diff options
Diffstat (limited to 'drivers/scsi/aacraid/commctrl.c')
-rw-r--r-- | drivers/scsi/aacraid/commctrl.c | 180 |
1 files changed, 115 insertions, 65 deletions
diff --git a/drivers/scsi/aacraid/commctrl.c b/drivers/scsi/aacraid/commctrl.c index e6da87d1783..fc268a410c2 100644 --- a/drivers/scsi/aacraid/commctrl.c +++ b/drivers/scsi/aacraid/commctrl.c @@ -51,15 +51,22 @@ * This routine sends a fib to the adapter on behalf of a user level * program. */ +# define AAC_DEBUG_PREAMBLE KERN_INFO +# define AAC_DEBUG_POSTAMBLE static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) { struct hw_fib * kfib; struct fib *fibptr; + struct hw_fib * hw_fib = (struct hw_fib *)0; + dma_addr_t hw_fib_pa = (dma_addr_t)0LL; + unsigned size; + int retval; fibptr = fib_alloc(dev); - if(fibptr == NULL) + if(fibptr == NULL) { return -ENOMEM; + } kfib = fibptr->hw_fib; /* @@ -74,16 +81,21 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) * will not overrun the buffer when we copy the memory. Return * an error if we would. */ - if (le16_to_cpu(kfib->header.Size) > - sizeof(struct hw_fib) - sizeof(struct aac_fibhdr)) { - fib_free(fibptr); - return -EINVAL; + size = le16_to_cpu(kfib->header.Size) + sizeof(struct aac_fibhdr); + if (size < le16_to_cpu(kfib->header.SenderSize)) + size = le16_to_cpu(kfib->header.SenderSize); + if (size > dev->max_fib_size) { + /* Highjack the hw_fib */ + hw_fib = fibptr->hw_fib; + hw_fib_pa = fibptr->hw_fib_pa; + fibptr->hw_fib = kfib = pci_alloc_consistent(dev->pdev, size, &fibptr->hw_fib_pa); + memset(((char *)kfib) + dev->max_fib_size, 0, size - dev->max_fib_size); + memcpy(kfib, hw_fib, dev->max_fib_size); } - if (copy_from_user(kfib, arg, le16_to_cpu(kfib->header.Size) + - sizeof(struct aac_fibhdr))) { - fib_free(fibptr); - return -EFAULT; + if (copy_from_user(kfib, arg, size)) { + retval = -EFAULT; + goto cleanup; } if (kfib->header.Command == cpu_to_le16(TakeABreakPt)) { @@ -94,16 +106,15 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) */ kfib->header.XferState = 0; } else { - int retval = fib_send(le16_to_cpu(kfib->header.Command), fibptr, + retval = fib_send(le16_to_cpu(kfib->header.Command), fibptr, le16_to_cpu(kfib->header.Size) , FsaNormal, 1, 1, NULL, NULL); if (retval) { - fib_free(fibptr); - return retval; + goto cleanup; } if (fib_complete(fibptr) != 0) { - fib_free(fibptr); - return -EINVAL; + retval = -EINVAL; + goto cleanup; } } /* @@ -114,12 +125,17 @@ static int ioctl_send_fib(struct aac_dev * dev, void __user *arg) * was already included by the adapter.) */ - if (copy_to_user(arg, (void *)kfib, le16_to_cpu(kfib->header.Size))) { - fib_free(fibptr); - return -EFAULT; + retval = 0; + if (copy_to_user(arg, (void *)kfib, size)) + retval = -EFAULT; +cleanup: + if (hw_fib) { + pci_free_consistent(dev->pdev, size, kfib, fibptr->hw_fib_pa); + fibptr->hw_fib_pa = hw_fib_pa; + fibptr->hw_fib = hw_fib; } fib_free(fibptr); - return 0; + return retval; } /** @@ -399,6 +415,7 @@ static int check_revision(struct aac_dev *dev, void __user *arg) return 0; } + /** * * aac_send_raw_scb @@ -427,7 +444,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) if (!capable(CAP_SYS_ADMIN)){ - printk(KERN_DEBUG"aacraid: No permission to send raw srb\n"); + dprintk((KERN_DEBUG"aacraid: No permission to send raw srb\n")); return -EPERM; } /* @@ -440,20 +457,26 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) srbcmd = (struct aac_srb*) fib_data(srbfib); + memset(sg_list, 0, sizeof(sg_list)); /* cleanup may take issue */ if(copy_from_user(&fibsize, &user_srb->count,sizeof(u32))){ - printk(KERN_DEBUG"aacraid: Could not copy data size from user\n"); + dprintk((KERN_DEBUG"aacraid: Could not copy data size from user\n")); rcode = -EFAULT; goto cleanup; } - if (fibsize > FIB_DATA_SIZE_IN_BYTES) { + if (fibsize > (dev->max_fib_size - sizeof(struct aac_fibhdr))) { rcode = -EINVAL; goto cleanup; } user_srbcmd = kmalloc(GFP_KERNEL, fibsize); + if (!user_srbcmd) { + dprintk((KERN_DEBUG"aacraid: Could not make a copy of the srb\n")); + rcode = -ENOMEM; + goto cleanup; + } if(copy_from_user(user_srbcmd, user_srb,fibsize)){ - printk(KERN_DEBUG"aacraid: Could not copy srb from user\n"); + dprintk((KERN_DEBUG"aacraid: Could not copy srb from user\n")); rcode = -EFAULT; goto cleanup; } @@ -464,12 +487,12 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) // Fix up srb for endian and force some values srbcmd->function = cpu_to_le32(SRBF_ExecuteScsi); // Force this - srbcmd->channel = cpu_to_le32(user_srbcmd->channel); - srbcmd->id = cpu_to_le32(user_srbcmd->id); - srbcmd->lun = cpu_to_le32(user_srbcmd->lun); - srbcmd->flags = cpu_to_le32(user_srbcmd->flags); - srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); - srbcmd->retry_limit = 0; + srbcmd->channel = cpu_to_le32(user_srbcmd->channel); + srbcmd->id = cpu_to_le32(user_srbcmd->id); + srbcmd->lun = cpu_to_le32(user_srbcmd->lun); + srbcmd->flags = cpu_to_le32(flags); + srbcmd->timeout = cpu_to_le32(user_srbcmd->timeout); + srbcmd->retry_limit =cpu_to_le32(0); // Obsolete parameter srbcmd->cdb_size = cpu_to_le32(user_srbcmd->cdb_size); switch (flags & (SRB_DataIn | SRB_DataOut)) { @@ -485,75 +508,98 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) default: data_dir = DMA_NONE; } + if (le32_to_cpu(srbcmd->sg.count) > (sizeof(sg_list)/sizeof(sg_list[0]))) { + dprintk((KERN_DEBUG"aacraid: too many sg entries %d\n", + le32_to_cpu(srbcmd->sg.count))); + rcode = -EINVAL; + goto cleanup; + } if (dev->dac_support == 1) { struct user_sgmap64* upsg = (struct user_sgmap64*)&user_srbcmd->sg; struct sgmap64* psg = (struct sgmap64*)&user_srbcmd->sg; + struct user_sgmap* usg; byte_count = 0; /* * This should also catch if user used the 32 bit sgmap */ actual_fibsize = sizeof(struct aac_srb) - - sizeof(struct sgentry) + - ((user_srbcmd->sg.count & 0xff) * - sizeof(struct sgentry64)); + sizeof(struct sgentry) + + ((upsg->count & 0xff) * + sizeof(struct sgentry)); if(actual_fibsize != fibsize){ // User made a mistake - should not continue - printk(KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"); + dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n")); rcode = -EINVAL; goto cleanup; } - if ((data_dir == DMA_NONE) && upsg->count) { - printk(KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n"); + usg = kmalloc(actual_fibsize - sizeof(struct aac_srb) + + sizeof(struct sgmap), GFP_KERNEL); + if (!usg) { + dprintk((KERN_DEBUG"aacraid: Allocation error in Raw SRB command\n")); + rcode = -ENOMEM; + goto cleanup; + } + memcpy (usg, upsg, actual_fibsize - sizeof(struct aac_srb) + + sizeof(struct sgmap)); + actual_fibsize = sizeof(struct aac_srb) - + sizeof(struct sgentry) + ((usg->count & 0xff) * + sizeof(struct sgentry64)); + if ((data_dir == DMA_NONE) && upsg->count) { + kfree (usg); + dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n")); rcode = -EINVAL; goto cleanup; } - for (i = 0; i < upsg->count; i++) { - u64 addr; + for (i = 0; i < usg->count; i++) { + u64 addr; void* p; - p = kmalloc(upsg->sg[i].count, GFP_KERNEL|__GFP_DMA); + /* Does this really need to be GFP_DMA? */ + p = kmalloc(usg->sg[i].count,GFP_KERNEL|__GFP_DMA); if(p == 0) { - printk(KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", - upsg->sg[i].count,i,upsg->count); + kfree (usg); + dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", + usg->sg[i].count,i,usg->count)); rcode = -ENOMEM; goto cleanup; } - sg_user[i] = (void __user *)upsg->sg[i].addr; + sg_user[i] = (void __user *)usg->sg[i].addr; sg_list[i] = p; // save so we can clean up later sg_indx = i; if( flags & SRB_DataOut ){ if(copy_from_user(p,sg_user[i],upsg->sg[i].count)){ - printk(KERN_DEBUG"aacraid: Could not copy sg data from user\n"); + kfree (usg); + dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); rcode = -EFAULT; goto cleanup; } } - addr = pci_map_single(dev->pdev, p, upsg->sg[i].count, data_dir); + addr = pci_map_single(dev->pdev, p, usg->sg[i].count, data_dir); psg->sg[i].addr[0] = cpu_to_le32(addr & 0xffffffff); - psg->sg[i].addr[1] = cpu_to_le32(addr >> 32); - psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); - byte_count += upsg->sg[i].count; + psg->sg[i].addr[1] = cpu_to_le32(addr>>32); + psg->sg[i].count = cpu_to_le32(usg->sg[i].count); + byte_count += usg->sg[i].count; } + kfree (usg); srbcmd->count = cpu_to_le32(byte_count); + psg->count = cpu_to_le32(sg_indx+1); status = fib_send(ScsiPortCommand64, srbfib, actual_fibsize, FsaNormal, 1, 1,NULL,NULL); } else { struct user_sgmap* upsg = &user_srbcmd->sg; struct sgmap* psg = &srbcmd->sg; byte_count = 0; - actual_fibsize = sizeof (struct aac_srb) + - (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * - sizeof (struct sgentry)); + actual_fibsize = sizeof (struct aac_srb) + (((le32_to_cpu(srbcmd->sg.count) & 0xff) - 1) * sizeof (struct sgentry)); if(actual_fibsize != fibsize){ // User made a mistake - should not continue - printk(KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n"); + dprintk((KERN_DEBUG"aacraid: Bad Size specified in Raw SRB command\n")); rcode = -EINVAL; goto cleanup; } if ((data_dir == DMA_NONE) && upsg->count) { - printk(KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n"); + dprintk((KERN_DEBUG"aacraid: SG with no direction specified in Raw SRB command\n")); rcode = -EINVAL; goto cleanup; } @@ -562,44 +608,48 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) void* p; p = kmalloc(upsg->sg[i].count, GFP_KERNEL); if(p == 0) { - printk(KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", - upsg->sg[i].count, i, upsg->count); + dprintk((KERN_DEBUG"aacraid: Could not allocate SG buffer - size = %d buffer number %d of %d\n", + upsg->sg[i].count, i, upsg->count)); rcode = -ENOMEM; goto cleanup; } - sg_user[i] = (void __user *)upsg->sg[i].addr; + sg_user[i] = (void __user *)upsg->sg[i].addr; sg_list[i] = p; // save so we can clean up later sg_indx = i; if( flags & SRB_DataOut ){ - if(copy_from_user(p, sg_user[i], - upsg->sg[i].count)) { - printk(KERN_DEBUG"aacraid: Could not copy sg data from user\n"); + if(copy_from_user(p, sg_user[i], + upsg->sg[i].count)) { + dprintk((KERN_DEBUG"aacraid: Could not copy sg data from user\n")); rcode = -EFAULT; goto cleanup; } } - addr = pci_map_single(dev->pdev, p, - upsg->sg[i].count, data_dir); + addr = pci_map_single(dev->pdev, p, + upsg->sg[i].count, data_dir); psg->sg[i].addr = cpu_to_le32(addr); psg->sg[i].count = cpu_to_le32(upsg->sg[i].count); byte_count += upsg->sg[i].count; } srbcmd->count = cpu_to_le32(byte_count); + psg->count = cpu_to_le32(sg_indx+1); status = fib_send(ScsiPortCommand, srbfib, actual_fibsize, FsaNormal, 1, 1, NULL, NULL); } if (status != 0){ - printk(KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n"); + dprintk((KERN_DEBUG"aacraid: Could not send raw srb fib to hba\n")); rcode = -1; goto cleanup; } if( flags & SRB_DataIn ) { for(i = 0 ; i <= sg_indx; i++){ - if(copy_to_user(sg_user[i],sg_list[i],le32_to_cpu(srbcmd->sg.sg[i].count))){ - printk(KERN_DEBUG"aacraid: Could not copy sg data to user\n"); + byte_count = le32_to_cpu((dev->dac_support == 1) + ? ((struct sgmap64*)&srbcmd->sg)->sg[i].count + : srbcmd->sg.sg[i].count); + if(copy_to_user(sg_user[i], sg_list[i], byte_count)){ + dprintk((KERN_DEBUG"aacraid: Could not copy sg data to user\n")); rcode = -EFAULT; goto cleanup; @@ -609,7 +659,7 @@ static int aac_send_raw_srb(struct aac_dev* dev, void __user * arg) reply = (struct aac_srb_reply *) fib_data(srbfib); if(copy_to_user(user_reply,reply,sizeof(struct aac_srb_reply))){ - printk(KERN_DEBUG"aacraid: Could not copy reply to user\n"); + dprintk((KERN_DEBUG"aacraid: Could not copy reply to user\n")); rcode = -EFAULT; goto cleanup; } @@ -625,7 +675,6 @@ cleanup: return rcode; } - struct aac_pci_info { u32 bus; u32 slot; @@ -640,11 +689,11 @@ static int aac_get_pci_info(struct aac_dev* dev, void __user *arg) pci_info.slot = PCI_SLOT(dev->pdev->devfn); if (copy_to_user(arg, &pci_info, sizeof(struct aac_pci_info))) { - printk(KERN_DEBUG "aacraid: Could not copy pci info\n"); + dprintk((KERN_DEBUG "aacraid: Could not copy pci info\n")); return -EFAULT; } return 0; - } +} int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) @@ -663,6 +712,7 @@ int aac_do_ioctl(struct aac_dev * dev, int cmd, void __user *arg) case FSACTL_MINIPORT_REV_CHECK: status = check_revision(dev, arg); break; + case FSACTL_SEND_LARGE_FIB: case FSACTL_SENDFIB: status = ioctl_send_fib(dev, arg); break; |