1 /*
2  * Management Module Support for MPT (Message Passing Technology) based
3  * controllers
4  *
5  * This code is based on drivers/scsi/mpt3sas/mpt3sas_ctl.c
6  * Copyright (C) 2012-2014  LSI Corporation
7  * Copyright (C) 2013-2014 Avago Technologies
8  *  (mailto: MPT-FusionLinux.pdl@avagotech.com)
9  *
10  * This program is free software; you can redistribute it and/or
11  * modify it under the terms of the GNU General Public License
12  * as published by the Free Software Foundation; either version 2
13  * of the License, or (at your option) any later version.
14  *
15  * This program is distributed in the hope that it will be useful,
16  * but WITHOUT ANY WARRANTY; without even the implied warranty of
17  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
18  * GNU General Public License for more details.
19  *
20  * NO WARRANTY
21  * THE PROGRAM IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OR
22  * CONDITIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED INCLUDING, WITHOUT
23  * LIMITATION, ANY WARRANTIES OR CONDITIONS OF TITLE, NON-INFRINGEMENT,
24  * MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Each Recipient is
25  * solely responsible for determining the appropriateness of using and
26  * distributing the Program and assumes all risks associated with its
27  * exercise of rights under this Agreement, including but not limited to
28  * the risks and costs of program errors, damage to or loss of data,
29  * programs or equipment, and unavailability or interruption of operations.
30 
31  * DISCLAIMER OF LIABILITY
32  * NEITHER RECIPIENT NOR ANY CONTRIBUTORS SHALL HAVE ANY LIABILITY FOR ANY
33  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
34  * DAMAGES (INCLUDING WITHOUT LIMITATION LOST PROFITS), HOWEVER CAUSED AND
35  * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
36  * TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
37  * USE OR DISTRIBUTION OF THE PROGRAM OR THE EXERCISE OF ANY RIGHTS GRANTED
38  * HEREUNDER, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES
39 
40  * You should have received a copy of the GNU General Public License
41  * along with this program; if not, write to the Free Software
42  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301,
43  * USA.
44  */
45 
46 #include <linux/kernel.h>
47 #include <linux/module.h>
48 #include <linux/errno.h>
49 #include <linux/init.h>
50 #include <linux/slab.h>
51 #include <linux/types.h>
52 #include <linux/pci.h>
53 #include <linux/delay.h>
54 #include <linux/compat.h>
55 #include <linux/poll.h>
56 
57 #include <linux/io.h>
58 #include <linux/uaccess.h>
59 
60 #include "mpt3sas_base.h"
61 #include "mpt3sas_ctl.h"
62 
63 
64 static struct fasync_struct *async_queue;
65 static DECLARE_WAIT_QUEUE_HEAD(ctl_poll_wait);
66 
67 
68 /**
69  * enum block_state - blocking state
70  * @NON_BLOCKING: non blocking
71  * @BLOCKING: blocking
72  *
73  * These states are for ioctls that need to wait for a response
74  * from firmware, so they probably require sleep.
75  */
76 enum block_state {
77 	NON_BLOCKING,
78 	BLOCKING,
79 };
80 
81 /**
82  * _ctl_display_some_debug - debug routine
83  * @ioc: per adapter object
84  * @smid: system request message index
85  * @calling_function_name: string pass from calling function
86  * @mpi_reply: reply message frame
87  * Context: none.
88  *
89  * Function for displaying debug info helpful when debugging issues
90  * in this module.
91  */
92 static void
_ctl_display_some_debug(struct MPT3SAS_ADAPTER * ioc,u16 smid,char * calling_function_name,MPI2DefaultReply_t * mpi_reply)93 _ctl_display_some_debug(struct MPT3SAS_ADAPTER *ioc, u16 smid,
94 	char *calling_function_name, MPI2DefaultReply_t *mpi_reply)
95 {
96 	Mpi2ConfigRequest_t *mpi_request;
97 	char *desc = NULL;
98 
99 	if (!(ioc->logging_level & MPT_DEBUG_IOCTL))
100 		return;
101 
102 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
103 	switch (mpi_request->Function) {
104 	case MPI2_FUNCTION_SCSI_IO_REQUEST:
105 	{
106 		Mpi2SCSIIORequest_t *scsi_request =
107 		    (Mpi2SCSIIORequest_t *)mpi_request;
108 
109 		snprintf(ioc->tmp_string, MPT_STRING_LENGTH,
110 		    "scsi_io, cmd(0x%02x), cdb_len(%d)",
111 		    scsi_request->CDB.CDB32[0],
112 		    le16_to_cpu(scsi_request->IoFlags) & 0xF);
113 		desc = ioc->tmp_string;
114 		break;
115 	}
116 	case MPI2_FUNCTION_SCSI_TASK_MGMT:
117 		desc = "task_mgmt";
118 		break;
119 	case MPI2_FUNCTION_IOC_INIT:
120 		desc = "ioc_init";
121 		break;
122 	case MPI2_FUNCTION_IOC_FACTS:
123 		desc = "ioc_facts";
124 		break;
125 	case MPI2_FUNCTION_CONFIG:
126 	{
127 		Mpi2ConfigRequest_t *config_request =
128 		    (Mpi2ConfigRequest_t *)mpi_request;
129 
130 		snprintf(ioc->tmp_string, MPT_STRING_LENGTH,
131 		    "config, type(0x%02x), ext_type(0x%02x), number(%d)",
132 		    (config_request->Header.PageType &
133 		     MPI2_CONFIG_PAGETYPE_MASK), config_request->ExtPageType,
134 		    config_request->Header.PageNumber);
135 		desc = ioc->tmp_string;
136 		break;
137 	}
138 	case MPI2_FUNCTION_PORT_FACTS:
139 		desc = "port_facts";
140 		break;
141 	case MPI2_FUNCTION_PORT_ENABLE:
142 		desc = "port_enable";
143 		break;
144 	case MPI2_FUNCTION_EVENT_NOTIFICATION:
145 		desc = "event_notification";
146 		break;
147 	case MPI2_FUNCTION_FW_DOWNLOAD:
148 		desc = "fw_download";
149 		break;
150 	case MPI2_FUNCTION_FW_UPLOAD:
151 		desc = "fw_upload";
152 		break;
153 	case MPI2_FUNCTION_RAID_ACTION:
154 		desc = "raid_action";
155 		break;
156 	case MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
157 	{
158 		Mpi2SCSIIORequest_t *scsi_request =
159 		    (Mpi2SCSIIORequest_t *)mpi_request;
160 
161 		snprintf(ioc->tmp_string, MPT_STRING_LENGTH,
162 		    "raid_pass, cmd(0x%02x), cdb_len(%d)",
163 		    scsi_request->CDB.CDB32[0],
164 		    le16_to_cpu(scsi_request->IoFlags) & 0xF);
165 		desc = ioc->tmp_string;
166 		break;
167 	}
168 	case MPI2_FUNCTION_SAS_IO_UNIT_CONTROL:
169 		desc = "sas_iounit_cntl";
170 		break;
171 	case MPI2_FUNCTION_SATA_PASSTHROUGH:
172 		desc = "sata_pass";
173 		break;
174 	case MPI2_FUNCTION_DIAG_BUFFER_POST:
175 		desc = "diag_buffer_post";
176 		break;
177 	case MPI2_FUNCTION_DIAG_RELEASE:
178 		desc = "diag_release";
179 		break;
180 	case MPI2_FUNCTION_SMP_PASSTHROUGH:
181 		desc = "smp_passthrough";
182 		break;
183 	case MPI2_FUNCTION_TOOLBOX:
184 		desc = "toolbox";
185 		break;
186 	case MPI2_FUNCTION_NVME_ENCAPSULATED:
187 		desc = "nvme_encapsulated";
188 		break;
189 	}
190 
191 	if (!desc)
192 		return;
193 
194 	ioc_info(ioc, "%s: %s, smid(%d)\n", calling_function_name, desc, smid);
195 
196 	if (!mpi_reply)
197 		return;
198 
199 	if (mpi_reply->IOCStatus || mpi_reply->IOCLogInfo)
200 		ioc_info(ioc, "\tiocstatus(0x%04x), loginfo(0x%08x)\n",
201 			 le16_to_cpu(mpi_reply->IOCStatus),
202 			 le32_to_cpu(mpi_reply->IOCLogInfo));
203 
204 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
205 	    mpi_request->Function ==
206 	    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH) {
207 		Mpi2SCSIIOReply_t *scsi_reply =
208 		    (Mpi2SCSIIOReply_t *)mpi_reply;
209 		struct _sas_device *sas_device = NULL;
210 		struct _pcie_device *pcie_device = NULL;
211 
212 		sas_device = mpt3sas_get_sdev_by_handle(ioc,
213 		    le16_to_cpu(scsi_reply->DevHandle));
214 		if (sas_device) {
215 			ioc_warn(ioc, "\tsas_address(0x%016llx), phy(%d)\n",
216 				 (u64)sas_device->sas_address,
217 				 sas_device->phy);
218 			ioc_warn(ioc, "\tenclosure_logical_id(0x%016llx), slot(%d)\n",
219 				 (u64)sas_device->enclosure_logical_id,
220 				 sas_device->slot);
221 			sas_device_put(sas_device);
222 		}
223 		if (!sas_device) {
224 			pcie_device = mpt3sas_get_pdev_by_handle(ioc,
225 				le16_to_cpu(scsi_reply->DevHandle));
226 			if (pcie_device) {
227 				ioc_warn(ioc, "\tWWID(0x%016llx), port(%d)\n",
228 					 (unsigned long long)pcie_device->wwid,
229 					 pcie_device->port_num);
230 				if (pcie_device->enclosure_handle != 0)
231 					ioc_warn(ioc, "\tenclosure_logical_id(0x%016llx), slot(%d)\n",
232 						 (u64)pcie_device->enclosure_logical_id,
233 						 pcie_device->slot);
234 				pcie_device_put(pcie_device);
235 			}
236 		}
237 		if (scsi_reply->SCSIState || scsi_reply->SCSIStatus)
238 			ioc_info(ioc, "\tscsi_state(0x%02x), scsi_status(0x%02x)\n",
239 				 scsi_reply->SCSIState,
240 				 scsi_reply->SCSIStatus);
241 	}
242 }
243 
244 /**
245  * mpt3sas_ctl_done - ctl module completion routine
246  * @ioc: per adapter object
247  * @smid: system request message index
248  * @msix_index: MSIX table index supplied by the OS
249  * @reply: reply message frame(lower 32bit addr)
250  * Context: none.
251  *
252  * The callback handler when using ioc->ctl_cb_idx.
253  *
254  * Return: 1 meaning mf should be freed from _base_interrupt
255  *         0 means the mf is freed from this function.
256  */
257 u8
mpt3sas_ctl_done(struct MPT3SAS_ADAPTER * ioc,u16 smid,u8 msix_index,u32 reply)258 mpt3sas_ctl_done(struct MPT3SAS_ADAPTER *ioc, u16 smid, u8 msix_index,
259 	u32 reply)
260 {
261 	MPI2DefaultReply_t *mpi_reply;
262 	Mpi2SCSIIOReply_t *scsiio_reply;
263 	Mpi26NVMeEncapsulatedErrorReply_t *nvme_error_reply;
264 	const void *sense_data;
265 	u32 sz;
266 
267 	if (ioc->ctl_cmds.status == MPT3_CMD_NOT_USED)
268 		return 1;
269 	if (ioc->ctl_cmds.smid != smid)
270 		return 1;
271 	ioc->ctl_cmds.status |= MPT3_CMD_COMPLETE;
272 	mpi_reply = mpt3sas_base_get_reply_virt_addr(ioc, reply);
273 	if (mpi_reply) {
274 		memcpy(ioc->ctl_cmds.reply, mpi_reply, mpi_reply->MsgLength*4);
275 		ioc->ctl_cmds.status |= MPT3_CMD_REPLY_VALID;
276 		/* get sense data */
277 		if (mpi_reply->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
278 		    mpi_reply->Function ==
279 		    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH) {
280 			scsiio_reply = (Mpi2SCSIIOReply_t *)mpi_reply;
281 			if (scsiio_reply->SCSIState &
282 			    MPI2_SCSI_STATE_AUTOSENSE_VALID) {
283 				sz = min_t(u32, SCSI_SENSE_BUFFERSIZE,
284 				    le32_to_cpu(scsiio_reply->SenseCount));
285 				sense_data = mpt3sas_base_get_sense_buffer(ioc,
286 				    smid);
287 				memcpy(ioc->ctl_cmds.sense, sense_data, sz);
288 			}
289 		}
290 		/*
291 		 * Get Error Response data for NVMe device. The ctl_cmds.sense
292 		 * buffer is used to store the Error Response data.
293 		 */
294 		if (mpi_reply->Function == MPI2_FUNCTION_NVME_ENCAPSULATED) {
295 			nvme_error_reply =
296 			    (Mpi26NVMeEncapsulatedErrorReply_t *)mpi_reply;
297 			sz = min_t(u32, NVME_ERROR_RESPONSE_SIZE,
298 			    le16_to_cpu(nvme_error_reply->ErrorResponseCount));
299 			sense_data = mpt3sas_base_get_sense_buffer(ioc, smid);
300 			memcpy(ioc->ctl_cmds.sense, sense_data, sz);
301 		}
302 	}
303 
304 	_ctl_display_some_debug(ioc, smid, "ctl_done", mpi_reply);
305 	ioc->ctl_cmds.status &= ~MPT3_CMD_PENDING;
306 	complete(&ioc->ctl_cmds.done);
307 	return 1;
308 }
309 
310 /**
311  * _ctl_check_event_type - determines when an event needs logging
312  * @ioc: per adapter object
313  * @event: firmware event
314  *
315  * The bitmask in ioc->event_type[] indicates which events should be
316  * be saved in the driver event_log.  This bitmask is set by application.
317  *
318  * Return: 1 when event should be captured, or zero means no match.
319  */
320 static int
_ctl_check_event_type(struct MPT3SAS_ADAPTER * ioc,u16 event)321 _ctl_check_event_type(struct MPT3SAS_ADAPTER *ioc, u16 event)
322 {
323 	u16 i;
324 	u32 desired_event;
325 
326 	if (event >= 128 || !event || !ioc->event_log)
327 		return 0;
328 
329 	desired_event = (1 << (event % 32));
330 	if (!desired_event)
331 		desired_event = 1;
332 	i = event / 32;
333 	return desired_event & ioc->event_type[i];
334 }
335 
336 /**
337  * mpt3sas_ctl_add_to_event_log - add event
338  * @ioc: per adapter object
339  * @mpi_reply: reply message frame
340  */
341 void
mpt3sas_ctl_add_to_event_log(struct MPT3SAS_ADAPTER * ioc,Mpi2EventNotificationReply_t * mpi_reply)342 mpt3sas_ctl_add_to_event_log(struct MPT3SAS_ADAPTER *ioc,
343 	Mpi2EventNotificationReply_t *mpi_reply)
344 {
345 	struct MPT3_IOCTL_EVENTS *event_log;
346 	u16 event;
347 	int i;
348 	u32 sz, event_data_sz;
349 	u8 send_aen = 0;
350 
351 	if (!ioc->event_log)
352 		return;
353 
354 	event = le16_to_cpu(mpi_reply->Event);
355 
356 	if (_ctl_check_event_type(ioc, event)) {
357 
358 		/* insert entry into circular event_log */
359 		i = ioc->event_context % MPT3SAS_CTL_EVENT_LOG_SIZE;
360 		event_log = ioc->event_log;
361 		event_log[i].event = event;
362 		event_log[i].context = ioc->event_context++;
363 
364 		event_data_sz = le16_to_cpu(mpi_reply->EventDataLength)*4;
365 		sz = min_t(u32, event_data_sz, MPT3_EVENT_DATA_SIZE);
366 		memset(event_log[i].data, 0, MPT3_EVENT_DATA_SIZE);
367 		memcpy(event_log[i].data, mpi_reply->EventData, sz);
368 		send_aen = 1;
369 	}
370 
371 	/* This aen_event_read_flag flag is set until the
372 	 * application has read the event log.
373 	 * For MPI2_EVENT_LOG_ENTRY_ADDED, we always notify.
374 	 */
375 	if (event == MPI2_EVENT_LOG_ENTRY_ADDED ||
376 	    (send_aen && !ioc->aen_event_read_flag)) {
377 		ioc->aen_event_read_flag = 1;
378 		wake_up_interruptible(&ctl_poll_wait);
379 		if (async_queue)
380 			kill_fasync(&async_queue, SIGIO, POLL_IN);
381 	}
382 }
383 
384 /**
385  * mpt3sas_ctl_event_callback - firmware event handler (called at ISR time)
386  * @ioc: per adapter object
387  * @msix_index: MSIX table index supplied by the OS
388  * @reply: reply message frame(lower 32bit addr)
389  * Context: interrupt.
390  *
391  * This function merely adds a new work task into ioc->firmware_event_thread.
392  * The tasks are worked from _firmware_event_work in user context.
393  *
394  * Return: 1 meaning mf should be freed from _base_interrupt
395  *         0 means the mf is freed from this function.
396  */
397 u8
mpt3sas_ctl_event_callback(struct MPT3SAS_ADAPTER * ioc,u8 msix_index,u32 reply)398 mpt3sas_ctl_event_callback(struct MPT3SAS_ADAPTER *ioc, u8 msix_index,
399 	u32 reply)
400 {
401 	Mpi2EventNotificationReply_t *mpi_reply;
402 
403 	mpi_reply = mpt3sas_base_get_reply_virt_addr(ioc, reply);
404 	if (mpi_reply)
405 		mpt3sas_ctl_add_to_event_log(ioc, mpi_reply);
406 	return 1;
407 }
408 
409 /**
410  * _ctl_verify_adapter - validates ioc_number passed from application
411  * @ioc_number: ?
412  * @iocpp: The ioc pointer is returned in this.
413  * @mpi_version: will be MPI2_VERSION for mpt2ctl ioctl device &
414  * MPI25_VERSION | MPI26_VERSION for mpt3ctl ioctl device.
415  *
416  * Return: (-1) means error, else ioc_number.
417  */
418 static int
_ctl_verify_adapter(int ioc_number,struct MPT3SAS_ADAPTER ** iocpp,int mpi_version)419 _ctl_verify_adapter(int ioc_number, struct MPT3SAS_ADAPTER **iocpp,
420 							int mpi_version)
421 {
422 	struct MPT3SAS_ADAPTER *ioc;
423 	int version = 0;
424 	/* global ioc lock to protect controller on list operations */
425 	spin_lock(&gioc_lock);
426 	list_for_each_entry(ioc, &mpt3sas_ioc_list, list) {
427 		if (ioc->id != ioc_number)
428 			continue;
429 		/* Check whether this ioctl command is from right
430 		 * ioctl device or not, if not continue the search.
431 		 */
432 		version = ioc->hba_mpi_version_belonged;
433 		/* MPI25_VERSION and MPI26_VERSION uses same ioctl
434 		 * device.
435 		 */
436 		if (mpi_version == (MPI25_VERSION | MPI26_VERSION)) {
437 			if ((version == MPI25_VERSION) ||
438 				(version == MPI26_VERSION))
439 				goto out;
440 			else
441 				continue;
442 		} else {
443 			if (version != mpi_version)
444 				continue;
445 		}
446 out:
447 		spin_unlock(&gioc_lock);
448 		*iocpp = ioc;
449 		return ioc_number;
450 	}
451 	spin_unlock(&gioc_lock);
452 	*iocpp = NULL;
453 	return -1;
454 }
455 
456 /**
457  * mpt3sas_ctl_pre_reset_handler - reset callback handler (for ctl)
458  * @ioc: per adapter object
459  *
460  * The handler for doing any required cleanup or initialization.
461  */
mpt3sas_ctl_pre_reset_handler(struct MPT3SAS_ADAPTER * ioc)462 void mpt3sas_ctl_pre_reset_handler(struct MPT3SAS_ADAPTER *ioc)
463 {
464 	int i;
465 	u8 issue_reset;
466 
467 	dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_PRE_RESET\n", __func__));
468 	for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
469 		if (!(ioc->diag_buffer_status[i] &
470 		      MPT3_DIAG_BUFFER_IS_REGISTERED))
471 			continue;
472 		if ((ioc->diag_buffer_status[i] &
473 		     MPT3_DIAG_BUFFER_IS_RELEASED))
474 			continue;
475 
476 		/*
477 		 * add a log message to indicate the release
478 		 */
479 		ioc_info(ioc,
480 		    "%s: Releasing the trace buffer due to adapter reset.",
481 		    __func__);
482 		ioc->htb_rel.buffer_rel_condition =
483 		    MPT3_DIAG_BUFFER_REL_TRIGGER;
484 		mpt3sas_send_diag_release(ioc, i, &issue_reset);
485 	}
486 }
487 
488 /**
489  * mpt3sas_ctl_clear_outstanding_ioctls - clears outstanding ioctl cmd.
490  * @ioc: per adapter object
491  *
492  * The handler for doing any required cleanup or initialization.
493  */
mpt3sas_ctl_clear_outstanding_ioctls(struct MPT3SAS_ADAPTER * ioc)494 void mpt3sas_ctl_clear_outstanding_ioctls(struct MPT3SAS_ADAPTER *ioc)
495 {
496 	dtmprintk(ioc,
497 	    ioc_info(ioc, "%s: clear outstanding ioctl cmd\n", __func__));
498 	if (ioc->ctl_cmds.status & MPT3_CMD_PENDING) {
499 		ioc->ctl_cmds.status |= MPT3_CMD_RESET;
500 		mpt3sas_base_free_smid(ioc, ioc->ctl_cmds.smid);
501 		complete(&ioc->ctl_cmds.done);
502 	}
503 }
504 
505 /**
506  * mpt3sas_ctl_reset_done_handler - reset callback handler (for ctl)
507  * @ioc: per adapter object
508  *
509  * The handler for doing any required cleanup or initialization.
510  */
mpt3sas_ctl_reset_done_handler(struct MPT3SAS_ADAPTER * ioc)511 void mpt3sas_ctl_reset_done_handler(struct MPT3SAS_ADAPTER *ioc)
512 {
513 	int i;
514 
515 	dtmprintk(ioc, ioc_info(ioc, "%s: MPT3_IOC_DONE_RESET\n", __func__));
516 
517 	for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
518 		if (!(ioc->diag_buffer_status[i] &
519 		      MPT3_DIAG_BUFFER_IS_REGISTERED))
520 			continue;
521 		if ((ioc->diag_buffer_status[i] &
522 		     MPT3_DIAG_BUFFER_IS_RELEASED))
523 			continue;
524 		ioc->diag_buffer_status[i] |=
525 			MPT3_DIAG_BUFFER_IS_DIAG_RESET;
526 	}
527 }
528 
529 /**
530  * _ctl_fasync -
531  * @fd: ?
532  * @filep: ?
533  * @mode: ?
534  *
535  * Called when application request fasyn callback handler.
536  */
537 static int
_ctl_fasync(int fd,struct file * filep,int mode)538 _ctl_fasync(int fd, struct file *filep, int mode)
539 {
540 	return fasync_helper(fd, filep, mode, &async_queue);
541 }
542 
543 /**
544  * _ctl_poll -
545  * @filep: ?
546  * @wait: ?
547  *
548  */
549 static __poll_t
_ctl_poll(struct file * filep,poll_table * wait)550 _ctl_poll(struct file *filep, poll_table *wait)
551 {
552 	struct MPT3SAS_ADAPTER *ioc;
553 
554 	poll_wait(filep, &ctl_poll_wait, wait);
555 
556 	/* global ioc lock to protect controller on list operations */
557 	spin_lock(&gioc_lock);
558 	list_for_each_entry(ioc, &mpt3sas_ioc_list, list) {
559 		if (ioc->aen_event_read_flag) {
560 			spin_unlock(&gioc_lock);
561 			return EPOLLIN | EPOLLRDNORM;
562 		}
563 	}
564 	spin_unlock(&gioc_lock);
565 	return 0;
566 }
567 
568 /**
569  * _ctl_set_task_mid - assign an active smid to tm request
570  * @ioc: per adapter object
571  * @karg: (struct mpt3_ioctl_command)
572  * @tm_request: pointer to mf from user space
573  *
574  * Return: 0 when an smid if found, else fail.
575  * during failure, the reply frame is filled.
576  */
577 static int
_ctl_set_task_mid(struct MPT3SAS_ADAPTER * ioc,struct mpt3_ioctl_command * karg,Mpi2SCSITaskManagementRequest_t * tm_request)578 _ctl_set_task_mid(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command *karg,
579 	Mpi2SCSITaskManagementRequest_t *tm_request)
580 {
581 	bool found = false;
582 	u16 smid;
583 	u16 handle;
584 	struct scsi_cmnd *scmd;
585 	struct MPT3SAS_DEVICE *priv_data;
586 	Mpi2SCSITaskManagementReply_t *tm_reply;
587 	u32 sz;
588 	u32 lun;
589 	char *desc = NULL;
590 
591 	if (tm_request->TaskType == MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK)
592 		desc = "abort_task";
593 	else if (tm_request->TaskType == MPI2_SCSITASKMGMT_TASKTYPE_QUERY_TASK)
594 		desc = "query_task";
595 	else
596 		return 0;
597 
598 	lun = scsilun_to_int((struct scsi_lun *)tm_request->LUN);
599 
600 	handle = le16_to_cpu(tm_request->DevHandle);
601 	for (smid = ioc->scsiio_depth; smid && !found; smid--) {
602 		struct scsiio_tracker *st;
603 		__le16 task_mid;
604 
605 		scmd = mpt3sas_scsih_scsi_lookup_get(ioc, smid);
606 		if (!scmd)
607 			continue;
608 		if (lun != scmd->device->lun)
609 			continue;
610 		priv_data = scmd->device->hostdata;
611 		if (priv_data->sas_target == NULL)
612 			continue;
613 		if (priv_data->sas_target->handle != handle)
614 			continue;
615 		st = scsi_cmd_priv(scmd);
616 
617 		/*
618 		 * If the given TaskMID from the user space is zero, then the
619 		 * first outstanding smid will be picked up.  Otherwise,
620 		 * targeted smid will be the one.
621 		 */
622 		task_mid = cpu_to_le16(st->smid);
623 		if (!tm_request->TaskMID)
624 			tm_request->TaskMID = task_mid;
625 		found = tm_request->TaskMID == task_mid;
626 	}
627 
628 	if (!found) {
629 		dctlprintk(ioc,
630 			   ioc_info(ioc, "%s: handle(0x%04x), lun(%d), no active mid!!\n",
631 				    desc, le16_to_cpu(tm_request->DevHandle),
632 				    lun));
633 		tm_reply = ioc->ctl_cmds.reply;
634 		tm_reply->DevHandle = tm_request->DevHandle;
635 		tm_reply->Function = MPI2_FUNCTION_SCSI_TASK_MGMT;
636 		tm_reply->TaskType = tm_request->TaskType;
637 		tm_reply->MsgLength = sizeof(Mpi2SCSITaskManagementReply_t)/4;
638 		tm_reply->VP_ID = tm_request->VP_ID;
639 		tm_reply->VF_ID = tm_request->VF_ID;
640 		sz = min_t(u32, karg->max_reply_bytes, ioc->reply_sz);
641 		if (copy_to_user(karg->reply_frame_buf_ptr, ioc->ctl_cmds.reply,
642 		    sz))
643 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
644 			    __LINE__, __func__);
645 		return 1;
646 	}
647 
648 	dctlprintk(ioc,
649 		   ioc_info(ioc, "%s: handle(0x%04x), lun(%d), task_mid(%d)\n",
650 			    desc, le16_to_cpu(tm_request->DevHandle), lun,
651 			    le16_to_cpu(tm_request->TaskMID)));
652 	return 0;
653 }
654 
655 /**
656  * _ctl_do_mpt_command - main handler for MPT3COMMAND opcode
657  * @ioc: per adapter object
658  * @karg: (struct mpt3_ioctl_command)
659  * @mf: pointer to mf in user space
660  */
661 static long
_ctl_do_mpt_command(struct MPT3SAS_ADAPTER * ioc,struct mpt3_ioctl_command karg,void __user * mf)662 _ctl_do_mpt_command(struct MPT3SAS_ADAPTER *ioc, struct mpt3_ioctl_command karg,
663 	void __user *mf)
664 {
665 	MPI2RequestHeader_t *mpi_request = NULL, *request;
666 	MPI2DefaultReply_t *mpi_reply;
667 	Mpi26NVMeEncapsulatedRequest_t *nvme_encap_request = NULL;
668 	struct _pcie_device *pcie_device = NULL;
669 	u16 smid;
670 	unsigned long timeout;
671 	u8 issue_reset;
672 	u32 sz, sz_arg;
673 	void *psge;
674 	void *data_out = NULL;
675 	dma_addr_t data_out_dma = 0;
676 	size_t data_out_sz = 0;
677 	void *data_in = NULL;
678 	dma_addr_t data_in_dma = 0;
679 	size_t data_in_sz = 0;
680 	long ret;
681 	u16 device_handle = MPT3SAS_INVALID_DEVICE_HANDLE;
682 
683 	issue_reset = 0;
684 
685 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
686 		ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
687 		ret = -EAGAIN;
688 		goto out;
689 	}
690 
691 	ret = mpt3sas_wait_for_ioc(ioc,	IOC_OPERATIONAL_WAIT_COUNT);
692 	if (ret)
693 		goto out;
694 
695 	mpi_request = kzalloc(ioc->request_sz, GFP_KERNEL);
696 	if (!mpi_request) {
697 		ioc_err(ioc, "%s: failed obtaining a memory for mpi_request\n",
698 			__func__);
699 		ret = -ENOMEM;
700 		goto out;
701 	}
702 
703 	/* Check for overflow and wraparound */
704 	if (karg.data_sge_offset * 4 > ioc->request_sz ||
705 	    karg.data_sge_offset > (UINT_MAX / 4)) {
706 		ret = -EINVAL;
707 		goto out;
708 	}
709 
710 	/* copy in request message frame from user */
711 	if (copy_from_user(mpi_request, mf, karg.data_sge_offset*4)) {
712 		pr_err("failure at %s:%d/%s()!\n", __FILE__, __LINE__,
713 		    __func__);
714 		ret = -EFAULT;
715 		goto out;
716 	}
717 
718 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_TASK_MGMT) {
719 		smid = mpt3sas_base_get_smid_hpr(ioc, ioc->ctl_cb_idx);
720 		if (!smid) {
721 			ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
722 			ret = -EAGAIN;
723 			goto out;
724 		}
725 	} else {
726 		/* Use first reserved smid for passthrough ioctls */
727 		smid = ioc->scsiio_depth - INTERNAL_SCSIIO_CMDS_COUNT + 1;
728 	}
729 
730 	ret = 0;
731 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
732 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
733 	request = mpt3sas_base_get_msg_frame(ioc, smid);
734 	memset(request, 0, ioc->request_sz);
735 	memcpy(request, mpi_request, karg.data_sge_offset*4);
736 	ioc->ctl_cmds.smid = smid;
737 	data_out_sz = karg.data_out_size;
738 	data_in_sz = karg.data_in_size;
739 
740 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
741 	    mpi_request->Function == MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH ||
742 	    mpi_request->Function == MPI2_FUNCTION_SCSI_TASK_MGMT ||
743 	    mpi_request->Function == MPI2_FUNCTION_SATA_PASSTHROUGH ||
744 	    mpi_request->Function == MPI2_FUNCTION_NVME_ENCAPSULATED) {
745 
746 		device_handle = le16_to_cpu(mpi_request->FunctionDependent1);
747 		if (!device_handle || (device_handle >
748 		    ioc->facts.MaxDevHandle)) {
749 			ret = -EINVAL;
750 			mpt3sas_base_free_smid(ioc, smid);
751 			goto out;
752 		}
753 	}
754 
755 	/* obtain dma-able memory for data transfer */
756 	if (data_out_sz) /* WRITE */ {
757 		data_out = dma_alloc_coherent(&ioc->pdev->dev, data_out_sz,
758 				&data_out_dma, GFP_KERNEL);
759 		if (!data_out) {
760 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
761 			    __LINE__, __func__);
762 			ret = -ENOMEM;
763 			mpt3sas_base_free_smid(ioc, smid);
764 			goto out;
765 		}
766 		if (copy_from_user(data_out, karg.data_out_buf_ptr,
767 			data_out_sz)) {
768 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
769 			    __LINE__, __func__);
770 			ret =  -EFAULT;
771 			mpt3sas_base_free_smid(ioc, smid);
772 			goto out;
773 		}
774 	}
775 
776 	if (data_in_sz) /* READ */ {
777 		data_in = dma_alloc_coherent(&ioc->pdev->dev, data_in_sz,
778 				&data_in_dma, GFP_KERNEL);
779 		if (!data_in) {
780 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
781 			    __LINE__, __func__);
782 			ret = -ENOMEM;
783 			mpt3sas_base_free_smid(ioc, smid);
784 			goto out;
785 		}
786 	}
787 
788 	psge = (void *)request + (karg.data_sge_offset*4);
789 
790 	/* send command to firmware */
791 	_ctl_display_some_debug(ioc, smid, "ctl_request", NULL);
792 
793 	init_completion(&ioc->ctl_cmds.done);
794 	switch (mpi_request->Function) {
795 	case MPI2_FUNCTION_NVME_ENCAPSULATED:
796 	{
797 		nvme_encap_request = (Mpi26NVMeEncapsulatedRequest_t *)request;
798 		if (!ioc->pcie_sg_lookup) {
799 			dtmprintk(ioc, ioc_info(ioc,
800 			    "HBA doesn't support NVMe. Rejecting NVMe Encapsulated request.\n"
801 			    ));
802 
803 			if (ioc->logging_level & MPT_DEBUG_TM)
804 				_debug_dump_mf(nvme_encap_request,
805 				    ioc->request_sz/4);
806 			mpt3sas_base_free_smid(ioc, smid);
807 			ret = -EINVAL;
808 			goto out;
809 		}
810 		/*
811 		 * Get the Physical Address of the sense buffer.
812 		 * Use Error Response buffer address field to hold the sense
813 		 * buffer address.
814 		 * Clear the internal sense buffer, which will potentially hold
815 		 * the Completion Queue Entry on return, or 0 if no Entry.
816 		 * Build the PRPs and set direction bits.
817 		 * Send the request.
818 		 */
819 		nvme_encap_request->ErrorResponseBaseAddress =
820 		    cpu_to_le64(ioc->sense_dma & 0xFFFFFFFF00000000UL);
821 		nvme_encap_request->ErrorResponseBaseAddress |=
822 		   cpu_to_le64(le32_to_cpu(
823 		   mpt3sas_base_get_sense_buffer_dma(ioc, smid)));
824 		nvme_encap_request->ErrorResponseAllocationLength =
825 					cpu_to_le16(NVME_ERROR_RESPONSE_SIZE);
826 		memset(ioc->ctl_cmds.sense, 0, NVME_ERROR_RESPONSE_SIZE);
827 		ioc->build_nvme_prp(ioc, smid, nvme_encap_request,
828 		    data_out_dma, data_out_sz, data_in_dma, data_in_sz);
829 		if (test_bit(device_handle, ioc->device_remove_in_progress)) {
830 			dtmprintk(ioc,
831 				  ioc_info(ioc, "handle(0x%04x): ioctl failed due to device removal in progress\n",
832 					   device_handle));
833 			mpt3sas_base_free_smid(ioc, smid);
834 			ret = -EINVAL;
835 			goto out;
836 		}
837 		mpt3sas_base_put_smid_nvme_encap(ioc, smid);
838 		break;
839 	}
840 	case MPI2_FUNCTION_SCSI_IO_REQUEST:
841 	case MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH:
842 	{
843 		Mpi2SCSIIORequest_t *scsiio_request =
844 		    (Mpi2SCSIIORequest_t *)request;
845 		scsiio_request->SenseBufferLength = SCSI_SENSE_BUFFERSIZE;
846 		scsiio_request->SenseBufferLowAddress =
847 		    mpt3sas_base_get_sense_buffer_dma(ioc, smid);
848 		memset(ioc->ctl_cmds.sense, 0, SCSI_SENSE_BUFFERSIZE);
849 		if (test_bit(device_handle, ioc->device_remove_in_progress)) {
850 			dtmprintk(ioc,
851 				  ioc_info(ioc, "handle(0x%04x) :ioctl failed due to device removal in progress\n",
852 					   device_handle));
853 			mpt3sas_base_free_smid(ioc, smid);
854 			ret = -EINVAL;
855 			goto out;
856 		}
857 		ioc->build_sg(ioc, psge, data_out_dma, data_out_sz,
858 		    data_in_dma, data_in_sz);
859 		if (mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST)
860 			ioc->put_smid_scsi_io(ioc, smid, device_handle);
861 		else
862 			ioc->put_smid_default(ioc, smid);
863 		break;
864 	}
865 	case MPI2_FUNCTION_SCSI_TASK_MGMT:
866 	{
867 		Mpi2SCSITaskManagementRequest_t *tm_request =
868 		    (Mpi2SCSITaskManagementRequest_t *)request;
869 
870 		dtmprintk(ioc,
871 			  ioc_info(ioc, "TASK_MGMT: handle(0x%04x), task_type(0x%02x)\n",
872 				   le16_to_cpu(tm_request->DevHandle),
873 				   tm_request->TaskType));
874 		ioc->got_task_abort_from_ioctl = 1;
875 		if (tm_request->TaskType ==
876 		    MPI2_SCSITASKMGMT_TASKTYPE_ABORT_TASK ||
877 		    tm_request->TaskType ==
878 		    MPI2_SCSITASKMGMT_TASKTYPE_QUERY_TASK) {
879 			if (_ctl_set_task_mid(ioc, &karg, tm_request)) {
880 				mpt3sas_base_free_smid(ioc, smid);
881 				ioc->got_task_abort_from_ioctl = 0;
882 				goto out;
883 			}
884 		}
885 		ioc->got_task_abort_from_ioctl = 0;
886 
887 		if (test_bit(device_handle, ioc->device_remove_in_progress)) {
888 			dtmprintk(ioc,
889 				  ioc_info(ioc, "handle(0x%04x) :ioctl failed due to device removal in progress\n",
890 					   device_handle));
891 			mpt3sas_base_free_smid(ioc, smid);
892 			ret = -EINVAL;
893 			goto out;
894 		}
895 		mpt3sas_scsih_set_tm_flag(ioc, le16_to_cpu(
896 		    tm_request->DevHandle));
897 		ioc->build_sg_mpi(ioc, psge, data_out_dma, data_out_sz,
898 		    data_in_dma, data_in_sz);
899 		ioc->put_smid_hi_priority(ioc, smid, 0);
900 		break;
901 	}
902 	case MPI2_FUNCTION_SMP_PASSTHROUGH:
903 	{
904 		Mpi2SmpPassthroughRequest_t *smp_request =
905 		    (Mpi2SmpPassthroughRequest_t *)mpi_request;
906 		u8 *data;
907 
908 		if (!ioc->multipath_on_hba) {
909 			/* ioc determines which port to use */
910 			smp_request->PhysicalPort = 0xFF;
911 		}
912 		if (smp_request->PassthroughFlags &
913 		    MPI2_SMP_PT_REQ_PT_FLAGS_IMMEDIATE)
914 			data = (u8 *)&smp_request->SGL;
915 		else {
916 			if (unlikely(data_out == NULL)) {
917 				pr_err("failure at %s:%d/%s()!\n",
918 				    __FILE__, __LINE__, __func__);
919 				mpt3sas_base_free_smid(ioc, smid);
920 				ret = -EINVAL;
921 				goto out;
922 			}
923 			data = data_out;
924 		}
925 
926 		if (data[1] == 0x91 && (data[10] == 1 || data[10] == 2)) {
927 			ioc->ioc_link_reset_in_progress = 1;
928 			ioc->ignore_loginfos = 1;
929 		}
930 		ioc->build_sg(ioc, psge, data_out_dma, data_out_sz, data_in_dma,
931 		    data_in_sz);
932 		ioc->put_smid_default(ioc, smid);
933 		break;
934 	}
935 	case MPI2_FUNCTION_SATA_PASSTHROUGH:
936 	{
937 		if (test_bit(device_handle, ioc->device_remove_in_progress)) {
938 			dtmprintk(ioc,
939 				  ioc_info(ioc, "handle(0x%04x) :ioctl failed due to device removal in progress\n",
940 					   device_handle));
941 			mpt3sas_base_free_smid(ioc, smid);
942 			ret = -EINVAL;
943 			goto out;
944 		}
945 		ioc->build_sg(ioc, psge, data_out_dma, data_out_sz, data_in_dma,
946 		    data_in_sz);
947 		ioc->put_smid_default(ioc, smid);
948 		break;
949 	}
950 	case MPI2_FUNCTION_FW_DOWNLOAD:
951 	case MPI2_FUNCTION_FW_UPLOAD:
952 	{
953 		ioc->build_sg(ioc, psge, data_out_dma, data_out_sz, data_in_dma,
954 		    data_in_sz);
955 		ioc->put_smid_default(ioc, smid);
956 		break;
957 	}
958 	case MPI2_FUNCTION_TOOLBOX:
959 	{
960 		Mpi2ToolboxCleanRequest_t *toolbox_request =
961 			(Mpi2ToolboxCleanRequest_t *)mpi_request;
962 
963 		if ((toolbox_request->Tool == MPI2_TOOLBOX_DIAGNOSTIC_CLI_TOOL)
964 		    || (toolbox_request->Tool ==
965 		    MPI26_TOOLBOX_BACKEND_PCIE_LANE_MARGIN))
966 			ioc->build_sg(ioc, psge, data_out_dma, data_out_sz,
967 				data_in_dma, data_in_sz);
968 		else if (toolbox_request->Tool ==
969 				MPI2_TOOLBOX_MEMORY_MOVE_TOOL) {
970 			Mpi2ToolboxMemMoveRequest_t *mem_move_request =
971 					(Mpi2ToolboxMemMoveRequest_t *)request;
972 			Mpi2SGESimple64_t tmp, *src = NULL, *dst = NULL;
973 
974 			ioc->build_sg_mpi(ioc, psge, data_out_dma,
975 					data_out_sz, data_in_dma, data_in_sz);
976 			if (data_out_sz && !data_in_sz) {
977 				dst =
978 				    (Mpi2SGESimple64_t *)&mem_move_request->SGL;
979 				src = (void *)dst + ioc->sge_size;
980 
981 				memcpy(&tmp, src, ioc->sge_size);
982 				memcpy(src, dst, ioc->sge_size);
983 				memcpy(dst, &tmp, ioc->sge_size);
984 			}
985 			if (ioc->logging_level & MPT_DEBUG_TM) {
986 				ioc_info(ioc,
987 				  "Mpi2ToolboxMemMoveRequest_t request msg\n");
988 				_debug_dump_mf(mem_move_request,
989 							ioc->request_sz/4);
990 			}
991 		} else
992 			ioc->build_sg_mpi(ioc, psge, data_out_dma, data_out_sz,
993 			    data_in_dma, data_in_sz);
994 		ioc->put_smid_default(ioc, smid);
995 		break;
996 	}
997 	case MPI2_FUNCTION_SAS_IO_UNIT_CONTROL:
998 	{
999 		Mpi2SasIoUnitControlRequest_t *sasiounit_request =
1000 		    (Mpi2SasIoUnitControlRequest_t *)mpi_request;
1001 
1002 		if (sasiounit_request->Operation == MPI2_SAS_OP_PHY_HARD_RESET
1003 		    || sasiounit_request->Operation ==
1004 		    MPI2_SAS_OP_PHY_LINK_RESET) {
1005 			ioc->ioc_link_reset_in_progress = 1;
1006 			ioc->ignore_loginfos = 1;
1007 		}
1008 		/* drop to default case for posting the request */
1009 	}
1010 		fallthrough;
1011 	default:
1012 		ioc->build_sg_mpi(ioc, psge, data_out_dma, data_out_sz,
1013 		    data_in_dma, data_in_sz);
1014 		ioc->put_smid_default(ioc, smid);
1015 		break;
1016 	}
1017 
1018 	if (karg.timeout < MPT3_IOCTL_DEFAULT_TIMEOUT)
1019 		timeout = MPT3_IOCTL_DEFAULT_TIMEOUT;
1020 	else
1021 		timeout = karg.timeout;
1022 	wait_for_completion_timeout(&ioc->ctl_cmds.done, timeout*HZ);
1023 	if (mpi_request->Function == MPI2_FUNCTION_SCSI_TASK_MGMT) {
1024 		Mpi2SCSITaskManagementRequest_t *tm_request =
1025 		    (Mpi2SCSITaskManagementRequest_t *)mpi_request;
1026 		mpt3sas_scsih_clear_tm_flag(ioc, le16_to_cpu(
1027 		    tm_request->DevHandle));
1028 		mpt3sas_trigger_master(ioc, MASTER_TRIGGER_TASK_MANAGMENT);
1029 	} else if ((mpi_request->Function == MPI2_FUNCTION_SMP_PASSTHROUGH ||
1030 	    mpi_request->Function == MPI2_FUNCTION_SAS_IO_UNIT_CONTROL) &&
1031 		ioc->ioc_link_reset_in_progress) {
1032 		ioc->ioc_link_reset_in_progress = 0;
1033 		ioc->ignore_loginfos = 0;
1034 	}
1035 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
1036 		mpt3sas_check_cmd_timeout(ioc,
1037 		    ioc->ctl_cmds.status, mpi_request,
1038 		    karg.data_sge_offset, issue_reset);
1039 		goto issue_host_reset;
1040 	}
1041 
1042 	mpi_reply = ioc->ctl_cmds.reply;
1043 
1044 	if (mpi_reply->Function == MPI2_FUNCTION_SCSI_TASK_MGMT &&
1045 	    (ioc->logging_level & MPT_DEBUG_TM)) {
1046 		Mpi2SCSITaskManagementReply_t *tm_reply =
1047 		    (Mpi2SCSITaskManagementReply_t *)mpi_reply;
1048 
1049 		ioc_info(ioc, "TASK_MGMT: IOCStatus(0x%04x), IOCLogInfo(0x%08x), TerminationCount(0x%08x)\n",
1050 			 le16_to_cpu(tm_reply->IOCStatus),
1051 			 le32_to_cpu(tm_reply->IOCLogInfo),
1052 			 le32_to_cpu(tm_reply->TerminationCount));
1053 	}
1054 
1055 	/* copy out xdata to user */
1056 	if (data_in_sz) {
1057 		if (copy_to_user(karg.data_in_buf_ptr, data_in,
1058 		    data_in_sz)) {
1059 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
1060 			    __LINE__, __func__);
1061 			ret = -ENODATA;
1062 			goto out;
1063 		}
1064 	}
1065 
1066 	/* copy out reply message frame to user */
1067 	if (karg.max_reply_bytes) {
1068 		sz = min_t(u32, karg.max_reply_bytes, ioc->reply_sz);
1069 		if (copy_to_user(karg.reply_frame_buf_ptr, ioc->ctl_cmds.reply,
1070 		    sz)) {
1071 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
1072 			    __LINE__, __func__);
1073 			ret = -ENODATA;
1074 			goto out;
1075 		}
1076 	}
1077 
1078 	/* copy out sense/NVMe Error Response to user */
1079 	if (karg.max_sense_bytes && (mpi_request->Function ==
1080 	    MPI2_FUNCTION_SCSI_IO_REQUEST || mpi_request->Function ==
1081 	    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH || mpi_request->Function ==
1082 	    MPI2_FUNCTION_NVME_ENCAPSULATED)) {
1083 		if (karg.sense_data_ptr == NULL) {
1084 			ioc_info(ioc, "Response buffer provided by application is NULL; Response data will not be returned\n");
1085 			goto out;
1086 		}
1087 		sz_arg = (mpi_request->Function ==
1088 		MPI2_FUNCTION_NVME_ENCAPSULATED) ? NVME_ERROR_RESPONSE_SIZE :
1089 							SCSI_SENSE_BUFFERSIZE;
1090 		sz = min_t(u32, karg.max_sense_bytes, sz_arg);
1091 		if (copy_to_user(karg.sense_data_ptr, ioc->ctl_cmds.sense,
1092 		    sz)) {
1093 			pr_err("failure at %s:%d/%s()!\n", __FILE__,
1094 				__LINE__, __func__);
1095 			ret = -ENODATA;
1096 			goto out;
1097 		}
1098 	}
1099 
1100  issue_host_reset:
1101 	if (issue_reset) {
1102 		ret = -ENODATA;
1103 		if ((mpi_request->Function == MPI2_FUNCTION_SCSI_IO_REQUEST ||
1104 		    mpi_request->Function ==
1105 		    MPI2_FUNCTION_RAID_SCSI_IO_PASSTHROUGH ||
1106 		    mpi_request->Function == MPI2_FUNCTION_SATA_PASSTHROUGH)) {
1107 			ioc_info(ioc, "issue target reset: handle = (0x%04x)\n",
1108 				 le16_to_cpu(mpi_request->FunctionDependent1));
1109 			mpt3sas_halt_firmware(ioc);
1110 			pcie_device = mpt3sas_get_pdev_by_handle(ioc,
1111 				le16_to_cpu(mpi_request->FunctionDependent1));
1112 			if (pcie_device && (!ioc->tm_custom_handling) &&
1113 			    (!(mpt3sas_scsih_is_pcie_scsi_device(
1114 			    pcie_device->device_info))))
1115 				mpt3sas_scsih_issue_locked_tm(ioc,
1116 				  le16_to_cpu(mpi_request->FunctionDependent1),
1117 				  0, 0, 0,
1118 				  MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET, 0,
1119 				  0, pcie_device->reset_timeout,
1120 			MPI26_SCSITASKMGMT_MSGFLAGS_PROTOCOL_LVL_RST_PCIE);
1121 			else
1122 				mpt3sas_scsih_issue_locked_tm(ioc,
1123 				  le16_to_cpu(mpi_request->FunctionDependent1),
1124 				  0, 0, 0,
1125 				  MPI2_SCSITASKMGMT_TASKTYPE_TARGET_RESET, 0,
1126 				  0, 30, MPI2_SCSITASKMGMT_MSGFLAGS_LINK_RESET);
1127 		} else
1128 			mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
1129 	}
1130 
1131  out:
1132 	if (pcie_device)
1133 		pcie_device_put(pcie_device);
1134 
1135 	/* free memory associated with sg buffers */
1136 	if (data_in)
1137 		dma_free_coherent(&ioc->pdev->dev, data_in_sz, data_in,
1138 		    data_in_dma);
1139 
1140 	if (data_out)
1141 		dma_free_coherent(&ioc->pdev->dev, data_out_sz, data_out,
1142 		    data_out_dma);
1143 
1144 	kfree(mpi_request);
1145 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
1146 	return ret;
1147 }
1148 
1149 /**
1150  * _ctl_getiocinfo - main handler for MPT3IOCINFO opcode
1151  * @ioc: per adapter object
1152  * @arg: user space buffer containing ioctl content
1153  */
1154 static long
_ctl_getiocinfo(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1155 _ctl_getiocinfo(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1156 {
1157 	struct mpt3_ioctl_iocinfo karg;
1158 
1159 	dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
1160 				 __func__));
1161 
1162 	memset(&karg, 0 , sizeof(karg));
1163 	if (ioc->pfacts)
1164 		karg.port_number = ioc->pfacts[0].PortNumber;
1165 	karg.hw_rev = ioc->pdev->revision;
1166 	karg.pci_id = ioc->pdev->device;
1167 	karg.subsystem_device = ioc->pdev->subsystem_device;
1168 	karg.subsystem_vendor = ioc->pdev->subsystem_vendor;
1169 	karg.pci_information.u.bits.bus = ioc->pdev->bus->number;
1170 	karg.pci_information.u.bits.device = PCI_SLOT(ioc->pdev->devfn);
1171 	karg.pci_information.u.bits.function = PCI_FUNC(ioc->pdev->devfn);
1172 	karg.pci_information.segment_id = pci_domain_nr(ioc->pdev->bus);
1173 	karg.firmware_version = ioc->facts.FWVersion.Word;
1174 	strcpy(karg.driver_version, ioc->driver_name);
1175 	strcat(karg.driver_version, "-");
1176 	switch  (ioc->hba_mpi_version_belonged) {
1177 	case MPI2_VERSION:
1178 		if (ioc->is_warpdrive)
1179 			karg.adapter_type = MPT2_IOCTL_INTERFACE_SAS2_SSS6200;
1180 		else
1181 			karg.adapter_type = MPT2_IOCTL_INTERFACE_SAS2;
1182 		strcat(karg.driver_version, MPT2SAS_DRIVER_VERSION);
1183 		break;
1184 	case MPI25_VERSION:
1185 	case MPI26_VERSION:
1186 		if (ioc->is_gen35_ioc)
1187 			karg.adapter_type = MPT3_IOCTL_INTERFACE_SAS35;
1188 		else
1189 			karg.adapter_type = MPT3_IOCTL_INTERFACE_SAS3;
1190 		strcat(karg.driver_version, MPT3SAS_DRIVER_VERSION);
1191 		break;
1192 	}
1193 	karg.bios_version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
1194 
1195 	if (copy_to_user(arg, &karg, sizeof(karg))) {
1196 		pr_err("failure at %s:%d/%s()!\n",
1197 		    __FILE__, __LINE__, __func__);
1198 		return -EFAULT;
1199 	}
1200 	return 0;
1201 }
1202 
1203 /**
1204  * _ctl_eventquery - main handler for MPT3EVENTQUERY opcode
1205  * @ioc: per adapter object
1206  * @arg: user space buffer containing ioctl content
1207  */
1208 static long
_ctl_eventquery(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1209 _ctl_eventquery(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1210 {
1211 	struct mpt3_ioctl_eventquery karg;
1212 
1213 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1214 		pr_err("failure at %s:%d/%s()!\n",
1215 		    __FILE__, __LINE__, __func__);
1216 		return -EFAULT;
1217 	}
1218 
1219 	dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
1220 				 __func__));
1221 
1222 	karg.event_entries = MPT3SAS_CTL_EVENT_LOG_SIZE;
1223 	memcpy(karg.event_types, ioc->event_type,
1224 	    MPI2_EVENT_NOTIFY_EVENTMASK_WORDS * sizeof(u32));
1225 
1226 	if (copy_to_user(arg, &karg, sizeof(karg))) {
1227 		pr_err("failure at %s:%d/%s()!\n",
1228 		    __FILE__, __LINE__, __func__);
1229 		return -EFAULT;
1230 	}
1231 	return 0;
1232 }
1233 
1234 /**
1235  * _ctl_eventenable - main handler for MPT3EVENTENABLE opcode
1236  * @ioc: per adapter object
1237  * @arg: user space buffer containing ioctl content
1238  */
1239 static long
_ctl_eventenable(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1240 _ctl_eventenable(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1241 {
1242 	struct mpt3_ioctl_eventenable karg;
1243 
1244 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1245 		pr_err("failure at %s:%d/%s()!\n",
1246 		    __FILE__, __LINE__, __func__);
1247 		return -EFAULT;
1248 	}
1249 
1250 	dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
1251 				 __func__));
1252 
1253 	memcpy(ioc->event_type, karg.event_types,
1254 	    MPI2_EVENT_NOTIFY_EVENTMASK_WORDS * sizeof(u32));
1255 	mpt3sas_base_validate_event_type(ioc, ioc->event_type);
1256 
1257 	if (ioc->event_log)
1258 		return 0;
1259 	/* initialize event_log */
1260 	ioc->event_context = 0;
1261 	ioc->aen_event_read_flag = 0;
1262 	ioc->event_log = kcalloc(MPT3SAS_CTL_EVENT_LOG_SIZE,
1263 	    sizeof(struct MPT3_IOCTL_EVENTS), GFP_KERNEL);
1264 	if (!ioc->event_log) {
1265 		pr_err("failure at %s:%d/%s()!\n",
1266 		    __FILE__, __LINE__, __func__);
1267 		return -ENOMEM;
1268 	}
1269 	return 0;
1270 }
1271 
1272 /**
1273  * _ctl_eventreport - main handler for MPT3EVENTREPORT opcode
1274  * @ioc: per adapter object
1275  * @arg: user space buffer containing ioctl content
1276  */
1277 static long
_ctl_eventreport(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1278 _ctl_eventreport(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1279 {
1280 	struct mpt3_ioctl_eventreport karg;
1281 	u32 number_bytes, max_events, max;
1282 	struct mpt3_ioctl_eventreport __user *uarg = arg;
1283 
1284 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1285 		pr_err("failure at %s:%d/%s()!\n",
1286 		    __FILE__, __LINE__, __func__);
1287 		return -EFAULT;
1288 	}
1289 
1290 	dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
1291 				 __func__));
1292 
1293 	number_bytes = karg.hdr.max_data_size -
1294 	    sizeof(struct mpt3_ioctl_header);
1295 	max_events = number_bytes/sizeof(struct MPT3_IOCTL_EVENTS);
1296 	max = min_t(u32, MPT3SAS_CTL_EVENT_LOG_SIZE, max_events);
1297 
1298 	/* If fewer than 1 event is requested, there must have
1299 	 * been some type of error.
1300 	 */
1301 	if (!max || !ioc->event_log)
1302 		return -ENODATA;
1303 
1304 	number_bytes = max * sizeof(struct MPT3_IOCTL_EVENTS);
1305 	if (copy_to_user(uarg->event_data, ioc->event_log, number_bytes)) {
1306 		pr_err("failure at %s:%d/%s()!\n",
1307 		    __FILE__, __LINE__, __func__);
1308 		return -EFAULT;
1309 	}
1310 
1311 	/* reset flag so SIGIO can restart */
1312 	ioc->aen_event_read_flag = 0;
1313 	return 0;
1314 }
1315 
1316 /**
1317  * _ctl_do_reset - main handler for MPT3HARDRESET opcode
1318  * @ioc: per adapter object
1319  * @arg: user space buffer containing ioctl content
1320  */
1321 static long
_ctl_do_reset(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1322 _ctl_do_reset(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1323 {
1324 	struct mpt3_ioctl_diag_reset karg;
1325 	int retval;
1326 
1327 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1328 		pr_err("failure at %s:%d/%s()!\n",
1329 		    __FILE__, __LINE__, __func__);
1330 		return -EFAULT;
1331 	}
1332 
1333 	if (ioc->shost_recovery || ioc->pci_error_recovery ||
1334 	    ioc->is_driver_loading)
1335 		return -EAGAIN;
1336 
1337 	dctlprintk(ioc, ioc_info(ioc, "%s: enter\n",
1338 				 __func__));
1339 
1340 	ioc->reset_from_user = 1;
1341 	retval = mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
1342 	ioc_info(ioc,
1343 	    "Ioctl: host reset: %s\n", ((!retval) ? "SUCCESS" : "FAILED"));
1344 	return 0;
1345 }
1346 
1347 /**
1348  * _ctl_btdh_search_sas_device - searching for sas device
1349  * @ioc: per adapter object
1350  * @btdh: btdh ioctl payload
1351  */
1352 static int
_ctl_btdh_search_sas_device(struct MPT3SAS_ADAPTER * ioc,struct mpt3_ioctl_btdh_mapping * btdh)1353 _ctl_btdh_search_sas_device(struct MPT3SAS_ADAPTER *ioc,
1354 	struct mpt3_ioctl_btdh_mapping *btdh)
1355 {
1356 	struct _sas_device *sas_device;
1357 	unsigned long flags;
1358 	int rc = 0;
1359 
1360 	if (list_empty(&ioc->sas_device_list))
1361 		return rc;
1362 
1363 	spin_lock_irqsave(&ioc->sas_device_lock, flags);
1364 	list_for_each_entry(sas_device, &ioc->sas_device_list, list) {
1365 		if (btdh->bus == 0xFFFFFFFF && btdh->id == 0xFFFFFFFF &&
1366 		    btdh->handle == sas_device->handle) {
1367 			btdh->bus = sas_device->channel;
1368 			btdh->id = sas_device->id;
1369 			rc = 1;
1370 			goto out;
1371 		} else if (btdh->bus == sas_device->channel && btdh->id ==
1372 		    sas_device->id && btdh->handle == 0xFFFF) {
1373 			btdh->handle = sas_device->handle;
1374 			rc = 1;
1375 			goto out;
1376 		}
1377 	}
1378  out:
1379 	spin_unlock_irqrestore(&ioc->sas_device_lock, flags);
1380 	return rc;
1381 }
1382 
1383 /**
1384  * _ctl_btdh_search_pcie_device - searching for pcie device
1385  * @ioc: per adapter object
1386  * @btdh: btdh ioctl payload
1387  */
1388 static int
_ctl_btdh_search_pcie_device(struct MPT3SAS_ADAPTER * ioc,struct mpt3_ioctl_btdh_mapping * btdh)1389 _ctl_btdh_search_pcie_device(struct MPT3SAS_ADAPTER *ioc,
1390 	struct mpt3_ioctl_btdh_mapping *btdh)
1391 {
1392 	struct _pcie_device *pcie_device;
1393 	unsigned long flags;
1394 	int rc = 0;
1395 
1396 	if (list_empty(&ioc->pcie_device_list))
1397 		return rc;
1398 
1399 	spin_lock_irqsave(&ioc->pcie_device_lock, flags);
1400 	list_for_each_entry(pcie_device, &ioc->pcie_device_list, list) {
1401 		if (btdh->bus == 0xFFFFFFFF && btdh->id == 0xFFFFFFFF &&
1402 			   btdh->handle == pcie_device->handle) {
1403 			btdh->bus = pcie_device->channel;
1404 			btdh->id = pcie_device->id;
1405 			rc = 1;
1406 			goto out;
1407 		} else if (btdh->bus == pcie_device->channel && btdh->id ==
1408 			   pcie_device->id && btdh->handle == 0xFFFF) {
1409 			btdh->handle = pcie_device->handle;
1410 			rc = 1;
1411 			goto out;
1412 		}
1413 	}
1414  out:
1415 	spin_unlock_irqrestore(&ioc->pcie_device_lock, flags);
1416 	return rc;
1417 }
1418 
1419 /**
1420  * _ctl_btdh_search_raid_device - searching for raid device
1421  * @ioc: per adapter object
1422  * @btdh: btdh ioctl payload
1423  */
1424 static int
_ctl_btdh_search_raid_device(struct MPT3SAS_ADAPTER * ioc,struct mpt3_ioctl_btdh_mapping * btdh)1425 _ctl_btdh_search_raid_device(struct MPT3SAS_ADAPTER *ioc,
1426 	struct mpt3_ioctl_btdh_mapping *btdh)
1427 {
1428 	struct _raid_device *raid_device;
1429 	unsigned long flags;
1430 	int rc = 0;
1431 
1432 	if (list_empty(&ioc->raid_device_list))
1433 		return rc;
1434 
1435 	spin_lock_irqsave(&ioc->raid_device_lock, flags);
1436 	list_for_each_entry(raid_device, &ioc->raid_device_list, list) {
1437 		if (btdh->bus == 0xFFFFFFFF && btdh->id == 0xFFFFFFFF &&
1438 		    btdh->handle == raid_device->handle) {
1439 			btdh->bus = raid_device->channel;
1440 			btdh->id = raid_device->id;
1441 			rc = 1;
1442 			goto out;
1443 		} else if (btdh->bus == raid_device->channel && btdh->id ==
1444 		    raid_device->id && btdh->handle == 0xFFFF) {
1445 			btdh->handle = raid_device->handle;
1446 			rc = 1;
1447 			goto out;
1448 		}
1449 	}
1450  out:
1451 	spin_unlock_irqrestore(&ioc->raid_device_lock, flags);
1452 	return rc;
1453 }
1454 
1455 /**
1456  * _ctl_btdh_mapping - main handler for MPT3BTDHMAPPING opcode
1457  * @ioc: per adapter object
1458  * @arg: user space buffer containing ioctl content
1459  */
1460 static long
_ctl_btdh_mapping(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1461 _ctl_btdh_mapping(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1462 {
1463 	struct mpt3_ioctl_btdh_mapping karg;
1464 	int rc;
1465 
1466 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1467 		pr_err("failure at %s:%d/%s()!\n",
1468 		    __FILE__, __LINE__, __func__);
1469 		return -EFAULT;
1470 	}
1471 
1472 	dctlprintk(ioc, ioc_info(ioc, "%s\n",
1473 				 __func__));
1474 
1475 	rc = _ctl_btdh_search_sas_device(ioc, &karg);
1476 	if (!rc)
1477 		rc = _ctl_btdh_search_pcie_device(ioc, &karg);
1478 	if (!rc)
1479 		_ctl_btdh_search_raid_device(ioc, &karg);
1480 
1481 	if (copy_to_user(arg, &karg, sizeof(karg))) {
1482 		pr_err("failure at %s:%d/%s()!\n",
1483 		    __FILE__, __LINE__, __func__);
1484 		return -EFAULT;
1485 	}
1486 	return 0;
1487 }
1488 
1489 /**
1490  * _ctl_diag_capability - return diag buffer capability
1491  * @ioc: per adapter object
1492  * @buffer_type: specifies either TRACE, SNAPSHOT, or EXTENDED
1493  *
1494  * returns 1 when diag buffer support is enabled in firmware
1495  */
1496 static u8
_ctl_diag_capability(struct MPT3SAS_ADAPTER * ioc,u8 buffer_type)1497 _ctl_diag_capability(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type)
1498 {
1499 	u8 rc = 0;
1500 
1501 	switch (buffer_type) {
1502 	case MPI2_DIAG_BUF_TYPE_TRACE:
1503 		if (ioc->facts.IOCCapabilities &
1504 		    MPI2_IOCFACTS_CAPABILITY_DIAG_TRACE_BUFFER)
1505 			rc = 1;
1506 		break;
1507 	case MPI2_DIAG_BUF_TYPE_SNAPSHOT:
1508 		if (ioc->facts.IOCCapabilities &
1509 		    MPI2_IOCFACTS_CAPABILITY_SNAPSHOT_BUFFER)
1510 			rc = 1;
1511 		break;
1512 	case MPI2_DIAG_BUF_TYPE_EXTENDED:
1513 		if (ioc->facts.IOCCapabilities &
1514 		    MPI2_IOCFACTS_CAPABILITY_EXTENDED_BUFFER)
1515 			rc = 1;
1516 	}
1517 
1518 	return rc;
1519 }
1520 
1521 /**
1522  * _ctl_diag_get_bufftype - return diag buffer type
1523  *              either TRACE, SNAPSHOT, or EXTENDED
1524  * @ioc: per adapter object
1525  * @unique_id: specifies the unique_id for the buffer
1526  *
1527  * returns MPT3_DIAG_UID_NOT_FOUND if the id not found
1528  */
1529 static u8
_ctl_diag_get_bufftype(struct MPT3SAS_ADAPTER * ioc,u32 unique_id)1530 _ctl_diag_get_bufftype(struct MPT3SAS_ADAPTER *ioc, u32 unique_id)
1531 {
1532 	u8  index;
1533 
1534 	for (index = 0; index < MPI2_DIAG_BUF_TYPE_COUNT; index++) {
1535 		if (ioc->unique_id[index] == unique_id)
1536 			return index;
1537 	}
1538 
1539 	return MPT3_DIAG_UID_NOT_FOUND;
1540 }
1541 
1542 /**
1543  * _ctl_diag_register_2 - wrapper for registering diag buffer support
1544  * @ioc: per adapter object
1545  * @diag_register: the diag_register struct passed in from user space
1546  *
1547  */
1548 static long
_ctl_diag_register_2(struct MPT3SAS_ADAPTER * ioc,struct mpt3_diag_register * diag_register)1549 _ctl_diag_register_2(struct MPT3SAS_ADAPTER *ioc,
1550 	struct mpt3_diag_register *diag_register)
1551 {
1552 	int rc, i;
1553 	void *request_data = NULL;
1554 	dma_addr_t request_data_dma;
1555 	u32 request_data_sz = 0;
1556 	Mpi2DiagBufferPostRequest_t *mpi_request;
1557 	Mpi2DiagBufferPostReply_t *mpi_reply;
1558 	u8 buffer_type;
1559 	u16 smid;
1560 	u16 ioc_status;
1561 	u32 ioc_state;
1562 	u8 issue_reset = 0;
1563 
1564 	dctlprintk(ioc, ioc_info(ioc, "%s\n",
1565 				 __func__));
1566 
1567 	ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
1568 	if (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
1569 		ioc_err(ioc, "%s: failed due to ioc not operational\n",
1570 			__func__);
1571 		rc = -EAGAIN;
1572 		goto out;
1573 	}
1574 
1575 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
1576 		ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
1577 		rc = -EAGAIN;
1578 		goto out;
1579 	}
1580 
1581 	buffer_type = diag_register->buffer_type;
1582 	if (!_ctl_diag_capability(ioc, buffer_type)) {
1583 		ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
1584 			__func__, buffer_type);
1585 		return -EPERM;
1586 	}
1587 
1588 	if (diag_register->unique_id == 0) {
1589 		ioc_err(ioc,
1590 		    "%s: Invalid UID(0x%08x), buffer_type(0x%02x)\n", __func__,
1591 		    diag_register->unique_id, buffer_type);
1592 		return -EINVAL;
1593 	}
1594 
1595 	if ((ioc->diag_buffer_status[buffer_type] &
1596 	    MPT3_DIAG_BUFFER_IS_APP_OWNED) &&
1597 	    !(ioc->diag_buffer_status[buffer_type] &
1598 	    MPT3_DIAG_BUFFER_IS_RELEASED)) {
1599 		ioc_err(ioc,
1600 		    "%s: buffer_type(0x%02x) is already registered by application with UID(0x%08x)\n",
1601 		    __func__, buffer_type, ioc->unique_id[buffer_type]);
1602 		return -EINVAL;
1603 	}
1604 
1605 	if (ioc->diag_buffer_status[buffer_type] &
1606 	    MPT3_DIAG_BUFFER_IS_REGISTERED) {
1607 		/*
1608 		 * If driver posts buffer initially, then an application wants
1609 		 * to Register that buffer (own it) without Releasing first,
1610 		 * the application Register command MUST have the same buffer
1611 		 * type and size in the Register command (obtained from the
1612 		 * Query command). Otherwise that Register command will be
1613 		 * failed. If the application has released the buffer but wants
1614 		 * to re-register it, it should be allowed as long as the
1615 		 * Unique-Id/Size match.
1616 		 */
1617 
1618 		if (ioc->unique_id[buffer_type] == MPT3DIAGBUFFUNIQUEID &&
1619 		    ioc->diag_buffer_sz[buffer_type] ==
1620 		    diag_register->requested_buffer_size) {
1621 
1622 			if (!(ioc->diag_buffer_status[buffer_type] &
1623 			     MPT3_DIAG_BUFFER_IS_RELEASED)) {
1624 				dctlprintk(ioc, ioc_info(ioc,
1625 				    "%s: diag_buffer (%d) ownership changed. old-ID(0x%08x), new-ID(0x%08x)\n",
1626 				    __func__, buffer_type,
1627 				    ioc->unique_id[buffer_type],
1628 				    diag_register->unique_id));
1629 
1630 				/*
1631 				 * Application wants to own the buffer with
1632 				 * the same size.
1633 				 */
1634 				ioc->unique_id[buffer_type] =
1635 				    diag_register->unique_id;
1636 				rc = 0; /* success */
1637 				goto out;
1638 			}
1639 		} else if (ioc->unique_id[buffer_type] !=
1640 		    MPT3DIAGBUFFUNIQUEID) {
1641 			if (ioc->unique_id[buffer_type] !=
1642 			    diag_register->unique_id ||
1643 			    ioc->diag_buffer_sz[buffer_type] !=
1644 			    diag_register->requested_buffer_size ||
1645 			    !(ioc->diag_buffer_status[buffer_type] &
1646 			    MPT3_DIAG_BUFFER_IS_RELEASED)) {
1647 				ioc_err(ioc,
1648 				    "%s: already has a registered buffer for buffer_type(0x%02x)\n",
1649 				    __func__, buffer_type);
1650 				return -EINVAL;
1651 			}
1652 		} else {
1653 			ioc_err(ioc, "%s: already has a registered buffer for buffer_type(0x%02x)\n",
1654 			    __func__, buffer_type);
1655 			return -EINVAL;
1656 		}
1657 	} else if (ioc->diag_buffer_status[buffer_type] &
1658 	    MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED) {
1659 
1660 		if (ioc->unique_id[buffer_type] != MPT3DIAGBUFFUNIQUEID ||
1661 		    ioc->diag_buffer_sz[buffer_type] !=
1662 		    diag_register->requested_buffer_size) {
1663 
1664 			ioc_err(ioc,
1665 			    "%s: already a buffer is allocated for buffer_type(0x%02x) of size %d bytes, so please try registering again with same size\n",
1666 			     __func__, buffer_type,
1667 			    ioc->diag_buffer_sz[buffer_type]);
1668 			return -EINVAL;
1669 		}
1670 	}
1671 
1672 	if (diag_register->requested_buffer_size % 4)  {
1673 		ioc_err(ioc, "%s: the requested_buffer_size is not 4 byte aligned\n",
1674 			__func__);
1675 		return -EINVAL;
1676 	}
1677 
1678 	smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
1679 	if (!smid) {
1680 		ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
1681 		rc = -EAGAIN;
1682 		goto out;
1683 	}
1684 
1685 	rc = 0;
1686 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
1687 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
1688 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
1689 	ioc->ctl_cmds.smid = smid;
1690 
1691 	request_data = ioc->diag_buffer[buffer_type];
1692 	request_data_sz = diag_register->requested_buffer_size;
1693 	ioc->unique_id[buffer_type] = diag_register->unique_id;
1694 	/* Reset ioc variables used for additional query commands */
1695 	ioc->reset_from_user = 0;
1696 	memset(&ioc->htb_rel, 0, sizeof(struct htb_rel_query));
1697 	ioc->diag_buffer_status[buffer_type] &=
1698 	    MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED;
1699 	memcpy(ioc->product_specific[buffer_type],
1700 	    diag_register->product_specific, MPT3_PRODUCT_SPECIFIC_DWORDS);
1701 	ioc->diagnostic_flags[buffer_type] = diag_register->diagnostic_flags;
1702 
1703 	if (request_data) {
1704 		request_data_dma = ioc->diag_buffer_dma[buffer_type];
1705 		if (request_data_sz != ioc->diag_buffer_sz[buffer_type]) {
1706 			dma_free_coherent(&ioc->pdev->dev,
1707 					ioc->diag_buffer_sz[buffer_type],
1708 					request_data, request_data_dma);
1709 			request_data = NULL;
1710 		}
1711 	}
1712 
1713 	if (request_data == NULL) {
1714 		ioc->diag_buffer_sz[buffer_type] = 0;
1715 		ioc->diag_buffer_dma[buffer_type] = 0;
1716 		request_data = dma_alloc_coherent(&ioc->pdev->dev,
1717 				request_data_sz, &request_data_dma, GFP_KERNEL);
1718 		if (request_data == NULL) {
1719 			ioc_err(ioc, "%s: failed allocating memory for diag buffers, requested size(%d)\n",
1720 				__func__, request_data_sz);
1721 			mpt3sas_base_free_smid(ioc, smid);
1722 			rc = -ENOMEM;
1723 			goto out;
1724 		}
1725 		ioc->diag_buffer[buffer_type] = request_data;
1726 		ioc->diag_buffer_sz[buffer_type] = request_data_sz;
1727 		ioc->diag_buffer_dma[buffer_type] = request_data_dma;
1728 	}
1729 
1730 	mpi_request->Function = MPI2_FUNCTION_DIAG_BUFFER_POST;
1731 	mpi_request->BufferType = diag_register->buffer_type;
1732 	mpi_request->Flags = cpu_to_le32(diag_register->diagnostic_flags);
1733 	mpi_request->BufferAddress = cpu_to_le64(request_data_dma);
1734 	mpi_request->BufferLength = cpu_to_le32(request_data_sz);
1735 	mpi_request->VF_ID = 0; /* TODO */
1736 	mpi_request->VP_ID = 0;
1737 
1738 	dctlprintk(ioc,
1739 		   ioc_info(ioc, "%s: diag_buffer(0x%p), dma(0x%llx), sz(%d)\n",
1740 			    __func__, request_data,
1741 			    (unsigned long long)request_data_dma,
1742 			    le32_to_cpu(mpi_request->BufferLength)));
1743 
1744 	for (i = 0; i < MPT3_PRODUCT_SPECIFIC_DWORDS; i++)
1745 		mpi_request->ProductSpecific[i] =
1746 			cpu_to_le32(ioc->product_specific[buffer_type][i]);
1747 
1748 	init_completion(&ioc->ctl_cmds.done);
1749 	ioc->put_smid_default(ioc, smid);
1750 	wait_for_completion_timeout(&ioc->ctl_cmds.done,
1751 	    MPT3_IOCTL_DEFAULT_TIMEOUT*HZ);
1752 
1753 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
1754 		mpt3sas_check_cmd_timeout(ioc,
1755 		    ioc->ctl_cmds.status, mpi_request,
1756 		    sizeof(Mpi2DiagBufferPostRequest_t)/4, issue_reset);
1757 		goto issue_host_reset;
1758 	}
1759 
1760 	/* process the completed Reply Message Frame */
1761 	if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
1762 		ioc_err(ioc, "%s: no reply message\n", __func__);
1763 		rc = -EFAULT;
1764 		goto out;
1765 	}
1766 
1767 	mpi_reply = ioc->ctl_cmds.reply;
1768 	ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
1769 
1770 	if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
1771 		ioc->diag_buffer_status[buffer_type] |=
1772 			MPT3_DIAG_BUFFER_IS_REGISTERED;
1773 		dctlprintk(ioc, ioc_info(ioc, "%s: success\n", __func__));
1774 	} else {
1775 		ioc_info(ioc, "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
1776 			 __func__,
1777 			 ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
1778 		rc = -EFAULT;
1779 	}
1780 
1781  issue_host_reset:
1782 	if (issue_reset)
1783 		mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
1784 
1785  out:
1786 
1787 	if (rc && request_data) {
1788 		dma_free_coherent(&ioc->pdev->dev, request_data_sz,
1789 		    request_data, request_data_dma);
1790 		ioc->diag_buffer_status[buffer_type] &=
1791 		    ~MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED;
1792 	}
1793 
1794 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
1795 	return rc;
1796 }
1797 
1798 /**
1799  * mpt3sas_enable_diag_buffer - enabling diag_buffers support driver load time
1800  * @ioc: per adapter object
1801  * @bits_to_register: bitwise field where trace is bit 0, and snapshot is bit 1
1802  *
1803  * This is called when command line option diag_buffer_enable is enabled
1804  * at driver load time.
1805  */
1806 void
mpt3sas_enable_diag_buffer(struct MPT3SAS_ADAPTER * ioc,u8 bits_to_register)1807 mpt3sas_enable_diag_buffer(struct MPT3SAS_ADAPTER *ioc, u8 bits_to_register)
1808 {
1809 	struct mpt3_diag_register diag_register;
1810 	u32 ret_val;
1811 	u32 trace_buff_size = ioc->manu_pg11.HostTraceBufferMaxSizeKB<<10;
1812 	u32 min_trace_buff_size = 0;
1813 	u32 decr_trace_buff_size = 0;
1814 
1815 	memset(&diag_register, 0, sizeof(struct mpt3_diag_register));
1816 
1817 	if (bits_to_register & 1) {
1818 		ioc_info(ioc, "registering trace buffer support\n");
1819 		ioc->diag_trigger_master.MasterData =
1820 		    (MASTER_TRIGGER_FW_FAULT + MASTER_TRIGGER_ADAPTER_RESET);
1821 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_TRACE;
1822 		diag_register.unique_id =
1823 		    (ioc->hba_mpi_version_belonged == MPI2_VERSION) ?
1824 		    (MPT2DIAGBUFFUNIQUEID):(MPT3DIAGBUFFUNIQUEID);
1825 
1826 		if (trace_buff_size != 0) {
1827 			diag_register.requested_buffer_size = trace_buff_size;
1828 			min_trace_buff_size =
1829 			    ioc->manu_pg11.HostTraceBufferMinSizeKB<<10;
1830 			decr_trace_buff_size =
1831 			    ioc->manu_pg11.HostTraceBufferDecrementSizeKB<<10;
1832 
1833 			if (min_trace_buff_size > trace_buff_size) {
1834 				/* The buff size is not set correctly */
1835 				ioc_err(ioc,
1836 				    "Min Trace Buff size (%d KB) greater than Max Trace Buff size (%d KB)\n",
1837 				     min_trace_buff_size>>10,
1838 				     trace_buff_size>>10);
1839 				ioc_err(ioc,
1840 				    "Using zero Min Trace Buff Size\n");
1841 				min_trace_buff_size = 0;
1842 			}
1843 
1844 			if (decr_trace_buff_size == 0) {
1845 				/*
1846 				 * retry the min size if decrement
1847 				 * is not available.
1848 				 */
1849 				decr_trace_buff_size =
1850 				    trace_buff_size - min_trace_buff_size;
1851 			}
1852 		} else {
1853 			/* register for 2MB buffers  */
1854 			diag_register.requested_buffer_size = 2 * (1024 * 1024);
1855 		}
1856 
1857 		do {
1858 			ret_val = _ctl_diag_register_2(ioc,  &diag_register);
1859 
1860 			if (ret_val == -ENOMEM && min_trace_buff_size &&
1861 			    (trace_buff_size - decr_trace_buff_size) >=
1862 			    min_trace_buff_size) {
1863 				/* adjust the buffer size */
1864 				trace_buff_size -= decr_trace_buff_size;
1865 				diag_register.requested_buffer_size =
1866 				    trace_buff_size;
1867 			} else
1868 				break;
1869 		} while (true);
1870 
1871 		if (ret_val == -ENOMEM)
1872 			ioc_err(ioc,
1873 			    "Cannot allocate trace buffer memory. Last memory tried = %d KB\n",
1874 			    diag_register.requested_buffer_size>>10);
1875 		else if (ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE]
1876 		    & MPT3_DIAG_BUFFER_IS_REGISTERED) {
1877 			ioc_err(ioc, "Trace buffer memory %d KB allocated\n",
1878 			    diag_register.requested_buffer_size>>10);
1879 			if (ioc->hba_mpi_version_belonged != MPI2_VERSION)
1880 				ioc->diag_buffer_status[
1881 				    MPI2_DIAG_BUF_TYPE_TRACE] |=
1882 				    MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED;
1883 		}
1884 	}
1885 
1886 	if (bits_to_register & 2) {
1887 		ioc_info(ioc, "registering snapshot buffer support\n");
1888 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_SNAPSHOT;
1889 		/* register for 2MB buffers  */
1890 		diag_register.requested_buffer_size = 2 * (1024 * 1024);
1891 		diag_register.unique_id = 0x7075901;
1892 		_ctl_diag_register_2(ioc,  &diag_register);
1893 	}
1894 
1895 	if (bits_to_register & 4) {
1896 		ioc_info(ioc, "registering extended buffer support\n");
1897 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_EXTENDED;
1898 		/* register for 2MB buffers  */
1899 		diag_register.requested_buffer_size = 2 * (1024 * 1024);
1900 		diag_register.unique_id = 0x7075901;
1901 		_ctl_diag_register_2(ioc,  &diag_register);
1902 	}
1903 }
1904 
1905 /**
1906  * _ctl_diag_register - application register with driver
1907  * @ioc: per adapter object
1908  * @arg: user space buffer containing ioctl content
1909  *
1910  * This will allow the driver to setup any required buffers that will be
1911  * needed by firmware to communicate with the driver.
1912  */
1913 static long
_ctl_diag_register(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1914 _ctl_diag_register(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1915 {
1916 	struct mpt3_diag_register karg;
1917 	long rc;
1918 
1919 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1920 		pr_err("failure at %s:%d/%s()!\n",
1921 		    __FILE__, __LINE__, __func__);
1922 		return -EFAULT;
1923 	}
1924 
1925 	rc = _ctl_diag_register_2(ioc, &karg);
1926 
1927 	if (!rc && (ioc->diag_buffer_status[karg.buffer_type] &
1928 	    MPT3_DIAG_BUFFER_IS_REGISTERED))
1929 		ioc->diag_buffer_status[karg.buffer_type] |=
1930 		    MPT3_DIAG_BUFFER_IS_APP_OWNED;
1931 
1932 	return rc;
1933 }
1934 
1935 /**
1936  * _ctl_diag_unregister - application unregister with driver
1937  * @ioc: per adapter object
1938  * @arg: user space buffer containing ioctl content
1939  *
1940  * This will allow the driver to cleanup any memory allocated for diag
1941  * messages and to free up any resources.
1942  */
1943 static long
_ctl_diag_unregister(struct MPT3SAS_ADAPTER * ioc,void __user * arg)1944 _ctl_diag_unregister(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
1945 {
1946 	struct mpt3_diag_unregister karg;
1947 	void *request_data;
1948 	dma_addr_t request_data_dma;
1949 	u32 request_data_sz;
1950 	u8 buffer_type;
1951 
1952 	if (copy_from_user(&karg, arg, sizeof(karg))) {
1953 		pr_err("failure at %s:%d/%s()!\n",
1954 		    __FILE__, __LINE__, __func__);
1955 		return -EFAULT;
1956 	}
1957 
1958 	dctlprintk(ioc, ioc_info(ioc, "%s\n",
1959 				 __func__));
1960 
1961 	buffer_type = _ctl_diag_get_bufftype(ioc, karg.unique_id);
1962 	if (buffer_type == MPT3_DIAG_UID_NOT_FOUND) {
1963 		ioc_err(ioc, "%s: buffer with unique_id(0x%08x) not found\n",
1964 		    __func__, karg.unique_id);
1965 		return -EINVAL;
1966 	}
1967 
1968 	if (!_ctl_diag_capability(ioc, buffer_type)) {
1969 		ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
1970 			__func__, buffer_type);
1971 		return -EPERM;
1972 	}
1973 
1974 	if ((ioc->diag_buffer_status[buffer_type] &
1975 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
1976 		ioc_err(ioc, "%s: buffer_type(0x%02x) is not registered\n",
1977 			__func__, buffer_type);
1978 		return -EINVAL;
1979 	}
1980 	if ((ioc->diag_buffer_status[buffer_type] &
1981 	    MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
1982 		ioc_err(ioc, "%s: buffer_type(0x%02x) has not been released\n",
1983 			__func__, buffer_type);
1984 		return -EINVAL;
1985 	}
1986 
1987 	if (karg.unique_id != ioc->unique_id[buffer_type]) {
1988 		ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
1989 			__func__, karg.unique_id);
1990 		return -EINVAL;
1991 	}
1992 
1993 	request_data = ioc->diag_buffer[buffer_type];
1994 	if (!request_data) {
1995 		ioc_err(ioc, "%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
1996 			__func__, buffer_type);
1997 		return -ENOMEM;
1998 	}
1999 
2000 	if (ioc->diag_buffer_status[buffer_type] &
2001 	    MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED) {
2002 		ioc->unique_id[buffer_type] = MPT3DIAGBUFFUNIQUEID;
2003 		ioc->diag_buffer_status[buffer_type] &=
2004 		    ~MPT3_DIAG_BUFFER_IS_APP_OWNED;
2005 		ioc->diag_buffer_status[buffer_type] &=
2006 		    ~MPT3_DIAG_BUFFER_IS_REGISTERED;
2007 	} else {
2008 		request_data_sz = ioc->diag_buffer_sz[buffer_type];
2009 		request_data_dma = ioc->diag_buffer_dma[buffer_type];
2010 		dma_free_coherent(&ioc->pdev->dev, request_data_sz,
2011 				request_data, request_data_dma);
2012 		ioc->diag_buffer[buffer_type] = NULL;
2013 		ioc->diag_buffer_status[buffer_type] = 0;
2014 	}
2015 	return 0;
2016 }
2017 
2018 /**
2019  * _ctl_diag_query - query relevant info associated with diag buffers
2020  * @ioc: per adapter object
2021  * @arg: user space buffer containing ioctl content
2022  *
2023  * The application will send only buffer_type and unique_id.  Driver will
2024  * inspect unique_id first, if valid, fill in all the info.  If unique_id is
2025  * 0x00, the driver will return info specified by Buffer Type.
2026  */
2027 static long
_ctl_diag_query(struct MPT3SAS_ADAPTER * ioc,void __user * arg)2028 _ctl_diag_query(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
2029 {
2030 	struct mpt3_diag_query karg;
2031 	void *request_data;
2032 	int i;
2033 	u8 buffer_type;
2034 
2035 	if (copy_from_user(&karg, arg, sizeof(karg))) {
2036 		pr_err("failure at %s:%d/%s()!\n",
2037 		    __FILE__, __LINE__, __func__);
2038 		return -EFAULT;
2039 	}
2040 
2041 	dctlprintk(ioc, ioc_info(ioc, "%s\n",
2042 				 __func__));
2043 
2044 	karg.application_flags = 0;
2045 	buffer_type = karg.buffer_type;
2046 
2047 	if (!_ctl_diag_capability(ioc, buffer_type)) {
2048 		ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
2049 			__func__, buffer_type);
2050 		return -EPERM;
2051 	}
2052 
2053 	if (!(ioc->diag_buffer_status[buffer_type] &
2054 	    MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED)) {
2055 		if ((ioc->diag_buffer_status[buffer_type] &
2056 		    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
2057 			ioc_err(ioc, "%s: buffer_type(0x%02x) is not registered\n",
2058 				__func__, buffer_type);
2059 			return -EINVAL;
2060 		}
2061 	}
2062 
2063 	if (karg.unique_id) {
2064 		if (karg.unique_id != ioc->unique_id[buffer_type]) {
2065 			ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
2066 				__func__, karg.unique_id);
2067 			return -EINVAL;
2068 		}
2069 	}
2070 
2071 	request_data = ioc->diag_buffer[buffer_type];
2072 	if (!request_data) {
2073 		ioc_err(ioc, "%s: doesn't have buffer for buffer_type(0x%02x)\n",
2074 			__func__, buffer_type);
2075 		return -ENOMEM;
2076 	}
2077 
2078 	if ((ioc->diag_buffer_status[buffer_type] &
2079 	    MPT3_DIAG_BUFFER_IS_REGISTERED))
2080 		karg.application_flags |= MPT3_APP_FLAGS_BUFFER_VALID;
2081 
2082 	if (!(ioc->diag_buffer_status[buffer_type] &
2083 	     MPT3_DIAG_BUFFER_IS_RELEASED))
2084 		karg.application_flags |= MPT3_APP_FLAGS_FW_BUFFER_ACCESS;
2085 
2086 	if (!(ioc->diag_buffer_status[buffer_type] &
2087 	    MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED))
2088 		karg.application_flags |= MPT3_APP_FLAGS_DYNAMIC_BUFFER_ALLOC;
2089 
2090 	if ((ioc->diag_buffer_status[buffer_type] &
2091 	    MPT3_DIAG_BUFFER_IS_APP_OWNED))
2092 		karg.application_flags |= MPT3_APP_FLAGS_APP_OWNED;
2093 
2094 	for (i = 0; i < MPT3_PRODUCT_SPECIFIC_DWORDS; i++)
2095 		karg.product_specific[i] =
2096 		    ioc->product_specific[buffer_type][i];
2097 
2098 	karg.total_buffer_size = ioc->diag_buffer_sz[buffer_type];
2099 	karg.driver_added_buffer_size = 0;
2100 	karg.unique_id = ioc->unique_id[buffer_type];
2101 	karg.diagnostic_flags = ioc->diagnostic_flags[buffer_type];
2102 
2103 	if (copy_to_user(arg, &karg, sizeof(struct mpt3_diag_query))) {
2104 		ioc_err(ioc, "%s: unable to write mpt3_diag_query data @ %p\n",
2105 			__func__, arg);
2106 		return -EFAULT;
2107 	}
2108 	return 0;
2109 }
2110 
2111 /**
2112  * mpt3sas_send_diag_release - Diag Release Message
2113  * @ioc: per adapter object
2114  * @buffer_type: specifies either TRACE, SNAPSHOT, or EXTENDED
2115  * @issue_reset: specifies whether host reset is required.
2116  *
2117  */
2118 int
mpt3sas_send_diag_release(struct MPT3SAS_ADAPTER * ioc,u8 buffer_type,u8 * issue_reset)2119 mpt3sas_send_diag_release(struct MPT3SAS_ADAPTER *ioc, u8 buffer_type,
2120 	u8 *issue_reset)
2121 {
2122 	Mpi2DiagReleaseRequest_t *mpi_request;
2123 	Mpi2DiagReleaseReply_t *mpi_reply;
2124 	u16 smid;
2125 	u16 ioc_status;
2126 	u32 ioc_state;
2127 	int rc;
2128 	u8 reset_needed = 0;
2129 
2130 	dctlprintk(ioc, ioc_info(ioc, "%s\n",
2131 				 __func__));
2132 
2133 	rc = 0;
2134 	*issue_reset = 0;
2135 
2136 
2137 	ioc_state = mpt3sas_base_get_iocstate(ioc, 1);
2138 	if (ioc_state != MPI2_IOC_STATE_OPERATIONAL) {
2139 		if (ioc->diag_buffer_status[buffer_type] &
2140 		    MPT3_DIAG_BUFFER_IS_REGISTERED)
2141 			ioc->diag_buffer_status[buffer_type] |=
2142 			    MPT3_DIAG_BUFFER_IS_RELEASED;
2143 		dctlprintk(ioc,
2144 			   ioc_info(ioc, "%s: skipping due to FAULT state\n",
2145 				    __func__));
2146 		rc = -EAGAIN;
2147 		goto out;
2148 	}
2149 
2150 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
2151 		ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
2152 		rc = -EAGAIN;
2153 		goto out;
2154 	}
2155 
2156 	smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
2157 	if (!smid) {
2158 		ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
2159 		rc = -EAGAIN;
2160 		goto out;
2161 	}
2162 
2163 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
2164 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
2165 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
2166 	ioc->ctl_cmds.smid = smid;
2167 
2168 	mpi_request->Function = MPI2_FUNCTION_DIAG_RELEASE;
2169 	mpi_request->BufferType = buffer_type;
2170 	mpi_request->VF_ID = 0; /* TODO */
2171 	mpi_request->VP_ID = 0;
2172 
2173 	init_completion(&ioc->ctl_cmds.done);
2174 	ioc->put_smid_default(ioc, smid);
2175 	wait_for_completion_timeout(&ioc->ctl_cmds.done,
2176 	    MPT3_IOCTL_DEFAULT_TIMEOUT*HZ);
2177 
2178 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
2179 		mpt3sas_check_cmd_timeout(ioc,
2180 		    ioc->ctl_cmds.status, mpi_request,
2181 		    sizeof(Mpi2DiagReleaseRequest_t)/4, reset_needed);
2182 		*issue_reset = reset_needed;
2183 		rc = -EFAULT;
2184 		goto out;
2185 	}
2186 
2187 	/* process the completed Reply Message Frame */
2188 	if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
2189 		ioc_err(ioc, "%s: no reply message\n", __func__);
2190 		rc = -EFAULT;
2191 		goto out;
2192 	}
2193 
2194 	mpi_reply = ioc->ctl_cmds.reply;
2195 	ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
2196 
2197 	if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
2198 		ioc->diag_buffer_status[buffer_type] |=
2199 		    MPT3_DIAG_BUFFER_IS_RELEASED;
2200 		dctlprintk(ioc, ioc_info(ioc, "%s: success\n", __func__));
2201 	} else {
2202 		ioc_info(ioc, "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
2203 			 __func__,
2204 			 ioc_status, le32_to_cpu(mpi_reply->IOCLogInfo));
2205 		rc = -EFAULT;
2206 	}
2207 
2208  out:
2209 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
2210 	return rc;
2211 }
2212 
2213 /**
2214  * _ctl_diag_release - request to send Diag Release Message to firmware
2215  * @ioc: ?
2216  * @arg: user space buffer containing ioctl content
2217  *
2218  * This allows ownership of the specified buffer to returned to the driver,
2219  * allowing an application to read the buffer without fear that firmware is
2220  * overwriting information in the buffer.
2221  */
2222 static long
_ctl_diag_release(struct MPT3SAS_ADAPTER * ioc,void __user * arg)2223 _ctl_diag_release(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
2224 {
2225 	struct mpt3_diag_release karg;
2226 	void *request_data;
2227 	int rc;
2228 	u8 buffer_type;
2229 	u8 issue_reset = 0;
2230 
2231 	if (copy_from_user(&karg, arg, sizeof(karg))) {
2232 		pr_err("failure at %s:%d/%s()!\n",
2233 		    __FILE__, __LINE__, __func__);
2234 		return -EFAULT;
2235 	}
2236 
2237 	dctlprintk(ioc, ioc_info(ioc, "%s\n",
2238 				 __func__));
2239 
2240 	buffer_type = _ctl_diag_get_bufftype(ioc, karg.unique_id);
2241 	if (buffer_type == MPT3_DIAG_UID_NOT_FOUND) {
2242 		ioc_err(ioc, "%s: buffer with unique_id(0x%08x) not found\n",
2243 		    __func__, karg.unique_id);
2244 		return -EINVAL;
2245 	}
2246 
2247 	if (!_ctl_diag_capability(ioc, buffer_type)) {
2248 		ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
2249 			__func__, buffer_type);
2250 		return -EPERM;
2251 	}
2252 
2253 	if ((ioc->diag_buffer_status[buffer_type] &
2254 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
2255 		ioc_err(ioc, "%s: buffer_type(0x%02x) is not registered\n",
2256 			__func__, buffer_type);
2257 		return -EINVAL;
2258 	}
2259 
2260 	if (karg.unique_id != ioc->unique_id[buffer_type]) {
2261 		ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
2262 			__func__, karg.unique_id);
2263 		return -EINVAL;
2264 	}
2265 
2266 	if (ioc->diag_buffer_status[buffer_type] &
2267 	    MPT3_DIAG_BUFFER_IS_RELEASED) {
2268 		ioc_err(ioc, "%s: buffer_type(0x%02x) is already released\n",
2269 			__func__, buffer_type);
2270 		return -EINVAL;
2271 	}
2272 
2273 	request_data = ioc->diag_buffer[buffer_type];
2274 
2275 	if (!request_data) {
2276 		ioc_err(ioc, "%s: doesn't have memory allocated for buffer_type(0x%02x)\n",
2277 			__func__, buffer_type);
2278 		return -ENOMEM;
2279 	}
2280 
2281 	/* buffers were released by due to host reset */
2282 	if ((ioc->diag_buffer_status[buffer_type] &
2283 	    MPT3_DIAG_BUFFER_IS_DIAG_RESET)) {
2284 		ioc->diag_buffer_status[buffer_type] |=
2285 		    MPT3_DIAG_BUFFER_IS_RELEASED;
2286 		ioc->diag_buffer_status[buffer_type] &=
2287 		    ~MPT3_DIAG_BUFFER_IS_DIAG_RESET;
2288 		ioc_err(ioc, "%s: buffer_type(0x%02x) was released due to host reset\n",
2289 			__func__, buffer_type);
2290 		return 0;
2291 	}
2292 
2293 	rc = mpt3sas_send_diag_release(ioc, buffer_type, &issue_reset);
2294 
2295 	if (issue_reset)
2296 		mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
2297 
2298 	return rc;
2299 }
2300 
2301 /**
2302  * _ctl_diag_read_buffer - request for copy of the diag buffer
2303  * @ioc: per adapter object
2304  * @arg: user space buffer containing ioctl content
2305  */
2306 static long
_ctl_diag_read_buffer(struct MPT3SAS_ADAPTER * ioc,void __user * arg)2307 _ctl_diag_read_buffer(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
2308 {
2309 	struct mpt3_diag_read_buffer karg;
2310 	struct mpt3_diag_read_buffer __user *uarg = arg;
2311 	void *request_data, *diag_data;
2312 	Mpi2DiagBufferPostRequest_t *mpi_request;
2313 	Mpi2DiagBufferPostReply_t *mpi_reply;
2314 	int rc, i;
2315 	u8 buffer_type;
2316 	unsigned long request_size, copy_size;
2317 	u16 smid;
2318 	u16 ioc_status;
2319 	u8 issue_reset = 0;
2320 
2321 	if (copy_from_user(&karg, arg, sizeof(karg))) {
2322 		pr_err("failure at %s:%d/%s()!\n",
2323 		    __FILE__, __LINE__, __func__);
2324 		return -EFAULT;
2325 	}
2326 
2327 	dctlprintk(ioc, ioc_info(ioc, "%s\n",
2328 				 __func__));
2329 
2330 	buffer_type = _ctl_diag_get_bufftype(ioc, karg.unique_id);
2331 	if (buffer_type == MPT3_DIAG_UID_NOT_FOUND) {
2332 		ioc_err(ioc, "%s: buffer with unique_id(0x%08x) not found\n",
2333 		    __func__, karg.unique_id);
2334 		return -EINVAL;
2335 	}
2336 
2337 	if (!_ctl_diag_capability(ioc, buffer_type)) {
2338 		ioc_err(ioc, "%s: doesn't have capability for buffer_type(0x%02x)\n",
2339 			__func__, buffer_type);
2340 		return -EPERM;
2341 	}
2342 
2343 	if (karg.unique_id != ioc->unique_id[buffer_type]) {
2344 		ioc_err(ioc, "%s: unique_id(0x%08x) is not registered\n",
2345 			__func__, karg.unique_id);
2346 		return -EINVAL;
2347 	}
2348 
2349 	request_data = ioc->diag_buffer[buffer_type];
2350 	if (!request_data) {
2351 		ioc_err(ioc, "%s: doesn't have buffer for buffer_type(0x%02x)\n",
2352 			__func__, buffer_type);
2353 		return -ENOMEM;
2354 	}
2355 
2356 	request_size = ioc->diag_buffer_sz[buffer_type];
2357 
2358 	if ((karg.starting_offset % 4) || (karg.bytes_to_read % 4)) {
2359 		ioc_err(ioc, "%s: either the starting_offset or bytes_to_read are not 4 byte aligned\n",
2360 			__func__);
2361 		return -EINVAL;
2362 	}
2363 
2364 	if (karg.starting_offset > request_size)
2365 		return -EINVAL;
2366 
2367 	diag_data = (void *)(request_data + karg.starting_offset);
2368 	dctlprintk(ioc,
2369 		   ioc_info(ioc, "%s: diag_buffer(%p), offset(%d), sz(%d)\n",
2370 			    __func__, diag_data, karg.starting_offset,
2371 			    karg.bytes_to_read));
2372 
2373 	/* Truncate data on requests that are too large */
2374 	if ((diag_data + karg.bytes_to_read < diag_data) ||
2375 	    (diag_data + karg.bytes_to_read > request_data + request_size))
2376 		copy_size = request_size - karg.starting_offset;
2377 	else
2378 		copy_size = karg.bytes_to_read;
2379 
2380 	if (copy_to_user((void __user *)uarg->diagnostic_data,
2381 	    diag_data, copy_size)) {
2382 		ioc_err(ioc, "%s: Unable to write mpt_diag_read_buffer_t data @ %p\n",
2383 			__func__, diag_data);
2384 		return -EFAULT;
2385 	}
2386 
2387 	if ((karg.flags & MPT3_FLAGS_REREGISTER) == 0)
2388 		return 0;
2389 
2390 	dctlprintk(ioc,
2391 		   ioc_info(ioc, "%s: Reregister buffer_type(0x%02x)\n",
2392 			    __func__, buffer_type));
2393 	if ((ioc->diag_buffer_status[buffer_type] &
2394 	    MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
2395 		dctlprintk(ioc,
2396 			   ioc_info(ioc, "%s: buffer_type(0x%02x) is still registered\n",
2397 				    __func__, buffer_type));
2398 		return 0;
2399 	}
2400 	/* Get a free request frame and save the message context.
2401 	*/
2402 
2403 	if (ioc->ctl_cmds.status != MPT3_CMD_NOT_USED) {
2404 		ioc_err(ioc, "%s: ctl_cmd in use\n", __func__);
2405 		rc = -EAGAIN;
2406 		goto out;
2407 	}
2408 
2409 	smid = mpt3sas_base_get_smid(ioc, ioc->ctl_cb_idx);
2410 	if (!smid) {
2411 		ioc_err(ioc, "%s: failed obtaining a smid\n", __func__);
2412 		rc = -EAGAIN;
2413 		goto out;
2414 	}
2415 
2416 	rc = 0;
2417 	ioc->ctl_cmds.status = MPT3_CMD_PENDING;
2418 	memset(ioc->ctl_cmds.reply, 0, ioc->reply_sz);
2419 	mpi_request = mpt3sas_base_get_msg_frame(ioc, smid);
2420 	ioc->ctl_cmds.smid = smid;
2421 
2422 	mpi_request->Function = MPI2_FUNCTION_DIAG_BUFFER_POST;
2423 	mpi_request->BufferType = buffer_type;
2424 	mpi_request->BufferLength =
2425 	    cpu_to_le32(ioc->diag_buffer_sz[buffer_type]);
2426 	mpi_request->BufferAddress =
2427 	    cpu_to_le64(ioc->diag_buffer_dma[buffer_type]);
2428 	for (i = 0; i < MPT3_PRODUCT_SPECIFIC_DWORDS; i++)
2429 		mpi_request->ProductSpecific[i] =
2430 			cpu_to_le32(ioc->product_specific[buffer_type][i]);
2431 	mpi_request->VF_ID = 0; /* TODO */
2432 	mpi_request->VP_ID = 0;
2433 
2434 	init_completion(&ioc->ctl_cmds.done);
2435 	ioc->put_smid_default(ioc, smid);
2436 	wait_for_completion_timeout(&ioc->ctl_cmds.done,
2437 	    MPT3_IOCTL_DEFAULT_TIMEOUT*HZ);
2438 
2439 	if (!(ioc->ctl_cmds.status & MPT3_CMD_COMPLETE)) {
2440 		mpt3sas_check_cmd_timeout(ioc,
2441 		    ioc->ctl_cmds.status, mpi_request,
2442 		    sizeof(Mpi2DiagBufferPostRequest_t)/4, issue_reset);
2443 		goto issue_host_reset;
2444 	}
2445 
2446 	/* process the completed Reply Message Frame */
2447 	if ((ioc->ctl_cmds.status & MPT3_CMD_REPLY_VALID) == 0) {
2448 		ioc_err(ioc, "%s: no reply message\n", __func__);
2449 		rc = -EFAULT;
2450 		goto out;
2451 	}
2452 
2453 	mpi_reply = ioc->ctl_cmds.reply;
2454 	ioc_status = le16_to_cpu(mpi_reply->IOCStatus) & MPI2_IOCSTATUS_MASK;
2455 
2456 	if (ioc_status == MPI2_IOCSTATUS_SUCCESS) {
2457 		ioc->diag_buffer_status[buffer_type] |=
2458 		    MPT3_DIAG_BUFFER_IS_REGISTERED;
2459 		ioc->diag_buffer_status[buffer_type] &=
2460 		    ~MPT3_DIAG_BUFFER_IS_RELEASED;
2461 		dctlprintk(ioc, ioc_info(ioc, "%s: success\n", __func__));
2462 	} else {
2463 		ioc_info(ioc, "%s: ioc_status(0x%04x) log_info(0x%08x)\n",
2464 			 __func__, ioc_status,
2465 			 le32_to_cpu(mpi_reply->IOCLogInfo));
2466 		rc = -EFAULT;
2467 	}
2468 
2469  issue_host_reset:
2470 	if (issue_reset)
2471 		mpt3sas_base_hard_reset_handler(ioc, FORCE_BIG_HAMMER);
2472 
2473  out:
2474 
2475 	ioc->ctl_cmds.status = MPT3_CMD_NOT_USED;
2476 	return rc;
2477 }
2478 
2479 /**
2480  * _ctl_addnl_diag_query - query relevant info associated with diag buffers
2481  * @ioc: per adapter object
2482  * @arg: user space buffer containing ioctl content
2483  *
2484  * The application will send only unique_id.  Driver will
2485  * inspect unique_id first, if valid, fill the details related to cause
2486  * for diag buffer release.
2487  */
2488 static long
_ctl_addnl_diag_query(struct MPT3SAS_ADAPTER * ioc,void __user * arg)2489 _ctl_addnl_diag_query(struct MPT3SAS_ADAPTER *ioc, void __user *arg)
2490 {
2491 	struct mpt3_addnl_diag_query karg;
2492 	u32 buffer_type = 0;
2493 
2494 	if (copy_from_user(&karg, arg, sizeof(karg))) {
2495 		pr_err("%s: failure at %s:%d/%s()!\n",
2496 		    ioc->name, __FILE__, __LINE__, __func__);
2497 		return -EFAULT;
2498 	}
2499 	dctlprintk(ioc, ioc_info(ioc, "%s\n",  __func__));
2500 	if (karg.unique_id == 0) {
2501 		ioc_err(ioc, "%s: unique_id is(0x%08x)\n",
2502 		    __func__, karg.unique_id);
2503 		return -EPERM;
2504 	}
2505 	buffer_type = _ctl_diag_get_bufftype(ioc, karg.unique_id);
2506 	if (buffer_type == MPT3_DIAG_UID_NOT_FOUND) {
2507 		ioc_err(ioc, "%s: buffer with unique_id(0x%08x) not found\n",
2508 		    __func__, karg.unique_id);
2509 		return -EPERM;
2510 	}
2511 	memset(&karg.rel_query, 0, sizeof(karg.rel_query));
2512 	if ((ioc->diag_buffer_status[buffer_type] &
2513 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
2514 		ioc_info(ioc, "%s: buffer_type(0x%02x) is not registered\n",
2515 		    __func__, buffer_type);
2516 		goto out;
2517 	}
2518 	if ((ioc->diag_buffer_status[buffer_type] &
2519 	    MPT3_DIAG_BUFFER_IS_RELEASED) == 0) {
2520 		ioc_err(ioc, "%s: buffer_type(0x%02x) is not released\n",
2521 		    __func__, buffer_type);
2522 		return -EPERM;
2523 	}
2524 	memcpy(&karg.rel_query, &ioc->htb_rel, sizeof(karg.rel_query));
2525 out:
2526 	if (copy_to_user(arg, &karg, sizeof(struct mpt3_addnl_diag_query))) {
2527 		ioc_err(ioc, "%s: unable to write mpt3_addnl_diag_query data @ %p\n",
2528 		    __func__, arg);
2529 		return -EFAULT;
2530 	}
2531 	return 0;
2532 }
2533 
2534 #ifdef CONFIG_COMPAT
2535 /**
2536  * _ctl_compat_mpt_command - convert 32bit pointers to 64bit.
2537  * @ioc: per adapter object
2538  * @cmd: ioctl opcode
2539  * @arg: (struct mpt3_ioctl_command32)
2540  *
2541  * MPT3COMMAND32 - Handle 32bit applications running on 64bit os.
2542  */
2543 static long
_ctl_compat_mpt_command(struct MPT3SAS_ADAPTER * ioc,unsigned cmd,void __user * arg)2544 _ctl_compat_mpt_command(struct MPT3SAS_ADAPTER *ioc, unsigned cmd,
2545 	void __user *arg)
2546 {
2547 	struct mpt3_ioctl_command32 karg32;
2548 	struct mpt3_ioctl_command32 __user *uarg;
2549 	struct mpt3_ioctl_command karg;
2550 
2551 	if (_IOC_SIZE(cmd) != sizeof(struct mpt3_ioctl_command32))
2552 		return -EINVAL;
2553 
2554 	uarg = (struct mpt3_ioctl_command32 __user *) arg;
2555 
2556 	if (copy_from_user(&karg32, (char __user *)arg, sizeof(karg32))) {
2557 		pr_err("failure at %s:%d/%s()!\n",
2558 		    __FILE__, __LINE__, __func__);
2559 		return -EFAULT;
2560 	}
2561 
2562 	memset(&karg, 0, sizeof(struct mpt3_ioctl_command));
2563 	karg.hdr.ioc_number = karg32.hdr.ioc_number;
2564 	karg.hdr.port_number = karg32.hdr.port_number;
2565 	karg.hdr.max_data_size = karg32.hdr.max_data_size;
2566 	karg.timeout = karg32.timeout;
2567 	karg.max_reply_bytes = karg32.max_reply_bytes;
2568 	karg.data_in_size = karg32.data_in_size;
2569 	karg.data_out_size = karg32.data_out_size;
2570 	karg.max_sense_bytes = karg32.max_sense_bytes;
2571 	karg.data_sge_offset = karg32.data_sge_offset;
2572 	karg.reply_frame_buf_ptr = compat_ptr(karg32.reply_frame_buf_ptr);
2573 	karg.data_in_buf_ptr = compat_ptr(karg32.data_in_buf_ptr);
2574 	karg.data_out_buf_ptr = compat_ptr(karg32.data_out_buf_ptr);
2575 	karg.sense_data_ptr = compat_ptr(karg32.sense_data_ptr);
2576 	return _ctl_do_mpt_command(ioc, karg, &uarg->mf);
2577 }
2578 #endif
2579 
2580 /**
2581  * _ctl_ioctl_main - main ioctl entry point
2582  * @file:  (struct file)
2583  * @cmd:  ioctl opcode
2584  * @arg:  user space data buffer
2585  * @compat:  handles 32 bit applications in 64bit os
2586  * @mpi_version: will be MPI2_VERSION for mpt2ctl ioctl device &
2587  * MPI25_VERSION | MPI26_VERSION for mpt3ctl ioctl device.
2588  */
2589 static long
_ctl_ioctl_main(struct file * file,unsigned int cmd,void __user * arg,u8 compat,u16 mpi_version)2590 _ctl_ioctl_main(struct file *file, unsigned int cmd, void __user *arg,
2591 	u8 compat, u16 mpi_version)
2592 {
2593 	struct MPT3SAS_ADAPTER *ioc;
2594 	struct mpt3_ioctl_header ioctl_header;
2595 	enum block_state state;
2596 	long ret = -ENOIOCTLCMD;
2597 
2598 	/* get IOCTL header */
2599 	if (copy_from_user(&ioctl_header, (char __user *)arg,
2600 	    sizeof(struct mpt3_ioctl_header))) {
2601 		pr_err("failure at %s:%d/%s()!\n",
2602 		    __FILE__, __LINE__, __func__);
2603 		return -EFAULT;
2604 	}
2605 
2606 	if (_ctl_verify_adapter(ioctl_header.ioc_number,
2607 				&ioc, mpi_version) == -1 || !ioc)
2608 		return -ENODEV;
2609 
2610 	/* pci_access_mutex lock acquired by ioctl path */
2611 	mutex_lock(&ioc->pci_access_mutex);
2612 
2613 	if (ioc->shost_recovery || ioc->pci_error_recovery ||
2614 	    ioc->is_driver_loading || ioc->remove_host) {
2615 		ret = -EAGAIN;
2616 		goto out_unlock_pciaccess;
2617 	}
2618 
2619 	state = (file->f_flags & O_NONBLOCK) ? NON_BLOCKING : BLOCKING;
2620 	if (state == NON_BLOCKING) {
2621 		if (!mutex_trylock(&ioc->ctl_cmds.mutex)) {
2622 			ret = -EAGAIN;
2623 			goto out_unlock_pciaccess;
2624 		}
2625 	} else if (mutex_lock_interruptible(&ioc->ctl_cmds.mutex)) {
2626 		ret = -ERESTARTSYS;
2627 		goto out_unlock_pciaccess;
2628 	}
2629 
2630 
2631 	switch (cmd) {
2632 	case MPT3IOCINFO:
2633 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_iocinfo))
2634 			ret = _ctl_getiocinfo(ioc, arg);
2635 		break;
2636 #ifdef CONFIG_COMPAT
2637 	case MPT3COMMAND32:
2638 #endif
2639 	case MPT3COMMAND:
2640 	{
2641 		struct mpt3_ioctl_command __user *uarg;
2642 		struct mpt3_ioctl_command karg;
2643 
2644 #ifdef CONFIG_COMPAT
2645 		if (compat) {
2646 			ret = _ctl_compat_mpt_command(ioc, cmd, arg);
2647 			break;
2648 		}
2649 #endif
2650 		if (copy_from_user(&karg, arg, sizeof(karg))) {
2651 			pr_err("failure at %s:%d/%s()!\n",
2652 			    __FILE__, __LINE__, __func__);
2653 			ret = -EFAULT;
2654 			break;
2655 		}
2656 
2657 		if (karg.hdr.ioc_number != ioctl_header.ioc_number) {
2658 			ret = -EINVAL;
2659 			break;
2660 		}
2661 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_command)) {
2662 			uarg = arg;
2663 			ret = _ctl_do_mpt_command(ioc, karg, &uarg->mf);
2664 		}
2665 		break;
2666 	}
2667 	case MPT3EVENTQUERY:
2668 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_eventquery))
2669 			ret = _ctl_eventquery(ioc, arg);
2670 		break;
2671 	case MPT3EVENTENABLE:
2672 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_eventenable))
2673 			ret = _ctl_eventenable(ioc, arg);
2674 		break;
2675 	case MPT3EVENTREPORT:
2676 		ret = _ctl_eventreport(ioc, arg);
2677 		break;
2678 	case MPT3HARDRESET:
2679 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_diag_reset))
2680 			ret = _ctl_do_reset(ioc, arg);
2681 		break;
2682 	case MPT3BTDHMAPPING:
2683 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_ioctl_btdh_mapping))
2684 			ret = _ctl_btdh_mapping(ioc, arg);
2685 		break;
2686 	case MPT3DIAGREGISTER:
2687 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_register))
2688 			ret = _ctl_diag_register(ioc, arg);
2689 		break;
2690 	case MPT3DIAGUNREGISTER:
2691 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_unregister))
2692 			ret = _ctl_diag_unregister(ioc, arg);
2693 		break;
2694 	case MPT3DIAGQUERY:
2695 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_query))
2696 			ret = _ctl_diag_query(ioc, arg);
2697 		break;
2698 	case MPT3DIAGRELEASE:
2699 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_release))
2700 			ret = _ctl_diag_release(ioc, arg);
2701 		break;
2702 	case MPT3DIAGREADBUFFER:
2703 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_diag_read_buffer))
2704 			ret = _ctl_diag_read_buffer(ioc, arg);
2705 		break;
2706 	case MPT3ADDNLDIAGQUERY:
2707 		if (_IOC_SIZE(cmd) == sizeof(struct mpt3_addnl_diag_query))
2708 			ret = _ctl_addnl_diag_query(ioc, arg);
2709 		break;
2710 	default:
2711 		dctlprintk(ioc,
2712 			   ioc_info(ioc, "unsupported ioctl opcode(0x%08x)\n",
2713 				    cmd));
2714 		break;
2715 	}
2716 
2717 	mutex_unlock(&ioc->ctl_cmds.mutex);
2718 out_unlock_pciaccess:
2719 	mutex_unlock(&ioc->pci_access_mutex);
2720 	return ret;
2721 }
2722 
2723 /**
2724  * _ctl_ioctl - mpt3ctl main ioctl entry point (unlocked)
2725  * @file: (struct file)
2726  * @cmd: ioctl opcode
2727  * @arg: ?
2728  */
2729 static long
_ctl_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2730 _ctl_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2731 {
2732 	long ret;
2733 
2734 	/* pass MPI25_VERSION | MPI26_VERSION value,
2735 	 * to indicate that this ioctl cmd
2736 	 * came from mpt3ctl ioctl device.
2737 	 */
2738 	ret = _ctl_ioctl_main(file, cmd, (void __user *)arg, 0,
2739 		MPI25_VERSION | MPI26_VERSION);
2740 	return ret;
2741 }
2742 
2743 /**
2744  * _ctl_mpt2_ioctl - mpt2ctl main ioctl entry point (unlocked)
2745  * @file: (struct file)
2746  * @cmd: ioctl opcode
2747  * @arg: ?
2748  */
2749 static long
_ctl_mpt2_ioctl(struct file * file,unsigned int cmd,unsigned long arg)2750 _ctl_mpt2_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
2751 {
2752 	long ret;
2753 
2754 	/* pass MPI2_VERSION value, to indicate that this ioctl cmd
2755 	 * came from mpt2ctl ioctl device.
2756 	 */
2757 	ret = _ctl_ioctl_main(file, cmd, (void __user *)arg, 0, MPI2_VERSION);
2758 	return ret;
2759 }
2760 #ifdef CONFIG_COMPAT
2761 /**
2762  * _ctl_ioctl_compat - main ioctl entry point (compat)
2763  * @file: ?
2764  * @cmd: ?
2765  * @arg: ?
2766  *
2767  * This routine handles 32 bit applications in 64bit os.
2768  */
2769 static long
_ctl_ioctl_compat(struct file * file,unsigned cmd,unsigned long arg)2770 _ctl_ioctl_compat(struct file *file, unsigned cmd, unsigned long arg)
2771 {
2772 	long ret;
2773 
2774 	ret = _ctl_ioctl_main(file, cmd, (void __user *)arg, 1,
2775 		MPI25_VERSION | MPI26_VERSION);
2776 	return ret;
2777 }
2778 
2779 /**
2780  * _ctl_mpt2_ioctl_compat - main ioctl entry point (compat)
2781  * @file: ?
2782  * @cmd: ?
2783  * @arg: ?
2784  *
2785  * This routine handles 32 bit applications in 64bit os.
2786  */
2787 static long
_ctl_mpt2_ioctl_compat(struct file * file,unsigned cmd,unsigned long arg)2788 _ctl_mpt2_ioctl_compat(struct file *file, unsigned cmd, unsigned long arg)
2789 {
2790 	long ret;
2791 
2792 	ret = _ctl_ioctl_main(file, cmd, (void __user *)arg, 1, MPI2_VERSION);
2793 	return ret;
2794 }
2795 #endif
2796 
2797 /* scsi host attributes */
2798 /**
2799  * version_fw_show - firmware version
2800  * @cdev: pointer to embedded class device
2801  * @attr: ?
2802  * @buf: the buffer returned
2803  *
2804  * A sysfs 'read-only' shost attribute.
2805  */
2806 static ssize_t
version_fw_show(struct device * cdev,struct device_attribute * attr,char * buf)2807 version_fw_show(struct device *cdev, struct device_attribute *attr,
2808 	char *buf)
2809 {
2810 	struct Scsi_Host *shost = class_to_shost(cdev);
2811 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2812 
2813 	return snprintf(buf, PAGE_SIZE, "%02d.%02d.%02d.%02d\n",
2814 	    (ioc->facts.FWVersion.Word & 0xFF000000) >> 24,
2815 	    (ioc->facts.FWVersion.Word & 0x00FF0000) >> 16,
2816 	    (ioc->facts.FWVersion.Word & 0x0000FF00) >> 8,
2817 	    ioc->facts.FWVersion.Word & 0x000000FF);
2818 }
2819 static DEVICE_ATTR_RO(version_fw);
2820 
2821 /**
2822  * version_bios_show - bios version
2823  * @cdev: pointer to embedded class device
2824  * @attr: ?
2825  * @buf: the buffer returned
2826  *
2827  * A sysfs 'read-only' shost attribute.
2828  */
2829 static ssize_t
version_bios_show(struct device * cdev,struct device_attribute * attr,char * buf)2830 version_bios_show(struct device *cdev, struct device_attribute *attr,
2831 	char *buf)
2832 {
2833 	struct Scsi_Host *shost = class_to_shost(cdev);
2834 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2835 
2836 	u32 version = le32_to_cpu(ioc->bios_pg3.BiosVersion);
2837 
2838 	return snprintf(buf, PAGE_SIZE, "%02d.%02d.%02d.%02d\n",
2839 	    (version & 0xFF000000) >> 24,
2840 	    (version & 0x00FF0000) >> 16,
2841 	    (version & 0x0000FF00) >> 8,
2842 	    version & 0x000000FF);
2843 }
2844 static DEVICE_ATTR_RO(version_bios);
2845 
2846 /**
2847  * version_mpi_show - MPI (message passing interface) version
2848  * @cdev: pointer to embedded class device
2849  * @attr: ?
2850  * @buf: the buffer returned
2851  *
2852  * A sysfs 'read-only' shost attribute.
2853  */
2854 static ssize_t
version_mpi_show(struct device * cdev,struct device_attribute * attr,char * buf)2855 version_mpi_show(struct device *cdev, struct device_attribute *attr,
2856 	char *buf)
2857 {
2858 	struct Scsi_Host *shost = class_to_shost(cdev);
2859 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2860 
2861 	return snprintf(buf, PAGE_SIZE, "%03x.%02x\n",
2862 	    ioc->facts.MsgVersion, ioc->facts.HeaderVersion >> 8);
2863 }
2864 static DEVICE_ATTR_RO(version_mpi);
2865 
2866 /**
2867  * version_product_show - product name
2868  * @cdev: pointer to embedded class device
2869  * @attr: ?
2870  * @buf: the buffer returned
2871  *
2872  * A sysfs 'read-only' shost attribute.
2873  */
2874 static ssize_t
version_product_show(struct device * cdev,struct device_attribute * attr,char * buf)2875 version_product_show(struct device *cdev, struct device_attribute *attr,
2876 	char *buf)
2877 {
2878 	struct Scsi_Host *shost = class_to_shost(cdev);
2879 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2880 
2881 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.ChipName);
2882 }
2883 static DEVICE_ATTR_RO(version_product);
2884 
2885 /**
2886  * version_nvdata_persistent_show - ndvata persistent version
2887  * @cdev: pointer to embedded class device
2888  * @attr: ?
2889  * @buf: the buffer returned
2890  *
2891  * A sysfs 'read-only' shost attribute.
2892  */
2893 static ssize_t
version_nvdata_persistent_show(struct device * cdev,struct device_attribute * attr,char * buf)2894 version_nvdata_persistent_show(struct device *cdev,
2895 	struct device_attribute *attr, char *buf)
2896 {
2897 	struct Scsi_Host *shost = class_to_shost(cdev);
2898 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2899 
2900 	return snprintf(buf, PAGE_SIZE, "%08xh\n",
2901 	    le32_to_cpu(ioc->iounit_pg0.NvdataVersionPersistent.Word));
2902 }
2903 static DEVICE_ATTR_RO(version_nvdata_persistent);
2904 
2905 /**
2906  * version_nvdata_default_show - nvdata default version
2907  * @cdev: pointer to embedded class device
2908  * @attr: ?
2909  * @buf: the buffer returned
2910  *
2911  * A sysfs 'read-only' shost attribute.
2912  */
2913 static ssize_t
version_nvdata_default_show(struct device * cdev,struct device_attribute * attr,char * buf)2914 version_nvdata_default_show(struct device *cdev, struct device_attribute
2915 	*attr, char *buf)
2916 {
2917 	struct Scsi_Host *shost = class_to_shost(cdev);
2918 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2919 
2920 	return snprintf(buf, PAGE_SIZE, "%08xh\n",
2921 	    le32_to_cpu(ioc->iounit_pg0.NvdataVersionDefault.Word));
2922 }
2923 static DEVICE_ATTR_RO(version_nvdata_default);
2924 
2925 /**
2926  * board_name_show - board name
2927  * @cdev: pointer to embedded class device
2928  * @attr: ?
2929  * @buf: the buffer returned
2930  *
2931  * A sysfs 'read-only' shost attribute.
2932  */
2933 static ssize_t
board_name_show(struct device * cdev,struct device_attribute * attr,char * buf)2934 board_name_show(struct device *cdev, struct device_attribute *attr,
2935 	char *buf)
2936 {
2937 	struct Scsi_Host *shost = class_to_shost(cdev);
2938 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2939 
2940 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.BoardName);
2941 }
2942 static DEVICE_ATTR_RO(board_name);
2943 
2944 /**
2945  * board_assembly_show - board assembly name
2946  * @cdev: pointer to embedded class device
2947  * @attr: ?
2948  * @buf: the buffer returned
2949  *
2950  * A sysfs 'read-only' shost attribute.
2951  */
2952 static ssize_t
board_assembly_show(struct device * cdev,struct device_attribute * attr,char * buf)2953 board_assembly_show(struct device *cdev, struct device_attribute *attr,
2954 	char *buf)
2955 {
2956 	struct Scsi_Host *shost = class_to_shost(cdev);
2957 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2958 
2959 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.BoardAssembly);
2960 }
2961 static DEVICE_ATTR_RO(board_assembly);
2962 
2963 /**
2964  * board_tracer_show - board tracer number
2965  * @cdev: pointer to embedded class device
2966  * @attr: ?
2967  * @buf: the buffer returned
2968  *
2969  * A sysfs 'read-only' shost attribute.
2970  */
2971 static ssize_t
board_tracer_show(struct device * cdev,struct device_attribute * attr,char * buf)2972 board_tracer_show(struct device *cdev, struct device_attribute *attr,
2973 	char *buf)
2974 {
2975 	struct Scsi_Host *shost = class_to_shost(cdev);
2976 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2977 
2978 	return snprintf(buf, 16, "%s\n", ioc->manu_pg0.BoardTracerNumber);
2979 }
2980 static DEVICE_ATTR_RO(board_tracer);
2981 
2982 /**
2983  * io_delay_show - io missing delay
2984  * @cdev: pointer to embedded class device
2985  * @attr: ?
2986  * @buf: the buffer returned
2987  *
2988  * This is for firmware implemention for deboucing device
2989  * removal events.
2990  *
2991  * A sysfs 'read-only' shost attribute.
2992  */
2993 static ssize_t
io_delay_show(struct device * cdev,struct device_attribute * attr,char * buf)2994 io_delay_show(struct device *cdev, struct device_attribute *attr,
2995 	char *buf)
2996 {
2997 	struct Scsi_Host *shost = class_to_shost(cdev);
2998 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
2999 
3000 	return snprintf(buf, PAGE_SIZE, "%02d\n", ioc->io_missing_delay);
3001 }
3002 static DEVICE_ATTR_RO(io_delay);
3003 
3004 /**
3005  * device_delay_show - device missing delay
3006  * @cdev: pointer to embedded class device
3007  * @attr: ?
3008  * @buf: the buffer returned
3009  *
3010  * This is for firmware implemention for deboucing device
3011  * removal events.
3012  *
3013  * A sysfs 'read-only' shost attribute.
3014  */
3015 static ssize_t
device_delay_show(struct device * cdev,struct device_attribute * attr,char * buf)3016 device_delay_show(struct device *cdev, struct device_attribute *attr,
3017 	char *buf)
3018 {
3019 	struct Scsi_Host *shost = class_to_shost(cdev);
3020 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3021 
3022 	return snprintf(buf, PAGE_SIZE, "%02d\n", ioc->device_missing_delay);
3023 }
3024 static DEVICE_ATTR_RO(device_delay);
3025 
3026 /**
3027  * fw_queue_depth_show - global credits
3028  * @cdev: pointer to embedded class device
3029  * @attr: ?
3030  * @buf: the buffer returned
3031  *
3032  * This is firmware queue depth limit
3033  *
3034  * A sysfs 'read-only' shost attribute.
3035  */
3036 static ssize_t
fw_queue_depth_show(struct device * cdev,struct device_attribute * attr,char * buf)3037 fw_queue_depth_show(struct device *cdev, struct device_attribute *attr,
3038 	char *buf)
3039 {
3040 	struct Scsi_Host *shost = class_to_shost(cdev);
3041 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3042 
3043 	return snprintf(buf, PAGE_SIZE, "%02d\n", ioc->facts.RequestCredit);
3044 }
3045 static DEVICE_ATTR_RO(fw_queue_depth);
3046 
3047 /**
3048  * host_sas_address_show - sas address
3049  * @cdev: pointer to embedded class device
3050  * @attr: ?
3051  * @buf: the buffer returned
3052  *
3053  * This is the controller sas address
3054  *
3055  * A sysfs 'read-only' shost attribute.
3056  */
3057 static ssize_t
host_sas_address_show(struct device * cdev,struct device_attribute * attr,char * buf)3058 host_sas_address_show(struct device *cdev, struct device_attribute *attr,
3059 	char *buf)
3060 
3061 {
3062 	struct Scsi_Host *shost = class_to_shost(cdev);
3063 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3064 
3065 	return snprintf(buf, PAGE_SIZE, "0x%016llx\n",
3066 	    (unsigned long long)ioc->sas_hba.sas_address);
3067 }
3068 static DEVICE_ATTR_RO(host_sas_address);
3069 
3070 /**
3071  * logging_level_show - logging level
3072  * @cdev: pointer to embedded class device
3073  * @attr: ?
3074  * @buf: the buffer returned
3075  *
3076  * A sysfs 'read/write' shost attribute.
3077  */
3078 static ssize_t
logging_level_show(struct device * cdev,struct device_attribute * attr,char * buf)3079 logging_level_show(struct device *cdev, struct device_attribute *attr,
3080 	char *buf)
3081 {
3082 	struct Scsi_Host *shost = class_to_shost(cdev);
3083 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3084 
3085 	return snprintf(buf, PAGE_SIZE, "%08xh\n", ioc->logging_level);
3086 }
3087 static ssize_t
logging_level_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3088 logging_level_store(struct device *cdev, struct device_attribute *attr,
3089 	const char *buf, size_t count)
3090 {
3091 	struct Scsi_Host *shost = class_to_shost(cdev);
3092 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3093 	int val = 0;
3094 
3095 	if (sscanf(buf, "%x", &val) != 1)
3096 		return -EINVAL;
3097 
3098 	ioc->logging_level = val;
3099 	ioc_info(ioc, "logging_level=%08xh\n",
3100 		 ioc->logging_level);
3101 	return strlen(buf);
3102 }
3103 static DEVICE_ATTR_RW(logging_level);
3104 
3105 /**
3106  * fwfault_debug_show - show/store fwfault_debug
3107  * @cdev: pointer to embedded class device
3108  * @attr: ?
3109  * @buf: the buffer returned
3110  *
3111  * mpt3sas_fwfault_debug is command line option
3112  * A sysfs 'read/write' shost attribute.
3113  */
3114 static ssize_t
fwfault_debug_show(struct device * cdev,struct device_attribute * attr,char * buf)3115 fwfault_debug_show(struct device *cdev, struct device_attribute *attr,
3116 	char *buf)
3117 {
3118 	struct Scsi_Host *shost = class_to_shost(cdev);
3119 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3120 
3121 	return snprintf(buf, PAGE_SIZE, "%d\n", ioc->fwfault_debug);
3122 }
3123 static ssize_t
fwfault_debug_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3124 fwfault_debug_store(struct device *cdev, struct device_attribute *attr,
3125 	const char *buf, size_t count)
3126 {
3127 	struct Scsi_Host *shost = class_to_shost(cdev);
3128 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3129 	int val = 0;
3130 
3131 	if (sscanf(buf, "%d", &val) != 1)
3132 		return -EINVAL;
3133 
3134 	ioc->fwfault_debug = val;
3135 	ioc_info(ioc, "fwfault_debug=%d\n",
3136 		 ioc->fwfault_debug);
3137 	return strlen(buf);
3138 }
3139 static DEVICE_ATTR_RW(fwfault_debug);
3140 
3141 /**
3142  * ioc_reset_count_show - ioc reset count
3143  * @cdev: pointer to embedded class device
3144  * @attr: ?
3145  * @buf: the buffer returned
3146  *
3147  * This is firmware queue depth limit
3148  *
3149  * A sysfs 'read-only' shost attribute.
3150  */
3151 static ssize_t
ioc_reset_count_show(struct device * cdev,struct device_attribute * attr,char * buf)3152 ioc_reset_count_show(struct device *cdev, struct device_attribute *attr,
3153 	char *buf)
3154 {
3155 	struct Scsi_Host *shost = class_to_shost(cdev);
3156 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3157 
3158 	return snprintf(buf, PAGE_SIZE, "%d\n", ioc->ioc_reset_count);
3159 }
3160 static DEVICE_ATTR_RO(ioc_reset_count);
3161 
3162 /**
3163  * reply_queue_count_show - number of reply queues
3164  * @cdev: pointer to embedded class device
3165  * @attr: ?
3166  * @buf: the buffer returned
3167  *
3168  * This is number of reply queues
3169  *
3170  * A sysfs 'read-only' shost attribute.
3171  */
3172 static ssize_t
reply_queue_count_show(struct device * cdev,struct device_attribute * attr,char * buf)3173 reply_queue_count_show(struct device *cdev,
3174 	struct device_attribute *attr, char *buf)
3175 {
3176 	u8 reply_queue_count;
3177 	struct Scsi_Host *shost = class_to_shost(cdev);
3178 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3179 
3180 	if ((ioc->facts.IOCCapabilities &
3181 	    MPI2_IOCFACTS_CAPABILITY_MSI_X_INDEX) && ioc->msix_enable)
3182 		reply_queue_count = ioc->reply_queue_count;
3183 	else
3184 		reply_queue_count = 1;
3185 
3186 	return snprintf(buf, PAGE_SIZE, "%d\n", reply_queue_count);
3187 }
3188 static DEVICE_ATTR_RO(reply_queue_count);
3189 
3190 /**
3191  * BRM_status_show - Backup Rail Monitor Status
3192  * @cdev: pointer to embedded class device
3193  * @attr: ?
3194  * @buf: the buffer returned
3195  *
3196  * This is number of reply queues
3197  *
3198  * A sysfs 'read-only' shost attribute.
3199  */
3200 static ssize_t
BRM_status_show(struct device * cdev,struct device_attribute * attr,char * buf)3201 BRM_status_show(struct device *cdev, struct device_attribute *attr,
3202 	char *buf)
3203 {
3204 	struct Scsi_Host *shost = class_to_shost(cdev);
3205 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3206 	Mpi2IOUnitPage3_t io_unit_pg3;
3207 	Mpi2ConfigReply_t mpi_reply;
3208 	u16 backup_rail_monitor_status = 0;
3209 	u16 ioc_status;
3210 	int sz;
3211 	ssize_t rc = 0;
3212 
3213 	if (!ioc->is_warpdrive) {
3214 		ioc_err(ioc, "%s: BRM attribute is only for warpdrive\n",
3215 			__func__);
3216 		return 0;
3217 	}
3218 	/* pci_access_mutex lock acquired by sysfs show path */
3219 	mutex_lock(&ioc->pci_access_mutex);
3220 	if (ioc->pci_error_recovery || ioc->remove_host)
3221 		goto out;
3222 
3223 	sz = sizeof(io_unit_pg3);
3224 	memset(&io_unit_pg3, 0, sz);
3225 
3226 	if (mpt3sas_config_get_iounit_pg3(ioc, &mpi_reply, &io_unit_pg3, sz) !=
3227 	    0) {
3228 		ioc_err(ioc, "%s: failed reading iounit_pg3\n",
3229 			__func__);
3230 		rc = -EINVAL;
3231 		goto out;
3232 	}
3233 
3234 	ioc_status = le16_to_cpu(mpi_reply.IOCStatus) & MPI2_IOCSTATUS_MASK;
3235 	if (ioc_status != MPI2_IOCSTATUS_SUCCESS) {
3236 		ioc_err(ioc, "%s: iounit_pg3 failed with ioc_status(0x%04x)\n",
3237 			__func__, ioc_status);
3238 		rc = -EINVAL;
3239 		goto out;
3240 	}
3241 
3242 	if (io_unit_pg3.GPIOCount < 25) {
3243 		ioc_err(ioc, "%s: iounit_pg3.GPIOCount less than 25 entries, detected (%d) entries\n",
3244 			__func__, io_unit_pg3.GPIOCount);
3245 		rc = -EINVAL;
3246 		goto out;
3247 	}
3248 
3249 	/* BRM status is in bit zero of GPIOVal[24] */
3250 	backup_rail_monitor_status = le16_to_cpu(io_unit_pg3.GPIOVal[24]);
3251 	rc = snprintf(buf, PAGE_SIZE, "%d\n", (backup_rail_monitor_status & 1));
3252 
3253  out:
3254 	mutex_unlock(&ioc->pci_access_mutex);
3255 	return rc;
3256 }
3257 static DEVICE_ATTR_RO(BRM_status);
3258 
3259 struct DIAG_BUFFER_START {
3260 	__le32	Size;
3261 	__le32	DiagVersion;
3262 	u8	BufferType;
3263 	u8	Reserved[3];
3264 	__le32	Reserved1;
3265 	__le32	Reserved2;
3266 	__le32	Reserved3;
3267 };
3268 
3269 /**
3270  * host_trace_buffer_size_show - host buffer size (trace only)
3271  * @cdev: pointer to embedded class device
3272  * @attr: ?
3273  * @buf: the buffer returned
3274  *
3275  * A sysfs 'read-only' shost attribute.
3276  */
3277 static ssize_t
host_trace_buffer_size_show(struct device * cdev,struct device_attribute * attr,char * buf)3278 host_trace_buffer_size_show(struct device *cdev,
3279 	struct device_attribute *attr, char *buf)
3280 {
3281 	struct Scsi_Host *shost = class_to_shost(cdev);
3282 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3283 	u32 size = 0;
3284 	struct DIAG_BUFFER_START *request_data;
3285 
3286 	if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) {
3287 		ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
3288 			__func__);
3289 		return 0;
3290 	}
3291 
3292 	if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3293 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
3294 		ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
3295 			__func__);
3296 		return 0;
3297 	}
3298 
3299 	request_data = (struct DIAG_BUFFER_START *)
3300 	    ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE];
3301 	if ((le32_to_cpu(request_data->DiagVersion) == 0x00000000 ||
3302 	    le32_to_cpu(request_data->DiagVersion) == 0x01000000 ||
3303 	    le32_to_cpu(request_data->DiagVersion) == 0x01010000) &&
3304 	    le32_to_cpu(request_data->Reserved3) == 0x4742444c)
3305 		size = le32_to_cpu(request_data->Size);
3306 
3307 	ioc->ring_buffer_sz = size;
3308 	return snprintf(buf, PAGE_SIZE, "%d\n", size);
3309 }
3310 static DEVICE_ATTR_RO(host_trace_buffer_size);
3311 
3312 /**
3313  * host_trace_buffer_show - firmware ring buffer (trace only)
3314  * @cdev: pointer to embedded class device
3315  * @attr: ?
3316  * @buf: the buffer returned
3317  *
3318  * A sysfs 'read/write' shost attribute.
3319  *
3320  * You will only be able to read 4k bytes of ring buffer at a time.
3321  * In order to read beyond 4k bytes, you will have to write out the
3322  * offset to the same attribute, it will move the pointer.
3323  */
3324 static ssize_t
host_trace_buffer_show(struct device * cdev,struct device_attribute * attr,char * buf)3325 host_trace_buffer_show(struct device *cdev, struct device_attribute *attr,
3326 	char *buf)
3327 {
3328 	struct Scsi_Host *shost = class_to_shost(cdev);
3329 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3330 	void *request_data;
3331 	u32 size;
3332 
3333 	if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) {
3334 		ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
3335 			__func__);
3336 		return 0;
3337 	}
3338 
3339 	if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3340 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0) {
3341 		ioc_err(ioc, "%s: host_trace_buffer is not registered\n",
3342 			__func__);
3343 		return 0;
3344 	}
3345 
3346 	if (ioc->ring_buffer_offset > ioc->ring_buffer_sz)
3347 		return 0;
3348 
3349 	size = ioc->ring_buffer_sz - ioc->ring_buffer_offset;
3350 	size = (size >= PAGE_SIZE) ? (PAGE_SIZE - 1) : size;
3351 	request_data = ioc->diag_buffer[0] + ioc->ring_buffer_offset;
3352 	memcpy(buf, request_data, size);
3353 	return size;
3354 }
3355 
3356 static ssize_t
host_trace_buffer_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3357 host_trace_buffer_store(struct device *cdev, struct device_attribute *attr,
3358 	const char *buf, size_t count)
3359 {
3360 	struct Scsi_Host *shost = class_to_shost(cdev);
3361 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3362 	int val = 0;
3363 
3364 	if (sscanf(buf, "%d", &val) != 1)
3365 		return -EINVAL;
3366 
3367 	ioc->ring_buffer_offset = val;
3368 	return strlen(buf);
3369 }
3370 static DEVICE_ATTR_RW(host_trace_buffer);
3371 
3372 
3373 /*****************************************/
3374 
3375 /**
3376  * host_trace_buffer_enable_show - firmware ring buffer (trace only)
3377  * @cdev: pointer to embedded class device
3378  * @attr: ?
3379  * @buf: the buffer returned
3380  *
3381  * A sysfs 'read/write' shost attribute.
3382  *
3383  * This is a mechnism to post/release host_trace_buffers
3384  */
3385 static ssize_t
host_trace_buffer_enable_show(struct device * cdev,struct device_attribute * attr,char * buf)3386 host_trace_buffer_enable_show(struct device *cdev,
3387 	struct device_attribute *attr, char *buf)
3388 {
3389 	struct Scsi_Host *shost = class_to_shost(cdev);
3390 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3391 
3392 	if ((!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) ||
3393 	   ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3394 	    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0))
3395 		return snprintf(buf, PAGE_SIZE, "off\n");
3396 	else if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3397 	    MPT3_DIAG_BUFFER_IS_RELEASED))
3398 		return snprintf(buf, PAGE_SIZE, "release\n");
3399 	else
3400 		return snprintf(buf, PAGE_SIZE, "post\n");
3401 }
3402 
3403 static ssize_t
host_trace_buffer_enable_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3404 host_trace_buffer_enable_store(struct device *cdev,
3405 	struct device_attribute *attr, const char *buf, size_t count)
3406 {
3407 	struct Scsi_Host *shost = class_to_shost(cdev);
3408 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3409 	char str[10] = "";
3410 	struct mpt3_diag_register diag_register;
3411 	u8 issue_reset = 0;
3412 
3413 	/* don't allow post/release occurr while recovery is active */
3414 	if (ioc->shost_recovery || ioc->remove_host ||
3415 	    ioc->pci_error_recovery || ioc->is_driver_loading)
3416 		return -EBUSY;
3417 
3418 	if (sscanf(buf, "%9s", str) != 1)
3419 		return -EINVAL;
3420 
3421 	if (!strcmp(str, "post")) {
3422 		/* exit out if host buffers are already posted */
3423 		if ((ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE]) &&
3424 		    (ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3425 		    MPT3_DIAG_BUFFER_IS_REGISTERED) &&
3426 		    ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3427 		    MPT3_DIAG_BUFFER_IS_RELEASED) == 0))
3428 			goto out;
3429 		memset(&diag_register, 0, sizeof(struct mpt3_diag_register));
3430 		ioc_info(ioc, "posting host trace buffers\n");
3431 		diag_register.buffer_type = MPI2_DIAG_BUF_TYPE_TRACE;
3432 
3433 		if (ioc->manu_pg11.HostTraceBufferMaxSizeKB != 0 &&
3434 		    ioc->diag_buffer_sz[MPI2_DIAG_BUF_TYPE_TRACE] != 0) {
3435 			/* post the same buffer allocated previously */
3436 			diag_register.requested_buffer_size =
3437 			    ioc->diag_buffer_sz[MPI2_DIAG_BUF_TYPE_TRACE];
3438 		} else {
3439 			/*
3440 			 * Free the diag buffer memory which was previously
3441 			 * allocated by an application.
3442 			 */
3443 			if ((ioc->diag_buffer_sz[MPI2_DIAG_BUF_TYPE_TRACE] != 0)
3444 			    &&
3445 			    (ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3446 			    MPT3_DIAG_BUFFER_IS_APP_OWNED)) {
3447 				dma_free_coherent(&ioc->pdev->dev,
3448 						  ioc->diag_buffer_sz[MPI2_DIAG_BUF_TYPE_TRACE],
3449 						  ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE],
3450 						  ioc->diag_buffer_dma[MPI2_DIAG_BUF_TYPE_TRACE]);
3451 				ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE] =
3452 				    NULL;
3453 			}
3454 
3455 			diag_register.requested_buffer_size = (1024 * 1024);
3456 		}
3457 
3458 		diag_register.unique_id =
3459 		    (ioc->hba_mpi_version_belonged == MPI2_VERSION) ?
3460 		    (MPT2DIAGBUFFUNIQUEID):(MPT3DIAGBUFFUNIQUEID);
3461 		ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] = 0;
3462 		_ctl_diag_register_2(ioc,  &diag_register);
3463 		if (ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3464 		    MPT3_DIAG_BUFFER_IS_REGISTERED) {
3465 			ioc_info(ioc,
3466 			    "Trace buffer %d KB allocated through sysfs\n",
3467 			    diag_register.requested_buffer_size>>10);
3468 			if (ioc->hba_mpi_version_belonged != MPI2_VERSION)
3469 				ioc->diag_buffer_status[
3470 				    MPI2_DIAG_BUF_TYPE_TRACE] |=
3471 				    MPT3_DIAG_BUFFER_IS_DRIVER_ALLOCATED;
3472 		}
3473 	} else if (!strcmp(str, "release")) {
3474 		/* exit out if host buffers are already released */
3475 		if (!ioc->diag_buffer[MPI2_DIAG_BUF_TYPE_TRACE])
3476 			goto out;
3477 		if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3478 		    MPT3_DIAG_BUFFER_IS_REGISTERED) == 0)
3479 			goto out;
3480 		if ((ioc->diag_buffer_status[MPI2_DIAG_BUF_TYPE_TRACE] &
3481 		    MPT3_DIAG_BUFFER_IS_RELEASED))
3482 			goto out;
3483 		ioc_info(ioc, "releasing host trace buffer\n");
3484 		ioc->htb_rel.buffer_rel_condition = MPT3_DIAG_BUFFER_REL_SYSFS;
3485 		mpt3sas_send_diag_release(ioc, MPI2_DIAG_BUF_TYPE_TRACE,
3486 		    &issue_reset);
3487 	}
3488 
3489  out:
3490 	return strlen(buf);
3491 }
3492 static DEVICE_ATTR_RW(host_trace_buffer_enable);
3493 
3494 /*********** diagnostic trigger suppport *********************************/
3495 
3496 /**
3497  * diag_trigger_master_show - show the diag_trigger_master attribute
3498  * @cdev: pointer to embedded class device
3499  * @attr: ?
3500  * @buf: the buffer returned
3501  *
3502  * A sysfs 'read/write' shost attribute.
3503  */
3504 static ssize_t
diag_trigger_master_show(struct device * cdev,struct device_attribute * attr,char * buf)3505 diag_trigger_master_show(struct device *cdev,
3506 	struct device_attribute *attr, char *buf)
3507 
3508 {
3509 	struct Scsi_Host *shost = class_to_shost(cdev);
3510 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3511 	unsigned long flags;
3512 	ssize_t rc;
3513 
3514 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3515 	rc = sizeof(struct SL_WH_MASTER_TRIGGER_T);
3516 	memcpy(buf, &ioc->diag_trigger_master, rc);
3517 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3518 	return rc;
3519 }
3520 
3521 /**
3522  * diag_trigger_master_store - store the diag_trigger_master attribute
3523  * @cdev: pointer to embedded class device
3524  * @attr: ?
3525  * @buf: the buffer returned
3526  * @count: ?
3527  *
3528  * A sysfs 'read/write' shost attribute.
3529  */
3530 static ssize_t
diag_trigger_master_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3531 diag_trigger_master_store(struct device *cdev,
3532 	struct device_attribute *attr, const char *buf, size_t count)
3533 
3534 {
3535 	struct Scsi_Host *shost = class_to_shost(cdev);
3536 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3537 	struct SL_WH_MASTER_TRIGGER_T *master_tg;
3538 	unsigned long flags;
3539 	ssize_t rc;
3540 	bool set = 1;
3541 
3542 	rc = min(sizeof(struct SL_WH_MASTER_TRIGGER_T), count);
3543 
3544 	if (ioc->supports_trigger_pages) {
3545 		master_tg = kzalloc(sizeof(struct SL_WH_MASTER_TRIGGER_T),
3546 		    GFP_KERNEL);
3547 		if (!master_tg)
3548 			return -ENOMEM;
3549 
3550 		memcpy(master_tg, buf, rc);
3551 		if (!master_tg->MasterData)
3552 			set = 0;
3553 		if (mpt3sas_config_update_driver_trigger_pg1(ioc, master_tg,
3554 		    set)) {
3555 			kfree(master_tg);
3556 			return -EFAULT;
3557 		}
3558 		kfree(master_tg);
3559 	}
3560 
3561 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3562 	memset(&ioc->diag_trigger_master, 0,
3563 	    sizeof(struct SL_WH_MASTER_TRIGGER_T));
3564 	memcpy(&ioc->diag_trigger_master, buf, rc);
3565 	ioc->diag_trigger_master.MasterData |=
3566 	    (MASTER_TRIGGER_FW_FAULT + MASTER_TRIGGER_ADAPTER_RESET);
3567 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3568 	return rc;
3569 }
3570 static DEVICE_ATTR_RW(diag_trigger_master);
3571 
3572 
3573 /**
3574  * diag_trigger_event_show - show the diag_trigger_event attribute
3575  * @cdev: pointer to embedded class device
3576  * @attr: ?
3577  * @buf: the buffer returned
3578  *
3579  * A sysfs 'read/write' shost attribute.
3580  */
3581 static ssize_t
diag_trigger_event_show(struct device * cdev,struct device_attribute * attr,char * buf)3582 diag_trigger_event_show(struct device *cdev,
3583 	struct device_attribute *attr, char *buf)
3584 {
3585 	struct Scsi_Host *shost = class_to_shost(cdev);
3586 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3587 	unsigned long flags;
3588 	ssize_t rc;
3589 
3590 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3591 	rc = sizeof(struct SL_WH_EVENT_TRIGGERS_T);
3592 	memcpy(buf, &ioc->diag_trigger_event, rc);
3593 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3594 	return rc;
3595 }
3596 
3597 /**
3598  * diag_trigger_event_store - store the diag_trigger_event attribute
3599  * @cdev: pointer to embedded class device
3600  * @attr: ?
3601  * @buf: the buffer returned
3602  * @count: ?
3603  *
3604  * A sysfs 'read/write' shost attribute.
3605  */
3606 static ssize_t
diag_trigger_event_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3607 diag_trigger_event_store(struct device *cdev,
3608 	struct device_attribute *attr, const char *buf, size_t count)
3609 
3610 {
3611 	struct Scsi_Host *shost = class_to_shost(cdev);
3612 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3613 	struct SL_WH_EVENT_TRIGGERS_T *event_tg;
3614 	unsigned long flags;
3615 	ssize_t sz;
3616 	bool set = 1;
3617 
3618 	sz = min(sizeof(struct SL_WH_EVENT_TRIGGERS_T), count);
3619 	if (ioc->supports_trigger_pages) {
3620 		event_tg = kzalloc(sizeof(struct SL_WH_EVENT_TRIGGERS_T),
3621 		    GFP_KERNEL);
3622 		if (!event_tg)
3623 			return -ENOMEM;
3624 
3625 		memcpy(event_tg, buf, sz);
3626 		if (!event_tg->ValidEntries)
3627 			set = 0;
3628 		if (mpt3sas_config_update_driver_trigger_pg2(ioc, event_tg,
3629 		    set)) {
3630 			kfree(event_tg);
3631 			return -EFAULT;
3632 		}
3633 		kfree(event_tg);
3634 	}
3635 
3636 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3637 
3638 	memset(&ioc->diag_trigger_event, 0,
3639 	    sizeof(struct SL_WH_EVENT_TRIGGERS_T));
3640 	memcpy(&ioc->diag_trigger_event, buf, sz);
3641 	if (ioc->diag_trigger_event.ValidEntries > NUM_VALID_ENTRIES)
3642 		ioc->diag_trigger_event.ValidEntries = NUM_VALID_ENTRIES;
3643 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3644 	return sz;
3645 }
3646 static DEVICE_ATTR_RW(diag_trigger_event);
3647 
3648 
3649 /**
3650  * diag_trigger_scsi_show - show the diag_trigger_scsi attribute
3651  * @cdev: pointer to embedded class device
3652  * @attr: ?
3653  * @buf: the buffer returned
3654  *
3655  * A sysfs 'read/write' shost attribute.
3656  */
3657 static ssize_t
diag_trigger_scsi_show(struct device * cdev,struct device_attribute * attr,char * buf)3658 diag_trigger_scsi_show(struct device *cdev,
3659 	struct device_attribute *attr, char *buf)
3660 {
3661 	struct Scsi_Host *shost = class_to_shost(cdev);
3662 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3663 	unsigned long flags;
3664 	ssize_t rc;
3665 
3666 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3667 	rc = sizeof(struct SL_WH_SCSI_TRIGGERS_T);
3668 	memcpy(buf, &ioc->diag_trigger_scsi, rc);
3669 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3670 	return rc;
3671 }
3672 
3673 /**
3674  * diag_trigger_scsi_store - store the diag_trigger_scsi attribute
3675  * @cdev: pointer to embedded class device
3676  * @attr: ?
3677  * @buf: the buffer returned
3678  * @count: ?
3679  *
3680  * A sysfs 'read/write' shost attribute.
3681  */
3682 static ssize_t
diag_trigger_scsi_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3683 diag_trigger_scsi_store(struct device *cdev,
3684 	struct device_attribute *attr, const char *buf, size_t count)
3685 {
3686 	struct Scsi_Host *shost = class_to_shost(cdev);
3687 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3688 	struct SL_WH_SCSI_TRIGGERS_T *scsi_tg;
3689 	unsigned long flags;
3690 	ssize_t sz;
3691 	bool set = 1;
3692 
3693 	sz = min(sizeof(struct SL_WH_SCSI_TRIGGERS_T), count);
3694 	if (ioc->supports_trigger_pages) {
3695 		scsi_tg = kzalloc(sizeof(struct SL_WH_SCSI_TRIGGERS_T),
3696 		    GFP_KERNEL);
3697 		if (!scsi_tg)
3698 			return -ENOMEM;
3699 
3700 		memcpy(scsi_tg, buf, sz);
3701 		if (!scsi_tg->ValidEntries)
3702 			set = 0;
3703 		if (mpt3sas_config_update_driver_trigger_pg3(ioc, scsi_tg,
3704 		    set)) {
3705 			kfree(scsi_tg);
3706 			return -EFAULT;
3707 		}
3708 		kfree(scsi_tg);
3709 	}
3710 
3711 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3712 
3713 	memset(&ioc->diag_trigger_scsi, 0, sizeof(ioc->diag_trigger_scsi));
3714 	memcpy(&ioc->diag_trigger_scsi, buf, sz);
3715 	if (ioc->diag_trigger_scsi.ValidEntries > NUM_VALID_ENTRIES)
3716 		ioc->diag_trigger_scsi.ValidEntries = NUM_VALID_ENTRIES;
3717 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3718 	return sz;
3719 }
3720 static DEVICE_ATTR_RW(diag_trigger_scsi);
3721 
3722 
3723 /**
3724  * diag_trigger_mpi_show - show the diag_trigger_mpi attribute
3725  * @cdev: pointer to embedded class device
3726  * @attr: ?
3727  * @buf: the buffer returned
3728  *
3729  * A sysfs 'read/write' shost attribute.
3730  */
3731 static ssize_t
diag_trigger_mpi_show(struct device * cdev,struct device_attribute * attr,char * buf)3732 diag_trigger_mpi_show(struct device *cdev,
3733 	struct device_attribute *attr, char *buf)
3734 {
3735 	struct Scsi_Host *shost = class_to_shost(cdev);
3736 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3737 	unsigned long flags;
3738 	ssize_t rc;
3739 
3740 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3741 	rc = sizeof(struct SL_WH_MPI_TRIGGERS_T);
3742 	memcpy(buf, &ioc->diag_trigger_mpi, rc);
3743 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3744 	return rc;
3745 }
3746 
3747 /**
3748  * diag_trigger_mpi_store - store the diag_trigger_mpi attribute
3749  * @cdev: pointer to embedded class device
3750  * @attr: ?
3751  * @buf: the buffer returned
3752  * @count: ?
3753  *
3754  * A sysfs 'read/write' shost attribute.
3755  */
3756 static ssize_t
diag_trigger_mpi_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3757 diag_trigger_mpi_store(struct device *cdev,
3758 	struct device_attribute *attr, const char *buf, size_t count)
3759 {
3760 	struct Scsi_Host *shost = class_to_shost(cdev);
3761 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3762 	struct SL_WH_MPI_TRIGGERS_T *mpi_tg;
3763 	unsigned long flags;
3764 	ssize_t sz;
3765 	bool set = 1;
3766 
3767 	sz = min(sizeof(struct SL_WH_MPI_TRIGGERS_T), count);
3768 	if (ioc->supports_trigger_pages) {
3769 		mpi_tg = kzalloc(sizeof(struct SL_WH_MPI_TRIGGERS_T),
3770 		    GFP_KERNEL);
3771 		if (!mpi_tg)
3772 			return -ENOMEM;
3773 
3774 		memcpy(mpi_tg, buf, sz);
3775 		if (!mpi_tg->ValidEntries)
3776 			set = 0;
3777 		if (mpt3sas_config_update_driver_trigger_pg4(ioc, mpi_tg,
3778 		    set)) {
3779 			kfree(mpi_tg);
3780 			return -EFAULT;
3781 		}
3782 		kfree(mpi_tg);
3783 	}
3784 
3785 	spin_lock_irqsave(&ioc->diag_trigger_lock, flags);
3786 	memset(&ioc->diag_trigger_mpi, 0,
3787 	    sizeof(ioc->diag_trigger_mpi));
3788 	memcpy(&ioc->diag_trigger_mpi, buf, sz);
3789 	if (ioc->diag_trigger_mpi.ValidEntries > NUM_VALID_ENTRIES)
3790 		ioc->diag_trigger_mpi.ValidEntries = NUM_VALID_ENTRIES;
3791 	spin_unlock_irqrestore(&ioc->diag_trigger_lock, flags);
3792 	return sz;
3793 }
3794 
3795 static DEVICE_ATTR_RW(diag_trigger_mpi);
3796 
3797 /*********** diagnostic trigger suppport *** END ****************************/
3798 
3799 /*****************************************/
3800 
3801 /**
3802  * drv_support_bitmap_show - driver supported feature bitmap
3803  * @cdev: pointer to embedded class device
3804  * @attr: unused
3805  * @buf: the buffer returned
3806  *
3807  * A sysfs 'read-only' shost attribute.
3808  */
3809 static ssize_t
drv_support_bitmap_show(struct device * cdev,struct device_attribute * attr,char * buf)3810 drv_support_bitmap_show(struct device *cdev,
3811 	struct device_attribute *attr, char *buf)
3812 {
3813 	struct Scsi_Host *shost = class_to_shost(cdev);
3814 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3815 
3816 	return snprintf(buf, PAGE_SIZE, "0x%08x\n", ioc->drv_support_bitmap);
3817 }
3818 static DEVICE_ATTR_RO(drv_support_bitmap);
3819 
3820 /**
3821  * enable_sdev_max_qd_show - display whether sdev max qd is enabled/disabled
3822  * @cdev: pointer to embedded class device
3823  * @attr: unused
3824  * @buf: the buffer returned
3825  *
3826  * A sysfs read/write shost attribute. This attribute is used to set the
3827  * targets queue depth to HBA IO queue depth if this attribute is enabled.
3828  */
3829 static ssize_t
enable_sdev_max_qd_show(struct device * cdev,struct device_attribute * attr,char * buf)3830 enable_sdev_max_qd_show(struct device *cdev,
3831 	struct device_attribute *attr, char *buf)
3832 {
3833 	struct Scsi_Host *shost = class_to_shost(cdev);
3834 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3835 
3836 	return snprintf(buf, PAGE_SIZE, "%d\n", ioc->enable_sdev_max_qd);
3837 }
3838 
3839 /**
3840  * enable_sdev_max_qd_store - Enable/disable sdev max qd
3841  * @cdev: pointer to embedded class device
3842  * @attr: unused
3843  * @buf: the buffer returned
3844  * @count: unused
3845  *
3846  * A sysfs read/write shost attribute. This attribute is used to set the
3847  * targets queue depth to HBA IO queue depth if this attribute is enabled.
3848  * If this attribute is disabled then targets will have corresponding default
3849  * queue depth.
3850  */
3851 static ssize_t
enable_sdev_max_qd_store(struct device * cdev,struct device_attribute * attr,const char * buf,size_t count)3852 enable_sdev_max_qd_store(struct device *cdev,
3853 	struct device_attribute *attr, const char *buf, size_t count)
3854 {
3855 	struct Scsi_Host *shost = class_to_shost(cdev);
3856 	struct MPT3SAS_ADAPTER *ioc = shost_priv(shost);
3857 	struct MPT3SAS_DEVICE *sas_device_priv_data;
3858 	struct MPT3SAS_TARGET *sas_target_priv_data;
3859 	int val = 0;
3860 	struct scsi_device *sdev;
3861 	struct _raid_device *raid_device;
3862 	int qdepth;
3863 
3864 	if (kstrtoint(buf, 0, &val) != 0)
3865 		return -EINVAL;
3866 
3867 	switch (val) {
3868 	case 0:
3869 		ioc->enable_sdev_max_qd = 0;
3870 		shost_for_each_device(sdev, ioc->shost) {
3871 			sas_device_priv_data = sdev->hostdata;
3872 			if (!sas_device_priv_data)
3873 				continue;
3874 			sas_target_priv_data = sas_device_priv_data->sas_target;
3875 			if (!sas_target_priv_data)
3876 				continue;
3877 
3878 			if (sas_target_priv_data->flags &
3879 			    MPT_TARGET_FLAGS_VOLUME) {
3880 				raid_device =
3881 				    mpt3sas_raid_device_find_by_handle(ioc,
3882 				    sas_target_priv_data->handle);
3883 
3884 				switch (raid_device->volume_type) {
3885 				case MPI2_RAID_VOL_TYPE_RAID0:
3886 					if (raid_device->device_info &
3887 					    MPI2_SAS_DEVICE_INFO_SSP_TARGET)
3888 						qdepth =
3889 						    MPT3SAS_SAS_QUEUE_DEPTH;
3890 					else
3891 						qdepth =
3892 						    MPT3SAS_SATA_QUEUE_DEPTH;
3893 					break;
3894 				case MPI2_RAID_VOL_TYPE_RAID1E:
3895 				case MPI2_RAID_VOL_TYPE_RAID1:
3896 				case MPI2_RAID_VOL_TYPE_RAID10:
3897 				case MPI2_RAID_VOL_TYPE_UNKNOWN:
3898 				default:
3899 					qdepth = MPT3SAS_RAID_QUEUE_DEPTH;
3900 				}
3901 			} else if (sas_target_priv_data->flags &
3902 			    MPT_TARGET_FLAGS_PCIE_DEVICE)
3903 				qdepth = ioc->max_nvme_qd;
3904 			else
3905 				qdepth = (sas_target_priv_data->sas_dev->port_type > 1) ?
3906 				    ioc->max_wideport_qd : ioc->max_narrowport_qd;
3907 
3908 			mpt3sas_scsih_change_queue_depth(sdev, qdepth);
3909 		}
3910 		break;
3911 	case 1:
3912 		ioc->enable_sdev_max_qd = 1;
3913 		shost_for_each_device(sdev, ioc->shost)
3914 			mpt3sas_scsih_change_queue_depth(sdev,
3915 			    shost->can_queue);
3916 		break;
3917 	default:
3918 		return -EINVAL;
3919 	}
3920 
3921 	return strlen(buf);
3922 }
3923 static DEVICE_ATTR_RW(enable_sdev_max_qd);
3924 
3925 static struct attribute *mpt3sas_host_attrs[] = {
3926 	&dev_attr_version_fw.attr,
3927 	&dev_attr_version_bios.attr,
3928 	&dev_attr_version_mpi.attr,
3929 	&dev_attr_version_product.attr,
3930 	&dev_attr_version_nvdata_persistent.attr,
3931 	&dev_attr_version_nvdata_default.attr,
3932 	&dev_attr_board_name.attr,
3933 	&dev_attr_board_assembly.attr,
3934 	&dev_attr_board_tracer.attr,
3935 	&dev_attr_io_delay.attr,
3936 	&dev_attr_device_delay.attr,
3937 	&dev_attr_logging_level.attr,
3938 	&dev_attr_fwfault_debug.attr,
3939 	&dev_attr_fw_queue_depth.attr,
3940 	&dev_attr_host_sas_address.attr,
3941 	&dev_attr_ioc_reset_count.attr,
3942 	&dev_attr_host_trace_buffer_size.attr,
3943 	&dev_attr_host_trace_buffer.attr,
3944 	&dev_attr_host_trace_buffer_enable.attr,
3945 	&dev_attr_reply_queue_count.attr,
3946 	&dev_attr_diag_trigger_master.attr,
3947 	&dev_attr_diag_trigger_event.attr,
3948 	&dev_attr_diag_trigger_scsi.attr,
3949 	&dev_attr_diag_trigger_mpi.attr,
3950 	&dev_attr_drv_support_bitmap.attr,
3951 	&dev_attr_BRM_status.attr,
3952 	&dev_attr_enable_sdev_max_qd.attr,
3953 	NULL,
3954 };
3955 
3956 static const struct attribute_group mpt3sas_host_attr_group = {
3957 	.attrs = mpt3sas_host_attrs
3958 };
3959 
3960 const struct attribute_group *mpt3sas_host_groups[] = {
3961 	&mpt3sas_host_attr_group,
3962 	NULL
3963 };
3964 
3965 /* device attributes */
3966 
3967 /**
3968  * sas_address_show - sas address
3969  * @dev: pointer to embedded class device
3970  * @attr: ?
3971  * @buf: the buffer returned
3972  *
3973  * This is the sas address for the target
3974  *
3975  * A sysfs 'read-only' shost attribute.
3976  */
3977 static ssize_t
sas_address_show(struct device * dev,struct device_attribute * attr,char * buf)3978 sas_address_show(struct device *dev, struct device_attribute *attr,
3979 	char *buf)
3980 {
3981 	struct scsi_device *sdev = to_scsi_device(dev);
3982 	struct MPT3SAS_DEVICE *sas_device_priv_data = sdev->hostdata;
3983 
3984 	return snprintf(buf, PAGE_SIZE, "0x%016llx\n",
3985 	    (unsigned long long)sas_device_priv_data->sas_target->sas_address);
3986 }
3987 static DEVICE_ATTR_RO(sas_address);
3988 
3989 /**
3990  * sas_device_handle_show - device handle
3991  * @dev: pointer to embedded class device
3992  * @attr: ?
3993  * @buf: the buffer returned
3994  *
3995  * This is the firmware assigned device handle
3996  *
3997  * A sysfs 'read-only' shost attribute.
3998  */
3999 static ssize_t
sas_device_handle_show(struct device * dev,struct device_attribute * attr,char * buf)4000 sas_device_handle_show(struct device *dev, struct device_attribute *attr,
4001 	char *buf)
4002 {
4003 	struct scsi_device *sdev = to_scsi_device(dev);
4004 	struct MPT3SAS_DEVICE *sas_device_priv_data = sdev->hostdata;
4005 
4006 	return snprintf(buf, PAGE_SIZE, "0x%04x\n",
4007 	    sas_device_priv_data->sas_target->handle);
4008 }
4009 static DEVICE_ATTR_RO(sas_device_handle);
4010 
4011 /**
4012  * sas_ncq_prio_supported_show - Indicate if device supports NCQ priority
4013  * @dev: pointer to embedded device
4014  * @attr: sas_ncq_prio_supported attribute descriptor
4015  * @buf: the buffer returned
4016  *
4017  * A sysfs 'read-only' sdev attribute, only works with SATA
4018  */
4019 static ssize_t
sas_ncq_prio_supported_show(struct device * dev,struct device_attribute * attr,char * buf)4020 sas_ncq_prio_supported_show(struct device *dev,
4021 			    struct device_attribute *attr, char *buf)
4022 {
4023 	struct scsi_device *sdev = to_scsi_device(dev);
4024 
4025 	return sysfs_emit(buf, "%d\n", scsih_ncq_prio_supp(sdev));
4026 }
4027 static DEVICE_ATTR_RO(sas_ncq_prio_supported);
4028 
4029 /**
4030  * sas_ncq_prio_enable_show - send prioritized io commands to device
4031  * @dev: pointer to embedded device
4032  * @attr: ?
4033  * @buf: the buffer returned
4034  *
4035  * A sysfs 'read/write' sdev attribute, only works with SATA
4036  */
4037 static ssize_t
sas_ncq_prio_enable_show(struct device * dev,struct device_attribute * attr,char * buf)4038 sas_ncq_prio_enable_show(struct device *dev,
4039 				 struct device_attribute *attr, char *buf)
4040 {
4041 	struct scsi_device *sdev = to_scsi_device(dev);
4042 	struct MPT3SAS_DEVICE *sas_device_priv_data = sdev->hostdata;
4043 
4044 	return snprintf(buf, PAGE_SIZE, "%d\n",
4045 			sas_device_priv_data->ncq_prio_enable);
4046 }
4047 
4048 static ssize_t
sas_ncq_prio_enable_store(struct device * dev,struct device_attribute * attr,const char * buf,size_t count)4049 sas_ncq_prio_enable_store(struct device *dev,
4050 				  struct device_attribute *attr,
4051 				  const char *buf, size_t count)
4052 {
4053 	struct scsi_device *sdev = to_scsi_device(dev);
4054 	struct MPT3SAS_DEVICE *sas_device_priv_data = sdev->hostdata;
4055 	bool ncq_prio_enable = 0;
4056 
4057 	if (kstrtobool(buf, &ncq_prio_enable))
4058 		return -EINVAL;
4059 
4060 	if (!scsih_ncq_prio_supp(sdev))
4061 		return -EINVAL;
4062 
4063 	sas_device_priv_data->ncq_prio_enable = ncq_prio_enable;
4064 	return strlen(buf);
4065 }
4066 static DEVICE_ATTR_RW(sas_ncq_prio_enable);
4067 
4068 static struct attribute *mpt3sas_dev_attrs[] = {
4069 	&dev_attr_sas_address.attr,
4070 	&dev_attr_sas_device_handle.attr,
4071 	&dev_attr_sas_ncq_prio_supported.attr,
4072 	&dev_attr_sas_ncq_prio_enable.attr,
4073 	NULL,
4074 };
4075 
4076 static const struct attribute_group mpt3sas_dev_attr_group = {
4077 	.attrs = mpt3sas_dev_attrs
4078 };
4079 
4080 const struct attribute_group *mpt3sas_dev_groups[] = {
4081 	&mpt3sas_dev_attr_group,
4082 	NULL
4083 };
4084 
4085 /* file operations table for mpt3ctl device */
4086 static const struct file_operations ctl_fops = {
4087 	.owner = THIS_MODULE,
4088 	.unlocked_ioctl = _ctl_ioctl,
4089 	.poll = _ctl_poll,
4090 	.fasync = _ctl_fasync,
4091 #ifdef CONFIG_COMPAT
4092 	.compat_ioctl = _ctl_ioctl_compat,
4093 #endif
4094 };
4095 
4096 /* file operations table for mpt2ctl device */
4097 static const struct file_operations ctl_gen2_fops = {
4098 	.owner = THIS_MODULE,
4099 	.unlocked_ioctl = _ctl_mpt2_ioctl,
4100 	.poll = _ctl_poll,
4101 	.fasync = _ctl_fasync,
4102 #ifdef CONFIG_COMPAT
4103 	.compat_ioctl = _ctl_mpt2_ioctl_compat,
4104 #endif
4105 };
4106 
4107 static struct miscdevice ctl_dev = {
4108 	.minor  = MPT3SAS_MINOR,
4109 	.name   = MPT3SAS_DEV_NAME,
4110 	.fops   = &ctl_fops,
4111 };
4112 
4113 static struct miscdevice gen2_ctl_dev = {
4114 	.minor  = MPT2SAS_MINOR,
4115 	.name   = MPT2SAS_DEV_NAME,
4116 	.fops   = &ctl_gen2_fops,
4117 };
4118 
4119 /**
4120  * mpt3sas_ctl_init - main entry point for ctl.
4121  * @hbas_to_enumerate: ?
4122  */
4123 void
mpt3sas_ctl_init(ushort hbas_to_enumerate)4124 mpt3sas_ctl_init(ushort hbas_to_enumerate)
4125 {
4126 	async_queue = NULL;
4127 
4128 	/* Don't register mpt3ctl ioctl device if
4129 	 * hbas_to_enumarate is one.
4130 	 */
4131 	if (hbas_to_enumerate != 1)
4132 		if (misc_register(&ctl_dev) < 0)
4133 			pr_err("%s can't register misc device [minor=%d]\n",
4134 			    MPT3SAS_DRIVER_NAME, MPT3SAS_MINOR);
4135 
4136 	/* Don't register mpt3ctl ioctl device if
4137 	 * hbas_to_enumarate is two.
4138 	 */
4139 	if (hbas_to_enumerate != 2)
4140 		if (misc_register(&gen2_ctl_dev) < 0)
4141 			pr_err("%s can't register misc device [minor=%d]\n",
4142 			    MPT2SAS_DRIVER_NAME, MPT2SAS_MINOR);
4143 
4144 	init_waitqueue_head(&ctl_poll_wait);
4145 }
4146 
4147 /**
4148  * mpt3sas_ctl_exit - exit point for ctl
4149  * @hbas_to_enumerate: ?
4150  */
4151 void
mpt3sas_ctl_exit(ushort hbas_to_enumerate)4152 mpt3sas_ctl_exit(ushort hbas_to_enumerate)
4153 {
4154 	struct MPT3SAS_ADAPTER *ioc;
4155 	int i;
4156 
4157 	list_for_each_entry(ioc, &mpt3sas_ioc_list, list) {
4158 
4159 		/* free memory associated to diag buffers */
4160 		for (i = 0; i < MPI2_DIAG_BUF_TYPE_COUNT; i++) {
4161 			if (!ioc->diag_buffer[i])
4162 				continue;
4163 			dma_free_coherent(&ioc->pdev->dev,
4164 					  ioc->diag_buffer_sz[i],
4165 					  ioc->diag_buffer[i],
4166 					  ioc->diag_buffer_dma[i]);
4167 			ioc->diag_buffer[i] = NULL;
4168 			ioc->diag_buffer_status[i] = 0;
4169 		}
4170 
4171 		kfree(ioc->event_log);
4172 	}
4173 	if (hbas_to_enumerate != 1)
4174 		misc_deregister(&ctl_dev);
4175 	if (hbas_to_enumerate != 2)
4176 		misc_deregister(&gen2_ctl_dev);
4177 }
4178