in mtip32xx/mtip32xx.c [1703:1934]
static int exec_drive_taskfile(struct driver_data *dd,
void __user *buf,
ide_task_request_t *req_task,
int outtotal)
{
struct host_to_dev_fis fis;
struct host_to_dev_fis *reply;
u8 *outbuf = NULL;
u8 *inbuf = NULL;
dma_addr_t outbuf_dma = 0;
dma_addr_t inbuf_dma = 0;
dma_addr_t dma_buffer = 0;
int err = 0;
unsigned int taskin = 0;
unsigned int taskout = 0;
u8 nsect = 0;
unsigned int timeout;
unsigned int force_single_sector;
unsigned int transfer_size;
unsigned long task_file_data;
int intotal = outtotal + req_task->out_size;
int erasemode = 0;
taskout = req_task->out_size;
taskin = req_task->in_size;
/* 130560 = 512 * 0xFF*/
if (taskin > 130560 || taskout > 130560)
return -EINVAL;
if (taskout) {
outbuf = memdup_user(buf + outtotal, taskout);
if (IS_ERR(outbuf))
return PTR_ERR(outbuf);
outbuf_dma = dma_map_single(&dd->pdev->dev, outbuf,
taskout, DMA_TO_DEVICE);
if (dma_mapping_error(&dd->pdev->dev, outbuf_dma)) {
err = -ENOMEM;
goto abort;
}
dma_buffer = outbuf_dma;
}
if (taskin) {
inbuf = memdup_user(buf + intotal, taskin);
if (IS_ERR(inbuf)) {
err = PTR_ERR(inbuf);
inbuf = NULL;
goto abort;
}
inbuf_dma = dma_map_single(&dd->pdev->dev, inbuf,
taskin, DMA_FROM_DEVICE);
if (dma_mapping_error(&dd->pdev->dev, inbuf_dma)) {
err = -ENOMEM;
goto abort;
}
dma_buffer = inbuf_dma;
}
/* only supports PIO and non-data commands from this ioctl. */
switch (req_task->data_phase) {
case TASKFILE_OUT:
nsect = taskout / ATA_SECT_SIZE;
reply = (dd->port->rxfis + RX_FIS_PIO_SETUP);
break;
case TASKFILE_IN:
reply = (dd->port->rxfis + RX_FIS_PIO_SETUP);
break;
case TASKFILE_NO_DATA:
reply = (dd->port->rxfis + RX_FIS_D2H_REG);
break;
default:
err = -EINVAL;
goto abort;
}
/* Build the FIS. */
memset(&fis, 0, sizeof(struct host_to_dev_fis));
fis.type = 0x27;
fis.opts = 1 << 7;
fis.command = req_task->io_ports[7];
fis.features = req_task->io_ports[1];
fis.sect_count = req_task->io_ports[2];
fis.lba_low = req_task->io_ports[3];
fis.lba_mid = req_task->io_ports[4];
fis.lba_hi = req_task->io_ports[5];
/* Clear the dev bit*/
fis.device = req_task->io_ports[6] & ~0x10;
if ((req_task->in_flags.all == 0) && (req_task->out_flags.all & 1)) {
req_task->in_flags.all =
IDE_TASKFILE_STD_IN_FLAGS |
(IDE_HOB_STD_IN_FLAGS << 8);
fis.lba_low_ex = req_task->hob_ports[3];
fis.lba_mid_ex = req_task->hob_ports[4];
fis.lba_hi_ex = req_task->hob_ports[5];
fis.features_ex = req_task->hob_ports[1];
fis.sect_cnt_ex = req_task->hob_ports[2];
} else {
req_task->in_flags.all = IDE_TASKFILE_STD_IN_FLAGS;
}
force_single_sector = implicit_sector(fis.command, fis.features);
if ((taskin || taskout) && (!fis.sect_count)) {
if (nsect)
fis.sect_count = nsect;
else {
if (!force_single_sector) {
dev_warn(&dd->pdev->dev,
"data movement but "
"sect_count is 0\n");
err = -EINVAL;
goto abort;
}
}
}
dbg_printk(MTIP_DRV_NAME
" %s: cmd %x, feat %x, nsect %x,"
" sect/lbal %x, lcyl/lbam %x, hcyl/lbah %x,"
" head/dev %x\n",
__func__,
fis.command,
fis.features,
fis.sect_count,
fis.lba_low,
fis.lba_mid,
fis.lba_hi,
fis.device);
/* check for erase mode support during secure erase.*/
if ((fis.command == ATA_CMD_SEC_ERASE_UNIT) && outbuf &&
(outbuf[0] & MTIP_SEC_ERASE_MODE)) {
erasemode = 1;
}
mtip_set_timeout(dd, &fis, &timeout, erasemode);
/* Determine the correct transfer size.*/
if (force_single_sector)
transfer_size = ATA_SECT_SIZE;
else
transfer_size = ATA_SECT_SIZE * fis.sect_count;
/* Execute the command.*/
if (mtip_exec_internal_command(dd->port,
&fis,
5,
dma_buffer,
transfer_size,
0,
timeout) < 0) {
err = -EIO;
goto abort;
}
task_file_data = readl(dd->port->mmio+PORT_TFDATA);
if ((req_task->data_phase == TASKFILE_IN) && !(task_file_data & 1)) {
reply = dd->port->rxfis + RX_FIS_PIO_SETUP;
req_task->io_ports[7] = reply->control;
} else {
reply = dd->port->rxfis + RX_FIS_D2H_REG;
req_task->io_ports[7] = reply->command;
}
/* reclaim the DMA buffers.*/
if (inbuf_dma)
dma_unmap_single(&dd->pdev->dev, inbuf_dma, taskin,
DMA_FROM_DEVICE);
if (outbuf_dma)
dma_unmap_single(&dd->pdev->dev, outbuf_dma, taskout,
DMA_TO_DEVICE);
inbuf_dma = 0;
outbuf_dma = 0;
/* return the ATA registers to the caller.*/
req_task->io_ports[1] = reply->features;
req_task->io_ports[2] = reply->sect_count;
req_task->io_ports[3] = reply->lba_low;
req_task->io_ports[4] = reply->lba_mid;
req_task->io_ports[5] = reply->lba_hi;
req_task->io_ports[6] = reply->device;
if (req_task->out_flags.all & 1) {
req_task->hob_ports[3] = reply->lba_low_ex;
req_task->hob_ports[4] = reply->lba_mid_ex;
req_task->hob_ports[5] = reply->lba_hi_ex;
req_task->hob_ports[1] = reply->features_ex;
req_task->hob_ports[2] = reply->sect_cnt_ex;
}
dbg_printk(MTIP_DRV_NAME
" %s: Completion: stat %x,"
"err %x, sect_cnt %x, lbalo %x,"
"lbamid %x, lbahi %x, dev %x\n",
__func__,
req_task->io_ports[7],
req_task->io_ports[1],
req_task->io_ports[2],
req_task->io_ports[3],
req_task->io_ports[4],
req_task->io_ports[5],
req_task->io_ports[6]);
if (taskout) {
if (copy_to_user(buf + outtotal, outbuf, taskout)) {
err = -EFAULT;
goto abort;
}
}
if (taskin) {
if (copy_to_user(buf + intotal, inbuf, taskin)) {
err = -EFAULT;
goto abort;
}
}
abort:
if (inbuf_dma)
dma_unmap_single(&dd->pdev->dev, inbuf_dma, taskin,
DMA_FROM_DEVICE);
if (outbuf_dma)
dma_unmap_single(&dd->pdev->dev, outbuf_dma, taskout,
DMA_TO_DEVICE);
kfree(outbuf);
kfree(inbuf);
return err;
}