xref: /linux/drivers/message/fusion/mptctl.c (revision e7d759f31ca295d589f7420719c311870bb3166f)
1 /*
2  *  linux/drivers/message/fusion/mptctl.c
3  *      mpt Ioctl driver.
4  *      For use with LSI PCI chip/adapters
5  *      running LSI Fusion MPT (Message Passing Technology) firmware.
6  *
7  *  Copyright (c) 1999-2008 LSI Corporation
8  *  (mailto:DL-MPTFusionLinux@lsi.com)
9  *
10  */
11 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
12 /*
13     This program is free software; you can redistribute it and/or modify
14     it under the terms of the GNU General Public License as published by
15     the Free Software Foundation; version 2 of the License.
16 
17     This program is distributed in the hope that it will be useful,
18     but WITHOUT ANY WARRANTY; without even the implied warranty of
19     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
20     GNU General Public License for more details.
21 
22     NO WARRANTY
23     THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
24     CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
25     LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
26     MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
27     solely responsible for determining the appropriateness of using and
28     distributing the Program and assumes all risks associated with its
29     exercise of rights under this Agreement, including but not limited to
30     the risks and costs of program errors, damage to or loss of data,
31     programs or equipment, and unavailability or interruption of operations.
32 
33     DISCLAIMER OF LIABILITY
34     NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
35     DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
36     DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
37     ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
38     TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
39     USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
40     HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
41 
42     You should have received a copy of the GNU General Public License
43     along with this program; if not, write to the Free Software
44     Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
45 */
46 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
47 
48 #include <linux/kernel.h>
49 #include <linux/module.h>
50 #include <linux/errno.h>
51 #include <linux/init.h>
52 #include <linux/slab.h>
53 #include <linux/types.h>
54 #include <linux/pci.h>
55 #include <linux/delay.h>	/* for mdelay */
56 #include <linux/miscdevice.h>
57 #include <linux/mutex.h>
58 #include <linux/compat.h>
59 
60 #include <asm/io.h>
61 #include <linux/uaccess.h>
62 
63 #include <scsi/scsi.h>
64 #include <scsi/scsi_cmnd.h>
65 #include <scsi/scsi_device.h>
66 #include <scsi/scsi_host.h>
67 #include <scsi/scsi_tcq.h>
68 
69 #define COPYRIGHT	"Copyright (c) 1999-2008 LSI Corporation"
70 #define MODULEAUTHOR	"LSI Corporation"
71 #include "mptbase.h"
72 #include "mptctl.h"
73 
74 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
75 #define my_NAME		"Fusion MPT misc device (ioctl) driver"
76 #define my_VERSION	MPT_LINUX_VERSION_COMMON
77 #define MYNAM		"mptctl"
78 
79 MODULE_AUTHOR(MODULEAUTHOR);
80 MODULE_DESCRIPTION(my_NAME);
81 MODULE_LICENSE("GPL");
82 MODULE_VERSION(my_VERSION);
83 
84 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
85 
86 static DEFINE_MUTEX(mpctl_mutex);
87 static u8 mptctl_id = MPT_MAX_PROTOCOL_DRIVERS;
88 static u8 mptctl_taskmgmt_id = MPT_MAX_PROTOCOL_DRIVERS;
89 
90 static DECLARE_WAIT_QUEUE_HEAD ( mptctl_wait );
91 
92 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
93 
94 struct buflist {
95 	u8	*kptr;
96 	int	 len;
97 };
98 
99 /*
100  * Function prototypes. Called from OS entry point mptctl_ioctl.
101  * arg contents specific to function.
102  */
103 static int mptctl_fw_download(MPT_ADAPTER *iocp, unsigned long arg);
104 static int mptctl_getiocinfo(MPT_ADAPTER *iocp, unsigned long arg, unsigned int cmd);
105 static int mptctl_gettargetinfo(MPT_ADAPTER *iocp, unsigned long arg);
106 static int mptctl_readtest(MPT_ADAPTER *iocp, unsigned long arg);
107 static int mptctl_mpt_command(MPT_ADAPTER *iocp, unsigned long arg);
108 static int mptctl_eventquery(MPT_ADAPTER *iocp, unsigned long arg);
109 static int mptctl_eventenable(MPT_ADAPTER *iocp, unsigned long arg);
110 static int mptctl_eventreport(MPT_ADAPTER *iocp, unsigned long arg);
111 static int mptctl_replace_fw(MPT_ADAPTER *iocp, unsigned long arg);
112 
113 static int mptctl_do_reset(MPT_ADAPTER *iocp, unsigned long arg);
114 static int mptctl_hp_hostinfo(MPT_ADAPTER *iocp, unsigned long arg, unsigned int cmd);
115 static int mptctl_hp_targetinfo(MPT_ADAPTER *iocp, unsigned long arg);
116 
117 static int  mptctl_probe(struct pci_dev *);
118 static void mptctl_remove(struct pci_dev *);
119 
120 #ifdef CONFIG_COMPAT
121 static long compat_mpctl_ioctl(struct file *f, unsigned cmd, unsigned long arg);
122 #endif
123 /*
124  * Private function calls.
125  */
126 static int mptctl_do_mpt_command(MPT_ADAPTER *iocp, struct mpt_ioctl_command karg, void __user *mfPtr);
127 static int mptctl_do_fw_download(MPT_ADAPTER *iocp, char __user *ufwbuf, size_t fwlen);
128 static MptSge_t *kbuf_alloc_2_sgl(int bytes, u32 dir, int sge_offset, int *frags,
129 		struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc);
130 static void kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma,
131 		struct buflist *buflist, MPT_ADAPTER *ioc);
132 
133 /*
134  * Reset Handler cleanup function
135  */
136 static int  mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase);
137 
138 /*
139  * Event Handler function
140  */
141 static int mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply);
142 static struct fasync_struct *async_queue=NULL;
143 
144 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
145 /*
146  * Scatter gather list (SGL) sizes and limits...
147  */
148 //#define MAX_SCSI_FRAGS	9
149 #define MAX_FRAGS_SPILL1	9
150 #define MAX_FRAGS_SPILL2	15
151 #define FRAGS_PER_BUCKET	(MAX_FRAGS_SPILL2 + 1)
152 
153 //#define MAX_CHAIN_FRAGS	64
154 //#define MAX_CHAIN_FRAGS	(15+15+15+16)
155 #define MAX_CHAIN_FRAGS		(4 * MAX_FRAGS_SPILL2 + 1)
156 
157 //  Define max sg LIST bytes ( == (#frags + #chains) * 8 bytes each)
158 //  Works out to: 592d bytes!     (9+1)*8 + 4*(15+1)*8
159 //                  ^----------------- 80 + 512
160 #define MAX_SGL_BYTES		((MAX_FRAGS_SPILL1 + 1 + (4 * FRAGS_PER_BUCKET)) * 8)
161 
162 /* linux only seems to ever give 128kB MAX contiguous (GFP_USER) mem bytes */
163 #define MAX_KMALLOC_SZ		(128*1024)
164 
165 #define MPT_IOCTL_DEFAULT_TIMEOUT 10	/* Default timeout value (seconds) */
166 
167 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
168 /**
169  *	mptctl_syscall_down - Down the MPT adapter syscall semaphore.
170  *	@ioc: Pointer to MPT adapter
171  *	@nonblock: boolean, non-zero if O_NONBLOCK is set
172  *
173  *	All of the ioctl commands can potentially sleep, which is illegal
174  *	with a spinlock held, thus we perform mutual exclusion here.
175  *
176  *	Returns negative errno on error, or zero for success.
177  */
178 static inline int
179 mptctl_syscall_down(MPT_ADAPTER *ioc, int nonblock)
180 {
181 	int rc = 0;
182 
183 	if (nonblock) {
184 		if (!mutex_trylock(&ioc->ioctl_cmds.mutex))
185 			rc = -EAGAIN;
186 	} else {
187 		if (mutex_lock_interruptible(&ioc->ioctl_cmds.mutex))
188 			rc = -ERESTARTSYS;
189 	}
190 	return rc;
191 }
192 
193 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
194 /*
195  *  This is the callback for any message we have posted. The message itself
196  *  will be returned to the message pool when we return from the IRQ
197  *
198  *  This runs in irq context so be short and sweet.
199  */
200 static int
201 mptctl_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *req, MPT_FRAME_HDR *reply)
202 {
203 	char	*sense_data;
204 	int	req_index;
205 	int	sz;
206 
207 	if (!req)
208 		return 0;
209 
210 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "completing mpi function "
211 	    "(0x%02X), req=%p, reply=%p\n", ioc->name,  req->u.hdr.Function,
212 	    req, reply));
213 
214 	/*
215 	 * Handling continuation of the same reply. Processing the first
216 	 * reply, and eating the other replys that come later.
217 	 */
218 	if (ioc->ioctl_cmds.msg_context != req->u.hdr.MsgContext)
219 		goto out_continuation;
220 
221 	ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
222 
223 	if (!reply)
224 		goto out;
225 
226 	ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
227 	sz = min(ioc->reply_sz, 4*reply->u.reply.MsgLength);
228 	memcpy(ioc->ioctl_cmds.reply, reply, sz);
229 
230 	if (reply->u.reply.IOCStatus || reply->u.reply.IOCLogInfo)
231 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
232 		    "iocstatus (0x%04X), loginfo (0x%08X)\n", ioc->name,
233 		    le16_to_cpu(reply->u.reply.IOCStatus),
234 		    le32_to_cpu(reply->u.reply.IOCLogInfo)));
235 
236 	if ((req->u.hdr.Function == MPI_FUNCTION_SCSI_IO_REQUEST) ||
237 		(req->u.hdr.Function ==
238 		 MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
239 
240 		if (reply->u.sreply.SCSIStatus || reply->u.sreply.SCSIState)
241 			dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
242 			"scsi_status (0x%02x), scsi_state (0x%02x), "
243 			"tag = (0x%04x), transfer_count (0x%08x)\n", ioc->name,
244 			reply->u.sreply.SCSIStatus,
245 			reply->u.sreply.SCSIState,
246 			le16_to_cpu(reply->u.sreply.TaskTag),
247 			le32_to_cpu(reply->u.sreply.TransferCount)));
248 
249 		if (reply->u.sreply.SCSIState &
250 			MPI_SCSI_STATE_AUTOSENSE_VALID) {
251 			sz = req->u.scsireq.SenseBufferLength;
252 			req_index =
253 			    le16_to_cpu(req->u.frame.hwhdr.msgctxu.fld.req_idx);
254 			sense_data = ((u8 *)ioc->sense_buf_pool +
255 			     (req_index * MPT_SENSE_BUFFER_ALLOC));
256 			memcpy(ioc->ioctl_cmds.sense, sense_data, sz);
257 			ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_SENSE_VALID;
258 		}
259 	}
260 
261  out:
262 	/* We are done, issue wake up
263 	 */
264 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_PENDING) {
265 		if (req->u.hdr.Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
266 			mpt_clear_taskmgmt_in_progress_flag(ioc);
267 			ioc->ioctl_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
268 			complete(&ioc->ioctl_cmds.done);
269 			if (ioc->bus_type == SAS)
270 				ioc->schedule_target_reset(ioc);
271 		} else {
272 			ioc->ioctl_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
273 			complete(&ioc->ioctl_cmds.done);
274 		}
275 	}
276 
277  out_continuation:
278 	if (reply && (reply->u.reply.MsgFlags &
279 	    MPI_MSGFLAGS_CONTINUATION_REPLY))
280 		return 0;
281 	return 1;
282 }
283 
284 
285 static int
286 mptctl_taskmgmt_reply(MPT_ADAPTER *ioc, MPT_FRAME_HDR *mf, MPT_FRAME_HDR *mr)
287 {
288 	if (!mf)
289 		return 0;
290 
291 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
292 		"TaskMgmt completed (mf=%p, mr=%p)\n",
293 		ioc->name, mf, mr));
294 
295 	ioc->taskmgmt_cmds.status |= MPT_MGMT_STATUS_COMMAND_GOOD;
296 
297 	if (!mr)
298 		goto out;
299 
300 	ioc->taskmgmt_cmds.status |= MPT_MGMT_STATUS_RF_VALID;
301 	memcpy(ioc->taskmgmt_cmds.reply, mr,
302 	    min(MPT_DEFAULT_FRAME_SIZE, 4 * mr->u.reply.MsgLength));
303  out:
304 	if (ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_PENDING) {
305 		mpt_clear_taskmgmt_in_progress_flag(ioc);
306 		ioc->taskmgmt_cmds.status &= ~MPT_MGMT_STATUS_PENDING;
307 		complete(&ioc->taskmgmt_cmds.done);
308 		if (ioc->bus_type == SAS)
309 			ioc->schedule_target_reset(ioc);
310 		return 1;
311 	}
312 	return 0;
313 }
314 
315 static int
316 mptctl_do_taskmgmt(MPT_ADAPTER *ioc, u8 tm_type, u8 bus_id, u8 target_id)
317 {
318 	MPT_FRAME_HDR	*mf;
319 	SCSITaskMgmt_t	*pScsiTm;
320 	SCSITaskMgmtReply_t *pScsiTmReply;
321 	int		 ii;
322 	int		 retval;
323 	unsigned long	 timeout;
324 	u16		 iocstatus;
325 
326 
327 	mutex_lock(&ioc->taskmgmt_cmds.mutex);
328 	if (mpt_set_taskmgmt_in_progress_flag(ioc) != 0) {
329 		mutex_unlock(&ioc->taskmgmt_cmds.mutex);
330 		return -EPERM;
331 	}
332 
333 	retval = 0;
334 
335 	mf = mpt_get_msg_frame(mptctl_taskmgmt_id, ioc);
336 	if (mf == NULL) {
337 		dtmprintk(ioc,
338 			printk(MYIOC_s_WARN_FMT "TaskMgmt, no msg frames!!\n",
339 			ioc->name));
340 		mpt_clear_taskmgmt_in_progress_flag(ioc);
341 		retval = -ENOMEM;
342 		goto tm_done;
343 	}
344 
345 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT "TaskMgmt request (mf=%p)\n",
346 		ioc->name, mf));
347 
348 	pScsiTm = (SCSITaskMgmt_t *) mf;
349 	memset(pScsiTm, 0, sizeof(SCSITaskMgmt_t));
350 	pScsiTm->Function = MPI_FUNCTION_SCSI_TASK_MGMT;
351 	pScsiTm->TaskType = tm_type;
352 	if ((tm_type == MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS) &&
353 		(ioc->bus_type == FC))
354 		pScsiTm->MsgFlags =
355 				MPI_SCSITASKMGMT_MSGFLAGS_LIPRESET_RESET_OPTION;
356 	pScsiTm->TargetID = target_id;
357 	pScsiTm->Bus = bus_id;
358 	pScsiTm->ChainOffset = 0;
359 	pScsiTm->Reserved = 0;
360 	pScsiTm->Reserved1 = 0;
361 	pScsiTm->TaskMsgContext = 0;
362 	for (ii= 0; ii < 8; ii++)
363 		pScsiTm->LUN[ii] = 0;
364 	for (ii=0; ii < 7; ii++)
365 		pScsiTm->Reserved2[ii] = 0;
366 
367 	switch (ioc->bus_type) {
368 	case FC:
369 		timeout = 40;
370 		break;
371 	case SAS:
372 		timeout = 30;
373 		break;
374 	case SPI:
375 		default:
376 		timeout = 10;
377 		break;
378 	}
379 
380 	dtmprintk(ioc,
381 		printk(MYIOC_s_DEBUG_FMT "TaskMgmt type=%d timeout=%ld\n",
382 		ioc->name, tm_type, timeout));
383 
384 	INITIALIZE_MGMT_STATUS(ioc->taskmgmt_cmds.status)
385 	if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
386 	    (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
387 		mpt_put_msg_frame_hi_pri(mptctl_taskmgmt_id, ioc, mf);
388 	else {
389 		retval = mpt_send_handshake_request(mptctl_taskmgmt_id, ioc,
390 		    sizeof(SCSITaskMgmt_t), (u32 *)pScsiTm, CAN_SLEEP);
391 		if (retval != 0) {
392 			dfailprintk(ioc,
393 				printk(MYIOC_s_ERR_FMT
394 				"TaskMgmt send_handshake FAILED!"
395 				" (ioc %p, mf %p, rc=%d) \n", ioc->name,
396 				ioc, mf, retval));
397 			mpt_free_msg_frame(ioc, mf);
398 			mpt_clear_taskmgmt_in_progress_flag(ioc);
399 			goto tm_done;
400 		}
401 	}
402 
403 	/* Now wait for the command to complete */
404 	ii = wait_for_completion_timeout(&ioc->taskmgmt_cmds.done, timeout*HZ);
405 
406 	if (!(ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
407 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
408 		    "TaskMgmt failed\n", ioc->name));
409 		mpt_free_msg_frame(ioc, mf);
410 		mpt_clear_taskmgmt_in_progress_flag(ioc);
411 		if (ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET)
412 			retval = 0;
413 		else
414 			retval = -1; /* return failure */
415 		goto tm_done;
416 	}
417 
418 	if (!(ioc->taskmgmt_cmds.status & MPT_MGMT_STATUS_RF_VALID)) {
419 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
420 		    "TaskMgmt failed\n", ioc->name));
421 		retval = -1; /* return failure */
422 		goto tm_done;
423 	}
424 
425 	pScsiTmReply = (SCSITaskMgmtReply_t *) ioc->taskmgmt_cmds.reply;
426 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
427 	    "TaskMgmt fw_channel = %d, fw_id = %d, task_type=0x%02X, "
428 	    "iocstatus=0x%04X\n\tloginfo=0x%08X, response_code=0x%02X, "
429 	    "term_cmnds=%d\n", ioc->name, pScsiTmReply->Bus,
430 	    pScsiTmReply->TargetID, tm_type,
431 	    le16_to_cpu(pScsiTmReply->IOCStatus),
432 	    le32_to_cpu(pScsiTmReply->IOCLogInfo),
433 	    pScsiTmReply->ResponseCode,
434 	    le32_to_cpu(pScsiTmReply->TerminationCount)));
435 
436 	iocstatus = le16_to_cpu(pScsiTmReply->IOCStatus) & MPI_IOCSTATUS_MASK;
437 
438 	if (iocstatus == MPI_IOCSTATUS_SCSI_TASK_TERMINATED ||
439 	   iocstatus == MPI_IOCSTATUS_SCSI_IOC_TERMINATED ||
440 	   iocstatus == MPI_IOCSTATUS_SUCCESS)
441 		retval = 0;
442 	else {
443 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
444 		    "TaskMgmt failed\n", ioc->name));
445 		retval = -1; /* return failure */
446 	}
447 
448  tm_done:
449 	mutex_unlock(&ioc->taskmgmt_cmds.mutex);
450 	CLEAR_MGMT_STATUS(ioc->taskmgmt_cmds.status)
451 	return retval;
452 }
453 
454 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
455 /* mptctl_timeout_expired
456  *
457  * Expecting an interrupt, however timed out.
458  *
459  */
460 static void
461 mptctl_timeout_expired(MPT_ADAPTER *ioc, MPT_FRAME_HDR *mf)
462 {
463 	unsigned long flags;
464 	int ret_val = -1;
465 	SCSIIORequest_t *scsi_req = (SCSIIORequest_t *) mf;
466 	u8 function = mf->u.hdr.Function;
467 
468 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": %s\n",
469 		ioc->name, __func__));
470 
471 	if (mpt_fwfault_debug)
472 		mpt_halt_firmware(ioc);
473 
474 	spin_lock_irqsave(&ioc->taskmgmt_lock, flags);
475 	if (ioc->ioc_reset_in_progress) {
476 		spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
477 		CLEAR_MGMT_PENDING_STATUS(ioc->ioctl_cmds.status)
478 		mpt_free_msg_frame(ioc, mf);
479 		return;
480 	}
481 	spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
482 
483 
484 	CLEAR_MGMT_PENDING_STATUS(ioc->ioctl_cmds.status)
485 
486 	if (ioc->bus_type == SAS) {
487 		if (function == MPI_FUNCTION_SCSI_IO_REQUEST)
488 			ret_val = mptctl_do_taskmgmt(ioc,
489 				MPI_SCSITASKMGMT_TASKTYPE_TARGET_RESET,
490 				scsi_req->Bus, scsi_req->TargetID);
491 		else if (function == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)
492 			ret_val = mptctl_do_taskmgmt(ioc,
493 				MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS,
494 				scsi_req->Bus, 0);
495 		if (!ret_val)
496 			return;
497 	} else {
498 		if ((function == MPI_FUNCTION_SCSI_IO_REQUEST) ||
499 			(function == MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH))
500 			ret_val = mptctl_do_taskmgmt(ioc,
501 				MPI_SCSITASKMGMT_TASKTYPE_RESET_BUS,
502 				scsi_req->Bus, 0);
503 		if (!ret_val)
504 			return;
505 	}
506 
507 	dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Calling Reset! \n",
508 		 ioc->name));
509 	mpt_Soft_Hard_ResetHandler(ioc, CAN_SLEEP);
510 	mpt_free_msg_frame(ioc, mf);
511 }
512 
513 
514 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
515 /* mptctl_ioc_reset
516  *
517  * Clean-up functionality. Used only if there has been a
518  * reload of the FW due.
519  *
520  */
521 static int
522 mptctl_ioc_reset(MPT_ADAPTER *ioc, int reset_phase)
523 {
524 	switch(reset_phase) {
525 	case MPT_IOC_SETUP_RESET:
526 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
527 		    "%s: MPT_IOC_SETUP_RESET\n", ioc->name, __func__));
528 		break;
529 	case MPT_IOC_PRE_RESET:
530 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
531 		    "%s: MPT_IOC_PRE_RESET\n", ioc->name, __func__));
532 		break;
533 	case MPT_IOC_POST_RESET:
534 		dtmprintk(ioc, printk(MYIOC_s_DEBUG_FMT
535 		    "%s: MPT_IOC_POST_RESET\n", ioc->name, __func__));
536 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_PENDING) {
537 			ioc->ioctl_cmds.status |= MPT_MGMT_STATUS_DID_IOCRESET;
538 			complete(&ioc->ioctl_cmds.done);
539 		}
540 		break;
541 	default:
542 		break;
543 	}
544 
545 	return 1;
546 }
547 
548 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
549 /* ASYNC Event Notification Support */
550 static int
551 mptctl_event_process(MPT_ADAPTER *ioc, EventNotificationReply_t *pEvReply)
552 {
553 	u8 event;
554 
555 	event = le32_to_cpu(pEvReply->Event) & 0xFF;
556 
557 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "%s() called\n",
558 	    ioc->name, __func__));
559 	if(async_queue == NULL)
560 		return 1;
561 
562 	/* Raise SIGIO for persistent events.
563 	 * TODO - this define is not in MPI spec yet,
564 	 * but they plan to set it to 0x21
565 	 */
566 	if (event == 0x21) {
567 		ioc->aen_event_read_flag=1;
568 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "Raised SIGIO to application\n",
569 		    ioc->name));
570 		devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
571 		    "Raised SIGIO to application\n", ioc->name));
572 		kill_fasync(&async_queue, SIGIO, POLL_IN);
573 		return 1;
574 	 }
575 
576 	/* This flag is set after SIGIO was raised, and
577 	 * remains set until the application has read
578 	 * the event log via ioctl=MPTEVENTREPORT
579 	 */
580 	if(ioc->aen_event_read_flag)
581 		return 1;
582 
583 	/* Signal only for the events that are
584 	 * requested for by the application
585 	 */
586 	if (ioc->events && (ioc->eventTypes & ( 1 << event))) {
587 		ioc->aen_event_read_flag=1;
588 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
589 		    "Raised SIGIO to application\n", ioc->name));
590 		devtverboseprintk(ioc, printk(MYIOC_s_DEBUG_FMT
591 		    "Raised SIGIO to application\n", ioc->name));
592 		kill_fasync(&async_queue, SIGIO, POLL_IN);
593 	}
594 	return 1;
595 }
596 
597 static int
598 mptctl_fasync(int fd, struct file *filep, int mode)
599 {
600 	MPT_ADAPTER	*ioc;
601 	int ret;
602 
603 	mutex_lock(&mpctl_mutex);
604 	list_for_each_entry(ioc, &ioc_list, list)
605 		ioc->aen_event_read_flag=0;
606 
607 	ret = fasync_helper(fd, filep, mode, &async_queue);
608 	mutex_unlock(&mpctl_mutex);
609 	return ret;
610 }
611 
612 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
613 /*
614  *  MPT ioctl handler
615  *  cmd - specify the particular IOCTL command to be issued
616  *  arg - data specific to the command. Must not be null.
617  */
618 static long
619 __mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
620 {
621 	mpt_ioctl_header __user *uhdr = (void __user *) arg;
622 	mpt_ioctl_header	 khdr;
623 	unsigned iocnumX;
624 	int nonblock = (file->f_flags & O_NONBLOCK);
625 	int ret;
626 	MPT_ADAPTER *iocp = NULL;
627 
628 	if (copy_from_user(&khdr, uhdr, sizeof(khdr))) {
629 		printk(KERN_ERR MYNAM "%s::mptctl_ioctl() @%d - "
630 				"Unable to copy mpt_ioctl_header data @ %p\n",
631 				__FILE__, __LINE__, uhdr);
632 		return -EFAULT;
633 	}
634 	ret = -ENXIO;				/* (-6) No such device or address */
635 
636 	/* Verify intended MPT adapter - set iocnumX and the adapter
637 	 * pointer (iocp)
638 	 */
639 	iocnumX = khdr.iocnum & 0xFF;
640 	if ((mpt_verify_adapter(iocnumX, &iocp) < 0) || (iocp == NULL))
641 		return -ENODEV;
642 
643 	if (!iocp->active) {
644 		printk(KERN_DEBUG MYNAM "%s::mptctl_ioctl() @%d - Controller disabled.\n",
645 				__FILE__, __LINE__);
646 		return -EFAULT;
647 	}
648 
649 	/* Handle those commands that are just returning
650 	 * information stored in the driver.
651 	 * These commands should never time out and are unaffected
652 	 * by TM and FW reloads.
653 	 */
654 	if ((cmd & ~IOCSIZE_MASK) == (MPTIOCINFO & ~IOCSIZE_MASK)) {
655 		return mptctl_getiocinfo(iocp, arg, _IOC_SIZE(cmd));
656 	} else if (cmd == MPTTARGETINFO) {
657 		return mptctl_gettargetinfo(iocp, arg);
658 	} else if (cmd == MPTTEST) {
659 		return mptctl_readtest(iocp, arg);
660 	} else if (cmd == MPTEVENTQUERY) {
661 		return mptctl_eventquery(iocp, arg);
662 	} else if (cmd == MPTEVENTENABLE) {
663 		return mptctl_eventenable(iocp, arg);
664 	} else if (cmd == MPTEVENTREPORT) {
665 		return mptctl_eventreport(iocp, arg);
666 	} else if (cmd == MPTFWREPLACE) {
667 		return mptctl_replace_fw(iocp, arg);
668 	}
669 
670 	/* All of these commands require an interrupt or
671 	 * are unknown/illegal.
672 	 */
673 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
674 		return ret;
675 
676 	if (cmd == MPTFWDOWNLOAD)
677 		ret = mptctl_fw_download(iocp, arg);
678 	else if (cmd == MPTCOMMAND)
679 		ret = mptctl_mpt_command(iocp, arg);
680 	else if (cmd == MPTHARDRESET)
681 		ret = mptctl_do_reset(iocp, arg);
682 	else if ((cmd & ~IOCSIZE_MASK) == (HP_GETHOSTINFO & ~IOCSIZE_MASK))
683 		ret = mptctl_hp_hostinfo(iocp, arg, _IOC_SIZE(cmd));
684 	else if (cmd == HP_GETTARGETINFO)
685 		ret = mptctl_hp_targetinfo(iocp, arg);
686 	else
687 		ret = -EINVAL;
688 
689 	mutex_unlock(&iocp->ioctl_cmds.mutex);
690 
691 	return ret;
692 }
693 
694 static long
695 mptctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
696 {
697 	long ret;
698 	mutex_lock(&mpctl_mutex);
699 	ret = __mptctl_ioctl(file, cmd, arg);
700 	mutex_unlock(&mpctl_mutex);
701 	return ret;
702 }
703 
704 static int mptctl_do_reset(MPT_ADAPTER *iocp, unsigned long arg)
705 {
706 	struct mpt_ioctl_diag_reset __user *urinfo = (void __user *) arg;
707 	struct mpt_ioctl_diag_reset krinfo;
708 
709 	if (copy_from_user(&krinfo, urinfo, sizeof(struct mpt_ioctl_diag_reset))) {
710 		printk(KERN_ERR MYNAM "%s@%d::mptctl_do_reset - "
711 				"Unable to copy mpt_ioctl_diag_reset struct @ %p\n",
712 				__FILE__, __LINE__, urinfo);
713 		return -EFAULT;
714 	}
715 
716 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "mptctl_do_reset called.\n",
717 	    iocp->name));
718 
719 	if (mpt_HardResetHandler(iocp, CAN_SLEEP) != 0) {
720 		printk (MYIOC_s_ERR_FMT "%s@%d::mptctl_do_reset - reset failed.\n",
721 			iocp->name, __FILE__, __LINE__);
722 		return -1;
723 	}
724 
725 	return 0;
726 }
727 
728 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
729 /*
730  * MPT FW download function.  Cast the arg into the mpt_fw_xfer structure.
731  * This structure contains: iocnum, firmware length (bytes),
732  *      pointer to user space memory where the fw image is stored.
733  *
734  * Outputs:	None.
735  * Return:	0 if successful
736  *		-EFAULT if data unavailable
737  *		-ENXIO  if no such device
738  *		-EAGAIN if resource problem
739  *		-ENOMEM if no memory for SGE
740  *		-EMLINK if too many chain buffers required
741  *		-EBADRQC if adapter does not support FW download
742  *		-EBUSY if adapter is busy
743  *		-ENOMSG if FW upload returned bad status
744  */
745 static int
746 mptctl_fw_download(MPT_ADAPTER *iocp, unsigned long arg)
747 {
748 	struct mpt_fw_xfer __user *ufwdl = (void __user *) arg;
749 	struct mpt_fw_xfer	 kfwdl;
750 
751 	if (copy_from_user(&kfwdl, ufwdl, sizeof(struct mpt_fw_xfer))) {
752 		printk(KERN_ERR MYNAM "%s@%d::_ioctl_fwdl - "
753 				"Unable to copy mpt_fw_xfer struct @ %p\n",
754 				__FILE__, __LINE__, ufwdl);
755 		return -EFAULT;
756 	}
757 
758 	return mptctl_do_fw_download(iocp, kfwdl.bufp, kfwdl.fwlen);
759 }
760 
761 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
762 /*
763  * FW Download engine.
764  * Outputs:	None.
765  * Return:	0 if successful
766  *		-EFAULT if data unavailable
767  *		-ENXIO  if no such device
768  *		-EAGAIN if resource problem
769  *		-ENOMEM if no memory for SGE
770  *		-EMLINK if too many chain buffers required
771  *		-EBADRQC if adapter does not support FW download
772  *		-EBUSY if adapter is busy
773  *		-ENOMSG if FW upload returned bad status
774  */
775 static int
776 mptctl_do_fw_download(MPT_ADAPTER *iocp, char __user *ufwbuf, size_t fwlen)
777 {
778 	FWDownload_t		*dlmsg;
779 	MPT_FRAME_HDR		*mf;
780 	FWDownloadTCSGE_t	*ptsge;
781 	MptSge_t		*sgl, *sgIn;
782 	char			*sgOut;
783 	struct buflist		*buflist;
784 	struct buflist		*bl;
785 	dma_addr_t		 sgl_dma;
786 	int			 ret;
787 	int			 numfrags = 0;
788 	int			 maxfrags;
789 	int			 n = 0;
790 	u32			 sgdir;
791 	u32			 nib;
792 	int			 fw_bytes_copied = 0;
793 	int			 i;
794 	int			 sge_offset = 0;
795 	u16			 iocstat;
796 	pFWDownloadReply_t	 ReplyMsg = NULL;
797 	unsigned long		 timeleft;
798 
799 	/*  Valid device. Get a message frame and construct the FW download message.
800 	*/
801 	if ((mf = mpt_get_msg_frame(mptctl_id, iocp)) == NULL)
802 		return -EAGAIN;
803 
804 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT
805 	    "mptctl_do_fwdl called. mptctl_id = %xh.\n", iocp->name, mptctl_id));
806 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.bufp  = %p\n",
807 	    iocp->name, ufwbuf));
808 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: kfwdl.fwlen = %d\n",
809 	    iocp->name, (int)fwlen));
810 
811 	dlmsg = (FWDownload_t*) mf;
812 	ptsge = (FWDownloadTCSGE_t *) &dlmsg->SGL;
813 	sgOut = (char *) (ptsge + 1);
814 
815 	/*
816 	 * Construct f/w download request
817 	 */
818 	dlmsg->ImageType = MPI_FW_DOWNLOAD_ITYPE_FW;
819 	dlmsg->Reserved = 0;
820 	dlmsg->ChainOffset = 0;
821 	dlmsg->Function = MPI_FUNCTION_FW_DOWNLOAD;
822 	dlmsg->Reserved1[0] = dlmsg->Reserved1[1] = dlmsg->Reserved1[2] = 0;
823 	if (iocp->facts.MsgVersion >= MPI_VERSION_01_05)
824 		dlmsg->MsgFlags = MPI_FW_DOWNLOAD_MSGFLGS_LAST_SEGMENT;
825 	else
826 		dlmsg->MsgFlags = 0;
827 
828 
829 	/* Set up the Transaction SGE.
830 	 */
831 	ptsge->Reserved = 0;
832 	ptsge->ContextSize = 0;
833 	ptsge->DetailsLength = 12;
834 	ptsge->Flags = MPI_SGE_FLAGS_TRANSACTION_ELEMENT;
835 	ptsge->Reserved_0100_Checksum = 0;
836 	ptsge->ImageOffset = 0;
837 	ptsge->ImageSize = cpu_to_le32(fwlen);
838 
839 	/* Add the SGL
840 	 */
841 
842 	/*
843 	 * Need to kmalloc area(s) for holding firmware image bytes.
844 	 * But we need to do it piece meal, using a proper
845 	 * scatter gather list (with 128kB MAX hunks).
846 	 *
847 	 * A practical limit here might be # of sg hunks that fit into
848 	 * a single IOC request frame; 12 or 8 (see below), so:
849 	 * For FC9xx: 12 x 128kB == 1.5 mB (max)
850 	 * For C1030:  8 x 128kB == 1   mB (max)
851 	 * We could support chaining, but things get ugly(ier:)
852 	 *
853 	 * Set the sge_offset to the start of the sgl (bytes).
854 	 */
855 	sgdir = 0x04000000;		/* IOC will READ from sys mem */
856 	sge_offset = sizeof(MPIHeader_t) + sizeof(FWDownloadTCSGE_t);
857 	if ((sgl = kbuf_alloc_2_sgl(fwlen, sgdir, sge_offset,
858 				    &numfrags, &buflist, &sgl_dma, iocp)) == NULL)
859 		return -ENOMEM;
860 
861 	/*
862 	 * We should only need SGL with 2 simple_32bit entries (up to 256 kB)
863 	 * for FC9xx f/w image, but calculate max number of sge hunks
864 	 * we can fit into a request frame, and limit ourselves to that.
865 	 * (currently no chain support)
866 	 * maxfrags = (Request Size - FWdownload Size ) / Size of 32 bit SGE
867 	 *	Request		maxfrags
868 	 *	128		12
869 	 *	96		8
870 	 *	64		4
871 	 */
872 	maxfrags = (iocp->req_sz - sizeof(MPIHeader_t) -
873 			sizeof(FWDownloadTCSGE_t))
874 			/ iocp->SGE_size;
875 	if (numfrags > maxfrags) {
876 		ret = -EMLINK;
877 		goto fwdl_out;
878 	}
879 
880 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "DbG: sgl buffer = %p, sgfrags = %d\n",
881 	    iocp->name, sgl, numfrags));
882 
883 	/*
884 	 * Parse SG list, copying sgl itself,
885 	 * plus f/w image hunks from user space as we go...
886 	 */
887 	ret = -EFAULT;
888 	sgIn = sgl;
889 	bl = buflist;
890 	for (i=0; i < numfrags; i++) {
891 
892 		/* Get the SGE type: 0 - TCSGE, 3 - Chain, 1 - Simple SGE
893 		 * Skip everything but Simple. If simple, copy from
894 		 *	user space into kernel space.
895 		 * Note: we should not have anything but Simple as
896 		 *	Chain SGE are illegal.
897 		 */
898 		nib = (sgIn->FlagsLength & 0x30000000) >> 28;
899 		if (nib == 0 || nib == 3) {
900 			;
901 		} else if (sgIn->Address) {
902 			iocp->add_sge(sgOut, sgIn->FlagsLength, sgIn->Address);
903 			n++;
904 			if (copy_from_user(bl->kptr, ufwbuf+fw_bytes_copied, bl->len)) {
905 				printk(MYIOC_s_ERR_FMT "%s@%d::_ioctl_fwdl - "
906 					"Unable to copy f/w buffer hunk#%d @ %p\n",
907 					iocp->name, __FILE__, __LINE__, n, ufwbuf);
908 				goto fwdl_out;
909 			}
910 			fw_bytes_copied += bl->len;
911 		}
912 		sgIn++;
913 		bl++;
914 		sgOut += iocp->SGE_size;
915 	}
916 
917 	DBG_DUMP_FW_DOWNLOAD(iocp, (u32 *)mf, numfrags);
918 
919 	/*
920 	 * Finally, perform firmware download.
921 	 */
922 	ReplyMsg = NULL;
923 	SET_MGMT_MSG_CONTEXT(iocp->ioctl_cmds.msg_context, dlmsg->MsgContext);
924 	INITIALIZE_MGMT_STATUS(iocp->ioctl_cmds.status)
925 	mpt_put_msg_frame(mptctl_id, iocp, mf);
926 
927 	/* Now wait for the command to complete */
928 retry_wait:
929 	timeleft = wait_for_completion_timeout(&iocp->ioctl_cmds.done, HZ*60);
930 	if (!(iocp->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
931 		ret = -ETIME;
932 		printk(MYIOC_s_WARN_FMT "%s: failed\n", iocp->name, __func__);
933 		if (iocp->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
934 			mpt_free_msg_frame(iocp, mf);
935 			goto fwdl_out;
936 		}
937 		if (!timeleft) {
938 			printk(MYIOC_s_WARN_FMT
939 			       "FW download timeout, doorbell=0x%08x\n",
940 			       iocp->name, mpt_GetIocState(iocp, 0));
941 			mptctl_timeout_expired(iocp, mf);
942 		} else
943 			goto retry_wait;
944 		goto fwdl_out;
945 	}
946 
947 	if (!(iocp->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID)) {
948 		printk(MYIOC_s_WARN_FMT "%s: failed\n", iocp->name, __func__);
949 		mpt_free_msg_frame(iocp, mf);
950 		ret = -ENODATA;
951 		goto fwdl_out;
952 	}
953 
954 	if (sgl)
955 		kfree_sgl(sgl, sgl_dma, buflist, iocp);
956 
957 	ReplyMsg = (pFWDownloadReply_t)iocp->ioctl_cmds.reply;
958 	iocstat = le16_to_cpu(ReplyMsg->IOCStatus) & MPI_IOCSTATUS_MASK;
959 	if (iocstat == MPI_IOCSTATUS_SUCCESS) {
960 		printk(MYIOC_s_INFO_FMT "F/W update successful!\n", iocp->name);
961 		return 0;
962 	} else if (iocstat == MPI_IOCSTATUS_INVALID_FUNCTION) {
963 		printk(MYIOC_s_WARN_FMT "Hmmm...  F/W download not supported!?!\n",
964 			iocp->name);
965 		printk(MYIOC_s_WARN_FMT "(time to go bang on somebodies door)\n",
966 			iocp->name);
967 		return -EBADRQC;
968 	} else if (iocstat == MPI_IOCSTATUS_BUSY) {
969 		printk(MYIOC_s_WARN_FMT "IOC_BUSY!\n", iocp->name);
970 		printk(MYIOC_s_WARN_FMT "(try again later?)\n", iocp->name);
971 		return -EBUSY;
972 	} else {
973 		printk(MYIOC_s_WARN_FMT "ioctl_fwdl() returned [bad] status = %04xh\n",
974 			iocp->name, iocstat);
975 		printk(MYIOC_s_WARN_FMT "(bad VooDoo)\n", iocp->name);
976 		return -ENOMSG;
977 	}
978 	return 0;
979 
980 fwdl_out:
981 
982 	CLEAR_MGMT_STATUS(iocp->ioctl_cmds.status);
983 	SET_MGMT_MSG_CONTEXT(iocp->ioctl_cmds.msg_context, 0);
984         kfree_sgl(sgl, sgl_dma, buflist, iocp);
985 	return ret;
986 }
987 
988 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
989 /*
990  * SGE Allocation routine
991  *
992  * Inputs:	bytes - number of bytes to be transferred
993  *		sgdir - data direction
994  *		sge_offset - offset (in bytes) from the start of the request
995  *			frame to the first SGE
996  *		ioc - pointer to the mptadapter
997  * Outputs:	frags - number of scatter gather elements
998  *		blp - point to the buflist pointer
999  *		sglbuf_dma - pointer to the (dma) sgl
1000  * Returns:	Null if failes
1001  *		pointer to the (virtual) sgl if successful.
1002  */
1003 static MptSge_t *
1004 kbuf_alloc_2_sgl(int bytes, u32 sgdir, int sge_offset, int *frags,
1005 		 struct buflist **blp, dma_addr_t *sglbuf_dma, MPT_ADAPTER *ioc)
1006 {
1007 	MptSge_t	*sglbuf = NULL;		/* pointer to array of SGE */
1008 						/* and chain buffers */
1009 	struct buflist	*buflist = NULL;	/* kernel routine */
1010 	MptSge_t	*sgl;
1011 	int		 numfrags = 0;
1012 	int		 fragcnt = 0;
1013 	int		 alloc_sz = min(bytes,MAX_KMALLOC_SZ);	// avoid kernel warning msg!
1014 	int		 bytes_allocd = 0;
1015 	int		 this_alloc;
1016 	dma_addr_t	 pa;					// phys addr
1017 	int		 i, buflist_ent;
1018 	int		 sg_spill = MAX_FRAGS_SPILL1;
1019 	int		 dir;
1020 
1021 	if (bytes < 0)
1022 		return NULL;
1023 
1024 	/* initialization */
1025 	*frags = 0;
1026 	*blp = NULL;
1027 
1028 	/* Allocate and initialize an array of kernel
1029 	 * structures for the SG elements.
1030 	 */
1031 	i = MAX_SGL_BYTES / 8;
1032 	buflist = kzalloc(i, GFP_USER);
1033 	if (!buflist)
1034 		return NULL;
1035 	buflist_ent = 0;
1036 
1037 	/* Allocate a single block of memory to store the sg elements and
1038 	 * the chain buffers.  The calling routine is responsible for
1039 	 * copying the data in this array into the correct place in the
1040 	 * request and chain buffers.
1041 	 */
1042 	sglbuf = dma_alloc_coherent(&ioc->pcidev->dev, MAX_SGL_BYTES,
1043 				    sglbuf_dma, GFP_KERNEL);
1044 	if (sglbuf == NULL)
1045 		goto free_and_fail;
1046 
1047 	if (sgdir & 0x04000000)
1048 		dir = DMA_TO_DEVICE;
1049 	else
1050 		dir = DMA_FROM_DEVICE;
1051 
1052 	/* At start:
1053 	 *	sgl = sglbuf = point to beginning of sg buffer
1054 	 *	buflist_ent = 0 = first kernel structure
1055 	 *	sg_spill = number of SGE that can be written before the first
1056 	 *		chain element.
1057 	 *
1058 	 */
1059 	sgl = sglbuf;
1060 	sg_spill = ((ioc->req_sz - sge_offset)/ioc->SGE_size) - 1;
1061 	while (bytes_allocd < bytes) {
1062 		this_alloc = min(alloc_sz, bytes-bytes_allocd);
1063 		buflist[buflist_ent].len = this_alloc;
1064 		buflist[buflist_ent].kptr = dma_alloc_coherent(&ioc->pcidev->dev,
1065 							       this_alloc,
1066 							       &pa, GFP_KERNEL);
1067 		if (buflist[buflist_ent].kptr == NULL) {
1068 			alloc_sz = alloc_sz / 2;
1069 			if (alloc_sz == 0) {
1070 				printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1071 				    "not enough memory!   :-(\n", ioc->name);
1072 				printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1073 					ioc->name, numfrags);
1074 				goto free_and_fail;
1075 			}
1076 			continue;
1077 		} else {
1078 			dma_addr_t dma_addr;
1079 
1080 			bytes_allocd += this_alloc;
1081 			sgl->FlagsLength = (0x10000000|sgdir|this_alloc);
1082 			dma_addr = dma_map_single(&ioc->pcidev->dev,
1083 						  buflist[buflist_ent].kptr,
1084 						  this_alloc, dir);
1085 			sgl->Address = dma_addr;
1086 
1087 			fragcnt++;
1088 			numfrags++;
1089 			sgl++;
1090 			buflist_ent++;
1091 		}
1092 
1093 		if (bytes_allocd >= bytes)
1094 			break;
1095 
1096 		/* Need to chain? */
1097 		if (fragcnt == sg_spill) {
1098 			printk(MYIOC_s_WARN_FMT
1099 			    "-SG: No can do - " "Chain required!   :-(\n", ioc->name);
1100 			printk(MYIOC_s_WARN_FMT "(freeing %d frags)\n", ioc->name, numfrags);
1101 			goto free_and_fail;
1102 		}
1103 
1104 		/* overflow check... */
1105 		if (numfrags*8 > MAX_SGL_BYTES){
1106 			/* GRRRRR... */
1107 			printk(MYIOC_s_WARN_FMT "-SG: No can do - "
1108 				"too many SG frags!   :-(\n", ioc->name);
1109 			printk(MYIOC_s_WARN_FMT "-SG: (freeing %d frags)\n",
1110 				ioc->name, numfrags);
1111 			goto free_and_fail;
1112 		}
1113 	}
1114 
1115 	/* Last sge fixup: set LE+eol+eob bits */
1116 	sgl[-1].FlagsLength |= 0xC1000000;
1117 
1118 	*frags = numfrags;
1119 	*blp = buflist;
1120 
1121 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1122 	   "%d SG frags generated!\n", ioc->name, numfrags));
1123 
1124 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: kbuf_alloc_2_sgl() - "
1125 	   "last (big) alloc_sz=%d\n", ioc->name, alloc_sz));
1126 
1127 	return sglbuf;
1128 
1129 free_and_fail:
1130 	if (sglbuf != NULL) {
1131 		for (i = 0; i < numfrags; i++) {
1132 			dma_addr_t dma_addr;
1133 			u8 *kptr;
1134 			int len;
1135 
1136 			if ((sglbuf[i].FlagsLength >> 24) == 0x30)
1137 				continue;
1138 
1139 			dma_addr = sglbuf[i].Address;
1140 			kptr = buflist[i].kptr;
1141 			len = buflist[i].len;
1142 
1143 			dma_free_coherent(&ioc->pcidev->dev, len, kptr,
1144 					  dma_addr);
1145 		}
1146 		dma_free_coherent(&ioc->pcidev->dev, MAX_SGL_BYTES, sglbuf,
1147 				  *sglbuf_dma);
1148 	}
1149 	kfree(buflist);
1150 	return NULL;
1151 }
1152 
1153 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1154 /*
1155  * Routine to free the SGL elements.
1156  */
1157 static void
1158 kfree_sgl(MptSge_t *sgl, dma_addr_t sgl_dma, struct buflist *buflist, MPT_ADAPTER *ioc)
1159 {
1160 	MptSge_t	*sg = sgl;
1161 	struct buflist	*bl = buflist;
1162 	u32		 nib;
1163 	int		 dir;
1164 	int		 n = 0;
1165 
1166 	if (sg->FlagsLength & 0x04000000)
1167 		dir = DMA_TO_DEVICE;
1168 	else
1169 		dir = DMA_FROM_DEVICE;
1170 
1171 	nib = (sg->FlagsLength & 0xF0000000) >> 28;
1172 	while (! (nib & 0x4)) { /* eob */
1173 		/* skip ignore/chain. */
1174 		if (nib == 0 || nib == 3) {
1175 			;
1176 		} else if (sg->Address) {
1177 			dma_addr_t dma_addr;
1178 			void *kptr;
1179 			int len;
1180 
1181 			dma_addr = sg->Address;
1182 			kptr = bl->kptr;
1183 			len = bl->len;
1184 			dma_unmap_single(&ioc->pcidev->dev, dma_addr, len,
1185 					 dir);
1186 			dma_free_coherent(&ioc->pcidev->dev, len, kptr,
1187 					  dma_addr);
1188 			n++;
1189 		}
1190 		sg++;
1191 		bl++;
1192 		nib = (le32_to_cpu(sg->FlagsLength) & 0xF0000000) >> 28;
1193 	}
1194 
1195 	/* we're at eob! */
1196 	if (sg->Address) {
1197 		dma_addr_t dma_addr;
1198 		void *kptr;
1199 		int len;
1200 
1201 		dma_addr = sg->Address;
1202 		kptr = bl->kptr;
1203 		len = bl->len;
1204 		dma_unmap_single(&ioc->pcidev->dev, dma_addr, len, dir);
1205 		dma_free_coherent(&ioc->pcidev->dev, len, kptr, dma_addr);
1206 		n++;
1207 	}
1208 
1209 	dma_free_coherent(&ioc->pcidev->dev, MAX_SGL_BYTES, sgl, sgl_dma);
1210 	kfree(buflist);
1211 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "-SG: Free'd 1 SGL buf + %d kbufs!\n",
1212 	    ioc->name, n));
1213 }
1214 
1215 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1216 /*
1217  *	mptctl_getiocinfo - Query the host adapter for IOC information.
1218  *	@arg: User space argument
1219  *
1220  * Outputs:	None.
1221  * Return:	0 if successful
1222  *		-EFAULT if data unavailable
1223  *		-ENODEV  if no such device/adapter
1224  */
1225 static int
1226 mptctl_getiocinfo (MPT_ADAPTER *ioc, unsigned long arg, unsigned int data_size)
1227 {
1228 	struct mpt_ioctl_iocinfo __user *uarg = (void __user *) arg;
1229 	struct mpt_ioctl_iocinfo *karg;
1230 	struct pci_dev		*pdev;
1231 	unsigned int		port;
1232 	int			cim_rev;
1233 	struct scsi_device 	*sdev;
1234 	VirtDevice		*vdevice;
1235 
1236 	/* Add of PCI INFO results in unaligned access for
1237 	 * IA64 and Sparc. Reset long to int. Return no PCI
1238 	 * data for obsolete format.
1239 	 */
1240 	if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev0))
1241 		cim_rev = 0;
1242 	else if (data_size == sizeof(struct mpt_ioctl_iocinfo_rev1))
1243 		cim_rev = 1;
1244 	else if (data_size == sizeof(struct mpt_ioctl_iocinfo))
1245 		cim_rev = 2;
1246 	else if (data_size == (sizeof(struct mpt_ioctl_iocinfo_rev0)+12))
1247 		cim_rev = 0;	/* obsolete */
1248 	else
1249 		return -EFAULT;
1250 
1251 	karg = memdup_user(uarg, data_size);
1252 	if (IS_ERR(karg)) {
1253 		printk(KERN_ERR MYNAM "%s@%d::mpt_ioctl_iocinfo() - memdup_user returned error [%ld]\n",
1254 				__FILE__, __LINE__, PTR_ERR(karg));
1255 		return PTR_ERR(karg);
1256 	}
1257 
1258 	/* Verify the data transfer size is correct. */
1259 	if (karg->hdr.maxDataSize != data_size) {
1260 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1261 			"Structure size mismatch. Command not completed.\n",
1262 			ioc->name, __FILE__, __LINE__);
1263 		kfree(karg);
1264 		return -EFAULT;
1265 	}
1266 
1267 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_getiocinfo called.\n",
1268 	    ioc->name));
1269 
1270 	/* Fill in the data and return the structure to the calling
1271 	 * program
1272 	 */
1273 	if (ioc->bus_type == SAS)
1274 		karg->adapterType = MPT_IOCTL_INTERFACE_SAS;
1275 	else if (ioc->bus_type == FC)
1276 		karg->adapterType = MPT_IOCTL_INTERFACE_FC;
1277 	else
1278 		karg->adapterType = MPT_IOCTL_INTERFACE_SCSI;
1279 
1280 	if (karg->hdr.port > 1) {
1281 		kfree(karg);
1282 		return -EINVAL;
1283 	}
1284 	port = karg->hdr.port;
1285 
1286 	karg->port = port;
1287 	pdev = (struct pci_dev *) ioc->pcidev;
1288 
1289 	karg->pciId = pdev->device;
1290 	karg->hwRev = pdev->revision;
1291 	karg->subSystemDevice = pdev->subsystem_device;
1292 	karg->subSystemVendor = pdev->subsystem_vendor;
1293 
1294 	if (cim_rev == 1) {
1295 		/* Get the PCI bus, device, and function numbers for the IOC
1296 		 */
1297 		karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1298 		karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1299 		karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1300 	} else if (cim_rev == 2) {
1301 		/* Get the PCI bus, device, function and segment ID numbers
1302 		   for the IOC */
1303 		karg->pciInfo.u.bits.busNumber = pdev->bus->number;
1304 		karg->pciInfo.u.bits.deviceNumber = PCI_SLOT( pdev->devfn );
1305 		karg->pciInfo.u.bits.functionNumber = PCI_FUNC( pdev->devfn );
1306 		karg->pciInfo.segmentID = pci_domain_nr(pdev->bus);
1307 	}
1308 
1309 	/* Get number of devices
1310          */
1311 	karg->numDevices = 0;
1312 	if (ioc->sh) {
1313 		shost_for_each_device(sdev, ioc->sh) {
1314 			vdevice = sdev->hostdata;
1315 			if (vdevice == NULL || vdevice->vtarget == NULL)
1316 				continue;
1317 			if (vdevice->vtarget->tflags &
1318 			    MPT_TARGET_FLAGS_RAID_COMPONENT)
1319 				continue;
1320 			karg->numDevices++;
1321 		}
1322 	}
1323 
1324 	/* Set the BIOS and FW Version
1325 	 */
1326 	karg->FWVersion = ioc->facts.FWVersion.Word;
1327 	karg->BIOSVersion = ioc->biosVersion;
1328 
1329 	/* Set the Version Strings.
1330 	 */
1331 	strscpy_pad(karg->driverVersion, MPT_LINUX_PACKAGE_NAME,
1332 		    sizeof(karg->driverVersion));
1333 
1334 	karg->busChangeEvent = 0;
1335 	karg->hostId = ioc->pfacts[port].PortSCSIID;
1336 	karg->rsvd[0] = karg->rsvd[1] = 0;
1337 
1338 	/* Copy the data from kernel memory to user memory
1339 	 */
1340 	if (copy_to_user((char __user *)arg, karg, data_size)) {
1341 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_getiocinfo - "
1342 			"Unable to write out mpt_ioctl_iocinfo struct @ %p\n",
1343 			ioc->name, __FILE__, __LINE__, uarg);
1344 		kfree(karg);
1345 		return -EFAULT;
1346 	}
1347 
1348 	kfree(karg);
1349 	return 0;
1350 }
1351 
1352 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1353 /*
1354  *	mptctl_gettargetinfo - Query the host adapter for target information.
1355  *	@arg: User space argument
1356  *
1357  * Outputs:	None.
1358  * Return:	0 if successful
1359  *		-EFAULT if data unavailable
1360  *		-ENODEV  if no such device/adapter
1361  */
1362 static int
1363 mptctl_gettargetinfo (MPT_ADAPTER *ioc, unsigned long arg)
1364 {
1365 	struct mpt_ioctl_targetinfo __user *uarg = (void __user *) arg;
1366 	struct mpt_ioctl_targetinfo karg;
1367 	VirtDevice		*vdevice;
1368 	char			*pmem;
1369 	int			*pdata;
1370 	int			numDevices = 0;
1371 	int			lun;
1372 	int			maxWordsLeft;
1373 	int			numBytes;
1374 	struct scsi_device 	*sdev;
1375 
1376 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_targetinfo))) {
1377 		printk(KERN_ERR MYNAM "%s@%d::mptctl_gettargetinfo - "
1378 			"Unable to read in mpt_ioctl_targetinfo struct @ %p\n",
1379 				__FILE__, __LINE__, uarg);
1380 		return -EFAULT;
1381 	}
1382 
1383 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_gettargetinfo called.\n",
1384 	    ioc->name));
1385 	numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1386 	maxWordsLeft = numBytes/sizeof(int);
1387 
1388 	if (maxWordsLeft <= 0) {
1389 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1390 			ioc->name, __FILE__, __LINE__);
1391 		return -ENOMEM;
1392 	}
1393 
1394 	/* Fill in the data and return the structure to the calling
1395 	 * program
1396 	 */
1397 
1398 	/* struct mpt_ioctl_targetinfo does not contain sufficient space
1399 	 * for the target structures so when the IOCTL is called, there is
1400 	 * not sufficient stack space for the structure. Allocate memory,
1401 	 * populate the memory, copy back to the user, then free memory.
1402 	 * targetInfo format:
1403 	 * bits 31-24: reserved
1404 	 *      23-16: LUN
1405 	 *      15- 8: Bus Number
1406 	 *       7- 0: Target ID
1407 	 */
1408 	pmem = kzalloc(numBytes, GFP_KERNEL);
1409 	if (!pmem) {
1410 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo() - no memory available!\n",
1411 			ioc->name, __FILE__, __LINE__);
1412 		return -ENOMEM;
1413 	}
1414 	pdata =  (int *) pmem;
1415 
1416 	/* Get number of devices
1417          */
1418 	if (ioc->sh){
1419 		shost_for_each_device(sdev, ioc->sh) {
1420 			if (!maxWordsLeft)
1421 				continue;
1422 			vdevice = sdev->hostdata;
1423 			if (vdevice == NULL || vdevice->vtarget == NULL)
1424 				continue;
1425 			if (vdevice->vtarget->tflags &
1426 			    MPT_TARGET_FLAGS_RAID_COMPONENT)
1427 				continue;
1428 			lun = (vdevice->vtarget->raidVolume) ? 0x80 : vdevice->lun;
1429 			*pdata = (((u8)lun << 16) + (vdevice->vtarget->channel << 8) +
1430 			    (vdevice->vtarget->id ));
1431 			pdata++;
1432 			numDevices++;
1433 			--maxWordsLeft;
1434 		}
1435 	}
1436 	karg.numDevices = numDevices;
1437 
1438 	/* Copy part of the data from kernel memory to user memory
1439 	 */
1440 	if (copy_to_user((char __user *)arg, &karg,
1441 				sizeof(struct mpt_ioctl_targetinfo))) {
1442 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1443 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1444 			ioc->name, __FILE__, __LINE__, uarg);
1445 		kfree(pmem);
1446 		return -EFAULT;
1447 	}
1448 
1449 	/* Copy the remaining data from kernel memory to user memory
1450 	 */
1451 	if (copy_to_user(uarg->targetInfo, pmem, numBytes)) {
1452 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_gettargetinfo - "
1453 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
1454 			ioc->name, __FILE__, __LINE__, pdata);
1455 		kfree(pmem);
1456 		return -EFAULT;
1457 	}
1458 
1459 	kfree(pmem);
1460 
1461 	return 0;
1462 }
1463 
1464 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1465 /* MPT IOCTL Test function.
1466  *
1467  * Outputs:	None.
1468  * Return:	0 if successful
1469  *		-EFAULT if data unavailable
1470  *		-ENODEV  if no such device/adapter
1471  */
1472 static int
1473 mptctl_readtest (MPT_ADAPTER *ioc, unsigned long arg)
1474 {
1475 	struct mpt_ioctl_test __user *uarg = (void __user *) arg;
1476 	struct mpt_ioctl_test	 karg;
1477 
1478 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_test))) {
1479 		printk(KERN_ERR MYNAM "%s@%d::mptctl_readtest - "
1480 			"Unable to read in mpt_ioctl_test struct @ %p\n",
1481 				__FILE__, __LINE__, uarg);
1482 		return -EFAULT;
1483 	}
1484 
1485 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_readtest called.\n",
1486 	    ioc->name));
1487 	/* Fill in the data and return the structure to the calling
1488 	 * program
1489 	 */
1490 
1491 #ifdef MFCNT
1492 	karg.chip_type = ioc->mfcnt;
1493 #else
1494 	karg.chip_type = ioc->pcidev->device;
1495 #endif
1496 	strscpy_pad(karg.name, ioc->name, sizeof(karg.name));
1497 	strscpy_pad(karg.product, ioc->prod_name, sizeof(karg.product));
1498 
1499 	/* Copy the data from kernel memory to user memory
1500 	 */
1501 	if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_test))) {
1502 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_readtest - "
1503 			"Unable to write out mpt_ioctl_test struct @ %p\n",
1504 			ioc->name, __FILE__, __LINE__, uarg);
1505 		return -EFAULT;
1506 	}
1507 
1508 	return 0;
1509 }
1510 
1511 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1512 /*
1513  *	mptctl_eventquery - Query the host adapter for the event types
1514  *	that are being logged.
1515  *	@arg: User space argument
1516  *
1517  * Outputs:	None.
1518  * Return:	0 if successful
1519  *		-EFAULT if data unavailable
1520  *		-ENODEV  if no such device/adapter
1521  */
1522 static int
1523 mptctl_eventquery (MPT_ADAPTER *ioc, unsigned long arg)
1524 {
1525 	struct mpt_ioctl_eventquery __user *uarg = (void __user *) arg;
1526 	struct mpt_ioctl_eventquery	 karg;
1527 
1528 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventquery))) {
1529 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventquery - "
1530 			"Unable to read in mpt_ioctl_eventquery struct @ %p\n",
1531 				__FILE__, __LINE__, uarg);
1532 		return -EFAULT;
1533 	}
1534 
1535 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventquery called.\n",
1536 	    ioc->name));
1537 	karg.eventEntries = MPTCTL_EVENT_LOG_SIZE;
1538 	karg.eventTypes = ioc->eventTypes;
1539 
1540 	/* Copy the data from kernel memory to user memory
1541 	 */
1542 	if (copy_to_user((char __user *)arg, &karg, sizeof(struct mpt_ioctl_eventquery))) {
1543 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventquery - "
1544 			"Unable to write out mpt_ioctl_eventquery struct @ %p\n",
1545 			ioc->name, __FILE__, __LINE__, uarg);
1546 		return -EFAULT;
1547 	}
1548 	return 0;
1549 }
1550 
1551 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1552 static int
1553 mptctl_eventenable (MPT_ADAPTER *ioc, unsigned long arg)
1554 {
1555 	struct mpt_ioctl_eventenable __user *uarg = (void __user *) arg;
1556 	struct mpt_ioctl_eventenable	 karg;
1557 
1558 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventenable))) {
1559 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventenable - "
1560 			"Unable to read in mpt_ioctl_eventenable struct @ %p\n",
1561 				__FILE__, __LINE__, uarg);
1562 		return -EFAULT;
1563 	}
1564 
1565 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventenable called.\n",
1566 	    ioc->name));
1567 	if (ioc->events == NULL) {
1568 		/* Have not yet allocated memory - do so now.
1569 		 */
1570 		int sz = MPTCTL_EVENT_LOG_SIZE * sizeof(MPT_IOCTL_EVENTS);
1571 		ioc->events = kzalloc(sz, GFP_KERNEL);
1572 		if (!ioc->events) {
1573 			printk(MYIOC_s_ERR_FMT
1574 			    ": ERROR - Insufficient memory to add adapter!\n",
1575 			    ioc->name);
1576 			return -ENOMEM;
1577 		}
1578 		ioc->alloc_total += sz;
1579 
1580 		ioc->eventContext = 0;
1581         }
1582 
1583 	/* Update the IOC event logging flag.
1584 	 */
1585 	ioc->eventTypes = karg.eventTypes;
1586 
1587 	return 0;
1588 }
1589 
1590 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1591 static int
1592 mptctl_eventreport (MPT_ADAPTER *ioc, unsigned long arg)
1593 {
1594 	struct mpt_ioctl_eventreport __user *uarg = (void __user *) arg;
1595 	struct mpt_ioctl_eventreport	 karg;
1596 	int			 numBytes, maxEvents, max;
1597 
1598 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_eventreport))) {
1599 		printk(KERN_ERR MYNAM "%s@%d::mptctl_eventreport - "
1600 			"Unable to read in mpt_ioctl_eventreport struct @ %p\n",
1601 				__FILE__, __LINE__, uarg);
1602 		return -EFAULT;
1603 	}
1604 
1605 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_eventreport called.\n",
1606 	    ioc->name));
1607 
1608 	numBytes = karg.hdr.maxDataSize - sizeof(mpt_ioctl_header);
1609 	maxEvents = numBytes/sizeof(MPT_IOCTL_EVENTS);
1610 
1611 
1612 	max = MPTCTL_EVENT_LOG_SIZE < maxEvents ? MPTCTL_EVENT_LOG_SIZE : maxEvents;
1613 
1614 	/* If fewer than 1 event is requested, there must have
1615 	 * been some type of error.
1616 	 */
1617 	if ((max < 1) || !ioc->events)
1618 		return -ENODATA;
1619 
1620 	/* reset this flag so SIGIO can restart */
1621 	ioc->aen_event_read_flag=0;
1622 
1623 	/* Copy the data from kernel memory to user memory
1624 	 */
1625 	numBytes = max * sizeof(MPT_IOCTL_EVENTS);
1626 	if (copy_to_user(uarg->eventData, ioc->events, numBytes)) {
1627 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_eventreport - "
1628 			"Unable to write out mpt_ioctl_eventreport struct @ %p\n",
1629 			ioc->name, __FILE__, __LINE__, ioc->events);
1630 		return -EFAULT;
1631 	}
1632 
1633 	return 0;
1634 }
1635 
1636 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1637 static int
1638 mptctl_replace_fw (MPT_ADAPTER *ioc, unsigned long arg)
1639 {
1640 	struct mpt_ioctl_replace_fw __user *uarg = (void __user *) arg;
1641 	struct mpt_ioctl_replace_fw	 karg;
1642 	int			 newFwSize;
1643 
1644 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_replace_fw))) {
1645 		printk(KERN_ERR MYNAM "%s@%d::mptctl_replace_fw - "
1646 			"Unable to read in mpt_ioctl_replace_fw struct @ %p\n",
1647 				__FILE__, __LINE__, uarg);
1648 		return -EFAULT;
1649 	}
1650 
1651 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_replace_fw called.\n",
1652 	    ioc->name));
1653 	/* If caching FW, Free the old FW image
1654 	 */
1655 	if (ioc->cached_fw == NULL)
1656 		return 0;
1657 
1658 	mpt_free_fw_memory(ioc);
1659 
1660 	/* Allocate memory for the new FW image
1661 	 */
1662 	newFwSize = ALIGN(karg.newImageSize, 4);
1663 
1664 	mpt_alloc_fw_memory(ioc, newFwSize);
1665 	if (ioc->cached_fw == NULL)
1666 		return -ENOMEM;
1667 
1668 	/* Copy the data from user memory to kernel space
1669 	 */
1670 	if (copy_from_user(ioc->cached_fw, uarg->newImage, newFwSize)) {
1671 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_replace_fw - "
1672 				"Unable to read in mpt_ioctl_replace_fw image "
1673 				"@ %p\n", ioc->name, __FILE__, __LINE__, uarg);
1674 		mpt_free_fw_memory(ioc);
1675 		return -EFAULT;
1676 	}
1677 
1678 	/* Update IOCFactsReply
1679 	 */
1680 	ioc->facts.FWImageSize = newFwSize;
1681 	return 0;
1682 }
1683 
1684 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1685 /* MPT IOCTL MPTCOMMAND function.
1686  * Cast the arg into the mpt_ioctl_mpt_command structure.
1687  *
1688  * Outputs:	None.
1689  * Return:	0 if successful
1690  *		-EBUSY  if previous command timeout and IOC reset is not complete.
1691  *		-EFAULT if data unavailable
1692  *		-ENODEV if no such device/adapter
1693  *		-ETIME	if timer expires
1694  *		-ENOMEM if memory allocation error
1695  */
1696 static int
1697 mptctl_mpt_command (MPT_ADAPTER *ioc, unsigned long arg)
1698 {
1699 	struct mpt_ioctl_command __user *uarg = (void __user *) arg;
1700 	struct mpt_ioctl_command  karg;
1701 	int		rc;
1702 
1703 
1704 	if (copy_from_user(&karg, uarg, sizeof(struct mpt_ioctl_command))) {
1705 		printk(KERN_ERR MYNAM "%s@%d::mptctl_mpt_command - "
1706 			"Unable to read in mpt_ioctl_command struct @ %p\n",
1707 				__FILE__, __LINE__, uarg);
1708 		return -EFAULT;
1709 	}
1710 
1711 	rc = mptctl_do_mpt_command (ioc, karg, &uarg->MF);
1712 
1713 	return rc;
1714 }
1715 
1716 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
1717 /* Worker routine for the IOCTL MPTCOMMAND and MPTCOMMAND32 (sparc) commands.
1718  *
1719  * Outputs:	None.
1720  * Return:	0 if successful
1721  *		-EBUSY  if previous command timeout and IOC reset is not complete.
1722  *		-EFAULT if data unavailable
1723  *		-ENODEV if no such device/adapter
1724  *		-ETIME	if timer expires
1725  *		-ENOMEM if memory allocation error
1726  *		-EPERM if SCSI I/O and target is untagged
1727  */
1728 static int
1729 mptctl_do_mpt_command (MPT_ADAPTER *ioc, struct mpt_ioctl_command karg, void __user *mfPtr)
1730 {
1731 	MPT_FRAME_HDR	*mf = NULL;
1732 	MPIHeader_t	*hdr;
1733 	char		*psge;
1734 	struct buflist	bufIn;	/* data In buffer */
1735 	struct buflist	bufOut; /* data Out buffer */
1736 	dma_addr_t	dma_addr_in;
1737 	dma_addr_t	dma_addr_out;
1738 	int		sgSize = 0;	/* Num SG elements */
1739 	int		flagsLength;
1740 	int		sz, rc = 0;
1741 	int		msgContext;
1742 	u16		req_idx;
1743 	ulong 		timeout;
1744 	unsigned long	timeleft;
1745 	struct scsi_device *sdev;
1746 	unsigned long	 flags;
1747 	u8		 function;
1748 
1749 	/* bufIn and bufOut are used for user to kernel space transfers
1750 	 */
1751 	bufIn.kptr = bufOut.kptr = NULL;
1752 	bufIn.len = bufOut.len = 0;
1753 
1754 	spin_lock_irqsave(&ioc->taskmgmt_lock, flags);
1755 	if (ioc->ioc_reset_in_progress) {
1756 		spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
1757 		printk(KERN_ERR MYNAM "%s@%d::mptctl_do_mpt_command - "
1758 			"Busy with diagnostic reset\n", __FILE__, __LINE__);
1759 		return -EBUSY;
1760 	}
1761 	spin_unlock_irqrestore(&ioc->taskmgmt_lock, flags);
1762 
1763 	/* Basic sanity checks to prevent underflows or integer overflows */
1764 	if (karg.maxReplyBytes < 0 ||
1765 	    karg.dataInSize < 0 ||
1766 	    karg.dataOutSize < 0 ||
1767 	    karg.dataSgeOffset < 0 ||
1768 	    karg.maxSenseBytes < 0 ||
1769 	    karg.dataSgeOffset > ioc->req_sz / 4)
1770 		return -EINVAL;
1771 
1772 	/* Verify that the final request frame will not be too large.
1773 	 */
1774 	sz = karg.dataSgeOffset * 4;
1775 	if (karg.dataInSize > 0)
1776 		sz += ioc->SGE_size;
1777 	if (karg.dataOutSize > 0)
1778 		sz += ioc->SGE_size;
1779 
1780 	if (sz > ioc->req_sz) {
1781 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1782 			"Request frame too large (%d) maximum (%d)\n",
1783 			ioc->name, __FILE__, __LINE__, sz, ioc->req_sz);
1784 		return -EFAULT;
1785 	}
1786 
1787 	/* Get a free request frame and save the message context.
1788 	 */
1789         if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL)
1790                 return -EAGAIN;
1791 
1792 	hdr = (MPIHeader_t *) mf;
1793 	msgContext = le32_to_cpu(hdr->MsgContext);
1794 	req_idx = le16_to_cpu(mf->u.frame.hwhdr.msgctxu.fld.req_idx);
1795 
1796 	/* Copy the request frame
1797 	 * Reset the saved message context.
1798 	 * Request frame in user space
1799 	 */
1800 	if (copy_from_user(mf, mfPtr, karg.dataSgeOffset * 4)) {
1801 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1802 			"Unable to read MF from mpt_ioctl_command struct @ %p\n",
1803 			ioc->name, __FILE__, __LINE__, mfPtr);
1804 		function = -1;
1805 		rc = -EFAULT;
1806 		goto done_free_mem;
1807 	}
1808 	hdr->MsgContext = cpu_to_le32(msgContext);
1809 	function = hdr->Function;
1810 
1811 
1812 	/* Verify that this request is allowed.
1813 	 */
1814 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "sending mpi function (0x%02X), req=%p\n",
1815 	    ioc->name, hdr->Function, mf));
1816 
1817 	switch (function) {
1818 	case MPI_FUNCTION_IOC_FACTS:
1819 	case MPI_FUNCTION_PORT_FACTS:
1820 		karg.dataOutSize  = karg.dataInSize = 0;
1821 		break;
1822 
1823 	case MPI_FUNCTION_CONFIG:
1824 	{
1825 		Config_t *config_frame;
1826 		config_frame = (Config_t *)mf;
1827 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "\ttype=0x%02x ext_type=0x%02x "
1828 		    "number=0x%02x action=0x%02x\n", ioc->name,
1829 		    config_frame->Header.PageType,
1830 		    config_frame->ExtPageType,
1831 		    config_frame->Header.PageNumber,
1832 		    config_frame->Action));
1833 		break;
1834 	}
1835 
1836 	case MPI_FUNCTION_FC_COMMON_TRANSPORT_SEND:
1837 	case MPI_FUNCTION_FC_EX_LINK_SRVC_SEND:
1838 	case MPI_FUNCTION_FW_UPLOAD:
1839 	case MPI_FUNCTION_SCSI_ENCLOSURE_PROCESSOR:
1840 	case MPI_FUNCTION_FW_DOWNLOAD:
1841 	case MPI_FUNCTION_FC_PRIMITIVE_SEND:
1842 	case MPI_FUNCTION_TOOLBOX:
1843 	case MPI_FUNCTION_SAS_IO_UNIT_CONTROL:
1844 		break;
1845 
1846 	case MPI_FUNCTION_SCSI_IO_REQUEST:
1847 		if (ioc->sh) {
1848 			SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1849 			int qtag = MPI_SCSIIO_CONTROL_UNTAGGED;
1850 			int scsidir = 0;
1851 			int dataSize;
1852 			u32 id;
1853 
1854 			id = (ioc->devices_per_bus == 0) ? 256 : ioc->devices_per_bus;
1855 			if (pScsiReq->TargetID > id) {
1856 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1857 					"Target ID out of bounds. \n",
1858 					ioc->name, __FILE__, __LINE__);
1859 				rc = -ENODEV;
1860 				goto done_free_mem;
1861 			}
1862 
1863 			if (pScsiReq->Bus >= ioc->number_of_buses) {
1864 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1865 					"Target Bus out of bounds. \n",
1866 					ioc->name, __FILE__, __LINE__);
1867 				rc = -ENODEV;
1868 				goto done_free_mem;
1869 			}
1870 
1871 			pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1872 			pScsiReq->MsgFlags |= mpt_msg_flags(ioc);
1873 
1874 
1875 			/* verify that app has not requested
1876 			 *	more sense data than driver
1877 			 *	can provide, if so, reset this parameter
1878 			 * set the sense buffer pointer low address
1879 			 * update the control field to specify Q type
1880 			 */
1881 			if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1882 				pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1883 			else
1884 				pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1885 
1886 			pScsiReq->SenseBufferLowAddr =
1887 				cpu_to_le32(ioc->sense_buf_low_dma
1888 				   + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1889 
1890 			shost_for_each_device(sdev, ioc->sh) {
1891 				struct scsi_target *starget = scsi_target(sdev);
1892 				VirtTarget *vtarget = starget->hostdata;
1893 
1894 				if (vtarget == NULL)
1895 					continue;
1896 
1897 				if ((pScsiReq->TargetID == vtarget->id) &&
1898 				    (pScsiReq->Bus == vtarget->channel) &&
1899 				    (vtarget->tflags & MPT_TARGET_FLAGS_Q_YES))
1900 					qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1901 			}
1902 
1903 			/* Have the IOCTL driver set the direction based
1904 			 * on the dataOutSize (ordering issue with Sparc).
1905 			 */
1906 			if (karg.dataOutSize > 0) {
1907 				scsidir = MPI_SCSIIO_CONTROL_WRITE;
1908 				dataSize = karg.dataOutSize;
1909 			} else {
1910 				scsidir = MPI_SCSIIO_CONTROL_READ;
1911 				dataSize = karg.dataInSize;
1912 			}
1913 
1914 			pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1915 			pScsiReq->DataLength = cpu_to_le32(dataSize);
1916 
1917 
1918 		} else {
1919 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1920 				"SCSI driver is not loaded. \n",
1921 				ioc->name, __FILE__, __LINE__);
1922 			rc = -EFAULT;
1923 			goto done_free_mem;
1924 		}
1925 		break;
1926 
1927 	case MPI_FUNCTION_SMP_PASSTHROUGH:
1928 		/* Check mf->PassthruFlags to determine if
1929 		 * transfer is ImmediateMode or not.
1930 		 * Immediate mode returns data in the ReplyFrame.
1931 		 * Else, we are sending request and response data
1932 		 * in two SGLs at the end of the mf.
1933 		 */
1934 		break;
1935 
1936 	case MPI_FUNCTION_SATA_PASSTHROUGH:
1937 		if (!ioc->sh) {
1938 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1939 				"SCSI driver is not loaded. \n",
1940 				ioc->name, __FILE__, __LINE__);
1941 			rc = -EFAULT;
1942 			goto done_free_mem;
1943 		}
1944 		break;
1945 
1946 	case MPI_FUNCTION_RAID_ACTION:
1947 		/* Just add a SGE
1948 		 */
1949 		break;
1950 
1951 	case MPI_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
1952 		if (ioc->sh) {
1953 			SCSIIORequest_t *pScsiReq = (SCSIIORequest_t *) mf;
1954 			int qtag = MPI_SCSIIO_CONTROL_SIMPLEQ;
1955 			int scsidir = MPI_SCSIIO_CONTROL_READ;
1956 			int dataSize;
1957 
1958 			pScsiReq->MsgFlags &= ~MPI_SCSIIO_MSGFLGS_SENSE_WIDTH;
1959 			pScsiReq->MsgFlags |= mpt_msg_flags(ioc);
1960 
1961 
1962 			/* verify that app has not requested
1963 			 *	more sense data than driver
1964 			 *	can provide, if so, reset this parameter
1965 			 * set the sense buffer pointer low address
1966 			 * update the control field to specify Q type
1967 			 */
1968 			if (karg.maxSenseBytes > MPT_SENSE_BUFFER_SIZE)
1969 				pScsiReq->SenseBufferLength = MPT_SENSE_BUFFER_SIZE;
1970 			else
1971 				pScsiReq->SenseBufferLength = karg.maxSenseBytes;
1972 
1973 			pScsiReq->SenseBufferLowAddr =
1974 				cpu_to_le32(ioc->sense_buf_low_dma
1975 				   + (req_idx * MPT_SENSE_BUFFER_ALLOC));
1976 
1977 			/* All commands to physical devices are tagged
1978 			 */
1979 
1980 			/* Have the IOCTL driver set the direction based
1981 			 * on the dataOutSize (ordering issue with Sparc).
1982 			 */
1983 			if (karg.dataOutSize > 0) {
1984 				scsidir = MPI_SCSIIO_CONTROL_WRITE;
1985 				dataSize = karg.dataOutSize;
1986 			} else {
1987 				scsidir = MPI_SCSIIO_CONTROL_READ;
1988 				dataSize = karg.dataInSize;
1989 			}
1990 
1991 			pScsiReq->Control = cpu_to_le32(scsidir | qtag);
1992 			pScsiReq->DataLength = cpu_to_le32(dataSize);
1993 
1994 		} else {
1995 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
1996 				"SCSI driver is not loaded. \n",
1997 				ioc->name, __FILE__, __LINE__);
1998 			rc = -EFAULT;
1999 			goto done_free_mem;
2000 		}
2001 		break;
2002 
2003 	case MPI_FUNCTION_SCSI_TASK_MGMT:
2004 	{
2005 		SCSITaskMgmt_t	*pScsiTm;
2006 		pScsiTm = (SCSITaskMgmt_t *)mf;
2007 		dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT
2008 			"\tTaskType=0x%x MsgFlags=0x%x "
2009 			"TaskMsgContext=0x%x id=%d channel=%d\n",
2010 			ioc->name, pScsiTm->TaskType, le32_to_cpu
2011 			(pScsiTm->TaskMsgContext), pScsiTm->MsgFlags,
2012 			pScsiTm->TargetID, pScsiTm->Bus));
2013 		break;
2014 	}
2015 
2016 	case MPI_FUNCTION_IOC_INIT:
2017 		{
2018 			IOCInit_t	*pInit = (IOCInit_t *) mf;
2019 			u32		high_addr, sense_high;
2020 
2021 			/* Verify that all entries in the IOC INIT match
2022 			 * existing setup (and in LE format).
2023 			 */
2024 			if (sizeof(dma_addr_t) == sizeof(u64)) {
2025 				high_addr = cpu_to_le32((u32)((u64)ioc->req_frames_dma >> 32));
2026 				sense_high= cpu_to_le32((u32)((u64)ioc->sense_buf_pool_dma >> 32));
2027 			} else {
2028 				high_addr = 0;
2029 				sense_high= 0;
2030 			}
2031 
2032 			if ((pInit->Flags != 0) || (pInit->MaxDevices != ioc->facts.MaxDevices) ||
2033 				(pInit->MaxBuses != ioc->facts.MaxBuses) ||
2034 				(pInit->ReplyFrameSize != cpu_to_le16(ioc->reply_sz)) ||
2035 				(pInit->HostMfaHighAddr != high_addr) ||
2036 				(pInit->SenseBufferHighAddr != sense_high)) {
2037 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2038 					"IOC_INIT issued with 1 or more incorrect parameters. Rejected.\n",
2039 					ioc->name, __FILE__, __LINE__);
2040 				rc = -EFAULT;
2041 				goto done_free_mem;
2042 			}
2043 		}
2044 		break;
2045 	default:
2046 		/*
2047 		 * MPI_FUNCTION_PORT_ENABLE
2048 		 * MPI_FUNCTION_TARGET_CMD_BUFFER_POST
2049 		 * MPI_FUNCTION_TARGET_ASSIST
2050 		 * MPI_FUNCTION_TARGET_STATUS_SEND
2051 		 * MPI_FUNCTION_TARGET_MODE_ABORT
2052 		 * MPI_FUNCTION_IOC_MESSAGE_UNIT_RESET
2053 		 * MPI_FUNCTION_IO_UNIT_RESET
2054 		 * MPI_FUNCTION_HANDSHAKE
2055 		 * MPI_FUNCTION_REPLY_FRAME_REMOVAL
2056 		 * MPI_FUNCTION_EVENT_NOTIFICATION
2057 		 *  (driver handles event notification)
2058 		 * MPI_FUNCTION_EVENT_ACK
2059 		 */
2060 
2061 		/*  What to do with these???  CHECK ME!!!
2062 			MPI_FUNCTION_FC_LINK_SRVC_BUF_POST
2063 			MPI_FUNCTION_FC_LINK_SRVC_RSP
2064 			MPI_FUNCTION_FC_ABORT
2065 			MPI_FUNCTION_LAN_SEND
2066 			MPI_FUNCTION_LAN_RECEIVE
2067 		 	MPI_FUNCTION_LAN_RESET
2068 		*/
2069 
2070 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2071 			"Illegal request (function 0x%x) \n",
2072 			ioc->name, __FILE__, __LINE__, hdr->Function);
2073 		rc = -EFAULT;
2074 		goto done_free_mem;
2075 	}
2076 
2077 	/* Add the SGL ( at most one data in SGE and one data out SGE )
2078 	 * In the case of two SGE's - the data out (write) will always
2079 	 * preceede the data in (read) SGE. psgList is used to free the
2080 	 * allocated memory.
2081 	 */
2082 	psge = (char *) (((int *) mf) + karg.dataSgeOffset);
2083 	flagsLength = 0;
2084 
2085 	if (karg.dataOutSize > 0)
2086 		sgSize ++;
2087 
2088 	if (karg.dataInSize > 0)
2089 		sgSize ++;
2090 
2091 	if (sgSize > 0) {
2092 
2093 		/* Set up the dataOut memory allocation */
2094 		if (karg.dataOutSize > 0) {
2095 			if (karg.dataInSize > 0) {
2096 				flagsLength = ( MPI_SGE_FLAGS_SIMPLE_ELEMENT |
2097 						MPI_SGE_FLAGS_END_OF_BUFFER |
2098 						MPI_SGE_FLAGS_DIRECTION)
2099 						<< MPI_SGE_FLAGS_SHIFT;
2100 			} else {
2101 				flagsLength = MPT_SGE_FLAGS_SSIMPLE_WRITE;
2102 			}
2103 			flagsLength |= karg.dataOutSize;
2104 			bufOut.len = karg.dataOutSize;
2105 			bufOut.kptr = dma_alloc_coherent(&ioc->pcidev->dev,
2106 							 bufOut.len,
2107 							 &dma_addr_out, GFP_KERNEL);
2108 
2109 			if (bufOut.kptr == NULL) {
2110 				rc = -ENOMEM;
2111 				goto done_free_mem;
2112 			} else {
2113 				/* Set up this SGE.
2114 				 * Copy to MF and to sglbuf
2115 				 */
2116 				ioc->add_sge(psge, flagsLength, dma_addr_out);
2117 				psge += ioc->SGE_size;
2118 
2119 				/* Copy user data to kernel space.
2120 				 */
2121 				if (copy_from_user(bufOut.kptr,
2122 						karg.dataOutBufPtr,
2123 						bufOut.len)) {
2124 					printk(MYIOC_s_ERR_FMT
2125 						"%s@%d::mptctl_do_mpt_command - Unable "
2126 						"to read user data "
2127 						"struct @ %p\n",
2128 						ioc->name, __FILE__, __LINE__,karg.dataOutBufPtr);
2129 					rc =  -EFAULT;
2130 					goto done_free_mem;
2131 				}
2132 			}
2133 		}
2134 
2135 		if (karg.dataInSize > 0) {
2136 			flagsLength = MPT_SGE_FLAGS_SSIMPLE_READ;
2137 			flagsLength |= karg.dataInSize;
2138 
2139 			bufIn.len = karg.dataInSize;
2140 			bufIn.kptr = dma_alloc_coherent(&ioc->pcidev->dev,
2141 							bufIn.len,
2142 							&dma_addr_in, GFP_KERNEL);
2143 
2144 			if (bufIn.kptr == NULL) {
2145 				rc = -ENOMEM;
2146 				goto done_free_mem;
2147 			} else {
2148 				/* Set up this SGE
2149 				 * Copy to MF and to sglbuf
2150 				 */
2151 				ioc->add_sge(psge, flagsLength, dma_addr_in);
2152 			}
2153 		}
2154 	} else  {
2155 		/* Add a NULL SGE
2156 		 */
2157 		ioc->add_sge(psge, flagsLength, (dma_addr_t) -1);
2158 	}
2159 
2160 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, hdr->MsgContext);
2161 	INITIALIZE_MGMT_STATUS(ioc->ioctl_cmds.status)
2162 	if (hdr->Function == MPI_FUNCTION_SCSI_TASK_MGMT) {
2163 
2164 		mutex_lock(&ioc->taskmgmt_cmds.mutex);
2165 		if (mpt_set_taskmgmt_in_progress_flag(ioc) != 0) {
2166 			mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2167 			goto done_free_mem;
2168 		}
2169 
2170 		DBG_DUMP_TM_REQUEST_FRAME(ioc, (u32 *)mf);
2171 
2172 		if ((ioc->facts.IOCCapabilities & MPI_IOCFACTS_CAPABILITY_HIGH_PRI_Q) &&
2173 		    (ioc->facts.MsgVersion >= MPI_VERSION_01_05))
2174 			mpt_put_msg_frame_hi_pri(mptctl_id, ioc, mf);
2175 		else {
2176 			rc =mpt_send_handshake_request(mptctl_id, ioc,
2177 				sizeof(SCSITaskMgmt_t), (u32*)mf, CAN_SLEEP);
2178 			if (rc != 0) {
2179 				dfailprintk(ioc, printk(MYIOC_s_ERR_FMT
2180 				    "send_handshake FAILED! (ioc %p, mf %p)\n",
2181 				    ioc->name, ioc, mf));
2182 				mpt_clear_taskmgmt_in_progress_flag(ioc);
2183 				rc = -ENODATA;
2184 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2185 				goto done_free_mem;
2186 			}
2187 		}
2188 
2189 	} else
2190 		mpt_put_msg_frame(mptctl_id, ioc, mf);
2191 
2192 	/* Now wait for the command to complete */
2193 	timeout = (karg.timeout > 0) ? karg.timeout : MPT_IOCTL_DEFAULT_TIMEOUT;
2194 retry_wait:
2195 	timeleft = wait_for_completion_timeout(&ioc->ioctl_cmds.done,
2196 				HZ*timeout);
2197 	if (!(ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
2198 		rc = -ETIME;
2199 		dfailprintk(ioc, printk(MYIOC_s_ERR_FMT "%s: TIMED OUT!\n",
2200 		    ioc->name, __func__));
2201 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
2202 			if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2203 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2204 			goto done_free_mem;
2205 		}
2206 		if (!timeleft) {
2207 			printk(MYIOC_s_WARN_FMT
2208 			       "mpt cmd timeout, doorbell=0x%08x"
2209 			       " function=0x%x\n",
2210 			       ioc->name, mpt_GetIocState(ioc, 0), function);
2211 			if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2212 				mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2213 			mptctl_timeout_expired(ioc, mf);
2214 			mf = NULL;
2215 		} else
2216 			goto retry_wait;
2217 		goto done_free_mem;
2218 	}
2219 
2220 	if (function == MPI_FUNCTION_SCSI_TASK_MGMT)
2221 		mutex_unlock(&ioc->taskmgmt_cmds.mutex);
2222 
2223 
2224 	mf = NULL;
2225 
2226 	/* If a valid reply frame, copy to the user.
2227 	 * Offset 2: reply length in U32's
2228 	 */
2229 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID) {
2230 		if (karg.maxReplyBytes < ioc->reply_sz) {
2231 			sz = min(karg.maxReplyBytes,
2232 				4*ioc->ioctl_cmds.reply[2]);
2233 		} else {
2234 			 sz = min(ioc->reply_sz, 4*ioc->ioctl_cmds.reply[2]);
2235 		}
2236 		if (sz > 0) {
2237 			if (copy_to_user(karg.replyFrameBufPtr,
2238 				 ioc->ioctl_cmds.reply, sz)){
2239 				 printk(MYIOC_s_ERR_FMT
2240 				     "%s@%d::mptctl_do_mpt_command - "
2241 				 "Unable to write out reply frame %p\n",
2242 				 ioc->name, __FILE__, __LINE__, karg.replyFrameBufPtr);
2243 				 rc =  -ENODATA;
2244 				 goto done_free_mem;
2245 			}
2246 		}
2247 	}
2248 
2249 	/* If valid sense data, copy to user.
2250 	 */
2251 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_SENSE_VALID) {
2252 		sz = min(karg.maxSenseBytes, MPT_SENSE_BUFFER_SIZE);
2253 		if (sz > 0) {
2254 			if (copy_to_user(karg.senseDataPtr,
2255 				ioc->ioctl_cmds.sense, sz)) {
2256 				printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2257 				"Unable to write sense data to user %p\n",
2258 				ioc->name, __FILE__, __LINE__,
2259 				karg.senseDataPtr);
2260 				rc =  -ENODATA;
2261 				goto done_free_mem;
2262 			}
2263 		}
2264 	}
2265 
2266 	/* If the overall status is _GOOD and data in, copy data
2267 	 * to user.
2268 	 */
2269 	if ((ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD) &&
2270 				(karg.dataInSize > 0) && (bufIn.kptr)) {
2271 
2272 		if (copy_to_user(karg.dataInBufPtr,
2273 				 bufIn.kptr, karg.dataInSize)) {
2274 			printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_do_mpt_command - "
2275 				"Unable to write data to user %p\n",
2276 				ioc->name, __FILE__, __LINE__,
2277 				karg.dataInBufPtr);
2278 			rc =  -ENODATA;
2279 		}
2280 	}
2281 
2282 done_free_mem:
2283 
2284 	CLEAR_MGMT_STATUS(ioc->ioctl_cmds.status)
2285 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, 0);
2286 
2287 	/* Free the allocated memory.
2288 	 */
2289 	if (bufOut.kptr != NULL) {
2290 		dma_free_coherent(&ioc->pcidev->dev, bufOut.len,
2291 				  (void *)bufOut.kptr, dma_addr_out);
2292 	}
2293 
2294 	if (bufIn.kptr != NULL) {
2295 		dma_free_coherent(&ioc->pcidev->dev, bufIn.len,
2296 				  (void *)bufIn.kptr, dma_addr_in);
2297 	}
2298 
2299 	/* mf is null if command issued successfully
2300 	 * otherwise, failure occurred after mf acquired.
2301 	 */
2302 	if (mf)
2303 		mpt_free_msg_frame(ioc, mf);
2304 
2305 	return rc;
2306 }
2307 
2308 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2309 /* Prototype Routine for the HOST INFO command.
2310  *
2311  * Outputs:	None.
2312  * Return:	0 if successful
2313  *		-EFAULT if data unavailable
2314  *		-EBUSY  if previous command timeout and IOC reset is not complete.
2315  *		-ENODEV if no such device/adapter
2316  *		-ETIME	if timer expires
2317  *		-ENOMEM if memory allocation error
2318  */
2319 static int
2320 mptctl_hp_hostinfo(MPT_ADAPTER *ioc, unsigned long arg, unsigned int data_size)
2321 {
2322 	hp_host_info_t	__user *uarg = (void __user *) arg;
2323 	struct pci_dev		*pdev;
2324 	char                    *pbuf=NULL;
2325 	dma_addr_t		buf_dma;
2326 	hp_host_info_t		karg;
2327 	CONFIGPARMS		cfg;
2328 	ConfigPageHeader_t	hdr;
2329 	int			rc, cim_rev;
2330 	ToolboxIstwiReadWriteRequest_t	*IstwiRWRequest;
2331 	MPT_FRAME_HDR		*mf = NULL;
2332 	unsigned long		timeleft;
2333 	u32			msgcontext;
2334 
2335 	/* Reset long to int. Should affect IA64 and SPARC only
2336 	 */
2337 	if (data_size == sizeof(hp_host_info_t))
2338 		cim_rev = 1;
2339 	else if (data_size == sizeof(hp_host_info_rev0_t))
2340 		cim_rev = 0;	/* obsolete */
2341 	else
2342 		return -EFAULT;
2343 
2344 	if (copy_from_user(&karg, uarg, sizeof(hp_host_info_t))) {
2345 		printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_host_info - "
2346 			"Unable to read in hp_host_info struct @ %p\n",
2347 				__FILE__, __LINE__, uarg);
2348 		return -EFAULT;
2349 	}
2350 
2351 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT ": mptctl_hp_hostinfo called.\n",
2352 	    ioc->name));
2353 
2354 	/* Fill in the data and return the structure to the calling
2355 	 * program
2356 	 */
2357 	pdev = (struct pci_dev *) ioc->pcidev;
2358 
2359 	karg.vendor = pdev->vendor;
2360 	karg.device = pdev->device;
2361 	karg.subsystem_id = pdev->subsystem_device;
2362 	karg.subsystem_vendor = pdev->subsystem_vendor;
2363 	karg.devfn = pdev->devfn;
2364 	karg.bus = pdev->bus->number;
2365 
2366 	/* Save the SCSI host no. if
2367 	 * SCSI driver loaded
2368 	 */
2369 	if (ioc->sh != NULL)
2370 		karg.host_no = ioc->sh->host_no;
2371 	else
2372 		karg.host_no =  -1;
2373 
2374 	/* Reformat the fw_version into a string */
2375 	snprintf(karg.fw_version, sizeof(karg.fw_version),
2376 		 "%.2hhu.%.2hhu.%.2hhu.%.2hhu",
2377 		 ioc->facts.FWVersion.Struct.Major,
2378 		 ioc->facts.FWVersion.Struct.Minor,
2379 		 ioc->facts.FWVersion.Struct.Unit,
2380 		 ioc->facts.FWVersion.Struct.Dev);
2381 
2382 	/* Issue a config request to get the device serial number
2383 	 */
2384 	hdr.PageVersion = 0;
2385 	hdr.PageLength = 0;
2386 	hdr.PageNumber = 0;
2387 	hdr.PageType = MPI_CONFIG_PAGETYPE_MANUFACTURING;
2388 	cfg.cfghdr.hdr = &hdr;
2389 	cfg.physAddr = -1;
2390 	cfg.pageAddr = 0;
2391 	cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2392 	cfg.dir = 0;	/* read */
2393 	cfg.timeout = 10;
2394 
2395 	strscpy_pad(karg.serial_number, " ", sizeof(karg.serial_number));
2396 	if (mpt_config(ioc, &cfg) == 0) {
2397 		if (cfg.cfghdr.hdr->PageLength > 0) {
2398 			/* Issue the second config page request */
2399 			cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2400 
2401 			pbuf = dma_alloc_coherent(&ioc->pcidev->dev,
2402 						  hdr.PageLength * 4,
2403 						  &buf_dma, GFP_KERNEL);
2404 			if (pbuf) {
2405 				cfg.physAddr = buf_dma;
2406 				if (mpt_config(ioc, &cfg) == 0) {
2407 					ManufacturingPage0_t *pdata = (ManufacturingPage0_t *) pbuf;
2408 					if (strlen(pdata->BoardTracerNumber) > 1) {
2409 						strscpy_pad(karg.serial_number,
2410 							pdata->BoardTracerNumber,
2411 							sizeof(karg.serial_number));
2412 					}
2413 				}
2414 				dma_free_coherent(&ioc->pcidev->dev,
2415 						  hdr.PageLength * 4, pbuf,
2416 						  buf_dma);
2417 				pbuf = NULL;
2418 			}
2419 		}
2420 	}
2421 	rc = mpt_GetIocState(ioc, 1);
2422 	switch (rc) {
2423 	case MPI_IOC_STATE_OPERATIONAL:
2424 		karg.ioc_status =  HP_STATUS_OK;
2425 		break;
2426 
2427 	case MPI_IOC_STATE_FAULT:
2428 		karg.ioc_status =  HP_STATUS_FAILED;
2429 		break;
2430 
2431 	case MPI_IOC_STATE_RESET:
2432 	case MPI_IOC_STATE_READY:
2433 	default:
2434 		karg.ioc_status =  HP_STATUS_OTHER;
2435 		break;
2436 	}
2437 
2438 	karg.base_io_addr = pci_resource_start(pdev, 0);
2439 
2440 	if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2441 		karg.bus_phys_width = HP_BUS_WIDTH_UNK;
2442 	else
2443 		karg.bus_phys_width = HP_BUS_WIDTH_16;
2444 
2445 	karg.hard_resets = 0;
2446 	karg.soft_resets = 0;
2447 	karg.timeouts = 0;
2448 	if (ioc->sh != NULL) {
2449 		MPT_SCSI_HOST *hd =  shost_priv(ioc->sh);
2450 
2451 		if (hd && (cim_rev == 1)) {
2452 			karg.hard_resets = ioc->hard_resets;
2453 			karg.soft_resets = ioc->soft_resets;
2454 			karg.timeouts = ioc->timeouts;
2455 		}
2456 	}
2457 
2458 	/*
2459 	 * Gather ISTWI(Industry Standard Two Wire Interface) Data
2460 	 */
2461 	if ((mf = mpt_get_msg_frame(mptctl_id, ioc)) == NULL) {
2462 		dfailprintk(ioc, printk(MYIOC_s_WARN_FMT
2463 			"%s, no msg frames!!\n", ioc->name, __func__));
2464 		goto out;
2465 	}
2466 
2467 	IstwiRWRequest = (ToolboxIstwiReadWriteRequest_t *)mf;
2468 	msgcontext = IstwiRWRequest->MsgContext;
2469 	memset(IstwiRWRequest,0,sizeof(ToolboxIstwiReadWriteRequest_t));
2470 	IstwiRWRequest->MsgContext = msgcontext;
2471 	IstwiRWRequest->Function = MPI_FUNCTION_TOOLBOX;
2472 	IstwiRWRequest->Tool = MPI_TOOLBOX_ISTWI_READ_WRITE_TOOL;
2473 	IstwiRWRequest->Flags = MPI_TB_ISTWI_FLAGS_READ;
2474 	IstwiRWRequest->NumAddressBytes = 0x01;
2475 	IstwiRWRequest->DataLength = cpu_to_le16(0x04);
2476 	if (pdev->devfn & 1)
2477 		IstwiRWRequest->DeviceAddr = 0xB2;
2478 	else
2479 		IstwiRWRequest->DeviceAddr = 0xB0;
2480 
2481 	pbuf = dma_alloc_coherent(&ioc->pcidev->dev, 4, &buf_dma, GFP_KERNEL);
2482 	if (!pbuf)
2483 		goto out;
2484 	ioc->add_sge((char *)&IstwiRWRequest->SGL,
2485 	    (MPT_SGE_FLAGS_SSIMPLE_READ|4), buf_dma);
2486 
2487 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context,
2488 				IstwiRWRequest->MsgContext);
2489 	INITIALIZE_MGMT_STATUS(ioc->ioctl_cmds.status)
2490 	mpt_put_msg_frame(mptctl_id, ioc, mf);
2491 
2492 retry_wait:
2493 	timeleft = wait_for_completion_timeout(&ioc->ioctl_cmds.done,
2494 			HZ*MPT_IOCTL_DEFAULT_TIMEOUT);
2495 	if (!(ioc->ioctl_cmds.status & MPT_MGMT_STATUS_COMMAND_GOOD)) {
2496 		printk(MYIOC_s_WARN_FMT "%s: failed\n", ioc->name, __func__);
2497 		if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_DID_IOCRESET) {
2498 			mpt_free_msg_frame(ioc, mf);
2499 			goto out;
2500 		}
2501 		if (!timeleft) {
2502 			printk(MYIOC_s_WARN_FMT
2503 			       "HOST INFO command timeout, doorbell=0x%08x\n",
2504 			       ioc->name, mpt_GetIocState(ioc, 0));
2505 			mptctl_timeout_expired(ioc, mf);
2506 		} else
2507 			goto retry_wait;
2508 		goto out;
2509 	}
2510 
2511 	/*
2512 	 *ISTWI Data Definition
2513 	 * pbuf[0] = FW_VERSION = 0x4
2514 	 * pbuf[1] = Bay Count = 6 or 4 or 2, depending on
2515 	 *  the config, you should be seeing one out of these three values
2516 	 * pbuf[2] = Drive Installed Map = bit pattern depend on which
2517 	 *   bays have drives in them
2518 	 * pbuf[3] = Checksum (0x100 = (byte0 + byte2 + byte3)
2519 	 */
2520 	if (ioc->ioctl_cmds.status & MPT_MGMT_STATUS_RF_VALID)
2521 		karg.rsvd = *(u32 *)pbuf;
2522 
2523  out:
2524 	CLEAR_MGMT_STATUS(ioc->ioctl_cmds.status)
2525 	SET_MGMT_MSG_CONTEXT(ioc->ioctl_cmds.msg_context, 0);
2526 
2527 	if (pbuf)
2528 		dma_free_coherent(&ioc->pcidev->dev, 4, pbuf, buf_dma);
2529 
2530 	/* Copy the data from kernel memory to user memory
2531 	 */
2532 	if (copy_to_user((char __user *)arg, &karg, sizeof(hp_host_info_t))) {
2533 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hpgethostinfo - "
2534 			"Unable to write out hp_host_info @ %p\n",
2535 			ioc->name, __FILE__, __LINE__, uarg);
2536 		return -EFAULT;
2537 	}
2538 
2539 	return 0;
2540 
2541 }
2542 
2543 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2544 /* Prototype Routine for the TARGET INFO command.
2545  *
2546  * Outputs:	None.
2547  * Return:	0 if successful
2548  *		-EFAULT if data unavailable
2549  *		-EBUSY  if previous command timeout and IOC reset is not complete.
2550  *		-ENODEV if no such device/adapter
2551  *		-ETIME	if timer expires
2552  *		-ENOMEM if memory allocation error
2553  */
2554 static int
2555 mptctl_hp_targetinfo(MPT_ADAPTER *ioc, unsigned long arg)
2556 {
2557 	hp_target_info_t __user *uarg = (void __user *) arg;
2558 	SCSIDevicePage0_t	*pg0_alloc;
2559 	SCSIDevicePage3_t	*pg3_alloc;
2560 	MPT_SCSI_HOST 		*hd = NULL;
2561 	hp_target_info_t	karg;
2562 	int			data_sz;
2563 	dma_addr_t		page_dma;
2564 	CONFIGPARMS	 	cfg;
2565 	ConfigPageHeader_t	hdr;
2566 	int			tmp, np, rc = 0;
2567 
2568 	if (copy_from_user(&karg, uarg, sizeof(hp_target_info_t))) {
2569 		printk(KERN_ERR MYNAM "%s@%d::mptctl_hp_targetinfo - "
2570 			"Unable to read in hp_host_targetinfo struct @ %p\n",
2571 				__FILE__, __LINE__, uarg);
2572 		return -EFAULT;
2573 	}
2574 
2575 	if (karg.hdr.id >= MPT_MAX_FC_DEVICES)
2576 		return -EINVAL;
2577 	dctlprintk(ioc, printk(MYIOC_s_DEBUG_FMT "mptctl_hp_targetinfo called.\n",
2578 	    ioc->name));
2579 
2580 	/*  There is nothing to do for FCP parts.
2581 	 */
2582 	if ((ioc->bus_type == SAS) || (ioc->bus_type == FC))
2583 		return 0;
2584 
2585 	if ((ioc->spi_data.sdp0length == 0) || (ioc->sh == NULL))
2586 		return 0;
2587 
2588 	if (ioc->sh->host_no != karg.hdr.host)
2589 		return -ENODEV;
2590 
2591        /* Get the data transfer speeds
2592         */
2593 	data_sz = ioc->spi_data.sdp0length * 4;
2594 	pg0_alloc = dma_alloc_coherent(&ioc->pcidev->dev, data_sz, &page_dma,
2595 				       GFP_KERNEL);
2596 	if (pg0_alloc) {
2597 		hdr.PageVersion = ioc->spi_data.sdp0version;
2598 		hdr.PageLength = data_sz;
2599 		hdr.PageNumber = 0;
2600 		hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2601 
2602 		cfg.cfghdr.hdr = &hdr;
2603 		cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2604 		cfg.dir = 0;
2605 		cfg.timeout = 0;
2606 		cfg.physAddr = page_dma;
2607 
2608 		cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2609 
2610 		if ((rc = mpt_config(ioc, &cfg)) == 0) {
2611 			np = le32_to_cpu(pg0_alloc->NegotiatedParameters);
2612 			karg.negotiated_width = np & MPI_SCSIDEVPAGE0_NP_WIDE ?
2613 					HP_BUS_WIDTH_16 : HP_BUS_WIDTH_8;
2614 
2615 			if (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_OFFSET_MASK) {
2616 				tmp = (np & MPI_SCSIDEVPAGE0_NP_NEG_SYNC_PERIOD_MASK) >> 8;
2617 				if (tmp < 0x09)
2618 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA320;
2619 				else if (tmp <= 0x09)
2620 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA160;
2621 				else if (tmp <= 0x0A)
2622 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA2;
2623 				else if (tmp <= 0x0C)
2624 					karg.negotiated_speed = HP_DEV_SPEED_ULTRA;
2625 				else if (tmp <= 0x25)
2626 					karg.negotiated_speed = HP_DEV_SPEED_FAST;
2627 				else
2628 					karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2629 			} else
2630 				karg.negotiated_speed = HP_DEV_SPEED_ASYNC;
2631 		}
2632 
2633 		dma_free_coherent(&ioc->pcidev->dev, data_sz, (u8 *)pg0_alloc,
2634 				  page_dma);
2635 	}
2636 
2637 	/* Set defaults
2638 	 */
2639 	karg.message_rejects = -1;
2640 	karg.phase_errors = -1;
2641 	karg.parity_errors = -1;
2642 	karg.select_timeouts = -1;
2643 
2644 	/* Get the target error parameters
2645 	 */
2646 	hdr.PageVersion = 0;
2647 	hdr.PageLength = 0;
2648 	hdr.PageNumber = 3;
2649 	hdr.PageType = MPI_CONFIG_PAGETYPE_SCSI_DEVICE;
2650 
2651 	cfg.cfghdr.hdr = &hdr;
2652 	cfg.action = MPI_CONFIG_ACTION_PAGE_HEADER;
2653 	cfg.dir = 0;
2654 	cfg.timeout = 0;
2655 	cfg.physAddr = -1;
2656 	if ((mpt_config(ioc, &cfg) == 0) && (cfg.cfghdr.hdr->PageLength > 0)) {
2657 		/* Issue the second config page request */
2658 		cfg.action = MPI_CONFIG_ACTION_PAGE_READ_CURRENT;
2659 		data_sz = (int) cfg.cfghdr.hdr->PageLength * 4;
2660 		pg3_alloc = dma_alloc_coherent(&ioc->pcidev->dev, data_sz,
2661 					       &page_dma, GFP_KERNEL);
2662 		if (pg3_alloc) {
2663 			cfg.physAddr = page_dma;
2664 			cfg.pageAddr = (karg.hdr.channel << 8) | karg.hdr.id;
2665 			if ((rc = mpt_config(ioc, &cfg)) == 0) {
2666 				karg.message_rejects = (u32) le16_to_cpu(pg3_alloc->MsgRejectCount);
2667 				karg.phase_errors = (u32) le16_to_cpu(pg3_alloc->PhaseErrorCount);
2668 				karg.parity_errors = (u32) le16_to_cpu(pg3_alloc->ParityErrorCount);
2669 			}
2670 			dma_free_coherent(&ioc->pcidev->dev, data_sz,
2671 					  (u8 *)pg3_alloc, page_dma);
2672 		}
2673 	}
2674 	hd = shost_priv(ioc->sh);
2675 	if (hd != NULL)
2676 		karg.select_timeouts = hd->sel_timeout[karg.hdr.id];
2677 
2678 	/* Copy the data from kernel memory to user memory
2679 	 */
2680 	if (copy_to_user((char __user *)arg, &karg, sizeof(hp_target_info_t))) {
2681 		printk(MYIOC_s_ERR_FMT "%s@%d::mptctl_hp_target_info - "
2682 			"Unable to write out mpt_ioctl_targetinfo struct @ %p\n",
2683 			ioc->name, __FILE__, __LINE__, uarg);
2684 		return -EFAULT;
2685 	}
2686 
2687 	return 0;
2688 }
2689 
2690 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2691 
2692 static const struct file_operations mptctl_fops = {
2693 	.owner =	THIS_MODULE,
2694 	.llseek =	no_llseek,
2695 	.fasync = 	mptctl_fasync,
2696 	.unlocked_ioctl = mptctl_ioctl,
2697 #ifdef CONFIG_COMPAT
2698 	.compat_ioctl = compat_mpctl_ioctl,
2699 #endif
2700 };
2701 
2702 static struct miscdevice mptctl_miscdev = {
2703 	MPT_MINOR,
2704 	MYNAM,
2705 	&mptctl_fops
2706 };
2707 
2708 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2709 
2710 #ifdef CONFIG_COMPAT
2711 
2712 static int
2713 compat_mptfwxfer_ioctl(struct file *filp, unsigned int cmd,
2714 			unsigned long arg)
2715 {
2716 	struct mpt_fw_xfer32 kfw32;
2717 	struct mpt_fw_xfer kfw;
2718 	MPT_ADAPTER *iocp = NULL;
2719 	int iocnum, iocnumX;
2720 	int nonblock = (filp->f_flags & O_NONBLOCK);
2721 	int ret;
2722 
2723 
2724 	if (copy_from_user(&kfw32, (char __user *)arg, sizeof(kfw32)))
2725 		return -EFAULT;
2726 
2727 	/* Verify intended MPT adapter */
2728 	iocnumX = kfw32.iocnum & 0xFF;
2729 	if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2730 	    (iocp == NULL)) {
2731 		printk(KERN_DEBUG MYNAM "::compat_mptfwxfer_ioctl @%d - ioc%d not found!\n",
2732 			__LINE__, iocnumX);
2733 		return -ENODEV;
2734 	}
2735 
2736 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2737 		return ret;
2738 
2739 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mptfwxfer_ioctl() called\n",
2740 	    iocp->name));
2741 	kfw.iocnum = iocnum;
2742 	kfw.fwlen = kfw32.fwlen;
2743 	kfw.bufp = compat_ptr(kfw32.bufp);
2744 
2745 	ret = mptctl_do_fw_download(iocp, kfw.bufp, kfw.fwlen);
2746 
2747 	mutex_unlock(&iocp->ioctl_cmds.mutex);
2748 
2749 	return ret;
2750 }
2751 
2752 static int
2753 compat_mpt_command(struct file *filp, unsigned int cmd,
2754 			unsigned long arg)
2755 {
2756 	struct mpt_ioctl_command32 karg32;
2757 	struct mpt_ioctl_command32 __user *uarg = (struct mpt_ioctl_command32 __user *) arg;
2758 	struct mpt_ioctl_command karg;
2759 	MPT_ADAPTER *iocp = NULL;
2760 	int iocnum, iocnumX;
2761 	int nonblock = (filp->f_flags & O_NONBLOCK);
2762 	int ret;
2763 
2764 	if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32)))
2765 		return -EFAULT;
2766 
2767 	/* Verify intended MPT adapter */
2768 	iocnumX = karg32.hdr.iocnum & 0xFF;
2769 	if (((iocnum = mpt_verify_adapter(iocnumX, &iocp)) < 0) ||
2770 	    (iocp == NULL)) {
2771 		printk(KERN_DEBUG MYNAM "::compat_mpt_command @%d - ioc%d not found!\n",
2772 			__LINE__, iocnumX);
2773 		return -ENODEV;
2774 	}
2775 
2776 	if ((ret = mptctl_syscall_down(iocp, nonblock)) != 0)
2777 		return ret;
2778 
2779 	dctlprintk(iocp, printk(MYIOC_s_DEBUG_FMT "compat_mpt_command() called\n",
2780 	    iocp->name));
2781 	/* Copy data to karg */
2782 	karg.hdr.iocnum = karg32.hdr.iocnum;
2783 	karg.hdr.port = karg32.hdr.port;
2784 	karg.timeout = karg32.timeout;
2785 	karg.maxReplyBytes = karg32.maxReplyBytes;
2786 
2787 	karg.dataInSize = karg32.dataInSize;
2788 	karg.dataOutSize = karg32.dataOutSize;
2789 	karg.maxSenseBytes = karg32.maxSenseBytes;
2790 	karg.dataSgeOffset = karg32.dataSgeOffset;
2791 
2792 	karg.replyFrameBufPtr = (char __user *)(unsigned long)karg32.replyFrameBufPtr;
2793 	karg.dataInBufPtr = (char __user *)(unsigned long)karg32.dataInBufPtr;
2794 	karg.dataOutBufPtr = (char __user *)(unsigned long)karg32.dataOutBufPtr;
2795 	karg.senseDataPtr = (char __user *)(unsigned long)karg32.senseDataPtr;
2796 
2797 	/* Pass new structure to do_mpt_command
2798 	 */
2799 	ret = mptctl_do_mpt_command (iocp, karg, &uarg->MF);
2800 
2801 	mutex_unlock(&iocp->ioctl_cmds.mutex);
2802 
2803 	return ret;
2804 }
2805 
2806 static long compat_mpctl_ioctl(struct file *f, unsigned int cmd, unsigned long arg)
2807 {
2808 	long ret;
2809 	mutex_lock(&mpctl_mutex);
2810 	switch (cmd) {
2811 	case MPTIOCINFO:
2812 	case MPTIOCINFO1:
2813 	case MPTIOCINFO2:
2814 	case MPTTARGETINFO:
2815 	case MPTEVENTQUERY:
2816 	case MPTEVENTENABLE:
2817 	case MPTEVENTREPORT:
2818 	case MPTHARDRESET:
2819 	case HP_GETHOSTINFO:
2820 	case HP_GETTARGETINFO:
2821 	case MPTTEST:
2822 		ret = __mptctl_ioctl(f, cmd, arg);
2823 		break;
2824 	case MPTCOMMAND32:
2825 		ret = compat_mpt_command(f, cmd, arg);
2826 		break;
2827 	case MPTFWDOWNLOAD32:
2828 		ret = compat_mptfwxfer_ioctl(f, cmd, arg);
2829 		break;
2830 	default:
2831 		ret = -ENOIOCTLCMD;
2832 		break;
2833 	}
2834 	mutex_unlock(&mpctl_mutex);
2835 	return ret;
2836 }
2837 
2838 #endif
2839 
2840 
2841 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2842 /*
2843  *	mptctl_probe - Installs ioctl devices per bus.
2844  *	@pdev: Pointer to pci_dev structure
2845  *
2846  *	Returns 0 for success, non-zero for failure.
2847  *
2848  */
2849 
2850 static int
2851 mptctl_probe(struct pci_dev *pdev)
2852 {
2853 	MPT_ADAPTER *ioc = pci_get_drvdata(pdev);
2854 
2855 	mutex_init(&ioc->ioctl_cmds.mutex);
2856 	init_completion(&ioc->ioctl_cmds.done);
2857 	return 0;
2858 }
2859 
2860 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2861 /*
2862  *	mptctl_remove - Removed ioctl devices
2863  *	@pdev: Pointer to pci_dev structure
2864  *
2865  *
2866  */
2867 static void
2868 mptctl_remove(struct pci_dev *pdev)
2869 {
2870 }
2871 
2872 static struct mpt_pci_driver mptctl_driver = {
2873   .probe		= mptctl_probe,
2874   .remove		= mptctl_remove,
2875 };
2876 
2877 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2878 static int __init mptctl_init(void)
2879 {
2880 	int err;
2881 
2882 	show_mptmod_ver(my_NAME, my_VERSION);
2883 
2884 	mpt_device_driver_register(&mptctl_driver, MPTCTL_DRIVER);
2885 
2886 	/* Register this device */
2887 	err = misc_register(&mptctl_miscdev);
2888 	if (err < 0) {
2889 		printk(KERN_ERR MYNAM ": Can't register misc device [minor=%d].\n", MPT_MINOR);
2890 		goto out_fail;
2891 	}
2892 	printk(KERN_INFO MYNAM ": Registered with Fusion MPT base driver\n");
2893 	printk(KERN_INFO MYNAM ": /dev/%s @ (major,minor=%d,%d)\n",
2894 			 mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2895 
2896 	/*
2897 	 *  Install our handler
2898 	 */
2899 	mptctl_id = mpt_register(mptctl_reply, MPTCTL_DRIVER,
2900 	    "mptctl_reply");
2901 	if (!mptctl_id || mptctl_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2902 		printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2903 		misc_deregister(&mptctl_miscdev);
2904 		err = -EBUSY;
2905 		goto out_fail;
2906 	}
2907 
2908 	mptctl_taskmgmt_id = mpt_register(mptctl_taskmgmt_reply, MPTCTL_DRIVER,
2909 	    "mptctl_taskmgmt_reply");
2910 	if (!mptctl_taskmgmt_id || mptctl_taskmgmt_id >= MPT_MAX_PROTOCOL_DRIVERS) {
2911 		printk(KERN_ERR MYNAM ": ERROR: Failed to register with Fusion MPT base driver\n");
2912 		mpt_deregister(mptctl_id);
2913 		misc_deregister(&mptctl_miscdev);
2914 		err = -EBUSY;
2915 		goto out_fail;
2916 	}
2917 
2918 	mpt_reset_register(mptctl_id, mptctl_ioc_reset);
2919 	mpt_event_register(mptctl_id, mptctl_event_process);
2920 
2921 	return 0;
2922 
2923 out_fail:
2924 
2925 	mpt_device_driver_deregister(MPTCTL_DRIVER);
2926 
2927 	return err;
2928 }
2929 
2930 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2931 static void mptctl_exit(void)
2932 {
2933 	misc_deregister(&mptctl_miscdev);
2934 	printk(KERN_INFO MYNAM ": Deregistered /dev/%s @ (major,minor=%d,%d)\n",
2935 			 mptctl_miscdev.name, MISC_MAJOR, mptctl_miscdev.minor);
2936 
2937 	/* De-register event handler from base module */
2938 	mpt_event_deregister(mptctl_id);
2939 
2940 	/* De-register reset handler from base module */
2941 	mpt_reset_deregister(mptctl_id);
2942 
2943 	/* De-register callback handler from base module */
2944 	mpt_deregister(mptctl_taskmgmt_id);
2945 	mpt_deregister(mptctl_id);
2946 
2947         mpt_device_driver_deregister(MPTCTL_DRIVER);
2948 
2949 }
2950 
2951 /*=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=*/
2952 
2953 module_init(mptctl_init);
2954 module_exit(mptctl_exit);
2955