xref: /linux/drivers/message/fusion/mptctl.c (revision b85d45947951d23cb22d90caecf4c1eb81342c96)
1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI PCI chip/adapters
5  *      running LSI Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2008 LSI Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16 
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21 
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32 
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41 
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47 
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>	/* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/mutex.h>
58 #include <linux/compat.h>
59 
60 #include <asm/io.h>
61 #include <asm/uaccess.h>
62 
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68 
69 #define COPYRIGHT	"Copyright (c) 1999-2008 LSI Corporation"
70 #define MODULEAUTHOR	"LSI Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73 
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME		"Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION	MPT_LINUX_VERSION_COMMON
77 #define MYNAM		"mptctl"
78 
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83 
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85 
86 static DEFINE_MUTEX(mpctl_mutex);
87 static u8 mptctl_id = MPT_MAX_PROTOCOL_DRIVERS;
88 static u8 mptctl_taskmgmt_id = MPT_MAX_PROTOCOL_DRIVERS;
89 
90 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
91 
92 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
93 
94 struct buflist {
95 	u8	*kptr;
96 	int	 len;
97 };
98 
99 /*
100  * Function prototypes. Called from OS entry point mptctl_ioctl.
101  * arg contents specific to function.
102  */
103 static int mptctl_fw_download(unsigned long arg);
104 static int mptctl_getiocinfo(unsigned long arg, unsigned int cmd);
105 static int mptctl_gettargetinfo(unsigned long arg);
106 static int mptctl_readtest(unsigned long arg);
107 static int mptctl_mpt_command(unsigned long arg);
108 static int mptctl_eventquery(unsigned long arg);
109 static int mptctl_eventenable(unsigned long arg);
110 static int mptctl_eventreport(unsigned long arg);
111 static int mptctl_replace_fw(unsigned long arg);
112 
113 static int mptctl_do_reset(unsigned long arg);
114 static int mptctl_hp_hostinfo(unsigned long arg, unsigned int cmd);
115 static int mptctl_hp_targetinfo(unsigned long arg);
116 
117 static int  mptctl_probe(struct pci_dev *, const struct pci_device_id *);
118 static void mptctl_remove(struct pci_dev *);
119 
120 #ifdef CONFIG_COMPAT
121 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
122 #endif
123 /*
124  * Private function calls.
125  */
126 static int mptctl_do_mpt_command(struct mpt_ioctl_command karg, void __user *mfPtr);
127 static int mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen);
128 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
129 		struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
130 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
131 		struct buflist *buflist, MPT_ADAPTER *ioc);
132 
133 /*
134  * Reset Handler cleanup function
135  */
136 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
137 
138 /*
139  * Event Handler function
140  */
141 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
142 static struct fasync_struct *async_queue=NULL;
143 
144 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
145 /*
146  * Scatter gather list (SGL) sizes and limits...
147  */
148 //#define MAX_SCSI_FRAGS	9
149 #define MAX_FRAGS_SPILL1	9
150 #define MAX_FRAGS_SPILL2	15
151 #define FRAGS_PER_BUCKET	(MAX_FRAGS_SPILL2 + 1)
152 
153 //#define MAX_CHAIN_FRAGS	64
154 //#define MAX_CHAIN_FRAGS	(15+15+15+16)
155 #define MAX_CHAIN_FRAGS		(4 * MAX_FRAGS_SPILL2 + 1)
156 
157 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
158 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
159 //                  ^----------------- 80 + 512
160 #define MAX_SGL_BYTES		((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
161 
162 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
163 #define MAX_KMALLOC_SZ		(128*1024)
164 
165 #define MPT_IOCTL_DEFAULT_TIMEOUT 10	/* Default timeout value (seconds) */
166 
167 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
168 /**
169  *	mptctl_syscall_down - Down the MPT adapter syscall semaphore.
170  *	@ioc: Pointer to MPT adapter
171  *	@nonblock: boolean, non-zero if O_NONBLOCK is set
172  *
173  *	All of the ioctl commands can potentially sleep, which is illegal
174  *	with a spinlock held, thus we perform mutual exclusion here.
175  *
176  *	Returns negative errno on error, or zero for success.
177  */
178 static inline int
179 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
180 {
181 	int rc = 0;
182 
183 	if (nonblock) {
184 		if (!mutex_trylock(&ioc->ioctl_cmds.mutex))
185 			rc = -EAGAIN;
186 	} else {
187 		if (mutex_lock_interruptible(&ioc->ioctl_cmds.mutex))
188 			rc = -ERESTARTSYS;
189 	}
190 	return rc;
191 }
192 
193 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
194 /*
195  *  This is the callback for any message we have posted. The message itself
196  *  will be returned to the message pool when we return from the IRQ
197  *
198  *  This runs in irq context so be short and sweet.
199  */
200 static int
201 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
202 {
203 	char	*sense_data;
204 	int	req_index;
205 	int	sz;
206 
207 	if (!req)
208 		return 0;
209 
210 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "completing mpi function "
211 	    "(0x%02X), req=%p, reply=%p\n", ioc->name,  req->u.hdr.Function,
212 	    req, reply));
213 
214 	/*
215 	 * Handling continuation of the same reply. Processing the first
216 	 * reply, and eating the other replys that come later.
217 	 */
218 	if (ioc->ioctl_cmds.msg_context != req->u.hdr.MsgContext)
219 		goto out_continuation;
220 
221 	ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
222 
223 	if (!reply)
224 		goto out;
225 
226 	ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
227 	sz = min(ioc->reply_sz, 4*reply->u.reply.MsgLength);
228 	memcpy(ioc->ioctl_cmds.reply, reply, sz);
229 
230 	if (reply->u.reply.IOCStatus || reply->u.reply.IOCLogInfo)
231 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
232 		    "iocstatus (0x%04X), loginfo (0x%08X)\n", ioc->name,
233 		    le16_to_cpu(reply->u.reply.IOCStatus),
234 		    le32_to_cpu(reply->u.reply.IOCLogInfo)));
235 
236 	if ((req->u.hdr.Function == MPI_FUNCTION_SCSI_IO_REQUEST) ||
237 		(req->u.hdr.Function ==
238 		 MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
239 
240 		if (reply->u.sreply.SCSIStatus || reply->u.sreply.SCSIState)
241 			dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
242 			"scsi_status (0x%02x), scsi_state (0x%02x), "
243 			"tag = (0x%04x), transfer_count (0x%08x)\n", ioc->name,
244 			reply->u.sreply.SCSIStatus,
245 			reply->u.sreply.SCSIState,
246 			le16_to_cpu(reply->u.sreply.TaskTag),
247 			le32_to_cpu(reply->u.sreply.TransferCount)));
248 
249 		if (reply->u.sreply.SCSIState &
250 			MPI_SCSI_STATE_AUTOSENSE_VALID) {
251 			sz = req->u.scsireq.SenseBufferLength;
252 			req_index =
253 			    le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
254 			sense_data = ((u8 *)ioc->sense_buf_pool +
255 			     (req_index * MPT_SENSE_BUFFER_ALLOC));
256 			memcpy(ioc->ioctl_cmds.sense, sense_data, sz);
257 			ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_SENSE_VALID;
258 		}
259 	}
260 
261  out:
262 	/* We are done, issue wake up
263 	 */
264 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_PENDING) {
265 		if (req->u.hdr.Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
266 			mpt_clear_taskmgmt_in_progress_flag(ioc);
267 			ioc->ioctl_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
268 			complete(&ioc->ioctl_cmds.done);
269 			if (ioc->bus_type == SAS)
270 				ioc->schedule_target_reset(ioc);
271 		} else {
272 			ioc->ioctl_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
273 			complete(&ioc->ioctl_cmds.done);
274 		}
275 	}
276 
277  out_continuation:
278 	if (reply && (reply->u.reply.MsgFlags &
279 	    MPI_MSGFLAGS_CONTINUATION_REPLY))
280 		return 0;
281 	return 1;
282 }
283 
284 
285 static int
286 mptctl_taskmgmt_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *mf, MPT_FRAME_HDR *mr)
287 {
288 	if (!mf)
289 		return 0;
290 
291 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
292 		"TaskMgmt completed (mf=%p, mr=%p)\n",
293 		ioc->name, mf, mr));
294 
295 	ioc->taskmgmt_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
296 
297 	if (!mr)
298 		goto out;
299 
300 	ioc->taskmgmt_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
301 	memcpy(ioc->taskmgmt_cmds.reply, mr,
302 	    min(MPT_DEFAULT_FRAME_SIZE, 4 * mr->u.reply.MsgLength));
303  out:
304 	if (ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_PENDING) {
305 		mpt_clear_taskmgmt_in_progress_flag(ioc);
306 		ioc->taskmgmt_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
307 		complete(&ioc->taskmgmt_cmds.done);
308 		if (ioc->bus_type == SAS)
309 			ioc->schedule_target_reset(ioc);
310 		return 1;
311 	}
312 	return 0;
313 }
314 
315 static int
316 mptctl_do_taskmgmt(MPT_ADAPTER *ioc, u8 tm_type, u8 bus_id, u8 target_id)
317 {
318 	MPT_FRAME_HDR	*mf;
319 	SCSITaskMgmt_t	*pScsiTm;
320 	SCSITaskMgmtReply_t *pScsiTmReply;
321 	int		 ii;
322 	int		 retval;
323 	unsigned long	 timeout;
324 	unsigned long	 time_count;
325 	u16		 iocstatus;
326 
327 
328 	mutex_lock(&ioc->taskmgmt_cmds.mutex);
329 	if (mpt_set_taskmgmt_in_progress_flag(ioc) != 0) {
330 		mutex_unlock(&ioc->taskmgmt_cmds.mutex);
331 		return -EPERM;
332 	}
333 
334 	retval = 0;
335 
336 	mf = mpt_get_msg_frame(mptctl_taskmgmt_id, ioc);
337 	if (mf == NULL) {
338 		dtmprintk(ioc,
339 			printk(MYIOC_s_WARN_FMT "TaskMgmt, no msg frames!!\n",
340 			ioc->name));
341 		mpt_clear_taskmgmt_in_progress_flag(ioc);
342 		retval = -ENOMEM;
343 		goto tm_done;
344 	}
345 
346 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT "TaskMgmt request (mf=%p)\n",
347 		ioc->name, mf));
348 
349 	pScsiTm = (SCSITaskMgmt_t *) mf;
350 	memset(pScsiTm, 0, sizeof(SCSITaskMgmt_t));
351 	pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
352 	pScsiTm->TaskType = tm_type;
353 	if ((tm_type == MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS) &&
354 		(ioc->bus_type == FC))
355 		pScsiTm->MsgFlags =
356 				MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
357 	pScsiTm->TargetID = target_id;
358 	pScsiTm->Bus = bus_id;
359 	pScsiTm->ChainOffset = 0;
360 	pScsiTm->Reserved = 0;
361 	pScsiTm->Reserved1 = 0;
362 	pScsiTm->TaskMsgContext = 0;
363 	for (ii= 0; ii < 8; ii++)
364 		pScsiTm->LUN[ii] = 0;
365 	for (ii=0; ii < 7; ii++)
366 		pScsiTm->Reserved2[ii] = 0;
367 
368 	switch (ioc->bus_type) {
369 	case FC:
370 		timeout = 40;
371 		break;
372 	case SAS:
373 		timeout = 30;
374 		break;
375 	case SPI:
376 		default:
377 		timeout = 10;
378 		break;
379 	}
380 
381 	dtmprintk(ioc,
382 		printk(MYIOC_s_DEBUG_FMT "TaskMgmt type=%d timeout=%ld\n",
383 		ioc->name, tm_type, timeout));
384 
385 	INITIALIZE_MGMT_STATUS(ioc->taskmgmt_cmds.status)
386 	time_count = jiffies;
387 	if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
388 	    (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
389 		mpt_put_msg_frame_hi_pri(mptctl_taskmgmt_id, ioc, mf);
390 	else {
391 		retval = mpt_send_handshake_request(mptctl_taskmgmt_id, ioc,
392 		    sizeof(SCSITaskMgmt_t), (u32 *)pScsiTm, CAN_SLEEP);
393 		if (retval != 0) {
394 			dfailprintk(ioc,
395 				printk(MYIOC_s_ERR_FMT
396 				"TaskMgmt send_handshake FAILED!"
397 				" (ioc %p, mf %p, rc=%d) \n", ioc->name,
398 				ioc, mf, retval));
399 			mpt_free_msg_frame(ioc, mf);
400 			mpt_clear_taskmgmt_in_progress_flag(ioc);
401 			goto tm_done;
402 		}
403 	}
404 
405 	/* Now wait for the command to complete */
406 	ii = wait_for_completion_timeout(&ioc->taskmgmt_cmds.done, timeout*HZ);
407 
408 	if (!(ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
409 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
410 		    "TaskMgmt failed\n", ioc->name));
411 		mpt_free_msg_frame(ioc, mf);
412 		mpt_clear_taskmgmt_in_progress_flag(ioc);
413 		if (ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET)
414 			retval = 0;
415 		else
416 			retval = -1; /* return failure */
417 		goto tm_done;
418 	}
419 
420 	if (!(ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_RF_VALID)) {
421 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
422 		    "TaskMgmt failed\n", ioc->name));
423 		retval = -1; /* return failure */
424 		goto tm_done;
425 	}
426 
427 	pScsiTmReply = (SCSITaskMgmtReply_t *) ioc->taskmgmt_cmds.reply;
428 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
429 	    "TaskMgmt fw_channel = %d, fw_id = %d, task_type=0x%02X, "
430 	    "iocstatus=0x%04X\n\tloginfo=0x%08X, response_code=0x%02X, "
431 	    "term_cmnds=%d\n", ioc->name, pScsiTmReply->Bus,
432 	    pScsiTmReply->TargetID, tm_type,
433 	    le16_to_cpu(pScsiTmReply->IOCStatus),
434 	    le32_to_cpu(pScsiTmReply->IOCLogInfo),
435 	    pScsiTmReply->ResponseCode,
436 	    le32_to_cpu(pScsiTmReply->TerminationCount)));
437 
438 	iocstatus = le16_to_cpu(pScsiTmReply->IOCStatus) & MPI_IOCSTATUS_MASK;
439 
440 	if (iocstatus == MPI_IOCSTATUS_SCSI_TASK_TERMINATED ||
441 	   iocstatus == MPI_IOCSTATUS_SCSI_IOC_TERMINATED ||
442 	   iocstatus == MPI_IOCSTATUS_SUCCESS)
443 		retval = 0;
444 	else {
445 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
446 		    "TaskMgmt failed\n", ioc->name));
447 		retval = -1; /* return failure */
448 	}
449 
450  tm_done:
451 	mutex_unlock(&ioc->taskmgmt_cmds.mutex);
452 	CLEAR_MGMT_STATUS(ioc->taskmgmt_cmds.status)
453 	return retval;
454 }
455 
456 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
457 /* mptctl_timeout_expired
458  *
459  * Expecting an interrupt, however timed out.
460  *
461  */
462 static void
463 mptctl_timeout_expired(MPT_ADAPTER *ioc, MPT_FRAME_HDR *mf)
464 {
465 	unsigned long flags;
466 	int ret_val = -1;
467 	SCSIIORequest_t *scsi_req = (SCSIIORequest_t *) mf;
468 	u8 function = mf->u.hdr.Function;
469 
470 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": %s\n",
471 		ioc->name, __func__));
472 
473 	if (mpt_fwfault_debug)
474 		mpt_halt_firmware(ioc);
475 
476 	spin_lock_irqsave(&ioc->taskmgmt_lock, flags);
477 	if (ioc->ioc_reset_in_progress) {
478 		spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
479 		CLEAR_MGMT_PENDING_STATUS(ioc->ioctl_cmds.status)
480 		mpt_free_msg_frame(ioc, mf);
481 		return;
482 	}
483 	spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
484 
485 
486 	CLEAR_MGMT_PENDING_STATUS(ioc->ioctl_cmds.status)
487 
488 	if (ioc->bus_type == SAS) {
489 		if (function == MPI_FUNCTION_SCSI_IO_REQUEST)
490 			ret_val = mptctl_do_taskmgmt(ioc,
491 				MPI_SCSITASKMGMT_TASKTYPE_TARGET_RESET,
492 				scsi_req->Bus, scsi_req->TargetID);
493 		else if (function == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)
494 			ret_val = mptctl_do_taskmgmt(ioc,
495 				MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS,
496 				scsi_req->Bus, 0);
497 		if (!ret_val)
498 			return;
499 	} else {
500 		if ((function == MPI_FUNCTION_SCSI_IO_REQUEST) ||
501 			(function == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH))
502 			ret_val = mptctl_do_taskmgmt(ioc,
503 				MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS,
504 				scsi_req->Bus, 0);
505 		if (!ret_val)
506 			return;
507 	}
508 
509 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Calling Reset! \n",
510 		 ioc->name));
511 	mpt_Soft_Hard_ResetHandler(ioc, CAN_SLEEP);
512 	mpt_free_msg_frame(ioc, mf);
513 }
514 
515 
516 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
517 /* mptctl_ioc_reset
518  *
519  * Clean-up functionality. Used only if there has been a
520  * reload of the FW due.
521  *
522  */
523 static int
524 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
525 {
526 	switch(reset_phase) {
527 	case MPT_IOC_SETUP_RESET:
528 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
529 		    "%s: MPT_IOC_SETUP_RESET\n", ioc->name, __func__));
530 		break;
531 	case MPT_IOC_PRE_RESET:
532 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
533 		    "%s: MPT_IOC_PRE_RESET\n", ioc->name, __func__));
534 		break;
535 	case MPT_IOC_POST_RESET:
536 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
537 		    "%s: MPT_IOC_POST_RESET\n", ioc->name, __func__));
538 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_PENDING) {
539 			ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_DID_IOCRESET;
540 			complete(&ioc->ioctl_cmds.done);
541 		}
542 		break;
543 	default:
544 		break;
545 	}
546 
547 	return 1;
548 }
549 
550 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
551 /* ASYNC Event Notification Support */
552 static int
553 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
554 {
555 	u8 event;
556 
557 	event = le32_to_cpu(pEvReply->Event) & 0xFF;
558 
559 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "%s() called\n",
560 	    ioc->name, __func__));
561 	if(async_queue == NULL)
562 		return 1;
563 
564 	/* Raise SIGIO for persistent events.
565 	 * TODO - this define is not in MPI spec yet,
566 	 * but they plan to set it to 0x21
567 	 */
568 	 if (event == 0x21 ) {
569 		ioc->aen_event_read_flag=1;
570 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Raised SIGIO to application\n",
571 		    ioc->name));
572 		devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
573 		    "Raised SIGIO to application\n", ioc->name));
574 		kill_fasync(&async_queue, SIGIO, POLL_IN);
575 		return 1;
576 	 }
577 
578 	/* This flag is set after SIGIO was raised, and
579 	 * remains set until the application has read
580 	 * the event log via ioctl=MPTEVENTREPORT
581 	 */
582 	if(ioc->aen_event_read_flag)
583 		return 1;
584 
585 	/* Signal only for the events that are
586 	 * requested for by the application
587 	 */
588 	if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
589 		ioc->aen_event_read_flag=1;
590 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
591 		    "Raised SIGIO to application\n", ioc->name));
592 		devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
593 		    "Raised SIGIO to application\n", ioc->name));
594 		kill_fasync(&async_queue, SIGIO, POLL_IN);
595 	}
596 	return 1;
597 }
598 
599 static int
600 mptctl_fasync(int fd, struct file *filep, int mode)
601 {
602 	MPT_ADAPTER	*ioc;
603 	int ret;
604 
605 	mutex_lock(&mpctl_mutex);
606 	list_for_each_entry(ioc, &ioc_list, list)
607 		ioc->aen_event_read_flag=0;
608 
609 	ret = fasync_helper(fd, filep, mode, &async_queue);
610 	mutex_unlock(&mpctl_mutex);
611 	return ret;
612 }
613 
614 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
615 /*
616  *  MPT ioctl handler
617  *  cmd - specify the particular IOCTL command to be issued
618  *  arg - data specific to the command. Must not be null.
619  */
620 static long
621 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
622 {
623 	mpt_ioctl_header __user *uhdr = (void __user *) arg;
624 	mpt_ioctl_header	 khdr;
625 	int iocnum;
626 	unsigned iocnumX;
627 	int nonblock = (file->f_flags & O_NONBLOCK);
628 	int ret;
629 	MPT_ADAPTER *iocp = NULL;
630 
631 	if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
632 		printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d - "
633 				"Unable to copy mpt_ioctl_header data @ %p\n",
634 				__FILE__, __LINE__, uhdr);
635 		return -EFAULT;
636 	}
637 	ret = -ENXIO;				/* (-6) No such device or address */
638 
639 	/* Verify intended MPT adapter - set iocnum and the adapter
640 	 * pointer (iocp)
641 	 */
642 	iocnumX = khdr.iocnum & 0xFF;
643 	if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
644 	    (iocp == NULL))
645 		return -ENODEV;
646 
647 	if (!iocp->active) {
648 		printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - Controller disabled.\n",
649 				__FILE__, __LINE__);
650 		return -EFAULT;
651 	}
652 
653 	/* Handle those commands that are just returning
654 	 * information stored in the driver.
655 	 * These commands should never time out and are unaffected
656 	 * by TM and FW reloads.
657 	 */
658 	if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
659 		return mptctl_getiocinfo(arg, _IOC_SIZE(cmd));
660 	} else if (cmd == MPTTARGETINFO) {
661 		return mptctl_gettargetinfo(arg);
662 	} else if (cmd == MPTTEST) {
663 		return mptctl_readtest(arg);
664 	} else if (cmd == MPTEVENTQUERY) {
665 		return mptctl_eventquery(arg);
666 	} else if (cmd == MPTEVENTENABLE) {
667 		return mptctl_eventenable(arg);
668 	} else if (cmd == MPTEVENTREPORT) {
669 		return mptctl_eventreport(arg);
670 	} else if (cmd == MPTFWREPLACE) {
671 		return mptctl_replace_fw(arg);
672 	}
673 
674 	/* All of these commands require an interrupt or
675 	 * are unknown/illegal.
676 	 */
677 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
678 		return ret;
679 
680 	if (cmd == MPTFWDOWNLOAD)
681 		ret = mptctl_fw_download(arg);
682 	else if (cmd == MPTCOMMAND)
683 		ret = mptctl_mpt_command(arg);
684 	else if (cmd == MPTHARDRESET)
685 		ret = mptctl_do_reset(arg);
686 	else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
687 		ret = mptctl_hp_hostinfo(arg, _IOC_SIZE(cmd));
688 	else if (cmd == HP_GETTARGETINFO)
689 		ret = mptctl_hp_targetinfo(arg);
690 	else
691 		ret = -EINVAL;
692 
693 	mutex_unlock(&iocp->ioctl_cmds.mutex);
694 
695 	return ret;
696 }
697 
698 static long
699 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
700 {
701 	long ret;
702 	mutex_lock(&mpctl_mutex);
703 	ret = __mptctl_ioctl(file, cmd, arg);
704 	mutex_unlock(&mpctl_mutex);
705 	return ret;
706 }
707 
708 static int mptctl_do_reset(unsigned long arg)
709 {
710 	struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
711 	struct mpt_ioctl_diag_reset krinfo;
712 	MPT_ADAPTER		*iocp;
713 
714 	if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
715 		printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - "
716 				"Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
717 				__FILE__, __LINE__, urinfo);
718 		return -EFAULT;
719 	}
720 
721 	if (mpt_verify_adapter(krinfo.hdr.iocnum, &iocp) < 0) {
722 		printk(KERN_DEBUG MYNAM "%s@%d::mptctl_do_reset - ioc%d not found!\n",
723 				__FILE__, __LINE__, krinfo.hdr.iocnum);
724 		return -ENODEV; /* (-6) No such device or address */
725 	}
726 
727 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n",
728 	    iocp->name));
729 
730 	if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
731 		printk (MYIOC_s_ERR_FMT "%s@%d::mptctl_do_reset - reset failed.\n",
732 			iocp->name, __FILE__, __LINE__);
733 		return -1;
734 	}
735 
736 	return 0;
737 }
738 
739 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
740 /*
741  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
742  * This structure contains: iocnum, firmware length (bytes),
743  *      pointer to user space memory where the fw image is stored.
744  *
745  * Outputs:	None.
746  * Return:	0 if successful
747  *		-EFAULT if data unavailable
748  *		-ENXIO  if no such device
749  *		-EAGAIN if resource problem
750  *		-ENOMEM if no memory for SGE
751  *		-EMLINK if too many chain buffers required
752  *		-EBADRQC if adapter does not support FW download
753  *		-EBUSY if adapter is busy
754  *		-ENOMSG if FW upload returned bad status
755  */
756 static int
757 mptctl_fw_download(unsigned long arg)
758 {
759 	struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
760 	struct mpt_fw_xfer	 kfwdl;
761 
762 	if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
763 		printk(KERN_ERR MYNAM "%s@%d::_ioctl_fwdl - "
764 				"Unable to copy mpt_fw_xfer struct @ %p\n",
765 				__FILE__, __LINE__, ufwdl);
766 		return -EFAULT;
767 	}
768 
769 	return mptctl_do_fw_download(kfwdl.iocnum, kfwdl.bufp, kfwdl.fwlen);
770 }
771 
772 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
773 /*
774  * FW Download engine.
775  * Outputs:	None.
776  * Return:	0 if successful
777  *		-EFAULT if data unavailable
778  *		-ENXIO  if no such device
779  *		-EAGAIN if resource problem
780  *		-ENOMEM if no memory for SGE
781  *		-EMLINK if too many chain buffers required
782  *		-EBADRQC if adapter does not support FW download
783  *		-EBUSY if adapter is busy
784  *		-ENOMSG if FW upload returned bad status
785  */
786 static int
787 mptctl_do_fw_download(int ioc, char __user *ufwbuf, size_t fwlen)
788 {
789 	FWDownload_t		*dlmsg;
790 	MPT_FRAME_HDR		*mf;
791 	MPT_ADAPTER		*iocp;
792 	FWDownloadTCSGE_t	*ptsge;
793 	MptSge_t		*sgl, *sgIn;
794 	char			*sgOut;
795 	struct buflist		*buflist;
796 	struct buflist		*bl;
797 	dma_addr_t		 sgl_dma;
798 	int			 ret;
799 	int			 numfrags = 0;
800 	int			 maxfrags;
801 	int			 n = 0;
802 	u32			 sgdir;
803 	u32			 nib;
804 	int			 fw_bytes_copied = 0;
805 	int			 i;
806 	int			 sge_offset = 0;
807 	u16			 iocstat;
808 	pFWDownloadReply_t	 ReplyMsg = NULL;
809 	unsigned long		 timeleft;
810 
811 	if (mpt_verify_adapter(ioc, &iocp) < 0) {
812 		printk(KERN_DEBUG MYNAM "ioctl_fwdl - ioc%d not found!\n",
813 				 ioc);
814 		return -ENODEV; /* (-6) No such device or address */
815 	} else {
816 
817 		/*  Valid device. Get a message frame and construct the FW download message.
818 	 	*/
819 		if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
820 			return -EAGAIN;
821 	}
822 
823 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT
824 	    "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id));
825 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.bufp  = %p\n",
826 	    iocp->name, ufwbuf));
827 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n",
828 	    iocp->name, (int)fwlen));
829 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.ioc   = %04xh\n",
830 	    iocp->name, ioc));
831 
832 	dlmsg = (FWDownload_t*) mf;
833 	ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
834 	sgOut = (char *) (ptsge + 1);
835 
836 	/*
837 	 * Construct f/w download request
838 	 */
839 	dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
840 	dlmsg->Reserved = 0;
841 	dlmsg->ChainOffset = 0;
842 	dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
843 	dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
844 	if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
845 		dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
846 	else
847 		dlmsg->MsgFlags = 0;
848 
849 
850 	/* Set up the Transaction SGE.
851 	 */
852 	ptsge->Reserved = 0;
853 	ptsge->ContextSize = 0;
854 	ptsge->DetailsLength = 12;
855 	ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
856 	ptsge->Reserved_0100_Checksum = 0;
857 	ptsge->ImageOffset = 0;
858 	ptsge->ImageSize = cpu_to_le32(fwlen);
859 
860 	/* Add the SGL
861 	 */
862 
863 	/*
864 	 * Need to kmalloc area(s) for holding firmware image bytes.
865 	 * But we need to do it piece meal, using a proper
866 	 * scatter gather list (with 128kB MAX hunks).
867 	 *
868 	 * A practical limit here might be # of sg hunks that fit into
869 	 * a single IOC request frame; 12 or 8 (see below), so:
870 	 * For FC9xx: 12 x 128kB == 1.5 mB (max)
871 	 * For C1030:  8 x 128kB == 1   mB (max)
872 	 * We could support chaining, but things get ugly(ier:)
873 	 *
874 	 * Set the sge_offset to the start of the sgl (bytes).
875 	 */
876 	sgdir = 0x04000000;		/* IOC will READ from sys mem */
877 	sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
878 	if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
879 				    &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
880 		return -ENOMEM;
881 
882 	/*
883 	 * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
884 	 * for FC9xx f/w image, but calculate max number of sge hunks
885 	 * we can fit into a request frame, and limit ourselves to that.
886 	 * (currently no chain support)
887 	 * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
888 	 *	Request		maxfrags
889 	 *	128		12
890 	 *	96		8
891 	 *	64		4
892 	 */
893 	maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) -
894 			sizeof(FWDownloadTCSGE_t))
895 			/ iocp->SGE_size;
896 	if (numfrags > maxfrags) {
897 		ret = -EMLINK;
898 		goto fwdl_out;
899 	}
900 
901 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: sgl buffer = %p, sgfrags = %d\n",
902 	    iocp->name, sgl, numfrags));
903 
904 	/*
905 	 * Parse SG list, copying sgl itself,
906 	 * plus f/w image hunks from user space as we go...
907 	 */
908 	ret = -EFAULT;
909 	sgIn = sgl;
910 	bl = buflist;
911 	for (i=0; i < numfrags; i++) {
912 
913 		/* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
914 		 * Skip everything but Simple. If simple, copy from
915 		 *	user space into kernel space.
916 		 * Note: we should not have anything but Simple as
917 		 *	Chain SGE are illegal.
918 		 */
919 		nib = (sgIn->FlagsLength & 0x30000000) >> 28;
920 		if (nib == 0 || nib == 3) {
921 			;
922 		} else if (sgIn->Address) {
923 			iocp->add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
924 			n++;
925 			if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
926 				printk(MYIOC_s_ERR_FMT "%s@%d::_ioctl_fwdl - "
927 					"Unable to copy f/w buffer hunk#%d @ %p\n",
928 					iocp->name, __FILE__, __LINE__, n, ufwbuf);
929 				goto fwdl_out;
930 			}
931 			fw_bytes_copied += bl->len;
932 		}
933 		sgIn++;
934 		bl++;
935 		sgOut += iocp->SGE_size;
936 	}
937 
938 	DBG_DUMP_FW_DOWNLOAD(iocp, (u32 *)mf, numfrags);
939 
940 	/*
941 	 * Finally, perform firmware download.
942 	 */
943 	ReplyMsg = NULL;
944 	SET_MGMT_MSG_CONTEXT(iocp->ioctl_cmds.msg_context, dlmsg->MsgContext);
945 	INITIALIZE_MGMT_STATUS(iocp->ioctl_cmds.status)
946 	mpt_put_msg_frame(mptctl_id, iocp, mf);
947 
948 	/* Now wait for the command to complete */
949 retry_wait:
950 	timeleft = wait_for_completion_timeout(&iocp->ioctl_cmds.done, HZ*60);
951 	if (!(iocp->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
952 		ret = -ETIME;
953 		printk(MYIOC_s_WARN_FMT "%s: failed\n", iocp->name, __func__);
954 		if (iocp->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
955 			mpt_free_msg_frame(iocp, mf);
956 			goto fwdl_out;
957 		}
958 		if (!timeleft) {
959 			printk(MYIOC_s_WARN_FMT
960 			       "FW download timeout, doorbell=0x%08x\n",
961 			       iocp->name, mpt_GetIocState(iocp, 0));
962 			mptctl_timeout_expired(iocp, mf);
963 		} else
964 			goto retry_wait;
965 		goto fwdl_out;
966 	}
967 
968 	if (!(iocp->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID)) {
969 		printk(MYIOC_s_WARN_FMT "%s: failed\n", iocp->name, __func__);
970 		mpt_free_msg_frame(iocp, mf);
971 		ret = -ENODATA;
972 		goto fwdl_out;
973 	}
974 
975 	if (sgl)
976 		kfree_sgl(sgl, sgl_dma, buflist, iocp);
977 
978 	ReplyMsg = (pFWDownloadReply_t)iocp->ioctl_cmds.reply;
979 	iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
980 	if (iocstat == MPI_IOCSTATUS_SUCCESS) {
981 		printk(MYIOC_s_INFO_FMT "F/W update successful!\n", iocp->name);
982 		return 0;
983 	} else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
984 		printk(MYIOC_s_WARN_FMT "Hmmm...  F/W download not supported!?!\n",
985 			iocp->name);
986 		printk(MYIOC_s_WARN_FMT "(time to go bang on somebodies door)\n",
987 			iocp->name);
988 		return -EBADRQC;
989 	} else if (iocstat == MPI_IOCSTATUS_BUSY) {
990 		printk(MYIOC_s_WARN_FMT "IOC_BUSY!\n", iocp->name);
991 		printk(MYIOC_s_WARN_FMT "(try again later?)\n", iocp->name);
992 		return -EBUSY;
993 	} else {
994 		printk(MYIOC_s_WARN_FMT "ioctl_fwdl() returned [bad] status = %04xh\n",
995 			iocp->name, iocstat);
996 		printk(MYIOC_s_WARN_FMT "(bad VooDoo)\n", iocp->name);
997 		return -ENOMSG;
998 	}
999 	return 0;
1000 
1001 fwdl_out:
1002 
1003 	CLEAR_MGMT_STATUS(iocp->ioctl_cmds.status);
1004 	SET_MGMT_MSG_CONTEXT(iocp->ioctl_cmds.msg_context, 0);
1005         kfree_sgl(sgl, sgl_dma, buflist, iocp);
1006 	return ret;
1007 }
1008 
1009 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1010 /*
1011  * SGE Allocation routine
1012  *
1013  * Inputs:	bytes - number of bytes to be transferred
1014  *		sgdir - data direction
1015  *		sge_offset - offset (in bytes) from the start of the request
1016  *			frame to the first SGE
1017  *		ioc - pointer to the mptadapter
1018  * Outputs:	frags - number of scatter gather elements
1019  *		blp - point to the buflist pointer
1020  *		sglbuf_dma - pointer to the (dma) sgl
1021  * Returns:	Null if failes
1022  *		pointer to the (virtual) sgl if successful.
1023  */
1024 static MptSge_t *
1025 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
1026 		 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
1027 {
1028 	MptSge_t	*sglbuf = NULL;		/* pointer to array of SGE */
1029 						/* and chain buffers */
1030 	struct buflist	*buflist = NULL;	/* kernel routine */
1031 	MptSge_t	*sgl;
1032 	int		 numfrags = 0;
1033 	int		 fragcnt = 0;
1034 	int		 alloc_sz = min(bytes,MAX_KMALLOC_SZ);	// avoid kernel warning msg!
1035 	int		 bytes_allocd = 0;
1036 	int		 this_alloc;
1037 	dma_addr_t	 pa;					// phys addr
1038 	int		 i, buflist_ent;
1039 	int		 sg_spill = MAX_FRAGS_SPILL1;
1040 	int		 dir;
1041 	/* initialization */
1042 	*frags = 0;
1043 	*blp = NULL;
1044 
1045 	/* Allocate and initialize an array of kernel
1046 	 * structures for the SG elements.
1047 	 */
1048 	i = MAX_SGL_BYTES / 8;
1049 	buflist = kzalloc(i, GFP_USER);
1050 	if (!buflist)
1051 		return NULL;
1052 	buflist_ent = 0;
1053 
1054 	/* Allocate a single block of memory to store the sg elements and
1055 	 * the chain buffers.  The calling routine is responsible for
1056 	 * copying the data in this array into the correct place in the
1057 	 * request and chain buffers.
1058 	 */
1059 	sglbuf = pci_alloc_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf_dma);
1060 	if (sglbuf == NULL)
1061 		goto free_and_fail;
1062 
1063 	if (sgdir & 0x04000000)
1064 		dir = PCI_DMA_TODEVICE;
1065 	else
1066 		dir = PCI_DMA_FROMDEVICE;
1067 
1068 	/* At start:
1069 	 *	sgl = sglbuf = point to beginning of sg buffer
1070 	 *	buflist_ent = 0 = first kernel structure
1071 	 *	sg_spill = number of SGE that can be written before the first
1072 	 *		chain element.
1073 	 *
1074 	 */
1075 	sgl = sglbuf;
1076 	sg_spill = ((ioc->req_sz - sge_offset)/ioc->SGE_size) - 1;
1077 	while (bytes_allocd < bytes) {
1078 		this_alloc = min(alloc_sz, bytes-bytes_allocd);
1079 		buflist[buflist_ent].len = this_alloc;
1080 		buflist[buflist_ent].kptr = pci_alloc_consistent(ioc->pcidev,
1081 								 this_alloc,
1082 								 &pa);
1083 		if (buflist[buflist_ent].kptr == NULL) {
1084 			alloc_sz = alloc_sz / 2;
1085 			if (alloc_sz == 0) {
1086 				printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1087 				    "not enough memory!   :-(\n", ioc->name);
1088 				printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1089 					ioc->name, numfrags);
1090 				goto free_and_fail;
1091 			}
1092 			continue;
1093 		} else {
1094 			dma_addr_t dma_addr;
1095 
1096 			bytes_allocd += this_alloc;
1097 			sgl->FlagsLength = (0x10000000|sgdir|this_alloc);
1098 			dma_addr = pci_map_single(ioc->pcidev,
1099 				buflist[buflist_ent].kptr, this_alloc, dir);
1100 			sgl->Address = dma_addr;
1101 
1102 			fragcnt++;
1103 			numfrags++;
1104 			sgl++;
1105 			buflist_ent++;
1106 		}
1107 
1108 		if (bytes_allocd >= bytes)
1109 			break;
1110 
1111 		/* Need to chain? */
1112 		if (fragcnt == sg_spill) {
1113 			printk(MYIOC_s_WARN_FMT
1114 			    "-SG: No can do - " "Chain required!   :-(\n", ioc->name);
1115 			printk(MYIOC_s_WARN_FMT "(freeing %d frags)\n", ioc->name, numfrags);
1116 			goto free_and_fail;
1117 		}
1118 
1119 		/* overflow check... */
1120 		if (numfrags*8 > MAX_SGL_BYTES){
1121 			/* GRRRRR... */
1122 			printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1123 				"too many SG frags!   :-(\n", ioc->name);
1124 			printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1125 				ioc->name, numfrags);
1126 			goto free_and_fail;
1127 		}
1128 	}
1129 
1130 	/* Last sge fixup: set LE+eol+eob bits */
1131 	sgl[-1].FlagsLength |= 0xC1000000;
1132 
1133 	*frags = numfrags;
1134 	*blp = buflist;
1135 
1136 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1137 	   "%d SG frags generated!\n", ioc->name, numfrags));
1138 
1139 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1140 	   "last (big) alloc_sz=%d\n", ioc->name, alloc_sz));
1141 
1142 	return sglbuf;
1143 
1144 free_and_fail:
1145 	if (sglbuf != NULL) {
1146 		for (i = 0; i < numfrags; i++) {
1147 			dma_addr_t dma_addr;
1148 			u8 *kptr;
1149 			int len;
1150 
1151 			if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1152 				continue;
1153 
1154 			dma_addr = sglbuf[i].Address;
1155 			kptr = buflist[i].kptr;
1156 			len = buflist[i].len;
1157 
1158 			pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1159 		}
1160 		pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sglbuf, *sglbuf_dma);
1161 	}
1162 	kfree(buflist);
1163 	return NULL;
1164 }
1165 
1166 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1167 /*
1168  * Routine to free the SGL elements.
1169  */
1170 static void
1171 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1172 {
1173 	MptSge_t	*sg = sgl;
1174 	struct buflist	*bl = buflist;
1175 	u32		 nib;
1176 	int		 dir;
1177 	int		 n = 0;
1178 
1179 	if (sg->FlagsLength & 0x04000000)
1180 		dir = PCI_DMA_TODEVICE;
1181 	else
1182 		dir = PCI_DMA_FROMDEVICE;
1183 
1184 	nib = (sg->FlagsLength & 0xF0000000) >> 28;
1185 	while (! (nib & 0x4)) { /* eob */
1186 		/* skip ignore/chain. */
1187 		if (nib == 0 || nib == 3) {
1188 			;
1189 		} else if (sg->Address) {
1190 			dma_addr_t dma_addr;
1191 			void *kptr;
1192 			int len;
1193 
1194 			dma_addr = sg->Address;
1195 			kptr = bl->kptr;
1196 			len = bl->len;
1197 			pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1198 			pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1199 			n++;
1200 		}
1201 		sg++;
1202 		bl++;
1203 		nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1204 	}
1205 
1206 	/* we're at eob! */
1207 	if (sg->Address) {
1208 		dma_addr_t dma_addr;
1209 		void *kptr;
1210 		int len;
1211 
1212 		dma_addr = sg->Address;
1213 		kptr = bl->kptr;
1214 		len = bl->len;
1215 		pci_unmap_single(ioc->pcidev, dma_addr, len, dir);
1216 		pci_free_consistent(ioc->pcidev, len, kptr, dma_addr);
1217 		n++;
1218 	}
1219 
1220 	pci_free_consistent(ioc->pcidev, MAX_SGL_BYTES, sgl, sgl_dma);
1221 	kfree(buflist);
1222 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: Free'd 1 SGL buf + %d kbufs!\n",
1223 	    ioc->name, n));
1224 }
1225 
1226 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1227 /*
1228  *	mptctl_getiocinfo - Query the host adapter for IOC information.
1229  *	@arg: User space argument
1230  *
1231  * Outputs:	None.
1232  * Return:	0 if successful
1233  *		-EFAULT if data unavailable
1234  *		-ENODEV  if no such device/adapter
1235  */
1236 static int
1237 mptctl_getiocinfo (unsigned long arg, unsigned int data_size)
1238 {
1239 	struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1240 	struct mpt_ioctl_iocinfo *karg;
1241 	MPT_ADAPTER		*ioc;
1242 	struct pci_dev		*pdev;
1243 	int			iocnum;
1244 	unsigned int		port;
1245 	int			cim_rev;
1246 	struct scsi_device 	*sdev;
1247 	VirtDevice		*vdevice;
1248 
1249 	/* Add of PCI INFO results in unaligned access for
1250 	 * IA64 and Sparc. Reset long to int. Return no PCI
1251 	 * data for obsolete format.
1252 	 */
1253 	if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1254 		cim_rev = 0;
1255 	else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1256 		cim_rev = 1;
1257 	else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1258 		cim_rev = 2;
1259 	else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1260 		cim_rev = 0;	/* obsolete */
1261 	else
1262 		return -EFAULT;
1263 
1264 	karg = memdup_user(uarg, data_size);
1265 	if (IS_ERR(karg)) {
1266 		printk(KERN_ERR MYNAM "%s@%d::mpt_ioctl_iocinfo() - memdup_user returned error [%ld]\n",
1267 				__FILE__, __LINE__, PTR_ERR(karg));
1268 		return PTR_ERR(karg);
1269 	}
1270 
1271 	if (((iocnum = mpt_verify_adapter(karg->hdr.iocnum, &ioc)) < 0) ||
1272 	    (ioc == NULL)) {
1273 		printk(KERN_DEBUG MYNAM "%s::mptctl_getiocinfo() @%d - ioc%d not found!\n",
1274 				__FILE__, __LINE__, iocnum);
1275 		kfree(karg);
1276 		return -ENODEV;
1277 	}
1278 
1279 	/* Verify the data transfer size is correct. */
1280 	if (karg->hdr.maxDataSize != data_size) {
1281 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1282 			"Structure size mismatch. Command not completed.\n",
1283 			ioc->name, __FILE__, __LINE__);
1284 		kfree(karg);
1285 		return -EFAULT;
1286 	}
1287 
1288 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_getiocinfo called.\n",
1289 	    ioc->name));
1290 
1291 	/* Fill in the data and return the structure to the calling
1292 	 * program
1293 	 */
1294 	if (ioc->bus_type == SAS)
1295 		karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1296 	else if (ioc->bus_type == FC)
1297 		karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1298 	else
1299 		karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1300 
1301 	if (karg->hdr.port > 1) {
1302 		kfree(karg);
1303 		return -EINVAL;
1304 	}
1305 	port = karg->hdr.port;
1306 
1307 	karg->port = port;
1308 	pdev = (struct pci_dev *) ioc->pcidev;
1309 
1310 	karg->pciId = pdev->device;
1311 	karg->hwRev = pdev->revision;
1312 	karg->subSystemDevice = pdev->subsystem_device;
1313 	karg->subSystemVendor = pdev->subsystem_vendor;
1314 
1315 	if (cim_rev == 1) {
1316 		/* Get the PCI bus, device, and function numbers for the IOC
1317 		 */
1318 		karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1319 		karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1320 		karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1321 	} else if (cim_rev == 2) {
1322 		/* Get the PCI bus, device, function and segment ID numbers
1323 		   for the IOC */
1324 		karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1325 		karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1326 		karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1327 		karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1328 	}
1329 
1330 	/* Get number of devices
1331          */
1332 	karg->numDevices = 0;
1333 	if (ioc->sh) {
1334 		shost_for_each_device(sdev, ioc->sh) {
1335 			vdevice = sdev->hostdata;
1336 			if (vdevice == NULL || vdevice->vtarget == NULL)
1337 				continue;
1338 			if (vdevice->vtarget->tflags &
1339 			    MPT_TARGET_FLAGS_RAID_COMPONENT)
1340 				continue;
1341 			karg->numDevices++;
1342 		}
1343 	}
1344 
1345 	/* Set the BIOS and FW Version
1346 	 */
1347 	karg->FWVersion = ioc->facts.FWVersion.Word;
1348 	karg->BIOSVersion = ioc->biosVersion;
1349 
1350 	/* Set the Version Strings.
1351 	 */
1352 	strncpy (karg->driverVersion, MPT_LINUX_PACKAGE_NAME, MPT_IOCTL_VERSION_LENGTH);
1353 	karg->driverVersion[MPT_IOCTL_VERSION_LENGTH-1]='\0';
1354 
1355 	karg->busChangeEvent = 0;
1356 	karg->hostId = ioc->pfacts[port].PortSCSIID;
1357 	karg->rsvd[0] = karg->rsvd[1] = 0;
1358 
1359 	/* Copy the data from kernel memory to user memory
1360 	 */
1361 	if (copy_to_user((char __user *)arg, karg, data_size)) {
1362 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1363 			"Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1364 			ioc->name, __FILE__, __LINE__, uarg);
1365 		kfree(karg);
1366 		return -EFAULT;
1367 	}
1368 
1369 	kfree(karg);
1370 	return 0;
1371 }
1372 
1373 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1374 /*
1375  *	mptctl_gettargetinfo - Query the host adapter for target information.
1376  *	@arg: User space argument
1377  *
1378  * Outputs:	None.
1379  * Return:	0 if successful
1380  *		-EFAULT if data unavailable
1381  *		-ENODEV  if no such device/adapter
1382  */
1383 static int
1384 mptctl_gettargetinfo (unsigned long arg)
1385 {
1386 	struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1387 	struct mpt_ioctl_targetinfo karg;
1388 	MPT_ADAPTER		*ioc;
1389 	VirtDevice		*vdevice;
1390 	char			*pmem;
1391 	int			*pdata;
1392 	int			iocnum;
1393 	int			numDevices = 0;
1394 	int			lun;
1395 	int			maxWordsLeft;
1396 	int			numBytes;
1397 	u8			port;
1398 	struct scsi_device 	*sdev;
1399 
1400 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1401 		printk(KERN_ERR MYNAM "%s@%d::mptctl_gettargetinfo - "
1402 			"Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1403 				__FILE__, __LINE__, uarg);
1404 		return -EFAULT;
1405 	}
1406 
1407 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1408 	    (ioc == NULL)) {
1409 		printk(KERN_DEBUG MYNAM "%s::mptctl_gettargetinfo() @%d - ioc%d not found!\n",
1410 				__FILE__, __LINE__, iocnum);
1411 		return -ENODEV;
1412 	}
1413 
1414 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n",
1415 	    ioc->name));
1416 	/* Get the port number and set the maximum number of bytes
1417 	 * in the returned structure.
1418 	 * Ignore the port setting.
1419 	 */
1420 	numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1421 	maxWordsLeft = numBytes/sizeof(int);
1422 	port = karg.hdr.port;
1423 
1424 	if (maxWordsLeft <= 0) {
1425 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1426 			ioc->name, __FILE__, __LINE__);
1427 		return -ENOMEM;
1428 	}
1429 
1430 	/* Fill in the data and return the structure to the calling
1431 	 * program
1432 	 */
1433 
1434 	/* struct mpt_ioctl_targetinfo does not contain sufficient space
1435 	 * for the target structures so when the IOCTL is called, there is
1436 	 * not sufficient stack space for the structure. Allocate memory,
1437 	 * populate the memory, copy back to the user, then free memory.
1438 	 * targetInfo format:
1439 	 * bits 31-24: reserved
1440 	 *      23-16: LUN
1441 	 *      15- 8: Bus Number
1442 	 *       7- 0: Target ID
1443 	 */
1444 	pmem = kzalloc(numBytes, GFP_KERNEL);
1445 	if (!pmem) {
1446 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1447 			ioc->name, __FILE__, __LINE__);
1448 		return -ENOMEM;
1449 	}
1450 	pdata =  (int *) pmem;
1451 
1452 	/* Get number of devices
1453          */
1454 	if (ioc->sh){
1455 		shost_for_each_device(sdev, ioc->sh) {
1456 			if (!maxWordsLeft)
1457 				continue;
1458 			vdevice = sdev->hostdata;
1459 			if (vdevice == NULL || vdevice->vtarget == NULL)
1460 				continue;
1461 			if (vdevice->vtarget->tflags &
1462 			    MPT_TARGET_FLAGS_RAID_COMPONENT)
1463 				continue;
1464 			lun = (vdevice->vtarget->raidVolume) ? 0x80 : vdevice->lun;
1465 			*pdata = (((u8)lun << 16) + (vdevice->vtarget->channel << 8) +
1466 			    (vdevice->vtarget->id ));
1467 			pdata++;
1468 			numDevices++;
1469 			--maxWordsLeft;
1470 		}
1471 	}
1472 	karg.numDevices = numDevices;
1473 
1474 	/* Copy part of the data from kernel memory to user memory
1475 	 */
1476 	if (copy_to_user((char __user *)arg, &karg,
1477 				sizeof(struct mpt_ioctl_targetinfo))) {
1478 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1479 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1480 			ioc->name, __FILE__, __LINE__, uarg);
1481 		kfree(pmem);
1482 		return -EFAULT;
1483 	}
1484 
1485 	/* Copy the remaining data from kernel memory to user memory
1486 	 */
1487 	if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1488 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1489 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1490 			ioc->name, __FILE__, __LINE__, pdata);
1491 		kfree(pmem);
1492 		return -EFAULT;
1493 	}
1494 
1495 	kfree(pmem);
1496 
1497 	return 0;
1498 }
1499 
1500 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1501 /* MPT IOCTL Test function.
1502  *
1503  * Outputs:	None.
1504  * Return:	0 if successful
1505  *		-EFAULT if data unavailable
1506  *		-ENODEV  if no such device/adapter
1507  */
1508 static int
1509 mptctl_readtest (unsigned long arg)
1510 {
1511 	struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1512 	struct mpt_ioctl_test	 karg;
1513 	MPT_ADAPTER *ioc;
1514 	int iocnum;
1515 
1516 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1517 		printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - "
1518 			"Unable to read in mpt_ioctl_test struct @ %p\n",
1519 				__FILE__, __LINE__, uarg);
1520 		return -EFAULT;
1521 	}
1522 
1523 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1524 	    (ioc == NULL)) {
1525 		printk(KERN_DEBUG MYNAM "%s::mptctl_readtest() @%d - ioc%d not found!\n",
1526 				__FILE__, __LINE__, iocnum);
1527 		return -ENODEV;
1528 	}
1529 
1530 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n",
1531 	    ioc->name));
1532 	/* Fill in the data and return the structure to the calling
1533 	 * program
1534 	 */
1535 
1536 #ifdef MFCNT
1537 	karg.chip_type = ioc->mfcnt;
1538 #else
1539 	karg.chip_type = ioc->pcidev->device;
1540 #endif
1541 	strncpy (karg.name, ioc->name, MPT_MAX_NAME);
1542 	karg.name[MPT_MAX_NAME-1]='\0';
1543 	strncpy (karg.product, ioc->prod_name, MPT_PRODUCT_LENGTH);
1544 	karg.product[MPT_PRODUCT_LENGTH-1]='\0';
1545 
1546 	/* Copy the data from kernel memory to user memory
1547 	 */
1548 	if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1549 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_readtest - "
1550 			"Unable to write out mpt_ioctl_test struct @ %p\n",
1551 			ioc->name, __FILE__, __LINE__, uarg);
1552 		return -EFAULT;
1553 	}
1554 
1555 	return 0;
1556 }
1557 
1558 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1559 /*
1560  *	mptctl_eventquery - Query the host adapter for the event types
1561  *	that are being logged.
1562  *	@arg: User space argument
1563  *
1564  * Outputs:	None.
1565  * Return:	0 if successful
1566  *		-EFAULT if data unavailable
1567  *		-ENODEV  if no such device/adapter
1568  */
1569 static int
1570 mptctl_eventquery (unsigned long arg)
1571 {
1572 	struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1573 	struct mpt_ioctl_eventquery	 karg;
1574 	MPT_ADAPTER *ioc;
1575 	int iocnum;
1576 
1577 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1578 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - "
1579 			"Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1580 				__FILE__, __LINE__, uarg);
1581 		return -EFAULT;
1582 	}
1583 
1584 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1585 	    (ioc == NULL)) {
1586 		printk(KERN_DEBUG MYNAM "%s::mptctl_eventquery() @%d - ioc%d not found!\n",
1587 				__FILE__, __LINE__, iocnum);
1588 		return -ENODEV;
1589 	}
1590 
1591 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n",
1592 	    ioc->name));
1593 	karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1594 	karg.eventTypes = ioc->eventTypes;
1595 
1596 	/* Copy the data from kernel memory to user memory
1597 	 */
1598 	if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1599 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventquery - "
1600 			"Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1601 			ioc->name, __FILE__, __LINE__, uarg);
1602 		return -EFAULT;
1603 	}
1604 	return 0;
1605 }
1606 
1607 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1608 static int
1609 mptctl_eventenable (unsigned long arg)
1610 {
1611 	struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1612 	struct mpt_ioctl_eventenable	 karg;
1613 	MPT_ADAPTER *ioc;
1614 	int iocnum;
1615 
1616 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1617 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - "
1618 			"Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1619 				__FILE__, __LINE__, uarg);
1620 		return -EFAULT;
1621 	}
1622 
1623 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1624 	    (ioc == NULL)) {
1625 		printk(KERN_DEBUG MYNAM "%s::mptctl_eventenable() @%d - ioc%d not found!\n",
1626 				__FILE__, __LINE__, iocnum);
1627 		return -ENODEV;
1628 	}
1629 
1630 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n",
1631 	    ioc->name));
1632 	if (ioc->events == NULL) {
1633 		/* Have not yet allocated memory - do so now.
1634 		 */
1635 		int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1636 		ioc->events = kzalloc(sz, GFP_KERNEL);
1637 		if (!ioc->events) {
1638 			printk(MYIOC_s_ERR_FMT
1639 			    ": ERROR - Insufficient memory to add adapter!\n",
1640 			    ioc->name);
1641 			return -ENOMEM;
1642 		}
1643 		ioc->alloc_total += sz;
1644 
1645 		ioc->eventContext = 0;
1646         }
1647 
1648 	/* Update the IOC event logging flag.
1649 	 */
1650 	ioc->eventTypes = karg.eventTypes;
1651 
1652 	return 0;
1653 }
1654 
1655 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1656 static int
1657 mptctl_eventreport (unsigned long arg)
1658 {
1659 	struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1660 	struct mpt_ioctl_eventreport	 karg;
1661 	MPT_ADAPTER		 *ioc;
1662 	int			 iocnum;
1663 	int			 numBytes, maxEvents, max;
1664 
1665 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1666 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventreport - "
1667 			"Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1668 				__FILE__, __LINE__, uarg);
1669 		return -EFAULT;
1670 	}
1671 
1672 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1673 	    (ioc == NULL)) {
1674 		printk(KERN_DEBUG MYNAM "%s::mptctl_eventreport() @%d - ioc%d not found!\n",
1675 				__FILE__, __LINE__, iocnum);
1676 		return -ENODEV;
1677 	}
1678 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n",
1679 	    ioc->name));
1680 
1681 	numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1682 	maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1683 
1684 
1685 	max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1686 
1687 	/* If fewer than 1 event is requested, there must have
1688 	 * been some type of error.
1689 	 */
1690 	if ((max < 1) || !ioc->events)
1691 		return -ENODATA;
1692 
1693 	/* reset this flag so SIGIO can restart */
1694 	ioc->aen_event_read_flag=0;
1695 
1696 	/* Copy the data from kernel memory to user memory
1697 	 */
1698 	numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1699 	if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1700 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventreport - "
1701 			"Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1702 			ioc->name, __FILE__, __LINE__, ioc->events);
1703 		return -EFAULT;
1704 	}
1705 
1706 	return 0;
1707 }
1708 
1709 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1710 static int
1711 mptctl_replace_fw (unsigned long arg)
1712 {
1713 	struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1714 	struct mpt_ioctl_replace_fw	 karg;
1715 	MPT_ADAPTER		 *ioc;
1716 	int			 iocnum;
1717 	int			 newFwSize;
1718 
1719 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1720 		printk(KERN_ERR MYNAM "%s@%d::mptctl_replace_fw - "
1721 			"Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1722 				__FILE__, __LINE__, uarg);
1723 		return -EFAULT;
1724 	}
1725 
1726 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1727 	    (ioc == NULL)) {
1728 		printk(KERN_DEBUG MYNAM "%s::mptctl_replace_fw() @%d - ioc%d not found!\n",
1729 				__FILE__, __LINE__, iocnum);
1730 		return -ENODEV;
1731 	}
1732 
1733 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n",
1734 	    ioc->name));
1735 	/* If caching FW, Free the old FW image
1736 	 */
1737 	if (ioc->cached_fw == NULL)
1738 		return 0;
1739 
1740 	mpt_free_fw_memory(ioc);
1741 
1742 	/* Allocate memory for the new FW image
1743 	 */
1744 	newFwSize = ALIGN(karg.newImageSize, 4);
1745 
1746 	mpt_alloc_fw_memory(ioc, newFwSize);
1747 	if (ioc->cached_fw == NULL)
1748 		return -ENOMEM;
1749 
1750 	/* Copy the data from user memory to kernel space
1751 	 */
1752 	if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1753 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_replace_fw - "
1754 				"Unable to read in mpt_ioctl_replace_fw image "
1755 				"@ %p\n", ioc->name, __FILE__, __LINE__, uarg);
1756 		mpt_free_fw_memory(ioc);
1757 		return -EFAULT;
1758 	}
1759 
1760 	/* Update IOCFactsReply
1761 	 */
1762 	ioc->facts.FWImageSize = newFwSize;
1763 	return 0;
1764 }
1765 
1766 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1767 /* MPT IOCTL MPTCOMMAND function.
1768  * Cast the arg into the mpt_ioctl_mpt_command structure.
1769  *
1770  * Outputs:	None.
1771  * Return:	0 if successful
1772  *		-EBUSY  if previous command timeout and IOC reset is not complete.
1773  *		-EFAULT if data unavailable
1774  *		-ENODEV if no such device/adapter
1775  *		-ETIME	if timer expires
1776  *		-ENOMEM if memory allocation error
1777  */
1778 static int
1779 mptctl_mpt_command (unsigned long arg)
1780 {
1781 	struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1782 	struct mpt_ioctl_command  karg;
1783 	MPT_ADAPTER	*ioc;
1784 	int		iocnum;
1785 	int		rc;
1786 
1787 
1788 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1789 		printk(KERN_ERR MYNAM "%s@%d::mptctl_mpt_command - "
1790 			"Unable to read in mpt_ioctl_command struct @ %p\n",
1791 				__FILE__, __LINE__, uarg);
1792 		return -EFAULT;
1793 	}
1794 
1795 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1796 	    (ioc == NULL)) {
1797 		printk(KERN_DEBUG MYNAM "%s::mptctl_mpt_command() @%d - ioc%d not found!\n",
1798 				__FILE__, __LINE__, iocnum);
1799 		return -ENODEV;
1800 	}
1801 
1802 	rc = mptctl_do_mpt_command (karg, &uarg->MF);
1803 
1804 	return rc;
1805 }
1806 
1807 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1808 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1809  *
1810  * Outputs:	None.
1811  * Return:	0 if successful
1812  *		-EBUSY  if previous command timeout and IOC reset is not complete.
1813  *		-EFAULT if data unavailable
1814  *		-ENODEV if no such device/adapter
1815  *		-ETIME	if timer expires
1816  *		-ENOMEM if memory allocation error
1817  *		-EPERM if SCSI I/O and target is untagged
1818  */
1819 static int
1820 mptctl_do_mpt_command (struct mpt_ioctl_command karg, void __user *mfPtr)
1821 {
1822 	MPT_ADAPTER	*ioc;
1823 	MPT_FRAME_HDR	*mf = NULL;
1824 	MPIHeader_t	*hdr;
1825 	char		*psge;
1826 	struct buflist	bufIn;	/* data In buffer */
1827 	struct buflist	bufOut; /* data Out buffer */
1828 	dma_addr_t	dma_addr_in;
1829 	dma_addr_t	dma_addr_out;
1830 	int		sgSize = 0;	/* Num SG elements */
1831 	int		iocnum, flagsLength;
1832 	int		sz, rc = 0;
1833 	int		msgContext;
1834 	u16		req_idx;
1835 	ulong 		timeout;
1836 	unsigned long	timeleft;
1837 	struct scsi_device *sdev;
1838 	unsigned long	 flags;
1839 	u8		 function;
1840 
1841 	/* bufIn and bufOut are used for user to kernel space transfers
1842 	 */
1843 	bufIn.kptr = bufOut.kptr = NULL;
1844 	bufIn.len = bufOut.len = 0;
1845 
1846 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
1847 	    (ioc == NULL)) {
1848 		printk(KERN_DEBUG MYNAM "%s::mptctl_do_mpt_command() @%d - ioc%d not found!\n",
1849 				__FILE__, __LINE__, iocnum);
1850 		return -ENODEV;
1851 	}
1852 
1853 	spin_lock_irqsave(&ioc->taskmgmt_lock, flags);
1854 	if (ioc->ioc_reset_in_progress) {
1855 		spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
1856 		printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1857 			"Busy with diagnostic reset\n", __FILE__, __LINE__);
1858 		return -EBUSY;
1859 	}
1860 	spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
1861 
1862 	/* Basic sanity checks to prevent underflows or integer overflows */
1863 	if (karg.maxReplyBytes < 0 ||
1864 	    karg.dataInSize < 0 ||
1865 	    karg.dataOutSize < 0 ||
1866 	    karg.dataSgeOffset < 0 ||
1867 	    karg.maxSenseBytes < 0 ||
1868 	    karg.dataSgeOffset > ioc->req_sz / 4)
1869 		return -EINVAL;
1870 
1871 	/* Verify that the final request frame will not be too large.
1872 	 */
1873 	sz = karg.dataSgeOffset * 4;
1874 	if (karg.dataInSize > 0)
1875 		sz += ioc->SGE_size;
1876 	if (karg.dataOutSize > 0)
1877 		sz += ioc->SGE_size;
1878 
1879 	if (sz > ioc->req_sz) {
1880 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1881 			"Request frame too large (%d) maximum (%d)\n",
1882 			ioc->name, __FILE__, __LINE__, sz, ioc->req_sz);
1883 		return -EFAULT;
1884 	}
1885 
1886 	/* Get a free request frame and save the message context.
1887 	 */
1888         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1889                 return -EAGAIN;
1890 
1891 	hdr = (MPIHeader_t *) mf;
1892 	msgContext = le32_to_cpu(hdr->MsgContext);
1893 	req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1894 
1895 	/* Copy the request frame
1896 	 * Reset the saved message context.
1897 	 * Request frame in user space
1898 	 */
1899 	if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1900 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1901 			"Unable to read MF from mpt_ioctl_command struct @ %p\n",
1902 			ioc->name, __FILE__, __LINE__, mfPtr);
1903 		function = -1;
1904 		rc = -EFAULT;
1905 		goto done_free_mem;
1906 	}
1907 	hdr->MsgContext = cpu_to_le32(msgContext);
1908 	function = hdr->Function;
1909 
1910 
1911 	/* Verify that this request is allowed.
1912 	 */
1913 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sending mpi function (0x%02X), req=%p\n",
1914 	    ioc->name, hdr->Function, mf));
1915 
1916 	switch (function) {
1917 	case MPI_FUNCTION_IOC_FACTS:
1918 	case MPI_FUNCTION_PORT_FACTS:
1919 		karg.dataOutSize  = karg.dataInSize = 0;
1920 		break;
1921 
1922 	case MPI_FUNCTION_CONFIG:
1923 	{
1924 		Config_t *config_frame;
1925 		config_frame = (Config_t *)mf;
1926 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\ttype=0x%02x ext_type=0x%02x "
1927 		    "number=0x%02x action=0x%02x\n", ioc->name,
1928 		    config_frame->Header.PageType,
1929 		    config_frame->ExtPageType,
1930 		    config_frame->Header.PageNumber,
1931 		    config_frame->Action));
1932 		break;
1933 	}
1934 
1935 	case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1936 	case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1937 	case MPI_FUNCTION_FW_UPLOAD:
1938 	case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1939 	case MPI_FUNCTION_FW_DOWNLOAD:
1940 	case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1941 	case MPI_FUNCTION_TOOLBOX:
1942 	case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1943 		break;
1944 
1945 	case MPI_FUNCTION_SCSI_IO_REQUEST:
1946 		if (ioc->sh) {
1947 			SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1948 			int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1949 			int scsidir = 0;
1950 			int dataSize;
1951 			u32 id;
1952 
1953 			id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1954 			if (pScsiReq->TargetID > id) {
1955 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1956 					"Target ID out of bounds. \n",
1957 					ioc->name, __FILE__, __LINE__);
1958 				rc = -ENODEV;
1959 				goto done_free_mem;
1960 			}
1961 
1962 			if (pScsiReq->Bus >= ioc->number_of_buses) {
1963 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1964 					"Target Bus out of bounds. \n",
1965 					ioc->name, __FILE__, __LINE__);
1966 				rc = -ENODEV;
1967 				goto done_free_mem;
1968 			}
1969 
1970 			pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1971 			pScsiReq->MsgFlags |= mpt_msg_flags(ioc);
1972 
1973 
1974 			/* verify that app has not requested
1975 			 *	more sense data than driver
1976 			 *	can provide, if so, reset this parameter
1977 			 * set the sense buffer pointer low address
1978 			 * update the control field to specify Q type
1979 			 */
1980 			if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1981 				pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1982 			else
1983 				pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1984 
1985 			pScsiReq->SenseBufferLowAddr =
1986 				cpu_to_le32(ioc->sense_buf_low_dma
1987 				   + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1988 
1989 			shost_for_each_device(sdev, ioc->sh) {
1990 				struct scsi_target *starget = scsi_target(sdev);
1991 				VirtTarget *vtarget = starget->hostdata;
1992 
1993 				if (vtarget == NULL)
1994 					continue;
1995 
1996 				if ((pScsiReq->TargetID == vtarget->id) &&
1997 				    (pScsiReq->Bus == vtarget->channel) &&
1998 				    (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1999 					qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
2000 			}
2001 
2002 			/* Have the IOCTL driver set the direction based
2003 			 * on the dataOutSize (ordering issue with Sparc).
2004 			 */
2005 			if (karg.dataOutSize > 0) {
2006 				scsidir = MPI_SCSIIO_CONTROL_WRITE;
2007 				dataSize = karg.dataOutSize;
2008 			} else {
2009 				scsidir = MPI_SCSIIO_CONTROL_READ;
2010 				dataSize = karg.dataInSize;
2011 			}
2012 
2013 			pScsiReq->Control = cpu_to_le32(scsidir | qtag);
2014 			pScsiReq->DataLength = cpu_to_le32(dataSize);
2015 
2016 
2017 		} else {
2018 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2019 				"SCSI driver is not loaded. \n",
2020 				ioc->name, __FILE__, __LINE__);
2021 			rc = -EFAULT;
2022 			goto done_free_mem;
2023 		}
2024 		break;
2025 
2026 	case MPI_FUNCTION_SMP_PASSTHROUGH:
2027 		/* Check mf->PassthruFlags to determine if
2028 		 * transfer is ImmediateMode or not.
2029 		 * Immediate mode returns data in the ReplyFrame.
2030 		 * Else, we are sending request and response data
2031 		 * in two SGLs at the end of the mf.
2032 		 */
2033 		break;
2034 
2035 	case MPI_FUNCTION_SATA_PASSTHROUGH:
2036 		if (!ioc->sh) {
2037 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2038 				"SCSI driver is not loaded. \n",
2039 				ioc->name, __FILE__, __LINE__);
2040 			rc = -EFAULT;
2041 			goto done_free_mem;
2042 		}
2043 		break;
2044 
2045 	case MPI_FUNCTION_RAID_ACTION:
2046 		/* Just add a SGE
2047 		 */
2048 		break;
2049 
2050 	case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
2051 		if (ioc->sh) {
2052 			SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
2053 			int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
2054 			int scsidir = MPI_SCSIIO_CONTROL_READ;
2055 			int dataSize;
2056 
2057 			pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
2058 			pScsiReq->MsgFlags |= mpt_msg_flags(ioc);
2059 
2060 
2061 			/* verify that app has not requested
2062 			 *	more sense data than driver
2063 			 *	can provide, if so, reset this parameter
2064 			 * set the sense buffer pointer low address
2065 			 * update the control field to specify Q type
2066 			 */
2067 			if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
2068 				pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
2069 			else
2070 				pScsiReq->SenseBufferLength = karg.maxSenseBytes;
2071 
2072 			pScsiReq->SenseBufferLowAddr =
2073 				cpu_to_le32(ioc->sense_buf_low_dma
2074 				   + (req_idx * MPT_SENSE_BUFFER_ALLOC));
2075 
2076 			/* All commands to physical devices are tagged
2077 			 */
2078 
2079 			/* Have the IOCTL driver set the direction based
2080 			 * on the dataOutSize (ordering issue with Sparc).
2081 			 */
2082 			if (karg.dataOutSize > 0) {
2083 				scsidir = MPI_SCSIIO_CONTROL_WRITE;
2084 				dataSize = karg.dataOutSize;
2085 			} else {
2086 				scsidir = MPI_SCSIIO_CONTROL_READ;
2087 				dataSize = karg.dataInSize;
2088 			}
2089 
2090 			pScsiReq->Control = cpu_to_le32(scsidir | qtag);
2091 			pScsiReq->DataLength = cpu_to_le32(dataSize);
2092 
2093 		} else {
2094 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2095 				"SCSI driver is not loaded. \n",
2096 				ioc->name, __FILE__, __LINE__);
2097 			rc = -EFAULT;
2098 			goto done_free_mem;
2099 		}
2100 		break;
2101 
2102 	case MPI_FUNCTION_SCSI_TASK_MGMT:
2103 	{
2104 		SCSITaskMgmt_t	*pScsiTm;
2105 		pScsiTm = (SCSITaskMgmt_t *)mf;
2106 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
2107 			"\tTaskType=0x%x MsgFlags=0x%x "
2108 			"TaskMsgContext=0x%x id=%d channel=%d\n",
2109 			ioc->name, pScsiTm->TaskType, le32_to_cpu
2110 			(pScsiTm->TaskMsgContext), pScsiTm->MsgFlags,
2111 			pScsiTm->TargetID, pScsiTm->Bus));
2112 		break;
2113 	}
2114 
2115 	case MPI_FUNCTION_IOC_INIT:
2116 		{
2117 			IOCInit_t	*pInit = (IOCInit_t *) mf;
2118 			u32		high_addr, sense_high;
2119 
2120 			/* Verify that all entries in the IOC INIT match
2121 			 * existing setup (and in LE format).
2122 			 */
2123 			if (sizeof(dma_addr_t) == sizeof(u64)) {
2124 				high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2125 				sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2126 			} else {
2127 				high_addr = 0;
2128 				sense_high= 0;
2129 			}
2130 
2131 			if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2132 				(pInit->MaxBuses != ioc->facts.MaxBuses) ||
2133 				(pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2134 				(pInit->HostMfaHighAddr != high_addr) ||
2135 				(pInit->SenseBufferHighAddr != sense_high)) {
2136 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2137 					"IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2138 					ioc->name, __FILE__, __LINE__);
2139 				rc = -EFAULT;
2140 				goto done_free_mem;
2141 			}
2142 		}
2143 		break;
2144 	default:
2145 		/*
2146 		 * MPI_FUNCTION_PORT_ENABLE
2147 		 * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2148 		 * MPI_FUNCTION_TARGET_ASSIST
2149 		 * MPI_FUNCTION_TARGET_STATUS_SEND
2150 		 * MPI_FUNCTION_TARGET_MODE_ABORT
2151 		 * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2152 		 * MPI_FUNCTION_IO_UNIT_RESET
2153 		 * MPI_FUNCTION_HANDSHAKE
2154 		 * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2155 		 * MPI_FUNCTION_EVENT_NOTIFICATION
2156 		 *  (driver handles event notification)
2157 		 * MPI_FUNCTION_EVENT_ACK
2158 		 */
2159 
2160 		/*  What to do with these???  CHECK ME!!!
2161 			MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2162 			MPI_FUNCTION_FC_LINK_SRVC_RSP
2163 			MPI_FUNCTION_FC_ABORT
2164 			MPI_FUNCTION_LAN_SEND
2165 			MPI_FUNCTION_LAN_RECEIVE
2166 		 	MPI_FUNCTION_LAN_RESET
2167 		*/
2168 
2169 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2170 			"Illegal request (function 0x%x) \n",
2171 			ioc->name, __FILE__, __LINE__, hdr->Function);
2172 		rc = -EFAULT;
2173 		goto done_free_mem;
2174 	}
2175 
2176 	/* Add the SGL ( at most one data in SGE and one data out SGE )
2177 	 * In the case of two SGE's - the data out (write) will always
2178 	 * preceede the data in (read) SGE. psgList is used to free the
2179 	 * allocated memory.
2180 	 */
2181 	psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2182 	flagsLength = 0;
2183 
2184 	if (karg.dataOutSize > 0)
2185 		sgSize ++;
2186 
2187 	if (karg.dataInSize > 0)
2188 		sgSize ++;
2189 
2190 	if (sgSize > 0) {
2191 
2192 		/* Set up the dataOut memory allocation */
2193 		if (karg.dataOutSize > 0) {
2194 			if (karg.dataInSize > 0) {
2195 				flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2196 						MPI_SGE_FLAGS_END_OF_BUFFER |
2197 						MPI_SGE_FLAGS_DIRECTION)
2198 						<< MPI_SGE_FLAGS_SHIFT;
2199 			} else {
2200 				flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2201 			}
2202 			flagsLength |= karg.dataOutSize;
2203 			bufOut.len = karg.dataOutSize;
2204 			bufOut.kptr = pci_alloc_consistent(
2205 					ioc->pcidev, bufOut.len, &dma_addr_out);
2206 
2207 			if (bufOut.kptr == NULL) {
2208 				rc = -ENOMEM;
2209 				goto done_free_mem;
2210 			} else {
2211 				/* Set up this SGE.
2212 				 * Copy to MF and to sglbuf
2213 				 */
2214 				ioc->add_sge(psge, flagsLength, dma_addr_out);
2215 				psge += ioc->SGE_size;
2216 
2217 				/* Copy user data to kernel space.
2218 				 */
2219 				if (copy_from_user(bufOut.kptr,
2220 						karg.dataOutBufPtr,
2221 						bufOut.len)) {
2222 					printk(MYIOC_s_ERR_FMT
2223 						"%s@%d::mptctl_do_mpt_command - Unable "
2224 						"to read user data "
2225 						"struct @ %p\n",
2226 						ioc->name, __FILE__, __LINE__,karg.dataOutBufPtr);
2227 					rc =  -EFAULT;
2228 					goto done_free_mem;
2229 				}
2230 			}
2231 		}
2232 
2233 		if (karg.dataInSize > 0) {
2234 			flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2235 			flagsLength |= karg.dataInSize;
2236 
2237 			bufIn.len = karg.dataInSize;
2238 			bufIn.kptr = pci_alloc_consistent(ioc->pcidev,
2239 					bufIn.len, &dma_addr_in);
2240 
2241 			if (bufIn.kptr == NULL) {
2242 				rc = -ENOMEM;
2243 				goto done_free_mem;
2244 			} else {
2245 				/* Set up this SGE
2246 				 * Copy to MF and to sglbuf
2247 				 */
2248 				ioc->add_sge(psge, flagsLength, dma_addr_in);
2249 			}
2250 		}
2251 	} else  {
2252 		/* Add a NULL SGE
2253 		 */
2254 		ioc->add_sge(psge, flagsLength, (dma_addr_t) -1);
2255 	}
2256 
2257 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, hdr->MsgContext);
2258 	INITIALIZE_MGMT_STATUS(ioc->ioctl_cmds.status)
2259 	if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2260 
2261 		mutex_lock(&ioc->taskmgmt_cmds.mutex);
2262 		if (mpt_set_taskmgmt_in_progress_flag(ioc) != 0) {
2263 			mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2264 			goto done_free_mem;
2265 		}
2266 
2267 		DBG_DUMP_TM_REQUEST_FRAME(ioc, (u32 *)mf);
2268 
2269 		if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
2270 		    (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
2271 			mpt_put_msg_frame_hi_pri(mptctl_id, ioc, mf);
2272 		else {
2273 			rc =mpt_send_handshake_request(mptctl_id, ioc,
2274 				sizeof(SCSITaskMgmt_t), (u32*)mf, CAN_SLEEP);
2275 			if (rc != 0) {
2276 				dfailprintk(ioc, printk(MYIOC_s_ERR_FMT
2277 				    "send_handshake FAILED! (ioc %p, mf %p)\n",
2278 				    ioc->name, ioc, mf));
2279 				mpt_clear_taskmgmt_in_progress_flag(ioc);
2280 				rc = -ENODATA;
2281 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2282 				goto done_free_mem;
2283 			}
2284 		}
2285 
2286 	} else
2287 		mpt_put_msg_frame(mptctl_id, ioc, mf);
2288 
2289 	/* Now wait for the command to complete */
2290 	timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2291 retry_wait:
2292 	timeleft = wait_for_completion_timeout(&ioc->ioctl_cmds.done,
2293 				HZ*timeout);
2294 	if (!(ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
2295 		rc = -ETIME;
2296 		dfailprintk(ioc, printk(MYIOC_s_ERR_FMT "%s: TIMED OUT!\n",
2297 		    ioc->name, __func__));
2298 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
2299 			if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2300 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2301 			goto done_free_mem;
2302 		}
2303 		if (!timeleft) {
2304 			printk(MYIOC_s_WARN_FMT
2305 			       "mpt cmd timeout, doorbell=0x%08x"
2306 			       " function=0x%x\n",
2307 			       ioc->name, mpt_GetIocState(ioc, 0), function);
2308 			if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2309 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2310 			mptctl_timeout_expired(ioc, mf);
2311 			mf = NULL;
2312 		} else
2313 			goto retry_wait;
2314 		goto done_free_mem;
2315 	}
2316 
2317 	if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2318 		mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2319 
2320 
2321 	mf = NULL;
2322 
2323 	/* If a valid reply frame, copy to the user.
2324 	 * Offset 2: reply length in U32's
2325 	 */
2326 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID) {
2327 		if (karg.maxReplyBytes < ioc->reply_sz) {
2328 			sz = min(karg.maxReplyBytes,
2329 				4*ioc->ioctl_cmds.reply[2]);
2330 		} else {
2331 			 sz = min(ioc->reply_sz, 4*ioc->ioctl_cmds.reply[2]);
2332 		}
2333 		if (sz > 0) {
2334 			if (copy_to_user(karg.replyFrameBufPtr,
2335 				 ioc->ioctl_cmds.reply, sz)){
2336 				 printk(MYIOC_s_ERR_FMT
2337 				     "%s@%d::mptctl_do_mpt_command - "
2338 				 "Unable to write out reply frame %p\n",
2339 				 ioc->name, __FILE__, __LINE__, karg.replyFrameBufPtr);
2340 				 rc =  -ENODATA;
2341 				 goto done_free_mem;
2342 			}
2343 		}
2344 	}
2345 
2346 	/* If valid sense data, copy to user.
2347 	 */
2348 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_SENSE_VALID) {
2349 		sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2350 		if (sz > 0) {
2351 			if (copy_to_user(karg.senseDataPtr,
2352 				ioc->ioctl_cmds.sense, sz)) {
2353 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2354 				"Unable to write sense data to user %p\n",
2355 				ioc->name, __FILE__, __LINE__,
2356 				karg.senseDataPtr);
2357 				rc =  -ENODATA;
2358 				goto done_free_mem;
2359 			}
2360 		}
2361 	}
2362 
2363 	/* If the overall status is _GOOD and data in, copy data
2364 	 * to user.
2365 	 */
2366 	if ((ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD) &&
2367 				(karg.dataInSize > 0) && (bufIn.kptr)) {
2368 
2369 		if (copy_to_user(karg.dataInBufPtr,
2370 				 bufIn.kptr, karg.dataInSize)) {
2371 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2372 				"Unable to write data to user %p\n",
2373 				ioc->name, __FILE__, __LINE__,
2374 				karg.dataInBufPtr);
2375 			rc =  -ENODATA;
2376 		}
2377 	}
2378 
2379 done_free_mem:
2380 
2381 	CLEAR_MGMT_STATUS(ioc->ioctl_cmds.status)
2382 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, 0);
2383 
2384 	/* Free the allocated memory.
2385 	 */
2386 	if (bufOut.kptr != NULL) {
2387 		pci_free_consistent(ioc->pcidev,
2388 			bufOut.len, (void *) bufOut.kptr, dma_addr_out);
2389 	}
2390 
2391 	if (bufIn.kptr != NULL) {
2392 		pci_free_consistent(ioc->pcidev,
2393 			bufIn.len, (void *) bufIn.kptr, dma_addr_in);
2394 	}
2395 
2396 	/* mf is null if command issued successfully
2397 	 * otherwise, failure occurred after mf acquired.
2398 	 */
2399 	if (mf)
2400 		mpt_free_msg_frame(ioc, mf);
2401 
2402 	return rc;
2403 }
2404 
2405 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2406 /* Prototype Routine for the HOST INFO command.
2407  *
2408  * Outputs:	None.
2409  * Return:	0 if successful
2410  *		-EFAULT if data unavailable
2411  *		-EBUSY  if previous command timeout and IOC reset is not complete.
2412  *		-ENODEV if no such device/adapter
2413  *		-ETIME	if timer expires
2414  *		-ENOMEM if memory allocation error
2415  */
2416 static int
2417 mptctl_hp_hostinfo(unsigned long arg, unsigned int data_size)
2418 {
2419 	hp_host_info_t	__user *uarg = (void __user *) arg;
2420 	MPT_ADAPTER		*ioc;
2421 	struct pci_dev		*pdev;
2422 	char                    *pbuf=NULL;
2423 	dma_addr_t		buf_dma;
2424 	hp_host_info_t		karg;
2425 	CONFIGPARMS		cfg;
2426 	ConfigPageHeader_t	hdr;
2427 	int			iocnum;
2428 	int			rc, cim_rev;
2429 	ToolboxIstwiReadWriteRequest_t	*IstwiRWRequest;
2430 	MPT_FRAME_HDR		*mf = NULL;
2431 	unsigned long		timeleft;
2432 	int			retval;
2433 	u32			msgcontext;
2434 
2435 	/* Reset long to int. Should affect IA64 and SPARC only
2436 	 */
2437 	if (data_size == sizeof(hp_host_info_t))
2438 		cim_rev = 1;
2439 	else if (data_size == sizeof(hp_host_info_rev0_t))
2440 		cim_rev = 0;	/* obsolete */
2441 	else
2442 		return -EFAULT;
2443 
2444 	if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2445 		printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_host_info - "
2446 			"Unable to read in hp_host_info struct @ %p\n",
2447 				__FILE__, __LINE__, uarg);
2448 		return -EFAULT;
2449 	}
2450 
2451 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2452 	    (ioc == NULL)) {
2453 		printk(KERN_DEBUG MYNAM "%s::mptctl_hp_hostinfo() @%d - ioc%d not found!\n",
2454 				__FILE__, __LINE__, iocnum);
2455 		return -ENODEV;
2456 	}
2457 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n",
2458 	    ioc->name));
2459 
2460 	/* Fill in the data and return the structure to the calling
2461 	 * program
2462 	 */
2463 	pdev = (struct pci_dev *) ioc->pcidev;
2464 
2465 	karg.vendor = pdev->vendor;
2466 	karg.device = pdev->device;
2467 	karg.subsystem_id = pdev->subsystem_device;
2468 	karg.subsystem_vendor = pdev->subsystem_vendor;
2469 	karg.devfn = pdev->devfn;
2470 	karg.bus = pdev->bus->number;
2471 
2472 	/* Save the SCSI host no. if
2473 	 * SCSI driver loaded
2474 	 */
2475 	if (ioc->sh != NULL)
2476 		karg.host_no = ioc->sh->host_no;
2477 	else
2478 		karg.host_no =  -1;
2479 
2480 	/* Reformat the fw_version into a string
2481 	 */
2482 	karg.fw_version[0] = ioc->facts.FWVersion.Struct.Major >= 10 ?
2483 		((ioc->facts.FWVersion.Struct.Major / 10) + '0') : '0';
2484 	karg.fw_version[1] = (ioc->facts.FWVersion.Struct.Major % 10 ) + '0';
2485 	karg.fw_version[2] = '.';
2486 	karg.fw_version[3] = ioc->facts.FWVersion.Struct.Minor >= 10 ?
2487 		((ioc->facts.FWVersion.Struct.Minor / 10) + '0') : '0';
2488 	karg.fw_version[4] = (ioc->facts.FWVersion.Struct.Minor % 10 ) + '0';
2489 	karg.fw_version[5] = '.';
2490 	karg.fw_version[6] = ioc->facts.FWVersion.Struct.Unit >= 10 ?
2491 		((ioc->facts.FWVersion.Struct.Unit / 10) + '0') : '0';
2492 	karg.fw_version[7] = (ioc->facts.FWVersion.Struct.Unit % 10 ) + '0';
2493 	karg.fw_version[8] = '.';
2494 	karg.fw_version[9] = ioc->facts.FWVersion.Struct.Dev >= 10 ?
2495 		((ioc->facts.FWVersion.Struct.Dev / 10) + '0') : '0';
2496 	karg.fw_version[10] = (ioc->facts.FWVersion.Struct.Dev % 10 ) + '0';
2497 	karg.fw_version[11] = '\0';
2498 
2499 	/* Issue a config request to get the device serial number
2500 	 */
2501 	hdr.PageVersion = 0;
2502 	hdr.PageLength = 0;
2503 	hdr.PageNumber = 0;
2504 	hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2505 	cfg.cfghdr.hdr = &hdr;
2506 	cfg.physAddr = -1;
2507 	cfg.pageAddr = 0;
2508 	cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2509 	cfg.dir = 0;	/* read */
2510 	cfg.timeout = 10;
2511 
2512 	strncpy(karg.serial_number, " ", 24);
2513 	if (mpt_config(ioc, &cfg) == 0) {
2514 		if (cfg.cfghdr.hdr->PageLength > 0) {
2515 			/* Issue the second config page request */
2516 			cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2517 
2518 			pbuf = pci_alloc_consistent(ioc->pcidev, hdr.PageLength * 4, &buf_dma);
2519 			if (pbuf) {
2520 				cfg.physAddr = buf_dma;
2521 				if (mpt_config(ioc, &cfg) == 0) {
2522 					ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2523 					if (strlen(pdata->BoardTracerNumber) > 1) {
2524 						strncpy(karg.serial_number, 									    pdata->BoardTracerNumber, 24);
2525 						karg.serial_number[24-1]='\0';
2526 					}
2527 				}
2528 				pci_free_consistent(ioc->pcidev, hdr.PageLength * 4, pbuf, buf_dma);
2529 				pbuf = NULL;
2530 			}
2531 		}
2532 	}
2533 	rc = mpt_GetIocState(ioc, 1);
2534 	switch (rc) {
2535 	case MPI_IOC_STATE_OPERATIONAL:
2536 		karg.ioc_status =  HP_STATUS_OK;
2537 		break;
2538 
2539 	case MPI_IOC_STATE_FAULT:
2540 		karg.ioc_status =  HP_STATUS_FAILED;
2541 		break;
2542 
2543 	case MPI_IOC_STATE_RESET:
2544 	case MPI_IOC_STATE_READY:
2545 	default:
2546 		karg.ioc_status =  HP_STATUS_OTHER;
2547 		break;
2548 	}
2549 
2550 	karg.base_io_addr = pci_resource_start(pdev, 0);
2551 
2552 	if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2553 		karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2554 	else
2555 		karg.bus_phys_width = HP_BUS_WIDTH_16;
2556 
2557 	karg.hard_resets = 0;
2558 	karg.soft_resets = 0;
2559 	karg.timeouts = 0;
2560 	if (ioc->sh != NULL) {
2561 		MPT_SCSI_HOST *hd =  shost_priv(ioc->sh);
2562 
2563 		if (hd && (cim_rev == 1)) {
2564 			karg.hard_resets = ioc->hard_resets;
2565 			karg.soft_resets = ioc->soft_resets;
2566 			karg.timeouts = ioc->timeouts;
2567 		}
2568 	}
2569 
2570 	/*
2571 	 * Gather ISTWI(Industry Standard Two Wire Interface) Data
2572 	 */
2573 	if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2574 		dfailprintk(ioc, printk(MYIOC_s_WARN_FMT
2575 			"%s, no msg frames!!\n", ioc->name, __func__));
2576 		goto out;
2577 	}
2578 
2579 	IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2580 	msgcontext = IstwiRWRequest->MsgContext;
2581 	memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2582 	IstwiRWRequest->MsgContext = msgcontext;
2583 	IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2584 	IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2585 	IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2586 	IstwiRWRequest->NumAddressBytes = 0x01;
2587 	IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2588 	if (pdev->devfn & 1)
2589 		IstwiRWRequest->DeviceAddr = 0xB2;
2590 	else
2591 		IstwiRWRequest->DeviceAddr = 0xB0;
2592 
2593 	pbuf = pci_alloc_consistent(ioc->pcidev, 4, &buf_dma);
2594 	if (!pbuf)
2595 		goto out;
2596 	ioc->add_sge((char *)&IstwiRWRequest->SGL,
2597 	    (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2598 
2599 	retval = 0;
2600 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context,
2601 				IstwiRWRequest->MsgContext);
2602 	INITIALIZE_MGMT_STATUS(ioc->ioctl_cmds.status)
2603 	mpt_put_msg_frame(mptctl_id, ioc, mf);
2604 
2605 retry_wait:
2606 	timeleft = wait_for_completion_timeout(&ioc->ioctl_cmds.done,
2607 			HZ*MPT_IOCTL_DEFAULT_TIMEOUT);
2608 	if (!(ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
2609 		retval = -ETIME;
2610 		printk(MYIOC_s_WARN_FMT "%s: failed\n", ioc->name, __func__);
2611 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
2612 			mpt_free_msg_frame(ioc, mf);
2613 			goto out;
2614 		}
2615 		if (!timeleft) {
2616 			printk(MYIOC_s_WARN_FMT
2617 			       "HOST INFO command timeout, doorbell=0x%08x\n",
2618 			       ioc->name, mpt_GetIocState(ioc, 0));
2619 			mptctl_timeout_expired(ioc, mf);
2620 		} else
2621 			goto retry_wait;
2622 		goto out;
2623 	}
2624 
2625 	/*
2626 	 *ISTWI Data Definition
2627 	 * pbuf[0] = FW_VERSION = 0x4
2628 	 * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2629 	 *  the config, you should be seeing one out of these three values
2630 	 * pbuf[2] = Drive Installed Map = bit pattern depend on which
2631 	 *   bays have drives in them
2632 	 * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2633 	 */
2634 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID)
2635 		karg.rsvd = *(u32 *)pbuf;
2636 
2637  out:
2638 	CLEAR_MGMT_STATUS(ioc->ioctl_cmds.status)
2639 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, 0);
2640 
2641 	if (pbuf)
2642 		pci_free_consistent(ioc->pcidev, 4, pbuf, buf_dma);
2643 
2644 	/* Copy the data from kernel memory to user memory
2645 	 */
2646 	if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2647 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hpgethostinfo - "
2648 			"Unable to write out hp_host_info @ %p\n",
2649 			ioc->name, __FILE__, __LINE__, uarg);
2650 		return -EFAULT;
2651 	}
2652 
2653 	return 0;
2654 
2655 }
2656 
2657 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2658 /* Prototype Routine for the TARGET INFO command.
2659  *
2660  * Outputs:	None.
2661  * Return:	0 if successful
2662  *		-EFAULT if data unavailable
2663  *		-EBUSY  if previous command timeout and IOC reset is not complete.
2664  *		-ENODEV if no such device/adapter
2665  *		-ETIME	if timer expires
2666  *		-ENOMEM if memory allocation error
2667  */
2668 static int
2669 mptctl_hp_targetinfo(unsigned long arg)
2670 {
2671 	hp_target_info_t __user *uarg = (void __user *) arg;
2672 	SCSIDevicePage0_t	*pg0_alloc;
2673 	SCSIDevicePage3_t	*pg3_alloc;
2674 	MPT_ADAPTER		*ioc;
2675 	MPT_SCSI_HOST 		*hd = NULL;
2676 	hp_target_info_t	karg;
2677 	int			iocnum;
2678 	int			data_sz;
2679 	dma_addr_t		page_dma;
2680 	CONFIGPARMS	 	cfg;
2681 	ConfigPageHeader_t	hdr;
2682 	int			tmp, np, rc = 0;
2683 
2684 	if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2685 		printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_targetinfo - "
2686 			"Unable to read in hp_host_targetinfo struct @ %p\n",
2687 				__FILE__, __LINE__, uarg);
2688 		return -EFAULT;
2689 	}
2690 
2691 	if (((iocnum = mpt_verify_adapter(karg.hdr.iocnum, &ioc)) < 0) ||
2692 		(ioc == NULL)) {
2693 		printk(KERN_DEBUG MYNAM "%s::mptctl_hp_targetinfo() @%d - ioc%d not found!\n",
2694 				__FILE__, __LINE__, iocnum);
2695 		return -ENODEV;
2696 	}
2697 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n",
2698 	    ioc->name));
2699 
2700 	/*  There is nothing to do for FCP parts.
2701 	 */
2702 	if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2703 		return 0;
2704 
2705 	if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2706 		return 0;
2707 
2708 	if (ioc->sh->host_no != karg.hdr.host)
2709 		return -ENODEV;
2710 
2711        /* Get the data transfer speeds
2712         */
2713 	data_sz = ioc->spi_data.sdp0length * 4;
2714 	pg0_alloc = (SCSIDevicePage0_t *) pci_alloc_consistent(ioc->pcidev, data_sz, &page_dma);
2715 	if (pg0_alloc) {
2716 		hdr.PageVersion = ioc->spi_data.sdp0version;
2717 		hdr.PageLength = data_sz;
2718 		hdr.PageNumber = 0;
2719 		hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2720 
2721 		cfg.cfghdr.hdr = &hdr;
2722 		cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2723 		cfg.dir = 0;
2724 		cfg.timeout = 0;
2725 		cfg.physAddr = page_dma;
2726 
2727 		cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2728 
2729 		if ((rc = mpt_config(ioc, &cfg)) == 0) {
2730 			np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2731 			karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2732 					HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2733 
2734 			if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2735 				tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2736 				if (tmp < 0x09)
2737 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2738 				else if (tmp <= 0x09)
2739 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2740 				else if (tmp <= 0x0A)
2741 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2742 				else if (tmp <= 0x0C)
2743 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2744 				else if (tmp <= 0x25)
2745 					karg.negotiated_speed = HP_DEV_SPEED_FAST;
2746 				else
2747 					karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2748 			} else
2749 				karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2750 		}
2751 
2752 		pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg0_alloc, page_dma);
2753 	}
2754 
2755 	/* Set defaults
2756 	 */
2757 	karg.message_rejects = -1;
2758 	karg.phase_errors = -1;
2759 	karg.parity_errors = -1;
2760 	karg.select_timeouts = -1;
2761 
2762 	/* Get the target error parameters
2763 	 */
2764 	hdr.PageVersion = 0;
2765 	hdr.PageLength = 0;
2766 	hdr.PageNumber = 3;
2767 	hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2768 
2769 	cfg.cfghdr.hdr = &hdr;
2770 	cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2771 	cfg.dir = 0;
2772 	cfg.timeout = 0;
2773 	cfg.physAddr = -1;
2774 	if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2775 		/* Issue the second config page request */
2776 		cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2777 		data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2778 		pg3_alloc = (SCSIDevicePage3_t *) pci_alloc_consistent(
2779 							ioc->pcidev, data_sz, &page_dma);
2780 		if (pg3_alloc) {
2781 			cfg.physAddr = page_dma;
2782 			cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2783 			if ((rc = mpt_config(ioc, &cfg)) == 0) {
2784 				karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2785 				karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2786 				karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2787 			}
2788 			pci_free_consistent(ioc->pcidev, data_sz, (u8 *) pg3_alloc, page_dma);
2789 		}
2790 	}
2791 	hd = shost_priv(ioc->sh);
2792 	if (hd != NULL)
2793 		karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2794 
2795 	/* Copy the data from kernel memory to user memory
2796 	 */
2797 	if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2798 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hp_target_info - "
2799 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2800 			ioc->name, __FILE__, __LINE__, uarg);
2801 		return -EFAULT;
2802 	}
2803 
2804 	return 0;
2805 }
2806 
2807 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2808 
2809 static const struct file_operations mptctl_fops = {
2810 	.owner =	THIS_MODULE,
2811 	.llseek =	no_llseek,
2812 	.fasync = 	mptctl_fasync,
2813 	.unlocked_ioctl = mptctl_ioctl,
2814 #ifdef CONFIG_COMPAT
2815 	.compat_ioctl = compat_mpctl_ioctl,
2816 #endif
2817 };
2818 
2819 static struct miscdevice mptctl_miscdev = {
2820 	MPT_MINOR,
2821 	MYNAM,
2822 	&mptctl_fops
2823 };
2824 
2825 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2826 
2827 #ifdef CONFIG_COMPAT
2828 
2829 static int
2830 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2831 			unsigned long arg)
2832 {
2833 	struct mpt_fw_xfer32 kfw32;
2834 	struct mpt_fw_xfer kfw;
2835 	MPT_ADAPTER *iocp = NULL;
2836 	int iocnum, iocnumX;
2837 	int nonblock = (filp->f_flags & O_NONBLOCK);
2838 	int ret;
2839 
2840 
2841 	if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2842 		return -EFAULT;
2843 
2844 	/* Verify intended MPT adapter */
2845 	iocnumX = kfw32.iocnum & 0xFF;
2846 	if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2847 	    (iocp == NULL)) {
2848 		printk(KERN_DEBUG MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2849 			__LINE__, iocnumX);
2850 		return -ENODEV;
2851 	}
2852 
2853 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2854 		return ret;
2855 
2856 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mptfwxfer_ioctl() called\n",
2857 	    iocp->name));
2858 	kfw.iocnum = iocnum;
2859 	kfw.fwlen = kfw32.fwlen;
2860 	kfw.bufp = compat_ptr(kfw32.bufp);
2861 
2862 	ret = mptctl_do_fw_download(kfw.iocnum, kfw.bufp, kfw.fwlen);
2863 
2864 	mutex_unlock(&iocp->ioctl_cmds.mutex);
2865 
2866 	return ret;
2867 }
2868 
2869 static int
2870 compat_mpt_command(struct file *filp, unsigned int cmd,
2871 			unsigned long arg)
2872 {
2873 	struct mpt_ioctl_command32 karg32;
2874 	struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2875 	struct mpt_ioctl_command karg;
2876 	MPT_ADAPTER *iocp = NULL;
2877 	int iocnum, iocnumX;
2878 	int nonblock = (filp->f_flags & O_NONBLOCK);
2879 	int ret;
2880 
2881 	if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2882 		return -EFAULT;
2883 
2884 	/* Verify intended MPT adapter */
2885 	iocnumX = karg32.hdr.iocnum & 0xFF;
2886 	if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2887 	    (iocp == NULL)) {
2888 		printk(KERN_DEBUG MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2889 			__LINE__, iocnumX);
2890 		return -ENODEV;
2891 	}
2892 
2893 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2894 		return ret;
2895 
2896 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mpt_command() called\n",
2897 	    iocp->name));
2898 	/* Copy data to karg */
2899 	karg.hdr.iocnum = karg32.hdr.iocnum;
2900 	karg.hdr.port = karg32.hdr.port;
2901 	karg.timeout = karg32.timeout;
2902 	karg.maxReplyBytes = karg32.maxReplyBytes;
2903 
2904 	karg.dataInSize = karg32.dataInSize;
2905 	karg.dataOutSize = karg32.dataOutSize;
2906 	karg.maxSenseBytes = karg32.maxSenseBytes;
2907 	karg.dataSgeOffset = karg32.dataSgeOffset;
2908 
2909 	karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2910 	karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2911 	karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2912 	karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2913 
2914 	/* Pass new structure to do_mpt_command
2915 	 */
2916 	ret = mptctl_do_mpt_command (karg, &uarg->MF);
2917 
2918 	mutex_unlock(&iocp->ioctl_cmds.mutex);
2919 
2920 	return ret;
2921 }
2922 
2923 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2924 {
2925 	long ret;
2926 	mutex_lock(&mpctl_mutex);
2927 	switch (cmd) {
2928 	case MPTIOCINFO:
2929 	case MPTIOCINFO1:
2930 	case MPTIOCINFO2:
2931 	case MPTTARGETINFO:
2932 	case MPTEVENTQUERY:
2933 	case MPTEVENTENABLE:
2934 	case MPTEVENTREPORT:
2935 	case MPTHARDRESET:
2936 	case HP_GETHOSTINFO:
2937 	case HP_GETTARGETINFO:
2938 	case MPTTEST:
2939 		ret = __mptctl_ioctl(f, cmd, arg);
2940 		break;
2941 	case MPTCOMMAND32:
2942 		ret = compat_mpt_command(f, cmd, arg);
2943 		break;
2944 	case MPTFWDOWNLOAD32:
2945 		ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2946 		break;
2947 	default:
2948 		ret = -ENOIOCTLCMD;
2949 		break;
2950 	}
2951 	mutex_unlock(&mpctl_mutex);
2952 	return ret;
2953 }
2954 
2955 #endif
2956 
2957 
2958 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2959 /*
2960  *	mptctl_probe - Installs ioctl devices per bus.
2961  *	@pdev: Pointer to pci_dev structure
2962  *
2963  *	Returns 0 for success, non-zero for failure.
2964  *
2965  */
2966 
2967 static int
2968 mptctl_probe(struct pci_dev *pdev, const struct pci_device_id *id)
2969 {
2970 	MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2971 
2972 	mutex_init(&ioc->ioctl_cmds.mutex);
2973 	init_completion(&ioc->ioctl_cmds.done);
2974 	return 0;
2975 }
2976 
2977 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2978 /*
2979  *	mptctl_remove - Removed ioctl devices
2980  *	@pdev: Pointer to pci_dev structure
2981  *
2982  *
2983  */
2984 static void
2985 mptctl_remove(struct pci_dev *pdev)
2986 {
2987 }
2988 
2989 static struct mpt_pci_driver mptctl_driver = {
2990   .probe		= mptctl_probe,
2991   .remove		= mptctl_remove,
2992 };
2993 
2994 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2995 static int __init mptctl_init(void)
2996 {
2997 	int err;
2998 	int where = 1;
2999 
3000 	show_mptmod_ver(my_NAME, my_VERSION);
3001 
3002 	mpt_device_driver_register(&mptctl_driver, MPTCTL_DRIVER);
3003 
3004 	/* Register this device */
3005 	err = misc_register(&mptctl_miscdev);
3006 	if (err < 0) {
3007 		printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
3008 		goto out_fail;
3009 	}
3010 	printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
3011 	printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
3012 			 mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
3013 
3014 	/*
3015 	 *  Install our handler
3016 	 */
3017 	++where;
3018 	mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER,
3019 	    "mptctl_reply");
3020 	if (!mptctl_id || mptctl_id >= MPT_MAX_PROTOCOL_DRIVERS) {
3021 		printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
3022 		misc_deregister(&mptctl_miscdev);
3023 		err = -EBUSY;
3024 		goto out_fail;
3025 	}
3026 
3027 	mptctl_taskmgmt_id = mpt_register(mptctl_taskmgmt_reply, MPTCTL_DRIVER,
3028 	    "mptctl_taskmgmt_reply");
3029 	if (!mptctl_taskmgmt_id || mptctl_taskmgmt_id >= MPT_MAX_PROTOCOL_DRIVERS) {
3030 		printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
3031 		mpt_deregister(mptctl_id);
3032 		misc_deregister(&mptctl_miscdev);
3033 		err = -EBUSY;
3034 		goto out_fail;
3035 	}
3036 
3037 	mpt_reset_register(mptctl_id, mptctl_ioc_reset);
3038 	mpt_event_register(mptctl_id, mptctl_event_process);
3039 
3040 	return 0;
3041 
3042 out_fail:
3043 
3044 	mpt_device_driver_deregister(MPTCTL_DRIVER);
3045 
3046 	return err;
3047 }
3048 
3049 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
3050 static void mptctl_exit(void)
3051 {
3052 	misc_deregister(&mptctl_miscdev);
3053 	printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
3054 			 mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
3055 
3056 	/* De-register event handler from base module */
3057 	mpt_event_deregister(mptctl_id);
3058 
3059 	/* De-register reset handler from base module */
3060 	mpt_reset_deregister(mptctl_id);
3061 
3062 	/* De-register callback handler from base module */
3063 	mpt_deregister(mptctl_taskmgmt_id);
3064 	mpt_deregister(mptctl_id);
3065 
3066         mpt_device_driver_deregister(MPTCTL_DRIVER);
3067 
3068 }
3069 
3070 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
3071 
3072 module_init(mptctl_init);
3073 module_exit(mptctl_exit);
3074