V4L/DVB: v4l2-ioctl: integer overflow in video_usercopy()
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / block / cciss_scsi.c
blob3315268b4ec7debaa9733b725aa0de63100e29c6
1 /*
2 * Disk Array driver for HP Smart Array controllers, SCSI Tape module.
3 * (C) Copyright 2001, 2007 Hewlett-Packard Development Company, L.P.
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; version 2 of the License.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
12 * General Public License for more details.
14 * You should have received a copy of the GNU General Public License
15 * along with this program; if not, write to the Free Software
16 * Foundation, Inc., 59 Temple Place, Suite 300, Boston, MA
17 * 02111-1307, USA.
19 * Questions/Comments/Bugfixes to iss_storagedev@hp.com
21 * Author: Stephen M. Cameron
23 #ifdef CONFIG_CISS_SCSI_TAPE
25 /* Here we have code to present the driver as a scsi driver
26 as it is simultaneously presented as a block driver. The
27 reason for doing this is to allow access to SCSI tape drives
28 through the array controller. Note in particular, neither
29 physical nor logical disks are presented through the scsi layer. */
31 #include <linux/timer.h>
32 #include <linux/completion.h>
33 #include <linux/slab.h>
34 #include <linux/string.h>
36 #include <asm/atomic.h>
38 #include <scsi/scsi_cmnd.h>
39 #include <scsi/scsi_device.h>
40 #include <scsi/scsi_host.h>
42 #include "cciss_scsi.h"
44 #define CCISS_ABORT_MSG 0x00
45 #define CCISS_RESET_MSG 0x01
47 static int fill_cmd(CommandList_struct *c, __u8 cmd, int ctlr, void *buff,
48 size_t size,
49 __u8 page_code, unsigned char *scsi3addr,
50 int cmd_type);
52 static CommandList_struct *cmd_alloc(ctlr_info_t *h, int get_from_pool);
53 static void cmd_free(ctlr_info_t *h, CommandList_struct *c, int got_from_pool);
55 static int cciss_scsi_proc_info(
56 struct Scsi_Host *sh,
57 char *buffer, /* data buffer */
58 char **start, /* where data in buffer starts */
59 off_t offset, /* offset from start of imaginary file */
60 int length, /* length of data in buffer */
61 int func); /* 0 == read, 1 == write */
63 static int cciss_scsi_queue_command (struct scsi_cmnd *cmd,
64 void (* done)(struct scsi_cmnd *));
65 static int cciss_eh_device_reset_handler(struct scsi_cmnd *);
66 static int cciss_eh_abort_handler(struct scsi_cmnd *);
68 static struct cciss_scsi_hba_t ccissscsi[MAX_CTLR] = {
69 { .name = "cciss0", .ndevices = 0 },
70 { .name = "cciss1", .ndevices = 0 },
71 { .name = "cciss2", .ndevices = 0 },
72 { .name = "cciss3", .ndevices = 0 },
73 { .name = "cciss4", .ndevices = 0 },
74 { .name = "cciss5", .ndevices = 0 },
75 { .name = "cciss6", .ndevices = 0 },
76 { .name = "cciss7", .ndevices = 0 },
79 static struct scsi_host_template cciss_driver_template = {
80 .module = THIS_MODULE,
81 .name = "cciss",
82 .proc_name = "cciss",
83 .proc_info = cciss_scsi_proc_info,
84 .queuecommand = cciss_scsi_queue_command,
85 .can_queue = SCSI_CCISS_CAN_QUEUE,
86 .this_id = 7,
87 .sg_tablesize = MAXSGENTRIES,
88 .cmd_per_lun = 1,
89 .use_clustering = DISABLE_CLUSTERING,
90 /* Can't have eh_bus_reset_handler or eh_host_reset_handler for cciss */
91 .eh_device_reset_handler= cciss_eh_device_reset_handler,
92 .eh_abort_handler = cciss_eh_abort_handler,
95 #pragma pack(1)
96 struct cciss_scsi_cmd_stack_elem_t {
97 CommandList_struct cmd;
98 ErrorInfo_struct Err;
99 __u32 busaddr;
100 __u32 pad;
103 #pragma pack()
105 #define CMD_STACK_SIZE (SCSI_CCISS_CAN_QUEUE * \
106 CCISS_MAX_SCSI_DEVS_PER_HBA + 2)
107 // plus two for init time usage
109 #pragma pack(1)
110 struct cciss_scsi_cmd_stack_t {
111 struct cciss_scsi_cmd_stack_elem_t *pool;
112 struct cciss_scsi_cmd_stack_elem_t *elem[CMD_STACK_SIZE];
113 dma_addr_t cmd_pool_handle;
114 int top;
116 #pragma pack()
118 struct cciss_scsi_adapter_data_t {
119 struct Scsi_Host *scsi_host;
120 struct cciss_scsi_cmd_stack_t cmd_stack;
121 int registered;
122 spinlock_t lock; // to protect ccissscsi[ctlr];
125 #define CPQ_TAPE_LOCK(ctlr, flags) spin_lock_irqsave( \
126 &(((struct cciss_scsi_adapter_data_t *) \
127 hba[ctlr]->scsi_ctlr)->lock), flags);
128 #define CPQ_TAPE_UNLOCK(ctlr, flags) spin_unlock_irqrestore( \
129 &(((struct cciss_scsi_adapter_data_t *) \
130 hba[ctlr]->scsi_ctlr)->lock), flags);
132 static CommandList_struct *
133 scsi_cmd_alloc(ctlr_info_t *h)
135 /* assume only one process in here at a time, locking done by caller. */
136 /* use CCISS_LOCK(ctlr) */
137 /* might be better to rewrite how we allocate scsi commands in a way that */
138 /* needs no locking at all. */
140 /* take the top memory chunk off the stack and return it, if any. */
141 struct cciss_scsi_cmd_stack_elem_t *c;
142 struct cciss_scsi_adapter_data_t *sa;
143 struct cciss_scsi_cmd_stack_t *stk;
144 u64bit temp64;
146 sa = (struct cciss_scsi_adapter_data_t *) h->scsi_ctlr;
147 stk = &sa->cmd_stack;
149 if (stk->top < 0)
150 return NULL;
151 c = stk->elem[stk->top];
152 /* memset(c, 0, sizeof(*c)); */
153 memset(&c->cmd, 0, sizeof(c->cmd));
154 memset(&c->Err, 0, sizeof(c->Err));
155 /* set physical addr of cmd and addr of scsi parameters */
156 c->cmd.busaddr = c->busaddr;
157 /* (__u32) (stk->cmd_pool_handle +
158 (sizeof(struct cciss_scsi_cmd_stack_elem_t)*stk->top)); */
160 temp64.val = (__u64) (c->busaddr + sizeof(CommandList_struct));
161 /* (__u64) (stk->cmd_pool_handle +
162 (sizeof(struct cciss_scsi_cmd_stack_elem_t)*stk->top) +
163 sizeof(CommandList_struct)); */
164 stk->top--;
165 c->cmd.ErrDesc.Addr.lower = temp64.val32.lower;
166 c->cmd.ErrDesc.Addr.upper = temp64.val32.upper;
167 c->cmd.ErrDesc.Len = sizeof(ErrorInfo_struct);
169 c->cmd.ctlr = h->ctlr;
170 c->cmd.err_info = &c->Err;
172 return (CommandList_struct *) c;
175 static void
176 scsi_cmd_free(ctlr_info_t *h, CommandList_struct *cmd)
178 /* assume only one process in here at a time, locking done by caller. */
179 /* use CCISS_LOCK(ctlr) */
180 /* drop the free memory chunk on top of the stack. */
182 struct cciss_scsi_adapter_data_t *sa;
183 struct cciss_scsi_cmd_stack_t *stk;
185 sa = (struct cciss_scsi_adapter_data_t *) h->scsi_ctlr;
186 stk = &sa->cmd_stack;
187 if (stk->top >= CMD_STACK_SIZE) {
188 printk("cciss: scsi_cmd_free called too many times.\n");
189 BUG();
191 stk->top++;
192 stk->elem[stk->top] = (struct cciss_scsi_cmd_stack_elem_t *) cmd;
195 static int
196 scsi_cmd_stack_setup(int ctlr, struct cciss_scsi_adapter_data_t *sa)
198 int i;
199 struct cciss_scsi_cmd_stack_t *stk;
200 size_t size;
202 stk = &sa->cmd_stack;
203 size = sizeof(struct cciss_scsi_cmd_stack_elem_t) * CMD_STACK_SIZE;
205 // pci_alloc_consistent guarantees 32-bit DMA address will
206 // be used
208 stk->pool = (struct cciss_scsi_cmd_stack_elem_t *)
209 pci_alloc_consistent(hba[ctlr]->pdev, size, &stk->cmd_pool_handle);
211 if (stk->pool == NULL) {
212 printk("stk->pool is null\n");
213 return -1;
216 for (i=0; i<CMD_STACK_SIZE; i++) {
217 stk->elem[i] = &stk->pool[i];
218 stk->elem[i]->busaddr = (__u32) (stk->cmd_pool_handle +
219 (sizeof(struct cciss_scsi_cmd_stack_elem_t) * i));
221 stk->top = CMD_STACK_SIZE-1;
222 return 0;
225 static void
226 scsi_cmd_stack_free(int ctlr)
228 struct cciss_scsi_adapter_data_t *sa;
229 struct cciss_scsi_cmd_stack_t *stk;
230 size_t size;
232 sa = (struct cciss_scsi_adapter_data_t *) hba[ctlr]->scsi_ctlr;
233 stk = &sa->cmd_stack;
234 if (stk->top != CMD_STACK_SIZE-1) {
235 printk( "cciss: %d scsi commands are still outstanding.\n",
236 CMD_STACK_SIZE - stk->top);
237 // BUG();
238 printk("WE HAVE A BUG HERE!!! stk=0x%p\n", stk);
240 size = sizeof(struct cciss_scsi_cmd_stack_elem_t) * CMD_STACK_SIZE;
242 pci_free_consistent(hba[ctlr]->pdev, size, stk->pool, stk->cmd_pool_handle);
243 stk->pool = NULL;
246 #if 0
247 static int xmargin=8;
248 static int amargin=60;
250 static void
251 print_bytes (unsigned char *c, int len, int hex, int ascii)
254 int i;
255 unsigned char *x;
257 if (hex)
259 x = c;
260 for (i=0;i<len;i++)
262 if ((i % xmargin) == 0 && i>0) printk("\n");
263 if ((i % xmargin) == 0) printk("0x%04x:", i);
264 printk(" %02x", *x);
265 x++;
267 printk("\n");
269 if (ascii)
271 x = c;
272 for (i=0;i<len;i++)
274 if ((i % amargin) == 0 && i>0) printk("\n");
275 if ((i % amargin) == 0) printk("0x%04x:", i);
276 if (*x > 26 && *x < 128) printk("%c", *x);
277 else printk(".");
278 x++;
280 printk("\n");
284 static void
285 print_cmd(CommandList_struct *cp)
287 printk("queue:%d\n", cp->Header.ReplyQueue);
288 printk("sglist:%d\n", cp->Header.SGList);
289 printk("sgtot:%d\n", cp->Header.SGTotal);
290 printk("Tag:0x%08x/0x%08x\n", cp->Header.Tag.upper,
291 cp->Header.Tag.lower);
292 printk("LUN:0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
293 cp->Header.LUN.LunAddrBytes[0],
294 cp->Header.LUN.LunAddrBytes[1],
295 cp->Header.LUN.LunAddrBytes[2],
296 cp->Header.LUN.LunAddrBytes[3],
297 cp->Header.LUN.LunAddrBytes[4],
298 cp->Header.LUN.LunAddrBytes[5],
299 cp->Header.LUN.LunAddrBytes[6],
300 cp->Header.LUN.LunAddrBytes[7]);
301 printk("CDBLen:%d\n", cp->Request.CDBLen);
302 printk("Type:%d\n",cp->Request.Type.Type);
303 printk("Attr:%d\n",cp->Request.Type.Attribute);
304 printk(" Dir:%d\n",cp->Request.Type.Direction);
305 printk("Timeout:%d\n",cp->Request.Timeout);
306 printk( "CDB: %02x %02x %02x %02x %02x %02x %02x %02x"
307 " %02x %02x %02x %02x %02x %02x %02x %02x\n",
308 cp->Request.CDB[0], cp->Request.CDB[1],
309 cp->Request.CDB[2], cp->Request.CDB[3],
310 cp->Request.CDB[4], cp->Request.CDB[5],
311 cp->Request.CDB[6], cp->Request.CDB[7],
312 cp->Request.CDB[8], cp->Request.CDB[9],
313 cp->Request.CDB[10], cp->Request.CDB[11],
314 cp->Request.CDB[12], cp->Request.CDB[13],
315 cp->Request.CDB[14], cp->Request.CDB[15]),
316 printk("edesc.Addr: 0x%08x/0%08x, Len = %d\n",
317 cp->ErrDesc.Addr.upper, cp->ErrDesc.Addr.lower,
318 cp->ErrDesc.Len);
319 printk("sgs..........Errorinfo:\n");
320 printk("scsistatus:%d\n", cp->err_info->ScsiStatus);
321 printk("senselen:%d\n", cp->err_info->SenseLen);
322 printk("cmd status:%d\n", cp->err_info->CommandStatus);
323 printk("resid cnt:%d\n", cp->err_info->ResidualCnt);
324 printk("offense size:%d\n", cp->err_info->MoreErrInfo.Invalid_Cmd.offense_size);
325 printk("offense byte:%d\n", cp->err_info->MoreErrInfo.Invalid_Cmd.offense_num);
326 printk("offense value:%d\n", cp->err_info->MoreErrInfo.Invalid_Cmd.offense_value);
330 #endif
332 static int
333 find_bus_target_lun(int ctlr, int *bus, int *target, int *lun)
335 /* finds an unused bus, target, lun for a new device */
336 /* assumes hba[ctlr]->scsi_ctlr->lock is held */
337 int i, found=0;
338 unsigned char target_taken[CCISS_MAX_SCSI_DEVS_PER_HBA];
340 memset(&target_taken[0], 0, CCISS_MAX_SCSI_DEVS_PER_HBA);
342 target_taken[SELF_SCSI_ID] = 1;
343 for (i=0;i<ccissscsi[ctlr].ndevices;i++)
344 target_taken[ccissscsi[ctlr].dev[i].target] = 1;
346 for (i=0;i<CCISS_MAX_SCSI_DEVS_PER_HBA;i++) {
347 if (!target_taken[i]) {
348 *bus = 0; *target=i; *lun = 0; found=1;
349 break;
352 return (!found);
354 struct scsi2map {
355 char scsi3addr[8];
356 int bus, target, lun;
359 static int
360 cciss_scsi_add_entry(int ctlr, int hostno,
361 struct cciss_scsi_dev_t *device,
362 struct scsi2map *added, int *nadded)
364 /* assumes hba[ctlr]->scsi_ctlr->lock is held */
365 int n = ccissscsi[ctlr].ndevices;
366 struct cciss_scsi_dev_t *sd;
367 int i, bus, target, lun;
368 unsigned char addr1[8], addr2[8];
370 if (n >= CCISS_MAX_SCSI_DEVS_PER_HBA) {
371 printk("cciss%d: Too many devices, "
372 "some will be inaccessible.\n", ctlr);
373 return -1;
376 bus = target = -1;
377 lun = 0;
378 /* Is this device a non-zero lun of a multi-lun device */
379 /* byte 4 of the 8-byte LUN addr will contain the logical unit no. */
380 if (device->scsi3addr[4] != 0) {
381 /* Search through our list and find the device which */
382 /* has the same 8 byte LUN address, excepting byte 4. */
383 /* Assign the same bus and target for this new LUN. */
384 /* Use the logical unit number from the firmware. */
385 memcpy(addr1, device->scsi3addr, 8);
386 addr1[4] = 0;
387 for (i = 0; i < n; i++) {
388 sd = &ccissscsi[ctlr].dev[i];
389 memcpy(addr2, sd->scsi3addr, 8);
390 addr2[4] = 0;
391 /* differ only in byte 4? */
392 if (memcmp(addr1, addr2, 8) == 0) {
393 bus = sd->bus;
394 target = sd->target;
395 lun = device->scsi3addr[4];
396 break;
401 sd = &ccissscsi[ctlr].dev[n];
402 if (lun == 0) {
403 if (find_bus_target_lun(ctlr,
404 &sd->bus, &sd->target, &sd->lun) != 0)
405 return -1;
406 } else {
407 sd->bus = bus;
408 sd->target = target;
409 sd->lun = lun;
411 added[*nadded].bus = sd->bus;
412 added[*nadded].target = sd->target;
413 added[*nadded].lun = sd->lun;
414 (*nadded)++;
416 memcpy(sd->scsi3addr, device->scsi3addr, 8);
417 memcpy(sd->vendor, device->vendor, sizeof(sd->vendor));
418 memcpy(sd->revision, device->revision, sizeof(sd->revision));
419 memcpy(sd->device_id, device->device_id, sizeof(sd->device_id));
420 sd->devtype = device->devtype;
422 ccissscsi[ctlr].ndevices++;
424 /* initially, (before registering with scsi layer) we don't
425 know our hostno and we don't want to print anything first
426 time anyway (the scsi layer's inquiries will show that info) */
427 if (hostno != -1)
428 printk("cciss%d: %s device c%db%dt%dl%d added.\n",
429 ctlr, scsi_device_type(sd->devtype), hostno,
430 sd->bus, sd->target, sd->lun);
431 return 0;
434 static void
435 cciss_scsi_remove_entry(int ctlr, int hostno, int entry,
436 struct scsi2map *removed, int *nremoved)
438 /* assumes hba[ctlr]->scsi_ctlr->lock is held */
439 int i;
440 struct cciss_scsi_dev_t sd;
442 if (entry < 0 || entry >= CCISS_MAX_SCSI_DEVS_PER_HBA) return;
443 sd = ccissscsi[ctlr].dev[entry];
444 removed[*nremoved].bus = sd.bus;
445 removed[*nremoved].target = sd.target;
446 removed[*nremoved].lun = sd.lun;
447 (*nremoved)++;
448 for (i=entry;i<ccissscsi[ctlr].ndevices-1;i++)
449 ccissscsi[ctlr].dev[i] = ccissscsi[ctlr].dev[i+1];
450 ccissscsi[ctlr].ndevices--;
451 printk("cciss%d: %s device c%db%dt%dl%d removed.\n",
452 ctlr, scsi_device_type(sd.devtype), hostno,
453 sd.bus, sd.target, sd.lun);
457 #define SCSI3ADDR_EQ(a,b) ( \
458 (a)[7] == (b)[7] && \
459 (a)[6] == (b)[6] && \
460 (a)[5] == (b)[5] && \
461 (a)[4] == (b)[4] && \
462 (a)[3] == (b)[3] && \
463 (a)[2] == (b)[2] && \
464 (a)[1] == (b)[1] && \
465 (a)[0] == (b)[0])
467 static void fixup_botched_add(int ctlr, char *scsi3addr)
469 /* called when scsi_add_device fails in order to re-adjust */
470 /* ccissscsi[] to match the mid layer's view. */
471 unsigned long flags;
472 int i, j;
473 CPQ_TAPE_LOCK(ctlr, flags);
474 for (i = 0; i < ccissscsi[ctlr].ndevices; i++) {
475 if (memcmp(scsi3addr,
476 ccissscsi[ctlr].dev[i].scsi3addr, 8) == 0) {
477 for (j = i; j < ccissscsi[ctlr].ndevices-1; j++)
478 ccissscsi[ctlr].dev[j] =
479 ccissscsi[ctlr].dev[j+1];
480 ccissscsi[ctlr].ndevices--;
481 break;
484 CPQ_TAPE_UNLOCK(ctlr, flags);
487 static int device_is_the_same(struct cciss_scsi_dev_t *dev1,
488 struct cciss_scsi_dev_t *dev2)
490 return dev1->devtype == dev2->devtype &&
491 memcmp(dev1->scsi3addr, dev2->scsi3addr,
492 sizeof(dev1->scsi3addr)) == 0 &&
493 memcmp(dev1->device_id, dev2->device_id,
494 sizeof(dev1->device_id)) == 0 &&
495 memcmp(dev1->vendor, dev2->vendor,
496 sizeof(dev1->vendor)) == 0 &&
497 memcmp(dev1->model, dev2->model,
498 sizeof(dev1->model)) == 0 &&
499 memcmp(dev1->revision, dev2->revision,
500 sizeof(dev1->revision)) == 0;
503 static int
504 adjust_cciss_scsi_table(int ctlr, int hostno,
505 struct cciss_scsi_dev_t sd[], int nsds)
507 /* sd contains scsi3 addresses and devtypes, but
508 bus target and lun are not filled in. This funciton
509 takes what's in sd to be the current and adjusts
510 ccissscsi[] to be in line with what's in sd. */
512 int i,j, found, changes=0;
513 struct cciss_scsi_dev_t *csd;
514 unsigned long flags;
515 struct scsi2map *added, *removed;
516 int nadded, nremoved;
517 struct Scsi_Host *sh = NULL;
519 added = kzalloc(sizeof(*added) * CCISS_MAX_SCSI_DEVS_PER_HBA,
520 GFP_KERNEL);
521 removed = kzalloc(sizeof(*removed) * CCISS_MAX_SCSI_DEVS_PER_HBA,
522 GFP_KERNEL);
524 if (!added || !removed) {
525 printk(KERN_WARNING "cciss%d: Out of memory in "
526 "adjust_cciss_scsi_table\n", ctlr);
527 goto free_and_out;
530 CPQ_TAPE_LOCK(ctlr, flags);
532 if (hostno != -1) /* if it's not the first time... */
533 sh = ((struct cciss_scsi_adapter_data_t *)
534 hba[ctlr]->scsi_ctlr)->scsi_host;
536 /* find any devices in ccissscsi[] that are not in
537 sd[] and remove them from ccissscsi[] */
539 i = 0;
540 nremoved = 0;
541 nadded = 0;
542 while(i<ccissscsi[ctlr].ndevices) {
543 csd = &ccissscsi[ctlr].dev[i];
544 found=0;
545 for (j=0;j<nsds;j++) {
546 if (SCSI3ADDR_EQ(sd[j].scsi3addr,
547 csd->scsi3addr)) {
548 if (device_is_the_same(&sd[j], csd))
549 found=2;
550 else
551 found=1;
552 break;
556 if (found == 0) { /* device no longer present. */
557 changes++;
558 /* printk("cciss%d: %s device c%db%dt%dl%d removed.\n",
559 ctlr, scsi_device_type(csd->devtype), hostno,
560 csd->bus, csd->target, csd->lun); */
561 cciss_scsi_remove_entry(ctlr, hostno, i,
562 removed, &nremoved);
563 /* remove ^^^, hence i not incremented */
564 } else if (found == 1) { /* device is different in some way */
565 changes++;
566 printk("cciss%d: device c%db%dt%dl%d has changed.\n",
567 ctlr, hostno, csd->bus, csd->target, csd->lun);
568 cciss_scsi_remove_entry(ctlr, hostno, i,
569 removed, &nremoved);
570 /* remove ^^^, hence i not incremented */
571 if (cciss_scsi_add_entry(ctlr, hostno, &sd[j],
572 added, &nadded) != 0)
573 /* we just removed one, so add can't fail. */
574 BUG();
575 csd->devtype = sd[j].devtype;
576 memcpy(csd->device_id, sd[j].device_id,
577 sizeof(csd->device_id));
578 memcpy(csd->vendor, sd[j].vendor,
579 sizeof(csd->vendor));
580 memcpy(csd->model, sd[j].model,
581 sizeof(csd->model));
582 memcpy(csd->revision, sd[j].revision,
583 sizeof(csd->revision));
584 } else /* device is same as it ever was, */
585 i++; /* so just move along. */
588 /* Now, make sure every device listed in sd[] is also
589 listed in ccissscsi[], adding them if they aren't found */
591 for (i=0;i<nsds;i++) {
592 found=0;
593 for (j=0;j<ccissscsi[ctlr].ndevices;j++) {
594 csd = &ccissscsi[ctlr].dev[j];
595 if (SCSI3ADDR_EQ(sd[i].scsi3addr,
596 csd->scsi3addr)) {
597 if (device_is_the_same(&sd[i], csd))
598 found=2; /* found device */
599 else
600 found=1; /* found a bug. */
601 break;
604 if (!found) {
605 changes++;
606 if (cciss_scsi_add_entry(ctlr, hostno, &sd[i],
607 added, &nadded) != 0)
608 break;
609 } else if (found == 1) {
610 /* should never happen... */
611 changes++;
612 printk(KERN_WARNING "cciss%d: device "
613 "unexpectedly changed\n", ctlr);
614 /* but if it does happen, we just ignore that device */
617 CPQ_TAPE_UNLOCK(ctlr, flags);
619 /* Don't notify scsi mid layer of any changes the first time through */
620 /* (or if there are no changes) scsi_scan_host will do it later the */
621 /* first time through. */
622 if (hostno == -1 || !changes)
623 goto free_and_out;
625 /* Notify scsi mid layer of any removed devices */
626 for (i = 0; i < nremoved; i++) {
627 struct scsi_device *sdev =
628 scsi_device_lookup(sh, removed[i].bus,
629 removed[i].target, removed[i].lun);
630 if (sdev != NULL) {
631 scsi_remove_device(sdev);
632 scsi_device_put(sdev);
633 } else {
634 /* We don't expect to get here. */
635 /* future cmds to this device will get selection */
636 /* timeout as if the device was gone. */
637 printk(KERN_WARNING "cciss%d: didn't find "
638 "c%db%dt%dl%d\n for removal.",
639 ctlr, hostno, removed[i].bus,
640 removed[i].target, removed[i].lun);
644 /* Notify scsi mid layer of any added devices */
645 for (i = 0; i < nadded; i++) {
646 int rc;
647 rc = scsi_add_device(sh, added[i].bus,
648 added[i].target, added[i].lun);
649 if (rc == 0)
650 continue;
651 printk(KERN_WARNING "cciss%d: scsi_add_device "
652 "c%db%dt%dl%d failed, device not added.\n",
653 ctlr, hostno,
654 added[i].bus, added[i].target, added[i].lun);
655 /* now we have to remove it from ccissscsi, */
656 /* since it didn't get added to scsi mid layer */
657 fixup_botched_add(ctlr, added[i].scsi3addr);
660 free_and_out:
661 kfree(added);
662 kfree(removed);
663 return 0;
666 static int
667 lookup_scsi3addr(int ctlr, int bus, int target, int lun, char *scsi3addr)
669 int i;
670 struct cciss_scsi_dev_t *sd;
671 unsigned long flags;
673 CPQ_TAPE_LOCK(ctlr, flags);
674 for (i=0;i<ccissscsi[ctlr].ndevices;i++) {
675 sd = &ccissscsi[ctlr].dev[i];
676 if (sd->bus == bus &&
677 sd->target == target &&
678 sd->lun == lun) {
679 memcpy(scsi3addr, &sd->scsi3addr[0], 8);
680 CPQ_TAPE_UNLOCK(ctlr, flags);
681 return 0;
684 CPQ_TAPE_UNLOCK(ctlr, flags);
685 return -1;
688 static void
689 cciss_scsi_setup(int cntl_num)
691 struct cciss_scsi_adapter_data_t * shba;
693 ccissscsi[cntl_num].ndevices = 0;
694 shba = (struct cciss_scsi_adapter_data_t *)
695 kmalloc(sizeof(*shba), GFP_KERNEL);
696 if (shba == NULL)
697 return;
698 shba->scsi_host = NULL;
699 spin_lock_init(&shba->lock);
700 shba->registered = 0;
701 if (scsi_cmd_stack_setup(cntl_num, shba) != 0) {
702 kfree(shba);
703 shba = NULL;
705 hba[cntl_num]->scsi_ctlr = (void *) shba;
706 return;
709 static void
710 complete_scsi_command( CommandList_struct *cp, int timeout, __u32 tag)
712 struct scsi_cmnd *cmd;
713 ctlr_info_t *ctlr;
714 ErrorInfo_struct *ei;
716 ei = cp->err_info;
718 /* First, see if it was a message rather than a command */
719 if (cp->Request.Type.Type == TYPE_MSG) {
720 cp->cmd_type = CMD_MSG_DONE;
721 return;
724 cmd = (struct scsi_cmnd *) cp->scsi_cmd;
725 ctlr = hba[cp->ctlr];
727 scsi_dma_unmap(cmd);
729 cmd->result = (DID_OK << 16); /* host byte */
730 cmd->result |= (COMMAND_COMPLETE << 8); /* msg byte */
731 /* cmd->result |= (GOOD < 1); */ /* status byte */
733 cmd->result |= (ei->ScsiStatus);
734 /* printk("Scsistatus is 0x%02x\n", ei->ScsiStatus); */
736 /* copy the sense data whether we need to or not. */
738 memcpy(cmd->sense_buffer, ei->SenseInfo,
739 ei->SenseLen > SCSI_SENSE_BUFFERSIZE ?
740 SCSI_SENSE_BUFFERSIZE :
741 ei->SenseLen);
742 scsi_set_resid(cmd, ei->ResidualCnt);
744 if(ei->CommandStatus != 0)
745 { /* an error has occurred */
746 switch(ei->CommandStatus)
748 case CMD_TARGET_STATUS:
749 /* Pass it up to the upper layers... */
750 if( ei->ScsiStatus)
752 #if 0
753 printk(KERN_WARNING "cciss: cmd %p "
754 "has SCSI Status = %x\n",
755 cp,
756 ei->ScsiStatus);
757 #endif
758 cmd->result |= (ei->ScsiStatus < 1);
760 else { /* scsi status is zero??? How??? */
762 /* Ordinarily, this case should never happen, but there is a bug
763 in some released firmware revisions that allows it to happen
764 if, for example, a 4100 backplane loses power and the tape
765 drive is in it. We assume that it's a fatal error of some
766 kind because we can't show that it wasn't. We will make it
767 look like selection timeout since that is the most common
768 reason for this to occur, and it's severe enough. */
770 cmd->result = DID_NO_CONNECT << 16;
772 break;
773 case CMD_DATA_UNDERRUN: /* let mid layer handle it. */
774 break;
775 case CMD_DATA_OVERRUN:
776 printk(KERN_WARNING "cciss: cp %p has"
777 " completed with data overrun "
778 "reported\n", cp);
779 break;
780 case CMD_INVALID: {
781 /* print_bytes(cp, sizeof(*cp), 1, 0);
782 print_cmd(cp); */
783 /* We get CMD_INVALID if you address a non-existent tape drive instead
784 of a selection timeout (no response). You will see this if you yank
785 out a tape drive, then try to access it. This is kind of a shame
786 because it means that any other CMD_INVALID (e.g. driver bug) will
787 get interpreted as a missing target. */
788 cmd->result = DID_NO_CONNECT << 16;
790 break;
791 case CMD_PROTOCOL_ERR:
792 printk(KERN_WARNING "cciss: cp %p has "
793 "protocol error \n", cp);
794 break;
795 case CMD_HARDWARE_ERR:
796 cmd->result = DID_ERROR << 16;
797 printk(KERN_WARNING "cciss: cp %p had "
798 " hardware error\n", cp);
799 break;
800 case CMD_CONNECTION_LOST:
801 cmd->result = DID_ERROR << 16;
802 printk(KERN_WARNING "cciss: cp %p had "
803 "connection lost\n", cp);
804 break;
805 case CMD_ABORTED:
806 cmd->result = DID_ABORT << 16;
807 printk(KERN_WARNING "cciss: cp %p was "
808 "aborted\n", cp);
809 break;
810 case CMD_ABORT_FAILED:
811 cmd->result = DID_ERROR << 16;
812 printk(KERN_WARNING "cciss: cp %p reports "
813 "abort failed\n", cp);
814 break;
815 case CMD_UNSOLICITED_ABORT:
816 cmd->result = DID_ABORT << 16;
817 printk(KERN_WARNING "cciss: cp %p aborted "
818 "do to an unsolicited abort\n", cp);
819 break;
820 case CMD_TIMEOUT:
821 cmd->result = DID_TIME_OUT << 16;
822 printk(KERN_WARNING "cciss: cp %p timedout\n",
823 cp);
824 break;
825 default:
826 cmd->result = DID_ERROR << 16;
827 printk(KERN_WARNING "cciss: cp %p returned "
828 "unknown status %x\n", cp,
829 ei->CommandStatus);
832 // printk("c:%p:c%db%dt%dl%d ", cmd, ctlr->ctlr, cmd->channel,
833 // cmd->target, cmd->lun);
834 cmd->scsi_done(cmd);
835 scsi_cmd_free(ctlr, cp);
838 static int
839 cciss_scsi_detect(int ctlr)
841 struct Scsi_Host *sh;
842 int error;
844 sh = scsi_host_alloc(&cciss_driver_template, sizeof(struct ctlr_info *));
845 if (sh == NULL)
846 goto fail;
847 sh->io_port = 0; // good enough? FIXME,
848 sh->n_io_port = 0; // I don't think we use these two...
849 sh->this_id = SELF_SCSI_ID;
851 ((struct cciss_scsi_adapter_data_t *)
852 hba[ctlr]->scsi_ctlr)->scsi_host = (void *) sh;
853 sh->hostdata[0] = (unsigned long) hba[ctlr];
854 sh->irq = hba[ctlr]->intr[SIMPLE_MODE_INT];
855 sh->unique_id = sh->irq;
856 error = scsi_add_host(sh, &hba[ctlr]->pdev->dev);
857 if (error)
858 goto fail_host_put;
859 scsi_scan_host(sh);
860 return 1;
862 fail_host_put:
863 scsi_host_put(sh);
864 fail:
865 return 0;
868 static void
869 cciss_unmap_one(struct pci_dev *pdev,
870 CommandList_struct *cp,
871 size_t buflen,
872 int data_direction)
874 u64bit addr64;
876 addr64.val32.lower = cp->SG[0].Addr.lower;
877 addr64.val32.upper = cp->SG[0].Addr.upper;
878 pci_unmap_single(pdev, (dma_addr_t) addr64.val, buflen, data_direction);
881 static void
882 cciss_map_one(struct pci_dev *pdev,
883 CommandList_struct *cp,
884 unsigned char *buf,
885 size_t buflen,
886 int data_direction)
888 __u64 addr64;
890 addr64 = (__u64) pci_map_single(pdev, buf, buflen, data_direction);
891 cp->SG[0].Addr.lower =
892 (__u32) (addr64 & (__u64) 0x00000000FFFFFFFF);
893 cp->SG[0].Addr.upper =
894 (__u32) ((addr64 >> 32) & (__u64) 0x00000000FFFFFFFF);
895 cp->SG[0].Len = buflen;
896 cp->Header.SGList = (__u8) 1; /* no. SGs contig in this cmd */
897 cp->Header.SGTotal = (__u16) 1; /* total sgs in this cmd list */
900 static int
901 cciss_scsi_do_simple_cmd(ctlr_info_t *c,
902 CommandList_struct *cp,
903 unsigned char *scsi3addr,
904 unsigned char *cdb,
905 unsigned char cdblen,
906 unsigned char *buf, int bufsize,
907 int direction)
909 unsigned long flags;
910 DECLARE_COMPLETION_ONSTACK(wait);
912 cp->cmd_type = CMD_IOCTL_PEND; // treat this like an ioctl
913 cp->scsi_cmd = NULL;
914 cp->Header.ReplyQueue = 0; // unused in simple mode
915 memcpy(&cp->Header.LUN, scsi3addr, sizeof(cp->Header.LUN));
916 cp->Header.Tag.lower = cp->busaddr; // Use k. address of cmd as tag
917 // Fill in the request block...
919 /* printk("Using scsi3addr 0x%02x%0x2%0x2%0x2%0x2%0x2%0x2%0x2\n",
920 scsi3addr[0], scsi3addr[1], scsi3addr[2], scsi3addr[3],
921 scsi3addr[4], scsi3addr[5], scsi3addr[6], scsi3addr[7]); */
923 memset(cp->Request.CDB, 0, sizeof(cp->Request.CDB));
924 memcpy(cp->Request.CDB, cdb, cdblen);
925 cp->Request.Timeout = 0;
926 cp->Request.CDBLen = cdblen;
927 cp->Request.Type.Type = TYPE_CMD;
928 cp->Request.Type.Attribute = ATTR_SIMPLE;
929 cp->Request.Type.Direction = direction;
931 /* Fill in the SG list and do dma mapping */
932 cciss_map_one(c->pdev, cp, (unsigned char *) buf,
933 bufsize, DMA_FROM_DEVICE);
935 cp->waiting = &wait;
937 /* Put the request on the tail of the request queue */
938 spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
939 addQ(&c->reqQ, cp);
940 c->Qdepth++;
941 start_io(c);
942 spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
944 wait_for_completion(&wait);
946 /* undo the dma mapping */
947 cciss_unmap_one(c->pdev, cp, bufsize, DMA_FROM_DEVICE);
948 return(0);
951 static void
952 cciss_scsi_interpret_error(CommandList_struct *cp)
954 ErrorInfo_struct *ei;
956 ei = cp->err_info;
957 switch(ei->CommandStatus)
959 case CMD_TARGET_STATUS:
960 printk(KERN_WARNING "cciss: cmd %p has "
961 "completed with errors\n", cp);
962 printk(KERN_WARNING "cciss: cmd %p "
963 "has SCSI Status = %x\n",
964 cp,
965 ei->ScsiStatus);
966 if (ei->ScsiStatus == 0)
967 printk(KERN_WARNING
968 "cciss:SCSI status is abnormally zero. "
969 "(probably indicates selection timeout "
970 "reported incorrectly due to a known "
971 "firmware bug, circa July, 2001.)\n");
972 break;
973 case CMD_DATA_UNDERRUN: /* let mid layer handle it. */
974 printk("UNDERRUN\n");
975 break;
976 case CMD_DATA_OVERRUN:
977 printk(KERN_WARNING "cciss: cp %p has"
978 " completed with data overrun "
979 "reported\n", cp);
980 break;
981 case CMD_INVALID: {
982 /* controller unfortunately reports SCSI passthru's */
983 /* to non-existent targets as invalid commands. */
984 printk(KERN_WARNING "cciss: cp %p is "
985 "reported invalid (probably means "
986 "target device no longer present)\n",
987 cp);
988 /* print_bytes((unsigned char *) cp, sizeof(*cp), 1, 0);
989 print_cmd(cp); */
991 break;
992 case CMD_PROTOCOL_ERR:
993 printk(KERN_WARNING "cciss: cp %p has "
994 "protocol error \n", cp);
995 break;
996 case CMD_HARDWARE_ERR:
997 /* cmd->result = DID_ERROR << 16; */
998 printk(KERN_WARNING "cciss: cp %p had "
999 " hardware error\n", cp);
1000 break;
1001 case CMD_CONNECTION_LOST:
1002 printk(KERN_WARNING "cciss: cp %p had "
1003 "connection lost\n", cp);
1004 break;
1005 case CMD_ABORTED:
1006 printk(KERN_WARNING "cciss: cp %p was "
1007 "aborted\n", cp);
1008 break;
1009 case CMD_ABORT_FAILED:
1010 printk(KERN_WARNING "cciss: cp %p reports "
1011 "abort failed\n", cp);
1012 break;
1013 case CMD_UNSOLICITED_ABORT:
1014 printk(KERN_WARNING "cciss: cp %p aborted "
1015 "do to an unsolicited abort\n", cp);
1016 break;
1017 case CMD_TIMEOUT:
1018 printk(KERN_WARNING "cciss: cp %p timedout\n",
1019 cp);
1020 break;
1021 default:
1022 printk(KERN_WARNING "cciss: cp %p returned "
1023 "unknown status %x\n", cp,
1024 ei->CommandStatus);
1028 static int
1029 cciss_scsi_do_inquiry(ctlr_info_t *c, unsigned char *scsi3addr,
1030 unsigned char page, unsigned char *buf,
1031 unsigned char bufsize)
1033 int rc;
1034 CommandList_struct *cp;
1035 char cdb[6];
1036 ErrorInfo_struct *ei;
1037 unsigned long flags;
1039 spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1040 cp = scsi_cmd_alloc(c);
1041 spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1043 if (cp == NULL) { /* trouble... */
1044 printk("cmd_alloc returned NULL!\n");
1045 return -1;
1048 ei = cp->err_info;
1050 cdb[0] = CISS_INQUIRY;
1051 cdb[1] = (page != 0);
1052 cdb[2] = page;
1053 cdb[3] = 0;
1054 cdb[4] = bufsize;
1055 cdb[5] = 0;
1056 rc = cciss_scsi_do_simple_cmd(c, cp, scsi3addr, cdb,
1057 6, buf, bufsize, XFER_READ);
1059 if (rc != 0) return rc; /* something went wrong */
1061 if (ei->CommandStatus != 0 &&
1062 ei->CommandStatus != CMD_DATA_UNDERRUN) {
1063 cciss_scsi_interpret_error(cp);
1064 rc = -1;
1066 spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1067 scsi_cmd_free(c, cp);
1068 spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1069 return rc;
1072 /* Get the device id from inquiry page 0x83 */
1073 static int cciss_scsi_get_device_id(ctlr_info_t *c, unsigned char *scsi3addr,
1074 unsigned char *device_id, int buflen)
1076 int rc;
1077 unsigned char *buf;
1079 if (buflen > 16)
1080 buflen = 16;
1081 buf = kzalloc(64, GFP_KERNEL);
1082 if (!buf)
1083 return -1;
1084 rc = cciss_scsi_do_inquiry(c, scsi3addr, 0x83, buf, 64);
1085 if (rc == 0)
1086 memcpy(device_id, &buf[8], buflen);
1087 kfree(buf);
1088 return rc != 0;
1091 static int
1092 cciss_scsi_do_report_phys_luns(ctlr_info_t *c,
1093 ReportLunData_struct *buf, int bufsize)
1095 int rc;
1096 CommandList_struct *cp;
1097 unsigned char cdb[12];
1098 unsigned char scsi3addr[8];
1099 ErrorInfo_struct *ei;
1100 unsigned long flags;
1102 spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1103 cp = scsi_cmd_alloc(c);
1104 spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1105 if (cp == NULL) { /* trouble... */
1106 printk("cmd_alloc returned NULL!\n");
1107 return -1;
1110 memset(&scsi3addr[0], 0, 8); /* address the controller */
1111 cdb[0] = CISS_REPORT_PHYS;
1112 cdb[1] = 0;
1113 cdb[2] = 0;
1114 cdb[3] = 0;
1115 cdb[4] = 0;
1116 cdb[5] = 0;
1117 cdb[6] = (bufsize >> 24) & 0xFF; //MSB
1118 cdb[7] = (bufsize >> 16) & 0xFF;
1119 cdb[8] = (bufsize >> 8) & 0xFF;
1120 cdb[9] = bufsize & 0xFF;
1121 cdb[10] = 0;
1122 cdb[11] = 0;
1124 rc = cciss_scsi_do_simple_cmd(c, cp, scsi3addr,
1125 cdb, 12,
1126 (unsigned char *) buf,
1127 bufsize, XFER_READ);
1129 if (rc != 0) return rc; /* something went wrong */
1131 ei = cp->err_info;
1132 if (ei->CommandStatus != 0 &&
1133 ei->CommandStatus != CMD_DATA_UNDERRUN) {
1134 cciss_scsi_interpret_error(cp);
1135 rc = -1;
1137 spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1138 scsi_cmd_free(c, cp);
1139 spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1140 return rc;
1143 static void
1144 cciss_update_non_disk_devices(int cntl_num, int hostno)
1146 /* the idea here is we could get notified from /proc
1147 that some devices have changed, so we do a report
1148 physical luns cmd, and adjust our list of devices
1149 accordingly. (We can't rely on the scsi-mid layer just
1150 doing inquiries, because the "busses" that the scsi
1151 mid-layer probes are totally fabricated by this driver,
1152 so new devices wouldn't show up.
1154 the scsi3addr's of devices won't change so long as the
1155 adapter is not reset. That means we can rescan and
1156 tell which devices we already know about, vs. new
1157 devices, vs. disappearing devices.
1159 Also, if you yank out a tape drive, then put in a disk
1160 in it's place, (say, a configured volume from another
1161 array controller for instance) _don't_ poke this driver
1162 (so it thinks it's still a tape, but _do_ poke the scsi
1163 mid layer, so it does an inquiry... the scsi mid layer
1164 will see the physical disk. This would be bad. Need to
1165 think about how to prevent that. One idea would be to
1166 snoop all scsi responses and if an inquiry repsonse comes
1167 back that reports a disk, chuck it an return selection
1168 timeout instead and adjust our table... Not sure i like
1169 that though.
1172 #define OBDR_TAPE_INQ_SIZE 49
1173 #define OBDR_TAPE_SIG "$DR-10"
1174 ReportLunData_struct *ld_buff;
1175 unsigned char *inq_buff;
1176 unsigned char scsi3addr[8];
1177 ctlr_info_t *c;
1178 __u32 num_luns=0;
1179 unsigned char *ch;
1180 struct cciss_scsi_dev_t *currentsd, *this_device;
1181 int ncurrent=0;
1182 int reportlunsize = sizeof(*ld_buff) + CISS_MAX_PHYS_LUN * 8;
1183 int i;
1185 c = (ctlr_info_t *) hba[cntl_num];
1186 ld_buff = kzalloc(reportlunsize, GFP_KERNEL);
1187 inq_buff = kmalloc(OBDR_TAPE_INQ_SIZE, GFP_KERNEL);
1188 currentsd = kzalloc(sizeof(*currentsd) *
1189 (CCISS_MAX_SCSI_DEVS_PER_HBA+1), GFP_KERNEL);
1190 if (ld_buff == NULL || inq_buff == NULL || currentsd == NULL) {
1191 printk(KERN_ERR "cciss: out of memory\n");
1192 goto out;
1194 this_device = &currentsd[CCISS_MAX_SCSI_DEVS_PER_HBA];
1195 if (cciss_scsi_do_report_phys_luns(c, ld_buff, reportlunsize) == 0) {
1196 ch = &ld_buff->LUNListLength[0];
1197 num_luns = ((ch[0]<<24) | (ch[1]<<16) | (ch[2]<<8) | ch[3]) / 8;
1198 if (num_luns > CISS_MAX_PHYS_LUN) {
1199 printk(KERN_WARNING
1200 "cciss: Maximum physical LUNs (%d) exceeded. "
1201 "%d LUNs ignored.\n", CISS_MAX_PHYS_LUN,
1202 num_luns - CISS_MAX_PHYS_LUN);
1203 num_luns = CISS_MAX_PHYS_LUN;
1206 else {
1207 printk(KERN_ERR "cciss: Report physical LUNs failed.\n");
1208 goto out;
1212 /* adjust our table of devices */
1213 for (i = 0; i < num_luns; i++) {
1214 /* for each physical lun, do an inquiry */
1215 if (ld_buff->LUN[i][3] & 0xC0) continue;
1216 memset(inq_buff, 0, OBDR_TAPE_INQ_SIZE);
1217 memcpy(&scsi3addr[0], &ld_buff->LUN[i][0], 8);
1219 if (cciss_scsi_do_inquiry(hba[cntl_num], scsi3addr, 0, inq_buff,
1220 (unsigned char) OBDR_TAPE_INQ_SIZE) != 0)
1221 /* Inquiry failed (msg printed already) */
1222 continue; /* so we will skip this device. */
1224 this_device->devtype = (inq_buff[0] & 0x1f);
1225 this_device->bus = -1;
1226 this_device->target = -1;
1227 this_device->lun = -1;
1228 memcpy(this_device->scsi3addr, scsi3addr, 8);
1229 memcpy(this_device->vendor, &inq_buff[8],
1230 sizeof(this_device->vendor));
1231 memcpy(this_device->model, &inq_buff[16],
1232 sizeof(this_device->model));
1233 memcpy(this_device->revision, &inq_buff[32],
1234 sizeof(this_device->revision));
1235 memset(this_device->device_id, 0,
1236 sizeof(this_device->device_id));
1237 cciss_scsi_get_device_id(hba[cntl_num], scsi3addr,
1238 this_device->device_id, sizeof(this_device->device_id));
1240 switch (this_device->devtype)
1242 case 0x05: /* CD-ROM */ {
1244 /* We don't *really* support actual CD-ROM devices,
1245 * just this "One Button Disaster Recovery" tape drive
1246 * which temporarily pretends to be a CD-ROM drive.
1247 * So we check that the device is really an OBDR tape
1248 * device by checking for "$DR-10" in bytes 43-48 of
1249 * the inquiry data.
1251 char obdr_sig[7];
1253 strncpy(obdr_sig, &inq_buff[43], 6);
1254 obdr_sig[6] = '\0';
1255 if (strncmp(obdr_sig, OBDR_TAPE_SIG, 6) != 0)
1256 /* Not OBDR device, ignore it. */
1257 break;
1259 /* fall through . . . */
1260 case 0x01: /* sequential access, (tape) */
1261 case 0x08: /* medium changer */
1262 if (ncurrent >= CCISS_MAX_SCSI_DEVS_PER_HBA) {
1263 printk(KERN_INFO "cciss%d: %s ignored, "
1264 "too many devices.\n", cntl_num,
1265 scsi_device_type(this_device->devtype));
1266 break;
1268 currentsd[ncurrent] = *this_device;
1269 ncurrent++;
1270 break;
1271 default:
1272 break;
1276 adjust_cciss_scsi_table(cntl_num, hostno, currentsd, ncurrent);
1277 out:
1278 kfree(inq_buff);
1279 kfree(ld_buff);
1280 kfree(currentsd);
1281 return;
1284 static int
1285 is_keyword(char *ptr, int len, char *verb) // Thanks to ncr53c8xx.c
1287 int verb_len = strlen(verb);
1288 if (len >= verb_len && !memcmp(verb,ptr,verb_len))
1289 return verb_len;
1290 else
1291 return 0;
1294 static int
1295 cciss_scsi_user_command(int ctlr, int hostno, char *buffer, int length)
1297 int arg_len;
1299 if ((arg_len = is_keyword(buffer, length, "rescan")) != 0)
1300 cciss_update_non_disk_devices(ctlr, hostno);
1301 else
1302 return -EINVAL;
1303 return length;
1307 static int
1308 cciss_scsi_proc_info(struct Scsi_Host *sh,
1309 char *buffer, /* data buffer */
1310 char **start, /* where data in buffer starts */
1311 off_t offset, /* offset from start of imaginary file */
1312 int length, /* length of data in buffer */
1313 int func) /* 0 == read, 1 == write */
1316 int buflen, datalen;
1317 ctlr_info_t *ci;
1318 int i;
1319 int cntl_num;
1322 ci = (ctlr_info_t *) sh->hostdata[0];
1323 if (ci == NULL) /* This really shouldn't ever happen. */
1324 return -EINVAL;
1326 cntl_num = ci->ctlr; /* Get our index into the hba[] array */
1328 if (func == 0) { /* User is reading from /proc/scsi/ciss*?/?* */
1329 buflen = sprintf(buffer, "cciss%d: SCSI host: %d\n",
1330 cntl_num, sh->host_no);
1332 /* this information is needed by apps to know which cciss
1333 device corresponds to which scsi host number without
1334 having to open a scsi target device node. The device
1335 information is not a duplicate of /proc/scsi/scsi because
1336 the two may be out of sync due to scsi hotplug, rather
1337 this info is for an app to be able to use to know how to
1338 get them back in sync. */
1340 for (i=0;i<ccissscsi[cntl_num].ndevices;i++) {
1341 struct cciss_scsi_dev_t *sd = &ccissscsi[cntl_num].dev[i];
1342 buflen += sprintf(&buffer[buflen], "c%db%dt%dl%d %02d "
1343 "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
1344 sh->host_no, sd->bus, sd->target, sd->lun,
1345 sd->devtype,
1346 sd->scsi3addr[0], sd->scsi3addr[1],
1347 sd->scsi3addr[2], sd->scsi3addr[3],
1348 sd->scsi3addr[4], sd->scsi3addr[5],
1349 sd->scsi3addr[6], sd->scsi3addr[7]);
1351 datalen = buflen - offset;
1352 if (datalen < 0) { /* they're reading past EOF. */
1353 datalen = 0;
1354 *start = buffer+buflen;
1355 } else
1356 *start = buffer + offset;
1357 return(datalen);
1358 } else /* User is writing to /proc/scsi/cciss*?/?* ... */
1359 return cciss_scsi_user_command(cntl_num, sh->host_no,
1360 buffer, length);
1363 /* cciss_scatter_gather takes a struct scsi_cmnd, (cmd), and does the pci
1364 dma mapping and fills in the scatter gather entries of the
1365 cciss command, cp. */
1367 static void
1368 cciss_scatter_gather(struct pci_dev *pdev,
1369 CommandList_struct *cp,
1370 struct scsi_cmnd *cmd)
1372 unsigned int len;
1373 struct scatterlist *sg;
1374 __u64 addr64;
1375 int use_sg, i;
1377 BUG_ON(scsi_sg_count(cmd) > MAXSGENTRIES);
1379 use_sg = scsi_dma_map(cmd);
1380 if (use_sg) { /* not too many addrs? */
1381 scsi_for_each_sg(cmd, sg, use_sg, i) {
1382 addr64 = (__u64) sg_dma_address(sg);
1383 len = sg_dma_len(sg);
1384 cp->SG[i].Addr.lower =
1385 (__u32) (addr64 & (__u64) 0x00000000FFFFFFFF);
1386 cp->SG[i].Addr.upper =
1387 (__u32) ((addr64 >> 32) & (__u64) 0x00000000FFFFFFFF);
1388 cp->SG[i].Len = len;
1389 cp->SG[i].Ext = 0; // we are not chaining
1393 cp->Header.SGList = (__u8) use_sg; /* no. SGs contig in this cmd */
1394 cp->Header.SGTotal = (__u16) use_sg; /* total sgs in this cmd list */
1395 return;
1399 static int
1400 cciss_scsi_queue_command (struct scsi_cmnd *cmd, void (* done)(struct scsi_cmnd *))
1402 ctlr_info_t **c;
1403 int ctlr, rc;
1404 unsigned char scsi3addr[8];
1405 CommandList_struct *cp;
1406 unsigned long flags;
1408 // Get the ptr to our adapter structure (hba[i]) out of cmd->host.
1409 // We violate cmd->host privacy here. (Is there another way?)
1410 c = (ctlr_info_t **) &cmd->device->host->hostdata[0];
1411 ctlr = (*c)->ctlr;
1413 rc = lookup_scsi3addr(ctlr, cmd->device->channel, cmd->device->id,
1414 cmd->device->lun, scsi3addr);
1415 if (rc != 0) {
1416 /* the scsi nexus does not match any that we presented... */
1417 /* pretend to mid layer that we got selection timeout */
1418 cmd->result = DID_NO_CONNECT << 16;
1419 done(cmd);
1420 /* we might want to think about registering controller itself
1421 as a processor device on the bus so sg binds to it. */
1422 return 0;
1425 /* printk("cciss_queue_command, p=%p, cmd=0x%02x, c%db%dt%dl%d\n",
1426 cmd, cmd->cmnd[0], ctlr, cmd->channel, cmd->target, cmd->lun);*/
1427 // printk("q:%p:c%db%dt%dl%d ", cmd, ctlr, cmd->channel,
1428 // cmd->target, cmd->lun);
1430 /* Ok, we have a reasonable scsi nexus, so send the cmd down, and
1431 see what the device thinks of it. */
1433 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1434 cp = scsi_cmd_alloc(*c);
1435 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1436 if (cp == NULL) { /* trouble... */
1437 printk("scsi_cmd_alloc returned NULL!\n");
1438 /* FIXME: next 3 lines are -> BAD! <- */
1439 cmd->result = DID_NO_CONNECT << 16;
1440 done(cmd);
1441 return 0;
1444 // Fill in the command list header
1446 cmd->scsi_done = done; // save this for use by completion code
1448 // save cp in case we have to abort it
1449 cmd->host_scribble = (unsigned char *) cp;
1451 cp->cmd_type = CMD_SCSI;
1452 cp->scsi_cmd = cmd;
1453 cp->Header.ReplyQueue = 0; // unused in simple mode
1454 memcpy(&cp->Header.LUN.LunAddrBytes[0], &scsi3addr[0], 8);
1455 cp->Header.Tag.lower = cp->busaddr; // Use k. address of cmd as tag
1457 // Fill in the request block...
1459 cp->Request.Timeout = 0;
1460 memset(cp->Request.CDB, 0, sizeof(cp->Request.CDB));
1461 BUG_ON(cmd->cmd_len > sizeof(cp->Request.CDB));
1462 cp->Request.CDBLen = cmd->cmd_len;
1463 memcpy(cp->Request.CDB, cmd->cmnd, cmd->cmd_len);
1464 cp->Request.Type.Type = TYPE_CMD;
1465 cp->Request.Type.Attribute = ATTR_SIMPLE;
1466 switch(cmd->sc_data_direction)
1468 case DMA_TO_DEVICE: cp->Request.Type.Direction = XFER_WRITE; break;
1469 case DMA_FROM_DEVICE: cp->Request.Type.Direction = XFER_READ; break;
1470 case DMA_NONE: cp->Request.Type.Direction = XFER_NONE; break;
1471 case DMA_BIDIRECTIONAL:
1472 // This can happen if a buggy application does a scsi passthru
1473 // and sets both inlen and outlen to non-zero. ( see
1474 // ../scsi/scsi_ioctl.c:scsi_ioctl_send_command() )
1476 cp->Request.Type.Direction = XFER_RSVD;
1477 // This is technically wrong, and cciss controllers should
1478 // reject it with CMD_INVALID, which is the most correct
1479 // response, but non-fibre backends appear to let it
1480 // slide by, and give the same results as if this field
1481 // were set correctly. Either way is acceptable for
1482 // our purposes here.
1484 break;
1486 default:
1487 printk("cciss: unknown data direction: %d\n",
1488 cmd->sc_data_direction);
1489 BUG();
1490 break;
1493 cciss_scatter_gather((*c)->pdev, cp, cmd); // Fill the SG list
1495 /* Put the request on the tail of the request queue */
1497 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1498 addQ(&(*c)->reqQ, cp);
1499 (*c)->Qdepth++;
1500 start_io(*c);
1501 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1503 /* the cmd'll come back via intr handler in complete_scsi_command() */
1504 return 0;
1507 static void
1508 cciss_unregister_scsi(int ctlr)
1510 struct cciss_scsi_adapter_data_t *sa;
1511 struct cciss_scsi_cmd_stack_t *stk;
1512 unsigned long flags;
1514 /* we are being forcibly unloaded, and may not refuse. */
1516 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1517 sa = (struct cciss_scsi_adapter_data_t *) hba[ctlr]->scsi_ctlr;
1518 stk = &sa->cmd_stack;
1520 /* if we weren't ever actually registered, don't unregister */
1521 if (sa->registered) {
1522 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1523 scsi_remove_host(sa->scsi_host);
1524 scsi_host_put(sa->scsi_host);
1525 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1528 /* set scsi_host to NULL so our detect routine will
1529 find us on register */
1530 sa->scsi_host = NULL;
1531 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1532 scsi_cmd_stack_free(ctlr);
1533 kfree(sa);
1536 static int
1537 cciss_engage_scsi(int ctlr)
1539 struct cciss_scsi_adapter_data_t *sa;
1540 struct cciss_scsi_cmd_stack_t *stk;
1541 unsigned long flags;
1543 spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1544 sa = (struct cciss_scsi_adapter_data_t *) hba[ctlr]->scsi_ctlr;
1545 stk = &sa->cmd_stack;
1547 if (sa->registered) {
1548 printk("cciss%d: SCSI subsystem already engaged.\n", ctlr);
1549 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1550 return ENXIO;
1552 sa->registered = 1;
1553 spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1554 cciss_update_non_disk_devices(ctlr, -1);
1555 cciss_scsi_detect(ctlr);
1556 return 0;
1559 static void
1560 cciss_seq_tape_report(struct seq_file *seq, int ctlr)
1562 unsigned long flags;
1564 CPQ_TAPE_LOCK(ctlr, flags);
1565 seq_printf(seq,
1566 "Sequential access devices: %d\n\n",
1567 ccissscsi[ctlr].ndevices);
1568 CPQ_TAPE_UNLOCK(ctlr, flags);
1571 static int wait_for_device_to_become_ready(ctlr_info_t *h,
1572 unsigned char lunaddr[])
1574 int rc;
1575 int count = 0;
1576 int waittime = HZ;
1577 CommandList_struct *c;
1579 c = cmd_alloc(h, 1);
1580 if (!c) {
1581 printk(KERN_WARNING "cciss%d: out of memory in "
1582 "wait_for_device_to_become_ready.\n", h->ctlr);
1583 return IO_ERROR;
1586 /* Send test unit ready until device ready, or give up. */
1587 while (count < 20) {
1589 /* Wait for a bit. do this first, because if we send
1590 * the TUR right away, the reset will just abort it.
1592 schedule_timeout_uninterruptible(waittime);
1593 count++;
1595 /* Increase wait time with each try, up to a point. */
1596 if (waittime < (HZ * 30))
1597 waittime = waittime * 2;
1599 /* Send the Test Unit Ready */
1600 rc = fill_cmd(c, TEST_UNIT_READY, h->ctlr, NULL, 0, 0,
1601 lunaddr, TYPE_CMD);
1602 if (rc == 0)
1603 rc = sendcmd_withirq_core(h, c, 0);
1605 (void) process_sendcmd_error(h, c);
1607 if (rc != 0)
1608 goto retry_tur;
1610 if (c->err_info->CommandStatus == CMD_SUCCESS)
1611 break;
1613 if (c->err_info->CommandStatus == CMD_TARGET_STATUS &&
1614 c->err_info->ScsiStatus == SAM_STAT_CHECK_CONDITION) {
1615 if (c->err_info->SenseInfo[2] == NO_SENSE)
1616 break;
1617 if (c->err_info->SenseInfo[2] == UNIT_ATTENTION) {
1618 unsigned char asc;
1619 asc = c->err_info->SenseInfo[12];
1620 check_for_unit_attention(h, c);
1621 if (asc == POWER_OR_RESET)
1622 break;
1625 retry_tur:
1626 printk(KERN_WARNING "cciss%d: Waiting %d secs "
1627 "for device to become ready.\n",
1628 h->ctlr, waittime / HZ);
1629 rc = 1; /* device not ready. */
1632 if (rc)
1633 printk("cciss%d: giving up on device.\n", h->ctlr);
1634 else
1635 printk(KERN_WARNING "cciss%d: device is ready.\n", h->ctlr);
1637 cmd_free(h, c, 1);
1638 return rc;
1641 /* Need at least one of these error handlers to keep ../scsi/hosts.c from
1642 * complaining. Doing a host- or bus-reset can't do anything good here.
1643 * Despite what it might say in scsi_error.c, there may well be commands
1644 * on the controller, as the cciss driver registers twice, once as a block
1645 * device for the logical drives, and once as a scsi device, for any tape
1646 * drives. So we know there are no commands out on the tape drives, but we
1647 * don't know there are no commands on the controller, and it is likely
1648 * that there probably are, as the cciss block device is most commonly used
1649 * as a boot device (embedded controller on HP/Compaq systems.)
1652 static int cciss_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
1654 int rc;
1655 CommandList_struct *cmd_in_trouble;
1656 unsigned char lunaddr[8];
1657 ctlr_info_t **c;
1658 int ctlr;
1660 /* find the controller to which the command to be aborted was sent */
1661 c = (ctlr_info_t **) &scsicmd->device->host->hostdata[0];
1662 if (c == NULL) /* paranoia */
1663 return FAILED;
1664 ctlr = (*c)->ctlr;
1665 printk(KERN_WARNING "cciss%d: resetting tape drive or medium changer.\n", ctlr);
1666 /* find the command that's giving us trouble */
1667 cmd_in_trouble = (CommandList_struct *) scsicmd->host_scribble;
1668 if (cmd_in_trouble == NULL) /* paranoia */
1669 return FAILED;
1670 memcpy(lunaddr, &cmd_in_trouble->Header.LUN.LunAddrBytes[0], 8);
1671 /* send a reset to the SCSI LUN which the command was sent to */
1672 rc = sendcmd_withirq(CCISS_RESET_MSG, ctlr, NULL, 0, 0, lunaddr,
1673 TYPE_MSG);
1674 if (rc == 0 && wait_for_device_to_become_ready(*c, lunaddr) == 0)
1675 return SUCCESS;
1676 printk(KERN_WARNING "cciss%d: resetting device failed.\n", ctlr);
1677 return FAILED;
1680 static int cciss_eh_abort_handler(struct scsi_cmnd *scsicmd)
1682 int rc;
1683 CommandList_struct *cmd_to_abort;
1684 unsigned char lunaddr[8];
1685 ctlr_info_t **c;
1686 int ctlr;
1688 /* find the controller to which the command to be aborted was sent */
1689 c = (ctlr_info_t **) &scsicmd->device->host->hostdata[0];
1690 if (c == NULL) /* paranoia */
1691 return FAILED;
1692 ctlr = (*c)->ctlr;
1693 printk(KERN_WARNING "cciss%d: aborting tardy SCSI cmd\n", ctlr);
1695 /* find the command to be aborted */
1696 cmd_to_abort = (CommandList_struct *) scsicmd->host_scribble;
1697 if (cmd_to_abort == NULL) /* paranoia */
1698 return FAILED;
1699 memcpy(lunaddr, &cmd_to_abort->Header.LUN.LunAddrBytes[0], 8);
1700 rc = sendcmd_withirq(CCISS_ABORT_MSG, ctlr, &cmd_to_abort->Header.Tag,
1701 0, 0, lunaddr, TYPE_MSG);
1702 if (rc == 0)
1703 return SUCCESS;
1704 return FAILED;
1708 #else /* no CONFIG_CISS_SCSI_TAPE */
1710 /* If no tape support, then these become defined out of existence */
1712 #define cciss_scsi_setup(cntl_num)
1714 #endif /* CONFIG_CISS_SCSI_TAPE */