alpha: fix several security issues
[linux/fpc-iii.git] / drivers / firewire / nosy.c
blob0618145376ade6b4608cd16792408f6e2b94ee23
1 /*
2 * nosy - Snoop mode driver for TI PCILynx 1394 controllers
3 * Copyright (C) 2002-2007 Kristian Høgsberg
5 * This program is free software; you can redistribute it and/or modify
6 * it under the terms of the GNU General Public License as published by
7 * the Free Software Foundation; either version 2 of the License, or
8 * (at your option) any later version.
10 * This program is distributed in the hope that it will be useful,
11 * but WITHOUT ANY WARRANTY; without even the implied warranty of
12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 * GNU General Public License for more details.
15 * You should have received a copy of the GNU General Public License
16 * along with this program; if not, write to the Free Software Foundation,
17 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
20 #include <linux/device.h>
21 #include <linux/errno.h>
22 #include <linux/fs.h>
23 #include <linux/init.h>
24 #include <linux/interrupt.h>
25 #include <linux/io.h>
26 #include <linux/kernel.h>
27 #include <linux/kref.h>
28 #include <linux/miscdevice.h>
29 #include <linux/module.h>
30 #include <linux/mutex.h>
31 #include <linux/pci.h>
32 #include <linux/poll.h>
33 #include <linux/sched.h> /* required for linux/wait.h */
34 #include <linux/slab.h>
35 #include <linux/spinlock.h>
36 #include <linux/timex.h>
37 #include <linux/uaccess.h>
38 #include <linux/wait.h>
40 #include <asm/atomic.h>
41 #include <asm/byteorder.h>
43 #include "nosy.h"
44 #include "nosy-user.h"
46 #define TCODE_PHY_PACKET 0x10
47 #define PCI_DEVICE_ID_TI_PCILYNX 0x8000
49 static char driver_name[] = KBUILD_MODNAME;
51 /* this is the physical layout of a PCL, its size is 128 bytes */
52 struct pcl {
53 __le32 next;
54 __le32 async_error_next;
55 u32 user_data;
56 __le32 pcl_status;
57 __le32 remaining_transfer_count;
58 __le32 next_data_buffer;
59 struct {
60 __le32 control;
61 __le32 pointer;
62 } buffer[13];
65 struct packet {
66 unsigned int length;
67 char data[0];
70 struct packet_buffer {
71 char *data;
72 size_t capacity;
73 long total_packet_count, lost_packet_count;
74 atomic_t size;
75 struct packet *head, *tail;
76 wait_queue_head_t wait;
79 struct pcilynx {
80 struct pci_dev *pci_device;
81 __iomem char *registers;
83 struct pcl *rcv_start_pcl, *rcv_pcl;
84 __le32 *rcv_buffer;
86 dma_addr_t rcv_start_pcl_bus, rcv_pcl_bus, rcv_buffer_bus;
88 spinlock_t client_list_lock;
89 struct list_head client_list;
91 struct miscdevice misc;
92 struct list_head link;
93 struct kref kref;
96 static inline struct pcilynx *
97 lynx_get(struct pcilynx *lynx)
99 kref_get(&lynx->kref);
101 return lynx;
104 static void
105 lynx_release(struct kref *kref)
107 kfree(container_of(kref, struct pcilynx, kref));
110 static inline void
111 lynx_put(struct pcilynx *lynx)
113 kref_put(&lynx->kref, lynx_release);
116 struct client {
117 struct pcilynx *lynx;
118 u32 tcode_mask;
119 struct packet_buffer buffer;
120 struct list_head link;
123 static DEFINE_MUTEX(card_mutex);
124 static LIST_HEAD(card_list);
126 static int
127 packet_buffer_init(struct packet_buffer *buffer, size_t capacity)
129 buffer->data = kmalloc(capacity, GFP_KERNEL);
130 if (buffer->data == NULL)
131 return -ENOMEM;
132 buffer->head = (struct packet *) buffer->data;
133 buffer->tail = (struct packet *) buffer->data;
134 buffer->capacity = capacity;
135 buffer->lost_packet_count = 0;
136 atomic_set(&buffer->size, 0);
137 init_waitqueue_head(&buffer->wait);
139 return 0;
142 static void
143 packet_buffer_destroy(struct packet_buffer *buffer)
145 kfree(buffer->data);
148 static int
149 packet_buffer_get(struct client *client, char __user *data, size_t user_length)
151 struct packet_buffer *buffer = &client->buffer;
152 size_t length;
153 char *end;
155 if (wait_event_interruptible(buffer->wait,
156 atomic_read(&buffer->size) > 0) ||
157 list_empty(&client->lynx->link))
158 return -ERESTARTSYS;
160 if (atomic_read(&buffer->size) == 0)
161 return -ENODEV;
163 /* FIXME: Check length <= user_length. */
165 end = buffer->data + buffer->capacity;
166 length = buffer->head->length;
168 if (&buffer->head->data[length] < end) {
169 if (copy_to_user(data, buffer->head->data, length))
170 return -EFAULT;
171 buffer->head = (struct packet *) &buffer->head->data[length];
172 } else {
173 size_t split = end - buffer->head->data;
175 if (copy_to_user(data, buffer->head->data, split))
176 return -EFAULT;
177 if (copy_to_user(data + split, buffer->data, length - split))
178 return -EFAULT;
179 buffer->head = (struct packet *) &buffer->data[length - split];
183 * Decrease buffer->size as the last thing, since this is what
184 * keeps the interrupt from overwriting the packet we are
185 * retrieving from the buffer.
187 atomic_sub(sizeof(struct packet) + length, &buffer->size);
189 return length;
192 static void
193 packet_buffer_put(struct packet_buffer *buffer, void *data, size_t length)
195 char *end;
197 buffer->total_packet_count++;
199 if (buffer->capacity <
200 atomic_read(&buffer->size) + sizeof(struct packet) + length) {
201 buffer->lost_packet_count++;
202 return;
205 end = buffer->data + buffer->capacity;
206 buffer->tail->length = length;
208 if (&buffer->tail->data[length] < end) {
209 memcpy(buffer->tail->data, data, length);
210 buffer->tail = (struct packet *) &buffer->tail->data[length];
211 } else {
212 size_t split = end - buffer->tail->data;
214 memcpy(buffer->tail->data, data, split);
215 memcpy(buffer->data, data + split, length - split);
216 buffer->tail = (struct packet *) &buffer->data[length - split];
219 /* Finally, adjust buffer size and wake up userspace reader. */
221 atomic_add(sizeof(struct packet) + length, &buffer->size);
222 wake_up_interruptible(&buffer->wait);
225 static inline void
226 reg_write(struct pcilynx *lynx, int offset, u32 data)
228 writel(data, lynx->registers + offset);
231 static inline u32
232 reg_read(struct pcilynx *lynx, int offset)
234 return readl(lynx->registers + offset);
237 static inline void
238 reg_set_bits(struct pcilynx *lynx, int offset, u32 mask)
240 reg_write(lynx, offset, (reg_read(lynx, offset) | mask));
244 * Maybe the pcl programs could be set up to just append data instead
245 * of using a whole packet.
247 static inline void
248 run_pcl(struct pcilynx *lynx, dma_addr_t pcl_bus,
249 int dmachan)
251 reg_write(lynx, DMA0_CURRENT_PCL + dmachan * 0x20, pcl_bus);
252 reg_write(lynx, DMA0_CHAN_CTRL + dmachan * 0x20,
253 DMA_CHAN_CTRL_ENABLE | DMA_CHAN_CTRL_LINK);
256 static int
257 set_phy_reg(struct pcilynx *lynx, int addr, int val)
259 if (addr > 15) {
260 dev_err(&lynx->pci_device->dev,
261 "PHY register address %d out of range\n", addr);
262 return -1;
264 if (val > 0xff) {
265 dev_err(&lynx->pci_device->dev,
266 "PHY register value %d out of range\n", val);
267 return -1;
269 reg_write(lynx, LINK_PHY, LINK_PHY_WRITE |
270 LINK_PHY_ADDR(addr) | LINK_PHY_WDATA(val));
272 return 0;
275 static int
276 nosy_open(struct inode *inode, struct file *file)
278 int minor = iminor(inode);
279 struct client *client;
280 struct pcilynx *tmp, *lynx = NULL;
282 mutex_lock(&card_mutex);
283 list_for_each_entry(tmp, &card_list, link)
284 if (tmp->misc.minor == minor) {
285 lynx = lynx_get(tmp);
286 break;
288 mutex_unlock(&card_mutex);
289 if (lynx == NULL)
290 return -ENODEV;
292 client = kmalloc(sizeof *client, GFP_KERNEL);
293 if (client == NULL)
294 goto fail;
296 client->tcode_mask = ~0;
297 client->lynx = lynx;
298 INIT_LIST_HEAD(&client->link);
300 if (packet_buffer_init(&client->buffer, 128 * 1024) < 0)
301 goto fail;
303 file->private_data = client;
305 return nonseekable_open(inode, file);
306 fail:
307 kfree(client);
308 lynx_put(lynx);
310 return -ENOMEM;
313 static int
314 nosy_release(struct inode *inode, struct file *file)
316 struct client *client = file->private_data;
317 struct pcilynx *lynx = client->lynx;
319 spin_lock_irq(&lynx->client_list_lock);
320 list_del_init(&client->link);
321 spin_unlock_irq(&lynx->client_list_lock);
323 packet_buffer_destroy(&client->buffer);
324 kfree(client);
325 lynx_put(lynx);
327 return 0;
330 static unsigned int
331 nosy_poll(struct file *file, poll_table *pt)
333 struct client *client = file->private_data;
334 unsigned int ret = 0;
336 poll_wait(file, &client->buffer.wait, pt);
338 if (atomic_read(&client->buffer.size) > 0)
339 ret = POLLIN | POLLRDNORM;
341 if (list_empty(&client->lynx->link))
342 ret |= POLLHUP;
344 return ret;
347 static ssize_t
348 nosy_read(struct file *file, char __user *buffer, size_t count, loff_t *offset)
350 struct client *client = file->private_data;
352 return packet_buffer_get(client, buffer, count);
355 static long
356 nosy_ioctl(struct file *file, unsigned int cmd, unsigned long arg)
358 struct client *client = file->private_data;
359 spinlock_t *client_list_lock = &client->lynx->client_list_lock;
360 struct nosy_stats stats;
362 switch (cmd) {
363 case NOSY_IOC_GET_STATS:
364 spin_lock_irq(client_list_lock);
365 stats.total_packet_count = client->buffer.total_packet_count;
366 stats.lost_packet_count = client->buffer.lost_packet_count;
367 spin_unlock_irq(client_list_lock);
369 if (copy_to_user((void __user *) arg, &stats, sizeof stats))
370 return -EFAULT;
371 else
372 return 0;
374 case NOSY_IOC_START:
375 spin_lock_irq(client_list_lock);
376 list_add_tail(&client->link, &client->lynx->client_list);
377 spin_unlock_irq(client_list_lock);
379 return 0;
381 case NOSY_IOC_STOP:
382 spin_lock_irq(client_list_lock);
383 list_del_init(&client->link);
384 spin_unlock_irq(client_list_lock);
386 return 0;
388 case NOSY_IOC_FILTER:
389 spin_lock_irq(client_list_lock);
390 client->tcode_mask = arg;
391 spin_unlock_irq(client_list_lock);
393 return 0;
395 default:
396 return -EINVAL;
397 /* Flush buffer, configure filter. */
401 static const struct file_operations nosy_ops = {
402 .owner = THIS_MODULE,
403 .read = nosy_read,
404 .unlocked_ioctl = nosy_ioctl,
405 .poll = nosy_poll,
406 .open = nosy_open,
407 .release = nosy_release,
410 #define PHY_PACKET_SIZE 12 /* 1 payload, 1 inverse, 1 ack = 3 quadlets */
412 static void
413 packet_irq_handler(struct pcilynx *lynx)
415 struct client *client;
416 u32 tcode_mask, tcode;
417 size_t length;
418 struct timeval tv;
420 /* FIXME: Also report rcv_speed. */
422 length = __le32_to_cpu(lynx->rcv_pcl->pcl_status) & 0x00001fff;
423 tcode = __le32_to_cpu(lynx->rcv_buffer[1]) >> 4 & 0xf;
425 do_gettimeofday(&tv);
426 lynx->rcv_buffer[0] = (__force __le32)tv.tv_usec;
428 if (length == PHY_PACKET_SIZE)
429 tcode_mask = 1 << TCODE_PHY_PACKET;
430 else
431 tcode_mask = 1 << tcode;
433 spin_lock(&lynx->client_list_lock);
435 list_for_each_entry(client, &lynx->client_list, link)
436 if (client->tcode_mask & tcode_mask)
437 packet_buffer_put(&client->buffer,
438 lynx->rcv_buffer, length + 4);
440 spin_unlock(&lynx->client_list_lock);
443 static void
444 bus_reset_irq_handler(struct pcilynx *lynx)
446 struct client *client;
447 struct timeval tv;
449 do_gettimeofday(&tv);
451 spin_lock(&lynx->client_list_lock);
453 list_for_each_entry(client, &lynx->client_list, link)
454 packet_buffer_put(&client->buffer, &tv.tv_usec, 4);
456 spin_unlock(&lynx->client_list_lock);
459 static irqreturn_t
460 irq_handler(int irq, void *device)
462 struct pcilynx *lynx = device;
463 u32 pci_int_status;
465 pci_int_status = reg_read(lynx, PCI_INT_STATUS);
467 if (pci_int_status == ~0)
468 /* Card was ejected. */
469 return IRQ_NONE;
471 if ((pci_int_status & PCI_INT_INT_PEND) == 0)
472 /* Not our interrupt, bail out quickly. */
473 return IRQ_NONE;
475 if ((pci_int_status & PCI_INT_P1394_INT) != 0) {
476 u32 link_int_status;
478 link_int_status = reg_read(lynx, LINK_INT_STATUS);
479 reg_write(lynx, LINK_INT_STATUS, link_int_status);
481 if ((link_int_status & LINK_INT_PHY_BUSRESET) > 0)
482 bus_reset_irq_handler(lynx);
485 /* Clear the PCI_INT_STATUS register only after clearing the
486 * LINK_INT_STATUS register; otherwise the PCI_INT_P1394 will
487 * be set again immediately. */
489 reg_write(lynx, PCI_INT_STATUS, pci_int_status);
491 if ((pci_int_status & PCI_INT_DMA0_HLT) > 0) {
492 packet_irq_handler(lynx);
493 run_pcl(lynx, lynx->rcv_start_pcl_bus, 0);
496 return IRQ_HANDLED;
499 static void
500 remove_card(struct pci_dev *dev)
502 struct pcilynx *lynx = pci_get_drvdata(dev);
503 struct client *client;
505 mutex_lock(&card_mutex);
506 list_del_init(&lynx->link);
507 misc_deregister(&lynx->misc);
508 mutex_unlock(&card_mutex);
510 reg_write(lynx, PCI_INT_ENABLE, 0);
511 free_irq(lynx->pci_device->irq, lynx);
513 spin_lock_irq(&lynx->client_list_lock);
514 list_for_each_entry(client, &lynx->client_list, link)
515 wake_up_interruptible(&client->buffer.wait);
516 spin_unlock_irq(&lynx->client_list_lock);
518 pci_free_consistent(lynx->pci_device, sizeof(struct pcl),
519 lynx->rcv_start_pcl, lynx->rcv_start_pcl_bus);
520 pci_free_consistent(lynx->pci_device, sizeof(struct pcl),
521 lynx->rcv_pcl, lynx->rcv_pcl_bus);
522 pci_free_consistent(lynx->pci_device, PAGE_SIZE,
523 lynx->rcv_buffer, lynx->rcv_buffer_bus);
525 iounmap(lynx->registers);
526 pci_disable_device(dev);
527 lynx_put(lynx);
530 #define RCV_BUFFER_SIZE (16 * 1024)
532 static int __devinit
533 add_card(struct pci_dev *dev, const struct pci_device_id *unused)
535 struct pcilynx *lynx;
536 u32 p, end;
537 int ret, i;
539 if (pci_set_dma_mask(dev, 0xffffffff)) {
540 dev_err(&dev->dev,
541 "DMA address limits not supported for PCILynx hardware\n");
542 return -ENXIO;
544 if (pci_enable_device(dev)) {
545 dev_err(&dev->dev, "Failed to enable PCILynx hardware\n");
546 return -ENXIO;
548 pci_set_master(dev);
550 lynx = kzalloc(sizeof *lynx, GFP_KERNEL);
551 if (lynx == NULL) {
552 dev_err(&dev->dev, "Failed to allocate control structure\n");
553 ret = -ENOMEM;
554 goto fail_disable;
556 lynx->pci_device = dev;
557 pci_set_drvdata(dev, lynx);
559 spin_lock_init(&lynx->client_list_lock);
560 INIT_LIST_HEAD(&lynx->client_list);
561 kref_init(&lynx->kref);
563 lynx->registers = ioremap_nocache(pci_resource_start(dev, 0),
564 PCILYNX_MAX_REGISTER);
566 lynx->rcv_start_pcl = pci_alloc_consistent(lynx->pci_device,
567 sizeof(struct pcl), &lynx->rcv_start_pcl_bus);
568 lynx->rcv_pcl = pci_alloc_consistent(lynx->pci_device,
569 sizeof(struct pcl), &lynx->rcv_pcl_bus);
570 lynx->rcv_buffer = pci_alloc_consistent(lynx->pci_device,
571 RCV_BUFFER_SIZE, &lynx->rcv_buffer_bus);
572 if (lynx->rcv_start_pcl == NULL ||
573 lynx->rcv_pcl == NULL ||
574 lynx->rcv_buffer == NULL) {
575 dev_err(&dev->dev, "Failed to allocate receive buffer\n");
576 ret = -ENOMEM;
577 goto fail_deallocate;
579 lynx->rcv_start_pcl->next = cpu_to_le32(lynx->rcv_pcl_bus);
580 lynx->rcv_pcl->next = cpu_to_le32(PCL_NEXT_INVALID);
581 lynx->rcv_pcl->async_error_next = cpu_to_le32(PCL_NEXT_INVALID);
583 lynx->rcv_pcl->buffer[0].control =
584 cpu_to_le32(PCL_CMD_RCV | PCL_BIGENDIAN | 2044);
585 lynx->rcv_pcl->buffer[0].pointer =
586 cpu_to_le32(lynx->rcv_buffer_bus + 4);
587 p = lynx->rcv_buffer_bus + 2048;
588 end = lynx->rcv_buffer_bus + RCV_BUFFER_SIZE;
589 for (i = 1; p < end; i++, p += 2048) {
590 lynx->rcv_pcl->buffer[i].control =
591 cpu_to_le32(PCL_CMD_RCV | PCL_BIGENDIAN | 2048);
592 lynx->rcv_pcl->buffer[i].pointer = cpu_to_le32(p);
594 lynx->rcv_pcl->buffer[i - 1].control |= cpu_to_le32(PCL_LAST_BUFF);
596 reg_set_bits(lynx, MISC_CONTROL, MISC_CONTROL_SWRESET);
597 /* Fix buggy cards with autoboot pin not tied low: */
598 reg_write(lynx, DMA0_CHAN_CTRL, 0);
599 reg_write(lynx, DMA_GLOBAL_REGISTER, 0x00 << 24);
601 #if 0
602 /* now, looking for PHY register set */
603 if ((get_phy_reg(lynx, 2) & 0xe0) == 0xe0) {
604 lynx->phyic.reg_1394a = 1;
605 PRINT(KERN_INFO, lynx->id,
606 "found 1394a conform PHY (using extended register set)");
607 lynx->phyic.vendor = get_phy_vendorid(lynx);
608 lynx->phyic.product = get_phy_productid(lynx);
609 } else {
610 lynx->phyic.reg_1394a = 0;
611 PRINT(KERN_INFO, lynx->id, "found old 1394 PHY");
613 #endif
615 /* Setup the general receive FIFO max size. */
616 reg_write(lynx, FIFO_SIZES, 255);
618 reg_set_bits(lynx, PCI_INT_ENABLE, PCI_INT_DMA_ALL);
620 reg_write(lynx, LINK_INT_ENABLE,
621 LINK_INT_PHY_TIME_OUT | LINK_INT_PHY_REG_RCVD |
622 LINK_INT_PHY_BUSRESET | LINK_INT_IT_STUCK |
623 LINK_INT_AT_STUCK | LINK_INT_SNTRJ |
624 LINK_INT_TC_ERR | LINK_INT_GRF_OVER_FLOW |
625 LINK_INT_ITF_UNDER_FLOW | LINK_INT_ATF_UNDER_FLOW);
627 /* Disable the L flag in self ID packets. */
628 set_phy_reg(lynx, 4, 0);
630 /* Put this baby into snoop mode */
631 reg_set_bits(lynx, LINK_CONTROL, LINK_CONTROL_SNOOP_ENABLE);
633 run_pcl(lynx, lynx->rcv_start_pcl_bus, 0);
635 if (request_irq(dev->irq, irq_handler, IRQF_SHARED,
636 driver_name, lynx)) {
637 dev_err(&dev->dev,
638 "Failed to allocate shared interrupt %d\n", dev->irq);
639 ret = -EIO;
640 goto fail_deallocate;
643 lynx->misc.parent = &dev->dev;
644 lynx->misc.minor = MISC_DYNAMIC_MINOR;
645 lynx->misc.name = "nosy";
646 lynx->misc.fops = &nosy_ops;
648 mutex_lock(&card_mutex);
649 ret = misc_register(&lynx->misc);
650 if (ret) {
651 dev_err(&dev->dev, "Failed to register misc char device\n");
652 mutex_unlock(&card_mutex);
653 goto fail_free_irq;
655 list_add_tail(&lynx->link, &card_list);
656 mutex_unlock(&card_mutex);
658 dev_info(&dev->dev,
659 "Initialized PCILynx IEEE1394 card, irq=%d\n", dev->irq);
661 return 0;
663 fail_free_irq:
664 reg_write(lynx, PCI_INT_ENABLE, 0);
665 free_irq(lynx->pci_device->irq, lynx);
667 fail_deallocate:
668 if (lynx->rcv_start_pcl)
669 pci_free_consistent(lynx->pci_device, sizeof(struct pcl),
670 lynx->rcv_start_pcl, lynx->rcv_start_pcl_bus);
671 if (lynx->rcv_pcl)
672 pci_free_consistent(lynx->pci_device, sizeof(struct pcl),
673 lynx->rcv_pcl, lynx->rcv_pcl_bus);
674 if (lynx->rcv_buffer)
675 pci_free_consistent(lynx->pci_device, PAGE_SIZE,
676 lynx->rcv_buffer, lynx->rcv_buffer_bus);
677 iounmap(lynx->registers);
678 kfree(lynx);
680 fail_disable:
681 pci_disable_device(dev);
683 return ret;
686 static struct pci_device_id pci_table[] __devinitdata = {
688 .vendor = PCI_VENDOR_ID_TI,
689 .device = PCI_DEVICE_ID_TI_PCILYNX,
690 .subvendor = PCI_ANY_ID,
691 .subdevice = PCI_ANY_ID,
693 { } /* Terminating entry */
696 static struct pci_driver lynx_pci_driver = {
697 .name = driver_name,
698 .id_table = pci_table,
699 .probe = add_card,
700 .remove = remove_card,
703 MODULE_AUTHOR("Kristian Hoegsberg");
704 MODULE_DESCRIPTION("Snoop mode driver for TI pcilynx 1394 controllers");
705 MODULE_LICENSE("GPL");
706 MODULE_DEVICE_TABLE(pci, pci_table);
708 static int __init nosy_init(void)
710 return pci_register_driver(&lynx_pci_driver);
713 static void __exit nosy_cleanup(void)
715 pci_unregister_driver(&lynx_pci_driver);
717 pr_info("Unloaded %s\n", driver_name);
720 module_init(nosy_init);
721 module_exit(nosy_cleanup);