Merge branch 'irq-fixes-for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git...
[linux-2.6] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP Smart Array controllers.
3  *    (C) Copyright 2000, 2007 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; version 2 of the License.
8  *
9  *    This program is distributed in the hope that it will be useful,
10  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
11  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  *    General Public License for more details.
13  *
14  *    You should have received a copy of the GNU General Public License
15  *    along with this program; if not, write to the Free Software
16  *    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17  *    02111-1307, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/module.h>
24 #include <linux/interrupt.h>
25 #include <linux/types.h>
26 #include <linux/pci.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/delay.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/bio.h>
33 #include <linux/blkpg.h>
34 #include <linux/timer.h>
35 #include <linux/proc_fs.h>
36 #include <linux/seq_file.h>
37 #include <linux/init.h>
38 #include <linux/hdreg.h>
39 #include <linux/spinlock.h>
40 #include <linux/compat.h>
41 #include <linux/blktrace_api.h>
42 #include <asm/uaccess.h>
43 #include <asm/io.h>
44
45 #include <linux/dma-mapping.h>
46 #include <linux/blkdev.h>
47 #include <linux/genhd.h>
48 #include <linux/completion.h>
49 #include <scsi/scsi.h>
50 #include <scsi/sg.h>
51 #include <scsi/scsi_ioctl.h>
52 #include <linux/cdrom.h>
53 #include <linux/scatterlist.h>
54
55 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
56 #define DRIVER_NAME "HP CISS Driver (v 3.6.20)"
57 #define DRIVER_VERSION CCISS_DRIVER_VERSION(3, 6, 20)
58
59 /* Embedded module documentation macros - see modules.h */
60 MODULE_AUTHOR("Hewlett-Packard Company");
61 MODULE_DESCRIPTION("Driver for HP Smart Array Controllers");
62 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
63                         " SA6i P600 P800 P400 P400i E200 E200i E500 P700m"
64                         " Smart Array G2 Series SAS/SATA Controllers");
65 MODULE_VERSION("3.6.20");
66 MODULE_LICENSE("GPL");
67
68 #include "cciss_cmd.h"
69 #include "cciss.h"
70 #include <linux/cciss_ioctl.h>
71
72 /* define the PCI info for the cards we can control */
73 static const struct pci_device_id cciss_pci_device_id[] = {
74         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,  0x0E11, 0x4070},
75         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4080},
76         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4082},
77         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4083},
78         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x4091},
79         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409A},
80         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409B},
81         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409C},
82         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409D},
83         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSA,     0x103C, 0x3225},
84         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3223},
85         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3234},
86         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3235},
87         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3211},
88         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3212},
89         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3213},
90         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3214},
91         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3215},
92         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3237},
93         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x323D},
94         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3241},
95         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3243},
96         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3245},
97         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3247},
98         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3249},
99         {PCI_VENDOR_ID_HP,     PCI_ANY_ID,      PCI_ANY_ID, PCI_ANY_ID,
100                 PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
101         {0,}
102 };
103
104 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
105
106 /*  board_id = Subsystem Device ID & Vendor ID
107  *  product = Marketing Name for the board
108  *  access = Address of the struct of function pointers
109  */
110 static struct board_type products[] = {
111         {0x40700E11, "Smart Array 5300", &SA5_access},
112         {0x40800E11, "Smart Array 5i", &SA5B_access},
113         {0x40820E11, "Smart Array 532", &SA5B_access},
114         {0x40830E11, "Smart Array 5312", &SA5B_access},
115         {0x409A0E11, "Smart Array 641", &SA5_access},
116         {0x409B0E11, "Smart Array 642", &SA5_access},
117         {0x409C0E11, "Smart Array 6400", &SA5_access},
118         {0x409D0E11, "Smart Array 6400 EM", &SA5_access},
119         {0x40910E11, "Smart Array 6i", &SA5_access},
120         {0x3225103C, "Smart Array P600", &SA5_access},
121         {0x3223103C, "Smart Array P800", &SA5_access},
122         {0x3234103C, "Smart Array P400", &SA5_access},
123         {0x3235103C, "Smart Array P400i", &SA5_access},
124         {0x3211103C, "Smart Array E200i", &SA5_access},
125         {0x3212103C, "Smart Array E200", &SA5_access},
126         {0x3213103C, "Smart Array E200i", &SA5_access},
127         {0x3214103C, "Smart Array E200i", &SA5_access},
128         {0x3215103C, "Smart Array E200i", &SA5_access},
129         {0x3237103C, "Smart Array E500", &SA5_access},
130         {0x323D103C, "Smart Array P700m", &SA5_access},
131         {0x3241103C, "Smart Array P212", &SA5_access},
132         {0x3243103C, "Smart Array P410", &SA5_access},
133         {0x3245103C, "Smart Array P410i", &SA5_access},
134         {0x3247103C, "Smart Array P411", &SA5_access},
135         {0x3249103C, "Smart Array P812", &SA5_access},
136         {0xFFFF103C, "Unknown Smart Array", &SA5_access},
137 };
138
139 /* How long to wait (in milliseconds) for board to go into simple mode */
140 #define MAX_CONFIG_WAIT 30000
141 #define MAX_IOCTL_CONFIG_WAIT 1000
142
143 /*define how many times we will try a command because of bus resets */
144 #define MAX_CMD_RETRIES 3
145
146 #define MAX_CTLR        32
147
148 /* Originally cciss driver only supports 8 major numbers */
149 #define MAX_CTLR_ORIG   8
150
151 static ctlr_info_t *hba[MAX_CTLR];
152
153 static void do_cciss_request(struct request_queue *q);
154 static irqreturn_t do_cciss_intr(int irq, void *dev_id);
155 static int cciss_open(struct block_device *bdev, fmode_t mode);
156 static int cciss_release(struct gendisk *disk, fmode_t mode);
157 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
158                        unsigned int cmd, unsigned long arg);
159 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
160
161 static int cciss_revalidate(struct gendisk *disk);
162 static int rebuild_lun_table(ctlr_info_t *h, int first_time);
163 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
164                            int clear_all);
165
166 static void cciss_read_capacity(int ctlr, int logvol, int withirq,
167                         sector_t *total_size, unsigned int *block_size);
168 static void cciss_read_capacity_16(int ctlr, int logvol, int withirq,
169                         sector_t *total_size, unsigned int *block_size);
170 static void cciss_geometry_inquiry(int ctlr, int logvol,
171                         int withirq, sector_t total_size,
172                         unsigned int block_size, InquiryData_struct *inq_buff,
173                                    drive_info_struct *drv);
174 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *,
175                                            __u32);
176 static void start_io(ctlr_info_t *h);
177 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
178                    unsigned int use_unit_num, unsigned int log_unit,
179                    __u8 page_code, unsigned char *scsi3addr, int cmd_type);
180 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
181                            unsigned int use_unit_num, unsigned int log_unit,
182                            __u8 page_code, int cmd_type);
183
184 static void fail_all_cmds(unsigned long ctlr);
185
186 #ifdef CONFIG_PROC_FS
187 static void cciss_procinit(int i);
188 #else
189 static void cciss_procinit(int i)
190 {
191 }
192 #endif                          /* CONFIG_PROC_FS */
193
194 #ifdef CONFIG_COMPAT
195 static int cciss_compat_ioctl(struct block_device *, fmode_t,
196                               unsigned, unsigned long);
197 #endif
198
199 static struct block_device_operations cciss_fops = {
200         .owner = THIS_MODULE,
201         .open = cciss_open,
202         .release = cciss_release,
203         .locked_ioctl = cciss_ioctl,
204         .getgeo = cciss_getgeo,
205 #ifdef CONFIG_COMPAT
206         .compat_ioctl = cciss_compat_ioctl,
207 #endif
208         .revalidate_disk = cciss_revalidate,
209 };
210
211 /*
212  * Enqueuing and dequeuing functions for cmdlists.
213  */
214 static inline void addQ(CommandList_struct **Qptr, CommandList_struct *c)
215 {
216         if (*Qptr == NULL) {
217                 *Qptr = c;
218                 c->next = c->prev = c;
219         } else {
220                 c->prev = (*Qptr)->prev;
221                 c->next = (*Qptr);
222                 (*Qptr)->prev->next = c;
223                 (*Qptr)->prev = c;
224         }
225 }
226
227 static inline CommandList_struct *removeQ(CommandList_struct **Qptr,
228                                           CommandList_struct *c)
229 {
230         if (c && c->next != c) {
231                 if (*Qptr == c)
232                         *Qptr = c->next;
233                 c->prev->next = c->next;
234                 c->next->prev = c->prev;
235         } else {
236                 *Qptr = NULL;
237         }
238         return c;
239 }
240
241 #include "cciss_scsi.c"         /* For SCSI tape support */
242
243 #define RAID_UNKNOWN 6
244
245 #ifdef CONFIG_PROC_FS
246
247 /*
248  * Report information about this controller.
249  */
250 #define ENG_GIG 1000000000
251 #define ENG_GIG_FACTOR (ENG_GIG/512)
252 #define ENGAGE_SCSI     "engage scsi"
253 static const char *raid_label[] = { "0", "4", "1(1+0)", "5", "5+1", "ADG",
254         "UNKNOWN"
255 };
256
257 static struct proc_dir_entry *proc_cciss;
258
259 static void cciss_seq_show_header(struct seq_file *seq)
260 {
261         ctlr_info_t *h = seq->private;
262
263         seq_printf(seq, "%s: HP %s Controller\n"
264                 "Board ID: 0x%08lx\n"
265                 "Firmware Version: %c%c%c%c\n"
266                 "IRQ: %d\n"
267                 "Logical drives: %d\n"
268                 "Current Q depth: %d\n"
269                 "Current # commands on controller: %d\n"
270                 "Max Q depth since init: %d\n"
271                 "Max # commands on controller since init: %d\n"
272                 "Max SG entries since init: %d\n",
273                 h->devname,
274                 h->product_name,
275                 (unsigned long)h->board_id,
276                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2],
277                 h->firm_ver[3], (unsigned int)h->intr[SIMPLE_MODE_INT],
278                 h->num_luns,
279                 h->Qdepth, h->commands_outstanding,
280                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
281
282 #ifdef CONFIG_CISS_SCSI_TAPE
283         cciss_seq_tape_report(seq, h->ctlr);
284 #endif /* CONFIG_CISS_SCSI_TAPE */
285 }
286
287 static void *cciss_seq_start(struct seq_file *seq, loff_t *pos)
288 {
289         ctlr_info_t *h = seq->private;
290         unsigned ctlr = h->ctlr;
291         unsigned long flags;
292
293         /* prevent displaying bogus info during configuration
294          * or deconfiguration of a logical volume
295          */
296         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
297         if (h->busy_configuring) {
298                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
299                 return ERR_PTR(-EBUSY);
300         }
301         h->busy_configuring = 1;
302         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
303
304         if (*pos == 0)
305                 cciss_seq_show_header(seq);
306
307         return pos;
308 }
309
310 static int cciss_seq_show(struct seq_file *seq, void *v)
311 {
312         sector_t vol_sz, vol_sz_frac;
313         ctlr_info_t *h = seq->private;
314         unsigned ctlr = h->ctlr;
315         loff_t *pos = v;
316         drive_info_struct *drv = &h->drv[*pos];
317
318         if (*pos > h->highest_lun)
319                 return 0;
320
321         if (drv->heads == 0)
322                 return 0;
323
324         vol_sz = drv->nr_blocks;
325         vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
326         vol_sz_frac *= 100;
327         sector_div(vol_sz_frac, ENG_GIG_FACTOR);
328
329         if (drv->raid_level > 5)
330                 drv->raid_level = RAID_UNKNOWN;
331         seq_printf(seq, "cciss/c%dd%d:"
332                         "\t%4u.%02uGB\tRAID %s\n",
333                         ctlr, (int) *pos, (int)vol_sz, (int)vol_sz_frac,
334                         raid_label[drv->raid_level]);
335         return 0;
336 }
337
338 static void *cciss_seq_next(struct seq_file *seq, void *v, loff_t *pos)
339 {
340         ctlr_info_t *h = seq->private;
341
342         if (*pos > h->highest_lun)
343                 return NULL;
344         *pos += 1;
345
346         return pos;
347 }
348
349 static void cciss_seq_stop(struct seq_file *seq, void *v)
350 {
351         ctlr_info_t *h = seq->private;
352
353         /* Only reset h->busy_configuring if we succeeded in setting
354          * it during cciss_seq_start. */
355         if (v == ERR_PTR(-EBUSY))
356                 return;
357
358         h->busy_configuring = 0;
359 }
360
361 static struct seq_operations cciss_seq_ops = {
362         .start = cciss_seq_start,
363         .show  = cciss_seq_show,
364         .next  = cciss_seq_next,
365         .stop  = cciss_seq_stop,
366 };
367
368 static int cciss_seq_open(struct inode *inode, struct file *file)
369 {
370         int ret = seq_open(file, &cciss_seq_ops);
371         struct seq_file *seq = file->private_data;
372
373         if (!ret)
374                 seq->private = PDE(inode)->data;
375
376         return ret;
377 }
378
379 static ssize_t
380 cciss_proc_write(struct file *file, const char __user *buf,
381                  size_t length, loff_t *ppos)
382 {
383         int err;
384         char *buffer;
385
386 #ifndef CONFIG_CISS_SCSI_TAPE
387         return -EINVAL;
388 #endif
389
390         if (!buf || length > PAGE_SIZE - 1)
391                 return -EINVAL;
392
393         buffer = (char *)__get_free_page(GFP_KERNEL);
394         if (!buffer)
395                 return -ENOMEM;
396
397         err = -EFAULT;
398         if (copy_from_user(buffer, buf, length))
399                 goto out;
400         buffer[length] = '\0';
401
402 #ifdef CONFIG_CISS_SCSI_TAPE
403         if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) {
404                 struct seq_file *seq = file->private_data;
405                 ctlr_info_t *h = seq->private;
406                 int rc;
407
408                 rc = cciss_engage_scsi(h->ctlr);
409                 if (rc != 0)
410                         err = -rc;
411                 else
412                         err = length;
413         } else
414 #endif /* CONFIG_CISS_SCSI_TAPE */
415                 err = -EINVAL;
416         /* might be nice to have "disengage" too, but it's not
417            safely possible. (only 1 module use count, lock issues.) */
418
419 out:
420         free_page((unsigned long)buffer);
421         return err;
422 }
423
424 static struct file_operations cciss_proc_fops = {
425         .owner   = THIS_MODULE,
426         .open    = cciss_seq_open,
427         .read    = seq_read,
428         .llseek  = seq_lseek,
429         .release = seq_release,
430         .write   = cciss_proc_write,
431 };
432
433 static void __devinit cciss_procinit(int i)
434 {
435         struct proc_dir_entry *pde;
436
437         if (proc_cciss == NULL)
438                 proc_cciss = proc_mkdir("driver/cciss", NULL);
439         if (!proc_cciss)
440                 return;
441         pde = proc_create_data(hba[i]->devname, S_IWUSR | S_IRUSR | S_IRGRP |
442                                         S_IROTH, proc_cciss,
443                                         &cciss_proc_fops, hba[i]);
444 }
445 #endif                          /* CONFIG_PROC_FS */
446
447 /*
448  * For operations that cannot sleep, a command block is allocated at init,
449  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
450  * which ones are free or in use.  For operations that can wait for kmalloc
451  * to possible sleep, this routine can be called with get_from_pool set to 0.
452  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was.
453  */
454 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool)
455 {
456         CommandList_struct *c;
457         int i;
458         u64bit temp64;
459         dma_addr_t cmd_dma_handle, err_dma_handle;
460
461         if (!get_from_pool) {
462                 c = (CommandList_struct *) pci_alloc_consistent(h->pdev,
463                         sizeof(CommandList_struct), &cmd_dma_handle);
464                 if (c == NULL)
465                         return NULL;
466                 memset(c, 0, sizeof(CommandList_struct));
467
468                 c->cmdindex = -1;
469
470                 c->err_info = (ErrorInfo_struct *)
471                     pci_alloc_consistent(h->pdev, sizeof(ErrorInfo_struct),
472                             &err_dma_handle);
473
474                 if (c->err_info == NULL) {
475                         pci_free_consistent(h->pdev,
476                                 sizeof(CommandList_struct), c, cmd_dma_handle);
477                         return NULL;
478                 }
479                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
480         } else {                /* get it out of the controllers pool */
481
482                 do {
483                         i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
484                         if (i == h->nr_cmds)
485                                 return NULL;
486                 } while (test_and_set_bit
487                          (i & (BITS_PER_LONG - 1),
488                           h->cmd_pool_bits + (i / BITS_PER_LONG)) != 0);
489 #ifdef CCISS_DEBUG
490                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
491 #endif
492                 c = h->cmd_pool + i;
493                 memset(c, 0, sizeof(CommandList_struct));
494                 cmd_dma_handle = h->cmd_pool_dhandle
495                     + i * sizeof(CommandList_struct);
496                 c->err_info = h->errinfo_pool + i;
497                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
498                 err_dma_handle = h->errinfo_pool_dhandle
499                     + i * sizeof(ErrorInfo_struct);
500                 h->nr_allocs++;
501
502                 c->cmdindex = i;
503         }
504
505         c->busaddr = (__u32) cmd_dma_handle;
506         temp64.val = (__u64) err_dma_handle;
507         c->ErrDesc.Addr.lower = temp64.val32.lower;
508         c->ErrDesc.Addr.upper = temp64.val32.upper;
509         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
510
511         c->ctlr = h->ctlr;
512         return c;
513 }
514
515 /*
516  * Frees a command block that was previously allocated with cmd_alloc().
517  */
518 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
519 {
520         int i;
521         u64bit temp64;
522
523         if (!got_from_pool) {
524                 temp64.val32.lower = c->ErrDesc.Addr.lower;
525                 temp64.val32.upper = c->ErrDesc.Addr.upper;
526                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct),
527                                     c->err_info, (dma_addr_t) temp64.val);
528                 pci_free_consistent(h->pdev, sizeof(CommandList_struct),
529                                     c, (dma_addr_t) c->busaddr);
530         } else {
531                 i = c - h->cmd_pool;
532                 clear_bit(i & (BITS_PER_LONG - 1),
533                           h->cmd_pool_bits + (i / BITS_PER_LONG));
534                 h->nr_frees++;
535         }
536 }
537
538 static inline ctlr_info_t *get_host(struct gendisk *disk)
539 {
540         return disk->queue->queuedata;
541 }
542
543 static inline drive_info_struct *get_drv(struct gendisk *disk)
544 {
545         return disk->private_data;
546 }
547
548 /*
549  * Open.  Make sure the device is really there.
550  */
551 static int cciss_open(struct block_device *bdev, fmode_t mode)
552 {
553         ctlr_info_t *host = get_host(bdev->bd_disk);
554         drive_info_struct *drv = get_drv(bdev->bd_disk);
555
556 #ifdef CCISS_DEBUG
557         printk(KERN_DEBUG "cciss_open %s\n", bdev->bd_disk->disk_name);
558 #endif                          /* CCISS_DEBUG */
559
560         if (host->busy_initializing || drv->busy_configuring)
561                 return -EBUSY;
562         /*
563          * Root is allowed to open raw volume zero even if it's not configured
564          * so array config can still work. Root is also allowed to open any
565          * volume that has a LUN ID, so it can issue IOCTL to reread the
566          * disk information.  I don't think I really like this
567          * but I'm already using way to many device nodes to claim another one
568          * for "raw controller".
569          */
570         if (drv->heads == 0) {
571                 if (MINOR(bdev->bd_dev) != 0) { /* not node 0? */
572                         /* if not node 0 make sure it is a partition = 0 */
573                         if (MINOR(bdev->bd_dev) & 0x0f) {
574                                 return -ENXIO;
575                                 /* if it is, make sure we have a LUN ID */
576                         } else if (drv->LunID == 0) {
577                                 return -ENXIO;
578                         }
579                 }
580                 if (!capable(CAP_SYS_ADMIN))
581                         return -EPERM;
582         }
583         drv->usage_count++;
584         host->usage_count++;
585         return 0;
586 }
587
588 /*
589  * Close.  Sync first.
590  */
591 static int cciss_release(struct gendisk *disk, fmode_t mode)
592 {
593         ctlr_info_t *host = get_host(disk);
594         drive_info_struct *drv = get_drv(disk);
595
596 #ifdef CCISS_DEBUG
597         printk(KERN_DEBUG "cciss_release %s\n", disk->disk_name);
598 #endif                          /* CCISS_DEBUG */
599
600         drv->usage_count--;
601         host->usage_count--;
602         return 0;
603 }
604
605 #ifdef CONFIG_COMPAT
606
607 static int do_ioctl(struct block_device *bdev, fmode_t mode,
608                     unsigned cmd, unsigned long arg)
609 {
610         int ret;
611         lock_kernel();
612         ret = cciss_ioctl(bdev, mode, cmd, arg);
613         unlock_kernel();
614         return ret;
615 }
616
617 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
618                                   unsigned cmd, unsigned long arg);
619 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
620                                       unsigned cmd, unsigned long arg);
621
622 static int cciss_compat_ioctl(struct block_device *bdev, fmode_t mode,
623                               unsigned cmd, unsigned long arg)
624 {
625         switch (cmd) {
626         case CCISS_GETPCIINFO:
627         case CCISS_GETINTINFO:
628         case CCISS_SETINTINFO:
629         case CCISS_GETNODENAME:
630         case CCISS_SETNODENAME:
631         case CCISS_GETHEARTBEAT:
632         case CCISS_GETBUSTYPES:
633         case CCISS_GETFIRMVER:
634         case CCISS_GETDRIVVER:
635         case CCISS_REVALIDVOLS:
636         case CCISS_DEREGDISK:
637         case CCISS_REGNEWDISK:
638         case CCISS_REGNEWD:
639         case CCISS_RESCANDISK:
640         case CCISS_GETLUNINFO:
641                 return do_ioctl(bdev, mode, cmd, arg);
642
643         case CCISS_PASSTHRU32:
644                 return cciss_ioctl32_passthru(bdev, mode, cmd, arg);
645         case CCISS_BIG_PASSTHRU32:
646                 return cciss_ioctl32_big_passthru(bdev, mode, cmd, arg);
647
648         default:
649                 return -ENOIOCTLCMD;
650         }
651 }
652
653 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
654                                   unsigned cmd, unsigned long arg)
655 {
656         IOCTL32_Command_struct __user *arg32 =
657             (IOCTL32_Command_struct __user *) arg;
658         IOCTL_Command_struct arg64;
659         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
660         int err;
661         u32 cp;
662
663         err = 0;
664         err |=
665             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
666                            sizeof(arg64.LUN_info));
667         err |=
668             copy_from_user(&arg64.Request, &arg32->Request,
669                            sizeof(arg64.Request));
670         err |=
671             copy_from_user(&arg64.error_info, &arg32->error_info,
672                            sizeof(arg64.error_info));
673         err |= get_user(arg64.buf_size, &arg32->buf_size);
674         err |= get_user(cp, &arg32->buf);
675         arg64.buf = compat_ptr(cp);
676         err |= copy_to_user(p, &arg64, sizeof(arg64));
677
678         if (err)
679                 return -EFAULT;
680
681         err = do_ioctl(bdev, mode, CCISS_PASSTHRU, (unsigned long)p);
682         if (err)
683                 return err;
684         err |=
685             copy_in_user(&arg32->error_info, &p->error_info,
686                          sizeof(arg32->error_info));
687         if (err)
688                 return -EFAULT;
689         return err;
690 }
691
692 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
693                                       unsigned cmd, unsigned long arg)
694 {
695         BIG_IOCTL32_Command_struct __user *arg32 =
696             (BIG_IOCTL32_Command_struct __user *) arg;
697         BIG_IOCTL_Command_struct arg64;
698         BIG_IOCTL_Command_struct __user *p =
699             compat_alloc_user_space(sizeof(arg64));
700         int err;
701         u32 cp;
702
703         err = 0;
704         err |=
705             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
706                            sizeof(arg64.LUN_info));
707         err |=
708             copy_from_user(&arg64.Request, &arg32->Request,
709                            sizeof(arg64.Request));
710         err |=
711             copy_from_user(&arg64.error_info, &arg32->error_info,
712                            sizeof(arg64.error_info));
713         err |= get_user(arg64.buf_size, &arg32->buf_size);
714         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
715         err |= get_user(cp, &arg32->buf);
716         arg64.buf = compat_ptr(cp);
717         err |= copy_to_user(p, &arg64, sizeof(arg64));
718
719         if (err)
720                 return -EFAULT;
721
722         err = do_ioctl(bdev, mode, CCISS_BIG_PASSTHRU, (unsigned long)p);
723         if (err)
724                 return err;
725         err |=
726             copy_in_user(&arg32->error_info, &p->error_info,
727                          sizeof(arg32->error_info));
728         if (err)
729                 return -EFAULT;
730         return err;
731 }
732 #endif
733
734 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
735 {
736         drive_info_struct *drv = get_drv(bdev->bd_disk);
737
738         if (!drv->cylinders)
739                 return -ENXIO;
740
741         geo->heads = drv->heads;
742         geo->sectors = drv->sectors;
743         geo->cylinders = drv->cylinders;
744         return 0;
745 }
746
747 /*
748  * ioctl
749  */
750 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
751                        unsigned int cmd, unsigned long arg)
752 {
753         struct gendisk *disk = bdev->bd_disk;
754         ctlr_info_t *host = get_host(disk);
755         drive_info_struct *drv = get_drv(disk);
756         int ctlr = host->ctlr;
757         void __user *argp = (void __user *)arg;
758
759 #ifdef CCISS_DEBUG
760         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
761 #endif                          /* CCISS_DEBUG */
762
763         switch (cmd) {
764         case CCISS_GETPCIINFO:
765                 {
766                         cciss_pci_info_struct pciinfo;
767
768                         if (!arg)
769                                 return -EINVAL;
770                         pciinfo.domain = pci_domain_nr(host->pdev->bus);
771                         pciinfo.bus = host->pdev->bus->number;
772                         pciinfo.dev_fn = host->pdev->devfn;
773                         pciinfo.board_id = host->board_id;
774                         if (copy_to_user
775                             (argp, &pciinfo, sizeof(cciss_pci_info_struct)))
776                                 return -EFAULT;
777                         return 0;
778                 }
779         case CCISS_GETINTINFO:
780                 {
781                         cciss_coalint_struct intinfo;
782                         if (!arg)
783                                 return -EINVAL;
784                         intinfo.delay =
785                             readl(&host->cfgtable->HostWrite.CoalIntDelay);
786                         intinfo.count =
787                             readl(&host->cfgtable->HostWrite.CoalIntCount);
788                         if (copy_to_user
789                             (argp, &intinfo, sizeof(cciss_coalint_struct)))
790                                 return -EFAULT;
791                         return 0;
792                 }
793         case CCISS_SETINTINFO:
794                 {
795                         cciss_coalint_struct intinfo;
796                         unsigned long flags;
797                         int i;
798
799                         if (!arg)
800                                 return -EINVAL;
801                         if (!capable(CAP_SYS_ADMIN))
802                                 return -EPERM;
803                         if (copy_from_user
804                             (&intinfo, argp, sizeof(cciss_coalint_struct)))
805                                 return -EFAULT;
806                         if ((intinfo.delay == 0) && (intinfo.count == 0))
807                         {
808 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
809                                 return -EINVAL;
810                         }
811                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
812                         /* Update the field, and then ring the doorbell */
813                         writel(intinfo.delay,
814                                &(host->cfgtable->HostWrite.CoalIntDelay));
815                         writel(intinfo.count,
816                                &(host->cfgtable->HostWrite.CoalIntCount));
817                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
818
819                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
820                                 if (!(readl(host->vaddr + SA5_DOORBELL)
821                                       & CFGTBL_ChangeReq))
822                                         break;
823                                 /* delay and try again */
824                                 udelay(1000);
825                         }
826                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
827                         if (i >= MAX_IOCTL_CONFIG_WAIT)
828                                 return -EAGAIN;
829                         return 0;
830                 }
831         case CCISS_GETNODENAME:
832                 {
833                         NodeName_type NodeName;
834                         int i;
835
836                         if (!arg)
837                                 return -EINVAL;
838                         for (i = 0; i < 16; i++)
839                                 NodeName[i] =
840                                     readb(&host->cfgtable->ServerName[i]);
841                         if (copy_to_user(argp, NodeName, sizeof(NodeName_type)))
842                                 return -EFAULT;
843                         return 0;
844                 }
845         case CCISS_SETNODENAME:
846                 {
847                         NodeName_type NodeName;
848                         unsigned long flags;
849                         int i;
850
851                         if (!arg)
852                                 return -EINVAL;
853                         if (!capable(CAP_SYS_ADMIN))
854                                 return -EPERM;
855
856                         if (copy_from_user
857                             (NodeName, argp, sizeof(NodeName_type)))
858                                 return -EFAULT;
859
860                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
861
862                         /* Update the field, and then ring the doorbell */
863                         for (i = 0; i < 16; i++)
864                                 writeb(NodeName[i],
865                                        &host->cfgtable->ServerName[i]);
866
867                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
868
869                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
870                                 if (!(readl(host->vaddr + SA5_DOORBELL)
871                                       & CFGTBL_ChangeReq))
872                                         break;
873                                 /* delay and try again */
874                                 udelay(1000);
875                         }
876                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
877                         if (i >= MAX_IOCTL_CONFIG_WAIT)
878                                 return -EAGAIN;
879                         return 0;
880                 }
881
882         case CCISS_GETHEARTBEAT:
883                 {
884                         Heartbeat_type heartbeat;
885
886                         if (!arg)
887                                 return -EINVAL;
888                         heartbeat = readl(&host->cfgtable->HeartBeat);
889                         if (copy_to_user
890                             (argp, &heartbeat, sizeof(Heartbeat_type)))
891                                 return -EFAULT;
892                         return 0;
893                 }
894         case CCISS_GETBUSTYPES:
895                 {
896                         BusTypes_type BusTypes;
897
898                         if (!arg)
899                                 return -EINVAL;
900                         BusTypes = readl(&host->cfgtable->BusTypes);
901                         if (copy_to_user
902                             (argp, &BusTypes, sizeof(BusTypes_type)))
903                                 return -EFAULT;
904                         return 0;
905                 }
906         case CCISS_GETFIRMVER:
907                 {
908                         FirmwareVer_type firmware;
909
910                         if (!arg)
911                                 return -EINVAL;
912                         memcpy(firmware, host->firm_ver, 4);
913
914                         if (copy_to_user
915                             (argp, firmware, sizeof(FirmwareVer_type)))
916                                 return -EFAULT;
917                         return 0;
918                 }
919         case CCISS_GETDRIVVER:
920                 {
921                         DriverVer_type DriverVer = DRIVER_VERSION;
922
923                         if (!arg)
924                                 return -EINVAL;
925
926                         if (copy_to_user
927                             (argp, &DriverVer, sizeof(DriverVer_type)))
928                                 return -EFAULT;
929                         return 0;
930                 }
931
932         case CCISS_DEREGDISK:
933         case CCISS_REGNEWD:
934         case CCISS_REVALIDVOLS:
935                 return rebuild_lun_table(host, 0);
936
937         case CCISS_GETLUNINFO:{
938                         LogvolInfo_struct luninfo;
939
940                         luninfo.LunID = drv->LunID;
941                         luninfo.num_opens = drv->usage_count;
942                         luninfo.num_parts = 0;
943                         if (copy_to_user(argp, &luninfo,
944                                          sizeof(LogvolInfo_struct)))
945                                 return -EFAULT;
946                         return 0;
947                 }
948         case CCISS_PASSTHRU:
949                 {
950                         IOCTL_Command_struct iocommand;
951                         CommandList_struct *c;
952                         char *buff = NULL;
953                         u64bit temp64;
954                         unsigned long flags;
955                         DECLARE_COMPLETION_ONSTACK(wait);
956
957                         if (!arg)
958                                 return -EINVAL;
959
960                         if (!capable(CAP_SYS_RAWIO))
961                                 return -EPERM;
962
963                         if (copy_from_user
964                             (&iocommand, argp, sizeof(IOCTL_Command_struct)))
965                                 return -EFAULT;
966                         if ((iocommand.buf_size < 1) &&
967                             (iocommand.Request.Type.Direction != XFER_NONE)) {
968                                 return -EINVAL;
969                         }
970 #if 0                           /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
971                         /* Check kmalloc limits */
972                         if (iocommand.buf_size > 128000)
973                                 return -EINVAL;
974 #endif
975                         if (iocommand.buf_size > 0) {
976                                 buff = kmalloc(iocommand.buf_size, GFP_KERNEL);
977                                 if (buff == NULL)
978                                         return -EFAULT;
979                         }
980                         if (iocommand.Request.Type.Direction == XFER_WRITE) {
981                                 /* Copy the data into the buffer we created */
982                                 if (copy_from_user
983                                     (buff, iocommand.buf, iocommand.buf_size)) {
984                                         kfree(buff);
985                                         return -EFAULT;
986                                 }
987                         } else {
988                                 memset(buff, 0, iocommand.buf_size);
989                         }
990                         if ((c = cmd_alloc(host, 0)) == NULL) {
991                                 kfree(buff);
992                                 return -ENOMEM;
993                         }
994                         // Fill in the command type
995                         c->cmd_type = CMD_IOCTL_PEND;
996                         // Fill in Command Header
997                         c->Header.ReplyQueue = 0;       // unused in simple mode
998                         if (iocommand.buf_size > 0)     // buffer to fill
999                         {
1000                                 c->Header.SGList = 1;
1001                                 c->Header.SGTotal = 1;
1002                         } else  // no buffers to fill
1003                         {
1004                                 c->Header.SGList = 0;
1005                                 c->Header.SGTotal = 0;
1006                         }
1007                         c->Header.LUN = iocommand.LUN_info;
1008                         c->Header.Tag.lower = c->busaddr;       // use the kernel address the cmd block for tag
1009
1010                         // Fill in Request block
1011                         c->Request = iocommand.Request;
1012
1013                         // Fill in the scatter gather information
1014                         if (iocommand.buf_size > 0) {
1015                                 temp64.val = pci_map_single(host->pdev, buff,
1016                                         iocommand.buf_size,
1017                                         PCI_DMA_BIDIRECTIONAL);
1018                                 c->SG[0].Addr.lower = temp64.val32.lower;
1019                                 c->SG[0].Addr.upper = temp64.val32.upper;
1020                                 c->SG[0].Len = iocommand.buf_size;
1021                                 c->SG[0].Ext = 0;       // we are not chaining
1022                         }
1023                         c->waiting = &wait;
1024
1025                         /* Put the request on the tail of the request queue */
1026                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1027                         addQ(&host->reqQ, c);
1028                         host->Qdepth++;
1029                         start_io(host);
1030                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1031
1032                         wait_for_completion(&wait);
1033
1034                         /* unlock the buffers from DMA */
1035                         temp64.val32.lower = c->SG[0].Addr.lower;
1036                         temp64.val32.upper = c->SG[0].Addr.upper;
1037                         pci_unmap_single(host->pdev, (dma_addr_t) temp64.val,
1038                                          iocommand.buf_size,
1039                                          PCI_DMA_BIDIRECTIONAL);
1040
1041                         /* Copy the error information out */
1042                         iocommand.error_info = *(c->err_info);
1043                         if (copy_to_user
1044                             (argp, &iocommand, sizeof(IOCTL_Command_struct))) {
1045                                 kfree(buff);
1046                                 cmd_free(host, c, 0);
1047                                 return -EFAULT;
1048                         }
1049
1050                         if (iocommand.Request.Type.Direction == XFER_READ) {
1051                                 /* Copy the data out of the buffer we created */
1052                                 if (copy_to_user
1053                                     (iocommand.buf, buff, iocommand.buf_size)) {
1054                                         kfree(buff);
1055                                         cmd_free(host, c, 0);
1056                                         return -EFAULT;
1057                                 }
1058                         }
1059                         kfree(buff);
1060                         cmd_free(host, c, 0);
1061                         return 0;
1062                 }
1063         case CCISS_BIG_PASSTHRU:{
1064                         BIG_IOCTL_Command_struct *ioc;
1065                         CommandList_struct *c;
1066                         unsigned char **buff = NULL;
1067                         int *buff_size = NULL;
1068                         u64bit temp64;
1069                         unsigned long flags;
1070                         BYTE sg_used = 0;
1071                         int status = 0;
1072                         int i;
1073                         DECLARE_COMPLETION_ONSTACK(wait);
1074                         __u32 left;
1075                         __u32 sz;
1076                         BYTE __user *data_ptr;
1077
1078                         if (!arg)
1079                                 return -EINVAL;
1080                         if (!capable(CAP_SYS_RAWIO))
1081                                 return -EPERM;
1082                         ioc = (BIG_IOCTL_Command_struct *)
1083                             kmalloc(sizeof(*ioc), GFP_KERNEL);
1084                         if (!ioc) {
1085                                 status = -ENOMEM;
1086                                 goto cleanup1;
1087                         }
1088                         if (copy_from_user(ioc, argp, sizeof(*ioc))) {
1089                                 status = -EFAULT;
1090                                 goto cleanup1;
1091                         }
1092                         if ((ioc->buf_size < 1) &&
1093                             (ioc->Request.Type.Direction != XFER_NONE)) {
1094                                 status = -EINVAL;
1095                                 goto cleanup1;
1096                         }
1097                         /* Check kmalloc limits  using all SGs */
1098                         if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
1099                                 status = -EINVAL;
1100                                 goto cleanup1;
1101                         }
1102                         if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
1103                                 status = -EINVAL;
1104                                 goto cleanup1;
1105                         }
1106                         buff =
1107                             kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
1108                         if (!buff) {
1109                                 status = -ENOMEM;
1110                                 goto cleanup1;
1111                         }
1112                         buff_size = kmalloc(MAXSGENTRIES * sizeof(int),
1113                                                    GFP_KERNEL);
1114                         if (!buff_size) {
1115                                 status = -ENOMEM;
1116                                 goto cleanup1;
1117                         }
1118                         left = ioc->buf_size;
1119                         data_ptr = ioc->buf;
1120                         while (left) {
1121                                 sz = (left >
1122                                       ioc->malloc_size) ? ioc->
1123                                     malloc_size : left;
1124                                 buff_size[sg_used] = sz;
1125                                 buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1126                                 if (buff[sg_used] == NULL) {
1127                                         status = -ENOMEM;
1128                                         goto cleanup1;
1129                                 }
1130                                 if (ioc->Request.Type.Direction == XFER_WRITE) {
1131                                         if (copy_from_user
1132                                             (buff[sg_used], data_ptr, sz)) {
1133                                                 status = -EFAULT;
1134                                                 goto cleanup1;
1135                                         }
1136                                 } else {
1137                                         memset(buff[sg_used], 0, sz);
1138                                 }
1139                                 left -= sz;
1140                                 data_ptr += sz;
1141                                 sg_used++;
1142                         }
1143                         if ((c = cmd_alloc(host, 0)) == NULL) {
1144                                 status = -ENOMEM;
1145                                 goto cleanup1;
1146                         }
1147                         c->cmd_type = CMD_IOCTL_PEND;
1148                         c->Header.ReplyQueue = 0;
1149
1150                         if (ioc->buf_size > 0) {
1151                                 c->Header.SGList = sg_used;
1152                                 c->Header.SGTotal = sg_used;
1153                         } else {
1154                                 c->Header.SGList = 0;
1155                                 c->Header.SGTotal = 0;
1156                         }
1157                         c->Header.LUN = ioc->LUN_info;
1158                         c->Header.Tag.lower = c->busaddr;
1159
1160                         c->Request = ioc->Request;
1161                         if (ioc->buf_size > 0) {
1162                                 int i;
1163                                 for (i = 0; i < sg_used; i++) {
1164                                         temp64.val =
1165                                             pci_map_single(host->pdev, buff[i],
1166                                                     buff_size[i],
1167                                                     PCI_DMA_BIDIRECTIONAL);
1168                                         c->SG[i].Addr.lower =
1169                                             temp64.val32.lower;
1170                                         c->SG[i].Addr.upper =
1171                                             temp64.val32.upper;
1172                                         c->SG[i].Len = buff_size[i];
1173                                         c->SG[i].Ext = 0;       /* we are not chaining */
1174                                 }
1175                         }
1176                         c->waiting = &wait;
1177                         /* Put the request on the tail of the request queue */
1178                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1179                         addQ(&host->reqQ, c);
1180                         host->Qdepth++;
1181                         start_io(host);
1182                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1183                         wait_for_completion(&wait);
1184                         /* unlock the buffers from DMA */
1185                         for (i = 0; i < sg_used; i++) {
1186                                 temp64.val32.lower = c->SG[i].Addr.lower;
1187                                 temp64.val32.upper = c->SG[i].Addr.upper;
1188                                 pci_unmap_single(host->pdev,
1189                                         (dma_addr_t) temp64.val, buff_size[i],
1190                                         PCI_DMA_BIDIRECTIONAL);
1191                         }
1192                         /* Copy the error information out */
1193                         ioc->error_info = *(c->err_info);
1194                         if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1195                                 cmd_free(host, c, 0);
1196                                 status = -EFAULT;
1197                                 goto cleanup1;
1198                         }
1199                         if (ioc->Request.Type.Direction == XFER_READ) {
1200                                 /* Copy the data out of the buffer we created */
1201                                 BYTE __user *ptr = ioc->buf;
1202                                 for (i = 0; i < sg_used; i++) {
1203                                         if (copy_to_user
1204                                             (ptr, buff[i], buff_size[i])) {
1205                                                 cmd_free(host, c, 0);
1206                                                 status = -EFAULT;
1207                                                 goto cleanup1;
1208                                         }
1209                                         ptr += buff_size[i];
1210                                 }
1211                         }
1212                         cmd_free(host, c, 0);
1213                         status = 0;
1214                       cleanup1:
1215                         if (buff) {
1216                                 for (i = 0; i < sg_used; i++)
1217                                         kfree(buff[i]);
1218                                 kfree(buff);
1219                         }
1220                         kfree(buff_size);
1221                         kfree(ioc);
1222                         return status;
1223                 }
1224
1225         /* scsi_cmd_ioctl handles these, below, though some are not */
1226         /* very meaningful for cciss.  SG_IO is the main one people want. */
1227
1228         case SG_GET_VERSION_NUM:
1229         case SG_SET_TIMEOUT:
1230         case SG_GET_TIMEOUT:
1231         case SG_GET_RESERVED_SIZE:
1232         case SG_SET_RESERVED_SIZE:
1233         case SG_EMULATED_HOST:
1234         case SG_IO:
1235         case SCSI_IOCTL_SEND_COMMAND:
1236                 return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp);
1237
1238         /* scsi_cmd_ioctl would normally handle these, below, but */
1239         /* they aren't a good fit for cciss, as CD-ROMs are */
1240         /* not supported, and we don't have any bus/target/lun */
1241         /* which we present to the kernel. */
1242
1243         case CDROM_SEND_PACKET:
1244         case CDROMCLOSETRAY:
1245         case CDROMEJECT:
1246         case SCSI_IOCTL_GET_IDLUN:
1247         case SCSI_IOCTL_GET_BUS_NUMBER:
1248         default:
1249                 return -ENOTTY;
1250         }
1251 }
1252
1253 static void cciss_check_queues(ctlr_info_t *h)
1254 {
1255         int start_queue = h->next_to_run;
1256         int i;
1257
1258         /* check to see if we have maxed out the number of commands that can
1259          * be placed on the queue.  If so then exit.  We do this check here
1260          * in case the interrupt we serviced was from an ioctl and did not
1261          * free any new commands.
1262          */
1263         if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds)
1264                 return;
1265
1266         /* We have room on the queue for more commands.  Now we need to queue
1267          * them up.  We will also keep track of the next queue to run so
1268          * that every queue gets a chance to be started first.
1269          */
1270         for (i = 0; i < h->highest_lun + 1; i++) {
1271                 int curr_queue = (start_queue + i) % (h->highest_lun + 1);
1272                 /* make sure the disk has been added and the drive is real
1273                  * because this can be called from the middle of init_one.
1274                  */
1275                 if (!(h->drv[curr_queue].queue) || !(h->drv[curr_queue].heads))
1276                         continue;
1277                 blk_start_queue(h->gendisk[curr_queue]->queue);
1278
1279                 /* check to see if we have maxed out the number of commands
1280                  * that can be placed on the queue.
1281                  */
1282                 if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds) {
1283                         if (curr_queue == start_queue) {
1284                                 h->next_to_run =
1285                                     (start_queue + 1) % (h->highest_lun + 1);
1286                                 break;
1287                         } else {
1288                                 h->next_to_run = curr_queue;
1289                                 break;
1290                         }
1291                 }
1292         }
1293 }
1294
1295 static void cciss_softirq_done(struct request *rq)
1296 {
1297         CommandList_struct *cmd = rq->completion_data;
1298         ctlr_info_t *h = hba[cmd->ctlr];
1299         unsigned long flags;
1300         u64bit temp64;
1301         int i, ddir;
1302
1303         if (cmd->Request.Type.Direction == XFER_READ)
1304                 ddir = PCI_DMA_FROMDEVICE;
1305         else
1306                 ddir = PCI_DMA_TODEVICE;
1307
1308         /* command did not need to be retried */
1309         /* unmap the DMA mapping for all the scatter gather elements */
1310         for (i = 0; i < cmd->Header.SGList; i++) {
1311                 temp64.val32.lower = cmd->SG[i].Addr.lower;
1312                 temp64.val32.upper = cmd->SG[i].Addr.upper;
1313                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
1314         }
1315
1316 #ifdef CCISS_DEBUG
1317         printk("Done with %p\n", rq);
1318 #endif                          /* CCISS_DEBUG */
1319
1320         if (blk_end_request(rq, (rq->errors == 0) ? 0 : -EIO, blk_rq_bytes(rq)))
1321                 BUG();
1322
1323         spin_lock_irqsave(&h->lock, flags);
1324         cmd_free(h, cmd, 1);
1325         cciss_check_queues(h);
1326         spin_unlock_irqrestore(&h->lock, flags);
1327 }
1328
1329 /* This function gets the serial number of a logical drive via
1330  * inquiry page 0x83.  Serial no. is 16 bytes.  If the serial
1331  * number cannot be had, for whatever reason, 16 bytes of 0xff
1332  * are returned instead.
1333  */
1334 static void cciss_get_serial_no(int ctlr, int logvol, int withirq,
1335                                 unsigned char *serial_no, int buflen)
1336 {
1337 #define PAGE_83_INQ_BYTES 64
1338         int rc;
1339         unsigned char *buf;
1340
1341         if (buflen > 16)
1342                 buflen = 16;
1343         memset(serial_no, 0xff, buflen);
1344         buf = kzalloc(PAGE_83_INQ_BYTES, GFP_KERNEL);
1345         if (!buf)
1346                 return;
1347         memset(serial_no, 0, buflen);
1348         if (withirq)
1349                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, buf,
1350                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, TYPE_CMD);
1351         else
1352                 rc = sendcmd(CISS_INQUIRY, ctlr, buf,
1353                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, NULL, TYPE_CMD);
1354         if (rc == IO_OK)
1355                 memcpy(serial_no, &buf[8], buflen);
1356         kfree(buf);
1357         return;
1358 }
1359
1360 static void cciss_add_disk(ctlr_info_t *h, struct gendisk *disk,
1361                                 int drv_index)
1362 {
1363         disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1364         sprintf(disk->disk_name, "cciss/c%dd%d", h->ctlr, drv_index);
1365         disk->major = h->major;
1366         disk->first_minor = drv_index << NWD_SHIFT;
1367         disk->fops = &cciss_fops;
1368         disk->private_data = &h->drv[drv_index];
1369
1370         /* Set up queue information */
1371         blk_queue_bounce_limit(disk->queue, h->pdev->dma_mask);
1372
1373         /* This is a hardware imposed limit. */
1374         blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1375
1376         /* This is a limit in the driver and could be eliminated. */
1377         blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1378
1379         blk_queue_max_sectors(disk->queue, h->cciss_max_sectors);
1380
1381         blk_queue_softirq_done(disk->queue, cciss_softirq_done);
1382
1383         disk->queue->queuedata = h;
1384
1385         blk_queue_hardsect_size(disk->queue,
1386                                 h->drv[drv_index].block_size);
1387
1388         /* Make sure all queue data is written out before */
1389         /* setting h->drv[drv_index].queue, as setting this */
1390         /* allows the interrupt handler to start the queue */
1391         wmb();
1392         h->drv[drv_index].queue = disk->queue;
1393         add_disk(disk);
1394 }
1395
1396 /* This function will check the usage_count of the drive to be updated/added.
1397  * If the usage_count is zero and it is a heretofore unknown drive, or,
1398  * the drive's capacity, geometry, or serial number has changed,
1399  * then the drive information will be updated and the disk will be
1400  * re-registered with the kernel.  If these conditions don't hold,
1401  * then it will be left alone for the next reboot.  The exception to this
1402  * is disk 0 which will always be left registered with the kernel since it
1403  * is also the controller node.  Any changes to disk 0 will show up on
1404  * the next reboot.
1405  */
1406 static void cciss_update_drive_info(int ctlr, int drv_index, int first_time)
1407 {
1408         ctlr_info_t *h = hba[ctlr];
1409         struct gendisk *disk;
1410         InquiryData_struct *inq_buff = NULL;
1411         unsigned int block_size;
1412         sector_t total_size;
1413         unsigned long flags = 0;
1414         int ret = 0;
1415         drive_info_struct *drvinfo;
1416         int was_only_controller_node;
1417
1418         /* Get information about the disk and modify the driver structure */
1419         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1420         drvinfo = kmalloc(sizeof(*drvinfo), GFP_KERNEL);
1421         if (inq_buff == NULL || drvinfo == NULL)
1422                 goto mem_msg;
1423
1424         /* See if we're trying to update the "controller node"
1425          * this will happen the when the first logical drive gets
1426          * created by ACU.
1427          */
1428         was_only_controller_node = (drv_index == 0 &&
1429                                 h->drv[0].raid_level == -1);
1430
1431         /* testing to see if 16-byte CDBs are already being used */
1432         if (h->cciss_read == CCISS_READ_16) {
1433                 cciss_read_capacity_16(h->ctlr, drv_index, 1,
1434                         &total_size, &block_size);
1435
1436         } else {
1437                 cciss_read_capacity(ctlr, drv_index, 1,
1438                                     &total_size, &block_size);
1439
1440                 /* if read_capacity returns all F's this volume is >2TB */
1441                 /* in size so we switch to 16-byte CDB's for all */
1442                 /* read/write ops */
1443                 if (total_size == 0xFFFFFFFFULL) {
1444                         cciss_read_capacity_16(ctlr, drv_index, 1,
1445                         &total_size, &block_size);
1446                         h->cciss_read = CCISS_READ_16;
1447                         h->cciss_write = CCISS_WRITE_16;
1448                 } else {
1449                         h->cciss_read = CCISS_READ_10;
1450                         h->cciss_write = CCISS_WRITE_10;
1451                 }
1452         }
1453
1454         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1455                                inq_buff, drvinfo);
1456         drvinfo->block_size = block_size;
1457         drvinfo->nr_blocks = total_size + 1;
1458
1459         cciss_get_serial_no(ctlr, drv_index, 1, drvinfo->serial_no,
1460                         sizeof(drvinfo->serial_no));
1461
1462         /* Is it the same disk we already know, and nothing's changed? */
1463         if (h->drv[drv_index].raid_level != -1 &&
1464                 ((memcmp(drvinfo->serial_no,
1465                                 h->drv[drv_index].serial_no, 16) == 0) &&
1466                 drvinfo->block_size == h->drv[drv_index].block_size &&
1467                 drvinfo->nr_blocks == h->drv[drv_index].nr_blocks &&
1468                 drvinfo->heads == h->drv[drv_index].heads &&
1469                 drvinfo->sectors == h->drv[drv_index].sectors &&
1470                 drvinfo->cylinders == h->drv[drv_index].cylinders))
1471                         /* The disk is unchanged, nothing to update */
1472                         goto freeret;
1473
1474         /* If we get here it's not the same disk, or something's changed,
1475          * so we need to * deregister it, and re-register it, if it's not
1476          * in use.
1477          * If the disk already exists then deregister it before proceeding
1478          * (unless it's the first disk (for the controller node).
1479          */
1480         if (h->drv[drv_index].raid_level != -1 && drv_index != 0) {
1481                 printk(KERN_WARNING "disk %d has changed.\n", drv_index);
1482                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1483                 h->drv[drv_index].busy_configuring = 1;
1484                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1485
1486                 /* deregister_disk sets h->drv[drv_index].queue = NULL
1487                  * which keeps the interrupt handler from starting
1488                  * the queue.
1489                  */
1490                 ret = deregister_disk(h->gendisk[drv_index],
1491                                       &h->drv[drv_index], 0);
1492                 h->drv[drv_index].busy_configuring = 0;
1493         }
1494
1495         /* If the disk is in use return */
1496         if (ret)
1497                 goto freeret;
1498
1499         /* Save the new information from cciss_geometry_inquiry
1500          * and serial number inquiry.
1501          */
1502         h->drv[drv_index].block_size = drvinfo->block_size;
1503         h->drv[drv_index].nr_blocks = drvinfo->nr_blocks;
1504         h->drv[drv_index].heads = drvinfo->heads;
1505         h->drv[drv_index].sectors = drvinfo->sectors;
1506         h->drv[drv_index].cylinders = drvinfo->cylinders;
1507         h->drv[drv_index].raid_level = drvinfo->raid_level;
1508         memcpy(h->drv[drv_index].serial_no, drvinfo->serial_no, 16);
1509
1510         ++h->num_luns;
1511         disk = h->gendisk[drv_index];
1512         set_capacity(disk, h->drv[drv_index].nr_blocks);
1513
1514         /* If it's not disk 0 (drv_index != 0)
1515          * or if it was disk 0, but there was previously
1516          * no actual corresponding configured logical drive
1517          * (raid_leve == -1) then we want to update the
1518          * logical drive's information.
1519          */
1520         if (drv_index || first_time)
1521                 cciss_add_disk(h, disk, drv_index);
1522
1523 freeret:
1524         kfree(inq_buff);
1525         kfree(drvinfo);
1526         return;
1527 mem_msg:
1528         printk(KERN_ERR "cciss: out of memory\n");
1529         goto freeret;
1530 }
1531
1532 /* This function will find the first index of the controllers drive array
1533  * that has a -1 for the raid_level and will return that index.  This is
1534  * where new drives will be added.  If the index to be returned is greater
1535  * than the highest_lun index for the controller then highest_lun is set
1536  * to this new index.  If there are no available indexes then -1 is returned.
1537  * "controller_node" is used to know if this is a real logical drive, or just
1538  * the controller node, which determines if this counts towards highest_lun.
1539  */
1540 static int cciss_find_free_drive_index(int ctlr, int controller_node)
1541 {
1542         int i;
1543
1544         for (i = 0; i < CISS_MAX_LUN; i++) {
1545                 if (hba[ctlr]->drv[i].raid_level == -1) {
1546                         if (i > hba[ctlr]->highest_lun)
1547                                 if (!controller_node)
1548                                         hba[ctlr]->highest_lun = i;
1549                         return i;
1550                 }
1551         }
1552         return -1;
1553 }
1554
1555 /* cciss_add_gendisk finds a free hba[]->drv structure
1556  * and allocates a gendisk if needed, and sets the lunid
1557  * in the drvinfo structure.   It returns the index into
1558  * the ->drv[] array, or -1 if none are free.
1559  * is_controller_node indicates whether highest_lun should
1560  * count this disk, or if it's only being added to provide
1561  * a means to talk to the controller in case no logical
1562  * drives have yet been configured.
1563  */
1564 static int cciss_add_gendisk(ctlr_info_t *h, __u32 lunid, int controller_node)
1565 {
1566         int drv_index;
1567
1568         drv_index = cciss_find_free_drive_index(h->ctlr, controller_node);
1569         if (drv_index == -1)
1570                 return -1;
1571         /*Check if the gendisk needs to be allocated */
1572         if (!h->gendisk[drv_index]) {
1573                 h->gendisk[drv_index] =
1574                         alloc_disk(1 << NWD_SHIFT);
1575                 if (!h->gendisk[drv_index]) {
1576                         printk(KERN_ERR "cciss%d: could not "
1577                                 "allocate a new disk %d\n",
1578                                 h->ctlr, drv_index);
1579                         return -1;
1580                 }
1581         }
1582         h->drv[drv_index].LunID = lunid;
1583
1584         /* Don't need to mark this busy because nobody */
1585         /* else knows about this disk yet to contend */
1586         /* for access to it. */
1587         h->drv[drv_index].busy_configuring = 0;
1588         wmb();
1589         return drv_index;
1590 }
1591
1592 /* This is for the special case of a controller which
1593  * has no logical drives.  In this case, we still need
1594  * to register a disk so the controller can be accessed
1595  * by the Array Config Utility.
1596  */
1597 static void cciss_add_controller_node(ctlr_info_t *h)
1598 {
1599         struct gendisk *disk;
1600         int drv_index;
1601
1602         if (h->gendisk[0] != NULL) /* already did this? Then bail. */
1603                 return;
1604
1605         drv_index = cciss_add_gendisk(h, 0, 1);
1606         if (drv_index == -1) {
1607                 printk(KERN_WARNING "cciss%d: could not "
1608                         "add disk 0.\n", h->ctlr);
1609                 return;
1610         }
1611         h->drv[drv_index].block_size = 512;
1612         h->drv[drv_index].nr_blocks = 0;
1613         h->drv[drv_index].heads = 0;
1614         h->drv[drv_index].sectors = 0;
1615         h->drv[drv_index].cylinders = 0;
1616         h->drv[drv_index].raid_level = -1;
1617         memset(h->drv[drv_index].serial_no, 0, 16);
1618         disk = h->gendisk[drv_index];
1619         cciss_add_disk(h, disk, drv_index);
1620 }
1621
1622 /* This function will add and remove logical drives from the Logical
1623  * drive array of the controller and maintain persistency of ordering
1624  * so that mount points are preserved until the next reboot.  This allows
1625  * for the removal of logical drives in the middle of the drive array
1626  * without a re-ordering of those drives.
1627  * INPUT
1628  * h            = The controller to perform the operations on
1629  */
1630 static int rebuild_lun_table(ctlr_info_t *h, int first_time)
1631 {
1632         int ctlr = h->ctlr;
1633         int num_luns;
1634         ReportLunData_struct *ld_buff = NULL;
1635         int return_code;
1636         int listlength = 0;
1637         int i;
1638         int drv_found;
1639         int drv_index = 0;
1640         __u32 lunid = 0;
1641         unsigned long flags;
1642
1643         if (!capable(CAP_SYS_RAWIO))
1644                 return -EPERM;
1645
1646         /* Set busy_configuring flag for this operation */
1647         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1648         if (h->busy_configuring) {
1649                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1650                 return -EBUSY;
1651         }
1652         h->busy_configuring = 1;
1653         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1654
1655         ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
1656         if (ld_buff == NULL)
1657                 goto mem_msg;
1658
1659         return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
1660                                       sizeof(ReportLunData_struct), 0,
1661                                       0, 0, TYPE_CMD);
1662
1663         if (return_code == IO_OK)
1664                 listlength = be32_to_cpu(*(__be32 *) ld_buff->LUNListLength);
1665         else {  /* reading number of logical volumes failed */
1666                 printk(KERN_WARNING "cciss: report logical volume"
1667                        " command failed\n");
1668                 listlength = 0;
1669                 goto freeret;
1670         }
1671
1672         num_luns = listlength / 8;      /* 8 bytes per entry */
1673         if (num_luns > CISS_MAX_LUN) {
1674                 num_luns = CISS_MAX_LUN;
1675                 printk(KERN_WARNING "cciss: more luns configured"
1676                        " on controller than can be handled by"
1677                        " this driver.\n");
1678         }
1679
1680         if (num_luns == 0)
1681                 cciss_add_controller_node(h);
1682
1683         /* Compare controller drive array to driver's drive array
1684          * to see if any drives are missing on the controller due
1685          * to action of Array Config Utility (user deletes drive)
1686          * and deregister logical drives which have disappeared.
1687          */
1688         for (i = 0; i <= h->highest_lun; i++) {
1689                 int j;
1690                 drv_found = 0;
1691                 for (j = 0; j < num_luns; j++) {
1692                         memcpy(&lunid, &ld_buff->LUN[j][0], 4);
1693                         lunid = le32_to_cpu(lunid);
1694                         if (h->drv[i].LunID == lunid) {
1695                                 drv_found = 1;
1696                                 break;
1697                         }
1698                 }
1699                 if (!drv_found) {
1700                         /* Deregister it from the OS, it's gone. */
1701                         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1702                         h->drv[i].busy_configuring = 1;
1703                         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1704                         return_code = deregister_disk(h->gendisk[i],
1705                                 &h->drv[i], 1);
1706                         h->drv[i].busy_configuring = 0;
1707                 }
1708         }
1709
1710         /* Compare controller drive array to driver's drive array.
1711          * Check for updates in the drive information and any new drives
1712          * on the controller due to ACU adding logical drives, or changing
1713          * a logical drive's size, etc.  Reregister any new/changed drives
1714          */
1715         for (i = 0; i < num_luns; i++) {
1716                 int j;
1717
1718                 drv_found = 0;
1719
1720                 memcpy(&lunid, &ld_buff->LUN[i][0], 4);
1721                 lunid = le32_to_cpu(lunid);
1722
1723                 /* Find if the LUN is already in the drive array
1724                  * of the driver.  If so then update its info
1725                  * if not in use.  If it does not exist then find
1726                  * the first free index and add it.
1727                  */
1728                 for (j = 0; j <= h->highest_lun; j++) {
1729                         if (h->drv[j].raid_level != -1 &&
1730                                 h->drv[j].LunID == lunid) {
1731                                 drv_index = j;
1732                                 drv_found = 1;
1733                                 break;
1734                         }
1735                 }
1736
1737                 /* check if the drive was found already in the array */
1738                 if (!drv_found) {
1739                         drv_index = cciss_add_gendisk(h, lunid, 0);
1740                         if (drv_index == -1)
1741                                 goto freeret;
1742                 }
1743                 cciss_update_drive_info(ctlr, drv_index, first_time);
1744         }               /* end for */
1745
1746 freeret:
1747         kfree(ld_buff);
1748         h->busy_configuring = 0;
1749         /* We return -1 here to tell the ACU that we have registered/updated
1750          * all of the drives that we can and to keep it from calling us
1751          * additional times.
1752          */
1753         return -1;
1754 mem_msg:
1755         printk(KERN_ERR "cciss: out of memory\n");
1756         h->busy_configuring = 0;
1757         goto freeret;
1758 }
1759
1760 /* This function will deregister the disk and it's queue from the
1761  * kernel.  It must be called with the controller lock held and the
1762  * drv structures busy_configuring flag set.  It's parameters are:
1763  *
1764  * disk = This is the disk to be deregistered
1765  * drv  = This is the drive_info_struct associated with the disk to be
1766  *        deregistered.  It contains information about the disk used
1767  *        by the driver.
1768  * clear_all = This flag determines whether or not the disk information
1769  *             is going to be completely cleared out and the highest_lun
1770  *             reset.  Sometimes we want to clear out information about
1771  *             the disk in preparation for re-adding it.  In this case
1772  *             the highest_lun should be left unchanged and the LunID
1773  *             should not be cleared.
1774 */
1775 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
1776                            int clear_all)
1777 {
1778         int i;
1779         ctlr_info_t *h = get_host(disk);
1780
1781         if (!capable(CAP_SYS_RAWIO))
1782                 return -EPERM;
1783
1784         /* make sure logical volume is NOT is use */
1785         if (clear_all || (h->gendisk[0] == disk)) {
1786                 if (drv->usage_count > 1)
1787                         return -EBUSY;
1788         } else if (drv->usage_count > 0)
1789                 return -EBUSY;
1790
1791         /* invalidate the devices and deregister the disk.  If it is disk
1792          * zero do not deregister it but just zero out it's values.  This
1793          * allows us to delete disk zero but keep the controller registered.
1794          */
1795         if (h->gendisk[0] != disk) {
1796                 struct request_queue *q = disk->queue;
1797                 if (disk->flags & GENHD_FL_UP)
1798                         del_gendisk(disk);
1799                 if (q) {
1800                         blk_cleanup_queue(q);
1801                         /* Set drv->queue to NULL so that we do not try
1802                          * to call blk_start_queue on this queue in the
1803                          * interrupt handler
1804                          */
1805                         drv->queue = NULL;
1806                 }
1807                 /* If clear_all is set then we are deleting the logical
1808                  * drive, not just refreshing its info.  For drives
1809                  * other than disk 0 we will call put_disk.  We do not
1810                  * do this for disk 0 as we need it to be able to
1811                  * configure the controller.
1812                  */
1813                 if (clear_all){
1814                         /* This isn't pretty, but we need to find the
1815                          * disk in our array and NULL our the pointer.
1816                          * This is so that we will call alloc_disk if
1817                          * this index is used again later.
1818                          */
1819                         for (i=0; i < CISS_MAX_LUN; i++){
1820                                 if (h->gendisk[i] == disk) {
1821                                         h->gendisk[i] = NULL;
1822                                         break;
1823                                 }
1824                         }
1825                         put_disk(disk);
1826                 }
1827         } else {
1828                 set_capacity(disk, 0);
1829         }
1830
1831         --h->num_luns;
1832         /* zero out the disk size info */
1833         drv->nr_blocks = 0;
1834         drv->block_size = 0;
1835         drv->heads = 0;
1836         drv->sectors = 0;
1837         drv->cylinders = 0;
1838         drv->raid_level = -1;   /* This can be used as a flag variable to
1839                                  * indicate that this element of the drive
1840                                  * array is free.
1841                                  */
1842
1843         if (clear_all) {
1844                 /* check to see if it was the last disk */
1845                 if (drv == h->drv + h->highest_lun) {
1846                         /* if so, find the new hightest lun */
1847                         int i, newhighest = -1;
1848                         for (i = 0; i <= h->highest_lun; i++) {
1849                                 /* if the disk has size > 0, it is available */
1850                                 if (h->drv[i].heads)
1851                                         newhighest = i;
1852                         }
1853                         h->highest_lun = newhighest;
1854                 }
1855
1856                 drv->LunID = 0;
1857         }
1858         return 0;
1859 }
1860
1861 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
1862                                                                                                                            1: address logical volume log_unit,
1863                                                                                                                            2: periph device address is scsi3addr */
1864                     unsigned int log_unit, __u8 page_code,
1865                     unsigned char *scsi3addr, int cmd_type)
1866 {
1867         ctlr_info_t *h = hba[ctlr];
1868         u64bit buff_dma_handle;
1869         int status = IO_OK;
1870
1871         c->cmd_type = CMD_IOCTL_PEND;
1872         c->Header.ReplyQueue = 0;
1873         if (buff != NULL) {
1874                 c->Header.SGList = 1;
1875                 c->Header.SGTotal = 1;
1876         } else {
1877                 c->Header.SGList = 0;
1878                 c->Header.SGTotal = 0;
1879         }
1880         c->Header.Tag.lower = c->busaddr;
1881
1882         c->Request.Type.Type = cmd_type;
1883         if (cmd_type == TYPE_CMD) {
1884                 switch (cmd) {
1885                 case CISS_INQUIRY:
1886                         /* If the logical unit number is 0 then, this is going
1887                            to controller so It's a physical command
1888                            mode = 0 target = 0.  So we have nothing to write.
1889                            otherwise, if use_unit_num == 1,
1890                            mode = 1(volume set addressing) target = LUNID
1891                            otherwise, if use_unit_num == 2,
1892                            mode = 0(periph dev addr) target = scsi3addr */
1893                         if (use_unit_num == 1) {
1894                                 c->Header.LUN.LogDev.VolId =
1895                                     h->drv[log_unit].LunID;
1896                                 c->Header.LUN.LogDev.Mode = 1;
1897                         } else if (use_unit_num == 2) {
1898                                 memcpy(c->Header.LUN.LunAddrBytes, scsi3addr,
1899                                        8);
1900                                 c->Header.LUN.LogDev.Mode = 0;
1901                         }
1902                         /* are we trying to read a vital product page */
1903                         if (page_code != 0) {
1904                                 c->Request.CDB[1] = 0x01;
1905                                 c->Request.CDB[2] = page_code;
1906                         }
1907                         c->Request.CDBLen = 6;
1908                         c->Request.Type.Attribute = ATTR_SIMPLE;
1909                         c->Request.Type.Direction = XFER_READ;
1910                         c->Request.Timeout = 0;
1911                         c->Request.CDB[0] = CISS_INQUIRY;
1912                         c->Request.CDB[4] = size & 0xFF;
1913                         break;
1914                 case CISS_REPORT_LOG:
1915                 case CISS_REPORT_PHYS:
1916                         /* Talking to controller so It's a physical command
1917                            mode = 00 target = 0.  Nothing to write.
1918                          */
1919                         c->Request.CDBLen = 12;
1920                         c->Request.Type.Attribute = ATTR_SIMPLE;
1921                         c->Request.Type.Direction = XFER_READ;
1922                         c->Request.Timeout = 0;
1923                         c->Request.CDB[0] = cmd;
1924                         c->Request.CDB[6] = (size >> 24) & 0xFF;        //MSB
1925                         c->Request.CDB[7] = (size >> 16) & 0xFF;
1926                         c->Request.CDB[8] = (size >> 8) & 0xFF;
1927                         c->Request.CDB[9] = size & 0xFF;
1928                         break;
1929
1930                 case CCISS_READ_CAPACITY:
1931                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1932                         c->Header.LUN.LogDev.Mode = 1;
1933                         c->Request.CDBLen = 10;
1934                         c->Request.Type.Attribute = ATTR_SIMPLE;
1935                         c->Request.Type.Direction = XFER_READ;
1936                         c->Request.Timeout = 0;
1937                         c->Request.CDB[0] = cmd;
1938                         break;
1939                 case CCISS_READ_CAPACITY_16:
1940                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1941                         c->Header.LUN.LogDev.Mode = 1;
1942                         c->Request.CDBLen = 16;
1943                         c->Request.Type.Attribute = ATTR_SIMPLE;
1944                         c->Request.Type.Direction = XFER_READ;
1945                         c->Request.Timeout = 0;
1946                         c->Request.CDB[0] = cmd;
1947                         c->Request.CDB[1] = 0x10;
1948                         c->Request.CDB[10] = (size >> 24) & 0xFF;
1949                         c->Request.CDB[11] = (size >> 16) & 0xFF;
1950                         c->Request.CDB[12] = (size >> 8) & 0xFF;
1951                         c->Request.CDB[13] = size & 0xFF;
1952                         c->Request.Timeout = 0;
1953                         c->Request.CDB[0] = cmd;
1954                         break;
1955                 case CCISS_CACHE_FLUSH:
1956                         c->Request.CDBLen = 12;
1957                         c->Request.Type.Attribute = ATTR_SIMPLE;
1958                         c->Request.Type.Direction = XFER_WRITE;
1959                         c->Request.Timeout = 0;
1960                         c->Request.CDB[0] = BMIC_WRITE;
1961                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
1962                         break;
1963                 default:
1964                         printk(KERN_WARNING
1965                                "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
1966                         return IO_ERROR;
1967                 }
1968         } else if (cmd_type == TYPE_MSG) {
1969                 switch (cmd) {
1970                 case 0: /* ABORT message */
1971                         c->Request.CDBLen = 12;
1972                         c->Request.Type.Attribute = ATTR_SIMPLE;
1973                         c->Request.Type.Direction = XFER_WRITE;
1974                         c->Request.Timeout = 0;
1975                         c->Request.CDB[0] = cmd;        /* abort */
1976                         c->Request.CDB[1] = 0;  /* abort a command */
1977                         /* buff contains the tag of the command to abort */
1978                         memcpy(&c->Request.CDB[4], buff, 8);
1979                         break;
1980                 case 1: /* RESET message */
1981                         c->Request.CDBLen = 12;
1982                         c->Request.Type.Attribute = ATTR_SIMPLE;
1983                         c->Request.Type.Direction = XFER_WRITE;
1984                         c->Request.Timeout = 0;
1985                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
1986                         c->Request.CDB[0] = cmd;        /* reset */
1987                         c->Request.CDB[1] = 0x04;       /* reset a LUN */
1988                         break;
1989                 case 3: /* No-Op message */
1990                         c->Request.CDBLen = 1;
1991                         c->Request.Type.Attribute = ATTR_SIMPLE;
1992                         c->Request.Type.Direction = XFER_WRITE;
1993                         c->Request.Timeout = 0;
1994                         c->Request.CDB[0] = cmd;
1995                         break;
1996                 default:
1997                         printk(KERN_WARNING
1998                                "cciss%d: unknown message type %d\n", ctlr, cmd);
1999                         return IO_ERROR;
2000                 }
2001         } else {
2002                 printk(KERN_WARNING
2003                        "cciss%d: unknown command type %d\n", ctlr, cmd_type);
2004                 return IO_ERROR;
2005         }
2006         /* Fill in the scatter gather information */
2007         if (size > 0) {
2008                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
2009                                                              buff, size,
2010                                                              PCI_DMA_BIDIRECTIONAL);
2011                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
2012                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
2013                 c->SG[0].Len = size;
2014                 c->SG[0].Ext = 0;       /* we are not chaining */
2015         }
2016         return status;
2017 }
2018
2019 static int sendcmd_withirq(__u8 cmd,
2020                            int ctlr,
2021                            void *buff,
2022                            size_t size,
2023                            unsigned int use_unit_num,
2024                            unsigned int log_unit, __u8 page_code, int cmd_type)
2025 {
2026         ctlr_info_t *h = hba[ctlr];
2027         CommandList_struct *c;
2028         u64bit buff_dma_handle;
2029         unsigned long flags;
2030         int return_status;
2031         DECLARE_COMPLETION_ONSTACK(wait);
2032
2033         if ((c = cmd_alloc(h, 0)) == NULL)
2034                 return -ENOMEM;
2035         return_status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2036                                  log_unit, page_code, NULL, cmd_type);
2037         if (return_status != IO_OK) {
2038                 cmd_free(h, c, 0);
2039                 return return_status;
2040         }
2041       resend_cmd2:
2042         c->waiting = &wait;
2043
2044         /* Put the request on the tail of the queue and send it */
2045         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
2046         addQ(&h->reqQ, c);
2047         h->Qdepth++;
2048         start_io(h);
2049         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
2050
2051         wait_for_completion(&wait);
2052
2053         if (c->err_info->CommandStatus != 0) {  /* an error has occurred */
2054                 switch (c->err_info->CommandStatus) {
2055                 case CMD_TARGET_STATUS:
2056                         printk(KERN_WARNING "cciss: cmd %p has "
2057                                " completed with errors\n", c);
2058                         if (c->err_info->ScsiStatus) {
2059                                 printk(KERN_WARNING "cciss: cmd %p "
2060                                        "has SCSI Status = %x\n",
2061                                        c, c->err_info->ScsiStatus);
2062                         }
2063
2064                         break;
2065                 case CMD_DATA_UNDERRUN:
2066                 case CMD_DATA_OVERRUN:
2067                         /* expected for inquire and report lun commands */
2068                         break;
2069                 case CMD_INVALID:
2070                         printk(KERN_WARNING "cciss: Cmd %p is "
2071                                "reported invalid\n", c);
2072                         return_status = IO_ERROR;
2073                         break;
2074                 case CMD_PROTOCOL_ERR:
2075                         printk(KERN_WARNING "cciss: cmd %p has "
2076                                "protocol error \n", c);
2077                         return_status = IO_ERROR;
2078                         break;
2079                 case CMD_HARDWARE_ERR:
2080                         printk(KERN_WARNING "cciss: cmd %p had "
2081                                " hardware error\n", c);
2082                         return_status = IO_ERROR;
2083                         break;
2084                 case CMD_CONNECTION_LOST:
2085                         printk(KERN_WARNING "cciss: cmd %p had "
2086                                "connection lost\n", c);
2087                         return_status = IO_ERROR;
2088                         break;
2089                 case CMD_ABORTED:
2090                         printk(KERN_WARNING "cciss: cmd %p was "
2091                                "aborted\n", c);
2092                         return_status = IO_ERROR;
2093                         break;
2094                 case CMD_ABORT_FAILED:
2095                         printk(KERN_WARNING "cciss: cmd %p reports "
2096                                "abort failed\n", c);
2097                         return_status = IO_ERROR;
2098                         break;
2099                 case CMD_UNSOLICITED_ABORT:
2100                         printk(KERN_WARNING
2101                                "cciss%d: unsolicited abort %p\n", ctlr, c);
2102                         if (c->retry_count < MAX_CMD_RETRIES) {
2103                                 printk(KERN_WARNING
2104                                        "cciss%d: retrying %p\n", ctlr, c);
2105                                 c->retry_count++;
2106                                 /* erase the old error information */
2107                                 memset(c->err_info, 0,
2108                                        sizeof(ErrorInfo_struct));
2109                                 return_status = IO_OK;
2110                                 INIT_COMPLETION(wait);
2111                                 goto resend_cmd2;
2112                         }
2113                         return_status = IO_ERROR;
2114                         break;
2115                 default:
2116                         printk(KERN_WARNING "cciss: cmd %p returned "
2117                                "unknown status %x\n", c,
2118                                c->err_info->CommandStatus);
2119                         return_status = IO_ERROR;
2120                 }
2121         }
2122         /* unlock the buffers from DMA */
2123         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2124         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2125         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2126                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2127         cmd_free(h, c, 0);
2128         return return_status;
2129 }
2130
2131 static void cciss_geometry_inquiry(int ctlr, int logvol,
2132                                    int withirq, sector_t total_size,
2133                                    unsigned int block_size,
2134                                    InquiryData_struct *inq_buff,
2135                                    drive_info_struct *drv)
2136 {
2137         int return_code;
2138         unsigned long t;
2139
2140         memset(inq_buff, 0, sizeof(InquiryData_struct));
2141         if (withirq)
2142                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
2143                                               inq_buff, sizeof(*inq_buff), 1,
2144                                               logvol, 0xC1, TYPE_CMD);
2145         else
2146                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
2147                                       sizeof(*inq_buff), 1, logvol, 0xC1, NULL,
2148                                       TYPE_CMD);
2149         if (return_code == IO_OK) {
2150                 if (inq_buff->data_byte[8] == 0xFF) {
2151                         printk(KERN_WARNING
2152                                "cciss: reading geometry failed, volume "
2153                                "does not support reading geometry\n");
2154                         drv->heads = 255;
2155                         drv->sectors = 32;      // Sectors per track
2156                         drv->cylinders = total_size + 1;
2157                         drv->raid_level = RAID_UNKNOWN;
2158                 } else {
2159                         drv->heads = inq_buff->data_byte[6];
2160                         drv->sectors = inq_buff->data_byte[7];
2161                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
2162                         drv->cylinders += inq_buff->data_byte[5];
2163                         drv->raid_level = inq_buff->data_byte[8];
2164                 }
2165                 drv->block_size = block_size;
2166                 drv->nr_blocks = total_size + 1;
2167                 t = drv->heads * drv->sectors;
2168                 if (t > 1) {
2169                         sector_t real_size = total_size + 1;
2170                         unsigned long rem = sector_div(real_size, t);
2171                         if (rem)
2172                                 real_size++;
2173                         drv->cylinders = real_size;
2174                 }
2175         } else {                /* Get geometry failed */
2176                 printk(KERN_WARNING "cciss: reading geometry failed\n");
2177         }
2178         printk(KERN_INFO "      heads=%d, sectors=%d, cylinders=%d\n\n",
2179                drv->heads, drv->sectors, drv->cylinders);
2180 }
2181
2182 static void
2183 cciss_read_capacity(int ctlr, int logvol, int withirq, sector_t *total_size,
2184                     unsigned int *block_size)
2185 {
2186         ReadCapdata_struct *buf;
2187         int return_code;
2188
2189         buf = kzalloc(sizeof(ReadCapdata_struct), GFP_KERNEL);
2190         if (!buf) {
2191                 printk(KERN_WARNING "cciss: out of memory\n");
2192                 return;
2193         }
2194
2195         if (withirq)
2196                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
2197                                 ctlr, buf, sizeof(ReadCapdata_struct),
2198                                         1, logvol, 0, TYPE_CMD);
2199         else
2200                 return_code = sendcmd(CCISS_READ_CAPACITY,
2201                                 ctlr, buf, sizeof(ReadCapdata_struct),
2202                                         1, logvol, 0, NULL, TYPE_CMD);
2203         if (return_code == IO_OK) {
2204                 *total_size = be32_to_cpu(*(__be32 *) buf->total_size);
2205                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2206         } else {                /* read capacity command failed */
2207                 printk(KERN_WARNING "cciss: read capacity failed\n");
2208                 *total_size = 0;
2209                 *block_size = BLOCK_SIZE;
2210         }
2211         if (*total_size != 0)
2212                 printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2213                 (unsigned long long)*total_size+1, *block_size);
2214         kfree(buf);
2215 }
2216
2217 static void
2218 cciss_read_capacity_16(int ctlr, int logvol, int withirq, sector_t *total_size,                                 unsigned int *block_size)
2219 {
2220         ReadCapdata_struct_16 *buf;
2221         int return_code;
2222
2223         buf = kzalloc(sizeof(ReadCapdata_struct_16), GFP_KERNEL);
2224         if (!buf) {
2225                 printk(KERN_WARNING "cciss: out of memory\n");
2226                 return;
2227         }
2228
2229         if (withirq) {
2230                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY_16,
2231                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2232                                 1, logvol, 0, TYPE_CMD);
2233         }
2234         else {
2235                 return_code = sendcmd(CCISS_READ_CAPACITY_16,
2236                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2237                                 1, logvol, 0, NULL, TYPE_CMD);
2238         }
2239         if (return_code == IO_OK) {
2240                 *total_size = be64_to_cpu(*(__be64 *) buf->total_size);
2241                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2242         } else {                /* read capacity command failed */
2243                 printk(KERN_WARNING "cciss: read capacity failed\n");
2244                 *total_size = 0;
2245                 *block_size = BLOCK_SIZE;
2246         }
2247         printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2248                (unsigned long long)*total_size+1, *block_size);
2249         kfree(buf);
2250 }
2251
2252 static int cciss_revalidate(struct gendisk *disk)
2253 {
2254         ctlr_info_t *h = get_host(disk);
2255         drive_info_struct *drv = get_drv(disk);
2256         int logvol;
2257         int FOUND = 0;
2258         unsigned int block_size;
2259         sector_t total_size;
2260         InquiryData_struct *inq_buff = NULL;
2261
2262         for (logvol = 0; logvol < CISS_MAX_LUN; logvol++) {
2263                 if (h->drv[logvol].LunID == drv->LunID) {
2264                         FOUND = 1;
2265                         break;
2266                 }
2267         }
2268
2269         if (!FOUND)
2270                 return 1;
2271
2272         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
2273         if (inq_buff == NULL) {
2274                 printk(KERN_WARNING "cciss: out of memory\n");
2275                 return 1;
2276         }
2277         if (h->cciss_read == CCISS_READ_10) {
2278                 cciss_read_capacity(h->ctlr, logvol, 1,
2279                                         &total_size, &block_size);
2280         } else {
2281                 cciss_read_capacity_16(h->ctlr, logvol, 1,
2282                                         &total_size, &block_size);
2283         }
2284         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size,
2285                                inq_buff, drv);
2286
2287         blk_queue_hardsect_size(drv->queue, drv->block_size);
2288         set_capacity(disk, drv->nr_blocks);
2289
2290         kfree(inq_buff);
2291         return 0;
2292 }
2293
2294 /*
2295  *   Wait polling for a command to complete.
2296  *   The memory mapped FIFO is polled for the completion.
2297  *   Used only at init time, interrupts from the HBA are disabled.
2298  */
2299 static unsigned long pollcomplete(int ctlr)
2300 {
2301         unsigned long done;
2302         int i;
2303
2304         /* Wait (up to 20 seconds) for a command to complete */
2305
2306         for (i = 20 * HZ; i > 0; i--) {
2307                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
2308                 if (done == FIFO_EMPTY)
2309                         schedule_timeout_uninterruptible(1);
2310                 else
2311                         return done;
2312         }
2313         /* Invalid address to tell caller we ran out of time */
2314         return 1;
2315 }
2316
2317 static int add_sendcmd_reject(__u8 cmd, int ctlr, unsigned long complete)
2318 {
2319         /* We get in here if sendcmd() is polling for completions
2320            and gets some command back that it wasn't expecting --
2321            something other than that which it just sent down.
2322            Ordinarily, that shouldn't happen, but it can happen when
2323            the scsi tape stuff gets into error handling mode, and
2324            starts using sendcmd() to try to abort commands and
2325            reset tape drives.  In that case, sendcmd may pick up
2326            completions of commands that were sent to logical drives
2327            through the block i/o system, or cciss ioctls completing, etc.
2328            In that case, we need to save those completions for later
2329            processing by the interrupt handler.
2330          */
2331
2332 #ifdef CONFIG_CISS_SCSI_TAPE
2333         struct sendcmd_reject_list *srl = &hba[ctlr]->scsi_rejects;
2334
2335         /* If it's not the scsi tape stuff doing error handling, (abort */
2336         /* or reset) then we don't expect anything weird. */
2337         if (cmd != CCISS_RESET_MSG && cmd != CCISS_ABORT_MSG) {
2338 #endif
2339                 printk(KERN_WARNING "cciss cciss%d: SendCmd "
2340                        "Invalid command list address returned! (%lx)\n",
2341                        ctlr, complete);
2342                 /* not much we can do. */
2343 #ifdef CONFIG_CISS_SCSI_TAPE
2344                 return 1;
2345         }
2346
2347         /* We've sent down an abort or reset, but something else
2348            has completed */
2349         if (srl->ncompletions >= (hba[ctlr]->nr_cmds + 2)) {
2350                 /* Uh oh.  No room to save it for later... */
2351                 printk(KERN_WARNING "cciss%d: Sendcmd: Invalid command addr, "
2352                        "reject list overflow, command lost!\n", ctlr);
2353                 return 1;
2354         }
2355         /* Save it for later */
2356         srl->complete[srl->ncompletions] = complete;
2357         srl->ncompletions++;
2358 #endif
2359         return 0;
2360 }
2361
2362 /*
2363  * Send a command to the controller, and wait for it to complete.
2364  * Only used at init time.
2365  */
2366 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
2367                                                                                                    1: address logical volume log_unit,
2368                                                                                                    2: periph device address is scsi3addr */
2369                    unsigned int log_unit,
2370                    __u8 page_code, unsigned char *scsi3addr, int cmd_type)
2371 {
2372         CommandList_struct *c;
2373         int i;
2374         unsigned long complete;
2375         ctlr_info_t *info_p = hba[ctlr];
2376         u64bit buff_dma_handle;
2377         int status, done = 0;
2378
2379         if ((c = cmd_alloc(info_p, 1)) == NULL) {
2380                 printk(KERN_WARNING "cciss: unable to get memory");
2381                 return IO_ERROR;
2382         }
2383         status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2384                           log_unit, page_code, scsi3addr, cmd_type);
2385         if (status != IO_OK) {
2386                 cmd_free(info_p, c, 1);
2387                 return status;
2388         }
2389       resend_cmd1:
2390         /*
2391          * Disable interrupt
2392          */
2393 #ifdef CCISS_DEBUG
2394         printk(KERN_DEBUG "cciss: turning intr off\n");
2395 #endif                          /* CCISS_DEBUG */
2396         info_p->access.set_intr_mask(info_p, CCISS_INTR_OFF);
2397
2398         /* Make sure there is room in the command FIFO */
2399         /* Actually it should be completely empty at this time */
2400         /* unless we are in here doing error handling for the scsi */
2401         /* tape side of the driver. */
2402         for (i = 200000; i > 0; i--) {
2403                 /* if fifo isn't full go */
2404                 if (!(info_p->access.fifo_full(info_p))) {
2405
2406                         break;
2407                 }
2408                 udelay(10);
2409                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2410                        " waiting!\n", ctlr);
2411         }
2412         /*
2413          * Send the cmd
2414          */
2415         info_p->access.submit_command(info_p, c);
2416         done = 0;
2417         do {
2418                 complete = pollcomplete(ctlr);
2419
2420 #ifdef CCISS_DEBUG
2421                 printk(KERN_DEBUG "cciss: command completed\n");
2422 #endif                          /* CCISS_DEBUG */
2423
2424                 if (complete == 1) {
2425                         printk(KERN_WARNING
2426                                "cciss cciss%d: SendCmd Timeout out, "
2427                                "No command list address returned!\n", ctlr);
2428                         status = IO_ERROR;
2429                         done = 1;
2430                         break;
2431                 }
2432
2433                 /* This will need to change for direct lookup completions */
2434                 if ((complete & CISS_ERROR_BIT)
2435                     && (complete & ~CISS_ERROR_BIT) == c->busaddr) {
2436                         /* if data overrun or underun on Report command
2437                            ignore it
2438                          */
2439                         if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2440                              (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2441                              (c->Request.CDB[0] == CISS_INQUIRY)) &&
2442                             ((c->err_info->CommandStatus ==
2443                               CMD_DATA_OVERRUN) ||
2444                              (c->err_info->CommandStatus == CMD_DATA_UNDERRUN)
2445                             )) {
2446                                 complete = c->busaddr;
2447                         } else {
2448                                 if (c->err_info->CommandStatus ==
2449                                     CMD_UNSOLICITED_ABORT) {
2450                                         printk(KERN_WARNING "cciss%d: "
2451                                                "unsolicited abort %p\n",
2452                                                ctlr, c);
2453                                         if (c->retry_count < MAX_CMD_RETRIES) {
2454                                                 printk(KERN_WARNING
2455                                                        "cciss%d: retrying %p\n",
2456                                                        ctlr, c);
2457                                                 c->retry_count++;
2458                                                 /* erase the old error */
2459                                                 /* information */
2460                                                 memset(c->err_info, 0,
2461                                                        sizeof
2462                                                        (ErrorInfo_struct));
2463                                                 goto resend_cmd1;
2464                                         } else {
2465                                                 printk(KERN_WARNING
2466                                                        "cciss%d: retried %p too "
2467                                                        "many times\n", ctlr, c);
2468                                                 status = IO_ERROR;
2469                                                 goto cleanup1;
2470                                         }
2471                                 } else if (c->err_info->CommandStatus ==
2472                                            CMD_UNABORTABLE) {
2473                                         printk(KERN_WARNING
2474                                                "cciss%d: command could not be aborted.\n",
2475                                                ctlr);
2476                                         status = IO_ERROR;
2477                                         goto cleanup1;
2478                                 }
2479                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2480                                        " Error %x \n", ctlr,
2481                                        c->err_info->CommandStatus);
2482                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2483                                        " offensive info\n"
2484                                        "  size %x\n   num %x   value %x\n",
2485                                        ctlr,
2486                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2487                                        offense_size,
2488                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2489                                        offense_num,
2490                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2491                                        offense_value);
2492                                 status = IO_ERROR;
2493                                 goto cleanup1;
2494                         }
2495                 }
2496                 /* This will need changing for direct lookup completions */
2497                 if (complete != c->busaddr) {
2498                         if (add_sendcmd_reject(cmd, ctlr, complete) != 0) {
2499                                 BUG();  /* we are pretty much hosed if we get here. */
2500                         }
2501                         continue;
2502                 } else
2503                         done = 1;
2504         } while (!done);
2505
2506       cleanup1:
2507         /* unlock the data buffer from DMA */
2508         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2509         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2510         pci_unmap_single(info_p->pdev, (dma_addr_t) buff_dma_handle.val,
2511                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2512 #ifdef CONFIG_CISS_SCSI_TAPE
2513         /* if we saved some commands for later, process them now. */
2514         if (info_p->scsi_rejects.ncompletions > 0)
2515                 do_cciss_intr(0, info_p);
2516 #endif
2517         cmd_free(info_p, c, 1);
2518         return status;
2519 }
2520
2521 /*
2522  * Map (physical) PCI mem into (virtual) kernel space
2523  */
2524 static void __iomem *remap_pci_mem(ulong base, ulong size)
2525 {
2526         ulong page_base = ((ulong) base) & PAGE_MASK;
2527         ulong page_offs = ((ulong) base) - page_base;
2528         void __iomem *page_remapped = ioremap(page_base, page_offs + size);
2529
2530         return page_remapped ? (page_remapped + page_offs) : NULL;
2531 }
2532
2533 /*
2534  * Takes jobs of the Q and sends them to the hardware, then puts it on
2535  * the Q to wait for completion.
2536  */
2537 static void start_io(ctlr_info_t *h)
2538 {
2539         CommandList_struct *c;
2540
2541         while ((c = h->reqQ) != NULL) {
2542                 /* can't do anything if fifo is full */
2543                 if ((h->access.fifo_full(h))) {
2544                         printk(KERN_WARNING "cciss: fifo full\n");
2545                         break;
2546                 }
2547
2548                 /* Get the first entry from the Request Q */
2549                 removeQ(&(h->reqQ), c);
2550                 h->Qdepth--;
2551
2552                 /* Tell the controller execute command */
2553                 h->access.submit_command(h, c);
2554
2555                 /* Put job onto the completed Q */
2556                 addQ(&(h->cmpQ), c);
2557         }
2558 }
2559
2560 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2561 /* Zeros out the error record and then resends the command back */
2562 /* to the controller */
2563 static inline void resend_cciss_cmd(ctlr_info_t *h, CommandList_struct *c)
2564 {
2565         /* erase the old error information */
2566         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2567
2568         /* add it to software queue and then send it to the controller */
2569         addQ(&(h->reqQ), c);
2570         h->Qdepth++;
2571         if (h->Qdepth > h->maxQsinceinit)
2572                 h->maxQsinceinit = h->Qdepth;
2573
2574         start_io(h);
2575 }
2576
2577 static inline unsigned int make_status_bytes(unsigned int scsi_status_byte,
2578         unsigned int msg_byte, unsigned int host_byte,
2579         unsigned int driver_byte)
2580 {
2581         /* inverse of macros in scsi.h */
2582         return (scsi_status_byte & 0xff) |
2583                 ((msg_byte & 0xff) << 8) |
2584                 ((host_byte & 0xff) << 16) |
2585                 ((driver_byte & 0xff) << 24);
2586 }
2587
2588 static inline int evaluate_target_status(CommandList_struct *cmd)
2589 {
2590         unsigned char sense_key;
2591         unsigned char status_byte, msg_byte, host_byte, driver_byte;
2592         int error_value;
2593
2594         /* If we get in here, it means we got "target status", that is, scsi status */
2595         status_byte = cmd->err_info->ScsiStatus;
2596         driver_byte = DRIVER_OK;
2597         msg_byte = cmd->err_info->CommandStatus; /* correct?  seems too device specific */
2598
2599         if (blk_pc_request(cmd->rq))
2600                 host_byte = DID_PASSTHROUGH;
2601         else
2602                 host_byte = DID_OK;
2603
2604         error_value = make_status_bytes(status_byte, msg_byte,
2605                 host_byte, driver_byte);
2606
2607         if (cmd->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION) {
2608                 if (!blk_pc_request(cmd->rq))
2609                         printk(KERN_WARNING "cciss: cmd %p "
2610                                "has SCSI Status 0x%x\n",
2611                                cmd, cmd->err_info->ScsiStatus);
2612                 return error_value;
2613         }
2614
2615         /* check the sense key */
2616         sense_key = 0xf & cmd->err_info->SenseInfo[2];
2617         /* no status or recovered error */
2618         if (((sense_key == 0x0) || (sense_key == 0x1)) && !blk_pc_request(cmd->rq))
2619                 error_value = 0;
2620
2621         if (!blk_pc_request(cmd->rq)) { /* Not SG_IO or similar? */
2622                 if (error_value != 0)
2623                         printk(KERN_WARNING "cciss: cmd %p has CHECK CONDITION"
2624                                " sense key = 0x%x\n", cmd, sense_key);
2625                 return error_value;
2626         }
2627
2628         /* SG_IO or similar, copy sense data back */
2629         if (cmd->rq->sense) {
2630                 if (cmd->rq->sense_len > cmd->err_info->SenseLen)
2631                         cmd->rq->sense_len = cmd->err_info->SenseLen;
2632                 memcpy(cmd->rq->sense, cmd->err_info->SenseInfo,
2633                         cmd->rq->sense_len);
2634         } else
2635                 cmd->rq->sense_len = 0;
2636
2637         return error_value;
2638 }
2639
2640 /* checks the status of the job and calls complete buffers to mark all
2641  * buffers for the completed job. Note that this function does not need
2642  * to hold the hba/queue lock.
2643  */
2644 static inline void complete_command(ctlr_info_t *h, CommandList_struct *cmd,
2645                                     int timeout)
2646 {
2647         int retry_cmd = 0;
2648         struct request *rq = cmd->rq;
2649
2650         rq->errors = 0;
2651
2652         if (timeout)
2653                 rq->errors = make_status_bytes(0, 0, 0, DRIVER_TIMEOUT);
2654
2655         if (cmd->err_info->CommandStatus == 0)  /* no error has occurred */
2656                 goto after_error_processing;
2657
2658         switch (cmd->err_info->CommandStatus) {
2659         case CMD_TARGET_STATUS:
2660                 rq->errors = evaluate_target_status(cmd);
2661                 break;
2662         case CMD_DATA_UNDERRUN:
2663                 if (blk_fs_request(cmd->rq)) {
2664                         printk(KERN_WARNING "cciss: cmd %p has"
2665                                " completed with data underrun "
2666                                "reported\n", cmd);
2667                         cmd->rq->data_len = cmd->err_info->ResidualCnt;
2668                 }
2669                 break;
2670         case CMD_DATA_OVERRUN:
2671                 if (blk_fs_request(cmd->rq))
2672                         printk(KERN_WARNING "cciss: cmd %p has"
2673                                " completed with data overrun "
2674                                "reported\n", cmd);
2675                 break;
2676         case CMD_INVALID:
2677                 printk(KERN_WARNING "cciss: cmd %p is "
2678                        "reported invalid\n", cmd);
2679                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2680                         cmd->err_info->CommandStatus, DRIVER_OK,
2681                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2682                 break;
2683         case CMD_PROTOCOL_ERR:
2684                 printk(KERN_WARNING "cciss: cmd %p has "
2685                        "protocol error \n", cmd);
2686                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2687                         cmd->err_info->CommandStatus, DRIVER_OK,
2688                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2689                 break;
2690         case CMD_HARDWARE_ERR:
2691                 printk(KERN_WARNING "cciss: cmd %p had "
2692                        " hardware error\n", cmd);
2693                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2694                         cmd->err_info->CommandStatus, DRIVER_OK,
2695                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2696                 break;
2697         case CMD_CONNECTION_LOST:
2698                 printk(KERN_WARNING "cciss: cmd %p had "
2699                        "connection lost\n", cmd);
2700                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2701                         cmd->err_info->CommandStatus, DRIVER_OK,
2702                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2703                 break;
2704         case CMD_ABORTED:
2705                 printk(KERN_WARNING "cciss: cmd %p was "
2706                        "aborted\n", cmd);
2707                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2708                         cmd->err_info->CommandStatus, DRIVER_OK,
2709                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2710                 break;
2711         case CMD_ABORT_FAILED:
2712                 printk(KERN_WARNING "cciss: cmd %p reports "
2713                        "abort failed\n", cmd);
2714                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2715                         cmd->err_info->CommandStatus, DRIVER_OK,
2716                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2717                 break;
2718         case CMD_UNSOLICITED_ABORT:
2719                 printk(KERN_WARNING "cciss%d: unsolicited "
2720                        "abort %p\n", h->ctlr, cmd);
2721                 if (cmd->retry_count < MAX_CMD_RETRIES) {
2722                         retry_cmd = 1;
2723                         printk(KERN_WARNING
2724                                "cciss%d: retrying %p\n", h->ctlr, cmd);
2725                         cmd->retry_count++;
2726                 } else
2727                         printk(KERN_WARNING
2728                                "cciss%d: %p retried too "
2729                                "many times\n", h->ctlr, cmd);
2730                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2731                         cmd->err_info->CommandStatus, DRIVER_OK,
2732                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2733                 break;
2734         case CMD_TIMEOUT:
2735                 printk(KERN_WARNING "cciss: cmd %p timedout\n", cmd);
2736                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2737                         cmd->err_info->CommandStatus, DRIVER_OK,
2738                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2739                 break;
2740         default:
2741                 printk(KERN_WARNING "cciss: cmd %p returned "
2742                        "unknown status %x\n", cmd,
2743                        cmd->err_info->CommandStatus);
2744                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2745                         cmd->err_info->CommandStatus, DRIVER_OK,
2746                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2747         }
2748
2749 after_error_processing:
2750
2751         /* We need to return this command */
2752         if (retry_cmd) {
2753                 resend_cciss_cmd(h, cmd);
2754                 return;
2755         }
2756         cmd->rq->completion_data = cmd;
2757         blk_complete_request(cmd->rq);
2758 }
2759
2760 /*
2761  * Get a request and submit it to the controller.
2762  */
2763 static void do_cciss_request(struct request_queue *q)
2764 {
2765         ctlr_info_t *h = q->queuedata;
2766         CommandList_struct *c;
2767         sector_t start_blk;
2768         int seg;
2769         struct request *creq;
2770         u64bit temp64;
2771         struct scatterlist tmp_sg[MAXSGENTRIES];
2772         drive_info_struct *drv;
2773         int i, dir;
2774
2775         /* We call start_io here in case there is a command waiting on the
2776          * queue that has not been sent.
2777          */
2778         if (blk_queue_plugged(q))
2779                 goto startio;
2780
2781       queue:
2782         creq = elv_next_request(q);
2783         if (!creq)
2784                 goto startio;
2785
2786         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
2787
2788         if ((c = cmd_alloc(h, 1)) == NULL)
2789                 goto full;
2790
2791         blkdev_dequeue_request(creq);
2792
2793         spin_unlock_irq(q->queue_lock);
2794
2795         c->cmd_type = CMD_RWREQ;
2796         c->rq = creq;
2797
2798         /* fill in the request */
2799         drv = creq->rq_disk->private_data;
2800         c->Header.ReplyQueue = 0;       // unused in simple mode
2801         /* got command from pool, so use the command block index instead */
2802         /* for direct lookups. */
2803         /* The first 2 bits are reserved for controller error reporting. */
2804         c->Header.Tag.lower = (c->cmdindex << 3);
2805         c->Header.Tag.lower |= 0x04;    /* flag for direct lookup. */
2806         c->Header.LUN.LogDev.VolId = drv->LunID;
2807         c->Header.LUN.LogDev.Mode = 1;
2808         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
2809         c->Request.Type.Type = TYPE_CMD;        // It is a command.
2810         c->Request.Type.Attribute = ATTR_SIMPLE;
2811         c->Request.Type.Direction =
2812             (rq_data_dir(creq) == READ) ? XFER_READ : XFER_WRITE;
2813         c->Request.Timeout = 0; // Don't time out
2814         c->Request.CDB[0] =
2815             (rq_data_dir(creq) == READ) ? h->cciss_read : h->cciss_write;
2816         start_blk = creq->sector;
2817 #ifdef CCISS_DEBUG
2818         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n", (int)creq->sector,
2819                (int)creq->nr_sectors);
2820 #endif                          /* CCISS_DEBUG */
2821
2822         sg_init_table(tmp_sg, MAXSGENTRIES);
2823         seg = blk_rq_map_sg(q, creq, tmp_sg);
2824
2825         /* get the DMA records for the setup */
2826         if (c->Request.Type.Direction == XFER_READ)
2827                 dir = PCI_DMA_FROMDEVICE;
2828         else
2829                 dir = PCI_DMA_TODEVICE;
2830
2831         for (i = 0; i < seg; i++) {
2832                 c->SG[i].Len = tmp_sg[i].length;
2833                 temp64.val = (__u64) pci_map_page(h->pdev, sg_page(&tmp_sg[i]),
2834                                                   tmp_sg[i].offset,
2835                                                   tmp_sg[i].length, dir);
2836                 c->SG[i].Addr.lower = temp64.val32.lower;
2837                 c->SG[i].Addr.upper = temp64.val32.upper;
2838                 c->SG[i].Ext = 0;       // we are not chaining
2839         }
2840         /* track how many SG entries we are using */
2841         if (seg > h->maxSG)
2842                 h->maxSG = seg;
2843
2844 #ifdef CCISS_DEBUG
2845         printk(KERN_DEBUG "cciss: Submitting %d sectors in %d segments\n",
2846                creq->nr_sectors, seg);
2847 #endif                          /* CCISS_DEBUG */
2848
2849         c->Header.SGList = c->Header.SGTotal = seg;
2850         if (likely(blk_fs_request(creq))) {
2851                 if(h->cciss_read == CCISS_READ_10) {
2852                         c->Request.CDB[1] = 0;
2853                         c->Request.CDB[2] = (start_blk >> 24) & 0xff;   //MSB
2854                         c->Request.CDB[3] = (start_blk >> 16) & 0xff;
2855                         c->Request.CDB[4] = (start_blk >> 8) & 0xff;
2856                         c->Request.CDB[5] = start_blk & 0xff;
2857                         c->Request.CDB[6] = 0;  // (sect >> 24) & 0xff; MSB
2858                         c->Request.CDB[7] = (creq->nr_sectors >> 8) & 0xff;
2859                         c->Request.CDB[8] = creq->nr_sectors & 0xff;
2860                         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
2861                 } else {
2862                         u32 upper32 = upper_32_bits(start_blk);
2863
2864                         c->Request.CDBLen = 16;
2865                         c->Request.CDB[1]= 0;
2866                         c->Request.CDB[2]= (upper32 >> 24) & 0xff;      //MSB
2867                         c->Request.CDB[3]= (upper32 >> 16) & 0xff;
2868                         c->Request.CDB[4]= (upper32 >>  8) & 0xff;
2869                         c->Request.CDB[5]= upper32 & 0xff;
2870                         c->Request.CDB[6]= (start_blk >> 24) & 0xff;
2871                         c->Request.CDB[7]= (start_blk >> 16) & 0xff;
2872                         c->Request.CDB[8]= (start_blk >>  8) & 0xff;
2873                         c->Request.CDB[9]= start_blk & 0xff;
2874                         c->Request.CDB[10]= (creq->nr_sectors >>  24) & 0xff;
2875                         c->Request.CDB[11]= (creq->nr_sectors >>  16) & 0xff;
2876                         c->Request.CDB[12]= (creq->nr_sectors >>  8) & 0xff;
2877                         c->Request.CDB[13]= creq->nr_sectors & 0xff;
2878                         c->Request.CDB[14] = c->Request.CDB[15] = 0;
2879                 }
2880         } else if (blk_pc_request(creq)) {
2881                 c->Request.CDBLen = creq->cmd_len;
2882                 memcpy(c->Request.CDB, creq->cmd, BLK_MAX_CDB);
2883         } else {
2884                 printk(KERN_WARNING "cciss%d: bad request type %d\n", h->ctlr, creq->cmd_type);
2885                 BUG();
2886         }
2887
2888         spin_lock_irq(q->queue_lock);
2889
2890         addQ(&(h->reqQ), c);
2891         h->Qdepth++;
2892         if (h->Qdepth > h->maxQsinceinit)
2893                 h->maxQsinceinit = h->Qdepth;
2894
2895         goto queue;
2896 full:
2897         blk_stop_queue(q);
2898 startio:
2899         /* We will already have the driver lock here so not need
2900          * to lock it.
2901          */
2902         start_io(h);
2903 }
2904
2905 static inline unsigned long get_next_completion(ctlr_info_t *h)
2906 {
2907 #ifdef CONFIG_CISS_SCSI_TAPE
2908         /* Any rejects from sendcmd() lying around? Process them first */
2909         if (h->scsi_rejects.ncompletions == 0)
2910                 return h->access.command_completed(h);
2911         else {
2912                 struct sendcmd_reject_list *srl;
2913                 int n;
2914                 srl = &h->scsi_rejects;
2915                 n = --srl->ncompletions;
2916                 /* printk("cciss%d: processing saved reject\n", h->ctlr); */
2917                 printk("p");
2918                 return srl->complete[n];
2919         }
2920 #else
2921         return h->access.command_completed(h);
2922 #endif
2923 }
2924
2925 static inline int interrupt_pending(ctlr_info_t *h)
2926 {
2927 #ifdef CONFIG_CISS_SCSI_TAPE
2928         return (h->access.intr_pending(h)
2929                 || (h->scsi_rejects.ncompletions > 0));
2930 #else
2931         return h->access.intr_pending(h);
2932 #endif
2933 }
2934
2935 static inline long interrupt_not_for_us(ctlr_info_t *h)
2936 {
2937 #ifdef CONFIG_CISS_SCSI_TAPE
2938         return (((h->access.intr_pending(h) == 0) ||
2939                  (h->interrupts_enabled == 0))
2940                 && (h->scsi_rejects.ncompletions == 0));
2941 #else
2942         return (((h->access.intr_pending(h) == 0) ||
2943                  (h->interrupts_enabled == 0)));
2944 #endif
2945 }
2946
2947 static irqreturn_t do_cciss_intr(int irq, void *dev_id)
2948 {
2949         ctlr_info_t *h = dev_id;
2950         CommandList_struct *c;
2951         unsigned long flags;
2952         __u32 a, a1, a2;
2953
2954         if (interrupt_not_for_us(h))
2955                 return IRQ_NONE;
2956         /*
2957          * If there are completed commands in the completion queue,
2958          * we had better do something about it.
2959          */
2960         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2961         while (interrupt_pending(h)) {
2962                 while ((a = get_next_completion(h)) != FIFO_EMPTY) {
2963                         a1 = a;
2964                         if ((a & 0x04)) {
2965                                 a2 = (a >> 3);
2966                                 if (a2 >= h->nr_cmds) {
2967                                         printk(KERN_WARNING
2968                                                "cciss: controller cciss%d failed, stopping.\n",
2969                                                h->ctlr);
2970                                         fail_all_cmds(h->ctlr);
2971                                         return IRQ_HANDLED;
2972                                 }
2973
2974                                 c = h->cmd_pool + a2;
2975                                 a = c->busaddr;
2976
2977                         } else {
2978                                 a &= ~3;
2979                                 if ((c = h->cmpQ) == NULL) {
2980                                         printk(KERN_WARNING
2981                                                "cciss: Completion of %08x ignored\n",
2982                                                a1);
2983                                         continue;
2984                                 }
2985                                 while (c->busaddr != a) {
2986                                         c = c->next;
2987                                         if (c == h->cmpQ)
2988                                                 break;
2989                                 }
2990                         }
2991                         /*
2992                          * If we've found the command, take it off the
2993                          * completion Q and free it
2994                          */
2995                         if (c->busaddr == a) {
2996                                 removeQ(&h->cmpQ, c);
2997                                 if (c->cmd_type == CMD_RWREQ) {
2998                                         complete_command(h, c, 0);
2999                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
3000                                         complete(c->waiting);
3001                                 }
3002 #                               ifdef CONFIG_CISS_SCSI_TAPE
3003                                 else if (c->cmd_type == CMD_SCSI)
3004                                         complete_scsi_command(c, 0, a1);
3005 #                               endif
3006                                 continue;
3007                         }
3008                 }
3009         }
3010
3011         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
3012         return IRQ_HANDLED;
3013 }
3014
3015 /*
3016  *  We cannot read the structure directly, for portability we must use
3017  *   the io functions.
3018  *   This is for debug only.
3019  */
3020 #ifdef CCISS_DEBUG
3021 static void print_cfg_table(CfgTable_struct *tb)
3022 {
3023         int i;
3024         char temp_name[17];
3025
3026         printk("Controller Configuration information\n");
3027         printk("------------------------------------\n");
3028         for (i = 0; i < 4; i++)
3029                 temp_name[i] = readb(&(tb->Signature[i]));
3030         temp_name[4] = '\0';
3031         printk("   Signature = %s\n", temp_name);
3032         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
3033         printk("   Transport methods supported = 0x%x\n",
3034                readl(&(tb->TransportSupport)));
3035         printk("   Transport methods active = 0x%x\n",
3036                readl(&(tb->TransportActive)));
3037         printk("   Requested transport Method = 0x%x\n",
3038                readl(&(tb->HostWrite.TransportRequest)));
3039         printk("   Coalesce Interrupt Delay = 0x%x\n",
3040                readl(&(tb->HostWrite.CoalIntDelay)));
3041         printk("   Coalesce Interrupt Count = 0x%x\n",
3042                readl(&(tb->HostWrite.CoalIntCount)));
3043         printk("   Max outstanding commands = 0x%d\n",
3044                readl(&(tb->CmdsOutMax)));
3045         printk("   Bus Types = 0x%x\n", readl(&(tb->BusTypes)));
3046         for (i = 0; i < 16; i++)
3047                 temp_name[i] = readb(&(tb->ServerName[i]));
3048         temp_name[16] = '\0';
3049         printk("   Server Name = %s\n", temp_name);
3050         printk("   Heartbeat Counter = 0x%x\n\n\n", readl(&(tb->HeartBeat)));
3051 }
3052 #endif                          /* CCISS_DEBUG */
3053
3054 static int find_PCI_BAR_index(struct pci_dev *pdev, unsigned long pci_bar_addr)
3055 {
3056         int i, offset, mem_type, bar_type;
3057         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
3058                 return 0;
3059         offset = 0;
3060         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3061                 bar_type = pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE;
3062                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
3063                         offset += 4;
3064                 else {
3065                         mem_type = pci_resource_flags(pdev, i) &
3066                             PCI_BASE_ADDRESS_MEM_TYPE_MASK;
3067                         switch (mem_type) {
3068                         case PCI_BASE_ADDRESS_MEM_TYPE_32:
3069                         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
3070                                 offset += 4;    /* 32 bit */
3071                                 break;
3072                         case PCI_BASE_ADDRESS_MEM_TYPE_64:
3073                                 offset += 8;
3074                                 break;
3075                         default:        /* reserved in PCI 2.2 */
3076                                 printk(KERN_WARNING
3077                                        "Base address is invalid\n");
3078                                 return -1;
3079                                 break;
3080                         }
3081                 }
3082                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
3083                         return i + 1;
3084         }
3085         return -1;
3086 }
3087
3088 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
3089  * controllers that are capable. If not, we use IO-APIC mode.
3090  */
3091
3092 static void __devinit cciss_interrupt_mode(ctlr_info_t *c,
3093                                            struct pci_dev *pdev, __u32 board_id)
3094 {
3095 #ifdef CONFIG_PCI_MSI
3096         int err;
3097         struct msix_entry cciss_msix_entries[4] = { {0, 0}, {0, 1},
3098         {0, 2}, {0, 3}
3099         };
3100
3101         /* Some boards advertise MSI but don't really support it */
3102         if ((board_id == 0x40700E11) ||
3103             (board_id == 0x40800E11) ||
3104             (board_id == 0x40820E11) || (board_id == 0x40830E11))
3105                 goto default_int_mode;
3106
3107         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
3108                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
3109                 if (!err) {
3110                         c->intr[0] = cciss_msix_entries[0].vector;
3111                         c->intr[1] = cciss_msix_entries[1].vector;
3112                         c->intr[2] = cciss_msix_entries[2].vector;
3113                         c->intr[3] = cciss_msix_entries[3].vector;
3114                         c->msix_vector = 1;
3115                         return;
3116                 }
3117                 if (err > 0) {
3118                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
3119                                "available\n", err);
3120                         goto default_int_mode;
3121                 } else {
3122                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
3123                                err);
3124                         goto default_int_mode;
3125                 }
3126         }
3127         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
3128                 if (!pci_enable_msi(pdev)) {
3129                         c->msi_vector = 1;
3130                 } else {
3131                         printk(KERN_WARNING "cciss: MSI init failed\n");
3132                 }
3133         }
3134 default_int_mode:
3135 #endif                          /* CONFIG_PCI_MSI */
3136         /* if we get here we're going to use the default interrupt mode */
3137         c->intr[SIMPLE_MODE_INT] = pdev->irq;
3138         return;
3139 }
3140
3141 static int __devinit cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
3142 {
3143         ushort subsystem_vendor_id, subsystem_device_id, command;
3144         __u32 board_id, scratchpad = 0;
3145         __u64 cfg_offset;
3146         __u32 cfg_base_addr;
3147         __u64 cfg_base_addr_index;
3148         int i, err;
3149
3150         /* check to see if controller has been disabled */
3151         /* BEFORE trying to enable it */
3152         (void)pci_read_config_word(pdev, PCI_COMMAND, &command);
3153         if (!(command & 0x02)) {
3154                 printk(KERN_WARNING
3155                        "cciss: controller appears to be disabled\n");
3156                 return -ENODEV;
3157         }
3158
3159         err = pci_enable_device(pdev);
3160         if (err) {
3161                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
3162                 return err;
3163         }
3164
3165         err = pci_request_regions(pdev, "cciss");
3166         if (err) {
3167                 printk(KERN_ERR "cciss: Cannot obtain PCI resources, "
3168                        "aborting\n");
3169                 return err;
3170         }
3171
3172         subsystem_vendor_id = pdev->subsystem_vendor;
3173         subsystem_device_id = pdev->subsystem_device;
3174         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
3175                     subsystem_vendor_id);
3176
3177 #ifdef CCISS_DEBUG
3178         printk("command = %x\n", command);
3179         printk("irq = %x\n", pdev->irq);
3180         printk("board_id = %x\n", board_id);
3181 #endif                          /* CCISS_DEBUG */
3182
3183 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
3184  * else we use the IO-APIC interrupt assigned to us by system ROM.
3185  */
3186         cciss_interrupt_mode(c, pdev, board_id);
3187
3188         /*
3189          * Memory base addr is first addr , the second points to the config
3190          *   table
3191          */
3192
3193         c->paddr = pci_resource_start(pdev, 0); /* addressing mode bits already removed */
3194 #ifdef CCISS_DEBUG
3195         printk("address 0 = %x\n", c->paddr);
3196 #endif                          /* CCISS_DEBUG */
3197         c->vaddr = remap_pci_mem(c->paddr, 0x250);
3198
3199         /* Wait for the board to become ready.  (PCI hotplug needs this.)
3200          * We poll for up to 120 secs, once per 100ms. */
3201         for (i = 0; i < 1200; i++) {
3202                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
3203                 if (scratchpad == CCISS_FIRMWARE_READY)
3204                         break;
3205                 set_current_state(TASK_INTERRUPTIBLE);
3206                 schedule_timeout(HZ / 10);      /* wait 100ms */
3207         }
3208         if (scratchpad != CCISS_FIRMWARE_READY) {
3209                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
3210                 err = -ENODEV;
3211                 goto err_out_free_res;
3212         }
3213
3214         /* get the address index number */
3215         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
3216         cfg_base_addr &= (__u32) 0x0000ffff;
3217 #ifdef CCISS_DEBUG
3218         printk("cfg base address = %x\n", cfg_base_addr);
3219 #endif                          /* CCISS_DEBUG */
3220         cfg_base_addr_index = find_PCI_BAR_index(pdev, cfg_base_addr);
3221 #ifdef CCISS_DEBUG
3222         printk("cfg base address index = %x\n", cfg_base_addr_index);
3223 #endif                          /* CCISS_DEBUG */
3224         if (cfg_base_addr_index == -1) {
3225                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
3226                 err = -ENODEV;
3227                 goto err_out_free_res;
3228         }
3229
3230         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
3231 #ifdef CCISS_DEBUG
3232         printk("cfg offset = %x\n", cfg_offset);
3233 #endif                          /* CCISS_DEBUG */
3234         c->cfgtable = remap_pci_mem(pci_resource_start(pdev,
3235                                                        cfg_base_addr_index) +
3236                                     cfg_offset, sizeof(CfgTable_struct));
3237         c->board_id = board_id;
3238
3239 #ifdef CCISS_DEBUG
3240         print_cfg_table(c->cfgtable);
3241 #endif                          /* CCISS_DEBUG */
3242
3243         /* Some controllers support Zero Memory Raid (ZMR).
3244          * When configured in ZMR mode the number of supported
3245          * commands drops to 64. So instead of just setting an
3246          * arbitrary value we make the driver a little smarter.
3247          * We read the config table to tell us how many commands
3248          * are supported on the controller then subtract 4 to
3249          * leave a little room for ioctl calls.
3250          */
3251         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3252         for (i = 0; i < ARRAY_SIZE(products); i++) {
3253                 if (board_id == products[i].board_id) {
3254                         c->product_name = products[i].product_name;
3255                         c->access = *(products[i].access);
3256                         c->nr_cmds = c->max_commands - 4;
3257                         break;
3258                 }
3259         }
3260         if ((readb(&c->cfgtable->Signature[0]) != 'C') ||
3261             (readb(&c->cfgtable->Signature[1]) != 'I') ||
3262             (readb(&c->cfgtable->Signature[2]) != 'S') ||
3263             (readb(&c->cfgtable->Signature[3]) != 'S')) {
3264                 printk("Does not appear to be a valid CISS config table\n");
3265                 err = -ENODEV;
3266                 goto err_out_free_res;
3267         }
3268         /* We didn't find the controller in our list. We know the
3269          * signature is valid. If it's an HP device let's try to
3270          * bind to the device and fire it up. Otherwise we bail.
3271          */
3272         if (i == ARRAY_SIZE(products)) {
3273                 if (subsystem_vendor_id == PCI_VENDOR_ID_HP) {
3274                         c->product_name = products[i-1].product_name;
3275                         c->access = *(products[i-1].access);
3276                         c->nr_cmds = c->max_commands - 4;
3277                         printk(KERN_WARNING "cciss: This is an unknown "
3278                                 "Smart Array controller.\n"
3279                                 "cciss: Please update to the latest driver "
3280                                 "available from www.hp.com.\n");
3281                 } else {
3282                         printk(KERN_WARNING "cciss: Sorry, I don't know how"
3283                                 " to access the Smart Array controller %08lx\n"
3284                                         , (unsigned long)board_id);
3285                         err = -ENODEV;
3286                         goto err_out_free_res;
3287                 }
3288         }
3289 #ifdef CONFIG_X86
3290         {
3291                 /* Need to enable prefetch in the SCSI core for 6400 in x86 */
3292                 __u32 prefetch;
3293                 prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
3294                 prefetch |= 0x100;
3295                 writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
3296         }
3297 #endif
3298
3299         /* Disabling DMA prefetch and refetch for the P600.
3300          * An ASIC bug may result in accesses to invalid memory addresses.
3301          * We've disabled prefetch for some time now. Testing with XEN
3302          * kernels revealed a bug in the refetch if dom0 resides on a P600.
3303          */
3304         if(board_id == 0x3225103C) {
3305                 __u32 dma_prefetch;
3306                 __u32 dma_refetch;
3307                 dma_prefetch = readl(c->vaddr + I2O_DMA1_CFG);
3308                 dma_prefetch |= 0x8000;
3309                 writel(dma_prefetch, c->vaddr + I2O_DMA1_CFG);
3310                 pci_read_config_dword(pdev, PCI_COMMAND_PARITY, &dma_refetch);
3311                 dma_refetch |= 0x1;
3312                 pci_write_config_dword(pdev, PCI_COMMAND_PARITY, dma_refetch);
3313         }
3314
3315 #ifdef CCISS_DEBUG
3316         printk("Trying to put board into Simple mode\n");
3317 #endif                          /* CCISS_DEBUG */
3318         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3319         /* Update the field, and then ring the doorbell */
3320         writel(CFGTBL_Trans_Simple, &(c->cfgtable->HostWrite.TransportRequest));
3321         writel(CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
3322
3323         /* under certain very rare conditions, this can take awhile.
3324          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
3325          * as we enter this code.) */
3326         for (i = 0; i < MAX_CONFIG_WAIT; i++) {
3327                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
3328                         break;
3329                 /* delay and try again */
3330                 set_current_state(TASK_INTERRUPTIBLE);
3331                 schedule_timeout(10);
3332         }
3333
3334 #ifdef CCISS_DEBUG
3335         printk(KERN_DEBUG "I counter got to %d %x\n", i,
3336                readl(c->vaddr + SA5_DOORBELL));
3337 #endif                          /* CCISS_DEBUG */
3338 #ifdef CCISS_DEBUG
3339         print_cfg_table(c->cfgtable);
3340 #endif                          /* CCISS_DEBUG */
3341
3342         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple)) {
3343                 printk(KERN_WARNING "cciss: unable to get board into"
3344                        " simple mode\n");
3345                 err = -ENODEV;
3346                 goto err_out_free_res;
3347         }
3348         return 0;
3349
3350 err_out_free_res:
3351         /*
3352          * Deliberately omit pci_disable_device(): it does something nasty to
3353          * Smart Array controllers that pci_enable_device does not undo
3354          */
3355         pci_release_regions(pdev);
3356         return err;
3357 }
3358
3359 /* Function to find the first free pointer into our hba[] array
3360  * Returns -1 if no free entries are left.
3361  */
3362 static int alloc_cciss_hba(void)
3363 {
3364         int i;
3365
3366         for (i = 0; i < MAX_CTLR; i++) {
3367                 if (!hba[i]) {
3368                         ctlr_info_t *p;
3369
3370                         p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3371                         if (!p)
3372                                 goto Enomem;
3373                         hba[i] = p;
3374                         return i;
3375                 }
3376         }
3377         printk(KERN_WARNING "cciss: This driver supports a maximum"
3378                " of %d controllers.\n", MAX_CTLR);
3379         return -1;
3380 Enomem:
3381         printk(KERN_ERR "cciss: out of memory.\n");
3382         return -1;
3383 }
3384
3385 static void free_hba(int i)
3386 {
3387         ctlr_info_t *p = hba[i];
3388         int n;
3389
3390         hba[i] = NULL;
3391         for (n = 0; n < CISS_MAX_LUN; n++)
3392                 put_disk(p->gendisk[n]);
3393         kfree(p);
3394 }
3395
3396 /*
3397  *  This is it.  Find all the controllers and register them.  I really hate
3398  *  stealing all these major device numbers.
3399  *  returns the number of block devices registered.
3400  */
3401 static int __devinit cciss_init_one(struct pci_dev *pdev,
3402                                     const struct pci_device_id *ent)
3403 {
3404         int i;
3405         int j = 0;
3406         int rc;
3407         int dac;
3408
3409         i = alloc_cciss_hba();
3410         if (i < 0)
3411                 return -1;
3412
3413         hba[i]->busy_initializing = 1;
3414
3415         if (cciss_pci_init(hba[i], pdev) != 0)
3416                 goto clean1;
3417
3418         sprintf(hba[i]->devname, "cciss%d", i);
3419         hba[i]->ctlr = i;
3420         hba[i]->pdev = pdev;
3421
3422         /* configure PCI DMA stuff */
3423         if (!pci_set_dma_mask(pdev, DMA_64BIT_MASK))
3424                 dac = 1;
3425         else if (!pci_set_dma_mask(pdev, DMA_32BIT_MASK))
3426                 dac = 0;
3427         else {
3428                 printk(KERN_ERR "cciss: no suitable DMA available\n");
3429                 goto clean1;
3430         }
3431
3432         /*
3433          * register with the major number, or get a dynamic major number
3434          * by passing 0 as argument.  This is done for greater than
3435          * 8 controller support.
3436          */
3437         if (i < MAX_CTLR_ORIG)
3438                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
3439         rc = register_blkdev(hba[i]->major, hba[i]->devname);
3440         if (rc == -EBUSY || rc == -EINVAL) {
3441                 printk(KERN_ERR
3442                        "cciss:  Unable to get major number %d for %s "
3443                        "on hba %d\n", hba[i]->major, hba[i]->devname, i);
3444                 goto clean1;
3445         } else {
3446                 if (i >= MAX_CTLR_ORIG)
3447                         hba[i]->major = rc;
3448         }
3449
3450         /* make sure the board interrupts are off */
3451         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
3452         if (request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
3453                         IRQF_DISABLED | IRQF_SHARED, hba[i]->devname, hba[i])) {
3454                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
3455                        hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
3456                 goto clean2;
3457         }
3458
3459         printk(KERN_INFO "%s: <0x%x> at PCI %s IRQ %d%s using DAC\n",
3460                hba[i]->devname, pdev->device, pci_name(pdev),
3461                hba[i]->intr[SIMPLE_MODE_INT], dac ? "" : " not");
3462
3463         hba[i]->cmd_pool_bits =
3464             kmalloc(DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3465                         * sizeof(unsigned long), GFP_KERNEL);
3466         hba[i]->cmd_pool = (CommandList_struct *)
3467             pci_alloc_consistent(hba[i]->pdev,
3468                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3469                     &(hba[i]->cmd_pool_dhandle));
3470         hba[i]->errinfo_pool = (ErrorInfo_struct *)
3471             pci_alloc_consistent(hba[i]->pdev,
3472                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3473                     &(hba[i]->errinfo_pool_dhandle));
3474         if ((hba[i]->cmd_pool_bits == NULL)
3475             || (hba[i]->cmd_pool == NULL)
3476             || (hba[i]->errinfo_pool == NULL)) {
3477                 printk(KERN_ERR "cciss: out of memory");
3478                 goto clean4;
3479         }
3480 #ifdef CONFIG_CISS_SCSI_TAPE
3481         hba[i]->scsi_rejects.complete =
3482             kmalloc(sizeof(hba[i]->scsi_rejects.complete[0]) *
3483                     (hba[i]->nr_cmds + 5), GFP_KERNEL);
3484         if (hba[i]->scsi_rejects.complete == NULL) {
3485                 printk(KERN_ERR "cciss: out of memory");
3486                 goto clean4;
3487         }
3488 #endif
3489         spin_lock_init(&hba[i]->lock);
3490
3491         /* Initialize the pdev driver private data.
3492            have it point to hba[i].  */
3493         pci_set_drvdata(pdev, hba[i]);
3494         /* command and error info recs zeroed out before
3495            they are used */
3496         memset(hba[i]->cmd_pool_bits, 0,
3497                DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3498                         * sizeof(unsigned long));
3499
3500         hba[i]->num_luns = 0;
3501         hba[i]->highest_lun = -1;
3502         for (j = 0; j < CISS_MAX_LUN; j++) {
3503                 hba[i]->drv[j].raid_level = -1;
3504                 hba[i]->drv[j].queue = NULL;
3505                 hba[i]->gendisk[j] = NULL;
3506         }
3507
3508         cciss_scsi_setup(i);
3509
3510         /* Turn the interrupts on so we can service requests */
3511         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
3512
3513         cciss_procinit(i);
3514
3515         hba[i]->cciss_max_sectors = 2048;
3516
3517         hba[i]->busy_initializing = 0;
3518
3519         rebuild_lun_table(hba[i], 1);
3520         return 1;
3521
3522 clean4:
3523 #ifdef CONFIG_CISS_SCSI_TAPE
3524         kfree(hba[i]->scsi_rejects.complete);
3525 #endif
3526         kfree(hba[i]->cmd_pool_bits);
3527         if (hba[i]->cmd_pool)
3528                 pci_free_consistent(hba[i]->pdev,
3529                                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3530                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3531         if (hba[i]->errinfo_pool)
3532                 pci_free_consistent(hba[i]->pdev,
3533                                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3534                                     hba[i]->errinfo_pool,
3535                                     hba[i]->errinfo_pool_dhandle);
3536         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
3537 clean2:
3538         unregister_blkdev(hba[i]->major, hba[i]->devname);
3539 clean1:
3540         hba[i]->busy_initializing = 0;
3541         /* cleanup any queues that may have been initialized */
3542         for (j=0; j <= hba[i]->highest_lun; j++){
3543                 drive_info_struct *drv = &(hba[i]->drv[j]);
3544                 if (drv->queue)
3545                         blk_cleanup_queue(drv->queue);
3546         }
3547         /*
3548          * Deliberately omit pci_disable_device(): it does something nasty to
3549          * Smart Array controllers that pci_enable_device does not undo
3550          */
3551         pci_release_regions(pdev);
3552         pci_set_drvdata(pdev, NULL);
3553         free_hba(i);
3554         return -1;
3555 }
3556
3557 static void cciss_shutdown(struct pci_dev *pdev)
3558 {
3559         ctlr_info_t *tmp_ptr;
3560         int i;
3561         char flush_buf[4];
3562         int return_code;
3563
3564         tmp_ptr = pci_get_drvdata(pdev);
3565         if (tmp_ptr == NULL)
3566                 return;
3567         i = tmp_ptr->ctlr;
3568         if (hba[i] == NULL)
3569                 return;
3570
3571         /* Turn board interrupts off  and send the flush cache command */
3572         /* sendcmd will turn off interrupt, and send the flush...
3573          * To write all data in the battery backed cache to disks */
3574         memset(flush_buf, 0, 4);
3575         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0, 0, 0, NULL,
3576                               TYPE_CMD);
3577         if (return_code == IO_OK) {
3578                 printk(KERN_INFO "Completed flushing cache on controller %d\n", i);
3579         } else {
3580                 printk(KERN_WARNING "Error flushing cache on controller %d\n", i);
3581         }
3582         free_irq(hba[i]->intr[2], hba[i]);
3583 }
3584
3585 static void __devexit cciss_remove_one(struct pci_dev *pdev)
3586 {
3587         ctlr_info_t *tmp_ptr;
3588         int i, j;
3589
3590         if (pci_get_drvdata(pdev) == NULL) {
3591                 printk(KERN_ERR "cciss: Unable to remove device \n");
3592                 return;
3593         }
3594         tmp_ptr = pci_get_drvdata(pdev);
3595         i = tmp_ptr->ctlr;
3596         if (hba[i] == NULL) {
3597                 printk(KERN_ERR "cciss: device appears to "
3598                        "already be removed \n");
3599                 return;
3600         }
3601
3602         remove_proc_entry(hba[i]->devname, proc_cciss);
3603         unregister_blkdev(hba[i]->major, hba[i]->devname);
3604
3605         /* remove it from the disk list */
3606         for (j = 0; j < CISS_MAX_LUN; j++) {
3607                 struct gendisk *disk = hba[i]->gendisk[j];
3608                 if (disk) {
3609                         struct request_queue *q = disk->queue;
3610
3611                         if (disk->flags & GENHD_FL_UP)
3612                                 del_gendisk(disk);
3613                         if (q)
3614                                 blk_cleanup_queue(q);
3615                 }
3616         }
3617
3618 #ifdef CONFIG_CISS_SCSI_TAPE
3619         cciss_unregister_scsi(i);       /* unhook from SCSI subsystem */
3620 #endif
3621
3622         cciss_shutdown(pdev);
3623
3624 #ifdef CONFIG_PCI_MSI
3625         if (hba[i]->msix_vector)
3626                 pci_disable_msix(hba[i]->pdev);
3627         else if (hba[i]->msi_vector)
3628                 pci_disable_msi(hba[i]->pdev);
3629 #endif                          /* CONFIG_PCI_MSI */
3630
3631         iounmap(hba[i]->vaddr);
3632
3633         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(CommandList_struct),
3634                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3635         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3636                             hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
3637         kfree(hba[i]->cmd_pool_bits);
3638 #ifdef CONFIG_CISS_SCSI_TAPE
3639         kfree(hba[i]->scsi_rejects.complete);
3640 #endif
3641         /*
3642          * Deliberately omit pci_disable_device(): it does something nasty to
3643          * Smart Array controllers that pci_enable_device does not undo
3644          */
3645         pci_release_regions(pdev);
3646         pci_set_drvdata(pdev, NULL);
3647         free_hba(i);
3648 }
3649
3650 static struct pci_driver cciss_pci_driver = {
3651         .name = "cciss",
3652         .probe = cciss_init_one,
3653         .remove = __devexit_p(cciss_remove_one),
3654         .id_table = cciss_pci_device_id,        /* id_table */
3655         .shutdown = cciss_shutdown,
3656 };
3657
3658 /*
3659  *  This is it.  Register the PCI driver information for the cards we control
3660  *  the OS will call our registered routines when it finds one of our cards.
3661  */
3662 static int __init cciss_init(void)
3663 {
3664         printk(KERN_INFO DRIVER_NAME "\n");
3665
3666         /* Register for our PCI devices */
3667         return pci_register_driver(&cciss_pci_driver);
3668 }
3669
3670 static void __exit cciss_cleanup(void)
3671 {
3672         int i;
3673
3674         pci_unregister_driver(&cciss_pci_driver);
3675         /* double check that all controller entrys have been removed */
3676         for (i = 0; i < MAX_CTLR; i++) {
3677                 if (hba[i] != NULL) {
3678                         printk(KERN_WARNING "cciss: had to remove"
3679                                " controller %d\n", i);
3680                         cciss_remove_one(hba[i]->pdev);
3681                 }
3682         }
3683         remove_proc_entry("driver/cciss", NULL);
3684 }
3685
3686 static void fail_all_cmds(unsigned long ctlr)
3687 {
3688         /* If we get here, the board is apparently dead. */
3689         ctlr_info_t *h = hba[ctlr];
3690         CommandList_struct *c;
3691         unsigned long flags;
3692
3693         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
3694         h->alive = 0;           /* the controller apparently died... */
3695
3696         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
3697
3698         pci_disable_device(h->pdev);    /* Make sure it is really dead. */
3699
3700         /* move everything off the request queue onto the completed queue */
3701         while ((c = h->reqQ) != NULL) {
3702                 removeQ(&(h->reqQ), c);
3703                 h->Qdepth--;
3704                 addQ(&(h->cmpQ), c);
3705         }
3706
3707         /* Now, fail everything on the completed queue with a HW error */
3708         while ((c = h->cmpQ) != NULL) {
3709                 removeQ(&h->cmpQ, c);
3710                 c->err_info->CommandStatus = CMD_HARDWARE_ERR;
3711                 if (c->cmd_type == CMD_RWREQ) {
3712                         complete_command(h, c, 0);
3713                 } else if (c->cmd_type == CMD_IOCTL_PEND)
3714                         complete(c->waiting);
3715 #ifdef CONFIG_CISS_SCSI_TAPE
3716                 else if (c->cmd_type == CMD_SCSI)
3717                         complete_scsi_command(c, 0, 0);
3718 #endif
3719         }
3720         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
3721         return;
3722 }
3723
3724 module_init(cciss_init);
3725 module_exit(cciss_cleanup);