1 /* 2 * Adaptec AAC series RAID controller driver 3 * (c) Copyright 2001 Red Hat Inc. <alan@redhat.com> 4 * 5 * based on the old aacraid driver that is.. 6 * Adaptec aacraid device driver for Linux. 7 * 8 * Copyright (c) 2000-2007 Adaptec, Inc. (aacraid@adaptec.com) 9 * 10 * This program is free software; you can redistribute it and/or modify 11 * it under the terms of the GNU General Public License as published by 12 * the Free Software Foundation; either version 2, or (at your option) 13 * any later version. 14 * 15 * This program is distributed in the hope that it will be useful, 16 * but WITHOUT ANY WARRANTY; without even the implied warranty of 17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18 * GNU General Public License for more details. 19 * 20 * You should have received a copy of the GNU General Public License 21 * along with this program; see the file COPYING. If not, write to 22 * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. 23 * 24 * Module Name: 25 * commctrl.c 26 * 27 * Abstract: Contains all routines for control of the AFA comm layer 28 * 29 */ 30 31 #include <linux/kernel.h> 32 #include <linux/init.h> 33 #include <linux/types.h> 34 #include <linux/pci.h> 35 #include <linux/spinlock.h> 36 #include <linux/slab.h> 37 #include <linux/completion.h> 38 #include <linux/dma-mapping.h> 39 #include <linux/blkdev.h> 40 #include <linux/delay.h> /* ssleep prototype */ 41 #include <linux/kthread.h> 42 #include <linux/semaphore.h> 43 #include <asm/uaccess.h> 44 #include <scsi/scsi_host.h> 45 46 #include "aacraid.h" 47 48 /** 49 * ioctl_send_fib - send a FIB from userspace 50 * @dev: adapter is being processed 51 * @arg: arguments to the ioctl call 52 * 53 * This routine sends a fib to the adapter on behalf of a user level 54 * program. 55 */ 56 # define AAC_DEBUG_PREAMBLE KERN_INFO 57 # define AAC_DEBUG_POSTAMBLE 58 59 static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) 60 { 61 struct hw_fib * kfib; 62 struct fib *fibptr; 63 struct hw_fib * hw_fib = (struct hw_fib *)0; 64 dma_addr_t hw_fib_pa = (dma_addr_t)0LL; 65 unsigned size; 66 int retval; 67 68 if (dev->in_reset) { 69 return -EBUSY; 70 } 71 fibptr = aac_fib_alloc(dev); 72 if(fibptr == NULL) { 73 return -ENOMEM; 74 } 75 76 kfib = fibptr->hw_fib_va; 77 /* 78 * First copy in the header so that we can check the size field. 79 */ 80 if (copy_from_user((void *)kfib, arg, sizeof(struct aac_fibhdr))) { 81 aac_fib_free(fibptr); 82 return -EFAULT; 83 } 84 /* 85 * Since we copy based on the fib header size, make sure that we 86 * will not overrun the buffer when we copy the memory. Return 87 * an error if we would. 88 */ 89 size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr); 90 if (size < le16_to_cpu(kfib->header.SenderSize)) 91 size = le16_to_cpu(kfib->header.SenderSize); 92 if (size > dev->max_fib_size) { 93 if (size > 2048) { 94 retval = -EINVAL; 95 goto cleanup; 96 } 97 /* Highjack the hw_fib */ 98 hw_fib = fibptr->hw_fib_va; 99 hw_fib_pa = fibptr->hw_fib_pa; 100 fibptr->hw_fib_va = kfib = pci_alloc_consistent(dev->pdev, size, &fibptr->hw_fib_pa); 101 memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size); 102 memcpy(kfib, hw_fib, dev->max_fib_size); 103 } 104 105 if (copy_from_user(kfib, arg, size)) { 106 retval = -EFAULT; 107 goto cleanup; 108 } 109 110 if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) { 111 aac_adapter_interrupt(dev); 112 /* 113 * Since we didn't really send a fib, zero out the state to allow 114 * cleanup code not to assert. 115 */ 116 kfib->header.XferState = 0; 117 } else { 118 retval = aac_fib_send(le16_to_cpu(kfib->header.Command), fibptr, 119 le16_to_cpu(kfib->header.Size) , FsaNormal, 120 1, 1, NULL, NULL); 121 if (retval) { 122 goto cleanup; 123 } 124 if (aac_fib_complete(fibptr) != 0) { 125 retval = -EINVAL; 126 goto cleanup; 127 } 128 } 129 /* 130 * Make sure that the size returned by the adapter (which includes 131 * the header) is less than or equal to the size of a fib, so we 132 * don't corrupt application data. Then copy that size to the user 133 * buffer. (Don't try to add the header information again, since it 134 * was already included by the adapter.) 135 */ 136 137 retval = 0; 138 if (copy_to_user(arg, (void *)kfib, size)) 139 retval = -EFAULT; 140 cleanup: 141 if (hw_fib) { 142 pci_free_consistent(dev->pdev, size, kfib, fibptr->hw_fib_pa); 143 fibptr->hw_fib_pa = hw_fib_pa; 144 fibptr->hw_fib_va = hw_fib; 145 } 146 if (retval != -EINTR) 147 aac_fib_free(fibptr); 148 return retval; 149 } 150 151 /** 152 * open_getadapter_fib - Get the next fib 153 * 154 * This routine will get the next Fib, if available, from the AdapterFibContext 155 * passed in from the user. 156 */ 157 158 static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) 159 { 160 struct aac_fib_context * fibctx; 161 int status; 162 163 fibctx = kmalloc(sizeof(struct aac_fib_context), GFP_KERNEL); 164 if (fibctx == NULL) { 165 status = -ENOMEM; 166 } else { 167 unsigned long flags; 168 struct list_head * entry; 169 struct aac_fib_context * context; 170 171 fibctx->type = FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT; 172 fibctx->size = sizeof(struct aac_fib_context); 173 /* 174 * Yes yes, I know this could be an index, but we have a 175 * better guarantee of uniqueness for the locked loop below. 176 * Without the aid of a persistent history, this also helps 177 * reduce the chance that the opaque context would be reused. 178 */ 179 fibctx->unique = (u32)((ulong)fibctx & 0xFFFFFFFF); 180 /* 181 * Initialize the mutex used to wait for the next AIF. 182 */ 183 init_MUTEX_LOCKED(&fibctx->wait_sem); 184 fibctx->wait = 0; 185 /* 186 * Initialize the fibs and set the count of fibs on 187 * the list to 0. 188 */ 189 fibctx->count = 0; 190 INIT_LIST_HEAD(&fibctx->fib_list); 191 fibctx->jiffies = jiffies/HZ; 192 /* 193 * Now add this context onto the adapter's 194 * AdapterFibContext list. 195 */ 196 spin_lock_irqsave(&dev->fib_lock, flags); 197 /* Ensure that we have a unique identifier */ 198 entry = dev->fib_list.next; 199 while (entry != &dev->fib_list) { 200 context = list_entry(entry, struct aac_fib_context, next); 201 if (context->unique == fibctx->unique) { 202 /* Not unique (32 bits) */ 203 fibctx->unique++; 204 entry = dev->fib_list.next; 205 } else { 206 entry = entry->next; 207 } 208 } 209 list_add_tail(&fibctx->next, &dev->fib_list); 210 spin_unlock_irqrestore(&dev->fib_lock, flags); 211 if (copy_to_user(arg, &fibctx->unique, 212 sizeof(fibctx->unique))) { 213 status = -EFAULT; 214 } else { 215 status = 0; 216 } 217 } 218 return status; 219 } 220 221 /** 222 * next_getadapter_fib - get the next fib 223 * @dev: adapter to use 224 * @arg: ioctl argument 225 * 226 * This routine will get the next Fib, if available, from the AdapterFibContext 227 * passed in from the user. 228 */ 229 230 static int next_getadapter_fib(struct aac_dev * dev, void __user *arg) 231 { 232 struct fib_ioctl f; 233 struct fib *fib; 234 struct aac_fib_context *fibctx; 235 int status; 236 struct list_head * entry; 237 unsigned long flags; 238 239 if(copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl))) 240 return -EFAULT; 241 /* 242 * Verify that the HANDLE passed in was a valid AdapterFibContext 243 * 244 * Search the list of AdapterFibContext addresses on the adapter 245 * to be sure this is a valid address 246 */ 247 spin_lock_irqsave(&dev->fib_lock, flags); 248 entry = dev->fib_list.next; 249 fibctx = NULL; 250 251 while (entry != &dev->fib_list) { 252 fibctx = list_entry(entry, struct aac_fib_context, next); 253 /* 254 * Extract the AdapterFibContext from the Input parameters. 255 */ 256 if (fibctx->unique == f.fibctx) { /* We found a winner */ 257 break; 258 } 259 entry = entry->next; 260 fibctx = NULL; 261 } 262 if (!fibctx) { 263 spin_unlock_irqrestore(&dev->fib_lock, flags); 264 dprintk ((KERN_INFO "Fib Context not found\n")); 265 return -EINVAL; 266 } 267 268 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 269 (fibctx->size != sizeof(struct aac_fib_context))) { 270 spin_unlock_irqrestore(&dev->fib_lock, flags); 271 dprintk ((KERN_INFO "Fib Context corrupt?\n")); 272 return -EINVAL; 273 } 274 status = 0; 275 /* 276 * If there are no fibs to send back, then either wait or return 277 * -EAGAIN 278 */ 279 return_fib: 280 if (!list_empty(&fibctx->fib_list)) { 281 /* 282 * Pull the next fib from the fibs 283 */ 284 entry = fibctx->fib_list.next; 285 list_del(entry); 286 287 fib = list_entry(entry, struct fib, fiblink); 288 fibctx->count--; 289 spin_unlock_irqrestore(&dev->fib_lock, flags); 290 if (copy_to_user(f.fib, fib->hw_fib_va, sizeof(struct hw_fib))) { 291 kfree(fib->hw_fib_va); 292 kfree(fib); 293 return -EFAULT; 294 } 295 /* 296 * Free the space occupied by this copy of the fib. 297 */ 298 kfree(fib->hw_fib_va); 299 kfree(fib); 300 status = 0; 301 } else { 302 spin_unlock_irqrestore(&dev->fib_lock, flags); 303 /* If someone killed the AIF aacraid thread, restart it */ 304 status = !dev->aif_thread; 305 if (status && !dev->in_reset && dev->queues && dev->fsa_dev) { 306 /* Be paranoid, be very paranoid! */ 307 kthread_stop(dev->thread); 308 ssleep(1); 309 dev->aif_thread = 0; 310 dev->thread = kthread_run(aac_command_thread, dev, dev->name); 311 ssleep(1); 312 } 313 if (f.wait) { 314 if(down_interruptible(&fibctx->wait_sem) < 0) { 315 status = -EINTR; 316 } else { 317 /* Lock again and retry */ 318 spin_lock_irqsave(&dev->fib_lock, flags); 319 goto return_fib; 320 } 321 } else { 322 status = -EAGAIN; 323 } 324 } 325 fibctx->jiffies = jiffies/HZ; 326 return status; 327 } 328 329 int aac_close_fib_context(struct aac_dev * dev, struct aac_fib_context * fibctx) 330 { 331 struct fib *fib; 332 333 /* 334 * First free any FIBs that have not been consumed. 335 */ 336 while (!list_empty(&fibctx->fib_list)) { 337 struct list_head * entry; 338 /* 339 * Pull the next fib from the fibs 340 */ 341 entry = fibctx->fib_list.next; 342 list_del(entry); 343 fib = list_entry(entry, struct fib, fiblink); 344 fibctx->count--; 345 /* 346 * Free the space occupied by this copy of the fib. 347 */ 348 kfree(fib->hw_fib_va); 349 kfree(fib); 350 } 351 /* 352 * Remove the Context from the AdapterFibContext List 353 */ 354 list_del(&fibctx->next); 355 /* 356 * Invalidate context 357 */ 358 fibctx->type = 0; 359 /* 360 * Free the space occupied by the Context 361 */ 362 kfree(fibctx); 363 return 0; 364 } 365 366 /** 367 * close_getadapter_fib - close down user fib context 368 * @dev: adapter 369 * @arg: ioctl arguments 370 * 371 * This routine will close down the fibctx passed in from the user. 372 */ 373 374 static int close_getadapter_fib(struct aac_dev * dev, void __user *arg) 375 { 376 struct aac_fib_context *fibctx; 377 int status; 378 unsigned long flags; 379 struct list_head * entry; 380 381 /* 382 * Verify that the HANDLE passed in was a valid AdapterFibContext 383 * 384 * Search the list of AdapterFibContext addresses on the adapter 385 * to be sure this is a valid address 386 */ 387 388 entry = dev->fib_list.next; 389 fibctx = NULL; 390 391 while(entry != &dev->fib_list) { 392 fibctx = list_entry(entry, struct aac_fib_context, next); 393 /* 394 * Extract the fibctx from the input parameters 395 */ 396 if (fibctx->unique == (u32)(uintptr_t)arg) /* We found a winner */ 397 break; 398 entry = entry->next; 399 fibctx = NULL; 400 } 401 402 if (!fibctx) 403 return 0; /* Already gone */ 404 405 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 406 (fibctx->size != sizeof(struct aac_fib_context))) 407 return -EINVAL; 408 spin_lock_irqsave(&dev->fib_lock, flags); 409 status = aac_close_fib_context(dev, fibctx); 410 spin_unlock_irqrestore(&dev->fib_lock, flags); 411 return status; 412 } 413 414 /** 415 * check_revision - close down user fib context 416 * @dev: adapter 417 * @arg: ioctl arguments 418 * 419 * This routine returns the driver version. 420 * Under Linux, there have been no version incompatibilities, so this is 421 * simple! 422 */ 423 424 static int check_revision(struct aac_dev *dev, void __user *arg) 425 { 426 struct revision response; 427 char *driver_version = aac_driver_version; 428 u32 version; 429 430 response.compat = 1; 431 version = (simple_strtol(driver_version, 432 &driver_version, 10) << 24) | 0x00000400; 433 version += simple_strtol(driver_version + 1, &driver_version, 10) << 16; 434 version += simple_strtol(driver_version + 1, NULL, 10); 435 response.version = cpu_to_le32(version); 436 # ifdef AAC_DRIVER_BUILD 437 response.build = cpu_to_le32(AAC_DRIVER_BUILD); 438 # else 439 response.build = cpu_to_le32(9999); 440 # endif 441 442 if (copy_to_user(arg, &response, sizeof(response))) 443 return -EFAULT; 444 return 0; 445 } 446 447 448 /** 449 * 450 * aac_send_raw_scb 451 * 452 */ 453 454 static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) 455 { 456 struct fib* srbfib; 457 int status; 458 struct aac_srb *srbcmd = NULL; 459 struct user_aac_srb *user_srbcmd = NULL; 460 struct user_aac_srb __user *user_srb = arg; 461 struct aac_srb_reply __user *user_reply; 462 struct aac_srb_reply* reply; 463 u32 fibsize = 0; 464 u32 flags = 0; 465 s32 rcode = 0; 466 u32 data_dir; 467 void __user *sg_user[32]; 468 void *sg_list[32]; 469 u32 sg_indx = 0; 470 u32 byte_count = 0; 471 u32 actual_fibsize64, actual_fibsize = 0; 472 int i; 473 474 475 if (dev->in_reset) { 476 dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); 477 return -EBUSY; 478 } 479 if (!capable(CAP_SYS_ADMIN)){ 480 dprintk((KERN_DEBUG"aacraid: No permission to send raw srb\n")); 481 return -EPERM; 482 } 483 /* 484 * Allocate and initialize a Fib then setup a SRB command 485 */ 486 if (!(srbfib = aac_fib_alloc(dev))) { 487 return -ENOMEM; 488 } 489 aac_fib_init(srbfib); 490 491 srbcmd = (struct aac_srb*) fib_data(srbfib); 492 493 memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */ 494 if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){ 495 dprintk((KERN_DEBUG"aacraid: Could not copy data size from user\n")); 496 rcode = -EFAULT; 497 goto cleanup; 498 } 499 500 if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) { 501 rcode = -EINVAL; 502 goto cleanup; 503 } 504 505 user_srbcmd = kmalloc(fibsize, GFP_KERNEL); 506 if (!user_srbcmd) { 507 dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); 508 rcode = -ENOMEM; 509 goto cleanup; 510 } 511 if(copy_from_user(user_srbcmd, user_srb,fibsize)){ 512 dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); 513 rcode = -EFAULT; 514 goto cleanup; 515 } 516 517 user_reply = arg+fibsize; 518 519 flags = user_srbcmd->flags; /* from user in cpu order */ 520 // Fix up srb for endian and force some values 521 522 srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); // Force this 523 srbcmd->channel = cpu_to_le32(user_srbcmd->channel); 524 srbcmd->id = cpu_to_le32(user_srbcmd->id); 525 srbcmd->lun = cpu_to_le32(user_srbcmd->lun); 526 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); 527 srbcmd->flags = cpu_to_le32(flags); 528 srbcmd->retry_limit = 0; // Obsolete parameter 529 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); 530 memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb)); 531 532 switch (flags & (SRB_DataIn | SRB_DataOut)) { 533 case SRB_DataOut: 534 data_dir = DMA_TO_DEVICE; 535 break; 536 case (SRB_DataIn | SRB_DataOut): 537 data_dir = DMA_BIDIRECTIONAL; 538 break; 539 case SRB_DataIn: 540 data_dir = DMA_FROM_DEVICE; 541 break; 542 default: 543 data_dir = DMA_NONE; 544 } 545 if (user_srbcmd->sg.count > ARRAY_SIZE(sg_list)) { 546 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", 547 le32_to_cpu(srbcmd->sg.count))); 548 rcode = -EINVAL; 549 goto cleanup; 550 } 551 actual_fibsize = sizeof(struct aac_srb) - sizeof(struct sgentry) + 552 ((user_srbcmd->sg.count & 0xff) * sizeof(struct sgentry)); 553 actual_fibsize64 = actual_fibsize + (user_srbcmd->sg.count & 0xff) * 554 (sizeof(struct sgentry64) - sizeof(struct sgentry)); 555 /* User made a mistake - should not continue */ 556 if ((actual_fibsize != fibsize) && (actual_fibsize64 != fibsize)) { 557 dprintk((KERN_DEBUG"aacraid: Bad Size specified in " 558 "Raw SRB command calculated fibsize=%lu;%lu " 559 "user_srbcmd->sg.count=%d aac_srb=%lu sgentry=%lu;%lu " 560 "issued fibsize=%d\n", 561 actual_fibsize, actual_fibsize64, user_srbcmd->sg.count, 562 sizeof(struct aac_srb), sizeof(struct sgentry), 563 sizeof(struct sgentry64), fibsize)); 564 rcode = -EINVAL; 565 goto cleanup; 566 } 567 if ((data_dir == DMA_NONE) && user_srbcmd->sg.count) { 568 dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n")); 569 rcode = -EINVAL; 570 goto cleanup; 571 } 572 byte_count = 0; 573 if (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) { 574 struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg; 575 struct sgmap64* psg = (struct sgmap64*)&srbcmd->sg; 576 577 /* 578 * This should also catch if user used the 32 bit sgmap 579 */ 580 if (actual_fibsize64 == fibsize) { 581 actual_fibsize = actual_fibsize64; 582 for (i = 0; i < upsg->count; i++) { 583 u64 addr; 584 void* p; 585 if (upsg->sg[i].count > 586 (dev->adapter_info.options & 587 AAC_OPT_NEW_COMM) ? 588 (dev->scsi_host_ptr->max_sectors << 9) : 589 65536) { 590 rcode = -EINVAL; 591 goto cleanup; 592 } 593 /* Does this really need to be GFP_DMA? */ 594 p = kmalloc(upsg->sg[i].count,GFP_KERNEL|__GFP_DMA); 595 if(!p) { 596 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 597 upsg->sg[i].count,i,upsg->count)); 598 rcode = -ENOMEM; 599 goto cleanup; 600 } 601 addr = (u64)upsg->sg[i].addr[0]; 602 addr += ((u64)upsg->sg[i].addr[1]) << 32; 603 sg_user[i] = (void __user *)(uintptr_t)addr; 604 sg_list[i] = p; // save so we can clean up later 605 sg_indx = i; 606 607 if (flags & SRB_DataOut) { 608 if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ 609 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 610 rcode = -EFAULT; 611 goto cleanup; 612 } 613 } 614 addr = pci_map_single(dev->pdev, p, upsg->sg[i].count, data_dir); 615 616 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 617 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 618 byte_count += upsg->sg[i].count; 619 psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); 620 } 621 } else { 622 struct user_sgmap* usg; 623 usg = kmalloc(actual_fibsize - sizeof(struct aac_srb) 624 + sizeof(struct sgmap), GFP_KERNEL); 625 if (!usg) { 626 dprintk((KERN_DEBUG"aacraid: Allocation error in Raw SRB command\n")); 627 rcode = -ENOMEM; 628 goto cleanup; 629 } 630 memcpy (usg, upsg, actual_fibsize - sizeof(struct aac_srb) 631 + sizeof(struct sgmap)); 632 actual_fibsize = actual_fibsize64; 633 634 for (i = 0; i < usg->count; i++) { 635 u64 addr; 636 void* p; 637 if (usg->sg[i].count > 638 (dev->adapter_info.options & 639 AAC_OPT_NEW_COMM) ? 640 (dev->scsi_host_ptr->max_sectors << 9) : 641 65536) { 642 rcode = -EINVAL; 643 goto cleanup; 644 } 645 /* Does this really need to be GFP_DMA? */ 646 p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); 647 if(!p) { 648 kfree (usg); 649 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 650 usg->sg[i].count,i,usg->count)); 651 rcode = -ENOMEM; 652 goto cleanup; 653 } 654 sg_user[i] = (void __user *)(uintptr_t)usg->sg[i].addr; 655 sg_list[i] = p; // save so we can clean up later 656 sg_indx = i; 657 658 if (flags & SRB_DataOut) { 659 if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ 660 kfree (usg); 661 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 662 rcode = -EFAULT; 663 goto cleanup; 664 } 665 } 666 addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); 667 668 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 669 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 670 byte_count += usg->sg[i].count; 671 psg->sg[i].count = cpu_to_le32(usg->sg[i].count); 672 } 673 kfree (usg); 674 } 675 srbcmd->count = cpu_to_le32(byte_count); 676 psg->count = cpu_to_le32(sg_indx+1); 677 status = aac_fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); 678 } else { 679 struct user_sgmap* upsg = &user_srbcmd->sg; 680 struct sgmap* psg = &srbcmd->sg; 681 682 if (actual_fibsize64 == fibsize) { 683 struct user_sgmap64* usg = (struct user_sgmap64 *)upsg; 684 for (i = 0; i < upsg->count; i++) { 685 uintptr_t addr; 686 void* p; 687 if (usg->sg[i].count > 688 (dev->adapter_info.options & 689 AAC_OPT_NEW_COMM) ? 690 (dev->scsi_host_ptr->max_sectors << 9) : 691 65536) { 692 rcode = -EINVAL; 693 goto cleanup; 694 } 695 /* Does this really need to be GFP_DMA? */ 696 p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); 697 if(!p) { 698 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 699 usg->sg[i].count,i,usg->count)); 700 rcode = -ENOMEM; 701 goto cleanup; 702 } 703 addr = (u64)usg->sg[i].addr[0]; 704 addr += ((u64)usg->sg[i].addr[1]) << 32; 705 sg_user[i] = (void __user *)addr; 706 sg_list[i] = p; // save so we can clean up later 707 sg_indx = i; 708 709 if (flags & SRB_DataOut) { 710 if(copy_from_user(p,sg_user[i],usg->sg[i].count)){ 711 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 712 rcode = -EFAULT; 713 goto cleanup; 714 } 715 } 716 addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); 717 718 psg->sg[i].addr = cpu_to_le32(addr & 0xffffffff); 719 byte_count += usg->sg[i].count; 720 psg->sg[i].count = cpu_to_le32(usg->sg[i].count); 721 } 722 } else { 723 for (i = 0; i < upsg->count; i++) { 724 dma_addr_t addr; 725 void* p; 726 if (upsg->sg[i].count > 727 (dev->adapter_info.options & 728 AAC_OPT_NEW_COMM) ? 729 (dev->scsi_host_ptr->max_sectors << 9) : 730 65536) { 731 rcode = -EINVAL; 732 goto cleanup; 733 } 734 p = kmalloc(upsg->sg[i].count, GFP_KERNEL); 735 if (!p) { 736 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 737 upsg->sg[i].count, i, upsg->count)); 738 rcode = -ENOMEM; 739 goto cleanup; 740 } 741 sg_user[i] = (void __user *)(uintptr_t)upsg->sg[i].addr; 742 sg_list[i] = p; // save so we can clean up later 743 sg_indx = i; 744 745 if (flags & SRB_DataOut) { 746 if(copy_from_user(p, sg_user[i], 747 upsg->sg[i].count)) { 748 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 749 rcode = -EFAULT; 750 goto cleanup; 751 } 752 } 753 addr = pci_map_single(dev->pdev, p, 754 upsg->sg[i].count, data_dir); 755 756 psg->sg[i].addr = cpu_to_le32(addr); 757 byte_count += upsg->sg[i].count; 758 psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); 759 } 760 } 761 srbcmd->count = cpu_to_le32(byte_count); 762 psg->count = cpu_to_le32(sg_indx+1); 763 status = aac_fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); 764 } 765 if (status == -EINTR) { 766 rcode = -EINTR; 767 goto cleanup; 768 } 769 770 if (status != 0){ 771 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); 772 rcode = -ENXIO; 773 goto cleanup; 774 } 775 776 if (flags & SRB_DataIn) { 777 for(i = 0 ; i <= sg_indx; i++){ 778 byte_count = le32_to_cpu( 779 (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) 780 ? ((struct sgmap64*)&srbcmd->sg)->sg[i].count 781 : srbcmd->sg.sg[i].count); 782 if(copy_to_user(sg_user[i], sg_list[i], byte_count)){ 783 dprintk((KERN_DEBUG"aacraid: Could not copy sg data to user\n")); 784 rcode = -EFAULT; 785 goto cleanup; 786 787 } 788 } 789 } 790 791 reply = (struct aac_srb_reply *) fib_data(srbfib); 792 if(copy_to_user(user_reply,reply,sizeof(struct aac_srb_reply))){ 793 dprintk((KERN_DEBUG"aacraid: Could not copy reply to user\n")); 794 rcode = -EFAULT; 795 goto cleanup; 796 } 797 798 cleanup: 799 kfree(user_srbcmd); 800 for(i=0; i <= sg_indx; i++){ 801 kfree(sg_list[i]); 802 } 803 if (rcode != -EINTR) { 804 aac_fib_complete(srbfib); 805 aac_fib_free(srbfib); 806 } 807 808 return rcode; 809 } 810 811 struct aac_pci_info { 812 u32 bus; 813 u32 slot; 814 }; 815 816 817 static int aac_get_pci_info(struct aac_dev* dev, void __user *arg) 818 { 819 struct aac_pci_info pci_info; 820 821 pci_info.bus = dev->pdev->bus->number; 822 pci_info.slot = PCI_SLOT(dev->pdev->devfn); 823 824 if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) { 825 dprintk((KERN_DEBUG "aacraid: Could not copy pci info\n")); 826 return -EFAULT; 827 } 828 return 0; 829 } 830 831 832 int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) 833 { 834 int status; 835 836 /* 837 * HBA gets first crack 838 */ 839 840 status = aac_dev_ioctl(dev, cmd, arg); 841 if(status != -ENOTTY) 842 return status; 843 844 switch (cmd) { 845 case FSACTL_MINIPORT_REV_CHECK: 846 status = check_revision(dev, arg); 847 break; 848 case FSACTL_SEND_LARGE_FIB: 849 case FSACTL_SENDFIB: 850 status = ioctl_send_fib(dev, arg); 851 break; 852 case FSACTL_OPEN_GET_ADAPTER_FIB: 853 status = open_getadapter_fib(dev, arg); 854 break; 855 case FSACTL_GET_NEXT_ADAPTER_FIB: 856 status = next_getadapter_fib(dev, arg); 857 break; 858 case FSACTL_CLOSE_GET_ADAPTER_FIB: 859 status = close_getadapter_fib(dev, arg); 860 break; 861 case FSACTL_SEND_RAW_SRB: 862 status = aac_send_raw_srb(dev,arg); 863 break; 864 case FSACTL_GET_PCI_INFO: 865 status = aac_get_pci_info(dev,arg); 866 break; 867 default: 868 status = -ENOTTY; 869 break; 870 } 871 return status; 872 } 873 874