search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[POWERPC] spufs: fix possible memory corruption is spufs_mem_write
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / ieee1394 / ieee1394_transactions.c
blob0833fc9f50c4ad1914513620bbaae219889a1b42
1 /*
2 * IEEE 1394 for Linux
3 *
4 * Transaction support.
5 *
6 * Copyright (C) 1999 Andreas E. Bombe
7 *
8 * This code is licensed under the GPL. See the file COPYING in the root
9 * directory of the kernel sources for details.
10 */
11
12 #include <linux/bitops.h>
13 #include <linux/spinlock.h>
14 #include <linux/wait.h>
15
16 #include <asm/bug.h>
17 #include <asm/errno.h>
18
19 #include "ieee1394.h"
20 #include "ieee1394_types.h"
21 #include "hosts.h"
22 #include "ieee1394_core.h"
23 #include "ieee1394_transactions.h"
24
25 #define PREP_ASYNC_HEAD_ADDRESS(tc) \
26 packet->tcode = tc; \
27 packet->header[0] = (packet->node_id << 16) | (packet->tlabel << 10) \
28 | (1 << 8) | (tc << 4); \
29 packet->header[1] = (packet->host->node_id << 16) | (addr >> 32); \
30 packet->header[2] = addr & 0xffffffff
31
32 #ifndef HPSB_DEBUG_TLABELS
33 static
34 #endif
35 spinlock_t hpsb_tlabel_lock = SPIN_LOCK_UNLOCKED;
36
37 static DECLARE_WAIT_QUEUE_HEAD(tlabel_wq);
38
39 static void fill_async_readquad(struct hpsb_packet *packet, u64 addr)
40 {
41 PREP_ASYNC_HEAD_ADDRESS(TCODE_READQ);
42 packet->header_size = 12;
43 packet->data_size = 0;
44 packet->expect_response = 1;
45 }
46
47 static void fill_async_readblock(struct hpsb_packet *packet, u64 addr,
48 int length)
49 {
50 PREP_ASYNC_HEAD_ADDRESS(TCODE_READB);
51 packet->header[3] = length << 16;
52 packet->header_size = 16;
53 packet->data_size = 0;
54 packet->expect_response = 1;
55 }
56
57 static void fill_async_writequad(struct hpsb_packet *packet, u64 addr,
58 quadlet_t data)
59 {
60 PREP_ASYNC_HEAD_ADDRESS(TCODE_WRITEQ);
61 packet->header[3] = data;
62 packet->header_size = 16;
63 packet->data_size = 0;
64 packet->expect_response = 1;
65 }
66
67 static void fill_async_writeblock(struct hpsb_packet *packet, u64 addr,
68 int length)
69 {
70 PREP_ASYNC_HEAD_ADDRESS(TCODE_WRITEB);
71 packet->header[3] = length << 16;
72 packet->header_size = 16;
73 packet->expect_response = 1;
74 packet->data_size = length + (length % 4 ? 4 - (length % 4) : 0);
75 }
76
77 static void fill_async_lock(struct hpsb_packet *packet, u64 addr, int extcode,
78 int length)
79 {
80 PREP_ASYNC_HEAD_ADDRESS(TCODE_LOCK_REQUEST);
81 packet->header[3] = (length << 16) | extcode;
82 packet->header_size = 16;
83 packet->data_size = length;
84 packet->expect_response = 1;
85 }
86
87 static void fill_iso_packet(struct hpsb_packet *packet, int length, int channel,
88 int tag, int sync)
89 {
90 packet->header[0] = (length << 16) | (tag << 14) | (channel << 8)
91 | (TCODE_ISO_DATA << 4) | sync;
92
93 packet->header_size = 4;
94 packet->data_size = length;
95 packet->type = hpsb_iso;
96 packet->tcode = TCODE_ISO_DATA;
97 }
98
99 static void fill_phy_packet(struct hpsb_packet *packet, quadlet_t data)
100 {
101 packet->header[0] = data;
102 packet->header[1] = ~data;
103 packet->header_size = 8;
104 packet->data_size = 0;
105 packet->expect_response = 0;
106 packet->type = hpsb_raw; /* No CRC added */
107 packet->speed_code = IEEE1394_SPEED_100; /* Force speed to be 100Mbps */
108 }
109
110 static void fill_async_stream_packet(struct hpsb_packet *packet, int length,
111 int channel, int tag, int sync)
112 {
113 packet->header[0] = (length << 16) | (tag << 14) | (channel << 8)
114 | (TCODE_STREAM_DATA << 4) | sync;
115
116 packet->header_size = 4;
117 packet->data_size = length;
118 packet->type = hpsb_async;
119 packet->tcode = TCODE_ISO_DATA;
120 }
121
122 /* same as hpsb_get_tlabel, except that it returns immediately */
123 static int hpsb_get_tlabel_atomic(struct hpsb_packet *packet)
124 {
125 unsigned long flags, *tp;
126 u8 *next;
127 int tlabel, n = NODEID_TO_NODE(packet->node_id);
128
129 /* Broadcast transactions are complete once the request has been sent.
130 * Use the same transaction label for all broadcast transactions. */
131 if (unlikely(n == ALL_NODES)) {
132 packet->tlabel = 0;
133 return 0;
134 }
135 tp = packet->host->tl_pool[n].map;
136 next = &packet->host->next_tl[n];
137
138 spin_lock_irqsave(&hpsb_tlabel_lock, flags);
139 tlabel = find_next_zero_bit(tp, 64, *next);
140 if (tlabel > 63)
141 tlabel = find_first_zero_bit(tp, 64);
142 if (tlabel > 63) {
143 spin_unlock_irqrestore(&hpsb_tlabel_lock, flags);
144 return -EAGAIN;
145 }
146 __set_bit(tlabel, tp);
147 *next = (tlabel + 1) & 63;
148 spin_unlock_irqrestore(&hpsb_tlabel_lock, flags);
149
150 packet->tlabel = tlabel;
151 return 0;
152 }
153
154 /**
155 * hpsb_get_tlabel - allocate a transaction label
156 * @packet: the packet whose tlabel and tl_pool we set
157 *
158 * Every asynchronous transaction on the 1394 bus needs a transaction
159 * label to match the response to the request. This label has to be
160 * different from any other transaction label in an outstanding request to
161 * the same node to make matching possible without ambiguity.
162 *
163 * There are 64 different tlabels, so an allocated tlabel has to be freed
164 * with hpsb_free_tlabel() after the transaction is complete (unless it's
165 * reused again for the same target node).
166 *
167 * Return value: Zero on success, otherwise non-zero. A non-zero return
168 * generally means there are no available tlabels. If this is called out
169 * of interrupt or atomic context, then it will sleep until can return a
170 * tlabel or a signal is received.
171 */
172 int hpsb_get_tlabel(struct hpsb_packet *packet)
173 {
174 if (irqs_disabled() || in_atomic())
175 return hpsb_get_tlabel_atomic(packet);
176
177 /* NB: The macro wait_event_interruptible() is called with a condition
178 * argument with side effect. This is only possible because the side
179 * effect does not occur until the condition became true, and
180 * wait_event_interruptible() won't evaluate the condition again after
181 * that. */
182 return wait_event_interruptible(tlabel_wq,
183 !hpsb_get_tlabel_atomic(packet));
184 }
185
186 /**
187 * hpsb_free_tlabel - free an allocated transaction label
188 * @packet: packet whose tlabel and tl_pool needs to be cleared
189 *
190 * Frees the transaction label allocated with hpsb_get_tlabel(). The
191 * tlabel has to be freed after the transaction is complete (i.e. response
192 * was received for a split transaction or packet was sent for a unified
193 * transaction).
194 *
195 * A tlabel must not be freed twice.
196 */
197 void hpsb_free_tlabel(struct hpsb_packet *packet)
198 {
199 unsigned long flags, *tp;
200 int tlabel, n = NODEID_TO_NODE(packet->node_id);
201
202 if (unlikely(n == ALL_NODES))
203 return;
204 tp = packet->host->tl_pool[n].map;
205 tlabel = packet->tlabel;
206 BUG_ON(tlabel > 63 || tlabel < 0);
207
208 spin_lock_irqsave(&hpsb_tlabel_lock, flags);
209 BUG_ON(!__test_and_clear_bit(tlabel, tp));
210 spin_unlock_irqrestore(&hpsb_tlabel_lock, flags);
211
212 wake_up_interruptible(&tlabel_wq);
213 }
214
215 int hpsb_packet_success(struct hpsb_packet *packet)
216 {
217 switch (packet->ack_code) {
218 case ACK_PENDING:
219 switch ((packet->header[1] >> 12) & 0xf) {
220 case RCODE_COMPLETE:
221 return 0;
222 case RCODE_CONFLICT_ERROR:
223 return -EAGAIN;
224 case RCODE_DATA_ERROR:
225 return -EREMOTEIO;
226 case RCODE_TYPE_ERROR:
227 return -EACCES;
228 case RCODE_ADDRESS_ERROR:
229 return -EINVAL;
230 default:
231 HPSB_ERR("received reserved rcode %d from node %d",
232 (packet->header[1] >> 12) & 0xf,
233 packet->node_id);
234 return -EAGAIN;
235 }
236 BUG();
237
238 case ACK_BUSY_X:
239 case ACK_BUSY_A:
240 case ACK_BUSY_B:
241 return -EBUSY;
242
243 case ACK_TYPE_ERROR:
244 return -EACCES;
245
246 case ACK_COMPLETE:
247 if (packet->tcode == TCODE_WRITEQ
248 || packet->tcode == TCODE_WRITEB) {
249 return 0;
250 } else {
251 HPSB_ERR("impossible ack_complete from node %d "
252 "(tcode %d)", packet->node_id, packet->tcode);
253 return -EAGAIN;
254 }
255
256 case ACK_DATA_ERROR:
257 if (packet->tcode == TCODE_WRITEB
258 || packet->tcode == TCODE_LOCK_REQUEST) {
259 return -EAGAIN;
260 } else {
261 HPSB_ERR("impossible ack_data_error from node %d "
262 "(tcode %d)", packet->node_id, packet->tcode);
263 return -EAGAIN;
264 }
265
266 case ACK_ADDRESS_ERROR:
267 return -EINVAL;
268
269 case ACK_TARDY:
270 case ACK_CONFLICT_ERROR:
271 case ACKX_NONE:
272 case ACKX_SEND_ERROR:
273 case ACKX_ABORTED:
274 case ACKX_TIMEOUT:
275 /* error while sending */
276 return -EAGAIN;
277
278 default:
279 HPSB_ERR("got invalid ack %d from node %d (tcode %d)",
280 packet->ack_code, packet->node_id, packet->tcode);
281 return -EAGAIN;
282 }
283 BUG();
284 }
285
286 struct hpsb_packet *hpsb_make_readpacket(struct hpsb_host *host, nodeid_t node,
287 u64 addr, size_t length)
288 {
289 struct hpsb_packet *packet;
290
291 if (length == 0)
292 return NULL;
293
294 packet = hpsb_alloc_packet(length);
295 if (!packet)
296 return NULL;
297
298 packet->host = host;
299 packet->node_id = node;
300
301 if (hpsb_get_tlabel(packet)) {
302 hpsb_free_packet(packet);
303 return NULL;
304 }
305
306 if (length == 4)
307 fill_async_readquad(packet, addr);
308 else
309 fill_async_readblock(packet, addr, length);
310
311 return packet;
312 }
313
314 struct hpsb_packet *hpsb_make_writepacket(struct hpsb_host *host, nodeid_t node,
315 u64 addr, quadlet_t * buffer,
316 size_t length)
317 {
318 struct hpsb_packet *packet;
319
320 if (length == 0)
321 return NULL;
322
323 packet = hpsb_alloc_packet(length);
324 if (!packet)
325 return NULL;
326
327 if (length % 4) { /* zero padding bytes */
328 packet->data[length >> 2] = 0;
329 }
330 packet->host = host;
331 packet->node_id = node;
332
333 if (hpsb_get_tlabel(packet)) {
334 hpsb_free_packet(packet);
335 return NULL;
336 }
337
338 if (length == 4) {
339 fill_async_writequad(packet, addr, buffer ? *buffer : 0);
340 } else {
341 fill_async_writeblock(packet, addr, length);
342 if (buffer)
343 memcpy(packet->data, buffer, length);
344 }
345
346 return packet;
347 }
348
349 struct hpsb_packet *hpsb_make_streampacket(struct hpsb_host *host, u8 * buffer,
350 int length, int channel, int tag,
351 int sync)
352 {
353 struct hpsb_packet *packet;
354
355 if (length == 0)
356 return NULL;
357
358 packet = hpsb_alloc_packet(length);
359 if (!packet)
360 return NULL;
361
362 if (length % 4) { /* zero padding bytes */
363 packet->data[length >> 2] = 0;
364 }
365 packet->host = host;
366
367 if (hpsb_get_tlabel(packet)) {
368 hpsb_free_packet(packet);
369 return NULL;
370 }
371
372 fill_async_stream_packet(packet, length, channel, tag, sync);
373 if (buffer)
374 memcpy(packet->data, buffer, length);
375
376 return packet;
377 }
378
379 struct hpsb_packet *hpsb_make_lockpacket(struct hpsb_host *host, nodeid_t node,
380 u64 addr, int extcode,
381 quadlet_t * data, quadlet_t arg)
382 {
383 struct hpsb_packet *p;
384 u32 length;
385
386 p = hpsb_alloc_packet(8);
387 if (!p)
388 return NULL;
389
390 p->host = host;
391 p->node_id = node;
392 if (hpsb_get_tlabel(p)) {
393 hpsb_free_packet(p);
394 return NULL;
395 }
396
397 switch (extcode) {
398 case EXTCODE_FETCH_ADD:
399 case EXTCODE_LITTLE_ADD:
400 length = 4;
401 if (data)
402 p->data[0] = *data;
403 break;
404 default:
405 length = 8;
406 if (data) {
407 p->data[0] = arg;
408 p->data[1] = *data;
409 }
410 break;
411 }
412 fill_async_lock(p, addr, extcode, length);
413
414 return p;
415 }
416
417 struct hpsb_packet *hpsb_make_lock64packet(struct hpsb_host *host,
418 nodeid_t node, u64 addr, int extcode,
419 octlet_t * data, octlet_t arg)
420 {
421 struct hpsb_packet *p;
422 u32 length;
423
424 p = hpsb_alloc_packet(16);
425 if (!p)
426 return NULL;
427
428 p->host = host;
429 p->node_id = node;
430 if (hpsb_get_tlabel(p)) {
431 hpsb_free_packet(p);
432 return NULL;
433 }
434
435 switch (extcode) {
436 case EXTCODE_FETCH_ADD:
437 case EXTCODE_LITTLE_ADD:
438 length = 8;
439 if (data) {
440 p->data[0] = *data >> 32;
441 p->data[1] = *data & 0xffffffff;
442 }
443 break;
444 default:
445 length = 16;
446 if (data) {
447 p->data[0] = arg >> 32;
448 p->data[1] = arg & 0xffffffff;
449 p->data[2] = *data >> 32;
450 p->data[3] = *data & 0xffffffff;
451 }
452 break;
453 }
454 fill_async_lock(p, addr, extcode, length);
455
456 return p;
457 }
458
459 struct hpsb_packet *hpsb_make_phypacket(struct hpsb_host *host, quadlet_t data)
460 {
461 struct hpsb_packet *p;
462
463 p = hpsb_alloc_packet(0);
464 if (!p)
465 return NULL;
466
467 p->host = host;
468 fill_phy_packet(p, data);
469
470 return p;
471 }
472
473 struct hpsb_packet *hpsb_make_isopacket(struct hpsb_host *host,
474 int length, int channel,
475 int tag, int sync)
476 {
477 struct hpsb_packet *p;
478
479 p = hpsb_alloc_packet(length);
480 if (!p)
481 return NULL;
482
483 p->host = host;
484 fill_iso_packet(p, length, channel, tag, sync);
485
486 p->generation = get_hpsb_generation(host);
487
488 return p;
489 }
490
491 /*
492 * FIXME - these functions should probably read from / write to user space to
493 * avoid in kernel buffers for user space callers
494 */
495
496 int hpsb_read(struct hpsb_host *host, nodeid_t node, unsigned int generation,
497 u64 addr, quadlet_t * buffer, size_t length)
498 {
499 struct hpsb_packet *packet;
500 int retval = 0;
501
502 if (length == 0)
503 return -EINVAL;
504
505 BUG_ON(in_interrupt()); // We can't be called in an interrupt, yet
506
507 packet = hpsb_make_readpacket(host, node, addr, length);
508
509 if (!packet) {
510 return -ENOMEM;
511 }
512
513 packet->generation = generation;
514 retval = hpsb_send_packet_and_wait(packet);
515 if (retval < 0)
516 goto hpsb_read_fail;
517
518 retval = hpsb_packet_success(packet);
519
520 if (retval == 0) {
521 if (length == 4) {
522 *buffer = packet->header[3];
523 } else {
524 memcpy(buffer, packet->data, length);
525 }
526 }
527
528 hpsb_read_fail:
529 hpsb_free_tlabel(packet);
530 hpsb_free_packet(packet);
531
532 return retval;
533 }
534
535 int hpsb_write(struct hpsb_host *host, nodeid_t node, unsigned int generation,
536 u64 addr, quadlet_t * buffer, size_t length)
537 {
538 struct hpsb_packet *packet;
539 int retval;
540
541 if (length == 0)
542 return -EINVAL;
543
544 BUG_ON(in_interrupt()); // We can't be called in an interrupt, yet
545
546 packet = hpsb_make_writepacket(host, node, addr, buffer, length);
547
548 if (!packet)
549 return -ENOMEM;
550
551 packet->generation = generation;
552 retval = hpsb_send_packet_and_wait(packet);
553 if (retval < 0)
554 goto hpsb_write_fail;
555
556 retval = hpsb_packet_success(packet);
557
558 hpsb_write_fail:
559 hpsb_free_tlabel(packet);
560 hpsb_free_packet(packet);
561
562 return retval;
563 }
564
565 #if 0
566
567 int hpsb_lock(struct hpsb_host *host, nodeid_t node, unsigned int generation,
568 u64 addr, int extcode, quadlet_t * data, quadlet_t arg)
569 {
570 struct hpsb_packet *packet;
571 int retval = 0;
572
573 BUG_ON(in_interrupt()); // We can't be called in an interrupt, yet
574
575 packet = hpsb_make_lockpacket(host, node, addr, extcode, data, arg);
576 if (!packet)
577 return -ENOMEM;
578
579 packet->generation = generation;
580 retval = hpsb_send_packet_and_wait(packet);
581 if (retval < 0)
582 goto hpsb_lock_fail;
583
584 retval = hpsb_packet_success(packet);
585
586 if (retval == 0) {
587 *data = packet->data[0];
588 }
589
590 hpsb_lock_fail:
591 hpsb_free_tlabel(packet);
592 hpsb_free_packet(packet);
593
594 return retval;
595 }
596
597 int hpsb_send_gasp(struct hpsb_host *host, int channel, unsigned int generation,
598 quadlet_t * buffer, size_t length, u32 specifier_id,
599 unsigned int version)
600 {
601 struct hpsb_packet *packet;
602 int retval = 0;
603 u16 specifier_id_hi = (specifier_id & 0x00ffff00) >> 8;
604 u8 specifier_id_lo = specifier_id & 0xff;
605
606 HPSB_VERBOSE("Send GASP: channel = %d, length = %Zd", channel, length);
607
608 length += 8;
609
610 packet = hpsb_make_streampacket(host, NULL, length, channel, 3, 0);
611 if (!packet)
612 return -ENOMEM;
613
614 packet->data[0] = cpu_to_be32((host->node_id << 16) | specifier_id_hi);
615 packet->data[1] =
616 cpu_to_be32((specifier_id_lo << 24) | (version & 0x00ffffff));
617
618 memcpy(&(packet->data[2]), buffer, length - 8);
619
620 packet->generation = generation;
621
622 packet->no_waiter = 1;
623
624 retval = hpsb_send_packet(packet);
625 if (retval < 0)
626 hpsb_free_packet(packet);
627
628 return retval;
629 }
630
631 #endif /* 0 */
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree