c->cmdindex << 3);
2810         c->Header.Tag.lower |= 0x04;    /* flag for direct lookup. */
2811         c->Header.LUN.LogDev.VolId = drv->LunID;
2812         c->Header.LUN.LogDev.Mode = 1;
2813         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
2814         c->Request.Type.Type = TYPE_CMD;        // It is a command.
2815         c->Request.Type.Attribute = ATTR_SIMPLE;
2816         c->Request.Type.Direction =
2817             (rq_data_dir(creq) == READ) ? XFER_READ : XFER_WRITE;
2818         c->Request.Timeout = 0; // Don't time out
2819         c->Request.CDB[0] =
2820             (rq_data_dir(creq) == READ) ? h->cciss_read : h->cciss_write;
2821         start_blk = creq->sector;
2822 #ifdef CCISS_DEBUG
2823         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n", (int)creq->sector,
2824                (int)creq->nr_sectors);
2825 #endif                          /* CCISS_DEBUG */
2826
2827         sg_init_table(tmp_sg, MAXSGENTRIES);
2828         seg = blk_rq_map_sg(q, creq, tmp_sg);
2829
2830         /* get the DMA records for the setup */
2831         if (c->Request.Type.Direction == XFER_READ)
2832                 dir = PCI_DMA_FROMDEVICE;
2833         else
2834                 dir = PCI_DMA_TODEVICE;
2835
2836         for (i = 0; i < seg; i++) {
2837                 c->SG[i].Len = tmp_sg[i].length;
2838                 temp64.val = (__u64) pci_map_page(h->pdev, sg_page(&tmp_sg[i]),
2839                                                   tmp_sg[i].offset,
2840                                                   tmp_sg[i].length, dir);
2841                 c->SG[i].Addr.lower = temp64.val32.lower;
2842                 c->SG[i].Addr.upper = temp64.val32.upper;
2843                 c->SG[i].Ext = 0;       // we are not chaining
2844         }
2845         /* track how many SG entries we are using */
2846         if (seg > h->maxSG)
2847                 h->maxSG = seg;
2848
2849 #ifdef CCISS_DEBUG
2850         printk(KERN_DEBUG "cciss: Submitting %d sectors in %d segments\n",
2851                creq->nr_sectors, seg);
2852 #endif                          /* CCISS_DEBUG */
2853
2854         c->Header.SGList = c->Header.SGTotal = seg;
2855         if (likely(blk_fs_request(creq))) {
2856                 if(h->cciss_read == CCISS_READ_10) {
2857                         c->Request.CDB[1] = 0;
2858                         c->Request.CDB[2] = (start_blk >> 24) & 0xff;   //MSB
2859                         c->Request.CDB[3] = (start_blk >> 16) & 0xff;
2860                         c->Request.CDB[4] = (start_blk >> 8) & 0xff;
2861                         c->Request.CDB[5] = start_blk & 0xff;
2862                         c->Request.CDB[6] = 0;  // (sect >> 24) & 0xff; MSB
2863                         c->Request.CDB[7] = (creq->nr_sectors >> 8) & 0xff;
2864                         c->Request.CDB[8] = creq->nr_sectors & 0xff;
2865                         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
2866                 } else {
2867                         u32 upper32 = upper_32_bits(start_blk);
2868
2869                         c->Request.CDBLen = 16;
2870                         c->Request.CDB[1]= 0;
2871                         c->Request.CDB[2]= (upper32 >> 24) & 0xff;      //MSB
2872                         c->Request.CDB[3]= (upper32 >> 16) & 0xff;
2873                         c->Request.CDB[4]= (upper32 >>  8) & 0xff;
2874                         c->Request.CDB[5]= upper32 & 0xff;
2875                         c->Request.CDB[6]= (start_blk >> 24) & 0xff;
2876                         c->Request.CDB[7]= (start_blk >> 16) & 0xff;
2877                         c->Request.CDB[8]= (start_blk >>  8) & 0xff;
2878                         c->Request.CDB[9]= start_blk & 0xff;
2879                         c->Request.CDB[10]= (creq->nr_sectors >>  24) & 0xff;
2880                         c->Request.CDB[11]= (creq->nr_sectors >>  16) & 0xff;
2881                         c->Request.CDB[12]= (creq->nr_sectors >>  8) & 0xff;
2882                         c->Request.CDB[13]= creq->nr_sectors & 0xff;
2883                         c->Request.CDB[14] = c->Request.CDB[15] = 0;
2884                 }
2885         } else if (blk_pc_request(creq)) {
2886                 c->Request.CDBLen = creq->cmd_len;
2887                 memcpy(c->Request.CDB, creq->cmd, BLK_MAX_CDB);
2888         } else {
2889                 printk(KERN_WARNING "cciss%d: bad request type %d\n", h->ctlr, creq->cmd_type);
2890                 BUG();
2891         }
2892
2893         spin_lock_irq(q->queue_lock);
2894
2895         addQ(&(h->reqQ), c);
2896         h->Qdepth++;
2897         if (h->Qdepth > h->maxQsinceinit)
2898                 h->maxQsinceinit = h->Qdepth;
2899
2900         goto queue;
2901 full:
2902         blk_stop_queue(q);
2903 startio:
2904         /* We will already have the driver lock here so not need
2905          * to lock it.
2906          */
2907         start_io(h);
2908 }
2909
2910 static inline unsigned long get_next_completion(ctlr_info_t *h)
2911 {
2912 #ifdef CONFIG_CISS_SCSI_TAPE
2913         /* Any rejects from sendcmd() lying around? Process them first */
2914         if (h->scsi_rejects.ncompletions == 0)
2915                 return h->access.command_completed(h);
2916         else {
2917                 struct sendcmd_reject_list *srl;
2918                 int n;
2919                 srl = &h->scsi_rejects;
2920                 n = --srl->ncompletions;
2921                 /* printk("cciss%d: processing saved reject\n", h->ctlr); */
2922                 printk("p");
2923                 return srl->complete[n];
2924         }
2925 #else
2926         return h->access.command_completed(h);
2927 #endif
2928 }
2929
2930 static inline int interrupt_pending(ctlr_info_t *h)
2931 {
2932 #ifdef CONFIG_CISS_SCSI_TAPE
2933         return (h->access.intr_pending(h)
2934                 || (h->scsi_rejects.ncompletions > 0));
2935 #else
2936         return h->access.intr_pending(h);
2937 #endif
2938 }
2939
2940 static inline long interrupt_not_for_us(ctlr_info_t *h)
2941 {
2942 #ifdef CONFIG_CISS_SCSI_TAPE
2943         return (((h->access.intr_pending(h) == 0) ||
2944                  (h->interrupts_enabled == 0))
2945                 && (h->scsi_rejects.ncompletions == 0));
2946 #else
2947         return (((h->access.intr_pending(h) == 0) ||
2948                  (h->interrupts_enabled == 0)));
2949 #endif
2950 }
2951
2952 static irqreturn_t do_cciss_intr(int irq, void *dev_id)
2953 {
2954         ctlr_info_t *h = dev_id;
2955         CommandList_struct *c;
2956         unsigned long flags;
2957         __u32 a, a1, a2;
2958
2959         if (interrupt_not_for_us(h))
2960                 return IRQ_NONE;
2961         /*
2962          * If there are completed commands in the completion queue,
2963          * we had better do something about it.
2964          */
2965         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2966         while (interrupt_pending(h)) {
2967                 while ((a = get_next_completion(h)) != FIFO_EMPTY) {
2968                         a1 = a;
2969                         if ((a & 0x04)) {
2970                                 a2 = (a >> 3);
2971                                 if (a2 >= h->nr_cmds) {
2972                                         printk(KERN_WARNING
2973                                                "cciss: controller cciss%d failed, stopping.\n",
2974                                                h->ctlr);
2975                                         fail_all_cmds(h->ctlr);
2976                                         return IRQ_HANDLED;
2977                                 }
2978
2979                                 c = h->cmd_pool + a2;
2980                                 a = c->busaddr;
2981
2982                         } else {
2983                                 a &= ~3;
2984                                 if ((c = h->cmpQ) == NULL) {
2985                                         printk(KERN_WARNING
2986                                                "cciss: Completion of %08x ignored\n",
2987                                                a1);
2988                                         continue;
2989                                 }
2990                                 while (c->busaddr != a) {
2991                                         c = c->next;
2992                                         if (c == h->cmpQ)
2993                                                 break;
2994                                 }
2995                         }
2996                         /*
2997                          * If we've found the command, take it off the
2998                          * completion Q and free it
2999                          */
3000                         if (c->busaddr == a) {
3001                                 removeQ(&h->cmpQ, c);
3002                                 if (c->cmd_type == CMD_RWREQ) {
3003                                         complete_command(h, c, 0);
3004                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
3005                                         complete(c->waiting);
3006                                 }
3007 #                               ifdef CONFIG_CISS_SCSI_TAPE
3008                                 else if (c->cmd_type == CMD_SCSI)
3009                                         complete_scsi_command(c, 0, a1);
3010 #                               endif
3011                                 continue;
3012                         }
3013                 }
3014         }
3015
3016         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
3017         return IRQ_HANDLED;
3018 }
3019
3020 /*
3021  *  We cannot read the structure directly, for portability we must use
3022  *   the io functions.
3023  *   This is for debug only.
3024  */
3025 #ifdef CCISS_DEBUG
3026 static void print_cfg_table(CfgTable_struct *tb)
3027 {
3028         int i;
3029         char temp_name[17];
3030
3031         printk("Controller Configuration information\n");
3032         printk("------------------------------------\n");
3033         for (i = 0; i < 4; i++)
3034                 temp_name[i] = readb(&(tb->Signature[i]));
3035         temp_name[4] = '\0';
3036         printk("   Signature = %s\n", temp_name);
3037         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
3038         printk("   Transport methods supported = 0x%x\n",
3039                readl(&(tb->TransportSupport)));
3040         printk("   Transport methods active = 0x%x\n",
3041                readl(&(tb->TransportActive)));
3042         printk("   Requested transport Method = 0x%x\n",
3043                readl(&(tb->HostWrite.TransportRequest)));
3044         printk("   Coalesce Interrupt Delay = 0x%x\n",
3045                readl(&(tb->HostWrite.CoalIntDelay)));
3046         printk("   Coalesce Interrupt Count = 0x%x\n",
3047                readl(&(tb->HostWrite.CoalIntCount)));
3048         printk("   Max outstanding commands = 0x%d\n",
3049                readl(&(tb->CmdsOutMax)));
3050         printk("   Bus Types = 0x%x\n", readl(&(tb->BusTypes)));
3051         for (i = 0; i < 16; i++)
3052                 temp_name[i] = readb(&(tb->ServerName[i]));
3053         temp_name[16] = '\0';
3054         printk("   Server Name = %s\n", temp_name);
3055         printk("   Heartbeat Counter = 0x%x\n\n\n", readl(&(tb->HeartBeat)));
3056 }
3057 #endif                          /* CCISS_DEBUG */
3058
3059 static int find_PCI_BAR_index(struct pci_dev *pdev, unsigned long pci_bar_addr)
3060 {
3061         int i, offset, mem_type, bar_type;
3062         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
3063                 return 0;
3064         offset = 0;
3065         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3066                 bar_type = pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE;
3067                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
3068                         offset += 4;
3069                 else {
3070                         mem_type = pci_resource_flags(pdev, i) &
3071                             PCI_BASE_ADDRESS_MEM_TYPE_MASK;
3072                         switch (mem_type) {
3073                         case PCI_BASE_ADDRESS_MEM_TYPE_32:
3074                         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
3075                                 offset += 4;    /* 32 bit */
3076                                 break;
3077                         case PCI_BASE_ADDRESS_MEM_TYPE_64:
3078                                 offset += 8;
3079                                 break;
3080                         default:        /* reserved in PCI 2.2 */
3081                                 printk(KERN_WARNING
3082                                        "Base address is invalid\n");
3083                                 return -1;
3084                                 break;
3085                         }
3086                 }
3087                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
3088                         return i + 1;
3089         }
3090         return -1;
3091 }
3092
3093 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
3094  * controllers that are capable. If not, we use IO-APIC mode.
3095  */
3096
3097 static void __devinit cciss_interrupt_mode(ctlr_info_t *c,
3098                                            struct pci_dev *pdev, __u32 board_id)
3099 {
3100 #ifdef CONFIG_PCI_MSI
3101         int err;
3102         struct msix_entry cciss_msix_entries[4] = { {0, 0}, {0, 1},
3103         {0, 2}, {0, 3}
3104         };
3105
3106         /* Some boards advertise MSI but don't really support it */
3107         if ((board_id == 0x40700E11) ||
3108             (board_id == 0x40800E11) ||
3109             (board_id == 0x40820E11) || (board_id == 0x40830E11))
3110                 goto default_int_mode;
3111
3112         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
3113                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
3114                 if (!err) {
3115                         c->intr[0] = cciss_msix_entries[0].vector;
3116                         c->intr[1] = cciss_msix_entries[1].vector;
3117                         c->intr[2] = cciss_msix_entries[2].vector;
3118                         c->intr[3] = cciss_msix_entries[3].vector;
3119                         c->msix_vector = 1;
3120                         return;
3121                 }
3122                 if (err > 0) {
3123                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
3124                                "available\n", err);
3125                         goto default_int_mode;
3126                 } else {
3127                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
3128                                err);
3129                         goto default_int_mode;
3130                 }
3131         }
3132         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
3133                 if (!pci_enable_msi(pdev)) {
3134                         c->msi_vector = 1;
3135                 } else {
3136                         printk(KERN_WARNING "cciss: MSI init failed\n");
3137                 }
3138         }
3139 default_int_mode:
3140 #endif                          /* CONFIG_PCI_MSI */
3141         /* if we get here we're going to use the default interrupt mode */
3142         c->intr[SIMPLE_MODE_INT] = pdev->irq;
3143         return;
3144 }
3145
3146 static int __devinit cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
3147 {
3148         ushort subsystem_vendor_id, subsystem_device_id, command;
3149         __u32 board_id, scratchpad = 0;
3150         __u64 cfg_offset;
3151         __u32 cfg_base_addr;
3152         __u64 cfg_base_addr_index;
3153         int i, err;
3154
3155         /* check to see if controller has been disabled */
3156         /* BEFORE trying to enable it */
3157         (void)pci_read_config_word(pdev, PCI_COMMAND, &command);
3158         if (!(command & 0x02)) {
3159                 printk(KERN_WARNING
3160                        "cciss: controller appears to be disabled\n");
3161                 return -ENODEV;
3162         }
3163
3164         err = pci_enable_device(pdev);
3165         if (err) {
3166                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
3167                 return err;
3168         }
3169
3170         err = pci_request_regions(pdev, "cciss");
3171         if (err) {
3172                 printk(KERN_ERR "cciss: Cannot obtain PCI resources, "
3173                        "aborting\n");
3174                 return err;
3175         }
3176
3177         subsystem_vendor_id = pdev->subsystem_vendor;
3178         subsystem_device_id = pdev->subsystem_device;
3179         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
3180                     subsystem_vendor_id);
3181
3182 #ifdef CCISS_DEBUG
3183         printk("command = %x\n", command);
3184         printk("irq = %x\n", pdev->irq);
3185         printk("board_id = %x\n", board_id);
3186 #endif                          /* CCISS_DEBUG */
3187
3188 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
3189  * else we use the IO-APIC interrupt assigned to us by system ROM.
3190  */
3191         cciss_interrupt_mode(c, pdev, board_id);
3192
3193         /*
3194          * Memory base addr is first addr , the second points to the config
3195          *   table
3196          */
3197
3198         c->paddr = pci_resource_start(pdev, 0); /* addressing mode bits already removed */
3199 #ifdef CCISS_DEBUG
3200         printk("address 0 = %x\n", c->paddr);
3201 #endif                          /* CCISS_DEBUG */
3202         c->vaddr = remap_pci_mem(c->paddr, 0x250);
3203
3204         /* Wait for the board to become ready.  (PCI hotplug needs this.)
3205          * We poll for up to 120 secs, once per 100ms. */
3206         for (i = 0; i < 1200; i++) {
3207                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
3208                 if (scratchpad == CCISS_FIRMWARE_READY)
3209                         break;
3210                 set_current_state(TASK_INTERRUPTIBLE);
3211                 schedule_timeout(HZ / 10);      /* wait 100ms */
3212         }
3213         if (scratchpad != CCISS_FIRMWARE_READY) {
3214                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
3215                 err = -ENODEV;
3216                 goto err_out_free_res;
3217         }
3218
3219         /* get the address index number */
3220         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
3221         cfg_base_addr &= (__u32) 0x0000ffff;
3222 #ifdef CCISS_DEBUG
3223         printk("cfg base address = %x\n", cfg_base_addr);
3224 #endif                          /* CCISS_DEBUG */
3225         cfg_base_addr_index = find_PCI_BAR_index(pdev, cfg_base_addr);
3226 #ifdef CCISS_DEBUG
3227         printk("cfg base address index = %x\n", cfg_base_addr_index);
3228 #endif                          /* CCISS_DEBUG */
3229         if (cfg_base_addr_index == -1) {
3230                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
3231                 err = -ENODEV;
3232                 goto err_out_free_res;
3233         }
3234
3235         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
3236 #ifdef CCISS_DEBUG
3237         printk("cfg offset = %x\n", cfg_offset);
3238 #endif                          /* CCISS_DEBUG */
3239         c->cfgtable = remap_pci_mem(pci_resource_start(pdev,
3240                                                        cfg_base_addr_index) +
3241                                     cfg_offset, sizeof(CfgTable_struct));
3242         c->board_id = board_id;
3243
3244 #ifdef CCISS_DEBUG
3245         print_cfg_table(c->cfgtable);
3246 #endif                          /* CCISS_DEBUG */
3247
3248         /* Some controllers support Zero Memory Raid (ZMR).
3249          * When configured in ZMR mode the number of supported
3250          * commands drops to 64. So instead of just setting an
3251          * arbitrary value we make the driver a little smarter.
3252          * We read the config table to tell us how many commands
3253          * are supported on the controller then subtract 4 to
3254          * leave a little room for ioctl calls.
3255          */
3256         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3257         for (i = 0; i < ARRAY_SIZE(products); i++) {
3258                 if (board_id == products[i].board_id) {
3259                         c->product_name = products[i].product_name;
3260                         c->access = *(products[i].access);
3261                         c->nr_cmds = c->max_commands - 4;
3262                         break;
3263                 }
3264         }
3265         if ((readb(&c->cfgtable->Signature[0]) != 'C') ||
3266             (readb(&c->cfgtable->Signature[1]) != 'I') ||
3267             (readb(&c->cfgtable->Signature[2]) != 'S') ||
3268             (readb(&c->cfgtable->Signature[3]) != 'S')) {
3269                 printk("Does not appear to be a valid CISS config table\n");
3270                 err = -ENODEV;
3271                 goto err_out_free_res;
3272         }
3273         /* We didn't find the controller in our list. We know the
3274          * signature is valid. If it's an HP device let's try to
3275          * bind to the device and fire it up. Otherwise we bail.
3276          */
3277         if (i == ARRAY_SIZE(products)) {
3278                 if (subsystem_vendor_id == PCI_VENDOR_ID_HP) {
3279                         c->product_name = products[i-1].product_name;
3280                         c->access = *(products[i-1].access);
3281                         c->nr_cmds = c->max_commands - 4;
3282                         printk(KERN_WARNING "cciss: This is an unknown "
3283                                 "Smart Array controller.\n"
3284                                 "cciss: Please update to the latest driver "
3285                                 "available from www.hp.com.\n");
3286                 } else {
3287                         printk(KERN_WARNING "cciss: Sorry, I don't know how"
3288                                 " to access the Smart Array controller %08lx\n"
3289                                         , (unsigned long)board_id);
3290                         err = -ENODEV;
3291                         goto err_out_free_res;
3292                 }
3293         }
3294 #ifdef CONFIG_X86
3295         {
3296                 /* Need to enable prefetch in the SCSI core for 6400 in x86 */
3297                 __u32 prefetch;
3298                 prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
3299                 prefetch |= 0x100;
3300                 writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
3301         }
3302 #endif
3303
3304         /* Disabling DMA prefetch and refetch for the P600.
3305          * An ASIC bug may result in accesses to invalid memory addresses.
3306          * We've disabled prefetch for some time now. Testing with XEN
3307          * kernels revealed a bug in the refetch if dom0 resides on a P600.
3308          */
3309         if(board_id == 0x3225103C) {
3310                 __u32 dma_prefetch;
3311                 __u32 dma_refetch;
3312                 dma_prefetch = readl(c->vaddr + I2O_DMA1_CFG);
3313                 dma_prefetch |= 0x8000;
3314                 writel(dma_prefetch, c->vaddr + I2O_DMA1_CFG);
3315                 pci_read_config_dword(pdev, PCI_COMMAND_PARITY, &dma_refetch);
3316                 dma_refetch |= 0x1;
3317                 pci_write_config_dword(pdev, PCI_COMMAND_PARITY, dma_refetch);
3318         }
3319
3320 #ifdef CCISS_DEBUG
3321         printk("Trying to put board into Simple mode\n");
3322 #endif                          /* CCISS_DEBUG */
3323         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3324         /* Update the field, and then ring the doorbell */
3325         writel(CFGTBL_Trans_Simple, &(c->cfgtable->HostWrite.TransportRequest));
3326         writel(CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
3327
3328         /* under certain very rare conditions, this can take awhile.
3329          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
3330          * as we enter this code.) */
3331         for (i = 0; i < MAX_CONFIG_WAIT; i++) {
3332                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
3333                         break;
3334                 /* delay and try again */
3335                 set_current_state(TASK_INTERRUPTIBLE);
3336                 schedule_timeout(10);
3337         }
3338
3339 #ifdef CCISS_DEBUG
3340         printk(KERN_DEBUG "I counter got to %d %x\n", i,
3341                readl(c->vaddr + SA5_DOORBELL));
3342 #endif                          /* CCISS_DEBUG */
3343 #ifdef CCISS_DEBUG
3344         print_cfg_table(c->cfgtable);
3345 #endif                          /* CCISS_DEBUG */
3346
3347         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple)) {
3348                 printk(KERN_WARNING "cciss: unable to get board into"
3349                        " simple mode\n");
3350                 err = -ENODEV;
3351                 goto err_out_free_res;
3352         }
3353         return 0;
3354
3355 err_out_free_res:
3356         /*
3357          * Deliberately omit pci_disable_device(): it does something nasty to
3358          * Smart Array controllers that pci_enable_device does not undo
3359          */
3360         pci_release_regions(pdev);
3361         return err;
3362 }
3363
3364 /* Function to find the first free pointer into our hba[] array
3365  * Returns -1 if no free entries are left.
3366  */
3367 static int alloc_cciss_hba(void)
3368 {
3369         int i;
3370
3371         for (i = 0; i < MAX_CTLR; i++) {
3372                 if (!hba[i]) {
3373                         ctlr_info_t *p;
3374
3375                         p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3376                         if (!p)
3377                                 goto Enomem;
3378                         hba[i] = p;
3379                         return i;
3380                 }
3381         }
3382         printk(KERN_WARNING "cciss: This driver supports a maximum"
3383                " of %d controllers.\n", MAX_CTLR);
3384         return -1;
3385 Enomem:
3386         printk(KERN_ERR "cciss: out of memory.\n");
3387         return -1;
3388 }
3389
3390 static void free_hba(int i)
3391 {
3392         ctlr_info_t *p = hba[i];
3393         int n;
3394
3395         hba[i] = NULL;
3396         for (n = 0; n < CISS_MAX_LUN; n++)
3397                 put_disk(p->gendisk[n]);
3398         kfree(p);
3399 }
3400
3401 /*
3402  *  This is it.  Find all the controllers and register them.  I really hate
3403  *  stealing all these major device numbers.
3404  *  returns the number of block devices registered.
3405  */
3406 static int __devinit cciss_init_one(struct pci_dev *pdev,
3407                                     const struct pci_device_id *ent)
3408 {
3409         int i;
3410         int j = 0;
3411         int rc;
3412         int dac, return_code;
3413         InquiryData_struct *inq_buff = NULL;
3414
3415         i = alloc_cciss_hba();
3416         if (i < 0)
3417                 return -1;
3418
3419         hba[i]->busy_initializing = 1;
3420
3421         if (cciss_pci_init(hba[i], pdev) != 0)
3422                 goto clean1;
3423
3424         sprintf(hba[i]->devname, "cciss%d", i);
3425         hba[i]->ctlr = i;
3426         hba[i]->pdev = pdev;
3427
3428         /* configure PCI DMA stuff */
3429         if (!pci_set_dma_mask(pdev, DMA_64BIT_MASK))
3430                 dac = 1;
3431         else if (!pci_set_dma_mask(pdev, DMA_32BIT_MASK))
3432                 dac = 0;
3433         else {
3434                 printk(KERN_ERR "cciss: no suitable DMA available\n");
3435                 goto clean1;
3436         }
3437
3438         /*
3439          * register with the major number, or get a dynamic major number
3440          * by passing 0 as argument.  This is done for greater than
3441          * 8 controller support.
3442          */
3443         if (i < MAX_CTLR_ORIG)
3444                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
3445         rc = register_blkdev(hba[i]->major, hba[i]->devname);
3446         if (rc == -EBUSY || rc == -EINVAL) {
3447                 printk(KERN_ERR
3448                        "cciss:  Unable to get major number %d for %s "
3449                        "on hba %d\n", hba[i]->major, hba[i]->devname, i);
3450                 goto clean1;
3451         } else {
3452                 if (i >= MAX_CTLR_ORIG)
3453                         hba[i]->major = rc;
3454         }
3455
3456         /* make sure the board interrupts are off */
3457         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
3458         if (request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
3459                         IRQF_DISABLED | IRQF_SHARED, hba[i]->devname, hba[i])) {
3460                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
3461                        hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
3462                 goto clean2;
3463         }
3464
3465         printk(KERN_INFO "%s: <0x%x> at PCI %s IRQ %d%s using DAC\n",
3466                hba[i]->devname, pdev->device, pci_name(pdev),
3467                hba[i]->intr[SIMPLE_MODE_INT], dac ? "" : " not");
3468
3469         hba[i]->cmd_pool_bits =
3470             kmalloc(DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3471                         * sizeof(unsigned long), GFP_KERNEL);
3472         hba[i]->cmd_pool = (CommandList_struct *)
3473             pci_alloc_consistent(hba[i]->pdev,
3474                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3475                     &(hba[i]->cmd_pool_dhandle));
3476         hba[i]->errinfo_pool = (ErrorInfo_struct *)
3477             pci_alloc_consistent(hba[i]->pdev,
3478                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3479                     &(hba[i]->errinfo_pool_dhandle));
3480         if ((hba[i]->cmd_pool_bits == NULL)
3481             || (hba[i]->cmd_pool == NULL)
3482             || (hba[i]->errinfo_pool == NULL)) {
3483                 printk(KERN_ERR "cciss: out of memory");
3484                 goto clean4;
3485         }
3486 #ifdef CONFIG_CISS_SCSI_TAPE
3487         hba[i]->scsi_rejects.complete =
3488             kmalloc(sizeof(hba[i]->scsi_rejects.complete[0]) *
3489                     (hba[i]->nr_cmds + 5), GFP_KERNEL);
3490         if (hba[i]->scsi_rejects.complete == NULL) {
3491                 printk(KERN_ERR "cciss: out of memory");
3492                 goto clean4;
3493         }
3494 #endif
3495         spin_lock_init(&hba[i]->lock);
3496
3497         /* Initialize the pdev driver private data.
3498            have it point to hba[i].  */
3499         pci_set_drvdata(pdev, hba[i]);
3500         /* command and error info recs zeroed out before
3501            they are used */
3502         memset(hba[i]->cmd_pool_bits, 0,
3503                DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3504                         * sizeof(unsigned long));
3505
3506         hba[i]->num_luns = 0;
3507         hba[i]->highest_lun = -1;
3508         for (j = 0; j < CISS_MAX_LUN; j++) {
3509                 hba[i]->drv[j].raid_level = -1;
3510                 hba[i]->drv[j].queue = NULL;
3511                 hba[i]->gendisk[j] = NULL;
3512         }
3513
3514         cciss_scsi_setup(i);
3515
3516         /* Turn the interrupts on so we can service requests */
3517         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
3518
3519         /* Get the firmware version */
3520         inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
3521         if (inq_buff == NULL) {
3522                 printk(KERN_ERR "cciss: out of memory\n");
3523                 goto clean4;
3524         }
3525
3526         return_code = sendcmd_withirq(CISS_INQUIRY, i, inq_buff,
3527                 sizeof(InquiryData_struct), 0, 0 , 0, TYPE_CMD);
3528         if (return_code == IO_OK) {
3529                 hba[i]->firm_ver[0] = inq_buff->data_byte[32];
3530                 hba[i]->firm_ver[1] = inq_buff->data_byte[33];
3531                 hba[i]->firm_ver[2] = inq_buff->data_byte[34];
3532                 hba[i]->firm_ver[3] = inq_buff->data_byte[35];
3533         } else {         /* send command failed */
3534                 printk(KERN_WARNING "cciss: unable to determine firmware"
3535                         " version of controller\n");
3536         }
3537
3538         cciss_procinit(i);
3539
3540         hba[i]->cciss_max_sectors = 2048;
3541
3542         hba[i]->busy_initializing = 0;
3543
3544         rebuild_lun_table(hba[i], 1);
3545         return 1;
3546
3547 clean4:
3548         kfree(inq_buff);
3549 #ifdef CONFIG_CISS_SCSI_TAPE
3550         kfree(hba[i]->scsi_rejects.complete);
3551 #endif
3552         kfree(hba[i]->cmd_pool_bits);
3553         if (hba[i]->cmd_pool)
3554                 pci_free_consistent(hba[i]->pdev,
3555                                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3556                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3557         if (hba[i]->errinfo_pool)
3558                 pci_free_consistent(hba[i]->pdev,
3559                                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3560                                     hba[i]->errinfo_pool,
3561                                     hba[i]->errinfo_pool_dhandle);
3562         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
3563 clean2:
3564         unregister_blkdev(hba[i]->major, hba[i]->devname);
3565 clean1:
3566         hba[i]->busy_initializing = 0;
3567         /* cleanup any queues that may have been initialized */
3568         for (j=0; j <= hba[i]->highest_lun; j++){
3569                 drive_info_struct *drv = &(hba[i]->drv[j]);
3570                 if (drv->queue)
3571                         blk_cleanup_queue(drv->queue);
3572         }
3573         /*
3574          * Deliberately omit pci_disable_device(): it does something nasty to
3575          * Smart Array controllers that pci_enable_device does not undo
3576          */
3577         pci_release_regions(pdev);
3578         pci_set_drvdata(pdev, NULL);
3579         free_hba(i);
3580         return -1;
3581 }
3582
3583 static void cciss_shutdown(struct pci_dev *pdev)
3584 {
3585         ctlr_info_t *tmp_ptr;
3586         int i;
3587         char flush_buf[4];
3588         int return_code;
3589
3590         tmp_ptr = pci_get_drvdata(pdev);
3591         if (tmp_ptr == NULL)
3592                 return;
3593         i = tmp_ptr->ctlr;
3594         if (hba[i] == NULL)
3595                 return;
3596
3597         /* Turn board interrupts off  and send the flush cache command */
3598         /* sendcmd will turn off interrupt, and send the flush...
3599          * To write all data in the battery backed cache to disks */
3600         memset(flush_buf, 0, 4);
3601         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0, 0, 0, NULL,
3602                               TYPE_CMD);
3603         if (return_code == IO_OK) {
3604                 printk(KERN_INFO "Completed flushing cache on controller %d\n", i);
3605         } else {
3606                 printk(KERN_WARNING "Error flushing cache on controller %d\n", i);
3607         }
3608         free_irq(hba[i]->intr[2], hba[i]);
3609 }
3610
3611 static void __devexit cciss_remove_one(struct pci_dev *pdev)
3612 {
3613         ctlr_info_t *tmp_ptr;
3614         int i, j;
3615
3616         if (pci_get_drvdata(pdev) == NULL) {
3617                 printk(KERN_ERR "cciss: Unable to remove device \n");
3618                 return;
3619         }
3620         tmp_ptr = pci_get_drvdata(pdev);
3621         i = tmp_ptr->ctlr;
3622         if (hba[i] == NULL) {
3623                 printk(KERN_ERR "cciss: device appears to "
3624                        "already be removed \n");
3625                 return;
3626         }
3627
3628         remove_proc_entry(hba[i]->devname, proc_cciss);
3629         unregister_blkdev(hba[i]->major, hba[i]->devname);
3630
3631         /* remove it from the disk list */
3632         for (j = 0; j < CISS_MAX_LUN; j++) {
3633                 struct gendisk *disk = hba[i]->gendisk[j];
3634                 if (disk) {
3635                         struct request_queue *q = disk->queue;
3636
3637                         if (disk->flags & GENHD_FL_UP)
3638                                 del_gendisk(disk);
3639                         if (q)
3640                                 blk_cleanup_queue(q);
3641                 }
3642         }
3643
3644 #ifdef CONFIG_CISS_SCSI_TAPE
3645         cciss_unregister_scsi(i);       /* unhook from SCSI subsystem */
3646 #endif
3647
3648         cciss_shutdown(pdev);
3649
3650 #ifdef CONFIG_PCI_MSI
3651         if (hba[i]->msix_vector)
3652                 pci_disable_msix(hba[i]->pdev);
3653         else if (hba[i]->msi_vector)
3654                 pci_disable_msi(hba[i]->pdev);
3655 #endif                          /* CONFIG_PCI_MSI */
3656
3657         iounmap(hba[i]->vaddr);
3658
3659         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(CommandList_struct),
3660                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3661         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3662                             hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
3663         kfree(hba[i]->cmd_pool_bits);
3664 #ifdef CONFIG_CISS_SCSI_TAPE
3665         kfree(hba[i]->scsi_rejects.complete);
3666 #endif
3667         /*
3668          * Deliberately omit pci_disable_device(): it does something nasty to
3669          * Smart Array controllers that pci_enable_device does not undo
3670          */
3671         pci_release_regions(pdev);
3672         pci_set_drvdata(pdev, NULL);
3673         free_hba(i);
3674 }
3675
3676 static struct pci_driver cciss_pci_driver = {
3677         .name = "cciss",
3678         .probe = cciss_init_one,
3679         .remove = __devexit_p(cciss_remove_one),
3680         .id_table = cciss_pci_device_id,        /* id_table */
3681         .shutdown = cciss_shutdown,
3682 };
3683
3684 /*
3685  *  This is it.  Register the PCI driver information for the cards we control
3686  *  the OS will call our registered routines when it finds one of our cards.
3687  */
3688 static int __init cciss_init(void)
3689 {
3690         printk(KERN_INFO DRIVER_NAME "\n");
3691
3692         /* Register for our PCI devices */
3693         return pci_register_driver(&cciss_pci_driver);
3694 }
3695
3696 static void __exit cciss_cleanup(void)
3697 {
3698         int i;
3699
3700         pci_unregister_driver(&cciss_pci_driver);
3701         /* double check that all controller entrys have been removed */
3702         for (i = 0; i < MAX_CTLR; i++) {
3703                 if (hba[i] != NULL) {
3704                         printk(KERN_WARNING "cciss: had to remove"
3705                                " controller %d\n", i);
3706                         cciss_remove_one(hba[i]->pdev);
3707                 }
3708         }
3709         remove_proc_entry("driver/cciss", NULL);
3710 }
3711
3712 static void fail_all_cmds(unsigned long ctlr)
3713 {
3714         /* If we get here, the board is apparently dead. */
3715         ctlr_info_t *h = hba[ctlr];
3716         CommandList_struct *c;
3717         unsigned long flags;
3718
3719         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
3720         h->alive = 0;           /* the controller apparently died... */
3721
3722         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
3723
3724         pci_disable_device(h->pdev);    /* Make sure it is really dead. */
3725
3726         /* move everything off the request queue onto the completed queue */
3727         while ((c = h->reqQ) != NULL) {
3728                 removeQ(&(h->reqQ), c);
3729                 h->Qdepth--;
3730                 addQ(&(h->cmpQ), c);
3731         }
3732
3733         /* Now, fail everything on the completed queue with a HW error */
3734         while ((c = h->cmpQ) != NULL) {
3735                 removeQ(&h->cmpQ, c);
3736                 c->err_info->CommandStatus = CMD_HARDWARE_ERR;
3737                 if (c->cmd_type == CMD_RWREQ) {
3738                         complete_command(h, c, 0);
3739                 } else if (c->cmd_type == CMD_IOCTL_PEND)
3740                         complete(c->waiting);
3741 #ifdef CONFIG_CISS_SCSI_TAPE
3742                 else if (c->cmd_type == CMD_SCSI)
3743                         complete_scsi_command(c, 0, 0);
3744 #endif
3745         }
3746         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
3747         return;
3748 }
3749
3750 module_init(cciss_init);
3751 module_exit(cciss_cleanup);