Merge branch 'for-linus' of git://git.alsa-project.org/alsa-kernel
[linux-2.6] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP Smart Array controllers.
3  *    (C) Copyright 2000, 2007 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; version 2 of the License.
8  *
9  *    This program is distributed in the hope that it will be useful,
10  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
11  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  *    General Public License for more details.
13  *
14  *    You should have received a copy of the GNU General Public License
15  *    along with this program; if not, write to the Free Software
16  *    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17  *    02111-1307, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/module.h>
24 #include <linux/interrupt.h>
25 #include <linux/types.h>
26 #include <linux/pci.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/delay.h>
30 #include <linux/major.h>
31 #include <linux/fs.h>
32 #include <linux/bio.h>
33 #include <linux/blkpg.h>
34 #include <linux/timer.h>
35 #include <linux/proc_fs.h>
36 #include <linux/seq_file.h>
37 #include <linux/init.h>
38 #include <linux/hdreg.h>
39 #include <linux/spinlock.h>
40 #include <linux/compat.h>
41 #include <linux/blktrace_api.h>
42 #include <asm/uaccess.h>
43 #include <asm/io.h>
44
45 #include <linux/dma-mapping.h>
46 #include <linux/blkdev.h>
47 #include <linux/genhd.h>
48 #include <linux/completion.h>
49 #include <scsi/scsi.h>
50 #include <scsi/sg.h>
51 #include <scsi/scsi_ioctl.h>
52 #include <linux/cdrom.h>
53 #include <linux/scatterlist.h>
54
55 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
56 #define DRIVER_NAME "HP CISS Driver (v 3.6.20)"
57 #define DRIVER_VERSION CCISS_DRIVER_VERSION(3, 6, 20)
58
59 /* Embedded module documentation macros - see modules.h */
60 MODULE_AUTHOR("Hewlett-Packard Company");
61 MODULE_DESCRIPTION("Driver for HP Smart Array Controllers");
62 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
63                         " SA6i P600 P800 P400 P400i E200 E200i E500 P700m"
64                         " Smart Array G2 Series SAS/SATA Controllers");
65 MODULE_VERSION("3.6.20");
66 MODULE_LICENSE("GPL");
67
68 #include "cciss_cmd.h"
69 #include "cciss.h"
70 #include <linux/cciss_ioctl.h>
71
72 /* define the PCI info for the cards we can control */
73 static const struct pci_device_id cciss_pci_device_id[] = {
74         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,  0x0E11, 0x4070},
75         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4080},
76         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4082},
77         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4083},
78         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x4091},
79         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409A},
80         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409B},
81         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409C},
82         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409D},
83         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSA,     0x103C, 0x3225},
84         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3223},
85         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3234},
86         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3235},
87         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3211},
88         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3212},
89         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3213},
90         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3214},
91         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3215},
92         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3237},
93         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x323D},
94         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3241},
95         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3243},
96         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3245},
97         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3247},
98         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3249},
99         {PCI_VENDOR_ID_HP,     PCI_ANY_ID,      PCI_ANY_ID, PCI_ANY_ID,
100                 PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
101         {0,}
102 };
103
104 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
105
106 /*  board_id = Subsystem Device ID & Vendor ID
107  *  product = Marketing Name for the board
108  *  access = Address of the struct of function pointers
109  */
110 static struct board_type products[] = {
111         {0x40700E11, "Smart Array 5300", &SA5_access},
112         {0x40800E11, "Smart Array 5i", &SA5B_access},
113         {0x40820E11, "Smart Array 532", &SA5B_access},
114         {0x40830E11, "Smart Array 5312", &SA5B_access},
115         {0x409A0E11, "Smart Array 641", &SA5_access},
116         {0x409B0E11, "Smart Array 642", &SA5_access},
117         {0x409C0E11, "Smart Array 6400", &SA5_access},
118         {0x409D0E11, "Smart Array 6400 EM", &SA5_access},
119         {0x40910E11, "Smart Array 6i", &SA5_access},
120         {0x3225103C, "Smart Array P600", &SA5_access},
121         {0x3223103C, "Smart Array P800", &SA5_access},
122         {0x3234103C, "Smart Array P400", &SA5_access},
123         {0x3235103C, "Smart Array P400i", &SA5_access},
124         {0x3211103C, "Smart Array E200i", &SA5_access},
125         {0x3212103C, "Smart Array E200", &SA5_access},
126         {0x3213103C, "Smart Array E200i", &SA5_access},
127         {0x3214103C, "Smart Array E200i", &SA5_access},
128         {0x3215103C, "Smart Array E200i", &SA5_access},
129         {0x3237103C, "Smart Array E500", &SA5_access},
130         {0x323D103C, "Smart Array P700m", &SA5_access},
131         {0x3241103C, "Smart Array P212", &SA5_access},
132         {0x3243103C, "Smart Array P410", &SA5_access},
133         {0x3245103C, "Smart Array P410i", &SA5_access},
134         {0x3247103C, "Smart Array P411", &SA5_access},
135         {0x3249103C, "Smart Array P812", &SA5_access},
136         {0xFFFF103C, "Unknown Smart Array", &SA5_access},
137 };
138
139 /* How long to wait (in milliseconds) for board to go into simple mode */
140 #define MAX_CONFIG_WAIT 30000
141 #define MAX_IOCTL_CONFIG_WAIT 1000
142
143 /*define how many times we will try a command because of bus resets */
144 #define MAX_CMD_RETRIES 3
145
146 #define MAX_CTLR        32
147
148 /* Originally cciss driver only supports 8 major numbers */
149 #define MAX_CTLR_ORIG   8
150
151 static ctlr_info_t *hba[MAX_CTLR];
152
153 static void do_cciss_request(struct request_queue *q);
154 static irqreturn_t do_cciss_intr(int irq, void *dev_id);
155 static int cciss_open(struct inode *inode, struct file *filep);
156 static int cciss_release(struct inode *inode, struct file *filep);
157 static int cciss_ioctl(struct inode *inode, struct file *filep,
158                        unsigned int cmd, unsigned long arg);
159 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
160
161 static int cciss_revalidate(struct gendisk *disk);
162 static int rebuild_lun_table(ctlr_info_t *h, int first_time);
163 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
164                            int clear_all);
165
166 static void cciss_read_capacity(int ctlr, int logvol, int withirq,
167                         sector_t *total_size, unsigned int *block_size);
168 static void cciss_read_capacity_16(int ctlr, int logvol, int withirq,
169                         sector_t *total_size, unsigned int *block_size);
170 static void cciss_geometry_inquiry(int ctlr, int logvol,
171                         int withirq, sector_t total_size,
172                         unsigned int block_size, InquiryData_struct *inq_buff,
173                                    drive_info_struct *drv);
174 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *,
175                                            __u32);
176 static void start_io(ctlr_info_t *h);
177 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
178                    unsigned int use_unit_num, unsigned int log_unit,
179                    __u8 page_code, unsigned char *scsi3addr, int cmd_type);
180 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
181                            unsigned int use_unit_num, unsigned int log_unit,
182                            __u8 page_code, int cmd_type);
183
184 static void fail_all_cmds(unsigned long ctlr);
185
186 #ifdef CONFIG_PROC_FS
187 static void cciss_procinit(int i);
188 #else
189 static void cciss_procinit(int i)
190 {
191 }
192 #endif                          /* CONFIG_PROC_FS */
193
194 #ifdef CONFIG_COMPAT
195 static long cciss_compat_ioctl(struct file *f, unsigned cmd, unsigned long arg);
196 #endif
197
198 static struct block_device_operations cciss_fops = {
199         .owner = THIS_MODULE,
200         .open = cciss_open,
201         .release = cciss_release,
202         .ioctl = cciss_ioctl,
203         .getgeo = cciss_getgeo,
204 #ifdef CONFIG_COMPAT
205         .compat_ioctl = cciss_compat_ioctl,
206 #endif
207         .revalidate_disk = cciss_revalidate,
208 };
209
210 /*
211  * Enqueuing and dequeuing functions for cmdlists.
212  */
213 static inline void addQ(CommandList_struct **Qptr, CommandList_struct *c)
214 {
215         if (*Qptr == NULL) {
216                 *Qptr = c;
217                 c->next = c->prev = c;
218         } else {
219                 c->prev = (*Qptr)->prev;
220                 c->next = (*Qptr);
221                 (*Qptr)->prev->next = c;
222                 (*Qptr)->prev = c;
223         }
224 }
225
226 static inline CommandList_struct *removeQ(CommandList_struct **Qptr,
227                                           CommandList_struct *c)
228 {
229         if (c && c->next != c) {
230                 if (*Qptr == c)
231                         *Qptr = c->next;
232                 c->prev->next = c->next;
233                 c->next->prev = c->prev;
234         } else {
235                 *Qptr = NULL;
236         }
237         return c;
238 }
239
240 #include "cciss_scsi.c"         /* For SCSI tape support */
241
242 #define RAID_UNKNOWN 6
243
244 #ifdef CONFIG_PROC_FS
245
246 /*
247  * Report information about this controller.
248  */
249 #define ENG_GIG 1000000000
250 #define ENG_GIG_FACTOR (ENG_GIG/512)
251 #define ENGAGE_SCSI     "engage scsi"
252 static const char *raid_label[] = { "0", "4", "1(1+0)", "5", "5+1", "ADG",
253         "UNKNOWN"
254 };
255
256 static struct proc_dir_entry *proc_cciss;
257
258 static void cciss_seq_show_header(struct seq_file *seq)
259 {
260         ctlr_info_t *h = seq->private;
261
262         seq_printf(seq, "%s: HP %s Controller\n"
263                 "Board ID: 0x%08lx\n"
264                 "Firmware Version: %c%c%c%c\n"
265                 "IRQ: %d\n"
266                 "Logical drives: %d\n"
267                 "Current Q depth: %d\n"
268                 "Current # commands on controller: %d\n"
269                 "Max Q depth since init: %d\n"
270                 "Max # commands on controller since init: %d\n"
271                 "Max SG entries since init: %d\n",
272                 h->devname,
273                 h->product_name,
274                 (unsigned long)h->board_id,
275                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2],
276                 h->firm_ver[3], (unsigned int)h->intr[SIMPLE_MODE_INT],
277                 h->num_luns,
278                 h->Qdepth, h->commands_outstanding,
279                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
280
281 #ifdef CONFIG_CISS_SCSI_TAPE
282         cciss_seq_tape_report(seq, h->ctlr);
283 #endif /* CONFIG_CISS_SCSI_TAPE */
284 }
285
286 static void *cciss_seq_start(struct seq_file *seq, loff_t *pos)
287 {
288         ctlr_info_t *h = seq->private;
289         unsigned ctlr = h->ctlr;
290         unsigned long flags;
291
292         /* prevent displaying bogus info during configuration
293          * or deconfiguration of a logical volume
294          */
295         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
296         if (h->busy_configuring) {
297                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
298                 return ERR_PTR(-EBUSY);
299         }
300         h->busy_configuring = 1;
301         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
302
303         if (*pos == 0)
304                 cciss_seq_show_header(seq);
305
306         return pos;
307 }
308
309 static int cciss_seq_show(struct seq_file *seq, void *v)
310 {
311         sector_t vol_sz, vol_sz_frac;
312         ctlr_info_t *h = seq->private;
313         unsigned ctlr = h->ctlr;
314         loff_t *pos = v;
315         drive_info_struct *drv = &h->drv[*pos];
316
317         if (*pos > h->highest_lun)
318                 return 0;
319
320         if (drv->heads == 0)
321                 return 0;
322
323         vol_sz = drv->nr_blocks;
324         vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
325         vol_sz_frac *= 100;
326         sector_div(vol_sz_frac, ENG_GIG_FACTOR);
327
328         if (drv->raid_level > 5)
329                 drv->raid_level = RAID_UNKNOWN;
330         seq_printf(seq, "cciss/c%dd%d:"
331                         "\t%4u.%02uGB\tRAID %s\n",
332                         ctlr, (int) *pos, (int)vol_sz, (int)vol_sz_frac,
333                         raid_label[drv->raid_level]);
334         return 0;
335 }
336
337 static void *cciss_seq_next(struct seq_file *seq, void *v, loff_t *pos)
338 {
339         ctlr_info_t *h = seq->private;
340
341         if (*pos > h->highest_lun)
342                 return NULL;
343         *pos += 1;
344
345         return pos;
346 }
347
348 static void cciss_seq_stop(struct seq_file *seq, void *v)
349 {
350         ctlr_info_t *h = seq->private;
351
352         /* Only reset h->busy_configuring if we succeeded in setting
353          * it during cciss_seq_start. */
354         if (v == ERR_PTR(-EBUSY))
355                 return;
356
357         h->busy_configuring = 0;
358 }
359
360 static struct seq_operations cciss_seq_ops = {
361         .start = cciss_seq_start,
362         .show  = cciss_seq_show,
363         .next  = cciss_seq_next,
364         .stop  = cciss_seq_stop,
365 };
366
367 static int cciss_seq_open(struct inode *inode, struct file *file)
368 {
369         int ret = seq_open(file, &cciss_seq_ops);
370         struct seq_file *seq = file->private_data;
371
372         if (!ret)
373                 seq->private = PDE(inode)->data;
374
375         return ret;
376 }
377
378 static ssize_t
379 cciss_proc_write(struct file *file, const char __user *buf,
380                  size_t length, loff_t *ppos)
381 {
382         int err;
383         char *buffer;
384
385 #ifndef CONFIG_CISS_SCSI_TAPE
386         return -EINVAL;
387 #endif
388
389         if (!buf || length > PAGE_SIZE - 1)
390                 return -EINVAL;
391
392         buffer = (char *)__get_free_page(GFP_KERNEL);
393         if (!buffer)
394                 return -ENOMEM;
395
396         err = -EFAULT;
397         if (copy_from_user(buffer, buf, length))
398                 goto out;
399         buffer[length] = '\0';
400
401 #ifdef CONFIG_CISS_SCSI_TAPE
402         if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) {
403                 struct seq_file *seq = file->private_data;
404                 ctlr_info_t *h = seq->private;
405                 int rc;
406
407                 rc = cciss_engage_scsi(h->ctlr);
408                 if (rc != 0)
409                         err = -rc;
410                 else
411                         err = length;
412         } else
413 #endif /* CONFIG_CISS_SCSI_TAPE */
414                 err = -EINVAL;
415         /* might be nice to have "disengage" too, but it's not
416            safely possible. (only 1 module use count, lock issues.) */
417
418 out:
419         free_page((unsigned long)buffer);
420         return err;
421 }
422
423 static struct file_operations cciss_proc_fops = {
424         .owner   = THIS_MODULE,
425         .open    = cciss_seq_open,
426         .read    = seq_read,
427         .llseek  = seq_lseek,
428         .release = seq_release,
429         .write   = cciss_proc_write,
430 };
431
432 static void __devinit cciss_procinit(int i)
433 {
434         struct proc_dir_entry *pde;
435
436         if (proc_cciss == NULL)
437                 proc_cciss = proc_mkdir("driver/cciss", NULL);
438         if (!proc_cciss)
439                 return;
440         pde = proc_create_data(hba[i]->devname, S_IWUSR | S_IRUSR | S_IRGRP |
441                                         S_IROTH, proc_cciss,
442                                         &cciss_proc_fops, hba[i]);
443 }
444 #endif                          /* CONFIG_PROC_FS */
445
446 /*
447  * For operations that cannot sleep, a command block is allocated at init,
448  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
449  * which ones are free or in use.  For operations that can wait for kmalloc
450  * to possible sleep, this routine can be called with get_from_pool set to 0.
451  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was.
452  */
453 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool)
454 {
455         CommandList_struct *c;
456         int i;
457         u64bit temp64;
458         dma_addr_t cmd_dma_handle, err_dma_handle;
459
460         if (!get_from_pool) {
461                 c = (CommandList_struct *) pci_alloc_consistent(h->pdev,
462                         sizeof(CommandList_struct), &cmd_dma_handle);
463                 if (c == NULL)
464                         return NULL;
465                 memset(c, 0, sizeof(CommandList_struct));
466
467                 c->cmdindex = -1;
468
469                 c->err_info = (ErrorInfo_struct *)
470                     pci_alloc_consistent(h->pdev, sizeof(ErrorInfo_struct),
471                             &err_dma_handle);
472
473                 if (c->err_info == NULL) {
474                         pci_free_consistent(h->pdev,
475                                 sizeof(CommandList_struct), c, cmd_dma_handle);
476                         return NULL;
477                 }
478                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
479         } else {                /* get it out of the controllers pool */
480
481                 do {
482                         i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
483                         if (i == h->nr_cmds)
484                                 return NULL;
485                 } while (test_and_set_bit
486                          (i & (BITS_PER_LONG - 1),
487                           h->cmd_pool_bits + (i / BITS_PER_LONG)) != 0);
488 #ifdef CCISS_DEBUG
489                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
490 #endif
491                 c = h->cmd_pool + i;
492                 memset(c, 0, sizeof(CommandList_struct));
493                 cmd_dma_handle = h->cmd_pool_dhandle
494                     + i * sizeof(CommandList_struct);
495                 c->err_info = h->errinfo_pool + i;
496                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
497                 err_dma_handle = h->errinfo_pool_dhandle
498                     + i * sizeof(ErrorInfo_struct);
499                 h->nr_allocs++;
500
501                 c->cmdindex = i;
502         }
503
504         c->busaddr = (__u32) cmd_dma_handle;
505         temp64.val = (__u64) err_dma_handle;
506         c->ErrDesc.Addr.lower = temp64.val32.lower;
507         c->ErrDesc.Addr.upper = temp64.val32.upper;
508         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
509
510         c->ctlr = h->ctlr;
511         return c;
512 }
513
514 /*
515  * Frees a command block that was previously allocated with cmd_alloc().
516  */
517 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
518 {
519         int i;
520         u64bit temp64;
521
522         if (!got_from_pool) {
523                 temp64.val32.lower = c->ErrDesc.Addr.lower;
524                 temp64.val32.upper = c->ErrDesc.Addr.upper;
525                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct),
526                                     c->err_info, (dma_addr_t) temp64.val);
527                 pci_free_consistent(h->pdev, sizeof(CommandList_struct),
528                                     c, (dma_addr_t) c->busaddr);
529         } else {
530                 i = c - h->cmd_pool;
531                 clear_bit(i & (BITS_PER_LONG - 1),
532                           h->cmd_pool_bits + (i / BITS_PER_LONG));
533                 h->nr_frees++;
534         }
535 }
536
537 static inline ctlr_info_t *get_host(struct gendisk *disk)
538 {
539         return disk->queue->queuedata;
540 }
541
542 static inline drive_info_struct *get_drv(struct gendisk *disk)
543 {
544         return disk->private_data;
545 }
546
547 /*
548  * Open.  Make sure the device is really there.
549  */
550 static int cciss_open(struct inode *inode, struct file *filep)
551 {
552         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
553         drive_info_struct *drv = get_drv(inode->i_bdev->bd_disk);
554
555 #ifdef CCISS_DEBUG
556         printk(KERN_DEBUG "cciss_open %s\n", inode->i_bdev->bd_disk->disk_name);
557 #endif                          /* CCISS_DEBUG */
558
559         if (host->busy_initializing || drv->busy_configuring)
560                 return -EBUSY;
561         /*
562          * Root is allowed to open raw volume zero even if it's not configured
563          * so array config can still work. Root is also allowed to open any
564          * volume that has a LUN ID, so it can issue IOCTL to reread the
565          * disk information.  I don't think I really like this
566          * but I'm already using way to many device nodes to claim another one
567          * for "raw controller".
568          */
569         if (drv->heads == 0) {
570                 if (iminor(inode) != 0) {       /* not node 0? */
571                         /* if not node 0 make sure it is a partition = 0 */
572                         if (iminor(inode) & 0x0f) {
573                                 return -ENXIO;
574                                 /* if it is, make sure we have a LUN ID */
575                         } else if (drv->LunID == 0) {
576                                 return -ENXIO;
577                         }
578                 }
579                 if (!capable(CAP_SYS_ADMIN))
580                         return -EPERM;
581         }
582         drv->usage_count++;
583         host->usage_count++;
584         return 0;
585 }
586
587 /*
588  * Close.  Sync first.
589  */
590 static int cciss_release(struct inode *inode, struct file *filep)
591 {
592         ctlr_info_t *host = get_host(inode->i_bdev->bd_disk);
593         drive_info_struct *drv = get_drv(inode->i_bdev->bd_disk);
594
595 #ifdef CCISS_DEBUG
596         printk(KERN_DEBUG "cciss_release %s\n",
597                inode->i_bdev->bd_disk->disk_name);
598 #endif                          /* CCISS_DEBUG */
599
600         drv->usage_count--;
601         host->usage_count--;
602         return 0;
603 }
604
605 #ifdef CONFIG_COMPAT
606
607 static int do_ioctl(struct file *f, unsigned cmd, unsigned long arg)
608 {
609         int ret;
610         lock_kernel();
611         ret = cciss_ioctl(f->f_path.dentry->d_inode, f, cmd, arg);
612         unlock_kernel();
613         return ret;
614 }
615
616 static int cciss_ioctl32_passthru(struct file *f, unsigned cmd,
617                                   unsigned long arg);
618 static int cciss_ioctl32_big_passthru(struct file *f, unsigned cmd,
619                                       unsigned long arg);
620
621 static long cciss_compat_ioctl(struct file *f, unsigned cmd, unsigned long arg)
622 {
623         switch (cmd) {
624         case CCISS_GETPCIINFO:
625         case CCISS_GETINTINFO:
626         case CCISS_SETINTINFO:
627         case CCISS_GETNODENAME:
628         case CCISS_SETNODENAME:
629         case CCISS_GETHEARTBEAT:
630         case CCISS_GETBUSTYPES:
631         case CCISS_GETFIRMVER:
632         case CCISS_GETDRIVVER:
633         case CCISS_REVALIDVOLS:
634         case CCISS_DEREGDISK:
635         case CCISS_REGNEWDISK:
636         case CCISS_REGNEWD:
637         case CCISS_RESCANDISK:
638         case CCISS_GETLUNINFO:
639                 return do_ioctl(f, cmd, arg);
640
641         case CCISS_PASSTHRU32:
642                 return cciss_ioctl32_passthru(f, cmd, arg);
643         case CCISS_BIG_PASSTHRU32:
644                 return cciss_ioctl32_big_passthru(f, cmd, arg);
645
646         default:
647                 return -ENOIOCTLCMD;
648         }
649 }
650
651 static int cciss_ioctl32_passthru(struct file *f, unsigned cmd,
652                                   unsigned long arg)
653 {
654         IOCTL32_Command_struct __user *arg32 =
655             (IOCTL32_Command_struct __user *) arg;
656         IOCTL_Command_struct arg64;
657         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
658         int err;
659         u32 cp;
660
661         err = 0;
662         err |=
663             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
664                            sizeof(arg64.LUN_info));
665         err |=
666             copy_from_user(&arg64.Request, &arg32->Request,
667                            sizeof(arg64.Request));
668         err |=
669             copy_from_user(&arg64.error_info, &arg32->error_info,
670                            sizeof(arg64.error_info));
671         err |= get_user(arg64.buf_size, &arg32->buf_size);
672         err |= get_user(cp, &arg32->buf);
673         arg64.buf = compat_ptr(cp);
674         err |= copy_to_user(p, &arg64, sizeof(arg64));
675
676         if (err)
677                 return -EFAULT;
678
679         err = do_ioctl(f, CCISS_PASSTHRU, (unsigned long)p);
680         if (err)
681                 return err;
682         err |=
683             copy_in_user(&arg32->error_info, &p->error_info,
684                          sizeof(arg32->error_info));
685         if (err)
686                 return -EFAULT;
687         return err;
688 }
689
690 static int cciss_ioctl32_big_passthru(struct file *file, unsigned cmd,
691                                       unsigned long arg)
692 {
693         BIG_IOCTL32_Command_struct __user *arg32 =
694             (BIG_IOCTL32_Command_struct __user *) arg;
695         BIG_IOCTL_Command_struct arg64;
696         BIG_IOCTL_Command_struct __user *p =
697             compat_alloc_user_space(sizeof(arg64));
698         int err;
699         u32 cp;
700
701         err = 0;
702         err |=
703             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
704                            sizeof(arg64.LUN_info));
705         err |=
706             copy_from_user(&arg64.Request, &arg32->Request,
707                            sizeof(arg64.Request));
708         err |=
709             copy_from_user(&arg64.error_info, &arg32->error_info,
710                            sizeof(arg64.error_info));
711         err |= get_user(arg64.buf_size, &arg32->buf_size);
712         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
713         err |= get_user(cp, &arg32->buf);
714         arg64.buf = compat_ptr(cp);
715         err |= copy_to_user(p, &arg64, sizeof(arg64));
716
717         if (err)
718                 return -EFAULT;
719
720         err = do_ioctl(file, CCISS_BIG_PASSTHRU, (unsigned long)p);
721         if (err)
722                 return err;
723         err |=
724             copy_in_user(&arg32->error_info, &p->error_info,
725                          sizeof(arg32->error_info));
726         if (err)
727                 return -EFAULT;
728         return err;
729 }
730 #endif
731
732 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
733 {
734         drive_info_struct *drv = get_drv(bdev->bd_disk);
735
736         if (!drv->cylinders)
737                 return -ENXIO;
738
739         geo->heads = drv->heads;
740         geo->sectors = drv->sectors;
741         geo->cylinders = drv->cylinders;
742         return 0;
743 }
744
745 /*
746  * ioctl
747  */
748 static int cciss_ioctl(struct inode *inode, struct file *filep,
749                        unsigned int cmd, unsigned long arg)
750 {
751         struct block_device *bdev = inode->i_bdev;
752         struct gendisk *disk = bdev->bd_disk;
753         ctlr_info_t *host = get_host(disk);
754         drive_info_struct *drv = get_drv(disk);
755         int ctlr = host->ctlr;
756         void __user *argp = (void __user *)arg;
757
758 #ifdef CCISS_DEBUG
759         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
760 #endif                          /* CCISS_DEBUG */
761
762         switch (cmd) {
763         case CCISS_GETPCIINFO:
764                 {
765                         cciss_pci_info_struct pciinfo;
766
767                         if (!arg)
768                                 return -EINVAL;
769                         pciinfo.domain = pci_domain_nr(host->pdev->bus);
770                         pciinfo.bus = host->pdev->bus->number;
771                         pciinfo.dev_fn = host->pdev->devfn;
772                         pciinfo.board_id = host->board_id;
773                         if (copy_to_user
774                             (argp, &pciinfo, sizeof(cciss_pci_info_struct)))
775                                 return -EFAULT;
776                         return 0;
777                 }
778         case CCISS_GETINTINFO:
779                 {
780                         cciss_coalint_struct intinfo;
781                         if (!arg)
782                                 return -EINVAL;
783                         intinfo.delay =
784                             readl(&host->cfgtable->HostWrite.CoalIntDelay);
785                         intinfo.count =
786                             readl(&host->cfgtable->HostWrite.CoalIntCount);
787                         if (copy_to_user
788                             (argp, &intinfo, sizeof(cciss_coalint_struct)))
789                                 return -EFAULT;
790                         return 0;
791                 }
792         case CCISS_SETINTINFO:
793                 {
794                         cciss_coalint_struct intinfo;
795                         unsigned long flags;
796                         int i;
797
798                         if (!arg)
799                                 return -EINVAL;
800                         if (!capable(CAP_SYS_ADMIN))
801                                 return -EPERM;
802                         if (copy_from_user
803                             (&intinfo, argp, sizeof(cciss_coalint_struct)))
804                                 return -EFAULT;
805                         if ((intinfo.delay == 0) && (intinfo.count == 0))
806                         {
807 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
808                                 return -EINVAL;
809                         }
810                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
811                         /* Update the field, and then ring the doorbell */
812                         writel(intinfo.delay,
813                                &(host->cfgtable->HostWrite.CoalIntDelay));
814                         writel(intinfo.count,
815                                &(host->cfgtable->HostWrite.CoalIntCount));
816                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
817
818                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
819                                 if (!(readl(host->vaddr + SA5_DOORBELL)
820                                       & CFGTBL_ChangeReq))
821                                         break;
822                                 /* delay and try again */
823                                 udelay(1000);
824                         }
825                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
826                         if (i >= MAX_IOCTL_CONFIG_WAIT)
827                                 return -EAGAIN;
828                         return 0;
829                 }
830         case CCISS_GETNODENAME:
831                 {
832                         NodeName_type NodeName;
833                         int i;
834
835                         if (!arg)
836                                 return -EINVAL;
837                         for (i = 0; i < 16; i++)
838                                 NodeName[i] =
839                                     readb(&host->cfgtable->ServerName[i]);
840                         if (copy_to_user(argp, NodeName, sizeof(NodeName_type)))
841                                 return -EFAULT;
842                         return 0;
843                 }
844         case CCISS_SETNODENAME:
845                 {
846                         NodeName_type NodeName;
847                         unsigned long flags;
848                         int i;
849
850                         if (!arg)
851                                 return -EINVAL;
852                         if (!capable(CAP_SYS_ADMIN))
853                                 return -EPERM;
854
855                         if (copy_from_user
856                             (NodeName, argp, sizeof(NodeName_type)))
857                                 return -EFAULT;
858
859                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
860
861                         /* Update the field, and then ring the doorbell */
862                         for (i = 0; i < 16; i++)
863                                 writeb(NodeName[i],
864                                        &host->cfgtable->ServerName[i]);
865
866                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
867
868                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
869                                 if (!(readl(host->vaddr + SA5_DOORBELL)
870                                       & CFGTBL_ChangeReq))
871                                         break;
872                                 /* delay and try again */
873                                 udelay(1000);
874                         }
875                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
876                         if (i >= MAX_IOCTL_CONFIG_WAIT)
877                                 return -EAGAIN;
878                         return 0;
879                 }
880
881         case CCISS_GETHEARTBEAT:
882                 {
883                         Heartbeat_type heartbeat;
884
885                         if (!arg)
886                                 return -EINVAL;
887                         heartbeat = readl(&host->cfgtable->HeartBeat);
888                         if (copy_to_user
889                             (argp, &heartbeat, sizeof(Heartbeat_type)))
890                                 return -EFAULT;
891                         return 0;
892                 }
893         case CCISS_GETBUSTYPES:
894                 {
895                         BusTypes_type BusTypes;
896
897                         if (!arg)
898                                 return -EINVAL;
899                         BusTypes = readl(&host->cfgtable->BusTypes);
900                         if (copy_to_user
901                             (argp, &BusTypes, sizeof(BusTypes_type)))
902                                 return -EFAULT;
903                         return 0;
904                 }
905         case CCISS_GETFIRMVER:
906                 {
907                         FirmwareVer_type firmware;
908
909                         if (!arg)
910                                 return -EINVAL;
911                         memcpy(firmware, host->firm_ver, 4);
912
913                         if (copy_to_user
914                             (argp, firmware, sizeof(FirmwareVer_type)))
915                                 return -EFAULT;
916                         return 0;
917                 }
918         case CCISS_GETDRIVVER:
919                 {
920                         DriverVer_type DriverVer = DRIVER_VERSION;
921
922                         if (!arg)
923                                 return -EINVAL;
924
925                         if (copy_to_user
926                             (argp, &DriverVer, sizeof(DriverVer_type)))
927                                 return -EFAULT;
928                         return 0;
929                 }
930
931         case CCISS_DEREGDISK:
932         case CCISS_REGNEWD:
933         case CCISS_REVALIDVOLS:
934                 return rebuild_lun_table(host, 0);
935
936         case CCISS_GETLUNINFO:{
937                         LogvolInfo_struct luninfo;
938
939                         luninfo.LunID = drv->LunID;
940                         luninfo.num_opens = drv->usage_count;
941                         luninfo.num_parts = 0;
942                         if (copy_to_user(argp, &luninfo,
943                                          sizeof(LogvolInfo_struct)))
944                                 return -EFAULT;
945                         return 0;
946                 }
947         case CCISS_PASSTHRU:
948                 {
949                         IOCTL_Command_struct iocommand;
950                         CommandList_struct *c;
951                         char *buff = NULL;
952                         u64bit temp64;
953                         unsigned long flags;
954                         DECLARE_COMPLETION_ONSTACK(wait);
955
956                         if (!arg)
957                                 return -EINVAL;
958
959                         if (!capable(CAP_SYS_RAWIO))
960                                 return -EPERM;
961
962                         if (copy_from_user
963                             (&iocommand, argp, sizeof(IOCTL_Command_struct)))
964                                 return -EFAULT;
965                         if ((iocommand.buf_size < 1) &&
966                             (iocommand.Request.Type.Direction != XFER_NONE)) {
967                                 return -EINVAL;
968                         }
969 #if 0                           /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
970                         /* Check kmalloc limits */
971                         if (iocommand.buf_size > 128000)
972                                 return -EINVAL;
973 #endif
974                         if (iocommand.buf_size > 0) {
975                                 buff = kmalloc(iocommand.buf_size, GFP_KERNEL);
976                                 if (buff == NULL)
977                                         return -EFAULT;
978                         }
979                         if (iocommand.Request.Type.Direction == XFER_WRITE) {
980                                 /* Copy the data into the buffer we created */
981                                 if (copy_from_user
982                                     (buff, iocommand.buf, iocommand.buf_size)) {
983                                         kfree(buff);
984                                         return -EFAULT;
985                                 }
986                         } else {
987                                 memset(buff, 0, iocommand.buf_size);
988                         }
989                         if ((c = cmd_alloc(host, 0)) == NULL) {
990                                 kfree(buff);
991                                 return -ENOMEM;
992                         }
993                         // Fill in the command type
994                         c->cmd_type = CMD_IOCTL_PEND;
995                         // Fill in Command Header
996                         c->Header.ReplyQueue = 0;       // unused in simple mode
997                         if (iocommand.buf_size > 0)     // buffer to fill
998                         {
999                                 c->Header.SGList = 1;
1000                                 c->Header.SGTotal = 1;
1001                         } else  // no buffers to fill
1002                         {
1003                                 c->Header.SGList = 0;
1004                                 c->Header.SGTotal = 0;
1005                         }
1006                         c->Header.LUN = iocommand.LUN_info;
1007                         c->Header.Tag.lower = c->busaddr;       // use the kernel address the cmd block for tag
1008
1009                         // Fill in Request block
1010                         c->Request = iocommand.Request;
1011
1012                         // Fill in the scatter gather information
1013                         if (iocommand.buf_size > 0) {
1014                                 temp64.val = pci_map_single(host->pdev, buff,
1015                                         iocommand.buf_size,
1016                                         PCI_DMA_BIDIRECTIONAL);
1017                                 c->SG[0].Addr.lower = temp64.val32.lower;
1018                                 c->SG[0].Addr.upper = temp64.val32.upper;
1019                                 c->SG[0].Len = iocommand.buf_size;
1020                                 c->SG[0].Ext = 0;       // we are not chaining
1021                         }
1022                         c->waiting = &wait;
1023
1024                         /* Put the request on the tail of the request queue */
1025                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1026                         addQ(&host->reqQ, c);
1027                         host->Qdepth++;
1028                         start_io(host);
1029                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1030
1031                         wait_for_completion(&wait);
1032
1033                         /* unlock the buffers from DMA */
1034                         temp64.val32.lower = c->SG[0].Addr.lower;
1035                         temp64.val32.upper = c->SG[0].Addr.upper;
1036                         pci_unmap_single(host->pdev, (dma_addr_t) temp64.val,
1037                                          iocommand.buf_size,
1038                                          PCI_DMA_BIDIRECTIONAL);
1039
1040                         /* Copy the error information out */
1041                         iocommand.error_info = *(c->err_info);
1042                         if (copy_to_user
1043                             (argp, &iocommand, sizeof(IOCTL_Command_struct))) {
1044                                 kfree(buff);
1045                                 cmd_free(host, c, 0);
1046                                 return -EFAULT;
1047                         }
1048
1049                         if (iocommand.Request.Type.Direction == XFER_READ) {
1050                                 /* Copy the data out of the buffer we created */
1051                                 if (copy_to_user
1052                                     (iocommand.buf, buff, iocommand.buf_size)) {
1053                                         kfree(buff);
1054                                         cmd_free(host, c, 0);
1055                                         return -EFAULT;
1056                                 }
1057                         }
1058                         kfree(buff);
1059                         cmd_free(host, c, 0);
1060                         return 0;
1061                 }
1062         case CCISS_BIG_PASSTHRU:{
1063                         BIG_IOCTL_Command_struct *ioc;
1064                         CommandList_struct *c;
1065                         unsigned char **buff = NULL;
1066                         int *buff_size = NULL;
1067                         u64bit temp64;
1068                         unsigned long flags;
1069                         BYTE sg_used = 0;
1070                         int status = 0;
1071                         int i;
1072                         DECLARE_COMPLETION_ONSTACK(wait);
1073                         __u32 left;
1074                         __u32 sz;
1075                         BYTE __user *data_ptr;
1076
1077                         if (!arg)
1078                                 return -EINVAL;
1079                         if (!capable(CAP_SYS_RAWIO))
1080                                 return -EPERM;
1081                         ioc = (BIG_IOCTL_Command_struct *)
1082                             kmalloc(sizeof(*ioc), GFP_KERNEL);
1083                         if (!ioc) {
1084                                 status = -ENOMEM;
1085                                 goto cleanup1;
1086                         }
1087                         if (copy_from_user(ioc, argp, sizeof(*ioc))) {
1088                                 status = -EFAULT;
1089                                 goto cleanup1;
1090                         }
1091                         if ((ioc->buf_size < 1) &&
1092                             (ioc->Request.Type.Direction != XFER_NONE)) {
1093                                 status = -EINVAL;
1094                                 goto cleanup1;
1095                         }
1096                         /* Check kmalloc limits  using all SGs */
1097                         if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
1098                                 status = -EINVAL;
1099                                 goto cleanup1;
1100                         }
1101                         if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
1102                                 status = -EINVAL;
1103                                 goto cleanup1;
1104                         }
1105                         buff =
1106                             kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
1107                         if (!buff) {
1108                                 status = -ENOMEM;
1109                                 goto cleanup1;
1110                         }
1111                         buff_size = kmalloc(MAXSGENTRIES * sizeof(int),
1112                                                    GFP_KERNEL);
1113                         if (!buff_size) {
1114                                 status = -ENOMEM;
1115                                 goto cleanup1;
1116                         }
1117                         left = ioc->buf_size;
1118                         data_ptr = ioc->buf;
1119                         while (left) {
1120                                 sz = (left >
1121                                       ioc->malloc_size) ? ioc->
1122                                     malloc_size : left;
1123                                 buff_size[sg_used] = sz;
1124                                 buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1125                                 if (buff[sg_used] == NULL) {
1126                                         status = -ENOMEM;
1127                                         goto cleanup1;
1128                                 }
1129                                 if (ioc->Request.Type.Direction == XFER_WRITE) {
1130                                         if (copy_from_user
1131                                             (buff[sg_used], data_ptr, sz)) {
1132                                                 status = -EFAULT;
1133                                                 goto cleanup1;
1134                                         }
1135                                 } else {
1136                                         memset(buff[sg_used], 0, sz);
1137                                 }
1138                                 left -= sz;
1139                                 data_ptr += sz;
1140                                 sg_used++;
1141                         }
1142                         if ((c = cmd_alloc(host, 0)) == NULL) {
1143                                 status = -ENOMEM;
1144                                 goto cleanup1;
1145                         }
1146                         c->cmd_type = CMD_IOCTL_PEND;
1147                         c->Header.ReplyQueue = 0;
1148
1149                         if (ioc->buf_size > 0) {
1150                                 c->Header.SGList = sg_used;
1151                                 c->Header.SGTotal = sg_used;
1152                         } else {
1153                                 c->Header.SGList = 0;
1154                                 c->Header.SGTotal = 0;
1155                         }
1156                         c->Header.LUN = ioc->LUN_info;
1157                         c->Header.Tag.lower = c->busaddr;
1158
1159                         c->Request = ioc->Request;
1160                         if (ioc->buf_size > 0) {
1161                                 int i;
1162                                 for (i = 0; i < sg_used; i++) {
1163                                         temp64.val =
1164                                             pci_map_single(host->pdev, buff[i],
1165                                                     buff_size[i],
1166                                                     PCI_DMA_BIDIRECTIONAL);
1167                                         c->SG[i].Addr.lower =
1168                                             temp64.val32.lower;
1169                                         c->SG[i].Addr.upper =
1170                                             temp64.val32.upper;
1171                                         c->SG[i].Len = buff_size[i];
1172                                         c->SG[i].Ext = 0;       /* we are not chaining */
1173                                 }
1174                         }
1175                         c->waiting = &wait;
1176                         /* Put the request on the tail of the request queue */
1177                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1178                         addQ(&host->reqQ, c);
1179                         host->Qdepth++;
1180                         start_io(host);
1181                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1182                         wait_for_completion(&wait);
1183                         /* unlock the buffers from DMA */
1184                         for (i = 0; i < sg_used; i++) {
1185                                 temp64.val32.lower = c->SG[i].Addr.lower;
1186                                 temp64.val32.upper = c->SG[i].Addr.upper;
1187                                 pci_unmap_single(host->pdev,
1188                                         (dma_addr_t) temp64.val, buff_size[i],
1189                                         PCI_DMA_BIDIRECTIONAL);
1190                         }
1191                         /* Copy the error information out */
1192                         ioc->error_info = *(c->err_info);
1193                         if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1194                                 cmd_free(host, c, 0);
1195                                 status = -EFAULT;
1196                                 goto cleanup1;
1197                         }
1198                         if (ioc->Request.Type.Direction == XFER_READ) {
1199                                 /* Copy the data out of the buffer we created */
1200                                 BYTE __user *ptr = ioc->buf;
1201                                 for (i = 0; i < sg_used; i++) {
1202                                         if (copy_to_user
1203                                             (ptr, buff[i], buff_size[i])) {
1204                                                 cmd_free(host, c, 0);
1205                                                 status = -EFAULT;
1206                                                 goto cleanup1;
1207                                         }
1208                                         ptr += buff_size[i];
1209                                 }
1210                         }
1211                         cmd_free(host, c, 0);
1212                         status = 0;
1213                       cleanup1:
1214                         if (buff) {
1215                                 for (i = 0; i < sg_used; i++)
1216                                         kfree(buff[i]);
1217                                 kfree(buff);
1218                         }
1219                         kfree(buff_size);
1220                         kfree(ioc);
1221                         return status;
1222                 }
1223
1224         /* scsi_cmd_ioctl handles these, below, though some are not */
1225         /* very meaningful for cciss.  SG_IO is the main one people want. */
1226
1227         case SG_GET_VERSION_NUM:
1228         case SG_SET_TIMEOUT:
1229         case SG_GET_TIMEOUT:
1230         case SG_GET_RESERVED_SIZE:
1231         case SG_SET_RESERVED_SIZE:
1232         case SG_EMULATED_HOST:
1233         case SG_IO:
1234         case SCSI_IOCTL_SEND_COMMAND:
1235                 return scsi_cmd_ioctl(filep, disk->queue, disk, cmd, argp);
1236
1237         /* scsi_cmd_ioctl would normally handle these, below, but */
1238         /* they aren't a good fit for cciss, as CD-ROMs are */
1239         /* not supported, and we don't have any bus/target/lun */
1240         /* which we present to the kernel. */
1241
1242         case CDROM_SEND_PACKET:
1243         case CDROMCLOSETRAY:
1244         case CDROMEJECT:
1245         case SCSI_IOCTL_GET_IDLUN:
1246         case SCSI_IOCTL_GET_BUS_NUMBER:
1247         default:
1248                 return -ENOTTY;
1249         }
1250 }
1251
1252 static void cciss_check_queues(ctlr_info_t *h)
1253 {
1254         int start_queue = h->next_to_run;
1255         int i;
1256
1257         /* check to see if we have maxed out the number of commands that can
1258          * be placed on the queue.  If so then exit.  We do this check here
1259          * in case the interrupt we serviced was from an ioctl and did not
1260          * free any new commands.
1261          */
1262         if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds)
1263                 return;
1264
1265         /* We have room on the queue for more commands.  Now we need to queue
1266          * them up.  We will also keep track of the next queue to run so
1267          * that every queue gets a chance to be started first.
1268          */
1269         for (i = 0; i < h->highest_lun + 1; i++) {
1270                 int curr_queue = (start_queue + i) % (h->highest_lun + 1);
1271                 /* make sure the disk has been added and the drive is real
1272                  * because this can be called from the middle of init_one.
1273                  */
1274                 if (!(h->drv[curr_queue].queue) || !(h->drv[curr_queue].heads))
1275                         continue;
1276                 blk_start_queue(h->gendisk[curr_queue]->queue);
1277
1278                 /* check to see if we have maxed out the number of commands
1279                  * that can be placed on the queue.
1280                  */
1281                 if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds) {
1282                         if (curr_queue == start_queue) {
1283                                 h->next_to_run =
1284                                     (start_queue + 1) % (h->highest_lun + 1);
1285                                 break;
1286                         } else {
1287                                 h->next_to_run = curr_queue;
1288                                 break;
1289                         }
1290                 }
1291         }
1292 }
1293
1294 static void cciss_softirq_done(struct request *rq)
1295 {
1296         CommandList_struct *cmd = rq->completion_data;
1297         ctlr_info_t *h = hba[cmd->ctlr];
1298         unsigned long flags;
1299         u64bit temp64;
1300         int i, ddir;
1301
1302         if (cmd->Request.Type.Direction == XFER_READ)
1303                 ddir = PCI_DMA_FROMDEVICE;
1304         else
1305                 ddir = PCI_DMA_TODEVICE;
1306
1307         /* command did not need to be retried */
1308         /* unmap the DMA mapping for all the scatter gather elements */
1309         for (i = 0; i < cmd->Header.SGList; i++) {
1310                 temp64.val32.lower = cmd->SG[i].Addr.lower;
1311                 temp64.val32.upper = cmd->SG[i].Addr.upper;
1312                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
1313         }
1314
1315 #ifdef CCISS_DEBUG
1316         printk("Done with %p\n", rq);
1317 #endif                          /* CCISS_DEBUG */
1318
1319         if (blk_end_request(rq, (rq->errors == 0) ? 0 : -EIO, blk_rq_bytes(rq)))
1320                 BUG();
1321
1322         spin_lock_irqsave(&h->lock, flags);
1323         cmd_free(h, cmd, 1);
1324         cciss_check_queues(h);
1325         spin_unlock_irqrestore(&h->lock, flags);
1326 }
1327
1328 /* This function gets the serial number of a logical drive via
1329  * inquiry page 0x83.  Serial no. is 16 bytes.  If the serial
1330  * number cannot be had, for whatever reason, 16 bytes of 0xff
1331  * are returned instead.
1332  */
1333 static void cciss_get_serial_no(int ctlr, int logvol, int withirq,
1334                                 unsigned char *serial_no, int buflen)
1335 {
1336 #define PAGE_83_INQ_BYTES 64
1337         int rc;
1338         unsigned char *buf;
1339
1340         if (buflen > 16)
1341                 buflen = 16;
1342         memset(serial_no, 0xff, buflen);
1343         buf = kzalloc(PAGE_83_INQ_BYTES, GFP_KERNEL);
1344         if (!buf)
1345                 return;
1346         memset(serial_no, 0, buflen);
1347         if (withirq)
1348                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, buf,
1349                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, TYPE_CMD);
1350         else
1351                 rc = sendcmd(CISS_INQUIRY, ctlr, buf,
1352                         PAGE_83_INQ_BYTES, 1, logvol, 0x83, NULL, TYPE_CMD);
1353         if (rc == IO_OK)
1354                 memcpy(serial_no, &buf[8], buflen);
1355         kfree(buf);
1356         return;
1357 }
1358
1359 static void cciss_add_disk(ctlr_info_t *h, struct gendisk *disk,
1360                                 int drv_index)
1361 {
1362         disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1363         sprintf(disk->disk_name, "cciss/c%dd%d", h->ctlr, drv_index);
1364         disk->major = h->major;
1365         disk->first_minor = drv_index << NWD_SHIFT;
1366         disk->fops = &cciss_fops;
1367         disk->private_data = &h->drv[drv_index];
1368
1369         /* Set up queue information */
1370         blk_queue_bounce_limit(disk->queue, h->pdev->dma_mask);
1371
1372         /* This is a hardware imposed limit. */
1373         blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1374
1375         /* This is a limit in the driver and could be eliminated. */
1376         blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1377
1378         blk_queue_max_sectors(disk->queue, h->cciss_max_sectors);
1379
1380         blk_queue_softirq_done(disk->queue, cciss_softirq_done);
1381
1382         disk->queue->queuedata = h;
1383
1384         blk_queue_hardsect_size(disk->queue,
1385                                 h->drv[drv_index].block_size);
1386
1387         /* Make sure all queue data is written out before */
1388         /* setting h->drv[drv_index].queue, as setting this */
1389         /* allows the interrupt handler to start the queue */
1390         wmb();
1391         h->drv[drv_index].queue = disk->queue;
1392         add_disk(disk);
1393 }
1394
1395 /* This function will check the usage_count of the drive to be updated/added.
1396  * If the usage_count is zero and it is a heretofore unknown drive, or,
1397  * the drive's capacity, geometry, or serial number has changed,
1398  * then the drive information will be updated and the disk will be
1399  * re-registered with the kernel.  If these conditions don't hold,
1400  * then it will be left alone for the next reboot.  The exception to this
1401  * is disk 0 which will always be left registered with the kernel since it
1402  * is also the controller node.  Any changes to disk 0 will show up on
1403  * the next reboot.
1404  */
1405 static void cciss_update_drive_info(int ctlr, int drv_index, int first_time)
1406 {
1407         ctlr_info_t *h = hba[ctlr];
1408         struct gendisk *disk;
1409         InquiryData_struct *inq_buff = NULL;
1410         unsigned int block_size;
1411         sector_t total_size;
1412         unsigned long flags = 0;
1413         int ret = 0;
1414         drive_info_struct *drvinfo;
1415         int was_only_controller_node;
1416
1417         /* Get information about the disk and modify the driver structure */
1418         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1419         drvinfo = kmalloc(sizeof(*drvinfo), GFP_KERNEL);
1420         if (inq_buff == NULL || drvinfo == NULL)
1421                 goto mem_msg;
1422
1423         /* See if we're trying to update the "controller node"
1424          * this will happen the when the first logical drive gets
1425          * created by ACU.
1426          */
1427         was_only_controller_node = (drv_index == 0 &&
1428                                 h->drv[0].raid_level == -1);
1429
1430         /* testing to see if 16-byte CDBs are already being used */
1431         if (h->cciss_read == CCISS_READ_16) {
1432                 cciss_read_capacity_16(h->ctlr, drv_index, 1,
1433                         &total_size, &block_size);
1434
1435         } else {
1436                 cciss_read_capacity(ctlr, drv_index, 1,
1437                                     &total_size, &block_size);
1438
1439                 /* if read_capacity returns all F's this volume is >2TB */
1440                 /* in size so we switch to 16-byte CDB's for all */
1441                 /* read/write ops */
1442                 if (total_size == 0xFFFFFFFFULL) {
1443                         cciss_read_capacity_16(ctlr, drv_index, 1,
1444                         &total_size, &block_size);
1445                         h->cciss_read = CCISS_READ_16;
1446                         h->cciss_write = CCISS_WRITE_16;
1447                 } else {
1448                         h->cciss_read = CCISS_READ_10;
1449                         h->cciss_write = CCISS_WRITE_10;
1450                 }
1451         }
1452
1453         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1454                                inq_buff, drvinfo);
1455         drvinfo->block_size = block_size;
1456         drvinfo->nr_blocks = total_size + 1;
1457
1458         cciss_get_serial_no(ctlr, drv_index, 1, drvinfo->serial_no,
1459                         sizeof(drvinfo->serial_no));
1460
1461         /* Is it the same disk we already know, and nothing's changed? */
1462         if (h->drv[drv_index].raid_level != -1 &&
1463                 ((memcmp(drvinfo->serial_no,
1464                                 h->drv[drv_index].serial_no, 16) == 0) &&
1465                 drvinfo->block_size == h->drv[drv_index].block_size &&
1466                 drvinfo->nr_blocks == h->drv[drv_index].nr_blocks &&
1467                 drvinfo->heads == h->drv[drv_index].heads &&
1468                 drvinfo->sectors == h->drv[drv_index].sectors &&
1469                 drvinfo->cylinders == h->drv[drv_index].cylinders))
1470                         /* The disk is unchanged, nothing to update */
1471                         goto freeret;
1472
1473         /* If we get here it's not the same disk, or something's changed,
1474          * so we need to * deregister it, and re-register it, if it's not
1475          * in use.
1476          * If the disk already exists then deregister it before proceeding
1477          * (unless it's the first disk (for the controller node).
1478          */
1479         if (h->drv[drv_index].raid_level != -1 && drv_index != 0) {
1480                 printk(KERN_WARNING "disk %d has changed.\n", drv_index);
1481                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1482                 h->drv[drv_index].busy_configuring = 1;
1483                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1484
1485                 /* deregister_disk sets h->drv[drv_index].queue = NULL
1486                  * which keeps the interrupt handler from starting
1487                  * the queue.
1488                  */
1489                 ret = deregister_disk(h->gendisk[drv_index],
1490                                       &h->drv[drv_index], 0);
1491                 h->drv[drv_index].busy_configuring = 0;
1492         }
1493
1494         /* If the disk is in use return */
1495         if (ret)
1496                 goto freeret;
1497
1498         /* Save the new information from cciss_geometry_inquiry
1499          * and serial number inquiry.
1500          */
1501         h->drv[drv_index].block_size = drvinfo->block_size;
1502         h->drv[drv_index].nr_blocks = drvinfo->nr_blocks;
1503         h->drv[drv_index].heads = drvinfo->heads;
1504         h->drv[drv_index].sectors = drvinfo->sectors;
1505         h->drv[drv_index].cylinders = drvinfo->cylinders;
1506         h->drv[drv_index].raid_level = drvinfo->raid_level;
1507         memcpy(h->drv[drv_index].serial_no, drvinfo->serial_no, 16);
1508
1509         ++h->num_luns;
1510         disk = h->gendisk[drv_index];
1511         set_capacity(disk, h->drv[drv_index].nr_blocks);
1512
1513         /* If it's not disk 0 (drv_index != 0)
1514          * or if it was disk 0, but there was previously
1515          * no actual corresponding configured logical drive
1516          * (raid_leve == -1) then we want to update the
1517          * logical drive's information.
1518          */
1519         if (drv_index || first_time)
1520                 cciss_add_disk(h, disk, drv_index);
1521
1522 freeret:
1523         kfree(inq_buff);
1524         kfree(drvinfo);
1525         return;
1526 mem_msg:
1527         printk(KERN_ERR "cciss: out of memory\n");
1528         goto freeret;
1529 }
1530
1531 /* This function will find the first index of the controllers drive array
1532  * that has a -1 for the raid_level and will return that index.  This is
1533  * where new drives will be added.  If the index to be returned is greater
1534  * than the highest_lun index for the controller then highest_lun is set
1535  * to this new index.  If there are no available indexes then -1 is returned.
1536  * "controller_node" is used to know if this is a real logical drive, or just
1537  * the controller node, which determines if this counts towards highest_lun.
1538  */
1539 static int cciss_find_free_drive_index(int ctlr, int controller_node)
1540 {
1541         int i;
1542
1543         for (i = 0; i < CISS_MAX_LUN; i++) {
1544                 if (hba[ctlr]->drv[i].raid_level == -1) {
1545                         if (i > hba[ctlr]->highest_lun)
1546                                 if (!controller_node)
1547                                         hba[ctlr]->highest_lun = i;
1548                         return i;
1549                 }
1550         }
1551         return -1;
1552 }
1553
1554 /* cciss_add_gendisk finds a free hba[]->drv structure
1555  * and allocates a gendisk if needed, and sets the lunid
1556  * in the drvinfo structure.   It returns the index into
1557  * the ->drv[] array, or -1 if none are free.
1558  * is_controller_node indicates whether highest_lun should
1559  * count this disk, or if it's only being added to provide
1560  * a means to talk to the controller in case no logical
1561  * drives have yet been configured.
1562  */
1563 static int cciss_add_gendisk(ctlr_info_t *h, __u32 lunid, int controller_node)
1564 {
1565         int drv_index;
1566
1567         drv_index = cciss_find_free_drive_index(h->ctlr, controller_node);
1568         if (drv_index == -1)
1569                 return -1;
1570         /*Check if the gendisk needs to be allocated */
1571         if (!h->gendisk[drv_index]) {
1572                 h->gendisk[drv_index] =
1573                         alloc_disk(1 << NWD_SHIFT);
1574                 if (!h->gendisk[drv_index]) {
1575                         printk(KERN_ERR "cciss%d: could not "
1576                                 "allocate a new disk %d\n",
1577                                 h->ctlr, drv_index);
1578                         return -1;
1579                 }
1580         }
1581         h->drv[drv_index].LunID = lunid;
1582
1583         /* Don't need to mark this busy because nobody */
1584         /* else knows about this disk yet to contend */
1585         /* for access to it. */
1586         h->drv[drv_index].busy_configuring = 0;
1587         wmb();
1588         return drv_index;
1589 }
1590
1591 /* This is for the special case of a controller which
1592  * has no logical drives.  In this case, we still need
1593  * to register a disk so the controller can be accessed
1594  * by the Array Config Utility.
1595  */
1596 static void cciss_add_controller_node(ctlr_info_t *h)
1597 {
1598         struct gendisk *disk;
1599         int drv_index;
1600
1601         if (h->gendisk[0] != NULL) /* already did this? Then bail. */
1602                 return;
1603
1604         drv_index = cciss_add_gendisk(h, 0, 1);
1605         if (drv_index == -1) {
1606                 printk(KERN_WARNING "cciss%d: could not "
1607                         "add disk 0.\n", h->ctlr);
1608                 return;
1609         }
1610         h->drv[drv_index].block_size = 512;
1611         h->drv[drv_index].nr_blocks = 0;
1612         h->drv[drv_index].heads = 0;
1613         h->drv[drv_index].sectors = 0;
1614         h->drv[drv_index].cylinders = 0;
1615         h->drv[drv_index].raid_level = -1;
1616         memset(h->drv[drv_index].serial_no, 0, 16);
1617         disk = h->gendisk[drv_index];
1618         cciss_add_disk(h, disk, drv_index);
1619 }
1620
1621 /* This function will add and remove logical drives from the Logical
1622  * drive array of the controller and maintain persistency of ordering
1623  * so that mount points are preserved until the next reboot.  This allows
1624  * for the removal of logical drives in the middle of the drive array
1625  * without a re-ordering of those drives.
1626  * INPUT
1627  * h            = The controller to perform the operations on
1628  */
1629 static int rebuild_lun_table(ctlr_info_t *h, int first_time)
1630 {
1631         int ctlr = h->ctlr;
1632         int num_luns;
1633         ReportLunData_struct *ld_buff = NULL;
1634         int return_code;
1635         int listlength = 0;
1636         int i;
1637         int drv_found;
1638         int drv_index = 0;
1639         __u32 lunid = 0;
1640         unsigned long flags;
1641
1642         if (!capable(CAP_SYS_RAWIO))
1643                 return -EPERM;
1644
1645         /* Set busy_configuring flag for this operation */
1646         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1647         if (h->busy_configuring) {
1648                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1649                 return -EBUSY;
1650         }
1651         h->busy_configuring = 1;
1652         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1653
1654         ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
1655         if (ld_buff == NULL)
1656                 goto mem_msg;
1657
1658         return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
1659                                       sizeof(ReportLunData_struct), 0,
1660                                       0, 0, TYPE_CMD);
1661
1662         if (return_code == IO_OK)
1663                 listlength = be32_to_cpu(*(__be32 *) ld_buff->LUNListLength);
1664         else {  /* reading number of logical volumes failed */
1665                 printk(KERN_WARNING "cciss: report logical volume"
1666                        " command failed\n");
1667                 listlength = 0;
1668                 goto freeret;
1669         }
1670
1671         num_luns = listlength / 8;      /* 8 bytes per entry */
1672         if (num_luns > CISS_MAX_LUN) {
1673                 num_luns = CISS_MAX_LUN;
1674                 printk(KERN_WARNING "cciss: more luns configured"
1675                        " on controller than can be handled by"
1676                        " this driver.\n");
1677         }
1678
1679         if (num_luns == 0)
1680                 cciss_add_controller_node(h);
1681
1682         /* Compare controller drive array to driver's drive array
1683          * to see if any drives are missing on the controller due
1684          * to action of Array Config Utility (user deletes drive)
1685          * and deregister logical drives which have disappeared.
1686          */
1687         for (i = 0; i <= h->highest_lun; i++) {
1688                 int j;
1689                 drv_found = 0;
1690                 for (j = 0; j < num_luns; j++) {
1691                         memcpy(&lunid, &ld_buff->LUN[j][0], 4);
1692                         lunid = le32_to_cpu(lunid);
1693                         if (h->drv[i].LunID == lunid) {
1694                                 drv_found = 1;
1695                                 break;
1696                         }
1697                 }
1698                 if (!drv_found) {
1699                         /* Deregister it from the OS, it's gone. */
1700                         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1701                         h->drv[i].busy_configuring = 1;
1702                         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1703                         return_code = deregister_disk(h->gendisk[i],
1704                                 &h->drv[i], 1);
1705                         h->drv[i].busy_configuring = 0;
1706                 }
1707         }
1708
1709         /* Compare controller drive array to driver's drive array.
1710          * Check for updates in the drive information and any new drives
1711          * on the controller due to ACU adding logical drives, or changing
1712          * a logical drive's size, etc.  Reregister any new/changed drives
1713          */
1714         for (i = 0; i < num_luns; i++) {
1715                 int j;
1716
1717                 drv_found = 0;
1718
1719                 memcpy(&lunid, &ld_buff->LUN[i][0], 4);
1720                 lunid = le32_to_cpu(lunid);
1721
1722                 /* Find if the LUN is already in the drive array
1723                  * of the driver.  If so then update its info
1724                  * if not in use.  If it does not exist then find
1725                  * the first free index and add it.
1726                  */
1727                 for (j = 0; j <= h->highest_lun; j++) {
1728                         if (h->drv[j].raid_level != -1 &&
1729                                 h->drv[j].LunID == lunid) {
1730                                 drv_index = j;
1731                                 drv_found = 1;
1732                                 break;
1733                         }
1734                 }
1735
1736                 /* check if the drive was found already in the array */
1737                 if (!drv_found) {
1738                         drv_index = cciss_add_gendisk(h, lunid, 0);
1739                         if (drv_index == -1)
1740                                 goto freeret;
1741                 }
1742                 cciss_update_drive_info(ctlr, drv_index, first_time);
1743         }               /* end for */
1744
1745 freeret:
1746         kfree(ld_buff);
1747         h->busy_configuring = 0;
1748         /* We return -1 here to tell the ACU that we have registered/updated
1749          * all of the drives that we can and to keep it from calling us
1750          * additional times.
1751          */
1752         return -1;
1753 mem_msg:
1754         printk(KERN_ERR "cciss: out of memory\n");
1755         h->busy_configuring = 0;
1756         goto freeret;
1757 }
1758
1759 /* This function will deregister the disk and it's queue from the
1760  * kernel.  It must be called with the controller lock held and the
1761  * drv structures busy_configuring flag set.  It's parameters are:
1762  *
1763  * disk = This is the disk to be deregistered
1764  * drv  = This is the drive_info_struct associated with the disk to be
1765  *        deregistered.  It contains information about the disk used
1766  *        by the driver.
1767  * clear_all = This flag determines whether or not the disk information
1768  *             is going to be completely cleared out and the highest_lun
1769  *             reset.  Sometimes we want to clear out information about
1770  *             the disk in preparation for re-adding it.  In this case
1771  *             the highest_lun should be left unchanged and the LunID
1772  *             should not be cleared.
1773 */
1774 static int deregister_disk(struct gendisk *disk, drive_info_struct *drv,
1775                            int clear_all)
1776 {
1777         int i;
1778         ctlr_info_t *h = get_host(disk);
1779
1780         if (!capable(CAP_SYS_RAWIO))
1781                 return -EPERM;
1782
1783         /* make sure logical volume is NOT is use */
1784         if (clear_all || (h->gendisk[0] == disk)) {
1785                 if (drv->usage_count > 1)
1786                         return -EBUSY;
1787         } else if (drv->usage_count > 0)
1788                 return -EBUSY;
1789
1790         /* invalidate the devices and deregister the disk.  If it is disk
1791          * zero do not deregister it but just zero out it's values.  This
1792          * allows us to delete disk zero but keep the controller registered.
1793          */
1794         if (h->gendisk[0] != disk) {
1795                 struct request_queue *q = disk->queue;
1796                 if (disk->flags & GENHD_FL_UP)
1797                         del_gendisk(disk);
1798                 if (q) {
1799                         blk_cleanup_queue(q);
1800                         /* Set drv->queue to NULL so that we do not try
1801                          * to call blk_start_queue on this queue in the
1802                          * interrupt handler
1803                          */
1804                         drv->queue = NULL;
1805                 }
1806                 /* If clear_all is set then we are deleting the logical
1807                  * drive, not just refreshing its info.  For drives
1808                  * other than disk 0 we will call put_disk.  We do not
1809                  * do this for disk 0 as we need it to be able to
1810                  * configure the controller.
1811                  */
1812                 if (clear_all){
1813                         /* This isn't pretty, but we need to find the
1814                          * disk in our array and NULL our the pointer.
1815                          * This is so that we will call alloc_disk if
1816                          * this index is used again later.
1817                          */
1818                         for (i=0; i < CISS_MAX_LUN; i++){
1819                                 if (h->gendisk[i] == disk) {
1820                                         h->gendisk[i] = NULL;
1821                                         break;
1822                                 }
1823                         }
1824                         put_disk(disk);
1825                 }
1826         } else {
1827                 set_capacity(disk, 0);
1828         }
1829
1830         --h->num_luns;
1831         /* zero out the disk size info */
1832         drv->nr_blocks = 0;
1833         drv->block_size = 0;
1834         drv->heads = 0;
1835         drv->sectors = 0;
1836         drv->cylinders = 0;
1837         drv->raid_level = -1;   /* This can be used as a flag variable to
1838                                  * indicate that this element of the drive
1839                                  * array is free.
1840                                  */
1841
1842         if (clear_all) {
1843                 /* check to see if it was the last disk */
1844                 if (drv == h->drv + h->highest_lun) {
1845                         /* if so, find the new hightest lun */
1846                         int i, newhighest = -1;
1847                         for (i = 0; i <= h->highest_lun; i++) {
1848                                 /* if the disk has size > 0, it is available */
1849                                 if (h->drv[i].heads)
1850                                         newhighest = i;
1851                         }
1852                         h->highest_lun = newhighest;
1853                 }
1854
1855                 drv->LunID = 0;
1856         }
1857         return 0;
1858 }
1859
1860 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
1861                                                                                                                            1: address logical volume log_unit,
1862                                                                                                                            2: periph device address is scsi3addr */
1863                     unsigned int log_unit, __u8 page_code,
1864                     unsigned char *scsi3addr, int cmd_type)
1865 {
1866         ctlr_info_t *h = hba[ctlr];
1867         u64bit buff_dma_handle;
1868         int status = IO_OK;
1869
1870         c->cmd_type = CMD_IOCTL_PEND;
1871         c->Header.ReplyQueue = 0;
1872         if (buff != NULL) {
1873                 c->Header.SGList = 1;
1874                 c->Header.SGTotal = 1;
1875         } else {
1876                 c->Header.SGList = 0;
1877                 c->Header.SGTotal = 0;
1878         }
1879         c->Header.Tag.lower = c->busaddr;
1880
1881         c->Request.Type.Type = cmd_type;
1882         if (cmd_type == TYPE_CMD) {
1883                 switch (cmd) {
1884                 case CISS_INQUIRY:
1885                         /* If the logical unit number is 0 then, this is going
1886                            to controller so It's a physical command
1887                            mode = 0 target = 0.  So we have nothing to write.
1888                            otherwise, if use_unit_num == 1,
1889                            mode = 1(volume set addressing) target = LUNID
1890                            otherwise, if use_unit_num == 2,
1891                            mode = 0(periph dev addr) target = scsi3addr */
1892                         if (use_unit_num == 1) {
1893                                 c->Header.LUN.LogDev.VolId =
1894                                     h->drv[log_unit].LunID;
1895                                 c->Header.LUN.LogDev.Mode = 1;
1896                         } else if (use_unit_num == 2) {
1897                                 memcpy(c->Header.LUN.LunAddrBytes, scsi3addr,
1898                                        8);
1899                                 c->Header.LUN.LogDev.Mode = 0;
1900                         }
1901                         /* are we trying to read a vital product page */
1902                         if (page_code != 0) {
1903                                 c->Request.CDB[1] = 0x01;
1904                                 c->Request.CDB[2] = page_code;
1905                         }
1906                         c->Request.CDBLen = 6;
1907                         c->Request.Type.Attribute = ATTR_SIMPLE;
1908                         c->Request.Type.Direction = XFER_READ;
1909                         c->Request.Timeout = 0;
1910                         c->Request.CDB[0] = CISS_INQUIRY;
1911                         c->Request.CDB[4] = size & 0xFF;
1912                         break;
1913                 case CISS_REPORT_LOG:
1914                 case CISS_REPORT_PHYS:
1915                         /* Talking to controller so It's a physical command
1916                            mode = 00 target = 0.  Nothing to write.
1917                          */
1918                         c->Request.CDBLen = 12;
1919                         c->Request.Type.Attribute = ATTR_SIMPLE;
1920                         c->Request.Type.Direction = XFER_READ;
1921                         c->Request.Timeout = 0;
1922                         c->Request.CDB[0] = cmd;
1923                         c->Request.CDB[6] = (size >> 24) & 0xFF;        //MSB
1924                         c->Request.CDB[7] = (size >> 16) & 0xFF;
1925                         c->Request.CDB[8] = (size >> 8) & 0xFF;
1926                         c->Request.CDB[9] = size & 0xFF;
1927                         break;
1928
1929                 case CCISS_READ_CAPACITY:
1930                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1931                         c->Header.LUN.LogDev.Mode = 1;
1932                         c->Request.CDBLen = 10;
1933                         c->Request.Type.Attribute = ATTR_SIMPLE;
1934                         c->Request.Type.Direction = XFER_READ;
1935                         c->Request.Timeout = 0;
1936                         c->Request.CDB[0] = cmd;
1937                         break;
1938                 case CCISS_READ_CAPACITY_16:
1939                         c->Header.LUN.LogDev.VolId = h->drv[log_unit].LunID;
1940                         c->Header.LUN.LogDev.Mode = 1;
1941                         c->Request.CDBLen = 16;
1942                         c->Request.Type.Attribute = ATTR_SIMPLE;
1943                         c->Request.Type.Direction = XFER_READ;
1944                         c->Request.Timeout = 0;
1945                         c->Request.CDB[0] = cmd;
1946                         c->Request.CDB[1] = 0x10;
1947                         c->Request.CDB[10] = (size >> 24) & 0xFF;
1948                         c->Request.CDB[11] = (size >> 16) & 0xFF;
1949                         c->Request.CDB[12] = (size >> 8) & 0xFF;
1950                         c->Request.CDB[13] = size & 0xFF;
1951                         c->Request.Timeout = 0;
1952                         c->Request.CDB[0] = cmd;
1953                         break;
1954                 case CCISS_CACHE_FLUSH:
1955                         c->Request.CDBLen = 12;
1956                         c->Request.Type.Attribute = ATTR_SIMPLE;
1957                         c->Request.Type.Direction = XFER_WRITE;
1958                         c->Request.Timeout = 0;
1959                         c->Request.CDB[0] = BMIC_WRITE;
1960                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
1961                         break;
1962                 default:
1963                         printk(KERN_WARNING
1964                                "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
1965                         return IO_ERROR;
1966                 }
1967         } else if (cmd_type == TYPE_MSG) {
1968                 switch (cmd) {
1969                 case 0: /* ABORT message */
1970                         c->Request.CDBLen = 12;
1971                         c->Request.Type.Attribute = ATTR_SIMPLE;
1972                         c->Request.Type.Direction = XFER_WRITE;
1973                         c->Request.Timeout = 0;
1974                         c->Request.CDB[0] = cmd;        /* abort */
1975                         c->Request.CDB[1] = 0;  /* abort a command */
1976                         /* buff contains the tag of the command to abort */
1977                         memcpy(&c->Request.CDB[4], buff, 8);
1978                         break;
1979                 case 1: /* RESET message */
1980                         c->Request.CDBLen = 12;
1981                         c->Request.Type.Attribute = ATTR_SIMPLE;
1982                         c->Request.Type.Direction = XFER_WRITE;
1983                         c->Request.Timeout = 0;
1984                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
1985                         c->Request.CDB[0] = cmd;        /* reset */
1986                         c->Request.CDB[1] = 0x04;       /* reset a LUN */
1987                         break;
1988                 case 3: /* No-Op message */
1989                         c->Request.CDBLen = 1;
1990                         c->Request.Type.Attribute = ATTR_SIMPLE;
1991                         c->Request.Type.Direction = XFER_WRITE;
1992                         c->Request.Timeout = 0;
1993                         c->Request.CDB[0] = cmd;
1994                         break;
1995                 default:
1996                         printk(KERN_WARNING
1997                                "cciss%d: unknown message type %d\n", ctlr, cmd);
1998                         return IO_ERROR;
1999                 }
2000         } else {
2001                 printk(KERN_WARNING
2002                        "cciss%d: unknown command type %d\n", ctlr, cmd_type);
2003                 return IO_ERROR;
2004         }
2005         /* Fill in the scatter gather information */
2006         if (size > 0) {
2007                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
2008                                                              buff, size,
2009                                                              PCI_DMA_BIDIRECTIONAL);
2010                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
2011                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
2012                 c->SG[0].Len = size;
2013                 c->SG[0].Ext = 0;       /* we are not chaining */
2014         }
2015         return status;
2016 }
2017
2018 static int sendcmd_withirq(__u8 cmd,
2019                            int ctlr,
2020                            void *buff,
2021                            size_t size,
2022                            unsigned int use_unit_num,
2023                            unsigned int log_unit, __u8 page_code, int cmd_type)
2024 {
2025         ctlr_info_t *h = hba[ctlr];
2026         CommandList_struct *c;
2027         u64bit buff_dma_handle;
2028         unsigned long flags;
2029         int return_status;
2030         DECLARE_COMPLETION_ONSTACK(wait);
2031
2032         if ((c = cmd_alloc(h, 0)) == NULL)
2033                 return -ENOMEM;
2034         return_status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2035                                  log_unit, page_code, NULL, cmd_type);
2036         if (return_status != IO_OK) {
2037                 cmd_free(h, c, 0);
2038                 return return_status;
2039         }
2040       resend_cmd2:
2041         c->waiting = &wait;
2042
2043         /* Put the request on the tail of the queue and send it */
2044         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
2045         addQ(&h->reqQ, c);
2046         h->Qdepth++;
2047         start_io(h);
2048         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
2049
2050         wait_for_completion(&wait);
2051
2052         if (c->err_info->CommandStatus != 0) {  /* an error has occurred */
2053                 switch (c->err_info->CommandStatus) {
2054                 case CMD_TARGET_STATUS:
2055                         printk(KERN_WARNING "cciss: cmd %p has "
2056                                " completed with errors\n", c);
2057                         if (c->err_info->ScsiStatus) {
2058                                 printk(KERN_WARNING "cciss: cmd %p "
2059                                        "has SCSI Status = %x\n",
2060                                        c, c->err_info->ScsiStatus);
2061                         }
2062
2063                         break;
2064                 case CMD_DATA_UNDERRUN:
2065                 case CMD_DATA_OVERRUN:
2066                         /* expected for inquire and report lun commands */
2067                         break;
2068                 case CMD_INVALID:
2069                         printk(KERN_WARNING "cciss: Cmd %p is "
2070                                "reported invalid\n", c);
2071                         return_status = IO_ERROR;
2072                         break;
2073                 case CMD_PROTOCOL_ERR:
2074                         printk(KERN_WARNING "cciss: cmd %p has "
2075                                "protocol error \n", c);
2076                         return_status = IO_ERROR;
2077                         break;
2078                 case CMD_HARDWARE_ERR:
2079                         printk(KERN_WARNING "cciss: cmd %p had "
2080                                " hardware error\n", c);
2081                         return_status = IO_ERROR;
2082                         break;
2083                 case CMD_CONNECTION_LOST:
2084                         printk(KERN_WARNING "cciss: cmd %p had "
2085                                "connection lost\n", c);
2086                         return_status = IO_ERROR;
2087                         break;
2088                 case CMD_ABORTED:
2089                         printk(KERN_WARNING "cciss: cmd %p was "
2090                                "aborted\n", c);
2091                         return_status = IO_ERROR;
2092                         break;
2093                 case CMD_ABORT_FAILED:
2094                         printk(KERN_WARNING "cciss: cmd %p reports "
2095                                "abort failed\n", c);
2096                         return_status = IO_ERROR;
2097                         break;
2098                 case CMD_UNSOLICITED_ABORT:
2099                         printk(KERN_WARNING
2100                                "cciss%d: unsolicited abort %p\n", ctlr, c);
2101                         if (c->retry_count < MAX_CMD_RETRIES) {
2102                                 printk(KERN_WARNING
2103                                        "cciss%d: retrying %p\n", ctlr, c);
2104                                 c->retry_count++;
2105                                 /* erase the old error information */
2106                                 memset(c->err_info, 0,
2107                                        sizeof(ErrorInfo_struct));
2108                                 return_status = IO_OK;
2109                                 INIT_COMPLETION(wait);
2110                                 goto resend_cmd2;
2111                         }
2112                         return_status = IO_ERROR;
2113                         break;
2114                 default:
2115                         printk(KERN_WARNING "cciss: cmd %p returned "
2116                                "unknown status %x\n", c,
2117                                c->err_info->CommandStatus);
2118                         return_status = IO_ERROR;
2119                 }
2120         }
2121         /* unlock the buffers from DMA */
2122         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2123         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2124         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2125                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2126         cmd_free(h, c, 0);
2127         return return_status;
2128 }
2129
2130 static void cciss_geometry_inquiry(int ctlr, int logvol,
2131                                    int withirq, sector_t total_size,
2132                                    unsigned int block_size,
2133                                    InquiryData_struct *inq_buff,
2134                                    drive_info_struct *drv)
2135 {
2136         int return_code;
2137         unsigned long t;
2138
2139         memset(inq_buff, 0, sizeof(InquiryData_struct));
2140         if (withirq)
2141                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
2142                                               inq_buff, sizeof(*inq_buff), 1,
2143                                               logvol, 0xC1, TYPE_CMD);
2144         else
2145                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
2146                                       sizeof(*inq_buff), 1, logvol, 0xC1, NULL,
2147                                       TYPE_CMD);
2148         if (return_code == IO_OK) {
2149                 if (inq_buff->data_byte[8] == 0xFF) {
2150                         printk(KERN_WARNING
2151                                "cciss: reading geometry failed, volume "
2152                                "does not support reading geometry\n");
2153                         drv->heads = 255;
2154                         drv->sectors = 32;      // Sectors per track
2155                         drv->cylinders = total_size + 1;
2156                         drv->raid_level = RAID_UNKNOWN;
2157                 } else {
2158                         drv->heads = inq_buff->data_byte[6];
2159                         drv->sectors = inq_buff->data_byte[7];
2160                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
2161                         drv->cylinders += inq_buff->data_byte[5];
2162                         drv->raid_level = inq_buff->data_byte[8];
2163                 }
2164                 drv->block_size = block_size;
2165                 drv->nr_blocks = total_size + 1;
2166                 t = drv->heads * drv->sectors;
2167                 if (t > 1) {
2168                         sector_t real_size = total_size + 1;
2169                         unsigned long rem = sector_div(real_size, t);
2170                         if (rem)
2171                                 real_size++;
2172                         drv->cylinders = real_size;
2173                 }
2174         } else {                /* Get geometry failed */
2175                 printk(KERN_WARNING "cciss: reading geometry failed\n");
2176         }
2177         printk(KERN_INFO "      heads=%d, sectors=%d, cylinders=%d\n\n",
2178                drv->heads, drv->sectors, drv->cylinders);
2179 }
2180
2181 static void
2182 cciss_read_capacity(int ctlr, int logvol, int withirq, sector_t *total_size,
2183                     unsigned int *block_size)
2184 {
2185         ReadCapdata_struct *buf;
2186         int return_code;
2187
2188         buf = kzalloc(sizeof(ReadCapdata_struct), GFP_KERNEL);
2189         if (!buf) {
2190                 printk(KERN_WARNING "cciss: out of memory\n");
2191                 return;
2192         }
2193
2194         if (withirq)
2195                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
2196                                 ctlr, buf, sizeof(ReadCapdata_struct),
2197                                         1, logvol, 0, TYPE_CMD);
2198         else
2199                 return_code = sendcmd(CCISS_READ_CAPACITY,
2200                                 ctlr, buf, sizeof(ReadCapdata_struct),
2201                                         1, logvol, 0, NULL, TYPE_CMD);
2202         if (return_code == IO_OK) {
2203                 *total_size = be32_to_cpu(*(__be32 *) buf->total_size);
2204                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2205         } else {                /* read capacity command failed */
2206                 printk(KERN_WARNING "cciss: read capacity failed\n");
2207                 *total_size = 0;
2208                 *block_size = BLOCK_SIZE;
2209         }
2210         if (*total_size != 0)
2211                 printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2212                 (unsigned long long)*total_size+1, *block_size);
2213         kfree(buf);
2214 }
2215
2216 static void
2217 cciss_read_capacity_16(int ctlr, int logvol, int withirq, sector_t *total_size,                                 unsigned int *block_size)
2218 {
2219         ReadCapdata_struct_16 *buf;
2220         int return_code;
2221
2222         buf = kzalloc(sizeof(ReadCapdata_struct_16), GFP_KERNEL);
2223         if (!buf) {
2224                 printk(KERN_WARNING "cciss: out of memory\n");
2225                 return;
2226         }
2227
2228         if (withirq) {
2229                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY_16,
2230                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2231                                 1, logvol, 0, TYPE_CMD);
2232         }
2233         else {
2234                 return_code = sendcmd(CCISS_READ_CAPACITY_16,
2235                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2236                                 1, logvol, 0, NULL, TYPE_CMD);
2237         }
2238         if (return_code == IO_OK) {
2239                 *total_size = be64_to_cpu(*(__be64 *) buf->total_size);
2240                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2241         } else {                /* read capacity command failed */
2242                 printk(KERN_WARNING "cciss: read capacity failed\n");
2243                 *total_size = 0;
2244                 *block_size = BLOCK_SIZE;
2245         }
2246         printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2247                (unsigned long long)*total_size+1, *block_size);
2248         kfree(buf);
2249 }
2250
2251 static int cciss_revalidate(struct gendisk *disk)
2252 {
2253         ctlr_info_t *h = get_host(disk);
2254         drive_info_struct *drv = get_drv(disk);
2255         int logvol;
2256         int FOUND = 0;
2257         unsigned int block_size;
2258         sector_t total_size;
2259         InquiryData_struct *inq_buff = NULL;
2260
2261         for (logvol = 0; logvol < CISS_MAX_LUN; logvol++) {
2262                 if (h->drv[logvol].LunID == drv->LunID) {
2263                         FOUND = 1;
2264                         break;
2265                 }
2266         }
2267
2268         if (!FOUND)
2269                 return 1;
2270
2271         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
2272         if (inq_buff == NULL) {
2273                 printk(KERN_WARNING "cciss: out of memory\n");
2274                 return 1;
2275         }
2276         if (h->cciss_read == CCISS_READ_10) {
2277                 cciss_read_capacity(h->ctlr, logvol, 1,
2278                                         &total_size, &block_size);
2279         } else {
2280                 cciss_read_capacity_16(h->ctlr, logvol, 1,
2281                                         &total_size, &block_size);
2282         }
2283         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size,
2284                                inq_buff, drv);
2285
2286         blk_queue_hardsect_size(drv->queue, drv->block_size);
2287         set_capacity(disk, drv->nr_blocks);
2288
2289         kfree(inq_buff);
2290         return 0;
2291 }
2292
2293 /*
2294  *   Wait polling for a command to complete.
2295  *   The memory mapped FIFO is polled for the completion.
2296  *   Used only at init time, interrupts from the HBA are disabled.
2297  */
2298 static unsigned long pollcomplete(int ctlr)
2299 {
2300         unsigned long done;
2301         int i;
2302
2303         /* Wait (up to 20 seconds) for a command to complete */
2304
2305         for (i = 20 * HZ; i > 0; i--) {
2306                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
2307                 if (done == FIFO_EMPTY)
2308                         schedule_timeout_uninterruptible(1);
2309                 else
2310                         return done;
2311         }
2312         /* Invalid address to tell caller we ran out of time */
2313         return 1;
2314 }
2315
2316 static int add_sendcmd_reject(__u8 cmd, int ctlr, unsigned long complete)
2317 {
2318         /* We get in here if sendcmd() is polling for completions
2319            and gets some command back that it wasn't expecting --
2320            something other than that which it just sent down.
2321            Ordinarily, that shouldn't happen, but it can happen when
2322            the scsi tape stuff gets into error handling mode, and
2323            starts using sendcmd() to try to abort commands and
2324            reset tape drives.  In that case, sendcmd may pick up
2325            completions of commands that were sent to logical drives
2326            through the block i/o system, or cciss ioctls completing, etc.
2327            In that case, we need to save those completions for later
2328            processing by the interrupt handler.
2329          */
2330
2331 #ifdef CONFIG_CISS_SCSI_TAPE
2332         struct sendcmd_reject_list *srl = &hba[ctlr]->scsi_rejects;
2333
2334         /* If it's not the scsi tape stuff doing error handling, (abort */
2335         /* or reset) then we don't expect anything weird. */
2336         if (cmd != CCISS_RESET_MSG && cmd != CCISS_ABORT_MSG) {
2337 #endif
2338                 printk(KERN_WARNING "cciss cciss%d: SendCmd "
2339                        "Invalid command list address returned! (%lx)\n",
2340                        ctlr, complete);
2341                 /* not much we can do. */
2342 #ifdef CONFIG_CISS_SCSI_TAPE
2343                 return 1;
2344         }
2345
2346         /* We've sent down an abort or reset, but something else
2347            has completed */
2348         if (srl->ncompletions >= (hba[ctlr]->nr_cmds + 2)) {
2349                 /* Uh oh.  No room to save it for later... */
2350                 printk(KERN_WARNING "cciss%d: Sendcmd: Invalid command addr, "
2351                        "reject list overflow, command lost!\n", ctlr);
2352                 return 1;
2353         }
2354         /* Save it for later */
2355         srl->complete[srl->ncompletions] = complete;
2356         srl->ncompletions++;
2357 #endif
2358         return 0;
2359 }
2360
2361 /*
2362  * Send a command to the controller, and wait for it to complete.
2363  * Only used at init time.
2364  */
2365 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size, unsigned int use_unit_num,      /* 0: address the controller,
2366                                                                                                    1: address logical volume log_unit,
2367                                                                                                    2: periph device address is scsi3addr */
2368                    unsigned int log_unit,
2369                    __u8 page_code, unsigned char *scsi3addr, int cmd_type)
2370 {
2371         CommandList_struct *c;
2372         int i;
2373         unsigned long complete;
2374         ctlr_info_t *info_p = hba[ctlr];
2375         u64bit buff_dma_handle;
2376         int status, done = 0;
2377
2378         if ((c = cmd_alloc(info_p, 1)) == NULL) {
2379                 printk(KERN_WARNING "cciss: unable to get memory");
2380                 return IO_ERROR;
2381         }
2382         status = fill_cmd(c, cmd, ctlr, buff, size, use_unit_num,
2383                           log_unit, page_code, scsi3addr, cmd_type);
2384         if (status != IO_OK) {
2385                 cmd_free(info_p, c, 1);
2386                 return status;
2387         }
2388       resend_cmd1:
2389         /*
2390          * Disable interrupt
2391          */
2392 #ifdef CCISS_DEBUG
2393         printk(KERN_DEBUG "cciss: turning intr off\n");
2394 #endif                          /* CCISS_DEBUG */
2395         info_p->access.set_intr_mask(info_p, CCISS_INTR_OFF);
2396
2397         /* Make sure there is room in the command FIFO */
2398         /* Actually it should be completely empty at this time */
2399         /* unless we are in here doing error handling for the scsi */
2400         /* tape side of the driver. */
2401         for (i = 200000; i > 0; i--) {
2402                 /* if fifo isn't full go */
2403                 if (!(info_p->access.fifo_full(info_p))) {
2404
2405                         break;
2406                 }
2407                 udelay(10);
2408                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2409                        " waiting!\n", ctlr);
2410         }
2411         /*
2412          * Send the cmd
2413          */
2414         info_p->access.submit_command(info_p, c);
2415         done = 0;
2416         do {
2417                 complete = pollcomplete(ctlr);
2418
2419 #ifdef CCISS_DEBUG
2420                 printk(KERN_DEBUG "cciss: command completed\n");
2421 #endif                          /* CCISS_DEBUG */
2422
2423                 if (complete == 1) {
2424                         printk(KERN_WARNING
2425                                "cciss cciss%d: SendCmd Timeout out, "
2426                                "No command list address returned!\n", ctlr);
2427                         status = IO_ERROR;
2428                         done = 1;
2429                         break;
2430                 }
2431
2432                 /* This will need to change for direct lookup completions */
2433                 if ((complete & CISS_ERROR_BIT)
2434                     && (complete & ~CISS_ERROR_BIT) == c->busaddr) {
2435                         /* if data overrun or underun on Report command
2436                            ignore it
2437                          */
2438                         if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2439                              (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2440                              (c->Request.CDB[0] == CISS_INQUIRY)) &&
2441                             ((c->err_info->CommandStatus ==
2442                               CMD_DATA_OVERRUN) ||
2443                              (c->err_info->CommandStatus == CMD_DATA_UNDERRUN)
2444                             )) {
2445                                 complete = c->busaddr;
2446                         } else {
2447                                 if (c->err_info->CommandStatus ==
2448                                     CMD_UNSOLICITED_ABORT) {
2449                                         printk(KERN_WARNING "cciss%d: "
2450                                                "unsolicited abort %p\n",
2451                                                ctlr, c);
2452                                         if (c->retry_count < MAX_CMD_RETRIES) {
2453                                                 printk(KERN_WARNING
2454                                                        "cciss%d: retrying %p\n",
2455                                                        ctlr, c);
2456                                                 c->retry_count++;
2457                                                 /* erase the old error */
2458                                                 /* information */
2459                                                 memset(c->err_info, 0,
2460                                                        sizeof
2461                                                        (ErrorInfo_struct));
2462                                                 goto resend_cmd1;
2463                                         } else {
2464                                                 printk(KERN_WARNING
2465                                                        "cciss%d: retried %p too "
2466                                                        "many times\n", ctlr, c);
2467                                                 status = IO_ERROR;
2468                                                 goto cleanup1;
2469                                         }
2470                                 } else if (c->err_info->CommandStatus ==
2471                                            CMD_UNABORTABLE) {
2472                                         printk(KERN_WARNING
2473                                                "cciss%d: command could not be aborted.\n",
2474                                                ctlr);
2475                                         status = IO_ERROR;
2476                                         goto cleanup1;
2477                                 }
2478                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2479                                        " Error %x \n", ctlr,
2480                                        c->err_info->CommandStatus);
2481                                 printk(KERN_WARNING "ciss ciss%d: sendcmd"
2482                                        " offensive info\n"
2483                                        "  size %x\n   num %x   value %x\n",
2484                                        ctlr,
2485                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2486                                        offense_size,
2487                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2488                                        offense_num,
2489                                        c->err_info->MoreErrInfo.Invalid_Cmd.
2490                                        offense_value);
2491                                 status = IO_ERROR;
2492                                 goto cleanup1;
2493                         }
2494                 }
2495                 /* This will need changing for direct lookup completions */
2496                 if (complete != c->busaddr) {
2497                         if (add_sendcmd_reject(cmd, ctlr, complete) != 0) {
2498                                 BUG();  /* we are pretty much hosed if we get here. */
2499                         }
2500                         continue;
2501                 } else
2502                         done = 1;
2503         } while (!done);
2504
2505       cleanup1:
2506         /* unlock the data buffer from DMA */
2507         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2508         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2509         pci_unmap_single(info_p->pdev, (dma_addr_t) buff_dma_handle.val,
2510                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2511 #ifdef CONFIG_CISS_SCSI_TAPE
2512         /* if we saved some commands for later, process them now. */
2513         if (info_p->scsi_rejects.ncompletions > 0)
2514                 do_cciss_intr(0, info_p);
2515 #endif
2516         cmd_free(info_p, c, 1);
2517         return status;
2518 }
2519
2520 /*
2521  * Map (physical) PCI mem into (virtual) kernel space
2522  */
2523 static void __iomem *remap_pci_mem(ulong base, ulong size)
2524 {
2525         ulong page_base = ((ulong) base) & PAGE_MASK;
2526         ulong page_offs = ((ulong) base) - page_base;
2527         void __iomem *page_remapped = ioremap(page_base, page_offs + size);
2528
2529         return page_remapped ? (page_remapped + page_offs) : NULL;
2530 }
2531
2532 /*
2533  * Takes jobs of the Q and sends them to the hardware, then puts it on
2534  * the Q to wait for completion.
2535  */
2536 static void start_io(ctlr_info_t *h)
2537 {
2538         CommandList_struct *c;
2539
2540         while ((c = h->reqQ) != NULL) {
2541                 /* can't do anything if fifo is full */
2542                 if ((h->access.fifo_full(h))) {
2543                         printk(KERN_WARNING "cciss: fifo full\n");
2544                         break;
2545                 }
2546
2547                 /* Get the first entry from the Request Q */
2548                 removeQ(&(h->reqQ), c);
2549                 h->Qdepth--;
2550
2551                 /* Tell the controller execute command */
2552                 h->access.submit_command(h, c);
2553
2554                 /* Put job onto the completed Q */
2555                 addQ(&(h->cmpQ), c);
2556         }
2557 }
2558
2559 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2560 /* Zeros out the error record and then resends the command back */
2561 /* to the controller */
2562 static inline void resend_cciss_cmd(ctlr_info_t *h, CommandList_struct *c)
2563 {
2564         /* erase the old error information */
2565         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2566
2567         /* add it to software queue and then send it to the controller */
2568         addQ(&(h->reqQ), c);
2569         h->Qdepth++;
2570         if (h->Qdepth > h->maxQsinceinit)
2571                 h->maxQsinceinit = h->Qdepth;
2572
2573         start_io(h);
2574 }
2575
2576 static inline unsigned int make_status_bytes(unsigned int scsi_status_byte,
2577         unsigned int msg_byte, unsigned int host_byte,
2578         unsigned int driver_byte)
2579 {
2580         /* inverse of macros in scsi.h */
2581         return (scsi_status_byte & 0xff) |
2582                 ((msg_byte & 0xff) << 8) |
2583                 ((host_byte & 0xff) << 16) |
2584                 ((driver_byte & 0xff) << 24);
2585 }
2586
2587 static inline int evaluate_target_status(CommandList_struct *cmd)
2588 {
2589         unsigned char sense_key;
2590         unsigned char status_byte, msg_byte, host_byte, driver_byte;
2591         int error_value;
2592
2593         /* If we get in here, it means we got "target status", that is, scsi status */
2594         status_byte = cmd->err_info->ScsiStatus;
2595         driver_byte = DRIVER_OK;
2596         msg_byte = cmd->err_info->CommandStatus; /* correct?  seems too device specific */
2597
2598         if (blk_pc_request(cmd->rq))
2599                 host_byte = DID_PASSTHROUGH;
2600         else
2601                 host_byte = DID_OK;
2602
2603         error_value = make_status_bytes(status_byte, msg_byte,
2604                 host_byte, driver_byte);
2605
2606         if (cmd->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION) {
2607                 if (!blk_pc_request(cmd->rq))
2608                         printk(KERN_WARNING "cciss: cmd %p "
2609                                "has SCSI Status 0x%x\n",
2610                                cmd, cmd->err_info->ScsiStatus);
2611                 return error_value;
2612         }
2613
2614         /* check the sense key */
2615         sense_key = 0xf & cmd->err_info->SenseInfo[2];
2616         /* no status or recovered error */
2617         if (((sense_key == 0x0) || (sense_key == 0x1)) && !blk_pc_request(cmd->rq))
2618                 error_value = 0;
2619
2620         if (!blk_pc_request(cmd->rq)) { /* Not SG_IO or similar? */
2621                 if (error_value != 0)
2622                         printk(KERN_WARNING "cciss: cmd %p has CHECK CONDITION"
2623                                " sense key = 0x%x\n", cmd, sense_key);
2624                 return error_value;
2625         }
2626
2627         /* SG_IO or similar, copy sense data back */
2628         if (cmd->rq->sense) {
2629                 if (cmd->rq->sense_len > cmd->err_info->SenseLen)
2630                         cmd->rq->sense_len = cmd->err_info->SenseLen;
2631                 memcpy(cmd->rq->sense, cmd->err_info->SenseInfo,
2632                         cmd->rq->sense_len);
2633         } else
2634                 cmd->rq->sense_len = 0;
2635
2636         return error_value;
2637 }
2638
2639 /* checks the status of the job and calls complete buffers to mark all
2640  * buffers for the completed job. Note that this function does not need
2641  * to hold the hba/queue lock.
2642  */
2643 static inline void complete_command(ctlr_info_t *h, CommandList_struct *cmd,
2644                                     int timeout)
2645 {
2646         int retry_cmd = 0;
2647         struct request *rq = cmd->rq;
2648
2649         rq->errors = 0;
2650
2651         if (timeout)
2652                 rq->errors = make_status_bytes(0, 0, 0, DRIVER_TIMEOUT);
2653
2654         if (cmd->err_info->CommandStatus == 0)  /* no error has occurred */
2655                 goto after_error_processing;
2656
2657         switch (cmd->err_info->CommandStatus) {
2658         case CMD_TARGET_STATUS:
2659                 rq->errors = evaluate_target_status(cmd);
2660                 break;
2661         case CMD_DATA_UNDERRUN:
2662                 if (blk_fs_request(cmd->rq)) {
2663                         printk(KERN_WARNING "cciss: cmd %p has"
2664                                " completed with data underrun "
2665                                "reported\n", cmd);
2666                         cmd->rq->data_len = cmd->err_info->ResidualCnt;
2667                 }
2668                 break;
2669         case CMD_DATA_OVERRUN:
2670                 if (blk_fs_request(cmd->rq))
2671                         printk(KERN_WARNING "cciss: cmd %p has"
2672                                " completed with data overrun "
2673                                "reported\n", cmd);
2674                 break;
2675         case CMD_INVALID:
2676                 printk(KERN_WARNING "cciss: cmd %p is "
2677                        "reported invalid\n", cmd);
2678                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2679                         cmd->err_info->CommandStatus, DRIVER_OK,
2680                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2681                 break;
2682         case CMD_PROTOCOL_ERR:
2683                 printk(KERN_WARNING "cciss: cmd %p has "
2684                        "protocol error \n", cmd);
2685                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2686                         cmd->err_info->CommandStatus, DRIVER_OK,
2687                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2688                 break;
2689         case CMD_HARDWARE_ERR:
2690                 printk(KERN_WARNING "cciss: cmd %p had "
2691                        " hardware error\n", cmd);
2692                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2693                         cmd->err_info->CommandStatus, DRIVER_OK,
2694                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2695                 break;
2696         case CMD_CONNECTION_LOST:
2697                 printk(KERN_WARNING "cciss: cmd %p had "
2698                        "connection lost\n", cmd);
2699                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2700                         cmd->err_info->CommandStatus, DRIVER_OK,
2701                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2702                 break;
2703         case CMD_ABORTED:
2704                 printk(KERN_WARNING "cciss: cmd %p was "
2705                        "aborted\n", cmd);
2706                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2707                         cmd->err_info->CommandStatus, DRIVER_OK,
2708                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2709                 break;
2710         case CMD_ABORT_FAILED:
2711                 printk(KERN_WARNING "cciss: cmd %p reports "
2712                        "abort failed\n", cmd);
2713                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2714                         cmd->err_info->CommandStatus, DRIVER_OK,
2715                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2716                 break;
2717         case CMD_UNSOLICITED_ABORT:
2718                 printk(KERN_WARNING "cciss%d: unsolicited "
2719                        "abort %p\n", h->ctlr, cmd);
2720                 if (cmd->retry_count < MAX_CMD_RETRIES) {
2721                         retry_cmd = 1;
2722                         printk(KERN_WARNING
2723                                "cciss%d: retrying %p\n", h->ctlr, cmd);
2724                         cmd->retry_count++;
2725                 } else
2726                         printk(KERN_WARNING
2727                                "cciss%d: %p retried too "
2728                                "many times\n", h->ctlr, cmd);
2729                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2730                         cmd->err_info->CommandStatus, DRIVER_OK,
2731                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
2732                 break;
2733         case CMD_TIMEOUT:
2734                 printk(KERN_WARNING "cciss: cmd %p timedout\n", cmd);
2735                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2736                         cmd->err_info->CommandStatus, DRIVER_OK,
2737                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2738                 break;
2739         default:
2740                 printk(KERN_WARNING "cciss: cmd %p returned "
2741                        "unknown status %x\n", cmd,
2742                        cmd->err_info->CommandStatus);
2743                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
2744                         cmd->err_info->CommandStatus, DRIVER_OK,
2745                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
2746         }
2747
2748 after_error_processing:
2749
2750         /* We need to return this command */
2751         if (retry_cmd) {
2752                 resend_cciss_cmd(h, cmd);
2753                 return;
2754         }
2755         cmd->rq->completion_data = cmd;
2756         blk_complete_request(cmd->rq);
2757 }
2758
2759 /*
2760  * Get a request and submit it to the controller.
2761  */
2762 static void do_cciss_request(struct request_queue *q)
2763 {
2764         ctlr_info_t *h = q->queuedata;
2765         CommandList_struct *c;
2766         sector_t start_blk;
2767         int seg;
2768         struct request *creq;
2769         u64bit temp64;
2770         struct scatterlist tmp_sg[MAXSGENTRIES];
2771         drive_info_struct *drv;
2772         int i, dir;
2773
2774         /* We call start_io here in case there is a command waiting on the
2775          * queue that has not been sent.
2776          */
2777         if (blk_queue_plugged(q))
2778                 goto startio;
2779
2780       queue:
2781         creq = elv_next_request(q);
2782         if (!creq)
2783                 goto startio;
2784
2785         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
2786
2787         if ((c = cmd_alloc(h, 1)) == NULL)
2788                 goto full;
2789
2790         blkdev_dequeue_request(creq);
2791
2792         spin_unlock_irq(q->queue_lock);
2793
2794         c->cmd_type = CMD_RWREQ;
2795         c->rq = creq;
2796
2797         /* fill in the request */
2798         drv = creq->rq_disk->private_data;
2799         c->Header.ReplyQueue = 0;       // unused in simple mode
2800         /* got command from pool, so use the command block index instead */
2801         /* for direct lookups. */
2802         /* The first 2 bits are reserved for controller error reporting. */
2803         c->Header.Tag.lower = (c->cmdindex << 3);
2804         c->Header.Tag.lower |= 0x04;    /* flag for direct lookup. */
2805         c->Header.LUN.LogDev.VolId = drv->LunID;
2806         c->Header.LUN.LogDev.Mode = 1;
2807         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
2808         c->Request.Type.Type = TYPE_CMD;        // It is a command.
2809         c->Request.Type.Attribute = ATTR_SIMPLE;
2810         c->Request.Type.Direction =
2811             (rq_data_dir(creq) == READ) ? XFER_READ : XFER_WRITE;
2812         c->Request.Timeout = 0; // Don't time out
2813         c->Request.CDB[0] =
2814             (rq_data_dir(creq) == READ) ? h->cciss_read : h->cciss_write;
2815         start_blk = creq->sector;
2816 #ifdef CCISS_DEBUG
2817         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n", (int)creq->sector,
2818                (int)creq->nr_sectors);
2819 #endif                          /* CCISS_DEBUG */
2820
2821         sg_init_table(tmp_sg, MAXSGENTRIES);
2822         seg = blk_rq_map_sg(q, creq, tmp_sg);
2823
2824         /* get the DMA records for the setup */
2825         if (c->Request.Type.Direction == XFER_READ)
2826                 dir = PCI_DMA_FROMDEVICE;
2827         else
2828                 dir = PCI_DMA_TODEVICE;
2829
2830         for (i = 0; i < seg; i++) {
2831                 c->SG[i].Len = tmp_sg[i].length;
2832                 temp64.val = (__u64) pci_map_page(h->pdev, sg_page(&tmp_sg[i]),
2833                                                   tmp_sg[i].offset,
2834                                                   tmp_sg[i].length, dir);
2835                 c->SG[i].Addr.lower = temp64.val32.lower;
2836                 c->SG[i].Addr.upper = temp64.val32.upper;
2837                 c->SG[i].Ext = 0;       // we are not chaining
2838         }
2839         /* track how many SG entries we are using */
2840         if (seg > h->maxSG)
2841                 h->maxSG = seg;
2842
2843 #ifdef CCISS_DEBUG
2844         printk(KERN_DEBUG "cciss: Submitting %d sectors in %d segments\n",
2845                creq->nr_sectors, seg);
2846 #endif                          /* CCISS_DEBUG */
2847
2848         c->Header.SGList = c->Header.SGTotal = seg;
2849         if (likely(blk_fs_request(creq))) {
2850                 if(h->cciss_read == CCISS_READ_10) {
2851                         c->Request.CDB[1] = 0;
2852                         c->Request.CDB[2] = (start_blk >> 24) & 0xff;   //MSB
2853                         c->Request.CDB[3] = (start_blk >> 16) & 0xff;
2854                         c->Request.CDB[4] = (start_blk >> 8) & 0xff;
2855                         c->Request.CDB[5] = start_blk & 0xff;
2856                         c->Request.CDB[6] = 0;  // (sect >> 24) & 0xff; MSB
2857                         c->Request.CDB[7] = (creq->nr_sectors >> 8) & 0xff;
2858                         c->Request.CDB[8] = creq->nr_sectors & 0xff;
2859                         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
2860                 } else {
2861                         u32 upper32 = upper_32_bits(start_blk);
2862
2863                         c->Request.CDBLen = 16;
2864                         c->Request.CDB[1]= 0;
2865                         c->Request.CDB[2]= (upper32 >> 24) & 0xff;      //MSB
2866                         c->Request.CDB[3]= (upper32 >> 16) & 0xff;
2867                         c->Request.CDB[4]= (upper32 >>  8) & 0xff;
2868                         c->Request.CDB[5]= upper32 & 0xff;
2869                         c->Request.CDB[6]= (start_blk >> 24) & 0xff;
2870                         c->Request.CDB[7]= (start_blk >> 16) & 0xff;
2871                         c->Request.CDB[8]= (start_blk >>  8) & 0xff;
2872                         c->Request.CDB[9]= start_blk & 0xff;
2873                         c->Request.CDB[10]= (creq->nr_sectors >>  24) & 0xff;
2874                         c->Request.CDB[11]= (creq->nr_sectors >>  16) & 0xff;
2875                         c->Request.CDB[12]= (creq->nr_sectors >>  8) & 0xff;
2876                         c->Request.CDB[13]= creq->nr_sectors & 0xff;
2877                         c->Request.CDB[14] = c->Request.CDB[15] = 0;
2878                 }
2879         } else if (blk_pc_request(creq)) {
2880                 c->Request.CDBLen = creq->cmd_len;
2881                 memcpy(c->Request.CDB, creq->cmd, BLK_MAX_CDB);
2882         } else {
2883                 printk(KERN_WARNING "cciss%d: bad request type %d\n", h->ctlr, creq->cmd_type);
2884                 BUG();
2885         }
2886
2887         spin_lock_irq(q->queue_lock);
2888
2889         addQ(&(h->reqQ), c);
2890         h->Qdepth++;
2891         if (h->Qdepth > h->maxQsinceinit)
2892                 h->maxQsinceinit = h->Qdepth;
2893
2894         goto queue;
2895 full:
2896         blk_stop_queue(q);
2897 startio:
2898         /* We will already have the driver lock here so not need
2899          * to lock it.
2900          */
2901         start_io(h);
2902 }
2903
2904 static inline unsigned long get_next_completion(ctlr_info_t *h)
2905 {
2906 #ifdef CONFIG_CISS_SCSI_TAPE
2907         /* Any rejects from sendcmd() lying around? Process them first */
2908         if (h->scsi_rejects.ncompletions == 0)
2909                 return h->access.command_completed(h);
2910         else {
2911                 struct sendcmd_reject_list *srl;
2912                 int n;
2913                 srl = &h->scsi_rejects;
2914                 n = --srl->ncompletions;
2915                 /* printk("cciss%d: processing saved reject\n", h->ctlr); */
2916                 printk("p");
2917                 return srl->complete[n];
2918         }
2919 #else
2920         return h->access.command_completed(h);
2921 #endif
2922 }
2923
2924 static inline int interrupt_pending(ctlr_info_t *h)
2925 {
2926 #ifdef CONFIG_CISS_SCSI_TAPE
2927         return (h->access.intr_pending(h)
2928                 || (h->scsi_rejects.ncompletions > 0));
2929 #else
2930         return h->access.intr_pending(h);
2931 #endif
2932 }
2933
2934 static inline long interrupt_not_for_us(ctlr_info_t *h)
2935 {
2936 #ifdef CONFIG_CISS_SCSI_TAPE
2937         return (((h->access.intr_pending(h) == 0) ||
2938                  (h->interrupts_enabled == 0))
2939                 && (h->scsi_rejects.ncompletions == 0));
2940 #else
2941         return (((h->access.intr_pending(h) == 0) ||
2942                  (h->interrupts_enabled == 0)));
2943 #endif
2944 }
2945
2946 static irqreturn_t do_cciss_intr(int irq, void *dev_id)
2947 {
2948         ctlr_info_t *h = dev_id;
2949         CommandList_struct *c;
2950         unsigned long flags;
2951         __u32 a, a1, a2;
2952
2953         if (interrupt_not_for_us(h))
2954                 return IRQ_NONE;
2955         /*
2956          * If there are completed commands in the completion queue,
2957          * we had better do something about it.
2958          */
2959         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2960         while (interrupt_pending(h)) {
2961                 while ((a = get_next_completion(h)) != FIFO_EMPTY) {
2962                         a1 = a;
2963                         if ((a & 0x04)) {
2964                                 a2 = (a >> 3);
2965                                 if (a2 >= h->nr_cmds) {
2966                                         printk(KERN_WARNING
2967                                                "cciss: controller cciss%d failed, stopping.\n",
2968                                                h->ctlr);
2969                                         fail_all_cmds(h->ctlr);
2970                                         return IRQ_HANDLED;
2971                                 }
2972
2973                                 c = h->cmd_pool + a2;
2974                                 a = c->busaddr;
2975
2976                         } else {
2977                                 a &= ~3;
2978                                 if ((c = h->cmpQ) == NULL) {
2979                                         printk(KERN_WARNING
2980                                                "cciss: Completion of %08x ignored\n",
2981                                                a1);
2982                                         continue;
2983                                 }
2984                                 while (c->busaddr != a) {
2985                                         c = c->next;
2986                                         if (c == h->cmpQ)
2987                                                 break;
2988                                 }
2989                         }
2990                         /*
2991                          * If we've found the command, take it off the
2992                          * completion Q and free it
2993                          */
2994                         if (c->busaddr == a) {
2995                                 removeQ(&h->cmpQ, c);
2996                                 if (c->cmd_type == CMD_RWREQ) {
2997                                         complete_command(h, c, 0);
2998                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
2999                                         complete(c->waiting);
3000                                 }
3001 #                               ifdef CONFIG_CISS_SCSI_TAPE
3002                                 else if (c->cmd_type == CMD_SCSI)
3003                                         complete_scsi_command(c, 0, a1);
3004 #                               endif
3005                                 continue;
3006                         }
3007                 }
3008         }
3009
3010         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
3011         return IRQ_HANDLED;
3012 }
3013
3014 /*
3015  *  We cannot read the structure directly, for portability we must use
3016  *   the io functions.
3017  *   This is for debug only.
3018  */
3019 #ifdef CCISS_DEBUG
3020 static void print_cfg_table(CfgTable_struct *tb)
3021 {
3022         int i;
3023         char temp_name[17];
3024
3025         printk("Controller Configuration information\n");
3026         printk("------------------------------------\n");
3027         for (i = 0; i < 4; i++)
3028                 temp_name[i] = readb(&(tb->Signature[i]));
3029         temp_name[4] = '\0';
3030         printk("   Signature = %s\n", temp_name);
3031         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
3032         printk("   Transport methods supported = 0x%x\n",
3033                readl(&(tb->TransportSupport)));
3034         printk("   Transport methods active = 0x%x\n",
3035                readl(&(tb->TransportActive)));
3036         printk("   Requested transport Method = 0x%x\n",
3037                readl(&(tb->HostWrite.TransportRequest)));
3038         printk("   Coalesce Interrupt Delay = 0x%x\n",
3039                readl(&(tb->HostWrite.CoalIntDelay)));
3040         printk("   Coalesce Interrupt Count = 0x%x\n",
3041                readl(&(tb->HostWrite.CoalIntCount)));
3042         printk("   Max outstanding commands = 0x%d\n",
3043                readl(&(tb->CmdsOutMax)));
3044         printk("   Bus Types = 0x%x\n", readl(&(tb->BusTypes)));
3045         for (i = 0; i < 16; i++)
3046                 temp_name[i] = readb(&(tb->ServerName[i]));
3047         temp_name[16] = '\0';
3048         printk("   Server Name = %s\n", temp_name);
3049         printk("   Heartbeat Counter = 0x%x\n\n\n", readl(&(tb->HeartBeat)));
3050 }
3051 #endif                          /* CCISS_DEBUG */
3052
3053 static int find_PCI_BAR_index(struct pci_dev *pdev, unsigned long pci_bar_addr)
3054 {
3055         int i, offset, mem_type, bar_type;
3056         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
3057                 return 0;
3058         offset = 0;
3059         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3060                 bar_type = pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE;
3061                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
3062                         offset += 4;
3063                 else {
3064                         mem_type = pci_resource_flags(pdev, i) &
3065                             PCI_BASE_ADDRESS_MEM_TYPE_MASK;
3066                         switch (mem_type) {
3067                         case PCI_BASE_ADDRESS_MEM_TYPE_32:
3068                         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
3069                                 offset += 4;    /* 32 bit */
3070                                 break;
3071                         case PCI_BASE_ADDRESS_MEM_TYPE_64:
3072                                 offset += 8;
3073                                 break;
3074                         default:        /* reserved in PCI 2.2 */
3075                                 printk(KERN_WARNING
3076                                        "Base address is invalid\n");
3077                                 return -1;
3078                                 break;
3079                         }
3080                 }
3081                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
3082                         return i + 1;
3083         }
3084         return -1;
3085 }
3086
3087 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
3088  * controllers that are capable. If not, we use IO-APIC mode.
3089  */
3090
3091 static void __devinit cciss_interrupt_mode(ctlr_info_t *c,
3092                                            struct pci_dev *pdev, __u32 board_id)
3093 {
3094 #ifdef CONFIG_PCI_MSI
3095         int err;
3096         struct msix_entry cciss_msix_entries[4] = { {0, 0}, {0, 1},
3097         {0, 2}, {0, 3}
3098         };
3099
3100         /* Some boards advertise MSI but don't really support it */
3101         if ((board_id == 0x40700E11) ||
3102             (board_id == 0x40800E11) ||
3103             (board_id == 0x40820E11) || (board_id == 0x40830E11))
3104                 goto default_int_mode;
3105
3106         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
3107                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
3108                 if (!err) {
3109                         c->intr[0] = cciss_msix_entries[0].vector;
3110                         c->intr[1] = cciss_msix_entries[1].vector;
3111                         c->intr[2] = cciss_msix_entries[2].vector;
3112                         c->intr[3] = cciss_msix_entries[3].vector;
3113                         c->msix_vector = 1;
3114                         return;
3115                 }
3116                 if (err > 0) {
3117                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
3118                                "available\n", err);
3119                         goto default_int_mode;
3120                 } else {
3121                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
3122                                err);
3123                         goto default_int_mode;
3124                 }
3125         }
3126         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
3127                 if (!pci_enable_msi(pdev)) {
3128                         c->msi_vector = 1;
3129                 } else {
3130                         printk(KERN_WARNING "cciss: MSI init failed\n");
3131                 }
3132         }
3133 default_int_mode:
3134 #endif                          /* CONFIG_PCI_MSI */
3135         /* if we get here we're going to use the default interrupt mode */
3136         c->intr[SIMPLE_MODE_INT] = pdev->irq;
3137         return;
3138 }
3139
3140 static int __devinit cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
3141 {
3142         ushort subsystem_vendor_id, subsystem_device_id, command;
3143         __u32 board_id, scratchpad = 0;
3144         __u64 cfg_offset;
3145         __u32 cfg_base_addr;
3146         __u64 cfg_base_addr_index;
3147         int i, err;
3148
3149         /* check to see if controller has been disabled */
3150         /* BEFORE trying to enable it */
3151         (void)pci_read_config_word(pdev, PCI_COMMAND, &command);
3152         if (!(command & 0x02)) {
3153                 printk(KERN_WARNING
3154                        "cciss: controller appears to be disabled\n");
3155                 return -ENODEV;
3156         }
3157
3158         err = pci_enable_device(pdev);
3159         if (err) {
3160                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
3161                 return err;
3162         }
3163
3164         err = pci_request_regions(pdev, "cciss");
3165         if (err) {
3166                 printk(KERN_ERR "cciss: Cannot obtain PCI resources, "
3167                        "aborting\n");
3168                 return err;
3169         }
3170
3171         subsystem_vendor_id = pdev->subsystem_vendor;
3172         subsystem_device_id = pdev->subsystem_device;
3173         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
3174                     subsystem_vendor_id);
3175
3176 #ifdef CCISS_DEBUG
3177         printk("command = %x\n", command);
3178         printk("irq = %x\n", pdev->irq);
3179         printk("board_id = %x\n", board_id);
3180 #endif                          /* CCISS_DEBUG */
3181
3182 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
3183  * else we use the IO-APIC interrupt assigned to us by system ROM.
3184  */
3185         cciss_interrupt_mode(c, pdev, board_id);
3186
3187         /*
3188          * Memory base addr is first addr , the second points to the config
3189          *   table
3190          */
3191
3192         c->paddr = pci_resource_start(pdev, 0); /* addressing mode bits already removed */
3193 #ifdef CCISS_DEBUG
3194         printk("address 0 = %x\n", c->paddr);
3195 #endif                          /* CCISS_DEBUG */
3196         c->vaddr = remap_pci_mem(c->paddr, 0x250);
3197
3198         /* Wait for the board to become ready.  (PCI hotplug needs this.)
3199          * We poll for up to 120 secs, once per 100ms. */
3200         for (i = 0; i < 1200; i++) {
3201                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
3202                 if (scratchpad == CCISS_FIRMWARE_READY)
3203                         break;
3204                 set_current_state(TASK_INTERRUPTIBLE);
3205                 schedule_timeout(HZ / 10);      /* wait 100ms */
3206         }
3207         if (scratchpad != CCISS_FIRMWARE_READY) {
3208                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
3209                 err = -ENODEV;
3210                 goto err_out_free_res;
3211         }
3212
3213         /* get the address index number */
3214         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
3215         cfg_base_addr &= (__u32) 0x0000ffff;
3216 #ifdef CCISS_DEBUG
3217         printk("cfg base address = %x\n", cfg_base_addr);
3218 #endif                          /* CCISS_DEBUG */
3219         cfg_base_addr_index = find_PCI_BAR_index(pdev, cfg_base_addr);
3220 #ifdef CCISS_DEBUG
3221         printk("cfg base address index = %x\n", cfg_base_addr_index);
3222 #endif                          /* CCISS_DEBUG */
3223         if (cfg_base_addr_index == -1) {
3224                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
3225                 err = -ENODEV;
3226                 goto err_out_free_res;
3227         }
3228
3229         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
3230 #ifdef CCISS_DEBUG
3231         printk("cfg offset = %x\n", cfg_offset);
3232 #endif                          /* CCISS_DEBUG */
3233         c->cfgtable = remap_pci_mem(pci_resource_start(pdev,
3234                                                        cfg_base_addr_index) +
3235                                     cfg_offset, sizeof(CfgTable_struct));
3236         c->board_id = board_id;
3237
3238 #ifdef CCISS_DEBUG
3239         print_cfg_table(c->cfgtable);
3240 #endif                          /* CCISS_DEBUG */
3241
3242         /* Some controllers support Zero Memory Raid (ZMR).
3243          * When configured in ZMR mode the number of supported
3244          * commands drops to 64. So instead of just setting an
3245          * arbitrary value we make the driver a little smarter.
3246          * We read the config table to tell us how many commands
3247          * are supported on the controller then subtract 4 to
3248          * leave a little room for ioctl calls.
3249          */
3250         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3251         for (i = 0; i < ARRAY_SIZE(products); i++) {
3252                 if (board_id == products[i].board_id) {
3253                         c->product_name = products[i].product_name;
3254                         c->access = *(products[i].access);
3255                         c->nr_cmds = c->max_commands - 4;
3256                         break;
3257                 }
3258         }
3259         if ((readb(&c->cfgtable->Signature[0]) != 'C') ||
3260             (readb(&c->cfgtable->Signature[1]) != 'I') ||
3261             (readb(&c->cfgtable->Signature[2]) != 'S') ||
3262             (readb(&c->cfgtable->Signature[3]) != 'S')) {
3263                 printk("Does not appear to be a valid CISS config table\n");
3264                 err = -ENODEV;
3265                 goto err_out_free_res;
3266         }
3267         /* We didn't find the controller in our list. We know the
3268          * signature is valid. If it's an HP device let's try to
3269          * bind to the device and fire it up. Otherwise we bail.
3270          */
3271         if (i == ARRAY_SIZE(products)) {
3272                 if (subsystem_vendor_id == PCI_VENDOR_ID_HP) {
3273                         c->product_name = products[i-1].product_name;
3274                         c->access = *(products[i-1].access);
3275                         c->nr_cmds = c->max_commands - 4;
3276                         printk(KERN_WARNING "cciss: This is an unknown "
3277                                 "Smart Array controller.\n"
3278                                 "cciss: Please update to the latest driver "
3279                                 "available from www.hp.com.\n");
3280                 } else {
3281                         printk(KERN_WARNING "cciss: Sorry, I don't know how"
3282                                 " to access the Smart Array controller %08lx\n"
3283                                         , (unsigned long)board_id);
3284                         err = -ENODEV;
3285                         goto err_out_free_res;
3286                 }
3287         }
3288 #ifdef CONFIG_X86
3289         {
3290                 /* Need to enable prefetch in the SCSI core for 6400 in x86 */
3291                 __u32 prefetch;
3292                 prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
3293                 prefetch |= 0x100;
3294                 writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
3295         }
3296 #endif
3297
3298         /* Disabling DMA prefetch and refetch for the P600.
3299          * An ASIC bug may result in accesses to invalid memory addresses.
3300          * We've disabled prefetch for some time now. Testing with XEN
3301          * kernels revealed a bug in the refetch if dom0 resides on a P600.
3302          */
3303         if(board_id == 0x3225103C) {
3304                 __u32 dma_prefetch;
3305                 __u32 dma_refetch;
3306                 dma_prefetch = readl(c->vaddr + I2O_DMA1_CFG);
3307                 dma_prefetch |= 0x8000;
3308                 writel(dma_prefetch, c->vaddr + I2O_DMA1_CFG);
3309                 pci_read_config_dword(pdev, PCI_COMMAND_PARITY, &dma_refetch);
3310                 dma_refetch |= 0x1;
3311                 pci_write_config_dword(pdev, PCI_COMMAND_PARITY, dma_refetch);
3312         }
3313
3314 #ifdef CCISS_DEBUG
3315         printk("Trying to put board into Simple mode\n");
3316 #endif                          /* CCISS_DEBUG */
3317         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3318         /* Update the field, and then ring the doorbell */
3319         writel(CFGTBL_Trans_Simple, &(c->cfgtable->HostWrite.TransportRequest));
3320         writel(CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
3321
3322         /* under certain very rare conditions, this can take awhile.
3323          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
3324          * as we enter this code.) */
3325         for (i = 0; i < MAX_CONFIG_WAIT; i++) {
3326                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
3327                         break;
3328                 /* delay and try again */
3329                 set_current_state(TASK_INTERRUPTIBLE);
3330                 schedule_timeout(10);
3331         }
3332
3333 #ifdef CCISS_DEBUG
3334         printk(KERN_DEBUG "I counter got to %d %x\n", i,
3335                readl(c->vaddr + SA5_DOORBELL));
3336 #endif                          /* CCISS_DEBUG */
3337 #ifdef CCISS_DEBUG
3338         print_cfg_table(c->cfgtable);
3339 #endif                          /* CCISS_DEBUG */
3340
3341         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple)) {
3342                 printk(KERN_WARNING "cciss: unable to get board into"
3343                        " simple mode\n");
3344                 err = -ENODEV;
3345                 goto err_out_free_res;
3346         }
3347         return 0;
3348
3349 err_out_free_res:
3350         /*
3351          * Deliberately omit pci_disable_device(): it does something nasty to
3352          * Smart Array controllers that pci_enable_device does not undo
3353          */
3354         pci_release_regions(pdev);
3355         return err;
3356 }
3357
3358 /* Function to find the first free pointer into our hba[] array
3359  * Returns -1 if no free entries are left.
3360  */
3361 static int alloc_cciss_hba(void)
3362 {
3363         int i;
3364
3365         for (i = 0; i < MAX_CTLR; i++) {
3366                 if (!hba[i]) {
3367                         ctlr_info_t *p;
3368
3369                         p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3370                         if (!p)
3371                                 goto Enomem;
3372                         hba[i] = p;
3373                         return i;
3374                 }
3375         }
3376         printk(KERN_WARNING "cciss: This driver supports a maximum"
3377                " of %d controllers.\n", MAX_CTLR);
3378         return -1;
3379 Enomem:
3380         printk(KERN_ERR "cciss: out of memory.\n");
3381         return -1;
3382 }
3383
3384 static void free_hba(int i)
3385 {
3386         ctlr_info_t *p = hba[i];
3387         int n;
3388
3389         hba[i] = NULL;
3390         for (n = 0; n < CISS_MAX_LUN; n++)
3391                 put_disk(p->gendisk[n]);
3392         kfree(p);
3393 }
3394
3395 /*
3396  *  This is it.  Find all the controllers and register them.  I really hate
3397  *  stealing all these major device numbers.
3398  *  returns the number of block devices registered.
3399  */
3400 static int __devinit cciss_init_one(struct pci_dev *pdev,
3401                                     const struct pci_device_id *ent)
3402 {
3403         int i;
3404         int j = 0;
3405         int rc;
3406         int dac;
3407
3408         i = alloc_cciss_hba();
3409         if (i < 0)
3410                 return -1;
3411
3412         hba[i]->busy_initializing = 1;
3413
3414         if (cciss_pci_init(hba[i], pdev) != 0)
3415                 goto clean1;
3416
3417         sprintf(hba[i]->devname, "cciss%d", i);
3418         hba[i]->ctlr = i;
3419         hba[i]->pdev = pdev;
3420
3421         /* configure PCI DMA stuff */
3422         if (!pci_set_dma_mask(pdev, DMA_64BIT_MASK))
3423                 dac = 1;
3424         else if (!pci_set_dma_mask(pdev, DMA_32BIT_MASK))
3425                 dac = 0;
3426         else {
3427                 printk(KERN_ERR "cciss: no suitable DMA available\n");
3428                 goto clean1;
3429         }
3430
3431         /*
3432          * register with the major number, or get a dynamic major number
3433          * by passing 0 as argument.  This is done for greater than
3434          * 8 controller support.
3435          */
3436         if (i < MAX_CTLR_ORIG)
3437                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
3438         rc = register_blkdev(hba[i]->major, hba[i]->devname);
3439         if (rc == -EBUSY || rc == -EINVAL) {
3440                 printk(KERN_ERR
3441                        "cciss:  Unable to get major number %d for %s "
3442                        "on hba %d\n", hba[i]->major, hba[i]->devname, i);
3443                 goto clean1;
3444         } else {
3445                 if (i >= MAX_CTLR_ORIG)
3446                         hba[i]->major = rc;
3447         }
3448
3449         /* make sure the board interrupts are off */
3450         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
3451         if (request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
3452                         IRQF_DISABLED | IRQF_SHARED, hba[i]->devname, hba[i])) {
3453                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
3454                        hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
3455                 goto clean2;
3456         }
3457
3458         printk(KERN_INFO "%s: <0x%x> at PCI %s IRQ %d%s using DAC\n",
3459                hba[i]->devname, pdev->device, pci_name(pdev),
3460                hba[i]->intr[SIMPLE_MODE_INT], dac ? "" : " not");
3461
3462         hba[i]->cmd_pool_bits =
3463             kmalloc(DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3464                         * sizeof(unsigned long), GFP_KERNEL);
3465         hba[i]->cmd_pool = (CommandList_struct *)
3466             pci_alloc_consistent(hba[i]->pdev,
3467                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3468                     &(hba[i]->cmd_pool_dhandle));
3469         hba[i]->errinfo_pool = (ErrorInfo_struct *)
3470             pci_alloc_consistent(hba[i]->pdev,
3471                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3472                     &(hba[i]->errinfo_pool_dhandle));
3473         if ((hba[i]->cmd_pool_bits == NULL)
3474             || (hba[i]->cmd_pool == NULL)
3475             || (hba[i]->errinfo_pool == NULL)) {
3476                 printk(KERN_ERR "cciss: out of memory");
3477                 goto clean4;
3478         }
3479 #ifdef CONFIG_CISS_SCSI_TAPE
3480         hba[i]->scsi_rejects.complete =
3481             kmalloc(sizeof(hba[i]->scsi_rejects.complete[0]) *
3482                     (hba[i]->nr_cmds + 5), GFP_KERNEL);
3483         if (hba[i]->scsi_rejects.complete == NULL) {
3484                 printk(KERN_ERR "cciss: out of memory");
3485                 goto clean4;
3486         }
3487 #endif
3488         spin_lock_init(&hba[i]->lock);
3489
3490         /* Initialize the pdev driver private data.
3491            have it point to hba[i].  */
3492         pci_set_drvdata(pdev, hba[i]);
3493         /* command and error info recs zeroed out before
3494            they are used */
3495         memset(hba[i]->cmd_pool_bits, 0,
3496                DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
3497                         * sizeof(unsigned long));
3498
3499         hba[i]->num_luns = 0;
3500         hba[i]->highest_lun = -1;
3501         for (j = 0; j < CISS_MAX_LUN; j++) {
3502                 hba[i]->drv[j].raid_level = -1;
3503                 hba[i]->drv[j].queue = NULL;
3504                 hba[i]->gendisk[j] = NULL;
3505         }
3506
3507         cciss_scsi_setup(i);
3508
3509         /* Turn the interrupts on so we can service requests */
3510         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
3511
3512         cciss_procinit(i);
3513
3514         hba[i]->cciss_max_sectors = 2048;
3515
3516         hba[i]->busy_initializing = 0;
3517
3518         rebuild_lun_table(hba[i], 1);
3519         return 1;
3520
3521 clean4:
3522 #ifdef CONFIG_CISS_SCSI_TAPE
3523         kfree(hba[i]->scsi_rejects.complete);
3524 #endif
3525         kfree(hba[i]->cmd_pool_bits);
3526         if (hba[i]->cmd_pool)
3527                 pci_free_consistent(hba[i]->pdev,
3528                                     hba[i]->nr_cmds * sizeof(CommandList_struct),
3529                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3530         if (hba[i]->errinfo_pool)
3531                 pci_free_consistent(hba[i]->pdev,
3532                                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3533                                     hba[i]->errinfo_pool,
3534                                     hba[i]->errinfo_pool_dhandle);
3535         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
3536 clean2:
3537         unregister_blkdev(hba[i]->major, hba[i]->devname);
3538 clean1:
3539         hba[i]->busy_initializing = 0;
3540         /* cleanup any queues that may have been initialized */
3541         for (j=0; j <= hba[i]->highest_lun; j++){
3542                 drive_info_struct *drv = &(hba[i]->drv[j]);
3543                 if (drv->queue)
3544                         blk_cleanup_queue(drv->queue);
3545         }
3546         /*
3547          * Deliberately omit pci_disable_device(): it does something nasty to
3548          * Smart Array controllers that pci_enable_device does not undo
3549          */
3550         pci_release_regions(pdev);
3551         pci_set_drvdata(pdev, NULL);
3552         free_hba(i);
3553         return -1;
3554 }
3555
3556 static void cciss_shutdown(struct pci_dev *pdev)
3557 {
3558         ctlr_info_t *tmp_ptr;
3559         int i;
3560         char flush_buf[4];
3561         int return_code;
3562
3563         tmp_ptr = pci_get_drvdata(pdev);
3564         if (tmp_ptr == NULL)
3565                 return;
3566         i = tmp_ptr->ctlr;
3567         if (hba[i] == NULL)
3568                 return;
3569
3570         /* Turn board interrupts off  and send the flush cache command */
3571         /* sendcmd will turn off interrupt, and send the flush...
3572          * To write all data in the battery backed cache to disks */
3573         memset(flush_buf, 0, 4);
3574         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0, 0, 0, NULL,
3575                               TYPE_CMD);
3576         if (return_code == IO_OK) {
3577                 printk(KERN_INFO "Completed flushing cache on controller %d\n", i);
3578         } else {
3579                 printk(KERN_WARNING "Error flushing cache on controller %d\n", i);
3580         }
3581         free_irq(hba[i]->intr[2], hba[i]);
3582 }
3583
3584 static void __devexit cciss_remove_one(struct pci_dev *pdev)
3585 {
3586         ctlr_info_t *tmp_ptr;
3587         int i, j;
3588
3589         if (pci_get_drvdata(pdev) == NULL) {
3590                 printk(KERN_ERR "cciss: Unable to remove device \n");
3591                 return;
3592         }
3593         tmp_ptr = pci_get_drvdata(pdev);
3594         i = tmp_ptr->ctlr;
3595         if (hba[i] == NULL) {
3596                 printk(KERN_ERR "cciss: device appears to "
3597                        "already be removed \n");
3598                 return;
3599         }
3600
3601         remove_proc_entry(hba[i]->devname, proc_cciss);
3602         unregister_blkdev(hba[i]->major, hba[i]->devname);
3603
3604         /* remove it from the disk list */
3605         for (j = 0; j < CISS_MAX_LUN; j++) {
3606                 struct gendisk *disk = hba[i]->gendisk[j];
3607                 if (disk) {
3608                         struct request_queue *q = disk->queue;
3609
3610                         if (disk->flags & GENHD_FL_UP)
3611                                 del_gendisk(disk);
3612                         if (q)
3613                                 blk_cleanup_queue(q);
3614                 }
3615         }
3616
3617 #ifdef CONFIG_CISS_SCSI_TAPE
3618         cciss_unregister_scsi(i);       /* unhook from SCSI subsystem */
3619 #endif
3620
3621         cciss_shutdown(pdev);
3622
3623 #ifdef CONFIG_PCI_MSI
3624         if (hba[i]->msix_vector)
3625                 pci_disable_msix(hba[i]->pdev);
3626         else if (hba[i]->msi_vector)
3627                 pci_disable_msi(hba[i]->pdev);
3628 #endif                          /* CONFIG_PCI_MSI */
3629
3630         iounmap(hba[i]->vaddr);
3631
3632         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(CommandList_struct),
3633                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
3634         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
3635                             hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
3636         kfree(hba[i]->cmd_pool_bits);
3637 #ifdef CONFIG_CISS_SCSI_TAPE
3638         kfree(hba[i]->scsi_rejects.complete);
3639 #endif
3640         /*
3641          * Deliberately omit pci_disable_device(): it does something nasty to
3642          * Smart Array controllers that pci_enable_device does not undo
3643          */
3644         pci_release_regions(pdev);
3645         pci_set_drvdata(pdev, NULL);
3646         free_hba(i);
3647 }
3648
3649 static struct pci_driver cciss_pci_driver = {
3650         .name = "cciss",
3651         .probe = cciss_init_one,
3652         .remove = __devexit_p(cciss_remove_one),
3653         .id_table = cciss_pci_device_id,        /* id_table */
3654         .shutdown = cciss_shutdown,
3655 };
3656
3657 /*
3658  *  This is it.  Register the PCI driver information for the cards we control
3659  *  the OS will call our registered routines when it finds one of our cards.
3660  */
3661 static int __init cciss_init(void)
3662 {
3663         printk(KERN_INFO DRIVER_NAME "\n");
3664
3665         /* Register for our PCI devices */
3666         return pci_register_driver(&cciss_pci_driver);
3667 }
3668
3669 static void __exit cciss_cleanup(void)
3670 {
3671         int i;
3672
3673         pci_unregister_driver(&cciss_pci_driver);
3674         /* double check that all controller entrys have been removed */
3675         for (i = 0; i < MAX_CTLR; i++) {
3676                 if (hba[i] != NULL) {
3677                         printk(KERN_WARNING "cciss: had to remove"
3678                                " controller %d\n", i);
3679                         cciss_remove_one(hba[i]->pdev);
3680                 }
3681         }
3682         remove_proc_entry("driver/cciss", NULL);
3683 }
3684
3685 static void fail_all_cmds(unsigned long ctlr)
3686 {
3687         /* If we get here, the board is apparently dead. */
3688         ctlr_info_t *h = hba[ctlr];
3689         CommandList_struct *c;
3690         unsigned long flags;
3691
3692         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
3693         h->alive = 0;           /* the controller apparently died... */
3694
3695         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
3696
3697         pci_disable_device(h->pdev);    /* Make sure it is really dead. */
3698
3699         /* move everything off the request queue onto the completed queue */
3700         while ((c = h->reqQ) != NULL) {
3701                 removeQ(&(h->reqQ), c);
3702                 h->Qdepth--;
3703                 addQ(&(h->cmpQ), c);
3704         }
3705
3706         /* Now, fail everything on the completed queue with a HW error */
3707         while ((c = h->cmpQ) != NULL) {
3708                 removeQ(&h->cmpQ, c);
3709                 c->err_info->CommandStatus = CMD_HARDWARE_ERR;
3710                 if (c->cmd_type == CMD_RWREQ) {
3711                         complete_command(h, c, 0);
3712                 } else if (c->cmd_type == CMD_IOCTL_PEND)
3713                         complete(c->waiting);
3714 #ifdef CONFIG_CISS_SCSI_TAPE
3715                 else if (c->cmd_type == CMD_SCSI)
3716                         complete_scsi_command(c, 0, 0);
3717 #endif
3718         }
3719         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
3720         return;
3721 }
3722
3723 module_init(cciss_init);
3724 module_exit(cciss_cleanup);