Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / scsi / libsas / sas_host_smp.c
blobbb8f49269a68dfc307ca178e1effd95fd72ef3ee
1 /*
2 * Serial Attached SCSI (SAS) Expander discovery and configuration
4 * Copyright (C) 2007 James E.J. Bottomley
5 * <James.Bottomley@HansenPartnership.com>
7 * This program is free software; you can redistribute it and/or
8 * modify it under the terms of the GNU General Public License as
9 * published by the Free Software Foundation; version 2 only.
11 #include <linux/scatterlist.h>
12 #include <linux/blkdev.h>
13 #include <linux/slab.h>
14 #include <linux/export.h>
16 #include "sas_internal.h"
18 #include <scsi/scsi_transport.h>
19 #include <scsi/scsi_transport_sas.h>
20 #include "../scsi_sas_internal.h"
22 static void sas_host_smp_discover(struct sas_ha_struct *sas_ha, u8 *resp_data,
23 u8 phy_id)
25 struct sas_phy *phy;
26 struct sas_rphy *rphy;
28 if (phy_id >= sas_ha->num_phys) {
29 resp_data[2] = SMP_RESP_NO_PHY;
30 return;
32 resp_data[2] = SMP_RESP_FUNC_ACC;
34 phy = sas_ha->sas_phy[phy_id]->phy;
35 resp_data[9] = phy_id;
36 resp_data[13] = phy->negotiated_linkrate;
37 memcpy(resp_data + 16, sas_ha->sas_addr, SAS_ADDR_SIZE);
38 memcpy(resp_data + 24, sas_ha->sas_phy[phy_id]->attached_sas_addr,
39 SAS_ADDR_SIZE);
40 resp_data[40] = (phy->minimum_linkrate << 4) |
41 phy->minimum_linkrate_hw;
42 resp_data[41] = (phy->maximum_linkrate << 4) |
43 phy->maximum_linkrate_hw;
45 if (!sas_ha->sas_phy[phy_id]->port ||
46 !sas_ha->sas_phy[phy_id]->port->port_dev)
47 return;
49 rphy = sas_ha->sas_phy[phy_id]->port->port_dev->rphy;
50 resp_data[12] = rphy->identify.device_type << 4;
51 resp_data[14] = rphy->identify.initiator_port_protocols;
52 resp_data[15] = rphy->identify.target_port_protocols;
55 /**
56 * to_sas_gpio_gp_bit - given the gpio frame data find the byte/bit position of 'od'
57 * @od: od bit to find
58 * @data: incoming bitstream (from frame)
59 * @index: requested data register index (from frame)
60 * @count: total number of registers in the bitstream (from frame)
61 * @bit: bit position of 'od' in the returned byte
63 * returns NULL if 'od' is not in 'data'
65 * From SFF-8485 v0.7:
66 * "In GPIO_TX[1], bit 0 of byte 3 contains the first bit (i.e., OD0.0)
67 * and bit 7 of byte 0 contains the 32nd bit (i.e., OD10.1).
69 * In GPIO_TX[2], bit 0 of byte 3 contains the 33rd bit (i.e., OD10.2)
70 * and bit 7 of byte 0 contains the 64th bit (i.e., OD21.0)."
72 * The general-purpose (raw-bitstream) RX registers have the same layout
73 * although 'od' is renamed 'id' for 'input data'.
75 * SFF-8489 defines the behavior of the LEDs in response to the 'od' values.
77 static u8 *to_sas_gpio_gp_bit(unsigned int od, u8 *data, u8 index, u8 count, u8 *bit)
79 unsigned int reg;
80 u8 byte;
82 /* gp registers start at index 1 */
83 if (index == 0)
84 return NULL;
86 index--; /* make index 0-based */
87 if (od < index * 32)
88 return NULL;
90 od -= index * 32;
91 reg = od >> 5;
93 if (reg >= count)
94 return NULL;
96 od &= (1 << 5) - 1;
97 byte = 3 - (od >> 3);
98 *bit = od & ((1 << 3) - 1);
100 return &data[reg * 4 + byte];
103 int try_test_sas_gpio_gp_bit(unsigned int od, u8 *data, u8 index, u8 count)
105 u8 *byte;
106 u8 bit;
108 byte = to_sas_gpio_gp_bit(od, data, index, count, &bit);
109 if (!byte)
110 return -1;
112 return (*byte >> bit) & 1;
114 EXPORT_SYMBOL(try_test_sas_gpio_gp_bit);
116 static int sas_host_smp_write_gpio(struct sas_ha_struct *sas_ha, u8 *resp_data,
117 u8 reg_type, u8 reg_index, u8 reg_count,
118 u8 *req_data)
120 struct sas_internal *i = to_sas_internal(sas_ha->core.shost->transportt);
121 int written;
123 if (i->dft->lldd_write_gpio == NULL) {
124 resp_data[2] = SMP_RESP_FUNC_UNK;
125 return 0;
128 written = i->dft->lldd_write_gpio(sas_ha, reg_type, reg_index,
129 reg_count, req_data);
131 if (written < 0) {
132 resp_data[2] = SMP_RESP_FUNC_FAILED;
133 written = 0;
134 } else
135 resp_data[2] = SMP_RESP_FUNC_ACC;
137 return written;
140 static void sas_report_phy_sata(struct sas_ha_struct *sas_ha, u8 *resp_data,
141 u8 phy_id)
143 struct sas_rphy *rphy;
144 struct dev_to_host_fis *fis;
145 int i;
147 if (phy_id >= sas_ha->num_phys) {
148 resp_data[2] = SMP_RESP_NO_PHY;
149 return;
152 resp_data[2] = SMP_RESP_PHY_NO_SATA;
154 if (!sas_ha->sas_phy[phy_id]->port)
155 return;
157 rphy = sas_ha->sas_phy[phy_id]->port->port_dev->rphy;
158 fis = (struct dev_to_host_fis *)
159 sas_ha->sas_phy[phy_id]->port->port_dev->frame_rcvd;
160 if (rphy->identify.target_port_protocols != SAS_PROTOCOL_SATA)
161 return;
163 resp_data[2] = SMP_RESP_FUNC_ACC;
164 resp_data[9] = phy_id;
165 memcpy(resp_data + 16, sas_ha->sas_phy[phy_id]->attached_sas_addr,
166 SAS_ADDR_SIZE);
168 /* check to see if we have a valid d2h fis */
169 if (fis->fis_type != 0x34)
170 return;
172 /* the d2h fis is required by the standard to be in LE format */
173 for (i = 0; i < 20; i += 4) {
174 u8 *dst = resp_data + 24 + i, *src =
175 &sas_ha->sas_phy[phy_id]->port->port_dev->frame_rcvd[i];
176 dst[0] = src[3];
177 dst[1] = src[2];
178 dst[2] = src[1];
179 dst[3] = src[0];
183 static void sas_phy_control(struct sas_ha_struct *sas_ha, u8 phy_id,
184 u8 phy_op, enum sas_linkrate min,
185 enum sas_linkrate max, u8 *resp_data)
187 struct sas_internal *i =
188 to_sas_internal(sas_ha->core.shost->transportt);
189 struct sas_phy_linkrates rates;
191 if (phy_id >= sas_ha->num_phys) {
192 resp_data[2] = SMP_RESP_NO_PHY;
193 return;
195 switch (phy_op) {
196 case PHY_FUNC_NOP:
197 case PHY_FUNC_LINK_RESET:
198 case PHY_FUNC_HARD_RESET:
199 case PHY_FUNC_DISABLE:
200 case PHY_FUNC_CLEAR_ERROR_LOG:
201 case PHY_FUNC_CLEAR_AFFIL:
202 case PHY_FUNC_TX_SATA_PS_SIGNAL:
203 break;
205 default:
206 resp_data[2] = SMP_RESP_PHY_UNK_OP;
207 return;
210 rates.minimum_linkrate = min;
211 rates.maximum_linkrate = max;
213 if (i->dft->lldd_control_phy(sas_ha->sas_phy[phy_id], phy_op, &rates))
214 resp_data[2] = SMP_RESP_FUNC_FAILED;
215 else
216 resp_data[2] = SMP_RESP_FUNC_ACC;
219 int sas_smp_host_handler(struct Scsi_Host *shost, struct request *req,
220 struct request *rsp)
222 u8 *req_data = NULL, *resp_data = NULL, *buf;
223 struct sas_ha_struct *sas_ha = SHOST_TO_SAS_HA(shost);
224 int error = -EINVAL;
226 /* eight is the minimum size for request and response frames */
227 if (blk_rq_bytes(req) < 8 || blk_rq_bytes(rsp) < 8)
228 goto out;
230 if (bio_offset(req->bio) + blk_rq_bytes(req) > PAGE_SIZE ||
231 bio_offset(rsp->bio) + blk_rq_bytes(rsp) > PAGE_SIZE) {
232 shost_printk(KERN_ERR, shost,
233 "SMP request/response frame crosses page boundary");
234 goto out;
237 req_data = kzalloc(blk_rq_bytes(req), GFP_KERNEL);
239 /* make sure frame can always be built ... we copy
240 * back only the requested length */
241 resp_data = kzalloc(max(blk_rq_bytes(rsp), 128U), GFP_KERNEL);
243 if (!req_data || !resp_data) {
244 error = -ENOMEM;
245 goto out;
248 local_irq_disable();
249 buf = kmap_atomic(bio_page(req->bio), KM_USER0) + bio_offset(req->bio);
250 memcpy(req_data, buf, blk_rq_bytes(req));
251 kunmap_atomic(buf - bio_offset(req->bio), KM_USER0);
252 local_irq_enable();
254 if (req_data[0] != SMP_REQUEST)
255 goto out;
257 /* always succeeds ... even if we can't process the request
258 * the result is in the response frame */
259 error = 0;
261 /* set up default don't know response */
262 resp_data[0] = SMP_RESPONSE;
263 resp_data[1] = req_data[1];
264 resp_data[2] = SMP_RESP_FUNC_UNK;
266 switch (req_data[1]) {
267 case SMP_REPORT_GENERAL:
268 req->resid_len -= 8;
269 rsp->resid_len -= 32;
270 resp_data[2] = SMP_RESP_FUNC_ACC;
271 resp_data[9] = sas_ha->num_phys;
272 break;
274 case SMP_REPORT_MANUF_INFO:
275 req->resid_len -= 8;
276 rsp->resid_len -= 64;
277 resp_data[2] = SMP_RESP_FUNC_ACC;
278 memcpy(resp_data + 12, shost->hostt->name,
279 SAS_EXPANDER_VENDOR_ID_LEN);
280 memcpy(resp_data + 20, "libsas virt phy",
281 SAS_EXPANDER_PRODUCT_ID_LEN);
282 break;
284 case SMP_READ_GPIO_REG:
285 /* FIXME: need GPIO support in the transport class */
286 break;
288 case SMP_DISCOVER:
289 req->resid_len -= 16;
290 if ((int)req->resid_len < 0) {
291 req->resid_len = 0;
292 error = -EINVAL;
293 goto out;
295 rsp->resid_len -= 56;
296 sas_host_smp_discover(sas_ha, resp_data, req_data[9]);
297 break;
299 case SMP_REPORT_PHY_ERR_LOG:
300 /* FIXME: could implement this with additional
301 * libsas callbacks providing the HW supports it */
302 break;
304 case SMP_REPORT_PHY_SATA:
305 req->resid_len -= 16;
306 if ((int)req->resid_len < 0) {
307 req->resid_len = 0;
308 error = -EINVAL;
309 goto out;
311 rsp->resid_len -= 60;
312 sas_report_phy_sata(sas_ha, resp_data, req_data[9]);
313 break;
315 case SMP_REPORT_ROUTE_INFO:
316 /* Can't implement; hosts have no routes */
317 break;
319 case SMP_WRITE_GPIO_REG: {
320 /* SFF-8485 v0.7 */
321 const int base_frame_size = 11;
322 int to_write = req_data[4];
324 if (blk_rq_bytes(req) < base_frame_size + to_write * 4 ||
325 req->resid_len < base_frame_size + to_write * 4) {
326 resp_data[2] = SMP_RESP_INV_FRM_LEN;
327 break;
330 to_write = sas_host_smp_write_gpio(sas_ha, resp_data, req_data[2],
331 req_data[3], to_write, &req_data[8]);
332 req->resid_len -= base_frame_size + to_write * 4;
333 rsp->resid_len -= 8;
334 break;
337 case SMP_CONF_ROUTE_INFO:
338 /* Can't implement; hosts have no routes */
339 break;
341 case SMP_PHY_CONTROL:
342 req->resid_len -= 44;
343 if ((int)req->resid_len < 0) {
344 req->resid_len = 0;
345 error = -EINVAL;
346 goto out;
348 rsp->resid_len -= 8;
349 sas_phy_control(sas_ha, req_data[9], req_data[10],
350 req_data[32] >> 4, req_data[33] >> 4,
351 resp_data);
352 break;
354 case SMP_PHY_TEST_FUNCTION:
355 /* FIXME: should this be implemented? */
356 break;
358 default:
359 /* probably a 2.0 function */
360 break;
363 local_irq_disable();
364 buf = kmap_atomic(bio_page(rsp->bio), KM_USER0) + bio_offset(rsp->bio);
365 memcpy(buf, resp_data, blk_rq_bytes(rsp));
366 flush_kernel_dcache_page(bio_page(rsp->bio));
367 kunmap_atomic(buf - bio_offset(rsp->bio), KM_USER0);
368 local_irq_enable();
370 out:
371 kfree(req_data);
372 kfree(resp_data);
373 return error;