1 /* 2 * Adaptec AAC series RAID controller driver 3 * (c) Copyright 2001 Red Hat Inc. 4 * 5 * based on the old aacraid driver that is.. 6 * Adaptec aacraid device driver for Linux. 7 * 8 * Copyright (c) 2000-2010 Adaptec, Inc. 9 * 2010-2015 PMC-Sierra, Inc. (aacraid@pmc-sierra.com) 10 * 2016-2017 Microsemi Corp. (aacraid@microsemi.com) 11 * 12 * This program is free software; you can redistribute it and/or modify 13 * it under the terms of the GNU General Public License as published by 14 * the Free Software Foundation; either version 2, or (at your option) 15 * any later version. 16 * 17 * This program is distributed in the hope that it will be useful, 18 * but WITHOUT ANY WARRANTY; without even the implied warranty of 19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 20 * GNU General Public License for more details. 21 * 22 * You should have received a copy of the GNU General Public License 23 * along with this program; see the file COPYING. If not, write to 24 * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. 25 * 26 * Module Name: 27 * commctrl.c 28 * 29 * Abstract: Contains all routines for control of the AFA comm layer 30 * 31 */ 32 33 #include <linux/kernel.h> 34 #include <linux/init.h> 35 #include <linux/types.h> 36 #include <linux/pci.h> 37 #include <linux/spinlock.h> 38 #include <linux/slab.h> 39 #include <linux/completion.h> 40 #include <linux/dma-mapping.h> 41 #include <linux/blkdev.h> 42 #include <linux/delay.h> /* ssleep prototype */ 43 #include <linux/kthread.h> 44 #include <linux/semaphore.h> 45 #include <linux/uaccess.h> 46 #include <scsi/scsi_host.h> 47 48 #include "aacraid.h" 49 50 /** 51 * ioctl_send_fib - send a FIB from userspace 52 * @dev: adapter is being processed 53 * @arg: arguments to the ioctl call 54 * 55 * This routine sends a fib to the adapter on behalf of a user level 56 * program. 57 */ 58 # define AAC_DEBUG_PREAMBLE KERN_INFO 59 # define AAC_DEBUG_POSTAMBLE 60 61 static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) 62 { 63 struct hw_fib * kfib; 64 struct fib *fibptr; 65 struct hw_fib * hw_fib = (struct hw_fib *)0; 66 dma_addr_t hw_fib_pa = (dma_addr_t)0LL; 67 unsigned int size, osize; 68 int retval; 69 70 if (dev->in_reset) { 71 return -EBUSY; 72 } 73 fibptr = aac_fib_alloc(dev); 74 if(fibptr == NULL) { 75 return -ENOMEM; 76 } 77 78 kfib = fibptr->hw_fib_va; 79 /* 80 * First copy in the header so that we can check the size field. 81 */ 82 if (copy_from_user((void *)kfib, arg, sizeof(struct aac_fibhdr))) { 83 aac_fib_free(fibptr); 84 return -EFAULT; 85 } 86 /* 87 * Since we copy based on the fib header size, make sure that we 88 * will not overrun the buffer when we copy the memory. Return 89 * an error if we would. 90 */ 91 osize = size = le16_to_cpu(kfib->header.Size) + 92 sizeof(struct aac_fibhdr); 93 if (size < le16_to_cpu(kfib->header.SenderSize)) 94 size = le16_to_cpu(kfib->header.SenderSize); 95 if (size > dev->max_fib_size) { 96 dma_addr_t daddr; 97 98 if (size > 2048) { 99 retval = -EINVAL; 100 goto cleanup; 101 } 102 103 kfib = dma_alloc_coherent(&dev->pdev->dev, size, &daddr, 104 GFP_KERNEL); 105 if (!kfib) { 106 retval = -ENOMEM; 107 goto cleanup; 108 } 109 110 /* Highjack the hw_fib */ 111 hw_fib = fibptr->hw_fib_va; 112 hw_fib_pa = fibptr->hw_fib_pa; 113 fibptr->hw_fib_va = kfib; 114 fibptr->hw_fib_pa = daddr; 115 memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size); 116 memcpy(kfib, hw_fib, dev->max_fib_size); 117 } 118 119 if (copy_from_user(kfib, arg, size)) { 120 retval = -EFAULT; 121 goto cleanup; 122 } 123 124 /* Sanity check the second copy */ 125 if ((osize != le16_to_cpu(kfib->header.Size) + 126 sizeof(struct aac_fibhdr)) 127 || (size < le16_to_cpu(kfib->header.SenderSize))) { 128 retval = -EINVAL; 129 goto cleanup; 130 } 131 132 if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) { 133 aac_adapter_interrupt(dev); 134 /* 135 * Since we didn't really send a fib, zero out the state to allow 136 * cleanup code not to assert. 137 */ 138 kfib->header.XferState = 0; 139 } else { 140 retval = aac_fib_send(le16_to_cpu(kfib->header.Command), fibptr, 141 le16_to_cpu(kfib->header.Size) , FsaNormal, 142 1, 1, NULL, NULL); 143 if (retval) { 144 goto cleanup; 145 } 146 if (aac_fib_complete(fibptr) != 0) { 147 retval = -EINVAL; 148 goto cleanup; 149 } 150 } 151 /* 152 * Make sure that the size returned by the adapter (which includes 153 * the header) is less than or equal to the size of a fib, so we 154 * don't corrupt application data. Then copy that size to the user 155 * buffer. (Don't try to add the header information again, since it 156 * was already included by the adapter.) 157 */ 158 159 retval = 0; 160 if (copy_to_user(arg, (void *)kfib, size)) 161 retval = -EFAULT; 162 cleanup: 163 if (hw_fib) { 164 dma_free_coherent(&dev->pdev->dev, size, kfib, 165 fibptr->hw_fib_pa); 166 fibptr->hw_fib_pa = hw_fib_pa; 167 fibptr->hw_fib_va = hw_fib; 168 } 169 if (retval != -ERESTARTSYS) 170 aac_fib_free(fibptr); 171 return retval; 172 } 173 174 /** 175 * open_getadapter_fib - Get the next fib 176 * 177 * This routine will get the next Fib, if available, from the AdapterFibContext 178 * passed in from the user. 179 */ 180 181 static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) 182 { 183 struct aac_fib_context * fibctx; 184 int status; 185 186 fibctx = kmalloc(sizeof(struct aac_fib_context), GFP_KERNEL); 187 if (fibctx == NULL) { 188 status = -ENOMEM; 189 } else { 190 unsigned long flags; 191 struct list_head * entry; 192 struct aac_fib_context * context; 193 194 fibctx->type = FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT; 195 fibctx->size = sizeof(struct aac_fib_context); 196 /* 197 * Yes yes, I know this could be an index, but we have a 198 * better guarantee of uniqueness for the locked loop below. 199 * Without the aid of a persistent history, this also helps 200 * reduce the chance that the opaque context would be reused. 201 */ 202 fibctx->unique = (u32)((ulong)fibctx & 0xFFFFFFFF); 203 /* 204 * Initialize the mutex used to wait for the next AIF. 205 */ 206 sema_init(&fibctx->wait_sem, 0); 207 fibctx->wait = 0; 208 /* 209 * Initialize the fibs and set the count of fibs on 210 * the list to 0. 211 */ 212 fibctx->count = 0; 213 INIT_LIST_HEAD(&fibctx->fib_list); 214 fibctx->jiffies = jiffies/HZ; 215 /* 216 * Now add this context onto the adapter's 217 * AdapterFibContext list. 218 */ 219 spin_lock_irqsave(&dev->fib_lock, flags); 220 /* Ensure that we have a unique identifier */ 221 entry = dev->fib_list.next; 222 while (entry != &dev->fib_list) { 223 context = list_entry(entry, struct aac_fib_context, next); 224 if (context->unique == fibctx->unique) { 225 /* Not unique (32 bits) */ 226 fibctx->unique++; 227 entry = dev->fib_list.next; 228 } else { 229 entry = entry->next; 230 } 231 } 232 list_add_tail(&fibctx->next, &dev->fib_list); 233 spin_unlock_irqrestore(&dev->fib_lock, flags); 234 if (copy_to_user(arg, &fibctx->unique, 235 sizeof(fibctx->unique))) { 236 status = -EFAULT; 237 } else { 238 status = 0; 239 } 240 } 241 return status; 242 } 243 244 /** 245 * next_getadapter_fib - get the next fib 246 * @dev: adapter to use 247 * @arg: ioctl argument 248 * 249 * This routine will get the next Fib, if available, from the AdapterFibContext 250 * passed in from the user. 251 */ 252 253 static int next_getadapter_fib(struct aac_dev * dev, void __user *arg) 254 { 255 struct fib_ioctl f; 256 struct fib *fib; 257 struct aac_fib_context *fibctx; 258 int status; 259 struct list_head * entry; 260 unsigned long flags; 261 262 if(copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl))) 263 return -EFAULT; 264 /* 265 * Verify that the HANDLE passed in was a valid AdapterFibContext 266 * 267 * Search the list of AdapterFibContext addresses on the adapter 268 * to be sure this is a valid address 269 */ 270 spin_lock_irqsave(&dev->fib_lock, flags); 271 entry = dev->fib_list.next; 272 fibctx = NULL; 273 274 while (entry != &dev->fib_list) { 275 fibctx = list_entry(entry, struct aac_fib_context, next); 276 /* 277 * Extract the AdapterFibContext from the Input parameters. 278 */ 279 if (fibctx->unique == f.fibctx) { /* We found a winner */ 280 break; 281 } 282 entry = entry->next; 283 fibctx = NULL; 284 } 285 if (!fibctx) { 286 spin_unlock_irqrestore(&dev->fib_lock, flags); 287 dprintk ((KERN_INFO "Fib Context not found\n")); 288 return -EINVAL; 289 } 290 291 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 292 (fibctx->size != sizeof(struct aac_fib_context))) { 293 spin_unlock_irqrestore(&dev->fib_lock, flags); 294 dprintk ((KERN_INFO "Fib Context corrupt?\n")); 295 return -EINVAL; 296 } 297 status = 0; 298 /* 299 * If there are no fibs to send back, then either wait or return 300 * -EAGAIN 301 */ 302 return_fib: 303 if (!list_empty(&fibctx->fib_list)) { 304 /* 305 * Pull the next fib from the fibs 306 */ 307 entry = fibctx->fib_list.next; 308 list_del(entry); 309 310 fib = list_entry(entry, struct fib, fiblink); 311 fibctx->count--; 312 spin_unlock_irqrestore(&dev->fib_lock, flags); 313 if (copy_to_user(f.fib, fib->hw_fib_va, sizeof(struct hw_fib))) { 314 kfree(fib->hw_fib_va); 315 kfree(fib); 316 return -EFAULT; 317 } 318 /* 319 * Free the space occupied by this copy of the fib. 320 */ 321 kfree(fib->hw_fib_va); 322 kfree(fib); 323 status = 0; 324 } else { 325 spin_unlock_irqrestore(&dev->fib_lock, flags); 326 /* If someone killed the AIF aacraid thread, restart it */ 327 status = !dev->aif_thread; 328 if (status && !dev->in_reset && dev->queues && dev->fsa_dev) { 329 /* Be paranoid, be very paranoid! */ 330 kthread_stop(dev->thread); 331 ssleep(1); 332 dev->aif_thread = 0; 333 dev->thread = kthread_run(aac_command_thread, dev, 334 "%s", dev->name); 335 ssleep(1); 336 } 337 if (f.wait) { 338 if(down_interruptible(&fibctx->wait_sem) < 0) { 339 status = -ERESTARTSYS; 340 } else { 341 /* Lock again and retry */ 342 spin_lock_irqsave(&dev->fib_lock, flags); 343 goto return_fib; 344 } 345 } else { 346 status = -EAGAIN; 347 } 348 } 349 fibctx->jiffies = jiffies/HZ; 350 return status; 351 } 352 353 int aac_close_fib_context(struct aac_dev * dev, struct aac_fib_context * fibctx) 354 { 355 struct fib *fib; 356 357 /* 358 * First free any FIBs that have not been consumed. 359 */ 360 while (!list_empty(&fibctx->fib_list)) { 361 struct list_head * entry; 362 /* 363 * Pull the next fib from the fibs 364 */ 365 entry = fibctx->fib_list.next; 366 list_del(entry); 367 fib = list_entry(entry, struct fib, fiblink); 368 fibctx->count--; 369 /* 370 * Free the space occupied by this copy of the fib. 371 */ 372 kfree(fib->hw_fib_va); 373 kfree(fib); 374 } 375 /* 376 * Remove the Context from the AdapterFibContext List 377 */ 378 list_del(&fibctx->next); 379 /* 380 * Invalidate context 381 */ 382 fibctx->type = 0; 383 /* 384 * Free the space occupied by the Context 385 */ 386 kfree(fibctx); 387 return 0; 388 } 389 390 /** 391 * close_getadapter_fib - close down user fib context 392 * @dev: adapter 393 * @arg: ioctl arguments 394 * 395 * This routine will close down the fibctx passed in from the user. 396 */ 397 398 static int close_getadapter_fib(struct aac_dev * dev, void __user *arg) 399 { 400 struct aac_fib_context *fibctx; 401 int status; 402 unsigned long flags; 403 struct list_head * entry; 404 405 /* 406 * Verify that the HANDLE passed in was a valid AdapterFibContext 407 * 408 * Search the list of AdapterFibContext addresses on the adapter 409 * to be sure this is a valid address 410 */ 411 412 entry = dev->fib_list.next; 413 fibctx = NULL; 414 415 while(entry != &dev->fib_list) { 416 fibctx = list_entry(entry, struct aac_fib_context, next); 417 /* 418 * Extract the fibctx from the input parameters 419 */ 420 if (fibctx->unique == (u32)(uintptr_t)arg) /* We found a winner */ 421 break; 422 entry = entry->next; 423 fibctx = NULL; 424 } 425 426 if (!fibctx) 427 return 0; /* Already gone */ 428 429 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 430 (fibctx->size != sizeof(struct aac_fib_context))) 431 return -EINVAL; 432 spin_lock_irqsave(&dev->fib_lock, flags); 433 status = aac_close_fib_context(dev, fibctx); 434 spin_unlock_irqrestore(&dev->fib_lock, flags); 435 return status; 436 } 437 438 /** 439 * check_revision - close down user fib context 440 * @dev: adapter 441 * @arg: ioctl arguments 442 * 443 * This routine returns the driver version. 444 * Under Linux, there have been no version incompatibilities, so this is 445 * simple! 446 */ 447 448 static int check_revision(struct aac_dev *dev, void __user *arg) 449 { 450 struct revision response; 451 char *driver_version = aac_driver_version; 452 u32 version; 453 454 response.compat = 1; 455 version = (simple_strtol(driver_version, 456 &driver_version, 10) << 24) | 0x00000400; 457 version += simple_strtol(driver_version + 1, &driver_version, 10) << 16; 458 version += simple_strtol(driver_version + 1, NULL, 10); 459 response.version = cpu_to_le32(version); 460 # ifdef AAC_DRIVER_BUILD 461 response.build = cpu_to_le32(AAC_DRIVER_BUILD); 462 # else 463 response.build = cpu_to_le32(9999); 464 # endif 465 466 if (copy_to_user(arg, &response, sizeof(response))) 467 return -EFAULT; 468 return 0; 469 } 470 471 472 /** 473 * 474 * aac_send_raw_scb 475 * 476 */ 477 478 static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) 479 { 480 struct fib* srbfib; 481 int status; 482 struct aac_srb *srbcmd = NULL; 483 struct aac_hba_cmd_req *hbacmd = NULL; 484 struct user_aac_srb *user_srbcmd = NULL; 485 struct user_aac_srb __user *user_srb = arg; 486 struct aac_srb_reply __user *user_reply; 487 u32 chn; 488 u32 fibsize = 0; 489 u32 flags = 0; 490 s32 rcode = 0; 491 u32 data_dir; 492 void __user *sg_user[HBA_MAX_SG_EMBEDDED]; 493 void *sg_list[HBA_MAX_SG_EMBEDDED]; 494 u32 sg_count[HBA_MAX_SG_EMBEDDED]; 495 u32 sg_indx = 0; 496 u32 byte_count = 0; 497 u32 actual_fibsize64, actual_fibsize = 0; 498 int i; 499 int is_native_device; 500 u64 address; 501 502 503 if (dev->in_reset) { 504 dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); 505 return -EBUSY; 506 } 507 if (!capable(CAP_SYS_ADMIN)){ 508 dprintk((KERN_DEBUG"aacraid: No permission to send raw srb\n")); 509 return -EPERM; 510 } 511 /* 512 * Allocate and initialize a Fib then setup a SRB command 513 */ 514 if (!(srbfib = aac_fib_alloc(dev))) { 515 return -ENOMEM; 516 } 517 518 memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */ 519 if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){ 520 dprintk((KERN_DEBUG"aacraid: Could not copy data size from user\n")); 521 rcode = -EFAULT; 522 goto cleanup; 523 } 524 525 if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct user_sgentry))) || 526 (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr)))) { 527 rcode = -EINVAL; 528 goto cleanup; 529 } 530 531 user_srbcmd = kmalloc(fibsize, GFP_KERNEL); 532 if (!user_srbcmd) { 533 dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); 534 rcode = -ENOMEM; 535 goto cleanup; 536 } 537 if(copy_from_user(user_srbcmd, user_srb,fibsize)){ 538 dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); 539 rcode = -EFAULT; 540 goto cleanup; 541 } 542 543 flags = user_srbcmd->flags; /* from user in cpu order */ 544 switch (flags & (SRB_DataIn | SRB_DataOut)) { 545 case SRB_DataOut: 546 data_dir = DMA_TO_DEVICE; 547 break; 548 case (SRB_DataIn | SRB_DataOut): 549 data_dir = DMA_BIDIRECTIONAL; 550 break; 551 case SRB_DataIn: 552 data_dir = DMA_FROM_DEVICE; 553 break; 554 default: 555 data_dir = DMA_NONE; 556 } 557 if (user_srbcmd->sg.count > ARRAY_SIZE(sg_list)) { 558 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", 559 user_srbcmd->sg.count)); 560 rcode = -EINVAL; 561 goto cleanup; 562 } 563 if ((data_dir == DMA_NONE) && user_srbcmd->sg.count) { 564 dprintk((KERN_DEBUG"aacraid:SG with no direction specified\n")); 565 rcode = -EINVAL; 566 goto cleanup; 567 } 568 actual_fibsize = sizeof(struct aac_srb) - sizeof(struct sgentry) + 569 ((user_srbcmd->sg.count & 0xff) * sizeof(struct sgentry)); 570 actual_fibsize64 = actual_fibsize + (user_srbcmd->sg.count & 0xff) * 571 (sizeof(struct sgentry64) - sizeof(struct sgentry)); 572 /* User made a mistake - should not continue */ 573 if ((actual_fibsize != fibsize) && (actual_fibsize64 != fibsize)) { 574 dprintk((KERN_DEBUG"aacraid: Bad Size specified in " 575 "Raw SRB command calculated fibsize=%lu;%lu " 576 "user_srbcmd->sg.count=%d aac_srb=%lu sgentry=%lu;%lu " 577 "issued fibsize=%d\n", 578 actual_fibsize, actual_fibsize64, user_srbcmd->sg.count, 579 sizeof(struct aac_srb), sizeof(struct sgentry), 580 sizeof(struct sgentry64), fibsize)); 581 rcode = -EINVAL; 582 goto cleanup; 583 } 584 585 chn = user_srbcmd->channel; 586 if (chn < AAC_MAX_BUSES && user_srbcmd->id < AAC_MAX_TARGETS && 587 dev->hba_map[chn][user_srbcmd->id].devtype == 588 AAC_DEVTYPE_NATIVE_RAW) { 589 is_native_device = 1; 590 hbacmd = (struct aac_hba_cmd_req *)srbfib->hw_fib_va; 591 memset(hbacmd, 0, 96); /* sizeof(*hbacmd) is not necessary */ 592 593 /* iu_type is a parameter of aac_hba_send */ 594 switch (data_dir) { 595 case DMA_TO_DEVICE: 596 hbacmd->byte1 = 2; 597 break; 598 case DMA_FROM_DEVICE: 599 case DMA_BIDIRECTIONAL: 600 hbacmd->byte1 = 1; 601 break; 602 case DMA_NONE: 603 default: 604 break; 605 } 606 hbacmd->lun[1] = cpu_to_le32(user_srbcmd->lun); 607 hbacmd->it_nexus = dev->hba_map[chn][user_srbcmd->id].rmw_nexus; 608 609 /* 610 * we fill in reply_qid later in aac_src_deliver_message 611 * we fill in iu_type, request_id later in aac_hba_send 612 * we fill in emb_data_desc_count, data_length later 613 * in sg list build 614 */ 615 616 memcpy(hbacmd->cdb, user_srbcmd->cdb, sizeof(hbacmd->cdb)); 617 618 address = (u64)srbfib->hw_error_pa; 619 hbacmd->error_ptr_hi = cpu_to_le32((u32)(address >> 32)); 620 hbacmd->error_ptr_lo = cpu_to_le32((u32)(address & 0xffffffff)); 621 hbacmd->error_length = cpu_to_le32(FW_ERROR_BUFFER_SIZE); 622 hbacmd->emb_data_desc_count = 623 cpu_to_le32(user_srbcmd->sg.count); 624 srbfib->hbacmd_size = 64 + 625 user_srbcmd->sg.count * sizeof(struct aac_hba_sgl); 626 627 } else { 628 is_native_device = 0; 629 aac_fib_init(srbfib); 630 631 /* raw_srb FIB is not FastResponseCapable */ 632 srbfib->hw_fib_va->header.XferState &= 633 ~cpu_to_le32(FastResponseCapable); 634 635 srbcmd = (struct aac_srb *) fib_data(srbfib); 636 637 // Fix up srb for endian and force some values 638 639 srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); // Force this 640 srbcmd->channel = cpu_to_le32(user_srbcmd->channel); 641 srbcmd->id = cpu_to_le32(user_srbcmd->id); 642 srbcmd->lun = cpu_to_le32(user_srbcmd->lun); 643 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); 644 srbcmd->flags = cpu_to_le32(flags); 645 srbcmd->retry_limit = 0; // Obsolete parameter 646 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); 647 memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb)); 648 } 649 650 byte_count = 0; 651 if (is_native_device) { 652 struct user_sgmap *usg32 = &user_srbcmd->sg; 653 struct user_sgmap64 *usg64 = 654 (struct user_sgmap64 *)&user_srbcmd->sg; 655 656 for (i = 0; i < usg32->count; i++) { 657 void *p; 658 u64 addr; 659 660 sg_count[i] = (actual_fibsize64 == fibsize) ? 661 usg64->sg[i].count : usg32->sg[i].count; 662 if (sg_count[i] > 663 (dev->scsi_host_ptr->max_sectors << 9)) { 664 pr_err("aacraid: upsg->sg[%d].count=%u>%u\n", 665 i, sg_count[i], 666 dev->scsi_host_ptr->max_sectors << 9); 667 rcode = -EINVAL; 668 goto cleanup; 669 } 670 671 p = kmalloc(sg_count[i], GFP_KERNEL); 672 if (!p) { 673 rcode = -ENOMEM; 674 goto cleanup; 675 } 676 677 if (actual_fibsize64 == fibsize) { 678 addr = (u64)usg64->sg[i].addr[0]; 679 addr += ((u64)usg64->sg[i].addr[1]) << 32; 680 } else { 681 addr = (u64)usg32->sg[i].addr; 682 } 683 684 sg_user[i] = (void __user *)(uintptr_t)addr; 685 sg_list[i] = p; // save so we can clean up later 686 sg_indx = i; 687 688 if (flags & SRB_DataOut) { 689 if (copy_from_user(p, sg_user[i], 690 sg_count[i])) { 691 rcode = -EFAULT; 692 goto cleanup; 693 } 694 } 695 addr = pci_map_single(dev->pdev, p, sg_count[i], 696 data_dir); 697 hbacmd->sge[i].addr_hi = cpu_to_le32((u32)(addr>>32)); 698 hbacmd->sge[i].addr_lo = cpu_to_le32( 699 (u32)(addr & 0xffffffff)); 700 hbacmd->sge[i].len = cpu_to_le32(sg_count[i]); 701 hbacmd->sge[i].flags = 0; 702 byte_count += sg_count[i]; 703 } 704 705 if (usg32->count > 0) /* embedded sglist */ 706 hbacmd->sge[usg32->count-1].flags = 707 cpu_to_le32(0x40000000); 708 hbacmd->data_length = cpu_to_le32(byte_count); 709 710 status = aac_hba_send(HBA_IU_TYPE_SCSI_CMD_REQ, srbfib, 711 NULL, NULL); 712 713 } else if (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) { 714 struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg; 715 struct sgmap64* psg = (struct sgmap64*)&srbcmd->sg; 716 717 /* 718 * This should also catch if user used the 32 bit sgmap 719 */ 720 if (actual_fibsize64 == fibsize) { 721 actual_fibsize = actual_fibsize64; 722 for (i = 0; i < upsg->count; i++) { 723 u64 addr; 724 void* p; 725 726 sg_count[i] = upsg->sg[i].count; 727 if (sg_count[i] > 728 ((dev->adapter_info.options & 729 AAC_OPT_NEW_COMM) ? 730 (dev->scsi_host_ptr->max_sectors << 9) : 731 65536)) { 732 rcode = -EINVAL; 733 goto cleanup; 734 } 735 736 p = kmalloc(sg_count[i], GFP_KERNEL); 737 if(!p) { 738 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 739 sg_count[i], i, upsg->count)); 740 rcode = -ENOMEM; 741 goto cleanup; 742 } 743 addr = (u64)upsg->sg[i].addr[0]; 744 addr += ((u64)upsg->sg[i].addr[1]) << 32; 745 sg_user[i] = (void __user *)(uintptr_t)addr; 746 sg_list[i] = p; // save so we can clean up later 747 sg_indx = i; 748 749 if (flags & SRB_DataOut) { 750 if (copy_from_user(p, sg_user[i], 751 sg_count[i])){ 752 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 753 rcode = -EFAULT; 754 goto cleanup; 755 } 756 } 757 addr = pci_map_single(dev->pdev, p, 758 sg_count[i], data_dir); 759 760 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 761 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 762 byte_count += sg_count[i]; 763 psg->sg[i].count = cpu_to_le32(sg_count[i]); 764 } 765 } else { 766 struct user_sgmap* usg; 767 usg = kmemdup(upsg, 768 actual_fibsize - sizeof(struct aac_srb) 769 + sizeof(struct sgmap), GFP_KERNEL); 770 if (!usg) { 771 dprintk((KERN_DEBUG"aacraid: Allocation error in Raw SRB command\n")); 772 rcode = -ENOMEM; 773 goto cleanup; 774 } 775 actual_fibsize = actual_fibsize64; 776 777 for (i = 0; i < usg->count; i++) { 778 u64 addr; 779 void* p; 780 781 sg_count[i] = usg->sg[i].count; 782 if (sg_count[i] > 783 ((dev->adapter_info.options & 784 AAC_OPT_NEW_COMM) ? 785 (dev->scsi_host_ptr->max_sectors << 9) : 786 65536)) { 787 kfree(usg); 788 rcode = -EINVAL; 789 goto cleanup; 790 } 791 792 p = kmalloc(sg_count[i], GFP_KERNEL); 793 if(!p) { 794 dprintk((KERN_DEBUG "aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 795 sg_count[i], i, usg->count)); 796 kfree(usg); 797 rcode = -ENOMEM; 798 goto cleanup; 799 } 800 sg_user[i] = (void __user *)(uintptr_t)usg->sg[i].addr; 801 sg_list[i] = p; // save so we can clean up later 802 sg_indx = i; 803 804 if (flags & SRB_DataOut) { 805 if (copy_from_user(p, sg_user[i], 806 sg_count[i])) { 807 kfree (usg); 808 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 809 rcode = -EFAULT; 810 goto cleanup; 811 } 812 } 813 addr = pci_map_single(dev->pdev, p, 814 sg_count[i], data_dir); 815 816 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 817 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 818 byte_count += sg_count[i]; 819 psg->sg[i].count = cpu_to_le32(sg_count[i]); 820 } 821 kfree (usg); 822 } 823 srbcmd->count = cpu_to_le32(byte_count); 824 if (user_srbcmd->sg.count) 825 psg->count = cpu_to_le32(sg_indx+1); 826 else 827 psg->count = 0; 828 status = aac_fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); 829 } else { 830 struct user_sgmap* upsg = &user_srbcmd->sg; 831 struct sgmap* psg = &srbcmd->sg; 832 833 if (actual_fibsize64 == fibsize) { 834 struct user_sgmap64* usg = (struct user_sgmap64 *)upsg; 835 for (i = 0; i < upsg->count; i++) { 836 uintptr_t addr; 837 void* p; 838 839 sg_count[i] = usg->sg[i].count; 840 if (sg_count[i] > 841 ((dev->adapter_info.options & 842 AAC_OPT_NEW_COMM) ? 843 (dev->scsi_host_ptr->max_sectors << 9) : 844 65536)) { 845 rcode = -EINVAL; 846 goto cleanup; 847 } 848 p = kmalloc(sg_count[i], GFP_KERNEL|GFP_DMA32); 849 if (!p) { 850 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 851 sg_count[i], i, usg->count)); 852 rcode = -ENOMEM; 853 goto cleanup; 854 } 855 addr = (u64)usg->sg[i].addr[0]; 856 addr += ((u64)usg->sg[i].addr[1]) << 32; 857 sg_user[i] = (void __user *)addr; 858 sg_list[i] = p; // save so we can clean up later 859 sg_indx = i; 860 861 if (flags & SRB_DataOut) { 862 if (copy_from_user(p, sg_user[i], 863 sg_count[i])){ 864 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 865 rcode = -EFAULT; 866 goto cleanup; 867 } 868 } 869 addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); 870 871 psg->sg[i].addr = cpu_to_le32(addr & 0xffffffff); 872 byte_count += usg->sg[i].count; 873 psg->sg[i].count = cpu_to_le32(sg_count[i]); 874 } 875 } else { 876 for (i = 0; i < upsg->count; i++) { 877 dma_addr_t addr; 878 void* p; 879 880 sg_count[i] = upsg->sg[i].count; 881 if (sg_count[i] > 882 ((dev->adapter_info.options & 883 AAC_OPT_NEW_COMM) ? 884 (dev->scsi_host_ptr->max_sectors << 9) : 885 65536)) { 886 rcode = -EINVAL; 887 goto cleanup; 888 } 889 p = kmalloc(sg_count[i], GFP_KERNEL|GFP_DMA32); 890 if (!p) { 891 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 892 sg_count[i], i, upsg->count)); 893 rcode = -ENOMEM; 894 goto cleanup; 895 } 896 sg_user[i] = (void __user *)(uintptr_t)upsg->sg[i].addr; 897 sg_list[i] = p; // save so we can clean up later 898 sg_indx = i; 899 900 if (flags & SRB_DataOut) { 901 if (copy_from_user(p, sg_user[i], 902 sg_count[i])) { 903 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 904 rcode = -EFAULT; 905 goto cleanup; 906 } 907 } 908 addr = pci_map_single(dev->pdev, p, 909 sg_count[i], data_dir); 910 911 psg->sg[i].addr = cpu_to_le32(addr); 912 byte_count += sg_count[i]; 913 psg->sg[i].count = cpu_to_le32(sg_count[i]); 914 } 915 } 916 srbcmd->count = cpu_to_le32(byte_count); 917 if (user_srbcmd->sg.count) 918 psg->count = cpu_to_le32(sg_indx+1); 919 else 920 psg->count = 0; 921 status = aac_fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); 922 } 923 924 if (status == -ERESTARTSYS) { 925 rcode = -ERESTARTSYS; 926 goto cleanup; 927 } 928 929 if (status != 0) { 930 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); 931 rcode = -ENXIO; 932 goto cleanup; 933 } 934 935 if (flags & SRB_DataIn) { 936 for(i = 0 ; i <= sg_indx; i++){ 937 if (copy_to_user(sg_user[i], sg_list[i], sg_count[i])) { 938 dprintk((KERN_DEBUG"aacraid: Could not copy sg data to user\n")); 939 rcode = -EFAULT; 940 goto cleanup; 941 942 } 943 } 944 } 945 946 user_reply = arg + fibsize; 947 if (is_native_device) { 948 struct aac_hba_resp *err = 949 &((struct aac_native_hba *)srbfib->hw_fib_va)->resp.err; 950 struct aac_srb_reply reply; 951 952 memset(&reply, 0, sizeof(reply)); 953 reply.status = ST_OK; 954 if (srbfib->flags & FIB_CONTEXT_FLAG_FASTRESP) { 955 /* fast response */ 956 reply.srb_status = SRB_STATUS_SUCCESS; 957 reply.scsi_status = 0; 958 reply.data_xfer_length = byte_count; 959 reply.sense_data_size = 0; 960 memset(reply.sense_data, 0, AAC_SENSE_BUFFERSIZE); 961 } else { 962 reply.srb_status = err->service_response; 963 reply.scsi_status = err->status; 964 reply.data_xfer_length = byte_count - 965 le32_to_cpu(err->residual_count); 966 reply.sense_data_size = err->sense_response_data_len; 967 memcpy(reply.sense_data, err->sense_response_buf, 968 AAC_SENSE_BUFFERSIZE); 969 } 970 if (copy_to_user(user_reply, &reply, 971 sizeof(struct aac_srb_reply))) { 972 dprintk((KERN_DEBUG"aacraid: Copy to user failed\n")); 973 rcode = -EFAULT; 974 goto cleanup; 975 } 976 } else { 977 struct aac_srb_reply *reply; 978 979 reply = (struct aac_srb_reply *) fib_data(srbfib); 980 if (copy_to_user(user_reply, reply, 981 sizeof(struct aac_srb_reply))) { 982 dprintk((KERN_DEBUG"aacraid: Copy to user failed\n")); 983 rcode = -EFAULT; 984 goto cleanup; 985 } 986 } 987 988 cleanup: 989 kfree(user_srbcmd); 990 if (rcode != -ERESTARTSYS) { 991 for (i = 0; i <= sg_indx; i++) 992 kfree(sg_list[i]); 993 aac_fib_complete(srbfib); 994 aac_fib_free(srbfib); 995 } 996 997 return rcode; 998 } 999 1000 struct aac_pci_info { 1001 u32 bus; 1002 u32 slot; 1003 }; 1004 1005 1006 static int aac_get_pci_info(struct aac_dev* dev, void __user *arg) 1007 { 1008 struct aac_pci_info pci_info; 1009 1010 pci_info.bus = dev->pdev->bus->number; 1011 pci_info.slot = PCI_SLOT(dev->pdev->devfn); 1012 1013 if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) { 1014 dprintk((KERN_DEBUG "aacraid: Could not copy pci info\n")); 1015 return -EFAULT; 1016 } 1017 return 0; 1018 } 1019 1020 static int aac_get_hba_info(struct aac_dev *dev, void __user *arg) 1021 { 1022 struct aac_hba_info hbainfo; 1023 1024 memset(&hbainfo, 0, sizeof(hbainfo)); 1025 hbainfo.adapter_number = (u8) dev->id; 1026 hbainfo.system_io_bus_number = dev->pdev->bus->number; 1027 hbainfo.device_number = (dev->pdev->devfn >> 3); 1028 hbainfo.function_number = (dev->pdev->devfn & 0x0007); 1029 1030 hbainfo.vendor_id = dev->pdev->vendor; 1031 hbainfo.device_id = dev->pdev->device; 1032 hbainfo.sub_vendor_id = dev->pdev->subsystem_vendor; 1033 hbainfo.sub_system_id = dev->pdev->subsystem_device; 1034 1035 if (copy_to_user(arg, &hbainfo, sizeof(struct aac_hba_info))) { 1036 dprintk((KERN_DEBUG "aacraid: Could not copy hba info\n")); 1037 return -EFAULT; 1038 } 1039 1040 return 0; 1041 } 1042 1043 struct aac_reset_iop { 1044 u8 reset_type; 1045 }; 1046 1047 static int aac_send_reset_adapter(struct aac_dev *dev, void __user *arg) 1048 { 1049 struct aac_reset_iop reset; 1050 int retval; 1051 1052 if (copy_from_user((void *)&reset, arg, sizeof(struct aac_reset_iop))) 1053 return -EFAULT; 1054 1055 retval = aac_reset_adapter(dev, 0, reset.reset_type); 1056 return retval; 1057 1058 } 1059 1060 int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) 1061 { 1062 int status; 1063 1064 mutex_lock(&dev->ioctl_mutex); 1065 1066 if (dev->adapter_shutdown) { 1067 status = -EACCES; 1068 goto cleanup; 1069 } 1070 1071 /* 1072 * HBA gets first crack 1073 */ 1074 1075 status = aac_dev_ioctl(dev, cmd, arg); 1076 if (status != -ENOTTY) 1077 goto cleanup; 1078 1079 switch (cmd) { 1080 case FSACTL_MINIPORT_REV_CHECK: 1081 status = check_revision(dev, arg); 1082 break; 1083 case FSACTL_SEND_LARGE_FIB: 1084 case FSACTL_SENDFIB: 1085 status = ioctl_send_fib(dev, arg); 1086 break; 1087 case FSACTL_OPEN_GET_ADAPTER_FIB: 1088 status = open_getadapter_fib(dev, arg); 1089 break; 1090 case FSACTL_GET_NEXT_ADAPTER_FIB: 1091 status = next_getadapter_fib(dev, arg); 1092 break; 1093 case FSACTL_CLOSE_GET_ADAPTER_FIB: 1094 status = close_getadapter_fib(dev, arg); 1095 break; 1096 case FSACTL_SEND_RAW_SRB: 1097 status = aac_send_raw_srb(dev,arg); 1098 break; 1099 case FSACTL_GET_PCI_INFO: 1100 status = aac_get_pci_info(dev,arg); 1101 break; 1102 case FSACTL_GET_HBA_INFO: 1103 status = aac_get_hba_info(dev, arg); 1104 break; 1105 case FSACTL_RESET_IOP: 1106 status = aac_send_reset_adapter(dev, arg); 1107 break; 1108 1109 default: 1110 status = -ENOTTY; 1111 break; 1112 } 1113 1114 cleanup: 1115 mutex_unlock(&dev->ioctl_mutex); 1116 1117 return status; 1118 } 1119 1120