1
/*
2
 * I2O Configuration Interface Driver
3
 *
4
 * (C) Copyright 1999-2002  Red Hat
5
 *
6
 * Written by Alan Cox, Building Number Three Ltd
7
 *
8
 * Fixes/additions:
9
 *	Deepak Saxena (04/20/1999):
10
 *		Added basic ioctl() support
11
 *	Deepak Saxena (06/07/1999):
12
 *		Added software download ioctl (still testing)
13
 *	Auvo Häkkinen (09/10/1999):
14
 *		Changes to i2o_cfg_reply(), ioctl_parms()
15
 *		Added ioct_validate()
16
 *	Taneli Vähäkangas (09/30/1999):
17
 *		Fixed ioctl_swdl()
18
 *	Taneli Vähäkangas (10/04/1999):
19
 *		Changed ioctl_swdl(), implemented ioctl_swul() and ioctl_swdel()
20
 *	Deepak Saxena (11/18/1999):
21
 *		Added event managmenet support
22
 *	Alan Cox <[email protected]>:
23
 *		2.4 rewrite ported to 2.5
24
 *	Markus Lidel <[email protected]>:
25
 *		Added pass-thru support for Adaptec's raidutils
26
 *
27
 * This program is free software; you can redistribute it and/or
28
 * modify it under the terms of the GNU General Public License
29
 * as published by the Free Software Foundation; either version
30
 * 2 of the License, or (at your option) any later version.
31
 */
32

33
#include <linux/miscdevice.h>
34
#include <linux/mutex.h>
35
#include <linux/compat.h>
36
#include <linux/slab.h>
37

38
#include <asm/uaccess.h>
39

40
#include "core.h"
41

42
#define SG_TABLESIZE		30
43

44
static DEFINE_MUTEX(i2o_cfg_mutex);
45
static long i2o_cfg_ioctl(struct file *, unsigned int, unsigned long);
46

47
static spinlock_t i2o_config_lock;
48

49
#define MODINC(x,y) ((x) = ((x) + 1) % (y))
50

51
struct sg_simple_element {
52
	u32 flag_count;
53
	u32 addr_bus;
54
};
55

56
struct i2o_cfg_info {
57
	struct file *fp;
58
	struct fasync_struct *fasync;
59
	struct i2o_evt_info event_q[I2O_EVT_Q_LEN];
60
	u16 q_in;		// Queue head index
61
	u16 q_out;		// Queue tail index
62
	u16 q_len;		// Queue length
63
	u16 q_lost;		// Number of lost events
64
	ulong q_id;		// Event queue ID...used as tx_context
65
	struct i2o_cfg_info *next;
66
};
67
static struct i2o_cfg_info *open_files = NULL;
68
static ulong i2o_cfg_info_id = 0;
69

70
static int i2o_cfg_getiops(unsigned long arg)
71
{
72
	struct i2o_controller *c;
73
	u8 __user *user_iop_table = (void __user *)arg;
74
	u8 tmp[MAX_I2O_CONTROLLERS];
75
	int ret = 0;
76

77
	memset(tmp, 0, MAX_I2O_CONTROLLERS);
78

79
	list_for_each_entry(c, &i2o_controllers, list)
80
	    tmp[c->unit] = 1;
81

82
	if (copy_to_user(user_iop_table, tmp, MAX_I2O_CONTROLLERS))
83
		ret = -EFAULT;
84

85
	return ret;
86
};
87

88
static int i2o_cfg_gethrt(unsigned long arg)
89
{
90
	struct i2o_controller *c;
91
	struct i2o_cmd_hrtlct __user *cmd = (struct i2o_cmd_hrtlct __user *)arg;
92
	struct i2o_cmd_hrtlct kcmd;
93
	i2o_hrt *hrt;
94
	int len;
95
	u32 reslen;
96
	int ret = 0;
97

98
	if (copy_from_user(&kcmd, cmd, sizeof(struct i2o_cmd_hrtlct)))
99
		return -EFAULT;
100

101
	if (get_user(reslen, kcmd.reslen) < 0)
102
		return -EFAULT;
103

104
	if (kcmd.resbuf == NULL)
105
		return -EFAULT;
106

107
	c = i2o_find_iop(kcmd.iop);
108
	if (!c)
109
		return -ENXIO;
110

111
	hrt = (i2o_hrt *) c->hrt.virt;
112

113
	len = 8 + ((hrt->entry_len * hrt->num_entries) << 2);
114

115
	if (put_user(len, kcmd.reslen))
116
		ret = -EFAULT;
117
	else if (len > reslen)
118
		ret = -ENOBUFS;
119
	else if (copy_to_user(kcmd.resbuf, (void *)hrt, len))
120
		ret = -EFAULT;
121

122
	return ret;
123
};
124

125
static int i2o_cfg_getlct(unsigned long arg)
126
{
127
	struct i2o_controller *c;
128
	struct i2o_cmd_hrtlct __user *cmd = (struct i2o_cmd_hrtlct __user *)arg;
129
	struct i2o_cmd_hrtlct kcmd;
130
	i2o_lct *lct;
131
	int len;
132
	int ret = 0;
133
	u32 reslen;
134

135
	if (copy_from_user(&kcmd, cmd, sizeof(struct i2o_cmd_hrtlct)))
136
		return -EFAULT;
137

138
	if (get_user(reslen, kcmd.reslen) < 0)
139
		return -EFAULT;
140

141
	if (kcmd.resbuf == NULL)
142
		return -EFAULT;
143

144
	c = i2o_find_iop(kcmd.iop);
145
	if (!c)
146
		return -ENXIO;
147

148
	lct = (i2o_lct *) c->lct;
149

150
	len = (unsigned int)lct->table_size << 2;
151
	if (put_user(len, kcmd.reslen))
152
		ret = -EFAULT;
153
	else if (len > reslen)
154
		ret = -ENOBUFS;
155
	else if (copy_to_user(kcmd.resbuf, lct, len))
156
		ret = -EFAULT;
157

158
	return ret;
159
};
160

161
static int i2o_cfg_parms(unsigned long arg, unsigned int type)
162
{
163
	int ret = 0;
164
	struct i2o_controller *c;
165
	struct i2o_device *dev;
166
	struct i2o_cmd_psetget __user *cmd =
167
	    (struct i2o_cmd_psetget __user *)arg;
168
	struct i2o_cmd_psetget kcmd;
169
	u32 reslen;
170
	u8 *ops;
171
	u8 *res;
172
	int len = 0;
173

174
	u32 i2o_cmd = (type == I2OPARMGET ?
175
		       I2O_CMD_UTIL_PARAMS_GET : I2O_CMD_UTIL_PARAMS_SET);
176

177
	if (copy_from_user(&kcmd, cmd, sizeof(struct i2o_cmd_psetget)))
178
		return -EFAULT;
179

180
	if (get_user(reslen, kcmd.reslen))
181
		return -EFAULT;
182

183
	c = i2o_find_iop(kcmd.iop);
184
	if (!c)
185
		return -ENXIO;
186

187
	dev = i2o_iop_find_device(c, kcmd.tid);
188
	if (!dev)
189
		return -ENXIO;
190

191
	ops = memdup_user(kcmd.opbuf, kcmd.oplen);
192
	if (IS_ERR(ops))
193
		return PTR_ERR(ops);
194

195
	/*
196
	 * It's possible to have a _very_ large table
197
	 * and that the user asks for all of it at once...
198
	 */
199
	res = kmalloc(65536, GFP_KERNEL);
200
	if (!res) {
201
		kfree(ops);
202
		return -ENOMEM;
203
	}
204

205
	len = i2o_parm_issue(dev, i2o_cmd, ops, kcmd.oplen, res, 65536);
206
	kfree(ops);
207

208
	if (len < 0) {
209
		kfree(res);
210
		return -EAGAIN;
211
	}
212

213
	if (put_user(len, kcmd.reslen))
214
		ret = -EFAULT;
215
	else if (len > reslen)
216
		ret = -ENOBUFS;
217
	else if (copy_to_user(kcmd.resbuf, res, len))
218
		ret = -EFAULT;
219

220
	kfree(res);
221

222
	return ret;
223
};
224

225
static int i2o_cfg_swdl(unsigned long arg)
226
{
227
	struct i2o_sw_xfer kxfer;
228
	struct i2o_sw_xfer __user *pxfer = (struct i2o_sw_xfer __user *)arg;
229
	unsigned char maxfrag = 0, curfrag = 1;
230
	struct i2o_dma buffer;
231
	struct i2o_message *msg;
232
	unsigned int status = 0, swlen = 0, fragsize = 8192;
233
	struct i2o_controller *c;
234

235
	if (copy_from_user(&kxfer, pxfer, sizeof(struct i2o_sw_xfer)))
236
		return -EFAULT;
237

238
	if (get_user(swlen, kxfer.swlen) < 0)
239
		return -EFAULT;
240

241
	if (get_user(maxfrag, kxfer.maxfrag) < 0)
242
		return -EFAULT;
243

244
	if (get_user(curfrag, kxfer.curfrag) < 0)
245
		return -EFAULT;
246

247
	if (curfrag == maxfrag)
248
		fragsize = swlen - (maxfrag - 1) * 8192;
249

250
	if (!kxfer.buf || !access_ok(VERIFY_READ, kxfer.buf, fragsize))
251
		return -EFAULT;
252

253
	c = i2o_find_iop(kxfer.iop);
254
	if (!c)
255
		return -ENXIO;
256

257
	msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
258
	if (IS_ERR(msg))
259
		return PTR_ERR(msg);
260

261
	if (i2o_dma_alloc(&c->pdev->dev, &buffer, fragsize)) {
262
		i2o_msg_nop(c, msg);
263
		return -ENOMEM;
264
	}
265

266
	if (__copy_from_user(buffer.virt, kxfer.buf, fragsize)) {
267
		i2o_msg_nop(c, msg);
268
		i2o_dma_free(&c->pdev->dev, &buffer);
269
		return -EFAULT;
270
	}
271

272
	msg->u.head[0] = cpu_to_le32(NINE_WORD_MSG_SIZE | SGL_OFFSET_7);
273
	msg->u.head[1] =
274
	    cpu_to_le32(I2O_CMD_SW_DOWNLOAD << 24 | HOST_TID << 12 |
275
			ADAPTER_TID);
276
	msg->u.head[2] = cpu_to_le32(i2o_config_driver.context);
277
	msg->u.head[3] = cpu_to_le32(0);
278
	msg->body[0] =
279
	    cpu_to_le32((((u32) kxfer.flags) << 24) | (((u32) kxfer.
280
							sw_type) << 16) |
281
			(((u32) maxfrag) << 8) | (((u32) curfrag)));
282
	msg->body[1] = cpu_to_le32(swlen);
283
	msg->body[2] = cpu_to_le32(kxfer.sw_id);
284
	msg->body[3] = cpu_to_le32(0xD0000000 | fragsize);
285
	msg->body[4] = cpu_to_le32(buffer.phys);
286

287
	osm_debug("swdl frag %d/%d (size %d)\n", curfrag, maxfrag, fragsize);
288
	status = i2o_msg_post_wait_mem(c, msg, 60, &buffer);
289

290
	if (status != -ETIMEDOUT)
291
		i2o_dma_free(&c->pdev->dev, &buffer);
292

293
	if (status != I2O_POST_WAIT_OK) {
294
		// it fails if you try and send frags out of order
295
		// and for some yet unknown reasons too
296
		osm_info("swdl failed, DetailedStatus = %d\n", status);
297
		return status;
298
	}
299

300
	return 0;
301
};
302

303
static int i2o_cfg_swul(unsigned long arg)
304
{
305
	struct i2o_sw_xfer kxfer;
306
	struct i2o_sw_xfer __user *pxfer = (struct i2o_sw_xfer __user *)arg;
307
	unsigned char maxfrag = 0, curfrag = 1;
308
	struct i2o_dma buffer;
309
	struct i2o_message *msg;
310
	unsigned int status = 0, swlen = 0, fragsize = 8192;
311
	struct i2o_controller *c;
312
	int ret = 0;
313

314
	if (copy_from_user(&kxfer, pxfer, sizeof(struct i2o_sw_xfer)))
315
		return -EFAULT;
316

317
	if (get_user(swlen, kxfer.swlen) < 0)
318
		return -EFAULT;
319

320
	if (get_user(maxfrag, kxfer.maxfrag) < 0)
321
		return -EFAULT;
322

323
	if (get_user(curfrag, kxfer.curfrag) < 0)
324
		return -EFAULT;
325

326
	if (curfrag == maxfrag)
327
		fragsize = swlen - (maxfrag - 1) * 8192;
328

329
	if (!kxfer.buf)
330
		return -EFAULT;
331

332
	c = i2o_find_iop(kxfer.iop);
333
	if (!c)
334
		return -ENXIO;
335

336
	msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
337
	if (IS_ERR(msg))
338
		return PTR_ERR(msg);
339

340
	if (i2o_dma_alloc(&c->pdev->dev, &buffer, fragsize)) {
341
		i2o_msg_nop(c, msg);
342
		return -ENOMEM;
343
	}
344

345
	msg->u.head[0] = cpu_to_le32(NINE_WORD_MSG_SIZE | SGL_OFFSET_7);
346
	msg->u.head[1] =
347
	    cpu_to_le32(I2O_CMD_SW_UPLOAD << 24 | HOST_TID << 12 | ADAPTER_TID);
348
	msg->u.head[2] = cpu_to_le32(i2o_config_driver.context);
349
	msg->u.head[3] = cpu_to_le32(0);
350
	msg->body[0] =
351
	    cpu_to_le32((u32) kxfer.flags << 24 | (u32) kxfer.
352
			sw_type << 16 | (u32) maxfrag << 8 | (u32) curfrag);
353
	msg->body[1] = cpu_to_le32(swlen);
354
	msg->body[2] = cpu_to_le32(kxfer.sw_id);
355
	msg->body[3] = cpu_to_le32(0xD0000000 | fragsize);
356
	msg->body[4] = cpu_to_le32(buffer.phys);
357

358
	osm_debug("swul frag %d/%d (size %d)\n", curfrag, maxfrag, fragsize);
359
	status = i2o_msg_post_wait_mem(c, msg, 60, &buffer);
360

361
	if (status != I2O_POST_WAIT_OK) {
362
		if (status != -ETIMEDOUT)
363
			i2o_dma_free(&c->pdev->dev, &buffer);
364

365
		osm_info("swul failed, DetailedStatus = %d\n", status);
366
		return status;
367
	}
368

369
	if (copy_to_user(kxfer.buf, buffer.virt, fragsize))
370
		ret = -EFAULT;
371

372
	i2o_dma_free(&c->pdev->dev, &buffer);
373

374
	return ret;
375
}
376

377
static int i2o_cfg_swdel(unsigned long arg)
378
{
379
	struct i2o_controller *c;
380
	struct i2o_sw_xfer kxfer;
381
	struct i2o_sw_xfer __user *pxfer = (struct i2o_sw_xfer __user *)arg;
382
	struct i2o_message *msg;
383
	unsigned int swlen;
384
	int token;
385

386
	if (copy_from_user(&kxfer, pxfer, sizeof(struct i2o_sw_xfer)))
387
		return -EFAULT;
388

389
	if (get_user(swlen, kxfer.swlen) < 0)
390
		return -EFAULT;
391

392
	c = i2o_find_iop(kxfer.iop);
393
	if (!c)
394
		return -ENXIO;
395

396
	msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
397
	if (IS_ERR(msg))
398
		return PTR_ERR(msg);
399

400
	msg->u.head[0] = cpu_to_le32(SEVEN_WORD_MSG_SIZE | SGL_OFFSET_0);
401
	msg->u.head[1] =
402
	    cpu_to_le32(I2O_CMD_SW_REMOVE << 24 | HOST_TID << 12 | ADAPTER_TID);
403
	msg->u.head[2] = cpu_to_le32(i2o_config_driver.context);
404
	msg->u.head[3] = cpu_to_le32(0);
405
	msg->body[0] =
406
	    cpu_to_le32((u32) kxfer.flags << 24 | (u32) kxfer.sw_type << 16);
407
	msg->body[1] = cpu_to_le32(swlen);
408
	msg->body[2] = cpu_to_le32(kxfer.sw_id);
409

410
	token = i2o_msg_post_wait(c, msg, 10);
411

412
	if (token != I2O_POST_WAIT_OK) {
413
		osm_info("swdel failed, DetailedStatus = %d\n", token);
414
		return -ETIMEDOUT;
415
	}
416

417
	return 0;
418
};
419

420
static int i2o_cfg_validate(unsigned long arg)
421
{
422
	int token;
423
	int iop = (int)arg;
424
	struct i2o_message *msg;
425
	struct i2o_controller *c;
426

427
	c = i2o_find_iop(iop);
428
	if (!c)
429
		return -ENXIO;
430

431
	msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
432
	if (IS_ERR(msg))
433
		return PTR_ERR(msg);
434

435
	msg->u.head[0] = cpu_to_le32(FOUR_WORD_MSG_SIZE | SGL_OFFSET_0);
436
	msg->u.head[1] =
437
	    cpu_to_le32(I2O_CMD_CONFIG_VALIDATE << 24 | HOST_TID << 12 | iop);
438
	msg->u.head[2] = cpu_to_le32(i2o_config_driver.context);
439
	msg->u.head[3] = cpu_to_le32(0);
440

441
	token = i2o_msg_post_wait(c, msg, 10);
442

443
	if (token != I2O_POST_WAIT_OK) {
444
		osm_info("Can't validate configuration, ErrorStatus = %d\n",
445
			 token);
446
		return -ETIMEDOUT;
447
	}
448

449
	return 0;
450
};
451

452
static int i2o_cfg_evt_reg(unsigned long arg, struct file *fp)
453
{
454
	struct i2o_message *msg;
455
	struct i2o_evt_id __user *pdesc = (struct i2o_evt_id __user *)arg;
456
	struct i2o_evt_id kdesc;
457
	struct i2o_controller *c;
458
	struct i2o_device *d;
459

460
	if (copy_from_user(&kdesc, pdesc, sizeof(struct i2o_evt_id)))
461
		return -EFAULT;
462

463
	/* IOP exists? */
464
	c = i2o_find_iop(kdesc.iop);
465
	if (!c)
466
		return -ENXIO;
467

468
	/* Device exists? */
469
	d = i2o_iop_find_device(c, kdesc.tid);
470
	if (!d)
471
		return -ENODEV;
472

473
	msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
474
	if (IS_ERR(msg))
475
		return PTR_ERR(msg);
476

477
	msg->u.head[0] = cpu_to_le32(FOUR_WORD_MSG_SIZE | SGL_OFFSET_0);
478
	msg->u.head[1] =
479
	    cpu_to_le32(I2O_CMD_UTIL_EVT_REGISTER << 24 | HOST_TID << 12 |
480
			kdesc.tid);
481
	msg->u.head[2] = cpu_to_le32(i2o_config_driver.context);
482
	msg->u.head[3] = cpu_to_le32(i2o_cntxt_list_add(c, fp->private_data));
483
	msg->body[0] = cpu_to_le32(kdesc.evt_mask);
484

485
	i2o_msg_post(c, msg);
486

487
	return 0;
488
}
489

490
static int i2o_cfg_evt_get(unsigned long arg, struct file *fp)
491
{
492
	struct i2o_cfg_info *p = NULL;
493
	struct i2o_evt_get __user *uget = (struct i2o_evt_get __user *)arg;
494
	struct i2o_evt_get kget;
495
	unsigned long flags;
496

497
	for (p = open_files; p; p = p->next)
498
		if (p->q_id == (ulong) fp->private_data)
499
			break;
500

501
	if (!p->q_len)
502
		return -ENOENT;
503

504
	memcpy(&kget.info, &p->event_q[p->q_out], sizeof(struct i2o_evt_info));
505
	MODINC(p->q_out, I2O_EVT_Q_LEN);
506
	spin_lock_irqsave(&i2o_config_lock, flags);
507
	p->q_len--;
508
	kget.pending = p->q_len;
509
	kget.lost = p->q_lost;
510
	spin_unlock_irqrestore(&i2o_config_lock, flags);
511

512
	if (copy_to_user(uget, &kget, sizeof(struct i2o_evt_get)))
513
		return -EFAULT;
514
	return 0;
515
}
516

517
#ifdef CONFIG_COMPAT
518
static int i2o_cfg_passthru32(struct file *file, unsigned cmnd,
519
			      unsigned long arg)
520
{
521
	struct i2o_cmd_passthru32 __user *cmd;
522
	struct i2o_controller *c;
523
	u32 __user *user_msg;
524
	u32 *reply = NULL;
525
	u32 __user *user_reply = NULL;
526
	u32 size = 0;
527
	u32 reply_size = 0;
528
	u32 rcode = 0;
529
	struct i2o_dma sg_list[SG_TABLESIZE];
530
	u32 sg_offset = 0;
531
	u32 sg_count = 0;
532
	u32 i = 0;
533
	u32 sg_index = 0;
534
	i2o_status_block *sb;
535
	struct i2o_message *msg;
536
	unsigned int iop;
537

538
	cmd = (struct i2o_cmd_passthru32 __user *)arg;
539

540
	if (get_user(iop, &cmd->iop) || get_user(i, &cmd->msg))
541
		return -EFAULT;
542

543
	user_msg = compat_ptr(i);
544

545
	c = i2o_find_iop(iop);
546
	if (!c) {
547
		osm_debug("controller %d not found\n", iop);
548
		return -ENXIO;
549
	}
550

551
	sb = c->status_block.virt;
552

553
	if (get_user(size, &user_msg[0])) {
554
		osm_warn("unable to get size!\n");
555
		return -EFAULT;
556
	}
557
	size = size >> 16;
558

559
	if (size > sb->inbound_frame_size) {
560
		osm_warn("size of message > inbound_frame_size");
561
		return -EFAULT;
562
	}
563

564
	user_reply = &user_msg[size];
565

566
	size <<= 2;		// Convert to bytes
567

568
	msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
569
	if (IS_ERR(msg))
570
		return PTR_ERR(msg);
571

572
	rcode = -EFAULT;
573
	/* Copy in the user's I2O command */
574
	if (copy_from_user(msg, user_msg, size)) {
575
		osm_warn("unable to copy user message\n");
576
		goto out;
577
	}
578
	i2o_dump_message(msg);
579

580
	if (get_user(reply_size, &user_reply[0]) < 0)
581
		goto out;
582

583
	reply_size >>= 16;
584
	reply_size <<= 2;
585

586
	rcode = -ENOMEM;
587
	reply = kzalloc(reply_size, GFP_KERNEL);
588
	if (!reply) {
589
		printk(KERN_WARNING "%s: Could not allocate reply buffer\n",
590
		       c->name);
591
		goto out;
592
	}
593

594
	sg_offset = (msg->u.head[0] >> 4) & 0x0f;
595

596
	memset(sg_list, 0, sizeof(sg_list[0]) * SG_TABLESIZE);
597
	if (sg_offset) {
598
		struct sg_simple_element *sg;
599

600
		if (sg_offset * 4 >= size) {
601
			rcode = -EFAULT;
602
			goto cleanup;
603
		}
604
		// TODO 64bit fix
605
		sg = (struct sg_simple_element *)((&msg->u.head[0]) +
606
						  sg_offset);
607
		sg_count =
608
		    (size - sg_offset * 4) / sizeof(struct sg_simple_element);
609
		if (sg_count > SG_TABLESIZE) {
610
			printk(KERN_DEBUG "%s:IOCTL SG List too large (%u)\n",
611
			       c->name, sg_count);
612
			rcode = -EINVAL;
613
			goto cleanup;
614
		}
615

616
		for (i = 0; i < sg_count; i++) {
617
			int sg_size;
618
			struct i2o_dma *p;
619

620
			if (!(sg[i].flag_count & 0x10000000
621
			      /*I2O_SGL_FLAGS_SIMPLE_ADDRESS_ELEMENT */ )) {
622
				printk(KERN_DEBUG
623
				       "%s:Bad SG element %d - not simple (%x)\n",
624
				       c->name, i, sg[i].flag_count);
625
				rcode = -EINVAL;
626
				goto cleanup;
627
			}
628
			sg_size = sg[i].flag_count & 0xffffff;
629
			p = &(sg_list[sg_index]);
630
			/* Allocate memory for the transfer */
631
			if (i2o_dma_alloc(&c->pdev->dev, p, sg_size)) {
632
				printk(KERN_DEBUG
633
				       "%s: Could not allocate SG buffer - size = %d buffer number %d of %d\n",
634
				       c->name, sg_size, i, sg_count);
635
				rcode = -ENOMEM;
636
				goto sg_list_cleanup;
637
			}
638
			sg_index++;
639
			/* Copy in the user's SG buffer if necessary */
640
			if (sg[i].
641
			    flag_count & 0x04000000 /*I2O_SGL_FLAGS_DIR */ ) {
642
				// TODO 64bit fix
643
				if (copy_from_user
644
				    (p->virt,
645
				     (void __user *)(unsigned long)sg[i].
646
				     addr_bus, sg_size)) {
647
					printk(KERN_DEBUG
648
					       "%s: Could not copy SG buf %d FROM user\n",
649
					       c->name, i);
650
					rcode = -EFAULT;
651
					goto sg_list_cleanup;
652
				}
653
			}
654
			//TODO 64bit fix
655
			sg[i].addr_bus = (u32) p->phys;
656
		}
657
	}
658

659
	rcode = i2o_msg_post_wait(c, msg, 60);
660
	msg = NULL;
661
	if (rcode) {
662
		reply[4] = ((u32) rcode) << 24;
663
		goto sg_list_cleanup;
664
	}
665

666
	if (sg_offset) {
667
		u32 rmsg[I2O_OUTBOUND_MSG_FRAME_SIZE];
668
		/* Copy back the Scatter Gather buffers back to user space */
669
		u32 j;
670
		// TODO 64bit fix
671
		struct sg_simple_element *sg;
672
		int sg_size;
673

674
		// re-acquire the original message to handle correctly the sg copy operation
675
		memset(&rmsg, 0, I2O_OUTBOUND_MSG_FRAME_SIZE * 4);
676
		// get user msg size in u32s
677
		if (get_user(size, &user_msg[0])) {
678
			rcode = -EFAULT;
679
			goto sg_list_cleanup;
680
		}
681
		size = size >> 16;
682
		size *= 4;
683
		/* Copy in the user's I2O command */
684
		if (copy_from_user(rmsg, user_msg, size)) {
685
			rcode = -EFAULT;
686
			goto sg_list_cleanup;
687
		}
688
		sg_count =
689
		    (size - sg_offset * 4) / sizeof(struct sg_simple_element);
690

691
		// TODO 64bit fix
692
		sg = (struct sg_simple_element *)(rmsg + sg_offset);
693
		for (j = 0; j < sg_count; j++) {
694
			/* Copy out the SG list to user's buffer if necessary */
695
			if (!
696
			    (sg[j].
697
			     flag_count & 0x4000000 /*I2O_SGL_FLAGS_DIR */ )) {
698
				sg_size = sg[j].flag_count & 0xffffff;
699
				// TODO 64bit fix
700
				if (copy_to_user
701
				    ((void __user *)(u64) sg[j].addr_bus,
702
				     sg_list[j].virt, sg_size)) {
703
					printk(KERN_WARNING
704
					       "%s: Could not copy %p TO user %x\n",
705
					       c->name, sg_list[j].virt,
706
					       sg[j].addr_bus);
707
					rcode = -EFAULT;
708
					goto sg_list_cleanup;
709
				}
710
			}
711
		}
712
	}
713

714
sg_list_cleanup:
715
	/* Copy back the reply to user space */
716
	if (reply_size) {
717
		// we wrote our own values for context - now restore the user supplied ones
718
		if (copy_from_user(reply + 2, user_msg + 2, sizeof(u32) * 2)) {
719
			printk(KERN_WARNING
720
			       "%s: Could not copy message context FROM user\n",
721
			       c->name);
722
			rcode = -EFAULT;
723
		}
724
		if (copy_to_user(user_reply, reply, reply_size)) {
725
			printk(KERN_WARNING
726
			       "%s: Could not copy reply TO user\n", c->name);
727
			rcode = -EFAULT;
728
		}
729
	}
730
	for (i = 0; i < sg_index; i++)
731
		i2o_dma_free(&c->pdev->dev, &sg_list[i]);
732

733
cleanup:
734
	kfree(reply);
735
out:
736
	if (msg)
737
		i2o_msg_nop(c, msg);
738
	return rcode;
739
}
740

741
static long i2o_cfg_compat_ioctl(struct file *file, unsigned cmd,
742
				 unsigned long arg)
743
{
744
	int ret;
745
	mutex_lock(&i2o_cfg_mutex);
746
	switch (cmd) {
747
	case I2OGETIOPS:
748
		ret = i2o_cfg_ioctl(file, cmd, arg);
749
		break;
750
	case I2OPASSTHRU32:
751
		ret = i2o_cfg_passthru32(file, cmd, arg);
752
		break;
753
	default:
754
		ret = -ENOIOCTLCMD;
755
		break;
756
	}
757
	mutex_unlock(&i2o_cfg_mutex);
758
	return ret;
759
}
760

761
#endif
762

763
#ifdef CONFIG_I2O_EXT_ADAPTEC
764
static int i2o_cfg_passthru(unsigned long arg)
765
{
766
	struct i2o_cmd_passthru __user *cmd =
767
	    (struct i2o_cmd_passthru __user *)arg;
768
	struct i2o_controller *c;
769
	u32 __user *user_msg;
770
	u32 *reply = NULL;
771
	u32 __user *user_reply = NULL;
772
	u32 size = 0;
773
	u32 reply_size = 0;
774
	u32 rcode = 0;
775
	struct i2o_dma sg_list[SG_TABLESIZE];
776
	u32 sg_offset = 0;
777
	u32 sg_count = 0;
778
	int sg_index = 0;
779
	u32 i = 0;
780
	i2o_status_block *sb;
781
	struct i2o_message *msg;
782
	unsigned int iop;
783

784
	if (get_user(iop, &cmd->iop) || get_user(user_msg, &cmd->msg))
785
		return -EFAULT;
786

787
	c = i2o_find_iop(iop);
788
	if (!c) {
789
		osm_warn("controller %d not found\n", iop);
790
		return -ENXIO;
791
	}
792

793
	sb = c->status_block.virt;
794

795
	if (get_user(size, &user_msg[0]))
796
		return -EFAULT;
797
	size = size >> 16;
798

799
	if (size > sb->inbound_frame_size) {
800
		osm_warn("size of message > inbound_frame_size");
801
		return -EFAULT;
802
	}
803

804
	user_reply = &user_msg[size];
805

806
	size <<= 2;		// Convert to bytes
807

808
	msg = i2o_msg_get_wait(c, I2O_TIMEOUT_MESSAGE_GET);
809
	if (IS_ERR(msg))
810
		return PTR_ERR(msg);
811

812
	rcode = -EFAULT;
813
	/* Copy in the user's I2O command */
814
	if (copy_from_user(msg, user_msg, size))
815
		goto out;
816

817
	if (get_user(reply_size, &user_reply[0]) < 0)
818
		goto out;
819

820
	reply_size >>= 16;
821
	reply_size <<= 2;
822

823
	reply = kzalloc(reply_size, GFP_KERNEL);
824
	if (!reply) {
825
		printk(KERN_WARNING "%s: Could not allocate reply buffer\n",
826
		       c->name);
827
		rcode = -ENOMEM;
828
		goto out;
829
	}
830

831
	sg_offset = (msg->u.head[0] >> 4) & 0x0f;
832

833
	memset(sg_list, 0, sizeof(sg_list[0]) * SG_TABLESIZE);
834
	if (sg_offset) {
835
		struct sg_simple_element *sg;
836
		struct i2o_dma *p;
837

838
		if (sg_offset * 4 >= size) {
839
			rcode = -EFAULT;
840
			goto cleanup;
841
		}
842
		// TODO 64bit fix
843
		sg = (struct sg_simple_element *)((&msg->u.head[0]) +
844
						  sg_offset);
845
		sg_count =
846
		    (size - sg_offset * 4) / sizeof(struct sg_simple_element);
847
		if (sg_count > SG_TABLESIZE) {
848
			printk(KERN_DEBUG "%s:IOCTL SG List too large (%u)\n",
849
			       c->name, sg_count);
850
			rcode = -EINVAL;
851
			goto cleanup;
852
		}
853

854
		for (i = 0; i < sg_count; i++) {
855
			int sg_size;
856

857
			if (!(sg[i].flag_count & 0x10000000
858
			      /*I2O_SGL_FLAGS_SIMPLE_ADDRESS_ELEMENT */ )) {
859
				printk(KERN_DEBUG
860
				       "%s:Bad SG element %d - not simple (%x)\n",
861
				       c->name, i, sg[i].flag_count);
862
				rcode = -EINVAL;
863
				goto sg_list_cleanup;
864
			}
865
			sg_size = sg[i].flag_count & 0xffffff;
866
			p = &(sg_list[sg_index]);
867
			if (i2o_dma_alloc(&c->pdev->dev, p, sg_size)) {
868
			/* Allocate memory for the transfer */
869
				printk(KERN_DEBUG
870
				       "%s: Could not allocate SG buffer - size = %d buffer number %d of %d\n",
871
				       c->name, sg_size, i, sg_count);
872
				rcode = -ENOMEM;
873
				goto sg_list_cleanup;
874
			}
875
			sg_index++;
876
			/* Copy in the user's SG buffer if necessary */
877
			if (sg[i].
878
			    flag_count & 0x04000000 /*I2O_SGL_FLAGS_DIR */ ) {
879
				// TODO 64bit fix
880
				if (copy_from_user
881
				    (p->virt, (void __user *)sg[i].addr_bus,
882
				     sg_size)) {
883
					printk(KERN_DEBUG
884
					       "%s: Could not copy SG buf %d FROM user\n",
885
					       c->name, i);
886
					rcode = -EFAULT;
887
					goto sg_list_cleanup;
888
				}
889
			}
890
			sg[i].addr_bus = p->phys;
891
		}
892
	}
893

894
	rcode = i2o_msg_post_wait(c, msg, 60);
895
	msg = NULL;
896
	if (rcode) {
897
		reply[4] = ((u32) rcode) << 24;
898
		goto sg_list_cleanup;
899
	}
900

901
	if (sg_offset) {
902
		u32 rmsg[I2O_OUTBOUND_MSG_FRAME_SIZE];
903
		/* Copy back the Scatter Gather buffers back to user space */
904
		u32 j;
905
		// TODO 64bit fix
906
		struct sg_simple_element *sg;
907
		int sg_size;
908

909
		// re-acquire the original message to handle correctly the sg copy operation
910
		memset(&rmsg, 0, I2O_OUTBOUND_MSG_FRAME_SIZE * 4);
911
		// get user msg size in u32s
912
		if (get_user(size, &user_msg[0])) {
913
			rcode = -EFAULT;
914
			goto sg_list_cleanup;
915
		}
916
		size = size >> 16;
917
		size *= 4;
918
		/* Copy in the user's I2O command */
919
		if (copy_from_user(rmsg, user_msg, size)) {
920
			rcode = -EFAULT;
921
			goto sg_list_cleanup;
922
		}
923
		sg_count =
924
		    (size - sg_offset * 4) / sizeof(struct sg_simple_element);
925

926
		// TODO 64bit fix
927
		sg = (struct sg_simple_element *)(rmsg + sg_offset);
928
		for (j = 0; j < sg_count; j++) {
929
			/* Copy out the SG list to user's buffer if necessary */
930
			if (!
931
			    (sg[j].
932
			     flag_count & 0x4000000 /*I2O_SGL_FLAGS_DIR */ )) {
933
				sg_size = sg[j].flag_count & 0xffffff;
934
				// TODO 64bit fix
935
				if (copy_to_user
936
				    ((void __user *)sg[j].addr_bus, sg_list[j].virt,
937
				     sg_size)) {
938
					printk(KERN_WARNING
939
					       "%s: Could not copy %p TO user %x\n",
940
					       c->name, sg_list[j].virt,
941
					       sg[j].addr_bus);
942
					rcode = -EFAULT;
943
					goto sg_list_cleanup;
944
				}
945
			}
946
		}
947
	}
948

949
sg_list_cleanup:
950
	/* Copy back the reply to user space */
951
	if (reply_size) {
952
		// we wrote our own values for context - now restore the user supplied ones
953
		if (copy_from_user(reply + 2, user_msg + 2, sizeof(u32) * 2)) {
954
			printk(KERN_WARNING
955
			       "%s: Could not copy message context FROM user\n",
956
			       c->name);
957
			rcode = -EFAULT;
958
		}
959
		if (copy_to_user(user_reply, reply, reply_size)) {
960
			printk(KERN_WARNING
961
			       "%s: Could not copy reply TO user\n", c->name);
962
			rcode = -EFAULT;
963
		}
964
	}
965

966
	for (i = 0; i < sg_index; i++)
967
		i2o_dma_free(&c->pdev->dev, &sg_list[i]);
968

969
cleanup:
970
	kfree(reply);
971
out:
972
	if (msg)
973
		i2o_msg_nop(c, msg);
974
	return rcode;
975
}
976
#endif
977

978
/*
979
 * IOCTL Handler
980
 */
981
static long i2o_cfg_ioctl(struct file *fp, unsigned int cmd, unsigned long arg)
982
{
983
	int ret;
984

985
	mutex_lock(&i2o_cfg_mutex);
986
	switch (cmd) {
987
	case I2OGETIOPS:
988
		ret = i2o_cfg_getiops(arg);
989
		break;
990

991
	case I2OHRTGET:
992
		ret = i2o_cfg_gethrt(arg);
993
		break;
994

995
	case I2OLCTGET:
996
		ret = i2o_cfg_getlct(arg);
997
		break;
998

999
	case I2OPARMSET:
1000
		ret = i2o_cfg_parms(arg, I2OPARMSET);
1001
		break;
1002

1003
	case I2OPARMGET:
1004
		ret = i2o_cfg_parms(arg, I2OPARMGET);
1005
		break;
1006

1007
	case I2OSWDL:
1008
		ret = i2o_cfg_swdl(arg);
1009
		break;
1010

1011
	case I2OSWUL:
1012
		ret = i2o_cfg_swul(arg);
1013
		break;
1014

1015
	case I2OSWDEL:
1016
		ret = i2o_cfg_swdel(arg);
1017
		break;
1018

1019
	case I2OVALIDATE:
1020
		ret = i2o_cfg_validate(arg);
1021
		break;
1022

1023
	case I2OEVTREG:
1024
		ret = i2o_cfg_evt_reg(arg, fp);
1025
		break;
1026

1027
	case I2OEVTGET:
1028
		ret = i2o_cfg_evt_get(arg, fp);
1029
		break;
1030

1031
#ifdef CONFIG_I2O_EXT_ADAPTEC
1032
	case I2OPASSTHRU:
1033
		ret = i2o_cfg_passthru(arg);
1034
		break;
1035
#endif
1036

1037
	default:
1038
		osm_debug("unknown ioctl called!\n");
1039
		ret = -EINVAL;
1040
	}
1041
	mutex_unlock(&i2o_cfg_mutex);
1042
	return ret;
1043
}
1044

1045
static int cfg_open(struct inode *inode, struct file *file)
1046
{
1047
	struct i2o_cfg_info *tmp = kmalloc(sizeof(struct i2o_cfg_info),
1048
					   GFP_KERNEL);
1049
	unsigned long flags;
1050

1051
	if (!tmp)
1052
		return -ENOMEM;
1053

1054
	mutex_lock(&i2o_cfg_mutex);
1055
	file->private_data = (void *)(i2o_cfg_info_id++);
1056
	tmp->fp = file;
1057
	tmp->fasync = NULL;
1058
	tmp->q_id = (ulong) file->private_data;
1059
	tmp->q_len = 0;
1060
	tmp->q_in = 0;
1061
	tmp->q_out = 0;
1062
	tmp->q_lost = 0;
1063
	tmp->next = open_files;
1064

1065
	spin_lock_irqsave(&i2o_config_lock, flags);
1066
	open_files = tmp;
1067
	spin_unlock_irqrestore(&i2o_config_lock, flags);
1068
	mutex_unlock(&i2o_cfg_mutex);
1069

1070
	return 0;
1071
}
1072

1073
static int cfg_fasync(int fd, struct file *fp, int on)
1074
{
1075
	ulong id = (ulong) fp->private_data;
1076
	struct i2o_cfg_info *p;
1077
	int ret = -EBADF;
1078

1079
	mutex_lock(&i2o_cfg_mutex);
1080
	for (p = open_files; p; p = p->next)
1081
		if (p->q_id == id)
1082
			break;
1083

1084
	if (p)
1085
		ret = fasync_helper(fd, fp, on, &p->fasync);
1086
	mutex_unlock(&i2o_cfg_mutex);
1087
	return ret;
1088
}
1089

1090
static int cfg_release(struct inode *inode, struct file *file)
1091
{
1092
	ulong id = (ulong) file->private_data;
1093
	struct i2o_cfg_info *p, **q;
1094
	unsigned long flags;
1095

1096
	mutex_lock(&i2o_cfg_mutex);
1097
	spin_lock_irqsave(&i2o_config_lock, flags);
1098
	for (q = &open_files; (p = *q) != NULL; q = &p->next) {
1099
		if (p->q_id == id) {
1100
			*q = p->next;
1101
			kfree(p);
1102
			break;
1103
		}
1104
	}
1105
	spin_unlock_irqrestore(&i2o_config_lock, flags);
1106
	mutex_unlock(&i2o_cfg_mutex);
1107

1108
	return 0;
1109
}
1110

1111
static const struct file_operations config_fops = {
1112
	.owner = THIS_MODULE,
1113
	.llseek = no_llseek,
1114
	.unlocked_ioctl = i2o_cfg_ioctl,
1115
#ifdef CONFIG_COMPAT
1116
	.compat_ioctl = i2o_cfg_compat_ioctl,
1117
#endif
1118
	.open = cfg_open,
1119
	.release = cfg_release,
1120
	.fasync = cfg_fasync,
1121
};
1122

1123
static struct miscdevice i2o_miscdev = {
1124
	I2O_MINOR,
1125
	"i2octl",
1126
	&config_fops
1127
};
1128

1129
static int __init i2o_config_old_init(void)
1130
{
1131
	spin_lock_init(&i2o_config_lock);
1132

1133
	if (misc_register(&i2o_miscdev) < 0) {
1134
		osm_err("can't register device.\n");
1135
		return -EBUSY;
1136
	}
1137

1138
	return 0;
1139
}
1140

1141
static void i2o_config_old_exit(void)
1142
{
1143
	misc_deregister(&i2o_miscdev);
1144
}
1145

1146
MODULE_AUTHOR("Red Hat Software");
1147

1148