1 /* 2 * Adaptec AAC series RAID controller driver 3 * (c) Copyright 2001 Red Hat Inc. <alan@redhat.com> 4 * 5 * based on the old aacraid driver that is.. 6 * Adaptec aacraid device driver for Linux. 7 * 8 * Copyright (c) 2000-2007 Adaptec, Inc. (aacraid@adaptec.com) 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2, or (at your option) 13 * any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; see the file COPYING. If not, write to 22 * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. 23 * 24 * Module Name: 25 * commctrl.c 26 * 27 * Abstract: Contains all routines for control of the AFA comm layer 28 * 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/init.h> 33 #include <linux/types.h> 34 #include <linux/pci.h> 35 #include <linux/spinlock.h> 36 #include <linux/slab.h> 37 #include <linux/completion.h> 38 #include <linux/dma-mapping.h> 39 #include <linux/blkdev.h> 40 #include <linux/delay.h> /* ssleep prototype */ 41 #include <linux/kthread.h> 42 #include <linux/semaphore.h> 43 #include <asm/uaccess.h> 44 45 #include "aacraid.h" 46 47 /** 48 * ioctl_send_fib - send a FIB from userspace 49 * @dev: adapter is being processed 50 * @arg: arguments to the ioctl call 51 * 52 * This routine sends a fib to the adapter on behalf of a user level 53 * program. 54 */ 55 # define AAC_DEBUG_PREAMBLE KERN_INFO 56 # define AAC_DEBUG_POSTAMBLE 57 58 static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) 59 { 60 struct hw_fib * kfib; 61 struct fib *fibptr; 62 struct hw_fib * hw_fib = (struct hw_fib *)0; 63 dma_addr_t hw_fib_pa = (dma_addr_t)0LL; 64 unsigned size; 65 int retval; 66 67 if (dev->in_reset) { 68 return -EBUSY; 69 } 70 fibptr = aac_fib_alloc(dev); 71 if(fibptr == NULL) { 72 return -ENOMEM; 73 } 74 75 kfib = fibptr->hw_fib_va; 76 /* 77 * First copy in the header so that we can check the size field. 78 */ 79 if (copy_from_user((void *)kfib, arg, sizeof(struct aac_fibhdr))) { 80 aac_fib_free(fibptr); 81 return -EFAULT; 82 } 83 /* 84 * Since we copy based on the fib header size, make sure that we 85 * will not overrun the buffer when we copy the memory. Return 86 * an error if we would. 87 */ 88 size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr); 89 if (size < le16_to_cpu(kfib->header.SenderSize)) 90 size = le16_to_cpu(kfib->header.SenderSize); 91 if (size > dev->max_fib_size) { 92 if (size > 2048) { 93 retval = -EINVAL; 94 goto cleanup; 95 } 96 /* Highjack the hw_fib */ 97 hw_fib = fibptr->hw_fib_va; 98 hw_fib_pa = fibptr->hw_fib_pa; 99 fibptr->hw_fib_va = kfib = pci_alloc_consistent(dev->pdev, size, &fibptr->hw_fib_pa); 100 memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size); 101 memcpy(kfib, hw_fib, dev->max_fib_size); 102 } 103 104 if (copy_from_user(kfib, arg, size)) { 105 retval = -EFAULT; 106 goto cleanup; 107 } 108 109 if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) { 110 aac_adapter_interrupt(dev); 111 /* 112 * Since we didn't really send a fib, zero out the state to allow 113 * cleanup code not to assert. 114 */ 115 kfib->header.XferState = 0; 116 } else { 117 retval = aac_fib_send(le16_to_cpu(kfib->header.Command), fibptr, 118 le16_to_cpu(kfib->header.Size) , FsaNormal, 119 1, 1, NULL, NULL); 120 if (retval) { 121 goto cleanup; 122 } 123 if (aac_fib_complete(fibptr) != 0) { 124 retval = -EINVAL; 125 goto cleanup; 126 } 127 } 128 /* 129 * Make sure that the size returned by the adapter (which includes 130 * the header) is less than or equal to the size of a fib, so we 131 * don't corrupt application data. Then copy that size to the user 132 * buffer. (Don't try to add the header information again, since it 133 * was already included by the adapter.) 134 */ 135 136 retval = 0; 137 if (copy_to_user(arg, (void *)kfib, size)) 138 retval = -EFAULT; 139 cleanup: 140 if (hw_fib) { 141 pci_free_consistent(dev->pdev, size, kfib, fibptr->hw_fib_pa); 142 fibptr->hw_fib_pa = hw_fib_pa; 143 fibptr->hw_fib_va = hw_fib; 144 } 145 if (retval != -EINTR) 146 aac_fib_free(fibptr); 147 return retval; 148 } 149 150 /** 151 * open_getadapter_fib - Get the next fib 152 * 153 * This routine will get the next Fib, if available, from the AdapterFibContext 154 * passed in from the user. 155 */ 156 157 static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) 158 { 159 struct aac_fib_context * fibctx; 160 int status; 161 162 fibctx = kmalloc(sizeof(struct aac_fib_context), GFP_KERNEL); 163 if (fibctx == NULL) { 164 status = -ENOMEM; 165 } else { 166 unsigned long flags; 167 struct list_head * entry; 168 struct aac_fib_context * context; 169 170 fibctx->type = FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT; 171 fibctx->size = sizeof(struct aac_fib_context); 172 /* 173 * Yes yes, I know this could be an index, but we have a 174 * better guarantee of uniqueness for the locked loop below. 175 * Without the aid of a persistent history, this also helps 176 * reduce the chance that the opaque context would be reused. 177 */ 178 fibctx->unique = (u32)((ulong)fibctx & 0xFFFFFFFF); 179 /* 180 * Initialize the mutex used to wait for the next AIF. 181 */ 182 init_MUTEX_LOCKED(&fibctx->wait_sem); 183 fibctx->wait = 0; 184 /* 185 * Initialize the fibs and set the count of fibs on 186 * the list to 0. 187 */ 188 fibctx->count = 0; 189 INIT_LIST_HEAD(&fibctx->fib_list); 190 fibctx->jiffies = jiffies/HZ; 191 /* 192 * Now add this context onto the adapter's 193 * AdapterFibContext list. 194 */ 195 spin_lock_irqsave(&dev->fib_lock, flags); 196 /* Ensure that we have a unique identifier */ 197 entry = dev->fib_list.next; 198 while (entry != &dev->fib_list) { 199 context = list_entry(entry, struct aac_fib_context, next); 200 if (context->unique == fibctx->unique) { 201 /* Not unique (32 bits) */ 202 fibctx->unique++; 203 entry = dev->fib_list.next; 204 } else { 205 entry = entry->next; 206 } 207 } 208 list_add_tail(&fibctx->next, &dev->fib_list); 209 spin_unlock_irqrestore(&dev->fib_lock, flags); 210 if (copy_to_user(arg, &fibctx->unique, 211 sizeof(fibctx->unique))) { 212 status = -EFAULT; 213 } else { 214 status = 0; 215 } 216 } 217 return status; 218 } 219 220 /** 221 * next_getadapter_fib - get the next fib 222 * @dev: adapter to use 223 * @arg: ioctl argument 224 * 225 * This routine will get the next Fib, if available, from the AdapterFibContext 226 * passed in from the user. 227 */ 228 229 static int next_getadapter_fib(struct aac_dev * dev, void __user *arg) 230 { 231 struct fib_ioctl f; 232 struct fib *fib; 233 struct aac_fib_context *fibctx; 234 int status; 235 struct list_head * entry; 236 unsigned long flags; 237 238 if(copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl))) 239 return -EFAULT; 240 /* 241 * Verify that the HANDLE passed in was a valid AdapterFibContext 242 * 243 * Search the list of AdapterFibContext addresses on the adapter 244 * to be sure this is a valid address 245 */ 246 spin_lock_irqsave(&dev->fib_lock, flags); 247 entry = dev->fib_list.next; 248 fibctx = NULL; 249 250 while (entry != &dev->fib_list) { 251 fibctx = list_entry(entry, struct aac_fib_context, next); 252 /* 253 * Extract the AdapterFibContext from the Input parameters. 254 */ 255 if (fibctx->unique == f.fibctx) { /* We found a winner */ 256 break; 257 } 258 entry = entry->next; 259 fibctx = NULL; 260 } 261 if (!fibctx) { 262 spin_unlock_irqrestore(&dev->fib_lock, flags); 263 dprintk ((KERN_INFO "Fib Context not found\n")); 264 return -EINVAL; 265 } 266 267 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 268 (fibctx->size != sizeof(struct aac_fib_context))) { 269 spin_unlock_irqrestore(&dev->fib_lock, flags); 270 dprintk ((KERN_INFO "Fib Context corrupt?\n")); 271 return -EINVAL; 272 } 273 status = 0; 274 /* 275 * If there are no fibs to send back, then either wait or return 276 * -EAGAIN 277 */ 278 return_fib: 279 if (!list_empty(&fibctx->fib_list)) { 280 /* 281 * Pull the next fib from the fibs 282 */ 283 entry = fibctx->fib_list.next; 284 list_del(entry); 285 286 fib = list_entry(entry, struct fib, fiblink); 287 fibctx->count--; 288 spin_unlock_irqrestore(&dev->fib_lock, flags); 289 if (copy_to_user(f.fib, fib->hw_fib_va, sizeof(struct hw_fib))) { 290 kfree(fib->hw_fib_va); 291 kfree(fib); 292 return -EFAULT; 293 } 294 /* 295 * Free the space occupied by this copy of the fib. 296 */ 297 kfree(fib->hw_fib_va); 298 kfree(fib); 299 status = 0; 300 } else { 301 spin_unlock_irqrestore(&dev->fib_lock, flags); 302 /* If someone killed the AIF aacraid thread, restart it */ 303 status = !dev->aif_thread; 304 if (status && !dev->in_reset && dev->queues && dev->fsa_dev) { 305 /* Be paranoid, be very paranoid! */ 306 kthread_stop(dev->thread); 307 ssleep(1); 308 dev->aif_thread = 0; 309 dev->thread = kthread_run(aac_command_thread, dev, dev->name); 310 ssleep(1); 311 } 312 if (f.wait) { 313 if(down_interruptible(&fibctx->wait_sem) < 0) { 314 status = -EINTR; 315 } else { 316 /* Lock again and retry */ 317 spin_lock_irqsave(&dev->fib_lock, flags); 318 goto return_fib; 319 } 320 } else { 321 status = -EAGAIN; 322 } 323 } 324 fibctx->jiffies = jiffies/HZ; 325 return status; 326 } 327 328 int aac_close_fib_context(struct aac_dev * dev, struct aac_fib_context * fibctx) 329 { 330 struct fib *fib; 331 332 /* 333 * First free any FIBs that have not been consumed. 334 */ 335 while (!list_empty(&fibctx->fib_list)) { 336 struct list_head * entry; 337 /* 338 * Pull the next fib from the fibs 339 */ 340 entry = fibctx->fib_list.next; 341 list_del(entry); 342 fib = list_entry(entry, struct fib, fiblink); 343 fibctx->count--; 344 /* 345 * Free the space occupied by this copy of the fib. 346 */ 347 kfree(fib->hw_fib_va); 348 kfree(fib); 349 } 350 /* 351 * Remove the Context from the AdapterFibContext List 352 */ 353 list_del(&fibctx->next); 354 /* 355 * Invalidate context 356 */ 357 fibctx->type = 0; 358 /* 359 * Free the space occupied by the Context 360 */ 361 kfree(fibctx); 362 return 0; 363 } 364 365 /** 366 * close_getadapter_fib - close down user fib context 367 * @dev: adapter 368 * @arg: ioctl arguments 369 * 370 * This routine will close down the fibctx passed in from the user. 371 */ 372 373 static int close_getadapter_fib(struct aac_dev * dev, void __user *arg) 374 { 375 struct aac_fib_context *fibctx; 376 int status; 377 unsigned long flags; 378 struct list_head * entry; 379 380 /* 381 * Verify that the HANDLE passed in was a valid AdapterFibContext 382 * 383 * Search the list of AdapterFibContext addresses on the adapter 384 * to be sure this is a valid address 385 */ 386 387 entry = dev->fib_list.next; 388 fibctx = NULL; 389 390 while(entry != &dev->fib_list) { 391 fibctx = list_entry(entry, struct aac_fib_context, next); 392 /* 393 * Extract the fibctx from the input parameters 394 */ 395 if (fibctx->unique == (u32)(uintptr_t)arg) /* We found a winner */ 396 break; 397 entry = entry->next; 398 fibctx = NULL; 399 } 400 401 if (!fibctx) 402 return 0; /* Already gone */ 403 404 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 405 (fibctx->size != sizeof(struct aac_fib_context))) 406 return -EINVAL; 407 spin_lock_irqsave(&dev->fib_lock, flags); 408 status = aac_close_fib_context(dev, fibctx); 409 spin_unlock_irqrestore(&dev->fib_lock, flags); 410 return status; 411 } 412 413 /** 414 * check_revision - close down user fib context 415 * @dev: adapter 416 * @arg: ioctl arguments 417 * 418 * This routine returns the driver version. 419 * Under Linux, there have been no version incompatibilities, so this is 420 * simple! 421 */ 422 423 static int check_revision(struct aac_dev *dev, void __user *arg) 424 { 425 struct revision response; 426 char *driver_version = aac_driver_version; 427 u32 version; 428 429 response.compat = 1; 430 version = (simple_strtol(driver_version, 431 &driver_version, 10) << 24) | 0x00000400; 432 version += simple_strtol(driver_version + 1, &driver_version, 10) << 16; 433 version += simple_strtol(driver_version + 1, NULL, 10); 434 response.version = cpu_to_le32(version); 435 # ifdef AAC_DRIVER_BUILD 436 response.build = cpu_to_le32(AAC_DRIVER_BUILD); 437 # else 438 response.build = cpu_to_le32(9999); 439 # endif 440 441 if (copy_to_user(arg, &response, sizeof(response))) 442 return -EFAULT; 443 return 0; 444 } 445 446 447 /** 448 * 449 * aac_send_raw_scb 450 * 451 */ 452 453 static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) 454 { 455 struct fib* srbfib; 456 int status; 457 struct aac_srb *srbcmd = NULL; 458 struct user_aac_srb *user_srbcmd = NULL; 459 struct user_aac_srb __user *user_srb = arg; 460 struct aac_srb_reply __user *user_reply; 461 struct aac_srb_reply* reply; 462 u32 fibsize = 0; 463 u32 flags = 0; 464 s32 rcode = 0; 465 u32 data_dir; 466 void __user *sg_user[32]; 467 void *sg_list[32]; 468 u32 sg_indx = 0; 469 u32 byte_count = 0; 470 u32 actual_fibsize64, actual_fibsize = 0; 471 int i; 472 473 474 if (dev->in_reset) { 475 dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); 476 return -EBUSY; 477 } 478 if (!capable(CAP_SYS_ADMIN)){ 479 dprintk((KERN_DEBUG"aacraid: No permission to send raw srb\n")); 480 return -EPERM; 481 } 482 /* 483 * Allocate and initialize a Fib then setup a SRB command 484 */ 485 if (!(srbfib = aac_fib_alloc(dev))) { 486 return -ENOMEM; 487 } 488 aac_fib_init(srbfib); 489 490 srbcmd = (struct aac_srb*) fib_data(srbfib); 491 492 memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */ 493 if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){ 494 dprintk((KERN_DEBUG"aacraid: Could not copy data size from user\n")); 495 rcode = -EFAULT; 496 goto cleanup; 497 } 498 499 if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) { 500 rcode = -EINVAL; 501 goto cleanup; 502 } 503 504 user_srbcmd = kmalloc(fibsize, GFP_KERNEL); 505 if (!user_srbcmd) { 506 dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); 507 rcode = -ENOMEM; 508 goto cleanup; 509 } 510 if(copy_from_user(user_srbcmd, user_srb,fibsize)){ 511 dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); 512 rcode = -EFAULT; 513 goto cleanup; 514 } 515 516 user_reply = arg+fibsize; 517 518 flags = user_srbcmd->flags; /* from user in cpu order */ 519 // Fix up srb for endian and force some values 520 521 srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); // Force this 522 srbcmd->channel = cpu_to_le32(user_srbcmd->channel); 523 srbcmd->id = cpu_to_le32(user_srbcmd->id); 524 srbcmd->lun = cpu_to_le32(user_srbcmd->lun); 525 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); 526 srbcmd->flags = cpu_to_le32(flags); 527 srbcmd->retry_limit = 0; // Obsolete parameter 528 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); 529 memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb)); 530 531 switch (flags & (SRB_DataIn | SRB_DataOut)) { 532 case SRB_DataOut: 533 data_dir = DMA_TO_DEVICE; 534 break; 535 case (SRB_DataIn | SRB_DataOut): 536 data_dir = DMA_BIDIRECTIONAL; 537 break; 538 case SRB_DataIn: 539 data_dir = DMA_FROM_DEVICE; 540 break; 541 default: 542 data_dir = DMA_NONE; 543 } 544 if (user_srbcmd->sg.count > ARRAY_SIZE(sg_list)) { 545 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", 546 le32_to_cpu(srbcmd->sg.count))); 547 rcode = -EINVAL; 548 goto cleanup; 549 } 550 actual_fibsize = sizeof(struct aac_srb) - sizeof(struct sgentry) + 551 ((user_srbcmd->sg.count & 0xff) * sizeof(struct sgentry)); 552 actual_fibsize64 = actual_fibsize + (user_srbcmd->sg.count & 0xff) * 553 (sizeof(struct sgentry64) - sizeof(struct sgentry)); 554 /* User made a mistake - should not continue */ 555 if ((actual_fibsize != fibsize) && (actual_fibsize64 != fibsize)) { 556 dprintk((KERN_DEBUG"aacraid: Bad Size specified in " 557 "Raw SRB command calculated fibsize=%lu;%lu " 558 "user_srbcmd->sg.count=%d aac_srb=%lu sgentry=%lu;%lu " 559 "issued fibsize=%d\n", 560 actual_fibsize, actual_fibsize64, user_srbcmd->sg.count, 561 sizeof(struct aac_srb), sizeof(struct sgentry), 562 sizeof(struct sgentry64), fibsize)); 563 rcode = -EINVAL; 564 goto cleanup; 565 } 566 if ((data_dir == DMA_NONE) && user_srbcmd->sg.count) { 567 dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n")); 568 rcode = -EINVAL; 569 goto cleanup; 570 } 571 byte_count = 0; 572 if (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) { 573 struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg; 574 struct sgmap64* psg = (struct sgmap64*)&srbcmd->sg; 575 576 /* 577 * This should also catch if user used the 32 bit sgmap 578 */ 579 if (actual_fibsize64 == fibsize) { 580 actual_fibsize = actual_fibsize64; 581 for (i = 0; i < upsg->count; i++) { 582 u64 addr; 583 void* p; 584 /* Does this really need to be GFP_DMA? */ 585 p = kmalloc(upsg->sg[i].count,GFP_KERNEL|__GFP_DMA); 586 if(!p) { 587 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 588 upsg->sg[i].count,i,upsg->count)); 589 rcode = -ENOMEM; 590 goto cleanup; 591 } 592 addr = (u64)upsg->sg[i].addr[0]; 593 addr += ((u64)upsg->sg[i].addr[1]) << 32; 594 sg_user[i] = (void __user *)(uintptr_t)addr; 595 sg_list[i] = p; // save so we can clean up later 596 sg_indx = i; 597 598 if (flags & SRB_DataOut) { 599 if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ 600 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 601 rcode = -EFAULT; 602 goto cleanup; 603 } 604 } 605 addr = pci_map_single(dev->pdev, p, upsg->sg[i].count, data_dir); 606 607 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 608 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 609 byte_count += upsg->sg[i].count; 610 psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); 611 } 612 } else { 613 struct user_sgmap* usg; 614 usg = kmalloc(actual_fibsize - sizeof(struct aac_srb) 615 + sizeof(struct sgmap), GFP_KERNEL); 616 if (!usg) { 617 dprintk((KERN_DEBUG"aacraid: Allocation error in Raw SRB command\n")); 618 rcode = -ENOMEM; 619 goto cleanup; 620 } 621 memcpy (usg, upsg, actual_fibsize - sizeof(struct aac_srb) 622 + sizeof(struct sgmap)); 623 actual_fibsize = actual_fibsize64; 624 625 for (i = 0; i < usg->count; i++) { 626 u64 addr; 627 void* p; 628 /* Does this really need to be GFP_DMA? */ 629 p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); 630 if(!p) { 631 kfree (usg); 632 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 633 usg->sg[i].count,i,usg->count)); 634 rcode = -ENOMEM; 635 goto cleanup; 636 } 637 sg_user[i] = (void __user *)(uintptr_t)usg->sg[i].addr; 638 sg_list[i] = p; // save so we can clean up later 639 sg_indx = i; 640 641 if (flags & SRB_DataOut) { 642 if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ 643 kfree (usg); 644 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 645 rcode = -EFAULT; 646 goto cleanup; 647 } 648 } 649 addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); 650 651 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 652 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 653 byte_count += usg->sg[i].count; 654 psg->sg[i].count = cpu_to_le32(usg->sg[i].count); 655 } 656 kfree (usg); 657 } 658 srbcmd->count = cpu_to_le32(byte_count); 659 psg->count = cpu_to_le32(sg_indx+1); 660 status = aac_fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); 661 } else { 662 struct user_sgmap* upsg = &user_srbcmd->sg; 663 struct sgmap* psg = &srbcmd->sg; 664 665 if (actual_fibsize64 == fibsize) { 666 struct user_sgmap64* usg = (struct user_sgmap64 *)upsg; 667 for (i = 0; i < upsg->count; i++) { 668 uintptr_t addr; 669 void* p; 670 /* Does this really need to be GFP_DMA? */ 671 p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); 672 if(!p) { 673 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 674 usg->sg[i].count,i,usg->count)); 675 rcode = -ENOMEM; 676 goto cleanup; 677 } 678 addr = (u64)usg->sg[i].addr[0]; 679 addr += ((u64)usg->sg[i].addr[1]) << 32; 680 sg_user[i] = (void __user *)addr; 681 sg_list[i] = p; // save so we can clean up later 682 sg_indx = i; 683 684 if (flags & SRB_DataOut) { 685 if(copy_from_user(p,sg_user[i],usg->sg[i].count)){ 686 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 687 rcode = -EFAULT; 688 goto cleanup; 689 } 690 } 691 addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); 692 693 psg->sg[i].addr = cpu_to_le32(addr & 0xffffffff); 694 byte_count += usg->sg[i].count; 695 psg->sg[i].count = cpu_to_le32(usg->sg[i].count); 696 } 697 } else { 698 for (i = 0; i < upsg->count; i++) { 699 dma_addr_t addr; 700 void* p; 701 p = kmalloc(upsg->sg[i].count, GFP_KERNEL); 702 if (!p) { 703 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 704 upsg->sg[i].count, i, upsg->count)); 705 rcode = -ENOMEM; 706 goto cleanup; 707 } 708 sg_user[i] = (void __user *)(uintptr_t)upsg->sg[i].addr; 709 sg_list[i] = p; // save so we can clean up later 710 sg_indx = i; 711 712 if (flags & SRB_DataOut) { 713 if(copy_from_user(p, sg_user[i], 714 upsg->sg[i].count)) { 715 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 716 rcode = -EFAULT; 717 goto cleanup; 718 } 719 } 720 addr = pci_map_single(dev->pdev, p, 721 upsg->sg[i].count, data_dir); 722 723 psg->sg[i].addr = cpu_to_le32(addr); 724 byte_count += upsg->sg[i].count; 725 psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); 726 } 727 } 728 srbcmd->count = cpu_to_le32(byte_count); 729 psg->count = cpu_to_le32(sg_indx+1); 730 status = aac_fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); 731 } 732 if (status == -EINTR) { 733 rcode = -EINTR; 734 goto cleanup; 735 } 736 737 if (status != 0){ 738 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); 739 rcode = -ENXIO; 740 goto cleanup; 741 } 742 743 if (flags & SRB_DataIn) { 744 for(i = 0 ; i <= sg_indx; i++){ 745 byte_count = le32_to_cpu( 746 (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) 747 ? ((struct sgmap64*)&srbcmd->sg)->sg[i].count 748 : srbcmd->sg.sg[i].count); 749 if(copy_to_user(sg_user[i], sg_list[i], byte_count)){ 750 dprintk((KERN_DEBUG"aacraid: Could not copy sg data to user\n")); 751 rcode = -EFAULT; 752 goto cleanup; 753 754 } 755 } 756 } 757 758 reply = (struct aac_srb_reply *) fib_data(srbfib); 759 if(copy_to_user(user_reply,reply,sizeof(struct aac_srb_reply))){ 760 dprintk((KERN_DEBUG"aacraid: Could not copy reply to user\n")); 761 rcode = -EFAULT; 762 goto cleanup; 763 } 764 765 cleanup: 766 kfree(user_srbcmd); 767 for(i=0; i <= sg_indx; i++){ 768 kfree(sg_list[i]); 769 } 770 if (rcode != -EINTR) { 771 aac_fib_complete(srbfib); 772 aac_fib_free(srbfib); 773 } 774 775 return rcode; 776 } 777 778 struct aac_pci_info { 779 u32 bus; 780 u32 slot; 781 }; 782 783 784 static int aac_get_pci_info(struct aac_dev* dev, void __user *arg) 785 { 786 struct aac_pci_info pci_info; 787 788 pci_info.bus = dev->pdev->bus->number; 789 pci_info.slot = PCI_SLOT(dev->pdev->devfn); 790 791 if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) { 792 dprintk((KERN_DEBUG "aacraid: Could not copy pci info\n")); 793 return -EFAULT; 794 } 795 return 0; 796 } 797 798 799 int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) 800 { 801 int status; 802 803 /* 804 * HBA gets first crack 805 */ 806 807 status = aac_dev_ioctl(dev, cmd, arg); 808 if(status != -ENOTTY) 809 return status; 810 811 switch (cmd) { 812 case FSACTL_MINIPORT_REV_CHECK: 813 status = check_revision(dev, arg); 814 break; 815 case FSACTL_SEND_LARGE_FIB: 816 case FSACTL_SENDFIB: 817 status = ioctl_send_fib(dev, arg); 818 break; 819 case FSACTL_OPEN_GET_ADAPTER_FIB: 820 status = open_getadapter_fib(dev, arg); 821 break; 822 case FSACTL_GET_NEXT_ADAPTER_FIB: 823 status = next_getadapter_fib(dev, arg); 824 break; 825 case FSACTL_CLOSE_GET_ADAPTER_FIB: 826 status = close_getadapter_fib(dev, arg); 827 break; 828 case FSACTL_SEND_RAW_SRB: 829 status = aac_send_raw_srb(dev,arg); 830 break; 831 case FSACTL_GET_PCI_INFO: 832 status = aac_get_pci_info(dev,arg); 833 break; 834 default: 835 status = -ENOTTY; 836 break; 837 } 838 return status; 839 } 840 841