search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
spi: fix refcount-related spidev oops-on-rmmod
[linux-2.6/linux-acpi-2.6/ibm-acpi-2.6.git] / drivers / spi / spidev.c
blob799337f7fde1b5a5971ff11c6378121e20cc5451
1 /*
2 * spidev.c -- simple synchronous userspace interface to SPI devices
3 *
4 * Copyright (C) 2006 SWAPP
5 * Andrea Paterniani <a.paterniani@swapp-eng.it>
6 * Copyright (C) 2007 David Brownell (simplification, cleanup)
7 *
8 * This program is free software; you can redistribute it and/or modify
9 * it under the terms of the GNU General Public License as published by
10 * the Free Software Foundation; either version 2 of the License, or
11 * (at your option) any later version.
12 *
13 * This program is distributed in the hope that it will be useful,
14 * but WITHOUT ANY WARRANTY; without even the implied warranty of
15 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 * GNU General Public License for more details.
17 *
18 * You should have received a copy of the GNU General Public License
19 * along with this program; if not, write to the Free Software
20 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 */
22
23 #include <linux/init.h>
24 #include <linux/module.h>
25 #include <linux/ioctl.h>
26 #include <linux/fs.h>
27 #include <linux/device.h>
28 #include <linux/err.h>
29 #include <linux/list.h>
30 #include <linux/errno.h>
31 #include <linux/mutex.h>
32 #include <linux/slab.h>
33
34 #include <linux/spi/spi.h>
35 #include <linux/spi/spidev.h>
36
37 #include <asm/uaccess.h>
38
39
40 /*
41 * This supports acccess to SPI devices using normal userspace I/O calls.
42 * Note that while traditional UNIX/POSIX I/O semantics are half duplex,
43 * and often mask message boundaries, full SPI support requires full duplex
44 * transfers. There are several kinds of of internal message boundaries to
45 * handle chipselect management and other protocol options.
46 *
47 * SPI has a character major number assigned. We allocate minor numbers
48 * dynamically using a bitmask. You must use hotplug tools, such as udev
49 * (or mdev with busybox) to create and destroy the /dev/spidevB.C device
50 * nodes, since there is no fixed association of minor numbers with any
51 * particular SPI bus or device.
52 */
53 #define SPIDEV_MAJOR 153 /* assigned */
54 #define N_SPI_MINORS 32 /* ... up to 256 */
55
56 static unsigned long minors[N_SPI_MINORS / BITS_PER_LONG];
57
58
59 /* Bit masks for spi_device.mode management. Note that incorrect
60 * settings for CS_HIGH and 3WIRE can cause *lots* of trouble for other
61 * devices on a shared bus: CS_HIGH, because this device will be
62 * active when it shouldn't be; 3WIRE, because when active it won't
63 * behave as it should.
64 *
65 * REVISIT should changing those two modes be privileged?
66 */
67 #define SPI_MODE_MASK (SPI_CPHA | SPI_CPOL | SPI_CS_HIGH \
68 | SPI_LSB_FIRST | SPI_3WIRE | SPI_LOOP)
69
70 struct spidev_data {
71 dev_t devt;
72 spinlock_t spi_lock;
73 struct spi_device *spi;
74 struct list_head device_entry;
75
76 /* buffer is NULL unless this device is open (users > 0) */
77 struct mutex buf_lock;
78 unsigned users;
79 u8 *buffer;
80 };
81
82 static LIST_HEAD(device_list);
83 static DEFINE_MUTEX(device_list_lock);
84
85 static unsigned bufsiz = 4096;
86 module_param(bufsiz, uint, S_IRUGO);
87 MODULE_PARM_DESC(bufsiz, "data bytes in biggest supported SPI message");
88
89 /*-------------------------------------------------------------------------*/
90
91 /*
92 * We can't use the standard synchronous wrappers for file I/O; we
93 * need to protect against async removal of the underlying spi_device.
94 */
95 static void spidev_complete(void *arg)
96 {
97 complete(arg);
98 }
99
100 static ssize_t
101 spidev_sync(struct spidev_data *spidev, struct spi_message *message)
102 {
103 DECLARE_COMPLETION_ONSTACK(done);
104 int status;
105
106 message->complete = spidev_complete;
107 message->context = &done;
108
109 spin_lock_irq(&spidev->spi_lock);
110 if (spidev->spi == NULL)
111 status = -ESHUTDOWN;
112 else
113 status = spi_async(spidev->spi, message);
114 spin_unlock_irq(&spidev->spi_lock);
115
116 if (status == 0) {
117 wait_for_completion(&done);
118 status = message->status;
119 if (status == 0)
120 status = message->actual_length;
121 }
122 return status;
123 }
124
125 static inline ssize_t
126 spidev_sync_write(struct spidev_data *spidev, size_t len)
127 {
128 struct spi_transfer t = {
129 .tx_buf = spidev->buffer,
130 .len = len,
131 };
132 struct spi_message m;
133
134 spi_message_init(&m);
135 spi_message_add_tail(&t, &m);
136 return spidev_sync(spidev, &m);
137 }
138
139 static inline ssize_t
140 spidev_sync_read(struct spidev_data *spidev, size_t len)
141 {
142 struct spi_transfer t = {
143 .rx_buf = spidev->buffer,
144 .len = len,
145 };
146 struct spi_message m;
147
148 spi_message_init(&m);
149 spi_message_add_tail(&t, &m);
150 return spidev_sync(spidev, &m);
151 }
152
153 /*-------------------------------------------------------------------------*/
154
155 /* Read-only message with current device setup */
156 static ssize_t
157 spidev_read(struct file *filp, char __user *buf, size_t count, loff_t *f_pos)
158 {
159 struct spidev_data *spidev;
160 ssize_t status = 0;
161
162 /* chipselect only toggles at start or end of operation */
163 if (count > bufsiz)
164 return -EMSGSIZE;
165
166 spidev = filp->private_data;
167
168 mutex_lock(&spidev->buf_lock);
169 status = spidev_sync_read(spidev, count);
170 if (status == 0) {
171 unsigned long missing;
172
173 missing = copy_to_user(buf, spidev->buffer, count);
174 if (count && missing == count)
175 status = -EFAULT;
176 else
177 status = count - missing;
178 }
179 mutex_unlock(&spidev->buf_lock);
180
181 return status;
182 }
183
184 /* Write-only message with current device setup */
185 static ssize_t
186 spidev_write(struct file *filp, const char __user *buf,
187 size_t count, loff_t *f_pos)
188 {
189 struct spidev_data *spidev;
190 ssize_t status = 0;
191 unsigned long missing;
192
193 /* chipselect only toggles at start or end of operation */
194 if (count > bufsiz)
195 return -EMSGSIZE;
196
197 spidev = filp->private_data;
198
199 mutex_lock(&spidev->buf_lock);
200 missing = copy_from_user(spidev->buffer, buf, count);
201 if (missing == 0) {
202 status = spidev_sync_write(spidev, count);
203 if (status == 0)
204 status = count;
205 } else
206 status = -EFAULT;
207 mutex_unlock(&spidev->buf_lock);
208
209 return status;
210 }
211
212 static int spidev_message(struct spidev_data *spidev,
213 struct spi_ioc_transfer *u_xfers, unsigned n_xfers)
214 {
215 struct spi_message msg;
216 struct spi_transfer *k_xfers;
217 struct spi_transfer *k_tmp;
218 struct spi_ioc_transfer *u_tmp;
219 unsigned n, total;
220 u8 *buf;
221 int status = -EFAULT;
222
223 spi_message_init(&msg);
224 k_xfers = kcalloc(n_xfers, sizeof(*k_tmp), GFP_KERNEL);
225 if (k_xfers == NULL)
226 return -ENOMEM;
227
228 /* Construct spi_message, copying any tx data to bounce buffer.
229 * We walk the array of user-provided transfers, using each one
230 * to initialize a kernel version of the same transfer.
231 */
232 mutex_lock(&spidev->buf_lock);
233 buf = spidev->buffer;
234 total = 0;
235 for (n = n_xfers, k_tmp = k_xfers, u_tmp = u_xfers;
236 n;
237 n--, k_tmp++, u_tmp++) {
238 k_tmp->len = u_tmp->len;
239
240 total += k_tmp->len;
241 if (total > bufsiz) {
242 status = -EMSGSIZE;
243 goto done;
244 }
245
246 if (u_tmp->rx_buf) {
247 k_tmp->rx_buf = buf;
248 if (!access_ok(VERIFY_WRITE, (u8 __user *)
249 (uintptr_t) u_tmp->rx_buf,
250 u_tmp->len))
251 goto done;
252 }
253 if (u_tmp->tx_buf) {
254 k_tmp->tx_buf = buf;
255 if (copy_from_user(buf, (const u8 __user *)
256 (uintptr_t) u_tmp->tx_buf,
257 u_tmp->len))
258 goto done;
259 }
260 buf += k_tmp->len;
261
262 k_tmp->cs_change = !!u_tmp->cs_change;
263 k_tmp->bits_per_word = u_tmp->bits_per_word;
264 k_tmp->delay_usecs = u_tmp->delay_usecs;
265 k_tmp->speed_hz = u_tmp->speed_hz;
266 #ifdef VERBOSE
267 dev_dbg(&spi->dev,
268 " xfer len %zd %s%s%s%dbits %u usec %uHz\n",
269 u_tmp->len,
270 u_tmp->rx_buf ? "rx " : "",
271 u_tmp->tx_buf ? "tx " : "",
272 u_tmp->cs_change ? "cs " : "",
273 u_tmp->bits_per_word ? : spi->bits_per_word,
274 u_tmp->delay_usecs,
275 u_tmp->speed_hz ? : spi->max_speed_hz);
276 #endif
277 spi_message_add_tail(k_tmp, &msg);
278 }
279
280 status = spidev_sync(spidev, &msg);
281 if (status < 0)
282 goto done;
283
284 /* copy any rx data out of bounce buffer */
285 buf = spidev->buffer;
286 for (n = n_xfers, u_tmp = u_xfers; n; n--, u_tmp++) {
287 if (u_tmp->rx_buf) {
288 if (__copy_to_user((u8 __user *)
289 (uintptr_t) u_tmp->rx_buf, buf,
290 u_tmp->len)) {
291 status = -EFAULT;
292 goto done;
293 }
294 }
295 buf += u_tmp->len;
296 }
297 status = total;
298
299 done:
300 mutex_unlock(&spidev->buf_lock);
301 kfree(k_xfers);
302 return status;
303 }
304
305 static int
306 spidev_ioctl(struct inode *inode, struct file *filp,
307 unsigned int cmd, unsigned long arg)
308 {
309 int err = 0;
310 int retval = 0;
311 struct spidev_data *spidev;
312 struct spi_device *spi;
313 u32 tmp;
314 unsigned n_ioc;
315 struct spi_ioc_transfer *ioc;
316
317 /* Check type and command number */
318 if (_IOC_TYPE(cmd) != SPI_IOC_MAGIC)
319 return -ENOTTY;
320
321 /* Check access direction once here; don't repeat below.
322 * IOC_DIR is from the user perspective, while access_ok is
323 * from the kernel perspective; so they look reversed.
324 */
325 if (_IOC_DIR(cmd) & _IOC_READ)
326 err = !access_ok(VERIFY_WRITE,
327 (void __user *)arg, _IOC_SIZE(cmd));
328 if (err == 0 && _IOC_DIR(cmd) & _IOC_WRITE)
329 err = !access_ok(VERIFY_READ,
330 (void __user *)arg, _IOC_SIZE(cmd));
331 if (err)
332 return -EFAULT;
333
334 /* guard against device removal before, or while,
335 * we issue this ioctl.
336 */
337 spidev = filp->private_data;
338 spin_lock_irq(&spidev->spi_lock);
339 spi = spi_dev_get(spidev->spi);
340 spin_unlock_irq(&spidev->spi_lock);
341
342 if (spi == NULL)
343 return -ESHUTDOWN;
344
345 switch (cmd) {
346 /* read requests */
347 case SPI_IOC_RD_MODE:
348 retval = __put_user(spi->mode & SPI_MODE_MASK,
349 (__u8 __user *)arg);
350 break;
351 case SPI_IOC_RD_LSB_FIRST:
352 retval = __put_user((spi->mode & SPI_LSB_FIRST) ? 1 : 0,
353 (__u8 __user *)arg);
354 break;
355 case SPI_IOC_RD_BITS_PER_WORD:
356 retval = __put_user(spi->bits_per_word, (__u8 __user *)arg);
357 break;
358 case SPI_IOC_RD_MAX_SPEED_HZ:
359 retval = __put_user(spi->max_speed_hz, (__u32 __user *)arg);
360 break;
361
362 /* write requests */
363 case SPI_IOC_WR_MODE:
364 retval = __get_user(tmp, (u8 __user *)arg);
365 if (retval == 0) {
366 u8 save = spi->mode;
367
368 if (tmp & ~SPI_MODE_MASK) {
369 retval = -EINVAL;
370 break;
371 }
372
373 tmp |= spi->mode & ~SPI_MODE_MASK;
374 spi->mode = (u8)tmp;
375 retval = spi_setup(spi);
376 if (retval < 0)
377 spi->mode = save;
378 else
379 dev_dbg(&spi->dev, "spi mode %02x\n", tmp);
380 }
381 break;
382 case SPI_IOC_WR_LSB_FIRST:
383 retval = __get_user(tmp, (__u8 __user *)arg);
384 if (retval == 0) {
385 u8 save = spi->mode;
386
387 if (tmp)
388 spi->mode |= SPI_LSB_FIRST;
389 else
390 spi->mode &= ~SPI_LSB_FIRST;
391 retval = spi_setup(spi);
392 if (retval < 0)
393 spi->mode = save;
394 else
395 dev_dbg(&spi->dev, "%csb first\n",
396 tmp ? 'l' : 'm');
397 }
398 break;
399 case SPI_IOC_WR_BITS_PER_WORD:
400 retval = __get_user(tmp, (__u8 __user *)arg);
401 if (retval == 0) {
402 u8 save = spi->bits_per_word;
403
404 spi->bits_per_word = tmp;
405 retval = spi_setup(spi);
406 if (retval < 0)
407 spi->bits_per_word = save;
408 else
409 dev_dbg(&spi->dev, "%d bits per word\n", tmp);
410 }
411 break;
412 case SPI_IOC_WR_MAX_SPEED_HZ:
413 retval = __get_user(tmp, (__u32 __user *)arg);
414 if (retval == 0) {
415 u32 save = spi->max_speed_hz;
416
417 spi->max_speed_hz = tmp;
418 retval = spi_setup(spi);
419 if (retval < 0)
420 spi->max_speed_hz = save;
421 else
422 dev_dbg(&spi->dev, "%d Hz (max)\n", tmp);
423 }
424 break;
425
426 default:
427 /* segmented and/or full-duplex I/O request */
428 if (_IOC_NR(cmd) != _IOC_NR(SPI_IOC_MESSAGE(0))
429 || _IOC_DIR(cmd) != _IOC_WRITE) {
430 retval = -ENOTTY;
431 break;
432 }
433
434 tmp = _IOC_SIZE(cmd);
435 if ((tmp % sizeof(struct spi_ioc_transfer)) != 0) {
436 retval = -EINVAL;
437 break;
438 }
439 n_ioc = tmp / sizeof(struct spi_ioc_transfer);
440 if (n_ioc == 0)
441 break;
442
443 /* copy into scratch area */
444 ioc = kmalloc(tmp, GFP_KERNEL);
445 if (!ioc) {
446 retval = -ENOMEM;
447 break;
448 }
449 if (__copy_from_user(ioc, (void __user *)arg, tmp)) {
450 kfree(ioc);
451 retval = -EFAULT;
452 break;
453 }
454
455 /* translate to spi_message, execute */
456 retval = spidev_message(spidev, ioc, n_ioc);
457 kfree(ioc);
458 break;
459 }
460 spi_dev_put(spi);
461 return retval;
462 }
463
464 static int spidev_open(struct inode *inode, struct file *filp)
465 {
466 struct spidev_data *spidev;
467 int status = -ENXIO;
468
469 mutex_lock(&device_list_lock);
470
471 list_for_each_entry(spidev, &device_list, device_entry) {
472 if (spidev->devt == inode->i_rdev) {
473 status = 0;
474 break;
475 }
476 }
477 if (status == 0) {
478 if (!spidev->buffer) {
479 spidev->buffer = kmalloc(bufsiz, GFP_KERNEL);
480 if (!spidev->buffer) {
481 dev_dbg(&spidev->spi->dev, "open/ENOMEM\n");
482 status = -ENOMEM;
483 }
484 }
485 if (status == 0) {
486 spidev->users++;
487 filp->private_data = spidev;
488 nonseekable_open(inode, filp);
489 }
490 } else
491 pr_debug("spidev: nothing for minor %d\n", iminor(inode));
492
493 mutex_unlock(&device_list_lock);
494 return status;
495 }
496
497 static int spidev_release(struct inode *inode, struct file *filp)
498 {
499 struct spidev_data *spidev;
500 int status = 0;
501
502 mutex_lock(&device_list_lock);
503 spidev = filp->private_data;
504 filp->private_data = NULL;
505
506 /* last close? */
507 spidev->users--;
508 if (!spidev->users) {
509 int dofree;
510
511 kfree(spidev->buffer);
512 spidev->buffer = NULL;
513
514 /* ... after we unbound from the underlying device? */
515 spin_lock_irq(&spidev->spi_lock);
516 dofree = (spidev->spi == NULL);
517 spin_unlock_irq(&spidev->spi_lock);
518
519 if (dofree)
520 kfree(spidev);
521 }
522 mutex_unlock(&device_list_lock);
523
524 return status;
525 }
526
527 static struct file_operations spidev_fops = {
528 .owner = THIS_MODULE,
529 /* REVISIT switch to aio primitives, so that userspace
530 * gets more complete API coverage. It'll simplify things
531 * too, except for the locking.
532 */
533 .write = spidev_write,
534 .read = spidev_read,
535 .ioctl = spidev_ioctl,
536 .open = spidev_open,
537 .release = spidev_release,
538 };
539
540 /*-------------------------------------------------------------------------*/
541
542 /* The main reason to have this class is to make mdev/udev create the
543 * /dev/spidevB.C character device nodes exposing our userspace API.
544 * It also simplifies memory management.
545 */
546
547 static struct class *spidev_class;
548
549 /*-------------------------------------------------------------------------*/
550
551 static int spidev_probe(struct spi_device *spi)
552 {
553 struct spidev_data *spidev;
554 int status;
555 unsigned long minor;
556
557 /* Allocate driver data */
558 spidev = kzalloc(sizeof(*spidev), GFP_KERNEL);
559 if (!spidev)
560 return -ENOMEM;
561
562 /* Initialize the driver data */
563 spidev->spi = spi;
564 spin_lock_init(&spidev->spi_lock);
565 mutex_init(&spidev->buf_lock);
566
567 INIT_LIST_HEAD(&spidev->device_entry);
568
569 /* If we can allocate a minor number, hook up this device.
570 * Reusing minors is fine so long as udev or mdev is working.
571 */
572 mutex_lock(&device_list_lock);
573 minor = find_first_zero_bit(minors, N_SPI_MINORS);
574 if (minor < N_SPI_MINORS) {
575 struct device *dev;
576
577 spidev->devt = MKDEV(SPIDEV_MAJOR, minor);
578 dev = device_create(spidev_class, &spi->dev, spidev->devt,
579 "spidev%d.%d",
580 spi->master->bus_num, spi->chip_select);
581 status = IS_ERR(dev) ? PTR_ERR(dev) : 0;
582 } else {
583 dev_dbg(&spi->dev, "no minor number available!\n");
584 status = -ENODEV;
585 }
586 if (status == 0) {
587 set_bit(minor, minors);
588 spi_set_drvdata(spi, spidev);
589 list_add(&spidev->device_entry, &device_list);
590 }
591 mutex_unlock(&device_list_lock);
592
593 if (status != 0)
594 kfree(spidev);
595
596 return status;
597 }
598
599 static int spidev_remove(struct spi_device *spi)
600 {
601 struct spidev_data *spidev = spi_get_drvdata(spi);
602
603 /* make sure ops on existing fds can abort cleanly */
604 spin_lock_irq(&spidev->spi_lock);
605 spidev->spi = NULL;
606 spi_set_drvdata(spi, NULL);
607 spin_unlock_irq(&spidev->spi_lock);
608
609 /* prevent new opens */
610 mutex_lock(&device_list_lock);
611 list_del(&spidev->device_entry);
612 device_destroy(spidev_class, spidev->devt);
613 clear_bit(MINOR(spidev->devt), minors);
614 if (spidev->users == 0)
615 kfree(spidev);
616 mutex_unlock(&device_list_lock);
617
618 return 0;
619 }
620
621 static struct spi_driver spidev_spi = {
622 .driver = {
623 .name = "spidev",
624 .owner = THIS_MODULE,
625 },
626 .probe = spidev_probe,
627 .remove = __devexit_p(spidev_remove),
628
629 /* NOTE: suspend/resume methods are not necessary here.
630 * We don't do anything except pass the requests to/from
631 * the underlying controller. The refrigerator handles
632 * most issues; the controller driver handles the rest.
633 */
634 };
635
636 /*-------------------------------------------------------------------------*/
637
638 static int __init spidev_init(void)
639 {
640 int status;
641
642 /* Claim our 256 reserved device numbers. Then register a class
643 * that will key udev/mdev to add/remove /dev nodes. Last, register
644 * the driver which manages those device numbers.
645 */
646 BUILD_BUG_ON(N_SPI_MINORS > 256);
647 status = register_chrdev(SPIDEV_MAJOR, "spi", &spidev_fops);
648 if (status < 0)
649 return status;
650
651 spidev_class = class_create(THIS_MODULE, "spidev");
652 if (IS_ERR(spidev_class)) {
653 unregister_chrdev(SPIDEV_MAJOR, spidev_spi.driver.name);
654 return PTR_ERR(spidev_class);
655 }
656
657 status = spi_register_driver(&spidev_spi);
658 if (status < 0) {
659 class_destroy(spidev_class);
660 unregister_chrdev(SPIDEV_MAJOR, spidev_spi.driver.name);
661 }
662 return status;
663 }
664 module_init(spidev_init);
665
666 static void __exit spidev_exit(void)
667 {
668 spi_unregister_driver(&spidev_spi);
669 class_destroy(spidev_class);
670 unregister_chrdev(SPIDEV_MAJOR, spidev_spi.driver.name);
671 }
672 module_exit(spidev_exit);
673
674 MODULE_AUTHOR("Andrea Paterniani, <a.paterniani@swapp-eng.it>");
675 MODULE_DESCRIPTION("User mode SPI device interface");
676 MODULE_LICENSE("GPL");
Linux 2.6 ibm-acpi/thinkpad-acpi driver git tree