Pull misc into release branch
[linux-2.6] / drivers / message / fusion / mptctl.c
1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI Logic PCI chip/adapters
5  *      running LSI Logic Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2007 LSI Logic Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>        /* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/smp_lock.h>
58 #include <linux/compat.h>
59
60 #include <asm/io.h>
61 #include <asm/uaccess.h>
62
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68
69 #define COPYRIGHT       "Copyright (c) 1999-2007 LSI Logic Corporation"
70 #define MODULEAUTHOR    "LSI Logic Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME         "Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION      MPT_LINUX_VERSION_COMMON
77 #define MYNAM           "mptctl"
78
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85
86 static int mptctl_id = -1;
87
88 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
89
90 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
91
92 struct buflist {
93         u8      *kptr;
94         int      len;
95 };
96
97 /*
98  * Function prototypes. Called from OS entry point mptctl_ioctl.
99  * arg contents specific to function.
100  */
101 static int mptctl_fw_download(unsigned long arg);
102 static int mptctl_getiocinfo(unsigned long arg, unsigned int cmd);
103 static int mptctl_gettargetinfo(unsigned long arg);
104 static int mptctl_readtest(unsigned long arg);
105 static int mptctl_mpt_command(unsigned long arg);
106 static int mptctl_eventquery(unsigned long arg);
107 static int mptctl_eventenable(unsigned long arg);
108 static int mptctl_eventreport(unsigned long arg);
109 static int mptctl_replace_fw(unsigned long arg);
110
111 static int mptctl_do_reset(unsigned long arg);
112 static int mptctl_hp_hostinfo(unsigned long arg, unsigned int cmd);
113 static int mptctl_hp_targetinfo(unsigned long arg);
114
115 static int  mptctl_probe(struct pci_dev *, const struct pci_device_id *);
116 static void mptctl_remove(struct pci_dev *);
117
118 #ifdef CONFIG_COMPAT
119 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
120 #endif
121 /*
122  * Private function calls.
123  */
124 static int mptctl_do_mpt_command(struct mpt_ioctl_command karg, void __user *mfPtr);
125 static int mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen);
126 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
127                 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
128 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
129                 struct buflist *buflist, MPT_ADAPTER *ioc);
130 static void mptctl_timeout_expired (MPT_IOCTL *ioctl);
131 static int  mptctl_bus_reset(MPT_IOCTL *ioctl);
132 static int mptctl_set_tm_flags(MPT_SCSI_HOST *hd);
133 static void mptctl_free_tm_flags(MPT_ADAPTER *ioc);
134
135 /*
136  * Reset Handler cleanup function
137  */
138 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
139
140 /*
141  * Event Handler function
142  */
143 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
144 static struct fasync_struct *async_queue=NULL;
145
146 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
147 /*
148  * Scatter gather list (SGL) sizes and limits...
149  */
150 //#define MAX_SCSI_FRAGS        9
151 #define MAX_FRAGS_SPILL1        9
152 #define MAX_FRAGS_SPILL2        15
153 #define FRAGS_PER_BUCKET        (MAX_FRAGS_SPILL2 + 1)
154
155 //#define MAX_CHAIN_FRAGS       64
156 //#define MAX_CHAIN_FRAGS       (15+15+15+16)
157 #define MAX_CHAIN_FRAGS         (4 * MAX_FRAGS_SPILL2 + 1)
158
159 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
160 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
161 //                  ^----------------- 80 + 512
162 #define MAX_SGL_BYTES           ((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
163
164 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
165 #define MAX_KMALLOC_SZ          (128*1024)
166
167 #define MPT_IOCTL_DEFAULT_TIMEOUT 10    /* Default timeout value (seconds) */
168
169 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
170 /**
171  *      mptctl_syscall_down - Down the MPT adapter syscall semaphore.
172  *      @ioc: Pointer to MPT adapter
173  *      @nonblock: boolean, non-zero if O_NONBLOCK is set
174  *
175  *      All of the ioctl commands can potentially sleep, which is illegal
176  *      with a spinlock held, thus we perform mutual exclusion here.
177  *
178  *      Returns negative errno on error, or zero for success.
179  */
180 static inline int
181 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
182 {
183         int rc = 0;
184         dctlprintk((KERN_INFO MYNAM "::mptctl_syscall_down(%p,%d) called\n", ioc, nonblock));
185
186         if (nonblock) {
187                 if (!mutex_trylock(&ioc->ioctl->ioctl_mutex))
188                         rc = -EAGAIN;
189         } else {
190                 if (mutex_lock_interruptible(&ioc->ioctl->ioctl_mutex))
191                         rc = -ERESTARTSYS;
192         }
193         dctlprintk((KERN_INFO MYNAM "::mptctl_syscall_down return %d\n", rc));
194         return rc;
195 }
196
197 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
198 /*
199  *  This is the callback for any message we have posted. The message itself
200  *  will be returned to the message pool when we return from the IRQ
201  *
202  *  This runs in irq context so be short and sweet.
203  */
204 static int
205 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
206 {
207         char *sense_data;
208         int sz, req_index;
209         u16 iocStatus;
210         u8 cmd;
211
212         dctlprintk(("mptctl_reply()!\n"));
213         if (req)
214                  cmd = req->u.hdr.Function;
215         else
216                 return 1;
217
218         if (ioc->ioctl) {
219
220                 if (reply==NULL) {
221
222                         dctlprintk(("mptctl_reply() NULL Reply "
223                                 "Function=%x!\n", cmd));
224
225                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
226                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
227
228                         /* We are done, issue wake up
229                         */
230                         ioc->ioctl->wait_done = 1;
231                         wake_up (&mptctl_wait);
232                         return 1;
233
234                 }
235
236                 dctlprintk(("mptctl_reply() with req=%p "
237                         "reply=%p Function=%x!\n", req, reply, cmd));
238
239                 /* Copy the reply frame (which much exist
240                  * for non-SCSI I/O) to the IOC structure.
241                  */
242                 dctlprintk(("Copying Reply Frame @%p to ioc%d!\n",
243                         reply, ioc->id));
244                 memcpy(ioc->ioctl->ReplyFrame, reply,
245                         min(ioc->reply_sz, 4*reply->u.reply.MsgLength));
246                 ioc->ioctl->status |= MPT_IOCTL_STATUS_RF_VALID;
247
248                 /* Set the command status to GOOD if IOC Status is GOOD
249                  * OR if SCSI I/O cmd and data underrun or recovered error.
250                  */
251                 iocStatus = le16_to_cpu(reply->u.reply.IOCStatus) & MPI_IOCSTATUS_MASK;
252                 if (iocStatus  == MPI_IOCSTATUS_SUCCESS)
253                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
254
255                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) ||
256                         (cmd == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
257                         ioc->ioctl->reset &= ~MPTCTL_RESET_OK;
258
259                         if ((iocStatus == MPI_IOCSTATUS_SCSI_DATA_UNDERRUN) ||
260                         (iocStatus == MPI_IOCSTATUS_SCSI_RECOVERED_ERROR)) {
261                         ioc->ioctl->status |= MPT_IOCTL_STATUS_COMMAND_GOOD;
262                         }
263                 }
264
265                 /* Copy the sense data - if present
266                  */
267                 if ((cmd == MPI_FUNCTION_SCSI_IO_REQUEST) &&
268                         (reply->u.sreply.SCSIState &
269                          MPI_SCSI_STATE_AUTOSENSE_VALID)){
270                         sz = req->u.scsireq.SenseBufferLength;
271                         req_index =
272                             le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
273                         sense_data =
274                             ((u8 *)ioc->sense_buf_pool +
275                              (req_index * MPT_SENSE_BUFFER_ALLOC));
276                         memcpy(ioc->ioctl->sense, sense_data, sz);
277                         ioc->ioctl->status |= MPT_IOCTL_STATUS_SENSE_VALID;
278                 }
279
280                 if (cmd == MPI_FUNCTION_SCSI_TASK_MGMT)
281                         mptctl_free_tm_flags(ioc);
282
283                 /* We are done, issue wake up
284                  */
285                 ioc->ioctl->wait_done = 1;
286                 wake_up (&mptctl_wait);
287         }
288         return 1;
289 }
290
291 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
292 /* mptctl_timeout_expired
293  *
294  * Expecting an interrupt, however timed out.
295  *
296  */
297 static void mptctl_timeout_expired (MPT_IOCTL *ioctl)
298 {
299         int rc = 1;
300
301         dctlprintk((KERN_NOTICE MYNAM ": Timeout Expired! Host %d\n",
302                                 ioctl->ioc->id));
303         if (ioctl == NULL)
304                 return;
305
306         ioctl->wait_done = 0;
307         if (ioctl->reset & MPTCTL_RESET_OK)
308                 rc = mptctl_bus_reset(ioctl);
309
310         if (rc) {
311                 /* Issue a reset for this device.
312                  * The IOC is not responding.
313                  */
314                 dctlprintk((MYIOC_s_INFO_FMT "Calling HardReset! \n",
315                          ioctl->ioc->name));
316                 mpt_HardResetHandler(ioctl->ioc, CAN_SLEEP);
317         }
318         return;
319
320 }
321
322 /* mptctl_bus_reset
323  *
324  * Bus reset code.
325  *
326  */
327 static int mptctl_bus_reset(MPT_IOCTL *ioctl)
328 {
329         MPT_FRAME_HDR   *mf;
330         SCSITaskMgmt_t  *pScsiTm;
331         MPT_SCSI_HOST   *hd;
332         int              ii;
333         int              retval;
334
335
336         ioctl->reset &= ~MPTCTL_RESET_OK;
337
338         if (ioctl->ioc->sh == NULL)
339                 return -EPERM;
340
341         hd = (MPT_SCSI_HOST *) ioctl->ioc->sh->hostdata;
342         if (hd == NULL)
343                 return -EPERM;
344
345         /* Single threading ....
346          */
347         if (mptctl_set_tm_flags(hd) != 0)
348                 return -EPERM;
349
350         /* Send request
351          */
352         if ((mf = mpt_get_msg_frame(mptctl_id, ioctl->ioc)) == NULL) {
353                 dctlprintk((MYIOC_s_WARN_FMT "IssueTaskMgmt, no msg frames!!\n",
354                                 ioctl->ioc->name));
355
356                 mptctl_free_tm_flags(ioctl->ioc);
357                 return -ENOMEM;
358         }
359
360         dtmprintk((MYIOC_s_INFO_FMT "IssueTaskMgmt request @ %p\n",
361                         ioctl->ioc->name, mf));
362
363         pScsiTm = (SCSITaskMgmt_t *) mf;
364         pScsiTm->TargetID = ioctl->id;
365         pScsiTm->Bus = hd->port;        /* 0 */
366         pScsiTm->ChainOffset = 0;
367         pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
368         pScsiTm->Reserved = 0;
369         pScsiTm->TaskType = MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS;
370         pScsiTm->Reserved1 = 0;
371         pScsiTm->MsgFlags = MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
372
373         for (ii= 0; ii < 8; ii++)
374                 pScsiTm->LUN[ii] = 0;
375
376         for (ii=0; ii < 7; ii++)
377                 pScsiTm->Reserved2[ii] = 0;
378
379         pScsiTm->TaskMsgContext = 0;
380         dtmprintk((MYIOC_s_INFO_FMT
381                 "mptctl_bus_reset: issued.\n", ioctl->ioc->name));
382
383         DBG_DUMP_TM_REQUEST_FRAME((u32 *)mf);
384
385         ioctl->wait_done=0;
386         if ((retval = mpt_send_handshake_request(mptctl_id, ioctl->ioc,
387              sizeof(SCSITaskMgmt_t), (u32*)pScsiTm, CAN_SLEEP)) != 0) {
388                 dfailprintk((MYIOC_s_ERR_FMT "_send_handshake FAILED!"
389                         " (hd %p, ioc %p, mf %p) \n", hd->ioc->name, hd,
390                         hd->ioc, mf));
391                 goto mptctl_bus_reset_done;
392         }
393
394         /* Now wait for the command to complete */
395         ii = wait_event_timeout(mptctl_wait,
396              ioctl->wait_done == 1,
397              HZ*5 /* 5 second timeout */);
398
399         if(ii <=0 && (ioctl->wait_done != 1 ))  {
400                 mpt_free_msg_frame(hd->ioc, mf);
401                 ioctl->wait_done = 0;
402                 retval = -1; /* return failure */
403         }
404
405 mptctl_bus_reset_done:
406
407         mptctl_free_tm_flags(ioctl->ioc);
408         return retval;
409 }
410
411 static int
412 mptctl_set_tm_flags(MPT_SCSI_HOST *hd) {
413         unsigned long flags;
414
415         spin_lock_irqsave(&hd->ioc->FreeQlock, flags);
416
417         if (hd->tmState == TM_STATE_NONE) {
418                 hd->tmState = TM_STATE_IN_PROGRESS;
419                 hd->tmPending = 1;
420                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
421         } else {
422                 spin_unlock_irqrestore(&hd->ioc->FreeQlock, flags);
423                 return -EBUSY;
424         }
425
426         return 0;
427 }
428
429 static void
430 mptctl_free_tm_flags(MPT_ADAPTER *ioc)
431 {
432         MPT_SCSI_HOST * hd;
433         unsigned long flags;
434
435         hd = (MPT_SCSI_HOST *) ioc->sh->hostdata;
436         if (hd == NULL)
437                 return;
438
439         spin_lock_irqsave(&ioc->FreeQlock, flags);
440
441         hd->tmState = TM_STATE_NONE;
442         hd->tmPending = 0;
443         spin_unlock_irqrestore(&ioc->FreeQlock, flags);
444
445         return;
446 }
447
448 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
449 /* mptctl_ioc_reset
450  *
451  * Clean-up functionality. Used only if there has been a
452  * reload of the FW due.
453  *
454  */
455 static int
456 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
457 {
458         MPT_IOCTL *ioctl = ioc->ioctl;
459         dctlprintk((KERN_INFO MYNAM ": IOC %s_reset routed to IOCTL driver!\n",
460                 reset_phase==MPT_IOC_SETUP_RESET ? "setup" : (
461                 reset_phase==MPT_IOC_PRE_RESET ? "pre" : "post")));
462
463         if(ioctl == NULL)
464                 return 1;
465
466         switch(reset_phase) {
467         case MPT_IOC_SETUP_RESET:
468                 ioctl->status |= MPT_IOCTL_STATUS_DID_IOCRESET;
469                 break;
470         case MPT_IOC_POST_RESET:
471                 ioctl->status &= ~MPT_IOCTL_STATUS_DID_IOCRESET;
472                 break;
473         case MPT_IOC_PRE_RESET:
474         default:
475                 break;
476         }
477
478         return 1;
479 }
480
481 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
482 /* ASYNC Event Notification Support */
483 static int
484 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
485 {
486         u8 event;
487
488         event = le32_to_cpu(pEvReply->Event) & 0xFF;
489
490         dctlprintk(("%s() called\n", __FUNCTION__));
491         if(async_queue == NULL)
492                 return 1;
493
494         /* Raise SIGIO for persistent events.
495          * TODO - this define is not in MPI spec yet,
496          * but they plan to set it to 0x21
497          */
498          if (event == 0x21 ) {
499                 ioc->aen_event_read_flag=1;
500                 dctlprintk(("Raised SIGIO to application\n"));
501                 devtverboseprintk(("Raised SIGIO to application\n"));
502                 kill_fasync(&async_queue, SIGIO, POLL_IN);
503                 return 1;
504          }
505
506         /* This flag is set after SIGIO was raised, and
507          * remains set until the application has read
508          * the event log via ioctl=MPTEVENTREPORT
509          */
510         if(ioc->aen_event_read_flag)
511                 return 1;
512
513         /* Signal only for the events that are
514          * requested for by the application
515          */
516         if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
517                 ioc->aen_event_read_flag=1;
518                 dctlprintk(("Raised SIGIO to application\n"));
519                 devtverboseprintk(("Raised SIGIO to application\n"));
520                 kill_fasync(&async_queue, SIGIO, POLL_IN);
521         }
522         return 1;
523 }
524
525 static int
526 mptctl_fasync(int fd, struct file *filep, int mode)
527 {
528         MPT_ADAPTER     *ioc;
529
530         list_for_each_entry(ioc, &ioc_list, list)
531                 ioc->aen_event_read_flag=0;
532
533         dctlprintk(("%s() called\n", __FUNCTION__));
534         return fasync_helper(fd, filep, mode, &async_queue);
535 }
536
537 static int
538 mptctl_release(struct inode *inode, struct file *filep)
539 {
540         dctlprintk(("%s() called\n", __FUNCTION__));
541         return fasync_helper(-1, filep, 0, &async_queue);
542 }
543
544 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
545 /*
546  *  MPT ioctl handler
547  *  cmd - specify the particular IOCTL command to be issued
548  *  arg - data specific to the command. Must not be null.
549  */
550 static long
551 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
552 {
553         mpt_ioctl_header __user *uhdr = (void __user *) arg;
554         mpt_ioctl_header         khdr;
555         int iocnum;
556         unsigned iocnumX;
557         int nonblock = (file->f_flags & O_NONBLOCK);
558         int ret;
559         MPT_ADAPTER *iocp = NULL;
560
561         dctlprintk(("mptctl_ioctl() called\n"));
562
563         if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
564                 printk(KERN_ERR "%s::mptctl_ioctl() @%d - "
565                                 "Unable to copy mpt_ioctl_header data @ %p\n",
566                                 __FILE__, __LINE__, uhdr);
567                 return -EFAULT;
568         }
569         ret = -ENXIO;                           /* (-6) No such device or address */
570
571         /* Verify intended MPT adapter - set iocnum and the adapter
572          * pointer (iocp)
573          */
574         iocnumX = khdr.iocnum & 0xFF;
575         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
576             (iocp == NULL)) {
577                 dctlprintk((KERN_ERR "%s::mptctl_ioctl() @%d - ioc%d not found!\n",
578                                 __FILE__, __LINE__, iocnumX));
579                 return -ENODEV;
580         }
581
582         if (!iocp->active) {
583                 printk(KERN_ERR "%s::mptctl_ioctl() @%d - Controller disabled.\n",
584                                 __FILE__, __LINE__);
585                 return -EFAULT;
586         }
587
588         /* Handle those commands that are just returning
589          * information stored in the driver.
590          * These commands should never time out and are unaffected
591          * by TM and FW reloads.
592          */
593         if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
594                 return mptctl_getiocinfo(arg, _IOC_SIZE(cmd));
595         } else if (cmd == MPTTARGETINFO) {
596                 return mptctl_gettargetinfo(arg);
597         } else if (cmd == MPTTEST) {
598                 return mptctl_readtest(arg);
599         } else if (cmd == MPTEVENTQUERY) {
600                 return mptctl_eventquery(arg);
601         } else if (cmd == MPTEVENTENABLE) {
602                 return mptctl_eventenable(arg);
603         } else if (cmd == MPTEVENTREPORT) {
604                 return mptctl_eventreport(arg);
605         } else if (cmd == MPTFWREPLACE) {
606                 return mptctl_replace_fw(arg);
607         }
608
609         /* All of these commands require an interrupt or
610          * are unknown/illegal.
611          */
612         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
613                 return ret;
614
615         dctlprintk((MYIOC_s_INFO_FMT ": mptctl_ioctl()\n", iocp->name));
616
617         if (cmd == MPTFWDOWNLOAD)
618                 ret = mptctl_fw_download(arg);
619         else if (cmd == MPTCOMMAND)
620                 ret = mptctl_mpt_command(arg);
621         else if (cmd == MPTHARDRESET)
622                 ret = mptctl_do_reset(arg);
623         else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
624                 ret = mptctl_hp_hostinfo(arg, _IOC_SIZE(cmd));
625         else if (cmd == HP_GETTARGETINFO)
626                 ret = mptctl_hp_targetinfo(arg);
627         else
628                 ret = -EINVAL;
629
630         mutex_unlock(&iocp->ioctl->ioctl_mutex);
631
632         return ret;
633 }
634
635 static long
636 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
637 {
638         long ret;
639         lock_kernel();
640         ret = __mptctl_ioctl(file, cmd, arg);
641         unlock_kernel();
642         return ret;
643 }
644
645 static int mptctl_do_reset(unsigned long arg)
646 {
647         struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
648         struct mpt_ioctl_diag_reset krinfo;
649         MPT_ADAPTER             *iocp;
650
651         dctlprintk((KERN_INFO "mptctl_do_reset called.\n"));
652
653         if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
654                 printk(KERN_ERR "%s@%d::mptctl_do_reset - "
655                                 "Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
656                                 __FILE__, __LINE__, urinfo);
657                 return -EFAULT;
658         }
659
660         if (mpt_verify_adapter(krinfo.hdr.iocnum, &iocp) < 0) {
661                 dctlprintk((KERN_ERR "%s@%d::mptctl_do_reset - ioc%d not found!\n",
662                                 __FILE__, __LINE__, krinfo.hdr.iocnum));
663                 return -ENODEV; /* (-6) No such device or address */
664         }
665
666         if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
667                 printk (KERN_ERR "%s@%d::mptctl_do_reset - reset failed.\n",
668                         __FILE__, __LINE__);
669                 return -1;
670         }
671
672         return 0;
673 }
674
675 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
676 /*
677  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
678  * This structure contains: iocnum, firmware length (bytes),
679  *      pointer to user space memory where the fw image is stored.
680  *
681  * Outputs:     None.
682  * Return:      0 if successful
683  *              -EFAULT if data unavailable
684  *              -ENXIO  if no such device
685  *              -EAGAIN if resource problem
686  *              -ENOMEM if no memory for SGE
687  *              -EMLINK if too many chain buffers required
688  *              -EBADRQC if adapter does not support FW download
689  *              -EBUSY if adapter is busy
690  *              -ENOMSG if FW upload returned bad status
691  */
692 static int
693 mptctl_fw_download(unsigned long arg)
694 {
695         struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
696         struct mpt_fw_xfer       kfwdl;
697
698         dctlprintk((KERN_INFO "mptctl_fwdl called. mptctl_id = %xh\n", mptctl_id)); //tc
699         if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
700                 printk(KERN_ERR "%s@%d::_ioctl_fwdl - "
701                                 "Unable to copy mpt_fw_xfer struct @ %p\n",
702                                 __FILE__, __LINE__, ufwdl);
703                 return -EFAULT;
704         }
705
706         return mptctl_do_fw_download(kfwdl.iocnum, kfwdl.bufp, kfwdl.fwlen);
707 }
708
709 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
710 /*
711  * FW Download engine.
712  * Outputs:     None.
713  * Return:      0 if successful
714  *              -EFAULT if data unavailable
715  *              -ENXIO  if no such device
716  *              -EAGAIN if resource problem
717  *              -ENOMEM if no memory for SGE
718  *              -EMLINK if too many chain buffers required
719  *              -EBADRQC if adapter does not support FW download
720  *              -EBUSY if adapter is busy
721  *              -ENOMSG if FW upload returned bad status
722  */
723 static int
724 mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen)
725 {
726         FWDownload_t            *dlmsg;
727         MPT_FRAME_HDR           *mf;
728         MPT_ADAPTER             *iocp;
729         FWDownloadTCSGE_t       *ptsge;
730         MptSge_t                *sgl, *sgIn;
731         char                    *sgOut;
732         struct buflist          *buflist;
733         struct buflist          *bl;
734         dma_addr_t               sgl_dma;
735         int                      ret;
736         int                      numfrags = 0;
737         int                      maxfrags;
738         int                      n = 0;
739         u32                      sgdir;
740         u32                      nib;
741         int                      fw_bytes_copied = 0;
742         int                      i;
743         int                      sge_offset = 0;
744         u16                      iocstat;
745         pFWDownloadReply_t       ReplyMsg = NULL;
746
747         dctlprintk(("mptctl_do_fwdl called. mptctl_id = %xh.\n", mptctl_id));
748
749         dctlprintk(("DbG: kfwdl.bufp  = %p\n", ufwbuf));
750         dctlprintk(("DbG: kfwdl.fwlen = %d\n", (int)fwlen));
751         dctlprintk(("DbG: kfwdl.ioc   = %04xh\n", ioc));
752
753         if (mpt_verify_adapter(ioc, &iocp) < 0) {
754                 dctlprintk(("ioctl_fwdl - ioc%d not found!\n",
755                                  ioc));
756                 return -ENODEV; /* (-6) No such device or address */
757         } else {
758
759                 /*  Valid device. Get a message frame and construct the FW download message.
760                 */
761                 if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
762                         return -EAGAIN;
763         }
764         dlmsg = (FWDownload_t*) mf;
765         ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
766         sgOut = (char *) (ptsge + 1);
767
768         /*
769          * Construct f/w download request
770          */
771         dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
772         dlmsg->Reserved = 0;
773         dlmsg->ChainOffset = 0;
774         dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
775         dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
776         if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
777                 dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
778         else
779                 dlmsg->MsgFlags = 0;
780
781
782         /* Set up the Transaction SGE.
783          */
784         ptsge->Reserved = 0;
785         ptsge->ContextSize = 0;
786         ptsge->DetailsLength = 12;
787         ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
788         ptsge->Reserved_0100_Checksum = 0;
789         ptsge->ImageOffset = 0;
790         ptsge->ImageSize = cpu_to_le32(fwlen);
791
792         /* Add the SGL
793          */
794
795         /*
796          * Need to kmalloc area(s) for holding firmware image bytes.
797          * But we need to do it piece meal, using a proper
798          * scatter gather list (with 128kB MAX hunks).
799          *
800          * A practical limit here might be # of sg hunks that fit into
801          * a single IOC request frame; 12 or 8 (see below), so:
802          * For FC9xx: 12 x 128kB == 1.5 mB (max)
803          * For C1030:  8 x 128kB == 1   mB (max)
804          * We could support chaining, but things get ugly(ier:)
805          *
806          * Set the sge_offset to the start of the sgl (bytes).
807          */
808         sgdir = 0x04000000;             /* IOC will READ from sys mem */
809         sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
810         if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
811                                     &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
812                 return -ENOMEM;
813
814         /*
815          * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
816          * for FC9xx f/w image, but calculate max number of sge hunks
817          * we can fit into a request frame, and limit ourselves to that.
818          * (currently no chain support)
819          * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
820          *      Request         maxfrags
821          *      128             12
822          *      96              8
823          *      64              4
824          */
825         maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) - sizeof(FWDownloadTCSGE_t))
826                         / (sizeof(dma_addr_t) + sizeof(u32));
827         if (numfrags > maxfrags) {
828                 ret = -EMLINK;
829                 goto fwdl_out;
830         }
831
832         dctlprintk(("DbG: sgl buffer  = %p, sgfrags = %d\n", sgl, numfrags));
833
834         /*
835          * Parse SG list, copying sgl itself,
836          * plus f/w image hunks from user space as we go...
837          */
838         ret = -EFAULT;
839         sgIn = sgl;
840         bl = buflist;
841         for (i=0; i < numfrags; i++) {
842
843                 /* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
844                  * Skip everything but Simple. If simple, copy from
845                  *      user space into kernel space.
846                  * Note: we should not have anything but Simple as
847                  *      Chain SGE are illegal.
848                  */
849                 nib = (sgIn->FlagsLength & 0x30000000) >> 28;
850                 if (nib == 0 || nib == 3) {
851                         ;
852                 } else if (sgIn->Address) {
853                         mpt_add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
854                         n++;
855                         if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
856                                 printk(KERN_ERR "%s@%d::_ioctl_fwdl - "
857                                                 "Unable to copy f/w buffer hunk#%d @ %p\n",
858                                                 __FILE__, __LINE__, n, ufwbuf);
859                                 goto fwdl_out;
860                         }
861                         fw_bytes_copied += bl->len;
862                 }
863                 sgIn++;
864                 bl++;
865                 sgOut += (sizeof(dma_addr_t) + sizeof(u32));
866         }
867
868 #ifdef MPT_DEBUG
869         {
870                 u32 *m = (u32 *)mf;
871                 printk(KERN_INFO MYNAM ": F/W download request:\n" KERN_INFO " ");
872                 for (i=0; i < 7+numfrags*2; i++)
873                         printk(" %08x", le32_to_cpu(m[i]));
874                 printk("\n");
875         }
876 #endif
877
878         /*
879          * Finally, perform firmware download.
880          */
881         ReplyMsg = NULL;
882         mpt_put_msg_frame(mptctl_id, iocp, mf);
883
884         /* Now wait for the command to complete */
885         ret = wait_event_timeout(mptctl_wait,
886              iocp->ioctl->wait_done == 1,
887              HZ*60);
888
889         if(ret <=0 && (iocp->ioctl->wait_done != 1 )) {
890         /* Now we need to reset the board */
891                 mptctl_timeout_expired(iocp->ioctl);
892                 ret = -ENODATA;
893                 goto fwdl_out;
894         }
895
896         if (sgl)
897                 kfree_sgl(sgl, sgl_dma, buflist, iocp);
898
899         ReplyMsg = (pFWDownloadReply_t)iocp->ioctl->ReplyFrame;
900         iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
901         if (iocstat == MPI_IOCSTATUS_SUCCESS) {
902                 printk(KERN_INFO MYNAM ": F/W update successfully sent to %s!\n", iocp->name);
903                 return 0;
904         } else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
905                 printk(KERN_WARNING MYNAM ": ?Hmmm...  %s says it doesn't support F/W download!?!\n",
906                                 iocp->name);
907                 printk(KERN_WARNING MYNAM ": (time to go bang on somebodies door)\n");
908                 return -EBADRQC;
909         } else if (iocstat == MPI_IOCSTATUS_BUSY) {
910                 printk(KERN_WARNING MYNAM ": Warning!  %s says: IOC_BUSY!\n", iocp->name);
911                 printk(KERN_WARNING MYNAM ": (try again later?)\n");
912                 return -EBUSY;
913         } else {
914                 printk(KERN_WARNING MYNAM "::ioctl_fwdl() ERROR!  %s returned [bad] status = %04xh\n",
915                                     iocp->name, iocstat);
916                 printk(KERN_WARNING MYNAM ": (bad VooDoo)\n");
917                 return -ENOMSG;
918         }
919         return 0;
920
921 fwdl_out:
922         kfree_sgl(sgl, sgl_dma, buflist, iocp);
923         return ret;
924 }
925
926 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
927 /*
928  * SGE Allocation routine
929  *
930  * Inputs:      bytes - number of bytes to be transferred
931  *              sgdir - data direction
932  *              sge_offset - offset (in bytes) from the start of the request
933  *                      frame to the first SGE
934  *              ioc - pointer to the mptadapter
935  * Outputs:     frags - number of scatter gather elements
936  *              blp - point to the buflist pointer
937  *              sglbuf_dma - pointer to the (dma) sgl
938  * Returns:     Null if failes
939  *              pointer to the (virtual) sgl if successful.
940  */
941 static MptSge_t *
942 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
943                  struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
944 {
945         MptSge_t        *sglbuf = NULL;         /* pointer to array of SGE */
946                                                 /* and chain buffers */
947         struct buflist  *buflist = NULL;        /* kernel routine */
948         MptSge_t        *sgl;
949         int              numfrags = 0;
950         int              fragcnt = 0;
951         int              alloc_sz = min(bytes,MAX_KMALLOC_SZ);  // avoid kernel warning msg!
952         int              bytes_allocd = 0;
953         int              this_alloc;
954         dma_addr_t       pa;                                    // phys addr
955         int              i, buflist_ent;
956         int              sg_spill = MAX_FRAGS_SPILL1;
957         int              dir;
958         /* initialization */
959         *frags = 0;
960         *blp = NULL;
961
962         /* Allocate and initialize an array of kernel
963          * structures for the SG elements.
964          */
965         i = MAX_SGL_BYTES / 8;
966         buflist = kmalloc(i, GFP_USER);
967         if (buflist == NULL)
968                 return NULL;
969         memset(buflist, 0, i);
970         buflist_ent = 0;
971
972         /* Allocate a single block of memory to store the sg elements and
973          * the chain buffers.  The calling routine is responsible for
974          * copying the data in this array into the correct place in the
975          * request and chain buffers.
976          */
977         sglbuf = pci_alloc_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf_dma);
978         if (sglbuf == NULL)
979                 goto free_and_fail;
980
981         if (sgdir & 0x04000000)
982                 dir = PCI_DMA_TODEVICE;
983         else
984                 dir = PCI_DMA_FROMDEVICE;
985
986         /* At start:
987          *      sgl = sglbuf = point to beginning of sg buffer
988          *      buflist_ent = 0 = first kernel structure
989          *      sg_spill = number of SGE that can be written before the first
990          *              chain element.
991          *
992          */
993         sgl = sglbuf;
994         sg_spill = ((ioc->req_sz - sge_offset)/(sizeof(dma_addr_t) + sizeof(u32))) - 1;
995         while (bytes_allocd < bytes) {
996                 this_alloc = min(alloc_sz, bytes-bytes_allocd);
997                 buflist[buflist_ent].len = this_alloc;
998                 buflist[buflist_ent].kptr = pci_alloc_consistent(ioc->pcidev,
999                                                                  this_alloc,
1000                                                                  &pa);
1001                 if (buflist[buflist_ent].kptr == NULL) {
1002                         alloc_sz = alloc_sz / 2;
1003                         if (alloc_sz == 0) {
1004                                 printk(KERN_WARNING MYNAM "-SG: No can do - "
1005                                                     "not enough memory!   :-(\n");
1006                                 printk(KERN_WARNING MYNAM "-SG: (freeing %d frags)\n",
1007                                                     numfrags);
1008                                 goto free_and_fail;
1009                         }
1010                         continue;
1011                 } else {
1012                         dma_addr_t dma_addr;
1013
1014                         bytes_allocd += this_alloc;
1015                         sgl->FlagsLength = (0x10000000|MPT_SGE_FLAGS_ADDRESSING|sgdir|this_alloc);
1016                         dma_addr = pci_map_single(ioc->pcidev, buflist[buflist_ent].kptr, this_alloc, dir);
1017                         sgl->Address = dma_addr;
1018
1019                         fragcnt++;
1020                         numfrags++;
1021                         sgl++;
1022                         buflist_ent++;
1023                 }
1024
1025                 if (bytes_allocd >= bytes)
1026                         break;
1027
1028                 /* Need to chain? */
1029                 if (fragcnt == sg_spill) {
1030                         printk(KERN_WARNING MYNAM "-SG: No can do - " "Chain required!   :-(\n");
1031                         printk(KERN_WARNING MYNAM "(freeing %d frags)\n", numfrags);
1032                         goto free_and_fail;
1033                 }
1034
1035                 /* overflow check... */
1036                 if (numfrags*8 > MAX_SGL_BYTES){
1037                         /* GRRRRR... */
1038                         printk(KERN_WARNING MYNAM "-SG: No can do - "
1039                                             "too many SG frags!   :-(\n");
1040                         printk(KERN_WARNING MYNAM "-SG: (freeing %d frags)\n",
1041                                             numfrags);
1042                         goto free_and_fail;
1043                 }
1044         }
1045
1046         /* Last sge fixup: set LE+eol+eob bits */
1047         sgl[-1].FlagsLength |= 0xC1000000;
1048
1049         *frags = numfrags;
1050         *blp = buflist;
1051
1052         dctlprintk((KERN_INFO MYNAM "-SG: kbuf_alloc_2_sgl() - "
1053                            "%d SG frags generated!\n",
1054                            numfrags));
1055
1056         dctlprintk((KERN_INFO MYNAM "-SG: kbuf_alloc_2_sgl() - "
1057                            "last (big) alloc_sz=%d\n",
1058                            alloc_sz));
1059
1060         return sglbuf;
1061
1062 free_and_fail:
1063         if (sglbuf != NULL) {
1064                 int i;
1065
1066                 for (i = 0; i < numfrags; i++) {
1067                         dma_addr_t dma_addr;
1068                         u8 *kptr;
1069                         int len;
1070
1071                         if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1072                                 continue;
1073
1074                         dma_addr = sglbuf[i].Address;
1075                         kptr = buflist[i].kptr;
1076                         len = buflist[i].len;
1077
1078                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1079                 }
1080                 pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf, *sglbuf_dma);
1081         }
1082         kfree(buflist);
1083         return NULL;
1084 }
1085
1086 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1087 /*
1088  * Routine to free the SGL elements.
1089  */
1090 static void
1091 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1092 {
1093         MptSge_t        *sg = sgl;
1094         struct buflist  *bl = buflist;
1095         u32              nib;
1096         int              dir;
1097         int              n = 0;
1098
1099         if (sg->FlagsLength & 0x04000000)
1100                 dir = PCI_DMA_TODEVICE;
1101         else
1102                 dir = PCI_DMA_FROMDEVICE;
1103
1104         nib = (sg->FlagsLength & 0xF0000000) >> 28;
1105         while (! (nib & 0x4)) { /* eob */
1106                 /* skip ignore/chain. */
1107                 if (nib == 0 || nib == 3) {
1108                         ;
1109                 } else if (sg->Address) {
1110                         dma_addr_t dma_addr;
1111                         void *kptr;
1112                         int len;
1113
1114                         dma_addr = sg->Address;
1115                         kptr = bl->kptr;
1116                         len = bl->len;
1117                         pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1118                         pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1119                         n++;
1120                 }
1121                 sg++;
1122                 bl++;
1123                 nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1124         }
1125
1126         /* we're at eob! */
1127         if (sg->Address) {
1128                 dma_addr_t dma_addr;
1129                 void *kptr;
1130                 int len;
1131
1132                 dma_addr = sg->Address;
1133                 kptr = bl->kptr;
1134                 len = bl->len;
1135                 pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1136                 pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1137                 n++;
1138         }
1139
1140         pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sgl, sgl_dma);
1141         kfree(buflist);
1142         dctlprintk((KERN_INFO MYNAM "-SG: Free'd 1 SGL buf + %d kbufs!\n", n));
1143 }
1144
1145 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1146 /*
1147  *      mptctl_getiocinfo - Query the host adapter for IOC information.
1148  *      @arg: User space argument
1149  *
1150  * Outputs:     None.
1151  * Return:      0 if successful
1152  *              -EFAULT if data unavailable
1153  *              -ENODEV  if no such device/adapter
1154  */
1155 static int
1156 mptctl_getiocinfo (unsigned long arg, unsigned int data_size)
1157 {
1158         struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1159         struct mpt_ioctl_iocinfo *karg;
1160         MPT_ADAPTER             *ioc;
1161         struct pci_dev          *pdev;
1162         int                     iocnum;
1163         unsigned int            port;
1164         int                     cim_rev;
1165         u8                      revision;
1166         struct scsi_device      *sdev;
1167         VirtDevice              *vdev;
1168
1169         dctlprintk((": mptctl_getiocinfo called.\n"));
1170         /* Add of PCI INFO results in unaligned access for
1171          * IA64 and Sparc. Reset long to int. Return no PCI
1172          * data for obsolete format.
1173          */
1174         if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1175                 cim_rev = 0;
1176         else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1177                 cim_rev = 1;
1178         else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1179                 cim_rev = 2;
1180         else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1181                 cim_rev = 0;    /* obsolete */
1182         else
1183                 return -EFAULT;
1184
1185         karg = kmalloc(data_size, GFP_KERNEL);
1186         if (karg == NULL) {
1187                 printk(KERN_ERR "%s::mpt_ioctl_iocinfo() @%d - no memory available!\n",
1188                                 __FILE__, __LINE__);
1189                 return -ENOMEM;
1190         }
1191
1192         if (copy_from_user(karg, uarg, data_size)) {
1193                 printk(KERN_ERR "%s@%d::mptctl_getiocinfo - "
1194                         "Unable to read in mpt_ioctl_iocinfo struct @ %p\n",
1195                                 __FILE__, __LINE__, uarg);
1196                 kfree(karg);
1197                 return -EFAULT;
1198         }
1199
1200         if (((iocnum = mpt_verify_adapter(karg->hdr.iocnum, &ioc)) < 0) ||
1201             (ioc == NULL)) {
1202                 dctlprintk((KERN_ERR "%s::mptctl_getiocinfo() @%d - ioc%d not found!\n",
1203                                 __FILE__, __LINE__, iocnum));
1204                 kfree(karg);
1205                 return -ENODEV;
1206         }
1207
1208         /* Verify the data transfer size is correct. */
1209         if (karg->hdr.maxDataSize != data_size) {
1210                 printk(KERN_ERR "%s@%d::mptctl_getiocinfo - "
1211                         "Structure size mismatch. Command not completed.\n",
1212                                 __FILE__, __LINE__);
1213                 kfree(karg);
1214                 return -EFAULT;
1215         }
1216
1217         /* Fill in the data and return the structure to the calling
1218          * program
1219          */
1220         if (ioc->bus_type == SAS)
1221                 karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1222         else if (ioc->bus_type == FC)
1223                 karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1224         else
1225                 karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1226
1227         if (karg->hdr.port > 1)
1228                 return -EINVAL;
1229         port = karg->hdr.port;
1230
1231         karg->port = port;
1232         pdev = (struct pci_dev *) ioc->pcidev;
1233
1234         karg->pciId = pdev->device;
1235         pci_read_config_byte(pdev, PCI_CLASS_REVISION, &revision);
1236         karg->hwRev = revision;
1237         karg->subSystemDevice = pdev->subsystem_device;
1238         karg->subSystemVendor = pdev->subsystem_vendor;
1239
1240         if (cim_rev == 1) {
1241                 /* Get the PCI bus, device, and function numbers for the IOC
1242                  */
1243                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1244                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1245                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1246         } else if (cim_rev == 2) {
1247                 /* Get the PCI bus, device, function and segment ID numbers
1248                    for the IOC */
1249                 karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1250                 karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1251                 karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1252                 karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1253         }
1254
1255         /* Get number of devices
1256          */
1257         karg->numDevices = 0;
1258         if (ioc->sh) {
1259                 shost_for_each_device(sdev, ioc->sh) {
1260                         vdev = sdev->hostdata;
1261                         if (vdev->vtarget->tflags &
1262                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1263                                 continue;
1264                         karg->numDevices++;
1265                 }
1266         }
1267
1268         /* Set the BIOS and FW Version
1269          */
1270         karg->FWVersion = ioc->facts.FWVersion.Word;
1271         karg->BIOSVersion = ioc->biosVersion;
1272
1273         /* Set the Version Strings.
1274          */
1275         strncpy (karg->driverVersion, MPT_LINUX_PACKAGE_NAME, MPT_IOCTL_VERSION_LENGTH);
1276         karg->driverVersion[MPT_IOCTL_VERSION_LENGTH-1]='\0';
1277
1278         karg->busChangeEvent = 0;
1279         karg->hostId = ioc->pfacts[port].PortSCSIID;
1280         karg->rsvd[0] = karg->rsvd[1] = 0;
1281
1282         /* Copy the data from kernel memory to user memory
1283          */
1284         if (copy_to_user((char __user *)arg, karg, data_size)) {
1285                 printk(KERN_ERR "%s@%d::mptctl_getiocinfo - "
1286                         "Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1287                                 __FILE__, __LINE__, uarg);
1288                 kfree(karg);
1289                 return -EFAULT;
1290         }
1291
1292         kfree(karg);
1293         return 0;
1294 }
1295
1296 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1297 /*
1298  *      mptctl_gettargetinfo - Query the host adapter for target information.
1299  *      @arg: User space argument
1300  *
1301  * Outputs:     None.
1302  * Return:      0 if successful
1303  *              -EFAULT if data unavailable
1304  *              -ENODEV  if no such device/adapter
1305  */
1306 static int
1307 mptctl_gettargetinfo (unsigned long arg)
1308 {
1309         struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1310         struct mpt_ioctl_targetinfo karg;
1311         MPT_ADAPTER             *ioc;
1312         VirtDevice              *vdev;
1313         char                    *pmem;
1314         int                     *pdata;
1315         int                     iocnum;
1316         int                     numDevices = 0;
1317         int                     lun;
1318         int                     maxWordsLeft;
1319         int                     numBytes;
1320         u8                      port;
1321         struct scsi_device      *sdev;
1322
1323         dctlprintk(("mptctl_gettargetinfo called.\n"));
1324         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1325                 printk(KERN_ERR "%s@%d::mptctl_gettargetinfo - "
1326                         "Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1327                                 __FILE__, __LINE__, uarg);
1328                 return -EFAULT;
1329         }
1330
1331         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1332             (ioc == NULL)) {
1333                 dctlprintk((KERN_ERR "%s::mptctl_gettargetinfo() @%d - ioc%d not found!\n",
1334                                 __FILE__, __LINE__, iocnum));
1335                 return -ENODEV;
1336         }
1337
1338         /* Get the port number and set the maximum number of bytes
1339          * in the returned structure.
1340          * Ignore the port setting.
1341          */
1342         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1343         maxWordsLeft = numBytes/sizeof(int);
1344         port = karg.hdr.port;
1345
1346         if (maxWordsLeft <= 0) {
1347                 printk(KERN_ERR "%s::mptctl_gettargetinfo() @%d - no memory available!\n",
1348                                 __FILE__, __LINE__);
1349                 return -ENOMEM;
1350         }
1351
1352         /* Fill in the data and return the structure to the calling
1353          * program
1354          */
1355
1356         /* struct mpt_ioctl_targetinfo does not contain sufficient space
1357          * for the target structures so when the IOCTL is called, there is
1358          * not sufficient stack space for the structure. Allocate memory,
1359          * populate the memory, copy back to the user, then free memory.
1360          * targetInfo format:
1361          * bits 31-24: reserved
1362          *      23-16: LUN
1363          *      15- 8: Bus Number
1364          *       7- 0: Target ID
1365          */
1366         pmem = kmalloc(numBytes, GFP_KERNEL);
1367         if (pmem == NULL) {
1368                 printk(KERN_ERR "%s::mptctl_gettargetinfo() @%d - no memory available!\n",
1369                                 __FILE__, __LINE__);
1370                 return -ENOMEM;
1371         }
1372         memset(pmem, 0, numBytes);
1373         pdata =  (int *) pmem;
1374
1375         /* Get number of devices
1376          */
1377         if (ioc->sh){
1378                 shost_for_each_device(sdev, ioc->sh) {
1379                         if (!maxWordsLeft)
1380                                 continue;
1381                         vdev = sdev->hostdata;
1382                         if (vdev->vtarget->tflags &
1383                             MPT_TARGET_FLAGS_RAID_COMPONENT)
1384                                 continue;
1385                         lun = (vdev->vtarget->raidVolume) ? 0x80 : vdev->lun;
1386                         *pdata = (((u8)lun << 16) + (vdev->vtarget->channel << 8) +
1387                             (vdev->vtarget->id ));
1388                         pdata++;
1389                         numDevices++;
1390                         --maxWordsLeft;
1391                 }
1392         }
1393         karg.numDevices = numDevices;
1394
1395         /* Copy part of the data from kernel memory to user memory
1396          */
1397         if (copy_to_user((char __user *)arg, &karg,
1398                                 sizeof(struct mpt_ioctl_targetinfo))) {
1399                 printk(KERN_ERR "%s@%d::mptctl_gettargetinfo - "
1400                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1401                                 __FILE__, __LINE__, uarg);
1402                 kfree(pmem);
1403                 return -EFAULT;
1404         }
1405
1406         /* Copy the remaining data from kernel memory to user memory
1407          */
1408         if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1409                 printk(KERN_ERR "%s@%d::mptctl_gettargetinfo - "
1410                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1411                                 __FILE__, __LINE__, pdata);
1412                 kfree(pmem);
1413                 return -EFAULT;
1414         }
1415
1416         kfree(pmem);
1417
1418         return 0;
1419 }
1420
1421 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1422 /* MPT IOCTL Test function.
1423  *
1424  * Outputs:     None.
1425  * Return:      0 if successful
1426  *              -EFAULT if data unavailable
1427  *              -ENODEV  if no such device/adapter
1428  */
1429 static int
1430 mptctl_readtest (unsigned long arg)
1431 {
1432         struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1433         struct mpt_ioctl_test    karg;
1434         MPT_ADAPTER *ioc;
1435         int iocnum;
1436
1437         dctlprintk(("mptctl_readtest called.\n"));
1438         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1439                 printk(KERN_ERR "%s@%d::mptctl_readtest - "
1440                         "Unable to read in mpt_ioctl_test struct @ %p\n",
1441                                 __FILE__, __LINE__, uarg);
1442                 return -EFAULT;
1443         }
1444
1445         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1446             (ioc == NULL)) {
1447                 dctlprintk((KERN_ERR "%s::mptctl_readtest() @%d - ioc%d not found!\n",
1448                                 __FILE__, __LINE__, iocnum));
1449                 return -ENODEV;
1450         }
1451
1452         /* Fill in the data and return the structure to the calling
1453          * program
1454          */
1455
1456 #ifdef MFCNT
1457         karg.chip_type = ioc->mfcnt;
1458 #else
1459         karg.chip_type = ioc->pcidev->device;
1460 #endif
1461         strncpy (karg.name, ioc->name, MPT_MAX_NAME);
1462         karg.name[MPT_MAX_NAME-1]='\0';
1463         strncpy (karg.product, ioc->prod_name, MPT_PRODUCT_LENGTH);
1464         karg.product[MPT_PRODUCT_LENGTH-1]='\0';
1465
1466         /* Copy the data from kernel memory to user memory
1467          */
1468         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1469                 printk(KERN_ERR "%s@%d::mptctl_readtest - "
1470                         "Unable to write out mpt_ioctl_test struct @ %p\n",
1471                                 __FILE__, __LINE__, uarg);
1472                 return -EFAULT;
1473         }
1474
1475         return 0;
1476 }
1477
1478 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1479 /*
1480  *      mptctl_eventquery - Query the host adapter for the event types
1481  *      that are being logged.
1482  *      @arg: User space argument
1483  *
1484  * Outputs:     None.
1485  * Return:      0 if successful
1486  *              -EFAULT if data unavailable
1487  *              -ENODEV  if no such device/adapter
1488  */
1489 static int
1490 mptctl_eventquery (unsigned long arg)
1491 {
1492         struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1493         struct mpt_ioctl_eventquery      karg;
1494         MPT_ADAPTER *ioc;
1495         int iocnum;
1496
1497         dctlprintk(("mptctl_eventquery called.\n"));
1498         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1499                 printk(KERN_ERR "%s@%d::mptctl_eventquery - "
1500                         "Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1501                                 __FILE__, __LINE__, uarg);
1502                 return -EFAULT;
1503         }
1504
1505         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1506             (ioc == NULL)) {
1507                 dctlprintk((KERN_ERR "%s::mptctl_eventquery() @%d - ioc%d not found!\n",
1508                                 __FILE__, __LINE__, iocnum));
1509                 return -ENODEV;
1510         }
1511
1512         karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1513         karg.eventTypes = ioc->eventTypes;
1514
1515         /* Copy the data from kernel memory to user memory
1516          */
1517         if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1518                 printk(KERN_ERR "%s@%d::mptctl_eventquery - "
1519                         "Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1520                                 __FILE__, __LINE__, uarg);
1521                 return -EFAULT;
1522         }
1523         return 0;
1524 }
1525
1526 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1527 static int
1528 mptctl_eventenable (unsigned long arg)
1529 {
1530         struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1531         struct mpt_ioctl_eventenable     karg;
1532         MPT_ADAPTER *ioc;
1533         int iocnum;
1534
1535         dctlprintk(("mptctl_eventenable called.\n"));
1536         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1537                 printk(KERN_ERR "%s@%d::mptctl_eventenable - "
1538                         "Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1539                                 __FILE__, __LINE__, uarg);
1540                 return -EFAULT;
1541         }
1542
1543         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1544             (ioc == NULL)) {
1545                 dctlprintk((KERN_ERR "%s::mptctl_eventenable() @%d - ioc%d not found!\n",
1546                                 __FILE__, __LINE__, iocnum));
1547                 return -ENODEV;
1548         }
1549
1550         if (ioc->events == NULL) {
1551                 /* Have not yet allocated memory - do so now.
1552                  */
1553                 int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1554                 ioc->events = kmalloc(sz, GFP_KERNEL);
1555                 if (ioc->events == NULL) {
1556                         printk(KERN_ERR MYNAM ": ERROR - Insufficient memory to add adapter!\n");
1557                         return -ENOMEM;
1558                 }
1559                 memset(ioc->events, 0, sz);
1560                 ioc->alloc_total += sz;
1561
1562                 ioc->eventContext = 0;
1563         }
1564
1565         /* Update the IOC event logging flag.
1566          */
1567         ioc->eventTypes = karg.eventTypes;
1568
1569         return 0;
1570 }
1571
1572 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1573 static int
1574 mptctl_eventreport (unsigned long arg)
1575 {
1576         struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1577         struct mpt_ioctl_eventreport     karg;
1578         MPT_ADAPTER              *ioc;
1579         int                      iocnum;
1580         int                      numBytes, maxEvents, max;
1581
1582         dctlprintk(("mptctl_eventreport called.\n"));
1583         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1584                 printk(KERN_ERR "%s@%d::mptctl_eventreport - "
1585                         "Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1586                                 __FILE__, __LINE__, uarg);
1587                 return -EFAULT;
1588         }
1589
1590         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1591             (ioc == NULL)) {
1592                 dctlprintk((KERN_ERR "%s::mptctl_eventreport() @%d - ioc%d not found!\n",
1593                                 __FILE__, __LINE__, iocnum));
1594                 return -ENODEV;
1595         }
1596
1597         numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1598         maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1599
1600
1601         max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1602
1603         /* If fewer than 1 event is requested, there must have
1604          * been some type of error.
1605          */
1606         if ((max < 1) || !ioc->events)
1607                 return -ENODATA;
1608
1609         /* reset this flag so SIGIO can restart */
1610         ioc->aen_event_read_flag=0;
1611
1612         /* Copy the data from kernel memory to user memory
1613          */
1614         numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1615         if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1616                 printk(KERN_ERR "%s@%d::mptctl_eventreport - "
1617                         "Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1618                                 __FILE__, __LINE__, ioc->events);
1619                 return -EFAULT;
1620         }
1621
1622         return 0;
1623 }
1624
1625 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1626 static int
1627 mptctl_replace_fw (unsigned long arg)
1628 {
1629         struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1630         struct mpt_ioctl_replace_fw      karg;
1631         MPT_ADAPTER              *ioc;
1632         int                      iocnum;
1633         int                      newFwSize;
1634
1635         dctlprintk(("mptctl_replace_fw called.\n"));
1636         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1637                 printk(KERN_ERR "%s@%d::mptctl_replace_fw - "
1638                         "Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1639                                 __FILE__, __LINE__, uarg);
1640                 return -EFAULT;
1641         }
1642
1643         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1644             (ioc == NULL)) {
1645                 dctlprintk((KERN_ERR "%s::mptctl_replace_fw() @%d - ioc%d not found!\n",
1646                                 __FILE__, __LINE__, iocnum));
1647                 return -ENODEV;
1648         }
1649
1650         /* If caching FW, Free the old FW image
1651          */
1652         if (ioc->cached_fw == NULL)
1653                 return 0;
1654
1655         mpt_free_fw_memory(ioc);
1656
1657         /* Allocate memory for the new FW image
1658          */
1659         newFwSize = karg.newImageSize;
1660
1661         if (newFwSize & 0x01)
1662                 newFwSize += 1;
1663         if (newFwSize & 0x02)
1664                 newFwSize += 2;
1665
1666         mpt_alloc_fw_memory(ioc, newFwSize);
1667         if (ioc->cached_fw == NULL)
1668                 return -ENOMEM;
1669
1670         /* Copy the data from user memory to kernel space
1671          */
1672         if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1673                 printk(KERN_ERR "%s@%d::mptctl_replace_fw - "
1674                                 "Unable to read in mpt_ioctl_replace_fw image "
1675                                 "@ %p\n", __FILE__, __LINE__, uarg);
1676                 mpt_free_fw_memory(ioc);
1677                 return -EFAULT;
1678         }
1679
1680         /* Update IOCFactsReply
1681          */
1682         ioc->facts.FWImageSize = newFwSize;
1683         return 0;
1684 }
1685
1686 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1687 /* MPT IOCTL MPTCOMMAND function.
1688  * Cast the arg into the mpt_ioctl_mpt_command structure.
1689  *
1690  * Outputs:     None.
1691  * Return:      0 if successful
1692  *              -EBUSY  if previous command timout and IOC reset is not complete.
1693  *              -EFAULT if data unavailable
1694  *              -ENODEV if no such device/adapter
1695  *              -ETIME  if timer expires
1696  *              -ENOMEM if memory allocation error
1697  */
1698 static int
1699 mptctl_mpt_command (unsigned long arg)
1700 {
1701         struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1702         struct mpt_ioctl_command  karg;
1703         MPT_ADAPTER     *ioc;
1704         int             iocnum;
1705         int             rc;
1706
1707         dctlprintk(("mptctl_command called.\n"));
1708
1709         if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1710                 printk(KERN_ERR "%s@%d::mptctl_mpt_command - "
1711                         "Unable to read in mpt_ioctl_command struct @ %p\n",
1712                                 __FILE__, __LINE__, uarg);
1713                 return -EFAULT;
1714         }
1715
1716         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1717             (ioc == NULL)) {
1718                 dctlprintk((KERN_ERR "%s::mptctl_mpt_command() @%d - ioc%d not found!\n",
1719                                 __FILE__, __LINE__, iocnum));
1720                 return -ENODEV;
1721         }
1722
1723         rc = mptctl_do_mpt_command (karg, &uarg->MF);
1724
1725         return rc;
1726 }
1727
1728 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1729 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1730  *
1731  * Outputs:     None.
1732  * Return:      0 if successful
1733  *              -EBUSY  if previous command timout and IOC reset is not complete.
1734  *              -EFAULT if data unavailable
1735  *              -ENODEV if no such device/adapter
1736  *              -ETIME  if timer expires
1737  *              -ENOMEM if memory allocation error
1738  *              -EPERM if SCSI I/O and target is untagged
1739  */
1740 static int
1741 mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr)
1742 {
1743         MPT_ADAPTER     *ioc;
1744         MPT_FRAME_HDR   *mf = NULL;
1745         MPIHeader_t     *hdr;
1746         char            *psge;
1747         struct buflist  bufIn;  /* data In buffer */
1748         struct buflist  bufOut; /* data Out buffer */
1749         dma_addr_t      dma_addr_in;
1750         dma_addr_t      dma_addr_out;
1751         int             sgSize = 0;     /* Num SG elements */
1752         int             iocnum, flagsLength;
1753         int             sz, rc = 0;
1754         int             msgContext;
1755         u16             req_idx;
1756         ulong           timeout;
1757         struct scsi_device *sdev;
1758
1759         dctlprintk(("mptctl_do_mpt_command called.\n"));
1760         bufIn.kptr = bufOut.kptr = NULL;
1761
1762         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1763             (ioc == NULL)) {
1764                 dctlprintk((KERN_ERR "%s::mptctl_do_mpt_command() @%d - ioc%d not found!\n",
1765                                 __FILE__, __LINE__, iocnum));
1766                 return -ENODEV;
1767         }
1768         if (!ioc->ioctl) {
1769                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1770                         "No memory available during driver init.\n",
1771                                 __FILE__, __LINE__);
1772                 return -ENOMEM;
1773         } else if (ioc->ioctl->status & MPT_IOCTL_STATUS_DID_IOCRESET) {
1774                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1775                         "Busy with IOC Reset \n", __FILE__, __LINE__);
1776                 return -EBUSY;
1777         }
1778
1779         /* Verify that the final request frame will not be too large.
1780          */
1781         sz = karg.dataSgeOffset * 4;
1782         if (karg.dataInSize > 0)
1783                 sz += sizeof(dma_addr_t) + sizeof(u32);
1784         if (karg.dataOutSize > 0)
1785                 sz += sizeof(dma_addr_t) + sizeof(u32);
1786
1787         if (sz > ioc->req_sz) {
1788                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1789                         "Request frame too large (%d) maximum (%d)\n",
1790                                 __FILE__, __LINE__, sz, ioc->req_sz);
1791                 return -EFAULT;
1792         }
1793
1794         /* Get a free request frame and save the message context.
1795          */
1796         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1797                 return -EAGAIN;
1798
1799         hdr = (MPIHeader_t *) mf;
1800         msgContext = le32_to_cpu(hdr->MsgContext);
1801         req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1802
1803         /* Copy the request frame
1804          * Reset the saved message context.
1805          * Request frame in user space
1806          */
1807         if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1808                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1809                         "Unable to read MF from mpt_ioctl_command struct @ %p\n",
1810                         __FILE__, __LINE__, mfPtr);
1811                 rc = -EFAULT;
1812                 goto done_free_mem;
1813         }
1814         hdr->MsgContext = cpu_to_le32(msgContext);
1815
1816
1817         /* Verify that this request is allowed.
1818          */
1819         switch (hdr->Function) {
1820         case MPI_FUNCTION_IOC_FACTS:
1821         case MPI_FUNCTION_PORT_FACTS:
1822                 karg.dataOutSize  = karg.dataInSize = 0;
1823                 break;
1824
1825         case MPI_FUNCTION_CONFIG:
1826         case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1827         case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1828         case MPI_FUNCTION_FW_UPLOAD:
1829         case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1830         case MPI_FUNCTION_FW_DOWNLOAD:
1831         case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1832         case MPI_FUNCTION_TOOLBOX:
1833         case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1834                 break;
1835
1836         case MPI_FUNCTION_SCSI_IO_REQUEST:
1837                 if (ioc->sh) {
1838                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1839                         int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1840                         int scsidir = 0;
1841                         int dataSize;
1842                         u32 id;
1843
1844                         id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1845                         if (pScsiReq->TargetID > id) {
1846                                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1847                                         "Target ID out of bounds. \n",
1848                                         __FILE__, __LINE__);
1849                                 rc = -ENODEV;
1850                                 goto done_free_mem;
1851                         }
1852
1853                         if (pScsiReq->Bus >= ioc->number_of_buses) {
1854                                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1855                                         "Target Bus out of bounds. \n",
1856                                         __FILE__, __LINE__);
1857                                 rc = -ENODEV;
1858                                 goto done_free_mem;
1859                         }
1860
1861                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1862                         pScsiReq->MsgFlags |= mpt_msg_flags();
1863
1864
1865                         /* verify that app has not requested
1866                          *      more sense data than driver
1867                          *      can provide, if so, reset this parameter
1868                          * set the sense buffer pointer low address
1869                          * update the control field to specify Q type
1870                          */
1871                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1872                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1873                         else
1874                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1875
1876                         pScsiReq->SenseBufferLowAddr =
1877                                 cpu_to_le32(ioc->sense_buf_low_dma
1878                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1879
1880                         shost_for_each_device(sdev, ioc->sh) {
1881                                 struct scsi_target *starget = scsi_target(sdev);
1882                                 VirtTarget *vtarget = starget->hostdata;
1883
1884                                 if ((pScsiReq->TargetID == vtarget->id) &&
1885                                     (pScsiReq->Bus == vtarget->channel) &&
1886                                     (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1887                                         qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1888                         }
1889
1890                         /* Have the IOCTL driver set the direction based
1891                          * on the dataOutSize (ordering issue with Sparc).
1892                          */
1893                         if (karg.dataOutSize > 0) {
1894                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
1895                                 dataSize = karg.dataOutSize;
1896                         } else {
1897                                 scsidir = MPI_SCSIIO_CONTROL_READ;
1898                                 dataSize = karg.dataInSize;
1899                         }
1900
1901                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1902                         pScsiReq->DataLength = cpu_to_le32(dataSize);
1903
1904                         ioc->ioctl->reset = MPTCTL_RESET_OK;
1905                         ioc->ioctl->id = pScsiReq->TargetID;
1906
1907                 } else {
1908                         printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1909                                 "SCSI driver is not loaded. \n",
1910                                         __FILE__, __LINE__);
1911                         rc = -EFAULT;
1912                         goto done_free_mem;
1913                 }
1914                 break;
1915
1916         case MPI_FUNCTION_SMP_PASSTHROUGH:
1917                 /* Check mf->PassthruFlags to determine if
1918                  * transfer is ImmediateMode or not.
1919                  * Immediate mode returns data in the ReplyFrame.
1920                  * Else, we are sending request and response data
1921                  * in two SGLs at the end of the mf.
1922                  */
1923                 break;
1924
1925         case MPI_FUNCTION_SATA_PASSTHROUGH:
1926                 if (!ioc->sh) {
1927                         printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1928                                 "SCSI driver is not loaded. \n",
1929                                         __FILE__, __LINE__);
1930                         rc = -EFAULT;
1931                         goto done_free_mem;
1932                 }
1933                 break;
1934
1935         case MPI_FUNCTION_RAID_ACTION:
1936                 /* Just add a SGE
1937                  */
1938                 break;
1939
1940         case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
1941                 if (ioc->sh) {
1942                         SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1943                         int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1944                         int scsidir = MPI_SCSIIO_CONTROL_READ;
1945                         int dataSize;
1946
1947                         pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1948                         pScsiReq->MsgFlags |= mpt_msg_flags();
1949
1950
1951                         /* verify that app has not requested
1952                          *      more sense data than driver
1953                          *      can provide, if so, reset this parameter
1954                          * set the sense buffer pointer low address
1955                          * update the control field to specify Q type
1956                          */
1957                         if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1958                                 pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1959                         else
1960                                 pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1961
1962                         pScsiReq->SenseBufferLowAddr =
1963                                 cpu_to_le32(ioc->sense_buf_low_dma
1964                                    + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1965
1966                         /* All commands to physical devices are tagged
1967                          */
1968
1969                         /* Have the IOCTL driver set the direction based
1970                          * on the dataOutSize (ordering issue with Sparc).
1971                          */
1972                         if (karg.dataOutSize > 0) {
1973                                 scsidir = MPI_SCSIIO_CONTROL_WRITE;
1974                                 dataSize = karg.dataOutSize;
1975                         } else {
1976                                 scsidir = MPI_SCSIIO_CONTROL_READ;
1977                                 dataSize = karg.dataInSize;
1978                         }
1979
1980                         pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1981                         pScsiReq->DataLength = cpu_to_le32(dataSize);
1982
1983                         ioc->ioctl->reset = MPTCTL_RESET_OK;
1984                         ioc->ioctl->id = pScsiReq->TargetID;
1985                 } else {
1986                         printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1987                                 "SCSI driver is not loaded. \n",
1988                                         __FILE__, __LINE__);
1989                         rc = -EFAULT;
1990                         goto done_free_mem;
1991                 }
1992                 break;
1993
1994         case MPI_FUNCTION_SCSI_TASK_MGMT:
1995                 {
1996                         MPT_SCSI_HOST *hd = NULL;
1997                         if ((ioc->sh == NULL) || ((hd = (MPT_SCSI_HOST *)ioc->sh->hostdata) == NULL)) {
1998                                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
1999                                         "SCSI driver not loaded or SCSI host not found. \n",
2000                                         __FILE__, __LINE__);
2001                                 rc = -EFAULT;
2002                                 goto done_free_mem;
2003                         } else if (mptctl_set_tm_flags(hd) != 0) {
2004                                 rc = -EPERM;
2005                                 goto done_free_mem;
2006                         }
2007                 }
2008                 break;
2009
2010         case MPI_FUNCTION_IOC_INIT:
2011                 {
2012                         IOCInit_t       *pInit = (IOCInit_t *) mf;
2013                         u32             high_addr, sense_high;
2014
2015                         /* Verify that all entries in the IOC INIT match
2016                          * existing setup (and in LE format).
2017                          */
2018                         if (sizeof(dma_addr_t) == sizeof(u64)) {
2019                                 high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2020                                 sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2021                         } else {
2022                                 high_addr = 0;
2023                                 sense_high= 0;
2024                         }
2025
2026                         if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2027                                 (pInit->MaxBuses != ioc->facts.MaxBuses) ||
2028                                 (pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2029                                 (pInit->HostMfaHighAddr != high_addr) ||
2030                                 (pInit->SenseBufferHighAddr != sense_high)) {
2031                                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
2032                                         "IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2033                                         __FILE__, __LINE__);
2034                                 rc = -EFAULT;
2035                                 goto done_free_mem;
2036                         }
2037                 }
2038                 break;
2039         default:
2040                 /*
2041                  * MPI_FUNCTION_PORT_ENABLE
2042                  * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2043                  * MPI_FUNCTION_TARGET_ASSIST
2044                  * MPI_FUNCTION_TARGET_STATUS_SEND
2045                  * MPI_FUNCTION_TARGET_MODE_ABORT
2046                  * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2047                  * MPI_FUNCTION_IO_UNIT_RESET
2048                  * MPI_FUNCTION_HANDSHAKE
2049                  * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2050                  * MPI_FUNCTION_EVENT_NOTIFICATION
2051                  *  (driver handles event notification)
2052                  * MPI_FUNCTION_EVENT_ACK
2053                  */
2054
2055                 /*  What to do with these???  CHECK ME!!!
2056                         MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2057                         MPI_FUNCTION_FC_LINK_SRVC_RSP
2058                         MPI_FUNCTION_FC_ABORT
2059                         MPI_FUNCTION_LAN_SEND
2060                         MPI_FUNCTION_LAN_RECEIVE
2061                         MPI_FUNCTION_LAN_RESET
2062                 */
2063
2064                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
2065                         "Illegal request (function 0x%x) \n",
2066                         __FILE__, __LINE__, hdr->Function);
2067                 rc = -EFAULT;
2068                 goto done_free_mem;
2069         }
2070
2071         /* Add the SGL ( at most one data in SGE and one data out SGE )
2072          * In the case of two SGE's - the data out (write) will always
2073          * preceede the data in (read) SGE. psgList is used to free the
2074          * allocated memory.
2075          */
2076         psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2077         flagsLength = 0;
2078
2079         /* bufIn and bufOut are used for user to kernel space transfers
2080          */
2081         bufIn.kptr = bufOut.kptr = NULL;
2082         bufIn.len = bufOut.len = 0;
2083
2084         if (karg.dataOutSize > 0)
2085                 sgSize ++;
2086
2087         if (karg.dataInSize > 0)
2088                 sgSize ++;
2089
2090         if (sgSize > 0) {
2091
2092                 /* Set up the dataOut memory allocation */
2093                 if (karg.dataOutSize > 0) {
2094                         if (karg.dataInSize > 0) {
2095                                 flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2096                                                 MPI_SGE_FLAGS_END_OF_BUFFER |
2097                                                 MPI_SGE_FLAGS_DIRECTION |
2098                                                 mpt_addr_size() )
2099                                                 << MPI_SGE_FLAGS_SHIFT;
2100                         } else {
2101                                 flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2102                         }
2103                         flagsLength |= karg.dataOutSize;
2104                         bufOut.len = karg.dataOutSize;
2105                         bufOut.kptr = pci_alloc_consistent(
2106                                         ioc->pcidev, bufOut.len, &dma_addr_out);
2107
2108                         if (bufOut.kptr == NULL) {
2109                                 rc = -ENOMEM;
2110                                 goto done_free_mem;
2111                         } else {
2112                                 /* Set up this SGE.
2113                                  * Copy to MF and to sglbuf
2114                                  */
2115                                 mpt_add_sge(psge, flagsLength, dma_addr_out);
2116                                 psge += (sizeof(u32) + sizeof(dma_addr_t));
2117
2118                                 /* Copy user data to kernel space.
2119                                  */
2120                                 if (copy_from_user(bufOut.kptr,
2121                                                 karg.dataOutBufPtr,
2122                                                 bufOut.len)) {
2123                                         printk(KERN_ERR
2124                                                 "%s@%d::mptctl_do_mpt_command - Unable "
2125                                                 "to read user data "
2126                                                 "struct @ %p\n",
2127                                                 __FILE__, __LINE__,karg.dataOutBufPtr);
2128                                         rc =  -EFAULT;
2129                                         goto done_free_mem;
2130                                 }
2131                         }
2132                 }
2133
2134                 if (karg.dataInSize > 0) {
2135                         flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2136                         flagsLength |= karg.dataInSize;
2137
2138                         bufIn.len = karg.dataInSize;
2139                         bufIn.kptr = pci_alloc_consistent(ioc->pcidev,
2140                                         bufIn.len, &dma_addr_in);
2141
2142                         if (bufIn.kptr == NULL) {
2143                                 rc = -ENOMEM;
2144                                 goto done_free_mem;
2145                         } else {
2146                                 /* Set up this SGE
2147                                  * Copy to MF and to sglbuf
2148                                  */
2149                                 mpt_add_sge(psge, flagsLength, dma_addr_in);
2150                         }
2151                 }
2152         } else  {
2153                 /* Add a NULL SGE
2154                  */
2155                 mpt_add_sge(psge, flagsLength, (dma_addr_t) -1);
2156         }
2157
2158         ioc->ioctl->wait_done = 0;
2159         if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2160
2161                 DBG_DUMP_TM_REQUEST_FRAME((u32 *)mf);
2162
2163                 if (mpt_send_handshake_request(mptctl_id, ioc,
2164                         sizeof(SCSITaskMgmt_t), (u32*)mf,
2165                         CAN_SLEEP) != 0) {
2166                         dfailprintk((MYIOC_s_ERR_FMT "_send_handshake FAILED!"
2167                                 " (ioc %p, mf %p) \n", ioc->name,
2168                                 ioc, mf));
2169                         mptctl_free_tm_flags(ioc);
2170                         rc = -ENODATA;
2171                         goto done_free_mem;
2172                 }
2173
2174         } else
2175                 mpt_put_msg_frame(mptctl_id, ioc, mf);
2176
2177         /* Now wait for the command to complete */
2178         timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2179         timeout = wait_event_timeout(mptctl_wait,
2180              ioc->ioctl->wait_done == 1,
2181              HZ*timeout);
2182
2183         if(timeout <=0 && (ioc->ioctl->wait_done != 1 )) {
2184         /* Now we need to reset the board */
2185
2186                 if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT)
2187                         mptctl_free_tm_flags(ioc);
2188
2189                 mptctl_timeout_expired(ioc->ioctl);
2190                 rc = -ENODATA;
2191                 goto done_free_mem;
2192         }
2193
2194         mf = NULL;
2195
2196         /* If a valid reply frame, copy to the user.
2197          * Offset 2: reply length in U32's
2198          */
2199         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID) {
2200                 if (karg.maxReplyBytes < ioc->reply_sz) {
2201                          sz = min(karg.maxReplyBytes, 4*ioc->ioctl->ReplyFrame[2]);
2202                 } else {
2203                          sz = min(ioc->reply_sz, 4*ioc->ioctl->ReplyFrame[2]);
2204                 }
2205
2206                 if (sz > 0) {
2207                         if (copy_to_user(karg.replyFrameBufPtr,
2208                                  &ioc->ioctl->ReplyFrame, sz)){
2209                                  printk(KERN_ERR
2210                                      "%s@%d::mptctl_do_mpt_command - "
2211                                  "Unable to write out reply frame %p\n",
2212                                  __FILE__, __LINE__, karg.replyFrameBufPtr);
2213                                  rc =  -ENODATA;
2214                                  goto done_free_mem;
2215                         }
2216                 }
2217         }
2218
2219         /* If valid sense data, copy to user.
2220          */
2221         if (ioc->ioctl->status & MPT_IOCTL_STATUS_SENSE_VALID) {
2222                 sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2223                 if (sz > 0) {
2224                         if (copy_to_user(karg.senseDataPtr, ioc->ioctl->sense, sz)) {
2225                                 printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
2226                                 "Unable to write sense data to user %p\n",
2227                                 __FILE__, __LINE__,
2228                                 karg.senseDataPtr);
2229                                 rc =  -ENODATA;
2230                                 goto done_free_mem;
2231                         }
2232                 }
2233         }
2234
2235         /* If the overall status is _GOOD and data in, copy data
2236          * to user.
2237          */
2238         if ((ioc->ioctl->status & MPT_IOCTL_STATUS_COMMAND_GOOD) &&
2239                                 (karg.dataInSize > 0) && (bufIn.kptr)) {
2240
2241                 if (copy_to_user(karg.dataInBufPtr,
2242                                  bufIn.kptr, karg.dataInSize)) {
2243                         printk(KERN_ERR "%s@%d::mptctl_do_mpt_command - "
2244                                 "Unable to write data to user %p\n",
2245                                 __FILE__, __LINE__,
2246                                 karg.dataInBufPtr);
2247                         rc =  -ENODATA;
2248                 }
2249         }
2250
2251 done_free_mem:
2252
2253         ioc->ioctl->status &= ~(MPT_IOCTL_STATUS_COMMAND_GOOD |
2254                 MPT_IOCTL_STATUS_SENSE_VALID |
2255                 MPT_IOCTL_STATUS_RF_VALID );
2256
2257         /* Free the allocated memory.
2258          */
2259         if (bufOut.kptr != NULL) {
2260                 pci_free_consistent(ioc->pcidev,
2261                         bufOut.len, (void *) bufOut.kptr, dma_addr_out);
2262         }
2263
2264         if (bufIn.kptr != NULL) {
2265                 pci_free_consistent(ioc->pcidev,
2266                         bufIn.len, (void *) bufIn.kptr, dma_addr_in);
2267         }
2268
2269         /* mf is null if command issued successfully
2270          * otherwise, failure occured after mf acquired.
2271          */
2272         if (mf)
2273                 mpt_free_msg_frame(ioc, mf);
2274
2275         return rc;
2276 }
2277
2278 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2279 /* Prototype Routine for the HOST INFO command.
2280  *
2281  * Outputs:     None.
2282  * Return:      0 if successful
2283  *              -EFAULT if data unavailable
2284  *              -EBUSY  if previous command timout and IOC reset is not complete.
2285  *              -ENODEV if no such device/adapter
2286  *              -ETIME  if timer expires
2287  *              -ENOMEM if memory allocation error
2288  */
2289 static int
2290 mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size)
2291 {
2292         hp_host_info_t  __user *uarg = (void __user *) arg;
2293         MPT_ADAPTER             *ioc;
2294         struct pci_dev          *pdev;
2295         char                    *pbuf=NULL;
2296         dma_addr_t              buf_dma;
2297         hp_host_info_t          karg;
2298         CONFIGPARMS             cfg;
2299         ConfigPageHeader_t      hdr;
2300         int                     iocnum;
2301         int                     rc, cim_rev;
2302         ToolboxIstwiReadWriteRequest_t  *IstwiRWRequest;
2303         MPT_FRAME_HDR           *mf = NULL;
2304         MPIHeader_t             *mpi_hdr;
2305
2306         dctlprintk((": mptctl_hp_hostinfo called.\n"));
2307         /* Reset long to int. Should affect IA64 and SPARC only
2308          */
2309         if (data_size == sizeof(hp_host_info_t))
2310                 cim_rev = 1;
2311         else if (data_size == sizeof(hp_host_info_rev0_t))
2312                 cim_rev = 0;    /* obsolete */
2313         else
2314                 return -EFAULT;
2315
2316         if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2317                 printk(KERN_ERR "%s@%d::mptctl_hp_host_info - "
2318                         "Unable to read in hp_host_info struct @ %p\n",
2319                                 __FILE__, __LINE__, uarg);
2320                 return -EFAULT;
2321         }
2322
2323         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2324             (ioc == NULL)) {
2325                 dctlprintk((KERN_ERR "%s::mptctl_hp_hostinfo() @%d - ioc%d not found!\n",
2326                                 __FILE__, __LINE__, iocnum));
2327                 return -ENODEV;
2328         }
2329
2330         /* Fill in the data and return the structure to the calling
2331          * program
2332          */
2333         pdev = (struct pci_dev *) ioc->pcidev;
2334
2335         karg.vendor = pdev->vendor;
2336         karg.device = pdev->device;
2337         karg.subsystem_id = pdev->subsystem_device;
2338         karg.subsystem_vendor = pdev->subsystem_vendor;
2339         karg.devfn = pdev->devfn;
2340         karg.bus = pdev->bus->number;
2341
2342         /* Save the SCSI host no. if
2343          * SCSI driver loaded
2344          */
2345         if (ioc->sh != NULL)
2346                 karg.host_no = ioc->sh->host_no;
2347         else
2348                 karg.host_no =  -1;
2349
2350         /* Reformat the fw_version into a string
2351          */
2352         karg.fw_version[0] = ioc->facts.FWVersion.Struct.Major >= 10 ?
2353                 ((ioc->facts.FWVersion.Struct.Major / 10) + '0') : '0';
2354         karg.fw_version[1] = (ioc->facts.FWVersion.Struct.Major % 10 ) + '0';
2355         karg.fw_version[2] = '.';
2356         karg.fw_version[3] = ioc->facts.FWVersion.Struct.Minor >= 10 ?
2357                 ((ioc->facts.FWVersion.Struct.Minor / 10) + '0') : '0';
2358         karg.fw_version[4] = (ioc->facts.FWVersion.Struct.Minor % 10 ) + '0';
2359         karg.fw_version[5] = '.';
2360         karg.fw_version[6] = ioc->facts.FWVersion.Struct.Unit >= 10 ?
2361                 ((ioc->facts.FWVersion.Struct.Unit / 10) + '0') : '0';
2362         karg.fw_version[7] = (ioc->facts.FWVersion.Struct.Unit % 10 ) + '0';
2363         karg.fw_version[8] = '.';
2364         karg.fw_version[9] = ioc->facts.FWVersion.Struct.Dev >= 10 ?
2365                 ((ioc->facts.FWVersion.Struct.Dev / 10) + '0') : '0';
2366         karg.fw_version[10] = (ioc->facts.FWVersion.Struct.Dev % 10 ) + '0';
2367         karg.fw_version[11] = '\0';
2368
2369         /* Issue a config request to get the device serial number
2370          */
2371         hdr.PageVersion = 0;
2372         hdr.PageLength = 0;
2373         hdr.PageNumber = 0;
2374         hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2375         cfg.cfghdr.hdr = &hdr;
2376         cfg.physAddr = -1;
2377         cfg.pageAddr = 0;
2378         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2379         cfg.dir = 0;    /* read */
2380         cfg.timeout = 10;
2381
2382         strncpy(karg.serial_number, " ", 24);
2383         if (mpt_config(ioc, &cfg) == 0) {
2384                 if (cfg.cfghdr.hdr->PageLength > 0) {
2385                         /* Issue the second config page request */
2386                         cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2387
2388                         pbuf = pci_alloc_consistent(ioc->pcidev, hdr.PageLength * 4, &buf_dma);
2389                         if (pbuf) {
2390                                 cfg.physAddr = buf_dma;
2391                                 if (mpt_config(ioc, &cfg) == 0) {
2392                                         ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2393                                         if (strlen(pdata->BoardTracerNumber) > 1) {
2394                                                 strncpy(karg.serial_number,                                                                         pdata->BoardTracerNumber, 24);
2395                                                 karg.serial_number[24-1]='\0';
2396                                         }
2397                                 }
2398                                 pci_free_consistent(ioc->pcidev, hdr.PageLength * 4, pbuf, buf_dma);
2399                                 pbuf = NULL;
2400                         }
2401                 }
2402         }
2403         rc = mpt_GetIocState(ioc, 1);
2404         switch (rc) {
2405         case MPI_IOC_STATE_OPERATIONAL:
2406                 karg.ioc_status =  HP_STATUS_OK;
2407                 break;
2408
2409         case MPI_IOC_STATE_FAULT:
2410                 karg.ioc_status =  HP_STATUS_FAILED;
2411                 break;
2412
2413         case MPI_IOC_STATE_RESET:
2414         case MPI_IOC_STATE_READY:
2415         default:
2416                 karg.ioc_status =  HP_STATUS_OTHER;
2417                 break;
2418         }
2419
2420         karg.base_io_addr = pci_resource_start(pdev, 0);
2421
2422         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2423                 karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2424         else
2425                 karg.bus_phys_width = HP_BUS_WIDTH_16;
2426
2427         karg.hard_resets = 0;
2428         karg.soft_resets = 0;
2429         karg.timeouts = 0;
2430         if (ioc->sh != NULL) {
2431                 MPT_SCSI_HOST *hd =  (MPT_SCSI_HOST *)ioc->sh->hostdata;
2432
2433                 if (hd && (cim_rev == 1)) {
2434                         karg.hard_resets = hd->hard_resets;
2435                         karg.soft_resets = hd->soft_resets;
2436                         karg.timeouts = hd->timeouts;
2437                 }
2438         }
2439
2440         /* 
2441          * Gather ISTWI(Industry Standard Two Wire Interface) Data
2442          */
2443         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2444                 dfailprintk((MYIOC_s_WARN_FMT "%s, no msg frames!!\n",
2445                     ioc->name,__FUNCTION__));
2446                 goto out;
2447         }
2448
2449         IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2450         mpi_hdr = (MPIHeader_t *) mf;
2451         memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2452         IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2453         IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2454         IstwiRWRequest->MsgContext = mpi_hdr->MsgContext;
2455         IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2456         IstwiRWRequest->NumAddressBytes = 0x01;
2457         IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2458         if (pdev->devfn & 1)
2459                 IstwiRWRequest->DeviceAddr = 0xB2;
2460         else
2461                 IstwiRWRequest->DeviceAddr = 0xB0;
2462
2463         pbuf = pci_alloc_consistent(ioc->pcidev, 4, &buf_dma);
2464         if (!pbuf)
2465                 goto out;
2466         mpt_add_sge((char *)&IstwiRWRequest->SGL,
2467             (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2468
2469         ioc->ioctl->wait_done = 0;
2470         mpt_put_msg_frame(mptctl_id, ioc, mf);
2471
2472         rc = wait_event_timeout(mptctl_wait,
2473              ioc->ioctl->wait_done == 1,
2474              HZ*MPT_IOCTL_DEFAULT_TIMEOUT /* 10 sec */);
2475
2476         if(rc <=0 && (ioc->ioctl->wait_done != 1 )) {
2477                 /* 
2478                  * Now we need to reset the board
2479                  */
2480                 mpt_free_msg_frame(ioc, mf);
2481                 mptctl_timeout_expired(ioc->ioctl);
2482                 goto out;
2483         }
2484
2485         /* 
2486          *ISTWI Data Definition
2487          * pbuf[0] = FW_VERSION = 0x4
2488          * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2489          *  the config, you should be seeing one out of these three values
2490          * pbuf[2] = Drive Installed Map = bit pattern depend on which
2491          *   bays have drives in them
2492          * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2493          */
2494         if (ioc->ioctl->status & MPT_IOCTL_STATUS_RF_VALID)
2495                 karg.rsvd = *(u32 *)pbuf;
2496
2497  out:
2498         if (pbuf)
2499                 pci_free_consistent(ioc->pcidev, 4, pbuf, buf_dma);
2500
2501         /* Copy the data from kernel memory to user memory
2502          */
2503         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2504                 printk(KERN_ERR "%s@%d::mptctl_hpgethostinfo - "
2505                         "Unable to write out hp_host_info @ %p\n",
2506                                 __FILE__, __LINE__, uarg);
2507                 return -EFAULT;
2508         }
2509
2510         return 0;
2511
2512 }
2513
2514 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2515 /* Prototype Routine for the TARGET INFO command.
2516  *
2517  * Outputs:     None.
2518  * Return:      0 if successful
2519  *              -EFAULT if data unavailable
2520  *              -EBUSY  if previous command timout and IOC reset is not complete.
2521  *              -ENODEV if no such device/adapter
2522  *              -ETIME  if timer expires
2523  *              -ENOMEM if memory allocation error
2524  */
2525 static int
2526 mptctl_hp_targetinfo(unsigned long arg)
2527 {
2528         hp_target_info_t __user *uarg = (void __user *) arg;
2529         SCSIDevicePage0_t       *pg0_alloc;
2530         SCSIDevicePage3_t       *pg3_alloc;
2531         MPT_ADAPTER             *ioc;
2532         MPT_SCSI_HOST           *hd = NULL;
2533         hp_target_info_t        karg;
2534         int                     iocnum;
2535         int                     data_sz;
2536         dma_addr_t              page_dma;
2537         CONFIGPARMS             cfg;
2538         ConfigPageHeader_t      hdr;
2539         int                     tmp, np, rc = 0;
2540
2541         dctlprintk((": mptctl_hp_targetinfo called.\n"));
2542         if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2543                 printk(KERN_ERR "%s@%d::mptctl_hp_targetinfo - "
2544                         "Unable to read in hp_host_targetinfo struct @ %p\n",
2545                                 __FILE__, __LINE__, uarg);
2546                 return -EFAULT;
2547         }
2548
2549         if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2550                 (ioc == NULL)) {
2551                 dctlprintk((KERN_ERR "%s::mptctl_hp_targetinfo() @%d - ioc%d not found!\n",
2552                                 __FILE__, __LINE__, iocnum));
2553                 return -ENODEV;
2554         }
2555
2556         /*  There is nothing to do for FCP parts.
2557          */
2558         if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2559                 return 0;
2560
2561         if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2562                 return 0;
2563
2564         if (ioc->sh->host_no != karg.hdr.host)
2565                 return -ENODEV;
2566
2567        /* Get the data transfer speeds
2568         */
2569         data_sz = ioc->spi_data.sdp0length * 4;
2570         pg0_alloc = (SCSIDevicePage0_t *) pci_alloc_consistent(ioc->pcidev, data_sz, &page_dma);
2571         if (pg0_alloc) {
2572                 hdr.PageVersion = ioc->spi_data.sdp0version;
2573                 hdr.PageLength = data_sz;
2574                 hdr.PageNumber = 0;
2575                 hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2576
2577                 cfg.cfghdr.hdr = &hdr;
2578                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2579                 cfg.dir = 0;
2580                 cfg.timeout = 0;
2581                 cfg.physAddr = page_dma;
2582
2583                 cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2584
2585                 if ((rc = mpt_config(ioc, &cfg)) == 0) {
2586                         np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2587                         karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2588                                         HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2589
2590                         if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2591                                 tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2592                                 if (tmp < 0x09)
2593                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2594                                 else if (tmp <= 0x09)
2595                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2596                                 else if (tmp <= 0x0A)
2597                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2598                                 else if (tmp <= 0x0C)
2599                                         karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2600                                 else if (tmp <= 0x25)
2601                                         karg.negotiated_speed = HP_DEV_SPEED_FAST;
2602                                 else
2603                                         karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2604                         } else
2605                                 karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2606                 }
2607
2608                 pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg0_alloc, page_dma);
2609         }
2610
2611         /* Set defaults
2612          */
2613         karg.message_rejects = -1;
2614         karg.phase_errors = -1;
2615         karg.parity_errors = -1;
2616         karg.select_timeouts = -1;
2617
2618         /* Get the target error parameters
2619          */
2620         hdr.PageVersion = 0;
2621         hdr.PageLength = 0;
2622         hdr.PageNumber = 3;
2623         hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2624
2625         cfg.cfghdr.hdr = &hdr;
2626         cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2627         cfg.dir = 0;
2628         cfg.timeout = 0;
2629         cfg.physAddr = -1;
2630         if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2631                 /* Issue the second config page request */
2632                 cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2633                 data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2634                 pg3_alloc = (SCSIDevicePage3_t *) pci_alloc_consistent(
2635                                                         ioc->pcidev, data_sz, &page_dma);
2636                 if (pg3_alloc) {
2637                         cfg.physAddr = page_dma;
2638                         cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2639                         if ((rc = mpt_config(ioc, &cfg)) == 0) {
2640                                 karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2641                                 karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2642                                 karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2643                         }
2644                         pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg3_alloc, page_dma);
2645                 }
2646         }
2647         hd = (MPT_SCSI_HOST *) ioc->sh->hostdata;
2648         if (hd != NULL)
2649                 karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2650
2651         /* Copy the data from kernel memory to user memory
2652          */
2653         if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2654                 printk(KERN_ERR "%s@%d::mptctl_hp_target_info - "
2655                         "Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2656                                 __FILE__, __LINE__, uarg);
2657                 return -EFAULT;
2658         }
2659
2660         return 0;
2661 }
2662
2663 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2664
2665 static const struct file_operations mptctl_fops = {
2666         .owner =        THIS_MODULE,
2667         .llseek =       no_llseek,
2668         .release =      mptctl_release,
2669         .fasync =       mptctl_fasync,
2670         .unlocked_ioctl = mptctl_ioctl,
2671 #ifdef CONFIG_COMPAT
2672         .compat_ioctl = compat_mpctl_ioctl,
2673 #endif
2674 };
2675
2676 static struct miscdevice mptctl_miscdev = {
2677         MPT_MINOR,
2678         MYNAM,
2679         &mptctl_fops
2680 };
2681
2682 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2683
2684 #ifdef CONFIG_COMPAT
2685
2686 static int
2687 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2688                         unsigned long arg)
2689 {
2690         struct mpt_fw_xfer32 kfw32;
2691         struct mpt_fw_xfer kfw;
2692         MPT_ADAPTER *iocp = NULL;
2693         int iocnum, iocnumX;
2694         int nonblock = (filp->f_flags & O_NONBLOCK);
2695         int ret;
2696
2697         dctlprintk((KERN_INFO MYNAM "::compat_mptfwxfer_ioctl() called\n"));
2698
2699         if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2700                 return -EFAULT;
2701
2702         /* Verify intended MPT adapter */
2703         iocnumX = kfw32.iocnum & 0xFF;
2704         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2705             (iocp == NULL)) {
2706                 dctlprintk((KERN_ERR MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2707                                 __LINE__, iocnumX));
2708                 return -ENODEV;
2709         }
2710
2711         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2712                 return ret;
2713
2714         kfw.iocnum = iocnum;
2715         kfw.fwlen = kfw32.fwlen;
2716         kfw.bufp = compat_ptr(kfw32.bufp);
2717
2718         ret = mptctl_do_fw_download(kfw.iocnum, kfw.bufp, kfw.fwlen);
2719
2720         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2721
2722         return ret;
2723 }
2724
2725 static int
2726 compat_mpt_command(struct file *filp, unsigned int cmd,
2727                         unsigned long arg)
2728 {
2729         struct mpt_ioctl_command32 karg32;
2730         struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2731         struct mpt_ioctl_command karg;
2732         MPT_ADAPTER *iocp = NULL;
2733         int iocnum, iocnumX;
2734         int nonblock = (filp->f_flags & O_NONBLOCK);
2735         int ret;
2736
2737         dctlprintk((KERN_INFO MYNAM "::compat_mpt_command() called\n"));
2738
2739         if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2740                 return -EFAULT;
2741
2742         /* Verify intended MPT adapter */
2743         iocnumX = karg32.hdr.iocnum & 0xFF;
2744         if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2745             (iocp == NULL)) {
2746                 dctlprintk((KERN_ERR MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2747                                 __LINE__, iocnumX));
2748                 return -ENODEV;
2749         }
2750
2751         if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2752                 return ret;
2753
2754         /* Copy data to karg */
2755         karg.hdr.iocnum = karg32.hdr.iocnum;
2756         karg.hdr.port = karg32.hdr.port;
2757         karg.timeout = karg32.timeout;
2758         karg.maxReplyBytes = karg32.maxReplyBytes;
2759
2760         karg.dataInSize = karg32.dataInSize;
2761         karg.dataOutSize = karg32.dataOutSize;
2762         karg.maxSenseBytes = karg32.maxSenseBytes;
2763         karg.dataSgeOffset = karg32.dataSgeOffset;
2764
2765         karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2766         karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2767         karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2768         karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2769
2770         /* Pass new structure to do_mpt_command
2771          */
2772         ret = mptctl_do_mpt_command (karg, &uarg->MF);
2773
2774         mutex_unlock(&iocp->ioctl->ioctl_mutex);
2775
2776         return ret;
2777 }
2778
2779 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2780 {
2781         long ret;
2782         lock_kernel();
2783         switch (cmd) {
2784         case MPTIOCINFO:
2785         case MPTIOCINFO1:
2786         case MPTIOCINFO2:
2787         case MPTTARGETINFO:
2788         case MPTEVENTQUERY:
2789         case MPTEVENTENABLE:
2790         case MPTEVENTREPORT:
2791         case MPTHARDRESET:
2792         case HP_GETHOSTINFO:
2793         case HP_GETTARGETINFO:
2794         case MPTTEST:
2795                 ret = __mptctl_ioctl(f, cmd, arg);
2796                 break;
2797         case MPTCOMMAND32:
2798                 ret = compat_mpt_command(f, cmd, arg);
2799                 break;
2800         case MPTFWDOWNLOAD32:
2801                 ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2802                 break;
2803         default:
2804                 ret = -ENOIOCTLCMD;
2805                 break;
2806         }
2807         unlock_kernel();
2808         return ret;
2809 }
2810
2811 #endif
2812
2813
2814 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2815 /*
2816  *      mptctl_probe - Installs ioctl devices per bus.
2817  *      @pdev: Pointer to pci_dev structure
2818  *
2819  *      Returns 0 for success, non-zero for failure.
2820  *
2821  */
2822
2823 static int
2824 mptctl_probe(struct pci_dev *pdev, const struct pci_device_id *id)
2825 {
2826         int err;
2827         int sz;
2828         u8 *mem;
2829         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2830
2831         /*
2832          * Allocate and inite a MPT_IOCTL structure
2833         */
2834         sz = sizeof (MPT_IOCTL);
2835         mem = kmalloc(sz, GFP_KERNEL);
2836         if (mem == NULL) {
2837                 err = -ENOMEM;
2838                 goto out_fail;
2839         }
2840
2841         memset(mem, 0, sz);
2842         ioc->ioctl = (MPT_IOCTL *) mem;
2843         ioc->ioctl->ioc = ioc;
2844         mutex_init(&ioc->ioctl->ioctl_mutex);
2845         return 0;
2846
2847 out_fail:
2848
2849         mptctl_remove(pdev);
2850         return err;
2851 }
2852
2853 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2854 /*
2855  *      mptctl_remove - Removed ioctl devices
2856  *      @pdev: Pointer to pci_dev structure
2857  *
2858  *
2859  */
2860 static void
2861 mptctl_remove(struct pci_dev *pdev)
2862 {
2863         MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2864
2865         kfree ( ioc->ioctl );
2866 }
2867
2868 static struct mpt_pci_driver mptctl_driver = {
2869   .probe                = mptctl_probe,
2870   .remove               = mptctl_remove,
2871 };
2872
2873 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2874 static int __init mptctl_init(void)
2875 {
2876         int err;
2877         int where = 1;
2878
2879         show_mptmod_ver(my_NAME, my_VERSION);
2880
2881         if(mpt_device_driver_register(&mptctl_driver,
2882           MPTCTL_DRIVER) != 0 ) {
2883                 dprintk((KERN_INFO MYNAM
2884                 ": failed to register dd callbacks\n"));
2885         }
2886
2887         /* Register this device */
2888         err = misc_register(&mptctl_miscdev);
2889         if (err < 0) {
2890                 printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
2891                 goto out_fail;
2892         }
2893         printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
2894         printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
2895                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2896
2897         /*
2898          *  Install our handler
2899          */
2900         ++where;
2901         if ((mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER)) < 0) {
2902                 printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2903                 misc_deregister(&mptctl_miscdev);
2904                 err = -EBUSY;
2905                 goto out_fail;
2906         }
2907
2908         if (mpt_reset_register(mptctl_id, mptctl_ioc_reset) == 0) {
2909                 dprintk((KERN_INFO MYNAM ": Registered for IOC reset notifications\n"));
2910         } else {
2911                 /* FIXME! */
2912         }
2913
2914         if (mpt_event_register(mptctl_id, mptctl_event_process) == 0) {
2915                 devtverboseprintk((KERN_INFO MYNAM
2916                   ": Registered for IOC event notifications\n"));
2917         }
2918
2919         return 0;
2920
2921 out_fail:
2922
2923         mpt_device_driver_deregister(MPTCTL_DRIVER);
2924
2925         return err;
2926 }
2927
2928 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2929 static void mptctl_exit(void)
2930 {
2931         misc_deregister(&mptctl_miscdev);
2932         printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
2933                          mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2934
2935         /* De-register reset handler from base module */
2936         mpt_reset_deregister(mptctl_id);
2937         dprintk((KERN_INFO MYNAM ": Deregistered for IOC reset notifications\n"));
2938
2939         /* De-register callback handler from base module */
2940         mpt_deregister(mptctl_id);
2941         printk(KERN_INFO MYNAM ": Deregistered from Fusion MPT base driver\n");
2942
2943         mpt_device_driver_deregister(MPTCTL_DRIVER);
2944
2945 }
2946
2947 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2948
2949 module_init(mptctl_init);
2950 module_exit(mptctl_exit);