ClabureDB: Classified Bug-Reports Database

Project: Linux Kernel

Showing error 1570

User:	Jiri Slaby
Error type:	Leaving function in locked state
Error type description:	Some lock is not unlocked on all paths of a function, so it is leaked
File location:	drivers/block/cciss_scsi.c
Line in file:	1647
Project:	Linux Kernel
Project version:	2.6.28
Tools:	Stanse (1.2)
Entered:	2012-05-29 20:11:37 UTC
Source:

   1/*
   2 *    Disk Array driver for HP Smart Array controllers, SCSI Tape module.
   3 *    (C) Copyright 2001, 2007 Hewlett-Packard Development Company, L.P.
   4 *
   5 *    This program is free software; you can redistribute it and/or modify
   6 *    it under the terms of the GNU General Public License as published by
   7 *    the Free Software Foundation; version 2 of the License.
   8 *
   9 *    This program is distributed in the hope that it will be useful,
  10 *    but WITHOUT ANY WARRANTY; without even the implied warranty of
  11 *    MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  12 *    General Public License for more details.
  13 *
  14 *    You should have received a copy of the GNU General Public License
  15 *    along with this program; if not, write to the Free Software
  16 *    Foundation, Inc., 59 Temple Place, Suite 300, Boston, MA
  17 *    02111-1307, USA.
  18 *
  19 *    Questions/Comments/Bugfixes to iss_storagedev@hp.com
  20 *    
  21 *    Author: Stephen M. Cameron
  22 */
  23#ifdef CONFIG_CISS_SCSI_TAPE
  24
  25/* Here we have code to present the driver as a scsi driver 
  26   as it is simultaneously presented as a block driver.  The 
  27   reason for doing this is to allow access to SCSI tape drives
  28   through the array controller.  Note in particular, neither 
  29   physical nor logical disks are presented through the scsi layer. */
  30
  31#include <linux/timer.h>
  32#include <linux/completion.h>
  33#include <linux/slab.h>
  34#include <linux/string.h>
  35
  36#include <asm/atomic.h>
  37
  38#include <scsi/scsi_cmnd.h>
  39#include <scsi/scsi_device.h>
  40#include <scsi/scsi_host.h> 
  41
  42#include "cciss_scsi.h"
  43
  44#define CCISS_ABORT_MSG 0x00
  45#define CCISS_RESET_MSG 0x01
  46
  47/* some prototypes... */ 
  48static int sendcmd(
  49        __u8        cmd,
  50        int        ctlr,
  51        void        *buff,
  52        size_t        size,
  53        unsigned int use_unit_num, /* 0: address the controller,
  54                                      1: address logical volume log_unit, 
  55                                      2: address is in scsi3addr */
  56        unsigned int log_unit,
  57        __u8        page_code,
  58        unsigned char *scsi3addr,
  59        int cmd_type);
  60
  61
  62static int cciss_scsi_proc_info(
  63                struct Scsi_Host *sh,
  64                char *buffer, /* data buffer */
  65                char **start,            /* where data in buffer starts */
  66                off_t offset,           /* offset from start of imaginary file */
  67                int length,            /* length of data in buffer */
  68                int func);           /* 0 == read, 1 == write */
  69
  70static int cciss_scsi_queue_command (struct scsi_cmnd *cmd,
  71                void (* done)(struct scsi_cmnd *));
  72static int cciss_eh_device_reset_handler(struct scsi_cmnd *);
  73static int cciss_eh_abort_handler(struct scsi_cmnd *);
  74
  75static struct cciss_scsi_hba_t ccissscsi[MAX_CTLR] = {
  76        { .name = "cciss0", .ndevices = 0 },
  77        { .name = "cciss1", .ndevices = 0 },
  78        { .name = "cciss2", .ndevices = 0 },
  79        { .name = "cciss3", .ndevices = 0 },
  80        { .name = "cciss4", .ndevices = 0 },
  81        { .name = "cciss5", .ndevices = 0 },
  82        { .name = "cciss6", .ndevices = 0 },
  83        { .name = "cciss7", .ndevices = 0 },
  84};
  85
  86static struct scsi_host_template cciss_driver_template = {
  87        .module                        = THIS_MODULE,
  88        .name                        = "cciss",
  89        .proc_name                = "cciss",
  90        .proc_info                = cciss_scsi_proc_info,
  91        .queuecommand                = cciss_scsi_queue_command,
  92        .can_queue                = SCSI_CCISS_CAN_QUEUE,
  93        .this_id                = 7,
  94        .sg_tablesize                = MAXSGENTRIES,
  95        .cmd_per_lun                = 1,
  96        .use_clustering                = DISABLE_CLUSTERING,
  97        /* Can't have eh_bus_reset_handler or eh_host_reset_handler for cciss */
  98        .eh_device_reset_handler= cciss_eh_device_reset_handler,
  99        .eh_abort_handler        = cciss_eh_abort_handler,
 100};
 101
 102#pragma pack(1)
 103struct cciss_scsi_cmd_stack_elem_t {
 104        CommandList_struct cmd;
 105        ErrorInfo_struct Err;
 106        __u32 busaddr;
 107        __u32 pad;
 108};
 109
 110#pragma pack()
 111
 112#define CMD_STACK_SIZE (SCSI_CCISS_CAN_QUEUE * \
 113                CCISS_MAX_SCSI_DEVS_PER_HBA + 2)
 114                        // plus two for init time usage
 115
 116#pragma pack(1)
 117struct cciss_scsi_cmd_stack_t {
 118        struct cciss_scsi_cmd_stack_elem_t *pool;
 119        struct cciss_scsi_cmd_stack_elem_t *elem[CMD_STACK_SIZE];
 120        dma_addr_t cmd_pool_handle;
 121        int top;
 122};
 123#pragma pack()
 124
 125struct cciss_scsi_adapter_data_t {
 126        struct Scsi_Host *scsi_host;
 127        struct cciss_scsi_cmd_stack_t cmd_stack;
 128        int registered;
 129        spinlock_t lock; // to protect ccissscsi[ctlr]; 
 130};
 131
 132#define CPQ_TAPE_LOCK(ctlr, flags) spin_lock_irqsave( \
 133        &(((struct cciss_scsi_adapter_data_t *) \
 134        hba[ctlr]->scsi_ctlr)->lock), flags);
 135#define CPQ_TAPE_UNLOCK(ctlr, flags) spin_unlock_irqrestore( \
 136        &(((struct cciss_scsi_adapter_data_t *) \
 137        hba[ctlr]->scsi_ctlr)->lock), flags);
 138
 139static CommandList_struct *
 140scsi_cmd_alloc(ctlr_info_t *h)
 141{
 142        /* assume only one process in here at a time, locking done by caller. */
 143        /* use CCISS_LOCK(ctlr) */
 144        /* might be better to rewrite how we allocate scsi commands in a way that */
 145        /* needs no locking at all. */
 146
 147        /* take the top memory chunk off the stack and return it, if any. */
 148        struct cciss_scsi_cmd_stack_elem_t *c;
 149        struct cciss_scsi_adapter_data_t *sa;
 150        struct cciss_scsi_cmd_stack_t *stk;
 151        u64bit temp64;
 152
 153        sa = (struct cciss_scsi_adapter_data_t *) h->scsi_ctlr;
 154        stk = &sa->cmd_stack; 
 155
 156        if (stk->top < 0) 
 157                return NULL;
 158        c = stk->elem[stk->top];         
 159        /* memset(c, 0, sizeof(*c)); */
 160        memset(&c->cmd, 0, sizeof(c->cmd));
 161        memset(&c->Err, 0, sizeof(c->Err));
 162        /* set physical addr of cmd and addr of scsi parameters */
 163        c->cmd.busaddr = c->busaddr; 
 164        /* (__u32) (stk->cmd_pool_handle + 
 165                (sizeof(struct cciss_scsi_cmd_stack_elem_t)*stk->top)); */
 166
 167        temp64.val = (__u64) (c->busaddr + sizeof(CommandList_struct));
 168        /* (__u64) (stk->cmd_pool_handle + 
 169                (sizeof(struct cciss_scsi_cmd_stack_elem_t)*stk->top) +
 170                 sizeof(CommandList_struct)); */
 171        stk->top--;
 172        c->cmd.ErrDesc.Addr.lower = temp64.val32.lower;
 173        c->cmd.ErrDesc.Addr.upper = temp64.val32.upper;
 174        c->cmd.ErrDesc.Len = sizeof(ErrorInfo_struct);
 175        
 176        c->cmd.ctlr = h->ctlr;
 177        c->cmd.err_info = &c->Err;
 178
 179        return (CommandList_struct *) c;
 180}
 181
 182static void 
 183scsi_cmd_free(ctlr_info_t *h, CommandList_struct *cmd)
 184{
 185        /* assume only one process in here at a time, locking done by caller. */
 186        /* use CCISS_LOCK(ctlr) */
 187        /* drop the free memory chunk on top of the stack. */
 188
 189        struct cciss_scsi_adapter_data_t *sa;
 190        struct cciss_scsi_cmd_stack_t *stk;
 191
 192        sa = (struct cciss_scsi_adapter_data_t *) h->scsi_ctlr;
 193        stk = &sa->cmd_stack; 
 194        if (stk->top >= CMD_STACK_SIZE) {
 195                printk("cciss: scsi_cmd_free called too many times.\n");
 196                BUG();
 197        }
 198        stk->top++;
 199        stk->elem[stk->top] = (struct cciss_scsi_cmd_stack_elem_t *) cmd;
 200}
 201
 202static int
 203scsi_cmd_stack_setup(int ctlr, struct cciss_scsi_adapter_data_t *sa)
 204{
 205        int i;
 206        struct cciss_scsi_cmd_stack_t *stk;
 207        size_t size;
 208
 209        stk = &sa->cmd_stack; 
 210        size = sizeof(struct cciss_scsi_cmd_stack_elem_t) * CMD_STACK_SIZE;
 211
 212        // pci_alloc_consistent guarantees 32-bit DMA address will
 213        // be used
 214
 215        stk->pool = (struct cciss_scsi_cmd_stack_elem_t *)
 216                pci_alloc_consistent(hba[ctlr]->pdev, size, &stk->cmd_pool_handle);
 217
 218        if (stk->pool == NULL) {
 219                printk("stk->pool is null\n");
 220                return -1;
 221        }
 222
 223        for (i=0; i<CMD_STACK_SIZE; i++) {
 224                stk->elem[i] = &stk->pool[i];
 225                stk->elem[i]->busaddr = (__u32) (stk->cmd_pool_handle + 
 226                        (sizeof(struct cciss_scsi_cmd_stack_elem_t) * i));
 227        }
 228        stk->top = CMD_STACK_SIZE-1;
 229        return 0;
 230}
 231
 232static void
 233scsi_cmd_stack_free(int ctlr)
 234{
 235        struct cciss_scsi_adapter_data_t *sa;
 236        struct cciss_scsi_cmd_stack_t *stk;
 237        size_t size;
 238
 239        sa = (struct cciss_scsi_adapter_data_t *) hba[ctlr]->scsi_ctlr;
 240        stk = &sa->cmd_stack; 
 241        if (stk->top != CMD_STACK_SIZE-1) {
 242                printk( "cciss: %d scsi commands are still outstanding.\n",
 243                        CMD_STACK_SIZE - stk->top);
 244                // BUG();
 245                printk("WE HAVE A BUG HERE!!! stk=0x%p\n", stk);
 246        }
 247        size = sizeof(struct cciss_scsi_cmd_stack_elem_t) * CMD_STACK_SIZE;
 248
 249        pci_free_consistent(hba[ctlr]->pdev, size, stk->pool, stk->cmd_pool_handle);
 250        stk->pool = NULL;
 251}
 252
 253#if 0
 254static int xmargin=8;
 255static int amargin=60;
 256
 257static void
 258print_bytes (unsigned char *c, int len, int hex, int ascii)
 259{
 260
 261        int i;
 262        unsigned char *x;
 263
 264        if (hex)
 265        {
 266                x = c;
 267                for (i=0;i<len;i++)
 268                {
 269                        if ((i % xmargin) == 0 && i>0) printk("\n");
 270                        if ((i % xmargin) == 0) printk("0x%04x:", i);
 271                        printk(" %02x", *x);
 272                        x++;
 273                }
 274                printk("\n");
 275        }
 276        if (ascii)
 277        {
 278                x = c;
 279                for (i=0;i<len;i++)
 280                {
 281                        if ((i % amargin) == 0 && i>0) printk("\n");
 282                        if ((i % amargin) == 0) printk("0x%04x:", i);
 283                        if (*x > 26 && *x < 128) printk("%c", *x);
 284                        else printk(".");
 285                        x++;
 286                }
 287                printk("\n");
 288        }
 289}
 290
 291static void
 292print_cmd(CommandList_struct *cp)
 293{
 294        printk("queue:%d\n", cp->Header.ReplyQueue);
 295        printk("sglist:%d\n", cp->Header.SGList);
 296        printk("sgtot:%d\n", cp->Header.SGTotal);
 297        printk("Tag:0x%08x/0x%08x\n", cp->Header.Tag.upper, 
 298                        cp->Header.Tag.lower);
 299        printk("LUN:0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
 300                cp->Header.LUN.LunAddrBytes[0],
 301                cp->Header.LUN.LunAddrBytes[1],
 302                cp->Header.LUN.LunAddrBytes[2],
 303                cp->Header.LUN.LunAddrBytes[3],
 304                cp->Header.LUN.LunAddrBytes[4],
 305                cp->Header.LUN.LunAddrBytes[5],
 306                cp->Header.LUN.LunAddrBytes[6],
 307                cp->Header.LUN.LunAddrBytes[7]);
 308        printk("CDBLen:%d\n", cp->Request.CDBLen);
 309        printk("Type:%d\n",cp->Request.Type.Type);
 310        printk("Attr:%d\n",cp->Request.Type.Attribute);
 311        printk(" Dir:%d\n",cp->Request.Type.Direction);
 312        printk("Timeout:%d\n",cp->Request.Timeout);
 313        printk( "CDB: %02x %02x %02x %02x %02x %02x %02x %02x"
 314                " %02x %02x %02x %02x %02x %02x %02x %02x\n",
 315                cp->Request.CDB[0], cp->Request.CDB[1],
 316                cp->Request.CDB[2], cp->Request.CDB[3],
 317                cp->Request.CDB[4], cp->Request.CDB[5],
 318                cp->Request.CDB[6], cp->Request.CDB[7],
 319                cp->Request.CDB[8], cp->Request.CDB[9],
 320                cp->Request.CDB[10], cp->Request.CDB[11],
 321                cp->Request.CDB[12], cp->Request.CDB[13],
 322                cp->Request.CDB[14], cp->Request.CDB[15]),
 323        printk("edesc.Addr: 0x%08x/0%08x, Len  = %d\n", 
 324                cp->ErrDesc.Addr.upper, cp->ErrDesc.Addr.lower, 
 325                        cp->ErrDesc.Len);
 326        printk("sgs..........Errorinfo:\n");
 327        printk("scsistatus:%d\n", cp->err_info->ScsiStatus);
 328        printk("senselen:%d\n", cp->err_info->SenseLen);
 329        printk("cmd status:%d\n", cp->err_info->CommandStatus);
 330        printk("resid cnt:%d\n", cp->err_info->ResidualCnt);
 331        printk("offense size:%d\n", cp->err_info->MoreErrInfo.Invalid_Cmd.offense_size);
 332        printk("offense byte:%d\n", cp->err_info->MoreErrInfo.Invalid_Cmd.offense_num);
 333        printk("offense value:%d\n", cp->err_info->MoreErrInfo.Invalid_Cmd.offense_value);
 334                        
 335}
 336
 337#endif
 338
 339static int 
 340find_bus_target_lun(int ctlr, int *bus, int *target, int *lun)
 341{
 342        /* finds an unused bus, target, lun for a new device */
 343        /* assumes hba[ctlr]->scsi_ctlr->lock is held */ 
 344        int i, found=0;
 345        unsigned char target_taken[CCISS_MAX_SCSI_DEVS_PER_HBA];
 346
 347        memset(&target_taken[0], 0, CCISS_MAX_SCSI_DEVS_PER_HBA);
 348
 349        target_taken[SELF_SCSI_ID] = 1;        
 350        for (i=0;i<ccissscsi[ctlr].ndevices;i++)
 351                target_taken[ccissscsi[ctlr].dev[i].target] = 1;
 352        
 353        for (i=0;i<CCISS_MAX_SCSI_DEVS_PER_HBA;i++) {
 354                if (!target_taken[i]) {
 355                        *bus = 0; *target=i; *lun = 0; found=1;
 356                        break;
 357                }
 358        }
 359        return (!found);        
 360}
 361struct scsi2map {
 362        char scsi3addr[8];
 363        int bus, target, lun;
 364};
 365
 366static int 
 367cciss_scsi_add_entry(int ctlr, int hostno, 
 368                struct cciss_scsi_dev_t *device,
 369                struct scsi2map *added, int *nadded)
 370{
 371        /* assumes hba[ctlr]->scsi_ctlr->lock is held */ 
 372        int n = ccissscsi[ctlr].ndevices;
 373        struct cciss_scsi_dev_t *sd;
 374        int i, bus, target, lun;
 375        unsigned char addr1[8], addr2[8];
 376
 377        if (n >= CCISS_MAX_SCSI_DEVS_PER_HBA) {
 378                printk("cciss%d: Too many devices, "
 379                        "some will be inaccessible.\n", ctlr);
 380                return -1;
 381        }
 382
 383        bus = target = -1;
 384        lun = 0;
 385        /* Is this device a non-zero lun of a multi-lun device */
 386        /* byte 4 of the 8-byte LUN addr will contain the logical unit no. */
 387        if (device->scsi3addr[4] != 0) {
 388                /* Search through our list and find the device which */
 389                /* has the same 8 byte LUN address, excepting byte 4. */
 390                /* Assign the same bus and target for this new LUN. */
 391                /* Use the logical unit number from the firmware. */
 392                memcpy(addr1, device->scsi3addr, 8);
 393                addr1[4] = 0;
 394                for (i = 0; i < n; i++) {
 395                        sd = &ccissscsi[ctlr].dev[i];
 396                        memcpy(addr2, sd->scsi3addr, 8);
 397                        addr2[4] = 0;
 398                        /* differ only in byte 4? */
 399                        if (memcmp(addr1, addr2, 8) == 0) {
 400                                bus = sd->bus;
 401                                target = sd->target;
 402                                lun = device->scsi3addr[4];
 403                                break;
 404                        }
 405                }
 406        }
 407
 408        sd = &ccissscsi[ctlr].dev[n];
 409        if (lun == 0) {
 410                if (find_bus_target_lun(ctlr,
 411                        &sd->bus, &sd->target, &sd->lun) != 0)
 412                        return -1;
 413        } else {
 414                sd->bus = bus;
 415                sd->target = target;
 416                sd->lun = lun;
 417        }
 418        added[*nadded].bus = sd->bus;
 419        added[*nadded].target = sd->target;
 420        added[*nadded].lun = sd->lun;
 421        (*nadded)++;
 422
 423        memcpy(sd->scsi3addr, device->scsi3addr, 8);
 424        memcpy(sd->vendor, device->vendor, sizeof(sd->vendor));
 425        memcpy(sd->revision, device->revision, sizeof(sd->revision));
 426        memcpy(sd->device_id, device->device_id, sizeof(sd->device_id));
 427        sd->devtype = device->devtype;
 428
 429        ccissscsi[ctlr].ndevices++;
 430
 431        /* initially, (before registering with scsi layer) we don't 
 432           know our hostno and we don't want to print anything first 
 433           time anyway (the scsi layer's inquiries will show that info) */
 434        if (hostno != -1)
 435                printk("cciss%d: %s device c%db%dt%dl%d added.\n", 
 436                        ctlr, scsi_device_type(sd->devtype), hostno,
 437                        sd->bus, sd->target, sd->lun);
 438        return 0;
 439}
 440
 441static void
 442cciss_scsi_remove_entry(int ctlr, int hostno, int entry,
 443        struct scsi2map *removed, int *nremoved)
 444{
 445        /* assumes hba[ctlr]->scsi_ctlr->lock is held */ 
 446        int i;
 447        struct cciss_scsi_dev_t sd;
 448
 449        if (entry < 0 || entry >= CCISS_MAX_SCSI_DEVS_PER_HBA) return;
 450        sd = ccissscsi[ctlr].dev[entry];
 451        removed[*nremoved].bus    = sd.bus;
 452        removed[*nremoved].target = sd.target;
 453        removed[*nremoved].lun    = sd.lun;
 454        (*nremoved)++;
 455        for (i=entry;i<ccissscsi[ctlr].ndevices-1;i++)
 456                ccissscsi[ctlr].dev[i] = ccissscsi[ctlr].dev[i+1];
 457        ccissscsi[ctlr].ndevices--;
 458        printk("cciss%d: %s device c%db%dt%dl%d removed.\n",
 459                ctlr, scsi_device_type(sd.devtype), hostno,
 460                        sd.bus, sd.target, sd.lun);
 461}
 462
 463
 464#define SCSI3ADDR_EQ(a,b) ( \
 465        (a)[7] == (b)[7] && \
 466        (a)[6] == (b)[6] && \
 467        (a)[5] == (b)[5] && \
 468        (a)[4] == (b)[4] && \
 469        (a)[3] == (b)[3] && \
 470        (a)[2] == (b)[2] && \
 471        (a)[1] == (b)[1] && \
 472        (a)[0] == (b)[0])
 473
 474static void fixup_botched_add(int ctlr, char *scsi3addr)
 475{
 476        /* called when scsi_add_device fails in order to re-adjust */
 477        /* ccissscsi[] to match the mid layer's view. */
 478        unsigned long flags;
 479        int i, j;
 480        CPQ_TAPE_LOCK(ctlr, flags);
 481        for (i = 0; i < ccissscsi[ctlr].ndevices; i++) {
 482                if (memcmp(scsi3addr,
 483                                ccissscsi[ctlr].dev[i].scsi3addr, 8) == 0) {
 484                        for (j = i; j < ccissscsi[ctlr].ndevices-1; j++)
 485                                ccissscsi[ctlr].dev[j] =
 486                                        ccissscsi[ctlr].dev[j+1];
 487                        ccissscsi[ctlr].ndevices--;
 488                        break;
 489                }
 490        }
 491        CPQ_TAPE_UNLOCK(ctlr, flags);
 492}
 493
 494static int device_is_the_same(struct cciss_scsi_dev_t *dev1,
 495        struct cciss_scsi_dev_t *dev2)
 496{
 497        return dev1->devtype == dev2->devtype &&
 498                memcmp(dev1->scsi3addr, dev2->scsi3addr,
 499                        sizeof(dev1->scsi3addr)) == 0 &&
 500                memcmp(dev1->device_id, dev2->device_id,
 501                        sizeof(dev1->device_id)) == 0 &&
 502                memcmp(dev1->vendor, dev2->vendor,
 503                        sizeof(dev1->vendor)) == 0 &&
 504                memcmp(dev1->model, dev2->model,
 505                        sizeof(dev1->model)) == 0 &&
 506                memcmp(dev1->revision, dev2->revision,
 507                        sizeof(dev1->revision)) == 0;
 508}
 509
 510static int
 511adjust_cciss_scsi_table(int ctlr, int hostno,
 512        struct cciss_scsi_dev_t sd[], int nsds)
 513{
 514        /* sd contains scsi3 addresses and devtypes, but
 515           bus target and lun are not filled in.  This funciton
 516           takes what's in sd to be the current and adjusts
 517           ccissscsi[] to be in line with what's in sd. */ 
 518
 519        int i,j, found, changes=0;
 520        struct cciss_scsi_dev_t *csd;
 521        unsigned long flags;
 522        struct scsi2map *added, *removed;
 523        int nadded, nremoved;
 524        struct Scsi_Host *sh = NULL;
 525
 526        added = kzalloc(sizeof(*added) * CCISS_MAX_SCSI_DEVS_PER_HBA,
 527                        GFP_KERNEL);
 528        removed = kzalloc(sizeof(*removed) * CCISS_MAX_SCSI_DEVS_PER_HBA,
 529                        GFP_KERNEL);
 530
 531        if (!added || !removed) {
 532                printk(KERN_WARNING "cciss%d: Out of memory in "
 533                        "adjust_cciss_scsi_table\n", ctlr);
 534                goto free_and_out;
 535        }
 536
 537        CPQ_TAPE_LOCK(ctlr, flags);
 538
 539        if (hostno != -1)  /* if it's not the first time... */
 540                sh = ((struct cciss_scsi_adapter_data_t *)
 541                        hba[ctlr]->scsi_ctlr)->scsi_host;
 542
 543        /* find any devices in ccissscsi[] that are not in 
 544           sd[] and remove them from ccissscsi[] */
 545
 546        i = 0;
 547        nremoved = 0;
 548        nadded = 0;
 549        while(i<ccissscsi[ctlr].ndevices) {
 550                csd = &ccissscsi[ctlr].dev[i];
 551                found=0;
 552                for (j=0;j<nsds;j++) {
 553                        if (SCSI3ADDR_EQ(sd[j].scsi3addr,
 554                                csd->scsi3addr)) {
 555                                if (device_is_the_same(&sd[j], csd))
 556                                        found=2;
 557                                else
 558                                        found=1;
 559                                break;
 560                        }
 561                }
 562
 563                if (found == 0) { /* device no longer present. */ 
 564                        changes++;
 565                        /* printk("cciss%d: %s device c%db%dt%dl%d removed.\n",
 566                                ctlr, scsi_device_type(csd->devtype), hostno,
 567                                        csd->bus, csd->target, csd->lun); */
 568                        cciss_scsi_remove_entry(ctlr, hostno, i,
 569                                removed, &nremoved);
 570                        /* remove ^^^, hence i not incremented */
 571                } else if (found == 1) { /* device is different in some way */
 572                        changes++;
 573                        printk("cciss%d: device c%db%dt%dl%d has changed.\n",
 574                                ctlr, hostno, csd->bus, csd->target, csd->lun);
 575                        cciss_scsi_remove_entry(ctlr, hostno, i,
 576                                removed, &nremoved);
 577                        /* remove ^^^, hence i not incremented */
 578                        if (cciss_scsi_add_entry(ctlr, hostno, &sd[j],
 579                                added, &nadded) != 0)
 580                                /* we just removed one, so add can't fail. */
 581                                        BUG();
 582                        csd->devtype = sd[j].devtype;
 583                        memcpy(csd->device_id, sd[j].device_id,
 584                                sizeof(csd->device_id));
 585                        memcpy(csd->vendor, sd[j].vendor,
 586                                sizeof(csd->vendor));
 587                        memcpy(csd->model, sd[j].model,
 588                                sizeof(csd->model));
 589                        memcpy(csd->revision, sd[j].revision,
 590                                sizeof(csd->revision));
 591                } else                 /* device is same as it ever was, */
 592                        i++;        /* so just move along. */
 593        }
 594
 595        /* Now, make sure every device listed in sd[] is also
 596            listed in ccissscsi[], adding them if they aren't found */
 597
 598        for (i=0;i<nsds;i++) {
 599                found=0;
 600                for (j=0;j<ccissscsi[ctlr].ndevices;j++) {
 601                        csd = &ccissscsi[ctlr].dev[j];
 602                        if (SCSI3ADDR_EQ(sd[i].scsi3addr,
 603                                csd->scsi3addr)) {
 604                                if (device_is_the_same(&sd[i], csd))
 605                                        found=2;        /* found device */
 606                                else
 607                                        found=1;         /* found a bug. */
 608                                break;
 609                        }
 610                }
 611                if (!found) {
 612                        changes++;
 613                        if (cciss_scsi_add_entry(ctlr, hostno, &sd[i],
 614                                added, &nadded) != 0)
 615                                break;
 616                } else if (found == 1) {
 617                        /* should never happen... */
 618                        changes++;
 619                        printk(KERN_WARNING "cciss%d: device "
 620                                "unexpectedly changed\n", ctlr);
 621                        /* but if it does happen, we just ignore that device */
 622                }
 623        }
 624        CPQ_TAPE_UNLOCK(ctlr, flags);
 625
 626        /* Don't notify scsi mid layer of any changes the first time through */
 627        /* (or if there are no changes) scsi_scan_host will do it later the */
 628        /* first time through. */
 629        if (hostno == -1 || !changes)
 630                goto free_and_out;
 631
 632        /* Notify scsi mid layer of any removed devices */
 633        for (i = 0; i < nremoved; i++) {
 634                struct scsi_device *sdev =
 635                        scsi_device_lookup(sh, removed[i].bus,
 636                                removed[i].target, removed[i].lun);
 637                if (sdev != NULL) {
 638                        scsi_remove_device(sdev);
 639                        scsi_device_put(sdev);
 640                } else {
 641                        /* We don't expect to get here. */
 642                        /* future cmds to this device will get selection */
 643                        /* timeout as if the device was gone. */
 644                        printk(KERN_WARNING "cciss%d: didn't find "
 645                                "c%db%dt%dl%d\n for removal.",
 646                                ctlr, hostno, removed[i].bus,
 647                                removed[i].target, removed[i].lun);
 648                }
 649        }
 650
 651        /* Notify scsi mid layer of any added devices */
 652        for (i = 0; i < nadded; i++) {
 653                int rc;
 654                rc = scsi_add_device(sh, added[i].bus,
 655                        added[i].target, added[i].lun);
 656                if (rc == 0)
 657                        continue;
 658                printk(KERN_WARNING "cciss%d: scsi_add_device "
 659                        "c%db%dt%dl%d failed, device not added.\n",
 660                        ctlr, hostno,
 661                        added[i].bus, added[i].target, added[i].lun);
 662                /* now we have to remove it from ccissscsi, */
 663                /* since it didn't get added to scsi mid layer */
 664                fixup_botched_add(ctlr, added[i].scsi3addr);
 665        }
 666
 667free_and_out:
 668        kfree(added);
 669        kfree(removed);
 670        return 0;
 671}
 672
 673static int
 674lookup_scsi3addr(int ctlr, int bus, int target, int lun, char *scsi3addr)
 675{
 676        int i;
 677        struct cciss_scsi_dev_t *sd;
 678        unsigned long flags;
 679
 680        CPQ_TAPE_LOCK(ctlr, flags);
 681        for (i=0;i<ccissscsi[ctlr].ndevices;i++) {
 682                sd = &ccissscsi[ctlr].dev[i];
 683                if (sd->bus == bus &&
 684                    sd->target == target &&
 685                    sd->lun == lun) {
 686                        memcpy(scsi3addr, &sd->scsi3addr[0], 8);
 687                        CPQ_TAPE_UNLOCK(ctlr, flags);
 688                        return 0;
 689                }
 690        }
 691        CPQ_TAPE_UNLOCK(ctlr, flags);
 692        return -1;
 693}
 694
 695static void 
 696cciss_scsi_setup(int cntl_num)
 697{
 698        struct cciss_scsi_adapter_data_t * shba;
 699
 700        ccissscsi[cntl_num].ndevices = 0;
 701        shba = (struct cciss_scsi_adapter_data_t *)
 702                kmalloc(sizeof(*shba), GFP_KERNEL);        
 703        if (shba == NULL)
 704                return;
 705        shba->scsi_host = NULL;
 706        spin_lock_init(&shba->lock);
 707        shba->registered = 0;
 708        if (scsi_cmd_stack_setup(cntl_num, shba) != 0) {
 709                kfree(shba);
 710                shba = NULL;
 711        }
 712        hba[cntl_num]->scsi_ctlr = (void *) shba;
 713        return;
 714}
 715
 716static void
 717complete_scsi_command( CommandList_struct *cp, int timeout, __u32 tag)
 718{
 719        struct scsi_cmnd *cmd;
 720        ctlr_info_t *ctlr;
 721        ErrorInfo_struct *ei;
 722
 723        ei = cp->err_info;
 724
 725        /* First, see if it was a message rather than a command */
 726        if (cp->Request.Type.Type == TYPE_MSG)  {
 727                cp->cmd_type = CMD_MSG_DONE;
 728                return;
 729        }
 730
 731        cmd = (struct scsi_cmnd *) cp->scsi_cmd;        
 732        ctlr = hba[cp->ctlr];
 733
 734        scsi_dma_unmap(cmd);
 735
 736        cmd->result = (DID_OK << 16);                 /* host byte */
 737        cmd->result |= (COMMAND_COMPLETE << 8);        /* msg byte */
 738        /* cmd->result |= (GOOD < 1); */                /* status byte */
 739
 740        cmd->result |= (ei->ScsiStatus);
 741        /* printk("Scsistatus is 0x%02x\n", ei->ScsiStatus);  */
 742
 743        /* copy the sense data whether we need to or not. */
 744
 745        memcpy(cmd->sense_buffer, ei->SenseInfo, 
 746                ei->SenseLen > SCSI_SENSE_BUFFERSIZE ?
 747                        SCSI_SENSE_BUFFERSIZE : 
 748                        ei->SenseLen);
 749        scsi_set_resid(cmd, ei->ResidualCnt);
 750
 751        if(ei->CommandStatus != 0) 
 752        { /* an error has occurred */ 
 753                switch(ei->CommandStatus)
 754                {
 755                        case CMD_TARGET_STATUS:
 756                                /* Pass it up to the upper layers... */
 757                                if( ei->ScsiStatus)
 758                                {
 759#if 0
 760                                            printk(KERN_WARNING "cciss: cmd %p "
 761                                        "has SCSI Status = %x\n",
 762                                                cp,  
 763                                                ei->ScsiStatus); 
 764#endif
 765                                        cmd->result |= (ei->ScsiStatus < 1);
 766                                }
 767                                else {  /* scsi status is zero??? How??? */
 768                                        
 769        /* Ordinarily, this case should never happen, but there is a bug
 770           in some released firmware revisions that allows it to happen
 771           if, for example, a 4100 backplane loses power and the tape
 772           drive is in it.  We assume that it's a fatal error of some
 773           kind because we can't show that it wasn't. We will make it
 774           look like selection timeout since that is the most common
 775           reason for this to occur, and it's severe enough. */
 776
 777                                        cmd->result = DID_NO_CONNECT << 16;
 778                                }
 779                        break;
 780                        case CMD_DATA_UNDERRUN: /* let mid layer handle it. */
 781                        break;
 782                        case CMD_DATA_OVERRUN:
 783                                printk(KERN_WARNING "cciss: cp %p has"
 784                                        " completed with data overrun "
 785                                        "reported\n", cp);
 786                        break;
 787                        case CMD_INVALID: {
 788                                /* print_bytes(cp, sizeof(*cp), 1, 0);
 789                                print_cmd(cp); */
 790     /* We get CMD_INVALID if you address a non-existent tape drive instead
 791        of a selection timeout (no response).  You will see this if you yank 
 792        out a tape drive, then try to access it. This is kind of a shame
 793        because it means that any other CMD_INVALID (e.g. driver bug) will
 794        get interpreted as a missing target. */
 795                                cmd->result = DID_NO_CONNECT << 16;
 796                                }
 797                        break;
 798                        case CMD_PROTOCOL_ERR:
 799                                printk(KERN_WARNING "cciss: cp %p has "
 800                                        "protocol error \n", cp);
 801                        break;
 802                        case CMD_HARDWARE_ERR:
 803                                cmd->result = DID_ERROR << 16;
 804                                printk(KERN_WARNING "cciss: cp %p had " 
 805                                        " hardware error\n", cp);
 806                        break;
 807                        case CMD_CONNECTION_LOST:
 808                                cmd->result = DID_ERROR << 16;
 809                                printk(KERN_WARNING "cciss: cp %p had "
 810                                        "connection lost\n", cp);
 811                        break;
 812                        case CMD_ABORTED:
 813                                cmd->result = DID_ABORT << 16;
 814                                printk(KERN_WARNING "cciss: cp %p was "
 815                                        "aborted\n", cp);
 816                        break;
 817                        case CMD_ABORT_FAILED:
 818                                cmd->result = DID_ERROR << 16;
 819                                printk(KERN_WARNING "cciss: cp %p reports "
 820                                        "abort failed\n", cp);
 821                        break;
 822                        case CMD_UNSOLICITED_ABORT:
 823                                cmd->result = DID_ABORT << 16;
 824                                printk(KERN_WARNING "cciss: cp %p aborted "
 825                                        "do to an unsolicited abort\n", cp);
 826                        break;
 827                        case CMD_TIMEOUT:
 828                                cmd->result = DID_TIME_OUT << 16;
 829                                printk(KERN_WARNING "cciss: cp %p timedout\n",
 830                                        cp);
 831                        break;
 832                        default:
 833                                cmd->result = DID_ERROR << 16;
 834                                printk(KERN_WARNING "cciss: cp %p returned "
 835                                        "unknown status %x\n", cp, 
 836                                                ei->CommandStatus); 
 837                }
 838        }
 839        // printk("c:%p:c%db%dt%dl%d ", cmd, ctlr->ctlr, cmd->channel, 
 840        //        cmd->target, cmd->lun);
 841        cmd->scsi_done(cmd);
 842        scsi_cmd_free(ctlr, cp);
 843}
 844
 845static int
 846cciss_scsi_detect(int ctlr)
 847{
 848        struct Scsi_Host *sh;
 849        int error;
 850
 851        sh = scsi_host_alloc(&cciss_driver_template, sizeof(struct ctlr_info *));
 852        if (sh == NULL)
 853                goto fail;
 854        sh->io_port = 0;        // good enough?  FIXME, 
 855        sh->n_io_port = 0;        // I don't think we use these two...
 856        sh->this_id = SELF_SCSI_ID;  
 857
 858        ((struct cciss_scsi_adapter_data_t *) 
 859                hba[ctlr]->scsi_ctlr)->scsi_host = (void *) sh;
 860        sh->hostdata[0] = (unsigned long) hba[ctlr];
 861        sh->irq = hba[ctlr]->intr[SIMPLE_MODE_INT];
 862        sh->unique_id = sh->irq;
 863        error = scsi_add_host(sh, &hba[ctlr]->pdev->dev);
 864        if (error)
 865                goto fail_host_put;
 866        scsi_scan_host(sh);
 867        return 1;
 868
 869 fail_host_put:
 870        scsi_host_put(sh);
 871 fail:
 872        return 0;
 873}
 874
 875static void
 876cciss_unmap_one(struct pci_dev *pdev,
 877                CommandList_struct *cp,
 878                size_t buflen,
 879                int data_direction)
 880{
 881        u64bit addr64;
 882
 883        addr64.val32.lower = cp->SG[0].Addr.lower;
 884        addr64.val32.upper = cp->SG[0].Addr.upper;
 885        pci_unmap_single(pdev, (dma_addr_t) addr64.val, buflen, data_direction);
 886}
 887
 888static void
 889cciss_map_one(struct pci_dev *pdev,
 890                CommandList_struct *cp,
 891                unsigned char *buf,
 892                size_t buflen,
 893                int data_direction)
 894{
 895        __u64 addr64;
 896
 897        addr64 = (__u64) pci_map_single(pdev, buf, buflen, data_direction);
 898        cp->SG[0].Addr.lower = 
 899          (__u32) (addr64 & (__u64) 0x00000000FFFFFFFF);
 900        cp->SG[0].Addr.upper =
 901          (__u32) ((addr64 >> 32) & (__u64) 0x00000000FFFFFFFF);
 902        cp->SG[0].Len = buflen;
 903        cp->Header.SGList = (__u8) 1;   /* no. SGs contig in this cmd */
 904        cp->Header.SGTotal = (__u16) 1; /* total sgs in this cmd list */
 905}
 906
 907static int
 908cciss_scsi_do_simple_cmd(ctlr_info_t *c,
 909                        CommandList_struct *cp,
 910                        unsigned char *scsi3addr, 
 911                        unsigned char *cdb,
 912                        unsigned char cdblen,
 913                        unsigned char *buf, int bufsize,
 914                        int direction)
 915{
 916        unsigned long flags;
 917        DECLARE_COMPLETION_ONSTACK(wait);
 918
 919        cp->cmd_type = CMD_IOCTL_PEND;                // treat this like an ioctl 
 920        cp->scsi_cmd = NULL;
 921        cp->Header.ReplyQueue = 0;  // unused in simple mode
 922        memcpy(&cp->Header.LUN, scsi3addr, sizeof(cp->Header.LUN));
 923        cp->Header.Tag.lower = cp->busaddr;  // Use k. address of cmd as tag
 924        // Fill in the request block...
 925
 926        /* printk("Using scsi3addr 0x%02x%0x2%0x2%0x2%0x2%0x2%0x2%0x2\n", 
 927                scsi3addr[0], scsi3addr[1], scsi3addr[2], scsi3addr[3],
 928                scsi3addr[4], scsi3addr[5], scsi3addr[6], scsi3addr[7]); */
 929
 930        memset(cp->Request.CDB, 0, sizeof(cp->Request.CDB));
 931        memcpy(cp->Request.CDB, cdb, cdblen);
 932        cp->Request.Timeout = 0;
 933        cp->Request.CDBLen = cdblen;
 934        cp->Request.Type.Type = TYPE_CMD;
 935        cp->Request.Type.Attribute = ATTR_SIMPLE;
 936        cp->Request.Type.Direction = direction;
 937
 938        /* Fill in the SG list and do dma mapping */
 939        cciss_map_one(c->pdev, cp, (unsigned char *) buf,
 940                        bufsize, DMA_FROM_DEVICE); 
 941
 942        cp->waiting = &wait;
 943
 944        /* Put the request on the tail of the request queue */
 945        spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
 946        addQ(&c->reqQ, cp);
 947        c->Qdepth++;
 948        start_io(c);
 949        spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
 950
 951        wait_for_completion(&wait);
 952
 953        /* undo the dma mapping */
 954        cciss_unmap_one(c->pdev, cp, bufsize, DMA_FROM_DEVICE);
 955        return(0);
 956}
 957
 958static void 
 959cciss_scsi_interpret_error(CommandList_struct *cp)
 960{
 961        ErrorInfo_struct *ei;
 962
 963        ei = cp->err_info; 
 964        switch(ei->CommandStatus)
 965        {
 966                case CMD_TARGET_STATUS:
 967                        printk(KERN_WARNING "cciss: cmd %p has "
 968                                "completed with errors\n", cp);
 969                        printk(KERN_WARNING "cciss: cmd %p "
 970                                "has SCSI Status = %x\n",
 971                                        cp,  
 972                                        ei->ScsiStatus);
 973                        if (ei->ScsiStatus == 0)
 974                                printk(KERN_WARNING 
 975                                "cciss:SCSI status is abnormally zero.  "
 976                                "(probably indicates selection timeout "
 977                                "reported incorrectly due to a known "
 978                                "firmware bug, circa July, 2001.)\n");
 979                break;
 980                case CMD_DATA_UNDERRUN: /* let mid layer handle it. */
 981                        printk("UNDERRUN\n");
 982                break;
 983                case CMD_DATA_OVERRUN:
 984                        printk(KERN_WARNING "cciss: cp %p has"
 985                                " completed with data overrun "
 986                                "reported\n", cp);
 987                break;
 988                case CMD_INVALID: {
 989                        /* controller unfortunately reports SCSI passthru's */
 990                        /* to non-existent targets as invalid commands. */
 991                        printk(KERN_WARNING "cciss: cp %p is "
 992                                "reported invalid (probably means "
 993                                "target device no longer present)\n", 
 994                                cp); 
 995                        /* print_bytes((unsigned char *) cp, sizeof(*cp), 1, 0);
 996                        print_cmd(cp);  */
 997                        }
 998                break;
 999                case CMD_PROTOCOL_ERR:
1000                        printk(KERN_WARNING "cciss: cp %p has "
1001                                "protocol error \n", cp);
1002                break;
1003                case CMD_HARDWARE_ERR:
1004                        /* cmd->result = DID_ERROR << 16; */
1005                        printk(KERN_WARNING "cciss: cp %p had " 
1006                                " hardware error\n", cp);
1007                break;
1008                case CMD_CONNECTION_LOST:
1009                        printk(KERN_WARNING "cciss: cp %p had "
1010                                "connection lost\n", cp);
1011                break;
1012                case CMD_ABORTED:
1013                        printk(KERN_WARNING "cciss: cp %p was "
1014                                "aborted\n", cp);
1015                break;
1016                case CMD_ABORT_FAILED:
1017                        printk(KERN_WARNING "cciss: cp %p reports "
1018                                "abort failed\n", cp);
1019                break;
1020                case CMD_UNSOLICITED_ABORT:
1021                        printk(KERN_WARNING "cciss: cp %p aborted "
1022                                "do to an unsolicited abort\n", cp);
1023                break;
1024                case CMD_TIMEOUT:
1025                        printk(KERN_WARNING "cciss: cp %p timedout\n",
1026                                cp);
1027                break;
1028                default:
1029                        printk(KERN_WARNING "cciss: cp %p returned "
1030                                "unknown status %x\n", cp, 
1031                                        ei->CommandStatus); 
1032        }
1033}
1034
1035static int
1036cciss_scsi_do_inquiry(ctlr_info_t *c, unsigned char *scsi3addr, 
1037        unsigned char page, unsigned char *buf,
1038        unsigned char bufsize)
1039{
1040        int rc;
1041        CommandList_struct *cp;
1042        char cdb[6];
1043        ErrorInfo_struct *ei;
1044        unsigned long flags;
1045
1046        spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1047        cp = scsi_cmd_alloc(c);
1048        spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1049
1050        if (cp == NULL) {                        /* trouble... */
1051                printk("cmd_alloc returned NULL!\n");
1052                return -1;
1053        }
1054
1055        ei = cp->err_info; 
1056
1057        cdb[0] = CISS_INQUIRY;
1058        cdb[1] = (page != 0);
1059        cdb[2] = page;
1060        cdb[3] = 0;
1061        cdb[4] = bufsize;
1062        cdb[5] = 0;
1063        rc = cciss_scsi_do_simple_cmd(c, cp, scsi3addr, cdb, 
1064                                6, buf, bufsize, XFER_READ);
1065
1066        if (rc != 0) return rc; /* something went wrong */
1067
1068        if (ei->CommandStatus != 0 && 
1069            ei->CommandStatus != CMD_DATA_UNDERRUN) {
1070                cciss_scsi_interpret_error(cp);
1071                rc = -1;
1072        }
1073        spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1074        scsi_cmd_free(c, cp);
1075        spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1076        return rc;        
1077}
1078
1079/* Get the device id from inquiry page 0x83 */
1080static int cciss_scsi_get_device_id(ctlr_info_t *c, unsigned char *scsi3addr,
1081        unsigned char *device_id, int buflen)
1082{
1083        int rc;
1084        unsigned char *buf;
1085
1086        if (buflen > 16)
1087                buflen = 16;
1088        buf = kzalloc(64, GFP_KERNEL);
1089        if (!buf)
1090                return -1;
1091        rc = cciss_scsi_do_inquiry(c, scsi3addr, 0x83, buf, 64);
1092        if (rc == 0)
1093                memcpy(device_id, &buf[8], buflen);
1094        kfree(buf);
1095        return rc != 0;
1096}
1097
1098static int
1099cciss_scsi_do_report_phys_luns(ctlr_info_t *c, 
1100                ReportLunData_struct *buf, int bufsize)
1101{
1102        int rc;
1103        CommandList_struct *cp;
1104        unsigned char cdb[12];
1105        unsigned char scsi3addr[8]; 
1106        ErrorInfo_struct *ei;
1107        unsigned long flags;
1108
1109        spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1110        cp = scsi_cmd_alloc(c);
1111        spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1112        if (cp == NULL) {                        /* trouble... */
1113                printk("cmd_alloc returned NULL!\n");
1114                return -1;
1115        }
1116
1117        memset(&scsi3addr[0], 0, 8); /* address the controller */
1118        cdb[0] = CISS_REPORT_PHYS;
1119        cdb[1] = 0;
1120        cdb[2] = 0;
1121        cdb[3] = 0;
1122        cdb[4] = 0;
1123        cdb[5] = 0;
1124        cdb[6] = (bufsize >> 24) & 0xFF;  //MSB
1125        cdb[7] = (bufsize >> 16) & 0xFF;
1126        cdb[8] = (bufsize >> 8) & 0xFF;
1127        cdb[9] = bufsize & 0xFF;
1128        cdb[10] = 0;
1129        cdb[11] = 0;
1130
1131        rc = cciss_scsi_do_simple_cmd(c, cp, scsi3addr, 
1132                                cdb, 12, 
1133                                (unsigned char *) buf, 
1134                                bufsize, XFER_READ);
1135
1136        if (rc != 0) return rc; /* something went wrong */
1137
1138        ei = cp->err_info; 
1139        if (ei->CommandStatus != 0 && 
1140            ei->CommandStatus != CMD_DATA_UNDERRUN) {
1141                cciss_scsi_interpret_error(cp);
1142                rc = -1;
1143        }
1144        spin_lock_irqsave(CCISS_LOCK(c->ctlr), flags);
1145        scsi_cmd_free(c, cp);
1146        spin_unlock_irqrestore(CCISS_LOCK(c->ctlr), flags);
1147        return rc;        
1148}
1149
1150static void
1151cciss_update_non_disk_devices(int cntl_num, int hostno)
1152{
1153        /* the idea here is we could get notified from /proc
1154           that some devices have changed, so we do a report 
1155           physical luns cmd, and adjust our list of devices 
1156           accordingly.  (We can't rely on the scsi-mid layer just
1157           doing inquiries, because the "busses" that the scsi 
1158           mid-layer probes are totally fabricated by this driver,
1159           so new devices wouldn't show up.
1160
1161           the scsi3addr's of devices won't change so long as the 
1162           adapter is not reset.  That means we can rescan and 
1163           tell which devices we already know about, vs. new 
1164           devices, vs.  disappearing devices.
1165
1166           Also, if you yank out a tape drive, then put in a disk
1167           in it's place, (say, a configured volume from another 
1168           array controller for instance)  _don't_ poke this driver 
1169           (so it thinks it's still a tape, but _do_ poke the scsi 
1170           mid layer, so it does an inquiry... the scsi mid layer 
1171           will see the physical disk.  This would be bad.  Need to
1172           think about how to prevent that.  One idea would be to 
1173           snoop all scsi responses and if an inquiry repsonse comes
1174           back that reports a disk, chuck it an return selection
1175           timeout instead and adjust our table...  Not sure i like
1176           that though.  
1177
1178         */
1179#define OBDR_TAPE_INQ_SIZE 49
1180#define OBDR_TAPE_SIG "$DR-10"
1181        ReportLunData_struct *ld_buff;
1182        unsigned char *inq_buff;
1183        unsigned char scsi3addr[8];
1184        ctlr_info_t *c;
1185        __u32 num_luns=0;
1186        unsigned char *ch;
1187        struct cciss_scsi_dev_t *currentsd, *this_device;
1188        int ncurrent=0;
1189        int reportlunsize = sizeof(*ld_buff) + CISS_MAX_PHYS_LUN * 8;
1190        int i;
1191
1192        c = (ctlr_info_t *) hba[cntl_num];        
1193        ld_buff = kzalloc(reportlunsize, GFP_KERNEL);
1194        inq_buff = kmalloc(OBDR_TAPE_INQ_SIZE, GFP_KERNEL);
1195        currentsd = kzalloc(sizeof(*currentsd) *
1196                        (CCISS_MAX_SCSI_DEVS_PER_HBA+1), GFP_KERNEL);
1197        if (ld_buff == NULL || inq_buff == NULL || currentsd == NULL) {
1198                printk(KERN_ERR "cciss: out of memory\n");
1199                goto out;
1200        }
1201        this_device = &currentsd[CCISS_MAX_SCSI_DEVS_PER_HBA];
1202        if (cciss_scsi_do_report_phys_luns(c, ld_buff, reportlunsize) == 0) {
1203                ch = &ld_buff->LUNListLength[0];
1204                num_luns = ((ch[0]<<24) | (ch[1]<<16) | (ch[2]<<8) | ch[3]) / 8;
1205                if (num_luns > CISS_MAX_PHYS_LUN) {
1206                        printk(KERN_WARNING 
1207                                "cciss: Maximum physical LUNs (%d) exceeded.  "
1208                                "%d LUNs ignored.\n", CISS_MAX_PHYS_LUN, 
1209                                num_luns - CISS_MAX_PHYS_LUN);
1210                        num_luns = CISS_MAX_PHYS_LUN;
1211                }
1212        }
1213        else {
1214                printk(KERN_ERR  "cciss: Report physical LUNs failed.\n");
1215                goto out;
1216        }
1217
1218
1219        /* adjust our table of devices */        
1220        for (i = 0; i < num_luns; i++) {
1221                /* for each physical lun, do an inquiry */
1222                if (ld_buff->LUN[i][3] & 0xC0) continue;
1223                memset(inq_buff, 0, OBDR_TAPE_INQ_SIZE);
1224                memcpy(&scsi3addr[0], &ld_buff->LUN[i][0], 8);
1225
1226                if (cciss_scsi_do_inquiry(hba[cntl_num], scsi3addr, 0, inq_buff,
1227                        (unsigned char) OBDR_TAPE_INQ_SIZE) != 0)
1228                        /* Inquiry failed (msg printed already) */
1229                        continue; /* so we will skip this device. */
1230
1231                this_device->devtype = (inq_buff[0] & 0x1f);
1232                this_device->bus = -1;
1233                this_device->target = -1;
1234                this_device->lun = -1;
1235                memcpy(this_device->scsi3addr, scsi3addr, 8);
1236                memcpy(this_device->vendor, &inq_buff[8],
1237                        sizeof(this_device->vendor));
1238                memcpy(this_device->model, &inq_buff[16],
1239                        sizeof(this_device->model));
1240                memcpy(this_device->revision, &inq_buff[32],
1241                        sizeof(this_device->revision));
1242                memset(this_device->device_id, 0,
1243                        sizeof(this_device->device_id));
1244                cciss_scsi_get_device_id(hba[cntl_num], scsi3addr,
1245                        this_device->device_id, sizeof(this_device->device_id));
1246
1247                switch (this_device->devtype)
1248                {
1249                  case 0x05: /* CD-ROM */ {
1250
1251                        /* We don't *really* support actual CD-ROM devices,
1252                         * just this "One Button Disaster Recovery" tape drive
1253                         * which temporarily pretends to be a CD-ROM drive.
1254                         * So we check that the device is really an OBDR tape
1255                         * device by checking for "$DR-10" in bytes 43-48 of
1256                         * the inquiry data.
1257                         */
1258                                char obdr_sig[7];
1259
1260                                strncpy(obdr_sig, &inq_buff[43], 6);
1261                                obdr_sig[6] = '\0';
1262                                if (strncmp(obdr_sig, OBDR_TAPE_SIG, 6) != 0)
1263                                        /* Not OBDR device, ignore it. */
1264                                        break;
1265                        }
1266                        /* fall through . . . */
1267                  case 0x01: /* sequential access, (tape) */
1268                  case 0x08: /* medium changer */
1269                        if (ncurrent >= CCISS_MAX_SCSI_DEVS_PER_HBA) {
1270                                printk(KERN_INFO "cciss%d: %s ignored, "
1271                                        "too many devices.\n", cntl_num,
1272                                        scsi_device_type(this_device->devtype));
1273                                break;
1274                        }
1275                        currentsd[ncurrent] = *this_device;
1276                        ncurrent++;
1277                        break;
1278                  default: 
1279                        break;
1280                }
1281        }
1282
1283        adjust_cciss_scsi_table(cntl_num, hostno, currentsd, ncurrent);
1284out:
1285        kfree(inq_buff);
1286        kfree(ld_buff);
1287        kfree(currentsd);
1288        return;
1289}
1290
1291static int
1292is_keyword(char *ptr, int len, char *verb)  // Thanks to ncr53c8xx.c
1293{
1294        int verb_len = strlen(verb);
1295        if (len >= verb_len && !memcmp(verb,ptr,verb_len))
1296                return verb_len;
1297        else
1298                return 0;
1299}
1300
1301static int
1302cciss_scsi_user_command(int ctlr, int hostno, char *buffer, int length)
1303{
1304        int arg_len;
1305
1306        if ((arg_len = is_keyword(buffer, length, "rescan")) != 0)
1307                cciss_update_non_disk_devices(ctlr, hostno);
1308        else
1309                return -EINVAL;
1310        return length;
1311}
1312
1313
1314static int
1315cciss_scsi_proc_info(struct Scsi_Host *sh,
1316                char *buffer, /* data buffer */
1317                char **start,            /* where data in buffer starts */
1318                off_t offset,           /* offset from start of imaginary file */
1319                int length,            /* length of data in buffer */
1320                int func)           /* 0 == read, 1 == write */
1321{
1322
1323        int buflen, datalen;
1324        ctlr_info_t *ci;
1325        int i;
1326        int cntl_num;
1327
1328
1329        ci = (ctlr_info_t *) sh->hostdata[0];
1330        if (ci == NULL)  /* This really shouldn't ever happen. */
1331                return -EINVAL;
1332
1333        cntl_num = ci->ctlr;        /* Get our index into the hba[] array */
1334
1335        if (func == 0) {        /* User is reading from /proc/scsi/ciss*?/?*  */
1336                buflen = sprintf(buffer, "cciss%d: SCSI host: %d\n",
1337                                cntl_num, sh->host_no);
1338
1339                /* this information is needed by apps to know which cciss
1340                   device corresponds to which scsi host number without
1341                   having to open a scsi target device node.  The device
1342                   information is not a duplicate of /proc/scsi/scsi because
1343                   the two may be out of sync due to scsi hotplug, rather
1344                   this info is for an app to be able to use to know how to
1345                   get them back in sync. */
1346
1347                for (i=0;i<ccissscsi[cntl_num].ndevices;i++) {
1348                        struct cciss_scsi_dev_t *sd = &ccissscsi[cntl_num].dev[i];
1349                        buflen += sprintf(&buffer[buflen], "c%db%dt%dl%d %02d "
1350                                "0x%02x%02x%02x%02x%02x%02x%02x%02x\n",
1351                                sh->host_no, sd->bus, sd->target, sd->lun,
1352                                sd->devtype,
1353                                sd->scsi3addr[0], sd->scsi3addr[1],
1354                                sd->scsi3addr[2], sd->scsi3addr[3],
1355                                sd->scsi3addr[4], sd->scsi3addr[5],
1356                                sd->scsi3addr[6], sd->scsi3addr[7]);
1357                }
1358                datalen = buflen - offset;
1359                if (datalen < 0) {         /* they're reading past EOF. */
1360                        datalen = 0;
1361                        *start = buffer+buflen;        
1362                } else
1363                        *start = buffer + offset;
1364                return(datalen);
1365        } else         /* User is writing to /proc/scsi/cciss*?/?*  ... */
1366                return cciss_scsi_user_command(cntl_num, sh->host_no,
1367                        buffer, length);        
1368} 
1369
1370/* cciss_scatter_gather takes a struct scsi_cmnd, (cmd), and does the pci 
1371   dma mapping  and fills in the scatter gather entries of the 
1372   cciss command, cp. */
1373
1374static void
1375cciss_scatter_gather(struct pci_dev *pdev, 
1376                CommandList_struct *cp,        
1377                struct scsi_cmnd *cmd)
1378{
1379        unsigned int len;
1380        struct scatterlist *sg;
1381        __u64 addr64;
1382        int use_sg, i;
1383
1384        BUG_ON(scsi_sg_count(cmd) > MAXSGENTRIES);
1385
1386        use_sg = scsi_dma_map(cmd);
1387        if (use_sg) {        /* not too many addrs? */
1388                scsi_for_each_sg(cmd, sg, use_sg, i) {
1389                        addr64 = (__u64) sg_dma_address(sg);
1390                        len  = sg_dma_len(sg);
1391                        cp->SG[i].Addr.lower =
1392                                (__u32) (addr64 & (__u64) 0x00000000FFFFFFFF);
1393                        cp->SG[i].Addr.upper =
1394                                (__u32) ((addr64 >> 32) & (__u64) 0x00000000FFFFFFFF);
1395                        cp->SG[i].Len = len;
1396                        cp->SG[i].Ext = 0;  // we are not chaining
1397                }
1398        }
1399
1400        cp->Header.SGList = (__u8) use_sg;   /* no. SGs contig in this cmd */
1401        cp->Header.SGTotal = (__u16) use_sg; /* total sgs in this cmd list */
1402        return;
1403}
1404
1405
1406static int
1407cciss_scsi_queue_command (struct scsi_cmnd *cmd, void (* done)(struct scsi_cmnd *))
1408{
1409        ctlr_info_t **c;
1410        int ctlr, rc;
1411        unsigned char scsi3addr[8];
1412        CommandList_struct *cp;
1413        unsigned long flags;
1414
1415        // Get the ptr to our adapter structure (hba[i]) out of cmd->host.
1416        // We violate cmd->host privacy here.  (Is there another way?)
1417        c = (ctlr_info_t **) &cmd->device->host->hostdata[0];        
1418        ctlr = (*c)->ctlr;
1419
1420        rc = lookup_scsi3addr(ctlr, cmd->device->channel, cmd->device->id, 
1421                        cmd->device->lun, scsi3addr);
1422        if (rc != 0) {
1423                /* the scsi nexus does not match any that we presented... */
1424                /* pretend to mid layer that we got selection timeout */
1425                cmd->result = DID_NO_CONNECT << 16;
1426                done(cmd);
1427                /* we might want to think about registering controller itself
1428                   as a processor device on the bus so sg binds to it. */
1429                return 0;
1430        }
1431
1432        /* printk("cciss_queue_command, p=%p, cmd=0x%02x, c%db%dt%dl%d\n", 
1433                cmd, cmd->cmnd[0], ctlr, cmd->channel, cmd->target, cmd->lun);*/
1434        // printk("q:%p:c%db%dt%dl%d ", cmd, ctlr, cmd->channel, 
1435        //        cmd->target, cmd->lun);
1436
1437        /* Ok, we have a reasonable scsi nexus, so send the cmd down, and
1438           see what the device thinks of it. */
1439
1440        spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1441        cp = scsi_cmd_alloc(*c);
1442        spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1443        if (cp == NULL) {                        /* trouble... */
1444                printk("scsi_cmd_alloc returned NULL!\n");
1445                /* FIXME: next 3 lines are -> BAD! <- */
1446                cmd->result = DID_NO_CONNECT << 16;
1447                done(cmd);
1448                return 0;
1449        }
1450
1451        // Fill in the command list header
1452
1453        cmd->scsi_done = done;    // save this for use by completion code 
1454
1455        // save cp in case we have to abort it 
1456        cmd->host_scribble = (unsigned char *) cp; 
1457
1458        cp->cmd_type = CMD_SCSI;
1459        cp->scsi_cmd = cmd;
1460        cp->Header.ReplyQueue = 0;  // unused in simple mode
1461        memcpy(&cp->Header.LUN.LunAddrBytes[0], &scsi3addr[0], 8);
1462        cp->Header.Tag.lower = cp->busaddr;  // Use k. address of cmd as tag
1463        
1464        // Fill in the request block...
1465
1466        cp->Request.Timeout = 0;
1467        memset(cp->Request.CDB, 0, sizeof(cp->Request.CDB));
1468        BUG_ON(cmd->cmd_len > sizeof(cp->Request.CDB));
1469        cp->Request.CDBLen = cmd->cmd_len;
1470        memcpy(cp->Request.CDB, cmd->cmnd, cmd->cmd_len);
1471        cp->Request.Type.Type = TYPE_CMD;
1472        cp->Request.Type.Attribute = ATTR_SIMPLE;
1473        switch(cmd->sc_data_direction)
1474        {
1475          case DMA_TO_DEVICE: cp->Request.Type.Direction = XFER_WRITE; break;
1476          case DMA_FROM_DEVICE: cp->Request.Type.Direction = XFER_READ; break;
1477          case DMA_NONE: cp->Request.Type.Direction = XFER_NONE; break;
1478          case DMA_BIDIRECTIONAL:
1479                // This can happen if a buggy application does a scsi passthru
1480                // and sets both inlen and outlen to non-zero. ( see
1481                // ../scsi/scsi_ioctl.c:scsi_ioctl_send_command() )
1482
1483                  cp->Request.Type.Direction = XFER_RSVD;
1484                // This is technically wrong, and cciss controllers should
1485                // reject it with CMD_INVALID, which is the most correct 
1486                // response, but non-fibre backends appear to let it 
1487                // slide by, and give the same results as if this field
1488                // were set correctly.  Either way is acceptable for
1489                // our purposes here.
1490
1491                break;
1492
1493          default: 
1494                printk("cciss: unknown data direction: %d\n", 
1495                        cmd->sc_data_direction);
1496                BUG();
1497                break;
1498        }
1499
1500        cciss_scatter_gather((*c)->pdev, cp, cmd); // Fill the SG list
1501
1502        /* Put the request on the tail of the request queue */
1503
1504        spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1505        addQ(&(*c)->reqQ, cp);
1506        (*c)->Qdepth++;
1507        start_io(*c);
1508        spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1509
1510        /* the cmd'll come back via intr handler in complete_scsi_command()  */
1511        return 0;
1512}
1513
1514static void 
1515cciss_unregister_scsi(int ctlr)
1516{
1517        struct cciss_scsi_adapter_data_t *sa;
1518        struct cciss_scsi_cmd_stack_t *stk;
1519        unsigned long flags;
1520
1521        /* we are being forcibly unloaded, and may not refuse. */
1522
1523        spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1524        sa = (struct cciss_scsi_adapter_data_t *) hba[ctlr]->scsi_ctlr;
1525        stk = &sa->cmd_stack; 
1526
1527        /* if we weren't ever actually registered, don't unregister */ 
1528        if (sa->registered) {
1529                spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1530                scsi_remove_host(sa->scsi_host);
1531                scsi_host_put(sa->scsi_host);
1532                spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1533        }
1534
1535        /* set scsi_host to NULL so our detect routine will 
1536           find us on register */
1537        sa->scsi_host = NULL;
1538        spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1539        scsi_cmd_stack_free(ctlr);
1540        kfree(sa);
1541}
1542
1543static int 
1544cciss_engage_scsi(int ctlr)
1545{
1546        struct cciss_scsi_adapter_data_t *sa;
1547        struct cciss_scsi_cmd_stack_t *stk;
1548        unsigned long flags;
1549
1550        spin_lock_irqsave(CCISS_LOCK(ctlr), flags);
1551        sa = (struct cciss_scsi_adapter_data_t *) hba[ctlr]->scsi_ctlr;
1552        stk = &sa->cmd_stack; 
1553
1554        if (sa->registered) {
1555                printk("cciss%d: SCSI subsystem already engaged.\n", ctlr);
1556                spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1557                return ENXIO;
1558        }
1559        sa->registered = 1;
1560        spin_unlock_irqrestore(CCISS_LOCK(ctlr), flags);
1561        cciss_update_non_disk_devices(ctlr, -1);
1562        cciss_scsi_detect(ctlr);
1563        return 0;
1564}
1565
1566static void
1567cciss_seq_tape_report(struct seq_file *seq, int ctlr)
1568{
1569        unsigned long flags;
1570
1571        CPQ_TAPE_LOCK(ctlr, flags);
1572        seq_printf(seq,
1573                "Sequential access devices: %d\n\n",
1574                        ccissscsi[ctlr].ndevices);
1575        CPQ_TAPE_UNLOCK(ctlr, flags);
1576}
1577
1578
1579/* Need at least one of these error handlers to keep ../scsi/hosts.c from 
1580 * complaining.  Doing a host- or bus-reset can't do anything good here. 
1581 * Despite what it might say in scsi_error.c, there may well be commands
1582 * on the controller, as the cciss driver registers twice, once as a block
1583 * device for the logical drives, and once as a scsi device, for any tape
1584 * drives.  So we know there are no commands out on the tape drives, but we
1585 * don't know there are no commands on the controller, and it is likely 
1586 * that there probably are, as the cciss block device is most commonly used
1587 * as a boot device (embedded controller on HP/Compaq systems.)
1588*/
1589
1590static int cciss_eh_device_reset_handler(struct scsi_cmnd *scsicmd)
1591{
1592        int rc;
1593        CommandList_struct *cmd_in_trouble;
1594        ctlr_info_t **c;
1595        int ctlr;
1596
1597        /* find the controller to which the command to be aborted was sent */
1598        c = (ctlr_info_t **) &scsicmd->device->host->hostdata[0];        
1599        if (c == NULL) /* paranoia */
1600                return FAILED;
1601        ctlr = (*c)->ctlr;
1602        printk(KERN_WARNING "cciss%d: resetting tape drive or medium changer.\n", ctlr);
1603
1604        /* find the command that's giving us trouble */
1605        cmd_in_trouble = (CommandList_struct *) scsicmd->host_scribble;
1606        if (cmd_in_trouble == NULL) { /* paranoia */
1607                return FAILED;
1608        }
1609        /* send a reset to the SCSI LUN which the command was sent to */
1610        rc = sendcmd(CCISS_RESET_MSG, ctlr, NULL, 0, 2, 0, 0, 
1611                (unsigned char *) &cmd_in_trouble->Header.LUN.LunAddrBytes[0], 
1612                TYPE_MSG);
1613        /* sendcmd turned off interrupts on the board, turn 'em back on. */
1614        (*c)->access.set_intr_mask(*c, CCISS_INTR_ON);
1615        if (rc == 0)
1616                return SUCCESS;
1617        printk(KERN_WARNING "cciss%d: resetting device failed.\n", ctlr);
1618        return FAILED;
1619}
1620
1621static int  cciss_eh_abort_handler(struct scsi_cmnd *scsicmd)
1622{
1623        int rc;
1624        CommandList_struct *cmd_to_abort;
1625        ctlr_info_t **c;
1626        int ctlr;
1627
1628        /* find the controller to which the command to be aborted was sent */
1629        c = (ctlr_info_t **) &scsicmd->device->host->hostdata[0];        
1630        if (c == NULL) /* paranoia */
1631                return FAILED;
1632        ctlr = (*c)->ctlr;
1633        printk(KERN_WARNING "cciss%d: aborting tardy SCSI cmd\n", ctlr);
1634
1635        /* find the command to be aborted */
1636        cmd_to_abort = (CommandList_struct *) scsicmd->host_scribble;
1637        if (cmd_to_abort == NULL) /* paranoia */
1638                return FAILED;
1639        rc = sendcmd(CCISS_ABORT_MSG, ctlr, &cmd_to_abort->Header.Tag, 
1640                0, 2, 0, 0, 
1641                (unsigned char *) &cmd_to_abort->Header.LUN.LunAddrBytes[0], 
1642                TYPE_MSG);
1643        /* sendcmd turned off interrupts on the board, turn 'em back on. */
1644        (*c)->access.set_intr_mask(*c, CCISS_INTR_ON);
1645        if (rc == 0)
1646                return SUCCESS;
1647        return FAILED;
1648
1649}
1650
1651#else /* no CONFIG_CISS_SCSI_TAPE */
1652
1653/* If no tape support, then these become defined out of existence */
1654
1655#define cciss_scsi_setup(cntl_num)
1656
1657#endif /* CONFIG_CISS_SCSI_TAPE */