cipso: unsigned buf_len cannot be negative
[linux-2.6/next.git] / drivers / ieee1394 / raw1394.c
blob9f19ac492106a8107a0d9fc2f2af66d92908dfe0
1 /*
2 * IEEE 1394 for Linux
4 * Raw interface to the bus
6 * Copyright (C) 1999, 2000 Andreas E. Bombe
7 * 2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8 * 2002 Christian Toegel <christian.toegel@gmx.at>
10 * This code is licensed under the GPL. See the file COPYING in the root
11 * directory of the kernel sources for details.
14 * Contributions:
16 * Manfred Weihs <weihs@ict.tuwien.ac.at>
17 * configuration ROM manipulation
18 * address range mapping
19 * adaptation for new (transparent) loopback mechanism
20 * sending of arbitrary async packets
21 * Christian Toegel <christian.toegel@gmx.at>
22 * address range mapping
23 * lock64 request
24 * transmit physical packet
25 * busreset notification control (switch on/off)
26 * busreset with selection of type (short/long)
27 * request_reply
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/mutex.h>
38 #include <linux/init.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/compat.h>
46 #include "csr1212.h"
47 #include "highlevel.h"
48 #include "hosts.h"
49 #include "ieee1394.h"
50 #include "ieee1394_core.h"
51 #include "ieee1394_hotplug.h"
52 #include "ieee1394_transactions.h"
53 #include "ieee1394_types.h"
54 #include "iso.h"
55 #include "nodemgr.h"
56 #include "raw1394.h"
57 #include "raw1394-private.h"
59 #define int2ptr(x) ((void __user *)(unsigned long)x)
60 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
62 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
63 #define RAW1394_DEBUG
64 #endif
66 #ifdef RAW1394_DEBUG
67 #define DBGMSG(fmt, args...) \
68 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
69 #else
70 #define DBGMSG(fmt, args...) do {} while (0)
71 #endif
73 static LIST_HEAD(host_info_list);
74 static int host_count;
75 static DEFINE_SPINLOCK(host_info_lock);
76 static atomic_t internal_generation = ATOMIC_INIT(0);
78 static atomic_t iso_buffer_size;
79 static const int iso_buffer_max = 4 * 1024 * 1024; /* 4 MB */
81 static struct hpsb_highlevel raw1394_highlevel;
83 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
84 u64 addr, size_t length, u16 flags);
85 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
86 quadlet_t * data, u64 addr, size_t length, u16 flags);
87 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
88 u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
89 u16 flags);
90 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
91 u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
92 u16 flags);
93 static struct hpsb_address_ops arm_ops = {
94 .read = arm_read,
95 .write = arm_write,
96 .lock = arm_lock,
97 .lock64 = arm_lock64,
100 static void queue_complete_cb(struct pending_request *req);
102 static struct pending_request *__alloc_pending_request(gfp_t flags)
104 struct pending_request *req;
106 req = kzalloc(sizeof(*req), flags);
107 if (req)
108 INIT_LIST_HEAD(&req->list);
110 return req;
113 static inline struct pending_request *alloc_pending_request(void)
115 return __alloc_pending_request(GFP_KERNEL);
118 static void free_pending_request(struct pending_request *req)
120 if (req->ibs) {
121 if (atomic_dec_and_test(&req->ibs->refcount)) {
122 atomic_sub(req->ibs->data_size, &iso_buffer_size);
123 kfree(req->ibs);
125 } else if (req->free_data) {
126 kfree(req->data);
128 hpsb_free_packet(req->packet);
129 kfree(req);
132 /* fi->reqlists_lock must be taken */
133 static void __queue_complete_req(struct pending_request *req)
135 struct file_info *fi = req->file_info;
137 list_move_tail(&req->list, &fi->req_complete);
138 wake_up(&fi->wait_complete);
141 static void queue_complete_req(struct pending_request *req)
143 unsigned long flags;
144 struct file_info *fi = req->file_info;
146 spin_lock_irqsave(&fi->reqlists_lock, flags);
147 __queue_complete_req(req);
148 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
151 static void queue_complete_cb(struct pending_request *req)
153 struct hpsb_packet *packet = req->packet;
154 int rcode = (packet->header[1] >> 12) & 0xf;
156 switch (packet->ack_code) {
157 case ACKX_NONE:
158 case ACKX_SEND_ERROR:
159 req->req.error = RAW1394_ERROR_SEND_ERROR;
160 break;
161 case ACKX_ABORTED:
162 req->req.error = RAW1394_ERROR_ABORTED;
163 break;
164 case ACKX_TIMEOUT:
165 req->req.error = RAW1394_ERROR_TIMEOUT;
166 break;
167 default:
168 req->req.error = (packet->ack_code << 16) | rcode;
169 break;
172 if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
173 req->req.length = 0;
176 if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
177 (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
178 (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
179 (req->req.type == RAW1394_REQ_LOCK) ||
180 (req->req.type == RAW1394_REQ_LOCK64))
181 hpsb_free_tlabel(packet);
183 queue_complete_req(req);
186 static void add_host(struct hpsb_host *host)
188 struct host_info *hi;
189 unsigned long flags;
191 hi = kmalloc(sizeof(*hi), GFP_KERNEL);
193 if (hi) {
194 INIT_LIST_HEAD(&hi->list);
195 hi->host = host;
196 INIT_LIST_HEAD(&hi->file_info_list);
198 spin_lock_irqsave(&host_info_lock, flags);
199 list_add_tail(&hi->list, &host_info_list);
200 host_count++;
201 spin_unlock_irqrestore(&host_info_lock, flags);
204 atomic_inc(&internal_generation);
207 static struct host_info *find_host_info(struct hpsb_host *host)
209 struct host_info *hi;
211 list_for_each_entry(hi, &host_info_list, list)
212 if (hi->host == host)
213 return hi;
215 return NULL;
218 static void remove_host(struct hpsb_host *host)
220 struct host_info *hi;
221 unsigned long flags;
223 spin_lock_irqsave(&host_info_lock, flags);
224 hi = find_host_info(host);
226 if (hi != NULL) {
227 list_del(&hi->list);
228 host_count--;
230 FIXME: address ranges should be removed
231 and fileinfo states should be initialized
232 (including setting generation to
233 internal-generation ...)
236 spin_unlock_irqrestore(&host_info_lock, flags);
238 if (hi == NULL) {
239 printk(KERN_ERR "raw1394: attempt to remove unknown host "
240 "0x%p\n", host);
241 return;
244 kfree(hi);
246 atomic_inc(&internal_generation);
249 static void host_reset(struct hpsb_host *host)
251 unsigned long flags;
252 struct host_info *hi;
253 struct file_info *fi;
254 struct pending_request *req;
256 spin_lock_irqsave(&host_info_lock, flags);
257 hi = find_host_info(host);
259 if (hi != NULL) {
260 list_for_each_entry(fi, &hi->file_info_list, list) {
261 if (fi->notification == RAW1394_NOTIFY_ON) {
262 req = __alloc_pending_request(GFP_ATOMIC);
264 if (req != NULL) {
265 req->file_info = fi;
266 req->req.type = RAW1394_REQ_BUS_RESET;
267 req->req.generation =
268 get_hpsb_generation(host);
269 req->req.misc = (host->node_id << 16)
270 | host->node_count;
271 if (fi->protocol_version > 3) {
272 req->req.misc |=
273 (NODEID_TO_NODE
274 (host->irm_id)
275 << 8);
278 queue_complete_req(req);
283 spin_unlock_irqrestore(&host_info_lock, flags);
286 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
287 int cts, u8 * data, size_t length)
289 unsigned long flags;
290 struct host_info *hi;
291 struct file_info *fi;
292 struct pending_request *req, *req_next;
293 struct iso_block_store *ibs = NULL;
294 LIST_HEAD(reqs);
296 if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
297 HPSB_INFO("dropped fcp request");
298 return;
301 spin_lock_irqsave(&host_info_lock, flags);
302 hi = find_host_info(host);
304 if (hi != NULL) {
305 list_for_each_entry(fi, &hi->file_info_list, list) {
306 if (!fi->fcp_buffer)
307 continue;
309 req = __alloc_pending_request(GFP_ATOMIC);
310 if (!req)
311 break;
313 if (!ibs) {
314 ibs = kmalloc(sizeof(*ibs) + length,
315 GFP_ATOMIC);
316 if (!ibs) {
317 kfree(req);
318 break;
321 atomic_add(length, &iso_buffer_size);
322 atomic_set(&ibs->refcount, 0);
323 ibs->data_size = length;
324 memcpy(ibs->data, data, length);
327 atomic_inc(&ibs->refcount);
329 req->file_info = fi;
330 req->ibs = ibs;
331 req->data = ibs->data;
332 req->req.type = RAW1394_REQ_FCP_REQUEST;
333 req->req.generation = get_hpsb_generation(host);
334 req->req.misc = nodeid | (direction << 16);
335 req->req.recvb = ptr2int(fi->fcp_buffer);
336 req->req.length = length;
338 list_add_tail(&req->list, &reqs);
341 spin_unlock_irqrestore(&host_info_lock, flags);
343 list_for_each_entry_safe(req, req_next, &reqs, list)
344 queue_complete_req(req);
347 #ifdef CONFIG_COMPAT
348 struct compat_raw1394_req {
349 __u32 type;
350 __s32 error;
351 __u32 misc;
353 __u32 generation;
354 __u32 length;
356 __u64 address;
358 __u64 tag;
360 __u64 sendb;
361 __u64 recvb;
363 #if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
364 __attribute__((packed))
365 #endif
368 static const char __user *raw1394_compat_write(const char __user *buf)
370 struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
371 struct raw1394_request __user *r;
372 r = compat_alloc_user_space(sizeof(struct raw1394_request));
374 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
376 if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
377 C(address) ||
378 C(tag) ||
379 C(sendb) ||
380 C(recvb))
381 return ERR_PTR(-EFAULT);
382 return (const char __user *)r;
384 #undef C
386 #define P(x) __put_user(r->x, &cr->x)
388 static int
389 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
391 struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
392 if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
393 P(type) ||
394 P(error) ||
395 P(misc) ||
396 P(generation) ||
397 P(length) ||
398 P(address) ||
399 P(tag) ||
400 P(sendb) ||
401 P(recvb))
402 return -EFAULT;
403 return sizeof(struct compat_raw1394_req);
405 #undef P
407 #endif
409 /* get next completed request (caller must hold fi->reqlists_lock) */
410 static inline struct pending_request *__next_complete_req(struct file_info *fi)
412 struct list_head *lh;
413 struct pending_request *req = NULL;
415 if (!list_empty(&fi->req_complete)) {
416 lh = fi->req_complete.next;
417 list_del(lh);
418 req = list_entry(lh, struct pending_request, list);
420 return req;
423 /* atomically get next completed request */
424 static struct pending_request *next_complete_req(struct file_info *fi)
426 unsigned long flags;
427 struct pending_request *req;
429 spin_lock_irqsave(&fi->reqlists_lock, flags);
430 req = __next_complete_req(fi);
431 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
432 return req;
435 static ssize_t raw1394_read(struct file *file, char __user * buffer,
436 size_t count, loff_t * offset_is_ignored)
438 struct file_info *fi = (struct file_info *)file->private_data;
439 struct pending_request *req;
440 ssize_t ret;
442 #ifdef CONFIG_COMPAT
443 if (count == sizeof(struct compat_raw1394_req)) {
444 /* ok */
445 } else
446 #endif
447 if (count != sizeof(struct raw1394_request)) {
448 return -EINVAL;
451 if (!access_ok(VERIFY_WRITE, buffer, count)) {
452 return -EFAULT;
455 if (file->f_flags & O_NONBLOCK) {
456 if (!(req = next_complete_req(fi)))
457 return -EAGAIN;
458 } else {
460 * NB: We call the macro wait_event_interruptible() with a
461 * condition argument with side effect. This is only possible
462 * because the side effect does not occur until the condition
463 * became true, and wait_event_interruptible() won't evaluate
464 * the condition again after that.
466 if (wait_event_interruptible(fi->wait_complete,
467 (req = next_complete_req(fi))))
468 return -ERESTARTSYS;
471 if (req->req.length) {
472 if (copy_to_user(int2ptr(req->req.recvb), req->data,
473 req->req.length)) {
474 req->req.error = RAW1394_ERROR_MEMFAULT;
478 #ifdef CONFIG_COMPAT
479 if (count == sizeof(struct compat_raw1394_req) &&
480 sizeof(struct compat_raw1394_req) !=
481 sizeof(struct raw1394_request)) {
482 ret = raw1394_compat_read(buffer, &req->req);
483 } else
484 #endif
486 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
487 ret = -EFAULT;
488 goto out;
490 ret = (ssize_t) sizeof(struct raw1394_request);
492 out:
493 free_pending_request(req);
494 return ret;
497 static int state_opened(struct file_info *fi, struct pending_request *req)
499 if (req->req.type == RAW1394_REQ_INITIALIZE) {
500 switch (req->req.misc) {
501 case RAW1394_KERNELAPI_VERSION:
502 case 3:
503 fi->state = initialized;
504 fi->protocol_version = req->req.misc;
505 req->req.error = RAW1394_ERROR_NONE;
506 req->req.generation = atomic_read(&internal_generation);
507 break;
509 default:
510 req->req.error = RAW1394_ERROR_COMPAT;
511 req->req.misc = RAW1394_KERNELAPI_VERSION;
513 } else {
514 req->req.error = RAW1394_ERROR_STATE_ORDER;
517 req->req.length = 0;
518 queue_complete_req(req);
519 return 0;
522 static int state_initialized(struct file_info *fi, struct pending_request *req)
524 unsigned long flags;
525 struct host_info *hi;
526 struct raw1394_khost_list *khl;
528 if (req->req.generation != atomic_read(&internal_generation)) {
529 req->req.error = RAW1394_ERROR_GENERATION;
530 req->req.generation = atomic_read(&internal_generation);
531 req->req.length = 0;
532 queue_complete_req(req);
533 return 0;
536 switch (req->req.type) {
537 case RAW1394_REQ_LIST_CARDS:
538 spin_lock_irqsave(&host_info_lock, flags);
539 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
541 if (khl) {
542 req->req.misc = host_count;
543 req->data = (quadlet_t *) khl;
545 list_for_each_entry(hi, &host_info_list, list) {
546 khl->nodes = hi->host->node_count;
547 strcpy(khl->name, hi->host->driver->name);
548 khl++;
551 spin_unlock_irqrestore(&host_info_lock, flags);
553 if (khl) {
554 req->req.error = RAW1394_ERROR_NONE;
555 req->req.length = min(req->req.length,
556 (u32) (sizeof
557 (struct raw1394_khost_list)
558 * req->req.misc));
559 req->free_data = 1;
560 } else {
561 return -ENOMEM;
563 break;
565 case RAW1394_REQ_SET_CARD:
566 spin_lock_irqsave(&host_info_lock, flags);
567 if (req->req.misc >= host_count) {
568 req->req.error = RAW1394_ERROR_INVALID_ARG;
569 goto out_set_card;
571 list_for_each_entry(hi, &host_info_list, list)
572 if (!req->req.misc--)
573 break;
574 get_device(&hi->host->device); /* FIXME handle failure case */
575 list_add_tail(&fi->list, &hi->file_info_list);
577 /* prevent unloading of the host's low-level driver */
578 if (!try_module_get(hi->host->driver->owner)) {
579 req->req.error = RAW1394_ERROR_ABORTED;
580 goto out_set_card;
582 WARN_ON(fi->host);
583 fi->host = hi->host;
584 fi->state = connected;
586 req->req.error = RAW1394_ERROR_NONE;
587 req->req.generation = get_hpsb_generation(fi->host);
588 req->req.misc = (fi->host->node_id << 16)
589 | fi->host->node_count;
590 if (fi->protocol_version > 3)
591 req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
592 out_set_card:
593 spin_unlock_irqrestore(&host_info_lock, flags);
595 req->req.length = 0;
596 break;
598 default:
599 req->req.error = RAW1394_ERROR_STATE_ORDER;
600 req->req.length = 0;
601 break;
604 queue_complete_req(req);
605 return 0;
608 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
610 if (req->req.misc) {
611 if (fi->fcp_buffer) {
612 req->req.error = RAW1394_ERROR_ALREADY;
613 } else {
614 fi->fcp_buffer = int2ptr(req->req.recvb);
616 } else {
617 if (!fi->fcp_buffer) {
618 req->req.error = RAW1394_ERROR_ALREADY;
619 } else {
620 fi->fcp_buffer = NULL;
624 req->req.length = 0;
625 queue_complete_req(req);
628 static int handle_async_request(struct file_info *fi,
629 struct pending_request *req, int node)
631 unsigned long flags;
632 struct hpsb_packet *packet = NULL;
633 u64 addr = req->req.address & 0xffffffffffffULL;
635 switch (req->req.type) {
636 case RAW1394_REQ_ASYNC_READ:
637 DBGMSG("read_request called");
638 packet =
639 hpsb_make_readpacket(fi->host, node, addr, req->req.length);
641 if (!packet)
642 return -ENOMEM;
644 if (req->req.length == 4)
645 req->data = &packet->header[3];
646 else
647 req->data = packet->data;
649 break;
651 case RAW1394_REQ_ASYNC_WRITE:
652 DBGMSG("write_request called");
654 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
655 req->req.length);
656 if (!packet)
657 return -ENOMEM;
659 if (req->req.length == 4) {
660 if (copy_from_user
661 (&packet->header[3], int2ptr(req->req.sendb),
662 req->req.length))
663 req->req.error = RAW1394_ERROR_MEMFAULT;
664 } else {
665 if (copy_from_user
666 (packet->data, int2ptr(req->req.sendb),
667 req->req.length))
668 req->req.error = RAW1394_ERROR_MEMFAULT;
671 req->req.length = 0;
672 break;
674 case RAW1394_REQ_ASYNC_STREAM:
675 DBGMSG("stream_request called");
677 packet =
678 hpsb_make_streampacket(fi->host, NULL, req->req.length,
679 node & 0x3f /*channel */ ,
680 (req->req.misc >> 16) & 0x3,
681 req->req.misc & 0xf);
682 if (!packet)
683 return -ENOMEM;
685 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
686 req->req.length))
687 req->req.error = RAW1394_ERROR_MEMFAULT;
689 req->req.length = 0;
690 break;
692 case RAW1394_REQ_LOCK:
693 DBGMSG("lock_request called");
694 if ((req->req.misc == EXTCODE_FETCH_ADD)
695 || (req->req.misc == EXTCODE_LITTLE_ADD)) {
696 if (req->req.length != 4) {
697 req->req.error = RAW1394_ERROR_INVALID_ARG;
698 break;
700 } else {
701 if (req->req.length != 8) {
702 req->req.error = RAW1394_ERROR_INVALID_ARG;
703 break;
707 packet = hpsb_make_lockpacket(fi->host, node, addr,
708 req->req.misc, NULL, 0);
709 if (!packet)
710 return -ENOMEM;
712 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
713 req->req.length)) {
714 req->req.error = RAW1394_ERROR_MEMFAULT;
715 break;
718 req->data = packet->data;
719 req->req.length = 4;
720 break;
722 case RAW1394_REQ_LOCK64:
723 DBGMSG("lock64_request called");
724 if ((req->req.misc == EXTCODE_FETCH_ADD)
725 || (req->req.misc == EXTCODE_LITTLE_ADD)) {
726 if (req->req.length != 8) {
727 req->req.error = RAW1394_ERROR_INVALID_ARG;
728 break;
730 } else {
731 if (req->req.length != 16) {
732 req->req.error = RAW1394_ERROR_INVALID_ARG;
733 break;
736 packet = hpsb_make_lock64packet(fi->host, node, addr,
737 req->req.misc, NULL, 0);
738 if (!packet)
739 return -ENOMEM;
741 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
742 req->req.length)) {
743 req->req.error = RAW1394_ERROR_MEMFAULT;
744 break;
747 req->data = packet->data;
748 req->req.length = 8;
749 break;
751 default:
752 req->req.error = RAW1394_ERROR_STATE_ORDER;
755 req->packet = packet;
757 if (req->req.error) {
758 req->req.length = 0;
759 queue_complete_req(req);
760 return 0;
763 hpsb_set_packet_complete_task(packet,
764 (void (*)(void *))queue_complete_cb, req);
766 spin_lock_irqsave(&fi->reqlists_lock, flags);
767 list_add_tail(&req->list, &fi->req_pending);
768 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
770 packet->generation = req->req.generation;
772 if (hpsb_send_packet(packet) < 0) {
773 req->req.error = RAW1394_ERROR_SEND_ERROR;
774 req->req.length = 0;
775 hpsb_free_tlabel(packet);
776 queue_complete_req(req);
778 return 0;
781 static int handle_async_send(struct file_info *fi, struct pending_request *req)
783 unsigned long flags;
784 struct hpsb_packet *packet;
785 int header_length = req->req.misc & 0xffff;
786 int expect_response = req->req.misc >> 16;
787 size_t data_size;
789 if (header_length > req->req.length || header_length < 12 ||
790 header_length > FIELD_SIZEOF(struct hpsb_packet, header)) {
791 req->req.error = RAW1394_ERROR_INVALID_ARG;
792 req->req.length = 0;
793 queue_complete_req(req);
794 return 0;
797 data_size = req->req.length - header_length;
798 packet = hpsb_alloc_packet(data_size);
799 req->packet = packet;
800 if (!packet)
801 return -ENOMEM;
803 if (copy_from_user(packet->header, int2ptr(req->req.sendb),
804 header_length)) {
805 req->req.error = RAW1394_ERROR_MEMFAULT;
806 req->req.length = 0;
807 queue_complete_req(req);
808 return 0;
811 if (copy_from_user
812 (packet->data, int2ptr(req->req.sendb) + header_length,
813 data_size)) {
814 req->req.error = RAW1394_ERROR_MEMFAULT;
815 req->req.length = 0;
816 queue_complete_req(req);
817 return 0;
820 packet->type = hpsb_async;
821 packet->node_id = packet->header[0] >> 16;
822 packet->tcode = (packet->header[0] >> 4) & 0xf;
823 packet->tlabel = (packet->header[0] >> 10) & 0x3f;
824 packet->host = fi->host;
825 packet->expect_response = expect_response;
826 packet->header_size = header_length;
827 packet->data_size = data_size;
829 req->req.length = 0;
830 hpsb_set_packet_complete_task(packet,
831 (void (*)(void *))queue_complete_cb, req);
833 spin_lock_irqsave(&fi->reqlists_lock, flags);
834 list_add_tail(&req->list, &fi->req_pending);
835 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
837 /* Update the generation of the packet just before sending. */
838 packet->generation = req->req.generation;
840 if (hpsb_send_packet(packet) < 0) {
841 req->req.error = RAW1394_ERROR_SEND_ERROR;
842 queue_complete_req(req);
845 return 0;
848 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
849 u64 addr, size_t length, u16 flags)
851 unsigned long irqflags;
852 struct pending_request *req;
853 struct host_info *hi;
854 struct file_info *fi = NULL;
855 struct list_head *entry;
856 struct arm_addr *arm_addr = NULL;
857 struct arm_request *arm_req = NULL;
858 struct arm_response *arm_resp = NULL;
859 int found = 0, size = 0, rcode = -1;
860 struct arm_request_response *arm_req_resp = NULL;
862 DBGMSG("arm_read called by node: %X "
863 "addr: %4.4x %8.8x length: %Zu", nodeid,
864 (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
865 length);
866 spin_lock_irqsave(&host_info_lock, irqflags);
867 hi = find_host_info(host); /* search address-entry */
868 if (hi != NULL) {
869 list_for_each_entry(fi, &hi->file_info_list, list) {
870 entry = fi->addr_list.next;
871 while (entry != &(fi->addr_list)) {
872 arm_addr =
873 list_entry(entry, struct arm_addr,
874 addr_list);
875 if (((arm_addr->start) <= (addr))
876 && ((arm_addr->end) >= (addr + length))) {
877 found = 1;
878 break;
880 entry = entry->next;
882 if (found) {
883 break;
887 rcode = -1;
888 if (!found) {
889 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
890 " -> rcode_address_error\n");
891 spin_unlock_irqrestore(&host_info_lock, irqflags);
892 return (RCODE_ADDRESS_ERROR);
893 } else {
894 DBGMSG("arm_read addr_entry FOUND");
896 if (arm_addr->rec_length < length) {
897 DBGMSG("arm_read blocklength too big -> rcode_data_error");
898 rcode = RCODE_DATA_ERROR; /* hardware error, data is unavailable */
900 if (rcode == -1) {
901 if (arm_addr->access_rights & ARM_READ) {
902 if (!(arm_addr->client_transactions & ARM_READ)) {
903 memcpy(buffer,
904 (arm_addr->addr_space_buffer) + (addr -
905 (arm_addr->
906 start)),
907 length);
908 DBGMSG("arm_read -> (rcode_complete)");
909 rcode = RCODE_COMPLETE;
911 } else {
912 rcode = RCODE_TYPE_ERROR; /* function not allowed */
913 DBGMSG("arm_read -> rcode_type_error (access denied)");
916 if (arm_addr->notification_options & ARM_READ) {
917 DBGMSG("arm_read -> entering notification-section");
918 req = __alloc_pending_request(GFP_ATOMIC);
919 if (!req) {
920 DBGMSG("arm_read -> rcode_conflict_error");
921 spin_unlock_irqrestore(&host_info_lock, irqflags);
922 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
923 The request may be retried */
925 if (rcode == RCODE_COMPLETE) {
926 size =
927 sizeof(struct arm_request) +
928 sizeof(struct arm_response) +
929 length * sizeof(byte_t) +
930 sizeof(struct arm_request_response);
931 } else {
932 size =
933 sizeof(struct arm_request) +
934 sizeof(struct arm_response) +
935 sizeof(struct arm_request_response);
937 req->data = kmalloc(size, GFP_ATOMIC);
938 if (!(req->data)) {
939 free_pending_request(req);
940 DBGMSG("arm_read -> rcode_conflict_error");
941 spin_unlock_irqrestore(&host_info_lock, irqflags);
942 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
943 The request may be retried */
945 req->free_data = 1;
946 req->file_info = fi;
947 req->req.type = RAW1394_REQ_ARM;
948 req->req.generation = get_hpsb_generation(host);
949 req->req.misc =
950 (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
951 req->req.tag = arm_addr->arm_tag;
952 req->req.recvb = arm_addr->recvb;
953 req->req.length = size;
954 arm_req_resp = (struct arm_request_response *)(req->data);
955 arm_req = (struct arm_request *)((byte_t *) (req->data) +
956 (sizeof
957 (struct
958 arm_request_response)));
959 arm_resp =
960 (struct arm_response *)((byte_t *) (arm_req) +
961 (sizeof(struct arm_request)));
962 arm_req->buffer = NULL;
963 arm_resp->buffer = NULL;
964 if (rcode == RCODE_COMPLETE) {
965 byte_t *buf =
966 (byte_t *) arm_resp + sizeof(struct arm_response);
967 memcpy(buf,
968 (arm_addr->addr_space_buffer) + (addr -
969 (arm_addr->
970 start)),
971 length);
972 arm_resp->buffer =
973 int2ptr((arm_addr->recvb) +
974 sizeof(struct arm_request_response) +
975 sizeof(struct arm_request) +
976 sizeof(struct arm_response));
978 arm_resp->buffer_length =
979 (rcode == RCODE_COMPLETE) ? length : 0;
980 arm_resp->response_code = rcode;
981 arm_req->buffer_length = 0;
982 arm_req->generation = req->req.generation;
983 arm_req->extended_transaction_code = 0;
984 arm_req->destination_offset = addr;
985 arm_req->source_nodeid = nodeid;
986 arm_req->destination_nodeid = host->node_id;
987 arm_req->tlabel = (flags >> 10) & 0x3f;
988 arm_req->tcode = (flags >> 4) & 0x0f;
989 arm_req_resp->request = int2ptr((arm_addr->recvb) +
990 sizeof(struct
991 arm_request_response));
992 arm_req_resp->response =
993 int2ptr((arm_addr->recvb) +
994 sizeof(struct arm_request_response) +
995 sizeof(struct arm_request));
996 queue_complete_req(req);
998 spin_unlock_irqrestore(&host_info_lock, irqflags);
999 return (rcode);
1002 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1003 quadlet_t * data, u64 addr, size_t length, u16 flags)
1005 unsigned long irqflags;
1006 struct pending_request *req;
1007 struct host_info *hi;
1008 struct file_info *fi = NULL;
1009 struct list_head *entry;
1010 struct arm_addr *arm_addr = NULL;
1011 struct arm_request *arm_req = NULL;
1012 struct arm_response *arm_resp = NULL;
1013 int found = 0, size = 0, rcode = -1, length_conflict = 0;
1014 struct arm_request_response *arm_req_resp = NULL;
1016 DBGMSG("arm_write called by node: %X "
1017 "addr: %4.4x %8.8x length: %Zu", nodeid,
1018 (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1019 length);
1020 spin_lock_irqsave(&host_info_lock, irqflags);
1021 hi = find_host_info(host); /* search address-entry */
1022 if (hi != NULL) {
1023 list_for_each_entry(fi, &hi->file_info_list, list) {
1024 entry = fi->addr_list.next;
1025 while (entry != &(fi->addr_list)) {
1026 arm_addr =
1027 list_entry(entry, struct arm_addr,
1028 addr_list);
1029 if (((arm_addr->start) <= (addr))
1030 && ((arm_addr->end) >= (addr + length))) {
1031 found = 1;
1032 break;
1034 entry = entry->next;
1036 if (found) {
1037 break;
1041 rcode = -1;
1042 if (!found) {
1043 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1044 " -> rcode_address_error\n");
1045 spin_unlock_irqrestore(&host_info_lock, irqflags);
1046 return (RCODE_ADDRESS_ERROR);
1047 } else {
1048 DBGMSG("arm_write addr_entry FOUND");
1050 if (arm_addr->rec_length < length) {
1051 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1052 length_conflict = 1;
1053 rcode = RCODE_DATA_ERROR; /* hardware error, data is unavailable */
1055 if (rcode == -1) {
1056 if (arm_addr->access_rights & ARM_WRITE) {
1057 if (!(arm_addr->client_transactions & ARM_WRITE)) {
1058 memcpy((arm_addr->addr_space_buffer) +
1059 (addr - (arm_addr->start)), data,
1060 length);
1061 DBGMSG("arm_write -> (rcode_complete)");
1062 rcode = RCODE_COMPLETE;
1064 } else {
1065 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1066 DBGMSG("arm_write -> rcode_type_error (access denied)");
1069 if (arm_addr->notification_options & ARM_WRITE) {
1070 DBGMSG("arm_write -> entering notification-section");
1071 req = __alloc_pending_request(GFP_ATOMIC);
1072 if (!req) {
1073 DBGMSG("arm_write -> rcode_conflict_error");
1074 spin_unlock_irqrestore(&host_info_lock, irqflags);
1075 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1076 The request my be retried */
1078 size =
1079 sizeof(struct arm_request) + sizeof(struct arm_response) +
1080 (length) * sizeof(byte_t) +
1081 sizeof(struct arm_request_response);
1082 req->data = kmalloc(size, GFP_ATOMIC);
1083 if (!(req->data)) {
1084 free_pending_request(req);
1085 DBGMSG("arm_write -> rcode_conflict_error");
1086 spin_unlock_irqrestore(&host_info_lock, irqflags);
1087 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1088 The request may be retried */
1090 req->free_data = 1;
1091 req->file_info = fi;
1092 req->req.type = RAW1394_REQ_ARM;
1093 req->req.generation = get_hpsb_generation(host);
1094 req->req.misc =
1095 (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1096 req->req.tag = arm_addr->arm_tag;
1097 req->req.recvb = arm_addr->recvb;
1098 req->req.length = size;
1099 arm_req_resp = (struct arm_request_response *)(req->data);
1100 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1101 (sizeof
1102 (struct
1103 arm_request_response)));
1104 arm_resp =
1105 (struct arm_response *)((byte_t *) (arm_req) +
1106 (sizeof(struct arm_request)));
1107 arm_resp->buffer = NULL;
1108 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1109 data, length);
1110 arm_req->buffer = int2ptr((arm_addr->recvb) +
1111 sizeof(struct arm_request_response) +
1112 sizeof(struct arm_request) +
1113 sizeof(struct arm_response));
1114 arm_req->buffer_length = length;
1115 arm_req->generation = req->req.generation;
1116 arm_req->extended_transaction_code = 0;
1117 arm_req->destination_offset = addr;
1118 arm_req->source_nodeid = nodeid;
1119 arm_req->destination_nodeid = destid;
1120 arm_req->tlabel = (flags >> 10) & 0x3f;
1121 arm_req->tcode = (flags >> 4) & 0x0f;
1122 arm_resp->buffer_length = 0;
1123 arm_resp->response_code = rcode;
1124 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1125 sizeof(struct
1126 arm_request_response));
1127 arm_req_resp->response =
1128 int2ptr((arm_addr->recvb) +
1129 sizeof(struct arm_request_response) +
1130 sizeof(struct arm_request));
1131 queue_complete_req(req);
1133 spin_unlock_irqrestore(&host_info_lock, irqflags);
1134 return (rcode);
1137 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1138 u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1139 u16 flags)
1141 unsigned long irqflags;
1142 struct pending_request *req;
1143 struct host_info *hi;
1144 struct file_info *fi = NULL;
1145 struct list_head *entry;
1146 struct arm_addr *arm_addr = NULL;
1147 struct arm_request *arm_req = NULL;
1148 struct arm_response *arm_resp = NULL;
1149 int found = 0, size = 0, rcode = -1;
1150 quadlet_t old, new;
1151 struct arm_request_response *arm_req_resp = NULL;
1153 if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1154 ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1155 DBGMSG("arm_lock called by node: %X "
1156 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1157 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1158 (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1159 be32_to_cpu(data));
1160 } else {
1161 DBGMSG("arm_lock called by node: %X "
1162 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1163 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1164 (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1165 be32_to_cpu(data), be32_to_cpu(arg));
1167 spin_lock_irqsave(&host_info_lock, irqflags);
1168 hi = find_host_info(host); /* search address-entry */
1169 if (hi != NULL) {
1170 list_for_each_entry(fi, &hi->file_info_list, list) {
1171 entry = fi->addr_list.next;
1172 while (entry != &(fi->addr_list)) {
1173 arm_addr =
1174 list_entry(entry, struct arm_addr,
1175 addr_list);
1176 if (((arm_addr->start) <= (addr))
1177 && ((arm_addr->end) >=
1178 (addr + sizeof(*store)))) {
1179 found = 1;
1180 break;
1182 entry = entry->next;
1184 if (found) {
1185 break;
1189 rcode = -1;
1190 if (!found) {
1191 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1192 " -> rcode_address_error\n");
1193 spin_unlock_irqrestore(&host_info_lock, irqflags);
1194 return (RCODE_ADDRESS_ERROR);
1195 } else {
1196 DBGMSG("arm_lock addr_entry FOUND");
1198 if (rcode == -1) {
1199 if (arm_addr->access_rights & ARM_LOCK) {
1200 if (!(arm_addr->client_transactions & ARM_LOCK)) {
1201 memcpy(&old,
1202 (arm_addr->addr_space_buffer) + (addr -
1203 (arm_addr->
1204 start)),
1205 sizeof(old));
1206 switch (ext_tcode) {
1207 case (EXTCODE_MASK_SWAP):
1208 new = data | (old & ~arg);
1209 break;
1210 case (EXTCODE_COMPARE_SWAP):
1211 if (old == arg) {
1212 new = data;
1213 } else {
1214 new = old;
1216 break;
1217 case (EXTCODE_FETCH_ADD):
1218 new =
1219 cpu_to_be32(be32_to_cpu(data) +
1220 be32_to_cpu(old));
1221 break;
1222 case (EXTCODE_LITTLE_ADD):
1223 new =
1224 cpu_to_le32(le32_to_cpu(data) +
1225 le32_to_cpu(old));
1226 break;
1227 case (EXTCODE_BOUNDED_ADD):
1228 if (old != arg) {
1229 new =
1230 cpu_to_be32(be32_to_cpu
1231 (data) +
1232 be32_to_cpu
1233 (old));
1234 } else {
1235 new = old;
1237 break;
1238 case (EXTCODE_WRAP_ADD):
1239 if (old != arg) {
1240 new =
1241 cpu_to_be32(be32_to_cpu
1242 (data) +
1243 be32_to_cpu
1244 (old));
1245 } else {
1246 new = data;
1248 break;
1249 default:
1250 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1251 printk(KERN_ERR
1252 "raw1394: arm_lock FAILED "
1253 "ext_tcode not allowed -> rcode_type_error\n");
1254 break;
1255 } /*switch */
1256 if (rcode == -1) {
1257 DBGMSG("arm_lock -> (rcode_complete)");
1258 rcode = RCODE_COMPLETE;
1259 memcpy(store, &old, sizeof(*store));
1260 memcpy((arm_addr->addr_space_buffer) +
1261 (addr - (arm_addr->start)),
1262 &new, sizeof(*store));
1265 } else {
1266 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1267 DBGMSG("arm_lock -> rcode_type_error (access denied)");
1270 if (arm_addr->notification_options & ARM_LOCK) {
1271 byte_t *buf1, *buf2;
1272 DBGMSG("arm_lock -> entering notification-section");
1273 req = __alloc_pending_request(GFP_ATOMIC);
1274 if (!req) {
1275 DBGMSG("arm_lock -> rcode_conflict_error");
1276 spin_unlock_irqrestore(&host_info_lock, irqflags);
1277 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1278 The request may be retried */
1280 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response); /* maximum */
1281 req->data = kmalloc(size, GFP_ATOMIC);
1282 if (!(req->data)) {
1283 free_pending_request(req);
1284 DBGMSG("arm_lock -> rcode_conflict_error");
1285 spin_unlock_irqrestore(&host_info_lock, irqflags);
1286 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1287 The request may be retried */
1289 req->free_data = 1;
1290 arm_req_resp = (struct arm_request_response *)(req->data);
1291 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1292 (sizeof
1293 (struct
1294 arm_request_response)));
1295 arm_resp =
1296 (struct arm_response *)((byte_t *) (arm_req) +
1297 (sizeof(struct arm_request)));
1298 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1299 buf2 = buf1 + 2 * sizeof(*store);
1300 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1301 (ext_tcode == EXTCODE_LITTLE_ADD)) {
1302 arm_req->buffer_length = sizeof(*store);
1303 memcpy(buf1, &data, sizeof(*store));
1305 } else {
1306 arm_req->buffer_length = 2 * sizeof(*store);
1307 memcpy(buf1, &arg, sizeof(*store));
1308 memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1310 if (rcode == RCODE_COMPLETE) {
1311 arm_resp->buffer_length = sizeof(*store);
1312 memcpy(buf2, &old, sizeof(*store));
1313 } else {
1314 arm_resp->buffer_length = 0;
1316 req->file_info = fi;
1317 req->req.type = RAW1394_REQ_ARM;
1318 req->req.generation = get_hpsb_generation(host);
1319 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1320 (ARM_LOCK & 0xFF));
1321 req->req.tag = arm_addr->arm_tag;
1322 req->req.recvb = arm_addr->recvb;
1323 req->req.length = size;
1324 arm_req->generation = req->req.generation;
1325 arm_req->extended_transaction_code = ext_tcode;
1326 arm_req->destination_offset = addr;
1327 arm_req->source_nodeid = nodeid;
1328 arm_req->destination_nodeid = host->node_id;
1329 arm_req->tlabel = (flags >> 10) & 0x3f;
1330 arm_req->tcode = (flags >> 4) & 0x0f;
1331 arm_resp->response_code = rcode;
1332 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1333 sizeof(struct
1334 arm_request_response));
1335 arm_req_resp->response =
1336 int2ptr((arm_addr->recvb) +
1337 sizeof(struct arm_request_response) +
1338 sizeof(struct arm_request));
1339 arm_req->buffer =
1340 int2ptr((arm_addr->recvb) +
1341 sizeof(struct arm_request_response) +
1342 sizeof(struct arm_request) +
1343 sizeof(struct arm_response));
1344 arm_resp->buffer =
1345 int2ptr((arm_addr->recvb) +
1346 sizeof(struct arm_request_response) +
1347 sizeof(struct arm_request) +
1348 sizeof(struct arm_response) + 2 * sizeof(*store));
1349 queue_complete_req(req);
1351 spin_unlock_irqrestore(&host_info_lock, irqflags);
1352 return (rcode);
1355 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1356 u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1357 u16 flags)
1359 unsigned long irqflags;
1360 struct pending_request *req;
1361 struct host_info *hi;
1362 struct file_info *fi = NULL;
1363 struct list_head *entry;
1364 struct arm_addr *arm_addr = NULL;
1365 struct arm_request *arm_req = NULL;
1366 struct arm_response *arm_resp = NULL;
1367 int found = 0, size = 0, rcode = -1;
1368 octlet_t old, new;
1369 struct arm_request_response *arm_req_resp = NULL;
1371 if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1372 ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1373 DBGMSG("arm_lock64 called by node: %X "
1374 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1375 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1376 (u32) (addr & 0xFFFFFFFF),
1377 ext_tcode & 0xFF,
1378 (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1379 (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1380 } else {
1381 DBGMSG("arm_lock64 called by node: %X "
1382 "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1383 "%8.8X %8.8X ",
1384 nodeid, (u16) ((addr >> 32) & 0xFFFF),
1385 (u32) (addr & 0xFFFFFFFF),
1386 ext_tcode & 0xFF,
1387 (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1388 (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1389 (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1390 (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1392 spin_lock_irqsave(&host_info_lock, irqflags);
1393 hi = find_host_info(host); /* search addressentry in file_info's for host */
1394 if (hi != NULL) {
1395 list_for_each_entry(fi, &hi->file_info_list, list) {
1396 entry = fi->addr_list.next;
1397 while (entry != &(fi->addr_list)) {
1398 arm_addr =
1399 list_entry(entry, struct arm_addr,
1400 addr_list);
1401 if (((arm_addr->start) <= (addr))
1402 && ((arm_addr->end) >=
1403 (addr + sizeof(*store)))) {
1404 found = 1;
1405 break;
1407 entry = entry->next;
1409 if (found) {
1410 break;
1414 rcode = -1;
1415 if (!found) {
1416 printk(KERN_ERR
1417 "raw1394: arm_lock64 FAILED addr_entry not found"
1418 " -> rcode_address_error\n");
1419 spin_unlock_irqrestore(&host_info_lock, irqflags);
1420 return (RCODE_ADDRESS_ERROR);
1421 } else {
1422 DBGMSG("arm_lock64 addr_entry FOUND");
1424 if (rcode == -1) {
1425 if (arm_addr->access_rights & ARM_LOCK) {
1426 if (!(arm_addr->client_transactions & ARM_LOCK)) {
1427 memcpy(&old,
1428 (arm_addr->addr_space_buffer) + (addr -
1429 (arm_addr->
1430 start)),
1431 sizeof(old));
1432 switch (ext_tcode) {
1433 case (EXTCODE_MASK_SWAP):
1434 new = data | (old & ~arg);
1435 break;
1436 case (EXTCODE_COMPARE_SWAP):
1437 if (old == arg) {
1438 new = data;
1439 } else {
1440 new = old;
1442 break;
1443 case (EXTCODE_FETCH_ADD):
1444 new =
1445 cpu_to_be64(be64_to_cpu(data) +
1446 be64_to_cpu(old));
1447 break;
1448 case (EXTCODE_LITTLE_ADD):
1449 new =
1450 cpu_to_le64(le64_to_cpu(data) +
1451 le64_to_cpu(old));
1452 break;
1453 case (EXTCODE_BOUNDED_ADD):
1454 if (old != arg) {
1455 new =
1456 cpu_to_be64(be64_to_cpu
1457 (data) +
1458 be64_to_cpu
1459 (old));
1460 } else {
1461 new = old;
1463 break;
1464 case (EXTCODE_WRAP_ADD):
1465 if (old != arg) {
1466 new =
1467 cpu_to_be64(be64_to_cpu
1468 (data) +
1469 be64_to_cpu
1470 (old));
1471 } else {
1472 new = data;
1474 break;
1475 default:
1476 printk(KERN_ERR
1477 "raw1394: arm_lock64 FAILED "
1478 "ext_tcode not allowed -> rcode_type_error\n");
1479 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1480 break;
1481 } /*switch */
1482 if (rcode == -1) {
1483 DBGMSG
1484 ("arm_lock64 -> (rcode_complete)");
1485 rcode = RCODE_COMPLETE;
1486 memcpy(store, &old, sizeof(*store));
1487 memcpy((arm_addr->addr_space_buffer) +
1488 (addr - (arm_addr->start)),
1489 &new, sizeof(*store));
1492 } else {
1493 rcode = RCODE_TYPE_ERROR; /* function not allowed */
1494 DBGMSG
1495 ("arm_lock64 -> rcode_type_error (access denied)");
1498 if (arm_addr->notification_options & ARM_LOCK) {
1499 byte_t *buf1, *buf2;
1500 DBGMSG("arm_lock64 -> entering notification-section");
1501 req = __alloc_pending_request(GFP_ATOMIC);
1502 if (!req) {
1503 spin_unlock_irqrestore(&host_info_lock, irqflags);
1504 DBGMSG("arm_lock64 -> rcode_conflict_error");
1505 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1506 The request may be retried */
1508 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response); /* maximum */
1509 req->data = kmalloc(size, GFP_ATOMIC);
1510 if (!(req->data)) {
1511 free_pending_request(req);
1512 spin_unlock_irqrestore(&host_info_lock, irqflags);
1513 DBGMSG("arm_lock64 -> rcode_conflict_error");
1514 return (RCODE_CONFLICT_ERROR); /* A resource conflict was detected.
1515 The request may be retried */
1517 req->free_data = 1;
1518 arm_req_resp = (struct arm_request_response *)(req->data);
1519 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1520 (sizeof
1521 (struct
1522 arm_request_response)));
1523 arm_resp =
1524 (struct arm_response *)((byte_t *) (arm_req) +
1525 (sizeof(struct arm_request)));
1526 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1527 buf2 = buf1 + 2 * sizeof(*store);
1528 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1529 (ext_tcode == EXTCODE_LITTLE_ADD)) {
1530 arm_req->buffer_length = sizeof(*store);
1531 memcpy(buf1, &data, sizeof(*store));
1533 } else {
1534 arm_req->buffer_length = 2 * sizeof(*store);
1535 memcpy(buf1, &arg, sizeof(*store));
1536 memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1538 if (rcode == RCODE_COMPLETE) {
1539 arm_resp->buffer_length = sizeof(*store);
1540 memcpy(buf2, &old, sizeof(*store));
1541 } else {
1542 arm_resp->buffer_length = 0;
1544 req->file_info = fi;
1545 req->req.type = RAW1394_REQ_ARM;
1546 req->req.generation = get_hpsb_generation(host);
1547 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1548 (ARM_LOCK & 0xFF));
1549 req->req.tag = arm_addr->arm_tag;
1550 req->req.recvb = arm_addr->recvb;
1551 req->req.length = size;
1552 arm_req->generation = req->req.generation;
1553 arm_req->extended_transaction_code = ext_tcode;
1554 arm_req->destination_offset = addr;
1555 arm_req->source_nodeid = nodeid;
1556 arm_req->destination_nodeid = host->node_id;
1557 arm_req->tlabel = (flags >> 10) & 0x3f;
1558 arm_req->tcode = (flags >> 4) & 0x0f;
1559 arm_resp->response_code = rcode;
1560 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1561 sizeof(struct
1562 arm_request_response));
1563 arm_req_resp->response =
1564 int2ptr((arm_addr->recvb) +
1565 sizeof(struct arm_request_response) +
1566 sizeof(struct arm_request));
1567 arm_req->buffer =
1568 int2ptr((arm_addr->recvb) +
1569 sizeof(struct arm_request_response) +
1570 sizeof(struct arm_request) +
1571 sizeof(struct arm_response));
1572 arm_resp->buffer =
1573 int2ptr((arm_addr->recvb) +
1574 sizeof(struct arm_request_response) +
1575 sizeof(struct arm_request) +
1576 sizeof(struct arm_response) + 2 * sizeof(*store));
1577 queue_complete_req(req);
1579 spin_unlock_irqrestore(&host_info_lock, irqflags);
1580 return (rcode);
1583 static int arm_register(struct file_info *fi, struct pending_request *req)
1585 int retval;
1586 struct arm_addr *addr;
1587 struct host_info *hi;
1588 struct file_info *fi_hlp = NULL;
1589 struct list_head *entry;
1590 struct arm_addr *arm_addr = NULL;
1591 int same_host, another_host;
1592 unsigned long flags;
1594 DBGMSG("arm_register called "
1595 "addr(Offset): %8.8x %8.8x length: %u "
1596 "rights: %2.2X notify: %2.2X "
1597 "max_blk_len: %4.4X",
1598 (u32) ((req->req.address >> 32) & 0xFFFF),
1599 (u32) (req->req.address & 0xFFFFFFFF),
1600 req->req.length, ((req->req.misc >> 8) & 0xFF),
1601 (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1602 /* check addressrange */
1603 if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1604 (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1605 0)) {
1606 req->req.length = 0;
1607 return (-EINVAL);
1609 /* addr-list-entry for fileinfo */
1610 addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1611 if (!addr) {
1612 req->req.length = 0;
1613 return (-ENOMEM);
1615 /* allocation of addr_space_buffer */
1616 addr->addr_space_buffer = vmalloc(req->req.length);
1617 if (!(addr->addr_space_buffer)) {
1618 kfree(addr);
1619 req->req.length = 0;
1620 return (-ENOMEM);
1622 /* initialization of addr_space_buffer */
1623 if ((req->req.sendb) == (unsigned long)NULL) {
1624 /* init: set 0 */
1625 memset(addr->addr_space_buffer, 0, req->req.length);
1626 } else {
1627 /* init: user -> kernel */
1628 if (copy_from_user
1629 (addr->addr_space_buffer, int2ptr(req->req.sendb),
1630 req->req.length)) {
1631 vfree(addr->addr_space_buffer);
1632 kfree(addr);
1633 return (-EFAULT);
1636 INIT_LIST_HEAD(&addr->addr_list);
1637 addr->arm_tag = req->req.tag;
1638 addr->start = req->req.address;
1639 addr->end = req->req.address + req->req.length;
1640 addr->access_rights = (u8) (req->req.misc & 0x0F);
1641 addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1642 addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1643 addr->access_rights |= addr->client_transactions;
1644 addr->notification_options |= addr->client_transactions;
1645 addr->recvb = req->req.recvb;
1646 addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1648 spin_lock_irqsave(&host_info_lock, flags);
1649 hi = find_host_info(fi->host);
1650 same_host = 0;
1651 another_host = 0;
1652 /* same host with address-entry containing same addressrange ? */
1653 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1654 entry = fi_hlp->addr_list.next;
1655 while (entry != &(fi_hlp->addr_list)) {
1656 arm_addr =
1657 list_entry(entry, struct arm_addr, addr_list);
1658 if ((arm_addr->start == addr->start)
1659 && (arm_addr->end == addr->end)) {
1660 DBGMSG("same host ownes same "
1661 "addressrange -> EALREADY");
1662 same_host = 1;
1663 break;
1665 entry = entry->next;
1667 if (same_host) {
1668 break;
1671 if (same_host) {
1672 /* addressrange occupied by same host */
1673 spin_unlock_irqrestore(&host_info_lock, flags);
1674 vfree(addr->addr_space_buffer);
1675 kfree(addr);
1676 return (-EALREADY);
1678 /* another host with valid address-entry containing same addressrange */
1679 list_for_each_entry(hi, &host_info_list, list) {
1680 if (hi->host != fi->host) {
1681 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1682 entry = fi_hlp->addr_list.next;
1683 while (entry != &(fi_hlp->addr_list)) {
1684 arm_addr =
1685 list_entry(entry, struct arm_addr,
1686 addr_list);
1687 if ((arm_addr->start == addr->start)
1688 && (arm_addr->end == addr->end)) {
1689 DBGMSG
1690 ("another host ownes same "
1691 "addressrange");
1692 another_host = 1;
1693 break;
1695 entry = entry->next;
1697 if (another_host) {
1698 break;
1703 spin_unlock_irqrestore(&host_info_lock, flags);
1705 if (another_host) {
1706 DBGMSG("another hosts entry is valid -> SUCCESS");
1707 if (copy_to_user(int2ptr(req->req.recvb),
1708 &addr->start, sizeof(u64))) {
1709 printk(KERN_ERR "raw1394: arm_register failed "
1710 " address-range-entry is invalid -> EFAULT !!!\n");
1711 vfree(addr->addr_space_buffer);
1712 kfree(addr);
1713 return (-EFAULT);
1715 free_pending_request(req); /* immediate success or fail */
1716 /* INSERT ENTRY */
1717 spin_lock_irqsave(&host_info_lock, flags);
1718 list_add_tail(&addr->addr_list, &fi->addr_list);
1719 spin_unlock_irqrestore(&host_info_lock, flags);
1720 return 0;
1722 retval =
1723 hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1724 req->req.address,
1725 req->req.address + req->req.length);
1726 if (retval) {
1727 /* INSERT ENTRY */
1728 spin_lock_irqsave(&host_info_lock, flags);
1729 list_add_tail(&addr->addr_list, &fi->addr_list);
1730 spin_unlock_irqrestore(&host_info_lock, flags);
1731 } else {
1732 DBGMSG("arm_register failed errno: %d \n", retval);
1733 vfree(addr->addr_space_buffer);
1734 kfree(addr);
1735 return (-EALREADY);
1737 free_pending_request(req); /* immediate success or fail */
1738 return 0;
1741 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1743 int found = 0;
1744 int retval = 0;
1745 struct list_head *entry;
1746 struct arm_addr *addr = NULL;
1747 struct host_info *hi;
1748 struct file_info *fi_hlp = NULL;
1749 struct arm_addr *arm_addr = NULL;
1750 int another_host;
1751 unsigned long flags;
1753 DBGMSG("arm_Unregister called addr(Offset): "
1754 "%8.8x %8.8x",
1755 (u32) ((req->req.address >> 32) & 0xFFFF),
1756 (u32) (req->req.address & 0xFFFFFFFF));
1757 spin_lock_irqsave(&host_info_lock, flags);
1758 /* get addr */
1759 entry = fi->addr_list.next;
1760 while (entry != &(fi->addr_list)) {
1761 addr = list_entry(entry, struct arm_addr, addr_list);
1762 if (addr->start == req->req.address) {
1763 found = 1;
1764 break;
1766 entry = entry->next;
1768 if (!found) {
1769 DBGMSG("arm_Unregister addr not found");
1770 spin_unlock_irqrestore(&host_info_lock, flags);
1771 return (-EINVAL);
1773 DBGMSG("arm_Unregister addr found");
1774 another_host = 0;
1775 /* another host with valid address-entry containing
1776 same addressrange */
1777 list_for_each_entry(hi, &host_info_list, list) {
1778 if (hi->host != fi->host) {
1779 list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1780 entry = fi_hlp->addr_list.next;
1781 while (entry != &(fi_hlp->addr_list)) {
1782 arm_addr = list_entry(entry,
1783 struct arm_addr,
1784 addr_list);
1785 if (arm_addr->start == addr->start) {
1786 DBGMSG("another host ownes "
1787 "same addressrange");
1788 another_host = 1;
1789 break;
1791 entry = entry->next;
1793 if (another_host) {
1794 break;
1799 if (another_host) {
1800 DBGMSG("delete entry from list -> success");
1801 list_del(&addr->addr_list);
1802 spin_unlock_irqrestore(&host_info_lock, flags);
1803 vfree(addr->addr_space_buffer);
1804 kfree(addr);
1805 free_pending_request(req); /* immediate success or fail */
1806 return 0;
1808 retval =
1809 hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1810 addr->start);
1811 if (!retval) {
1812 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1813 spin_unlock_irqrestore(&host_info_lock, flags);
1814 return (-EINVAL);
1816 DBGMSG("delete entry from list -> success");
1817 list_del(&addr->addr_list);
1818 spin_unlock_irqrestore(&host_info_lock, flags);
1819 vfree(addr->addr_space_buffer);
1820 kfree(addr);
1821 free_pending_request(req); /* immediate success or fail */
1822 return 0;
1825 /* Copy data from ARM buffer(s) to user buffer. */
1826 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1828 struct arm_addr *arm_addr = NULL;
1829 unsigned long flags;
1830 unsigned long offset;
1832 struct list_head *entry;
1834 DBGMSG("arm_get_buf "
1835 "addr(Offset): %04X %08X length: %u",
1836 (u32) ((req->req.address >> 32) & 0xFFFF),
1837 (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1839 spin_lock_irqsave(&host_info_lock, flags);
1840 entry = fi->addr_list.next;
1841 while (entry != &(fi->addr_list)) {
1842 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1843 if ((arm_addr->start <= req->req.address) &&
1844 (arm_addr->end > req->req.address)) {
1845 if (req->req.address + req->req.length <= arm_addr->end) {
1846 offset = req->req.address - arm_addr->start;
1847 spin_unlock_irqrestore(&host_info_lock, flags);
1849 DBGMSG
1850 ("arm_get_buf copy_to_user( %08X, %p, %u )",
1851 (u32) req->req.recvb,
1852 arm_addr->addr_space_buffer + offset,
1853 (u32) req->req.length);
1854 if (copy_to_user
1855 (int2ptr(req->req.recvb),
1856 arm_addr->addr_space_buffer + offset,
1857 req->req.length))
1858 return (-EFAULT);
1860 /* We have to free the request, because we
1861 * queue no response, and therefore nobody
1862 * will free it. */
1863 free_pending_request(req);
1864 return 0;
1865 } else {
1866 DBGMSG("arm_get_buf request exceeded mapping");
1867 spin_unlock_irqrestore(&host_info_lock, flags);
1868 return (-EINVAL);
1871 entry = entry->next;
1873 spin_unlock_irqrestore(&host_info_lock, flags);
1874 return (-EINVAL);
1877 /* Copy data from user buffer to ARM buffer(s). */
1878 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1880 struct arm_addr *arm_addr = NULL;
1881 unsigned long flags;
1882 unsigned long offset;
1884 struct list_head *entry;
1886 DBGMSG("arm_set_buf "
1887 "addr(Offset): %04X %08X length: %u",
1888 (u32) ((req->req.address >> 32) & 0xFFFF),
1889 (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1891 spin_lock_irqsave(&host_info_lock, flags);
1892 entry = fi->addr_list.next;
1893 while (entry != &(fi->addr_list)) {
1894 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1895 if ((arm_addr->start <= req->req.address) &&
1896 (arm_addr->end > req->req.address)) {
1897 if (req->req.address + req->req.length <= arm_addr->end) {
1898 offset = req->req.address - arm_addr->start;
1899 spin_unlock_irqrestore(&host_info_lock, flags);
1901 DBGMSG
1902 ("arm_set_buf copy_from_user( %p, %08X, %u )",
1903 arm_addr->addr_space_buffer + offset,
1904 (u32) req->req.sendb,
1905 (u32) req->req.length);
1906 if (copy_from_user
1907 (arm_addr->addr_space_buffer + offset,
1908 int2ptr(req->req.sendb),
1909 req->req.length))
1910 return (-EFAULT);
1912 /* We have to free the request, because we
1913 * queue no response, and therefore nobody
1914 * will free it. */
1915 free_pending_request(req);
1916 return 0;
1917 } else {
1918 DBGMSG("arm_set_buf request exceeded mapping");
1919 spin_unlock_irqrestore(&host_info_lock, flags);
1920 return (-EINVAL);
1923 entry = entry->next;
1925 spin_unlock_irqrestore(&host_info_lock, flags);
1926 return (-EINVAL);
1929 static int reset_notification(struct file_info *fi, struct pending_request *req)
1931 DBGMSG("reset_notification called - switch %s ",
1932 (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
1933 if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
1934 (req->req.misc == RAW1394_NOTIFY_ON)) {
1935 fi->notification = (u8) req->req.misc;
1936 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
1937 return 0;
1939 /* error EINVAL (22) invalid argument */
1940 return (-EINVAL);
1943 static int write_phypacket(struct file_info *fi, struct pending_request *req)
1945 struct hpsb_packet *packet = NULL;
1946 int retval = 0;
1947 quadlet_t data;
1948 unsigned long flags;
1950 data = be32_to_cpu((u32) req->req.sendb);
1951 DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
1952 packet = hpsb_make_phypacket(fi->host, data);
1953 if (!packet)
1954 return -ENOMEM;
1955 req->req.length = 0;
1956 req->packet = packet;
1957 hpsb_set_packet_complete_task(packet,
1958 (void (*)(void *))queue_complete_cb, req);
1959 spin_lock_irqsave(&fi->reqlists_lock, flags);
1960 list_add_tail(&req->list, &fi->req_pending);
1961 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
1962 packet->generation = req->req.generation;
1963 retval = hpsb_send_packet(packet);
1964 DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
1965 if (retval < 0) {
1966 req->req.error = RAW1394_ERROR_SEND_ERROR;
1967 req->req.length = 0;
1968 queue_complete_req(req);
1970 return 0;
1973 static int get_config_rom(struct file_info *fi, struct pending_request *req)
1975 int ret = 0;
1976 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
1977 int status;
1979 if (!data)
1980 return -ENOMEM;
1982 status =
1983 csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
1984 data, req->req.length);
1985 if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
1986 ret = -EFAULT;
1987 if (copy_to_user
1988 (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
1989 sizeof(fi->host->csr.rom->cache_head->len)))
1990 ret = -EFAULT;
1991 if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
1992 sizeof(fi->host->csr.generation)))
1993 ret = -EFAULT;
1994 if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
1995 ret = -EFAULT;
1996 kfree(data);
1997 if (ret >= 0) {
1998 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2000 return ret;
2003 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2005 int ret = 0;
2006 quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2007 if (!data)
2008 return -ENOMEM;
2009 if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2010 ret = -EFAULT;
2011 } else {
2012 int status = hpsb_update_config_rom(fi->host,
2013 data, req->req.length,
2014 (unsigned char)req->req.
2015 misc);
2016 if (copy_to_user
2017 (int2ptr(req->req.recvb), &status, sizeof(status)))
2018 ret = -ENOMEM;
2020 kfree(data);
2021 if (ret >= 0) {
2022 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2023 fi->cfgrom_upd = 1;
2025 return ret;
2028 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2030 struct csr1212_keyval *kv;
2031 struct csr1212_csr_rom_cache *cache;
2032 struct csr1212_dentry *dentry;
2033 u32 dr;
2034 int ret = 0;
2036 if (req->req.misc == ~0) {
2037 if (req->req.length == 0)
2038 return -EINVAL;
2040 /* Find an unused slot */
2041 for (dr = 0;
2042 dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2043 dr++) ;
2045 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2046 return -ENOMEM;
2048 fi->csr1212_dirs[dr] =
2049 csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2050 if (!fi->csr1212_dirs[dr])
2051 return -ENOMEM;
2052 } else {
2053 dr = req->req.misc;
2054 if (!fi->csr1212_dirs[dr])
2055 return -EINVAL;
2057 /* Delete old stuff */
2058 for (dentry =
2059 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2060 dentry; dentry = dentry->next) {
2061 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2062 root_kv,
2063 dentry->kv);
2066 if (req->req.length == 0) {
2067 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2068 fi->csr1212_dirs[dr] = NULL;
2070 hpsb_update_config_rom_image(fi->host);
2071 free_pending_request(req);
2072 return 0;
2076 cache = csr1212_rom_cache_malloc(0, req->req.length);
2077 if (!cache) {
2078 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2079 fi->csr1212_dirs[dr] = NULL;
2080 return -ENOMEM;
2083 cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2084 if (!cache->filled_head) {
2085 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2086 fi->csr1212_dirs[dr] = NULL;
2087 CSR1212_FREE(cache);
2088 return -ENOMEM;
2090 cache->filled_tail = cache->filled_head;
2092 if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2093 req->req.length)) {
2094 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2095 fi->csr1212_dirs[dr] = NULL;
2096 ret = -EFAULT;
2097 } else {
2098 cache->len = req->req.length;
2099 cache->filled_head->offset_start = 0;
2100 cache->filled_head->offset_end = cache->size - 1;
2102 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2104 ret = CSR1212_SUCCESS;
2105 /* parse all the items */
2106 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2107 kv = kv->next) {
2108 ret = csr1212_parse_keyval(kv, cache);
2111 /* attach top level items to the root directory */
2112 for (dentry =
2113 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2114 ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2115 ret =
2116 csr1212_attach_keyval_to_directory(fi->host->csr.
2117 rom->root_kv,
2118 dentry->kv);
2121 if (ret == CSR1212_SUCCESS) {
2122 ret = hpsb_update_config_rom_image(fi->host);
2124 if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2125 &dr, sizeof(dr))) {
2126 ret = -ENOMEM;
2130 kfree(cache->filled_head);
2131 CSR1212_FREE(cache);
2133 if (ret >= 0) {
2134 /* we have to free the request, because we queue no response,
2135 * and therefore nobody will free it */
2136 free_pending_request(req);
2137 return 0;
2138 } else {
2139 for (dentry =
2140 fi->csr1212_dirs[dr]->value.directory.dentries_head;
2141 dentry; dentry = dentry->next) {
2142 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2143 root_kv,
2144 dentry->kv);
2146 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2147 fi->csr1212_dirs[dr] = NULL;
2148 return ret;
2152 static int state_connected(struct file_info *fi, struct pending_request *req)
2154 int node = req->req.address >> 48;
2156 req->req.error = RAW1394_ERROR_NONE;
2158 switch (req->req.type) {
2160 case RAW1394_REQ_ECHO:
2161 queue_complete_req(req);
2162 return 0;
2164 case RAW1394_REQ_ARM_REGISTER:
2165 return arm_register(fi, req);
2167 case RAW1394_REQ_ARM_UNREGISTER:
2168 return arm_unregister(fi, req);
2170 case RAW1394_REQ_ARM_SET_BUF:
2171 return arm_set_buf(fi, req);
2173 case RAW1394_REQ_ARM_GET_BUF:
2174 return arm_get_buf(fi, req);
2176 case RAW1394_REQ_RESET_NOTIFY:
2177 return reset_notification(fi, req);
2179 case RAW1394_REQ_ISO_SEND:
2180 case RAW1394_REQ_ISO_LISTEN:
2181 printk(KERN_DEBUG "raw1394: old iso ABI has been removed\n");
2182 req->req.error = RAW1394_ERROR_COMPAT;
2183 req->req.misc = RAW1394_KERNELAPI_VERSION;
2184 queue_complete_req(req);
2185 return 0;
2187 case RAW1394_REQ_FCP_LISTEN:
2188 handle_fcp_listen(fi, req);
2189 return 0;
2191 case RAW1394_REQ_RESET_BUS:
2192 if (req->req.misc == RAW1394_LONG_RESET) {
2193 DBGMSG("busreset called (type: LONG)");
2194 hpsb_reset_bus(fi->host, LONG_RESET);
2195 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2196 return 0;
2198 if (req->req.misc == RAW1394_SHORT_RESET) {
2199 DBGMSG("busreset called (type: SHORT)");
2200 hpsb_reset_bus(fi->host, SHORT_RESET);
2201 free_pending_request(req); /* we have to free the request, because we queue no response, and therefore nobody will free it */
2202 return 0;
2204 /* error EINVAL (22) invalid argument */
2205 return (-EINVAL);
2206 case RAW1394_REQ_GET_ROM:
2207 return get_config_rom(fi, req);
2209 case RAW1394_REQ_UPDATE_ROM:
2210 return update_config_rom(fi, req);
2212 case RAW1394_REQ_MODIFY_ROM:
2213 return modify_config_rom(fi, req);
2216 if (req->req.generation != get_hpsb_generation(fi->host)) {
2217 req->req.error = RAW1394_ERROR_GENERATION;
2218 req->req.generation = get_hpsb_generation(fi->host);
2219 req->req.length = 0;
2220 queue_complete_req(req);
2221 return 0;
2224 switch (req->req.type) {
2225 case RAW1394_REQ_PHYPACKET:
2226 return write_phypacket(fi, req);
2227 case RAW1394_REQ_ASYNC_SEND:
2228 return handle_async_send(fi, req);
2231 if (req->req.length == 0) {
2232 req->req.error = RAW1394_ERROR_INVALID_ARG;
2233 queue_complete_req(req);
2234 return 0;
2237 return handle_async_request(fi, req, node);
2240 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2241 size_t count, loff_t * offset_is_ignored)
2243 struct file_info *fi = (struct file_info *)file->private_data;
2244 struct pending_request *req;
2245 ssize_t retval = -EBADFD;
2247 #ifdef CONFIG_COMPAT
2248 if (count == sizeof(struct compat_raw1394_req) &&
2249 sizeof(struct compat_raw1394_req) !=
2250 sizeof(struct raw1394_request)) {
2251 buffer = raw1394_compat_write(buffer);
2252 if (IS_ERR(buffer))
2253 return PTR_ERR(buffer);
2254 } else
2255 #endif
2256 if (count != sizeof(struct raw1394_request)) {
2257 return -EINVAL;
2260 req = alloc_pending_request();
2261 if (req == NULL) {
2262 return -ENOMEM;
2264 req->file_info = fi;
2266 if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2267 free_pending_request(req);
2268 return -EFAULT;
2271 mutex_lock(&fi->state_mutex);
2273 switch (fi->state) {
2274 case opened:
2275 retval = state_opened(fi, req);
2276 break;
2278 case initialized:
2279 retval = state_initialized(fi, req);
2280 break;
2282 case connected:
2283 retval = state_connected(fi, req);
2284 break;
2287 mutex_unlock(&fi->state_mutex);
2289 if (retval < 0) {
2290 free_pending_request(req);
2291 } else {
2292 BUG_ON(retval);
2293 retval = count;
2296 return retval;
2299 /* rawiso operations */
2301 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2302 * completion queue (reqlists_lock must be taken) */
2303 static inline int __rawiso_event_in_queue(struct file_info *fi)
2305 struct pending_request *req;
2307 list_for_each_entry(req, &fi->req_complete, list)
2308 if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2309 return 1;
2311 return 0;
2314 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2315 static void queue_rawiso_event(struct file_info *fi)
2317 unsigned long flags;
2319 spin_lock_irqsave(&fi->reqlists_lock, flags);
2321 /* only one ISO activity event may be in the queue */
2322 if (!__rawiso_event_in_queue(fi)) {
2323 struct pending_request *req =
2324 __alloc_pending_request(GFP_ATOMIC);
2326 if (req) {
2327 req->file_info = fi;
2328 req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2329 req->req.generation = get_hpsb_generation(fi->host);
2330 __queue_complete_req(req);
2331 } else {
2332 /* on allocation failure, signal an overflow */
2333 if (fi->iso_handle) {
2334 atomic_inc(&fi->iso_handle->overflows);
2338 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2341 static void rawiso_activity_cb(struct hpsb_iso *iso)
2343 unsigned long flags;
2344 struct host_info *hi;
2345 struct file_info *fi;
2347 spin_lock_irqsave(&host_info_lock, flags);
2348 hi = find_host_info(iso->host);
2350 if (hi != NULL) {
2351 list_for_each_entry(fi, &hi->file_info_list, list) {
2352 if (fi->iso_handle == iso)
2353 queue_rawiso_event(fi);
2357 spin_unlock_irqrestore(&host_info_lock, flags);
2360 /* helper function - gather all the kernel iso status bits for returning to user-space */
2361 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2362 struct raw1394_iso_status *stat)
2364 int overflows = atomic_read(&iso->overflows);
2365 int skips = atomic_read(&iso->skips);
2367 stat->config.data_buf_size = iso->buf_size;
2368 stat->config.buf_packets = iso->buf_packets;
2369 stat->config.channel = iso->channel;
2370 stat->config.speed = iso->speed;
2371 stat->config.irq_interval = iso->irq_interval;
2372 stat->n_packets = hpsb_iso_n_ready(iso);
2373 stat->overflows = ((skips & 0xFFFF) << 16) | ((overflows & 0xFFFF));
2374 stat->xmit_cycle = iso->xmit_cycle;
2377 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2379 struct raw1394_iso_status stat;
2381 if (!fi->host)
2382 return -EINVAL;
2384 if (copy_from_user(&stat, uaddr, sizeof(stat)))
2385 return -EFAULT;
2387 fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2388 stat.config.data_buf_size,
2389 stat.config.buf_packets,
2390 stat.config.channel,
2391 stat.config.speed,
2392 stat.config.irq_interval,
2393 rawiso_activity_cb);
2394 if (!fi->iso_handle)
2395 return -ENOMEM;
2397 fi->iso_state = RAW1394_ISO_XMIT;
2399 raw1394_iso_fill_status(fi->iso_handle, &stat);
2400 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2401 return -EFAULT;
2403 /* queue an event to get things started */
2404 rawiso_activity_cb(fi->iso_handle);
2406 return 0;
2409 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2411 struct raw1394_iso_status stat;
2413 if (!fi->host)
2414 return -EINVAL;
2416 if (copy_from_user(&stat, uaddr, sizeof(stat)))
2417 return -EFAULT;
2419 fi->iso_handle = hpsb_iso_recv_init(fi->host,
2420 stat.config.data_buf_size,
2421 stat.config.buf_packets,
2422 stat.config.channel,
2423 stat.config.dma_mode,
2424 stat.config.irq_interval,
2425 rawiso_activity_cb);
2426 if (!fi->iso_handle)
2427 return -ENOMEM;
2429 fi->iso_state = RAW1394_ISO_RECV;
2431 raw1394_iso_fill_status(fi->iso_handle, &stat);
2432 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2433 return -EFAULT;
2434 return 0;
2437 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2439 struct raw1394_iso_status stat;
2440 struct hpsb_iso *iso = fi->iso_handle;
2442 raw1394_iso_fill_status(fi->iso_handle, &stat);
2443 if (copy_to_user(uaddr, &stat, sizeof(stat)))
2444 return -EFAULT;
2446 /* reset overflow counter */
2447 atomic_set(&iso->overflows, 0);
2448 /* reset skip counter */
2449 atomic_set(&iso->skips, 0);
2451 return 0;
2454 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2455 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2457 struct raw1394_iso_packets upackets;
2458 unsigned int packet = fi->iso_handle->first_packet;
2459 int i;
2461 if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2462 return -EFAULT;
2464 if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2465 return -EINVAL;
2467 /* ensure user-supplied buffer is accessible and big enough */
2468 if (!access_ok(VERIFY_WRITE, upackets.infos,
2469 upackets.n_packets *
2470 sizeof(struct raw1394_iso_packet_info)))
2471 return -EFAULT;
2473 /* copy the packet_infos out */
2474 for (i = 0; i < upackets.n_packets; i++) {
2475 if (__copy_to_user(&upackets.infos[i],
2476 &fi->iso_handle->infos[packet],
2477 sizeof(struct raw1394_iso_packet_info)))
2478 return -EFAULT;
2480 packet = (packet + 1) % fi->iso_handle->buf_packets;
2483 return 0;
2486 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2487 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2489 struct raw1394_iso_packets upackets;
2490 int i, rv;
2492 if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2493 return -EFAULT;
2495 if (upackets.n_packets >= fi->iso_handle->buf_packets)
2496 return -EINVAL;
2498 if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2499 return -EAGAIN;
2501 /* ensure user-supplied buffer is accessible and big enough */
2502 if (!access_ok(VERIFY_READ, upackets.infos,
2503 upackets.n_packets *
2504 sizeof(struct raw1394_iso_packet_info)))
2505 return -EFAULT;
2507 /* copy the infos structs in and queue the packets */
2508 for (i = 0; i < upackets.n_packets; i++) {
2509 struct raw1394_iso_packet_info info;
2511 if (__copy_from_user(&info, &upackets.infos[i],
2512 sizeof(struct raw1394_iso_packet_info)))
2513 return -EFAULT;
2515 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2516 info.len, info.tag, info.sy);
2517 if (rv)
2518 return rv;
2521 return 0;
2524 static void raw1394_iso_shutdown(struct file_info *fi)
2526 if (fi->iso_handle)
2527 hpsb_iso_shutdown(fi->iso_handle);
2529 fi->iso_handle = NULL;
2530 fi->iso_state = RAW1394_ISO_INACTIVE;
2533 static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2535 struct raw1394_cycle_timer ct;
2536 int err;
2538 err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2539 if (!err)
2540 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2541 err = -EFAULT;
2542 return err;
2545 /* mmap the rawiso xmit/recv buffer */
2546 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2548 struct file_info *fi = file->private_data;
2549 int ret;
2551 mutex_lock(&fi->state_mutex);
2553 if (fi->iso_state == RAW1394_ISO_INACTIVE)
2554 ret = -EINVAL;
2555 else
2556 ret = dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2558 mutex_unlock(&fi->state_mutex);
2560 return ret;
2563 static long raw1394_ioctl_inactive(struct file_info *fi, unsigned int cmd,
2564 void __user *argp)
2566 switch (cmd) {
2567 case RAW1394_IOC_ISO_XMIT_INIT:
2568 return raw1394_iso_xmit_init(fi, argp);
2569 case RAW1394_IOC_ISO_RECV_INIT:
2570 return raw1394_iso_recv_init(fi, argp);
2571 default:
2572 return -EINVAL;
2576 static long raw1394_ioctl_recv(struct file_info *fi, unsigned int cmd,
2577 unsigned long arg)
2579 void __user *argp = (void __user *)arg;
2581 switch (cmd) {
2582 case RAW1394_IOC_ISO_RECV_START:{
2583 int args[3];
2585 if (copy_from_user(&args[0], argp, sizeof(args)))
2586 return -EFAULT;
2587 return hpsb_iso_recv_start(fi->iso_handle,
2588 args[0], args[1], args[2]);
2590 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2591 hpsb_iso_stop(fi->iso_handle);
2592 return 0;
2593 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2594 return hpsb_iso_recv_listen_channel(fi->iso_handle, arg);
2595 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2596 return hpsb_iso_recv_unlisten_channel(fi->iso_handle, arg);
2597 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2598 u64 mask;
2600 if (copy_from_user(&mask, argp, sizeof(mask)))
2601 return -EFAULT;
2602 return hpsb_iso_recv_set_channel_mask(fi->iso_handle,
2603 mask);
2605 case RAW1394_IOC_ISO_GET_STATUS:
2606 return raw1394_iso_get_status(fi, argp);
2607 case RAW1394_IOC_ISO_RECV_PACKETS:
2608 return raw1394_iso_recv_packets(fi, argp);
2609 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2610 return hpsb_iso_recv_release_packets(fi->iso_handle, arg);
2611 case RAW1394_IOC_ISO_RECV_FLUSH:
2612 return hpsb_iso_recv_flush(fi->iso_handle);
2613 case RAW1394_IOC_ISO_SHUTDOWN:
2614 raw1394_iso_shutdown(fi);
2615 return 0;
2616 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2617 queue_rawiso_event(fi);
2618 return 0;
2619 default:
2620 return -EINVAL;
2624 static long raw1394_ioctl_xmit(struct file_info *fi, unsigned int cmd,
2625 void __user *argp)
2627 switch (cmd) {
2628 case RAW1394_IOC_ISO_XMIT_START:{
2629 int args[2];
2631 if (copy_from_user(&args[0], argp, sizeof(args)))
2632 return -EFAULT;
2633 return hpsb_iso_xmit_start(fi->iso_handle,
2634 args[0], args[1]);
2636 case RAW1394_IOC_ISO_XMIT_SYNC:
2637 return hpsb_iso_xmit_sync(fi->iso_handle);
2638 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2639 hpsb_iso_stop(fi->iso_handle);
2640 return 0;
2641 case RAW1394_IOC_ISO_GET_STATUS:
2642 return raw1394_iso_get_status(fi, argp);
2643 case RAW1394_IOC_ISO_XMIT_PACKETS:
2644 return raw1394_iso_send_packets(fi, argp);
2645 case RAW1394_IOC_ISO_SHUTDOWN:
2646 raw1394_iso_shutdown(fi);
2647 return 0;
2648 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2649 queue_rawiso_event(fi);
2650 return 0;
2651 default:
2652 return -EINVAL;
2656 /* ioctl is only used for rawiso operations */
2657 static long raw1394_ioctl(struct file *file, unsigned int cmd,
2658 unsigned long arg)
2660 struct file_info *fi = file->private_data;
2661 void __user *argp = (void __user *)arg;
2662 long ret;
2664 /* state-independent commands */
2665 switch(cmd) {
2666 case RAW1394_IOC_GET_CYCLE_TIMER:
2667 return raw1394_read_cycle_timer(fi, argp);
2668 default:
2669 break;
2672 mutex_lock(&fi->state_mutex);
2674 switch (fi->iso_state) {
2675 case RAW1394_ISO_INACTIVE:
2676 ret = raw1394_ioctl_inactive(fi, cmd, argp);
2677 break;
2678 case RAW1394_ISO_RECV:
2679 ret = raw1394_ioctl_recv(fi, cmd, arg);
2680 break;
2681 case RAW1394_ISO_XMIT:
2682 ret = raw1394_ioctl_xmit(fi, cmd, argp);
2683 break;
2684 default:
2685 ret = -EINVAL;
2686 break;
2689 mutex_unlock(&fi->state_mutex);
2691 return ret;
2694 #ifdef CONFIG_COMPAT
2695 struct raw1394_iso_packets32 {
2696 __u32 n_packets;
2697 compat_uptr_t infos;
2698 } __attribute__((packed));
2700 struct raw1394_cycle_timer32 {
2701 __u32 cycle_timer;
2702 __u64 local_time;
2704 #if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
2705 __attribute__((packed))
2706 #endif
2709 #define RAW1394_IOC_ISO_RECV_PACKETS32 \
2710 _IOW ('#', 0x25, struct raw1394_iso_packets32)
2711 #define RAW1394_IOC_ISO_XMIT_PACKETS32 \
2712 _IOW ('#', 0x27, struct raw1394_iso_packets32)
2713 #define RAW1394_IOC_GET_CYCLE_TIMER32 \
2714 _IOR ('#', 0x30, struct raw1394_cycle_timer32)
2716 static long raw1394_iso_xmit_recv_packets32(struct file *file, unsigned int cmd,
2717 struct raw1394_iso_packets32 __user *arg)
2719 compat_uptr_t infos32;
2720 void __user *infos;
2721 long err = -EFAULT;
2722 struct raw1394_iso_packets __user *dst = compat_alloc_user_space(sizeof(struct raw1394_iso_packets));
2724 if (!copy_in_user(&dst->n_packets, &arg->n_packets, sizeof arg->n_packets) &&
2725 !copy_from_user(&infos32, &arg->infos, sizeof infos32)) {
2726 infos = compat_ptr(infos32);
2727 if (!copy_to_user(&dst->infos, &infos, sizeof infos))
2728 err = raw1394_ioctl(file, cmd, (unsigned long)dst);
2730 return err;
2733 static long raw1394_read_cycle_timer32(struct file_info *fi, void __user * uaddr)
2735 struct raw1394_cycle_timer32 ct;
2736 int err;
2738 err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2739 if (!err)
2740 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2741 err = -EFAULT;
2742 return err;
2745 static long raw1394_compat_ioctl(struct file *file,
2746 unsigned int cmd, unsigned long arg)
2748 struct file_info *fi = file->private_data;
2749 void __user *argp = (void __user *)arg;
2750 long err;
2752 switch (cmd) {
2753 /* These requests have same format as long as 'int' has same size. */
2754 case RAW1394_IOC_ISO_RECV_INIT:
2755 case RAW1394_IOC_ISO_RECV_START:
2756 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2757 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2758 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:
2759 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2760 case RAW1394_IOC_ISO_RECV_FLUSH:
2761 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2762 case RAW1394_IOC_ISO_XMIT_INIT:
2763 case RAW1394_IOC_ISO_XMIT_START:
2764 case RAW1394_IOC_ISO_XMIT_SYNC:
2765 case RAW1394_IOC_ISO_GET_STATUS:
2766 case RAW1394_IOC_ISO_SHUTDOWN:
2767 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2768 err = raw1394_ioctl(file, cmd, arg);
2769 break;
2770 /* These request have different format. */
2771 case RAW1394_IOC_ISO_RECV_PACKETS32:
2772 err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_RECV_PACKETS, argp);
2773 break;
2774 case RAW1394_IOC_ISO_XMIT_PACKETS32:
2775 err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_XMIT_PACKETS, argp);
2776 break;
2777 case RAW1394_IOC_GET_CYCLE_TIMER32:
2778 err = raw1394_read_cycle_timer32(fi, argp);
2779 break;
2780 default:
2781 err = -EINVAL;
2782 break;
2785 return err;
2787 #endif
2789 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2791 struct file_info *fi = file->private_data;
2792 unsigned int mask = POLLOUT | POLLWRNORM;
2793 unsigned long flags;
2795 poll_wait(file, &fi->wait_complete, pt);
2797 spin_lock_irqsave(&fi->reqlists_lock, flags);
2798 if (!list_empty(&fi->req_complete)) {
2799 mask |= POLLIN | POLLRDNORM;
2801 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2803 return mask;
2806 static int raw1394_open(struct inode *inode, struct file *file)
2808 struct file_info *fi;
2810 fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2811 if (!fi)
2812 return -ENOMEM;
2814 fi->notification = (u8) RAW1394_NOTIFY_ON; /* busreset notification */
2816 INIT_LIST_HEAD(&fi->list);
2817 mutex_init(&fi->state_mutex);
2818 fi->state = opened;
2819 INIT_LIST_HEAD(&fi->req_pending);
2820 INIT_LIST_HEAD(&fi->req_complete);
2821 spin_lock_init(&fi->reqlists_lock);
2822 init_waitqueue_head(&fi->wait_complete);
2823 INIT_LIST_HEAD(&fi->addr_list);
2825 file->private_data = fi;
2827 return 0;
2830 static int raw1394_release(struct inode *inode, struct file *file)
2832 struct file_info *fi = file->private_data;
2833 struct list_head *lh;
2834 struct pending_request *req;
2835 int i, fail;
2836 int retval = 0;
2837 struct list_head *entry;
2838 struct arm_addr *addr = NULL;
2839 struct host_info *hi;
2840 struct file_info *fi_hlp = NULL;
2841 struct arm_addr *arm_addr = NULL;
2842 int another_host;
2843 int csr_mod = 0;
2844 unsigned long flags;
2846 if (fi->iso_state != RAW1394_ISO_INACTIVE)
2847 raw1394_iso_shutdown(fi);
2849 spin_lock_irqsave(&host_info_lock, flags);
2851 fail = 0;
2852 /* set address-entries invalid */
2854 while (!list_empty(&fi->addr_list)) {
2855 another_host = 0;
2856 lh = fi->addr_list.next;
2857 addr = list_entry(lh, struct arm_addr, addr_list);
2858 /* another host with valid address-entry containing
2859 same addressrange? */
2860 list_for_each_entry(hi, &host_info_list, list) {
2861 if (hi->host != fi->host) {
2862 list_for_each_entry(fi_hlp, &hi->file_info_list,
2863 list) {
2864 entry = fi_hlp->addr_list.next;
2865 while (entry != &(fi_hlp->addr_list)) {
2866 arm_addr = list_entry(entry, struct
2867 arm_addr,
2868 addr_list);
2869 if (arm_addr->start ==
2870 addr->start) {
2871 DBGMSG
2872 ("raw1394_release: "
2873 "another host ownes "
2874 "same addressrange");
2875 another_host = 1;
2876 break;
2878 entry = entry->next;
2880 if (another_host) {
2881 break;
2886 if (!another_host) {
2887 DBGMSG("raw1394_release: call hpsb_arm_unregister");
2888 retval =
2889 hpsb_unregister_addrspace(&raw1394_highlevel,
2890 fi->host, addr->start);
2891 if (!retval) {
2892 ++fail;
2893 printk(KERN_ERR
2894 "raw1394_release arm_Unregister failed\n");
2897 DBGMSG("raw1394_release: delete addr_entry from list");
2898 list_del(&addr->addr_list);
2899 vfree(addr->addr_space_buffer);
2900 kfree(addr);
2901 } /* while */
2902 spin_unlock_irqrestore(&host_info_lock, flags);
2903 if (fail > 0) {
2904 printk(KERN_ERR "raw1394: during addr_list-release "
2905 "error(s) occurred \n");
2908 for (;;) {
2909 /* This locked section guarantees that neither
2910 * complete nor pending requests exist once i!=0 */
2911 spin_lock_irqsave(&fi->reqlists_lock, flags);
2912 while ((req = __next_complete_req(fi)))
2913 free_pending_request(req);
2915 i = list_empty(&fi->req_pending);
2916 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2918 if (i)
2919 break;
2921 * Sleep until more requests can be freed.
2923 * NB: We call the macro wait_event() with a condition argument
2924 * with side effect. This is only possible because the side
2925 * effect does not occur until the condition became true, and
2926 * wait_event() won't evaluate the condition again after that.
2928 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2929 free_pending_request(req);
2932 /* Remove any sub-trees left by user space programs */
2933 for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2934 struct csr1212_dentry *dentry;
2935 if (!fi->csr1212_dirs[i])
2936 continue;
2937 for (dentry =
2938 fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2939 dentry = dentry->next) {
2940 csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2941 root_kv,
2942 dentry->kv);
2944 csr1212_release_keyval(fi->csr1212_dirs[i]);
2945 fi->csr1212_dirs[i] = NULL;
2946 csr_mod = 1;
2949 if ((csr_mod || fi->cfgrom_upd)
2950 && hpsb_update_config_rom_image(fi->host) < 0)
2951 HPSB_ERR
2952 ("Failed to generate Configuration ROM image for host %d",
2953 fi->host->id);
2955 if (fi->state == connected) {
2956 spin_lock_irqsave(&host_info_lock, flags);
2957 list_del(&fi->list);
2958 spin_unlock_irqrestore(&host_info_lock, flags);
2960 put_device(&fi->host->device);
2963 spin_lock_irqsave(&host_info_lock, flags);
2964 if (fi->host)
2965 module_put(fi->host->driver->owner);
2966 spin_unlock_irqrestore(&host_info_lock, flags);
2968 kfree(fi);
2970 return 0;
2973 /*** HOTPLUG STUFF **********************************************************/
2975 * Export information about protocols/devices supported by this driver.
2977 #ifdef MODULE
2978 static struct ieee1394_device_id raw1394_id_table[] = {
2980 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2981 .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2982 .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2984 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2985 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2986 .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2988 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2989 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2990 .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2992 .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2993 .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2994 .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2998 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2999 #endif /* MODULE */
3001 static struct hpsb_protocol_driver raw1394_driver = {
3002 .name = "raw1394",
3005 /******************************************************************************/
3007 static struct hpsb_highlevel raw1394_highlevel = {
3008 .name = RAW1394_DEVICE_NAME,
3009 .add_host = add_host,
3010 .remove_host = remove_host,
3011 .host_reset = host_reset,
3012 .fcp_request = fcp_request,
3015 static struct cdev raw1394_cdev;
3016 static const struct file_operations raw1394_fops = {
3017 .owner = THIS_MODULE,
3018 .read = raw1394_read,
3019 .write = raw1394_write,
3020 .mmap = raw1394_mmap,
3021 .unlocked_ioctl = raw1394_ioctl,
3022 #ifdef CONFIG_COMPAT
3023 .compat_ioctl = raw1394_compat_ioctl,
3024 #endif
3025 .poll = raw1394_poll,
3026 .open = raw1394_open,
3027 .release = raw1394_release,
3030 static int __init init_raw1394(void)
3032 int ret = 0;
3034 hpsb_register_highlevel(&raw1394_highlevel);
3036 if (IS_ERR
3037 (device_create(hpsb_protocol_class, NULL,
3038 MKDEV(IEEE1394_MAJOR,
3039 IEEE1394_MINOR_BLOCK_RAW1394 * 16),
3040 NULL, RAW1394_DEVICE_NAME))) {
3041 ret = -EFAULT;
3042 goto out_unreg;
3045 cdev_init(&raw1394_cdev, &raw1394_fops);
3046 raw1394_cdev.owner = THIS_MODULE;
3047 ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3048 if (ret) {
3049 HPSB_ERR("raw1394 failed to register minor device block");
3050 goto out_dev;
3053 HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3055 ret = hpsb_register_protocol(&raw1394_driver);
3056 if (ret) {
3057 HPSB_ERR("raw1394: failed to register protocol");
3058 cdev_del(&raw1394_cdev);
3059 goto out_dev;
3062 goto out;
3064 out_dev:
3065 device_destroy(hpsb_protocol_class,
3066 MKDEV(IEEE1394_MAJOR,
3067 IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3068 out_unreg:
3069 hpsb_unregister_highlevel(&raw1394_highlevel);
3070 out:
3071 return ret;
3074 static void __exit cleanup_raw1394(void)
3076 device_destroy(hpsb_protocol_class,
3077 MKDEV(IEEE1394_MAJOR,
3078 IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3079 cdev_del(&raw1394_cdev);
3080 hpsb_unregister_highlevel(&raw1394_highlevel);
3081 hpsb_unregister_protocol(&raw1394_driver);
3084 module_init(init_raw1394);
3085 module_exit(cleanup_raw1394);
3086 MODULE_LICENSE("GPL");