search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
RT-AC66 3.0.0.4.374.130 core
[tomato.git] / release / src-rt-6.x / linux / linux-2.6 / drivers / ieee1394 / raw1394.c
blobf1d05eeb9f5190216b68504dc78fcc1fb7ef38fe
1 /*
2 * IEEE 1394 for Linux
3 *
4 * Raw interface to the bus
5 *
6 * Copyright (C) 1999, 2000 Andreas E. Bombe
7 * 2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8 * 2002 Christian Toegel <christian.toegel@gmx.at>
9 *
10 * This code is licensed under the GPL. See the file COPYING in the root
11 * directory of the kernel sources for details.
12 *
13 *
14 * Contributions:
15 *
16 * Manfred Weihs <weihs@ict.tuwien.ac.at>
17 * configuration ROM manipulation
18 * address range mapping
19 * adaptation for new (transparent) loopback mechanism
20 * sending of arbitrary async packets
21 * Christian Toegel <christian.toegel@gmx.at>
22 * address range mapping
23 * lock64 request
24 * transmit physical packet
25 * busreset notification control (switch on/off)
26 * busreset with selection of type (short/long)
27 * request_reply
28 */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/interrupt.h>
39 #include <linux/vmalloc.h>
40 #include <linux/cdev.h>
41 #include <asm/uaccess.h>
42 #include <asm/atomic.h>
43 #include <linux/compat.h>
44
45 #include "csr1212.h"
46 #include "highlevel.h"
47 #include "hosts.h"
48 #include "ieee1394.h"
49 #include "ieee1394_core.h"
50 #include "ieee1394_hotplug.h"
51 #include "ieee1394_transactions.h"
52 #include "ieee1394_types.h"
53 #include "iso.h"
54 #include "nodemgr.h"
55 #include "raw1394.h"
56 #include "raw1394-private.h"
57
58 #define int2ptr(x) ((void __user *)(unsigned long)x)
59 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
60
61 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
62 #define RAW1394_DEBUG
63 #endif
64
65 #ifdef RAW1394_DEBUG
66 #define DBGMSG(fmt, args...) \
67 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
68 #else
69 #define DBGMSG(fmt, args...) do {} while (0)
70 #endif
71
72 static LIST_HEAD(host_info_list);
73 static int host_count;
74 static DEFINE_SPINLOCK(host_info_lock);
75 static atomic_t internal_generation = ATOMIC_INIT(0);
76
77 static atomic_t iso_buffer_size;
78 static const int iso_buffer_max = 4 * 1024 * 1024; /* 4 MB */
79
80 static struct hpsb_highlevel raw1394_highlevel;
81
82 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
83 u64 addr, size_t length, u16 flags);
84 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
85 quadlet_t * data, u64 addr, size_t length, u16 flags);
86 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
87 u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
88 u16 flags);
89 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
90 u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
91 u16 flags);
92 static struct hpsb_address_ops arm_ops = {
93 .read = arm_read,
94 .write = arm_write,
95 .lock = arm_lock,
96 .lock64 = arm_lock64,
97 };
98
99 static void queue_complete_cb(struct pending_request *req);
100
101 #include <asm/current.h>
102 static void print_old_iso_deprecation(void)
103 {
104 static pid_t p;
105
106 if (p == current->pid)
107 return;
108 p = current->pid;
109 printk(KERN_WARNING "raw1394: WARNING - Program \"%s\" uses unsupported"
110 " isochronous request types which will be removed in a next"
111 " kernel release\n", current->comm);
112 printk(KERN_WARNING "raw1394: Update your software to use libraw1394's"
113 " newer interface\n");
114 }
115
116 static struct pending_request *__alloc_pending_request(gfp_t flags)
117 {
118 struct pending_request *req;
119
120 req = kzalloc(sizeof(*req), flags);
121 if (req)
122 INIT_LIST_HEAD(&req->list);
123
124 return req;
125 }
126
127 static inline struct pending_request *alloc_pending_request(void)
128 {
129 return __alloc_pending_request(GFP_KERNEL);
130 }
131
132 static void free_pending_request(struct pending_request *req)
133 {
134 if (req->ibs) {
135 if (atomic_dec_and_test(&req->ibs->refcount)) {
136 atomic_sub(req->ibs->data_size, &iso_buffer_size);
137 kfree(req->ibs);
138 }
139 } else if (req->free_data) {
140 kfree(req->data);
141 }
142 hpsb_free_packet(req->packet);
143 kfree(req);
144 }
145
146 /* fi->reqlists_lock must be taken */
147 static void __queue_complete_req(struct pending_request *req)
148 {
149 struct file_info *fi = req->file_info;
150
151 list_move_tail(&req->list, &fi->req_complete);
152 wake_up(&fi->wait_complete);
153 }
154
155 static void queue_complete_req(struct pending_request *req)
156 {
157 unsigned long flags;
158 struct file_info *fi = req->file_info;
159
160 spin_lock_irqsave(&fi->reqlists_lock, flags);
161 __queue_complete_req(req);
162 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
163 }
164
165 static void queue_complete_cb(struct pending_request *req)
166 {
167 struct hpsb_packet *packet = req->packet;
168 int rcode = (packet->header[1] >> 12) & 0xf;
169
170 switch (packet->ack_code) {
171 case ACKX_NONE:
172 case ACKX_SEND_ERROR:
173 req->req.error = RAW1394_ERROR_SEND_ERROR;
174 break;
175 case ACKX_ABORTED:
176 req->req.error = RAW1394_ERROR_ABORTED;
177 break;
178 case ACKX_TIMEOUT:
179 req->req.error = RAW1394_ERROR_TIMEOUT;
180 break;
181 default:
182 req->req.error = (packet->ack_code << 16) | rcode;
183 break;
184 }
185
186 if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
187 req->req.length = 0;
188 }
189
190 if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
191 (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
192 (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
193 (req->req.type == RAW1394_REQ_LOCK) ||
194 (req->req.type == RAW1394_REQ_LOCK64))
195 hpsb_free_tlabel(packet);
196
197 queue_complete_req(req);
198 }
199
200 static void add_host(struct hpsb_host *host)
201 {
202 struct host_info *hi;
203 unsigned long flags;
204
205 hi = kmalloc(sizeof(*hi), GFP_KERNEL);
206
207 if (hi) {
208 INIT_LIST_HEAD(&hi->list);
209 hi->host = host;
210 INIT_LIST_HEAD(&hi->file_info_list);
211
212 spin_lock_irqsave(&host_info_lock, flags);
213 list_add_tail(&hi->list, &host_info_list);
214 host_count++;
215 spin_unlock_irqrestore(&host_info_lock, flags);
216 }
217
218 atomic_inc(&internal_generation);
219 }
220
221 static struct host_info *find_host_info(struct hpsb_host *host)
222 {
223 struct host_info *hi;
224
225 list_for_each_entry(hi, &host_info_list, list)
226 if (hi->host == host)
227 return hi;
228
229 return NULL;
230 }
231
232 static void remove_host(struct hpsb_host *host)
233 {
234 struct host_info *hi;
235 unsigned long flags;
236
237 spin_lock_irqsave(&host_info_lock, flags);
238 hi = find_host_info(host);
239
240 if (hi != NULL) {
241 list_del(&hi->list);
242 host_count--;
243 /*
244 FIXME: address ranges should be removed
245 and fileinfo states should be initialized
246 (including setting generation to
247 internal-generation ...)
248 */
249 }
250 spin_unlock_irqrestore(&host_info_lock, flags);
251
252 if (hi == NULL) {
253 printk(KERN_ERR "raw1394: attempt to remove unknown host "
254 "0x%p\n", host);
255 return;
256 }
257
258 kfree(hi);
259
260 atomic_inc(&internal_generation);
261 }
262
263 static void host_reset(struct hpsb_host *host)
264 {
265 unsigned long flags;
266 struct host_info *hi;
267 struct file_info *fi;
268 struct pending_request *req;
269
270 spin_lock_irqsave(&host_info_lock, flags);
271 hi = find_host_info(host);
272
273 if (hi != NULL) {
274 list_for_each_entry(fi, &hi->file_info_list, list) {
275 if (fi->notification == RAW1394_NOTIFY_ON) {
276 req = __alloc_pending_request(GFP_ATOMIC);
277
278 if (req != NULL) {
279 req->file_info = fi;
280 req->req.type = RAW1394_REQ_BUS_RESET;
281 req->req.generation =
282 get_hpsb_generation(host);
283 req->req.misc = (host->node_id << 16)
284 | host->node_count;
285 if (fi->protocol_version > 3) {
286 req->req.misc |=
287 (NODEID_TO_NODE
288 (host->irm_id)
289 << 8);
290 }
291
292 queue_complete_req(req);
293 }
294 }
295 }
296 }
297 spin_unlock_irqrestore(&host_info_lock, flags);
298 }
299
300 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
301 size_t length)
302 {
303 unsigned long flags;
304 struct host_info *hi;
305 struct file_info *fi;
306 struct pending_request *req, *req_next;
307 struct iso_block_store *ibs = NULL;
308 LIST_HEAD(reqs);
309
310 if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
311 HPSB_INFO("dropped iso packet");
312 return;
313 }
314
315 spin_lock_irqsave(&host_info_lock, flags);
316 hi = find_host_info(host);
317
318 if (hi != NULL) {
319 list_for_each_entry(fi, &hi->file_info_list, list) {
320 if (!(fi->listen_channels & (1ULL << channel)))
321 continue;
322
323 req = __alloc_pending_request(GFP_ATOMIC);
324 if (!req)
325 break;
326
327 if (!ibs) {
328 ibs = kmalloc(sizeof(*ibs) + length,
329 GFP_ATOMIC);
330 if (!ibs) {
331 kfree(req);
332 break;
333 }
334
335 atomic_add(length, &iso_buffer_size);
336 atomic_set(&ibs->refcount, 0);
337 ibs->data_size = length;
338 memcpy(ibs->data, data, length);
339 }
340
341 atomic_inc(&ibs->refcount);
342
343 req->file_info = fi;
344 req->ibs = ibs;
345 req->data = ibs->data;
346 req->req.type = RAW1394_REQ_ISO_RECEIVE;
347 req->req.generation = get_hpsb_generation(host);
348 req->req.misc = 0;
349 req->req.recvb = ptr2int(fi->iso_buffer);
350 req->req.length = min(length, fi->iso_buffer_length);
351
352 list_add_tail(&req->list, &reqs);
353 }
354 }
355 spin_unlock_irqrestore(&host_info_lock, flags);
356
357 list_for_each_entry_safe(req, req_next, &reqs, list)
358 queue_complete_req(req);
359 }
360
361 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
362 int cts, u8 * data, size_t length)
363 {
364 unsigned long flags;
365 struct host_info *hi;
366 struct file_info *fi;
367 struct pending_request *req, *req_next;
368 struct iso_block_store *ibs = NULL;
369 LIST_HEAD(reqs);
370
371 if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
372 HPSB_INFO("dropped fcp request");
373 return;
374 }
375
376 spin_lock_irqsave(&host_info_lock, flags);
377 hi = find_host_info(host);
378
379 if (hi != NULL) {
380 list_for_each_entry(fi, &hi->file_info_list, list) {
381 if (!fi->fcp_buffer)
382 continue;
383
384 req = __alloc_pending_request(GFP_ATOMIC);
385 if (!req)
386 break;
387
388 if (!ibs) {
389 ibs = kmalloc(sizeof(*ibs) + length,
390 GFP_ATOMIC);
391 if (!ibs) {
392 kfree(req);
393 break;
394 }
395
396 atomic_add(length, &iso_buffer_size);
397 atomic_set(&ibs->refcount, 0);
398 ibs->data_size = length;
399 memcpy(ibs->data, data, length);
400 }
401
402 atomic_inc(&ibs->refcount);
403
404 req->file_info = fi;
405 req->ibs = ibs;
406 req->data = ibs->data;
407 req->req.type = RAW1394_REQ_FCP_REQUEST;
408 req->req.generation = get_hpsb_generation(host);
409 req->req.misc = nodeid | (direction << 16);
410 req->req.recvb = ptr2int(fi->fcp_buffer);
411 req->req.length = length;
412
413 list_add_tail(&req->list, &reqs);
414 }
415 }
416 spin_unlock_irqrestore(&host_info_lock, flags);
417
418 list_for_each_entry_safe(req, req_next, &reqs, list)
419 queue_complete_req(req);
420 }
421
422 #ifdef CONFIG_COMPAT
423 struct compat_raw1394_req {
424 __u32 type;
425 __s32 error;
426 __u32 misc;
427
428 __u32 generation;
429 __u32 length;
430
431 __u64 address;
432
433 __u64 tag;
434
435 __u64 sendb;
436 __u64 recvb;
437 } __attribute__((packed));
438
439 static const char __user *raw1394_compat_write(const char __user *buf)
440 {
441 struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
442 struct raw1394_request __user *r;
443 r = compat_alloc_user_space(sizeof(struct raw1394_request));
444
445 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
446
447 if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
448 C(address) ||
449 C(tag) ||
450 C(sendb) ||
451 C(recvb))
452 return ERR_PTR(-EFAULT);
453 return (const char __user *)r;
454 }
455 #undef C
456
457 #define P(x) __put_user(r->x, &cr->x)
458
459 static int
460 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
461 {
462 struct compat_raw1394_req __user *cr = (typeof(cr)) r;
463 if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
464 P(type) ||
465 P(error) ||
466 P(misc) ||
467 P(generation) ||
468 P(length) ||
469 P(address) ||
470 P(tag) ||
471 P(sendb) ||
472 P(recvb))
473 return -EFAULT;
474 return sizeof(struct compat_raw1394_req);
475 }
476 #undef P
477
478 #endif
479
480 /* get next completed request (caller must hold fi->reqlists_lock) */
481 static inline struct pending_request *__next_complete_req(struct file_info *fi)
482 {
483 struct list_head *lh;
484 struct pending_request *req = NULL;
485
486 if (!list_empty(&fi->req_complete)) {
487 lh = fi->req_complete.next;
488 list_del(lh);
489 req = list_entry(lh, struct pending_request, list);
490 }
491 return req;
492 }
493
494 /* atomically get next completed request */
495 static struct pending_request *next_complete_req(struct file_info *fi)
496 {
497 unsigned long flags;
498 struct pending_request *req;
499
500 spin_lock_irqsave(&fi->reqlists_lock, flags);
501 req = __next_complete_req(fi);
502 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
503 return req;
504 }
505
506 static ssize_t raw1394_read(struct file *file, char __user * buffer,
507 size_t count, loff_t * offset_is_ignored)
508 {
509 struct file_info *fi = (struct file_info *)file->private_data;
510 struct pending_request *req;
511 ssize_t ret;
512
513 #ifdef CONFIG_COMPAT
514 if (count == sizeof(struct compat_raw1394_req)) {
515 /* ok */
516 } else
517 #endif
518 if (count != sizeof(struct raw1394_request)) {
519 return -EINVAL;
520 }
521
522 if (!access_ok(VERIFY_WRITE, buffer, count)) {
523 return -EFAULT;
524 }
525
526 if (file->f_flags & O_NONBLOCK) {
527 if (!(req = next_complete_req(fi)))
528 return -EAGAIN;
529 } else {
530 /*
531 * NB: We call the macro wait_event_interruptible() with a
532 * condition argument with side effect. This is only possible
533 * because the side effect does not occur until the condition
534 * became true, and wait_event_interruptible() won't evaluate
535 * the condition again after that.
536 */
537 if (wait_event_interruptible(fi->wait_complete,
538 (req = next_complete_req(fi))))
539 return -ERESTARTSYS;
540 }
541
542 if (req->req.length) {
543 if (copy_to_user(int2ptr(req->req.recvb), req->data,
544 req->req.length)) {
545 req->req.error = RAW1394_ERROR_MEMFAULT;
546 }
547 }
548
549 #ifdef CONFIG_COMPAT
550 if (count == sizeof(struct compat_raw1394_req) &&
551 sizeof(struct compat_raw1394_req) !=
552 sizeof(struct raw1394_request)) {
553 ret = raw1394_compat_read(buffer, &req->req);
554 } else
555 #endif
556 {
557 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
558 ret = -EFAULT;
559 goto out;
560 }
561 ret = (ssize_t) sizeof(struct raw1394_request);
562 }
563 out:
564 free_pending_request(req);
565 return ret;
566 }
567
568 static int state_opened(struct file_info *fi, struct pending_request *req)
569 {
570 if (req->req.type == RAW1394_REQ_INITIALIZE) {
571 switch (req->req.misc) {
572 case RAW1394_KERNELAPI_VERSION:
573 case 3:
574 fi->state = initialized;
575 fi->protocol_version = req->req.misc;
576 req->req.error = RAW1394_ERROR_NONE;
577 req->req.generation = atomic_read(&internal_generation);
578 break;
579
580 default:
581 req->req.error = RAW1394_ERROR_COMPAT;
582 req->req.misc = RAW1394_KERNELAPI_VERSION;
583 }
584 } else {
585 req->req.error = RAW1394_ERROR_STATE_ORDER;
586 }
587
588 req->req.length = 0;
589 queue_complete_req(req);
590 return sizeof(struct raw1394_request);
591 }
592
593 static int state_initialized(struct file_info *fi, struct pending_request *req)
594 {
595 unsigned long flags;
596 struct host_info *hi;
597 struct raw1394_khost_list *khl;
598
599 if (req->req.generation != atomic_read(&internal_generation)) {
600 req->req.error = RAW1394_ERROR_GENERATION;
601 req->req.generation = atomic_read(&internal_generation);
602 req->req.length = 0;
603 queue_complete_req(req);
604 return sizeof(struct raw1394_request);
605 }
606
607 switch (req->req.type) {
608 case RAW1394_REQ_LIST_CARDS:
609 spin_lock_irqsave(&host_info_lock, flags);
610 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
611
612 if (khl) {
613 req->req.misc = host_count;
614 req->data = (quadlet_t *) khl;
615
616 list_for_each_entry(hi, &host_info_list, list) {
617 khl->nodes = hi->host->node_count;
618 strcpy(khl->name, hi->host->driver->name);
619 khl++;
620 }
621 }
622 spin_unlock_irqrestore(&host_info_lock, flags);
623
624 if (khl) {
625 req->req.error = RAW1394_ERROR_NONE;
626 req->req.length = min(req->req.length,
627 (u32) (sizeof
628 (struct raw1394_khost_list)
629 * req->req.misc));
630 req->free_data = 1;
631 } else {
632 return -ENOMEM;
633 }
634 break;
635
636 case RAW1394_REQ_SET_CARD:
637 spin_lock_irqsave(&host_info_lock, flags);
638 if (req->req.misc >= host_count) {
639 req->req.error = RAW1394_ERROR_INVALID_ARG;
640 goto out_set_card;
641 }
642 list_for_each_entry(hi, &host_info_list, list)
643 if (!req->req.misc--)
644 break;
645 get_device(&hi->host->device); /* FIXME handle failure case */
646 list_add_tail(&fi->list, &hi->file_info_list);
647
648 /* prevent unloading of the host's low-level driver */
649 if (!try_module_get(hi->host->driver->owner)) {
650 req->req.error = RAW1394_ERROR_ABORTED;
651 goto out_set_card;
652 }
653 WARN_ON(fi->host);
654 fi->host = hi->host;
655 fi->state = connected;
656
657 req->req.error = RAW1394_ERROR_NONE;
658 req->req.generation = get_hpsb_generation(fi->host);
659 req->req.misc = (fi->host->node_id << 16)
660 | fi->host->node_count;
661 if (fi->protocol_version > 3)
662 req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
663 out_set_card:
664 spin_unlock_irqrestore(&host_info_lock, flags);
665
666 req->req.length = 0;
667 break;
668
669 default:
670 req->req.error = RAW1394_ERROR_STATE_ORDER;
671 req->req.length = 0;
672 break;
673 }
674
675 queue_complete_req(req);
676 return sizeof(struct raw1394_request);
677 }
678
679 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
680 {
681 int channel = req->req.misc;
682
683 if ((channel > 63) || (channel < -64)) {
684 req->req.error = RAW1394_ERROR_INVALID_ARG;
685 } else if (channel >= 0) {
686 /* allocate channel req.misc */
687 if (fi->listen_channels & (1ULL << channel)) {
688 req->req.error = RAW1394_ERROR_ALREADY;
689 } else {
690 if (hpsb_listen_channel
691 (&raw1394_highlevel, fi->host, channel)) {
692 req->req.error = RAW1394_ERROR_ALREADY;
693 } else {
694 fi->listen_channels |= 1ULL << channel;
695 fi->iso_buffer = int2ptr(req->req.recvb);
696 fi->iso_buffer_length = req->req.length;
697 }
698 }
699 } else {
700 /* deallocate channel (one's complement neg) req.misc */
701 channel = ~channel;
702
703 if (fi->listen_channels & (1ULL << channel)) {
704 hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
705 channel);
706 fi->listen_channels &= ~(1ULL << channel);
707 } else {
708 req->req.error = RAW1394_ERROR_INVALID_ARG;
709 }
710 }
711
712 req->req.length = 0;
713 queue_complete_req(req);
714 }
715
716 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
717 {
718 if (req->req.misc) {
719 if (fi->fcp_buffer) {
720 req->req.error = RAW1394_ERROR_ALREADY;
721 } else {
722 fi->fcp_buffer = int2ptr(req->req.recvb);
723 }
724 } else {
725 if (!fi->fcp_buffer) {
726 req->req.error = RAW1394_ERROR_ALREADY;
727 } else {
728 fi->fcp_buffer = NULL;
729 }
730 }
731
732 req->req.length = 0;
733 queue_complete_req(req);
734 }
735
736 static int handle_async_request(struct file_info *fi,
737 struct pending_request *req, int node)
738 {
739 unsigned long flags;
740 struct hpsb_packet *packet = NULL;
741 u64 addr = req->req.address & 0xffffffffffffULL;
742
743 switch (req->req.type) {
744 case RAW1394_REQ_ASYNC_READ:
745 DBGMSG("read_request called");
746 packet =
747 hpsb_make_readpacket(fi->host, node, addr, req->req.length);
748
749 if (!packet)
750 return -ENOMEM;
751
752 if (req->req.length == 4)
753 req->data = &packet->header[3];
754 else
755 req->data = packet->data;
756
757 break;
758
759 case RAW1394_REQ_ASYNC_WRITE:
760 DBGMSG("write_request called");
761
762 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
763 req->req.length);
764 if (!packet)
765 return -ENOMEM;
766
767 if (req->req.length == 4) {
768 if (copy_from_user
769 (&packet->header[3], int2ptr(req->req.sendb),
770 req->req.length))
771 req->req.error = RAW1394_ERROR_MEMFAULT;
772 } else {
773 if (copy_from_user
774 (packet->data, int2ptr(req->req.sendb),
775 req->req.length))
776 req->req.error = RAW1394_ERROR_MEMFAULT;
777 }
778
779 req->req.length = 0;
780 break;
781
782 case RAW1394_REQ_ASYNC_STREAM:
783 DBGMSG("stream_request called");
784
785 packet =
786 hpsb_make_streampacket(fi->host, NULL, req->req.length,
787 node & 0x3f /*channel */ ,
788 (req->req.misc >> 16) & 0x3,
789 req->req.misc & 0xf);
790 if (!packet)
791 return -ENOMEM;
792
793 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
794 req->req.length))
795 req->req.error = RAW1394_ERROR_MEMFAULT;
796
797 req->req.length = 0;
798 break;
799
800 case RAW1394_REQ_LOCK:
801 DBGMSG("lock_request called");
802 if ((req->req.misc == EXTCODE_FETCH_ADD)
803 || (req->req.misc == EXTCODE_LITTLE_ADD)) {
804 if (req->req.length != 4) {
805 req->req.error = RAW1394_ERROR_INVALID_ARG;
806 break;
807 }
808 } else {
809 if (req->req.length != 8) {
810 req->req.error = RAW1394_ERROR_INVALID_ARG;
811 break;
812 }
813 }
814
815 packet = hpsb_make_lockpacket(fi->host, node, addr,
816 req->req.misc, NULL, 0);
817 if (!packet)
818 return -ENOMEM;
819
820 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
821 req->req.length)) {
822 req->req.error = RAW1394_ERROR_MEMFAULT;
823 break;
824 }
825
826 req->data = packet->data;
827 req->req.length = 4;
828 break;
829
830 case RAW1394_REQ_LOCK64:
831 DBGMSG("lock64_request called");
832 if ((req->req.misc == EXTCODE_FETCH_ADD)
833 || (req->req.misc == EXTCODE_LITTLE_ADD)) {
834 if (req->req.length != 8) {
835 req->req.error = RAW1394_ERROR_INVALID_ARG;
836 break;
837 }
838 } else {
839 if (req->req.length != 16) {
840 req->req.error = RAW1394_ERROR_INVALID_ARG;
841 break;
842 }
843 }
844 packet = hpsb_make_lock64packet(fi->host, node, addr,
845 req->req.misc, NULL, 0);
846 if (!packet)
847 return -ENOMEM;
848
849 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
850 req->req.length)) {
851 req->req.error = RAW1394_ERROR_MEMFAULT;
852 break;
853 }
854
855 req->data = packet->data;
856 req->req.length = 8;
857 break;
858
859 default:
860 req->req.error = RAW1394_ERROR_STATE_ORDER;
861 }
862
863 req->packet = packet;
864
865 if (req->req.error) {
866 req->req.length = 0;
867 queue_complete_req(req);
868 return sizeof(struct raw1394_request);
869 }
870
871 hpsb_set_packet_complete_task(packet,
872 (void (*)(void *))queue_complete_cb, req);
873
874 spin_lock_irqsave(&fi->reqlists_lock, flags);
875 list_add_tail(&req->list, &fi->req_pending);
876 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
877
878 packet->generation = req->req.generation;
879
880 if (hpsb_send_packet(packet) < 0) {
881 req->req.error = RAW1394_ERROR_SEND_ERROR;
882 req->req.length = 0;
883 hpsb_free_tlabel(packet);
884 queue_complete_req(req);
885 }
886 return sizeof(struct raw1394_request);
887 }
888
889 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
890 int channel)
891 {
892 unsigned long flags;
893 struct hpsb_packet *packet;
894
895 packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
896 (req->req.misc >> 16) & 0x3,
897 req->req.misc & 0xf);
898 if (!packet)
899 return -ENOMEM;
900
901 packet->speed_code = req->req.address & 0x3;
902
903 req->packet = packet;
904
905 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
906 req->req.length)) {
907 req->req.error = RAW1394_ERROR_MEMFAULT;
908 req->req.length = 0;
909 queue_complete_req(req);
910 return sizeof(struct raw1394_request);
911 }
912
913 req->req.length = 0;
914 hpsb_set_packet_complete_task(packet,
915 (void (*)(void *))queue_complete_req,
916 req);
917
918 spin_lock_irqsave(&fi->reqlists_lock, flags);
919 list_add_tail(&req->list, &fi->req_pending);
920 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
921
922 /* Update the generation of the packet just before sending. */
923 packet->generation = req->req.generation;
924
925 if (hpsb_send_packet(packet) < 0) {
926 req->req.error = RAW1394_ERROR_SEND_ERROR;
927 queue_complete_req(req);
928 }
929
930 return sizeof(struct raw1394_request);
931 }
932
933 static int handle_async_send(struct file_info *fi, struct pending_request *req)
934 {
935 unsigned long flags;
936 struct hpsb_packet *packet;
937 int header_length = req->req.misc & 0xffff;
938 int expect_response = req->req.misc >> 16;
939 size_t data_size;
940
941 if (header_length > req->req.length || header_length < 12 ||
942 header_length > FIELD_SIZEOF(struct hpsb_packet, header)) {
943 req->req.error = RAW1394_ERROR_INVALID_ARG;
944 req->req.length = 0;
945 queue_complete_req(req);
946 return sizeof(struct raw1394_request);
947 }
948
949 data_size = req->req.length - header_length;
950 packet = hpsb_alloc_packet(data_size);
951 req->packet = packet;
952 if (!packet)
953 return -ENOMEM;
954
955 if (copy_from_user(packet->header, int2ptr(req->req.sendb),
956 header_length)) {
957 req->req.error = RAW1394_ERROR_MEMFAULT;
958 req->req.length = 0;
959 queue_complete_req(req);
960 return sizeof(struct raw1394_request);
961 }
962
963 if (copy_from_user
964 (packet->data, int2ptr(req->req.sendb) + header_length,
965 data_size)) {
966 req->req.error = RAW1394_ERROR_MEMFAULT;
967 req->req.length = 0;
968 queue_complete_req(req);
969 return sizeof(struct raw1394_request);
970 }
971
972 packet->type = hpsb_async;
973 packet->node_id = packet->header[0] >> 16;
974 packet->tcode = (packet->header[0] >> 4) & 0xf;
975 packet->tlabel = (packet->header[0] >> 10) & 0x3f;
976 packet->host = fi->host;
977 packet->expect_response = expect_response;
978 packet->header_size = header_length;
979 packet->data_size = data_size;
980
981 req->req.length = 0;
982 hpsb_set_packet_complete_task(packet,
983 (void (*)(void *))queue_complete_cb, req);
984
985 spin_lock_irqsave(&fi->reqlists_lock, flags);
986 list_add_tail(&req->list, &fi->req_pending);
987 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
988
989 /* Update the generation of the packet just before sending. */
990 packet->generation = req->req.generation;
991
992 if (hpsb_send_packet(packet) < 0) {
993 req->req.error = RAW1394_ERROR_SEND_ERROR;
994 queue_complete_req(req);
995 }
996
997 return sizeof(struct raw1394_request);
998 }
999
1000 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
1001 u64 addr, size_t length, u16 flags)
1002 {
1003 unsigned long irqflags;
1004 struct pending_request *req;
1005 struct host_info *hi;
1006 struct file_info *fi = NULL;
1007 struct list_head *entry;
1008 struct arm_addr *arm_addr = NULL;
1009 struct arm_request *arm_req = NULL;
1010 struct arm_response *arm_resp = NULL;
1011 int found = 0, size = 0, rcode = -1;
1012 struct arm_request_response *arm_req_resp = NULL;
1013
1014 DBGMSG("arm_read called by node: %X"
1015 "addr: %4.4x %8.8x length: %Zu", nodeid,
1016 (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1017 length);
1018 spin_lock_irqsave(&host_info_lock, irqflags);
1019 hi = find_host_info(host); /* search address-entry */
1020 if (hi != NULL) {
1021 list_for_each_entry(fi, &hi->file_info_list, list) {
1022 entry = fi->addr_list.next;
1023 while (entry != &(fi->addr_list)) {
1024 arm_addr =
1025 list_entry(entry, struct arm_addr,
1026 addr_list);
1027 if (((arm_addr->start) <= (addr))
1028 && ((arm_addr->end) >= (addr + length))) {
1029 found = 1;
1030 break;
1031 }
1032 entry = entry->next;
1033 }
1034 if (found) {
1035 break;
1036 }
1037 }
1038 }
1039 rcode = -1;
1040 if (!found) {
1041 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
1042 " -> rcode_address_error\n");
1043 spin_unlock_irqrestore(&host_info_lock, irqflags);
1044 return (RCODE_ADDRESS_ERROR);
1045 } else {
1046 DBGMSG("arm_read addr_entry FOUND");
1047 }
1048 if (arm_addr->rec_length < length) {
1049 DBGMSG("arm_read blocklength too big -> rcode_data_error");
1050 rcode = RCODE_DATA_ERROR; /* hardware error, data is unavailable */
1051 }
1052 if (rcode == -1) {
1053 if (arm_addr->access_rights & ARM_READ) {
1054 if (!(arm_addr->client_transactions & ARM_READ)) {
1055 memcpy(buffer,
1056 (arm_addr->addr_space_buffer) + (addr -
1057 (arm_addr->
1058 start)),
1059 length);
1060 DBGMSG("arm_read -> (rcode_complete)");
1061 rcode = RCODE_COMPLETE;
1062 }
1063 } else {
1064 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1065 DBGMSG("arm_read -> rcode_type_error (access denied)");
1066 }
1067 }
1068 if (arm_addr->notification_options & ARM_READ) {
1069 DBGMSG("arm_read -> entering notification-section");
1070 req = __alloc_pending_request(GFP_ATOMIC);
1071 if (!req) {
1072 DBGMSG("arm_read -> rcode_conflict_error");
1073 spin_unlock_irqrestore(&host_info_lock, irqflags);
1074 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1075 The request may be retried */
1076 }
1077 if (rcode == RCODE_COMPLETE) {
1078 size =
1079 sizeof(struct arm_request) +
1080 sizeof(struct arm_response) +
1081 length * sizeof(byte_t) +
1082 sizeof(struct arm_request_response);
1083 } else {
1084 size =
1085 sizeof(struct arm_request) +
1086 sizeof(struct arm_response) +
1087 sizeof(struct arm_request_response);
1088 }
1089 req->data = kmalloc(size, GFP_ATOMIC);
1090 if (!(req->data)) {
1091 free_pending_request(req);
1092 DBGMSG("arm_read -> rcode_conflict_error");
1093 spin_unlock_irqrestore(&host_info_lock, irqflags);
1094 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1095 The request may be retried */
1096 }
1097 req->free_data = 1;
1098 req->file_info = fi;
1099 req->req.type = RAW1394_REQ_ARM;
1100 req->req.generation = get_hpsb_generation(host);
1101 req->req.misc =
1102 (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
1103 req->req.tag = arm_addr->arm_tag;
1104 req->req.recvb = arm_addr->recvb;
1105 req->req.length = size;
1106 arm_req_resp = (struct arm_request_response *)(req->data);
1107 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1108 (sizeof
1109 (struct
1110 arm_request_response)));
1111 arm_resp =
1112 (struct arm_response *)((byte_t *) (arm_req) +
1113 (sizeof(struct arm_request)));
1114 arm_req->buffer = NULL;
1115 arm_resp->buffer = NULL;
1116 if (rcode == RCODE_COMPLETE) {
1117 byte_t *buf =
1118 (byte_t *) arm_resp + sizeof(struct arm_response);
1119 memcpy(buf,
1120 (arm_addr->addr_space_buffer) + (addr -
1121 (arm_addr->
1122 start)),
1123 length);
1124 arm_resp->buffer =
1125 int2ptr((arm_addr->recvb) +
1126 sizeof(struct arm_request_response) +
1127 sizeof(struct arm_request) +
1128 sizeof(struct arm_response));
1129 }
1130 arm_resp->buffer_length =
1131 (rcode == RCODE_COMPLETE) ? length : 0;
1132 arm_resp->response_code = rcode;
1133 arm_req->buffer_length = 0;
1134 arm_req->generation = req->req.generation;
1135 arm_req->extended_transaction_code = 0;
1136 arm_req->destination_offset = addr;
1137 arm_req->source_nodeid = nodeid;
1138 arm_req->destination_nodeid = host->node_id;
1139 arm_req->tlabel = (flags >> 10) & 0x3f;
1140 arm_req->tcode = (flags >> 4) & 0x0f;
1141 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1142 sizeof(struct
1143 arm_request_response));
1144 arm_req_resp->response =
1145 int2ptr((arm_addr->recvb) +
1146 sizeof(struct arm_request_response) +
1147 sizeof(struct arm_request));
1148 queue_complete_req(req);
1149 }
1150 spin_unlock_irqrestore(&host_info_lock, irqflags);
1151 return (rcode);
1152 }
1153
1154 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1155 quadlet_t * data, u64 addr, size_t length, u16 flags)
1156 {
1157 unsigned long irqflags;
1158 struct pending_request *req;
1159 struct host_info *hi;
1160 struct file_info *fi = NULL;
1161 struct list_head *entry;
1162 struct arm_addr *arm_addr = NULL;
1163 struct arm_request *arm_req = NULL;
1164 struct arm_response *arm_resp = NULL;
1165 int found = 0, size = 0, rcode = -1, length_conflict = 0;
1166 struct arm_request_response *arm_req_resp = NULL;
1167
1168 DBGMSG("arm_write called by node: %X"
1169 "addr: %4.4x %8.8x length: %Zu", nodeid,
1170 (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1171 length);
1172 spin_lock_irqsave(&host_info_lock, irqflags);
1173 hi = find_host_info(host); /* search address-entry */
1174 if (hi != NULL) {
1175 list_for_each_entry(fi, &hi->file_info_list, list) {
1176 entry = fi->addr_list.next;
1177 while (entry != &(fi->addr_list)) {
1178 arm_addr =
1179 list_entry(entry, struct arm_addr,
1180 addr_list);
1181 if (((arm_addr->start) <= (addr))
1182 && ((arm_addr->end) >= (addr + length))) {
1183 found = 1;
1184 break;
1185 }
1186 entry = entry->next;
1187 }
1188 if (found) {
1189 break;
1190 }
1191 }
1192 }
1193 rcode = -1;
1194 if (!found) {
1195 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1196 " -> rcode_address_error\n");
1197 spin_unlock_irqrestore(&host_info_lock, irqflags);
1198 return (RCODE_ADDRESS_ERROR);
1199 } else {
1200 DBGMSG("arm_write addr_entry FOUND");
1201 }
1202 if (arm_addr->rec_length < length) {
1203 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1204 length_conflict = 1;
1205 rcode = RCODE_DATA_ERROR; /* hardware error, data is unavailable */
1206 }
1207 if (rcode == -1) {
1208 if (arm_addr->access_rights & ARM_WRITE) {
1209 if (!(arm_addr->client_transactions & ARM_WRITE)) {
1210 memcpy((arm_addr->addr_space_buffer) +
1211 (addr - (arm_addr->start)), data,
1212 length);
1213 DBGMSG("arm_write -> (rcode_complete)");
1214 rcode = RCODE_COMPLETE;
1215 }
1216 } else {
1217 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1218 DBGMSG("arm_write -> rcode_type_error (access denied)");
1219 }
1220 }
1221 if (arm_addr->notification_options & ARM_WRITE) {
1222 DBGMSG("arm_write -> entering notification-section");
1223 req = __alloc_pending_request(GFP_ATOMIC);
1224 if (!req) {
1225 DBGMSG("arm_write -> rcode_conflict_error");
1226 spin_unlock_irqrestore(&host_info_lock, irqflags);
1227 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1228 The request my be retried */
1229 }
1230 size =
1231 sizeof(struct arm_request) + sizeof(struct arm_response) +
1232 (length) * sizeof(byte_t) +
1233 sizeof(struct arm_request_response);
1234 req->data = kmalloc(size, GFP_ATOMIC);
1235 if (!(req->data)) {
1236 free_pending_request(req);
1237 DBGMSG("arm_write -> rcode_conflict_error");
1238 spin_unlock_irqrestore(&host_info_lock, irqflags);
1239 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1240 The request may be retried */
1241 }
1242 req->free_data = 1;
1243 req->file_info = fi;
1244 req->req.type = RAW1394_REQ_ARM;
1245 req->req.generation = get_hpsb_generation(host);
1246 req->req.misc =
1247 (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1248 req->req.tag = arm_addr->arm_tag;
1249 req->req.recvb = arm_addr->recvb;
1250 req->req.length = size;
1251 arm_req_resp = (struct arm_request_response *)(req->data);
1252 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1253 (sizeof
1254 (struct
1255 arm_request_response)));
1256 arm_resp =
1257 (struct arm_response *)((byte_t *) (arm_req) +
1258 (sizeof(struct arm_request)));
1259 arm_resp->buffer = NULL;
1260 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1261 data, length);
1262 arm_req->buffer = int2ptr((arm_addr->recvb) +
1263 sizeof(struct arm_request_response) +
1264 sizeof(struct arm_request) +
1265 sizeof(struct arm_response));
1266 arm_req->buffer_length = length;
1267 arm_req->generation = req->req.generation;
1268 arm_req->extended_transaction_code = 0;
1269 arm_req->destination_offset = addr;
1270 arm_req->source_nodeid = nodeid;
1271 arm_req->destination_nodeid = destid;
1272 arm_req->tlabel = (flags >> 10) & 0x3f;
1273 arm_req->tcode = (flags >> 4) & 0x0f;
1274 arm_resp->buffer_length = 0;
1275 arm_resp->response_code = rcode;
1276 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1277 sizeof(struct
1278 arm_request_response));
1279 arm_req_resp->response =
1280 int2ptr((arm_addr->recvb) +
1281 sizeof(struct arm_request_response) +
1282 sizeof(struct arm_request));
1283 queue_complete_req(req);
1284 }
1285 spin_unlock_irqrestore(&host_info_lock, irqflags);
1286 return (rcode);
1287 }
1288
1289 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1290 u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1291 u16 flags)
1292 {
1293 unsigned long irqflags;
1294 struct pending_request *req;
1295 struct host_info *hi;
1296 struct file_info *fi = NULL;
1297 struct list_head *entry;
1298 struct arm_addr *arm_addr = NULL;
1299 struct arm_request *arm_req = NULL;
1300 struct arm_response *arm_resp = NULL;
1301 int found = 0, size = 0, rcode = -1;
1302 quadlet_t old, new;
1303 struct arm_request_response *arm_req_resp = NULL;
1304
1305 if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1306 ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1307 DBGMSG("arm_lock called by node: %X "
1308 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1309 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1310 (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1311 be32_to_cpu(data));
1312 } else {
1313 DBGMSG("arm_lock called by node: %X "
1314 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1315 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1316 (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1317 be32_to_cpu(data), be32_to_cpu(arg));
1318 }
1319 spin_lock_irqsave(&host_info_lock, irqflags);
1320 hi = find_host_info(host); /* search address-entry */
1321 if (hi != NULL) {
1322 list_for_each_entry(fi, &hi->file_info_list, list) {
1323 entry = fi->addr_list.next;
1324 while (entry != &(fi->addr_list)) {
1325 arm_addr =
1326 list_entry(entry, struct arm_addr,
1327 addr_list);
1328 if (((arm_addr->start) <= (addr))
1329 && ((arm_addr->end) >=
1330 (addr + sizeof(*store)))) {
1331 found = 1;
1332 break;
1333 }
1334 entry = entry->next;
1335 }
1336 if (found) {
1337 break;
1338 }
1339 }
1340 }
1341 rcode = -1;
1342 if (!found) {
1343 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1344 " -> rcode_address_error\n");
1345 spin_unlock_irqrestore(&host_info_lock, irqflags);
1346 return (RCODE_ADDRESS_ERROR);
1347 } else {
1348 DBGMSG("arm_lock addr_entry FOUND");
1349 }
1350 if (rcode == -1) {
1351 if (arm_addr->access_rights & ARM_LOCK) {
1352 if (!(arm_addr->client_transactions & ARM_LOCK)) {
1353 memcpy(&old,
1354 (arm_addr->addr_space_buffer) + (addr -
1355 (arm_addr->
1356 start)),
1357 sizeof(old));
1358 switch (ext_tcode) {
1359 case (EXTCODE_MASK_SWAP):
1360 new = data | (old & ~arg);
1361 break;
1362 case (EXTCODE_COMPARE_SWAP):
1363 if (old == arg) {
1364 new = data;
1365 } else {
1366 new = old;
1367 }
1368 break;
1369 case (EXTCODE_FETCH_ADD):
1370 new =
1371 cpu_to_be32(be32_to_cpu(data) +
1372 be32_to_cpu(old));
1373 break;
1374 case (EXTCODE_LITTLE_ADD):
1375 new =
1376 cpu_to_le32(le32_to_cpu(data) +
1377 le32_to_cpu(old));
1378 break;
1379 case (EXTCODE_BOUNDED_ADD):
1380 if (old != arg) {
1381 new =
1382 cpu_to_be32(be32_to_cpu
1383 (data) +
1384 be32_to_cpu
1385 (old));
1386 } else {
1387 new = old;
1388 }
1389 break;
1390 case (EXTCODE_WRAP_ADD):
1391 if (old != arg) {
1392 new =
1393 cpu_to_be32(be32_to_cpu
1394 (data) +
1395 be32_to_cpu
1396 (old));
1397 } else {
1398 new = data;
1399 }
1400 break;
1401 default:
1402 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1403 printk(KERN_ERR
1404 "raw1394: arm_lock FAILED "
1405 "ext_tcode not allowed -> rcode_type_error\n");
1406 break;
1407 } /*switch */
1408 if (rcode == -1) {
1409 DBGMSG("arm_lock -> (rcode_complete)");
1410 rcode = RCODE_COMPLETE;
1411 memcpy(store, &old, sizeof(*store));
1412 memcpy((arm_addr->addr_space_buffer) +
1413 (addr - (arm_addr->start)),
1414 &new, sizeof(*store));
1415 }
1416 }
1417 } else {
1418 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1419 DBGMSG("arm_lock -> rcode_type_error (access denied)");
1420 }
1421 }
1422 if (arm_addr->notification_options & ARM_LOCK) {
1423 byte_t *buf1, *buf2;
1424 DBGMSG("arm_lock -> entering notification-section");
1425 req = __alloc_pending_request(GFP_ATOMIC);
1426 if (!req) {
1427 DBGMSG("arm_lock -> rcode_conflict_error");
1428 spin_unlock_irqrestore(&host_info_lock, irqflags);
1429 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1430 The request may be retried */
1431 }
1432 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response); /* maximum */
1433 req->data = kmalloc(size, GFP_ATOMIC);
1434 if (!(req->data)) {
1435 free_pending_request(req);
1436 DBGMSG("arm_lock -> rcode_conflict_error");
1437 spin_unlock_irqrestore(&host_info_lock, irqflags);
1438 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1439 The request may be retried */
1440 }
1441 req->free_data = 1;
1442 arm_req_resp = (struct arm_request_response *)(req->data);
1443 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1444 (sizeof
1445 (struct
1446 arm_request_response)));
1447 arm_resp =
1448 (struct arm_response *)((byte_t *) (arm_req) +
1449 (sizeof(struct arm_request)));
1450 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1451 buf2 = buf1 + 2 * sizeof(*store);
1452 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1453 (ext_tcode == EXTCODE_LITTLE_ADD)) {
1454 arm_req->buffer_length = sizeof(*store);
1455 memcpy(buf1, &data, sizeof(*store));
1456
1457 } else {
1458 arm_req->buffer_length = 2 * sizeof(*store);
1459 memcpy(buf1, &arg, sizeof(*store));
1460 memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1461 }
1462 if (rcode == RCODE_COMPLETE) {
1463 arm_resp->buffer_length = sizeof(*store);
1464 memcpy(buf2, &old, sizeof(*store));
1465 } else {
1466 arm_resp->buffer_length = 0;
1467 }
1468 req->file_info = fi;
1469 req->req.type = RAW1394_REQ_ARM;
1470 req->req.generation = get_hpsb_generation(host);
1471 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1472 (ARM_LOCK & 0xFF));
1473 req->req.tag = arm_addr->arm_tag;
1474 req->req.recvb = arm_addr->recvb;
1475 req->req.length = size;
1476 arm_req->generation = req->req.generation;
1477 arm_req->extended_transaction_code = ext_tcode;
1478 arm_req->destination_offset = addr;
1479 arm_req->source_nodeid = nodeid;
1480 arm_req->destination_nodeid = host->node_id;
1481 arm_req->tlabel = (flags >> 10) & 0x3f;
1482 arm_req->tcode = (flags >> 4) & 0x0f;
1483 arm_resp->response_code = rcode;
1484 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1485 sizeof(struct
1486 arm_request_response));
1487 arm_req_resp->response =
1488 int2ptr((arm_addr->recvb) +
1489 sizeof(struct arm_request_response) +
1490 sizeof(struct arm_request));
1491 arm_req->buffer =
1492 int2ptr((arm_addr->recvb) +
1493 sizeof(struct arm_request_response) +
1494 sizeof(struct arm_request) +
1495 sizeof(struct arm_response));
1496 arm_resp->buffer =
1497 int2ptr((arm_addr->recvb) +
1498 sizeof(struct arm_request_response) +
1499 sizeof(struct arm_request) +
1500 sizeof(struct arm_response) + 2 * sizeof(*store));
1501 queue_complete_req(req);
1502 }
1503 spin_unlock_irqrestore(&host_info_lock, irqflags);
1504 return (rcode);
1505 }
1506
1507 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1508 u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1509 u16 flags)
1510 {
1511 unsigned long irqflags;
1512 struct pending_request *req;
1513 struct host_info *hi;
1514 struct file_info *fi = NULL;
1515 struct list_head *entry;
1516 struct arm_addr *arm_addr = NULL;
1517 struct arm_request *arm_req = NULL;
1518 struct arm_response *arm_resp = NULL;
1519 int found = 0, size = 0, rcode = -1;
1520 octlet_t old, new;
1521 struct arm_request_response *arm_req_resp = NULL;
1522
1523 if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1524 ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1525 DBGMSG("arm_lock64 called by node: %X "
1526 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1527 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1528 (u32) (addr & 0xFFFFFFFF),
1529 ext_tcode & 0xFF,
1530 (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1531 (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1532 } else {
1533 DBGMSG("arm_lock64 called by node: %X "
1534 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1535 "%8.8X %8.8X ",
1536 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1537 (u32) (addr & 0xFFFFFFFF),
1538 ext_tcode & 0xFF,
1539 (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1540 (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1541 (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1542 (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1543 }
1544 spin_lock_irqsave(&host_info_lock, irqflags);
1545 hi = find_host_info(host); /* search addressentry in file_info's for host */
1546 if (hi != NULL) {
1547 list_for_each_entry(fi, &hi->file_info_list, list) {
1548 entry = fi->addr_list.next;
1549 while (entry != &(fi->addr_list)) {
1550 arm_addr =
1551 list_entry(entry, struct arm_addr,
1552 addr_list);
1553 if (((arm_addr->start) <= (addr))
1554 && ((arm_addr->end) >=
1555 (addr + sizeof(*store)))) {
1556 found = 1;
1557 break;
1558 }
1559 entry = entry->next;
1560 }
1561 if (found) {
1562 break;
1563 }
1564 }
1565 }
1566 rcode = -1;
1567 if (!found) {
1568 printk(KERN_ERR
1569 "raw1394: arm_lock64 FAILED addr_entry not found"
1570 " -> rcode_address_error\n");
1571 spin_unlock_irqrestore(&host_info_lock, irqflags);
1572 return (RCODE_ADDRESS_ERROR);
1573 } else {
1574 DBGMSG("arm_lock64 addr_entry FOUND");
1575 }
1576 if (rcode == -1) {
1577 if (arm_addr->access_rights & ARM_LOCK) {
1578 if (!(arm_addr->client_transactions & ARM_LOCK)) {
1579 memcpy(&old,
1580 (arm_addr->addr_space_buffer) + (addr -
1581 (arm_addr->
1582 start)),
1583 sizeof(old));
1584 switch (ext_tcode) {
1585 case (EXTCODE_MASK_SWAP):
1586 new = data | (old & ~arg);
1587 break;
1588 case (EXTCODE_COMPARE_SWAP):
1589 if (old == arg) {
1590 new = data;
1591 } else {
1592 new = old;
1593 }
1594 break;
1595 case (EXTCODE_FETCH_ADD):
1596 new =
1597 cpu_to_be64(be64_to_cpu(data) +
1598 be64_to_cpu(old));
1599 break;
1600 case (EXTCODE_LITTLE_ADD):
1601 new =
1602 cpu_to_le64(le64_to_cpu(data) +
1603 le64_to_cpu(old));
1604 break;
1605 case (EXTCODE_BOUNDED_ADD):
1606 if (old != arg) {
1607 new =
1608 cpu_to_be64(be64_to_cpu
1609 (data) +
1610 be64_to_cpu
1611 (old));
1612 } else {
1613 new = old;
1614 }
1615 break;
1616 case (EXTCODE_WRAP_ADD):
1617 if (old != arg) {
1618 new =
1619 cpu_to_be64(be64_to_cpu
1620 (data) +
1621 be64_to_cpu
1622 (old));
1623 } else {
1624 new = data;
1625 }
1626 break;
1627 default:
1628 printk(KERN_ERR
1629 "raw1394: arm_lock64 FAILED "
1630 "ext_tcode not allowed -> rcode_type_error\n");
1631 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1632 break;
1633 } /*switch */
1634 if (rcode == -1) {
1635 DBGMSG
1636 ("arm_lock64 -> (rcode_complete)");
1637 rcode = RCODE_COMPLETE;
1638 memcpy(store, &old, sizeof(*store));
1639 memcpy((arm_addr->addr_space_buffer) +
1640 (addr - (arm_addr->start)),
1641 &new, sizeof(*store));
1642 }
1643 }
1644 } else {
1645 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1646 DBGMSG
1647 ("arm_lock64 -> rcode_type_error (access denied)");
1648 }
1649 }
1650 if (arm_addr->notification_options & ARM_LOCK) {
1651 byte_t *buf1, *buf2;
1652 DBGMSG("arm_lock64 -> entering notification-section");
1653 req = __alloc_pending_request(GFP_ATOMIC);
1654 if (!req) {
1655 spin_unlock_irqrestore(&host_info_lock, irqflags);
1656 DBGMSG("arm_lock64 -> rcode_conflict_error");
1657 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1658 The request may be retried */
1659 }
1660 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response); /* maximum */
1661 req->data = kmalloc(size, GFP_ATOMIC);
1662 if (!(req->data)) {
1663 free_pending_request(req);
1664 spin_unlock_irqrestore(&host_info_lock, irqflags);
1665 DBGMSG("arm_lock64 -> rcode_conflict_error");
1666 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1667 The request may be retried */
1668 }
1669 req->free_data = 1;
1670 arm_req_resp = (struct arm_request_response *)(req->data);
1671 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1672 (sizeof
1673 (struct
1674 arm_request_response)));
1675 arm_resp =
1676 (struct arm_response *)((byte_t *) (arm_req) +
1677 (sizeof(struct arm_request)));
1678 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1679 buf2 = buf1 + 2 * sizeof(*store);
1680 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1681 (ext_tcode == EXTCODE_LITTLE_ADD)) {
1682 arm_req->buffer_length = sizeof(*store);
1683 memcpy(buf1, &data, sizeof(*store));
1684
1685 } else {
1686 arm_req->buffer_length = 2 * sizeof(*store);
1687 memcpy(buf1, &arg, sizeof(*store));
1688 memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1689 }
1690 if (rcode == RCODE_COMPLETE) {
1691 arm_resp->buffer_length = sizeof(*store);
1692 memcpy(buf2, &old, sizeof(*store));
1693 } else {
1694 arm_resp->buffer_length = 0;
1695 }
1696 req->file_info = fi;
1697 req->req.type = RAW1394_REQ_ARM;
1698 req->req.generation = get_hpsb_generation(host);
1699 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1700 (ARM_LOCK & 0xFF));
1701 req->req.tag = arm_addr->arm_tag;
1702 req->req.recvb = arm_addr->recvb;
1703 req->req.length = size;
1704 arm_req->generation = req->req.generation;
1705 arm_req->extended_transaction_code = ext_tcode;
1706 arm_req->destination_offset = addr;
1707 arm_req->source_nodeid = nodeid;
1708 arm_req->destination_nodeid = host->node_id;
1709 arm_req->tlabel = (flags >> 10) & 0x3f;
1710 arm_req->tcode = (flags >> 4) & 0x0f;
1711 arm_resp->response_code = rcode;
1712 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1713 sizeof(struct
1714 arm_request_response));
1715 arm_req_resp->response =
1716 int2ptr((arm_addr->recvb) +
1717 sizeof(struct arm_request_response) +
1718 sizeof(struct arm_request));
1719 arm_req->buffer =
1720 int2ptr((arm_addr->recvb) +
1721 sizeof(struct arm_request_response) +
1722 sizeof(struct arm_request) +
1723 sizeof(struct arm_response));
1724 arm_resp->buffer =
1725 int2ptr((arm_addr->recvb) +
1726 sizeof(struct arm_request_response) +
1727 sizeof(struct arm_request) +
1728 sizeof(struct arm_response) + 2 * sizeof(*store));
1729 queue_complete_req(req);
1730 }
1731 spin_unlock_irqrestore(&host_info_lock, irqflags);
1732 return (rcode);
1733 }
1734
1735 static int arm_register(struct file_info *fi, struct pending_request *req)
1736 {
1737 int retval;
1738 struct arm_addr *addr;
1739 struct host_info *hi;
1740 struct file_info *fi_hlp = NULL;
1741 struct list_head *entry;
1742 struct arm_addr *arm_addr = NULL;
1743 int same_host, another_host;
1744 unsigned long flags;
1745
1746 DBGMSG("arm_register called "
1747 "addr(Offset): %8.8x %8.8x length: %u "
1748 "rights: %2.2X notify: %2.2X "
1749 "max_blk_len: %4.4X",
1750 (u32) ((req->req.address >> 32) & 0xFFFF),
1751 (u32) (req->req.address & 0xFFFFFFFF),
1752 req->req.length, ((req->req.misc >> 8) & 0xFF),
1753 (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1754 /* check addressrange */
1755 if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1756 (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1757 0)) {
1758 req->req.length = 0;
1759 return (-EINVAL);
1760 }
1761 /* addr-list-entry for fileinfo */
1762 addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1763 if (!addr) {
1764 req->req.length = 0;
1765 return (-ENOMEM);
1766 }
1767 /* allocation of addr_space_buffer */
1768 addr->addr_space_buffer = vmalloc(req->req.length);
1769 if (!(addr->addr_space_buffer)) {
1770 kfree(addr);
1771 req->req.length = 0;
1772 return (-ENOMEM);
1773 }
1774 /* initialization of addr_space_buffer */
1775 if ((req->req.sendb) == (unsigned long)NULL) {
1776 /* init: set 0 */
1777 memset(addr->addr_space_buffer, 0, req->req.length);
1778 } else {
1779 /* init: user -> kernel */
1780 if (copy_from_user
1781 (addr->addr_space_buffer, int2ptr(req->req.sendb),
1782 req->req.length)) {
1783 vfree(addr->addr_space_buffer);
1784 kfree(addr);
1785 return (-EFAULT);
1786 }
1787 }
1788 INIT_LIST_HEAD(&addr->addr_list);
1789 addr->arm_tag = req->req.tag;
1790 addr->start = req->req.address;
1791 addr->end = req->req.address + req->req.length;
1792 addr->access_rights = (u8) (req->req.misc & 0x0F);
1793 addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1794 addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1795 addr->access_rights |= addr->client_transactions;
1796 addr->notification_options |= addr->client_transactions;
1797 addr->recvb = req->req.recvb;
1798 addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1799
1800 spin_lock_irqsave(&host_info_lock, flags);
1801 hi = find_host_info(fi->host);
1802 same_host = 0;
1803 another_host = 0;
1804 /* same host with address-entry containing same addressrange ? */
1805 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1806 entry = fi_hlp->addr_list.next;
1807 while (entry != &(fi_hlp->addr_list)) {
1808 arm_addr =
1809 list_entry(entry, struct arm_addr, addr_list);
1810 if ((arm_addr->start == addr->start)
1811 && (arm_addr->end == addr->end)) {
1812 DBGMSG("same host ownes same "
1813 "addressrange -> EALREADY");
1814 same_host = 1;
1815 break;
1816 }
1817 entry = entry->next;
1818 }
1819 if (same_host) {
1820 break;
1821 }
1822 }
1823 if (same_host) {
1824 /* addressrange occupied by same host */
1825 spin_unlock_irqrestore(&host_info_lock, flags);
1826 vfree(addr->addr_space_buffer);
1827 kfree(addr);
1828 return (-EALREADY);
1829 }
1830 /* another host with valid address-entry containing same addressrange */
1831 list_for_each_entry(hi, &host_info_list, list) {
1832 if (hi->host != fi->host) {
1833 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1834 entry = fi_hlp->addr_list.next;
1835 while (entry != &(fi_hlp->addr_list)) {
1836 arm_addr =
1837 list_entry(entry, struct arm_addr,
1838 addr_list);
1839 if ((arm_addr->start == addr->start)
1840 && (arm_addr->end == addr->end)) {
1841 DBGMSG
1842 ("another host ownes same "
1843 "addressrange");
1844 another_host = 1;
1845 break;
1846 }
1847 entry = entry->next;
1848 }
1849 if (another_host) {
1850 break;
1851 }
1852 }
1853 }
1854 }
1855 spin_unlock_irqrestore(&host_info_lock, flags);
1856
1857 if (another_host) {
1858 DBGMSG("another hosts entry is valid -> SUCCESS");
1859 if (copy_to_user(int2ptr(req->req.recvb),
1860 &addr->start, sizeof(u64))) {
1861 printk(KERN_ERR "raw1394: arm_register failed "
1862 " address-range-entry is invalid -> EFAULT !!!\n");
1863 vfree(addr->addr_space_buffer);
1864 kfree(addr);
1865 return (-EFAULT);
1866 }
1867 free_pending_request(req); /* immediate success or fail */
1868 /* INSERT ENTRY */
1869 spin_lock_irqsave(&host_info_lock, flags);
1870 list_add_tail(&addr->addr_list, &fi->addr_list);
1871 spin_unlock_irqrestore(&host_info_lock, flags);
1872 return sizeof(struct raw1394_request);
1873 }
1874 retval =
1875 hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1876 req->req.address,
1877 req->req.address + req->req.length);
1878 if (retval) {
1879 /* INSERT ENTRY */
1880 spin_lock_irqsave(&host_info_lock, flags);
1881 list_add_tail(&addr->addr_list, &fi->addr_list);
1882 spin_unlock_irqrestore(&host_info_lock, flags);
1883 } else {
1884 DBGMSG("arm_register failed errno: %d \n", retval);
1885 vfree(addr->addr_space_buffer);
1886 kfree(addr);
1887 return (-EALREADY);
1888 }
1889 free_pending_request(req); /* immediate success or fail */
1890 return sizeof(struct raw1394_request);
1891 }
1892
1893 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1894 {
1895 int found = 0;
1896 int retval = 0;
1897 struct list_head *entry;
1898 struct arm_addr *addr = NULL;
1899 struct host_info *hi;
1900 struct file_info *fi_hlp = NULL;
1901 struct arm_addr *arm_addr = NULL;
1902 int another_host;
1903 unsigned long flags;
1904
1905 DBGMSG("arm_Unregister called addr(Offset): "
1906 "%8.8x %8.8x",
1907 (u32) ((req->req.address >> 32) & 0xFFFF),
1908 (u32) (req->req.address & 0xFFFFFFFF));
1909 spin_lock_irqsave(&host_info_lock, flags);
1910 /* get addr */
1911 entry = fi->addr_list.next;
1912 while (entry != &(fi->addr_list)) {
1913 addr = list_entry(entry, struct arm_addr, addr_list);
1914 if (addr->start == req->req.address) {
1915 found = 1;
1916 break;
1917 }
1918 entry = entry->next;
1919 }
1920 if (!found) {
1921 DBGMSG("arm_Unregister addr not found");
1922 spin_unlock_irqrestore(&host_info_lock, flags);
1923 return (-EINVAL);
1924 }
1925 DBGMSG("arm_Unregister addr found");
1926 another_host = 0;
1927 /* another host with valid address-entry containing
1928 same addressrange */
1929 list_for_each_entry(hi, &host_info_list, list) {
1930 if (hi->host != fi->host) {
1931 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1932 entry = fi_hlp->addr_list.next;
1933 while (entry != &(fi_hlp->addr_list)) {
1934 arm_addr = list_entry(entry,
1935 struct arm_addr,
1936 addr_list);
1937 if (arm_addr->start == addr->start) {
1938 DBGMSG("another host ownes "
1939 "same addressrange");
1940 another_host = 1;
1941 break;
1942 }
1943 entry = entry->next;
1944 }
1945 if (another_host) {
1946 break;
1947 }
1948 }
1949 }
1950 }
1951 if (another_host) {
1952 DBGMSG("delete entry from list -> success");
1953 list_del(&addr->addr_list);
1954 spin_unlock_irqrestore(&host_info_lock, flags);
1955 vfree(addr->addr_space_buffer);
1956 kfree(addr);
1957 free_pending_request(req); /* immediate success or fail */
1958 return sizeof(struct raw1394_request);
1959 }
1960 retval =
1961 hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1962 addr->start);
1963 if (!retval) {
1964 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1965 spin_unlock_irqrestore(&host_info_lock, flags);
1966 return (-EINVAL);
1967 }
1968 DBGMSG("delete entry from list -> success");
1969 list_del(&addr->addr_list);
1970 spin_unlock_irqrestore(&host_info_lock, flags);
1971 vfree(addr->addr_space_buffer);
1972 kfree(addr);
1973 free_pending_request(req); /* immediate success or fail */
1974 return sizeof(struct raw1394_request);
1975 }
1976
1977 /* Copy data from ARM buffer(s) to user buffer. */
1978 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1979 {
1980 struct arm_addr *arm_addr = NULL;
1981 unsigned long flags;
1982 unsigned long offset;
1983
1984 struct list_head *entry;
1985
1986 DBGMSG("arm_get_buf "
1987 "addr(Offset): %04X %08X length: %u",
1988 (u32) ((req->req.address >> 32) & 0xFFFF),
1989 (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1990
1991 spin_lock_irqsave(&host_info_lock, flags);
1992 entry = fi->addr_list.next;
1993 while (entry != &(fi->addr_list)) {
1994 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1995 if ((arm_addr->start <= req->req.address) &&
1996 (arm_addr->end > req->req.address)) {
1997 if (req->req.address + req->req.length <= arm_addr->end) {
1998 offset = req->req.address - arm_addr->start;
1999 spin_unlock_irqrestore(&host_info_lock, flags);
2000
2001 DBGMSG
2002 ("arm_get_buf copy_to_user( %08X, %p, %u )",
2003 (u32) req->req.recvb,
2004 arm_addr->addr_space_buffer + offset,
2005 (u32) req->req.length);
2006 if (copy_to_user
2007 (int2ptr(req->req.recvb),
2008 arm_addr->addr_space_buffer + offset,
2009 req->req.length))
2010 return (-EFAULT);
2011
2012 /* We have to free the request, because we
2013 * queue no response, and therefore nobody
2014 * will free it. */
2015 free_pending_request(req);
2016 return sizeof(struct raw1394_request);
2017 } else {
2018 DBGMSG("arm_get_buf request exceeded mapping");
2019 spin_unlock_irqrestore(&host_info_lock, flags);
2020 return (-EINVAL);
2021 }
2022 }
2023 entry = entry->next;
2024 }
2025 spin_unlock_irqrestore(&host_info_lock, flags);
2026 return (-EINVAL);
2027 }
2028
2029 /* Copy data from user buffer to ARM buffer(s). */
2030 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
2031 {
2032 struct arm_addr *arm_addr = NULL;
2033 unsigned long flags;
2034 unsigned long offset;
2035
2036 struct list_head *entry;
2037
2038 DBGMSG("arm_set_buf "
2039 "addr(Offset): %04X %08X length: %u",
2040 (u32) ((req->req.address >> 32) & 0xFFFF),
2041 (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
2042
2043 spin_lock_irqsave(&host_info_lock, flags);
2044 entry = fi->addr_list.next;
2045 while (entry != &(fi->addr_list)) {
2046 arm_addr = list_entry(entry, struct arm_addr, addr_list);
2047 if ((arm_addr->start <= req->req.address) &&
2048 (arm_addr->end > req->req.address)) {
2049 if (req->req.address + req->req.length <= arm_addr->end) {
2050 offset = req->req.address - arm_addr->start;
2051 spin_unlock_irqrestore(&host_info_lock, flags);
2052
2053 DBGMSG
2054 ("arm_set_buf copy_from_user( %p, %08X, %u )",
2055 arm_addr->addr_space_buffer + offset,
2056 (u32) req->req.sendb,
2057 (u32) req->req.length);
2058 if (copy_from_user
2059 (arm_addr->addr_space_buffer + offset,
2060 int2ptr(req->req.sendb),
2061 req->req.length))
2062 return (-EFAULT);
2063
2064 /* We have to free the request, because we
2065 * queue no response, and therefore nobody
2066 * will free it. */
2067 free_pending_request(req);
2068 return sizeof(struct raw1394_request);
2069 } else {
2070 DBGMSG("arm_set_buf request exceeded mapping");
2071 spin_unlock_irqrestore(&host_info_lock, flags);
2072 return (-EINVAL);
2073 }
2074 }
2075 entry = entry->next;
2076 }
2077 spin_unlock_irqrestore(&host_info_lock, flags);
2078 return (-EINVAL);
2079 }
2080
2081 static int reset_notification(struct file_info *fi, struct pending_request *req)
2082 {
2083 DBGMSG("reset_notification called - switch %s ",
2084 (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
2085 if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
2086 (req->req.misc == RAW1394_NOTIFY_ON)) {
2087 fi->notification = (u8) req->req.misc;
2088 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2089 return sizeof(struct raw1394_request);
2090 }
2091 /* error EINVAL (22) invalid argument */
2092 return (-EINVAL);
2093 }
2094
2095 static int write_phypacket(struct file_info *fi, struct pending_request *req)
2096 {
2097 struct hpsb_packet *packet = NULL;
2098 int retval = 0;
2099 quadlet_t data;
2100 unsigned long flags;
2101
2102 data = be32_to_cpu((u32) req->req.sendb);
2103 DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
2104 packet = hpsb_make_phypacket(fi->host, data);
2105 if (!packet)
2106 return -ENOMEM;
2107 req->req.length = 0;
2108 req->packet = packet;
2109 hpsb_set_packet_complete_task(packet,
2110 (void (*)(void *))queue_complete_cb, req);
2111 spin_lock_irqsave(&fi->reqlists_lock, flags);
2112 list_add_tail(&req->list, &fi->req_pending);
2113 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2114 packet->generation = req->req.generation;
2115 retval = hpsb_send_packet(packet);
2116 DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2117 if (retval < 0) {
2118 req->req.error = RAW1394_ERROR_SEND_ERROR;
2119 req->req.length = 0;
2120 queue_complete_req(req);
2121 }
2122 return sizeof(struct raw1394_request);
2123 }
2124
2125 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2126 {
2127 int ret = sizeof(struct raw1394_request);
2128 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2129 int status;
2130
2131 if (!data)
2132 return -ENOMEM;
2133
2134 status =
2135 csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2136 data, req->req.length);
2137 if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2138 ret = -EFAULT;
2139 if (copy_to_user
2140 (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2141 sizeof(fi->host->csr.rom->cache_head->len)))
2142 ret = -EFAULT;
2143 if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2144 sizeof(fi->host->csr.generation)))
2145 ret = -EFAULT;
2146 if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2147 ret = -EFAULT;
2148 kfree(data);
2149 if (ret >= 0) {
2150 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2151 }
2152 return ret;
2153 }
2154
2155 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2156 {
2157 int ret = sizeof(struct raw1394_request);
2158 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2159 if (!data)
2160 return -ENOMEM;
2161 if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2162 ret = -EFAULT;
2163 } else {
2164 int status = hpsb_update_config_rom(fi->host,
2165 data, req->req.length,
2166 (unsigned char)req->req.
2167 misc);
2168 if (copy_to_user
2169 (int2ptr(req->req.recvb), &status, sizeof(status)))
2170 ret = -ENOMEM;
2171 }
2172 kfree(data);
2173 if (ret >= 0) {
2174 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2175 fi->cfgrom_upd = 1;
2176 }
2177 return ret;
2178 }
2179
2180 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2181 {
2182 struct csr1212_keyval *kv;
2183 struct csr1212_csr_rom_cache *cache;
2184 struct csr1212_dentry *dentry;
2185 u32 dr;
2186 int ret = 0;
2187
2188 if (req->req.misc == ~0) {
2189 if (req->req.length == 0)
2190 return -EINVAL;
2191
2192 /* Find an unused slot */
2193 for (dr = 0;
2194 dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2195 dr++) ;
2196
2197 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2198 return -ENOMEM;
2199
2200 fi->csr1212_dirs[dr] =
2201 csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2202 if (!fi->csr1212_dirs[dr])
2203 return -ENOMEM;
2204 } else {
2205 dr = req->req.misc;
2206 if (!fi->csr1212_dirs[dr])
2207 return -EINVAL;
2208
2209 /* Delete old stuff */
2210 for (dentry =
2211 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2212 dentry; dentry = dentry->next) {
2213 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2214 root_kv,
2215 dentry->kv);
2216 }
2217
2218 if (req->req.length == 0) {
2219 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2220 fi->csr1212_dirs[dr] = NULL;
2221
2222 hpsb_update_config_rom_image(fi->host);
2223 free_pending_request(req);
2224 return sizeof(struct raw1394_request);
2225 }
2226 }
2227
2228 cache = csr1212_rom_cache_malloc(0, req->req.length);
2229 if (!cache) {
2230 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2231 fi->csr1212_dirs[dr] = NULL;
2232 return -ENOMEM;
2233 }
2234
2235 cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2236 if (!cache->filled_head) {
2237 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2238 fi->csr1212_dirs[dr] = NULL;
2239 CSR1212_FREE(cache);
2240 return -ENOMEM;
2241 }
2242 cache->filled_tail = cache->filled_head;
2243
2244 if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2245 req->req.length)) {
2246 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2247 fi->csr1212_dirs[dr] = NULL;
2248 ret = -EFAULT;
2249 } else {
2250 cache->len = req->req.length;
2251 cache->filled_head->offset_start = 0;
2252 cache->filled_head->offset_end = cache->size - 1;
2253
2254 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2255
2256 ret = CSR1212_SUCCESS;
2257 /* parse all the items */
2258 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2259 kv = kv->next) {
2260 ret = csr1212_parse_keyval(kv, cache);
2261 }
2262
2263 /* attach top level items to the root directory */
2264 for (dentry =
2265 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2266 ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2267 ret =
2268 csr1212_attach_keyval_to_directory(fi->host->csr.
2269 rom->root_kv,
2270 dentry->kv);
2271 }
2272
2273 if (ret == CSR1212_SUCCESS) {
2274 ret = hpsb_update_config_rom_image(fi->host);
2275
2276 if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2277 &dr, sizeof(dr))) {
2278 ret = -ENOMEM;
2279 }
2280 }
2281 }
2282 kfree(cache->filled_head);
2283 CSR1212_FREE(cache);
2284
2285 if (ret >= 0) {
2286 /* we have to free the request, because we queue no response,
2287 * and therefore nobody will free it */
2288 free_pending_request(req);
2289 return sizeof(struct raw1394_request);
2290 } else {
2291 for (dentry =
2292 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2293 dentry; dentry = dentry->next) {
2294 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2295 root_kv,
2296 dentry->kv);
2297 }
2298 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2299 fi->csr1212_dirs[dr] = NULL;
2300 return ret;
2301 }
2302 }
2303
2304 static int state_connected(struct file_info *fi, struct pending_request *req)
2305 {
2306 int node = req->req.address >> 48;
2307
2308 req->req.error = RAW1394_ERROR_NONE;
2309
2310 switch (req->req.type) {
2311
2312 case RAW1394_REQ_ECHO:
2313 queue_complete_req(req);
2314 return sizeof(struct raw1394_request);
2315
2316 case RAW1394_REQ_ISO_SEND:
2317 print_old_iso_deprecation();
2318 return handle_iso_send(fi, req, node);
2319
2320 case RAW1394_REQ_ARM_REGISTER:
2321 return arm_register(fi, req);
2322
2323 case RAW1394_REQ_ARM_UNREGISTER:
2324 return arm_unregister(fi, req);
2325
2326 case RAW1394_REQ_ARM_SET_BUF:
2327 return arm_set_buf(fi, req);
2328
2329 case RAW1394_REQ_ARM_GET_BUF:
2330 return arm_get_buf(fi, req);
2331
2332 case RAW1394_REQ_RESET_NOTIFY:
2333 return reset_notification(fi, req);
2334
2335 case RAW1394_REQ_ISO_LISTEN:
2336 print_old_iso_deprecation();
2337 handle_iso_listen(fi, req);
2338 return sizeof(struct raw1394_request);
2339
2340 case RAW1394_REQ_FCP_LISTEN:
2341 handle_fcp_listen(fi, req);
2342 return sizeof(struct raw1394_request);
2343
2344 case RAW1394_REQ_RESET_BUS:
2345 if (req->req.misc == RAW1394_LONG_RESET) {
2346 DBGMSG("busreset called (type: LONG)");
2347 hpsb_reset_bus(fi->host, LONG_RESET);
2348 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2349 return sizeof(struct raw1394_request);
2350 }
2351 if (req->req.misc == RAW1394_SHORT_RESET) {
2352 DBGMSG("busreset called (type: SHORT)");
2353 hpsb_reset_bus(fi->host, SHORT_RESET);
2354 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2355 return sizeof(struct raw1394_request);
2356 }
2357 /* error EINVAL (22) invalid argument */
2358 return (-EINVAL);
2359 case RAW1394_REQ_GET_ROM:
2360 return get_config_rom(fi, req);
2361
2362 case RAW1394_REQ_UPDATE_ROM:
2363 return update_config_rom(fi, req);
2364
2365 case RAW1394_REQ_MODIFY_ROM:
2366 return modify_config_rom(fi, req);
2367 }
2368
2369 if (req->req.generation != get_hpsb_generation(fi->host)) {
2370 req->req.error = RAW1394_ERROR_GENERATION;
2371 req->req.generation = get_hpsb_generation(fi->host);
2372 req->req.length = 0;
2373 queue_complete_req(req);
2374 return sizeof(struct raw1394_request);
2375 }
2376
2377 switch (req->req.type) {
2378 case RAW1394_REQ_PHYPACKET:
2379 return write_phypacket(fi, req);
2380 case RAW1394_REQ_ASYNC_SEND:
2381 return handle_async_send(fi, req);
2382 }
2383
2384 if (req->req.length == 0) {
2385 req->req.error = RAW1394_ERROR_INVALID_ARG;
2386 queue_complete_req(req);
2387 return sizeof(struct raw1394_request);
2388 }
2389
2390 return handle_async_request(fi, req, node);
2391 }
2392
2393 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2394 size_t count, loff_t * offset_is_ignored)
2395 {
2396 struct file_info *fi = (struct file_info *)file->private_data;
2397 struct pending_request *req;
2398 ssize_t retval = 0;
2399
2400 #ifdef CONFIG_COMPAT
2401 if (count == sizeof(struct compat_raw1394_req) &&
2402 sizeof(struct compat_raw1394_req) !=
2403 sizeof(struct raw1394_request)) {
2404 buffer = raw1394_compat_write(buffer);
2405 if (IS_ERR(buffer))
2406 return PTR_ERR(buffer);
2407 } else
2408 #endif
2409 if (count != sizeof(struct raw1394_request)) {
2410 return -EINVAL;
2411 }
2412
2413 req = alloc_pending_request();
2414 if (req == NULL) {
2415 return -ENOMEM;
2416 }
2417 req->file_info = fi;
2418
2419 if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2420 free_pending_request(req);
2421 return -EFAULT;
2422 }
2423
2424 switch (fi->state) {
2425 case opened:
2426 retval = state_opened(fi, req);
2427 break;
2428
2429 case initialized:
2430 retval = state_initialized(fi, req);
2431 break;
2432
2433 case connected:
2434 retval = state_connected(fi, req);
2435 break;
2436 }
2437
2438 if (retval < 0) {
2439 free_pending_request(req);
2440 }
2441
2442 return retval;
2443 }
2444
2445 /* rawiso operations */
2446
2447 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2448 * completion queue (reqlists_lock must be taken) */
2449 static inline int __rawiso_event_in_queue(struct file_info *fi)
2450 {
2451 struct pending_request *req;
2452
2453 list_for_each_entry(req, &fi->req_complete, list)
2454 if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2455 return 1;
2456
2457 return 0;
2458 }
2459
2460 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2461 static void queue_rawiso_event(struct file_info *fi)
2462 {
2463 unsigned long flags;
2464
2465 spin_lock_irqsave(&fi->reqlists_lock, flags);
2466
2467 /* only one ISO activity event may be in the queue */
2468 if (!__rawiso_event_in_queue(fi)) {
2469 struct pending_request *req =
2470 __alloc_pending_request(GFP_ATOMIC);
2471
2472 if (req) {
2473 req->file_info = fi;
2474 req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2475 req->req.generation = get_hpsb_generation(fi->host);
2476 __queue_complete_req(req);
2477 } else {
2478 /* on allocation failure, signal an overflow */
2479 if (fi->iso_handle) {
2480 atomic_inc(&fi->iso_handle->overflows);
2481 }
2482 }
2483 }
2484 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2485 }
2486
2487 static void rawiso_activity_cb(struct hpsb_iso *iso)
2488 {
2489 unsigned long flags;
2490 struct host_info *hi;
2491 struct file_info *fi;
2492
2493 spin_lock_irqsave(&host_info_lock, flags);
2494 hi = find_host_info(iso->host);
2495
2496 if (hi != NULL) {
2497 list_for_each_entry(fi, &hi->file_info_list, list) {
2498 if (fi->iso_handle == iso)
2499 queue_rawiso_event(fi);
2500 }
2501 }
2502
2503 spin_unlock_irqrestore(&host_info_lock, flags);
2504 }
2505
2506 /* helper function - gather all the kernel iso status bits for returning to user-space */
2507 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2508 struct raw1394_iso_status *stat)
2509 {
2510 stat->config.data_buf_size = iso->buf_size;
2511 stat->config.buf_packets = iso->buf_packets;
2512 stat->config.channel = iso->channel;
2513 stat->config.speed = iso->speed;
2514 stat->config.irq_interval = iso->irq_interval;
2515 stat->n_packets = hpsb_iso_n_ready(iso);
2516 stat->overflows = atomic_read(&iso->overflows);
2517 stat->xmit_cycle = iso->xmit_cycle;
2518 }
2519
2520 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2521 {
2522 struct raw1394_iso_status stat;
2523
2524 if (!fi->host)
2525 return -EINVAL;
2526
2527 if (copy_from_user(&stat, uaddr, sizeof(stat)))
2528 return -EFAULT;
2529
2530 fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2531 stat.config.data_buf_size,
2532 stat.config.buf_packets,
2533 stat.config.channel,
2534 stat.config.speed,
2535 stat.config.irq_interval,
2536 rawiso_activity_cb);
2537 if (!fi->iso_handle)
2538 return -ENOMEM;
2539
2540 fi->iso_state = RAW1394_ISO_XMIT;
2541
2542 raw1394_iso_fill_status(fi->iso_handle, &stat);
2543 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2544 return -EFAULT;
2545
2546 /* queue an event to get things started */
2547 rawiso_activity_cb(fi->iso_handle);
2548
2549 return 0;
2550 }
2551
2552 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2553 {
2554 struct raw1394_iso_status stat;
2555
2556 if (!fi->host)
2557 return -EINVAL;
2558
2559 if (copy_from_user(&stat, uaddr, sizeof(stat)))
2560 return -EFAULT;
2561
2562 fi->iso_handle = hpsb_iso_recv_init(fi->host,
2563 stat.config.data_buf_size,
2564 stat.config.buf_packets,
2565 stat.config.channel,
2566 stat.config.dma_mode,
2567 stat.config.irq_interval,
2568 rawiso_activity_cb);
2569 if (!fi->iso_handle)
2570 return -ENOMEM;
2571
2572 fi->iso_state = RAW1394_ISO_RECV;
2573
2574 raw1394_iso_fill_status(fi->iso_handle, &stat);
2575 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2576 return -EFAULT;
2577 return 0;
2578 }
2579
2580 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2581 {
2582 struct raw1394_iso_status stat;
2583 struct hpsb_iso *iso = fi->iso_handle;
2584
2585 raw1394_iso_fill_status(fi->iso_handle, &stat);
2586 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2587 return -EFAULT;
2588
2589 /* reset overflow counter */
2590 atomic_set(&iso->overflows, 0);
2591
2592 return 0;
2593 }
2594
2595 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2596 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2597 {
2598 struct raw1394_iso_packets upackets;
2599 unsigned int packet = fi->iso_handle->first_packet;
2600 int i;
2601
2602 if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2603 return -EFAULT;
2604
2605 if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2606 return -EINVAL;
2607
2608 /* ensure user-supplied buffer is accessible and big enough */
2609 if (!access_ok(VERIFY_WRITE, upackets.infos,
2610 upackets.n_packets *
2611 sizeof(struct raw1394_iso_packet_info)))
2612 return -EFAULT;
2613
2614 /* copy the packet_infos out */
2615 for (i = 0; i < upackets.n_packets; i++) {
2616 if (__copy_to_user(&upackets.infos[i],
2617 &fi->iso_handle->infos[packet],
2618 sizeof(struct raw1394_iso_packet_info)))
2619 return -EFAULT;
2620
2621 packet = (packet + 1) % fi->iso_handle->buf_packets;
2622 }
2623
2624 return 0;
2625 }
2626
2627 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2628 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2629 {
2630 struct raw1394_iso_packets upackets;
2631 int i, rv;
2632
2633 if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2634 return -EFAULT;
2635
2636 if (upackets.n_packets >= fi->iso_handle->buf_packets)
2637 return -EINVAL;
2638
2639 if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2640 return -EAGAIN;
2641
2642 /* ensure user-supplied buffer is accessible and big enough */
2643 if (!access_ok(VERIFY_READ, upackets.infos,
2644 upackets.n_packets *
2645 sizeof(struct raw1394_iso_packet_info)))
2646 return -EFAULT;
2647
2648 /* copy the infos structs in and queue the packets */
2649 for (i = 0; i < upackets.n_packets; i++) {
2650 struct raw1394_iso_packet_info info;
2651
2652 if (__copy_from_user(&info, &upackets.infos[i],
2653 sizeof(struct raw1394_iso_packet_info)))
2654 return -EFAULT;
2655
2656 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2657 info.len, info.tag, info.sy);
2658 if (rv)
2659 return rv;
2660 }
2661
2662 return 0;
2663 }
2664
2665 static void raw1394_iso_shutdown(struct file_info *fi)
2666 {
2667 if (fi->iso_handle)
2668 hpsb_iso_shutdown(fi->iso_handle);
2669
2670 fi->iso_handle = NULL;
2671 fi->iso_state = RAW1394_ISO_INACTIVE;
2672 }
2673
2674 static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2675 {
2676 struct raw1394_cycle_timer ct;
2677 int err;
2678
2679 err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2680 if (!err)
2681 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2682 err = -EFAULT;
2683 return err;
2684 }
2685
2686 /* mmap the rawiso xmit/recv buffer */
2687 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2688 {
2689 struct file_info *fi = file->private_data;
2690
2691 if (fi->iso_state == RAW1394_ISO_INACTIVE)
2692 return -EINVAL;
2693
2694 return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2695 }
2696
2697 /* ioctl is only used for rawiso operations */
2698 static int raw1394_ioctl(struct inode *inode, struct file *file,
2699 unsigned int cmd, unsigned long arg)
2700 {
2701 struct file_info *fi = file->private_data;
2702 void __user *argp = (void __user *)arg;
2703
2704 switch (fi->iso_state) {
2705 case RAW1394_ISO_INACTIVE:
2706 switch (cmd) {
2707 case RAW1394_IOC_ISO_XMIT_INIT:
2708 return raw1394_iso_xmit_init(fi, argp);
2709 case RAW1394_IOC_ISO_RECV_INIT:
2710 return raw1394_iso_recv_init(fi, argp);
2711 default:
2712 break;
2713 }
2714 break;
2715 case RAW1394_ISO_RECV:
2716 switch (cmd) {
2717 case RAW1394_IOC_ISO_RECV_START:{
2718 /* copy args from user-space */
2719 int args[3];
2720 if (copy_from_user
2721 (&args[0], argp, sizeof(args)))
2722 return -EFAULT;
2723 return hpsb_iso_recv_start(fi->iso_handle,
2724 args[0], args[1],
2725 args[2]);
2726 }
2727 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2728 hpsb_iso_stop(fi->iso_handle);
2729 return 0;
2730 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2731 return hpsb_iso_recv_listen_channel(fi->iso_handle,
2732 arg);
2733 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2734 return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2735 arg);
2736 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2737 /* copy the u64 from user-space */
2738 u64 mask;
2739 if (copy_from_user(&mask, argp, sizeof(mask)))
2740 return -EFAULT;
2741 return hpsb_iso_recv_set_channel_mask(fi->
2742 iso_handle,
2743 mask);
2744 }
2745 case RAW1394_IOC_ISO_GET_STATUS:
2746 return raw1394_iso_get_status(fi, argp);
2747 case RAW1394_IOC_ISO_RECV_PACKETS:
2748 return raw1394_iso_recv_packets(fi, argp);
2749 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2750 return hpsb_iso_recv_release_packets(fi->iso_handle,
2751 arg);
2752 case RAW1394_IOC_ISO_RECV_FLUSH:
2753 return hpsb_iso_recv_flush(fi->iso_handle);
2754 case RAW1394_IOC_ISO_SHUTDOWN:
2755 raw1394_iso_shutdown(fi);
2756 return 0;
2757 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2758 queue_rawiso_event(fi);
2759 return 0;
2760 }
2761 break;
2762 case RAW1394_ISO_XMIT:
2763 switch (cmd) {
2764 case RAW1394_IOC_ISO_XMIT_START:{
2765 /* copy two ints from user-space */
2766 int args[2];
2767 if (copy_from_user
2768 (&args[0], argp, sizeof(args)))
2769 return -EFAULT;
2770 return hpsb_iso_xmit_start(fi->iso_handle,
2771 args[0], args[1]);
2772 }
2773 case RAW1394_IOC_ISO_XMIT_SYNC:
2774 return hpsb_iso_xmit_sync(fi->iso_handle);
2775 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2776 hpsb_iso_stop(fi->iso_handle);
2777 return 0;
2778 case RAW1394_IOC_ISO_GET_STATUS:
2779 return raw1394_iso_get_status(fi, argp);
2780 case RAW1394_IOC_ISO_XMIT_PACKETS:
2781 return raw1394_iso_send_packets(fi, argp);
2782 case RAW1394_IOC_ISO_SHUTDOWN:
2783 raw1394_iso_shutdown(fi);
2784 return 0;
2785 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2786 queue_rawiso_event(fi);
2787 return 0;
2788 }
2789 break;
2790 default:
2791 break;
2792 }
2793
2794 /* state-independent commands */
2795 switch(cmd) {
2796 case RAW1394_IOC_GET_CYCLE_TIMER:
2797 return raw1394_read_cycle_timer(fi, argp);
2798 default:
2799 break;
2800 }
2801
2802 return -EINVAL;
2803 }
2804
2805 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2806 {
2807 struct file_info *fi = file->private_data;
2808 unsigned int mask = POLLOUT | POLLWRNORM;
2809 unsigned long flags;
2810
2811 poll_wait(file, &fi->wait_complete, pt);
2812
2813 spin_lock_irqsave(&fi->reqlists_lock, flags);
2814 if (!list_empty(&fi->req_complete)) {
2815 mask |= POLLIN | POLLRDNORM;
2816 }
2817 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2818
2819 return mask;
2820 }
2821
2822 static int raw1394_open(struct inode *inode, struct file *file)
2823 {
2824 struct file_info *fi;
2825
2826 fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2827 if (!fi)
2828 return -ENOMEM;
2829
2830 fi->notification = (u8) RAW1394_NOTIFY_ON; /* busreset notification */
2831
2832 INIT_LIST_HEAD(&fi->list);
2833 fi->state = opened;
2834 INIT_LIST_HEAD(&fi->req_pending);
2835 INIT_LIST_HEAD(&fi->req_complete);
2836 spin_lock_init(&fi->reqlists_lock);
2837 init_waitqueue_head(&fi->wait_complete);
2838 INIT_LIST_HEAD(&fi->addr_list);
2839
2840 file->private_data = fi;
2841
2842 return 0;
2843 }
2844
2845 static int raw1394_release(struct inode *inode, struct file *file)
2846 {
2847 struct file_info *fi = file->private_data;
2848 struct list_head *lh;
2849 struct pending_request *req;
2850 int i, fail;
2851 int retval = 0;
2852 struct list_head *entry;
2853 struct arm_addr *addr = NULL;
2854 struct host_info *hi;
2855 struct file_info *fi_hlp = NULL;
2856 struct arm_addr *arm_addr = NULL;
2857 int another_host;
2858 int csr_mod = 0;
2859 unsigned long flags;
2860
2861 if (fi->iso_state != RAW1394_ISO_INACTIVE)
2862 raw1394_iso_shutdown(fi);
2863
2864 for (i = 0; i < 64; i++) {
2865 if (fi->listen_channels & (1ULL << i)) {
2866 hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2867 }
2868 }
2869
2870 spin_lock_irqsave(&host_info_lock, flags);
2871 fi->listen_channels = 0;
2872
2873 fail = 0;
2874 /* set address-entries invalid */
2875
2876 while (!list_empty(&fi->addr_list)) {
2877 another_host = 0;
2878 lh = fi->addr_list.next;
2879 addr = list_entry(lh, struct arm_addr, addr_list);
2880 /* another host with valid address-entry containing
2881 same addressrange? */
2882 list_for_each_entry(hi, &host_info_list, list) {
2883 if (hi->host != fi->host) {
2884 list_for_each_entry(fi_hlp, &hi->file_info_list,
2885 list) {
2886 entry = fi_hlp->addr_list.next;
2887 while (entry != &(fi_hlp->addr_list)) {
2888 arm_addr = list_entry(entry, struct
2889 arm_addr,
2890 addr_list);
2891 if (arm_addr->start ==
2892 addr->start) {
2893 DBGMSG
2894 ("raw1394_release: "
2895 "another host ownes "
2896 "same addressrange");
2897 another_host = 1;
2898 break;
2899 }
2900 entry = entry->next;
2901 }
2902 if (another_host) {
2903 break;
2904 }
2905 }
2906 }
2907 }
2908 if (!another_host) {
2909 DBGMSG("raw1394_release: call hpsb_arm_unregister");
2910 retval =
2911 hpsb_unregister_addrspace(&raw1394_highlevel,
2912 fi->host, addr->start);
2913 if (!retval) {
2914 ++fail;
2915 printk(KERN_ERR
2916 "raw1394_release arm_Unregister failed\n");
2917 }
2918 }
2919 DBGMSG("raw1394_release: delete addr_entry from list");
2920 list_del(&addr->addr_list);
2921 vfree(addr->addr_space_buffer);
2922 kfree(addr);
2923 } /* while */
2924 spin_unlock_irqrestore(&host_info_lock, flags);
2925 if (fail > 0) {
2926 printk(KERN_ERR "raw1394: during addr_list-release "
2927 "error(s) occurred \n");
2928 }
2929
2930 for (;;) {
2931 /* This locked section guarantees that neither
2932 * complete nor pending requests exist once i!=0 */
2933 spin_lock_irqsave(&fi->reqlists_lock, flags);
2934 while ((req = __next_complete_req(fi)))
2935 free_pending_request(req);
2936
2937 i = list_empty(&fi->req_pending);
2938 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2939
2940 if (i)
2941 break;
2942 /*
2943 * Sleep until more requests can be freed.
2944 *
2945 * NB: We call the macro wait_event() with a condition argument
2946 * with side effect. This is only possible because the side
2947 * effect does not occur until the condition became true, and
2948 * wait_event() won't evaluate the condition again after that.
2949 */
2950 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2951 free_pending_request(req);
2952 }
2953
2954 /* Remove any sub-trees left by user space programs */
2955 for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2956 struct csr1212_dentry *dentry;
2957 if (!fi->csr1212_dirs[i])
2958 continue;
2959 for (dentry =
2960 fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2961 dentry = dentry->next) {
2962 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2963 root_kv,
2964 dentry->kv);
2965 }
2966 csr1212_release_keyval(fi->csr1212_dirs[i]);
2967 fi->csr1212_dirs[i] = NULL;
2968 csr_mod = 1;
2969 }
2970
2971 if ((csr_mod || fi->cfgrom_upd)
2972 && hpsb_update_config_rom_image(fi->host) < 0)
2973 HPSB_ERR
2974 ("Failed to generate Configuration ROM image for host %d",
2975 fi->host->id);
2976
2977 if (fi->state == connected) {
2978 spin_lock_irqsave(&host_info_lock, flags);
2979 list_del(&fi->list);
2980 spin_unlock_irqrestore(&host_info_lock, flags);
2981
2982 put_device(&fi->host->device);
2983 }
2984
2985 spin_lock_irqsave(&host_info_lock, flags);
2986 if (fi->host)
2987 module_put(fi->host->driver->owner);
2988 spin_unlock_irqrestore(&host_info_lock, flags);
2989
2990 kfree(fi);
2991
2992 return 0;
2993 }
2994
2995 /*** HOTPLUG STUFF **********************************************************/
2996 /*
2997 * Export information about protocols/devices supported by this driver.
2998 */
2999 static struct ieee1394_device_id raw1394_id_table[] = {
3000 {
3001 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3002 .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
3003 .version = AVC_SW_VERSION_ENTRY & 0xffffff},
3004 {
3005 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3006 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3007 .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
3008 {
3009 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3010 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3011 .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
3012 {
3013 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3014 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3015 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
3016 {}
3017 };
3018
3019 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
3020
3021 static struct hpsb_protocol_driver raw1394_driver = {
3022 .name = "raw1394",
3023 .id_table = raw1394_id_table,
3024 };
3025
3026 /******************************************************************************/
3027
3028 static struct hpsb_highlevel raw1394_highlevel = {
3029 .name = RAW1394_DEVICE_NAME,
3030 .add_host = add_host,
3031 .remove_host = remove_host,
3032 .host_reset = host_reset,
3033 .iso_receive = iso_receive,
3034 .fcp_request = fcp_request,
3035 };
3036
3037 static struct cdev raw1394_cdev;
3038 static const struct file_operations raw1394_fops = {
3039 .owner = THIS_MODULE,
3040 .read = raw1394_read,
3041 .write = raw1394_write,
3042 .mmap = raw1394_mmap,
3043 .ioctl = raw1394_ioctl,
3044 // .compat_ioctl = ... someone needs to do this
3045 .poll = raw1394_poll,
3046 .open = raw1394_open,
3047 .release = raw1394_release,
3048 };
3049
3050 static int __init init_raw1394(void)
3051 {
3052 int ret = 0;
3053
3054 hpsb_register_highlevel(&raw1394_highlevel);
3055
3056 if (IS_ERR
3057 (class_device_create
3058 (hpsb_protocol_class, NULL,
3059 MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), NULL,
3060 RAW1394_DEVICE_NAME))) {
3061 ret = -EFAULT;
3062 goto out_unreg;
3063 }
3064
3065 cdev_init(&raw1394_cdev, &raw1394_fops);
3066 raw1394_cdev.owner = THIS_MODULE;
3067 kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
3068 ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3069 if (ret) {
3070 HPSB_ERR("raw1394 failed to register minor device block");
3071 goto out_dev;
3072 }
3073
3074 HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3075
3076 ret = hpsb_register_protocol(&raw1394_driver);
3077 if (ret) {
3078 HPSB_ERR("raw1394: failed to register protocol");
3079 cdev_del(&raw1394_cdev);
3080 goto out_dev;
3081 }
3082
3083 goto out;
3084
3085 out_dev:
3086 class_device_destroy(hpsb_protocol_class,
3087 MKDEV(IEEE1394_MAJOR,
3088 IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3089 out_unreg:
3090 hpsb_unregister_highlevel(&raw1394_highlevel);
3091 out:
3092 return ret;
3093 }
3094
3095 static void __exit cleanup_raw1394(void)
3096 {
3097 class_device_destroy(hpsb_protocol_class,
3098 MKDEV(IEEE1394_MAJOR,
3099 IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3100 cdev_del(&raw1394_cdev);
3101 hpsb_unregister_highlevel(&raw1394_highlevel);
3102 hpsb_unregister_protocol(&raw1394_driver);
3103 }
3104
3105 module_init(init_raw1394);
3106 module_exit(cleanup_raw1394);
3107 MODULE_LICENSE("GPL");
Tomato firmware and modifications.