search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[POWERPC] spufs: fix possible memory corruption is spufs_mem_write
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / ieee1394 / raw1394.c
blobbb897a37d9f778cf2f64661c06069461d5d63fc5
1 /*
2 * IEEE 1394 for Linux
3 *
4 * Raw interface to the bus
5 *
6 * Copyright (C) 1999, 2000 Andreas E. Bombe
7 * 2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8 * 2002 Christian Toegel <christian.toegel@gmx.at>
9 *
10 * This code is licensed under the GPL. See the file COPYING in the root
11 * directory of the kernel sources for details.
12 *
13 *
14 * Contributions:
15 *
16 * Manfred Weihs <weihs@ict.tuwien.ac.at>
17 * configuration ROM manipulation
18 * address range mapping
19 * adaptation for new (transparent) loopback mechanism
20 * sending of arbitrary async packets
21 * Christian Toegel <christian.toegel@gmx.at>
22 * address range mapping
23 * lock64 request
24 * transmit physical packet
25 * busreset notification control (switch on/off)
26 * busreset with selection of type (short/long)
27 * request_reply
28 */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/compat.h>
45
46 #include "csr1212.h"
47 #include "highlevel.h"
48 #include "hosts.h"
49 #include "ieee1394.h"
50 #include "ieee1394_core.h"
51 #include "ieee1394_hotplug.h"
52 #include "ieee1394_transactions.h"
53 #include "ieee1394_types.h"
54 #include "iso.h"
55 #include "nodemgr.h"
56 #include "raw1394.h"
57 #include "raw1394-private.h"
58
59 #define int2ptr(x) ((void __user *)(unsigned long)x)
60 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
61
62 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
63 #define RAW1394_DEBUG
64 #endif
65
66 #ifdef RAW1394_DEBUG
67 #define DBGMSG(fmt, args...) \
68 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
69 #else
70 #define DBGMSG(fmt, args...) do {} while (0)
71 #endif
72
73 static LIST_HEAD(host_info_list);
74 static int host_count;
75 static DEFINE_SPINLOCK(host_info_lock);
76 static atomic_t internal_generation = ATOMIC_INIT(0);
77
78 static atomic_t iso_buffer_size;
79 static const int iso_buffer_max = 4 * 1024 * 1024; /* 4 MB */
80
81 static struct hpsb_highlevel raw1394_highlevel;
82
83 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
84 u64 addr, size_t length, u16 flags);
85 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
86 quadlet_t * data, u64 addr, size_t length, u16 flags);
87 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
88 u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
89 u16 flags);
90 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
91 u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
92 u16 flags);
93 static struct hpsb_address_ops arm_ops = {
94 .read = arm_read,
95 .write = arm_write,
96 .lock = arm_lock,
97 .lock64 = arm_lock64,
98 };
99
100 static void queue_complete_cb(struct pending_request *req);
101
102 #include <asm/current.h>
103 static void print_old_iso_deprecation(void)
104 {
105 static pid_t p;
106
107 if (p == current->pid)
108 return;
109 p = current->pid;
110 printk(KERN_WARNING "raw1394: WARNING - Program \"%s\" uses unsupported"
111 " isochronous request types which will be removed in a next"
112 " kernel release\n", current->comm);
113 printk(KERN_WARNING "raw1394: Update your software to use libraw1394's"
114 " newer interface\n");
115 }
116
117 static struct pending_request *__alloc_pending_request(gfp_t flags)
118 {
119 struct pending_request *req;
120
121 req = kzalloc(sizeof(*req), flags);
122 if (req)
123 INIT_LIST_HEAD(&req->list);
124
125 return req;
126 }
127
128 static inline struct pending_request *alloc_pending_request(void)
129 {
130 return __alloc_pending_request(GFP_KERNEL);
131 }
132
133 static void free_pending_request(struct pending_request *req)
134 {
135 if (req->ibs) {
136 if (atomic_dec_and_test(&req->ibs->refcount)) {
137 atomic_sub(req->ibs->data_size, &iso_buffer_size);
138 kfree(req->ibs);
139 }
140 } else if (req->free_data) {
141 kfree(req->data);
142 }
143 hpsb_free_packet(req->packet);
144 kfree(req);
145 }
146
147 /* fi->reqlists_lock must be taken */
148 static void __queue_complete_req(struct pending_request *req)
149 {
150 struct file_info *fi = req->file_info;
151
152 list_move_tail(&req->list, &fi->req_complete);
153 wake_up(&fi->wait_complete);
154 }
155
156 static void queue_complete_req(struct pending_request *req)
157 {
158 unsigned long flags;
159 struct file_info *fi = req->file_info;
160
161 spin_lock_irqsave(&fi->reqlists_lock, flags);
162 __queue_complete_req(req);
163 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
164 }
165
166 static void queue_complete_cb(struct pending_request *req)
167 {
168 struct hpsb_packet *packet = req->packet;
169 int rcode = (packet->header[1] >> 12) & 0xf;
170
171 switch (packet->ack_code) {
172 case ACKX_NONE:
173 case ACKX_SEND_ERROR:
174 req->req.error = RAW1394_ERROR_SEND_ERROR;
175 break;
176 case ACKX_ABORTED:
177 req->req.error = RAW1394_ERROR_ABORTED;
178 break;
179 case ACKX_TIMEOUT:
180 req->req.error = RAW1394_ERROR_TIMEOUT;
181 break;
182 default:
183 req->req.error = (packet->ack_code << 16) | rcode;
184 break;
185 }
186
187 if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
188 req->req.length = 0;
189 }
190
191 if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
192 (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
193 (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
194 (req->req.type == RAW1394_REQ_LOCK) ||
195 (req->req.type == RAW1394_REQ_LOCK64))
196 hpsb_free_tlabel(packet);
197
198 queue_complete_req(req);
199 }
200
201 static void add_host(struct hpsb_host *host)
202 {
203 struct host_info *hi;
204 unsigned long flags;
205
206 hi = kmalloc(sizeof(*hi), GFP_KERNEL);
207
208 if (hi) {
209 INIT_LIST_HEAD(&hi->list);
210 hi->host = host;
211 INIT_LIST_HEAD(&hi->file_info_list);
212
213 spin_lock_irqsave(&host_info_lock, flags);
214 list_add_tail(&hi->list, &host_info_list);
215 host_count++;
216 spin_unlock_irqrestore(&host_info_lock, flags);
217 }
218
219 atomic_inc(&internal_generation);
220 }
221
222 static struct host_info *find_host_info(struct hpsb_host *host)
223 {
224 struct host_info *hi;
225
226 list_for_each_entry(hi, &host_info_list, list)
227 if (hi->host == host)
228 return hi;
229
230 return NULL;
231 }
232
233 static void remove_host(struct hpsb_host *host)
234 {
235 struct host_info *hi;
236 unsigned long flags;
237
238 spin_lock_irqsave(&host_info_lock, flags);
239 hi = find_host_info(host);
240
241 if (hi != NULL) {
242 list_del(&hi->list);
243 host_count--;
244 /*
245 FIXME: address ranges should be removed
246 and fileinfo states should be initialized
247 (including setting generation to
248 internal-generation ...)
249 */
250 }
251 spin_unlock_irqrestore(&host_info_lock, flags);
252
253 if (hi == NULL) {
254 printk(KERN_ERR "raw1394: attempt to remove unknown host "
255 "0x%p\n", host);
256 return;
257 }
258
259 kfree(hi);
260
261 atomic_inc(&internal_generation);
262 }
263
264 static void host_reset(struct hpsb_host *host)
265 {
266 unsigned long flags;
267 struct host_info *hi;
268 struct file_info *fi;
269 struct pending_request *req;
270
271 spin_lock_irqsave(&host_info_lock, flags);
272 hi = find_host_info(host);
273
274 if (hi != NULL) {
275 list_for_each_entry(fi, &hi->file_info_list, list) {
276 if (fi->notification == RAW1394_NOTIFY_ON) {
277 req = __alloc_pending_request(GFP_ATOMIC);
278
279 if (req != NULL) {
280 req->file_info = fi;
281 req->req.type = RAW1394_REQ_BUS_RESET;
282 req->req.generation =
283 get_hpsb_generation(host);
284 req->req.misc = (host->node_id << 16)
285 | host->node_count;
286 if (fi->protocol_version > 3) {
287 req->req.misc |=
288 (NODEID_TO_NODE
289 (host->irm_id)
290 << 8);
291 }
292
293 queue_complete_req(req);
294 }
295 }
296 }
297 }
298 spin_unlock_irqrestore(&host_info_lock, flags);
299 }
300
301 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
302 size_t length)
303 {
304 unsigned long flags;
305 struct host_info *hi;
306 struct file_info *fi;
307 struct pending_request *req, *req_next;
308 struct iso_block_store *ibs = NULL;
309 LIST_HEAD(reqs);
310
311 if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
312 HPSB_INFO("dropped iso packet");
313 return;
314 }
315
316 spin_lock_irqsave(&host_info_lock, flags);
317 hi = find_host_info(host);
318
319 if (hi != NULL) {
320 list_for_each_entry(fi, &hi->file_info_list, list) {
321 if (!(fi->listen_channels & (1ULL << channel)))
322 continue;
323
324 req = __alloc_pending_request(GFP_ATOMIC);
325 if (!req)
326 break;
327
328 if (!ibs) {
329 ibs = kmalloc(sizeof(*ibs) + length,
330 GFP_ATOMIC);
331 if (!ibs) {
332 kfree(req);
333 break;
334 }
335
336 atomic_add(length, &iso_buffer_size);
337 atomic_set(&ibs->refcount, 0);
338 ibs->data_size = length;
339 memcpy(ibs->data, data, length);
340 }
341
342 atomic_inc(&ibs->refcount);
343
344 req->file_info = fi;
345 req->ibs = ibs;
346 req->data = ibs->data;
347 req->req.type = RAW1394_REQ_ISO_RECEIVE;
348 req->req.generation = get_hpsb_generation(host);
349 req->req.misc = 0;
350 req->req.recvb = ptr2int(fi->iso_buffer);
351 req->req.length = min(length, fi->iso_buffer_length);
352
353 list_add_tail(&req->list, &reqs);
354 }
355 }
356 spin_unlock_irqrestore(&host_info_lock, flags);
357
358 list_for_each_entry_safe(req, req_next, &reqs, list)
359 queue_complete_req(req);
360 }
361
362 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
363 int cts, u8 * data, size_t length)
364 {
365 unsigned long flags;
366 struct host_info *hi;
367 struct file_info *fi;
368 struct pending_request *req, *req_next;
369 struct iso_block_store *ibs = NULL;
370 LIST_HEAD(reqs);
371
372 if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
373 HPSB_INFO("dropped fcp request");
374 return;
375 }
376
377 spin_lock_irqsave(&host_info_lock, flags);
378 hi = find_host_info(host);
379
380 if (hi != NULL) {
381 list_for_each_entry(fi, &hi->file_info_list, list) {
382 if (!fi->fcp_buffer)
383 continue;
384
385 req = __alloc_pending_request(GFP_ATOMIC);
386 if (!req)
387 break;
388
389 if (!ibs) {
390 ibs = kmalloc(sizeof(*ibs) + length,
391 GFP_ATOMIC);
392 if (!ibs) {
393 kfree(req);
394 break;
395 }
396
397 atomic_add(length, &iso_buffer_size);
398 atomic_set(&ibs->refcount, 0);
399 ibs->data_size = length;
400 memcpy(ibs->data, data, length);
401 }
402
403 atomic_inc(&ibs->refcount);
404
405 req->file_info = fi;
406 req->ibs = ibs;
407 req->data = ibs->data;
408 req->req.type = RAW1394_REQ_FCP_REQUEST;
409 req->req.generation = get_hpsb_generation(host);
410 req->req.misc = nodeid | (direction << 16);
411 req->req.recvb = ptr2int(fi->fcp_buffer);
412 req->req.length = length;
413
414 list_add_tail(&req->list, &reqs);
415 }
416 }
417 spin_unlock_irqrestore(&host_info_lock, flags);
418
419 list_for_each_entry_safe(req, req_next, &reqs, list)
420 queue_complete_req(req);
421 }
422
423 #ifdef CONFIG_COMPAT
424 struct compat_raw1394_req {
425 __u32 type;
426 __s32 error;
427 __u32 misc;
428
429 __u32 generation;
430 __u32 length;
431
432 __u64 address;
433
434 __u64 tag;
435
436 __u64 sendb;
437 __u64 recvb;
438 } __attribute__((packed));
439
440 static const char __user *raw1394_compat_write(const char __user *buf)
441 {
442 struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
443 struct raw1394_request __user *r;
444 r = compat_alloc_user_space(sizeof(struct raw1394_request));
445
446 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
447
448 if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
449 C(address) ||
450 C(tag) ||
451 C(sendb) ||
452 C(recvb))
453 return ERR_PTR(-EFAULT);
454 return (const char __user *)r;
455 }
456 #undef C
457
458 #define P(x) __put_user(r->x, &cr->x)
459
460 static int
461 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
462 {
463 struct compat_raw1394_req __user *cr = (typeof(cr)) r;
464 if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
465 P(type) ||
466 P(error) ||
467 P(misc) ||
468 P(generation) ||
469 P(length) ||
470 P(address) ||
471 P(tag) ||
472 P(sendb) ||
473 P(recvb))
474 return -EFAULT;
475 return sizeof(struct compat_raw1394_req);
476 }
477 #undef P
478
479 #endif
480
481 /* get next completed request (caller must hold fi->reqlists_lock) */
482 static inline struct pending_request *__next_complete_req(struct file_info *fi)
483 {
484 struct list_head *lh;
485 struct pending_request *req = NULL;
486
487 if (!list_empty(&fi->req_complete)) {
488 lh = fi->req_complete.next;
489 list_del(lh);
490 req = list_entry(lh, struct pending_request, list);
491 }
492 return req;
493 }
494
495 /* atomically get next completed request */
496 static struct pending_request *next_complete_req(struct file_info *fi)
497 {
498 unsigned long flags;
499 struct pending_request *req;
500
501 spin_lock_irqsave(&fi->reqlists_lock, flags);
502 req = __next_complete_req(fi);
503 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
504 return req;
505 }
506
507 static ssize_t raw1394_read(struct file *file, char __user * buffer,
508 size_t count, loff_t * offset_is_ignored)
509 {
510 struct file_info *fi = (struct file_info *)file->private_data;
511 struct pending_request *req;
512 ssize_t ret;
513
514 #ifdef CONFIG_COMPAT
515 if (count == sizeof(struct compat_raw1394_req)) {
516 /* ok */
517 } else
518 #endif
519 if (count != sizeof(struct raw1394_request)) {
520 return -EINVAL;
521 }
522
523 if (!access_ok(VERIFY_WRITE, buffer, count)) {
524 return -EFAULT;
525 }
526
527 if (file->f_flags & O_NONBLOCK) {
528 if (!(req = next_complete_req(fi)))
529 return -EAGAIN;
530 } else {
531 /*
532 * NB: We call the macro wait_event_interruptible() with a
533 * condition argument with side effect. This is only possible
534 * because the side effect does not occur until the condition
535 * became true, and wait_event_interruptible() won't evaluate
536 * the condition again after that.
537 */
538 if (wait_event_interruptible(fi->wait_complete,
539 (req = next_complete_req(fi))))
540 return -ERESTARTSYS;
541 }
542
543 if (req->req.length) {
544 if (copy_to_user(int2ptr(req->req.recvb), req->data,
545 req->req.length)) {
546 req->req.error = RAW1394_ERROR_MEMFAULT;
547 }
548 }
549
550 #ifdef CONFIG_COMPAT
551 if (count == sizeof(struct compat_raw1394_req) &&
552 sizeof(struct compat_raw1394_req) !=
553 sizeof(struct raw1394_request)) {
554 ret = raw1394_compat_read(buffer, &req->req);
555 } else
556 #endif
557 {
558 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
559 ret = -EFAULT;
560 goto out;
561 }
562 ret = (ssize_t) sizeof(struct raw1394_request);
563 }
564 out:
565 free_pending_request(req);
566 return ret;
567 }
568
569 static int state_opened(struct file_info *fi, struct pending_request *req)
570 {
571 if (req->req.type == RAW1394_REQ_INITIALIZE) {
572 switch (req->req.misc) {
573 case RAW1394_KERNELAPI_VERSION:
574 case 3:
575 fi->state = initialized;
576 fi->protocol_version = req->req.misc;
577 req->req.error = RAW1394_ERROR_NONE;
578 req->req.generation = atomic_read(&internal_generation);
579 break;
580
581 default:
582 req->req.error = RAW1394_ERROR_COMPAT;
583 req->req.misc = RAW1394_KERNELAPI_VERSION;
584 }
585 } else {
586 req->req.error = RAW1394_ERROR_STATE_ORDER;
587 }
588
589 req->req.length = 0;
590 queue_complete_req(req);
591 return sizeof(struct raw1394_request);
592 }
593
594 static int state_initialized(struct file_info *fi, struct pending_request *req)
595 {
596 unsigned long flags;
597 struct host_info *hi;
598 struct raw1394_khost_list *khl;
599
600 if (req->req.generation != atomic_read(&internal_generation)) {
601 req->req.error = RAW1394_ERROR_GENERATION;
602 req->req.generation = atomic_read(&internal_generation);
603 req->req.length = 0;
604 queue_complete_req(req);
605 return sizeof(struct raw1394_request);
606 }
607
608 switch (req->req.type) {
609 case RAW1394_REQ_LIST_CARDS:
610 spin_lock_irqsave(&host_info_lock, flags);
611 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
612
613 if (khl) {
614 req->req.misc = host_count;
615 req->data = (quadlet_t *) khl;
616
617 list_for_each_entry(hi, &host_info_list, list) {
618 khl->nodes = hi->host->node_count;
619 strcpy(khl->name, hi->host->driver->name);
620 khl++;
621 }
622 }
623 spin_unlock_irqrestore(&host_info_lock, flags);
624
625 if (khl) {
626 req->req.error = RAW1394_ERROR_NONE;
627 req->req.length = min(req->req.length,
628 (u32) (sizeof
629 (struct raw1394_khost_list)
630 * req->req.misc));
631 req->free_data = 1;
632 } else {
633 return -ENOMEM;
634 }
635 break;
636
637 case RAW1394_REQ_SET_CARD:
638 spin_lock_irqsave(&host_info_lock, flags);
639 if (req->req.misc >= host_count) {
640 req->req.error = RAW1394_ERROR_INVALID_ARG;
641 goto out_set_card;
642 }
643 list_for_each_entry(hi, &host_info_list, list)
644 if (!req->req.misc--)
645 break;
646 get_device(&hi->host->device); /* FIXME handle failure case */
647 list_add_tail(&fi->list, &hi->file_info_list);
648
649 /* prevent unloading of the host's low-level driver */
650 if (!try_module_get(hi->host->driver->owner)) {
651 req->req.error = RAW1394_ERROR_ABORTED;
652 goto out_set_card;
653 }
654 WARN_ON(fi->host);
655 fi->host = hi->host;
656 fi->state = connected;
657
658 req->req.error = RAW1394_ERROR_NONE;
659 req->req.generation = get_hpsb_generation(fi->host);
660 req->req.misc = (fi->host->node_id << 16)
661 | fi->host->node_count;
662 if (fi->protocol_version > 3)
663 req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
664 out_set_card:
665 spin_unlock_irqrestore(&host_info_lock, flags);
666
667 req->req.length = 0;
668 break;
669
670 default:
671 req->req.error = RAW1394_ERROR_STATE_ORDER;
672 req->req.length = 0;
673 break;
674 }
675
676 queue_complete_req(req);
677 return sizeof(struct raw1394_request);
678 }
679
680 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
681 {
682 int channel = req->req.misc;
683
684 if ((channel > 63) || (channel < -64)) {
685 req->req.error = RAW1394_ERROR_INVALID_ARG;
686 } else if (channel >= 0) {
687 /* allocate channel req.misc */
688 if (fi->listen_channels & (1ULL << channel)) {
689 req->req.error = RAW1394_ERROR_ALREADY;
690 } else {
691 if (hpsb_listen_channel
692 (&raw1394_highlevel, fi->host, channel)) {
693 req->req.error = RAW1394_ERROR_ALREADY;
694 } else {
695 fi->listen_channels |= 1ULL << channel;
696 fi->iso_buffer = int2ptr(req->req.recvb);
697 fi->iso_buffer_length = req->req.length;
698 }
699 }
700 } else {
701 /* deallocate channel (one's complement neg) req.misc */
702 channel = ~channel;
703
704 if (fi->listen_channels & (1ULL << channel)) {
705 hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
706 channel);
707 fi->listen_channels &= ~(1ULL << channel);
708 } else {
709 req->req.error = RAW1394_ERROR_INVALID_ARG;
710 }
711 }
712
713 req->req.length = 0;
714 queue_complete_req(req);
715 }
716
717 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
718 {
719 if (req->req.misc) {
720 if (fi->fcp_buffer) {
721 req->req.error = RAW1394_ERROR_ALREADY;
722 } else {
723 fi->fcp_buffer = int2ptr(req->req.recvb);
724 }
725 } else {
726 if (!fi->fcp_buffer) {
727 req->req.error = RAW1394_ERROR_ALREADY;
728 } else {
729 fi->fcp_buffer = NULL;
730 }
731 }
732
733 req->req.length = 0;
734 queue_complete_req(req);
735 }
736
737 static int handle_async_request(struct file_info *fi,
738 struct pending_request *req, int node)
739 {
740 unsigned long flags;
741 struct hpsb_packet *packet = NULL;
742 u64 addr = req->req.address & 0xffffffffffffULL;
743
744 switch (req->req.type) {
745 case RAW1394_REQ_ASYNC_READ:
746 DBGMSG("read_request called");
747 packet =
748 hpsb_make_readpacket(fi->host, node, addr, req->req.length);
749
750 if (!packet)
751 return -ENOMEM;
752
753 if (req->req.length == 4)
754 req->data = &packet->header[3];
755 else
756 req->data = packet->data;
757
758 break;
759
760 case RAW1394_REQ_ASYNC_WRITE:
761 DBGMSG("write_request called");
762
763 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
764 req->req.length);
765 if (!packet)
766 return -ENOMEM;
767
768 if (req->req.length == 4) {
769 if (copy_from_user
770 (&packet->header[3], int2ptr(req->req.sendb),
771 req->req.length))
772 req->req.error = RAW1394_ERROR_MEMFAULT;
773 } else {
774 if (copy_from_user
775 (packet->data, int2ptr(req->req.sendb),
776 req->req.length))
777 req->req.error = RAW1394_ERROR_MEMFAULT;
778 }
779
780 req->req.length = 0;
781 break;
782
783 case RAW1394_REQ_ASYNC_STREAM:
784 DBGMSG("stream_request called");
785
786 packet =
787 hpsb_make_streampacket(fi->host, NULL, req->req.length,
788 node & 0x3f /*channel */ ,
789 (req->req.misc >> 16) & 0x3,
790 req->req.misc & 0xf);
791 if (!packet)
792 return -ENOMEM;
793
794 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
795 req->req.length))
796 req->req.error = RAW1394_ERROR_MEMFAULT;
797
798 req->req.length = 0;
799 break;
800
801 case RAW1394_REQ_LOCK:
802 DBGMSG("lock_request called");
803 if ((req->req.misc == EXTCODE_FETCH_ADD)
804 || (req->req.misc == EXTCODE_LITTLE_ADD)) {
805 if (req->req.length != 4) {
806 req->req.error = RAW1394_ERROR_INVALID_ARG;
807 break;
808 }
809 } else {
810 if (req->req.length != 8) {
811 req->req.error = RAW1394_ERROR_INVALID_ARG;
812 break;
813 }
814 }
815
816 packet = hpsb_make_lockpacket(fi->host, node, addr,
817 req->req.misc, NULL, 0);
818 if (!packet)
819 return -ENOMEM;
820
821 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
822 req->req.length)) {
823 req->req.error = RAW1394_ERROR_MEMFAULT;
824 break;
825 }
826
827 req->data = packet->data;
828 req->req.length = 4;
829 break;
830
831 case RAW1394_REQ_LOCK64:
832 DBGMSG("lock64_request called");
833 if ((req->req.misc == EXTCODE_FETCH_ADD)
834 || (req->req.misc == EXTCODE_LITTLE_ADD)) {
835 if (req->req.length != 8) {
836 req->req.error = RAW1394_ERROR_INVALID_ARG;
837 break;
838 }
839 } else {
840 if (req->req.length != 16) {
841 req->req.error = RAW1394_ERROR_INVALID_ARG;
842 break;
843 }
844 }
845 packet = hpsb_make_lock64packet(fi->host, node, addr,
846 req->req.misc, NULL, 0);
847 if (!packet)
848 return -ENOMEM;
849
850 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
851 req->req.length)) {
852 req->req.error = RAW1394_ERROR_MEMFAULT;
853 break;
854 }
855
856 req->data = packet->data;
857 req->req.length = 8;
858 break;
859
860 default:
861 req->req.error = RAW1394_ERROR_STATE_ORDER;
862 }
863
864 req->packet = packet;
865
866 if (req->req.error) {
867 req->req.length = 0;
868 queue_complete_req(req);
869 return sizeof(struct raw1394_request);
870 }
871
872 hpsb_set_packet_complete_task(packet,
873 (void (*)(void *))queue_complete_cb, req);
874
875 spin_lock_irqsave(&fi->reqlists_lock, flags);
876 list_add_tail(&req->list, &fi->req_pending);
877 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
878
879 packet->generation = req->req.generation;
880
881 if (hpsb_send_packet(packet) < 0) {
882 req->req.error = RAW1394_ERROR_SEND_ERROR;
883 req->req.length = 0;
884 hpsb_free_tlabel(packet);
885 queue_complete_req(req);
886 }
887 return sizeof(struct raw1394_request);
888 }
889
890 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
891 int channel)
892 {
893 unsigned long flags;
894 struct hpsb_packet *packet;
895
896 packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
897 (req->req.misc >> 16) & 0x3,
898 req->req.misc & 0xf);
899 if (!packet)
900 return -ENOMEM;
901
902 packet->speed_code = req->req.address & 0x3;
903
904 req->packet = packet;
905
906 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
907 req->req.length)) {
908 req->req.error = RAW1394_ERROR_MEMFAULT;
909 req->req.length = 0;
910 queue_complete_req(req);
911 return sizeof(struct raw1394_request);
912 }
913
914 req->req.length = 0;
915 hpsb_set_packet_complete_task(packet,
916 (void (*)(void *))queue_complete_req,
917 req);
918
919 spin_lock_irqsave(&fi->reqlists_lock, flags);
920 list_add_tail(&req->list, &fi->req_pending);
921 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
922
923 /* Update the generation of the packet just before sending. */
924 packet->generation = req->req.generation;
925
926 if (hpsb_send_packet(packet) < 0) {
927 req->req.error = RAW1394_ERROR_SEND_ERROR;
928 queue_complete_req(req);
929 }
930
931 return sizeof(struct raw1394_request);
932 }
933
934 static int handle_async_send(struct file_info *fi, struct pending_request *req)
935 {
936 unsigned long flags;
937 struct hpsb_packet *packet;
938 int header_length = req->req.misc & 0xffff;
939 int expect_response = req->req.misc >> 16;
940
941 if ((header_length > req->req.length) || (header_length < 12)) {
942 req->req.error = RAW1394_ERROR_INVALID_ARG;
943 req->req.length = 0;
944 queue_complete_req(req);
945 return sizeof(struct raw1394_request);
946 }
947
948 packet = hpsb_alloc_packet(req->req.length - header_length);
949 req->packet = packet;
950 if (!packet)
951 return -ENOMEM;
952
953 if (copy_from_user(packet->header, int2ptr(req->req.sendb),
954 header_length)) {
955 req->req.error = RAW1394_ERROR_MEMFAULT;
956 req->req.length = 0;
957 queue_complete_req(req);
958 return sizeof(struct raw1394_request);
959 }
960
961 if (copy_from_user
962 (packet->data, int2ptr(req->req.sendb) + header_length,
963 packet->data_size)) {
964 req->req.error = RAW1394_ERROR_MEMFAULT;
965 req->req.length = 0;
966 queue_complete_req(req);
967 return sizeof(struct raw1394_request);
968 }
969
970 packet->type = hpsb_async;
971 packet->node_id = packet->header[0] >> 16;
972 packet->tcode = (packet->header[0] >> 4) & 0xf;
973 packet->tlabel = (packet->header[0] >> 10) & 0x3f;
974 packet->host = fi->host;
975 packet->expect_response = expect_response;
976 packet->header_size = header_length;
977 packet->data_size = req->req.length - header_length;
978
979 req->req.length = 0;
980 hpsb_set_packet_complete_task(packet,
981 (void (*)(void *))queue_complete_cb, req);
982
983 spin_lock_irqsave(&fi->reqlists_lock, flags);
984 list_add_tail(&req->list, &fi->req_pending);
985 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
986
987 /* Update the generation of the packet just before sending. */
988 packet->generation = req->req.generation;
989
990 if (hpsb_send_packet(packet) < 0) {
991 req->req.error = RAW1394_ERROR_SEND_ERROR;
992 queue_complete_req(req);
993 }
994
995 return sizeof(struct raw1394_request);
996 }
997
998 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
999 u64 addr, size_t length, u16 flags)
1000 {
1001 unsigned long irqflags;
1002 struct pending_request *req;
1003 struct host_info *hi;
1004 struct file_info *fi = NULL;
1005 struct list_head *entry;
1006 struct arm_addr *arm_addr = NULL;
1007 struct arm_request *arm_req = NULL;
1008 struct arm_response *arm_resp = NULL;
1009 int found = 0, size = 0, rcode = -1;
1010 struct arm_request_response *arm_req_resp = NULL;
1011
1012 DBGMSG("arm_read called by node: %X"
1013 "addr: %4.4x %8.8x length: %Zu", nodeid,
1014 (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1015 length);
1016 spin_lock_irqsave(&host_info_lock, irqflags);
1017 hi = find_host_info(host); /* search address-entry */
1018 if (hi != NULL) {
1019 list_for_each_entry(fi, &hi->file_info_list, list) {
1020 entry = fi->addr_list.next;
1021 while (entry != &(fi->addr_list)) {
1022 arm_addr =
1023 list_entry(entry, struct arm_addr,
1024 addr_list);
1025 if (((arm_addr->start) <= (addr))
1026 && ((arm_addr->end) >= (addr + length))) {
1027 found = 1;
1028 break;
1029 }
1030 entry = entry->next;
1031 }
1032 if (found) {
1033 break;
1034 }
1035 }
1036 }
1037 rcode = -1;
1038 if (!found) {
1039 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
1040 " -> rcode_address_error\n");
1041 spin_unlock_irqrestore(&host_info_lock, irqflags);
1042 return (RCODE_ADDRESS_ERROR);
1043 } else {
1044 DBGMSG("arm_read addr_entry FOUND");
1045 }
1046 if (arm_addr->rec_length < length) {
1047 DBGMSG("arm_read blocklength too big -> rcode_data_error");
1048 rcode = RCODE_DATA_ERROR; /* hardware error, data is unavailable */
1049 }
1050 if (rcode == -1) {
1051 if (arm_addr->access_rights & ARM_READ) {
1052 if (!(arm_addr->client_transactions & ARM_READ)) {
1053 memcpy(buffer,
1054 (arm_addr->addr_space_buffer) + (addr -
1055 (arm_addr->
1056 start)),
1057 length);
1058 DBGMSG("arm_read -> (rcode_complete)");
1059 rcode = RCODE_COMPLETE;
1060 }
1061 } else {
1062 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1063 DBGMSG("arm_read -> rcode_type_error (access denied)");
1064 }
1065 }
1066 if (arm_addr->notification_options & ARM_READ) {
1067 DBGMSG("arm_read -> entering notification-section");
1068 req = __alloc_pending_request(GFP_ATOMIC);
1069 if (!req) {
1070 DBGMSG("arm_read -> rcode_conflict_error");
1071 spin_unlock_irqrestore(&host_info_lock, irqflags);
1072 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1073 The request may be retried */
1074 }
1075 if (rcode == RCODE_COMPLETE) {
1076 size =
1077 sizeof(struct arm_request) +
1078 sizeof(struct arm_response) +
1079 length * sizeof(byte_t) +
1080 sizeof(struct arm_request_response);
1081 } else {
1082 size =
1083 sizeof(struct arm_request) +
1084 sizeof(struct arm_response) +
1085 sizeof(struct arm_request_response);
1086 }
1087 req->data = kmalloc(size, GFP_ATOMIC);
1088 if (!(req->data)) {
1089 free_pending_request(req);
1090 DBGMSG("arm_read -> rcode_conflict_error");
1091 spin_unlock_irqrestore(&host_info_lock, irqflags);
1092 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1093 The request may be retried */
1094 }
1095 req->free_data = 1;
1096 req->file_info = fi;
1097 req->req.type = RAW1394_REQ_ARM;
1098 req->req.generation = get_hpsb_generation(host);
1099 req->req.misc =
1100 (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
1101 req->req.tag = arm_addr->arm_tag;
1102 req->req.recvb = arm_addr->recvb;
1103 req->req.length = size;
1104 arm_req_resp = (struct arm_request_response *)(req->data);
1105 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1106 (sizeof
1107 (struct
1108 arm_request_response)));
1109 arm_resp =
1110 (struct arm_response *)((byte_t *) (arm_req) +
1111 (sizeof(struct arm_request)));
1112 arm_req->buffer = NULL;
1113 arm_resp->buffer = NULL;
1114 if (rcode == RCODE_COMPLETE) {
1115 byte_t *buf =
1116 (byte_t *) arm_resp + sizeof(struct arm_response);
1117 memcpy(buf,
1118 (arm_addr->addr_space_buffer) + (addr -
1119 (arm_addr->
1120 start)),
1121 length);
1122 arm_resp->buffer =
1123 int2ptr((arm_addr->recvb) +
1124 sizeof(struct arm_request_response) +
1125 sizeof(struct arm_request) +
1126 sizeof(struct arm_response));
1127 }
1128 arm_resp->buffer_length =
1129 (rcode == RCODE_COMPLETE) ? length : 0;
1130 arm_resp->response_code = rcode;
1131 arm_req->buffer_length = 0;
1132 arm_req->generation = req->req.generation;
1133 arm_req->extended_transaction_code = 0;
1134 arm_req->destination_offset = addr;
1135 arm_req->source_nodeid = nodeid;
1136 arm_req->destination_nodeid = host->node_id;
1137 arm_req->tlabel = (flags >> 10) & 0x3f;
1138 arm_req->tcode = (flags >> 4) & 0x0f;
1139 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1140 sizeof(struct
1141 arm_request_response));
1142 arm_req_resp->response =
1143 int2ptr((arm_addr->recvb) +
1144 sizeof(struct arm_request_response) +
1145 sizeof(struct arm_request));
1146 queue_complete_req(req);
1147 }
1148 spin_unlock_irqrestore(&host_info_lock, irqflags);
1149 return (rcode);
1150 }
1151
1152 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1153 quadlet_t * data, u64 addr, size_t length, u16 flags)
1154 {
1155 unsigned long irqflags;
1156 struct pending_request *req;
1157 struct host_info *hi;
1158 struct file_info *fi = NULL;
1159 struct list_head *entry;
1160 struct arm_addr *arm_addr = NULL;
1161 struct arm_request *arm_req = NULL;
1162 struct arm_response *arm_resp = NULL;
1163 int found = 0, size = 0, rcode = -1, length_conflict = 0;
1164 struct arm_request_response *arm_req_resp = NULL;
1165
1166 DBGMSG("arm_write called by node: %X"
1167 "addr: %4.4x %8.8x length: %Zu", nodeid,
1168 (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1169 length);
1170 spin_lock_irqsave(&host_info_lock, irqflags);
1171 hi = find_host_info(host); /* search address-entry */
1172 if (hi != NULL) {
1173 list_for_each_entry(fi, &hi->file_info_list, list) {
1174 entry = fi->addr_list.next;
1175 while (entry != &(fi->addr_list)) {
1176 arm_addr =
1177 list_entry(entry, struct arm_addr,
1178 addr_list);
1179 if (((arm_addr->start) <= (addr))
1180 && ((arm_addr->end) >= (addr + length))) {
1181 found = 1;
1182 break;
1183 }
1184 entry = entry->next;
1185 }
1186 if (found) {
1187 break;
1188 }
1189 }
1190 }
1191 rcode = -1;
1192 if (!found) {
1193 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1194 " -> rcode_address_error\n");
1195 spin_unlock_irqrestore(&host_info_lock, irqflags);
1196 return (RCODE_ADDRESS_ERROR);
1197 } else {
1198 DBGMSG("arm_write addr_entry FOUND");
1199 }
1200 if (arm_addr->rec_length < length) {
1201 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1202 length_conflict = 1;
1203 rcode = RCODE_DATA_ERROR; /* hardware error, data is unavailable */
1204 }
1205 if (rcode == -1) {
1206 if (arm_addr->access_rights & ARM_WRITE) {
1207 if (!(arm_addr->client_transactions & ARM_WRITE)) {
1208 memcpy((arm_addr->addr_space_buffer) +
1209 (addr - (arm_addr->start)), data,
1210 length);
1211 DBGMSG("arm_write -> (rcode_complete)");
1212 rcode = RCODE_COMPLETE;
1213 }
1214 } else {
1215 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1216 DBGMSG("arm_write -> rcode_type_error (access denied)");
1217 }
1218 }
1219 if (arm_addr->notification_options & ARM_WRITE) {
1220 DBGMSG("arm_write -> entering notification-section");
1221 req = __alloc_pending_request(GFP_ATOMIC);
1222 if (!req) {
1223 DBGMSG("arm_write -> rcode_conflict_error");
1224 spin_unlock_irqrestore(&host_info_lock, irqflags);
1225 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1226 The request my be retried */
1227 }
1228 size =
1229 sizeof(struct arm_request) + sizeof(struct arm_response) +
1230 (length) * sizeof(byte_t) +
1231 sizeof(struct arm_request_response);
1232 req->data = kmalloc(size, GFP_ATOMIC);
1233 if (!(req->data)) {
1234 free_pending_request(req);
1235 DBGMSG("arm_write -> rcode_conflict_error");
1236 spin_unlock_irqrestore(&host_info_lock, irqflags);
1237 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1238 The request may be retried */
1239 }
1240 req->free_data = 1;
1241 req->file_info = fi;
1242 req->req.type = RAW1394_REQ_ARM;
1243 req->req.generation = get_hpsb_generation(host);
1244 req->req.misc =
1245 (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1246 req->req.tag = arm_addr->arm_tag;
1247 req->req.recvb = arm_addr->recvb;
1248 req->req.length = size;
1249 arm_req_resp = (struct arm_request_response *)(req->data);
1250 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1251 (sizeof
1252 (struct
1253 arm_request_response)));
1254 arm_resp =
1255 (struct arm_response *)((byte_t *) (arm_req) +
1256 (sizeof(struct arm_request)));
1257 arm_resp->buffer = NULL;
1258 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1259 data, length);
1260 arm_req->buffer = int2ptr((arm_addr->recvb) +
1261 sizeof(struct arm_request_response) +
1262 sizeof(struct arm_request) +
1263 sizeof(struct arm_response));
1264 arm_req->buffer_length = length;
1265 arm_req->generation = req->req.generation;
1266 arm_req->extended_transaction_code = 0;
1267 arm_req->destination_offset = addr;
1268 arm_req->source_nodeid = nodeid;
1269 arm_req->destination_nodeid = destid;
1270 arm_req->tlabel = (flags >> 10) & 0x3f;
1271 arm_req->tcode = (flags >> 4) & 0x0f;
1272 arm_resp->buffer_length = 0;
1273 arm_resp->response_code = rcode;
1274 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1275 sizeof(struct
1276 arm_request_response));
1277 arm_req_resp->response =
1278 int2ptr((arm_addr->recvb) +
1279 sizeof(struct arm_request_response) +
1280 sizeof(struct arm_request));
1281 queue_complete_req(req);
1282 }
1283 spin_unlock_irqrestore(&host_info_lock, irqflags);
1284 return (rcode);
1285 }
1286
1287 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1288 u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1289 u16 flags)
1290 {
1291 unsigned long irqflags;
1292 struct pending_request *req;
1293 struct host_info *hi;
1294 struct file_info *fi = NULL;
1295 struct list_head *entry;
1296 struct arm_addr *arm_addr = NULL;
1297 struct arm_request *arm_req = NULL;
1298 struct arm_response *arm_resp = NULL;
1299 int found = 0, size = 0, rcode = -1;
1300 quadlet_t old, new;
1301 struct arm_request_response *arm_req_resp = NULL;
1302
1303 if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1304 ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1305 DBGMSG("arm_lock called by node: %X "
1306 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1307 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1308 (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1309 be32_to_cpu(data));
1310 } else {
1311 DBGMSG("arm_lock called by node: %X "
1312 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1313 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1314 (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1315 be32_to_cpu(data), be32_to_cpu(arg));
1316 }
1317 spin_lock_irqsave(&host_info_lock, irqflags);
1318 hi = find_host_info(host); /* search address-entry */
1319 if (hi != NULL) {
1320 list_for_each_entry(fi, &hi->file_info_list, list) {
1321 entry = fi->addr_list.next;
1322 while (entry != &(fi->addr_list)) {
1323 arm_addr =
1324 list_entry(entry, struct arm_addr,
1325 addr_list);
1326 if (((arm_addr->start) <= (addr))
1327 && ((arm_addr->end) >=
1328 (addr + sizeof(*store)))) {
1329 found = 1;
1330 break;
1331 }
1332 entry = entry->next;
1333 }
1334 if (found) {
1335 break;
1336 }
1337 }
1338 }
1339 rcode = -1;
1340 if (!found) {
1341 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1342 " -> rcode_address_error\n");
1343 spin_unlock_irqrestore(&host_info_lock, irqflags);
1344 return (RCODE_ADDRESS_ERROR);
1345 } else {
1346 DBGMSG("arm_lock addr_entry FOUND");
1347 }
1348 if (rcode == -1) {
1349 if (arm_addr->access_rights & ARM_LOCK) {
1350 if (!(arm_addr->client_transactions & ARM_LOCK)) {
1351 memcpy(&old,
1352 (arm_addr->addr_space_buffer) + (addr -
1353 (arm_addr->
1354 start)),
1355 sizeof(old));
1356 switch (ext_tcode) {
1357 case (EXTCODE_MASK_SWAP):
1358 new = data | (old & ~arg);
1359 break;
1360 case (EXTCODE_COMPARE_SWAP):
1361 if (old == arg) {
1362 new = data;
1363 } else {
1364 new = old;
1365 }
1366 break;
1367 case (EXTCODE_FETCH_ADD):
1368 new =
1369 cpu_to_be32(be32_to_cpu(data) +
1370 be32_to_cpu(old));
1371 break;
1372 case (EXTCODE_LITTLE_ADD):
1373 new =
1374 cpu_to_le32(le32_to_cpu(data) +
1375 le32_to_cpu(old));
1376 break;
1377 case (EXTCODE_BOUNDED_ADD):
1378 if (old != arg) {
1379 new =
1380 cpu_to_be32(be32_to_cpu
1381 (data) +
1382 be32_to_cpu
1383 (old));
1384 } else {
1385 new = old;
1386 }
1387 break;
1388 case (EXTCODE_WRAP_ADD):
1389 if (old != arg) {
1390 new =
1391 cpu_to_be32(be32_to_cpu
1392 (data) +
1393 be32_to_cpu
1394 (old));
1395 } else {
1396 new = data;
1397 }
1398 break;
1399 default:
1400 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1401 printk(KERN_ERR
1402 "raw1394: arm_lock FAILED "
1403 "ext_tcode not allowed -> rcode_type_error\n");
1404 break;
1405 } /*switch */
1406 if (rcode == -1) {
1407 DBGMSG("arm_lock -> (rcode_complete)");
1408 rcode = RCODE_COMPLETE;
1409 memcpy(store, &old, sizeof(*store));
1410 memcpy((arm_addr->addr_space_buffer) +
1411 (addr - (arm_addr->start)),
1412 &new, sizeof(*store));
1413 }
1414 }
1415 } else {
1416 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1417 DBGMSG("arm_lock -> rcode_type_error (access denied)");
1418 }
1419 }
1420 if (arm_addr->notification_options & ARM_LOCK) {
1421 byte_t *buf1, *buf2;
1422 DBGMSG("arm_lock -> entering notification-section");
1423 req = __alloc_pending_request(GFP_ATOMIC);
1424 if (!req) {
1425 DBGMSG("arm_lock -> rcode_conflict_error");
1426 spin_unlock_irqrestore(&host_info_lock, irqflags);
1427 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1428 The request may be retried */
1429 }
1430 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response); /* maximum */
1431 req->data = kmalloc(size, GFP_ATOMIC);
1432 if (!(req->data)) {
1433 free_pending_request(req);
1434 DBGMSG("arm_lock -> rcode_conflict_error");
1435 spin_unlock_irqrestore(&host_info_lock, irqflags);
1436 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1437 The request may be retried */
1438 }
1439 req->free_data = 1;
1440 arm_req_resp = (struct arm_request_response *)(req->data);
1441 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1442 (sizeof
1443 (struct
1444 arm_request_response)));
1445 arm_resp =
1446 (struct arm_response *)((byte_t *) (arm_req) +
1447 (sizeof(struct arm_request)));
1448 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1449 buf2 = buf1 + 2 * sizeof(*store);
1450 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1451 (ext_tcode == EXTCODE_LITTLE_ADD)) {
1452 arm_req->buffer_length = sizeof(*store);
1453 memcpy(buf1, &data, sizeof(*store));
1454
1455 } else {
1456 arm_req->buffer_length = 2 * sizeof(*store);
1457 memcpy(buf1, &arg, sizeof(*store));
1458 memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1459 }
1460 if (rcode == RCODE_COMPLETE) {
1461 arm_resp->buffer_length = sizeof(*store);
1462 memcpy(buf2, &old, sizeof(*store));
1463 } else {
1464 arm_resp->buffer_length = 0;
1465 }
1466 req->file_info = fi;
1467 req->req.type = RAW1394_REQ_ARM;
1468 req->req.generation = get_hpsb_generation(host);
1469 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1470 (ARM_LOCK & 0xFF));
1471 req->req.tag = arm_addr->arm_tag;
1472 req->req.recvb = arm_addr->recvb;
1473 req->req.length = size;
1474 arm_req->generation = req->req.generation;
1475 arm_req->extended_transaction_code = ext_tcode;
1476 arm_req->destination_offset = addr;
1477 arm_req->source_nodeid = nodeid;
1478 arm_req->destination_nodeid = host->node_id;
1479 arm_req->tlabel = (flags >> 10) & 0x3f;
1480 arm_req->tcode = (flags >> 4) & 0x0f;
1481 arm_resp->response_code = rcode;
1482 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1483 sizeof(struct
1484 arm_request_response));
1485 arm_req_resp->response =
1486 int2ptr((arm_addr->recvb) +
1487 sizeof(struct arm_request_response) +
1488 sizeof(struct arm_request));
1489 arm_req->buffer =
1490 int2ptr((arm_addr->recvb) +
1491 sizeof(struct arm_request_response) +
1492 sizeof(struct arm_request) +
1493 sizeof(struct arm_response));
1494 arm_resp->buffer =
1495 int2ptr((arm_addr->recvb) +
1496 sizeof(struct arm_request_response) +
1497 sizeof(struct arm_request) +
1498 sizeof(struct arm_response) + 2 * sizeof(*store));
1499 queue_complete_req(req);
1500 }
1501 spin_unlock_irqrestore(&host_info_lock, irqflags);
1502 return (rcode);
1503 }
1504
1505 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1506 u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1507 u16 flags)
1508 {
1509 unsigned long irqflags;
1510 struct pending_request *req;
1511 struct host_info *hi;
1512 struct file_info *fi = NULL;
1513 struct list_head *entry;
1514 struct arm_addr *arm_addr = NULL;
1515 struct arm_request *arm_req = NULL;
1516 struct arm_response *arm_resp = NULL;
1517 int found = 0, size = 0, rcode = -1;
1518 octlet_t old, new;
1519 struct arm_request_response *arm_req_resp = NULL;
1520
1521 if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1522 ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1523 DBGMSG("arm_lock64 called by node: %X "
1524 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1525 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1526 (u32) (addr & 0xFFFFFFFF),
1527 ext_tcode & 0xFF,
1528 (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1529 (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1530 } else {
1531 DBGMSG("arm_lock64 called by node: %X "
1532 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1533 "%8.8X %8.8X ",
1534 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1535 (u32) (addr & 0xFFFFFFFF),
1536 ext_tcode & 0xFF,
1537 (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1538 (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1539 (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1540 (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1541 }
1542 spin_lock_irqsave(&host_info_lock, irqflags);
1543 hi = find_host_info(host); /* search addressentry in file_info's for host */
1544 if (hi != NULL) {
1545 list_for_each_entry(fi, &hi->file_info_list, list) {
1546 entry = fi->addr_list.next;
1547 while (entry != &(fi->addr_list)) {
1548 arm_addr =
1549 list_entry(entry, struct arm_addr,
1550 addr_list);
1551 if (((arm_addr->start) <= (addr))
1552 && ((arm_addr->end) >=
1553 (addr + sizeof(*store)))) {
1554 found = 1;
1555 break;
1556 }
1557 entry = entry->next;
1558 }
1559 if (found) {
1560 break;
1561 }
1562 }
1563 }
1564 rcode = -1;
1565 if (!found) {
1566 printk(KERN_ERR
1567 "raw1394: arm_lock64 FAILED addr_entry not found"
1568 " -> rcode_address_error\n");
1569 spin_unlock_irqrestore(&host_info_lock, irqflags);
1570 return (RCODE_ADDRESS_ERROR);
1571 } else {
1572 DBGMSG("arm_lock64 addr_entry FOUND");
1573 }
1574 if (rcode == -1) {
1575 if (arm_addr->access_rights & ARM_LOCK) {
1576 if (!(arm_addr->client_transactions & ARM_LOCK)) {
1577 memcpy(&old,
1578 (arm_addr->addr_space_buffer) + (addr -
1579 (arm_addr->
1580 start)),
1581 sizeof(old));
1582 switch (ext_tcode) {
1583 case (EXTCODE_MASK_SWAP):
1584 new = data | (old & ~arg);
1585 break;
1586 case (EXTCODE_COMPARE_SWAP):
1587 if (old == arg) {
1588 new = data;
1589 } else {
1590 new = old;
1591 }
1592 break;
1593 case (EXTCODE_FETCH_ADD):
1594 new =
1595 cpu_to_be64(be64_to_cpu(data) +
1596 be64_to_cpu(old));
1597 break;
1598 case (EXTCODE_LITTLE_ADD):
1599 new =
1600 cpu_to_le64(le64_to_cpu(data) +
1601 le64_to_cpu(old));
1602 break;
1603 case (EXTCODE_BOUNDED_ADD):
1604 if (old != arg) {
1605 new =
1606 cpu_to_be64(be64_to_cpu
1607 (data) +
1608 be64_to_cpu
1609 (old));
1610 } else {
1611 new = old;
1612 }
1613 break;
1614 case (EXTCODE_WRAP_ADD):
1615 if (old != arg) {
1616 new =
1617 cpu_to_be64(be64_to_cpu
1618 (data) +
1619 be64_to_cpu
1620 (old));
1621 } else {
1622 new = data;
1623 }
1624 break;
1625 default:
1626 printk(KERN_ERR
1627 "raw1394: arm_lock64 FAILED "
1628 "ext_tcode not allowed -> rcode_type_error\n");
1629 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1630 break;
1631 } /*switch */
1632 if (rcode == -1) {
1633 DBGMSG
1634 ("arm_lock64 -> (rcode_complete)");
1635 rcode = RCODE_COMPLETE;
1636 memcpy(store, &old, sizeof(*store));
1637 memcpy((arm_addr->addr_space_buffer) +
1638 (addr - (arm_addr->start)),
1639 &new, sizeof(*store));
1640 }
1641 }
1642 } else {
1643 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1644 DBGMSG
1645 ("arm_lock64 -> rcode_type_error (access denied)");
1646 }
1647 }
1648 if (arm_addr->notification_options & ARM_LOCK) {
1649 byte_t *buf1, *buf2;
1650 DBGMSG("arm_lock64 -> entering notification-section");
1651 req = __alloc_pending_request(GFP_ATOMIC);
1652 if (!req) {
1653 spin_unlock_irqrestore(&host_info_lock, irqflags);
1654 DBGMSG("arm_lock64 -> rcode_conflict_error");
1655 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1656 The request may be retried */
1657 }
1658 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response); /* maximum */
1659 req->data = kmalloc(size, GFP_ATOMIC);
1660 if (!(req->data)) {
1661 free_pending_request(req);
1662 spin_unlock_irqrestore(&host_info_lock, irqflags);
1663 DBGMSG("arm_lock64 -> rcode_conflict_error");
1664 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1665 The request may be retried */
1666 }
1667 req->free_data = 1;
1668 arm_req_resp = (struct arm_request_response *)(req->data);
1669 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1670 (sizeof
1671 (struct
1672 arm_request_response)));
1673 arm_resp =
1674 (struct arm_response *)((byte_t *) (arm_req) +
1675 (sizeof(struct arm_request)));
1676 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1677 buf2 = buf1 + 2 * sizeof(*store);
1678 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1679 (ext_tcode == EXTCODE_LITTLE_ADD)) {
1680 arm_req->buffer_length = sizeof(*store);
1681 memcpy(buf1, &data, sizeof(*store));
1682
1683 } else {
1684 arm_req->buffer_length = 2 * sizeof(*store);
1685 memcpy(buf1, &arg, sizeof(*store));
1686 memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1687 }
1688 if (rcode == RCODE_COMPLETE) {
1689 arm_resp->buffer_length = sizeof(*store);
1690 memcpy(buf2, &old, sizeof(*store));
1691 } else {
1692 arm_resp->buffer_length = 0;
1693 }
1694 req->file_info = fi;
1695 req->req.type = RAW1394_REQ_ARM;
1696 req->req.generation = get_hpsb_generation(host);
1697 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1698 (ARM_LOCK & 0xFF));
1699 req->req.tag = arm_addr->arm_tag;
1700 req->req.recvb = arm_addr->recvb;
1701 req->req.length = size;
1702 arm_req->generation = req->req.generation;
1703 arm_req->extended_transaction_code = ext_tcode;
1704 arm_req->destination_offset = addr;
1705 arm_req->source_nodeid = nodeid;
1706 arm_req->destination_nodeid = host->node_id;
1707 arm_req->tlabel = (flags >> 10) & 0x3f;
1708 arm_req->tcode = (flags >> 4) & 0x0f;
1709 arm_resp->response_code = rcode;
1710 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1711 sizeof(struct
1712 arm_request_response));
1713 arm_req_resp->response =
1714 int2ptr((arm_addr->recvb) +
1715 sizeof(struct arm_request_response) +
1716 sizeof(struct arm_request));
1717 arm_req->buffer =
1718 int2ptr((arm_addr->recvb) +
1719 sizeof(struct arm_request_response) +
1720 sizeof(struct arm_request) +
1721 sizeof(struct arm_response));
1722 arm_resp->buffer =
1723 int2ptr((arm_addr->recvb) +
1724 sizeof(struct arm_request_response) +
1725 sizeof(struct arm_request) +
1726 sizeof(struct arm_response) + 2 * sizeof(*store));
1727 queue_complete_req(req);
1728 }
1729 spin_unlock_irqrestore(&host_info_lock, irqflags);
1730 return (rcode);
1731 }
1732
1733 static int arm_register(struct file_info *fi, struct pending_request *req)
1734 {
1735 int retval;
1736 struct arm_addr *addr;
1737 struct host_info *hi;
1738 struct file_info *fi_hlp = NULL;
1739 struct list_head *entry;
1740 struct arm_addr *arm_addr = NULL;
1741 int same_host, another_host;
1742 unsigned long flags;
1743
1744 DBGMSG("arm_register called "
1745 "addr(Offset): %8.8x %8.8x length: %u "
1746 "rights: %2.2X notify: %2.2X "
1747 "max_blk_len: %4.4X",
1748 (u32) ((req->req.address >> 32) & 0xFFFF),
1749 (u32) (req->req.address & 0xFFFFFFFF),
1750 req->req.length, ((req->req.misc >> 8) & 0xFF),
1751 (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1752 /* check addressrange */
1753 if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1754 (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1755 0)) {
1756 req->req.length = 0;
1757 return (-EINVAL);
1758 }
1759 /* addr-list-entry for fileinfo */
1760 addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1761 if (!addr) {
1762 req->req.length = 0;
1763 return (-ENOMEM);
1764 }
1765 /* allocation of addr_space_buffer */
1766 addr->addr_space_buffer = vmalloc(req->req.length);
1767 if (!(addr->addr_space_buffer)) {
1768 kfree(addr);
1769 req->req.length = 0;
1770 return (-ENOMEM);
1771 }
1772 /* initialization of addr_space_buffer */
1773 if ((req->req.sendb) == (unsigned long)NULL) {
1774 /* init: set 0 */
1775 memset(addr->addr_space_buffer, 0, req->req.length);
1776 } else {
1777 /* init: user -> kernel */
1778 if (copy_from_user
1779 (addr->addr_space_buffer, int2ptr(req->req.sendb),
1780 req->req.length)) {
1781 vfree(addr->addr_space_buffer);
1782 kfree(addr);
1783 return (-EFAULT);
1784 }
1785 }
1786 INIT_LIST_HEAD(&addr->addr_list);
1787 addr->arm_tag = req->req.tag;
1788 addr->start = req->req.address;
1789 addr->end = req->req.address + req->req.length;
1790 addr->access_rights = (u8) (req->req.misc & 0x0F);
1791 addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1792 addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1793 addr->access_rights |= addr->client_transactions;
1794 addr->notification_options |= addr->client_transactions;
1795 addr->recvb = req->req.recvb;
1796 addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1797
1798 spin_lock_irqsave(&host_info_lock, flags);
1799 hi = find_host_info(fi->host);
1800 same_host = 0;
1801 another_host = 0;
1802 /* same host with address-entry containing same addressrange ? */
1803 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1804 entry = fi_hlp->addr_list.next;
1805 while (entry != &(fi_hlp->addr_list)) {
1806 arm_addr =
1807 list_entry(entry, struct arm_addr, addr_list);
1808 if ((arm_addr->start == addr->start)
1809 && (arm_addr->end == addr->end)) {
1810 DBGMSG("same host ownes same "
1811 "addressrange -> EALREADY");
1812 same_host = 1;
1813 break;
1814 }
1815 entry = entry->next;
1816 }
1817 if (same_host) {
1818 break;
1819 }
1820 }
1821 if (same_host) {
1822 /* addressrange occupied by same host */
1823 spin_unlock_irqrestore(&host_info_lock, flags);
1824 vfree(addr->addr_space_buffer);
1825 kfree(addr);
1826 return (-EALREADY);
1827 }
1828 /* another host with valid address-entry containing same addressrange */
1829 list_for_each_entry(hi, &host_info_list, list) {
1830 if (hi->host != fi->host) {
1831 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1832 entry = fi_hlp->addr_list.next;
1833 while (entry != &(fi_hlp->addr_list)) {
1834 arm_addr =
1835 list_entry(entry, struct arm_addr,
1836 addr_list);
1837 if ((arm_addr->start == addr->start)
1838 && (arm_addr->end == addr->end)) {
1839 DBGMSG
1840 ("another host ownes same "
1841 "addressrange");
1842 another_host = 1;
1843 break;
1844 }
1845 entry = entry->next;
1846 }
1847 if (another_host) {
1848 break;
1849 }
1850 }
1851 }
1852 }
1853 spin_unlock_irqrestore(&host_info_lock, flags);
1854
1855 if (another_host) {
1856 DBGMSG("another hosts entry is valid -> SUCCESS");
1857 if (copy_to_user(int2ptr(req->req.recvb),
1858 &addr->start, sizeof(u64))) {
1859 printk(KERN_ERR "raw1394: arm_register failed "
1860 " address-range-entry is invalid -> EFAULT !!!\n");
1861 vfree(addr->addr_space_buffer);
1862 kfree(addr);
1863 return (-EFAULT);
1864 }
1865 free_pending_request(req); /* immediate success or fail */
1866 /* INSERT ENTRY */
1867 spin_lock_irqsave(&host_info_lock, flags);
1868 list_add_tail(&addr->addr_list, &fi->addr_list);
1869 spin_unlock_irqrestore(&host_info_lock, flags);
1870 return sizeof(struct raw1394_request);
1871 }
1872 retval =
1873 hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1874 req->req.address,
1875 req->req.address + req->req.length);
1876 if (retval) {
1877 /* INSERT ENTRY */
1878 spin_lock_irqsave(&host_info_lock, flags);
1879 list_add_tail(&addr->addr_list, &fi->addr_list);
1880 spin_unlock_irqrestore(&host_info_lock, flags);
1881 } else {
1882 DBGMSG("arm_register failed errno: %d \n", retval);
1883 vfree(addr->addr_space_buffer);
1884 kfree(addr);
1885 return (-EALREADY);
1886 }
1887 free_pending_request(req); /* immediate success or fail */
1888 return sizeof(struct raw1394_request);
1889 }
1890
1891 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1892 {
1893 int found = 0;
1894 int retval = 0;
1895 struct list_head *entry;
1896 struct arm_addr *addr = NULL;
1897 struct host_info *hi;
1898 struct file_info *fi_hlp = NULL;
1899 struct arm_addr *arm_addr = NULL;
1900 int another_host;
1901 unsigned long flags;
1902
1903 DBGMSG("arm_Unregister called addr(Offset): "
1904 "%8.8x %8.8x",
1905 (u32) ((req->req.address >> 32) & 0xFFFF),
1906 (u32) (req->req.address & 0xFFFFFFFF));
1907 spin_lock_irqsave(&host_info_lock, flags);
1908 /* get addr */
1909 entry = fi->addr_list.next;
1910 while (entry != &(fi->addr_list)) {
1911 addr = list_entry(entry, struct arm_addr, addr_list);
1912 if (addr->start == req->req.address) {
1913 found = 1;
1914 break;
1915 }
1916 entry = entry->next;
1917 }
1918 if (!found) {
1919 DBGMSG("arm_Unregister addr not found");
1920 spin_unlock_irqrestore(&host_info_lock, flags);
1921 return (-EINVAL);
1922 }
1923 DBGMSG("arm_Unregister addr found");
1924 another_host = 0;
1925 /* another host with valid address-entry containing
1926 same addressrange */
1927 list_for_each_entry(hi, &host_info_list, list) {
1928 if (hi->host != fi->host) {
1929 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1930 entry = fi_hlp->addr_list.next;
1931 while (entry != &(fi_hlp->addr_list)) {
1932 arm_addr = list_entry(entry,
1933 struct arm_addr,
1934 addr_list);
1935 if (arm_addr->start == addr->start) {
1936 DBGMSG("another host ownes "
1937 "same addressrange");
1938 another_host = 1;
1939 break;
1940 }
1941 entry = entry->next;
1942 }
1943 if (another_host) {
1944 break;
1945 }
1946 }
1947 }
1948 }
1949 if (another_host) {
1950 DBGMSG("delete entry from list -> success");
1951 list_del(&addr->addr_list);
1952 spin_unlock_irqrestore(&host_info_lock, flags);
1953 vfree(addr->addr_space_buffer);
1954 kfree(addr);
1955 free_pending_request(req); /* immediate success or fail */
1956 return sizeof(struct raw1394_request);
1957 }
1958 retval =
1959 hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1960 addr->start);
1961 if (!retval) {
1962 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1963 spin_unlock_irqrestore(&host_info_lock, flags);
1964 return (-EINVAL);
1965 }
1966 DBGMSG("delete entry from list -> success");
1967 list_del(&addr->addr_list);
1968 spin_unlock_irqrestore(&host_info_lock, flags);
1969 vfree(addr->addr_space_buffer);
1970 kfree(addr);
1971 free_pending_request(req); /* immediate success or fail */
1972 return sizeof(struct raw1394_request);
1973 }
1974
1975 /* Copy data from ARM buffer(s) to user buffer. */
1976 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1977 {
1978 struct arm_addr *arm_addr = NULL;
1979 unsigned long flags;
1980 unsigned long offset;
1981
1982 struct list_head *entry;
1983
1984 DBGMSG("arm_get_buf "
1985 "addr(Offset): %04X %08X length: %u",
1986 (u32) ((req->req.address >> 32) & 0xFFFF),
1987 (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1988
1989 spin_lock_irqsave(&host_info_lock, flags);
1990 entry = fi->addr_list.next;
1991 while (entry != &(fi->addr_list)) {
1992 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1993 if ((arm_addr->start <= req->req.address) &&
1994 (arm_addr->end > req->req.address)) {
1995 if (req->req.address + req->req.length <= arm_addr->end) {
1996 offset = req->req.address - arm_addr->start;
1997 spin_unlock_irqrestore(&host_info_lock, flags);
1998
1999 DBGMSG
2000 ("arm_get_buf copy_to_user( %08X, %p, %u )",
2001 (u32) req->req.recvb,
2002 arm_addr->addr_space_buffer + offset,
2003 (u32) req->req.length);
2004 if (copy_to_user
2005 (int2ptr(req->req.recvb),
2006 arm_addr->addr_space_buffer + offset,
2007 req->req.length))
2008 return (-EFAULT);
2009
2010 /* We have to free the request, because we
2011 * queue no response, and therefore nobody
2012 * will free it. */
2013 free_pending_request(req);
2014 return sizeof(struct raw1394_request);
2015 } else {
2016 DBGMSG("arm_get_buf request exceeded mapping");
2017 spin_unlock_irqrestore(&host_info_lock, flags);
2018 return (-EINVAL);
2019 }
2020 }
2021 entry = entry->next;
2022 }
2023 spin_unlock_irqrestore(&host_info_lock, flags);
2024 return (-EINVAL);
2025 }
2026
2027 /* Copy data from user buffer to ARM buffer(s). */
2028 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
2029 {
2030 struct arm_addr *arm_addr = NULL;
2031 unsigned long flags;
2032 unsigned long offset;
2033
2034 struct list_head *entry;
2035
2036 DBGMSG("arm_set_buf "
2037 "addr(Offset): %04X %08X length: %u",
2038 (u32) ((req->req.address >> 32) & 0xFFFF),
2039 (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
2040
2041 spin_lock_irqsave(&host_info_lock, flags);
2042 entry = fi->addr_list.next;
2043 while (entry != &(fi->addr_list)) {
2044 arm_addr = list_entry(entry, struct arm_addr, addr_list);
2045 if ((arm_addr->start <= req->req.address) &&
2046 (arm_addr->end > req->req.address)) {
2047 if (req->req.address + req->req.length <= arm_addr->end) {
2048 offset = req->req.address - arm_addr->start;
2049 spin_unlock_irqrestore(&host_info_lock, flags);
2050
2051 DBGMSG
2052 ("arm_set_buf copy_from_user( %p, %08X, %u )",
2053 arm_addr->addr_space_buffer + offset,
2054 (u32) req->req.sendb,
2055 (u32) req->req.length);
2056 if (copy_from_user
2057 (arm_addr->addr_space_buffer + offset,
2058 int2ptr(req->req.sendb),
2059 req->req.length))
2060 return (-EFAULT);
2061
2062 /* We have to free the request, because we
2063 * queue no response, and therefore nobody
2064 * will free it. */
2065 free_pending_request(req);
2066 return sizeof(struct raw1394_request);
2067 } else {
2068 DBGMSG("arm_set_buf request exceeded mapping");
2069 spin_unlock_irqrestore(&host_info_lock, flags);
2070 return (-EINVAL);
2071 }
2072 }
2073 entry = entry->next;
2074 }
2075 spin_unlock_irqrestore(&host_info_lock, flags);
2076 return (-EINVAL);
2077 }
2078
2079 static int reset_notification(struct file_info *fi, struct pending_request *req)
2080 {
2081 DBGMSG("reset_notification called - switch %s ",
2082 (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
2083 if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
2084 (req->req.misc == RAW1394_NOTIFY_ON)) {
2085 fi->notification = (u8) req->req.misc;
2086 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2087 return sizeof(struct raw1394_request);
2088 }
2089 /* error EINVAL (22) invalid argument */
2090 return (-EINVAL);
2091 }
2092
2093 static int write_phypacket(struct file_info *fi, struct pending_request *req)
2094 {
2095 struct hpsb_packet *packet = NULL;
2096 int retval = 0;
2097 quadlet_t data;
2098 unsigned long flags;
2099
2100 data = be32_to_cpu((u32) req->req.sendb);
2101 DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
2102 packet = hpsb_make_phypacket(fi->host, data);
2103 if (!packet)
2104 return -ENOMEM;
2105 req->req.length = 0;
2106 req->packet = packet;
2107 hpsb_set_packet_complete_task(packet,
2108 (void (*)(void *))queue_complete_cb, req);
2109 spin_lock_irqsave(&fi->reqlists_lock, flags);
2110 list_add_tail(&req->list, &fi->req_pending);
2111 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2112 packet->generation = req->req.generation;
2113 retval = hpsb_send_packet(packet);
2114 DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2115 if (retval < 0) {
2116 req->req.error = RAW1394_ERROR_SEND_ERROR;
2117 req->req.length = 0;
2118 queue_complete_req(req);
2119 }
2120 return sizeof(struct raw1394_request);
2121 }
2122
2123 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2124 {
2125 int ret = sizeof(struct raw1394_request);
2126 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2127 int status;
2128
2129 if (!data)
2130 return -ENOMEM;
2131
2132 status =
2133 csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2134 data, req->req.length);
2135 if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2136 ret = -EFAULT;
2137 if (copy_to_user
2138 (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2139 sizeof(fi->host->csr.rom->cache_head->len)))
2140 ret = -EFAULT;
2141 if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2142 sizeof(fi->host->csr.generation)))
2143 ret = -EFAULT;
2144 if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2145 ret = -EFAULT;
2146 kfree(data);
2147 if (ret >= 0) {
2148 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2149 }
2150 return ret;
2151 }
2152
2153 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2154 {
2155 int ret = sizeof(struct raw1394_request);
2156 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2157 if (!data)
2158 return -ENOMEM;
2159 if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2160 ret = -EFAULT;
2161 } else {
2162 int status = hpsb_update_config_rom(fi->host,
2163 data, req->req.length,
2164 (unsigned char)req->req.
2165 misc);
2166 if (copy_to_user
2167 (int2ptr(req->req.recvb), &status, sizeof(status)))
2168 ret = -ENOMEM;
2169 }
2170 kfree(data);
2171 if (ret >= 0) {
2172 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2173 fi->cfgrom_upd = 1;
2174 }
2175 return ret;
2176 }
2177
2178 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2179 {
2180 struct csr1212_keyval *kv;
2181 struct csr1212_csr_rom_cache *cache;
2182 struct csr1212_dentry *dentry;
2183 u32 dr;
2184 int ret = 0;
2185
2186 if (req->req.misc == ~0) {
2187 if (req->req.length == 0)
2188 return -EINVAL;
2189
2190 /* Find an unused slot */
2191 for (dr = 0;
2192 dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2193 dr++) ;
2194
2195 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2196 return -ENOMEM;
2197
2198 fi->csr1212_dirs[dr] =
2199 csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2200 if (!fi->csr1212_dirs[dr])
2201 return -ENOMEM;
2202 } else {
2203 dr = req->req.misc;
2204 if (!fi->csr1212_dirs[dr])
2205 return -EINVAL;
2206
2207 /* Delete old stuff */
2208 for (dentry =
2209 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2210 dentry; dentry = dentry->next) {
2211 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2212 root_kv,
2213 dentry->kv);
2214 }
2215
2216 if (req->req.length == 0) {
2217 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2218 fi->csr1212_dirs[dr] = NULL;
2219
2220 hpsb_update_config_rom_image(fi->host);
2221 free_pending_request(req);
2222 return sizeof(struct raw1394_request);
2223 }
2224 }
2225
2226 cache = csr1212_rom_cache_malloc(0, req->req.length);
2227 if (!cache) {
2228 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2229 fi->csr1212_dirs[dr] = NULL;
2230 return -ENOMEM;
2231 }
2232
2233 cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2234 if (!cache->filled_head) {
2235 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2236 fi->csr1212_dirs[dr] = NULL;
2237 CSR1212_FREE(cache);
2238 return -ENOMEM;
2239 }
2240 cache->filled_tail = cache->filled_head;
2241
2242 if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2243 req->req.length)) {
2244 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2245 fi->csr1212_dirs[dr] = NULL;
2246 ret = -EFAULT;
2247 } else {
2248 cache->len = req->req.length;
2249 cache->filled_head->offset_start = 0;
2250 cache->filled_head->offset_end = cache->size - 1;
2251
2252 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2253
2254 ret = CSR1212_SUCCESS;
2255 /* parse all the items */
2256 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2257 kv = kv->next) {
2258 ret = csr1212_parse_keyval(kv, cache);
2259 }
2260
2261 /* attach top level items to the root directory */
2262 for (dentry =
2263 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2264 ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2265 ret =
2266 csr1212_attach_keyval_to_directory(fi->host->csr.
2267 rom->root_kv,
2268 dentry->kv);
2269 }
2270
2271 if (ret == CSR1212_SUCCESS) {
2272 ret = hpsb_update_config_rom_image(fi->host);
2273
2274 if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2275 &dr, sizeof(dr))) {
2276 ret = -ENOMEM;
2277 }
2278 }
2279 }
2280 kfree(cache->filled_head);
2281 CSR1212_FREE(cache);
2282
2283 if (ret >= 0) {
2284 /* we have to free the request, because we queue no response,
2285 * and therefore nobody will free it */
2286 free_pending_request(req);
2287 return sizeof(struct raw1394_request);
2288 } else {
2289 for (dentry =
2290 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2291 dentry; dentry = dentry->next) {
2292 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2293 root_kv,
2294 dentry->kv);
2295 }
2296 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2297 fi->csr1212_dirs[dr] = NULL;
2298 return ret;
2299 }
2300 }
2301
2302 static int state_connected(struct file_info *fi, struct pending_request *req)
2303 {
2304 int node = req->req.address >> 48;
2305
2306 req->req.error = RAW1394_ERROR_NONE;
2307
2308 switch (req->req.type) {
2309
2310 case RAW1394_REQ_ECHO:
2311 queue_complete_req(req);
2312 return sizeof(struct raw1394_request);
2313
2314 case RAW1394_REQ_ISO_SEND:
2315 print_old_iso_deprecation();
2316 return handle_iso_send(fi, req, node);
2317
2318 case RAW1394_REQ_ARM_REGISTER:
2319 return arm_register(fi, req);
2320
2321 case RAW1394_REQ_ARM_UNREGISTER:
2322 return arm_unregister(fi, req);
2323
2324 case RAW1394_REQ_ARM_SET_BUF:
2325 return arm_set_buf(fi, req);
2326
2327 case RAW1394_REQ_ARM_GET_BUF:
2328 return arm_get_buf(fi, req);
2329
2330 case RAW1394_REQ_RESET_NOTIFY:
2331 return reset_notification(fi, req);
2332
2333 case RAW1394_REQ_ISO_LISTEN:
2334 print_old_iso_deprecation();
2335 handle_iso_listen(fi, req);
2336 return sizeof(struct raw1394_request);
2337
2338 case RAW1394_REQ_FCP_LISTEN:
2339 handle_fcp_listen(fi, req);
2340 return sizeof(struct raw1394_request);
2341
2342 case RAW1394_REQ_RESET_BUS:
2343 if (req->req.misc == RAW1394_LONG_RESET) {
2344 DBGMSG("busreset called (type: LONG)");
2345 hpsb_reset_bus(fi->host, LONG_RESET);
2346 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2347 return sizeof(struct raw1394_request);
2348 }
2349 if (req->req.misc == RAW1394_SHORT_RESET) {
2350 DBGMSG("busreset called (type: SHORT)");
2351 hpsb_reset_bus(fi->host, SHORT_RESET);
2352 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2353 return sizeof(struct raw1394_request);
2354 }
2355 /* error EINVAL (22) invalid argument */
2356 return (-EINVAL);
2357 case RAW1394_REQ_GET_ROM:
2358 return get_config_rom(fi, req);
2359
2360 case RAW1394_REQ_UPDATE_ROM:
2361 return update_config_rom(fi, req);
2362
2363 case RAW1394_REQ_MODIFY_ROM:
2364 return modify_config_rom(fi, req);
2365 }
2366
2367 if (req->req.generation != get_hpsb_generation(fi->host)) {
2368 req->req.error = RAW1394_ERROR_GENERATION;
2369 req->req.generation = get_hpsb_generation(fi->host);
2370 req->req.length = 0;
2371 queue_complete_req(req);
2372 return sizeof(struct raw1394_request);
2373 }
2374
2375 switch (req->req.type) {
2376 case RAW1394_REQ_PHYPACKET:
2377 return write_phypacket(fi, req);
2378 case RAW1394_REQ_ASYNC_SEND:
2379 return handle_async_send(fi, req);
2380 }
2381
2382 if (req->req.length == 0) {
2383 req->req.error = RAW1394_ERROR_INVALID_ARG;
2384 queue_complete_req(req);
2385 return sizeof(struct raw1394_request);
2386 }
2387
2388 return handle_async_request(fi, req, node);
2389 }
2390
2391 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2392 size_t count, loff_t * offset_is_ignored)
2393 {
2394 struct file_info *fi = (struct file_info *)file->private_data;
2395 struct pending_request *req;
2396 ssize_t retval = 0;
2397
2398 #ifdef CONFIG_COMPAT
2399 if (count == sizeof(struct compat_raw1394_req) &&
2400 sizeof(struct compat_raw1394_req) !=
2401 sizeof(struct raw1394_request)) {
2402 buffer = raw1394_compat_write(buffer);
2403 if (IS_ERR(buffer))
2404 return PTR_ERR(buffer);
2405 } else
2406 #endif
2407 if (count != sizeof(struct raw1394_request)) {
2408 return -EINVAL;
2409 }
2410
2411 req = alloc_pending_request();
2412 if (req == NULL) {
2413 return -ENOMEM;
2414 }
2415 req->file_info = fi;
2416
2417 if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2418 free_pending_request(req);
2419 return -EFAULT;
2420 }
2421
2422 switch (fi->state) {
2423 case opened:
2424 retval = state_opened(fi, req);
2425 break;
2426
2427 case initialized:
2428 retval = state_initialized(fi, req);
2429 break;
2430
2431 case connected:
2432 retval = state_connected(fi, req);
2433 break;
2434 }
2435
2436 if (retval < 0) {
2437 free_pending_request(req);
2438 }
2439
2440 return retval;
2441 }
2442
2443 /* rawiso operations */
2444
2445 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2446 * completion queue (reqlists_lock must be taken) */
2447 static inline int __rawiso_event_in_queue(struct file_info *fi)
2448 {
2449 struct pending_request *req;
2450
2451 list_for_each_entry(req, &fi->req_complete, list)
2452 if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2453 return 1;
2454
2455 return 0;
2456 }
2457
2458 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2459 static void queue_rawiso_event(struct file_info *fi)
2460 {
2461 unsigned long flags;
2462
2463 spin_lock_irqsave(&fi->reqlists_lock, flags);
2464
2465 /* only one ISO activity event may be in the queue */
2466 if (!__rawiso_event_in_queue(fi)) {
2467 struct pending_request *req =
2468 __alloc_pending_request(GFP_ATOMIC);
2469
2470 if (req) {
2471 req->file_info = fi;
2472 req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2473 req->req.generation = get_hpsb_generation(fi->host);
2474 __queue_complete_req(req);
2475 } else {
2476 /* on allocation failure, signal an overflow */
2477 if (fi->iso_handle) {
2478 atomic_inc(&fi->iso_handle->overflows);
2479 }
2480 }
2481 }
2482 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2483 }
2484
2485 static void rawiso_activity_cb(struct hpsb_iso *iso)
2486 {
2487 unsigned long flags;
2488 struct host_info *hi;
2489 struct file_info *fi;
2490
2491 spin_lock_irqsave(&host_info_lock, flags);
2492 hi = find_host_info(iso->host);
2493
2494 if (hi != NULL) {
2495 list_for_each_entry(fi, &hi->file_info_list, list) {
2496 if (fi->iso_handle == iso)
2497 queue_rawiso_event(fi);
2498 }
2499 }
2500
2501 spin_unlock_irqrestore(&host_info_lock, flags);
2502 }
2503
2504 /* helper function - gather all the kernel iso status bits for returning to user-space */
2505 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2506 struct raw1394_iso_status *stat)
2507 {
2508 stat->config.data_buf_size = iso->buf_size;
2509 stat->config.buf_packets = iso->buf_packets;
2510 stat->config.channel = iso->channel;
2511 stat->config.speed = iso->speed;
2512 stat->config.irq_interval = iso->irq_interval;
2513 stat->n_packets = hpsb_iso_n_ready(iso);
2514 stat->overflows = atomic_read(&iso->overflows);
2515 stat->xmit_cycle = iso->xmit_cycle;
2516 }
2517
2518 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2519 {
2520 struct raw1394_iso_status stat;
2521
2522 if (!fi->host)
2523 return -EINVAL;
2524
2525 if (copy_from_user(&stat, uaddr, sizeof(stat)))
2526 return -EFAULT;
2527
2528 fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2529 stat.config.data_buf_size,
2530 stat.config.buf_packets,
2531 stat.config.channel,
2532 stat.config.speed,
2533 stat.config.irq_interval,
2534 rawiso_activity_cb);
2535 if (!fi->iso_handle)
2536 return -ENOMEM;
2537
2538 fi->iso_state = RAW1394_ISO_XMIT;
2539
2540 raw1394_iso_fill_status(fi->iso_handle, &stat);
2541 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2542 return -EFAULT;
2543
2544 /* queue an event to get things started */
2545 rawiso_activity_cb(fi->iso_handle);
2546
2547 return 0;
2548 }
2549
2550 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2551 {
2552 struct raw1394_iso_status stat;
2553
2554 if (!fi->host)
2555 return -EINVAL;
2556
2557 if (copy_from_user(&stat, uaddr, sizeof(stat)))
2558 return -EFAULT;
2559
2560 fi->iso_handle = hpsb_iso_recv_init(fi->host,
2561 stat.config.data_buf_size,
2562 stat.config.buf_packets,
2563 stat.config.channel,
2564 stat.config.dma_mode,
2565 stat.config.irq_interval,
2566 rawiso_activity_cb);
2567 if (!fi->iso_handle)
2568 return -ENOMEM;
2569
2570 fi->iso_state = RAW1394_ISO_RECV;
2571
2572 raw1394_iso_fill_status(fi->iso_handle, &stat);
2573 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2574 return -EFAULT;
2575 return 0;
2576 }
2577
2578 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2579 {
2580 struct raw1394_iso_status stat;
2581 struct hpsb_iso *iso = fi->iso_handle;
2582
2583 raw1394_iso_fill_status(fi->iso_handle, &stat);
2584 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2585 return -EFAULT;
2586
2587 /* reset overflow counter */
2588 atomic_set(&iso->overflows, 0);
2589
2590 return 0;
2591 }
2592
2593 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2594 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2595 {
2596 struct raw1394_iso_packets upackets;
2597 unsigned int packet = fi->iso_handle->first_packet;
2598 int i;
2599
2600 if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2601 return -EFAULT;
2602
2603 if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2604 return -EINVAL;
2605
2606 /* ensure user-supplied buffer is accessible and big enough */
2607 if (!access_ok(VERIFY_WRITE, upackets.infos,
2608 upackets.n_packets *
2609 sizeof(struct raw1394_iso_packet_info)))
2610 return -EFAULT;
2611
2612 /* copy the packet_infos out */
2613 for (i = 0; i < upackets.n_packets; i++) {
2614 if (__copy_to_user(&upackets.infos[i],
2615 &fi->iso_handle->infos[packet],
2616 sizeof(struct raw1394_iso_packet_info)))
2617 return -EFAULT;
2618
2619 packet = (packet + 1) % fi->iso_handle->buf_packets;
2620 }
2621
2622 return 0;
2623 }
2624
2625 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2626 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2627 {
2628 struct raw1394_iso_packets upackets;
2629 int i, rv;
2630
2631 if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2632 return -EFAULT;
2633
2634 if (upackets.n_packets >= fi->iso_handle->buf_packets)
2635 return -EINVAL;
2636
2637 if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2638 return -EAGAIN;
2639
2640 /* ensure user-supplied buffer is accessible and big enough */
2641 if (!access_ok(VERIFY_READ, upackets.infos,
2642 upackets.n_packets *
2643 sizeof(struct raw1394_iso_packet_info)))
2644 return -EFAULT;
2645
2646 /* copy the infos structs in and queue the packets */
2647 for (i = 0; i < upackets.n_packets; i++) {
2648 struct raw1394_iso_packet_info info;
2649
2650 if (__copy_from_user(&info, &upackets.infos[i],
2651 sizeof(struct raw1394_iso_packet_info)))
2652 return -EFAULT;
2653
2654 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2655 info.len, info.tag, info.sy);
2656 if (rv)
2657 return rv;
2658 }
2659
2660 return 0;
2661 }
2662
2663 static void raw1394_iso_shutdown(struct file_info *fi)
2664 {
2665 if (fi->iso_handle)
2666 hpsb_iso_shutdown(fi->iso_handle);
2667
2668 fi->iso_handle = NULL;
2669 fi->iso_state = RAW1394_ISO_INACTIVE;
2670 }
2671
2672 static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2673 {
2674 struct raw1394_cycle_timer ct;
2675 int err;
2676
2677 err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2678 if (!err)
2679 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2680 err = -EFAULT;
2681 return err;
2682 }
2683
2684 /* mmap the rawiso xmit/recv buffer */
2685 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2686 {
2687 struct file_info *fi = file->private_data;
2688
2689 if (fi->iso_state == RAW1394_ISO_INACTIVE)
2690 return -EINVAL;
2691
2692 return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2693 }
2694
2695 /* ioctl is only used for rawiso operations */
2696 static int raw1394_ioctl(struct inode *inode, struct file *file,
2697 unsigned int cmd, unsigned long arg)
2698 {
2699 struct file_info *fi = file->private_data;
2700 void __user *argp = (void __user *)arg;
2701
2702 switch (fi->iso_state) {
2703 case RAW1394_ISO_INACTIVE:
2704 switch (cmd) {
2705 case RAW1394_IOC_ISO_XMIT_INIT:
2706 return raw1394_iso_xmit_init(fi, argp);
2707 case RAW1394_IOC_ISO_RECV_INIT:
2708 return raw1394_iso_recv_init(fi, argp);
2709 default:
2710 break;
2711 }
2712 break;
2713 case RAW1394_ISO_RECV:
2714 switch (cmd) {
2715 case RAW1394_IOC_ISO_RECV_START:{
2716 /* copy args from user-space */
2717 int args[3];
2718 if (copy_from_user
2719 (&args[0], argp, sizeof(args)))
2720 return -EFAULT;
2721 return hpsb_iso_recv_start(fi->iso_handle,
2722 args[0], args[1],
2723 args[2]);
2724 }
2725 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2726 hpsb_iso_stop(fi->iso_handle);
2727 return 0;
2728 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2729 return hpsb_iso_recv_listen_channel(fi->iso_handle,
2730 arg);
2731 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2732 return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2733 arg);
2734 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2735 /* copy the u64 from user-space */
2736 u64 mask;
2737 if (copy_from_user(&mask, argp, sizeof(mask)))
2738 return -EFAULT;
2739 return hpsb_iso_recv_set_channel_mask(fi->
2740 iso_handle,
2741 mask);
2742 }
2743 case RAW1394_IOC_ISO_GET_STATUS:
2744 return raw1394_iso_get_status(fi, argp);
2745 case RAW1394_IOC_ISO_RECV_PACKETS:
2746 return raw1394_iso_recv_packets(fi, argp);
2747 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2748 return hpsb_iso_recv_release_packets(fi->iso_handle,
2749 arg);
2750 case RAW1394_IOC_ISO_RECV_FLUSH:
2751 return hpsb_iso_recv_flush(fi->iso_handle);
2752 case RAW1394_IOC_ISO_SHUTDOWN:
2753 raw1394_iso_shutdown(fi);
2754 return 0;
2755 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2756 queue_rawiso_event(fi);
2757 return 0;
2758 }
2759 break;
2760 case RAW1394_ISO_XMIT:
2761 switch (cmd) {
2762 case RAW1394_IOC_ISO_XMIT_START:{
2763 /* copy two ints from user-space */
2764 int args[2];
2765 if (copy_from_user
2766 (&args[0], argp, sizeof(args)))
2767 return -EFAULT;
2768 return hpsb_iso_xmit_start(fi->iso_handle,
2769 args[0], args[1]);
2770 }
2771 case RAW1394_IOC_ISO_XMIT_SYNC:
2772 return hpsb_iso_xmit_sync(fi->iso_handle);
2773 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2774 hpsb_iso_stop(fi->iso_handle);
2775 return 0;
2776 case RAW1394_IOC_ISO_GET_STATUS:
2777 return raw1394_iso_get_status(fi, argp);
2778 case RAW1394_IOC_ISO_XMIT_PACKETS:
2779 return raw1394_iso_send_packets(fi, argp);
2780 case RAW1394_IOC_ISO_SHUTDOWN:
2781 raw1394_iso_shutdown(fi);
2782 return 0;
2783 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2784 queue_rawiso_event(fi);
2785 return 0;
2786 }
2787 break;
2788 default:
2789 break;
2790 }
2791
2792 /* state-independent commands */
2793 switch(cmd) {
2794 case RAW1394_IOC_GET_CYCLE_TIMER:
2795 return raw1394_read_cycle_timer(fi, argp);
2796 default:
2797 break;
2798 }
2799
2800 return -EINVAL;
2801 }
2802
2803 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2804 {
2805 struct file_info *fi = file->private_data;
2806 unsigned int mask = POLLOUT | POLLWRNORM;
2807 unsigned long flags;
2808
2809 poll_wait(file, &fi->wait_complete, pt);
2810
2811 spin_lock_irqsave(&fi->reqlists_lock, flags);
2812 if (!list_empty(&fi->req_complete)) {
2813 mask |= POLLIN | POLLRDNORM;
2814 }
2815 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2816
2817 return mask;
2818 }
2819
2820 static int raw1394_open(struct inode *inode, struct file *file)
2821 {
2822 struct file_info *fi;
2823
2824 fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2825 if (!fi)
2826 return -ENOMEM;
2827
2828 fi->notification = (u8) RAW1394_NOTIFY_ON; /* busreset notification */
2829
2830 INIT_LIST_HEAD(&fi->list);
2831 fi->state = opened;
2832 INIT_LIST_HEAD(&fi->req_pending);
2833 INIT_LIST_HEAD(&fi->req_complete);
2834 spin_lock_init(&fi->reqlists_lock);
2835 init_waitqueue_head(&fi->wait_complete);
2836 INIT_LIST_HEAD(&fi->addr_list);
2837
2838 file->private_data = fi;
2839
2840 return 0;
2841 }
2842
2843 static int raw1394_release(struct inode *inode, struct file *file)
2844 {
2845 struct file_info *fi = file->private_data;
2846 struct list_head *lh;
2847 struct pending_request *req;
2848 int i, fail;
2849 int retval = 0;
2850 struct list_head *entry;
2851 struct arm_addr *addr = NULL;
2852 struct host_info *hi;
2853 struct file_info *fi_hlp = NULL;
2854 struct arm_addr *arm_addr = NULL;
2855 int another_host;
2856 int csr_mod = 0;
2857 unsigned long flags;
2858
2859 if (fi->iso_state != RAW1394_ISO_INACTIVE)
2860 raw1394_iso_shutdown(fi);
2861
2862 for (i = 0; i < 64; i++) {
2863 if (fi->listen_channels & (1ULL << i)) {
2864 hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2865 }
2866 }
2867
2868 spin_lock_irqsave(&host_info_lock, flags);
2869 fi->listen_channels = 0;
2870
2871 fail = 0;
2872 /* set address-entries invalid */
2873
2874 while (!list_empty(&fi->addr_list)) {
2875 another_host = 0;
2876 lh = fi->addr_list.next;
2877 addr = list_entry(lh, struct arm_addr, addr_list);
2878 /* another host with valid address-entry containing
2879 same addressrange? */
2880 list_for_each_entry(hi, &host_info_list, list) {
2881 if (hi->host != fi->host) {
2882 list_for_each_entry(fi_hlp, &hi->file_info_list,
2883 list) {
2884 entry = fi_hlp->addr_list.next;
2885 while (entry != &(fi_hlp->addr_list)) {
2886 arm_addr = list_entry(entry, struct
2887 arm_addr,
2888 addr_list);
2889 if (arm_addr->start ==
2890 addr->start) {
2891 DBGMSG
2892 ("raw1394_release: "
2893 "another host ownes "
2894 "same addressrange");
2895 another_host = 1;
2896 break;
2897 }
2898 entry = entry->next;
2899 }
2900 if (another_host) {
2901 break;
2902 }
2903 }
2904 }
2905 }
2906 if (!another_host) {
2907 DBGMSG("raw1394_release: call hpsb_arm_unregister");
2908 retval =
2909 hpsb_unregister_addrspace(&raw1394_highlevel,
2910 fi->host, addr->start);
2911 if (!retval) {
2912 ++fail;
2913 printk(KERN_ERR
2914 "raw1394_release arm_Unregister failed\n");
2915 }
2916 }
2917 DBGMSG("raw1394_release: delete addr_entry from list");
2918 list_del(&addr->addr_list);
2919 vfree(addr->addr_space_buffer);
2920 kfree(addr);
2921 } /* while */
2922 spin_unlock_irqrestore(&host_info_lock, flags);
2923 if (fail > 0) {
2924 printk(KERN_ERR "raw1394: during addr_list-release "
2925 "error(s) occurred \n");
2926 }
2927
2928 for (;;) {
2929 /* This locked section guarantees that neither
2930 * complete nor pending requests exist once i!=0 */
2931 spin_lock_irqsave(&fi->reqlists_lock, flags);
2932 while ((req = __next_complete_req(fi)))
2933 free_pending_request(req);
2934
2935 i = list_empty(&fi->req_pending);
2936 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2937
2938 if (i)
2939 break;
2940 /*
2941 * Sleep until more requests can be freed.
2942 *
2943 * NB: We call the macro wait_event() with a condition argument
2944 * with side effect. This is only possible because the side
2945 * effect does not occur until the condition became true, and
2946 * wait_event() won't evaluate the condition again after that.
2947 */
2948 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2949 free_pending_request(req);
2950 }
2951
2952 /* Remove any sub-trees left by user space programs */
2953 for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2954 struct csr1212_dentry *dentry;
2955 if (!fi->csr1212_dirs[i])
2956 continue;
2957 for (dentry =
2958 fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2959 dentry = dentry->next) {
2960 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2961 root_kv,
2962 dentry->kv);
2963 }
2964 csr1212_release_keyval(fi->csr1212_dirs[i]);
2965 fi->csr1212_dirs[i] = NULL;
2966 csr_mod = 1;
2967 }
2968
2969 if ((csr_mod || fi->cfgrom_upd)
2970 && hpsb_update_config_rom_image(fi->host) < 0)
2971 HPSB_ERR
2972 ("Failed to generate Configuration ROM image for host %d",
2973 fi->host->id);
2974
2975 if (fi->state == connected) {
2976 spin_lock_irqsave(&host_info_lock, flags);
2977 list_del(&fi->list);
2978 spin_unlock_irqrestore(&host_info_lock, flags);
2979
2980 put_device(&fi->host->device);
2981 }
2982
2983 spin_lock_irqsave(&host_info_lock, flags);
2984 if (fi->host)
2985 module_put(fi->host->driver->owner);
2986 spin_unlock_irqrestore(&host_info_lock, flags);
2987
2988 kfree(fi);
2989
2990 return 0;
2991 }
2992
2993 /*** HOTPLUG STUFF **********************************************************/
2994 /*
2995 * Export information about protocols/devices supported by this driver.
2996 */
2997 static struct ieee1394_device_id raw1394_id_table[] = {
2998 {
2999 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3000 .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
3001 .version = AVC_SW_VERSION_ENTRY & 0xffffff},
3002 {
3003 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3004 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3005 .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
3006 {
3007 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3008 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3009 .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
3010 {
3011 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3012 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3013 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
3014 {}
3015 };
3016
3017 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
3018
3019 static struct hpsb_protocol_driver raw1394_driver = {
3020 .name = "raw1394",
3021 .id_table = raw1394_id_table,
3022 };
3023
3024 /******************************************************************************/
3025
3026 static struct hpsb_highlevel raw1394_highlevel = {
3027 .name = RAW1394_DEVICE_NAME,
3028 .add_host = add_host,
3029 .remove_host = remove_host,
3030 .host_reset = host_reset,
3031 .iso_receive = iso_receive,
3032 .fcp_request = fcp_request,
3033 };
3034
3035 static struct cdev raw1394_cdev;
3036 static const struct file_operations raw1394_fops = {
3037 .owner = THIS_MODULE,
3038 .read = raw1394_read,
3039 .write = raw1394_write,
3040 .mmap = raw1394_mmap,
3041 .ioctl = raw1394_ioctl,
3042 // .compat_ioctl = ... someone needs to do this
3043 .poll = raw1394_poll,
3044 .open = raw1394_open,
3045 .release = raw1394_release,
3046 };
3047
3048 static int __init init_raw1394(void)
3049 {
3050 int ret = 0;
3051
3052 hpsb_register_highlevel(&raw1394_highlevel);
3053
3054 if (IS_ERR
3055 (class_device_create
3056 (hpsb_protocol_class, NULL,
3057 MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), NULL,
3058 RAW1394_DEVICE_NAME))) {
3059 ret = -EFAULT;
3060 goto out_unreg;
3061 }
3062
3063 cdev_init(&raw1394_cdev, &raw1394_fops);
3064 raw1394_cdev.owner = THIS_MODULE;
3065 kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
3066 ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3067 if (ret) {
3068 HPSB_ERR("raw1394 failed to register minor device block");
3069 goto out_dev;
3070 }
3071
3072 HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3073
3074 ret = hpsb_register_protocol(&raw1394_driver);
3075 if (ret) {
3076 HPSB_ERR("raw1394: failed to register protocol");
3077 cdev_del(&raw1394_cdev);
3078 goto out_dev;
3079 }
3080
3081 goto out;
3082
3083 out_dev:
3084 class_device_destroy(hpsb_protocol_class,
3085 MKDEV(IEEE1394_MAJOR,
3086 IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3087 out_unreg:
3088 hpsb_unregister_highlevel(&raw1394_highlevel);
3089 out:
3090 return ret;
3091 }
3092
3093 static void __exit cleanup_raw1394(void)
3094 {
3095 class_device_destroy(hpsb_protocol_class,
3096 MKDEV(IEEE1394_MAJOR,
3097 IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3098 cdev_del(&raw1394_cdev);
3099 hpsb_unregister_highlevel(&raw1394_highlevel);
3100 hpsb_unregister_protocol(&raw1394_driver);
3101 }
3102
3103 module_init(init_raw1394);
3104 module_exit(cleanup_raw1394);
3105 MODULE_LICENSE("GPL");
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree