cciss: Add a "raid_level" attribute to each logical drive in /sys
[linux-2.6.git] / drivers / block / cciss.c
1 /*
2  *    Disk Array driver for HP Smart Array controllers.
3  *    (C) Copyright 2000, 2007 Hewlett-Packard Development Company, L.P.
4  *
5  *    This program is free software; you can redistribute it and/or modify
6  *    it under the terms of the GNU General Public License as published by
7  *    the Free Software Foundation; version 2 of the License.
8  *
9  *    This program is distributed in the hope that it will be useful,
10  *    but WITHOUT ANY WARRANTY; without even the implied warranty of
11  *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12  *    General Public License for more details.
13  *
14  *    You should have received a copy of the GNU General Public License
15  *    along with this program; if not, write to the Free Software
16  *    Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
17  *    02111-1307, USA.
18  *
19  *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
20  *
21  */
22
23 #include <linux/module.h>
24 #include <linux/interrupt.h>
25 #include <linux/types.h>
26 #include <linux/pci.h>
27 #include <linux/kernel.h>
28 #include <linux/slab.h>
29 #include <linux/smp_lock.h>
30 #include <linux/delay.h>
31 #include <linux/major.h>
32 #include <linux/fs.h>
33 #include <linux/bio.h>
34 #include <linux/blkpg.h>
35 #include <linux/timer.h>
36 #include <linux/proc_fs.h>
37 #include <linux/seq_file.h>
38 #include <linux/init.h>
39 #include <linux/jiffies.h>
40 #include <linux/hdreg.h>
41 #include <linux/spinlock.h>
42 #include <linux/compat.h>
43 #include <linux/mutex.h>
44 #include <asm/uaccess.h>
45 #include <asm/io.h>
46
47 #include <linux/dma-mapping.h>
48 #include <linux/blkdev.h>
49 #include <linux/genhd.h>
50 #include <linux/completion.h>
51 #include <scsi/scsi.h>
52 #include <scsi/sg.h>
53 #include <scsi/scsi_ioctl.h>
54 #include <linux/cdrom.h>
55 #include <linux/scatterlist.h>
56 #include <linux/kthread.h>
57
58 #define CCISS_DRIVER_VERSION(maj,min,submin) ((maj<<16)|(min<<8)|(submin))
59 #define DRIVER_NAME "HP CISS Driver (v 3.6.20)"
60 #define DRIVER_VERSION CCISS_DRIVER_VERSION(3, 6, 20)
61
62 /* Embedded module documentation macros - see modules.h */
63 MODULE_AUTHOR("Hewlett-Packard Company");
64 MODULE_DESCRIPTION("Driver for HP Smart Array Controllers");
65 MODULE_SUPPORTED_DEVICE("HP SA5i SA5i+ SA532 SA5300 SA5312 SA641 SA642 SA6400"
66                         " SA6i P600 P800 P400 P400i E200 E200i E500 P700m"
67                         " Smart Array G2 Series SAS/SATA Controllers");
68 MODULE_VERSION("3.6.20");
69 MODULE_LICENSE("GPL");
70
71 #include "cciss_cmd.h"
72 #include "cciss.h"
73 #include <linux/cciss_ioctl.h>
74
75 /* define the PCI info for the cards we can control */
76 static const struct pci_device_id cciss_pci_device_id[] = {
77         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISS,  0x0E11, 0x4070},
78         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4080},
79         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4082},
80         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSB, 0x0E11, 0x4083},
81         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x4091},
82         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409A},
83         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409B},
84         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409C},
85         {PCI_VENDOR_ID_COMPAQ, PCI_DEVICE_ID_COMPAQ_CISSC, 0x0E11, 0x409D},
86         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSA,     0x103C, 0x3225},
87         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3223},
88         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3234},
89         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3235},
90         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3211},
91         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3212},
92         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3213},
93         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3214},
94         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSD,     0x103C, 0x3215},
95         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x3237},
96         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSC,     0x103C, 0x323D},
97         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3241},
98         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3243},
99         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3245},
100         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3247},
101         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x3249},
102         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324A},
103         {PCI_VENDOR_ID_HP,     PCI_DEVICE_ID_HP_CISSE,     0x103C, 0x324B},
104         {PCI_VENDOR_ID_HP,     PCI_ANY_ID,      PCI_ANY_ID, PCI_ANY_ID,
105                 PCI_CLASS_STORAGE_RAID << 8, 0xffff << 8, 0},
106         {0,}
107 };
108
109 MODULE_DEVICE_TABLE(pci, cciss_pci_device_id);
110
111 /*  board_id = Subsystem Device ID & Vendor ID
112  *  product = Marketing Name for the board
113  *  access = Address of the struct of function pointers
114  */
115 static struct board_type products[] = {
116         {0x40700E11, "Smart Array 5300", &SA5_access},
117         {0x40800E11, "Smart Array 5i", &SA5B_access},
118         {0x40820E11, "Smart Array 532", &SA5B_access},
119         {0x40830E11, "Smart Array 5312", &SA5B_access},
120         {0x409A0E11, "Smart Array 641", &SA5_access},
121         {0x409B0E11, "Smart Array 642", &SA5_access},
122         {0x409C0E11, "Smart Array 6400", &SA5_access},
123         {0x409D0E11, "Smart Array 6400 EM", &SA5_access},
124         {0x40910E11, "Smart Array 6i", &SA5_access},
125         {0x3225103C, "Smart Array P600", &SA5_access},
126         {0x3223103C, "Smart Array P800", &SA5_access},
127         {0x3234103C, "Smart Array P400", &SA5_access},
128         {0x3235103C, "Smart Array P400i", &SA5_access},
129         {0x3211103C, "Smart Array E200i", &SA5_access},
130         {0x3212103C, "Smart Array E200", &SA5_access},
131         {0x3213103C, "Smart Array E200i", &SA5_access},
132         {0x3214103C, "Smart Array E200i", &SA5_access},
133         {0x3215103C, "Smart Array E200i", &SA5_access},
134         {0x3237103C, "Smart Array E500", &SA5_access},
135         {0x323D103C, "Smart Array P700m", &SA5_access},
136         {0x3241103C, "Smart Array P212", &SA5_access},
137         {0x3243103C, "Smart Array P410", &SA5_access},
138         {0x3245103C, "Smart Array P410i", &SA5_access},
139         {0x3247103C, "Smart Array P411", &SA5_access},
140         {0x3249103C, "Smart Array P812", &SA5_access},
141         {0x324A103C, "Smart Array P712m", &SA5_access},
142         {0x324B103C, "Smart Array P711m", &SA5_access},
143         {0xFFFF103C, "Unknown Smart Array", &SA5_access},
144 };
145
146 /* How long to wait (in milliseconds) for board to go into simple mode */
147 #define MAX_CONFIG_WAIT 30000
148 #define MAX_IOCTL_CONFIG_WAIT 1000
149
150 /*define how many times we will try a command because of bus resets */
151 #define MAX_CMD_RETRIES 3
152
153 #define MAX_CTLR        32
154
155 /* Originally cciss driver only supports 8 major numbers */
156 #define MAX_CTLR_ORIG   8
157
158 static ctlr_info_t *hba[MAX_CTLR];
159
160 static struct task_struct *cciss_scan_thread;
161 static DEFINE_MUTEX(scan_mutex);
162 static LIST_HEAD(scan_q);
163
164 static void do_cciss_request(struct request_queue *q);
165 static irqreturn_t do_cciss_intr(int irq, void *dev_id);
166 static int cciss_open(struct block_device *bdev, fmode_t mode);
167 static int cciss_release(struct gendisk *disk, fmode_t mode);
168 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
169                        unsigned int cmd, unsigned long arg);
170 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo);
171
172 static int cciss_revalidate(struct gendisk *disk);
173 static int rebuild_lun_table(ctlr_info_t *h, int first_time, int via_ioctl);
174 static int deregister_disk(ctlr_info_t *h, int drv_index,
175                            int clear_all, int via_ioctl);
176
177 static void cciss_read_capacity(int ctlr, int logvol, int withirq,
178                         sector_t *total_size, unsigned int *block_size);
179 static void cciss_read_capacity_16(int ctlr, int logvol, int withirq,
180                         sector_t *total_size, unsigned int *block_size);
181 static void cciss_geometry_inquiry(int ctlr, int logvol,
182                         int withirq, sector_t total_size,
183                         unsigned int block_size, InquiryData_struct *inq_buff,
184                                    drive_info_struct *drv);
185 static void __devinit cciss_interrupt_mode(ctlr_info_t *, struct pci_dev *,
186                                            __u32);
187 static void start_io(ctlr_info_t *h);
188 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
189                    __u8 page_code, unsigned char *scsi3addr, int cmd_type);
190 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
191                         __u8 page_code, unsigned char scsi3addr[],
192                         int cmd_type);
193 static int sendcmd_withirq_core(ctlr_info_t *h, CommandList_struct *c,
194         int attempt_retry);
195 static int process_sendcmd_error(ctlr_info_t *h, CommandList_struct *c);
196
197 static void fail_all_cmds(unsigned long ctlr);
198 static int add_to_scan_list(struct ctlr_info *h);
199 static int scan_thread(void *data);
200 static int check_for_unit_attention(ctlr_info_t *h, CommandList_struct *c);
201 static void cciss_hba_release(struct device *dev);
202 static void cciss_device_release(struct device *dev);
203 static void cciss_free_gendisk(ctlr_info_t *h, int drv_index);
204
205 #ifdef CONFIG_PROC_FS
206 static void cciss_procinit(int i);
207 #else
208 static void cciss_procinit(int i)
209 {
210 }
211 #endif                          /* CONFIG_PROC_FS */
212
213 #ifdef CONFIG_COMPAT
214 static int cciss_compat_ioctl(struct block_device *, fmode_t,
215                               unsigned, unsigned long);
216 #endif
217
218 static const struct block_device_operations cciss_fops = {
219         .owner = THIS_MODULE,
220         .open = cciss_open,
221         .release = cciss_release,
222         .locked_ioctl = cciss_ioctl,
223         .getgeo = cciss_getgeo,
224 #ifdef CONFIG_COMPAT
225         .compat_ioctl = cciss_compat_ioctl,
226 #endif
227         .revalidate_disk = cciss_revalidate,
228 };
229
230 /*
231  * Enqueuing and dequeuing functions for cmdlists.
232  */
233 static inline void addQ(struct hlist_head *list, CommandList_struct *c)
234 {
235         hlist_add_head(&c->list, list);
236 }
237
238 static inline void removeQ(CommandList_struct *c)
239 {
240         /*
241          * After kexec/dump some commands might still
242          * be in flight, which the firmware will try
243          * to complete. Resetting the firmware doesn't work
244          * with old fw revisions, so we have to mark
245          * them off as 'stale' to prevent the driver from
246          * falling over.
247          */
248         if (WARN_ON(hlist_unhashed(&c->list))) {
249                 c->cmd_type = CMD_MSG_STALE;
250                 return;
251         }
252
253         hlist_del_init(&c->list);
254 }
255
256 #include "cciss_scsi.c"         /* For SCSI tape support */
257
258 #ifdef CONFIG_PROC_FS
259
260 /*
261  * Report information about this controller.
262  */
263 #define ENG_GIG 1000000000
264 #define ENG_GIG_FACTOR (ENG_GIG/512)
265 #define ENGAGE_SCSI     "engage scsi"
266 static const char *raid_label[] = { "0", "4", "1(1+0)", "5", "5+1", "ADG",
267         "UNKNOWN"
268 };
269 #define RAID_UNKNOWN (sizeof(raid_label) / sizeof(raid_label[0])-1)
270
271 static struct proc_dir_entry *proc_cciss;
272
273 static void cciss_seq_show_header(struct seq_file *seq)
274 {
275         ctlr_info_t *h = seq->private;
276
277         seq_printf(seq, "%s: HP %s Controller\n"
278                 "Board ID: 0x%08lx\n"
279                 "Firmware Version: %c%c%c%c\n"
280                 "IRQ: %d\n"
281                 "Logical drives: %d\n"
282                 "Current Q depth: %d\n"
283                 "Current # commands on controller: %d\n"
284                 "Max Q depth since init: %d\n"
285                 "Max # commands on controller since init: %d\n"
286                 "Max SG entries since init: %d\n",
287                 h->devname,
288                 h->product_name,
289                 (unsigned long)h->board_id,
290                 h->firm_ver[0], h->firm_ver[1], h->firm_ver[2],
291                 h->firm_ver[3], (unsigned int)h->intr[SIMPLE_MODE_INT],
292                 h->num_luns,
293                 h->Qdepth, h->commands_outstanding,
294                 h->maxQsinceinit, h->max_outstanding, h->maxSG);
295
296 #ifdef CONFIG_CISS_SCSI_TAPE
297         cciss_seq_tape_report(seq, h->ctlr);
298 #endif /* CONFIG_CISS_SCSI_TAPE */
299 }
300
301 static void *cciss_seq_start(struct seq_file *seq, loff_t *pos)
302 {
303         ctlr_info_t *h = seq->private;
304         unsigned ctlr = h->ctlr;
305         unsigned long flags;
306
307         /* prevent displaying bogus info during configuration
308          * or deconfiguration of a logical volume
309          */
310         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
311         if (h->busy_configuring) {
312                 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
313                 return ERR_PTR(-EBUSY);
314         }
315         h->busy_configuring = 1;
316         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
317
318         if (*pos == 0)
319                 cciss_seq_show_header(seq);
320
321         return pos;
322 }
323
324 static int cciss_seq_show(struct seq_file *seq, void *v)
325 {
326         sector_t vol_sz, vol_sz_frac;
327         ctlr_info_t *h = seq->private;
328         unsigned ctlr = h->ctlr;
329         loff_t *pos = v;
330         drive_info_struct *drv = &h->drv[*pos];
331
332         if (*pos > h->highest_lun)
333                 return 0;
334
335         if (drv->heads == 0)
336                 return 0;
337
338         vol_sz = drv->nr_blocks;
339         vol_sz_frac = sector_div(vol_sz, ENG_GIG_FACTOR);
340         vol_sz_frac *= 100;
341         sector_div(vol_sz_frac, ENG_GIG_FACTOR);
342
343         if (drv->raid_level < 0 || drv->raid_level > RAID_UNKNOWN)
344                 drv->raid_level = RAID_UNKNOWN;
345         seq_printf(seq, "cciss/c%dd%d:"
346                         "\t%4u.%02uGB\tRAID %s\n",
347                         ctlr, (int) *pos, (int)vol_sz, (int)vol_sz_frac,
348                         raid_label[drv->raid_level]);
349         return 0;
350 }
351
352 static void *cciss_seq_next(struct seq_file *seq, void *v, loff_t *pos)
353 {
354         ctlr_info_t *h = seq->private;
355
356         if (*pos > h->highest_lun)
357                 return NULL;
358         *pos += 1;
359
360         return pos;
361 }
362
363 static void cciss_seq_stop(struct seq_file *seq, void *v)
364 {
365         ctlr_info_t *h = seq->private;
366
367         /* Only reset h->busy_configuring if we succeeded in setting
368          * it during cciss_seq_start. */
369         if (v == ERR_PTR(-EBUSY))
370                 return;
371
372         h->busy_configuring = 0;
373 }
374
375 static const struct seq_operations cciss_seq_ops = {
376         .start = cciss_seq_start,
377         .show  = cciss_seq_show,
378         .next  = cciss_seq_next,
379         .stop  = cciss_seq_stop,
380 };
381
382 static int cciss_seq_open(struct inode *inode, struct file *file)
383 {
384         int ret = seq_open(file, &cciss_seq_ops);
385         struct seq_file *seq = file->private_data;
386
387         if (!ret)
388                 seq->private = PDE(inode)->data;
389
390         return ret;
391 }
392
393 static ssize_t
394 cciss_proc_write(struct file *file, const char __user *buf,
395                  size_t length, loff_t *ppos)
396 {
397         int err;
398         char *buffer;
399
400 #ifndef CONFIG_CISS_SCSI_TAPE
401         return -EINVAL;
402 #endif
403
404         if (!buf || length > PAGE_SIZE - 1)
405                 return -EINVAL;
406
407         buffer = (char *)__get_free_page(GFP_KERNEL);
408         if (!buffer)
409                 return -ENOMEM;
410
411         err = -EFAULT;
412         if (copy_from_user(buffer, buf, length))
413                 goto out;
414         buffer[length] = '\0';
415
416 #ifdef CONFIG_CISS_SCSI_TAPE
417         if (strncmp(ENGAGE_SCSI, buffer, sizeof ENGAGE_SCSI - 1) == 0) {
418                 struct seq_file *seq = file->private_data;
419                 ctlr_info_t *h = seq->private;
420                 int rc;
421
422                 rc = cciss_engage_scsi(h->ctlr);
423                 if (rc != 0)
424                         err = -rc;
425                 else
426                         err = length;
427         } else
428 #endif /* CONFIG_CISS_SCSI_TAPE */
429                 err = -EINVAL;
430         /* might be nice to have "disengage" too, but it's not
431            safely possible. (only 1 module use count, lock issues.) */
432
433 out:
434         free_page((unsigned long)buffer);
435         return err;
436 }
437
438 static struct file_operations cciss_proc_fops = {
439         .owner   = THIS_MODULE,
440         .open    = cciss_seq_open,
441         .read    = seq_read,
442         .llseek  = seq_lseek,
443         .release = seq_release,
444         .write   = cciss_proc_write,
445 };
446
447 static void __devinit cciss_procinit(int i)
448 {
449         struct proc_dir_entry *pde;
450
451         if (proc_cciss == NULL)
452                 proc_cciss = proc_mkdir("driver/cciss", NULL);
453         if (!proc_cciss)
454                 return;
455         pde = proc_create_data(hba[i]->devname, S_IWUSR | S_IRUSR | S_IRGRP |
456                                         S_IROTH, proc_cciss,
457                                         &cciss_proc_fops, hba[i]);
458 }
459 #endif                          /* CONFIG_PROC_FS */
460
461 #define MAX_PRODUCT_NAME_LEN 19
462
463 #define to_hba(n) container_of(n, struct ctlr_info, dev)
464
465 static ssize_t host_store_rescan(struct device *dev,
466                                  struct device_attribute *attr,
467                                  const char *buf, size_t count)
468 {
469         struct ctlr_info *h = to_hba(dev);
470
471         add_to_scan_list(h);
472         wake_up_process(cciss_scan_thread);
473         wait_for_completion_interruptible(&h->scan_wait);
474
475         return count;
476 }
477 DEVICE_ATTR(rescan, S_IWUSR, NULL, host_store_rescan);
478
479 static ssize_t dev_show_unique_id(struct device *dev,
480                                  struct device_attribute *attr,
481                                  char *buf)
482 {
483         drive_info_struct *drv = dev_get_drvdata(dev);
484         struct ctlr_info *h = to_hba(drv->dev->parent);
485         __u8 sn[16];
486         unsigned long flags;
487         int ret = 0;
488
489         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
490         if (h->busy_configuring)
491                 ret = -EBUSY;
492         else
493                 memcpy(sn, drv->serial_no, sizeof(sn));
494         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
495
496         if (ret)
497                 return ret;
498         else
499                 return snprintf(buf, 16 * 2 + 2,
500                                 "%02X%02X%02X%02X%02X%02X%02X%02X"
501                                 "%02X%02X%02X%02X%02X%02X%02X%02X\n",
502                                 sn[0], sn[1], sn[2], sn[3],
503                                 sn[4], sn[5], sn[6], sn[7],
504                                 sn[8], sn[9], sn[10], sn[11],
505                                 sn[12], sn[13], sn[14], sn[15]);
506 }
507 DEVICE_ATTR(unique_id, S_IRUGO, dev_show_unique_id, NULL);
508
509 static ssize_t dev_show_vendor(struct device *dev,
510                                struct device_attribute *attr,
511                                char *buf)
512 {
513         drive_info_struct *drv = dev_get_drvdata(dev);
514         struct ctlr_info *h = to_hba(drv->dev->parent);
515         char vendor[VENDOR_LEN + 1];
516         unsigned long flags;
517         int ret = 0;
518
519         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
520         if (h->busy_configuring)
521                 ret = -EBUSY;
522         else
523                 memcpy(vendor, drv->vendor, VENDOR_LEN + 1);
524         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
525
526         if (ret)
527                 return ret;
528         else
529                 return snprintf(buf, sizeof(vendor) + 1, "%s\n", drv->vendor);
530 }
531 DEVICE_ATTR(vendor, S_IRUGO, dev_show_vendor, NULL);
532
533 static ssize_t dev_show_model(struct device *dev,
534                               struct device_attribute *attr,
535                               char *buf)
536 {
537         drive_info_struct *drv = dev_get_drvdata(dev);
538         struct ctlr_info *h = to_hba(drv->dev->parent);
539         char model[MODEL_LEN + 1];
540         unsigned long flags;
541         int ret = 0;
542
543         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
544         if (h->busy_configuring)
545                 ret = -EBUSY;
546         else
547                 memcpy(model, drv->model, MODEL_LEN + 1);
548         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
549
550         if (ret)
551                 return ret;
552         else
553                 return snprintf(buf, sizeof(model) + 1, "%s\n", drv->model);
554 }
555 DEVICE_ATTR(model, S_IRUGO, dev_show_model, NULL);
556
557 static ssize_t dev_show_rev(struct device *dev,
558                             struct device_attribute *attr,
559                             char *buf)
560 {
561         drive_info_struct *drv = dev_get_drvdata(dev);
562         struct ctlr_info *h = to_hba(drv->dev->parent);
563         char rev[REV_LEN + 1];
564         unsigned long flags;
565         int ret = 0;
566
567         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
568         if (h->busy_configuring)
569                 ret = -EBUSY;
570         else
571                 memcpy(rev, drv->rev, REV_LEN + 1);
572         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
573
574         if (ret)
575                 return ret;
576         else
577                 return snprintf(buf, sizeof(rev) + 1, "%s\n", drv->rev);
578 }
579 DEVICE_ATTR(rev, S_IRUGO, dev_show_rev, NULL);
580
581 static ssize_t cciss_show_lunid(struct device *dev,
582                                 struct device_attribute *attr, char *buf)
583 {
584         drive_info_struct *drv = dev_get_drvdata(dev);
585         struct ctlr_info *h = to_hba(drv->dev->parent);
586         unsigned long flags;
587         unsigned char lunid[8];
588
589         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
590         if (h->busy_configuring) {
591                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
592                 return -EBUSY;
593         }
594         if (!drv->heads) {
595                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
596                 return -ENOTTY;
597         }
598         memcpy(lunid, drv->LunID, sizeof(lunid));
599         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
600         return snprintf(buf, 20, "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
601                 lunid[0], lunid[1], lunid[2], lunid[3],
602                 lunid[4], lunid[5], lunid[6], lunid[7]);
603 }
604 DEVICE_ATTR(lunid, S_IRUGO, cciss_show_lunid, NULL);
605
606 static ssize_t cciss_show_raid_level(struct device *dev,
607                                      struct device_attribute *attr, char *buf)
608 {
609         drive_info_struct *drv = dev_get_drvdata(dev);
610         struct ctlr_info *h = to_hba(drv->dev->parent);
611         int raid;
612         unsigned long flags;
613
614         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
615         if (h->busy_configuring) {
616                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
617                 return -EBUSY;
618         }
619         raid = drv->raid_level;
620         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
621         if (raid < 0 || raid > RAID_UNKNOWN)
622                 raid = RAID_UNKNOWN;
623
624         return snprintf(buf, strlen(raid_label[raid]) + 7, "RAID %s\n",
625                         raid_label[raid]);
626 }
627 DEVICE_ATTR(raid_level, S_IRUGO, cciss_show_raid_level, NULL);
628
629 static struct attribute *cciss_host_attrs[] = {
630         &dev_attr_rescan.attr,
631         NULL
632 };
633
634 static struct attribute_group cciss_host_attr_group = {
635         .attrs = cciss_host_attrs,
636 };
637
638 static struct attribute_group *cciss_host_attr_groups[] = {
639         &cciss_host_attr_group,
640         NULL
641 };
642
643 static struct device_type cciss_host_type = {
644         .name           = "cciss_host",
645         .groups         = cciss_host_attr_groups,
646         .release        = cciss_hba_release,
647 };
648
649 static struct attribute *cciss_dev_attrs[] = {
650         &dev_attr_unique_id.attr,
651         &dev_attr_model.attr,
652         &dev_attr_vendor.attr,
653         &dev_attr_rev.attr,
654         &dev_attr_lunid.attr,
655         &dev_attr_raid_level.attr,
656         NULL
657 };
658
659 static struct attribute_group cciss_dev_attr_group = {
660         .attrs = cciss_dev_attrs,
661 };
662
663 static const struct attribute_group *cciss_dev_attr_groups[] = {
664         &cciss_dev_attr_group,
665         NULL
666 };
667
668 static struct device_type cciss_dev_type = {
669         .name           = "cciss_device",
670         .groups         = cciss_dev_attr_groups,
671         .release        = cciss_device_release,
672 };
673
674 static struct bus_type cciss_bus_type = {
675         .name           = "cciss",
676 };
677
678 /*
679  * cciss_hba_release is called when the reference count
680  * of h->dev goes to zero.
681  */
682 static void cciss_hba_release(struct device *dev)
683 {
684         /*
685          * nothing to do, but need this to avoid a warning
686          * about not having a release handler from lib/kref.c.
687          */
688 }
689
690 /*
691  * Initialize sysfs entry for each controller.  This sets up and registers
692  * the 'cciss#' directory for each individual controller under
693  * /sys/bus/pci/devices/<dev>/.
694  */
695 static int cciss_create_hba_sysfs_entry(struct ctlr_info *h)
696 {
697         device_initialize(&h->dev);
698         h->dev.type = &cciss_host_type;
699         h->dev.bus = &cciss_bus_type;
700         dev_set_name(&h->dev, "%s", h->devname);
701         h->dev.parent = &h->pdev->dev;
702
703         return device_add(&h->dev);
704 }
705
706 /*
707  * Remove sysfs entries for an hba.
708  */
709 static void cciss_destroy_hba_sysfs_entry(struct ctlr_info *h)
710 {
711         device_del(&h->dev);
712         put_device(&h->dev); /* final put. */
713 }
714
715 /* cciss_device_release is called when the reference count
716  * of h->drv[x].dev goes to zero.
717  */
718 static void cciss_device_release(struct device *dev)
719 {
720         kfree(dev);
721 }
722
723 /*
724  * Initialize sysfs for each logical drive.  This sets up and registers
725  * the 'c#d#' directory for each individual logical drive under
726  * /sys/bus/pci/devices/<dev/ccis#/. We also create a link from
727  * /sys/block/cciss!c#d# to this entry.
728  */
729 static long cciss_create_ld_sysfs_entry(struct ctlr_info *h,
730                                        int drv_index)
731 {
732         struct device *dev;
733
734         /* Special case for c*d0, we only create it once. */
735         if (drv_index == 0 && h->drv[drv_index].dev != NULL)
736                 return 0;
737
738         dev = kzalloc(sizeof(*dev), GFP_KERNEL);
739         if (!dev)
740                 return -ENOMEM;
741         device_initialize(dev);
742         dev->type = &cciss_dev_type;
743         dev->bus = &cciss_bus_type;
744         dev_set_name(dev, "c%dd%d", h->ctlr, drv_index);
745         dev->parent = &h->dev;
746         h->drv[drv_index].dev = dev;
747         dev_set_drvdata(dev, &h->drv[drv_index]);
748         return device_add(dev);
749 }
750
751 /*
752  * Remove sysfs entries for a logical drive.
753  */
754 static void cciss_destroy_ld_sysfs_entry(struct ctlr_info *h, int drv_index,
755         int ctlr_exiting)
756 {
757         struct device *dev = h->drv[drv_index].dev;
758
759         /* special case for c*d0, we only destroy it on controller exit */
760         if (drv_index == 0 && !ctlr_exiting)
761                 return;
762
763         device_del(dev);
764         put_device(dev); /* the "final" put. */
765         h->drv[drv_index].dev = NULL;
766 }
767
768 /*
769  * For operations that cannot sleep, a command block is allocated at init,
770  * and managed by cmd_alloc() and cmd_free() using a simple bitmap to track
771  * which ones are free or in use.  For operations that can wait for kmalloc
772  * to possible sleep, this routine can be called with get_from_pool set to 0.
773  * cmd_free() MUST be called with a got_from_pool set to 0 if cmd_alloc was.
774  */
775 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool)
776 {
777         CommandList_struct *c;
778         int i;
779         u64bit temp64;
780         dma_addr_t cmd_dma_handle, err_dma_handle;
781
782         if (!get_from_pool) {
783                 c = (CommandList_struct *) pci_alloc_consistent(h->pdev,
784                         sizeof(CommandList_struct), &cmd_dma_handle);
785                 if (c == NULL)
786                         return NULL;
787                 memset(c, 0, sizeof(CommandList_struct));
788
789                 c->cmdindex = -1;
790
791                 c->err_info = (ErrorInfo_struct *)
792                     pci_alloc_consistent(h->pdev, sizeof(ErrorInfo_struct),
793                             &err_dma_handle);
794
795                 if (c->err_info == NULL) {
796                         pci_free_consistent(h->pdev,
797                                 sizeof(CommandList_struct), c, cmd_dma_handle);
798                         return NULL;
799                 }
800                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
801         } else {                /* get it out of the controllers pool */
802
803                 do {
804                         i = find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds);
805                         if (i == h->nr_cmds)
806                                 return NULL;
807                 } while (test_and_set_bit
808                          (i & (BITS_PER_LONG - 1),
809                           h->cmd_pool_bits + (i / BITS_PER_LONG)) != 0);
810 #ifdef CCISS_DEBUG
811                 printk(KERN_DEBUG "cciss: using command buffer %d\n", i);
812 #endif
813                 c = h->cmd_pool + i;
814                 memset(c, 0, sizeof(CommandList_struct));
815                 cmd_dma_handle = h->cmd_pool_dhandle
816                     + i * sizeof(CommandList_struct);
817                 c->err_info = h->errinfo_pool + i;
818                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
819                 err_dma_handle = h->errinfo_pool_dhandle
820                     + i * sizeof(ErrorInfo_struct);
821                 h->nr_allocs++;
822
823                 c->cmdindex = i;
824         }
825
826         INIT_HLIST_NODE(&c->list);
827         c->busaddr = (__u32) cmd_dma_handle;
828         temp64.val = (__u64) err_dma_handle;
829         c->ErrDesc.Addr.lower = temp64.val32.lower;
830         c->ErrDesc.Addr.upper = temp64.val32.upper;
831         c->ErrDesc.Len = sizeof(ErrorInfo_struct);
832
833         c->ctlr = h->ctlr;
834         return c;
835 }
836
837 /*
838  * Frees a command block that was previously allocated with cmd_alloc().
839  */
840 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool)
841 {
842         int i;
843         u64bit temp64;
844
845         if (!got_from_pool) {
846                 temp64.val32.lower = c->ErrDesc.Addr.lower;
847                 temp64.val32.upper = c->ErrDesc.Addr.upper;
848                 pci_free_consistent(h->pdev, sizeof(ErrorInfo_struct),
849                                     c->err_info, (dma_addr_t) temp64.val);
850                 pci_free_consistent(h->pdev, sizeof(CommandList_struct),
851                                     c, (dma_addr_t) c->busaddr);
852         } else {
853                 i = c - h->cmd_pool;
854                 clear_bit(i & (BITS_PER_LONG - 1),
855                           h->cmd_pool_bits + (i / BITS_PER_LONG));
856                 h->nr_frees++;
857         }
858 }
859
860 static inline ctlr_info_t *get_host(struct gendisk *disk)
861 {
862         return disk->queue->queuedata;
863 }
864
865 static inline drive_info_struct *get_drv(struct gendisk *disk)
866 {
867         return disk->private_data;
868 }
869
870 /*
871  * Open.  Make sure the device is really there.
872  */
873 static int cciss_open(struct block_device *bdev, fmode_t mode)
874 {
875         ctlr_info_t *host = get_host(bdev->bd_disk);
876         drive_info_struct *drv = get_drv(bdev->bd_disk);
877
878 #ifdef CCISS_DEBUG
879         printk(KERN_DEBUG "cciss_open %s\n", bdev->bd_disk->disk_name);
880 #endif                          /* CCISS_DEBUG */
881
882         if (drv->busy_configuring)
883                 return -EBUSY;
884         /*
885          * Root is allowed to open raw volume zero even if it's not configured
886          * so array config can still work. Root is also allowed to open any
887          * volume that has a LUN ID, so it can issue IOCTL to reread the
888          * disk information.  I don't think I really like this
889          * but I'm already using way to many device nodes to claim another one
890          * for "raw controller".
891          */
892         if (drv->heads == 0) {
893                 if (MINOR(bdev->bd_dev) != 0) { /* not node 0? */
894                         /* if not node 0 make sure it is a partition = 0 */
895                         if (MINOR(bdev->bd_dev) & 0x0f) {
896                                 return -ENXIO;
897                                 /* if it is, make sure we have a LUN ID */
898                         } else if (memcmp(drv->LunID, CTLR_LUNID,
899                                 sizeof(drv->LunID))) {
900                                 return -ENXIO;
901                         }
902                 }
903                 if (!capable(CAP_SYS_ADMIN))
904                         return -EPERM;
905         }
906         drv->usage_count++;
907         host->usage_count++;
908         return 0;
909 }
910
911 /*
912  * Close.  Sync first.
913  */
914 static int cciss_release(struct gendisk *disk, fmode_t mode)
915 {
916         ctlr_info_t *host = get_host(disk);
917         drive_info_struct *drv = get_drv(disk);
918
919 #ifdef CCISS_DEBUG
920         printk(KERN_DEBUG "cciss_release %s\n", disk->disk_name);
921 #endif                          /* CCISS_DEBUG */
922
923         drv->usage_count--;
924         host->usage_count--;
925         return 0;
926 }
927
928 #ifdef CONFIG_COMPAT
929
930 static int do_ioctl(struct block_device *bdev, fmode_t mode,
931                     unsigned cmd, unsigned long arg)
932 {
933         int ret;
934         lock_kernel();
935         ret = cciss_ioctl(bdev, mode, cmd, arg);
936         unlock_kernel();
937         return ret;
938 }
939
940 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
941                                   unsigned cmd, unsigned long arg);
942 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
943                                       unsigned cmd, unsigned long arg);
944
945 static int cciss_compat_ioctl(struct block_device *bdev, fmode_t mode,
946                               unsigned cmd, unsigned long arg)
947 {
948         switch (cmd) {
949         case CCISS_GETPCIINFO:
950         case CCISS_GETINTINFO:
951         case CCISS_SETINTINFO:
952         case CCISS_GETNODENAME:
953         case CCISS_SETNODENAME:
954         case CCISS_GETHEARTBEAT:
955         case CCISS_GETBUSTYPES:
956         case CCISS_GETFIRMVER:
957         case CCISS_GETDRIVVER:
958         case CCISS_REVALIDVOLS:
959         case CCISS_DEREGDISK:
960         case CCISS_REGNEWDISK:
961         case CCISS_REGNEWD:
962         case CCISS_RESCANDISK:
963         case CCISS_GETLUNINFO:
964                 return do_ioctl(bdev, mode, cmd, arg);
965
966         case CCISS_PASSTHRU32:
967                 return cciss_ioctl32_passthru(bdev, mode, cmd, arg);
968         case CCISS_BIG_PASSTHRU32:
969                 return cciss_ioctl32_big_passthru(bdev, mode, cmd, arg);
970
971         default:
972                 return -ENOIOCTLCMD;
973         }
974 }
975
976 static int cciss_ioctl32_passthru(struct block_device *bdev, fmode_t mode,
977                                   unsigned cmd, unsigned long arg)
978 {
979         IOCTL32_Command_struct __user *arg32 =
980             (IOCTL32_Command_struct __user *) arg;
981         IOCTL_Command_struct arg64;
982         IOCTL_Command_struct __user *p = compat_alloc_user_space(sizeof(arg64));
983         int err;
984         u32 cp;
985
986         err = 0;
987         err |=
988             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
989                            sizeof(arg64.LUN_info));
990         err |=
991             copy_from_user(&arg64.Request, &arg32->Request,
992                            sizeof(arg64.Request));
993         err |=
994             copy_from_user(&arg64.error_info, &arg32->error_info,
995                            sizeof(arg64.error_info));
996         err |= get_user(arg64.buf_size, &arg32->buf_size);
997         err |= get_user(cp, &arg32->buf);
998         arg64.buf = compat_ptr(cp);
999         err |= copy_to_user(p, &arg64, sizeof(arg64));
1000
1001         if (err)
1002                 return -EFAULT;
1003
1004         err = do_ioctl(bdev, mode, CCISS_PASSTHRU, (unsigned long)p);
1005         if (err)
1006                 return err;
1007         err |=
1008             copy_in_user(&arg32->error_info, &p->error_info,
1009                          sizeof(arg32->error_info));
1010         if (err)
1011                 return -EFAULT;
1012         return err;
1013 }
1014
1015 static int cciss_ioctl32_big_passthru(struct block_device *bdev, fmode_t mode,
1016                                       unsigned cmd, unsigned long arg)
1017 {
1018         BIG_IOCTL32_Command_struct __user *arg32 =
1019             (BIG_IOCTL32_Command_struct __user *) arg;
1020         BIG_IOCTL_Command_struct arg64;
1021         BIG_IOCTL_Command_struct __user *p =
1022             compat_alloc_user_space(sizeof(arg64));
1023         int err;
1024         u32 cp;
1025
1026         err = 0;
1027         err |=
1028             copy_from_user(&arg64.LUN_info, &arg32->LUN_info,
1029                            sizeof(arg64.LUN_info));
1030         err |=
1031             copy_from_user(&arg64.Request, &arg32->Request,
1032                            sizeof(arg64.Request));
1033         err |=
1034             copy_from_user(&arg64.error_info, &arg32->error_info,
1035                            sizeof(arg64.error_info));
1036         err |= get_user(arg64.buf_size, &arg32->buf_size);
1037         err |= get_user(arg64.malloc_size, &arg32->malloc_size);
1038         err |= get_user(cp, &arg32->buf);
1039         arg64.buf = compat_ptr(cp);
1040         err |= copy_to_user(p, &arg64, sizeof(arg64));
1041
1042         if (err)
1043                 return -EFAULT;
1044
1045         err = do_ioctl(bdev, mode, CCISS_BIG_PASSTHRU, (unsigned long)p);
1046         if (err)
1047                 return err;
1048         err |=
1049             copy_in_user(&arg32->error_info, &p->error_info,
1050                          sizeof(arg32->error_info));
1051         if (err)
1052                 return -EFAULT;
1053         return err;
1054 }
1055 #endif
1056
1057 static int cciss_getgeo(struct block_device *bdev, struct hd_geometry *geo)
1058 {
1059         drive_info_struct *drv = get_drv(bdev->bd_disk);
1060
1061         if (!drv->cylinders)
1062                 return -ENXIO;
1063
1064         geo->heads = drv->heads;
1065         geo->sectors = drv->sectors;
1066         geo->cylinders = drv->cylinders;
1067         return 0;
1068 }
1069
1070 static void check_ioctl_unit_attention(ctlr_info_t *host, CommandList_struct *c)
1071 {
1072         if (c->err_info->CommandStatus == CMD_TARGET_STATUS &&
1073                         c->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION)
1074                 (void)check_for_unit_attention(host, c);
1075 }
1076 /*
1077  * ioctl
1078  */
1079 static int cciss_ioctl(struct block_device *bdev, fmode_t mode,
1080                        unsigned int cmd, unsigned long arg)
1081 {
1082         struct gendisk *disk = bdev->bd_disk;
1083         ctlr_info_t *host = get_host(disk);
1084         drive_info_struct *drv = get_drv(disk);
1085         int ctlr = host->ctlr;
1086         void __user *argp = (void __user *)arg;
1087
1088 #ifdef CCISS_DEBUG
1089         printk(KERN_DEBUG "cciss_ioctl: Called with cmd=%x %lx\n", cmd, arg);
1090 #endif                          /* CCISS_DEBUG */
1091
1092         switch (cmd) {
1093         case CCISS_GETPCIINFO:
1094                 {
1095                         cciss_pci_info_struct pciinfo;
1096
1097                         if (!arg)
1098                                 return -EINVAL;
1099                         pciinfo.domain = pci_domain_nr(host->pdev->bus);
1100                         pciinfo.bus = host->pdev->bus->number;
1101                         pciinfo.dev_fn = host->pdev->devfn;
1102                         pciinfo.board_id = host->board_id;
1103                         if (copy_to_user
1104                             (argp, &pciinfo, sizeof(cciss_pci_info_struct)))
1105                                 return -EFAULT;
1106                         return 0;
1107                 }
1108         case CCISS_GETINTINFO:
1109                 {
1110                         cciss_coalint_struct intinfo;
1111                         if (!arg)
1112                                 return -EINVAL;
1113                         intinfo.delay =
1114                             readl(&host->cfgtable->HostWrite.CoalIntDelay);
1115                         intinfo.count =
1116                             readl(&host->cfgtable->HostWrite.CoalIntCount);
1117                         if (copy_to_user
1118                             (argp, &intinfo, sizeof(cciss_coalint_struct)))
1119                                 return -EFAULT;
1120                         return 0;
1121                 }
1122         case CCISS_SETINTINFO:
1123                 {
1124                         cciss_coalint_struct intinfo;
1125                         unsigned long flags;
1126                         int i;
1127
1128                         if (!arg)
1129                                 return -EINVAL;
1130                         if (!capable(CAP_SYS_ADMIN))
1131                                 return -EPERM;
1132                         if (copy_from_user
1133                             (&intinfo, argp, sizeof(cciss_coalint_struct)))
1134                                 return -EFAULT;
1135                         if ((intinfo.delay == 0) && (intinfo.count == 0))
1136                         {
1137 //                      printk("cciss_ioctl: delay and count cannot be 0\n");
1138                                 return -EINVAL;
1139                         }
1140                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1141                         /* Update the field, and then ring the doorbell */
1142                         writel(intinfo.delay,
1143                                &(host->cfgtable->HostWrite.CoalIntDelay));
1144                         writel(intinfo.count,
1145                                &(host->cfgtable->HostWrite.CoalIntCount));
1146                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
1147
1148                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
1149                                 if (!(readl(host->vaddr + SA5_DOORBELL)
1150                                       & CFGTBL_ChangeReq))
1151                                         break;
1152                                 /* delay and try again */
1153                                 udelay(1000);
1154                         }
1155                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1156                         if (i >= MAX_IOCTL_CONFIG_WAIT)
1157                                 return -EAGAIN;
1158                         return 0;
1159                 }
1160         case CCISS_GETNODENAME:
1161                 {
1162                         NodeName_type NodeName;
1163                         int i;
1164
1165                         if (!arg)
1166                                 return -EINVAL;
1167                         for (i = 0; i < 16; i++)
1168                                 NodeName[i] =
1169                                     readb(&host->cfgtable->ServerName[i]);
1170                         if (copy_to_user(argp, NodeName, sizeof(NodeName_type)))
1171                                 return -EFAULT;
1172                         return 0;
1173                 }
1174         case CCISS_SETNODENAME:
1175                 {
1176                         NodeName_type NodeName;
1177                         unsigned long flags;
1178                         int i;
1179
1180                         if (!arg)
1181                                 return -EINVAL;
1182                         if (!capable(CAP_SYS_ADMIN))
1183                                 return -EPERM;
1184
1185                         if (copy_from_user
1186                             (NodeName, argp, sizeof(NodeName_type)))
1187                                 return -EFAULT;
1188
1189                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1190
1191                         /* Update the field, and then ring the doorbell */
1192                         for (i = 0; i < 16; i++)
1193                                 writeb(NodeName[i],
1194                                        &host->cfgtable->ServerName[i]);
1195
1196                         writel(CFGTBL_ChangeReq, host->vaddr + SA5_DOORBELL);
1197
1198                         for (i = 0; i < MAX_IOCTL_CONFIG_WAIT; i++) {
1199                                 if (!(readl(host->vaddr + SA5_DOORBELL)
1200                                       & CFGTBL_ChangeReq))
1201                                         break;
1202                                 /* delay and try again */
1203                                 udelay(1000);
1204                         }
1205                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1206                         if (i >= MAX_IOCTL_CONFIG_WAIT)
1207                                 return -EAGAIN;
1208                         return 0;
1209                 }
1210
1211         case CCISS_GETHEARTBEAT:
1212                 {
1213                         Heartbeat_type heartbeat;
1214
1215                         if (!arg)
1216                                 return -EINVAL;
1217                         heartbeat = readl(&host->cfgtable->HeartBeat);
1218                         if (copy_to_user
1219                             (argp, &heartbeat, sizeof(Heartbeat_type)))
1220                                 return -EFAULT;
1221                         return 0;
1222                 }
1223         case CCISS_GETBUSTYPES:
1224                 {
1225                         BusTypes_type BusTypes;
1226
1227                         if (!arg)
1228                                 return -EINVAL;
1229                         BusTypes = readl(&host->cfgtable->BusTypes);
1230                         if (copy_to_user
1231                             (argp, &BusTypes, sizeof(BusTypes_type)))
1232                                 return -EFAULT;
1233                         return 0;
1234                 }
1235         case CCISS_GETFIRMVER:
1236                 {
1237                         FirmwareVer_type firmware;
1238
1239                         if (!arg)
1240                                 return -EINVAL;
1241                         memcpy(firmware, host->firm_ver, 4);
1242
1243                         if (copy_to_user
1244                             (argp, firmware, sizeof(FirmwareVer_type)))
1245                                 return -EFAULT;
1246                         return 0;
1247                 }
1248         case CCISS_GETDRIVVER:
1249                 {
1250                         DriverVer_type DriverVer = DRIVER_VERSION;
1251
1252                         if (!arg)
1253                                 return -EINVAL;
1254
1255                         if (copy_to_user
1256                             (argp, &DriverVer, sizeof(DriverVer_type)))
1257                                 return -EFAULT;
1258                         return 0;
1259                 }
1260
1261         case CCISS_DEREGDISK:
1262         case CCISS_REGNEWD:
1263         case CCISS_REVALIDVOLS:
1264                 return rebuild_lun_table(host, 0, 1);
1265
1266         case CCISS_GETLUNINFO:{
1267                         LogvolInfo_struct luninfo;
1268
1269                         memcpy(&luninfo.LunID, drv->LunID,
1270                                 sizeof(luninfo.LunID));
1271                         luninfo.num_opens = drv->usage_count;
1272                         luninfo.num_parts = 0;
1273                         if (copy_to_user(argp, &luninfo,
1274                                          sizeof(LogvolInfo_struct)))
1275                                 return -EFAULT;
1276                         return 0;
1277                 }
1278         case CCISS_PASSTHRU:
1279                 {
1280                         IOCTL_Command_struct iocommand;
1281                         CommandList_struct *c;
1282                         char *buff = NULL;
1283                         u64bit temp64;
1284                         unsigned long flags;
1285                         DECLARE_COMPLETION_ONSTACK(wait);
1286
1287                         if (!arg)
1288                                 return -EINVAL;
1289
1290                         if (!capable(CAP_SYS_RAWIO))
1291                                 return -EPERM;
1292
1293                         if (copy_from_user
1294                             (&iocommand, argp, sizeof(IOCTL_Command_struct)))
1295                                 return -EFAULT;
1296                         if ((iocommand.buf_size < 1) &&
1297                             (iocommand.Request.Type.Direction != XFER_NONE)) {
1298                                 return -EINVAL;
1299                         }
1300 #if 0                           /* 'buf_size' member is 16-bits, and always smaller than kmalloc limit */
1301                         /* Check kmalloc limits */
1302                         if (iocommand.buf_size > 128000)
1303                                 return -EINVAL;
1304 #endif
1305                         if (iocommand.buf_size > 0) {
1306                                 buff = kmalloc(iocommand.buf_size, GFP_KERNEL);
1307                                 if (buff == NULL)
1308                                         return -EFAULT;
1309                         }
1310                         if (iocommand.Request.Type.Direction == XFER_WRITE) {
1311                                 /* Copy the data into the buffer we created */
1312                                 if (copy_from_user
1313                                     (buff, iocommand.buf, iocommand.buf_size)) {
1314                                         kfree(buff);
1315                                         return -EFAULT;
1316                                 }
1317                         } else {
1318                                 memset(buff, 0, iocommand.buf_size);
1319                         }
1320                         if ((c = cmd_alloc(host, 0)) == NULL) {
1321                                 kfree(buff);
1322                                 return -ENOMEM;
1323                         }
1324                         // Fill in the command type
1325                         c->cmd_type = CMD_IOCTL_PEND;
1326                         // Fill in Command Header
1327                         c->Header.ReplyQueue = 0;       // unused in simple mode
1328                         if (iocommand.buf_size > 0)     // buffer to fill
1329                         {
1330                                 c->Header.SGList = 1;
1331                                 c->Header.SGTotal = 1;
1332                         } else  // no buffers to fill
1333                         {
1334                                 c->Header.SGList = 0;
1335                                 c->Header.SGTotal = 0;
1336                         }
1337                         c->Header.LUN = iocommand.LUN_info;
1338                         c->Header.Tag.lower = c->busaddr;       // use the kernel address the cmd block for tag
1339
1340                         // Fill in Request block
1341                         c->Request = iocommand.Request;
1342
1343                         // Fill in the scatter gather information
1344                         if (iocommand.buf_size > 0) {
1345                                 temp64.val = pci_map_single(host->pdev, buff,
1346                                         iocommand.buf_size,
1347                                         PCI_DMA_BIDIRECTIONAL);
1348                                 c->SG[0].Addr.lower = temp64.val32.lower;
1349                                 c->SG[0].Addr.upper = temp64.val32.upper;
1350                                 c->SG[0].Len = iocommand.buf_size;
1351                                 c->SG[0].Ext = 0;       // we are not chaining
1352                         }
1353                         c->waiting = &wait;
1354
1355                         /* Put the request on the tail of the request queue */
1356                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1357                         addQ(&host->reqQ, c);
1358                         host->Qdepth++;
1359                         start_io(host);
1360                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1361
1362                         wait_for_completion(&wait);
1363
1364                         /* unlock the buffers from DMA */
1365                         temp64.val32.lower = c->SG[0].Addr.lower;
1366                         temp64.val32.upper = c->SG[0].Addr.upper;
1367                         pci_unmap_single(host->pdev, (dma_addr_t) temp64.val,
1368                                          iocommand.buf_size,
1369                                          PCI_DMA_BIDIRECTIONAL);
1370
1371                         check_ioctl_unit_attention(host, c);
1372
1373                         /* Copy the error information out */
1374                         iocommand.error_info = *(c->err_info);
1375                         if (copy_to_user
1376                             (argp, &iocommand, sizeof(IOCTL_Command_struct))) {
1377                                 kfree(buff);
1378                                 cmd_free(host, c, 0);
1379                                 return -EFAULT;
1380                         }
1381
1382                         if (iocommand.Request.Type.Direction == XFER_READ) {
1383                                 /* Copy the data out of the buffer we created */
1384                                 if (copy_to_user
1385                                     (iocommand.buf, buff, iocommand.buf_size)) {
1386                                         kfree(buff);
1387                                         cmd_free(host, c, 0);
1388                                         return -EFAULT;
1389                                 }
1390                         }
1391                         kfree(buff);
1392                         cmd_free(host, c, 0);
1393                         return 0;
1394                 }
1395         case CCISS_BIG_PASSTHRU:{
1396                         BIG_IOCTL_Command_struct *ioc;
1397                         CommandList_struct *c;
1398                         unsigned char **buff = NULL;
1399                         int *buff_size = NULL;
1400                         u64bit temp64;
1401                         unsigned long flags;
1402                         BYTE sg_used = 0;
1403                         int status = 0;
1404                         int i;
1405                         DECLARE_COMPLETION_ONSTACK(wait);
1406                         __u32 left;
1407                         __u32 sz;
1408                         BYTE __user *data_ptr;
1409
1410                         if (!arg)
1411                                 return -EINVAL;
1412                         if (!capable(CAP_SYS_RAWIO))
1413                                 return -EPERM;
1414                         ioc = (BIG_IOCTL_Command_struct *)
1415                             kmalloc(sizeof(*ioc), GFP_KERNEL);
1416                         if (!ioc) {
1417                                 status = -ENOMEM;
1418                                 goto cleanup1;
1419                         }
1420                         if (copy_from_user(ioc, argp, sizeof(*ioc))) {
1421                                 status = -EFAULT;
1422                                 goto cleanup1;
1423                         }
1424                         if ((ioc->buf_size < 1) &&
1425                             (ioc->Request.Type.Direction != XFER_NONE)) {
1426                                 status = -EINVAL;
1427                                 goto cleanup1;
1428                         }
1429                         /* Check kmalloc limits  using all SGs */
1430                         if (ioc->malloc_size > MAX_KMALLOC_SIZE) {
1431                                 status = -EINVAL;
1432                                 goto cleanup1;
1433                         }
1434                         if (ioc->buf_size > ioc->malloc_size * MAXSGENTRIES) {
1435                                 status = -EINVAL;
1436                                 goto cleanup1;
1437                         }
1438                         buff =
1439                             kzalloc(MAXSGENTRIES * sizeof(char *), GFP_KERNEL);
1440                         if (!buff) {
1441                                 status = -ENOMEM;
1442                                 goto cleanup1;
1443                         }
1444                         buff_size = kmalloc(MAXSGENTRIES * sizeof(int),
1445                                                    GFP_KERNEL);
1446                         if (!buff_size) {
1447                                 status = -ENOMEM;
1448                                 goto cleanup1;
1449                         }
1450                         left = ioc->buf_size;
1451                         data_ptr = ioc->buf;
1452                         while (left) {
1453                                 sz = (left >
1454                                       ioc->malloc_size) ? ioc->
1455                                     malloc_size : left;
1456                                 buff_size[sg_used] = sz;
1457                                 buff[sg_used] = kmalloc(sz, GFP_KERNEL);
1458                                 if (buff[sg_used] == NULL) {
1459                                         status = -ENOMEM;
1460                                         goto cleanup1;
1461                                 }
1462                                 if (ioc->Request.Type.Direction == XFER_WRITE) {
1463                                         if (copy_from_user
1464                                             (buff[sg_used], data_ptr, sz)) {
1465                                                 status = -EFAULT;
1466                                                 goto cleanup1;
1467                                         }
1468                                 } else {
1469                                         memset(buff[sg_used], 0, sz);
1470                                 }
1471                                 left -= sz;
1472                                 data_ptr += sz;
1473                                 sg_used++;
1474                         }
1475                         if ((c = cmd_alloc(host, 0)) == NULL) {
1476                                 status = -ENOMEM;
1477                                 goto cleanup1;
1478                         }
1479                         c->cmd_type = CMD_IOCTL_PEND;
1480                         c->Header.ReplyQueue = 0;
1481
1482                         if (ioc->buf_size > 0) {
1483                                 c->Header.SGList = sg_used;
1484                                 c->Header.SGTotal = sg_used;
1485                         } else {
1486                                 c->Header.SGList = 0;
1487                                 c->Header.SGTotal = 0;
1488                         }
1489                         c->Header.LUN = ioc->LUN_info;
1490                         c->Header.Tag.lower = c->busaddr;
1491
1492                         c->Request = ioc->Request;
1493                         if (ioc->buf_size > 0) {
1494                                 int i;
1495                                 for (i = 0; i < sg_used; i++) {
1496                                         temp64.val =
1497                                             pci_map_single(host->pdev, buff[i],
1498                                                     buff_size[i],
1499                                                     PCI_DMA_BIDIRECTIONAL);
1500                                         c->SG[i].Addr.lower =
1501                                             temp64.val32.lower;
1502                                         c->SG[i].Addr.upper =
1503                                             temp64.val32.upper;
1504                                         c->SG[i].Len = buff_size[i];
1505                                         c->SG[i].Ext = 0;       /* we are not chaining */
1506                                 }
1507                         }
1508                         c->waiting = &wait;
1509                         /* Put the request on the tail of the request queue */
1510                         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1511                         addQ(&host->reqQ, c);
1512                         host->Qdepth++;
1513                         start_io(host);
1514                         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1515                         wait_for_completion(&wait);
1516                         /* unlock the buffers from DMA */
1517                         for (i = 0; i < sg_used; i++) {
1518                                 temp64.val32.lower = c->SG[i].Addr.lower;
1519                                 temp64.val32.upper = c->SG[i].Addr.upper;
1520                                 pci_unmap_single(host->pdev,
1521                                         (dma_addr_t) temp64.val, buff_size[i],
1522                                         PCI_DMA_BIDIRECTIONAL);
1523                         }
1524                         check_ioctl_unit_attention(host, c);
1525                         /* Copy the error information out */
1526                         ioc->error_info = *(c->err_info);
1527                         if (copy_to_user(argp, ioc, sizeof(*ioc))) {
1528                                 cmd_free(host, c, 0);
1529                                 status = -EFAULT;
1530                                 goto cleanup1;
1531                         }
1532                         if (ioc->Request.Type.Direction == XFER_READ) {
1533                                 /* Copy the data out of the buffer we created */
1534                                 BYTE __user *ptr = ioc->buf;
1535                                 for (i = 0; i < sg_used; i++) {
1536                                         if (copy_to_user
1537                                             (ptr, buff[i], buff_size[i])) {
1538                                                 cmd_free(host, c, 0);
1539                                                 status = -EFAULT;
1540                                                 goto cleanup1;
1541                                         }
1542                                         ptr += buff_size[i];
1543                                 }
1544                         }
1545                         cmd_free(host, c, 0);
1546                         status = 0;
1547                       cleanup1:
1548                         if (buff) {
1549                                 for (i = 0; i < sg_used; i++)
1550                                         kfree(buff[i]);
1551                                 kfree(buff);
1552                         }
1553                         kfree(buff_size);
1554                         kfree(ioc);
1555                         return status;
1556                 }
1557
1558         /* scsi_cmd_ioctl handles these, below, though some are not */
1559         /* very meaningful for cciss.  SG_IO is the main one people want. */
1560
1561         case SG_GET_VERSION_NUM:
1562         case SG_SET_TIMEOUT:
1563         case SG_GET_TIMEOUT:
1564         case SG_GET_RESERVED_SIZE:
1565         case SG_SET_RESERVED_SIZE:
1566         case SG_EMULATED_HOST:
1567         case SG_IO:
1568         case SCSI_IOCTL_SEND_COMMAND:
1569                 return scsi_cmd_ioctl(disk->queue, disk, mode, cmd, argp);
1570
1571         /* scsi_cmd_ioctl would normally handle these, below, but */
1572         /* they aren't a good fit for cciss, as CD-ROMs are */
1573         /* not supported, and we don't have any bus/target/lun */
1574         /* which we present to the kernel. */
1575
1576         case CDROM_SEND_PACKET:
1577         case CDROMCLOSETRAY:
1578         case CDROMEJECT:
1579         case SCSI_IOCTL_GET_IDLUN:
1580         case SCSI_IOCTL_GET_BUS_NUMBER:
1581         default:
1582                 return -ENOTTY;
1583         }
1584 }
1585
1586 static void cciss_check_queues(ctlr_info_t *h)
1587 {
1588         int start_queue = h->next_to_run;
1589         int i;
1590
1591         /* check to see if we have maxed out the number of commands that can
1592          * be placed on the queue.  If so then exit.  We do this check here
1593          * in case the interrupt we serviced was from an ioctl and did not
1594          * free any new commands.
1595          */
1596         if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds)
1597                 return;
1598
1599         /* We have room on the queue for more commands.  Now we need to queue
1600          * them up.  We will also keep track of the next queue to run so
1601          * that every queue gets a chance to be started first.
1602          */
1603         for (i = 0; i < h->highest_lun + 1; i++) {
1604                 int curr_queue = (start_queue + i) % (h->highest_lun + 1);
1605                 /* make sure the disk has been added and the drive is real
1606                  * because this can be called from the middle of init_one.
1607                  */
1608                 if (!(h->drv[curr_queue].queue) || !(h->drv[curr_queue].heads))
1609                         continue;
1610                 blk_start_queue(h->gendisk[curr_queue]->queue);
1611
1612                 /* check to see if we have maxed out the number of commands
1613                  * that can be placed on the queue.
1614                  */
1615                 if ((find_first_zero_bit(h->cmd_pool_bits, h->nr_cmds)) == h->nr_cmds) {
1616                         if (curr_queue == start_queue) {
1617                                 h->next_to_run =
1618                                     (start_queue + 1) % (h->highest_lun + 1);
1619                                 break;
1620                         } else {
1621                                 h->next_to_run = curr_queue;
1622                                 break;
1623                         }
1624                 }
1625         }
1626 }
1627
1628 static void cciss_softirq_done(struct request *rq)
1629 {
1630         CommandList_struct *cmd = rq->completion_data;
1631         ctlr_info_t *h = hba[cmd->ctlr];
1632         unsigned long flags;
1633         u64bit temp64;
1634         int i, ddir;
1635
1636         if (cmd->Request.Type.Direction == XFER_READ)
1637                 ddir = PCI_DMA_FROMDEVICE;
1638         else
1639                 ddir = PCI_DMA_TODEVICE;
1640
1641         /* command did not need to be retried */
1642         /* unmap the DMA mapping for all the scatter gather elements */
1643         for (i = 0; i < cmd->Header.SGList; i++) {
1644                 temp64.val32.lower = cmd->SG[i].Addr.lower;
1645                 temp64.val32.upper = cmd->SG[i].Addr.upper;
1646                 pci_unmap_page(h->pdev, temp64.val, cmd->SG[i].Len, ddir);
1647         }
1648
1649 #ifdef CCISS_DEBUG
1650         printk("Done with %p\n", rq);
1651 #endif                          /* CCISS_DEBUG */
1652
1653         /* set the residual count for pc requests */
1654         if (blk_pc_request(rq))
1655                 rq->resid_len = cmd->err_info->ResidualCnt;
1656
1657         blk_end_request_all(rq, (rq->errors == 0) ? 0 : -EIO);
1658
1659         spin_lock_irqsave(&h->lock, flags);
1660         cmd_free(h, cmd, 1);
1661         cciss_check_queues(h);
1662         spin_unlock_irqrestore(&h->lock, flags);
1663 }
1664
1665 static inline void log_unit_to_scsi3addr(ctlr_info_t *h,
1666         unsigned char scsi3addr[], uint32_t log_unit)
1667 {
1668         memcpy(scsi3addr, h->drv[log_unit].LunID,
1669                 sizeof(h->drv[log_unit].LunID));
1670 }
1671
1672 /* This function gets the SCSI vendor, model, and revision of a logical drive
1673  * via the inquiry page 0.  Model, vendor, and rev are set to empty strings if
1674  * they cannot be read.
1675  */
1676 static void cciss_get_device_descr(int ctlr, int logvol, int withirq,
1677                                    char *vendor, char *model, char *rev)
1678 {
1679         int rc;
1680         InquiryData_struct *inq_buf;
1681         unsigned char scsi3addr[8];
1682
1683         *vendor = '\0';
1684         *model = '\0';
1685         *rev = '\0';
1686
1687         inq_buf = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1688         if (!inq_buf)
1689                 return;
1690
1691         log_unit_to_scsi3addr(hba[ctlr], scsi3addr, logvol);
1692         if (withirq)
1693                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, inq_buf,
1694                              sizeof(InquiryData_struct), 0,
1695                                 scsi3addr, TYPE_CMD);
1696         else
1697                 rc = sendcmd(CISS_INQUIRY, ctlr, inq_buf,
1698                              sizeof(InquiryData_struct), 0,
1699                                 scsi3addr, TYPE_CMD);
1700         if (rc == IO_OK) {
1701                 memcpy(vendor, &inq_buf->data_byte[8], VENDOR_LEN);
1702                 vendor[VENDOR_LEN] = '\0';
1703                 memcpy(model, &inq_buf->data_byte[16], MODEL_LEN);
1704                 model[MODEL_LEN] = '\0';
1705                 memcpy(rev, &inq_buf->data_byte[32], REV_LEN);
1706                 rev[REV_LEN] = '\0';
1707         }
1708
1709         kfree(inq_buf);
1710         return;
1711 }
1712
1713 /* This function gets the serial number of a logical drive via
1714  * inquiry page 0x83.  Serial no. is 16 bytes.  If the serial
1715  * number cannot be had, for whatever reason, 16 bytes of 0xff
1716  * are returned instead.
1717  */
1718 static void cciss_get_serial_no(int ctlr, int logvol, int withirq,
1719                                 unsigned char *serial_no, int buflen)
1720 {
1721 #define PAGE_83_INQ_BYTES 64
1722         int rc;
1723         unsigned char *buf;
1724         unsigned char scsi3addr[8];
1725
1726         if (buflen > 16)
1727                 buflen = 16;
1728         memset(serial_no, 0xff, buflen);
1729         buf = kzalloc(PAGE_83_INQ_BYTES, GFP_KERNEL);
1730         if (!buf)
1731                 return;
1732         memset(serial_no, 0, buflen);
1733         log_unit_to_scsi3addr(hba[ctlr], scsi3addr, logvol);
1734         if (withirq)
1735                 rc = sendcmd_withirq(CISS_INQUIRY, ctlr, buf,
1736                         PAGE_83_INQ_BYTES, 0x83, scsi3addr, TYPE_CMD);
1737         else
1738                 rc = sendcmd(CISS_INQUIRY, ctlr, buf,
1739                         PAGE_83_INQ_BYTES, 0x83, scsi3addr, TYPE_CMD);
1740         if (rc == IO_OK)
1741                 memcpy(serial_no, &buf[8], buflen);
1742         kfree(buf);
1743         return;
1744 }
1745
1746 /*
1747  * cciss_add_disk sets up the block device queue for a logical drive
1748  */
1749 static int cciss_add_disk(ctlr_info_t *h, struct gendisk *disk,
1750                                 int drv_index)
1751 {
1752         disk->queue = blk_init_queue(do_cciss_request, &h->lock);
1753         if (!disk->queue)
1754                 goto init_queue_failure;
1755         sprintf(disk->disk_name, "cciss/c%dd%d", h->ctlr, drv_index);
1756         disk->major = h->major;
1757         disk->first_minor = drv_index << NWD_SHIFT;
1758         disk->fops = &cciss_fops;
1759         if (h->drv[drv_index].dev == NULL) {
1760                 if (cciss_create_ld_sysfs_entry(h, drv_index))
1761                         goto cleanup_queue;
1762         }
1763         disk->private_data = &h->drv[drv_index];
1764         disk->driverfs_dev = h->drv[drv_index].dev;
1765
1766         /* Set up queue information */
1767         blk_queue_bounce_limit(disk->queue, h->pdev->dma_mask);
1768
1769         /* This is a hardware imposed limit. */
1770         blk_queue_max_hw_segments(disk->queue, MAXSGENTRIES);
1771
1772         /* This is a limit in the driver and could be eliminated. */
1773         blk_queue_max_phys_segments(disk->queue, MAXSGENTRIES);
1774
1775         blk_queue_max_sectors(disk->queue, h->cciss_max_sectors);
1776
1777         blk_queue_softirq_done(disk->queue, cciss_softirq_done);
1778
1779         disk->queue->queuedata = h;
1780
1781         blk_queue_logical_block_size(disk->queue,
1782                                      h->drv[drv_index].block_size);
1783
1784         /* Make sure all queue data is written out before */
1785         /* setting h->drv[drv_index].queue, as setting this */
1786         /* allows the interrupt handler to start the queue */
1787         wmb();
1788         h->drv[drv_index].queue = disk->queue;
1789         add_disk(disk);
1790         return 0;
1791
1792 cleanup_queue:
1793         blk_cleanup_queue(disk->queue);
1794         disk->queue = NULL;
1795 init_queue_failure:
1796         return -1;
1797 }
1798
1799 /* This function will check the usage_count of the drive to be updated/added.
1800  * If the usage_count is zero and it is a heretofore unknown drive, or,
1801  * the drive's capacity, geometry, or serial number has changed,
1802  * then the drive information will be updated and the disk will be
1803  * re-registered with the kernel.  If these conditions don't hold,
1804  * then it will be left alone for the next reboot.  The exception to this
1805  * is disk 0 which will always be left registered with the kernel since it
1806  * is also the controller node.  Any changes to disk 0 will show up on
1807  * the next reboot.
1808  */
1809 static void cciss_update_drive_info(int ctlr, int drv_index, int first_time,
1810         int via_ioctl)
1811 {
1812         ctlr_info_t *h = hba[ctlr];
1813         struct gendisk *disk;
1814         InquiryData_struct *inq_buff = NULL;
1815         unsigned int block_size;
1816         sector_t total_size;
1817         unsigned long flags = 0;
1818         int ret = 0;
1819         drive_info_struct *drvinfo;
1820
1821         /* Get information about the disk and modify the driver structure */
1822         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
1823         drvinfo = kmalloc(sizeof(*drvinfo), GFP_KERNEL);
1824         if (inq_buff == NULL || drvinfo == NULL)
1825                 goto mem_msg;
1826
1827         /* testing to see if 16-byte CDBs are already being used */
1828         if (h->cciss_read == CCISS_READ_16) {
1829                 cciss_read_capacity_16(h->ctlr, drv_index, 1,
1830                         &total_size, &block_size);
1831
1832         } else {
1833                 cciss_read_capacity(ctlr, drv_index, 1,
1834                                     &total_size, &block_size);
1835
1836                 /* if read_capacity returns all F's this volume is >2TB */
1837                 /* in size so we switch to 16-byte CDB's for all */
1838                 /* read/write ops */
1839                 if (total_size == 0xFFFFFFFFULL) {
1840                         cciss_read_capacity_16(ctlr, drv_index, 1,
1841                         &total_size, &block_size);
1842                         h->cciss_read = CCISS_READ_16;
1843                         h->cciss_write = CCISS_WRITE_16;
1844                 } else {
1845                         h->cciss_read = CCISS_READ_10;
1846                         h->cciss_write = CCISS_WRITE_10;
1847                 }
1848         }
1849
1850         cciss_geometry_inquiry(ctlr, drv_index, 1, total_size, block_size,
1851                                inq_buff, drvinfo);
1852         drvinfo->block_size = block_size;
1853         drvinfo->nr_blocks = total_size + 1;
1854
1855         cciss_get_device_descr(ctlr, drv_index, 1, drvinfo->vendor,
1856                                 drvinfo->model, drvinfo->rev);
1857         cciss_get_serial_no(ctlr, drv_index, 1, drvinfo->serial_no,
1858                         sizeof(drvinfo->serial_no));
1859
1860         /* Is it the same disk we already know, and nothing's changed? */
1861         if (h->drv[drv_index].raid_level != -1 &&
1862                 ((memcmp(drvinfo->serial_no,
1863                                 h->drv[drv_index].serial_no, 16) == 0) &&
1864                 drvinfo->block_size == h->drv[drv_index].block_size &&
1865                 drvinfo->nr_blocks == h->drv[drv_index].nr_blocks &&
1866                 drvinfo->heads == h->drv[drv_index].heads &&
1867                 drvinfo->sectors == h->drv[drv_index].sectors &&
1868                 drvinfo->cylinders == h->drv[drv_index].cylinders))
1869                         /* The disk is unchanged, nothing to update */
1870                         goto freeret;
1871
1872         /* If we get here it's not the same disk, or something's changed,
1873          * so we need to * deregister it, and re-register it, if it's not
1874          * in use.
1875          * If the disk already exists then deregister it before proceeding
1876          * (unless it's the first disk (for the controller node).
1877          */
1878         if (h->drv[drv_index].raid_level != -1 && drv_index != 0) {
1879                 printk(KERN_WARNING "disk %d has changed.\n", drv_index);
1880                 spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
1881                 h->drv[drv_index].busy_configuring = 1;
1882                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
1883
1884                 /* deregister_disk sets h->drv[drv_index].queue = NULL
1885                  * which keeps the interrupt handler from starting
1886                  * the queue.
1887                  */
1888                 ret = deregister_disk(h, drv_index, 0, via_ioctl);
1889                 h->drv[drv_index].busy_configuring = 0;
1890         }
1891
1892         /* If the disk is in use return */
1893         if (ret)
1894                 goto freeret;
1895
1896         /* Save the new information from cciss_geometry_inquiry
1897          * and serial number inquiry.
1898          */
1899         h->drv[drv_index].block_size = drvinfo->block_size;
1900         h->drv[drv_index].nr_blocks = drvinfo->nr_blocks;
1901         h->drv[drv_index].heads = drvinfo->heads;
1902         h->drv[drv_index].sectors = drvinfo->sectors;
1903         h->drv[drv_index].cylinders = drvinfo->cylinders;
1904         h->drv[drv_index].raid_level = drvinfo->raid_level;
1905         memcpy(h->drv[drv_index].serial_no, drvinfo->serial_no, 16);
1906         memcpy(h->drv[drv_index].vendor, drvinfo->vendor, VENDOR_LEN + 1);
1907         memcpy(h->drv[drv_index].model, drvinfo->model, MODEL_LEN + 1);
1908         memcpy(h->drv[drv_index].rev, drvinfo->rev, REV_LEN + 1);
1909
1910         ++h->num_luns;
1911         disk = h->gendisk[drv_index];
1912         set_capacity(disk, h->drv[drv_index].nr_blocks);
1913
1914         /* If it's not disk 0 (drv_index != 0)
1915          * or if it was disk 0, but there was previously
1916          * no actual corresponding configured logical drive
1917          * (raid_leve == -1) then we want to update the
1918          * logical drive's information.
1919          */
1920         if (drv_index || first_time) {
1921                 if (cciss_add_disk(h, disk, drv_index) != 0) {
1922                         cciss_free_gendisk(h, drv_index);
1923                         printk(KERN_WARNING "cciss:%d could not update "
1924                                 "disk %d\n", h->ctlr, drv_index);
1925                         --h->num_luns;
1926                 }
1927         }
1928
1929 freeret:
1930         kfree(inq_buff);
1931         kfree(drvinfo);
1932         return;
1933 mem_msg:
1934         printk(KERN_ERR "cciss: out of memory\n");
1935         goto freeret;
1936 }
1937
1938 /* This function will find the first index of the controllers drive array
1939  * that has a -1 for the raid_level and will return that index.  This is
1940  * where new drives will be added.  If the index to be returned is greater
1941  * than the highest_lun index for the controller then highest_lun is set
1942  * to this new index.  If there are no available indexes then -1 is returned.
1943  * "controller_node" is used to know if this is a real logical drive, or just
1944  * the controller node, which determines if this counts towards highest_lun.
1945  */
1946 static int cciss_find_free_drive_index(int ctlr, int controller_node)
1947 {
1948         int i;
1949
1950         for (i = 0; i < CISS_MAX_LUN; i++) {
1951                 if (hba[ctlr]->drv[i].raid_level == -1) {
1952                         if (i > hba[ctlr]->highest_lun)
1953                                 if (!controller_node)
1954                                         hba[ctlr]->highest_lun = i;
1955                         return i;
1956                 }
1957         }
1958         return -1;
1959 }
1960
1961 static void cciss_free_gendisk(ctlr_info_t *h, int drv_index)
1962 {
1963         put_disk(h->gendisk[drv_index]);
1964         h->gendisk[drv_index] = NULL;
1965 }
1966
1967 /* cciss_add_gendisk finds a free hba[]->drv structure
1968  * and allocates a gendisk if needed, and sets the lunid
1969  * in the drvinfo structure.   It returns the index into
1970  * the ->drv[] array, or -1 if none are free.
1971  * is_controller_node indicates whether highest_lun should
1972  * count this disk, or if it's only being added to provide
1973  * a means to talk to the controller in case no logical
1974  * drives have yet been configured.
1975  */
1976 static int cciss_add_gendisk(ctlr_info_t *h, unsigned char lunid[],
1977         int controller_node)
1978 {
1979         int drv_index;
1980
1981         drv_index = cciss_find_free_drive_index(h->ctlr, controller_node);
1982         if (drv_index == -1)
1983                 return -1;
1984
1985         /*Check if the gendisk needs to be allocated */
1986         if (!h->gendisk[drv_index]) {
1987                 h->gendisk[drv_index] =
1988                         alloc_disk(1 << NWD_SHIFT);
1989                 if (!h->gendisk[drv_index]) {
1990                         printk(KERN_ERR "cciss%d: could not "
1991                                 "allocate a new disk %d\n",
1992                                 h->ctlr, drv_index);
1993                         return -1;
1994                 }
1995         }
1996         memcpy(h->drv[drv_index].LunID, lunid,
1997                 sizeof(h->drv[drv_index].LunID));
1998         if (h->drv[drv_index].dev == NULL) {
1999                 if (cciss_create_ld_sysfs_entry(h, drv_index))
2000                         goto err_free_disk;
2001         }
2002         /* Don't need to mark this busy because nobody */
2003         /* else knows about this disk yet to contend */
2004         /* for access to it. */
2005         h->drv[drv_index].busy_configuring = 0;
2006         wmb();
2007         return drv_index;
2008
2009 err_free_disk:
2010         cciss_free_gendisk(h, drv_index);
2011         return -1;
2012 }
2013
2014 /* This is for the special case of a controller which
2015  * has no logical drives.  In this case, we still need
2016  * to register a disk so the controller can be accessed
2017  * by the Array Config Utility.
2018  */
2019 static void cciss_add_controller_node(ctlr_info_t *h)
2020 {
2021         struct gendisk *disk;
2022         int drv_index;
2023
2024         if (h->gendisk[0] != NULL) /* already did this? Then bail. */
2025                 return;
2026
2027         drv_index = cciss_add_gendisk(h, CTLR_LUNID, 1);
2028         if (drv_index == -1)
2029                 goto error;
2030         h->drv[drv_index].block_size = 512;
2031         h->drv[drv_index].nr_blocks = 0;
2032         h->drv[drv_index].heads = 0;
2033         h->drv[drv_index].sectors = 0;
2034         h->drv[drv_index].cylinders = 0;
2035         h->drv[drv_index].raid_level = -1;
2036         memset(h->drv[drv_index].serial_no, 0, 16);
2037         disk = h->gendisk[drv_index];
2038         if (cciss_add_disk(h, disk, drv_index) == 0)
2039                 return;
2040         cciss_free_gendisk(h, drv_index);
2041 error:
2042         printk(KERN_WARNING "cciss%d: could not "
2043                 "add disk 0.\n", h->ctlr);
2044         return;
2045 }
2046
2047 /* This function will add and remove logical drives from the Logical
2048  * drive array of the controller and maintain persistency of ordering
2049  * so that mount points are preserved until the next reboot.  This allows
2050  * for the removal of logical drives in the middle of the drive array
2051  * without a re-ordering of those drives.
2052  * INPUT
2053  * h            = The controller to perform the operations on
2054  */
2055 static int rebuild_lun_table(ctlr_info_t *h, int first_time,
2056         int via_ioctl)
2057 {
2058         int ctlr = h->ctlr;
2059         int num_luns;
2060         ReportLunData_struct *ld_buff = NULL;
2061         int return_code;
2062         int listlength = 0;
2063         int i;
2064         int drv_found;
2065         int drv_index = 0;
2066         unsigned char lunid[8] = CTLR_LUNID;
2067         unsigned long flags;
2068
2069         if (!capable(CAP_SYS_RAWIO))
2070                 return -EPERM;
2071
2072         /* Set busy_configuring flag for this operation */
2073         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2074         if (h->busy_configuring) {
2075                 spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
2076                 return -EBUSY;
2077         }
2078         h->busy_configuring = 1;
2079         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
2080
2081         ld_buff = kzalloc(sizeof(ReportLunData_struct), GFP_KERNEL);
2082         if (ld_buff == NULL)
2083                 goto mem_msg;
2084
2085         return_code = sendcmd_withirq(CISS_REPORT_LOG, ctlr, ld_buff,
2086                                       sizeof(ReportLunData_struct),
2087                                       0, CTLR_LUNID, TYPE_CMD);
2088
2089         if (return_code == IO_OK)
2090                 listlength = be32_to_cpu(*(__be32 *) ld_buff->LUNListLength);
2091         else {  /* reading number of logical volumes failed */
2092                 printk(KERN_WARNING "cciss: report logical volume"
2093                        " command failed\n");
2094                 listlength = 0;
2095                 goto freeret;
2096         }
2097
2098         num_luns = listlength / 8;      /* 8 bytes per entry */
2099         if (num_luns > CISS_MAX_LUN) {
2100                 num_luns = CISS_MAX_LUN;
2101                 printk(KERN_WARNING "cciss: more luns configured"
2102                        " on controller than can be handled by"
2103                        " this driver.\n");
2104         }
2105
2106         if (num_luns == 0)
2107                 cciss_add_controller_node(h);
2108
2109         /* Compare controller drive array to driver's drive array
2110          * to see if any drives are missing on the controller due
2111          * to action of Array Config Utility (user deletes drive)
2112          * and deregister logical drives which have disappeared.
2113          */
2114         for (i = 0; i <= h->highest_lun; i++) {
2115                 int j;
2116                 drv_found = 0;
2117
2118                 /* skip holes in the array from already deleted drives */
2119                 if (h->drv[i].raid_level == -1)
2120                         continue;
2121
2122                 for (j = 0; j < num_luns; j++) {
2123                         memcpy(lunid, &ld_buff->LUN[j][0], sizeof(lunid));
2124                         if (memcmp(h->drv[i].LunID, lunid,
2125                                 sizeof(lunid)) == 0) {
2126                                 drv_found = 1;
2127                                 break;
2128                         }
2129                 }
2130                 if (!drv_found) {
2131                         /* Deregister it from the OS, it's gone. */
2132                         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2133                         h->drv[i].busy_configuring = 1;
2134                         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
2135                         return_code = deregister_disk(h, i, 1, via_ioctl);
2136                         h->drv[i].busy_configuring = 0;
2137                 }
2138         }
2139
2140         /* Compare controller drive array to driver's drive array.
2141          * Check for updates in the drive information and any new drives
2142          * on the controller due to ACU adding logical drives, or changing
2143          * a logical drive's size, etc.  Reregister any new/changed drives
2144          */
2145         for (i = 0; i < num_luns; i++) {
2146                 int j;
2147
2148                 drv_found = 0;
2149
2150                 memcpy(lunid, &ld_buff->LUN[i][0], sizeof(lunid));
2151                 /* Find if the LUN is already in the drive array
2152                  * of the driver.  If so then update its info
2153                  * if not in use.  If it does not exist then find
2154                  * the first free index and add it.
2155                  */
2156                 for (j = 0; j <= h->highest_lun; j++) {
2157                         if (h->drv[j].raid_level != -1 &&
2158                                 memcmp(h->drv[j].LunID, lunid,
2159                                         sizeof(h->drv[j].LunID)) == 0) {
2160                                 drv_index = j;
2161                                 drv_found = 1;
2162                                 break;
2163                         }
2164                 }
2165
2166                 /* check if the drive was found already in the array */
2167                 if (!drv_found) {
2168                         drv_index = cciss_add_gendisk(h, lunid, 0);
2169                         if (drv_index == -1)
2170                                 goto freeret;
2171                 }
2172                 cciss_update_drive_info(ctlr, drv_index, first_time,
2173                         via_ioctl);
2174         }               /* end for */
2175
2176 freeret:
2177         kfree(ld_buff);
2178         h->busy_configuring = 0;
2179         /* We return -1 here to tell the ACU that we have registered/updated
2180          * all of the drives that we can and to keep it from calling us
2181          * additional times.
2182          */
2183         return -1;
2184 mem_msg:
2185         printk(KERN_ERR "cciss: out of memory\n");
2186         h->busy_configuring = 0;
2187         goto freeret;
2188 }
2189
2190 static void cciss_clear_drive_info(drive_info_struct *drive_info)
2191 {
2192         /* zero out the disk size info */
2193         drive_info->nr_blocks = 0;
2194         drive_info->block_size = 0;
2195         drive_info->heads = 0;
2196         drive_info->sectors = 0;
2197         drive_info->cylinders = 0;
2198         drive_info->raid_level = -1;
2199         memset(drive_info->serial_no, 0, sizeof(drive_info->serial_no));
2200         memset(drive_info->model, 0, sizeof(drive_info->model));
2201         memset(drive_info->rev, 0, sizeof(drive_info->rev));
2202         memset(drive_info->vendor, 0, sizeof(drive_info->vendor));
2203         /*
2204          * don't clear the LUNID though, we need to remember which
2205          * one this one is.
2206          */
2207 }
2208
2209 /* This function will deregister the disk and it's queue from the
2210  * kernel.  It must be called with the controller lock held and the
2211  * drv structures busy_configuring flag set.  It's parameters are:
2212  *
2213  * disk = This is the disk to be deregistered
2214  * drv  = This is the drive_info_struct associated with the disk to be
2215  *        deregistered.  It contains information about the disk used
2216  *        by the driver.
2217  * clear_all = This flag determines whether or not the disk information
2218  *             is going to be completely cleared out and the highest_lun
2219  *             reset.  Sometimes we want to clear out information about
2220  *             the disk in preparation for re-adding it.  In this case
2221  *             the highest_lun should be left unchanged and the LunID
2222  *             should not be cleared.
2223  * via_ioctl
2224  *    This indicates whether we've reached this path via ioctl.
2225  *    This affects the maximum usage count allowed for c0d0 to be messed with.
2226  *    If this path is reached via ioctl(), then the max_usage_count will
2227  *    be 1, as the process calling ioctl() has got to have the device open.
2228  *    If we get here via sysfs, then the max usage count will be zero.
2229 */
2230 static int deregister_disk(ctlr_info_t *h, int drv_index,
2231                            int clear_all, int via_ioctl)
2232 {
2233         int i;
2234         struct gendisk *disk;
2235         drive_info_struct *drv;
2236
2237         if (!capable(CAP_SYS_RAWIO))
2238                 return -EPERM;
2239
2240         drv = &h->drv[drv_index];
2241         disk = h->gendisk[drv_index];
2242
2243         /* make sure logical volume is NOT is use */
2244         if (clear_all || (h->gendisk[0] == disk)) {
2245                 if (drv->usage_count > via_ioctl)
2246                         return -EBUSY;
2247         } else if (drv->usage_count > 0)
2248                 return -EBUSY;
2249
2250         /* invalidate the devices and deregister the disk.  If it is disk
2251          * zero do not deregister it but just zero out it's values.  This
2252          * allows us to delete disk zero but keep the controller registered.
2253          */
2254         if (h->gendisk[0] != disk) {
2255                 struct request_queue *q = disk->queue;
2256                 if (disk->flags & GENHD_FL_UP) {
2257                         cciss_destroy_ld_sysfs_entry(h, drv_index, 0);
2258                         del_gendisk(disk);
2259                 }
2260                 if (q) {
2261                         blk_cleanup_queue(q);
2262                         /* Set drv->queue to NULL so that we do not try
2263                          * to call blk_start_queue on this queue in the
2264                          * interrupt handler
2265                          */
2266                         drv->queue = NULL;
2267                 }
2268                 /* If clear_all is set then we are deleting the logical
2269                  * drive, not just refreshing its info.  For drives
2270                  * other than disk 0 we will call put_disk.  We do not
2271                  * do this for disk 0 as we need it to be able to
2272                  * configure the controller.
2273                  */
2274                 if (clear_all){
2275                         /* This isn't pretty, but we need to find the
2276                          * disk in our array and NULL our the pointer.
2277                          * This is so that we will call alloc_disk if
2278                          * this index is used again later.
2279                          */
2280                         for (i=0; i < CISS_MAX_LUN; i++){
2281                                 if (h->gendisk[i] == disk) {
2282                                         h->gendisk[i] = NULL;
2283                                         break;
2284                                 }
2285                         }
2286                         put_disk(disk);
2287                 }
2288         } else {
2289                 set_capacity(disk, 0);
2290         }
2291
2292         --h->num_luns;
2293         cciss_clear_drive_info(drv);
2294
2295         if (clear_all) {
2296                 /* check to see if it was the last disk */
2297                 if (drv == h->drv + h->highest_lun) {
2298                         /* if so, find the new hightest lun */
2299                         int i, newhighest = -1;
2300                         for (i = 0; i <= h->highest_lun; i++) {
2301                                 /* if the disk has size > 0, it is available */
2302                                 if (h->drv[i].heads)
2303                                         newhighest = i;
2304                         }
2305                         h->highest_lun = newhighest;
2306                 }
2307                 memset(drv->LunID, 0, sizeof(drv->LunID));
2308         }
2309         return 0;
2310 }
2311
2312 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff,
2313                 size_t size, __u8 page_code, unsigned char *scsi3addr,
2314                 int cmd_type)
2315 {
2316         ctlr_info_t *h = hba[ctlr];
2317         u64bit buff_dma_handle;
2318         int status = IO_OK;
2319
2320         c->cmd_type = CMD_IOCTL_PEND;
2321         c->Header.ReplyQueue = 0;
2322         if (buff != NULL) {
2323                 c->Header.SGList = 1;
2324                 c->Header.SGTotal = 1;
2325         } else {
2326                 c->Header.SGList = 0;
2327                 c->Header.SGTotal = 0;
2328         }
2329         c->Header.Tag.lower = c->busaddr;
2330         memcpy(c->Header.LUN.LunAddrBytes, scsi3addr, 8);
2331
2332         c->Request.Type.Type = cmd_type;
2333         if (cmd_type == TYPE_CMD) {
2334                 switch (cmd) {
2335                 case CISS_INQUIRY:
2336                         /* are we trying to read a vital product page */
2337                         if (page_code != 0) {
2338                                 c->Request.CDB[1] = 0x01;
2339                                 c->Request.CDB[2] = page_code;
2340                         }
2341                         c->Request.CDBLen = 6;
2342                         c->Request.Type.Attribute = ATTR_SIMPLE;
2343                         c->Request.Type.Direction = XFER_READ;
2344                         c->Request.Timeout = 0;
2345                         c->Request.CDB[0] = CISS_INQUIRY;
2346                         c->Request.CDB[4] = size & 0xFF;
2347                         break;
2348                 case CISS_REPORT_LOG:
2349                 case CISS_REPORT_PHYS:
2350                         /* Talking to controller so It's a physical command
2351                            mode = 00 target = 0.  Nothing to write.
2352                          */
2353                         c->Request.CDBLen = 12;
2354                         c->Request.Type.Attribute = ATTR_SIMPLE;
2355                         c->Request.Type.Direction = XFER_READ;
2356                         c->Request.Timeout = 0;
2357                         c->Request.CDB[0] = cmd;
2358                         c->Request.CDB[6] = (size >> 24) & 0xFF;        //MSB
2359                         c->Request.CDB[7] = (size >> 16) & 0xFF;
2360                         c->Request.CDB[8] = (size >> 8) & 0xFF;
2361                         c->Request.CDB[9] = size & 0xFF;
2362                         break;
2363
2364                 case CCISS_READ_CAPACITY:
2365                         c->Request.CDBLen = 10;
2366                         c->Request.Type.Attribute = ATTR_SIMPLE;
2367                         c->Request.Type.Direction = XFER_READ;
2368                         c->Request.Timeout = 0;
2369                         c->Request.CDB[0] = cmd;
2370                         break;
2371                 case CCISS_READ_CAPACITY_16:
2372                         c->Request.CDBLen = 16;
2373                         c->Request.Type.Attribute = ATTR_SIMPLE;
2374                         c->Request.Type.Direction = XFER_READ;
2375                         c->Request.Timeout = 0;
2376                         c->Request.CDB[0] = cmd;
2377                         c->Request.CDB[1] = 0x10;
2378                         c->Request.CDB[10] = (size >> 24) & 0xFF;
2379                         c->Request.CDB[11] = (size >> 16) & 0xFF;
2380                         c->Request.CDB[12] = (size >> 8) & 0xFF;
2381                         c->Request.CDB[13] = size & 0xFF;
2382                         c->Request.Timeout = 0;
2383                         c->Request.CDB[0] = cmd;
2384                         break;
2385                 case CCISS_CACHE_FLUSH:
2386                         c->Request.CDBLen = 12;
2387                         c->Request.Type.Attribute = ATTR_SIMPLE;
2388                         c->Request.Type.Direction = XFER_WRITE;
2389                         c->Request.Timeout = 0;
2390                         c->Request.CDB[0] = BMIC_WRITE;
2391                         c->Request.CDB[6] = BMIC_CACHE_FLUSH;
2392                         break;
2393                 case TEST_UNIT_READY:
2394                         c->Request.CDBLen = 6;
2395                         c->Request.Type.Attribute = ATTR_SIMPLE;
2396                         c->Request.Type.Direction = XFER_NONE;
2397                         c->Request.Timeout = 0;
2398                         break;
2399                 default:
2400                         printk(KERN_WARNING
2401                                "cciss%d:  Unknown Command 0x%c\n", ctlr, cmd);
2402                         return IO_ERROR;
2403                 }
2404         } else if (cmd_type == TYPE_MSG) {
2405                 switch (cmd) {
2406                 case 0: /* ABORT message */
2407                         c->Request.CDBLen = 12;
2408                         c->Request.Type.Attribute = ATTR_SIMPLE;
2409                         c->Request.Type.Direction = XFER_WRITE;
2410                         c->Request.Timeout = 0;
2411                         c->Request.CDB[0] = cmd;        /* abort */
2412                         c->Request.CDB[1] = 0;  /* abort a command */
2413                         /* buff contains the tag of the command to abort */
2414                         memcpy(&c->Request.CDB[4], buff, 8);
2415                         break;
2416                 case 1: /* RESET message */
2417                         c->Request.CDBLen = 16;
2418                         c->Request.Type.Attribute = ATTR_SIMPLE;
2419                         c->Request.Type.Direction = XFER_NONE;
2420                         c->Request.Timeout = 0;
2421                         memset(&c->Request.CDB[0], 0, sizeof(c->Request.CDB));
2422                         c->Request.CDB[0] = cmd;        /* reset */
2423                         c->Request.CDB[1] = 0x03;       /* reset a target */
2424                         break;
2425                 case 3: /* No-Op message */
2426                         c->Request.CDBLen = 1;
2427                         c->Request.Type.Attribute = ATTR_SIMPLE;
2428                         c->Request.Type.Direction = XFER_WRITE;
2429                         c->Request.Timeout = 0;
2430                         c->Request.CDB[0] = cmd;
2431                         break;
2432                 default:
2433                         printk(KERN_WARNING
2434                                "cciss%d: unknown message type %d\n", ctlr, cmd);
2435                         return IO_ERROR;
2436                 }
2437         } else {
2438                 printk(KERN_WARNING
2439                        "cciss%d: unknown command type %d\n", ctlr, cmd_type);
2440                 return IO_ERROR;
2441         }
2442         /* Fill in the scatter gather information */
2443         if (size > 0) {
2444                 buff_dma_handle.val = (__u64) pci_map_single(h->pdev,
2445                                                              buff, size,
2446                                                              PCI_DMA_BIDIRECTIONAL);
2447                 c->SG[0].Addr.lower = buff_dma_handle.val32.lower;
2448                 c->SG[0].Addr.upper = buff_dma_handle.val32.upper;
2449                 c->SG[0].Len = size;
2450                 c->SG[0].Ext = 0;       /* we are not chaining */
2451         }
2452         return status;
2453 }
2454
2455 static int check_target_status(ctlr_info_t *h, CommandList_struct *c)
2456 {
2457         switch (c->err_info->ScsiStatus) {
2458         case SAM_STAT_GOOD:
2459                 return IO_OK;
2460         case SAM_STAT_CHECK_CONDITION:
2461                 switch (0xf & c->err_info->SenseInfo[2]) {
2462                 case 0: return IO_OK; /* no sense */
2463                 case 1: return IO_OK; /* recovered error */
2464                 default:
2465                         printk(KERN_WARNING "cciss%d: cmd 0x%02x "
2466                                 "check condition, sense key = 0x%02x\n",
2467                                 h->ctlr, c->Request.CDB[0],
2468                                 c->err_info->SenseInfo[2]);
2469                 }
2470                 break;
2471         default:
2472                 printk(KERN_WARNING "cciss%d: cmd 0x%02x"
2473                         "scsi status = 0x%02x\n", h->ctlr,
2474                         c->Request.CDB[0], c->err_info->ScsiStatus);
2475                 break;
2476         }
2477         return IO_ERROR;
2478 }
2479
2480 static int process_sendcmd_error(ctlr_info_t *h, CommandList_struct *c)
2481 {
2482         int return_status = IO_OK;
2483
2484         if (c->err_info->CommandStatus == CMD_SUCCESS)
2485                 return IO_OK;
2486
2487         switch (c->err_info->CommandStatus) {
2488         case CMD_TARGET_STATUS:
2489                 return_status = check_target_status(h, c);
2490                 break;
2491         case CMD_DATA_UNDERRUN:
2492         case CMD_DATA_OVERRUN:
2493                 /* expected for inquiry and report lun commands */
2494                 break;
2495         case CMD_INVALID:
2496                 printk(KERN_WARNING "cciss: cmd 0x%02x is "
2497                        "reported invalid\n", c->Request.CDB[0]);
2498                 return_status = IO_ERROR;
2499                 break;
2500         case CMD_PROTOCOL_ERR:
2501                 printk(KERN_WARNING "cciss: cmd 0x%02x has "
2502                        "protocol error \n", c->Request.CDB[0]);
2503                 return_status = IO_ERROR;
2504                 break;
2505         case CMD_HARDWARE_ERR:
2506                 printk(KERN_WARNING "cciss: cmd 0x%02x had "
2507                        " hardware error\n", c->Request.CDB[0]);
2508                 return_status = IO_ERROR;
2509                 break;
2510         case CMD_CONNECTION_LOST:
2511                 printk(KERN_WARNING "cciss: cmd 0x%02x had "
2512                        "connection lost\n", c->Request.CDB[0]);
2513                 return_status = IO_ERROR;
2514                 break;
2515         case CMD_ABORTED:
2516                 printk(KERN_WARNING "cciss: cmd 0x%02x was "
2517                        "aborted\n", c->Request.CDB[0]);
2518                 return_status = IO_ERROR;
2519                 break;
2520         case CMD_ABORT_FAILED:
2521                 printk(KERN_WARNING "cciss: cmd 0x%02x reports "
2522                        "abort failed\n", c->Request.CDB[0]);
2523                 return_status = IO_ERROR;
2524                 break;
2525         case CMD_UNSOLICITED_ABORT:
2526                 printk(KERN_WARNING
2527                        "cciss%d: unsolicited abort 0x%02x\n", h->ctlr,
2528                         c->Request.CDB[0]);
2529                 return_status = IO_NEEDS_RETRY;
2530                 break;
2531         default:
2532                 printk(KERN_WARNING "cciss: cmd 0x%02x returned "
2533                        "unknown status %x\n", c->Request.CDB[0],
2534                        c->err_info->CommandStatus);
2535                 return_status = IO_ERROR;
2536         }
2537         return return_status;
2538 }
2539
2540 static int sendcmd_withirq_core(ctlr_info_t *h, CommandList_struct *c,
2541         int attempt_retry)
2542 {
2543         DECLARE_COMPLETION_ONSTACK(wait);
2544         u64bit buff_dma_handle;
2545         unsigned long flags;
2546         int return_status = IO_OK;
2547
2548 resend_cmd2:
2549         c->waiting = &wait;
2550         /* Put the request on the tail of the queue and send it */
2551         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
2552         addQ(&h->reqQ, c);
2553         h->Qdepth++;
2554         start_io(h);
2555         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
2556
2557         wait_for_completion(&wait);
2558
2559         if (c->err_info->CommandStatus == 0 || !attempt_retry)
2560                 goto command_done;
2561
2562         return_status = process_sendcmd_error(h, c);
2563
2564         if (return_status == IO_NEEDS_RETRY &&
2565                 c->retry_count < MAX_CMD_RETRIES) {
2566                 printk(KERN_WARNING "cciss%d: retrying 0x%02x\n", h->ctlr,
2567                         c->Request.CDB[0]);
2568                 c->retry_count++;
2569                 /* erase the old error information */
2570                 memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2571                 return_status = IO_OK;
2572                 INIT_COMPLETION(wait);
2573                 goto resend_cmd2;
2574         }
2575
2576 command_done:
2577         /* unlock the buffers from DMA */
2578         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2579         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2580         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2581                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2582         return return_status;
2583 }
2584
2585 static int sendcmd_withirq(__u8 cmd, int ctlr, void *buff, size_t size,
2586                            __u8 page_code, unsigned char scsi3addr[],
2587                         int cmd_type)
2588 {
2589         ctlr_info_t *h = hba[ctlr];
2590         CommandList_struct *c;
2591         int return_status;
2592
2593         c = cmd_alloc(h, 0);
2594         if (!c)
2595                 return -ENOMEM;
2596         return_status = fill_cmd(c, cmd, ctlr, buff, size, page_code,
2597                 scsi3addr, cmd_type);
2598         if (return_status == IO_OK)
2599                 return_status = sendcmd_withirq_core(h, c, 1);
2600
2601         cmd_free(h, c, 0);
2602         return return_status;
2603 }
2604
2605 static void cciss_geometry_inquiry(int ctlr, int logvol,
2606                                    int withirq, sector_t total_size,
2607                                    unsigned int block_size,
2608                                    InquiryData_struct *inq_buff,
2609                                    drive_info_struct *drv)
2610 {
2611         int return_code;
2612         unsigned long t;
2613         unsigned char scsi3addr[8];
2614
2615         memset(inq_buff, 0, sizeof(InquiryData_struct));
2616         log_unit_to_scsi3addr(hba[ctlr], scsi3addr, logvol);
2617         if (withirq)
2618                 return_code = sendcmd_withirq(CISS_INQUIRY, ctlr,
2619                                               inq_buff, sizeof(*inq_buff),
2620                                               0xC1, scsi3addr, TYPE_CMD);
2621         else
2622                 return_code = sendcmd(CISS_INQUIRY, ctlr, inq_buff,
2623                                       sizeof(*inq_buff), 0xC1, scsi3addr,
2624                                       TYPE_CMD);
2625         if (return_code == IO_OK) {
2626                 if (inq_buff->data_byte[8] == 0xFF) {
2627                         printk(KERN_WARNING
2628                                "cciss: reading geometry failed, volume "
2629                                "does not support reading geometry\n");
2630                         drv->heads = 255;
2631                         drv->sectors = 32;      // Sectors per track
2632                         drv->cylinders = total_size + 1;
2633                         drv->raid_level = RAID_UNKNOWN;
2634                 } else {
2635                         drv->heads = inq_buff->data_byte[6];
2636                         drv->sectors = inq_buff->data_byte[7];
2637                         drv->cylinders = (inq_buff->data_byte[4] & 0xff) << 8;
2638                         drv->cylinders += inq_buff->data_byte[5];
2639                         drv->raid_level = inq_buff->data_byte[8];
2640                 }
2641                 drv->block_size = block_size;
2642                 drv->nr_blocks = total_size + 1;
2643                 t = drv->heads * drv->sectors;
2644                 if (t > 1) {
2645                         sector_t real_size = total_size + 1;
2646                         unsigned long rem = sector_div(real_size, t);
2647                         if (rem)
2648                                 real_size++;
2649                         drv->cylinders = real_size;
2650                 }
2651         } else {                /* Get geometry failed */
2652                 printk(KERN_WARNING "cciss: reading geometry failed\n");
2653         }
2654 }
2655
2656 static void
2657 cciss_read_capacity(int ctlr, int logvol, int withirq, sector_t *total_size,
2658                     unsigned int *block_size)
2659 {
2660         ReadCapdata_struct *buf;
2661         int return_code;
2662         unsigned char scsi3addr[8];
2663
2664         buf = kzalloc(sizeof(ReadCapdata_struct), GFP_KERNEL);
2665         if (!buf) {
2666                 printk(KERN_WARNING "cciss: out of memory\n");
2667                 return;
2668         }
2669
2670         log_unit_to_scsi3addr(hba[ctlr], scsi3addr, logvol);
2671         if (withirq)
2672                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY,
2673                                 ctlr, buf, sizeof(ReadCapdata_struct),
2674                                         0, scsi3addr, TYPE_CMD);
2675         else
2676                 return_code = sendcmd(CCISS_READ_CAPACITY,
2677                                 ctlr, buf, sizeof(ReadCapdata_struct),
2678                                         0, scsi3addr, TYPE_CMD);
2679         if (return_code == IO_OK) {
2680                 *total_size = be32_to_cpu(*(__be32 *) buf->total_size);
2681                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2682         } else {                /* read capacity command failed */
2683                 printk(KERN_WARNING "cciss: read capacity failed\n");
2684                 *total_size = 0;
2685                 *block_size = BLOCK_SIZE;
2686         }
2687         kfree(buf);
2688 }
2689
2690 static void
2691 cciss_read_capacity_16(int ctlr, int logvol, int withirq, sector_t *total_size,                                 unsigned int *block_size)
2692 {
2693         ReadCapdata_struct_16 *buf;
2694         int return_code;
2695         unsigned char scsi3addr[8];
2696
2697         buf = kzalloc(sizeof(ReadCapdata_struct_16), GFP_KERNEL);
2698         if (!buf) {
2699                 printk(KERN_WARNING "cciss: out of memory\n");
2700                 return;
2701         }
2702
2703         log_unit_to_scsi3addr(hba[ctlr], scsi3addr, logvol);
2704         if (withirq) {
2705                 return_code = sendcmd_withirq(CCISS_READ_CAPACITY_16,
2706                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2707                                 0, scsi3addr, TYPE_CMD);
2708         }
2709         else {
2710                 return_code = sendcmd(CCISS_READ_CAPACITY_16,
2711                         ctlr, buf, sizeof(ReadCapdata_struct_16),
2712                                 0, scsi3addr, TYPE_CMD);
2713         }
2714         if (return_code == IO_OK) {
2715                 *total_size = be64_to_cpu(*(__be64 *) buf->total_size);
2716                 *block_size = be32_to_cpu(*(__be32 *) buf->block_size);
2717         } else {                /* read capacity command failed */
2718                 printk(KERN_WARNING "cciss: read capacity failed\n");
2719                 *total_size = 0;
2720                 *block_size = BLOCK_SIZE;
2721         }
2722         printk(KERN_INFO "      blocks= %llu block_size= %d\n",
2723                (unsigned long long)*total_size+1, *block_size);
2724         kfree(buf);
2725 }
2726
2727 static int cciss_revalidate(struct gendisk *disk)
2728 {
2729         ctlr_info_t *h = get_host(disk);
2730         drive_info_struct *drv = get_drv(disk);
2731         int logvol;
2732         int FOUND = 0;
2733         unsigned int block_size;
2734         sector_t total_size;
2735         InquiryData_struct *inq_buff = NULL;
2736
2737         for (logvol = 0; logvol < CISS_MAX_LUN; logvol++) {
2738                 if (memcmp(h->drv[logvol].LunID, drv->LunID,
2739                         sizeof(drv->LunID)) == 0) {
2740                         FOUND = 1;
2741                         break;
2742                 }
2743         }
2744
2745         if (!FOUND)
2746                 return 1;
2747
2748         inq_buff = kmalloc(sizeof(InquiryData_struct), GFP_KERNEL);
2749         if (inq_buff == NULL) {
2750                 printk(KERN_WARNING "cciss: out of memory\n");
2751                 return 1;
2752         }
2753         if (h->cciss_read == CCISS_READ_10) {
2754                 cciss_read_capacity(h->ctlr, logvol, 1,
2755                                         &total_size, &block_size);
2756         } else {
2757                 cciss_read_capacity_16(h->ctlr, logvol, 1,
2758                                         &total_size, &block_size);
2759         }
2760         cciss_geometry_inquiry(h->ctlr, logvol, 1, total_size, block_size,
2761                                inq_buff, drv);
2762
2763         blk_queue_logical_block_size(drv->queue, drv->block_size);
2764         set_capacity(disk, drv->nr_blocks);
2765
2766         kfree(inq_buff);
2767         return 0;
2768 }
2769
2770 /*
2771  *   Wait polling for a command to complete.
2772  *   The memory mapped FIFO is polled for the completion.
2773  *   Used only at init time, interrupts from the HBA are disabled.
2774  */
2775 static unsigned long pollcomplete(int ctlr)
2776 {
2777         unsigned long done;
2778         int i;
2779
2780         /* Wait (up to 20 seconds) for a command to complete */
2781
2782         for (i = 20 * HZ; i > 0; i--) {
2783                 done = hba[ctlr]->access.command_completed(hba[ctlr]);
2784                 if (done == FIFO_EMPTY)
2785                         schedule_timeout_uninterruptible(1);
2786                 else
2787                         return done;
2788         }
2789         /* Invalid address to tell caller we ran out of time */
2790         return 1;
2791 }
2792
2793 /* Send command c to controller h and poll for it to complete.
2794  * Turns interrupts off on the board.  Used at driver init time
2795  * and during SCSI error recovery.
2796  */
2797 static int sendcmd_core(ctlr_info_t *h, CommandList_struct *c)
2798 {
2799         int i;
2800         unsigned long complete;
2801         int status = IO_ERROR;
2802         u64bit buff_dma_handle;
2803
2804 resend_cmd1:
2805
2806         /* Disable interrupt on the board. */
2807         h->access.set_intr_mask(h, CCISS_INTR_OFF);
2808
2809         /* Make sure there is room in the command FIFO */
2810         /* Actually it should be completely empty at this time */
2811         /* unless we are in here doing error handling for the scsi */
2812         /* tape side of the driver. */
2813         for (i = 200000; i > 0; i--) {
2814                 /* if fifo isn't full go */
2815                 if (!(h->access.fifo_full(h)))
2816                         break;
2817                 udelay(10);
2818                 printk(KERN_WARNING "cciss cciss%d: SendCmd FIFO full,"
2819                        " waiting!\n", h->ctlr);
2820         }
2821         h->access.submit_command(h, c); /* Send the cmd */
2822         do {
2823                 complete = pollcomplete(h->ctlr);
2824
2825 #ifdef CCISS_DEBUG
2826                 printk(KERN_DEBUG "cciss: command completed\n");
2827 #endif                          /* CCISS_DEBUG */
2828
2829                 if (complete == 1) {
2830                         printk(KERN_WARNING
2831                                "cciss cciss%d: SendCmd Timeout out, "
2832                                "No command list address returned!\n", h->ctlr);
2833                         status = IO_ERROR;
2834                         break;
2835                 }
2836
2837                 /* Make sure it's the command we're expecting. */
2838                 if ((complete & ~CISS_ERROR_BIT) != c->busaddr) {
2839                         printk(KERN_WARNING "cciss%d: Unexpected command "
2840                                 "completion.\n", h->ctlr);
2841                         continue;
2842                 }
2843
2844                 /* It is our command.  If no error, we're done. */
2845                 if (!(complete & CISS_ERROR_BIT)) {
2846                         status = IO_OK;
2847                         break;
2848                 }
2849
2850                 /* There is an error... */
2851
2852                 /* if data overrun or underun on Report command ignore it */
2853                 if (((c->Request.CDB[0] == CISS_REPORT_LOG) ||
2854                      (c->Request.CDB[0] == CISS_REPORT_PHYS) ||
2855                      (c->Request.CDB[0] == CISS_INQUIRY)) &&
2856                         ((c->err_info->CommandStatus == CMD_DATA_OVERRUN) ||
2857                          (c->err_info->CommandStatus == CMD_DATA_UNDERRUN))) {
2858                         complete = c->busaddr;
2859                         status = IO_OK;
2860                         break;
2861                 }
2862
2863                 if (c->err_info->CommandStatus == CMD_UNSOLICITED_ABORT) {
2864                         printk(KERN_WARNING "cciss%d: unsolicited abort %p\n",
2865                                 h->ctlr, c);
2866                         if (c->retry_count < MAX_CMD_RETRIES) {
2867                                 printk(KERN_WARNING "cciss%d: retrying %p\n",
2868                                    h->ctlr, c);
2869                                 c->retry_count++;
2870                                 /* erase the old error information */
2871                                 memset(c->err_info, 0, sizeof(c->err_info));
2872                                 goto resend_cmd1;
2873                         }
2874                         printk(KERN_WARNING "cciss%d: retried %p too many "
2875                                 "times\n", h->ctlr, c);
2876                         status = IO_ERROR;
2877                         break;
2878                 }
2879
2880                 if (c->err_info->CommandStatus == CMD_UNABORTABLE) {
2881                         printk(KERN_WARNING "cciss%d: command could not be "
2882                                 "aborted.\n", h->ctlr);
2883                         status = IO_ERROR;
2884                         break;
2885                 }
2886
2887                 if (c->err_info->CommandStatus == CMD_TARGET_STATUS) {
2888                         status = check_target_status(h, c);
2889                         break;
2890                 }
2891
2892                 printk(KERN_WARNING "cciss%d: sendcmd error\n", h->ctlr);
2893                 printk(KERN_WARNING "cmd = 0x%02x, CommandStatus = 0x%02x\n",
2894                         c->Request.CDB[0], c->err_info->CommandStatus);
2895                 status = IO_ERROR;
2896                 break;
2897
2898         } while (1);
2899
2900         /* unlock the data buffer from DMA */
2901         buff_dma_handle.val32.lower = c->SG[0].Addr.lower;
2902         buff_dma_handle.val32.upper = c->SG[0].Addr.upper;
2903         pci_unmap_single(h->pdev, (dma_addr_t) buff_dma_handle.val,
2904                          c->SG[0].Len, PCI_DMA_BIDIRECTIONAL);
2905         return status;
2906 }
2907
2908 /*
2909  * Send a command to the controller, and wait for it to complete.
2910  * Used at init time, and during SCSI error recovery.
2911  */
2912 static int sendcmd(__u8 cmd, int ctlr, void *buff, size_t size,
2913         __u8 page_code, unsigned char *scsi3addr, int cmd_type)
2914 {
2915         CommandList_struct *c;
2916         int status;
2917
2918         c = cmd_alloc(hba[ctlr], 1);
2919         if (!c) {
2920                 printk(KERN_WARNING "cciss: unable to get memory");
2921                 return IO_ERROR;
2922         }
2923         status = fill_cmd(c, cmd, ctlr, buff, size, page_code,
2924                 scsi3addr, cmd_type);
2925         if (status == IO_OK)
2926                 status = sendcmd_core(hba[ctlr], c);
2927         cmd_free(hba[ctlr], c, 1);
2928         return status;
2929 }
2930
2931 /*
2932  * Map (physical) PCI mem into (virtual) kernel space
2933  */
2934 static void __iomem *remap_pci_mem(ulong base, ulong size)
2935 {
2936         ulong page_base = ((ulong) base) & PAGE_MASK;
2937         ulong page_offs = ((ulong) base) - page_base;
2938         void __iomem *page_remapped = ioremap(page_base, page_offs + size);
2939
2940         return page_remapped ? (page_remapped + page_offs) : NULL;
2941 }
2942
2943 /*
2944  * Takes jobs of the Q and sends them to the hardware, then puts it on
2945  * the Q to wait for completion.
2946  */
2947 static void start_io(ctlr_info_t *h)
2948 {
2949         CommandList_struct *c;
2950
2951         while (!hlist_empty(&h->reqQ)) {
2952                 c = hlist_entry(h->reqQ.first, CommandList_struct, list);
2953                 /* can't do anything if fifo is full */
2954                 if ((h->access.fifo_full(h))) {
2955                         printk(KERN_WARNING "cciss: fifo full\n");
2956                         break;
2957                 }
2958
2959                 /* Get the first entry from the Request Q */
2960                 removeQ(c);
2961                 h->Qdepth--;
2962
2963                 /* Tell the controller execute command */
2964                 h->access.submit_command(h, c);
2965
2966                 /* Put job onto the completed Q */
2967                 addQ(&h->cmpQ, c);
2968         }
2969 }
2970
2971 /* Assumes that CCISS_LOCK(h->ctlr) is held. */
2972 /* Zeros out the error record and then resends the command back */
2973 /* to the controller */
2974 static inline void resend_cciss_cmd(ctlr_info_t *h, CommandList_struct *c)
2975 {
2976         /* erase the old error information */
2977         memset(c->err_info, 0, sizeof(ErrorInfo_struct));
2978
2979         /* add it to software queue and then send it to the controller */
2980         addQ(&h->reqQ, c);
2981         h->Qdepth++;
2982         if (h->Qdepth > h->maxQsinceinit)
2983                 h->maxQsinceinit = h->Qdepth;
2984
2985         start_io(h);
2986 }
2987
2988 static inline unsigned int make_status_bytes(unsigned int scsi_status_byte,
2989         unsigned int msg_byte, unsigned int host_byte,
2990         unsigned int driver_byte)
2991 {
2992         /* inverse of macros in scsi.h */
2993         return (scsi_status_byte & 0xff) |
2994                 ((msg_byte & 0xff) << 8) |
2995                 ((host_byte & 0xff) << 16) |
2996                 ((driver_byte & 0xff) << 24);
2997 }
2998
2999 static inline int evaluate_target_status(ctlr_info_t *h,
3000                         CommandList_struct *cmd, int *retry_cmd)
3001 {
3002         unsigned char sense_key;
3003         unsigned char status_byte, msg_byte, host_byte, driver_byte;
3004         int error_value;
3005
3006         *retry_cmd = 0;
3007         /* If we get in here, it means we got "target status", that is, scsi status */
3008         status_byte = cmd->err_info->ScsiStatus;
3009         driver_byte = DRIVER_OK;
3010         msg_byte = cmd->err_info->CommandStatus; /* correct?  seems too device specific */
3011
3012         if (blk_pc_request(cmd->rq))
3013                 host_byte = DID_PASSTHROUGH;
3014         else
3015                 host_byte = DID_OK;
3016
3017         error_value = make_status_bytes(status_byte, msg_byte,
3018                 host_byte, driver_byte);
3019
3020         if (cmd->err_info->ScsiStatus != SAM_STAT_CHECK_CONDITION) {
3021                 if (!blk_pc_request(cmd->rq))
3022                         printk(KERN_WARNING "cciss: cmd %p "
3023                                "has SCSI Status 0x%x\n",
3024                                cmd, cmd->err_info->ScsiStatus);
3025                 return error_value;
3026         }
3027
3028         /* check the sense key */
3029         sense_key = 0xf & cmd->err_info->SenseInfo[2];
3030         /* no status or recovered error */
3031         if (((sense_key == 0x0) || (sense_key == 0x1)) && !blk_pc_request(cmd->rq))
3032                 error_value = 0;
3033
3034         if (check_for_unit_attention(h, cmd)) {
3035                 *retry_cmd = !blk_pc_request(cmd->rq);
3036                 return 0;
3037         }
3038
3039         if (!blk_pc_request(cmd->rq)) { /* Not SG_IO or similar? */
3040                 if (error_value != 0)
3041                         printk(KERN_WARNING "cciss: cmd %p has CHECK CONDITION"
3042                                " sense key = 0x%x\n", cmd, sense_key);
3043                 return error_value;
3044         }
3045
3046         /* SG_IO or similar, copy sense data back */
3047         if (cmd->rq->sense) {
3048                 if (cmd->rq->sense_len > cmd->err_info->SenseLen)
3049                         cmd->rq->sense_len = cmd->err_info->SenseLen;
3050                 memcpy(cmd->rq->sense, cmd->err_info->SenseInfo,
3051                         cmd->rq->sense_len);
3052         } else
3053                 cmd->rq->sense_len = 0;
3054
3055         return error_value;
3056 }
3057
3058 /* checks the status of the job and calls complete buffers to mark all
3059  * buffers for the completed job. Note that this function does not need
3060  * to hold the hba/queue lock.
3061  */
3062 static inline void complete_command(ctlr_info_t *h, CommandList_struct *cmd,
3063                                     int timeout)
3064 {
3065         int retry_cmd = 0;
3066         struct request *rq = cmd->rq;
3067
3068         rq->errors = 0;
3069
3070         if (timeout)
3071                 rq->errors = make_status_bytes(0, 0, 0, DRIVER_TIMEOUT);
3072
3073         if (cmd->err_info->CommandStatus == 0)  /* no error has occurred */
3074                 goto after_error_processing;
3075
3076         switch (cmd->err_info->CommandStatus) {
3077         case CMD_TARGET_STATUS:
3078                 rq->errors = evaluate_target_status(h, cmd, &retry_cmd);
3079                 break;
3080         case CMD_DATA_UNDERRUN:
3081                 if (blk_fs_request(cmd->rq)) {
3082                         printk(KERN_WARNING "cciss: cmd %p has"
3083                                " completed with data underrun "
3084                                "reported\n", cmd);
3085                         cmd->rq->resid_len = cmd->err_info->ResidualCnt;
3086                 }
3087                 break;
3088         case CMD_DATA_OVERRUN:
3089                 if (blk_fs_request(cmd->rq))
3090                         printk(KERN_WARNING "cciss: cmd %p has"
3091                                " completed with data overrun "
3092                                "reported\n", cmd);
3093                 break;
3094         case CMD_INVALID:
3095                 printk(KERN_WARNING "cciss: cmd %p is "
3096                        "reported invalid\n", cmd);
3097                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3098                         cmd->err_info->CommandStatus, DRIVER_OK,
3099                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3100                 break;
3101         case CMD_PROTOCOL_ERR:
3102                 printk(KERN_WARNING "cciss: cmd %p has "
3103                        "protocol error \n", cmd);
3104                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3105                         cmd->err_info->CommandStatus, DRIVER_OK,
3106                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3107                 break;
3108         case CMD_HARDWARE_ERR:
3109                 printk(KERN_WARNING "cciss: cmd %p had "
3110                        " hardware error\n", cmd);
3111                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3112                         cmd->err_info->CommandStatus, DRIVER_OK,
3113                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3114                 break;
3115         case CMD_CONNECTION_LOST:
3116                 printk(KERN_WARNING "cciss: cmd %p had "
3117                        "connection lost\n", cmd);
3118                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3119                         cmd->err_info->CommandStatus, DRIVER_OK,
3120                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3121                 break;
3122         case CMD_ABORTED:
3123                 printk(KERN_WARNING "cciss: cmd %p was "
3124                        "aborted\n", cmd);
3125                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3126                         cmd->err_info->CommandStatus, DRIVER_OK,
3127                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
3128                 break;
3129         case CMD_ABORT_FAILED:
3130                 printk(KERN_WARNING "cciss: cmd %p reports "
3131                        "abort failed\n", cmd);
3132                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3133                         cmd->err_info->CommandStatus, DRIVER_OK,
3134                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3135                 break;
3136         case CMD_UNSOLICITED_ABORT:
3137                 printk(KERN_WARNING "cciss%d: unsolicited "
3138                        "abort %p\n", h->ctlr, cmd);
3139                 if (cmd->retry_count < MAX_CMD_RETRIES) {
3140                         retry_cmd = 1;
3141                         printk(KERN_WARNING
3142                                "cciss%d: retrying %p\n", h->ctlr, cmd);
3143                         cmd->retry_count++;
3144                 } else
3145                         printk(KERN_WARNING
3146                                "cciss%d: %p retried too "
3147                                "many times\n", h->ctlr, cmd);
3148                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3149                         cmd->err_info->CommandStatus, DRIVER_OK,
3150                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ABORT);
3151                 break;
3152         case CMD_TIMEOUT:
3153                 printk(KERN_WARNING "cciss: cmd %p timedout\n", cmd);
3154                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3155                         cmd->err_info->CommandStatus, DRIVER_OK,
3156                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3157                 break;
3158         default:
3159                 printk(KERN_WARNING "cciss: cmd %p returned "
3160                        "unknown status %x\n", cmd,
3161                        cmd->err_info->CommandStatus);
3162                 rq->errors = make_status_bytes(SAM_STAT_GOOD,
3163                         cmd->err_info->CommandStatus, DRIVER_OK,
3164                         blk_pc_request(cmd->rq) ? DID_PASSTHROUGH : DID_ERROR);
3165         }
3166
3167 after_error_processing:
3168
3169         /* We need to return this command */
3170         if (retry_cmd) {
3171                 resend_cciss_cmd(h, cmd);
3172                 return;
3173         }
3174         cmd->rq->completion_data = cmd;
3175         blk_complete_request(cmd->rq);
3176 }
3177
3178 /*
3179  * Get a request and submit it to the controller.
3180  */
3181 static void do_cciss_request(struct request_queue *q)
3182 {
3183         ctlr_info_t *h = q->queuedata;
3184         CommandList_struct *c;
3185         sector_t start_blk;
3186         int seg;
3187         struct request *creq;
3188         u64bit temp64;
3189         struct scatterlist tmp_sg[MAXSGENTRIES];
3190         drive_info_struct *drv;
3191         int i, dir;
3192
3193         /* We call start_io here in case there is a command waiting on the
3194          * queue that has not been sent.
3195          */
3196         if (blk_queue_plugged(q))
3197                 goto startio;
3198
3199       queue:
3200         creq = blk_peek_request(q);
3201         if (!creq)
3202                 goto startio;
3203
3204         BUG_ON(creq->nr_phys_segments > MAXSGENTRIES);
3205
3206         if ((c = cmd_alloc(h, 1)) == NULL)
3207                 goto full;
3208
3209         blk_start_request(creq);
3210
3211         spin_unlock_irq(q->queue_lock);
3212
3213         c->cmd_type = CMD_RWREQ;
3214         c->rq = creq;
3215
3216         /* fill in the request */
3217         drv = creq->rq_disk->private_data;
3218         c->Header.ReplyQueue = 0;       // unused in simple mode
3219         /* got command from pool, so use the command block index instead */
3220         /* for direct lookups. */
3221         /* The first 2 bits are reserved for controller error reporting. */
3222         c->Header.Tag.lower = (c->cmdindex << 3);
3223         c->Header.Tag.lower |= 0x04;    /* flag for direct lookup. */
3224         memcpy(&c->Header.LUN, drv->LunID, sizeof(drv->LunID));
3225         c->Request.CDBLen = 10; // 12 byte commands not in FW yet;
3226         c->Request.Type.Type = TYPE_CMD;        // It is a command.
3227         c->Request.Type.Attribute = ATTR_SIMPLE;
3228         c->Request.Type.Direction =
3229             (rq_data_dir(creq) == READ) ? XFER_READ : XFER_WRITE;
3230         c->Request.Timeout = 0; // Don't time out
3231         c->Request.CDB[0] =
3232             (rq_data_dir(creq) == READ) ? h->cciss_read : h->cciss_write;
3233         start_blk = blk_rq_pos(creq);
3234 #ifdef CCISS_DEBUG
3235         printk(KERN_DEBUG "ciss: sector =%d nr_sectors=%d\n",
3236                (int)blk_rq_pos(creq), (int)blk_rq_sectors(creq));
3237 #endif                          /* CCISS_DEBUG */
3238
3239         sg_init_table(tmp_sg, MAXSGENTRIES);
3240         seg = blk_rq_map_sg(q, creq, tmp_sg);
3241
3242         /* get the DMA records for the setup */
3243         if (c->Request.Type.Direction == XFER_READ)
3244                 dir = PCI_DMA_FROMDEVICE;
3245         else
3246                 dir = PCI_DMA_TODEVICE;
3247
3248         for (i = 0; i < seg; i++) {
3249                 c->SG[i].Len = tmp_sg[i].length;
3250                 temp64.val = (__u64) pci_map_page(h->pdev, sg_page(&tmp_sg[i]),
3251                                                   tmp_sg[i].offset,
3252                                                   tmp_sg[i].length, dir);
3253                 c->SG[i].Addr.lower = temp64.val32.lower;
3254                 c->SG[i].Addr.upper = temp64.val32.upper;
3255                 c->SG[i].Ext = 0;       // we are not chaining
3256         }
3257         /* track how many SG entries we are using */
3258         if (seg > h->maxSG)
3259                 h->maxSG = seg;
3260
3261 #ifdef CCISS_DEBUG
3262         printk(KERN_DEBUG "cciss: Submitting %u sectors in %d segments\n",
3263                blk_rq_sectors(creq), seg);
3264 #endif                          /* CCISS_DEBUG */
3265
3266         c->Header.SGList = c->Header.SGTotal = seg;
3267         if (likely(blk_fs_request(creq))) {
3268                 if(h->cciss_read == CCISS_READ_10) {
3269                         c->Request.CDB[1] = 0;
3270                         c->Request.CDB[2] = (start_blk >> 24) & 0xff;   //MSB
3271                         c->Request.CDB[3] = (start_blk >> 16) & 0xff;
3272                         c->Request.CDB[4] = (start_blk >> 8) & 0xff;
3273                         c->Request.CDB[5] = start_blk & 0xff;
3274                         c->Request.CDB[6] = 0;  // (sect >> 24) & 0xff; MSB
3275                         c->Request.CDB[7] = (blk_rq_sectors(creq) >> 8) & 0xff;
3276                         c->Request.CDB[8] = blk_rq_sectors(creq) & 0xff;
3277                         c->Request.CDB[9] = c->Request.CDB[11] = c->Request.CDB[12] = 0;
3278                 } else {
3279                         u32 upper32 = upper_32_bits(start_blk);
3280
3281                         c->Request.CDBLen = 16;
3282                         c->Request.CDB[1]= 0;
3283                         c->Request.CDB[2]= (upper32 >> 24) & 0xff;      //MSB
3284                         c->Request.CDB[3]= (upper32 >> 16) & 0xff;
3285                         c->Request.CDB[4]= (upper32 >>  8) & 0xff;
3286                         c->Request.CDB[5]= upper32 & 0xff;
3287                         c->Request.CDB[6]= (start_blk >> 24) & 0xff;
3288                         c->Request.CDB[7]= (start_blk >> 16) & 0xff;
3289                         c->Request.CDB[8]= (start_blk >>  8) & 0xff;
3290                         c->Request.CDB[9]= start_blk & 0xff;
3291                         c->Request.CDB[10]= (blk_rq_sectors(creq) >> 24) & 0xff;
3292                         c->Request.CDB[11]= (blk_rq_sectors(creq) >> 16) & 0xff;
3293                         c->Request.CDB[12]= (blk_rq_sectors(creq) >>  8) & 0xff;
3294                         c->Request.CDB[13]= blk_rq_sectors(creq) & 0xff;
3295                         c->Request.CDB[14] = c->Request.CDB[15] = 0;
3296                 }
3297         } else if (blk_pc_request(creq)) {
3298                 c->Request.CDBLen = creq->cmd_len;
3299                 memcpy(c->Request.CDB, creq->cmd, BLK_MAX_CDB);
3300         } else {
3301                 printk(KERN_WARNING "cciss%d: bad request type %d\n", h->ctlr, creq->cmd_type);
3302                 BUG();
3303         }
3304
3305         spin_lock_irq(q->queue_lock);
3306
3307         addQ(&h->reqQ, c);
3308         h->Qdepth++;
3309         if (h->Qdepth > h->maxQsinceinit)
3310                 h->maxQsinceinit = h->Qdepth;
3311
3312         goto queue;
3313 full:
3314         blk_stop_queue(q);
3315 startio:
3316         /* We will already have the driver lock here so not need
3317          * to lock it.
3318          */
3319         start_io(h);
3320 }
3321
3322 static inline unsigned long get_next_completion(ctlr_info_t *h)
3323 {
3324         return h->access.command_completed(h);
3325 }
3326
3327 static inline int interrupt_pending(ctlr_info_t *h)
3328 {
3329         return h->access.intr_pending(h);
3330 }
3331
3332 static inline long interrupt_not_for_us(ctlr_info_t *h)
3333 {
3334         return (((h->access.intr_pending(h) == 0) ||
3335                  (h->interrupts_enabled == 0)));
3336 }
3337
3338 static irqreturn_t do_cciss_intr(int irq, void *dev_id)
3339 {
3340         ctlr_info_t *h = dev_id;
3341         CommandList_struct *c;
3342         unsigned long flags;
3343         __u32 a, a1, a2;
3344
3345         if (interrupt_not_for_us(h))
3346                 return IRQ_NONE;
3347         /*
3348          * If there are completed commands in the completion queue,
3349          * we had better do something about it.
3350          */
3351         spin_lock_irqsave(CCISS_LOCK(h->ctlr), flags);
3352         while (interrupt_pending(h)) {
3353                 while ((a = get_next_completion(h)) != FIFO_EMPTY) {
3354                         a1 = a;
3355                         if ((a & 0x04)) {
3356                                 a2 = (a >> 3);
3357                                 if (a2 >= h->nr_cmds) {
3358                                         printk(KERN_WARNING
3359                                                "cciss: controller cciss%d failed, stopping.\n",
3360                                                h->ctlr);
3361                                         fail_all_cmds(h->ctlr);
3362                                         return IRQ_HANDLED;
3363                                 }
3364
3365                                 c = h->cmd_pool + a2;
3366                                 a = c->busaddr;
3367
3368                         } else {
3369                                 struct hlist_node *tmp;
3370
3371                                 a &= ~3;
3372                                 c = NULL;
3373                                 hlist_for_each_entry(c, tmp, &h->cmpQ, list) {
3374                                         if (c->busaddr == a)
3375                                                 break;
3376                                 }
3377                         }
3378                         /*
3379                          * If we've found the command, take it off the
3380                          * completion Q and free it
3381                          */
3382                         if (c && c->busaddr == a) {
3383                                 removeQ(c);
3384                                 if (c->cmd_type == CMD_RWREQ) {
3385                                         complete_command(h, c, 0);
3386                                 } else if (c->cmd_type == CMD_IOCTL_PEND) {
3387                                         complete(c->waiting);
3388                                 }
3389 #                               ifdef CONFIG_CISS_SCSI_TAPE
3390                                 else if (c->cmd_type == CMD_SCSI)
3391                                         complete_scsi_command(c, 0, a1);
3392 #                               endif
3393                                 continue;
3394                         }
3395                 }
3396         }
3397
3398         spin_unlock_irqrestore(CCISS_LOCK(h->ctlr), flags);
3399         return IRQ_HANDLED;
3400 }
3401
3402 /**
3403  * add_to_scan_list() - add controller to rescan queue
3404  * @h:                Pointer to the controller.
3405  *
3406  * Adds the controller to the rescan queue if not already on the queue.
3407  *
3408  * returns 1 if added to the queue, 0 if skipped (could be on the
3409  * queue already, or the controller could be initializing or shutting
3410  * down).
3411  **/
3412 static int add_to_scan_list(struct ctlr_info *h)
3413 {
3414         struct ctlr_info *test_h;
3415         int found = 0;
3416         int ret = 0;
3417
3418         if (h->busy_initializing)
3419                 return 0;
3420
3421         if (!mutex_trylock(&h->busy_shutting_down))
3422                 return 0;
3423
3424         mutex_lock(&scan_mutex);
3425         list_for_each_entry(test_h, &scan_q, scan_list) {
3426                 if (test_h == h) {
3427                         found = 1;
3428                         break;
3429                 }
3430         }
3431         if (!found && !h->busy_scanning) {
3432                 INIT_COMPLETION(h->scan_wait);
3433                 list_add_tail(&h->scan_list, &scan_q);
3434                 ret = 1;
3435         }
3436         mutex_unlock(&scan_mutex);
3437         mutex_unlock(&h->busy_shutting_down);
3438
3439         return ret;
3440 }
3441
3442 /**
3443  * remove_from_scan_list() - remove controller from rescan queue
3444  * @h:                     Pointer to the controller.
3445  *
3446  * Removes the controller from the rescan queue if present. Blocks if
3447  * the controller is currently conducting a rescan.
3448  **/
3449 static void remove_from_scan_list(struct ctlr_info *h)
3450 {
3451         struct ctlr_info *test_h, *tmp_h;
3452         int scanning = 0;
3453
3454         mutex_lock(&scan_mutex);
3455         list_for_each_entry_safe(test_h, tmp_h, &scan_q, scan_list) {
3456                 if (test_h == h) {
3457                         list_del(&h->scan_list);
3458                         complete_all(&h->scan_wait);
3459                         mutex_unlock(&scan_mutex);
3460                         return;
3461                 }
3462         }
3463         if (&h->busy_scanning)
3464                 scanning = 0;
3465         mutex_unlock(&scan_mutex);
3466
3467         if (scanning)
3468                 wait_for_completion(&h->scan_wait);
3469 }
3470
3471 /**
3472  * scan_thread() - kernel thread used to rescan controllers
3473  * @data:        Ignored.
3474  *
3475  * A kernel thread used scan for drive topology changes on
3476  * controllers. The thread processes only one controller at a time
3477  * using a queue.  Controllers are added to the queue using
3478  * add_to_scan_list() and removed from the queue either after done
3479  * processing or using remove_from_scan_list().
3480  *
3481  * returns 0.
3482  **/
3483 static int scan_thread(void *data)
3484 {
3485         struct ctlr_info *h;
3486
3487         while (1) {
3488                 set_current_state(TASK_INTERRUPTIBLE);
3489                 schedule();
3490                 if (kthread_should_stop())
3491                         break;
3492
3493                 while (1) {
3494                         mutex_lock(&scan_mutex);
3495                         if (list_empty(&scan_q)) {
3496                                 mutex_unlock(&scan_mutex);
3497                                 break;
3498                         }
3499
3500                         h = list_entry(scan_q.next,
3501                                        struct ctlr_info,
3502                                        scan_list);
3503                         list_del(&h->scan_list);
3504                         h->busy_scanning = 1;
3505                         mutex_unlock(&scan_mutex);
3506
3507                         if (h) {
3508                                 rebuild_lun_table(h, 0, 0);
3509                                 complete_all(&h->scan_wait);
3510                                 mutex_lock(&scan_mutex);
3511                                 h->busy_scanning = 0;
3512                                 mutex_unlock(&scan_mutex);
3513                         }
3514                 }
3515         }
3516
3517         return 0;
3518 }
3519
3520 static int check_for_unit_attention(ctlr_info_t *h, CommandList_struct *c)
3521 {
3522         if (c->err_info->SenseInfo[2] != UNIT_ATTENTION)
3523                 return 0;
3524
3525         switch (c->err_info->SenseInfo[12]) {
3526         case STATE_CHANGED:
3527                 printk(KERN_WARNING "cciss%d: a state change "
3528                         "detected, command retried\n", h->ctlr);
3529                 return 1;
3530         break;
3531         case LUN_FAILED:
3532                 printk(KERN_WARNING "cciss%d: LUN failure "
3533                         "detected, action required\n", h->ctlr);
3534                 return 1;
3535         break;
3536         case REPORT_LUNS_CHANGED:
3537                 printk(KERN_WARNING "cciss%d: report LUN data "
3538                         "changed\n", h->ctlr);
3539                 add_to_scan_list(h);
3540                 wake_up_process(cciss_scan_thread);
3541                 return 1;
3542         break;
3543         case POWER_OR_RESET:
3544                 printk(KERN_WARNING "cciss%d: a power on "
3545                         "or device reset detected\n", h->ctlr);
3546                 return 1;
3547         break;
3548         case UNIT_ATTENTION_CLEARED:
3549                 printk(KERN_WARNING "cciss%d: unit attention "
3550                     "cleared by another initiator\n", h->ctlr);
3551                 return 1;
3552         break;
3553         default:
3554                 printk(KERN_WARNING "cciss%d: unknown "
3555                         "unit attention detected\n", h->ctlr);
3556                                 return 1;
3557         }
3558 }
3559
3560 /*
3561  *  We cannot read the structure directly, for portability we must use
3562  *   the io functions.
3563  *   This is for debug only.
3564  */
3565 #ifdef CCISS_DEBUG
3566 static void print_cfg_table(CfgTable_struct *tb)
3567 {
3568         int i;
3569         char temp_name[17];
3570
3571         printk("Controller Configuration information\n");
3572         printk("------------------------------------\n");
3573         for (i = 0; i < 4; i++)
3574                 temp_name[i] = readb(&(tb->Signature[i]));
3575         temp_name[4] = '\0';
3576         printk("   Signature = %s\n", temp_name);
3577         printk("   Spec Number = %d\n", readl(&(tb->SpecValence)));
3578         printk("   Transport methods supported = 0x%x\n",
3579                readl(&(tb->TransportSupport)));
3580         printk("   Transport methods active = 0x%x\n",
3581                readl(&(tb->TransportActive)));
3582         printk("   Requested transport Method = 0x%x\n",
3583                readl(&(tb->HostWrite.TransportRequest)));
3584         printk("   Coalesce Interrupt Delay = 0x%x\n",
3585                readl(&(tb->HostWrite.CoalIntDelay)));
3586         printk("   Coalesce Interrupt Count = 0x%x\n",
3587                readl(&(tb->HostWrite.CoalIntCount)));
3588         printk("   Max outstanding commands = 0x%d\n",
3589                readl(&(tb->CmdsOutMax)));
3590         printk("   Bus Types = 0x%x\n", readl(&(tb->BusTypes)));
3591         for (i = 0; i < 16; i++)
3592                 temp_name[i] = readb(&(tb->ServerName[i]));
3593         temp_name[16] = '\0';
3594         printk("   Server Name = %s\n", temp_name);
3595         printk("   Heartbeat Counter = 0x%x\n\n\n", readl(&(tb->HeartBeat)));
3596 }
3597 #endif                          /* CCISS_DEBUG */
3598
3599 static int find_PCI_BAR_index(struct pci_dev *pdev, unsigned long pci_bar_addr)
3600 {
3601         int i, offset, mem_type, bar_type;
3602         if (pci_bar_addr == PCI_BASE_ADDRESS_0) /* looking for BAR zero? */
3603                 return 0;
3604         offset = 0;
3605         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3606                 bar_type = pci_resource_flags(pdev, i) & PCI_BASE_ADDRESS_SPACE;
3607                 if (bar_type == PCI_BASE_ADDRESS_SPACE_IO)
3608                         offset += 4;
3609                 else {
3610                         mem_type = pci_resource_flags(pdev, i) &
3611                             PCI_BASE_ADDRESS_MEM_TYPE_MASK;
3612                         switch (mem_type) {
3613                         case PCI_BASE_ADDRESS_MEM_TYPE_32:
3614                         case PCI_BASE_ADDRESS_MEM_TYPE_1M:
3615                                 offset += 4;    /* 32 bit */
3616                                 break;
3617                         case PCI_BASE_ADDRESS_MEM_TYPE_64:
3618                                 offset += 8;
3619                                 break;
3620                         default:        /* reserved in PCI 2.2 */
3621                                 printk(KERN_WARNING
3622                                        "Base address is invalid\n");
3623                                 return -1;
3624                                 break;
3625                         }
3626                 }
3627                 if (offset == pci_bar_addr - PCI_BASE_ADDRESS_0)
3628                         return i + 1;
3629         }
3630         return -1;
3631 }
3632
3633 /* If MSI/MSI-X is supported by the kernel we will try to enable it on
3634  * controllers that are capable. If not, we use IO-APIC mode.
3635  */
3636
3637 static void __devinit cciss_interrupt_mode(ctlr_info_t *c,
3638                                            struct pci_dev *pdev, __u32 board_id)
3639 {
3640 #ifdef CONFIG_PCI_MSI
3641         int err;
3642         struct msix_entry cciss_msix_entries[4] = { {0, 0}, {0, 1},
3643         {0, 2}, {0, 3}
3644         };
3645
3646         /* Some boards advertise MSI but don't really support it */
3647         if ((board_id == 0x40700E11) ||
3648             (board_id == 0x40800E11) ||
3649             (board_id == 0x40820E11) || (board_id == 0x40830E11))
3650                 goto default_int_mode;
3651
3652         if (pci_find_capability(pdev, PCI_CAP_ID_MSIX)) {
3653                 err = pci_enable_msix(pdev, cciss_msix_entries, 4);
3654                 if (!err) {
3655                         c->intr[0] = cciss_msix_entries[0].vector;
3656                         c->intr[1] = cciss_msix_entries[1].vector;
3657                         c->intr[2] = cciss_msix_entries[2].vector;
3658                         c->intr[3] = cciss_msix_entries[3].vector;
3659                         c->msix_vector = 1;
3660                         return;
3661                 }
3662                 if (err > 0) {
3663                         printk(KERN_WARNING "cciss: only %d MSI-X vectors "
3664                                "available\n", err);
3665                         goto default_int_mode;
3666                 } else {
3667                         printk(KERN_WARNING "cciss: MSI-X init failed %d\n",
3668                                err);
3669                         goto default_int_mode;
3670                 }
3671         }
3672         if (pci_find_capability(pdev, PCI_CAP_ID_MSI)) {
3673                 if (!pci_enable_msi(pdev)) {
3674                         c->msi_vector = 1;
3675                 } else {
3676                         printk(KERN_WARNING "cciss: MSI init failed\n");
3677                 }
3678         }
3679 default_int_mode:
3680 #endif                          /* CONFIG_PCI_MSI */
3681         /* if we get here we're going to use the default interrupt mode */
3682         c->intr[SIMPLE_MODE_INT] = pdev->irq;
3683         return;
3684 }
3685
3686 static int __devinit cciss_pci_init(ctlr_info_t *c, struct pci_dev *pdev)
3687 {
3688         ushort subsystem_vendor_id, subsystem_device_id, command;
3689         __u32 board_id, scratchpad = 0;
3690         __u64 cfg_offset;
3691         __u32 cfg_base_addr;
3692         __u64 cfg_base_addr_index;
3693         int i, err;
3694
3695         /* check to see if controller has been disabled */
3696         /* BEFORE trying to enable it */
3697         (void)pci_read_config_word(pdev, PCI_COMMAND, &command);
3698         if (!(command & 0x02)) {
3699                 printk(KERN_WARNING
3700                        "cciss: controller appears to be disabled\n");
3701                 return -ENODEV;
3702         }
3703
3704         err = pci_enable_device(pdev);
3705         if (err) {
3706                 printk(KERN_ERR "cciss: Unable to Enable PCI device\n");
3707                 return err;
3708         }
3709
3710         err = pci_request_regions(pdev, "cciss");
3711         if (err) {
3712                 printk(KERN_ERR "cciss: Cannot obtain PCI resources, "
3713                        "aborting\n");
3714                 return err;
3715         }
3716
3717         subsystem_vendor_id = pdev->subsystem_vendor;
3718         subsystem_device_id = pdev->subsystem_device;
3719         board_id = (((__u32) (subsystem_device_id << 16) & 0xffff0000) |
3720                     subsystem_vendor_id);
3721
3722 #ifdef CCISS_DEBUG
3723         printk("command = %x\n", command);
3724         printk("irq = %x\n", pdev->irq);
3725         printk("board_id = %x\n", board_id);
3726 #endif                          /* CCISS_DEBUG */
3727
3728 /* If the kernel supports MSI/MSI-X we will try to enable that functionality,
3729  * else we use the IO-APIC interrupt assigned to us by system ROM.
3730  */
3731         cciss_interrupt_mode(c, pdev, board_id);
3732
3733         /* find the memory BAR */
3734         for (i = 0; i < DEVICE_COUNT_RESOURCE; i++) {
3735                 if (pci_resource_flags(pdev, i) & IORESOURCE_MEM)
3736                         break;
3737         }
3738         if (i == DEVICE_COUNT_RESOURCE) {
3739                 printk(KERN_WARNING "cciss: No memory BAR found\n");
3740                 err = -ENODEV;
3741                 goto err_out_free_res;
3742         }
3743
3744         c->paddr = pci_resource_start(pdev, i); /* addressing mode bits
3745                                                  * already removed
3746                                                  */
3747
3748 #ifdef CCISS_DEBUG
3749         printk("address 0 = %lx\n", c->paddr);
3750 #endif                          /* CCISS_DEBUG */
3751         c->vaddr = remap_pci_mem(c->paddr, 0x250);
3752
3753         /* Wait for the board to become ready.  (PCI hotplug needs this.)
3754          * We poll for up to 120 secs, once per 100ms. */
3755         for (i = 0; i < 1200; i++) {
3756                 scratchpad = readl(c->vaddr + SA5_SCRATCHPAD_OFFSET);
3757                 if (scratchpad == CCISS_FIRMWARE_READY)
3758                         break;
3759                 set_current_state(TASK_INTERRUPTIBLE);
3760                 schedule_timeout(msecs_to_jiffies(100));        /* wait 100ms */
3761         }
3762         if (scratchpad != CCISS_FIRMWARE_READY) {
3763                 printk(KERN_WARNING "cciss: Board not ready.  Timed out.\n");
3764                 err = -ENODEV;
3765                 goto err_out_free_res;
3766         }
3767
3768         /* get the address index number */
3769         cfg_base_addr = readl(c->vaddr + SA5_CTCFG_OFFSET);
3770         cfg_base_addr &= (__u32) 0x0000ffff;
3771 #ifdef CCISS_DEBUG
3772         printk("cfg base address = %x\n", cfg_base_addr);
3773 #endif                          /* CCISS_DEBUG */
3774         cfg_base_addr_index = find_PCI_BAR_index(pdev, cfg_base_addr);
3775 #ifdef CCISS_DEBUG
3776         printk("cfg base address index = %llx\n",
3777                 (unsigned long long)cfg_base_addr_index);
3778 #endif                          /* CCISS_DEBUG */
3779         if (cfg_base_addr_index == -1) {
3780                 printk(KERN_WARNING "cciss: Cannot find cfg_base_addr_index\n");
3781                 err = -ENODEV;
3782                 goto err_out_free_res;
3783         }
3784
3785         cfg_offset = readl(c->vaddr + SA5_CTMEM_OFFSET);
3786 #ifdef CCISS_DEBUG
3787         printk("cfg offset = %llx\n", (unsigned long long)cfg_offset);
3788 #endif                          /* CCISS_DEBUG */
3789         c->cfgtable = remap_pci_mem(pci_resource_start(pdev,
3790                                                        cfg_base_addr_index) +
3791                                     cfg_offset, sizeof(CfgTable_struct));
3792         c->board_id = board_id;
3793
3794 #ifdef CCISS_DEBUG
3795         print_cfg_table(c->cfgtable);
3796 #endif                          /* CCISS_DEBUG */
3797
3798         /* Some controllers support Zero Memory Raid (ZMR).
3799          * When configured in ZMR mode the number of supported
3800          * commands drops to 64. So instead of just setting an
3801          * arbitrary value we make the driver a little smarter.
3802          * We read the config table to tell us how many commands
3803          * are supported on the controller then subtract 4 to
3804          * leave a little room for ioctl calls.
3805          */
3806         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3807         for (i = 0; i < ARRAY_SIZE(products); i++) {
3808                 if (board_id == products[i].board_id) {
3809                         c->product_name = products[i].product_name;
3810                         c->access = *(products[i].access);
3811                         c->nr_cmds = c->max_commands - 4;
3812                         break;
3813                 }
3814         }
3815         if ((readb(&c->cfgtable->Signature[0]) != 'C') ||
3816             (readb(&c->cfgtable->Signature[1]) != 'I') ||
3817             (readb(&c->cfgtable->Signature[2]) != 'S') ||
3818             (readb(&c->cfgtable->Signature[3]) != 'S')) {
3819                 printk("Does not appear to be a valid CISS config table\n");
3820                 err = -ENODEV;
3821                 goto err_out_free_res;
3822         }
3823         /* We didn't find the controller in our list. We know the
3824          * signature is valid. If it's an HP device let's try to
3825          * bind to the device and fire it up. Otherwise we bail.
3826          */
3827         if (i == ARRAY_SIZE(products)) {
3828                 if (subsystem_vendor_id == PCI_VENDOR_ID_HP) {
3829                         c->product_name = products[i-1].product_name;
3830                         c->access = *(products[i-1].access);
3831                         c->nr_cmds = c->max_commands - 4;
3832                         printk(KERN_WARNING "cciss: This is an unknown "
3833                                 "Smart Array controller.\n"
3834                                 "cciss: Please update to the latest driver "
3835                                 "available from www.hp.com.\n");
3836                 } else {
3837                         printk(KERN_WARNING "cciss: Sorry, I don't know how"
3838                                 " to access the Smart Array controller %08lx\n"
3839                                         , (unsigned long)board_id);
3840                         err = -ENODEV;
3841                         goto err_out_free_res;
3842                 }
3843         }
3844 #ifdef CONFIG_X86
3845         {
3846                 /* Need to enable prefetch in the SCSI core for 6400 in x86 */
3847                 __u32 prefetch;
3848                 prefetch = readl(&(c->cfgtable->SCSI_Prefetch));
3849                 prefetch |= 0x100;
3850                 writel(prefetch, &(c->cfgtable->SCSI_Prefetch));
3851         }
3852 #endif
3853
3854         /* Disabling DMA prefetch and refetch for the P600.
3855          * An ASIC bug may result in accesses to invalid memory addresses.
3856          * We've disabled prefetch for some time now. Testing with XEN
3857          * kernels revealed a bug in the refetch if dom0 resides on a P600.
3858          */
3859         if(board_id == 0x3225103C) {
3860                 __u32 dma_prefetch;
3861                 __u32 dma_refetch;
3862                 dma_prefetch = readl(c->vaddr + I2O_DMA1_CFG);
3863                 dma_prefetch |= 0x8000;
3864                 writel(dma_prefetch, c->vaddr + I2O_DMA1_CFG);
3865                 pci_read_config_dword(pdev, PCI_COMMAND_PARITY, &dma_refetch);
3866                 dma_refetch |= 0x1;
3867                 pci_write_config_dword(pdev, PCI_COMMAND_PARITY, dma_refetch);
3868         }
3869
3870 #ifdef CCISS_DEBUG
3871         printk("Trying to put board into Simple mode\n");
3872 #endif                          /* CCISS_DEBUG */
3873         c->max_commands = readl(&(c->cfgtable->CmdsOutMax));
3874         /* Update the field, and then ring the doorbell */
3875         writel(CFGTBL_Trans_Simple, &(c->cfgtable->HostWrite.TransportRequest));
3876         writel(CFGTBL_ChangeReq, c->vaddr + SA5_DOORBELL);
3877
3878         /* under certain very rare conditions, this can take awhile.
3879          * (e.g.: hot replace a failed 144GB drive in a RAID 5 set right
3880          * as we enter this code.) */
3881         for (i = 0; i < MAX_CONFIG_WAIT; i++) {
3882                 if (!(readl(c->vaddr + SA5_DOORBELL) & CFGTBL_ChangeReq))
3883                         break;
3884                 /* delay and try again */
3885                 set_current_state(TASK_INTERRUPTIBLE);
3886                 schedule_timeout(msecs_to_jiffies(1));
3887         }
3888
3889 #ifdef CCISS_DEBUG
3890         printk(KERN_DEBUG "I counter got to %d %x\n", i,
3891                readl(c->vaddr + SA5_DOORBELL));
3892 #endif                          /* CCISS_DEBUG */
3893 #ifdef CCISS_DEBUG
3894         print_cfg_table(c->cfgtable);
3895 #endif                          /* CCISS_DEBUG */
3896
3897         if (!(readl(&(c->cfgtable->TransportActive)) & CFGTBL_Trans_Simple)) {
3898                 printk(KERN_WARNING "cciss: unable to get board into"
3899                        " simple mode\n");
3900                 err = -ENODEV;
3901                 goto err_out_free_res;
3902         }
3903         return 0;
3904
3905 err_out_free_res:
3906         /*
3907          * Deliberately omit pci_disable_device(): it does something nasty to
3908          * Smart Array controllers that pci_enable_device does not undo
3909          */
3910         pci_release_regions(pdev);
3911         return err;
3912 }
3913
3914 /* Function to find the first free pointer into our hba[] array
3915  * Returns -1 if no free entries are left.
3916  */
3917 static int alloc_cciss_hba(void)
3918 {
3919         int i;
3920
3921         for (i = 0; i < MAX_CTLR; i++) {
3922                 if (!hba[i]) {
3923                         ctlr_info_t *p;
3924
3925                         p = kzalloc(sizeof(ctlr_info_t), GFP_KERNEL);
3926                         if (!p)
3927                                 goto Enomem;
3928                         hba[i] = p;
3929                         return i;
3930                 }
3931         }
3932         printk(KERN_WARNING "cciss: This driver supports a maximum"
3933                " of %d controllers.\n", MAX_CTLR);
3934         return -1;
3935 Enomem:
3936         printk(KERN_ERR "cciss: out of memory.\n");
3937         return -1;
3938 }
3939
3940 static void free_hba(int n)
3941 {
3942         ctlr_info_t *h = hba[n];
3943         int i;
3944
3945         hba[n] = NULL;
3946         for (i = 0; i < h->highest_lun + 1; i++)
3947                 if (h->gendisk[i] != NULL)
3948                         put_disk(h->gendisk[i]);
3949         kfree(h);
3950 }
3951
3952 /* Send a message CDB to the firmware. */
3953 static __devinit int cciss_message(struct pci_dev *pdev, unsigned char opcode, unsigned char type)
3954 {
3955         typedef struct {
3956                 CommandListHeader_struct CommandHeader;
3957                 RequestBlock_struct Request;
3958                 ErrDescriptor_struct ErrorDescriptor;
3959         } Command;
3960         static const size_t cmd_sz = sizeof(Command) + sizeof(ErrorInfo_struct);
3961         Command *cmd;
3962         dma_addr_t paddr64;
3963         uint32_t paddr32, tag;
3964         void __iomem *vaddr;
3965         int i, err;
3966
3967         vaddr = ioremap_nocache(pci_resource_start(pdev, 0), pci_resource_len(pdev, 0));
3968         if (vaddr == NULL)
3969                 return -ENOMEM;
3970
3971         /* The Inbound Post Queue only accepts 32-bit physical addresses for the
3972            CCISS commands, so they must be allocated from the lower 4GiB of
3973            memory. */
3974         err = pci_set_consistent_dma_mask(pdev, DMA_BIT_MASK(32));
3975         if (err) {
3976                 iounmap(vaddr);
3977                 return -ENOMEM;
3978         }
3979
3980         cmd = pci_alloc_consistent(pdev, cmd_sz, &paddr64);
3981         if (cmd == NULL) {
3982                 iounmap(vaddr);
3983                 return -ENOMEM;
3984         }
3985
3986         /* This must fit, because of the 32-bit consistent DMA mask.  Also,
3987            although there's no guarantee, we assume that the address is at
3988            least 4-byte aligned (most likely, it's page-aligned). */
3989         paddr32 = paddr64;
3990
3991         cmd->CommandHeader.ReplyQueue = 0;
3992         cmd->CommandHeader.SGList = 0;
3993         cmd->CommandHeader.SGTotal = 0;
3994         cmd->CommandHeader.Tag.lower = paddr32;
3995         cmd->CommandHeader.Tag.upper = 0;
3996         memset(&cmd->CommandHeader.LUN.LunAddrBytes, 0, 8);
3997
3998         cmd->Request.CDBLen = 16;
3999         cmd->Request.Type.Type = TYPE_MSG;
4000         cmd->Request.Type.Attribute = ATTR_HEADOFQUEUE;
4001         cmd->Request.Type.Direction = XFER_NONE;
4002         cmd->Request.Timeout = 0; /* Don't time out */
4003         cmd->Request.CDB[0] = opcode;
4004         cmd->Request.CDB[1] = type;
4005         memset(&cmd->Request.CDB[2], 0, 14); /* the rest of the CDB is reserved */
4006
4007         cmd->ErrorDescriptor.Addr.lower = paddr32 + sizeof(Command);
4008         cmd->ErrorDescriptor.Addr.upper = 0;
4009         cmd->ErrorDescriptor.Len = sizeof(ErrorInfo_struct);
4010
4011         writel(paddr32, vaddr + SA5_REQUEST_PORT_OFFSET);
4012
4013         for (i = 0; i < 10; i++) {
4014                 tag = readl(vaddr + SA5_REPLY_PORT_OFFSET);
4015                 if ((tag & ~3) == paddr32)
4016                         break;
4017                 schedule_timeout_uninterruptible(HZ);
4018         }
4019
4020         iounmap(vaddr);
4021
4022         /* we leak the DMA buffer here ... no choice since the controller could
4023            still complete the command. */
4024         if (i == 10) {
4025                 printk(KERN_ERR "cciss: controller message %02x:%02x timed out\n",
4026                         opcode, type);
4027                 return -ETIMEDOUT;
4028         }
4029
4030         pci_free_consistent(pdev, cmd_sz, cmd, paddr64);
4031
4032         if (tag & 2) {
4033                 printk(KERN_ERR "cciss: controller message %02x:%02x failed\n",
4034                         opcode, type);
4035                 return -EIO;
4036         }
4037
4038         printk(KERN_INFO "cciss: controller message %02x:%02x succeeded\n",
4039                 opcode, type);
4040         return 0;
4041 }
4042
4043 #define cciss_soft_reset_controller(p) cciss_message(p, 1, 0)
4044 #define cciss_noop(p) cciss_message(p, 3, 0)
4045
4046 static __devinit int cciss_reset_msi(struct pci_dev *pdev)
4047 {
4048 /* the #defines are stolen from drivers/pci/msi.h. */
4049 #define msi_control_reg(base)           (base + PCI_MSI_FLAGS)
4050 #define PCI_MSIX_FLAGS_ENABLE           (1 << 15)
4051
4052         int pos;
4053         u16 control = 0;
4054
4055         pos = pci_find_capability(pdev, PCI_CAP_ID_MSI);
4056         if (pos) {
4057                 pci_read_config_word(pdev, msi_control_reg(pos), &control);
4058                 if (control & PCI_MSI_FLAGS_ENABLE) {
4059                         printk(KERN_INFO "cciss: resetting MSI\n");
4060                         pci_write_config_word(pdev, msi_control_reg(pos), control & ~PCI_MSI_FLAGS_ENABLE);
4061                 }
4062         }
4063
4064         pos = pci_find_capability(pdev, PCI_CAP_ID_MSIX);
4065         if (pos) {
4066                 pci_read_config_word(pdev, msi_control_reg(pos), &control);
4067                 if (control & PCI_MSIX_FLAGS_ENABLE) {
4068                         printk(KERN_INFO "cciss: resetting MSI-X\n");
4069                         pci_write_config_word(pdev, msi_control_reg(pos), control & ~PCI_MSIX_FLAGS_ENABLE);
4070                 }
4071         }
4072
4073         return 0;
4074 }
4075
4076 /* This does a hard reset of the controller using PCI power management
4077  * states. */
4078 static __devinit int cciss_hard_reset_controller(struct pci_dev *pdev)
4079 {
4080         u16 pmcsr, saved_config_space[32];
4081         int i, pos;
4082
4083         printk(KERN_INFO "cciss: using PCI PM to reset controller\n");
4084
4085         /* This is very nearly the same thing as
4086
4087            pci_save_state(pci_dev);
4088            pci_set_power_state(pci_dev, PCI_D3hot);
4089            pci_set_power_state(pci_dev, PCI_D0);
4090            pci_restore_state(pci_dev);
4091
4092            but we can't use these nice canned kernel routines on
4093            kexec, because they also check the MSI/MSI-X state in PCI
4094            configuration space and do the wrong thing when it is
4095            set/cleared.  Also, the pci_save/restore_state functions
4096            violate the ordering requirements for restoring the
4097            configuration space from the CCISS document (see the
4098            comment below).  So we roll our own .... */
4099
4100         for (i = 0; i < 32; i++)
4101                 pci_read_config_word(pdev, 2*i, &saved_config_space[i]);
4102
4103         pos = pci_find_capability(pdev, PCI_CAP_ID_PM);
4104         if (pos == 0) {
4105                 printk(KERN_ERR "cciss_reset_controller: PCI PM not supported\n");
4106                 return -ENODEV;
4107         }
4108
4109         /* Quoting from the Open CISS Specification: "The Power
4110          * Management Control/Status Register (CSR) controls the power
4111          * state of the device.  The normal operating state is D0,
4112          * CSR=00h.  The software off state is D3, CSR=03h.  To reset
4113          * the controller, place the interface device in D3 then to
4114          * D0, this causes a secondary PCI reset which will reset the
4115          * controller." */
4116
4117         /* enter the D3hot power management state */
4118         pci_read_config_word(pdev, pos + PCI_PM_CTRL, &pmcsr);
4119         pmcsr &= ~PCI_PM_CTRL_STATE_MASK;
4120         pmcsr |= PCI_D3hot;
4121         pci_write_config_word(pdev, pos + PCI_PM_CTRL, pmcsr);
4122
4123         schedule_timeout_uninterruptible(HZ >> 1);
4124
4125         /* enter the D0 power management state */
4126         pmcsr &= ~PCI_PM_CTRL_STATE_MASK;
4127         pmcsr |= PCI_D0;
4128         pci_write_config_word(pdev, pos + PCI_PM_CTRL, pmcsr);
4129
4130         schedule_timeout_uninterruptible(HZ >> 1);
4131
4132         /* Restore the PCI configuration space.  The Open CISS
4133          * Specification says, "Restore the PCI Configuration
4134          * Registers, offsets 00h through 60h. It is important to
4135          * restore the command register, 16-bits at offset 04h,
4136          * last. Do not restore the configuration status register,
4137          * 16-bits at offset 06h."  Note that the offset is 2*i. */
4138         for (i = 0; i < 32; i++) {
4139                 if (i == 2 || i == 3)
4140                         continue;
4141                 pci_write_config_word(pdev, 2*i, saved_config_space[i]);
4142         }
4143         wmb();
4144         pci_write_config_word(pdev, 4, saved_config_space[2]);
4145
4146         return 0;
4147 }
4148
4149 /*
4150  *  This is it.  Find all the controllers and register them.  I really hate
4151  *  stealing all these major device numbers.
4152  *  returns the number of block devices registered.
4153  */
4154 static int __devinit cciss_init_one(struct pci_dev *pdev,
4155                                     const struct pci_device_id *ent)
4156 {
4157         int i;
4158         int j = 0;
4159         int rc;
4160         int dac, return_code;
4161         InquiryData_struct *inq_buff;
4162
4163         if (reset_devices) {
4164                 /* Reset the controller with a PCI power-cycle */
4165                 if (cciss_hard_reset_controller(pdev) || cciss_reset_msi(pdev))
4166                         return -ENODEV;
4167
4168                 /* Now try to get the controller to respond to a no-op. Some
4169                    devices (notably the HP Smart Array 5i Controller) need
4170                    up to 30 seconds to respond. */
4171                 for (i=0; i<30; i++) {
4172                         if (cciss_noop(pdev) == 0)
4173                                 break;
4174
4175                         schedule_timeout_uninterruptible(HZ);
4176                 }
4177                 if (i == 30) {
4178                         printk(KERN_ERR "cciss: controller seems dead\n");
4179                         return -EBUSY;
4180                 }
4181         }
4182
4183         i = alloc_cciss_hba();
4184         if (i < 0)
4185                 return -1;
4186
4187         hba[i]->busy_initializing = 1;
4188         INIT_HLIST_HEAD(&hba[i]->cmpQ);
4189         INIT_HLIST_HEAD(&hba[i]->reqQ);
4190         mutex_init(&hba[i]->busy_shutting_down);
4191
4192         if (cciss_pci_init(hba[i], pdev) != 0)
4193                 goto clean0;
4194
4195         sprintf(hba[i]->devname, "cciss%d", i);
4196         hba[i]->ctlr = i;
4197         hba[i]->pdev = pdev;
4198
4199         init_completion(&hba[i]->scan_wait);
4200
4201         if (cciss_create_hba_sysfs_entry(hba[i]))
4202                 goto clean0;
4203
4204         /* configure PCI DMA stuff */
4205         if (!pci_set_dma_mask(pdev, DMA_BIT_MASK(64)))
4206                 dac = 1;
4207         else if (!pci_set_dma_mask(pdev, DMA_BIT_MASK(32)))
4208                 dac = 0;
4209         else {
4210                 printk(KERN_ERR "cciss: no suitable DMA available\n");
4211                 goto clean1;
4212         }
4213
4214         /*
4215          * register with the major number, or get a dynamic major number
4216          * by passing 0 as argument.  This is done for greater than
4217          * 8 controller support.
4218          */
4219         if (i < MAX_CTLR_ORIG)
4220                 hba[i]->major = COMPAQ_CISS_MAJOR + i;
4221         rc = register_blkdev(hba[i]->major, hba[i]->devname);
4222         if (rc == -EBUSY || rc == -EINVAL) {
4223                 printk(KERN_ERR
4224                        "cciss:  Unable to get major number %d for %s "
4225                        "on hba %d\n", hba[i]->major, hba[i]->devname, i);
4226                 goto clean1;
4227         } else {
4228                 if (i >= MAX_CTLR_ORIG)
4229                         hba[i]->major = rc;
4230         }
4231
4232         /* make sure the board interrupts are off */
4233         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_OFF);
4234         if (request_irq(hba[i]->intr[SIMPLE_MODE_INT], do_cciss_intr,
4235                         IRQF_DISABLED | IRQF_SHARED, hba[i]->devname, hba[i])) {
4236                 printk(KERN_ERR "cciss: Unable to get irq %d for %s\n",
4237                        hba[i]->intr[SIMPLE_MODE_INT], hba[i]->devname);
4238                 goto clean2;
4239         }
4240
4241         printk(KERN_INFO "%s: <0x%x> at PCI %s IRQ %d%s using DAC\n",
4242                hba[i]->devname, pdev->device, pci_name(pdev),
4243                hba[i]->intr[SIMPLE_MODE_INT], dac ? "" : " not");
4244
4245         hba[i]->cmd_pool_bits =
4246             kmalloc(DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
4247                         * sizeof(unsigned long), GFP_KERNEL);
4248         hba[i]->cmd_pool = (CommandList_struct *)
4249             pci_alloc_consistent(hba[i]->pdev,
4250                     hba[i]->nr_cmds * sizeof(CommandList_struct),
4251                     &(hba[i]->cmd_pool_dhandle));
4252         hba[i]->errinfo_pool = (ErrorInfo_struct *)
4253             pci_alloc_consistent(hba[i]->pdev,
4254                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
4255                     &(hba[i]->errinfo_pool_dhandle));
4256         if ((hba[i]->cmd_pool_bits == NULL)
4257             || (hba[i]->cmd_pool == NULL)
4258             || (hba[i]->errinfo_pool == NULL)) {
4259                 printk(KERN_ERR "cciss: out of memory");
4260                 goto clean4;
4261         }
4262         spin_lock_init(&hba[i]->lock);
4263
4264         /* Initialize the pdev driver private data.
4265            have it point to hba[i].  */
4266         pci_set_drvdata(pdev, hba[i]);
4267         /* command and error info recs zeroed out before
4268            they are used */
4269         memset(hba[i]->cmd_pool_bits, 0,
4270                DIV_ROUND_UP(hba[i]->nr_cmds, BITS_PER_LONG)
4271                         * sizeof(unsigned long));
4272
4273         hba[i]->num_luns = 0;
4274         hba[i]->highest_lun = -1;
4275         for (j = 0; j < CISS_MAX_LUN; j++) {
4276                 hba[i]->drv[j].raid_level = -1;
4277                 hba[i]->drv[j].queue = NULL;
4278                 hba[i]->gendisk[j] = NULL;
4279         }
4280
4281         cciss_scsi_setup(i);
4282
4283         /* Turn the interrupts on so we can service requests */
4284         hba[i]->access.set_intr_mask(hba[i], CCISS_INTR_ON);
4285
4286         /* Get the firmware version */
4287         inq_buff = kzalloc(sizeof(InquiryData_struct), GFP_KERNEL);
4288         if (inq_buff == NULL) {
4289                 printk(KERN_ERR "cciss: out of memory\n");
4290                 goto clean4;
4291         }
4292
4293         return_code = sendcmd_withirq(CISS_INQUIRY, i, inq_buff,
4294                 sizeof(InquiryData_struct), 0, CTLR_LUNID, TYPE_CMD);
4295         if (return_code == IO_OK) {
4296                 hba[i]->firm_ver[0] = inq_buff->data_byte[32];
4297                 hba[i]->firm_ver[1] = inq_buff->data_byte[33];
4298                 hba[i]->firm_ver[2] = inq_buff->data_byte[34];
4299                 hba[i]->firm_ver[3] = inq_buff->data_byte[35];
4300         } else {         /* send command failed */
4301                 printk(KERN_WARNING "cciss: unable to determine firmware"
4302                         " version of controller\n");
4303         }
4304         kfree(inq_buff);
4305
4306         cciss_procinit(i);
4307
4308         hba[i]->cciss_max_sectors = 2048;
4309
4310         rebuild_lun_table(hba[i], 1, 0);
4311         hba[i]->busy_initializing = 0;
4312         return 1;
4313
4314 clean4:
4315         kfree(hba[i]->cmd_pool_bits);
4316         if (hba[i]->cmd_pool)
4317                 pci_free_consistent(hba[i]->pdev,
4318                                     hba[i]->nr_cmds * sizeof(CommandList_struct),
4319                                     hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
4320         if (hba[i]->errinfo_pool)
4321                 pci_free_consistent(hba[i]->pdev,
4322                                     hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
4323                                     hba[i]->errinfo_pool,
4324                                     hba[i]->errinfo_pool_dhandle);
4325         free_irq(hba[i]->intr[SIMPLE_MODE_INT], hba[i]);
4326 clean2:
4327         unregister_blkdev(hba[i]->major, hba[i]->devname);
4328 clean1:
4329         cciss_destroy_hba_sysfs_entry(hba[i]);
4330 clean0:
4331         hba[i]->busy_initializing = 0;
4332         /* cleanup any queues that may have been initialized */
4333         for (j=0; j <= hba[i]->highest_lun; j++){
4334                 drive_info_struct *drv = &(hba[i]->drv[j]);
4335                 if (drv->queue)
4336                         blk_cleanup_queue(drv->queue);
4337         }
4338         /*
4339          * Deliberately omit pci_disable_device(): it does something nasty to
4340          * Smart Array controllers that pci_enable_device does not undo
4341          */
4342         pci_release_regions(pdev);
4343         pci_set_drvdata(pdev, NULL);
4344         free_hba(i);
4345         return -1;
4346 }
4347
4348 static void cciss_shutdown(struct pci_dev *pdev)
4349 {
4350         ctlr_info_t *tmp_ptr;
4351         int i;
4352         char flush_buf[4];
4353         int return_code;
4354
4355         tmp_ptr = pci_get_drvdata(pdev);
4356         if (tmp_ptr == NULL)
4357                 return;
4358         i = tmp_ptr->ctlr;
4359         if (hba[i] == NULL)
4360                 return;
4361
4362         /* Turn board interrupts off  and send the flush cache command */
4363         /* sendcmd will turn off interrupt, and send the flush...
4364          * To write all data in the battery backed cache to disks */
4365         memset(flush_buf, 0, 4);
4366         return_code = sendcmd(CCISS_CACHE_FLUSH, i, flush_buf, 4, 0,
4367                 CTLR_LUNID, TYPE_CMD);
4368         if (return_code == IO_OK) {
4369                 printk(KERN_INFO "Completed flushing cache on controller %d\n", i);
4370         } else {
4371                 printk(KERN_WARNING "Error flushing cache on controller %d\n", i);
4372         }
4373         free_irq(hba[i]->intr[2], hba[i]);
4374 }
4375
4376 static void __devexit cciss_remove_one(struct pci_dev *pdev)
4377 {
4378         ctlr_info_t *tmp_ptr;
4379         int i, j;
4380
4381         if (pci_get_drvdata(pdev) == NULL) {
4382                 printk(KERN_ERR "cciss: Unable to remove device \n");
4383                 return;
4384         }
4385
4386         tmp_ptr = pci_get_drvdata(pdev);
4387         i = tmp_ptr->ctlr;
4388         if (hba[i] == NULL) {
4389                 printk(KERN_ERR "cciss: device appears to "
4390                        "already be removed \n");
4391                 return;
4392         }
4393
4394         mutex_lock(&hba[i]->busy_shutting_down);
4395
4396         remove_from_scan_list(hba[i]);
4397         remove_proc_entry(hba[i]->devname, proc_cciss);
4398         unregister_blkdev(hba[i]->major, hba[i]->devname);
4399
4400         /* remove it from the disk list */
4401         for (j = 0; j < CISS_MAX_LUN; j++) {
4402                 struct gendisk *disk = hba[i]->gendisk[j];
4403                 if (disk) {
4404                         struct request_queue *q = disk->queue;
4405
4406                         if (disk->flags & GENHD_FL_UP) {
4407                                 cciss_destroy_ld_sysfs_entry(hba[i], j, 1);
4408                                 del_gendisk(disk);
4409                         }
4410                         if (q)
4411                                 blk_cleanup_queue(q);
4412                 }
4413         }
4414
4415 #ifdef CONFIG_CISS_SCSI_TAPE
4416         cciss_unregister_scsi(i);       /* unhook from SCSI subsystem */
4417 #endif
4418
4419         cciss_shutdown(pdev);
4420
4421 #ifdef CONFIG_PCI_MSI
4422         if (hba[i]->msix_vector)
4423                 pci_disable_msix(hba[i]->pdev);
4424         else if (hba[i]->msi_vector)
4425                 pci_disable_msi(hba[i]->pdev);
4426 #endif                          /* CONFIG_PCI_MSI */
4427
4428         iounmap(hba[i]->vaddr);
4429
4430         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(CommandList_struct),
4431                             hba[i]->cmd_pool, hba[i]->cmd_pool_dhandle);
4432         pci_free_consistent(hba[i]->pdev, hba[i]->nr_cmds * sizeof(ErrorInfo_struct),
4433                             hba[i]->errinfo_pool, hba[i]->errinfo_pool_dhandle);
4434         kfree(hba[i]->cmd_pool_bits);
4435         /*
4436          * Deliberately omit pci_disable_device(): it does something nasty to
4437          * Smart Array controllers that pci_enable_device does not undo
4438          */
4439         pci_release_regions(pdev);
4440         pci_set_drvdata(pdev, NULL);
4441         cciss_destroy_hba_sysfs_entry(hba[i]);
4442         mutex_unlock(&hba[i]->busy_shutting_down);
4443         free_hba(i);
4444 }
4445
4446 static struct pci_driver cciss_pci_driver = {
4447         .name = "cciss",
4448         .probe = cciss_init_one,
4449         .remove = __devexit_p(cciss_remove_one),
4450         .id_table = cciss_pci_device_id,        /* id_table */
4451         .shutdown = cciss_shutdown,
4452 };
4453
4454 /*
4455  *  This is it.  Register the PCI driver information for the cards we control
4456  *  the OS will call our registered routines when it finds one of our cards.
4457  */
4458 static int __init cciss_init(void)
4459 {
4460         int err;
4461
4462         /*
4463          * The hardware requires that commands are aligned on a 64-bit
4464          * boundary. Given that we use pci_alloc_consistent() to allocate an
4465          * array of them, the size must be a multiple of 8 bytes.
4466          */
4467         BUILD_BUG_ON(sizeof(CommandList_struct) % 8);
4468
4469         printk(KERN_INFO DRIVER_NAME "\n");
4470
4471         err = bus_register(&cciss_bus_type);
4472         if (err)
4473                 return err;
4474
4475         /* Start the scan thread */
4476         cciss_scan_thread = kthread_run(scan_thread, NULL, "cciss_scan");
4477         if (IS_ERR(cciss_scan_thread)) {
4478                 err = PTR_ERR(cciss_scan_thread);
4479                 goto err_bus_unregister;
4480         }
4481
4482         /* Register for our PCI devices */
4483         err = pci_register_driver(&cciss_pci_driver);
4484         if (err)
4485                 goto err_thread_stop;
4486
4487         return err;
4488
4489 err_thread_stop:
4490         kthread_stop(cciss_scan_thread);
4491 err_bus_unregister:
4492         bus_unregister(&cciss_bus_type);
4493
4494         return err;
4495 }
4496
4497 static void __exit cciss_cleanup(void)
4498 {
4499         int i;
4500
4501         pci_unregister_driver(&cciss_pci_driver);
4502         /* double check that all controller entrys have been removed */
4503         for (i = 0; i < MAX_CTLR; i++) {
4504                 if (hba[i] != NULL) {
4505                         printk(KERN_WARNING "cciss: had to remove"
4506                                " controller %d\n", i);
4507                         cciss_remove_one(hba[i]->pdev);
4508                 }
4509         }
4510         kthread_stop(cciss_scan_thread);
4511         remove_proc_entry("driver/cciss", NULL);
4512         bus_unregister(&cciss_bus_type);
4513 }
4514
4515 static void fail_all_cmds(unsigned long ctlr)
4516 {
4517         /* If we get here, the board is apparently dead. */
4518         ctlr_info_t *h = hba[ctlr];
4519         CommandList_struct *c;
4520         unsigned long flags;
4521
4522         printk(KERN_WARNING "cciss%d: controller not responding.\n", h->ctlr);
4523         h->alive = 0;           /* the controller apparently died... */
4524
4525         spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
4526
4527         pci_disable_device(h->pdev);    /* Make sure it is really dead. */
4528
4529         /* move everything off the request queue onto the completed queue */
4530         while (!hlist_empty(&h->reqQ)) {
4531                 c = hlist_entry(h->reqQ.first, CommandList_struct, list);
4532                 removeQ(c);
4533                 h->Qdepth--;
4534                 addQ(&h->cmpQ, c);
4535         }
4536
4537         /* Now, fail everything on the completed queue with a HW error */
4538         while (!hlist_empty(&h->cmpQ)) {
4539                 c = hlist_entry(h->cmpQ.first, CommandList_struct, list);
4540                 removeQ(c);
4541                 if (c->cmd_type != CMD_MSG_STALE)
4542                         c->err_info->CommandStatus = CMD_HARDWARE_ERR;
4543                 if (c->cmd_type == CMD_RWREQ) {
4544                         complete_command(h, c, 0);
4545                 } else if (c->cmd_type == CMD_IOCTL_PEND)
4546                         complete(c->waiting);
4547 #ifdef CONFIG_CISS_SCSI_TAPE
4548                 else if (c->cmd_type == CMD_SCSI)
4549                         complete_scsi_command(c, 0, 0);
4550 #endif
4551         }
4552         spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
4553         return;
4554 }
4555
4556 module_init(cciss_init);
4557 module_exit(cciss_cleanup);