1 /* 2 * Adaptec AAC series RAID controller driver 3 * (c) Copyright 2001 Red Hat Inc. 4 * 5 * based on the old aacraid driver that is.. 6 * Adaptec aacraid device driver for Linux. 7 * 8 * Copyright (c) 2000-2010 Adaptec, Inc. 9 * 2010 PMC-Sierra, Inc. (aacraid@pmc-sierra.com) 10 * 11 * This program is free software; you can redistribute it and/or modify 12 * it under the terms of the GNU General Public License as published by 13 * the Free Software Foundation; either version 2, or (at your option) 14 * any later version. 15 * 16 * This program is distributed in the hope that it will be useful, 17 * but WITHOUT ANY WARRANTY; without even the implied warranty of 18 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 19 * GNU General Public License for more details. 20 * 21 * You should have received a copy of the GNU General Public License 22 * along with this program; see the file COPYING. If not, write to 23 * the Free Software Foundation, 675 Mass Ave, Cambridge, MA 02139, USA. 24 * 25 * Module Name: 26 * commctrl.c 27 * 28 * Abstract: Contains all routines for control of the AFA comm layer 29 * 30 */ 31 32 #include <linux/kernel.h> 33 #include <linux/init.h> 34 #include <linux/types.h> 35 #include <linux/pci.h> 36 #include <linux/spinlock.h> 37 #include <linux/slab.h> 38 #include <linux/completion.h> 39 #include <linux/dma-mapping.h> 40 #include <linux/blkdev.h> 41 #include <linux/delay.h> /* ssleep prototype */ 42 #include <linux/kthread.h> 43 #include <linux/semaphore.h> 44 #include <linux/uaccess.h> 45 #include <scsi/scsi_host.h> 46 47 #include "aacraid.h" 48 49 /** 50 * ioctl_send_fib - send a FIB from userspace 51 * @dev: adapter is being processed 52 * @arg: arguments to the ioctl call 53 * 54 * This routine sends a fib to the adapter on behalf of a user level 55 * program. 56 */ 57 # define AAC_DEBUG_PREAMBLE KERN_INFO 58 # define AAC_DEBUG_POSTAMBLE 59 60 static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) 61 { 62 struct hw_fib * kfib; 63 struct fib *fibptr; 64 struct hw_fib * hw_fib = (struct hw_fib *)0; 65 dma_addr_t hw_fib_pa = (dma_addr_t)0LL; 66 unsigned int size, osize; 67 int retval; 68 69 if (dev->in_reset) { 70 return -EBUSY; 71 } 72 fibptr = aac_fib_alloc(dev); 73 if(fibptr == NULL) { 74 return -ENOMEM; 75 } 76 77 kfib = fibptr->hw_fib_va; 78 /* 79 * First copy in the header so that we can check the size field. 80 */ 81 if (copy_from_user((void *)kfib, arg, sizeof(struct aac_fibhdr))) { 82 aac_fib_free(fibptr); 83 return -EFAULT; 84 } 85 /* 86 * Since we copy based on the fib header size, make sure that we 87 * will not overrun the buffer when we copy the memory. Return 88 * an error if we would. 89 */ 90 osize = size = le16_to_cpu(kfib->header.Size) + 91 sizeof(struct aac_fibhdr); 92 if (size < le16_to_cpu(kfib->header.SenderSize)) 93 size = le16_to_cpu(kfib->header.SenderSize); 94 if (size > dev->max_fib_size) { 95 dma_addr_t daddr; 96 97 if (size > 2048) { 98 retval = -EINVAL; 99 goto cleanup; 100 } 101 102 kfib = pci_alloc_consistent(dev->pdev, size, &daddr); 103 if (!kfib) { 104 retval = -ENOMEM; 105 goto cleanup; 106 } 107 108 /* Highjack the hw_fib */ 109 hw_fib = fibptr->hw_fib_va; 110 hw_fib_pa = fibptr->hw_fib_pa; 111 fibptr->hw_fib_va = kfib; 112 fibptr->hw_fib_pa = daddr; 113 memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size); 114 memcpy(kfib, hw_fib, dev->max_fib_size); 115 } 116 117 if (copy_from_user(kfib, arg, size)) { 118 retval = -EFAULT; 119 goto cleanup; 120 } 121 122 /* Sanity check the second copy */ 123 if ((osize != le16_to_cpu(kfib->header.Size) + 124 sizeof(struct aac_fibhdr)) 125 || (size < le16_to_cpu(kfib->header.SenderSize))) { 126 retval = -EINVAL; 127 goto cleanup; 128 } 129 130 if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) { 131 aac_adapter_interrupt(dev); 132 /* 133 * Since we didn't really send a fib, zero out the state to allow 134 * cleanup code not to assert. 135 */ 136 kfib->header.XferState = 0; 137 } else { 138 retval = aac_fib_send(le16_to_cpu(kfib->header.Command), fibptr, 139 le16_to_cpu(kfib->header.Size) , FsaNormal, 140 1, 1, NULL, NULL); 141 if (retval) { 142 goto cleanup; 143 } 144 if (aac_fib_complete(fibptr) != 0) { 145 retval = -EINVAL; 146 goto cleanup; 147 } 148 } 149 /* 150 * Make sure that the size returned by the adapter (which includes 151 * the header) is less than or equal to the size of a fib, so we 152 * don't corrupt application data. Then copy that size to the user 153 * buffer. (Don't try to add the header information again, since it 154 * was already included by the adapter.) 155 */ 156 157 retval = 0; 158 if (copy_to_user(arg, (void *)kfib, size)) 159 retval = -EFAULT; 160 cleanup: 161 if (hw_fib) { 162 pci_free_consistent(dev->pdev, size, kfib, fibptr->hw_fib_pa); 163 fibptr->hw_fib_pa = hw_fib_pa; 164 fibptr->hw_fib_va = hw_fib; 165 } 166 if (retval != -ERESTARTSYS) 167 aac_fib_free(fibptr); 168 return retval; 169 } 170 171 /** 172 * open_getadapter_fib - Get the next fib 173 * 174 * This routine will get the next Fib, if available, from the AdapterFibContext 175 * passed in from the user. 176 */ 177 178 static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) 179 { 180 struct aac_fib_context * fibctx; 181 int status; 182 183 fibctx = kmalloc(sizeof(struct aac_fib_context), GFP_KERNEL); 184 if (fibctx == NULL) { 185 status = -ENOMEM; 186 } else { 187 unsigned long flags; 188 struct list_head * entry; 189 struct aac_fib_context * context; 190 191 fibctx->type = FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT; 192 fibctx->size = sizeof(struct aac_fib_context); 193 /* 194 * Yes yes, I know this could be an index, but we have a 195 * better guarantee of uniqueness for the locked loop below. 196 * Without the aid of a persistent history, this also helps 197 * reduce the chance that the opaque context would be reused. 198 */ 199 fibctx->unique = (u32)((ulong)fibctx & 0xFFFFFFFF); 200 /* 201 * Initialize the mutex used to wait for the next AIF. 202 */ 203 sema_init(&fibctx->wait_sem, 0); 204 fibctx->wait = 0; 205 /* 206 * Initialize the fibs and set the count of fibs on 207 * the list to 0. 208 */ 209 fibctx->count = 0; 210 INIT_LIST_HEAD(&fibctx->fib_list); 211 fibctx->jiffies = jiffies/HZ; 212 /* 213 * Now add this context onto the adapter's 214 * AdapterFibContext list. 215 */ 216 spin_lock_irqsave(&dev->fib_lock, flags); 217 /* Ensure that we have a unique identifier */ 218 entry = dev->fib_list.next; 219 while (entry != &dev->fib_list) { 220 context = list_entry(entry, struct aac_fib_context, next); 221 if (context->unique == fibctx->unique) { 222 /* Not unique (32 bits) */ 223 fibctx->unique++; 224 entry = dev->fib_list.next; 225 } else { 226 entry = entry->next; 227 } 228 } 229 list_add_tail(&fibctx->next, &dev->fib_list); 230 spin_unlock_irqrestore(&dev->fib_lock, flags); 231 if (copy_to_user(arg, &fibctx->unique, 232 sizeof(fibctx->unique))) { 233 status = -EFAULT; 234 } else { 235 status = 0; 236 } 237 } 238 return status; 239 } 240 241 /** 242 * next_getadapter_fib - get the next fib 243 * @dev: adapter to use 244 * @arg: ioctl argument 245 * 246 * This routine will get the next Fib, if available, from the AdapterFibContext 247 * passed in from the user. 248 */ 249 250 static int next_getadapter_fib(struct aac_dev * dev, void __user *arg) 251 { 252 struct fib_ioctl f; 253 struct fib *fib; 254 struct aac_fib_context *fibctx; 255 int status; 256 struct list_head * entry; 257 unsigned long flags; 258 259 if(copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl))) 260 return -EFAULT; 261 /* 262 * Verify that the HANDLE passed in was a valid AdapterFibContext 263 * 264 * Search the list of AdapterFibContext addresses on the adapter 265 * to be sure this is a valid address 266 */ 267 spin_lock_irqsave(&dev->fib_lock, flags); 268 entry = dev->fib_list.next; 269 fibctx = NULL; 270 271 while (entry != &dev->fib_list) { 272 fibctx = list_entry(entry, struct aac_fib_context, next); 273 /* 274 * Extract the AdapterFibContext from the Input parameters. 275 */ 276 if (fibctx->unique == f.fibctx) { /* We found a winner */ 277 break; 278 } 279 entry = entry->next; 280 fibctx = NULL; 281 } 282 if (!fibctx) { 283 spin_unlock_irqrestore(&dev->fib_lock, flags); 284 dprintk ((KERN_INFO "Fib Context not found\n")); 285 return -EINVAL; 286 } 287 288 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 289 (fibctx->size != sizeof(struct aac_fib_context))) { 290 spin_unlock_irqrestore(&dev->fib_lock, flags); 291 dprintk ((KERN_INFO "Fib Context corrupt?\n")); 292 return -EINVAL; 293 } 294 status = 0; 295 /* 296 * If there are no fibs to send back, then either wait or return 297 * -EAGAIN 298 */ 299 return_fib: 300 if (!list_empty(&fibctx->fib_list)) { 301 /* 302 * Pull the next fib from the fibs 303 */ 304 entry = fibctx->fib_list.next; 305 list_del(entry); 306 307 fib = list_entry(entry, struct fib, fiblink); 308 fibctx->count--; 309 spin_unlock_irqrestore(&dev->fib_lock, flags); 310 if (copy_to_user(f.fib, fib->hw_fib_va, sizeof(struct hw_fib))) { 311 kfree(fib->hw_fib_va); 312 kfree(fib); 313 return -EFAULT; 314 } 315 /* 316 * Free the space occupied by this copy of the fib. 317 */ 318 kfree(fib->hw_fib_va); 319 kfree(fib); 320 status = 0; 321 } else { 322 spin_unlock_irqrestore(&dev->fib_lock, flags); 323 /* If someone killed the AIF aacraid thread, restart it */ 324 status = !dev->aif_thread; 325 if (status && !dev->in_reset && dev->queues && dev->fsa_dev) { 326 /* Be paranoid, be very paranoid! */ 327 kthread_stop(dev->thread); 328 ssleep(1); 329 dev->aif_thread = 0; 330 dev->thread = kthread_run(aac_command_thread, dev, 331 "%s", dev->name); 332 ssleep(1); 333 } 334 if (f.wait) { 335 if(down_interruptible(&fibctx->wait_sem) < 0) { 336 status = -ERESTARTSYS; 337 } else { 338 /* Lock again and retry */ 339 spin_lock_irqsave(&dev->fib_lock, flags); 340 goto return_fib; 341 } 342 } else { 343 status = -EAGAIN; 344 } 345 } 346 fibctx->jiffies = jiffies/HZ; 347 return status; 348 } 349 350 int aac_close_fib_context(struct aac_dev * dev, struct aac_fib_context * fibctx) 351 { 352 struct fib *fib; 353 354 /* 355 * First free any FIBs that have not been consumed. 356 */ 357 while (!list_empty(&fibctx->fib_list)) { 358 struct list_head * entry; 359 /* 360 * Pull the next fib from the fibs 361 */ 362 entry = fibctx->fib_list.next; 363 list_del(entry); 364 fib = list_entry(entry, struct fib, fiblink); 365 fibctx->count--; 366 /* 367 * Free the space occupied by this copy of the fib. 368 */ 369 kfree(fib->hw_fib_va); 370 kfree(fib); 371 } 372 /* 373 * Remove the Context from the AdapterFibContext List 374 */ 375 list_del(&fibctx->next); 376 /* 377 * Invalidate context 378 */ 379 fibctx->type = 0; 380 /* 381 * Free the space occupied by the Context 382 */ 383 kfree(fibctx); 384 return 0; 385 } 386 387 /** 388 * close_getadapter_fib - close down user fib context 389 * @dev: adapter 390 * @arg: ioctl arguments 391 * 392 * This routine will close down the fibctx passed in from the user. 393 */ 394 395 static int close_getadapter_fib(struct aac_dev * dev, void __user *arg) 396 { 397 struct aac_fib_context *fibctx; 398 int status; 399 unsigned long flags; 400 struct list_head * entry; 401 402 /* 403 * Verify that the HANDLE passed in was a valid AdapterFibContext 404 * 405 * Search the list of AdapterFibContext addresses on the adapter 406 * to be sure this is a valid address 407 */ 408 409 entry = dev->fib_list.next; 410 fibctx = NULL; 411 412 while(entry != &dev->fib_list) { 413 fibctx = list_entry(entry, struct aac_fib_context, next); 414 /* 415 * Extract the fibctx from the input parameters 416 */ 417 if (fibctx->unique == (u32)(uintptr_t)arg) /* We found a winner */ 418 break; 419 entry = entry->next; 420 fibctx = NULL; 421 } 422 423 if (!fibctx) 424 return 0; /* Already gone */ 425 426 if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || 427 (fibctx->size != sizeof(struct aac_fib_context))) 428 return -EINVAL; 429 spin_lock_irqsave(&dev->fib_lock, flags); 430 status = aac_close_fib_context(dev, fibctx); 431 spin_unlock_irqrestore(&dev->fib_lock, flags); 432 return status; 433 } 434 435 /** 436 * check_revision - close down user fib context 437 * @dev: adapter 438 * @arg: ioctl arguments 439 * 440 * This routine returns the driver version. 441 * Under Linux, there have been no version incompatibilities, so this is 442 * simple! 443 */ 444 445 static int check_revision(struct aac_dev *dev, void __user *arg) 446 { 447 struct revision response; 448 char *driver_version = aac_driver_version; 449 u32 version; 450 451 response.compat = 1; 452 version = (simple_strtol(driver_version, 453 &driver_version, 10) << 24) | 0x00000400; 454 version += simple_strtol(driver_version + 1, &driver_version, 10) << 16; 455 version += simple_strtol(driver_version + 1, NULL, 10); 456 response.version = cpu_to_le32(version); 457 # ifdef AAC_DRIVER_BUILD 458 response.build = cpu_to_le32(AAC_DRIVER_BUILD); 459 # else 460 response.build = cpu_to_le32(9999); 461 # endif 462 463 if (copy_to_user(arg, &response, sizeof(response))) 464 return -EFAULT; 465 return 0; 466 } 467 468 469 /** 470 * 471 * aac_send_raw_scb 472 * 473 */ 474 475 static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) 476 { 477 struct fib* srbfib; 478 int status; 479 struct aac_srb *srbcmd = NULL; 480 struct user_aac_srb *user_srbcmd = NULL; 481 struct user_aac_srb __user *user_srb = arg; 482 struct aac_srb_reply __user *user_reply; 483 struct aac_srb_reply* reply; 484 u32 fibsize = 0; 485 u32 flags = 0; 486 s32 rcode = 0; 487 u32 data_dir; 488 void __user *sg_user[32]; 489 void *sg_list[32]; 490 u32 sg_indx = 0; 491 u32 byte_count = 0; 492 u32 actual_fibsize64, actual_fibsize = 0; 493 int i; 494 495 496 if (dev->in_reset) { 497 dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); 498 return -EBUSY; 499 } 500 if (!capable(CAP_SYS_ADMIN)){ 501 dprintk((KERN_DEBUG"aacraid: No permission to send raw srb\n")); 502 return -EPERM; 503 } 504 /* 505 * Allocate and initialize a Fib then setup a SRB command 506 */ 507 if (!(srbfib = aac_fib_alloc(dev))) { 508 return -ENOMEM; 509 } 510 aac_fib_init(srbfib); 511 /* raw_srb FIB is not FastResponseCapable */ 512 srbfib->hw_fib_va->header.XferState &= ~cpu_to_le32(FastResponseCapable); 513 514 srbcmd = (struct aac_srb*) fib_data(srbfib); 515 516 memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */ 517 if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){ 518 dprintk((KERN_DEBUG"aacraid: Could not copy data size from user\n")); 519 rcode = -EFAULT; 520 goto cleanup; 521 } 522 523 if ((fibsize < (sizeof(struct user_aac_srb) - sizeof(struct user_sgentry))) || 524 (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr)))) { 525 rcode = -EINVAL; 526 goto cleanup; 527 } 528 529 user_srbcmd = kmalloc(fibsize, GFP_KERNEL); 530 if (!user_srbcmd) { 531 dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); 532 rcode = -ENOMEM; 533 goto cleanup; 534 } 535 if(copy_from_user(user_srbcmd, user_srb,fibsize)){ 536 dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); 537 rcode = -EFAULT; 538 goto cleanup; 539 } 540 541 user_reply = arg+fibsize; 542 543 flags = user_srbcmd->flags; /* from user in cpu order */ 544 // Fix up srb for endian and force some values 545 546 srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); // Force this 547 srbcmd->channel = cpu_to_le32(user_srbcmd->channel); 548 srbcmd->id = cpu_to_le32(user_srbcmd->id); 549 srbcmd->lun = cpu_to_le32(user_srbcmd->lun); 550 srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); 551 srbcmd->flags = cpu_to_le32(flags); 552 srbcmd->retry_limit = 0; // Obsolete parameter 553 srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); 554 memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb)); 555 556 switch (flags & (SRB_DataIn | SRB_DataOut)) { 557 case SRB_DataOut: 558 data_dir = DMA_TO_DEVICE; 559 break; 560 case (SRB_DataIn | SRB_DataOut): 561 data_dir = DMA_BIDIRECTIONAL; 562 break; 563 case SRB_DataIn: 564 data_dir = DMA_FROM_DEVICE; 565 break; 566 default: 567 data_dir = DMA_NONE; 568 } 569 if (user_srbcmd->sg.count > ARRAY_SIZE(sg_list)) { 570 dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", 571 le32_to_cpu(srbcmd->sg.count))); 572 rcode = -EINVAL; 573 goto cleanup; 574 } 575 actual_fibsize = sizeof(struct aac_srb) - sizeof(struct sgentry) + 576 ((user_srbcmd->sg.count & 0xff) * sizeof(struct sgentry)); 577 actual_fibsize64 = actual_fibsize + (user_srbcmd->sg.count & 0xff) * 578 (sizeof(struct sgentry64) - sizeof(struct sgentry)); 579 /* User made a mistake - should not continue */ 580 if ((actual_fibsize != fibsize) && (actual_fibsize64 != fibsize)) { 581 dprintk((KERN_DEBUG"aacraid: Bad Size specified in " 582 "Raw SRB command calculated fibsize=%lu;%lu " 583 "user_srbcmd->sg.count=%d aac_srb=%lu sgentry=%lu;%lu " 584 "issued fibsize=%d\n", 585 actual_fibsize, actual_fibsize64, user_srbcmd->sg.count, 586 sizeof(struct aac_srb), sizeof(struct sgentry), 587 sizeof(struct sgentry64), fibsize)); 588 rcode = -EINVAL; 589 goto cleanup; 590 } 591 if ((data_dir == DMA_NONE) && user_srbcmd->sg.count) { 592 dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n")); 593 rcode = -EINVAL; 594 goto cleanup; 595 } 596 byte_count = 0; 597 if (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) { 598 struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg; 599 struct sgmap64* psg = (struct sgmap64*)&srbcmd->sg; 600 601 /* 602 * This should also catch if user used the 32 bit sgmap 603 */ 604 if (actual_fibsize64 == fibsize) { 605 actual_fibsize = actual_fibsize64; 606 for (i = 0; i < upsg->count; i++) { 607 u64 addr; 608 void* p; 609 if (upsg->sg[i].count > 610 ((dev->adapter_info.options & 611 AAC_OPT_NEW_COMM) ? 612 (dev->scsi_host_ptr->max_sectors << 9) : 613 65536)) { 614 rcode = -EINVAL; 615 goto cleanup; 616 } 617 /* Does this really need to be GFP_DMA? */ 618 p = kmalloc(upsg->sg[i].count,GFP_KERNEL|__GFP_DMA); 619 if(!p) { 620 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 621 upsg->sg[i].count,i,upsg->count)); 622 rcode = -ENOMEM; 623 goto cleanup; 624 } 625 addr = (u64)upsg->sg[i].addr[0]; 626 addr += ((u64)upsg->sg[i].addr[1]) << 32; 627 sg_user[i] = (void __user *)(uintptr_t)addr; 628 sg_list[i] = p; // save so we can clean up later 629 sg_indx = i; 630 631 if (flags & SRB_DataOut) { 632 if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ 633 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 634 rcode = -EFAULT; 635 goto cleanup; 636 } 637 } 638 addr = pci_map_single(dev->pdev, p, upsg->sg[i].count, data_dir); 639 640 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 641 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 642 byte_count += upsg->sg[i].count; 643 psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); 644 } 645 } else { 646 struct user_sgmap* usg; 647 usg = kmemdup(upsg, 648 actual_fibsize - sizeof(struct aac_srb) 649 + sizeof(struct sgmap), GFP_KERNEL); 650 if (!usg) { 651 dprintk((KERN_DEBUG"aacraid: Allocation error in Raw SRB command\n")); 652 rcode = -ENOMEM; 653 goto cleanup; 654 } 655 actual_fibsize = actual_fibsize64; 656 657 for (i = 0; i < usg->count; i++) { 658 u64 addr; 659 void* p; 660 if (usg->sg[i].count > 661 ((dev->adapter_info.options & 662 AAC_OPT_NEW_COMM) ? 663 (dev->scsi_host_ptr->max_sectors << 9) : 664 65536)) { 665 kfree(usg); 666 rcode = -EINVAL; 667 goto cleanup; 668 } 669 /* Does this really need to be GFP_DMA? */ 670 p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); 671 if(!p) { 672 dprintk((KERN_DEBUG "aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 673 usg->sg[i].count,i,usg->count)); 674 kfree(usg); 675 rcode = -ENOMEM; 676 goto cleanup; 677 } 678 sg_user[i] = (void __user *)(uintptr_t)usg->sg[i].addr; 679 sg_list[i] = p; // save so we can clean up later 680 sg_indx = i; 681 682 if (flags & SRB_DataOut) { 683 if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ 684 kfree (usg); 685 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 686 rcode = -EFAULT; 687 goto cleanup; 688 } 689 } 690 addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); 691 692 psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); 693 psg->sg[i].addr[1] = cpu_to_le32(addr>>32); 694 byte_count += usg->sg[i].count; 695 psg->sg[i].count = cpu_to_le32(usg->sg[i].count); 696 } 697 kfree (usg); 698 } 699 srbcmd->count = cpu_to_le32(byte_count); 700 if (user_srbcmd->sg.count) 701 psg->count = cpu_to_le32(sg_indx+1); 702 else 703 psg->count = 0; 704 status = aac_fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); 705 } else { 706 struct user_sgmap* upsg = &user_srbcmd->sg; 707 struct sgmap* psg = &srbcmd->sg; 708 709 if (actual_fibsize64 == fibsize) { 710 struct user_sgmap64* usg = (struct user_sgmap64 *)upsg; 711 for (i = 0; i < upsg->count; i++) { 712 uintptr_t addr; 713 void* p; 714 if (usg->sg[i].count > 715 ((dev->adapter_info.options & 716 AAC_OPT_NEW_COMM) ? 717 (dev->scsi_host_ptr->max_sectors << 9) : 718 65536)) { 719 rcode = -EINVAL; 720 goto cleanup; 721 } 722 /* Does this really need to be GFP_DMA? */ 723 p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); 724 if(!p) { 725 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 726 usg->sg[i].count,i,usg->count)); 727 rcode = -ENOMEM; 728 goto cleanup; 729 } 730 addr = (u64)usg->sg[i].addr[0]; 731 addr += ((u64)usg->sg[i].addr[1]) << 32; 732 sg_user[i] = (void __user *)addr; 733 sg_list[i] = p; // save so we can clean up later 734 sg_indx = i; 735 736 if (flags & SRB_DataOut) { 737 if(copy_from_user(p,sg_user[i],usg->sg[i].count)){ 738 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 739 rcode = -EFAULT; 740 goto cleanup; 741 } 742 } 743 addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); 744 745 psg->sg[i].addr = cpu_to_le32(addr & 0xffffffff); 746 byte_count += usg->sg[i].count; 747 psg->sg[i].count = cpu_to_le32(usg->sg[i].count); 748 } 749 } else { 750 for (i = 0; i < upsg->count; i++) { 751 dma_addr_t addr; 752 void* p; 753 if (upsg->sg[i].count > 754 ((dev->adapter_info.options & 755 AAC_OPT_NEW_COMM) ? 756 (dev->scsi_host_ptr->max_sectors << 9) : 757 65536)) { 758 rcode = -EINVAL; 759 goto cleanup; 760 } 761 p = kmalloc(upsg->sg[i].count, GFP_KERNEL); 762 if (!p) { 763 dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", 764 upsg->sg[i].count, i, upsg->count)); 765 rcode = -ENOMEM; 766 goto cleanup; 767 } 768 sg_user[i] = (void __user *)(uintptr_t)upsg->sg[i].addr; 769 sg_list[i] = p; // save so we can clean up later 770 sg_indx = i; 771 772 if (flags & SRB_DataOut) { 773 if(copy_from_user(p, sg_user[i], 774 upsg->sg[i].count)) { 775 dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); 776 rcode = -EFAULT; 777 goto cleanup; 778 } 779 } 780 addr = pci_map_single(dev->pdev, p, 781 upsg->sg[i].count, data_dir); 782 783 psg->sg[i].addr = cpu_to_le32(addr); 784 byte_count += upsg->sg[i].count; 785 psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); 786 } 787 } 788 srbcmd->count = cpu_to_le32(byte_count); 789 if (user_srbcmd->sg.count) 790 psg->count = cpu_to_le32(sg_indx+1); 791 else 792 psg->count = 0; 793 status = aac_fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); 794 } 795 if (status == -ERESTARTSYS) { 796 rcode = -ERESTARTSYS; 797 goto cleanup; 798 } 799 800 if (status != 0){ 801 dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); 802 rcode = -ENXIO; 803 goto cleanup; 804 } 805 806 if (flags & SRB_DataIn) { 807 for(i = 0 ; i <= sg_indx; i++){ 808 byte_count = le32_to_cpu( 809 (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) 810 ? ((struct sgmap64*)&srbcmd->sg)->sg[i].count 811 : srbcmd->sg.sg[i].count); 812 if(copy_to_user(sg_user[i], sg_list[i], byte_count)){ 813 dprintk((KERN_DEBUG"aacraid: Could not copy sg data to user\n")); 814 rcode = -EFAULT; 815 goto cleanup; 816 817 } 818 } 819 } 820 821 reply = (struct aac_srb_reply *) fib_data(srbfib); 822 if(copy_to_user(user_reply,reply,sizeof(struct aac_srb_reply))){ 823 dprintk((KERN_DEBUG"aacraid: Could not copy reply to user\n")); 824 rcode = -EFAULT; 825 goto cleanup; 826 } 827 828 cleanup: 829 kfree(user_srbcmd); 830 for(i=0; i <= sg_indx; i++){ 831 kfree(sg_list[i]); 832 } 833 if (rcode != -ERESTARTSYS) { 834 aac_fib_complete(srbfib); 835 aac_fib_free(srbfib); 836 } 837 838 return rcode; 839 } 840 841 struct aac_pci_info { 842 u32 bus; 843 u32 slot; 844 }; 845 846 847 static int aac_get_pci_info(struct aac_dev* dev, void __user *arg) 848 { 849 struct aac_pci_info pci_info; 850 851 pci_info.bus = dev->pdev->bus->number; 852 pci_info.slot = PCI_SLOT(dev->pdev->devfn); 853 854 if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) { 855 dprintk((KERN_DEBUG "aacraid: Could not copy pci info\n")); 856 return -EFAULT; 857 } 858 return 0; 859 } 860 861 862 int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) 863 { 864 int status; 865 866 mutex_lock(&dev->ioctl_mutex); 867 868 if (dev->adapter_shutdown) { 869 status = -EACCES; 870 goto cleanup; 871 } 872 873 /* 874 * HBA gets first crack 875 */ 876 877 status = aac_dev_ioctl(dev, cmd, arg); 878 if (status != -ENOTTY) 879 goto cleanup; 880 881 switch (cmd) { 882 case FSACTL_MINIPORT_REV_CHECK: 883 status = check_revision(dev, arg); 884 break; 885 case FSACTL_SEND_LARGE_FIB: 886 case FSACTL_SENDFIB: 887 status = ioctl_send_fib(dev, arg); 888 break; 889 case FSACTL_OPEN_GET_ADAPTER_FIB: 890 status = open_getadapter_fib(dev, arg); 891 break; 892 case FSACTL_GET_NEXT_ADAPTER_FIB: 893 status = next_getadapter_fib(dev, arg); 894 break; 895 case FSACTL_CLOSE_GET_ADAPTER_FIB: 896 status = close_getadapter_fib(dev, arg); 897 break; 898 case FSACTL_SEND_RAW_SRB: 899 status = aac_send_raw_srb(dev,arg); 900 break; 901 case FSACTL_GET_PCI_INFO: 902 status = aac_get_pci_info(dev,arg); 903 break; 904 default: 905 status = -ENOTTY; 906 break; 907 } 908 909 cleanup: 910 mutex_unlock(&dev->ioctl_mutex); 911 912 return status; 913 } 914 915