aboutsummaryrefslogtreecommitdiff
path: root/drivers/scsi/aacraid/commctrl.c
diff options
context:
space:
mode:
Diffstat (limited to 'drivers/scsi/aacraid/commctrl.c')
-rw-r--r--drivers/scsi/aacraid/commctrl.c221
1 files changed, 139 insertions, 82 deletions
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c
index 30dd1f7120f..fc268a410c2 100644
--- a/drivers/scsi/aacraid/commctrl.c
+++ b/drivers/scsi/aacraid/commctrl.c
@@ -51,15 +51,22 @@
* This routine sends a fib to the adapter on behalf of a user level
* program.
*/
+# define AAC_DEBUG_PREAMBLE KERN_INFO
+# define AAC_DEBUG_POSTAMBLE
static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
{
struct hw_fib * kfib;
struct fib *fibptr;
+ struct hw_fib * hw_fib = (struct hw_fib *)0;
+ dma_addr_t hw_fib_pa = (dma_addr_t)0LL;
+ unsigned size;
+ int retval;
fibptr = fib_alloc(dev);
- if(fibptr == NULL)
+ if(fibptr == NULL) {
return -ENOMEM;
+ }
kfib = fibptr->hw_fib;
/*
@@ -74,19 +81,24 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
* will not overrun the buffer when we copy the memory. Return
* an error if we would.
*/
- if (le16_to_cpu(kfib->header.Size) >
- sizeof(struct hw_fib) - sizeof(struct aac_fibhdr)) {
- fib_free(fibptr);
- return -EINVAL;
+ size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr);
+ if (size < le16_to_cpu(kfib->header.SenderSize))
+ size = le16_to_cpu(kfib->header.SenderSize);
+ if (size > dev->max_fib_size) {
+ /* Highjack the hw_fib */
+ hw_fib = fibptr->hw_fib;
+ hw_fib_pa = fibptr->hw_fib_pa;
+ fibptr->hw_fib = kfib = pci_alloc_consistent(dev->pdev, size, &fibptr->hw_fib_pa);
+ memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size);
+ memcpy(kfib, hw_fib, dev->max_fib_size);
}
- if (copy_from_user(kfib, arg, le16_to_cpu(kfib->header.Size) +
- sizeof(struct aac_fibhdr))) {
- fib_free(fibptr);
- return -EFAULT;
+ if (copy_from_user(kfib, arg, size)) {
+ retval = -EFAULT;
+ goto cleanup;
}
- if (kfib->header.Command == cpu_to_le32(TakeABreakPt)) {
+ if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) {
aac_adapter_interrupt(dev);
/*
* Since we didn't really send a fib, zero out the state to allow
@@ -94,16 +106,15 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
*/
kfib->header.XferState = 0;
} else {
- int retval = fib_send(kfib->header.Command, fibptr,
+ retval = fib_send(le16_to_cpu(kfib->header.Command), fibptr,
le16_to_cpu(kfib->header.Size) , FsaNormal,
1, 1, NULL, NULL);
if (retval) {
- fib_free(fibptr);
- return retval;
+ goto cleanup;
}
if (fib_complete(fibptr) != 0) {
- fib_free(fibptr);
- return -EINVAL;
+ retval = -EINVAL;
+ goto cleanup;
}
}
/*
@@ -114,12 +125,17 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg)
* was already included by the adapter.)
*/
- if (copy_to_user(arg, (void *)kfib, kfib->header.Size)) {
- fib_free(fibptr);
- return -EFAULT;
+ retval = 0;
+ if (copy_to_user(arg, (void *)kfib, size))
+ retval = -EFAULT;
+cleanup:
+ if (hw_fib) {
+ pci_free_consistent(dev->pdev, size, kfib, fibptr->hw_fib_pa);
+ fibptr->hw_fib_pa = hw_fib_pa;
+ fibptr->hw_fib = hw_fib;
}
fib_free(fibptr);
- return 0;
+ return retval;
}
/**
@@ -391,26 +407,28 @@ static int check_revision(struct aac_dev *dev, void __user *arg)
struct revision response;
response.compat = 1;
- response.version = dev->adapter_info.kernelrev;
- response.build = dev->adapter_info.kernelbuild;
+ response.version = le32_to_cpu(dev->adapter_info.kernelrev);
+ response.build = le32_to_cpu(dev->adapter_info.kernelbuild);
if (copy_to_user(arg, &response, sizeof(response)))
return -EFAULT;
return 0;
}
+
/**
*
* aac_send_raw_scb
*
*/
-int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
+static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
{
struct fib* srbfib;
int status;
- struct aac_srb *srbcmd;
- struct aac_srb __user *user_srb = arg;
+ struct aac_srb *srbcmd = NULL;
+ struct user_aac_srb *user_srbcmd = NULL;
+ struct user_aac_srb __user *user_srb = arg;
struct aac_srb_reply __user *user_reply;
struct aac_srb_reply* reply;
u32 fibsize = 0;
@@ -426,7 +444,7 @@ int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
if (!capable(CAP_SYS_ADMIN)){
- printk(KERN_DEBUG"aacraid: No permission to send raw srb\n");
+ dprintk((KERN_DEBUG"aacraid: No permission to send raw srb\n"));
return -EPERM;
}
/*
@@ -439,37 +457,45 @@ int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
srbcmd = (struct aac_srb*) fib_data(srbfib);
+ memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */
if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){
- printk(KERN_DEBUG"aacraid: Could not copy data size from user\n");
+ dprintk((KERN_DEBUG"aacraid: Could not copy data size from user\n"));
rcode = -EFAULT;
goto cleanup;
}
- if (fibsize > FIB_DATA_SIZE_IN_BYTES) {
+ if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) {
rcode = -EINVAL;
goto cleanup;
}
- if(copy_from_user(srbcmd, user_srb,fibsize)){
- printk(KERN_DEBUG"aacraid: Could not copy srb from user\n");
+ user_srbcmd = kmalloc(GFP_KERNEL, fibsize);
+ if (!user_srbcmd) {
+ dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n"));
+ rcode = -ENOMEM;
+ goto cleanup;
+ }
+ if(copy_from_user(user_srbcmd, user_srb,fibsize)){
+ dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n"));
rcode = -EFAULT;
goto cleanup;
}
user_reply = arg+fibsize;
- flags = srbcmd->flags;
+ flags = user_srbcmd->flags; /* from user in cpu order */
// Fix up srb for endian and force some values
+
srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); // Force this
- srbcmd->channel = cpu_to_le32(srbcmd->channel);
- srbcmd->id = cpu_to_le32(srbcmd->id);
- srbcmd->lun = cpu_to_le32(srbcmd->lun);
- srbcmd->flags = cpu_to_le32(srbcmd->flags);
- srbcmd->timeout = cpu_to_le32(srbcmd->timeout);
+ srbcmd->channel = cpu_to_le32(user_srbcmd->channel);
+ srbcmd->id = cpu_to_le32(user_srbcmd->id);
+ srbcmd->lun = cpu_to_le32(user_srbcmd->lun);
+ srbcmd->flags = cpu_to_le32(flags);
+ srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout);
srbcmd->retry_limit =cpu_to_le32(0); // Obsolete parameter
- srbcmd->cdb_size = cpu_to_le32(srbcmd->cdb_size);
+ srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size);
- switch (srbcmd->flags & (SRB_DataIn | SRB_DataOut)) {
+ switch (flags & (SRB_DataIn | SRB_DataOut)) {
case SRB_DataOut:
data_dir = DMA_TO_DEVICE;
break;
@@ -482,118 +508,148 @@ int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
default:
data_dir = DMA_NONE;
}
+ if (le32_to_cpu(srbcmd->sg.count) > (sizeof(sg_list)/sizeof(sg_list[0]))) {
+ dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n",
+ le32_to_cpu(srbcmd->sg.count)));
+ rcode = -EINVAL;
+ goto cleanup;
+ }
if (dev->dac_support == 1) {
- struct sgmap64* psg = (struct sgmap64*)&srbcmd->sg;
+ struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg;
+ struct sgmap64* psg = (struct sgmap64*)&user_srbcmd->sg;
+ struct user_sgmap* usg;
byte_count = 0;
/*
* This should also catch if user used the 32 bit sgmap
*/
actual_fibsize = sizeof(struct aac_srb) -
- sizeof(struct sgentry) + ((srbcmd->sg.count & 0xff) *
- sizeof(struct sgentry64));
+ sizeof(struct sgentry) +
+ ((upsg->count & 0xff) *
+ sizeof(struct sgentry));
if(actual_fibsize != fibsize){ // User made a mistake - should not continue
- printk(KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n");
+ dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"));
rcode = -EINVAL;
goto cleanup;
}
- if ((data_dir == DMA_NONE) && psg->count) {
- printk(KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n");
+ usg = kmalloc(actual_fibsize - sizeof(struct aac_srb)
+ + sizeof(struct sgmap), GFP_KERNEL);
+ if (!usg) {
+ dprintk((KERN_DEBUG"aacraid: Allocation error in Raw SRB command\n"));
+ rcode = -ENOMEM;
+ goto cleanup;
+ }
+ memcpy (usg, upsg, actual_fibsize - sizeof(struct aac_srb)
+ + sizeof(struct sgmap));
+ actual_fibsize = sizeof(struct aac_srb) -
+ sizeof(struct sgentry) + ((usg->count & 0xff) *
+ sizeof(struct sgentry64));
+ if ((data_dir == DMA_NONE) && upsg->count) {
+ kfree (usg);
+ dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n"));
rcode = -EINVAL;
goto cleanup;
}
- for (i = 0; i < psg->count; i++) {
- dma_addr_t addr;
- u64 le_addr;
+ for (i = 0; i < usg->count; i++) {
+ u64 addr;
void* p;
- p = kmalloc(psg->sg[i].count,GFP_KERNEL|__GFP_DMA);
+ /* Does this really need to be GFP_DMA? */
+ p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA);
if(p == 0) {
- printk(KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n",
- psg->sg[i].count,i,psg->count);
+ kfree (usg);
+ dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n",
+ usg->sg[i].count,i,usg->count));
rcode = -ENOMEM;
goto cleanup;
}
- sg_user[i] = (void __user *)psg->sg[i].addr;
+ sg_user[i] = (void __user *)usg->sg[i].addr;
sg_list[i] = p; // save so we can clean up later
sg_indx = i;
if( flags & SRB_DataOut ){
- if(copy_from_user(p,sg_user[i],psg->sg[i].count)){
- printk(KERN_DEBUG"aacraid: Could not copy sg data from user\n");
+ if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){
+ kfree (usg);
+ dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n"));
rcode = -EFAULT;
goto cleanup;
}
}
- addr = pci_map_single(dev->pdev, p, psg->sg[i].count, data_dir);
+ addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir);
- le_addr = cpu_to_le64(addr);
- psg->sg[i].addr[1] = (u32)(le_addr>>32);
- psg->sg[i].addr[0] = (u32)(le_addr & 0xffffffff);
- psg->sg[i].count = cpu_to_le32(psg->sg[i].count);
- byte_count += psg->sg[i].count;
+ psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff);
+ psg->sg[i].addr[1] = cpu_to_le32(addr>>32);
+ psg->sg[i].count = cpu_to_le32(usg->sg[i].count);
+ byte_count += usg->sg[i].count;
}
+ kfree (usg);
srbcmd->count = cpu_to_le32(byte_count);
+ psg->count = cpu_to_le32(sg_indx+1);
status = fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL);
} else {
+ struct user_sgmap* upsg = &user_srbcmd->sg;
struct sgmap* psg = &srbcmd->sg;
byte_count = 0;
- actual_fibsize = sizeof (struct aac_srb) +
- (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) *
- sizeof (struct sgentry));
+ actual_fibsize = sizeof (struct aac_srb) + (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * sizeof (struct sgentry));
if(actual_fibsize != fibsize){ // User made a mistake - should not continue
- printk(KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n");
+ dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"));
rcode = -EINVAL;
goto cleanup;
}
- if ((data_dir == DMA_NONE) && psg->count) {
- printk(KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n");
+ if ((data_dir == DMA_NONE) && upsg->count) {
+ dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n"));
rcode = -EINVAL;
goto cleanup;
}
- for (i = 0; i < psg->count; i++) {
+ for (i = 0; i < upsg->count; i++) {
dma_addr_t addr;
void* p;
- p = kmalloc(psg->sg[i].count,GFP_KERNEL);
+ p = kmalloc(upsg->sg[i].count, GFP_KERNEL);
if(p == 0) {
- printk(KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n",
- psg->sg[i].count,i,psg->count);
+ dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n",
+ upsg->sg[i].count, i, upsg->count));
rcode = -ENOMEM;
goto cleanup;
}
- sg_user[i] = (void __user *)(psg->sg[i].addr);
+ sg_user[i] = (void __user *)upsg->sg[i].addr;
sg_list[i] = p; // save so we can clean up later
sg_indx = i;
if( flags & SRB_DataOut ){
- if(copy_from_user(p,sg_user[i],psg->sg[i].count)){
- printk(KERN_DEBUG"aacraid: Could not copy sg data from user\n");
+ if(copy_from_user(p, sg_user[i],
+ upsg->sg[i].count)) {
+ dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n"));
rcode = -EFAULT;
goto cleanup;
}
}
- addr = pci_map_single(dev->pdev, p, psg->sg[i].count, data_dir);
+ addr = pci_map_single(dev->pdev, p,
+ upsg->sg[i].count, data_dir);
psg->sg[i].addr = cpu_to_le32(addr);
- psg->sg[i].count = cpu_to_le32(psg->sg[i].count);
- byte_count += psg->sg[i].count;
+ psg->sg[i].count = cpu_to_le32(upsg->sg[i].count);
+ byte_count += upsg->sg[i].count;
}
srbcmd->count = cpu_to_le32(byte_count);
+ psg->count = cpu_to_le32(sg_indx+1);
status = fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL);
}
if (status != 0){
- printk(KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n");
+ dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n"));
rcode = -1;
goto cleanup;
}
if( flags & SRB_DataIn ) {
for(i = 0 ; i <= sg_indx; i++){
- if(copy_to_user(sg_user[i],sg_list[i],le32_to_cpu(srbcmd->sg.sg[i].count))){
- printk(KERN_DEBUG"aacraid: Could not copy sg data to user\n");
+ byte_count = le32_to_cpu((dev->dac_support == 1)
+ ? ((struct sgmap64*)&srbcmd->sg)->sg[i].count
+ : srbcmd->sg.sg[i].count);
+ if(copy_to_user(sg_user[i], sg_list[i], byte_count)){
+ dprintk((KERN_DEBUG"aacraid: Could not copy sg data to user\n"));
rcode = -EFAULT;
goto cleanup;
@@ -603,12 +659,13 @@ int aac_send_raw_srb(struct aac_dev* dev, void __user * arg)
reply = (struct aac_srb_reply *) fib_data(srbfib);
if(copy_to_user(user_reply,reply,sizeof(struct aac_srb_reply))){
- printk(KERN_DEBUG"aacraid: Could not copy reply to user\n");
+ dprintk((KERN_DEBUG"aacraid: Could not copy reply to user\n"));
rcode = -EFAULT;
goto cleanup;
}
cleanup:
+ kfree(user_srbcmd);
for(i=0; i <= sg_indx; i++){
kfree(sg_list[i]);
}
@@ -618,14 +675,13 @@ cleanup:
return rcode;
}
-
struct aac_pci_info {
u32 bus;
u32 slot;
};
-int aac_get_pci_info(struct aac_dev* dev, void __user *arg)
+static int aac_get_pci_info(struct aac_dev* dev, void __user *arg)
{
struct aac_pci_info pci_info;
@@ -633,11 +689,11 @@ int aac_get_pci_info(struct aac_dev* dev, void __user *arg)
pci_info.slot = PCI_SLOT(dev->pdev->devfn);
if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) {
- printk(KERN_DEBUG "aacraid: Could not copy pci info\n");
+ dprintk((KERN_DEBUG "aacraid: Could not copy pci info\n"));
return -EFAULT;
}
return 0;
- }
+}
int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg)
@@ -656,6 +712,7 @@ int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg)
case FSACTL_MINIPORT_REV_CHECK:
status = check_revision(dev, arg);
break;
+ case FSACTL_SEND_LARGE_FIB:
case FSACTL_SENDFIB:
status = ioctl_send_fib(dev, arg);
break;