HID: hiddev: Fix slab-out-of-bounds write in hiddev_ioctl_usage()
[linux/fpc-iii.git] / drivers / char / snsc.c
blob94006f9c2e4312d6b4f7dbafa7726daa93e2c1e7
1 /*
2 * SN Platform system controller communication support
4 * This file is subject to the terms and conditions of the GNU General Public
5 * License. See the file "COPYING" in the main directory of this archive
6 * for more details.
8 * Copyright (C) 2004, 2006 Silicon Graphics, Inc. All rights reserved.
9 */
12 * System controller communication driver
14 * This driver allows a user process to communicate with the system
15 * controller (a.k.a. "IRouter") network in an SGI SN system.
18 #include <linux/interrupt.h>
19 #include <linux/sched.h>
20 #include <linux/device.h>
21 #include <linux/poll.h>
22 #include <linux/init.h>
23 #include <linux/slab.h>
24 #include <linux/mutex.h>
25 #include <asm/sn/io.h>
26 #include <asm/sn/sn_sal.h>
27 #include <asm/sn/module.h>
28 #include <asm/sn/geo.h>
29 #include <asm/sn/nodepda.h>
30 #include "snsc.h"
32 #define SYSCTL_BASENAME "snsc"
34 #define SCDRV_BUFSZ 2048
35 #define SCDRV_TIMEOUT 1000
37 static DEFINE_MUTEX(scdrv_mutex);
38 static irqreturn_t
39 scdrv_interrupt(int irq, void *subch_data)
41 struct subch_data_s *sd = subch_data;
42 unsigned long flags;
43 int status;
45 spin_lock_irqsave(&sd->sd_rlock, flags);
46 spin_lock(&sd->sd_wlock);
47 status = ia64_sn_irtr_intr(sd->sd_nasid, sd->sd_subch);
49 if (status > 0) {
50 if (status & SAL_IROUTER_INTR_RECV) {
51 wake_up(&sd->sd_rq);
53 if (status & SAL_IROUTER_INTR_XMIT) {
54 ia64_sn_irtr_intr_disable
55 (sd->sd_nasid, sd->sd_subch,
56 SAL_IROUTER_INTR_XMIT);
57 wake_up(&sd->sd_wq);
60 spin_unlock(&sd->sd_wlock);
61 spin_unlock_irqrestore(&sd->sd_rlock, flags);
62 return IRQ_HANDLED;
66 * scdrv_open
68 * Reserve a subchannel for system controller communication.
71 static int
72 scdrv_open(struct inode *inode, struct file *file)
74 struct sysctl_data_s *scd;
75 struct subch_data_s *sd;
76 int rv;
78 /* look up device info for this device file */
79 scd = container_of(inode->i_cdev, struct sysctl_data_s, scd_cdev);
81 /* allocate memory for subchannel data */
82 sd = kzalloc(sizeof (struct subch_data_s), GFP_KERNEL);
83 if (sd == NULL) {
84 printk("%s: couldn't allocate subchannel data\n",
85 __func__);
86 return -ENOMEM;
89 /* initialize subch_data_s fields */
90 sd->sd_nasid = scd->scd_nasid;
91 sd->sd_subch = ia64_sn_irtr_open(scd->scd_nasid);
93 if (sd->sd_subch < 0) {
94 kfree(sd);
95 printk("%s: couldn't allocate subchannel\n", __func__);
96 return -EBUSY;
99 spin_lock_init(&sd->sd_rlock);
100 spin_lock_init(&sd->sd_wlock);
101 init_waitqueue_head(&sd->sd_rq);
102 init_waitqueue_head(&sd->sd_wq);
103 sema_init(&sd->sd_rbs, 1);
104 sema_init(&sd->sd_wbs, 1);
106 file->private_data = sd;
108 /* hook this subchannel up to the system controller interrupt */
109 mutex_lock(&scdrv_mutex);
110 rv = request_irq(SGI_UART_VECTOR, scdrv_interrupt,
111 IRQF_SHARED, SYSCTL_BASENAME, sd);
112 if (rv) {
113 ia64_sn_irtr_close(sd->sd_nasid, sd->sd_subch);
114 kfree(sd);
115 printk("%s: irq request failed (%d)\n", __func__, rv);
116 mutex_unlock(&scdrv_mutex);
117 return -EBUSY;
119 mutex_unlock(&scdrv_mutex);
120 return 0;
124 * scdrv_release
126 * Release a previously-reserved subchannel.
129 static int
130 scdrv_release(struct inode *inode, struct file *file)
132 struct subch_data_s *sd = (struct subch_data_s *) file->private_data;
133 int rv;
135 /* free the interrupt */
136 free_irq(SGI_UART_VECTOR, sd);
138 /* ask SAL to close the subchannel */
139 rv = ia64_sn_irtr_close(sd->sd_nasid, sd->sd_subch);
141 kfree(sd);
142 return rv;
146 * scdrv_read
148 * Called to read bytes from the open IRouter pipe.
152 static inline int
153 read_status_check(struct subch_data_s *sd, int *len)
155 return ia64_sn_irtr_recv(sd->sd_nasid, sd->sd_subch, sd->sd_rb, len);
158 static ssize_t
159 scdrv_read(struct file *file, char __user *buf, size_t count, loff_t *f_pos)
161 int status;
162 int len;
163 unsigned long flags;
164 struct subch_data_s *sd = (struct subch_data_s *) file->private_data;
166 /* try to get control of the read buffer */
167 if (down_trylock(&sd->sd_rbs)) {
168 /* somebody else has it now;
169 * if we're non-blocking, then exit...
171 if (file->f_flags & O_NONBLOCK) {
172 return -EAGAIN;
174 /* ...or if we want to block, then do so here */
175 if (down_interruptible(&sd->sd_rbs)) {
176 /* something went wrong with wait */
177 return -ERESTARTSYS;
181 /* anything to read? */
182 len = CHUNKSIZE;
183 spin_lock_irqsave(&sd->sd_rlock, flags);
184 status = read_status_check(sd, &len);
186 /* if not, and we're blocking I/O, loop */
187 while (status < 0) {
188 DECLARE_WAITQUEUE(wait, current);
190 if (file->f_flags & O_NONBLOCK) {
191 spin_unlock_irqrestore(&sd->sd_rlock, flags);
192 up(&sd->sd_rbs);
193 return -EAGAIN;
196 len = CHUNKSIZE;
197 set_current_state(TASK_INTERRUPTIBLE);
198 add_wait_queue(&sd->sd_rq, &wait);
199 spin_unlock_irqrestore(&sd->sd_rlock, flags);
201 schedule_timeout(msecs_to_jiffies(SCDRV_TIMEOUT));
203 remove_wait_queue(&sd->sd_rq, &wait);
204 if (signal_pending(current)) {
205 /* wait was interrupted */
206 up(&sd->sd_rbs);
207 return -ERESTARTSYS;
210 spin_lock_irqsave(&sd->sd_rlock, flags);
211 status = read_status_check(sd, &len);
213 spin_unlock_irqrestore(&sd->sd_rlock, flags);
215 if (len > 0) {
216 /* we read something in the last read_status_check(); copy
217 * it out to user space
219 if (count < len) {
220 pr_debug("%s: only accepting %d of %d bytes\n",
221 __func__, (int) count, len);
223 len = min((int) count, len);
224 if (copy_to_user(buf, sd->sd_rb, len))
225 len = -EFAULT;
228 /* release the read buffer and wake anyone who might be
229 * waiting for it
231 up(&sd->sd_rbs);
233 /* return the number of characters read in */
234 return len;
238 * scdrv_write
240 * Writes a chunk of an IRouter packet (or other system controller data)
241 * to the system controller.
244 static inline int
245 write_status_check(struct subch_data_s *sd, int count)
247 return ia64_sn_irtr_send(sd->sd_nasid, sd->sd_subch, sd->sd_wb, count);
250 static ssize_t
251 scdrv_write(struct file *file, const char __user *buf,
252 size_t count, loff_t *f_pos)
254 unsigned long flags;
255 int status;
256 struct subch_data_s *sd = (struct subch_data_s *) file->private_data;
258 /* try to get control of the write buffer */
259 if (down_trylock(&sd->sd_wbs)) {
260 /* somebody else has it now;
261 * if we're non-blocking, then exit...
263 if (file->f_flags & O_NONBLOCK) {
264 return -EAGAIN;
266 /* ...or if we want to block, then do so here */
267 if (down_interruptible(&sd->sd_wbs)) {
268 /* something went wrong with wait */
269 return -ERESTARTSYS;
273 count = min((int) count, CHUNKSIZE);
274 if (copy_from_user(sd->sd_wb, buf, count)) {
275 up(&sd->sd_wbs);
276 return -EFAULT;
279 /* try to send the buffer */
280 spin_lock_irqsave(&sd->sd_wlock, flags);
281 status = write_status_check(sd, count);
283 /* if we failed, and we want to block, then loop */
284 while (status <= 0) {
285 DECLARE_WAITQUEUE(wait, current);
287 if (file->f_flags & O_NONBLOCK) {
288 spin_unlock(&sd->sd_wlock);
289 up(&sd->sd_wbs);
290 return -EAGAIN;
293 set_current_state(TASK_INTERRUPTIBLE);
294 add_wait_queue(&sd->sd_wq, &wait);
295 spin_unlock_irqrestore(&sd->sd_wlock, flags);
297 schedule_timeout(msecs_to_jiffies(SCDRV_TIMEOUT));
299 remove_wait_queue(&sd->sd_wq, &wait);
300 if (signal_pending(current)) {
301 /* wait was interrupted */
302 up(&sd->sd_wbs);
303 return -ERESTARTSYS;
306 spin_lock_irqsave(&sd->sd_wlock, flags);
307 status = write_status_check(sd, count);
309 spin_unlock_irqrestore(&sd->sd_wlock, flags);
311 /* release the write buffer and wake anyone who's waiting for it */
312 up(&sd->sd_wbs);
314 /* return the number of characters accepted (should be the complete
315 * "chunk" as requested)
317 if ((status >= 0) && (status < count)) {
318 pr_debug("Didn't accept the full chunk; %d of %d\n",
319 status, (int) count);
321 return status;
324 static unsigned int
325 scdrv_poll(struct file *file, struct poll_table_struct *wait)
327 unsigned int mask = 0;
328 int status = 0;
329 struct subch_data_s *sd = (struct subch_data_s *) file->private_data;
330 unsigned long flags;
332 poll_wait(file, &sd->sd_rq, wait);
333 poll_wait(file, &sd->sd_wq, wait);
335 spin_lock_irqsave(&sd->sd_rlock, flags);
336 spin_lock(&sd->sd_wlock);
337 status = ia64_sn_irtr_intr(sd->sd_nasid, sd->sd_subch);
338 spin_unlock(&sd->sd_wlock);
339 spin_unlock_irqrestore(&sd->sd_rlock, flags);
341 if (status > 0) {
342 if (status & SAL_IROUTER_INTR_RECV) {
343 mask |= POLLIN | POLLRDNORM;
345 if (status & SAL_IROUTER_INTR_XMIT) {
346 mask |= POLLOUT | POLLWRNORM;
350 return mask;
353 static const struct file_operations scdrv_fops = {
354 .owner = THIS_MODULE,
355 .read = scdrv_read,
356 .write = scdrv_write,
357 .poll = scdrv_poll,
358 .open = scdrv_open,
359 .release = scdrv_release,
360 .llseek = noop_llseek,
363 static struct class *snsc_class;
366 * scdrv_init
368 * Called at boot time to initialize the system controller communication
369 * facility.
371 int __init
372 scdrv_init(void)
374 geoid_t geoid;
375 cnodeid_t cnode;
376 char devname[32];
377 char *devnamep;
378 struct sysctl_data_s *scd;
379 void *salbuf;
380 dev_t first_dev, dev;
381 nasid_t event_nasid;
383 if (!ia64_platform_is("sn2"))
384 return -ENODEV;
386 event_nasid = ia64_sn_get_console_nasid();
388 if (alloc_chrdev_region(&first_dev, 0, num_cnodes,
389 SYSCTL_BASENAME) < 0) {
390 printk("%s: failed to register SN system controller device\n",
391 __func__);
392 return -ENODEV;
394 snsc_class = class_create(THIS_MODULE, SYSCTL_BASENAME);
396 for (cnode = 0; cnode < num_cnodes; cnode++) {
397 geoid = cnodeid_get_geoid(cnode);
398 devnamep = devname;
399 format_module_id(devnamep, geo_module(geoid),
400 MODULE_FORMAT_BRIEF);
401 devnamep = devname + strlen(devname);
402 sprintf(devnamep, "^%d#%d", geo_slot(geoid),
403 geo_slab(geoid));
405 /* allocate sysctl device data */
406 scd = kzalloc(sizeof (struct sysctl_data_s),
407 GFP_KERNEL);
408 if (!scd) {
409 printk("%s: failed to allocate device info"
410 "for %s/%s\n", __func__,
411 SYSCTL_BASENAME, devname);
412 continue;
415 /* initialize sysctl device data fields */
416 scd->scd_nasid = cnodeid_to_nasid(cnode);
417 if (!(salbuf = kmalloc(SCDRV_BUFSZ, GFP_KERNEL))) {
418 printk("%s: failed to allocate driver buffer"
419 "(%s%s)\n", __func__,
420 SYSCTL_BASENAME, devname);
421 kfree(scd);
422 continue;
425 if (ia64_sn_irtr_init(scd->scd_nasid, salbuf,
426 SCDRV_BUFSZ) < 0) {
427 printk
428 ("%s: failed to initialize SAL for"
429 " system controller communication"
430 " (%s/%s): outdated PROM?\n",
431 __func__, SYSCTL_BASENAME, devname);
432 kfree(scd);
433 kfree(salbuf);
434 continue;
437 dev = first_dev + cnode;
438 cdev_init(&scd->scd_cdev, &scdrv_fops);
439 if (cdev_add(&scd->scd_cdev, dev, 1)) {
440 printk("%s: failed to register system"
441 " controller device (%s%s)\n",
442 __func__, SYSCTL_BASENAME, devname);
443 kfree(scd);
444 kfree(salbuf);
445 continue;
448 device_create(snsc_class, NULL, dev, NULL,
449 "%s", devname);
451 ia64_sn_irtr_intr_enable(scd->scd_nasid,
452 0 /*ignored */ ,
453 SAL_IROUTER_INTR_RECV);
455 /* on the console nasid, prepare to receive
456 * system controller environmental events
458 if(scd->scd_nasid == event_nasid) {
459 scdrv_event_init(scd);
462 return 0;
464 device_initcall(scdrv_init);