X-Git-Url: http://ftp.safe.ca/?a=blobdiff_plain;f=drivers%2Fscsi%2Faacraid%2Fcommctrl.c;h=1a5bf5724750e95c269a2222ef9dc68539d5f0ee;hb=cc106eb35ed4abea675bce0d8fe40a46ff0b4a72;hp=30dd1f7120f4b53dc10de359a6ca81a9bc363598;hpb=1da177e4c3f41524e886b7f1b8a0c1fc7321cac2;p=safe%2Fjmp%2Flinux-2.6 diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index 30dd1f7..1a5bf57 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -1,11 +1,11 @@ /* * Adaptec AAC series RAID controller driver - * (c) Copyright 2001 Red Hat Inc. + * (c) Copyright 2001 Red Hat Inc. * * based on the old aacraid driver that is.. * Adaptec aacraid device driver for Linux. * - * Copyright (c) 2000 Adaptec, Inc. (aacraid@adaptec.com) + * Copyright (c) 2000-2007 Adaptec, Inc. (aacraid@adaptec.com) * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by @@ -31,15 +31,17 @@ #include #include #include -#include #include #include #include #include #include #include -#include +#include /* ssleep prototype */ +#include +#include #include +#include #include "aacraid.h" @@ -47,26 +49,36 @@ * ioctl_send_fib - send a FIB from userspace * @dev: adapter is being processed * @arg: arguments to the ioctl call - * + * * This routine sends a fib to the adapter on behalf of a user level * program. */ - +# define AAC_DEBUG_PREAMBLE KERN_INFO +# define AAC_DEBUG_POSTAMBLE + static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) { struct hw_fib * kfib; struct fib *fibptr; + struct hw_fib * hw_fib = (struct hw_fib *)0; + dma_addr_t hw_fib_pa = (dma_addr_t)0LL; + unsigned size; + int retval; - fibptr = fib_alloc(dev); - if(fibptr == NULL) + if (dev->in_reset) { + return -EBUSY; + } + fibptr = aac_fib_alloc(dev); + if(fibptr == NULL) { return -ENOMEM; - - kfib = fibptr->hw_fib; + } + + kfib = fibptr->hw_fib_va; /* * First copy in the header so that we can check the size field. */ if (copy_from_user((void *)kfib, arg, sizeof(struct aac_fibhdr))) { - fib_free(fibptr); + aac_fib_free(fibptr); return -EFAULT; } /* @@ -74,36 +86,54 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) * will not overrun the buffer when we copy the memory. Return * an error if we would. */ - if (le16_to_cpu(kfib->header.Size) > - sizeof(struct hw_fib) - sizeof(struct aac_fibhdr)) { - fib_free(fibptr); - return -EINVAL; + size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr); + if (size < le16_to_cpu(kfib->header.SenderSize)) + size = le16_to_cpu(kfib->header.SenderSize); + if (size > dev->max_fib_size) { + dma_addr_t daddr; + + if (size > 2048) { + retval = -EINVAL; + goto cleanup; + } + + kfib = pci_alloc_consistent(dev->pdev, size, &daddr); + if (!kfib) { + retval = -ENOMEM; + goto cleanup; + } + + /* Highjack the hw_fib */ + hw_fib = fibptr->hw_fib_va; + hw_fib_pa = fibptr->hw_fib_pa; + fibptr->hw_fib_va = kfib; + fibptr->hw_fib_pa = daddr; + memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size); + memcpy(kfib, hw_fib, dev->max_fib_size); } - if (copy_from_user(kfib, arg, le16_to_cpu(kfib->header.Size) + - sizeof(struct aac_fibhdr))) { - fib_free(fibptr); - return -EFAULT; + if (copy_from_user(kfib, arg, size)) { + retval = -EFAULT; + goto cleanup; } - if (kfib->header.Command == cpu_to_le32(TakeABreakPt)) { + if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) { aac_adapter_interrupt(dev); /* - * Since we didn't really send a fib, zero out the state to allow + * Since we didn't really send a fib, zero out the state to allow * cleanup code not to assert. */ kfib->header.XferState = 0; } else { - int retval = fib_send(kfib->header.Command, fibptr, + retval = aac_fib_send(le16_to_cpu(kfib->header.Command), fibptr, le16_to_cpu(kfib->header.Size) , FsaNormal, 1, 1, NULL, NULL); if (retval) { - fib_free(fibptr); - return retval; + goto cleanup; } - if (fib_complete(fibptr) != 0) { - fib_free(fibptr); - return -EINVAL; + if (aac_fib_complete(fibptr) != 0) { + retval = -EINVAL; + goto cleanup; } } /* @@ -114,12 +144,18 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) * was already included by the adapter.) */ - if (copy_to_user(arg, (void *)kfib, kfib->header.Size)) { - fib_free(fibptr); - return -EFAULT; + retval = 0; + if (copy_to_user(arg, (void *)kfib, size)) + retval = -EFAULT; +cleanup: + if (hw_fib) { + pci_free_consistent(dev->pdev, size, kfib, fibptr->hw_fib_pa); + fibptr->hw_fib_pa = hw_fib_pa; + fibptr->hw_fib_va = hw_fib; } - fib_free(fibptr); - return 0; + if (retval != -ERESTARTSYS) + aac_fib_free(fibptr); + return retval; } /** @@ -144,7 +180,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) fibctx->type = FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT; fibctx->size = sizeof(struct aac_fib_context); - /* + /* * Yes yes, I know this could be an index, but we have a * better guarantee of uniqueness for the locked loop below. * Without the aid of a persistent history, this also helps @@ -164,7 +200,7 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) INIT_LIST_HEAD(&fibctx->fib_list); fibctx->jiffies = jiffies/HZ; /* - * Now add this context onto the adapter's + * Now add this context onto the adapter's * AdapterFibContext list. */ spin_lock_irqsave(&dev->fib_lock, flags); @@ -182,12 +218,12 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) } list_add_tail(&fibctx->next, &dev->fib_list); spin_unlock_irqrestore(&dev->fib_lock, flags); - if (copy_to_user(arg, &fibctx->unique, + if (copy_to_user(arg, &fibctx->unique, sizeof(fibctx->unique))) { status = -EFAULT; } else { status = 0; - } + } } return status; } @@ -196,8 +232,8 @@ static int open_getadapter_fib(struct aac_dev * dev, void __user *arg) * next_getadapter_fib - get the next fib * @dev: adapter to use * @arg: ioctl argument - * - * This routine will get the next Fib, if available, from the AdapterFibContext + * + * This routine will get the next Fib, if available, from the AdapterFibContext * passed in from the user. */ @@ -209,7 +245,7 @@ static int next_getadapter_fib(struct aac_dev * dev, void __user *arg) int status; struct list_head * entry; unsigned long flags; - + if(copy_from_user((void *)&f, arg, sizeof(struct fib_ioctl))) return -EFAULT; /* @@ -218,6 +254,7 @@ static int next_getadapter_fib(struct aac_dev * dev, void __user *arg) * Search the list of AdapterFibContext addresses on the adapter * to be sure this is a valid address */ + spin_lock_irqsave(&dev->fib_lock, flags); entry = dev->fib_list.next; fibctx = NULL; @@ -226,57 +263,66 @@ static int next_getadapter_fib(struct aac_dev * dev, void __user *arg) /* * Extract the AdapterFibContext from the Input parameters. */ - if (fibctx->unique == f.fibctx) { /* We found a winner */ + if (fibctx->unique == f.fibctx) { /* We found a winner */ break; } entry = entry->next; fibctx = NULL; } if (!fibctx) { + spin_unlock_irqrestore(&dev->fib_lock, flags); dprintk ((KERN_INFO "Fib Context not found\n")); return -EINVAL; } if((fibctx->type != FSAFS_NTC_GET_ADAPTER_FIB_CONTEXT) || (fibctx->size != sizeof(struct aac_fib_context))) { + spin_unlock_irqrestore(&dev->fib_lock, flags); dprintk ((KERN_INFO "Fib Context corrupt?\n")); return -EINVAL; } status = 0; - spin_lock_irqsave(&dev->fib_lock, flags); /* * If there are no fibs to send back, then either wait or return * -EAGAIN */ return_fib: if (!list_empty(&fibctx->fib_list)) { - struct list_head * entry; /* * Pull the next fib from the fibs */ entry = fibctx->fib_list.next; list_del(entry); - + fib = list_entry(entry, struct fib, fiblink); fibctx->count--; spin_unlock_irqrestore(&dev->fib_lock, flags); - if (copy_to_user(f.fib, fib->hw_fib, sizeof(struct hw_fib))) { - kfree(fib->hw_fib); + if (copy_to_user(f.fib, fib->hw_fib_va, sizeof(struct hw_fib))) { + kfree(fib->hw_fib_va); kfree(fib); return -EFAULT; - } + } /* * Free the space occupied by this copy of the fib. */ - kfree(fib->hw_fib); + kfree(fib->hw_fib_va); kfree(fib); status = 0; - fibctx->jiffies = jiffies/HZ; } else { spin_unlock_irqrestore(&dev->fib_lock, flags); + /* If someone killed the AIF aacraid thread, restart it */ + status = !dev->aif_thread; + if (status && !dev->in_reset && dev->queues && dev->fsa_dev) { + /* Be paranoid, be very paranoid! */ + kthread_stop(dev->thread); + ssleep(1); + dev->aif_thread = 0; + dev->thread = kthread_run(aac_command_thread, dev, dev->name); + ssleep(1); + } if (f.wait) { if(down_interruptible(&fibctx->wait_sem) < 0) { - status = -EINTR; + status = -ERESTARTSYS; } else { /* Lock again and retry */ spin_lock_irqsave(&dev->fib_lock, flags); @@ -284,8 +330,9 @@ return_fib: } } else { status = -EAGAIN; - } + } } + fibctx->jiffies = jiffies/HZ; return status; } @@ -308,7 +355,7 @@ int aac_close_fib_context(struct aac_dev * dev, struct aac_fib_context * fibctx) /* * Free the space occupied by this copy of the fib. */ - kfree(fib->hw_fib); + kfree(fib->hw_fib_va); kfree(fib); } /* @@ -333,7 +380,7 @@ int aac_close_fib_context(struct aac_dev * dev, struct aac_fib_context * fibctx) * * This routine will close down the fibctx passed in from the user. */ - + static int close_getadapter_fib(struct aac_dev * dev, void __user *arg) { struct aac_fib_context *fibctx; @@ -356,10 +403,8 @@ static int close_getadapter_fib(struct aac_dev * dev, void __user *arg) /* * Extract the fibctx from the input parameters */ - if (fibctx->unique == (u32)(unsigned long)arg) { - /* We found a winner */ + if (fibctx->unique == (u32)(uintptr_t)arg) /* We found a winner */ break; - } entry = entry->next; fibctx = NULL; } @@ -382,35 +427,47 @@ static int close_getadapter_fib(struct aac_dev * dev, void __user *arg) * @arg: ioctl arguments * * This routine returns the driver version. - * Under Linux, there have been no version incompatibilities, so this is - * simple! + * Under Linux, there have been no version incompatibilities, so this is + * simple! */ static int check_revision(struct aac_dev *dev, void __user *arg) { struct revision response; + char *driver_version = aac_driver_version; + u32 version; response.compat = 1; - response.version = dev->adapter_info.kernelrev; - response.build = dev->adapter_info.kernelbuild; + version = (simple_strtol(driver_version, + &driver_version, 10) << 24) | 0x00000400; + version += simple_strtol(driver_version + 1, &driver_version, 10) << 16; + version += simple_strtol(driver_version + 1, NULL, 10); + response.version = cpu_to_le32(version); +# ifdef AAC_DRIVER_BUILD + response.build = cpu_to_le32(AAC_DRIVER_BUILD); +# else + response.build = cpu_to_le32(9999); +# endif if (copy_to_user(arg, &response, sizeof(response))) return -EFAULT; return 0; } + /** * * aac_send_raw_scb * */ -int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) +static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) { struct fib* srbfib; int status; - struct aac_srb *srbcmd; - struct aac_srb __user *user_srb = arg; + struct aac_srb *srbcmd = NULL; + struct user_aac_srb *user_srbcmd = NULL; + struct user_aac_srb __user *user_srb = arg; struct aac_srb_reply __user *user_reply; struct aac_srb_reply* reply; u32 fibsize = 0; @@ -419,57 +476,70 @@ int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) u32 data_dir; void __user *sg_user[32]; void *sg_list[32]; - u32 sg_indx = 0; + u32 sg_indx = 0; u32 byte_count = 0; - u32 actual_fibsize = 0; + u32 actual_fibsize64, actual_fibsize = 0; int i; + if (dev->in_reset) { + dprintk((KERN_DEBUG"aacraid: send raw srb -EBUSY\n")); + return -EBUSY; + } if (!capable(CAP_SYS_ADMIN)){ - printk(KERN_DEBUG"aacraid: No permission to send raw srb\n"); + dprintk((KERN_DEBUG"aacraid: No permission to send raw srb\n")); return -EPERM; } /* - * Allocate and initialize a Fib then setup a BlockWrite command + * Allocate and initialize a Fib then setup a SRB command */ - if (!(srbfib = fib_alloc(dev))) { - return -1; + if (!(srbfib = aac_fib_alloc(dev))) { + return -ENOMEM; } - fib_init(srbfib); + aac_fib_init(srbfib); srbcmd = (struct aac_srb*) fib_data(srbfib); + memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */ if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){ - printk(KERN_DEBUG"aacraid: Could not copy data size from user\n"); + dprintk((KERN_DEBUG"aacraid: Could not copy data size from user\n")); rcode = -EFAULT; goto cleanup; } - if (fibsize > FIB_DATA_SIZE_IN_BYTES) { + if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) { rcode = -EINVAL; goto cleanup; } - if(copy_from_user(srbcmd, user_srb,fibsize)){ - printk(KERN_DEBUG"aacraid: Could not copy srb from user\n"); + user_srbcmd = kmalloc(fibsize, GFP_KERNEL); + if (!user_srbcmd) { + dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); + rcode = -ENOMEM; + goto cleanup; + } + if(copy_from_user(user_srbcmd, user_srb,fibsize)){ + dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); rcode = -EFAULT; goto cleanup; } user_reply = arg+fibsize; - flags = srbcmd->flags; + flags = user_srbcmd->flags; /* from user in cpu order */ // Fix up srb for endian and force some values + srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); // Force this - srbcmd->channel = cpu_to_le32(srbcmd->channel); - srbcmd->id = cpu_to_le32(srbcmd->id); - srbcmd->lun = cpu_to_le32(srbcmd->lun); - srbcmd->flags = cpu_to_le32(srbcmd->flags); - srbcmd->timeout = cpu_to_le32(srbcmd->timeout); - srbcmd->retry_limit =cpu_to_le32(0); // Obsolete parameter - srbcmd->cdb_size = cpu_to_le32(srbcmd->cdb_size); - - switch (srbcmd->flags & (SRB_DataIn | SRB_DataOut)) { + srbcmd->channel = cpu_to_le32(user_srbcmd->channel); + srbcmd->id = cpu_to_le32(user_srbcmd->id); + srbcmd->lun = cpu_to_le32(user_srbcmd->lun); + srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); + srbcmd->flags = cpu_to_le32(flags); + srbcmd->retry_limit = 0; // Obsolete parameter + srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); + memcpy(srbcmd->cdb, user_srbcmd->cdb, sizeof(srbcmd->cdb)); + + switch (flags & (SRB_DataIn | SRB_DataOut)) { case SRB_DataOut: data_dir = DMA_TO_DEVICE; break; @@ -482,118 +552,245 @@ int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) default: data_dir = DMA_NONE; } - if (dev->dac_support == 1) { + if (user_srbcmd->sg.count > ARRAY_SIZE(sg_list)) { + dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", + le32_to_cpu(srbcmd->sg.count))); + rcode = -EINVAL; + goto cleanup; + } + actual_fibsize = sizeof(struct aac_srb) - sizeof(struct sgentry) + + ((user_srbcmd->sg.count & 0xff) * sizeof(struct sgentry)); + actual_fibsize64 = actual_fibsize + (user_srbcmd->sg.count & 0xff) * + (sizeof(struct sgentry64) - sizeof(struct sgentry)); + /* User made a mistake - should not continue */ + if ((actual_fibsize != fibsize) && (actual_fibsize64 != fibsize)) { + dprintk((KERN_DEBUG"aacraid: Bad Size specified in " + "Raw SRB command calculated fibsize=%lu;%lu " + "user_srbcmd->sg.count=%d aac_srb=%lu sgentry=%lu;%lu " + "issued fibsize=%d\n", + actual_fibsize, actual_fibsize64, user_srbcmd->sg.count, + sizeof(struct aac_srb), sizeof(struct sgentry), + sizeof(struct sgentry64), fibsize)); + rcode = -EINVAL; + goto cleanup; + } + if ((data_dir == DMA_NONE) && user_srbcmd->sg.count) { + dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n")); + rcode = -EINVAL; + goto cleanup; + } + byte_count = 0; + if (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) { + struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg; struct sgmap64* psg = (struct sgmap64*)&srbcmd->sg; - byte_count = 0; /* * This should also catch if user used the 32 bit sgmap */ - actual_fibsize = sizeof(struct aac_srb) - - sizeof(struct sgentry) + ((srbcmd->sg.count & 0xff) * - sizeof(struct sgentry64)); - if(actual_fibsize != fibsize){ // User made a mistake - should not continue - printk(KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"); - rcode = -EINVAL; - goto cleanup; - } - if ((data_dir == DMA_NONE) && psg->count) { - printk(KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n"); - rcode = -EINVAL; - goto cleanup; - } + if (actual_fibsize64 == fibsize) { + actual_fibsize = actual_fibsize64; + for (i = 0; i < upsg->count; i++) { + u64 addr; + void* p; + if (upsg->sg[i].count > + ((dev->adapter_info.options & + AAC_OPT_NEW_COMM) ? + (dev->scsi_host_ptr->max_sectors << 9) : + 65536)) { + rcode = -EINVAL; + goto cleanup; + } + /* Does this really need to be GFP_DMA? */ + p = kmalloc(upsg->sg[i].count,GFP_KERNEL|__GFP_DMA); + if(!p) { + dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", + upsg->sg[i].count,i,upsg->count)); + rcode = -ENOMEM; + goto cleanup; + } + addr = (u64)upsg->sg[i].addr[0]; + addr += ((u64)upsg->sg[i].addr[1]) << 32; + sg_user[i] = (void __user *)(uintptr_t)addr; + sg_list[i] = p; // save so we can clean up later + sg_indx = i; + + if (flags & SRB_DataOut) { + if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ + dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); + rcode = -EFAULT; + goto cleanup; + } + } + addr = pci_map_single(dev->pdev, p, upsg->sg[i].count, data_dir); - for (i = 0; i < psg->count; i++) { - dma_addr_t addr; - u64 le_addr; - void* p; - p = kmalloc(psg->sg[i].count,GFP_KERNEL|__GFP_DMA); - if(p == 0) { - printk(KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", - psg->sg[i].count,i,psg->count); + psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); + psg->sg[i].addr[1] = cpu_to_le32(addr>>32); + byte_count += upsg->sg[i].count; + psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); + } + } else { + struct user_sgmap* usg; + usg = kmalloc(actual_fibsize - sizeof(struct aac_srb) + + sizeof(struct sgmap), GFP_KERNEL); + if (!usg) { + dprintk((KERN_DEBUG"aacraid: Allocation error in Raw SRB command\n")); rcode = -ENOMEM; goto cleanup; } - sg_user[i] = (void __user *)psg->sg[i].addr; - sg_list[i] = p; // save so we can clean up later - sg_indx = i; - - if( flags & SRB_DataOut ){ - if(copy_from_user(p,sg_user[i],psg->sg[i].count)){ - printk(KERN_DEBUG"aacraid: Could not copy sg data from user\n"); - rcode = -EFAULT; + memcpy (usg, upsg, actual_fibsize - sizeof(struct aac_srb) + + sizeof(struct sgmap)); + actual_fibsize = actual_fibsize64; + + for (i = 0; i < usg->count; i++) { + u64 addr; + void* p; + if (usg->sg[i].count > + ((dev->adapter_info.options & + AAC_OPT_NEW_COMM) ? + (dev->scsi_host_ptr->max_sectors << 9) : + 65536)) { + rcode = -EINVAL; goto cleanup; } - } - addr = pci_map_single(dev->pdev, p, psg->sg[i].count, data_dir); + /* Does this really need to be GFP_DMA? */ + p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); + if(!p) { + dprintk((KERN_DEBUG "aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", + usg->sg[i].count,i,usg->count)); + kfree(usg); + rcode = -ENOMEM; + goto cleanup; + } + sg_user[i] = (void __user *)(uintptr_t)usg->sg[i].addr; + sg_list[i] = p; // save so we can clean up later + sg_indx = i; + + if (flags & SRB_DataOut) { + if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ + kfree (usg); + dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); + rcode = -EFAULT; + goto cleanup; + } + } + addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); - le_addr = cpu_to_le64(addr); - psg->sg[i].addr[1] = (u32)(le_addr>>32); - psg->sg[i].addr[0] = (u32)(le_addr & 0xffffffff); - psg->sg[i].count = cpu_to_le32(psg->sg[i].count); - byte_count += psg->sg[i].count; + psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); + psg->sg[i].addr[1] = cpu_to_le32(addr>>32); + byte_count += usg->sg[i].count; + psg->sg[i].count = cpu_to_le32(usg->sg[i].count); + } + kfree (usg); } - srbcmd->count = cpu_to_le32(byte_count); - status = fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); + psg->count = cpu_to_le32(sg_indx+1); + status = aac_fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); } else { + struct user_sgmap* upsg = &user_srbcmd->sg; struct sgmap* psg = &srbcmd->sg; - byte_count = 0; - - actual_fibsize = sizeof (struct aac_srb) + - (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * - sizeof (struct sgentry)); - if(actual_fibsize != fibsize){ // User made a mistake - should not continue - printk(KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"); - rcode = -EINVAL; - goto cleanup; - } - if ((data_dir == DMA_NONE) && psg->count) { - printk(KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n"); - rcode = -EINVAL; - goto cleanup; - } - for (i = 0; i < psg->count; i++) { - dma_addr_t addr; - void* p; - p = kmalloc(psg->sg[i].count,GFP_KERNEL); - if(p == 0) { - printk(KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", - psg->sg[i].count,i,psg->count); - rcode = -ENOMEM; - goto cleanup; - } - sg_user[i] = (void __user *)(psg->sg[i].addr); - sg_list[i] = p; // save so we can clean up later - sg_indx = i; - - if( flags & SRB_DataOut ){ - if(copy_from_user(p,sg_user[i],psg->sg[i].count)){ - printk(KERN_DEBUG"aacraid: Could not copy sg data from user\n"); - rcode = -EFAULT; + + if (actual_fibsize64 == fibsize) { + struct user_sgmap64* usg = (struct user_sgmap64 *)upsg; + for (i = 0; i < upsg->count; i++) { + uintptr_t addr; + void* p; + if (usg->sg[i].count > + ((dev->adapter_info.options & + AAC_OPT_NEW_COMM) ? + (dev->scsi_host_ptr->max_sectors << 9) : + 65536)) { + rcode = -EINVAL; + goto cleanup; + } + /* Does this really need to be GFP_DMA? */ + p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); + if(!p) { + dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", + usg->sg[i].count,i,usg->count)); + rcode = -ENOMEM; goto cleanup; } + addr = (u64)usg->sg[i].addr[0]; + addr += ((u64)usg->sg[i].addr[1]) << 32; + sg_user[i] = (void __user *)addr; + sg_list[i] = p; // save so we can clean up later + sg_indx = i; + + if (flags & SRB_DataOut) { + if(copy_from_user(p,sg_user[i],usg->sg[i].count)){ + dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); + rcode = -EFAULT; + goto cleanup; + } + } + addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); + + psg->sg[i].addr = cpu_to_le32(addr & 0xffffffff); + byte_count += usg->sg[i].count; + psg->sg[i].count = cpu_to_le32(usg->sg[i].count); } - addr = pci_map_single(dev->pdev, p, psg->sg[i].count, data_dir); + } else { + for (i = 0; i < upsg->count; i++) { + dma_addr_t addr; + void* p; + if (upsg->sg[i].count > + ((dev->adapter_info.options & + AAC_OPT_NEW_COMM) ? + (dev->scsi_host_ptr->max_sectors << 9) : + 65536)) { + rcode = -EINVAL; + goto cleanup; + } + p = kmalloc(upsg->sg[i].count, GFP_KERNEL); + if (!p) { + dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", + upsg->sg[i].count, i, upsg->count)); + rcode = -ENOMEM; + goto cleanup; + } + sg_user[i] = (void __user *)(uintptr_t)upsg->sg[i].addr; + sg_list[i] = p; // save so we can clean up later + sg_indx = i; + + if (flags & SRB_DataOut) { + if(copy_from_user(p, sg_user[i], + upsg->sg[i].count)) { + dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); + rcode = -EFAULT; + goto cleanup; + } + } + addr = pci_map_single(dev->pdev, p, + upsg->sg[i].count, data_dir); - psg->sg[i].addr = cpu_to_le32(addr); - psg->sg[i].count = cpu_to_le32(psg->sg[i].count); - byte_count += psg->sg[i].count; + psg->sg[i].addr = cpu_to_le32(addr); + byte_count += upsg->sg[i].count; + psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); + } } srbcmd->count = cpu_to_le32(byte_count); - status = fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); + psg->count = cpu_to_le32(sg_indx+1); + status = aac_fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); + } + if (status == -ERESTARTSYS) { + rcode = -ERESTARTSYS; + goto cleanup; } if (status != 0){ - printk(KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n"); - rcode = -1; + dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); + rcode = -ENXIO; goto cleanup; } - if( flags & SRB_DataIn ) { + if (flags & SRB_DataIn) { for(i = 0 ; i <= sg_indx; i++){ - if(copy_to_user(sg_user[i],sg_list[i],le32_to_cpu(srbcmd->sg.sg[i].count))){ - printk(KERN_DEBUG"aacraid: Could not copy sg data to user\n"); + byte_count = le32_to_cpu( + (dev->adapter_info.options & AAC_OPT_SGMAP_HOST64) + ? ((struct sgmap64*)&srbcmd->sg)->sg[i].count + : srbcmd->sg.sg[i].count); + if(copy_to_user(sg_user[i], sg_list[i], byte_count)){ + dprintk((KERN_DEBUG"aacraid: Could not copy sg data to user\n")); rcode = -EFAULT; goto cleanup; @@ -603,59 +800,62 @@ int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) reply = (struct aac_srb_reply *) fib_data(srbfib); if(copy_to_user(user_reply,reply,sizeof(struct aac_srb_reply))){ - printk(KERN_DEBUG"aacraid: Could not copy reply to user\n"); + dprintk((KERN_DEBUG"aacraid: Could not copy reply to user\n")); rcode = -EFAULT; goto cleanup; } cleanup: + kfree(user_srbcmd); for(i=0; i <= sg_indx; i++){ kfree(sg_list[i]); } - fib_complete(srbfib); - fib_free(srbfib); + if (rcode != -ERESTARTSYS) { + aac_fib_complete(srbfib); + aac_fib_free(srbfib); + } return rcode; } - struct aac_pci_info { - u32 bus; - u32 slot; + u32 bus; + u32 slot; }; -int aac_get_pci_info(struct aac_dev* dev, void __user *arg) +static int aac_get_pci_info(struct aac_dev* dev, void __user *arg) { - struct aac_pci_info pci_info; + struct aac_pci_info pci_info; pci_info.bus = dev->pdev->bus->number; pci_info.slot = PCI_SLOT(dev->pdev->devfn); - if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) { - printk(KERN_DEBUG "aacraid: Could not copy pci info\n"); - return -EFAULT; + if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) { + dprintk((KERN_DEBUG "aacraid: Could not copy pci info\n")); + return -EFAULT; } - return 0; - } - + return 0; +} + int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) { int status; - + /* * HBA gets first crack */ - + status = aac_dev_ioctl(dev, cmd, arg); - if(status != -ENOTTY) + if (status != -ENOTTY) return status; switch (cmd) { case FSACTL_MINIPORT_REV_CHECK: status = check_revision(dev, arg); break; + case FSACTL_SEND_LARGE_FIB: case FSACTL_SENDFIB: status = ioctl_send_fib(dev, arg); break; @@ -676,7 +876,7 @@ int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) break; default: status = -ENOTTY; - break; + break; } return status; }