1 /*
2  * Management Module Support for MPT (Message Passing Technology) based
3  * controllers
4  *
5  * This code is based on drivers/scsi/mpt3sas/mpt3sas_ctl.c
6  * Copyright (C) 2012-2014  LSI Corporation
7  *  (mailto:DL-MPTFusionLinux@lsi.com)
8  *
9  * This program is free software; you can redistribute it and/or
10  * modify it under the terms of the GNU General Public License
11  * as published by the Free Software Foundation; either version 2
12  * of the License, or (at your option) any later version.
13  *
14  * This program is distributed in the hope that it will be useful,
15  * but WITHOUT ANY WARRANTY; without even the implied warranty of
16  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
17  * GNU General Public License for more details.
18  *
19  * NO WARRANTY
20  * THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
21  * CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
22  * LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
23  * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
24  * solely responsible for determining the appropriateness of using and
25  * distributing the Program and assumes all risks associated with its
26  * exercise of rights under this Agreement, including but not limited to
27  * the risks and costs of program errors, damage to or loss of data,
28  * programs or equipment, and unavailability or interruption of operations.
29 
30  * DISCLAIMER OF LIABILITY
31  * NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
32  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
33  * DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
34  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
35  * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
36  * USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
37  * HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
38 
39  * You should have received a copy of the GNU General Public License
40  * along with this program; if not, write to the Free Software
41  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
42  * USA.
43  */
44 
45 #include <linux/kernel.h>
46 #include <linux/module.h>
47 #include <linux/errno.h>
48 #include <linux/init.h>
49 #include <linux/slab.h>
50 #include <linux/types.h>
51 #include <linux/pci.h>
52 #include <linux/delay.h>
53 #include <linux/compat.h>
54 #include <linux/poll.h>
55 
56 #include <linux/io.h>
57 #include <linux/uaccess.h>
58 
59 #include "mpt3sas_base.h"
60 #include "mpt3sas_ctl.h"
61 
62 
63 static struct fasync_struct *async_queue;
64 static DECLARE_WAIT_QUEUE_HEAD(ctl_poll_wait);
65 
66 
67 /**
68  * enum block_state - blocking state
69  * @NON_BLOCKING: non blocking
70  * @BLOCKING: blocking
71  *
72  * These states are for ioctls that need to wait for a response
73  * from firmware, so they probably require sleep.
74  */
75 enum block_state {
76 	NON_BLOCKING,
77 	BLOCKING,
78 };
79 
80 #ifdef CONFIG_SCSI_MPT3SAS_LOGGING
81 /**
82  * _ctl_sas_device_find_by_handle - sas device search
83  * @ioc: per adapter object
84  * @handle: sas device handle (assigned by firmware)
85  * Context: Calling function should acquire ioc->sas_device_lock
86  *
87  * This searches for sas_device based on sas_address, then return sas_device
88  * object.
89  */
90 static struct _sas_device *
91 _ctl_sas_device_find_by_handle(struct MPT3SAS_ADAPTER *ioc, u16 handle)
92 {
93 	struct _sas_device *sas_device, *r;
94 
95 	r = NULL;
96 	list_for_each_entry(sas_device, &ioc->sas_device_list, list) {
97 		if (sas_device->handle != handle)
98 			continue;
99 		r = sas_device;
100 		goto out;
101 	}
102 
103  out:
104 	return r;
105 }
106 
107 /**
108  * _ctl_display_some_debug - debug routine
109  * @ioc: per adapter object
110  * @smid: system request message index
111  * @calling_function_name: string pass from calling function
112  * @mpi_reply: reply message frame
113  * Context: none.
114  *
115  * Function for displaying debug info helpful when debugging issues
116  * in this module.
117  */
118 static void
119 _ctl_display_some_debug(struct MPT3SAS_ADAPTER *ioc, u16 smid,
120 	char *calling_function_name, MPI2DefaultReply_t *mpi_reply)
121 {
122 	Mpi2ConfigRequest_t *mpi_request;
123 	char *desc = NULL;
124 
125 	if (!(ioc->logging_level & MPT_DEBUG_IOCTL))
126 		return;
127 
128 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
129 	switch (mpi_request->Function) {
130 	case MPI2_FUNCTION_SCSI_IO_REQUEST:
131 	{
132 		Mpi2SCSIIORequest_t *scsi_request =
133 		    (Mpi2SCSIIORequest_t *)mpi_request;
134 
135 		snprintf(ioc->tmp_string, MPT_STRING_LENGTH,
136 		    "scsi_io, cmd(0x%02x), cdb_len(%d)",
137 		    scsi_request->CDB.CDB32[0],
138 		    le16_to_cpu(scsi_request->IoFlags) & 0xF);
139 		desc = ioc->tmp_string;
140 		break;
141 	}
142 	case MPI2_FUNCTION_SCSI_TASK_MGMT:
143 		desc = "task_mgmt";
144 		break;
145 	case MPI2_FUNCTION_IOC_INIT:
146 		desc = "ioc_init";
147 		break;
148 	case MPI2_FUNCTION_IOC_FACTS:
149 		desc = "ioc_facts";
150 		break;
151 	case MPI2_FUNCTION_CONFIG:
152 	{
153 		Mpi2ConfigRequest_t *config_request =
154 		    (Mpi2ConfigRequest_t *)mpi_request;
155 
156 		snprintf(ioc->tmp_string, MPT_STRING_LENGTH,
157 		    "config, type(0x%02x), ext_type(0x%02x), number(%d)",
158 		    (config_request->Header.PageType &
159 		     MPI2_CONFIG_PAGETYPE_MASK), config_request->ExtPageType,
160 		    config_request->Header.PageNumber);
161 		desc = ioc->tmp_string;
162 		break;
163 	}
164 	case MPI2_FUNCTION_PORT_FACTS:
165 		desc = "port_facts";
166 		break;
167 	case MPI2_FUNCTION_PORT_ENABLE:
168 		desc = "port_enable";
169 		break;
170 	case MPI2_FUNCTION_EVENT_NOTIFICATION:
171 		desc = "event_notification";
172 		break;
173 	case MPI2_FUNCTION_FW_DOWNLOAD:
174 		desc = "fw_download";
175 		break;
176 	case MPI2_FUNCTION_FW_UPLOAD:
177 		desc = "fw_upload";
178 		break;
179 	case MPI2_FUNCTION_RAID_ACTION:
180 		desc = "raid_action";
181 		break;
182 	case MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
183 	{
184 		Mpi2SCSIIORequest_t *scsi_request =
185 		    (Mpi2SCSIIORequest_t *)mpi_request;
186 
187 		snprintf(ioc->tmp_string, MPT_STRING_LENGTH,
188 		    "raid_pass, cmd(0x%02x), cdb_len(%d)",
189 		    scsi_request->CDB.CDB32[0],
190 		    le16_to_cpu(scsi_request->IoFlags) & 0xF);
191 		desc = ioc->tmp_string;
192 		break;
193 	}
194 	case MPI2_FUNCTION_SAS_IO_UNIT_CONTROL:
195 		desc = "sas_iounit_cntl";
196 		break;
197 	case MPI2_FUNCTION_SATA_PASSTHROUGH:
198 		desc = "sata_pass";
199 		break;
200 	case MPI2_FUNCTION_DIAG_BUFFER_POST:
201 		desc = "diag_buffer_post";
202 		break;
203 	case MPI2_FUNCTION_DIAG_RELEASE:
204 		desc = "diag_release";
205 		break;
206 	case MPI2_FUNCTION_SMP_PASSTHROUGH:
207 		desc = "smp_passthrough";
208 		break;
209 	}
210 
211 	if (!desc)
212 		return;
213 
214 	pr_info(MPT3SAS_FMT "%s: %s, smid(%d)\n",
215 	    ioc->name, calling_function_name, desc, smid);
216 
217 	if (!mpi_reply)
218 		return;
219 
220 	if (mpi_reply->IOCStatus || mpi_reply->IOCLogInfo)
221 		pr_info(MPT3SAS_FMT
222 		    "\tiocstatus(0x%04x), loginfo(0x%08x)\n",
223 		    ioc->name, le16_to_cpu(mpi_reply->IOCStatus),
224 		    le32_to_cpu(mpi_reply->IOCLogInfo));
225 
226 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
227 	    mpi_request->Function ==
228 	    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH) {
229 		Mpi2SCSIIOReply_t *scsi_reply =
230 		    (Mpi2SCSIIOReply_t *)mpi_reply;
231 		struct _sas_device *sas_device = NULL;
232 		unsigned long flags;
233 
234 		spin_lock_irqsave(&ioc->sas_device_lock, flags);
235 		sas_device = _ctl_sas_device_find_by_handle(ioc,
236 		    le16_to_cpu(scsi_reply->DevHandle));
237 		if (sas_device) {
238 			pr_warn(MPT3SAS_FMT "\tsas_address(0x%016llx), phy(%d)\n",
239 				ioc->name, (unsigned long long)
240 			    sas_device->sas_address, sas_device->phy);
241 			pr_warn(MPT3SAS_FMT
242 			    "\tenclosure_logical_id(0x%016llx), slot(%d)\n",
243 			    ioc->name, (unsigned long long)
244 			    sas_device->enclosure_logical_id, sas_device->slot);
245 		}
246 		spin_unlock_irqrestore(&ioc->sas_device_lock, flags);
247 		if (scsi_reply->SCSIState || scsi_reply->SCSIStatus)
248 			pr_info(MPT3SAS_FMT
249 			    "\tscsi_state(0x%02x), scsi_status"
250 			    "(0x%02x)\n", ioc->name,
251 			    scsi_reply->SCSIState,
252 			    scsi_reply->SCSIStatus);
253 	}
254 }
255 
256 #endif
257 
258 /**
259  * mpt3sas_ctl_done - ctl module completion routine
260  * @ioc: per adapter object
261  * @smid: system request message index
262  * @msix_index: MSIX table index supplied by the OS
263  * @reply: reply message frame(lower 32bit addr)
264  * Context: none.
265  *
266  * The callback handler when using ioc->ctl_cb_idx.
267  *
268  * Return 1 meaning mf should be freed from _base_interrupt
269  *        0 means the mf is freed from this function.
270  */
271 u8
272 mpt3sas_ctl_done(struct MPT3SAS_ADAPTER *ioc, u16 smid, u8 msix_index,
273 	u32 reply)
274 {
275 	MPI2DefaultReply_t *mpi_reply;
276 	Mpi2SCSIIOReply_t *scsiio_reply;
277 	const void *sense_data;
278 	u32 sz;
279 
280 	if (ioc->ctl_cmds.status == MPT3_CMD_NOT_USED)
281 		return 1;
282 	if (ioc->ctl_cmds.smid != smid)
283 		return 1;
284 	ioc->ctl_cmds.status |= MPT3_CMD_COMPLETE;
285 	mpi_reply = mpt3sas_base_get_reply_virt_addr(ioc, reply);
286 	if (mpi_reply) {
287 		memcpy(ioc->ctl_cmds.reply, mpi_reply, mpi_reply->MsgLength*4);
288 		ioc->ctl_cmds.status |= MPT3_CMD_REPLY_VALID;
289 		/* get sense data */
290 		if (mpi_reply->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
291 		    mpi_reply->Function ==
292 		    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH) {
293 			scsiio_reply = (Mpi2SCSIIOReply_t *)mpi_reply;
294 			if (scsiio_reply->SCSIState &
295 			    MPI2_SCSI_STATE_AUTOSENSE_VALID) {
296 				sz = min_t(u32, SCSI_SENSE_BUFFERSIZE,
297 				    le32_to_cpu(scsiio_reply->SenseCount));
298 				sense_data = mpt3sas_base_get_sense_buffer(ioc,
299 				    smid);
300 				memcpy(ioc->ctl_cmds.sense, sense_data, sz);
301 			}
302 		}
303 	}
304 #ifdef CONFIG_SCSI_MPT3SAS_LOGGING
305 	_ctl_display_some_debug(ioc, smid, "ctl_done", mpi_reply);
306 #endif
307 	ioc->ctl_cmds.status &= ~MPT3_CMD_PENDING;
308 	complete(&ioc->ctl_cmds.done);
309 	return 1;
310 }
311 
312 /**
313  * _ctl_check_event_type - determines when an event needs logging
314  * @ioc: per adapter object
315  * @event: firmware event
316  *
317  * The bitmask in ioc->event_type[] indicates which events should be
318  * be saved in the driver event_log.  This bitmask is set by application.
319  *
320  * Returns 1 when event should be captured, or zero means no match.
321  */
322 static int
323 _ctl_check_event_type(struct MPT3SAS_ADAPTER *ioc, u16 event)
324 {
325 	u16 i;
326 	u32 desired_event;
327 
328 	if (event >= 128 || !event || !ioc->event_log)
329 		return 0;
330 
331 	desired_event = (1 << (event % 32));
332 	if (!desired_event)
333 		desired_event = 1;
334 	i = event / 32;
335 	return desired_event & ioc->event_type[i];
336 }
337 
338 /**
339  * mpt3sas_ctl_add_to_event_log - add event
340  * @ioc: per adapter object
341  * @mpi_reply: reply message frame
342  *
343  * Return nothing.
344  */
345 void
346 mpt3sas_ctl_add_to_event_log(struct MPT3SAS_ADAPTER *ioc,
347 	Mpi2EventNotificationReply_t *mpi_reply)
348 {
349 	struct MPT3_IOCTL_EVENTS *event_log;
350 	u16 event;
351 	int i;
352 	u32 sz, event_data_sz;
353 	u8 send_aen = 0;
354 
355 	if (!ioc->event_log)
356 		return;
357 
358 	event = le16_to_cpu(mpi_reply->Event);
359 
360 	if (_ctl_check_event_type(ioc, event)) {
361 
362 		/* insert entry into circular event_log */
363 		i = ioc->event_context % MPT3SAS_CTL_EVENT_LOG_SIZE;
364 		event_log = ioc->event_log;
365 		event_log[i].event = event;
366 		event_log[i].context = ioc->event_context++;
367 
368 		event_data_sz = le16_to_cpu(mpi_reply->EventDataLength)*4;
369 		sz = min_t(u32, event_data_sz, MPT3_EVENT_DATA_SIZE);
370 		memset(event_log[i].data, 0, MPT3_EVENT_DATA_SIZE);
371 		memcpy(event_log[i].data, mpi_reply->EventData, sz);
372 		send_aen = 1;
373 	}
374 
375 	/* This aen_event_read_flag flag is set until the
376 	 * application has read the event log.
377 	 * For MPI2_EVENT_LOG_ENTRY_ADDED, we always notify.
378 	 */
379 	if (event == MPI2_EVENT_LOG_ENTRY_ADDED ||
380 	    (send_aen && !ioc->aen_event_read_flag)) {
381 		ioc->aen_event_read_flag = 1;
382 		wake_up_interruptible(&ctl_poll_wait);
383 		if (async_queue)
384 			kill_fasync(&async_queue, SIGIO, POLL_IN);
385 	}
386 }
387 
388 /**
389  * mpt3sas_ctl_event_callback - firmware event handler (called at ISR time)
390  * @ioc: per adapter object
391  * @msix_index: MSIX table index supplied by the OS
392  * @reply: reply message frame(lower 32bit addr)
393  * Context: interrupt.
394  *
395  * This function merely adds a new work task into ioc->firmware_event_thread.
396  * The tasks are worked from _firmware_event_work in user context.
397  *
398  * Return 1 meaning mf should be freed from _base_interrupt
399  *        0 means the mf is freed from this function.
400  */
401 u8
402 mpt3sas_ctl_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index,
403 	u32 reply)
404 {
405 	Mpi2EventNotificationReply_t *mpi_reply;
406 
407 	mpi_reply = mpt3sas_base_get_reply_virt_addr(ioc, reply);
408 	mpt3sas_ctl_add_to_event_log(ioc, mpi_reply);
409 	return 1;
410 }
411 
412 /**
413  * _ctl_verify_adapter - validates ioc_number passed from application
414  * @ioc: per adapter object
415  * @iocpp: The ioc pointer is returned in this.
416  *
417  * Return (-1) means error, else ioc_number.
418  */
419 static int
420 _ctl_verify_adapter(int ioc_number, struct MPT3SAS_ADAPTER **iocpp)
421 {
422 	struct MPT3SAS_ADAPTER *ioc;
423 
424 	list_for_each_entry(ioc, &mpt3sas_ioc_list, list) {
425 		if (ioc->id != ioc_number)
426 			continue;
427 		*iocpp = ioc;
428 		return ioc_number;
429 	}
430 	*iocpp = NULL;
431 	return -1;
432 }
433 
434 /**
435  * mpt3sas_ctl_reset_handler - reset callback handler (for ctl)
436  * @ioc: per adapter object
437  * @reset_phase: phase
438  *
439  * The handler for doing any required cleanup or initialization.
440  *
441  * The reset phase can be MPT3_IOC_PRE_RESET, MPT3_IOC_AFTER_RESET,
442  * MPT3_IOC_DONE_RESET
443  */
444 void
445 mpt3sas_ctl_reset_handler(struct MPT3SAS_ADAPTER *ioc, int reset_phase)
446 {
447 	int i;
448 	u8 issue_reset;
449 
450 	switch (reset_phase) {
451 	case MPT3_IOC_PRE_RESET:
452 		dtmprintk(ioc, pr_info(MPT3SAS_FMT
453 			"%s: MPT3_IOC_PRE_RESET\n", ioc->name, __func__));
454 		for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
455 			if (!(ioc->diag_buffer_status[i] &
456 			    MPT3_DIAG_BUFFER_IS_REGISTERED))
457 				continue;
458 			if ((ioc->diag_buffer_status[i] &
459 			    MPT3_DIAG_BUFFER_IS_RELEASED))
460 				continue;
461 			mpt3sas_send_diag_release(ioc, i, &issue_reset);
462 		}
463 		break;
464 	case MPT3_IOC_AFTER_RESET:
465 		dtmprintk(ioc, pr_info(MPT3SAS_FMT
466 			"%s: MPT3_IOC_AFTER_RESET\n", ioc->name, __func__));
467 		if (ioc->ctl_cmds.status & MPT3_CMD_PENDING) {
468 			ioc->ctl_cmds.status |= MPT3_CMD_RESET;
469 			mpt3sas_base_free_smid(ioc, ioc->ctl_cmds.smid);
470 			complete(&ioc->ctl_cmds.done);
471 		}
472 		break;
473 	case MPT3_IOC_DONE_RESET:
474 		dtmprintk(ioc, pr_info(MPT3SAS_FMT
475 			"%s: MPT3_IOC_DONE_RESET\n", ioc->name, __func__));
476 
477 		for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
478 			if (!(ioc->diag_buffer_status[i] &
479 			    MPT3_DIAG_BUFFER_IS_REGISTERED))
480 				continue;
481 			if ((ioc->diag_buffer_status[i] &
482 			    MPT3_DIAG_BUFFER_IS_RELEASED))
483 				continue;
484 			ioc->diag_buffer_status[i] |=
485 			    MPT3_DIAG_BUFFER_IS_DIAG_RESET;
486 		}
487 		break;
488 	}
489 }
490 
491 /**
492  * _ctl_fasync -
493  * @fd -
494  * @filep -
495  * @mode -
496  *
497  * Called when application request fasyn callback handler.
498  */
499 static int
500 _ctl_fasync(int fd, struct file *filep, int mode)
501 {
502 	return fasync_helper(fd, filep, mode, &async_queue);
503 }
504 
505 /**
506  * _ctl_poll -
507  * @file -
508  * @wait -
509  *
510  */
511 static unsigned int
512 _ctl_poll(struct file *filep, poll_table *wait)
513 {
514 	struct MPT3SAS_ADAPTER *ioc;
515 
516 	poll_wait(filep, &ctl_poll_wait, wait);
517 
518 	list_for_each_entry(ioc, &mpt3sas_ioc_list, list) {
519 		if (ioc->aen_event_read_flag)
520 			return POLLIN | POLLRDNORM;
521 	}
522 	return 0;
523 }
524 
525 /**
526  * _ctl_set_task_mid - assign an active smid to tm request
527  * @ioc: per adapter object
528  * @karg - (struct mpt3_ioctl_command)
529  * @tm_request - pointer to mf from user space
530  *
531  * Returns 0 when an smid if found, else fail.
532  * during failure, the reply frame is filled.
533  */
534 static int
535 _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
536 	Mpi2SCSITaskManagementRequest_t *tm_request)
537 {
538 	u8 found = 0;
539 	u16 i;
540 	u16 handle;
541 	struct scsi_cmnd *scmd;
542 	struct MPT3SAS_DEVICE *priv_data;
543 	unsigned long flags;
544 	Mpi2SCSITaskManagementReply_t *tm_reply;
545 	u32 sz;
546 	u32 lun;
547 	char *desc = NULL;
548 
549 	if (tm_request->TaskType == MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK)
550 		desc = "abort_task";
551 	else if (tm_request->TaskType == MPI2_SCSITASKMGMT_TASKTYPE_QUERY_TASK)
552 		desc = "query_task";
553 	else
554 		return 0;
555 
556 	lun = scsilun_to_int((struct scsi_lun *)tm_request->LUN);
557 
558 	handle = le16_to_cpu(tm_request->DevHandle);
559 	spin_lock_irqsave(&ioc->scsi_lookup_lock, flags);
560 	for (i = ioc->scsiio_depth; i && !found; i--) {
561 		scmd = ioc->scsi_lookup[i - 1].scmd;
562 		if (scmd == NULL || scmd->device == NULL ||
563 		    scmd->device->hostdata == NULL)
564 			continue;
565 		if (lun != scmd->device->lun)
566 			continue;
567 		priv_data = scmd->device->hostdata;
568 		if (priv_data->sas_target == NULL)
569 			continue;
570 		if (priv_data->sas_target->handle != handle)
571 			continue;
572 		tm_request->TaskMID = cpu_to_le16(ioc->scsi_lookup[i - 1].smid);
573 		found = 1;
574 	}
575 	spin_unlock_irqrestore(&ioc->scsi_lookup_lock, flags);
576 
577 	if (!found) {
578 		dctlprintk(ioc, pr_info(MPT3SAS_FMT
579 			"%s: handle(0x%04x), lun(%d), no active mid!!\n",
580 			ioc->name,
581 		    desc, le16_to_cpu(tm_request->DevHandle), lun));
582 		tm_reply = ioc->ctl_cmds.reply;
583 		tm_reply->DevHandle = tm_request->DevHandle;
584 		tm_reply->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
585 		tm_reply->TaskType = tm_request->TaskType;
586 		tm_reply->MsgLength = sizeof(Mpi2SCSITaskManagementReply_t)/4;
587 		tm_reply->VP_ID = tm_request->VP_ID;
588 		tm_reply->VF_ID = tm_request->VF_ID;
589 		sz = min_t(u32, karg->max_reply_bytes, ioc->reply_sz);
590 		if (copy_to_user(karg->reply_frame_buf_ptr, ioc->ctl_cmds.reply,
591 		    sz))
592 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
593 			    __LINE__, __func__);
594 		return 1;
595 	}
596 
597 	dctlprintk(ioc, pr_info(MPT3SAS_FMT
598 		"%s: handle(0x%04x), lun(%d), task_mid(%d)\n", ioc->name,
599 	    desc, le16_to_cpu(tm_request->DevHandle), lun,
600 	     le16_to_cpu(tm_request->TaskMID)));
601 	return 0;
602 }
603 
604 /**
605  * _ctl_do_mpt_command - main handler for MPT3COMMAND opcode
606  * @ioc: per adapter object
607  * @karg - (struct mpt3_ioctl_command)
608  * @mf - pointer to mf in user space
609  */
610 static long
611 _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
612 	void __user *mf)
613 {
614 	MPI2RequestHeader_t *mpi_request = NULL, *request;
615 	MPI2DefaultReply_t *mpi_reply;
616 	u32 ioc_state;
617 	u16 ioc_status;
618 	u16 smid;
619 	unsigned long timeout, timeleft;
620 	u8 issue_reset;
621 	u32 sz;
622 	void *psge;
623 	void *data_out = NULL;
624 	dma_addr_t data_out_dma = 0;
625 	size_t data_out_sz = 0;
626 	void *data_in = NULL;
627 	dma_addr_t data_in_dma = 0;
628 	size_t data_in_sz = 0;
629 	long ret;
630 	u16 wait_state_count;
631 
632 	issue_reset = 0;
633 
634 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
635 		pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
636 		    ioc->name, __func__);
637 		ret = -EAGAIN;
638 		goto out;
639 	}
640 
641 	wait_state_count = 0;
642 	ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
643 	while (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
644 		if (wait_state_count++ == 10) {
645 			pr_err(MPT3SAS_FMT
646 			    "%s: failed due to ioc not operational\n",
647 			    ioc->name, __func__);
648 			ret = -EFAULT;
649 			goto out;
650 		}
651 		ssleep(1);
652 		ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
653 		pr_info(MPT3SAS_FMT
654 			"%s: waiting for operational state(count=%d)\n",
655 			ioc->name,
656 		    __func__, wait_state_count);
657 	}
658 	if (wait_state_count)
659 		pr_info(MPT3SAS_FMT "%s: ioc is operational\n",
660 		    ioc->name, __func__);
661 
662 	mpi_request = kzalloc(ioc->request_sz, GFP_KERNEL);
663 	if (!mpi_request) {
664 		pr_err(MPT3SAS_FMT
665 			"%s: failed obtaining a memory for mpi_request\n",
666 			ioc->name, __func__);
667 		ret = -ENOMEM;
668 		goto out;
669 	}
670 
671 	/* Check for overflow and wraparound */
672 	if (karg.data_sge_offset * 4 > ioc->request_sz ||
673 	    karg.data_sge_offset > (UINT_MAX / 4)) {
674 		ret = -EINVAL;
675 		goto out;
676 	}
677 
678 	/* copy in request message frame from user */
679 	if (copy_from_user(mpi_request, mf, karg.data_sge_offset*4)) {
680 		pr_err("failure at %s:%d/%s()!\n", __FILE__, __LINE__,
681 		    __func__);
682 		ret = -EFAULT;
683 		goto out;
684 	}
685 
686 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_TASK_MGMT) {
687 		smid = mpt3sas_base_get_smid_hpr(ioc, ioc->ctl_cb_idx);
688 		if (!smid) {
689 			pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
690 			    ioc->name, __func__);
691 			ret = -EAGAIN;
692 			goto out;
693 		}
694 	} else {
695 
696 		smid = mpt3sas_base_get_smid_scsiio(ioc, ioc->ctl_cb_idx, NULL);
697 		if (!smid) {
698 			pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
699 			    ioc->name, __func__);
700 			ret = -EAGAIN;
701 			goto out;
702 		}
703 	}
704 
705 	ret = 0;
706 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
707 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
708 	request = mpt3sas_base_get_msg_frame(ioc, smid);
709 	memcpy(request, mpi_request, karg.data_sge_offset*4);
710 	ioc->ctl_cmds.smid = smid;
711 	data_out_sz = karg.data_out_size;
712 	data_in_sz = karg.data_in_size;
713 
714 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
715 	    mpi_request->Function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH) {
716 		if (!le16_to_cpu(mpi_request->FunctionDependent1) ||
717 		    le16_to_cpu(mpi_request->FunctionDependent1) >
718 		    ioc->facts.MaxDevHandle) {
719 			ret = -EINVAL;
720 			mpt3sas_base_free_smid(ioc, smid);
721 			goto out;
722 		}
723 	}
724 
725 	/* obtain dma-able memory for data transfer */
726 	if (data_out_sz) /* WRITE */ {
727 		data_out = pci_alloc_consistent(ioc->pdev, data_out_sz,
728 		    &data_out_dma);
729 		if (!data_out) {
730 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
731 			    __LINE__, __func__);
732 			ret = -ENOMEM;
733 			mpt3sas_base_free_smid(ioc, smid);
734 			goto out;
735 		}
736 		if (copy_from_user(data_out, karg.data_out_buf_ptr,
737 			data_out_sz)) {
738 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
739 			    __LINE__, __func__);
740 			ret =  -EFAULT;
741 			mpt3sas_base_free_smid(ioc, smid);
742 			goto out;
743 		}
744 	}
745 
746 	if (data_in_sz) /* READ */ {
747 		data_in = pci_alloc_consistent(ioc->pdev, data_in_sz,
748 		    &data_in_dma);
749 		if (!data_in) {
750 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
751 			    __LINE__, __func__);
752 			ret = -ENOMEM;
753 			mpt3sas_base_free_smid(ioc, smid);
754 			goto out;
755 		}
756 	}
757 
758 	psge = (void *)request + (karg.data_sge_offset*4);
759 
760 	/* send command to firmware */
761 #ifdef CONFIG_SCSI_MPT3SAS_LOGGING
762 	_ctl_display_some_debug(ioc, smid, "ctl_request", NULL);
763 #endif
764 
765 	init_completion(&ioc->ctl_cmds.done);
766 	switch (mpi_request->Function) {
767 	case MPI2_FUNCTION_SCSI_IO_REQUEST:
768 	case MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
769 	{
770 		Mpi2SCSIIORequest_t *scsiio_request =
771 		    (Mpi2SCSIIORequest_t *)request;
772 		scsiio_request->SenseBufferLength = SCSI_SENSE_BUFFERSIZE;
773 		scsiio_request->SenseBufferLowAddress =
774 		    mpt3sas_base_get_sense_buffer_dma(ioc, smid);
775 		memset(ioc->ctl_cmds.sense, 0, SCSI_SENSE_BUFFERSIZE);
776 		ioc->build_sg(ioc, psge, data_out_dma, data_out_sz,
777 		    data_in_dma, data_in_sz);
778 
779 		if (mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST)
780 			mpt3sas_base_put_smid_scsi_io(ioc, smid,
781 			    le16_to_cpu(mpi_request->FunctionDependent1));
782 		else
783 			mpt3sas_base_put_smid_default(ioc, smid);
784 		break;
785 	}
786 	case MPI2_FUNCTION_SCSI_TASK_MGMT:
787 	{
788 		Mpi2SCSITaskManagementRequest_t *tm_request =
789 		    (Mpi2SCSITaskManagementRequest_t *)request;
790 
791 		dtmprintk(ioc, pr_info(MPT3SAS_FMT
792 			"TASK_MGMT: handle(0x%04x), task_type(0x%02x)\n",
793 			ioc->name,
794 		    le16_to_cpu(tm_request->DevHandle), tm_request->TaskType));
795 
796 		if (tm_request->TaskType ==
797 		    MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK ||
798 		    tm_request->TaskType ==
799 		    MPI2_SCSITASKMGMT_TASKTYPE_QUERY_TASK) {
800 			if (_ctl_set_task_mid(ioc, &karg, tm_request)) {
801 				mpt3sas_base_free_smid(ioc, smid);
802 				goto out;
803 			}
804 		}
805 
806 		mpt3sas_scsih_set_tm_flag(ioc, le16_to_cpu(
807 		    tm_request->DevHandle));
808 		ioc->build_sg_mpi(ioc, psge, data_out_dma, data_out_sz,
809 		    data_in_dma, data_in_sz);
810 		mpt3sas_base_put_smid_hi_priority(ioc, smid);
811 		break;
812 	}
813 	case MPI2_FUNCTION_SMP_PASSTHROUGH:
814 	{
815 		Mpi2SmpPassthroughRequest_t *smp_request =
816 		    (Mpi2SmpPassthroughRequest_t *)mpi_request;
817 		u8 *data;
818 
819 		/* ioc determines which port to use */
820 		smp_request->PhysicalPort = 0xFF;
821 		if (smp_request->PassthroughFlags &
822 		    MPI2_SMP_PT_REQ_PT_FLAGS_IMMEDIATE)
823 			data = (u8 *)&smp_request->SGL;
824 		else {
825 			if (unlikely(data_out == NULL)) {
826 				pr_err("failure at %s:%d/%s()!\n",
827 				    __FILE__, __LINE__, __func__);
828 				mpt3sas_base_free_smid(ioc, smid);
829 				ret = -EINVAL;
830 				goto out;
831 			}
832 			data = data_out;
833 		}
834 
835 		if (data[1] == 0x91 && (data[10] == 1 || data[10] == 2)) {
836 			ioc->ioc_link_reset_in_progress = 1;
837 			ioc->ignore_loginfos = 1;
838 		}
839 		ioc->build_sg(ioc, psge, data_out_dma, data_out_sz, data_in_dma,
840 		    data_in_sz);
841 		mpt3sas_base_put_smid_default(ioc, smid);
842 		break;
843 	}
844 	case MPI2_FUNCTION_SATA_PASSTHROUGH:
845 	case MPI2_FUNCTION_FW_DOWNLOAD:
846 	case MPI2_FUNCTION_FW_UPLOAD:
847 	{
848 		ioc->build_sg(ioc, psge, data_out_dma, data_out_sz, data_in_dma,
849 		    data_in_sz);
850 		mpt3sas_base_put_smid_default(ioc, smid);
851 		break;
852 	}
853 	case MPI2_FUNCTION_TOOLBOX:
854 	{
855 		Mpi2ToolboxCleanRequest_t *toolbox_request =
856 			(Mpi2ToolboxCleanRequest_t *)mpi_request;
857 
858 		if (toolbox_request->Tool == MPI2_TOOLBOX_DIAGNOSTIC_CLI_TOOL) {
859 			ioc->build_sg(ioc, psge, data_out_dma, data_out_sz,
860 				data_in_dma, data_in_sz);
861 		} else {
862 			ioc->build_sg_mpi(ioc, psge, data_out_dma, data_out_sz,
863 				data_in_dma, data_in_sz);
864 		}
865 		mpt3sas_base_put_smid_default(ioc, smid);
866 		break;
867 	}
868 	case MPI2_FUNCTION_SAS_IO_UNIT_CONTROL:
869 	{
870 		Mpi2SasIoUnitControlRequest_t *sasiounit_request =
871 		    (Mpi2SasIoUnitControlRequest_t *)mpi_request;
872 
873 		if (sasiounit_request->Operation == MPI2_SAS_OP_PHY_HARD_RESET
874 		    || sasiounit_request->Operation ==
875 		    MPI2_SAS_OP_PHY_LINK_RESET) {
876 			ioc->ioc_link_reset_in_progress = 1;
877 			ioc->ignore_loginfos = 1;
878 		}
879 		/* drop to default case for posting the request */
880 	}
881 	default:
882 		ioc->build_sg_mpi(ioc, psge, data_out_dma, data_out_sz,
883 		    data_in_dma, data_in_sz);
884 		mpt3sas_base_put_smid_default(ioc, smid);
885 		break;
886 	}
887 
888 	if (karg.timeout < MPT3_IOCTL_DEFAULT_TIMEOUT)
889 		timeout = MPT3_IOCTL_DEFAULT_TIMEOUT;
890 	else
891 		timeout = karg.timeout;
892 	timeleft = wait_for_completion_timeout(&ioc->ctl_cmds.done,
893 	    timeout*HZ);
894 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_TASK_MGMT) {
895 		Mpi2SCSITaskManagementRequest_t *tm_request =
896 		    (Mpi2SCSITaskManagementRequest_t *)mpi_request;
897 		mpt3sas_scsih_clear_tm_flag(ioc, le16_to_cpu(
898 		    tm_request->DevHandle));
899 		mpt3sas_trigger_master(ioc, MASTER_TRIGGER_TASK_MANAGMENT);
900 	} else if ((mpi_request->Function == MPI2_FUNCTION_SMP_PASSTHROUGH ||
901 	    mpi_request->Function == MPI2_FUNCTION_SAS_IO_UNIT_CONTROL) &&
902 		ioc->ioc_link_reset_in_progress) {
903 		ioc->ioc_link_reset_in_progress = 0;
904 		ioc->ignore_loginfos = 0;
905 	}
906 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
907 		pr_err(MPT3SAS_FMT "%s: timeout\n", ioc->name,
908 		    __func__);
909 		_debug_dump_mf(mpi_request, karg.data_sge_offset);
910 		if (!(ioc->ctl_cmds.status & MPT3_CMD_RESET))
911 			issue_reset = 1;
912 		goto issue_host_reset;
913 	}
914 
915 	mpi_reply = ioc->ctl_cmds.reply;
916 	ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
917 
918 #ifdef CONFIG_SCSI_MPT3SAS_LOGGING
919 	if (mpi_reply->Function == MPI2_FUNCTION_SCSI_TASK_MGMT &&
920 	    (ioc->logging_level & MPT_DEBUG_TM)) {
921 		Mpi2SCSITaskManagementReply_t *tm_reply =
922 		    (Mpi2SCSITaskManagementReply_t *)mpi_reply;
923 
924 		pr_info(MPT3SAS_FMT "TASK_MGMT: " \
925 		    "IOCStatus(0x%04x), IOCLogInfo(0x%08x), "
926 		    "TerminationCount(0x%08x)\n", ioc->name,
927 		    le16_to_cpu(tm_reply->IOCStatus),
928 		    le32_to_cpu(tm_reply->IOCLogInfo),
929 		    le32_to_cpu(tm_reply->TerminationCount));
930 	}
931 #endif
932 	/* copy out xdata to user */
933 	if (data_in_sz) {
934 		if (copy_to_user(karg.data_in_buf_ptr, data_in,
935 		    data_in_sz)) {
936 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
937 			    __LINE__, __func__);
938 			ret = -ENODATA;
939 			goto out;
940 		}
941 	}
942 
943 	/* copy out reply message frame to user */
944 	if (karg.max_reply_bytes) {
945 		sz = min_t(u32, karg.max_reply_bytes, ioc->reply_sz);
946 		if (copy_to_user(karg.reply_frame_buf_ptr, ioc->ctl_cmds.reply,
947 		    sz)) {
948 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
949 			    __LINE__, __func__);
950 			ret = -ENODATA;
951 			goto out;
952 		}
953 	}
954 
955 	/* copy out sense to user */
956 	if (karg.max_sense_bytes && (mpi_request->Function ==
957 	    MPI2_FUNCTION_SCSI_IO_REQUEST || mpi_request->Function ==
958 	    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH)) {
959 		sz = min_t(u32, karg.max_sense_bytes, SCSI_SENSE_BUFFERSIZE);
960 		if (copy_to_user(karg.sense_data_ptr, ioc->ctl_cmds.sense,
961 		    sz)) {
962 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
963 			    __LINE__, __func__);
964 			ret = -ENODATA;
965 			goto out;
966 		}
967 	}
968 
969  issue_host_reset:
970 	if (issue_reset) {
971 		ret = -ENODATA;
972 		if ((mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
973 		    mpi_request->Function ==
974 		    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH ||
975 		    mpi_request->Function == MPI2_FUNCTION_SATA_PASSTHROUGH)) {
976 			pr_info(MPT3SAS_FMT "issue target reset: handle = (0x%04x)\n",
977 				ioc->name,
978 				le16_to_cpu(mpi_request->FunctionDependent1));
979 			mpt3sas_halt_firmware(ioc);
980 			mpt3sas_scsih_issue_tm(ioc,
981 			    le16_to_cpu(mpi_request->FunctionDependent1), 0, 0,
982 			    0, MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET, 0, 30,
983 			    TM_MUTEX_ON);
984 		} else
985 			mpt3sas_base_hard_reset_handler(ioc, CAN_SLEEP,
986 			    FORCE_BIG_HAMMER);
987 	}
988 
989  out:
990 
991 	/* free memory associated with sg buffers */
992 	if (data_in)
993 		pci_free_consistent(ioc->pdev, data_in_sz, data_in,
994 		    data_in_dma);
995 
996 	if (data_out)
997 		pci_free_consistent(ioc->pdev, data_out_sz, data_out,
998 		    data_out_dma);
999 
1000 	kfree(mpi_request);
1001 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
1002 	return ret;
1003 }
1004 
1005 /**
1006  * _ctl_getiocinfo - main handler for MPT3IOCINFO opcode
1007  * @ioc: per adapter object
1008  * @arg - user space buffer containing ioctl content
1009  */
1010 static long
1011 _ctl_getiocinfo(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1012 {
1013 	struct mpt3_ioctl_iocinfo karg;
1014 
1015 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1016 		pr_err("failure at %s:%d/%s()!\n",
1017 		    __FILE__, __LINE__, __func__);
1018 		return -EFAULT;
1019 	}
1020 
1021 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
1022 	    __func__));
1023 
1024 	memset(&karg, 0 , sizeof(karg));
1025 	karg.adapter_type = MPT3_IOCTL_INTERFACE_SAS3;
1026 	if (ioc->pfacts)
1027 		karg.port_number = ioc->pfacts[0].PortNumber;
1028 	karg.hw_rev = ioc->pdev->revision;
1029 	karg.pci_id = ioc->pdev->device;
1030 	karg.subsystem_device = ioc->pdev->subsystem_device;
1031 	karg.subsystem_vendor = ioc->pdev->subsystem_vendor;
1032 	karg.pci_information.u.bits.bus = ioc->pdev->bus->number;
1033 	karg.pci_information.u.bits.device = PCI_SLOT(ioc->pdev->devfn);
1034 	karg.pci_information.u.bits.function = PCI_FUNC(ioc->pdev->devfn);
1035 	karg.pci_information.segment_id = pci_domain_nr(ioc->pdev->bus);
1036 	karg.firmware_version = ioc->facts.FWVersion.Word;
1037 	strcpy(karg.driver_version, MPT3SAS_DRIVER_NAME);
1038 	strcat(karg.driver_version, "-");
1039 	strcat(karg.driver_version, MPT3SAS_DRIVER_VERSION);
1040 	karg.bios_version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
1041 
1042 	if (copy_to_user(arg, &karg, sizeof(karg))) {
1043 		pr_err("failure at %s:%d/%s()!\n",
1044 		    __FILE__, __LINE__, __func__);
1045 		return -EFAULT;
1046 	}
1047 	return 0;
1048 }
1049 
1050 /**
1051  * _ctl_eventquery - main handler for MPT3EVENTQUERY opcode
1052  * @ioc: per adapter object
1053  * @arg - user space buffer containing ioctl content
1054  */
1055 static long
1056 _ctl_eventquery(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1057 {
1058 	struct mpt3_ioctl_eventquery karg;
1059 
1060 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1061 		pr_err("failure at %s:%d/%s()!\n",
1062 		    __FILE__, __LINE__, __func__);
1063 		return -EFAULT;
1064 	}
1065 
1066 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
1067 	    __func__));
1068 
1069 	karg.event_entries = MPT3SAS_CTL_EVENT_LOG_SIZE;
1070 	memcpy(karg.event_types, ioc->event_type,
1071 	    MPI2_EVENT_NOTIFY_EVENTMASK_WORDS * sizeof(u32));
1072 
1073 	if (copy_to_user(arg, &karg, sizeof(karg))) {
1074 		pr_err("failure at %s:%d/%s()!\n",
1075 		    __FILE__, __LINE__, __func__);
1076 		return -EFAULT;
1077 	}
1078 	return 0;
1079 }
1080 
1081 /**
1082  * _ctl_eventenable - main handler for MPT3EVENTENABLE opcode
1083  * @ioc: per adapter object
1084  * @arg - user space buffer containing ioctl content
1085  */
1086 static long
1087 _ctl_eventenable(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1088 {
1089 	struct mpt3_ioctl_eventenable karg;
1090 
1091 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1092 		pr_err("failure at %s:%d/%s()!\n",
1093 		    __FILE__, __LINE__, __func__);
1094 		return -EFAULT;
1095 	}
1096 
1097 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
1098 	    __func__));
1099 
1100 	memcpy(ioc->event_type, karg.event_types,
1101 	    MPI2_EVENT_NOTIFY_EVENTMASK_WORDS * sizeof(u32));
1102 	mpt3sas_base_validate_event_type(ioc, ioc->event_type);
1103 
1104 	if (ioc->event_log)
1105 		return 0;
1106 	/* initialize event_log */
1107 	ioc->event_context = 0;
1108 	ioc->aen_event_read_flag = 0;
1109 	ioc->event_log = kcalloc(MPT3SAS_CTL_EVENT_LOG_SIZE,
1110 	    sizeof(struct MPT3_IOCTL_EVENTS), GFP_KERNEL);
1111 	if (!ioc->event_log) {
1112 		pr_err("failure at %s:%d/%s()!\n",
1113 		    __FILE__, __LINE__, __func__);
1114 		return -ENOMEM;
1115 	}
1116 	return 0;
1117 }
1118 
1119 /**
1120  * _ctl_eventreport - main handler for MPT3EVENTREPORT opcode
1121  * @ioc: per adapter object
1122  * @arg - user space buffer containing ioctl content
1123  */
1124 static long
1125 _ctl_eventreport(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1126 {
1127 	struct mpt3_ioctl_eventreport karg;
1128 	u32 number_bytes, max_events, max;
1129 	struct mpt3_ioctl_eventreport __user *uarg = arg;
1130 
1131 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1132 		pr_err("failure at %s:%d/%s()!\n",
1133 		    __FILE__, __LINE__, __func__);
1134 		return -EFAULT;
1135 	}
1136 
1137 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
1138 	    __func__));
1139 
1140 	number_bytes = karg.hdr.max_data_size -
1141 	    sizeof(struct mpt3_ioctl_header);
1142 	max_events = number_bytes/sizeof(struct MPT3_IOCTL_EVENTS);
1143 	max = min_t(u32, MPT3SAS_CTL_EVENT_LOG_SIZE, max_events);
1144 
1145 	/* If fewer than 1 event is requested, there must have
1146 	 * been some type of error.
1147 	 */
1148 	if (!max || !ioc->event_log)
1149 		return -ENODATA;
1150 
1151 	number_bytes = max * sizeof(struct MPT3_IOCTL_EVENTS);
1152 	if (copy_to_user(uarg->event_data, ioc->event_log, number_bytes)) {
1153 		pr_err("failure at %s:%d/%s()!\n",
1154 		    __FILE__, __LINE__, __func__);
1155 		return -EFAULT;
1156 	}
1157 
1158 	/* reset flag so SIGIO can restart */
1159 	ioc->aen_event_read_flag = 0;
1160 	return 0;
1161 }
1162 
1163 /**
1164  * _ctl_do_reset - main handler for MPT3HARDRESET opcode
1165  * @ioc: per adapter object
1166  * @arg - user space buffer containing ioctl content
1167  */
1168 static long
1169 _ctl_do_reset(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1170 {
1171 	struct mpt3_ioctl_diag_reset karg;
1172 	int retval;
1173 
1174 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1175 		pr_err("failure at %s:%d/%s()!\n",
1176 		    __FILE__, __LINE__, __func__);
1177 		return -EFAULT;
1178 	}
1179 
1180 	if (ioc->shost_recovery || ioc->pci_error_recovery ||
1181 	    ioc->is_driver_loading)
1182 		return -EAGAIN;
1183 
1184 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: enter\n", ioc->name,
1185 	    __func__));
1186 
1187 	retval = mpt3sas_base_hard_reset_handler(ioc, CAN_SLEEP,
1188 	    FORCE_BIG_HAMMER);
1189 	pr_info(MPT3SAS_FMT "host reset: %s\n",
1190 	    ioc->name, ((!retval) ? "SUCCESS" : "FAILED"));
1191 	return 0;
1192 }
1193 
1194 /**
1195  * _ctl_btdh_search_sas_device - searching for sas device
1196  * @ioc: per adapter object
1197  * @btdh: btdh ioctl payload
1198  */
1199 static int
1200 _ctl_btdh_search_sas_device(struct MPT3SAS_ADAPTER *ioc,
1201 	struct mpt3_ioctl_btdh_mapping *btdh)
1202 {
1203 	struct _sas_device *sas_device;
1204 	unsigned long flags;
1205 	int rc = 0;
1206 
1207 	if (list_empty(&ioc->sas_device_list))
1208 		return rc;
1209 
1210 	spin_lock_irqsave(&ioc->sas_device_lock, flags);
1211 	list_for_each_entry(sas_device, &ioc->sas_device_list, list) {
1212 		if (btdh->bus == 0xFFFFFFFF && btdh->id == 0xFFFFFFFF &&
1213 		    btdh->handle == sas_device->handle) {
1214 			btdh->bus = sas_device->channel;
1215 			btdh->id = sas_device->id;
1216 			rc = 1;
1217 			goto out;
1218 		} else if (btdh->bus == sas_device->channel && btdh->id ==
1219 		    sas_device->id && btdh->handle == 0xFFFF) {
1220 			btdh->handle = sas_device->handle;
1221 			rc = 1;
1222 			goto out;
1223 		}
1224 	}
1225  out:
1226 	spin_unlock_irqrestore(&ioc->sas_device_lock, flags);
1227 	return rc;
1228 }
1229 
1230 /**
1231  * _ctl_btdh_search_raid_device - searching for raid device
1232  * @ioc: per adapter object
1233  * @btdh: btdh ioctl payload
1234  */
1235 static int
1236 _ctl_btdh_search_raid_device(struct MPT3SAS_ADAPTER *ioc,
1237 	struct mpt3_ioctl_btdh_mapping *btdh)
1238 {
1239 	struct _raid_device *raid_device;
1240 	unsigned long flags;
1241 	int rc = 0;
1242 
1243 	if (list_empty(&ioc->raid_device_list))
1244 		return rc;
1245 
1246 	spin_lock_irqsave(&ioc->raid_device_lock, flags);
1247 	list_for_each_entry(raid_device, &ioc->raid_device_list, list) {
1248 		if (btdh->bus == 0xFFFFFFFF && btdh->id == 0xFFFFFFFF &&
1249 		    btdh->handle == raid_device->handle) {
1250 			btdh->bus = raid_device->channel;
1251 			btdh->id = raid_device->id;
1252 			rc = 1;
1253 			goto out;
1254 		} else if (btdh->bus == raid_device->channel && btdh->id ==
1255 		    raid_device->id && btdh->handle == 0xFFFF) {
1256 			btdh->handle = raid_device->handle;
1257 			rc = 1;
1258 			goto out;
1259 		}
1260 	}
1261  out:
1262 	spin_unlock_irqrestore(&ioc->raid_device_lock, flags);
1263 	return rc;
1264 }
1265 
1266 /**
1267  * _ctl_btdh_mapping - main handler for MPT3BTDHMAPPING opcode
1268  * @ioc: per adapter object
1269  * @arg - user space buffer containing ioctl content
1270  */
1271 static long
1272 _ctl_btdh_mapping(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1273 {
1274 	struct mpt3_ioctl_btdh_mapping karg;
1275 	int rc;
1276 
1277 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1278 		pr_err("failure at %s:%d/%s()!\n",
1279 		    __FILE__, __LINE__, __func__);
1280 		return -EFAULT;
1281 	}
1282 
1283 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
1284 	    __func__));
1285 
1286 	rc = _ctl_btdh_search_sas_device(ioc, &karg);
1287 	if (!rc)
1288 		_ctl_btdh_search_raid_device(ioc, &karg);
1289 
1290 	if (copy_to_user(arg, &karg, sizeof(karg))) {
1291 		pr_err("failure at %s:%d/%s()!\n",
1292 		    __FILE__, __LINE__, __func__);
1293 		return -EFAULT;
1294 	}
1295 	return 0;
1296 }
1297 
1298 /**
1299  * _ctl_diag_capability - return diag buffer capability
1300  * @ioc: per adapter object
1301  * @buffer_type: specifies either TRACE, SNAPSHOT, or EXTENDED
1302  *
1303  * returns 1 when diag buffer support is enabled in firmware
1304  */
1305 static u8
1306 _ctl_diag_capability(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type)
1307 {
1308 	u8 rc = 0;
1309 
1310 	switch (buffer_type) {
1311 	case MPI2_DIAG_BUF_TYPE_TRACE:
1312 		if (ioc->facts.IOCCapabilities &
1313 		    MPI2_IOCFACTS_CAPABILITY_DIAG_TRACE_BUFFER)
1314 			rc = 1;
1315 		break;
1316 	case MPI2_DIAG_BUF_TYPE_SNAPSHOT:
1317 		if (ioc->facts.IOCCapabilities &
1318 		    MPI2_IOCFACTS_CAPABILITY_SNAPSHOT_BUFFER)
1319 			rc = 1;
1320 		break;
1321 	case MPI2_DIAG_BUF_TYPE_EXTENDED:
1322 		if (ioc->facts.IOCCapabilities &
1323 		    MPI2_IOCFACTS_CAPABILITY_EXTENDED_BUFFER)
1324 			rc = 1;
1325 	}
1326 
1327 	return rc;
1328 }
1329 
1330 
1331 /**
1332  * _ctl_diag_register_2 - wrapper for registering diag buffer support
1333  * @ioc: per adapter object
1334  * @diag_register: the diag_register struct passed in from user space
1335  *
1336  */
1337 static long
1338 _ctl_diag_register_2(struct MPT3SAS_ADAPTER *ioc,
1339 	struct mpt3_diag_register *diag_register)
1340 {
1341 	int rc, i;
1342 	void *request_data = NULL;
1343 	dma_addr_t request_data_dma;
1344 	u32 request_data_sz = 0;
1345 	Mpi2DiagBufferPostRequest_t *mpi_request;
1346 	Mpi2DiagBufferPostReply_t *mpi_reply;
1347 	u8 buffer_type;
1348 	unsigned long timeleft;
1349 	u16 smid;
1350 	u16 ioc_status;
1351 	u32 ioc_state;
1352 	u8 issue_reset = 0;
1353 
1354 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
1355 	    __func__));
1356 
1357 	ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
1358 	if (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
1359 		pr_err(MPT3SAS_FMT
1360 		    "%s: failed due to ioc not operational\n",
1361 		    ioc->name, __func__);
1362 		rc = -EAGAIN;
1363 		goto out;
1364 	}
1365 
1366 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
1367 		pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
1368 		    ioc->name, __func__);
1369 		rc = -EAGAIN;
1370 		goto out;
1371 	}
1372 
1373 	buffer_type = diag_register->buffer_type;
1374 	if (!_ctl_diag_capability(ioc, buffer_type)) {
1375 		pr_err(MPT3SAS_FMT
1376 			"%s: doesn't have capability for buffer_type(0x%02x)\n",
1377 			ioc->name, __func__, buffer_type);
1378 		return -EPERM;
1379 	}
1380 
1381 	if (ioc->diag_buffer_status[buffer_type] &
1382 	    MPT3_DIAG_BUFFER_IS_REGISTERED) {
1383 		pr_err(MPT3SAS_FMT
1384 			"%s: already has a registered buffer for buffer_type(0x%02x)\n",
1385 			ioc->name, __func__,
1386 		    buffer_type);
1387 		return -EINVAL;
1388 	}
1389 
1390 	if (diag_register->requested_buffer_size % 4)  {
1391 		pr_err(MPT3SAS_FMT
1392 			"%s: the requested_buffer_size is not 4 byte aligned\n",
1393 			ioc->name, __func__);
1394 		return -EINVAL;
1395 	}
1396 
1397 	smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
1398 	if (!smid) {
1399 		pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
1400 		    ioc->name, __func__);
1401 		rc = -EAGAIN;
1402 		goto out;
1403 	}
1404 
1405 	rc = 0;
1406 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
1407 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
1408 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
1409 	ioc->ctl_cmds.smid = smid;
1410 
1411 	request_data = ioc->diag_buffer[buffer_type];
1412 	request_data_sz = diag_register->requested_buffer_size;
1413 	ioc->unique_id[buffer_type] = diag_register->unique_id;
1414 	ioc->diag_buffer_status[buffer_type] = 0;
1415 	memcpy(ioc->product_specific[buffer_type],
1416 	    diag_register->product_specific, MPT3_PRODUCT_SPECIFIC_DWORDS);
1417 	ioc->diagnostic_flags[buffer_type] = diag_register->diagnostic_flags;
1418 
1419 	if (request_data) {
1420 		request_data_dma = ioc->diag_buffer_dma[buffer_type];
1421 		if (request_data_sz != ioc->diag_buffer_sz[buffer_type]) {
1422 			pci_free_consistent(ioc->pdev,
1423 			    ioc->diag_buffer_sz[buffer_type],
1424 			    request_data, request_data_dma);
1425 			request_data = NULL;
1426 		}
1427 	}
1428 
1429 	if (request_data == NULL) {
1430 		ioc->diag_buffer_sz[buffer_type] = 0;
1431 		ioc->diag_buffer_dma[buffer_type] = 0;
1432 		request_data = pci_alloc_consistent(
1433 			ioc->pdev, request_data_sz, &request_data_dma);
1434 		if (request_data == NULL) {
1435 			pr_err(MPT3SAS_FMT "%s: failed allocating memory" \
1436 			    " for diag buffers, requested size(%d)\n",
1437 			    ioc->name, __func__, request_data_sz);
1438 			mpt3sas_base_free_smid(ioc, smid);
1439 			return -ENOMEM;
1440 		}
1441 		ioc->diag_buffer[buffer_type] = request_data;
1442 		ioc->diag_buffer_sz[buffer_type] = request_data_sz;
1443 		ioc->diag_buffer_dma[buffer_type] = request_data_dma;
1444 	}
1445 
1446 	mpi_request->Function = MPI2_FUNCTION_DIAG_BUFFER_POST;
1447 	mpi_request->BufferType = diag_register->buffer_type;
1448 	mpi_request->Flags = cpu_to_le32(diag_register->diagnostic_flags);
1449 	mpi_request->BufferAddress = cpu_to_le64(request_data_dma);
1450 	mpi_request->BufferLength = cpu_to_le32(request_data_sz);
1451 	mpi_request->VF_ID = 0; /* TODO */
1452 	mpi_request->VP_ID = 0;
1453 
1454 	dctlprintk(ioc, pr_info(MPT3SAS_FMT
1455 		"%s: diag_buffer(0x%p), dma(0x%llx), sz(%d)\n",
1456 		ioc->name, __func__, request_data,
1457 	    (unsigned long long)request_data_dma,
1458 	    le32_to_cpu(mpi_request->BufferLength)));
1459 
1460 	for (i = 0; i < MPT3_PRODUCT_SPECIFIC_DWORDS; i++)
1461 		mpi_request->ProductSpecific[i] =
1462 			cpu_to_le32(ioc->product_specific[buffer_type][i]);
1463 
1464 	init_completion(&ioc->ctl_cmds.done);
1465 	mpt3sas_base_put_smid_default(ioc, smid);
1466 	timeleft = wait_for_completion_timeout(&ioc->ctl_cmds.done,
1467 	    MPT3_IOCTL_DEFAULT_TIMEOUT*HZ);
1468 
1469 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
1470 		pr_err(MPT3SAS_FMT "%s: timeout\n", ioc->name,
1471 		    __func__);
1472 		_debug_dump_mf(mpi_request,
1473 		    sizeof(Mpi2DiagBufferPostRequest_t)/4);
1474 		if (!(ioc->ctl_cmds.status & MPT3_CMD_RESET))
1475 			issue_reset = 1;
1476 		goto issue_host_reset;
1477 	}
1478 
1479 	/* process the completed Reply Message Frame */
1480 	if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
1481 		pr_err(MPT3SAS_FMT "%s: no reply message\n",
1482 		    ioc->name, __func__);
1483 		rc = -EFAULT;
1484 		goto out;
1485 	}
1486 
1487 	mpi_reply = ioc->ctl_cmds.reply;
1488 	ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
1489 
1490 	if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
1491 		ioc->diag_buffer_status[buffer_type] |=
1492 			MPT3_DIAG_BUFFER_IS_REGISTERED;
1493 		dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: success\n",
1494 		    ioc->name, __func__));
1495 	} else {
1496 		pr_info(MPT3SAS_FMT
1497 			"%s: ioc_status(0x%04x) log_info(0x%08x)\n",
1498 			ioc->name, __func__,
1499 		    ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
1500 		rc = -EFAULT;
1501 	}
1502 
1503  issue_host_reset:
1504 	if (issue_reset)
1505 		mpt3sas_base_hard_reset_handler(ioc, CAN_SLEEP,
1506 		    FORCE_BIG_HAMMER);
1507 
1508  out:
1509 
1510 	if (rc && request_data)
1511 		pci_free_consistent(ioc->pdev, request_data_sz,
1512 		    request_data, request_data_dma);
1513 
1514 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
1515 	return rc;
1516 }
1517 
1518 /**
1519  * mpt3sas_enable_diag_buffer - enabling diag_buffers support driver load time
1520  * @ioc: per adapter object
1521  * @bits_to_register: bitwise field where trace is bit 0, and snapshot is bit 1
1522  *
1523  * This is called when command line option diag_buffer_enable is enabled
1524  * at driver load time.
1525  */
1526 void
1527 mpt3sas_enable_diag_buffer(struct MPT3SAS_ADAPTER *ioc, u8 bits_to_register)
1528 {
1529 	struct mpt3_diag_register diag_register;
1530 
1531 	memset(&diag_register, 0, sizeof(struct mpt3_diag_register));
1532 
1533 	if (bits_to_register & 1) {
1534 		pr_info(MPT3SAS_FMT "registering trace buffer support\n",
1535 		    ioc->name);
1536 		ioc->diag_trigger_master.MasterData =
1537 		    (MASTER_TRIGGER_FW_FAULT + MASTER_TRIGGER_ADAPTER_RESET);
1538 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_TRACE;
1539 		/* register for 2MB buffers  */
1540 		diag_register.requested_buffer_size = 2 * (1024 * 1024);
1541 		diag_register.unique_id = 0x7075900;
1542 		_ctl_diag_register_2(ioc,  &diag_register);
1543 	}
1544 
1545 	if (bits_to_register & 2) {
1546 		pr_info(MPT3SAS_FMT "registering snapshot buffer support\n",
1547 		    ioc->name);
1548 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_SNAPSHOT;
1549 		/* register for 2MB buffers  */
1550 		diag_register.requested_buffer_size = 2 * (1024 * 1024);
1551 		diag_register.unique_id = 0x7075901;
1552 		_ctl_diag_register_2(ioc,  &diag_register);
1553 	}
1554 
1555 	if (bits_to_register & 4) {
1556 		pr_info(MPT3SAS_FMT "registering extended buffer support\n",
1557 		    ioc->name);
1558 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_EXTENDED;
1559 		/* register for 2MB buffers  */
1560 		diag_register.requested_buffer_size = 2 * (1024 * 1024);
1561 		diag_register.unique_id = 0x7075901;
1562 		_ctl_diag_register_2(ioc,  &diag_register);
1563 	}
1564 }
1565 
1566 /**
1567  * _ctl_diag_register - application register with driver
1568  * @ioc: per adapter object
1569  * @arg - user space buffer containing ioctl content
1570  *
1571  * This will allow the driver to setup any required buffers that will be
1572  * needed by firmware to communicate with the driver.
1573  */
1574 static long
1575 _ctl_diag_register(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1576 {
1577 	struct mpt3_diag_register karg;
1578 	long rc;
1579 
1580 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1581 		pr_err("failure at %s:%d/%s()!\n",
1582 		    __FILE__, __LINE__, __func__);
1583 		return -EFAULT;
1584 	}
1585 
1586 	rc = _ctl_diag_register_2(ioc, &karg);
1587 	return rc;
1588 }
1589 
1590 /**
1591  * _ctl_diag_unregister - application unregister with driver
1592  * @ioc: per adapter object
1593  * @arg - user space buffer containing ioctl content
1594  *
1595  * This will allow the driver to cleanup any memory allocated for diag
1596  * messages and to free up any resources.
1597  */
1598 static long
1599 _ctl_diag_unregister(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1600 {
1601 	struct mpt3_diag_unregister karg;
1602 	void *request_data;
1603 	dma_addr_t request_data_dma;
1604 	u32 request_data_sz;
1605 	u8 buffer_type;
1606 
1607 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1608 		pr_err("failure at %s:%d/%s()!\n",
1609 		    __FILE__, __LINE__, __func__);
1610 		return -EFAULT;
1611 	}
1612 
1613 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
1614 	    __func__));
1615 
1616 	buffer_type = karg.unique_id & 0x000000ff;
1617 	if (!_ctl_diag_capability(ioc, buffer_type)) {
1618 		pr_err(MPT3SAS_FMT
1619 			"%s: doesn't have capability for buffer_type(0x%02x)\n",
1620 			ioc->name, __func__, buffer_type);
1621 		return -EPERM;
1622 	}
1623 
1624 	if ((ioc->diag_buffer_status[buffer_type] &
1625 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
1626 		pr_err(MPT3SAS_FMT
1627 			"%s: buffer_type(0x%02x) is not registered\n",
1628 			ioc->name, __func__, buffer_type);
1629 		return -EINVAL;
1630 	}
1631 	if ((ioc->diag_buffer_status[buffer_type] &
1632 	    MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
1633 		pr_err(MPT3SAS_FMT
1634 			"%s: buffer_type(0x%02x) has not been released\n",
1635 			ioc->name, __func__, buffer_type);
1636 		return -EINVAL;
1637 	}
1638 
1639 	if (karg.unique_id != ioc->unique_id[buffer_type]) {
1640 		pr_err(MPT3SAS_FMT
1641 			"%s: unique_id(0x%08x) is not registered\n",
1642 			ioc->name, __func__, karg.unique_id);
1643 		return -EINVAL;
1644 	}
1645 
1646 	request_data = ioc->diag_buffer[buffer_type];
1647 	if (!request_data) {
1648 		pr_err(MPT3SAS_FMT
1649 			"%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
1650 			ioc->name, __func__, buffer_type);
1651 		return -ENOMEM;
1652 	}
1653 
1654 	request_data_sz = ioc->diag_buffer_sz[buffer_type];
1655 	request_data_dma = ioc->diag_buffer_dma[buffer_type];
1656 	pci_free_consistent(ioc->pdev, request_data_sz,
1657 	    request_data, request_data_dma);
1658 	ioc->diag_buffer[buffer_type] = NULL;
1659 	ioc->diag_buffer_status[buffer_type] = 0;
1660 	return 0;
1661 }
1662 
1663 /**
1664  * _ctl_diag_query - query relevant info associated with diag buffers
1665  * @ioc: per adapter object
1666  * @arg - user space buffer containing ioctl content
1667  *
1668  * The application will send only buffer_type and unique_id.  Driver will
1669  * inspect unique_id first, if valid, fill in all the info.  If unique_id is
1670  * 0x00, the driver will return info specified by Buffer Type.
1671  */
1672 static long
1673 _ctl_diag_query(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1674 {
1675 	struct mpt3_diag_query karg;
1676 	void *request_data;
1677 	int i;
1678 	u8 buffer_type;
1679 
1680 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1681 		pr_err("failure at %s:%d/%s()!\n",
1682 		    __FILE__, __LINE__, __func__);
1683 		return -EFAULT;
1684 	}
1685 
1686 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
1687 	    __func__));
1688 
1689 	karg.application_flags = 0;
1690 	buffer_type = karg.buffer_type;
1691 
1692 	if (!_ctl_diag_capability(ioc, buffer_type)) {
1693 		pr_err(MPT3SAS_FMT
1694 			"%s: doesn't have capability for buffer_type(0x%02x)\n",
1695 			ioc->name, __func__, buffer_type);
1696 		return -EPERM;
1697 	}
1698 
1699 	if ((ioc->diag_buffer_status[buffer_type] &
1700 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
1701 		pr_err(MPT3SAS_FMT
1702 			"%s: buffer_type(0x%02x) is not registered\n",
1703 			ioc->name, __func__, buffer_type);
1704 		return -EINVAL;
1705 	}
1706 
1707 	if (karg.unique_id & 0xffffff00) {
1708 		if (karg.unique_id != ioc->unique_id[buffer_type]) {
1709 			pr_err(MPT3SAS_FMT
1710 				"%s: unique_id(0x%08x) is not registered\n",
1711 				ioc->name, __func__, karg.unique_id);
1712 			return -EINVAL;
1713 		}
1714 	}
1715 
1716 	request_data = ioc->diag_buffer[buffer_type];
1717 	if (!request_data) {
1718 		pr_err(MPT3SAS_FMT
1719 			"%s: doesn't have buffer for buffer_type(0x%02x)\n",
1720 			ioc->name, __func__, buffer_type);
1721 		return -ENOMEM;
1722 	}
1723 
1724 	if (ioc->diag_buffer_status[buffer_type] & MPT3_DIAG_BUFFER_IS_RELEASED)
1725 		karg.application_flags = (MPT3_APP_FLAGS_APP_OWNED |
1726 		    MPT3_APP_FLAGS_BUFFER_VALID);
1727 	else
1728 		karg.application_flags = (MPT3_APP_FLAGS_APP_OWNED |
1729 		    MPT3_APP_FLAGS_BUFFER_VALID |
1730 		    MPT3_APP_FLAGS_FW_BUFFER_ACCESS);
1731 
1732 	for (i = 0; i < MPT3_PRODUCT_SPECIFIC_DWORDS; i++)
1733 		karg.product_specific[i] =
1734 		    ioc->product_specific[buffer_type][i];
1735 
1736 	karg.total_buffer_size = ioc->diag_buffer_sz[buffer_type];
1737 	karg.driver_added_buffer_size = 0;
1738 	karg.unique_id = ioc->unique_id[buffer_type];
1739 	karg.diagnostic_flags = ioc->diagnostic_flags[buffer_type];
1740 
1741 	if (copy_to_user(arg, &karg, sizeof(struct mpt3_diag_query))) {
1742 		pr_err(MPT3SAS_FMT
1743 			"%s: unable to write mpt3_diag_query data @ %p\n",
1744 			ioc->name, __func__, arg);
1745 		return -EFAULT;
1746 	}
1747 	return 0;
1748 }
1749 
1750 /**
1751  * mpt3sas_send_diag_release - Diag Release Message
1752  * @ioc: per adapter object
1753  * @buffer_type - specifies either TRACE, SNAPSHOT, or EXTENDED
1754  * @issue_reset - specifies whether host reset is required.
1755  *
1756  */
1757 int
1758 mpt3sas_send_diag_release(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type,
1759 	u8 *issue_reset)
1760 {
1761 	Mpi2DiagReleaseRequest_t *mpi_request;
1762 	Mpi2DiagReleaseReply_t *mpi_reply;
1763 	u16 smid;
1764 	u16 ioc_status;
1765 	u32 ioc_state;
1766 	int rc;
1767 	unsigned long timeleft;
1768 
1769 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
1770 	    __func__));
1771 
1772 	rc = 0;
1773 	*issue_reset = 0;
1774 
1775 	ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
1776 	if (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
1777 		if (ioc->diag_buffer_status[buffer_type] &
1778 		    MPT3_DIAG_BUFFER_IS_REGISTERED)
1779 			ioc->diag_buffer_status[buffer_type] |=
1780 			    MPT3_DIAG_BUFFER_IS_RELEASED;
1781 		dctlprintk(ioc, pr_info(MPT3SAS_FMT
1782 			"%s: skipping due to FAULT state\n", ioc->name,
1783 		    __func__));
1784 		rc = -EAGAIN;
1785 		goto out;
1786 	}
1787 
1788 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
1789 		pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
1790 		    ioc->name, __func__);
1791 		rc = -EAGAIN;
1792 		goto out;
1793 	}
1794 
1795 	smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
1796 	if (!smid) {
1797 		pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
1798 		    ioc->name, __func__);
1799 		rc = -EAGAIN;
1800 		goto out;
1801 	}
1802 
1803 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
1804 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
1805 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
1806 	ioc->ctl_cmds.smid = smid;
1807 
1808 	mpi_request->Function = MPI2_FUNCTION_DIAG_RELEASE;
1809 	mpi_request->BufferType = buffer_type;
1810 	mpi_request->VF_ID = 0; /* TODO */
1811 	mpi_request->VP_ID = 0;
1812 
1813 	init_completion(&ioc->ctl_cmds.done);
1814 	mpt3sas_base_put_smid_default(ioc, smid);
1815 	timeleft = wait_for_completion_timeout(&ioc->ctl_cmds.done,
1816 	    MPT3_IOCTL_DEFAULT_TIMEOUT*HZ);
1817 
1818 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
1819 		pr_err(MPT3SAS_FMT "%s: timeout\n", ioc->name,
1820 		    __func__);
1821 		_debug_dump_mf(mpi_request,
1822 		    sizeof(Mpi2DiagReleaseRequest_t)/4);
1823 		if (!(ioc->ctl_cmds.status & MPT3_CMD_RESET))
1824 			*issue_reset = 1;
1825 		rc = -EFAULT;
1826 		goto out;
1827 	}
1828 
1829 	/* process the completed Reply Message Frame */
1830 	if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
1831 		pr_err(MPT3SAS_FMT "%s: no reply message\n",
1832 		    ioc->name, __func__);
1833 		rc = -EFAULT;
1834 		goto out;
1835 	}
1836 
1837 	mpi_reply = ioc->ctl_cmds.reply;
1838 	ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
1839 
1840 	if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
1841 		ioc->diag_buffer_status[buffer_type] |=
1842 		    MPT3_DIAG_BUFFER_IS_RELEASED;
1843 		dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: success\n",
1844 		    ioc->name, __func__));
1845 	} else {
1846 		pr_info(MPT3SAS_FMT
1847 			"%s: ioc_status(0x%04x) log_info(0x%08x)\n",
1848 			ioc->name, __func__,
1849 		    ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
1850 		rc = -EFAULT;
1851 	}
1852 
1853  out:
1854 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
1855 	return rc;
1856 }
1857 
1858 /**
1859  * _ctl_diag_release - request to send Diag Release Message to firmware
1860  * @arg - user space buffer containing ioctl content
1861  *
1862  * This allows ownership of the specified buffer to returned to the driver,
1863  * allowing an application to read the buffer without fear that firmware is
1864  * overwritting information in the buffer.
1865  */
1866 static long
1867 _ctl_diag_release(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1868 {
1869 	struct mpt3_diag_release karg;
1870 	void *request_data;
1871 	int rc;
1872 	u8 buffer_type;
1873 	u8 issue_reset = 0;
1874 
1875 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1876 		pr_err("failure at %s:%d/%s()!\n",
1877 		    __FILE__, __LINE__, __func__);
1878 		return -EFAULT;
1879 	}
1880 
1881 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
1882 	    __func__));
1883 
1884 	buffer_type = karg.unique_id & 0x000000ff;
1885 	if (!_ctl_diag_capability(ioc, buffer_type)) {
1886 		pr_err(MPT3SAS_FMT
1887 			"%s: doesn't have capability for buffer_type(0x%02x)\n",
1888 			ioc->name, __func__, buffer_type);
1889 		return -EPERM;
1890 	}
1891 
1892 	if ((ioc->diag_buffer_status[buffer_type] &
1893 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
1894 		pr_err(MPT3SAS_FMT
1895 			"%s: buffer_type(0x%02x) is not registered\n",
1896 			ioc->name, __func__, buffer_type);
1897 		return -EINVAL;
1898 	}
1899 
1900 	if (karg.unique_id != ioc->unique_id[buffer_type]) {
1901 		pr_err(MPT3SAS_FMT
1902 			"%s: unique_id(0x%08x) is not registered\n",
1903 			ioc->name, __func__, karg.unique_id);
1904 		return -EINVAL;
1905 	}
1906 
1907 	if (ioc->diag_buffer_status[buffer_type] &
1908 	    MPT3_DIAG_BUFFER_IS_RELEASED) {
1909 		pr_err(MPT3SAS_FMT
1910 			"%s: buffer_type(0x%02x) is already released\n",
1911 			ioc->name, __func__,
1912 		    buffer_type);
1913 		return 0;
1914 	}
1915 
1916 	request_data = ioc->diag_buffer[buffer_type];
1917 
1918 	if (!request_data) {
1919 		pr_err(MPT3SAS_FMT
1920 			"%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
1921 			ioc->name, __func__, buffer_type);
1922 		return -ENOMEM;
1923 	}
1924 
1925 	/* buffers were released by due to host reset */
1926 	if ((ioc->diag_buffer_status[buffer_type] &
1927 	    MPT3_DIAG_BUFFER_IS_DIAG_RESET)) {
1928 		ioc->diag_buffer_status[buffer_type] |=
1929 		    MPT3_DIAG_BUFFER_IS_RELEASED;
1930 		ioc->diag_buffer_status[buffer_type] &=
1931 		    ~MPT3_DIAG_BUFFER_IS_DIAG_RESET;
1932 		pr_err(MPT3SAS_FMT
1933 			"%s: buffer_type(0x%02x) was released due to host reset\n",
1934 			ioc->name, __func__, buffer_type);
1935 		return 0;
1936 	}
1937 
1938 	rc = mpt3sas_send_diag_release(ioc, buffer_type, &issue_reset);
1939 
1940 	if (issue_reset)
1941 		mpt3sas_base_hard_reset_handler(ioc, CAN_SLEEP,
1942 		    FORCE_BIG_HAMMER);
1943 
1944 	return rc;
1945 }
1946 
1947 /**
1948  * _ctl_diag_read_buffer - request for copy of the diag buffer
1949  * @ioc: per adapter object
1950  * @arg - user space buffer containing ioctl content
1951  */
1952 static long
1953 _ctl_diag_read_buffer(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1954 {
1955 	struct mpt3_diag_read_buffer karg;
1956 	struct mpt3_diag_read_buffer __user *uarg = arg;
1957 	void *request_data, *diag_data;
1958 	Mpi2DiagBufferPostRequest_t *mpi_request;
1959 	Mpi2DiagBufferPostReply_t *mpi_reply;
1960 	int rc, i;
1961 	u8 buffer_type;
1962 	unsigned long timeleft, request_size, copy_size;
1963 	u16 smid;
1964 	u16 ioc_status;
1965 	u8 issue_reset = 0;
1966 
1967 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1968 		pr_err("failure at %s:%d/%s()!\n",
1969 		    __FILE__, __LINE__, __func__);
1970 		return -EFAULT;
1971 	}
1972 
1973 	dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s\n", ioc->name,
1974 	    __func__));
1975 
1976 	buffer_type = karg.unique_id & 0x000000ff;
1977 	if (!_ctl_diag_capability(ioc, buffer_type)) {
1978 		pr_err(MPT3SAS_FMT
1979 			"%s: doesn't have capability for buffer_type(0x%02x)\n",
1980 			ioc->name, __func__, buffer_type);
1981 		return -EPERM;
1982 	}
1983 
1984 	if (karg.unique_id != ioc->unique_id[buffer_type]) {
1985 		pr_err(MPT3SAS_FMT
1986 			"%s: unique_id(0x%08x) is not registered\n",
1987 			ioc->name, __func__, karg.unique_id);
1988 		return -EINVAL;
1989 	}
1990 
1991 	request_data = ioc->diag_buffer[buffer_type];
1992 	if (!request_data) {
1993 		pr_err(MPT3SAS_FMT
1994 			"%s: doesn't have buffer for buffer_type(0x%02x)\n",
1995 			ioc->name, __func__, buffer_type);
1996 		return -ENOMEM;
1997 	}
1998 
1999 	request_size = ioc->diag_buffer_sz[buffer_type];
2000 
2001 	if ((karg.starting_offset % 4) || (karg.bytes_to_read % 4)) {
2002 		pr_err(MPT3SAS_FMT "%s: either the starting_offset " \
2003 		    "or bytes_to_read are not 4 byte aligned\n", ioc->name,
2004 		    __func__);
2005 		return -EINVAL;
2006 	}
2007 
2008 	if (karg.starting_offset > request_size)
2009 		return -EINVAL;
2010 
2011 	diag_data = (void *)(request_data + karg.starting_offset);
2012 	dctlprintk(ioc, pr_info(MPT3SAS_FMT
2013 		"%s: diag_buffer(%p), offset(%d), sz(%d)\n",
2014 		ioc->name, __func__,
2015 	    diag_data, karg.starting_offset, karg.bytes_to_read));
2016 
2017 	/* Truncate data on requests that are too large */
2018 	if ((diag_data + karg.bytes_to_read < diag_data) ||
2019 	    (diag_data + karg.bytes_to_read > request_data + request_size))
2020 		copy_size = request_size - karg.starting_offset;
2021 	else
2022 		copy_size = karg.bytes_to_read;
2023 
2024 	if (copy_to_user((void __user *)uarg->diagnostic_data,
2025 	    diag_data, copy_size)) {
2026 		pr_err(MPT3SAS_FMT
2027 			"%s: Unable to write mpt_diag_read_buffer_t data @ %p\n",
2028 			ioc->name, __func__, diag_data);
2029 		return -EFAULT;
2030 	}
2031 
2032 	if ((karg.flags & MPT3_FLAGS_REREGISTER) == 0)
2033 		return 0;
2034 
2035 	dctlprintk(ioc, pr_info(MPT3SAS_FMT
2036 		"%s: Reregister buffer_type(0x%02x)\n",
2037 		ioc->name, __func__, buffer_type));
2038 	if ((ioc->diag_buffer_status[buffer_type] &
2039 	    MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
2040 		dctlprintk(ioc, pr_info(MPT3SAS_FMT
2041 			"%s: buffer_type(0x%02x) is still registered\n",
2042 			ioc->name, __func__, buffer_type));
2043 		return 0;
2044 	}
2045 	/* Get a free request frame and save the message context.
2046 	*/
2047 
2048 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
2049 		pr_err(MPT3SAS_FMT "%s: ctl_cmd in use\n",
2050 		    ioc->name, __func__);
2051 		rc = -EAGAIN;
2052 		goto out;
2053 	}
2054 
2055 	smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
2056 	if (!smid) {
2057 		pr_err(MPT3SAS_FMT "%s: failed obtaining a smid\n",
2058 		    ioc->name, __func__);
2059 		rc = -EAGAIN;
2060 		goto out;
2061 	}
2062 
2063 	rc = 0;
2064 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
2065 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
2066 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
2067 	ioc->ctl_cmds.smid = smid;
2068 
2069 	mpi_request->Function = MPI2_FUNCTION_DIAG_BUFFER_POST;
2070 	mpi_request->BufferType = buffer_type;
2071 	mpi_request->BufferLength =
2072 	    cpu_to_le32(ioc->diag_buffer_sz[buffer_type]);
2073 	mpi_request->BufferAddress =
2074 	    cpu_to_le64(ioc->diag_buffer_dma[buffer_type]);
2075 	for (i = 0; i < MPT3_PRODUCT_SPECIFIC_DWORDS; i++)
2076 		mpi_request->ProductSpecific[i] =
2077 			cpu_to_le32(ioc->product_specific[buffer_type][i]);
2078 	mpi_request->VF_ID = 0; /* TODO */
2079 	mpi_request->VP_ID = 0;
2080 
2081 	init_completion(&ioc->ctl_cmds.done);
2082 	mpt3sas_base_put_smid_default(ioc, smid);
2083 	timeleft = wait_for_completion_timeout(&ioc->ctl_cmds.done,
2084 	    MPT3_IOCTL_DEFAULT_TIMEOUT*HZ);
2085 
2086 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
2087 		pr_err(MPT3SAS_FMT "%s: timeout\n", ioc->name,
2088 		    __func__);
2089 		_debug_dump_mf(mpi_request,
2090 		    sizeof(Mpi2DiagBufferPostRequest_t)/4);
2091 		if (!(ioc->ctl_cmds.status & MPT3_CMD_RESET))
2092 			issue_reset = 1;
2093 		goto issue_host_reset;
2094 	}
2095 
2096 	/* process the completed Reply Message Frame */
2097 	if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
2098 		pr_err(MPT3SAS_FMT "%s: no reply message\n",
2099 		    ioc->name, __func__);
2100 		rc = -EFAULT;
2101 		goto out;
2102 	}
2103 
2104 	mpi_reply = ioc->ctl_cmds.reply;
2105 	ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
2106 
2107 	if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
2108 		ioc->diag_buffer_status[buffer_type] |=
2109 		    MPT3_DIAG_BUFFER_IS_REGISTERED;
2110 		dctlprintk(ioc, pr_info(MPT3SAS_FMT "%s: success\n",
2111 		    ioc->name, __func__));
2112 	} else {
2113 		pr_info(MPT3SAS_FMT
2114 			"%s: ioc_status(0x%04x) log_info(0x%08x)\n",
2115 			ioc->name, __func__,
2116 		    ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
2117 		rc = -EFAULT;
2118 	}
2119 
2120  issue_host_reset:
2121 	if (issue_reset)
2122 		mpt3sas_base_hard_reset_handler(ioc, CAN_SLEEP,
2123 		    FORCE_BIG_HAMMER);
2124 
2125  out:
2126 
2127 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
2128 	return rc;
2129 }
2130 
2131 
2132 
2133 #ifdef CONFIG_COMPAT
2134 /**
2135  * _ctl_compat_mpt_command - convert 32bit pointers to 64bit.
2136  * @ioc: per adapter object
2137  * @cmd - ioctl opcode
2138  * @arg - (struct mpt3_ioctl_command32)
2139  *
2140  * MPT3COMMAND32 - Handle 32bit applications running on 64bit os.
2141  */
2142 static long
2143 _ctl_compat_mpt_command(struct MPT3SAS_ADAPTER *ioc, unsigned cmd,
2144 	void __user *arg)
2145 {
2146 	struct mpt3_ioctl_command32 karg32;
2147 	struct mpt3_ioctl_command32 __user *uarg;
2148 	struct mpt3_ioctl_command karg;
2149 
2150 	if (_IOC_SIZE(cmd) != sizeof(struct mpt3_ioctl_command32))
2151 		return -EINVAL;
2152 
2153 	uarg = (struct mpt3_ioctl_command32 __user *) arg;
2154 
2155 	if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32))) {
2156 		pr_err("failure at %s:%d/%s()!\n",
2157 		    __FILE__, __LINE__, __func__);
2158 		return -EFAULT;
2159 	}
2160 
2161 	memset(&karg, 0, sizeof(struct mpt3_ioctl_command));
2162 	karg.hdr.ioc_number = karg32.hdr.ioc_number;
2163 	karg.hdr.port_number = karg32.hdr.port_number;
2164 	karg.hdr.max_data_size = karg32.hdr.max_data_size;
2165 	karg.timeout = karg32.timeout;
2166 	karg.max_reply_bytes = karg32.max_reply_bytes;
2167 	karg.data_in_size = karg32.data_in_size;
2168 	karg.data_out_size = karg32.data_out_size;
2169 	karg.max_sense_bytes = karg32.max_sense_bytes;
2170 	karg.data_sge_offset = karg32.data_sge_offset;
2171 	karg.reply_frame_buf_ptr = compat_ptr(karg32.reply_frame_buf_ptr);
2172 	karg.data_in_buf_ptr = compat_ptr(karg32.data_in_buf_ptr);
2173 	karg.data_out_buf_ptr = compat_ptr(karg32.data_out_buf_ptr);
2174 	karg.sense_data_ptr = compat_ptr(karg32.sense_data_ptr);
2175 	return _ctl_do_mpt_command(ioc, karg, &uarg->mf);
2176 }
2177 #endif
2178 
2179 /**
2180  * _ctl_ioctl_main - main ioctl entry point
2181  * @file - (struct file)
2182  * @cmd - ioctl opcode
2183  * @arg -
2184  * compat - handles 32 bit applications in 64bit os
2185  */
2186 static long
2187 _ctl_ioctl_main(struct file *file, unsigned int cmd, void __user *arg,
2188 	u8 compat)
2189 {
2190 	struct MPT3SAS_ADAPTER *ioc;
2191 	struct mpt3_ioctl_header ioctl_header;
2192 	enum block_state state;
2193 	long ret = -EINVAL;
2194 
2195 	/* get IOCTL header */
2196 	if (copy_from_user(&ioctl_header, (char __user *)arg,
2197 	    sizeof(struct mpt3_ioctl_header))) {
2198 		pr_err("failure at %s:%d/%s()!\n",
2199 		    __FILE__, __LINE__, __func__);
2200 		return -EFAULT;
2201 	}
2202 
2203 	if (_ctl_verify_adapter(ioctl_header.ioc_number, &ioc) == -1 || !ioc)
2204 		return -ENODEV;
2205 
2206 	if (ioc->shost_recovery || ioc->pci_error_recovery ||
2207 	    ioc->is_driver_loading)
2208 		return -EAGAIN;
2209 
2210 	state = (file->f_flags & O_NONBLOCK) ? NON_BLOCKING : BLOCKING;
2211 	if (state == NON_BLOCKING) {
2212 		if (!mutex_trylock(&ioc->ctl_cmds.mutex))
2213 			return -EAGAIN;
2214 	} else if (mutex_lock_interruptible(&ioc->ctl_cmds.mutex))
2215 		return -ERESTARTSYS;
2216 
2217 
2218 	switch (cmd) {
2219 	case MPT3IOCINFO:
2220 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_iocinfo))
2221 			ret = _ctl_getiocinfo(ioc, arg);
2222 		break;
2223 #ifdef CONFIG_COMPAT
2224 	case MPT3COMMAND32:
2225 #endif
2226 	case MPT3COMMAND:
2227 	{
2228 		struct mpt3_ioctl_command __user *uarg;
2229 		struct mpt3_ioctl_command karg;
2230 
2231 #ifdef CONFIG_COMPAT
2232 		if (compat) {
2233 			ret = _ctl_compat_mpt_command(ioc, cmd, arg);
2234 			break;
2235 		}
2236 #endif
2237 		if (copy_from_user(&karg, arg, sizeof(karg))) {
2238 			pr_err("failure at %s:%d/%s()!\n",
2239 			    __FILE__, __LINE__, __func__);
2240 			ret = -EFAULT;
2241 			break;
2242 		}
2243 
2244 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_command)) {
2245 			uarg = arg;
2246 			ret = _ctl_do_mpt_command(ioc, karg, &uarg->mf);
2247 		}
2248 		break;
2249 	}
2250 	case MPT3EVENTQUERY:
2251 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_eventquery))
2252 			ret = _ctl_eventquery(ioc, arg);
2253 		break;
2254 	case MPT3EVENTENABLE:
2255 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_eventenable))
2256 			ret = _ctl_eventenable(ioc, arg);
2257 		break;
2258 	case MPT3EVENTREPORT:
2259 		ret = _ctl_eventreport(ioc, arg);
2260 		break;
2261 	case MPT3HARDRESET:
2262 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_diag_reset))
2263 			ret = _ctl_do_reset(ioc, arg);
2264 		break;
2265 	case MPT3BTDHMAPPING:
2266 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_btdh_mapping))
2267 			ret = _ctl_btdh_mapping(ioc, arg);
2268 		break;
2269 	case MPT3DIAGREGISTER:
2270 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_register))
2271 			ret = _ctl_diag_register(ioc, arg);
2272 		break;
2273 	case MPT3DIAGUNREGISTER:
2274 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_unregister))
2275 			ret = _ctl_diag_unregister(ioc, arg);
2276 		break;
2277 	case MPT3DIAGQUERY:
2278 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_query))
2279 			ret = _ctl_diag_query(ioc, arg);
2280 		break;
2281 	case MPT3DIAGRELEASE:
2282 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_release))
2283 			ret = _ctl_diag_release(ioc, arg);
2284 		break;
2285 	case MPT3DIAGREADBUFFER:
2286 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_read_buffer))
2287 			ret = _ctl_diag_read_buffer(ioc, arg);
2288 		break;
2289 	default:
2290 		dctlprintk(ioc, pr_info(MPT3SAS_FMT
2291 		    "unsupported ioctl opcode(0x%08x)\n", ioc->name, cmd));
2292 		break;
2293 	}
2294 
2295 	mutex_unlock(&ioc->ctl_cmds.mutex);
2296 	return ret;
2297 }
2298 
2299 /**
2300  * _ctl_ioctl - main ioctl entry point (unlocked)
2301  * @file - (struct file)
2302  * @cmd - ioctl opcode
2303  * @arg -
2304  */
2305 static long
2306 _ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2307 {
2308 	long ret;
2309 
2310 	ret = _ctl_ioctl_main(file, cmd, (void __user *)arg, 0);
2311 	return ret;
2312 }
2313 
2314 #ifdef CONFIG_COMPAT
2315 /**
2316  * _ctl_ioctl_compat - main ioctl entry point (compat)
2317  * @file -
2318  * @cmd -
2319  * @arg -
2320  *
2321  * This routine handles 32 bit applications in 64bit os.
2322  */
2323 static long
2324 _ctl_ioctl_compat(struct file *file, unsigned cmd, unsigned long arg)
2325 {
2326 	long ret;
2327 
2328 	ret = _ctl_ioctl_main(file, cmd, (void __user *)arg, 1);
2329 	return ret;
2330 }
2331 #endif
2332 
2333 /* scsi host attributes */
2334 /**
2335  * _ctl_version_fw_show - firmware version
2336  * @cdev - pointer to embedded class device
2337  * @buf - the buffer returned
2338  *
2339  * A sysfs 'read-only' shost attribute.
2340  */
2341 static ssize_t
2342 _ctl_version_fw_show(struct device *cdev, struct device_attribute *attr,
2343 	char *buf)
2344 {
2345 	struct Scsi_Host *shost = class_to_shost(cdev);
2346 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2347 
2348 	return snprintf(buf, PAGE_SIZE, "%02d.%02d.%02d.%02d\n",
2349 	    (ioc->facts.FWVersion.Word & 0xFF000000) >> 24,
2350 	    (ioc->facts.FWVersion.Word & 0x00FF0000) >> 16,
2351 	    (ioc->facts.FWVersion.Word & 0x0000FF00) >> 8,
2352 	    ioc->facts.FWVersion.Word & 0x000000FF);
2353 }
2354 static DEVICE_ATTR(version_fw, S_IRUGO, _ctl_version_fw_show, NULL);
2355 
2356 /**
2357  * _ctl_version_bios_show - bios version
2358  * @cdev - pointer to embedded class device
2359  * @buf - the buffer returned
2360  *
2361  * A sysfs 'read-only' shost attribute.
2362  */
2363 static ssize_t
2364 _ctl_version_bios_show(struct device *cdev, struct device_attribute *attr,
2365 	char *buf)
2366 {
2367 	struct Scsi_Host *shost = class_to_shost(cdev);
2368 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2369 
2370 	u32 version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
2371 
2372 	return snprintf(buf, PAGE_SIZE, "%02d.%02d.%02d.%02d\n",
2373 	    (version & 0xFF000000) >> 24,
2374 	    (version & 0x00FF0000) >> 16,
2375 	    (version & 0x0000FF00) >> 8,
2376 	    version & 0x000000FF);
2377 }
2378 static DEVICE_ATTR(version_bios, S_IRUGO, _ctl_version_bios_show, NULL);
2379 
2380 /**
2381  * _ctl_version_mpi_show - MPI (message passing interface) version
2382  * @cdev - pointer to embedded class device
2383  * @buf - the buffer returned
2384  *
2385  * A sysfs 'read-only' shost attribute.
2386  */
2387 static ssize_t
2388 _ctl_version_mpi_show(struct device *cdev, struct device_attribute *attr,
2389 	char *buf)
2390 {
2391 	struct Scsi_Host *shost = class_to_shost(cdev);
2392 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2393 
2394 	return snprintf(buf, PAGE_SIZE, "%03x.%02x\n",
2395 	    ioc->facts.MsgVersion, ioc->facts.HeaderVersion >> 8);
2396 }
2397 static DEVICE_ATTR(version_mpi, S_IRUGO, _ctl_version_mpi_show, NULL);
2398 
2399 /**
2400  * _ctl_version_product_show - product name
2401  * @cdev - pointer to embedded class device
2402  * @buf - the buffer returned
2403  *
2404  * A sysfs 'read-only' shost attribute.
2405  */
2406 static ssize_t
2407 _ctl_version_product_show(struct device *cdev, struct device_attribute *attr,
2408 	char *buf)
2409 {
2410 	struct Scsi_Host *shost = class_to_shost(cdev);
2411 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2412 
2413 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.ChipName);
2414 }
2415 static DEVICE_ATTR(version_product, S_IRUGO, _ctl_version_product_show, NULL);
2416 
2417 /**
2418  * _ctl_version_nvdata_persistent_show - ndvata persistent version
2419  * @cdev - pointer to embedded class device
2420  * @buf - the buffer returned
2421  *
2422  * A sysfs 'read-only' shost attribute.
2423  */
2424 static ssize_t
2425 _ctl_version_nvdata_persistent_show(struct device *cdev,
2426 	struct device_attribute *attr, char *buf)
2427 {
2428 	struct Scsi_Host *shost = class_to_shost(cdev);
2429 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2430 
2431 	return snprintf(buf, PAGE_SIZE, "%08xh\n",
2432 	    le32_to_cpu(ioc->iounit_pg0.NvdataVersionPersistent.Word));
2433 }
2434 static DEVICE_ATTR(version_nvdata_persistent, S_IRUGO,
2435 	_ctl_version_nvdata_persistent_show, NULL);
2436 
2437 /**
2438  * _ctl_version_nvdata_default_show - nvdata default version
2439  * @cdev - pointer to embedded class device
2440  * @buf - the buffer returned
2441  *
2442  * A sysfs 'read-only' shost attribute.
2443  */
2444 static ssize_t
2445 _ctl_version_nvdata_default_show(struct device *cdev, struct device_attribute
2446 	*attr, char *buf)
2447 {
2448 	struct Scsi_Host *shost = class_to_shost(cdev);
2449 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2450 
2451 	return snprintf(buf, PAGE_SIZE, "%08xh\n",
2452 	    le32_to_cpu(ioc->iounit_pg0.NvdataVersionDefault.Word));
2453 }
2454 static DEVICE_ATTR(version_nvdata_default, S_IRUGO,
2455 	_ctl_version_nvdata_default_show, NULL);
2456 
2457 /**
2458  * _ctl_board_name_show - board name
2459  * @cdev - pointer to embedded class device
2460  * @buf - the buffer returned
2461  *
2462  * A sysfs 'read-only' shost attribute.
2463  */
2464 static ssize_t
2465 _ctl_board_name_show(struct device *cdev, struct device_attribute *attr,
2466 	char *buf)
2467 {
2468 	struct Scsi_Host *shost = class_to_shost(cdev);
2469 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2470 
2471 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.BoardName);
2472 }
2473 static DEVICE_ATTR(board_name, S_IRUGO, _ctl_board_name_show, NULL);
2474 
2475 /**
2476  * _ctl_board_assembly_show - board assembly name
2477  * @cdev - pointer to embedded class device
2478  * @buf - the buffer returned
2479  *
2480  * A sysfs 'read-only' shost attribute.
2481  */
2482 static ssize_t
2483 _ctl_board_assembly_show(struct device *cdev, struct device_attribute *attr,
2484 	char *buf)
2485 {
2486 	struct Scsi_Host *shost = class_to_shost(cdev);
2487 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2488 
2489 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.BoardAssembly);
2490 }
2491 static DEVICE_ATTR(board_assembly, S_IRUGO, _ctl_board_assembly_show, NULL);
2492 
2493 /**
2494  * _ctl_board_tracer_show - board tracer number
2495  * @cdev - pointer to embedded class device
2496  * @buf - the buffer returned
2497  *
2498  * A sysfs 'read-only' shost attribute.
2499  */
2500 static ssize_t
2501 _ctl_board_tracer_show(struct device *cdev, struct device_attribute *attr,
2502 	char *buf)
2503 {
2504 	struct Scsi_Host *shost = class_to_shost(cdev);
2505 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2506 
2507 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.BoardTracerNumber);
2508 }
2509 static DEVICE_ATTR(board_tracer, S_IRUGO, _ctl_board_tracer_show, NULL);
2510 
2511 /**
2512  * _ctl_io_delay_show - io missing delay
2513  * @cdev - pointer to embedded class device
2514  * @buf - the buffer returned
2515  *
2516  * This is for firmware implemention for deboucing device
2517  * removal events.
2518  *
2519  * A sysfs 'read-only' shost attribute.
2520  */
2521 static ssize_t
2522 _ctl_io_delay_show(struct device *cdev, struct device_attribute *attr,
2523 	char *buf)
2524 {
2525 	struct Scsi_Host *shost = class_to_shost(cdev);
2526 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2527 
2528 	return snprintf(buf, PAGE_SIZE, "%02d\n", ioc->io_missing_delay);
2529 }
2530 static DEVICE_ATTR(io_delay, S_IRUGO, _ctl_io_delay_show, NULL);
2531 
2532 /**
2533  * _ctl_device_delay_show - device missing delay
2534  * @cdev - pointer to embedded class device
2535  * @buf - the buffer returned
2536  *
2537  * This is for firmware implemention for deboucing device
2538  * removal events.
2539  *
2540  * A sysfs 'read-only' shost attribute.
2541  */
2542 static ssize_t
2543 _ctl_device_delay_show(struct device *cdev, struct device_attribute *attr,
2544 	char *buf)
2545 {
2546 	struct Scsi_Host *shost = class_to_shost(cdev);
2547 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2548 
2549 	return snprintf(buf, PAGE_SIZE, "%02d\n", ioc->device_missing_delay);
2550 }
2551 static DEVICE_ATTR(device_delay, S_IRUGO, _ctl_device_delay_show, NULL);
2552 
2553 /**
2554  * _ctl_fw_queue_depth_show - global credits
2555  * @cdev - pointer to embedded class device
2556  * @buf - the buffer returned
2557  *
2558  * This is firmware queue depth limit
2559  *
2560  * A sysfs 'read-only' shost attribute.
2561  */
2562 static ssize_t
2563 _ctl_fw_queue_depth_show(struct device *cdev, struct device_attribute *attr,
2564 	char *buf)
2565 {
2566 	struct Scsi_Host *shost = class_to_shost(cdev);
2567 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2568 
2569 	return snprintf(buf, PAGE_SIZE, "%02d\n", ioc->facts.RequestCredit);
2570 }
2571 static DEVICE_ATTR(fw_queue_depth, S_IRUGO, _ctl_fw_queue_depth_show, NULL);
2572 
2573 /**
2574  * _ctl_sas_address_show - sas address
2575  * @cdev - pointer to embedded class device
2576  * @buf - the buffer returned
2577  *
2578  * This is the controller sas address
2579  *
2580  * A sysfs 'read-only' shost attribute.
2581  */
2582 static ssize_t
2583 _ctl_host_sas_address_show(struct device *cdev, struct device_attribute *attr,
2584 	char *buf)
2585 
2586 {
2587 	struct Scsi_Host *shost = class_to_shost(cdev);
2588 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2589 
2590 	return snprintf(buf, PAGE_SIZE, "0x%016llx\n",
2591 	    (unsigned long long)ioc->sas_hba.sas_address);
2592 }
2593 static DEVICE_ATTR(host_sas_address, S_IRUGO,
2594 	_ctl_host_sas_address_show, NULL);
2595 
2596 /**
2597  * _ctl_logging_level_show - logging level
2598  * @cdev - pointer to embedded class device
2599  * @buf - the buffer returned
2600  *
2601  * A sysfs 'read/write' shost attribute.
2602  */
2603 static ssize_t
2604 _ctl_logging_level_show(struct device *cdev, struct device_attribute *attr,
2605 	char *buf)
2606 {
2607 	struct Scsi_Host *shost = class_to_shost(cdev);
2608 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2609 
2610 	return snprintf(buf, PAGE_SIZE, "%08xh\n", ioc->logging_level);
2611 }
2612 static ssize_t
2613 _ctl_logging_level_store(struct device *cdev, struct device_attribute *attr,
2614 	const char *buf, size_t count)
2615 {
2616 	struct Scsi_Host *shost = class_to_shost(cdev);
2617 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2618 	int val = 0;
2619 
2620 	if (sscanf(buf, "%x", &val) != 1)
2621 		return -EINVAL;
2622 
2623 	ioc->logging_level = val;
2624 	pr_info(MPT3SAS_FMT "logging_level=%08xh\n", ioc->name,
2625 	    ioc->logging_level);
2626 	return strlen(buf);
2627 }
2628 static DEVICE_ATTR(logging_level, S_IRUGO | S_IWUSR, _ctl_logging_level_show,
2629 	_ctl_logging_level_store);
2630 
2631 /**
2632  * _ctl_fwfault_debug_show - show/store fwfault_debug
2633  * @cdev - pointer to embedded class device
2634  * @buf - the buffer returned
2635  *
2636  * mpt3sas_fwfault_debug is command line option
2637  * A sysfs 'read/write' shost attribute.
2638  */
2639 static ssize_t
2640 _ctl_fwfault_debug_show(struct device *cdev, struct device_attribute *attr,
2641 	char *buf)
2642 {
2643 	struct Scsi_Host *shost = class_to_shost(cdev);
2644 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2645 
2646 	return snprintf(buf, PAGE_SIZE, "%d\n", ioc->fwfault_debug);
2647 }
2648 static ssize_t
2649 _ctl_fwfault_debug_store(struct device *cdev, struct device_attribute *attr,
2650 	const char *buf, size_t count)
2651 {
2652 	struct Scsi_Host *shost = class_to_shost(cdev);
2653 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2654 	int val = 0;
2655 
2656 	if (sscanf(buf, "%d", &val) != 1)
2657 		return -EINVAL;
2658 
2659 	ioc->fwfault_debug = val;
2660 	pr_info(MPT3SAS_FMT "fwfault_debug=%d\n", ioc->name,
2661 	    ioc->fwfault_debug);
2662 	return strlen(buf);
2663 }
2664 static DEVICE_ATTR(fwfault_debug, S_IRUGO | S_IWUSR,
2665 	_ctl_fwfault_debug_show, _ctl_fwfault_debug_store);
2666 
2667 /**
2668  * _ctl_ioc_reset_count_show - ioc reset count
2669  * @cdev - pointer to embedded class device
2670  * @buf - the buffer returned
2671  *
2672  * This is firmware queue depth limit
2673  *
2674  * A sysfs 'read-only' shost attribute.
2675  */
2676 static ssize_t
2677 _ctl_ioc_reset_count_show(struct device *cdev, struct device_attribute *attr,
2678 	char *buf)
2679 {
2680 	struct Scsi_Host *shost = class_to_shost(cdev);
2681 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2682 
2683 	return snprintf(buf, PAGE_SIZE, "%d\n", ioc->ioc_reset_count);
2684 }
2685 static DEVICE_ATTR(ioc_reset_count, S_IRUGO, _ctl_ioc_reset_count_show, NULL);
2686 
2687 /**
2688  * _ctl_ioc_reply_queue_count_show - number of reply queues
2689  * @cdev - pointer to embedded class device
2690  * @buf - the buffer returned
2691  *
2692  * This is number of reply queues
2693  *
2694  * A sysfs 'read-only' shost attribute.
2695  */
2696 static ssize_t
2697 _ctl_ioc_reply_queue_count_show(struct device *cdev,
2698 	struct device_attribute *attr, char *buf)
2699 {
2700 	u8 reply_queue_count;
2701 	struct Scsi_Host *shost = class_to_shost(cdev);
2702 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2703 
2704 	if ((ioc->facts.IOCCapabilities &
2705 	    MPI2_IOCFACTS_CAPABILITY_MSI_X_INDEX) && ioc->msix_enable)
2706 		reply_queue_count = ioc->reply_queue_count;
2707 	else
2708 		reply_queue_count = 1;
2709 
2710 	return snprintf(buf, PAGE_SIZE, "%d\n", reply_queue_count);
2711 }
2712 static DEVICE_ATTR(reply_queue_count, S_IRUGO, _ctl_ioc_reply_queue_count_show,
2713 	NULL);
2714 
2715 struct DIAG_BUFFER_START {
2716 	__le32	Size;
2717 	__le32	DiagVersion;
2718 	u8	BufferType;
2719 	u8	Reserved[3];
2720 	__le32	Reserved1;
2721 	__le32	Reserved2;
2722 	__le32	Reserved3;
2723 };
2724 
2725 /**
2726  * _ctl_host_trace_buffer_size_show - host buffer size (trace only)
2727  * @cdev - pointer to embedded class device
2728  * @buf - the buffer returned
2729  *
2730  * A sysfs 'read-only' shost attribute.
2731  */
2732 static ssize_t
2733 _ctl_host_trace_buffer_size_show(struct device *cdev,
2734 	struct device_attribute *attr, char *buf)
2735 {
2736 	struct Scsi_Host *shost = class_to_shost(cdev);
2737 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2738 	u32 size = 0;
2739 	struct DIAG_BUFFER_START *request_data;
2740 
2741 	if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) {
2742 		pr_err(MPT3SAS_FMT
2743 			"%s: host_trace_buffer is not registered\n",
2744 			ioc->name, __func__);
2745 		return 0;
2746 	}
2747 
2748 	if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2749 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
2750 		pr_err(MPT3SAS_FMT
2751 			"%s: host_trace_buffer is not registered\n",
2752 			ioc->name, __func__);
2753 		return 0;
2754 	}
2755 
2756 	request_data = (struct DIAG_BUFFER_START *)
2757 	    ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE];
2758 	if ((le32_to_cpu(request_data->DiagVersion) == 0x00000000 ||
2759 	    le32_to_cpu(request_data->DiagVersion) == 0x01000000 ||
2760 	    le32_to_cpu(request_data->DiagVersion) == 0x01010000) &&
2761 	    le32_to_cpu(request_data->Reserved3) == 0x4742444c)
2762 		size = le32_to_cpu(request_data->Size);
2763 
2764 	ioc->ring_buffer_sz = size;
2765 	return snprintf(buf, PAGE_SIZE, "%d\n", size);
2766 }
2767 static DEVICE_ATTR(host_trace_buffer_size, S_IRUGO,
2768 	_ctl_host_trace_buffer_size_show, NULL);
2769 
2770 /**
2771  * _ctl_host_trace_buffer_show - firmware ring buffer (trace only)
2772  * @cdev - pointer to embedded class device
2773  * @buf - the buffer returned
2774  *
2775  * A sysfs 'read/write' shost attribute.
2776  *
2777  * You will only be able to read 4k bytes of ring buffer at a time.
2778  * In order to read beyond 4k bytes, you will have to write out the
2779  * offset to the same attribute, it will move the pointer.
2780  */
2781 static ssize_t
2782 _ctl_host_trace_buffer_show(struct device *cdev, struct device_attribute *attr,
2783 	char *buf)
2784 {
2785 	struct Scsi_Host *shost = class_to_shost(cdev);
2786 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2787 	void *request_data;
2788 	u32 size;
2789 
2790 	if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) {
2791 		pr_err(MPT3SAS_FMT
2792 			"%s: host_trace_buffer is not registered\n",
2793 			ioc->name, __func__);
2794 		return 0;
2795 	}
2796 
2797 	if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2798 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
2799 		pr_err(MPT3SAS_FMT
2800 			"%s: host_trace_buffer is not registered\n",
2801 			ioc->name, __func__);
2802 		return 0;
2803 	}
2804 
2805 	if (ioc->ring_buffer_offset > ioc->ring_buffer_sz)
2806 		return 0;
2807 
2808 	size = ioc->ring_buffer_sz - ioc->ring_buffer_offset;
2809 	size = (size >= PAGE_SIZE) ? (PAGE_SIZE - 1) : size;
2810 	request_data = ioc->diag_buffer[0] + ioc->ring_buffer_offset;
2811 	memcpy(buf, request_data, size);
2812 	return size;
2813 }
2814 
2815 static ssize_t
2816 _ctl_host_trace_buffer_store(struct device *cdev, struct device_attribute *attr,
2817 	const char *buf, size_t count)
2818 {
2819 	struct Scsi_Host *shost = class_to_shost(cdev);
2820 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2821 	int val = 0;
2822 
2823 	if (sscanf(buf, "%d", &val) != 1)
2824 		return -EINVAL;
2825 
2826 	ioc->ring_buffer_offset = val;
2827 	return strlen(buf);
2828 }
2829 static DEVICE_ATTR(host_trace_buffer, S_IRUGO | S_IWUSR,
2830 	_ctl_host_trace_buffer_show, _ctl_host_trace_buffer_store);
2831 
2832 
2833 /*****************************************/
2834 
2835 /**
2836  * _ctl_host_trace_buffer_enable_show - firmware ring buffer (trace only)
2837  * @cdev - pointer to embedded class device
2838  * @buf - the buffer returned
2839  *
2840  * A sysfs 'read/write' shost attribute.
2841  *
2842  * This is a mechnism to post/release host_trace_buffers
2843  */
2844 static ssize_t
2845 _ctl_host_trace_buffer_enable_show(struct device *cdev,
2846 	struct device_attribute *attr, char *buf)
2847 {
2848 	struct Scsi_Host *shost = class_to_shost(cdev);
2849 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2850 
2851 	if ((!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) ||
2852 	   ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2853 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0))
2854 		return snprintf(buf, PAGE_SIZE, "off\n");
2855 	else if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2856 	    MPT3_DIAG_BUFFER_IS_RELEASED))
2857 		return snprintf(buf, PAGE_SIZE, "release\n");
2858 	else
2859 		return snprintf(buf, PAGE_SIZE, "post\n");
2860 }
2861 
2862 static ssize_t
2863 _ctl_host_trace_buffer_enable_store(struct device *cdev,
2864 	struct device_attribute *attr, const char *buf, size_t count)
2865 {
2866 	struct Scsi_Host *shost = class_to_shost(cdev);
2867 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2868 	char str[10] = "";
2869 	struct mpt3_diag_register diag_register;
2870 	u8 issue_reset = 0;
2871 
2872 	/* don't allow post/release occurr while recovery is active */
2873 	if (ioc->shost_recovery || ioc->remove_host ||
2874 	    ioc->pci_error_recovery || ioc->is_driver_loading)
2875 		return -EBUSY;
2876 
2877 	if (sscanf(buf, "%9s", str) != 1)
2878 		return -EINVAL;
2879 
2880 	if (!strcmp(str, "post")) {
2881 		/* exit out if host buffers are already posted */
2882 		if ((ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) &&
2883 		    (ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2884 		    MPT3_DIAG_BUFFER_IS_REGISTERED) &&
2885 		    ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2886 		    MPT3_DIAG_BUFFER_IS_RELEASED) == 0))
2887 			goto out;
2888 		memset(&diag_register, 0, sizeof(struct mpt3_diag_register));
2889 		pr_info(MPT3SAS_FMT "posting host trace buffers\n",
2890 		    ioc->name);
2891 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_TRACE;
2892 		diag_register.requested_buffer_size = (1024 * 1024);
2893 		diag_register.unique_id = 0x7075900;
2894 		ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] = 0;
2895 		_ctl_diag_register_2(ioc,  &diag_register);
2896 	} else if (!strcmp(str, "release")) {
2897 		/* exit out if host buffers are already released */
2898 		if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE])
2899 			goto out;
2900 		if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2901 		    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0)
2902 			goto out;
2903 		if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
2904 		    MPT3_DIAG_BUFFER_IS_RELEASED))
2905 			goto out;
2906 		pr_info(MPT3SAS_FMT "releasing host trace buffer\n",
2907 		    ioc->name);
2908 		mpt3sas_send_diag_release(ioc, MPI2_DIAG_BUF_TYPE_TRACE,
2909 		    &issue_reset);
2910 	}
2911 
2912  out:
2913 	return strlen(buf);
2914 }
2915 static DEVICE_ATTR(host_trace_buffer_enable, S_IRUGO | S_IWUSR,
2916 	_ctl_host_trace_buffer_enable_show,
2917 	_ctl_host_trace_buffer_enable_store);
2918 
2919 /*********** diagnostic trigger suppport *********************************/
2920 
2921 /**
2922  * _ctl_diag_trigger_master_show - show the diag_trigger_master attribute
2923  * @cdev - pointer to embedded class device
2924  * @buf - the buffer returned
2925  *
2926  * A sysfs 'read/write' shost attribute.
2927  */
2928 static ssize_t
2929 _ctl_diag_trigger_master_show(struct device *cdev,
2930 	struct device_attribute *attr, char *buf)
2931 
2932 {
2933 	struct Scsi_Host *shost = class_to_shost(cdev);
2934 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2935 	unsigned long flags;
2936 	ssize_t rc;
2937 
2938 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
2939 	rc = sizeof(struct SL_WH_MASTER_TRIGGER_T);
2940 	memcpy(buf, &ioc->diag_trigger_master, rc);
2941 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
2942 	return rc;
2943 }
2944 
2945 /**
2946  * _ctl_diag_trigger_master_store - store the diag_trigger_master attribute
2947  * @cdev - pointer to embedded class device
2948  * @buf - the buffer returned
2949  *
2950  * A sysfs 'read/write' shost attribute.
2951  */
2952 static ssize_t
2953 _ctl_diag_trigger_master_store(struct device *cdev,
2954 	struct device_attribute *attr, const char *buf, size_t count)
2955 
2956 {
2957 	struct Scsi_Host *shost = class_to_shost(cdev);
2958 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2959 	unsigned long flags;
2960 	ssize_t rc;
2961 
2962 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
2963 	rc = min(sizeof(struct SL_WH_MASTER_TRIGGER_T), count);
2964 	memset(&ioc->diag_trigger_master, 0,
2965 	    sizeof(struct SL_WH_MASTER_TRIGGER_T));
2966 	memcpy(&ioc->diag_trigger_master, buf, rc);
2967 	ioc->diag_trigger_master.MasterData |=
2968 	    (MASTER_TRIGGER_FW_FAULT + MASTER_TRIGGER_ADAPTER_RESET);
2969 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
2970 	return rc;
2971 }
2972 static DEVICE_ATTR(diag_trigger_master, S_IRUGO | S_IWUSR,
2973 	_ctl_diag_trigger_master_show, _ctl_diag_trigger_master_store);
2974 
2975 
2976 /**
2977  * _ctl_diag_trigger_event_show - show the diag_trigger_event attribute
2978  * @cdev - pointer to embedded class device
2979  * @buf - the buffer returned
2980  *
2981  * A sysfs 'read/write' shost attribute.
2982  */
2983 static ssize_t
2984 _ctl_diag_trigger_event_show(struct device *cdev,
2985 	struct device_attribute *attr, char *buf)
2986 {
2987 	struct Scsi_Host *shost = class_to_shost(cdev);
2988 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2989 	unsigned long flags;
2990 	ssize_t rc;
2991 
2992 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
2993 	rc = sizeof(struct SL_WH_EVENT_TRIGGERS_T);
2994 	memcpy(buf, &ioc->diag_trigger_event, rc);
2995 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
2996 	return rc;
2997 }
2998 
2999 /**
3000  * _ctl_diag_trigger_event_store - store the diag_trigger_event attribute
3001  * @cdev - pointer to embedded class device
3002  * @buf - the buffer returned
3003  *
3004  * A sysfs 'read/write' shost attribute.
3005  */
3006 static ssize_t
3007 _ctl_diag_trigger_event_store(struct device *cdev,
3008 	struct device_attribute *attr, const char *buf, size_t count)
3009 
3010 {
3011 	struct Scsi_Host *shost = class_to_shost(cdev);
3012 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3013 	unsigned long flags;
3014 	ssize_t sz;
3015 
3016 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3017 	sz = min(sizeof(struct SL_WH_EVENT_TRIGGERS_T), count);
3018 	memset(&ioc->diag_trigger_event, 0,
3019 	    sizeof(struct SL_WH_EVENT_TRIGGERS_T));
3020 	memcpy(&ioc->diag_trigger_event, buf, sz);
3021 	if (ioc->diag_trigger_event.ValidEntries > NUM_VALID_ENTRIES)
3022 		ioc->diag_trigger_event.ValidEntries = NUM_VALID_ENTRIES;
3023 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3024 	return sz;
3025 }
3026 static DEVICE_ATTR(diag_trigger_event, S_IRUGO | S_IWUSR,
3027 	_ctl_diag_trigger_event_show, _ctl_diag_trigger_event_store);
3028 
3029 
3030 /**
3031  * _ctl_diag_trigger_scsi_show - show the diag_trigger_scsi attribute
3032  * @cdev - pointer to embedded class device
3033  * @buf - the buffer returned
3034  *
3035  * A sysfs 'read/write' shost attribute.
3036  */
3037 static ssize_t
3038 _ctl_diag_trigger_scsi_show(struct device *cdev,
3039 	struct device_attribute *attr, char *buf)
3040 {
3041 	struct Scsi_Host *shost = class_to_shost(cdev);
3042 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3043 	unsigned long flags;
3044 	ssize_t rc;
3045 
3046 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3047 	rc = sizeof(struct SL_WH_SCSI_TRIGGERS_T);
3048 	memcpy(buf, &ioc->diag_trigger_scsi, rc);
3049 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3050 	return rc;
3051 }
3052 
3053 /**
3054  * _ctl_diag_trigger_scsi_store - store the diag_trigger_scsi attribute
3055  * @cdev - pointer to embedded class device
3056  * @buf - the buffer returned
3057  *
3058  * A sysfs 'read/write' shost attribute.
3059  */
3060 static ssize_t
3061 _ctl_diag_trigger_scsi_store(struct device *cdev,
3062 	struct device_attribute *attr, const char *buf, size_t count)
3063 {
3064 	struct Scsi_Host *shost = class_to_shost(cdev);
3065 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3066 	unsigned long flags;
3067 	ssize_t sz;
3068 
3069 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3070 	sz = min(sizeof(struct SL_WH_SCSI_TRIGGERS_T), count);
3071 	memset(&ioc->diag_trigger_scsi, 0,
3072 	    sizeof(struct SL_WH_EVENT_TRIGGERS_T));
3073 	memcpy(&ioc->diag_trigger_scsi, buf, sz);
3074 	if (ioc->diag_trigger_scsi.ValidEntries > NUM_VALID_ENTRIES)
3075 		ioc->diag_trigger_scsi.ValidEntries = NUM_VALID_ENTRIES;
3076 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3077 	return sz;
3078 }
3079 static DEVICE_ATTR(diag_trigger_scsi, S_IRUGO | S_IWUSR,
3080 	_ctl_diag_trigger_scsi_show, _ctl_diag_trigger_scsi_store);
3081 
3082 
3083 /**
3084  * _ctl_diag_trigger_scsi_show - show the diag_trigger_mpi attribute
3085  * @cdev - pointer to embedded class device
3086  * @buf - the buffer returned
3087  *
3088  * A sysfs 'read/write' shost attribute.
3089  */
3090 static ssize_t
3091 _ctl_diag_trigger_mpi_show(struct device *cdev,
3092 	struct device_attribute *attr, char *buf)
3093 {
3094 	struct Scsi_Host *shost = class_to_shost(cdev);
3095 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3096 	unsigned long flags;
3097 	ssize_t rc;
3098 
3099 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3100 	rc = sizeof(struct SL_WH_MPI_TRIGGERS_T);
3101 	memcpy(buf, &ioc->diag_trigger_mpi, rc);
3102 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3103 	return rc;
3104 }
3105 
3106 /**
3107  * _ctl_diag_trigger_mpi_store - store the diag_trigger_mpi attribute
3108  * @cdev - pointer to embedded class device
3109  * @buf - the buffer returned
3110  *
3111  * A sysfs 'read/write' shost attribute.
3112  */
3113 static ssize_t
3114 _ctl_diag_trigger_mpi_store(struct device *cdev,
3115 	struct device_attribute *attr, const char *buf, size_t count)
3116 {
3117 	struct Scsi_Host *shost = class_to_shost(cdev);
3118 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3119 	unsigned long flags;
3120 	ssize_t sz;
3121 
3122 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3123 	sz = min(sizeof(struct SL_WH_MPI_TRIGGERS_T), count);
3124 	memset(&ioc->diag_trigger_mpi, 0,
3125 	    sizeof(ioc->diag_trigger_mpi));
3126 	memcpy(&ioc->diag_trigger_mpi, buf, sz);
3127 	if (ioc->diag_trigger_mpi.ValidEntries > NUM_VALID_ENTRIES)
3128 		ioc->diag_trigger_mpi.ValidEntries = NUM_VALID_ENTRIES;
3129 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3130 	return sz;
3131 }
3132 
3133 static DEVICE_ATTR(diag_trigger_mpi, S_IRUGO | S_IWUSR,
3134 	_ctl_diag_trigger_mpi_show, _ctl_diag_trigger_mpi_store);
3135 
3136 /*********** diagnostic trigger suppport *** END ****************************/
3137 
3138 
3139 
3140 /*****************************************/
3141 
3142 struct device_attribute *mpt3sas_host_attrs[] = {
3143 	&dev_attr_version_fw,
3144 	&dev_attr_version_bios,
3145 	&dev_attr_version_mpi,
3146 	&dev_attr_version_product,
3147 	&dev_attr_version_nvdata_persistent,
3148 	&dev_attr_version_nvdata_default,
3149 	&dev_attr_board_name,
3150 	&dev_attr_board_assembly,
3151 	&dev_attr_board_tracer,
3152 	&dev_attr_io_delay,
3153 	&dev_attr_device_delay,
3154 	&dev_attr_logging_level,
3155 	&dev_attr_fwfault_debug,
3156 	&dev_attr_fw_queue_depth,
3157 	&dev_attr_host_sas_address,
3158 	&dev_attr_ioc_reset_count,
3159 	&dev_attr_host_trace_buffer_size,
3160 	&dev_attr_host_trace_buffer,
3161 	&dev_attr_host_trace_buffer_enable,
3162 	&dev_attr_reply_queue_count,
3163 	&dev_attr_diag_trigger_master,
3164 	&dev_attr_diag_trigger_event,
3165 	&dev_attr_diag_trigger_scsi,
3166 	&dev_attr_diag_trigger_mpi,
3167 	NULL,
3168 };
3169 
3170 /* device attributes */
3171 
3172 /**
3173  * _ctl_device_sas_address_show - sas address
3174  * @cdev - pointer to embedded class device
3175  * @buf - the buffer returned
3176  *
3177  * This is the sas address for the target
3178  *
3179  * A sysfs 'read-only' shost attribute.
3180  */
3181 static ssize_t
3182 _ctl_device_sas_address_show(struct device *dev, struct device_attribute *attr,
3183 	char *buf)
3184 {
3185 	struct scsi_device *sdev = to_scsi_device(dev);
3186 	struct MPT3SAS_DEVICE *sas_device_priv_data = sdev->hostdata;
3187 
3188 	return snprintf(buf, PAGE_SIZE, "0x%016llx\n",
3189 	    (unsigned long long)sas_device_priv_data->sas_target->sas_address);
3190 }
3191 static DEVICE_ATTR(sas_address, S_IRUGO, _ctl_device_sas_address_show, NULL);
3192 
3193 /**
3194  * _ctl_device_handle_show - device handle
3195  * @cdev - pointer to embedded class device
3196  * @buf - the buffer returned
3197  *
3198  * This is the firmware assigned device handle
3199  *
3200  * A sysfs 'read-only' shost attribute.
3201  */
3202 static ssize_t
3203 _ctl_device_handle_show(struct device *dev, struct device_attribute *attr,
3204 	char *buf)
3205 {
3206 	struct scsi_device *sdev = to_scsi_device(dev);
3207 	struct MPT3SAS_DEVICE *sas_device_priv_data = sdev->hostdata;
3208 
3209 	return snprintf(buf, PAGE_SIZE, "0x%04x\n",
3210 	    sas_device_priv_data->sas_target->handle);
3211 }
3212 static DEVICE_ATTR(sas_device_handle, S_IRUGO, _ctl_device_handle_show, NULL);
3213 
3214 struct device_attribute *mpt3sas_dev_attrs[] = {
3215 	&dev_attr_sas_address,
3216 	&dev_attr_sas_device_handle,
3217 	NULL,
3218 };
3219 
3220 static const struct file_operations ctl_fops = {
3221 	.owner = THIS_MODULE,
3222 	.unlocked_ioctl = _ctl_ioctl,
3223 	.poll = _ctl_poll,
3224 	.fasync = _ctl_fasync,
3225 #ifdef CONFIG_COMPAT
3226 	.compat_ioctl = _ctl_ioctl_compat,
3227 #endif
3228 };
3229 
3230 static struct miscdevice ctl_dev = {
3231 	.minor  = MPT3SAS_MINOR,
3232 	.name   = MPT3SAS_DEV_NAME,
3233 	.fops   = &ctl_fops,
3234 };
3235 
3236 /**
3237  * mpt3sas_ctl_init - main entry point for ctl.
3238  *
3239  */
3240 void
3241 mpt3sas_ctl_init(void)
3242 {
3243 	async_queue = NULL;
3244 	if (misc_register(&ctl_dev) < 0)
3245 		pr_err("%s can't register misc device [minor=%d]\n",
3246 		    MPT3SAS_DRIVER_NAME, MPT3SAS_MINOR);
3247 
3248 	init_waitqueue_head(&ctl_poll_wait);
3249 }
3250 
3251 /**
3252  * mpt3sas_ctl_exit - exit point for ctl
3253  *
3254  */
3255 void
3256 mpt3sas_ctl_exit(void)
3257 {
3258 	struct MPT3SAS_ADAPTER *ioc;
3259 	int i;
3260 
3261 	list_for_each_entry(ioc, &mpt3sas_ioc_list, list) {
3262 
3263 		/* free memory associated to diag buffers */
3264 		for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
3265 			if (!ioc->diag_buffer[i])
3266 				continue;
3267 			if (!(ioc->diag_buffer_status[i] &
3268 			    MPT3_DIAG_BUFFER_IS_REGISTERED))
3269 				continue;
3270 			if ((ioc->diag_buffer_status[i] &
3271 			    MPT3_DIAG_BUFFER_IS_RELEASED))
3272 				continue;
3273 			pci_free_consistent(ioc->pdev, ioc->diag_buffer_sz[i],
3274 			ioc->diag_buffer[i], ioc->diag_buffer_dma[i]);
3275 			ioc->diag_buffer[i] = NULL;
3276 			ioc->diag_buffer_status[i] = 0;
3277 		}
3278 
3279 		kfree(ioc->event_log);
3280 	}
3281 	misc_deregister(&ctl_dev);
3282 }
3283