Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / macintosh / smu.c
blob54ac7ffacb40c9dc6352af3045c836f0162e7b73
1 /*
2 * PowerMac G5 SMU driver
4 * Copyright 2004 J. Mayer <l_indien@magic.fr>
5 * Copyright 2005 Benjamin Herrenschmidt, IBM Corp.
7 * Released under the term of the GNU GPL v2.
8 */
11 * TODO:
12 * - maybe add timeout to commands ?
13 * - blocking version of time functions
14 * - polling version of i2c commands (including timer that works with
15 * interrupts off)
16 * - maybe avoid some data copies with i2c by directly using the smu cmd
17 * buffer and a lower level internal interface
18 * - understand SMU -> CPU events and implement reception of them via
19 * the userland interface
22 #include <linux/types.h>
23 #include <linux/kernel.h>
24 #include <linux/device.h>
25 #include <linux/dmapool.h>
26 #include <linux/bootmem.h>
27 #include <linux/vmalloc.h>
28 #include <linux/highmem.h>
29 #include <linux/jiffies.h>
30 #include <linux/interrupt.h>
31 #include <linux/rtc.h>
32 #include <linux/completion.h>
33 #include <linux/miscdevice.h>
34 #include <linux/delay.h>
35 #include <linux/poll.h>
36 #include <linux/mutex.h>
37 #include <linux/of_device.h>
38 #include <linux/of_platform.h>
39 #include <linux/slab.h>
41 #include <asm/byteorder.h>
42 #include <asm/io.h>
43 #include <asm/prom.h>
44 #include <asm/machdep.h>
45 #include <asm/pmac_feature.h>
46 #include <asm/smu.h>
47 #include <asm/sections.h>
48 #include <asm/abs_addr.h>
49 #include <asm/uaccess.h>
51 #define VERSION "0.7"
52 #define AUTHOR "(c) 2005 Benjamin Herrenschmidt, IBM Corp."
54 #undef DEBUG_SMU
56 #ifdef DEBUG_SMU
57 #define DPRINTK(fmt, args...) do { printk(KERN_DEBUG fmt , ##args); } while (0)
58 #else
59 #define DPRINTK(fmt, args...) do { } while (0)
60 #endif
63 * This is the command buffer passed to the SMU hardware
65 #define SMU_MAX_DATA 254
67 struct smu_cmd_buf {
68 u8 cmd;
69 u8 length;
70 u8 data[SMU_MAX_DATA];
73 struct smu_device {
74 spinlock_t lock;
75 struct device_node *of_node;
76 struct platform_device *of_dev;
77 int doorbell; /* doorbell gpio */
78 u32 __iomem *db_buf; /* doorbell buffer */
79 struct device_node *db_node;
80 unsigned int db_irq;
81 int msg;
82 struct device_node *msg_node;
83 unsigned int msg_irq;
84 struct smu_cmd_buf *cmd_buf; /* command buffer virtual */
85 u32 cmd_buf_abs; /* command buffer absolute */
86 struct list_head cmd_list;
87 struct smu_cmd *cmd_cur; /* pending command */
88 int broken_nap;
89 struct list_head cmd_i2c_list;
90 struct smu_i2c_cmd *cmd_i2c_cur; /* pending i2c command */
91 struct timer_list i2c_timer;
95 * I don't think there will ever be more than one SMU, so
96 * for now, just hard code that
98 static DEFINE_MUTEX(smu_mutex);
99 static struct smu_device *smu;
100 static DEFINE_MUTEX(smu_part_access);
101 static int smu_irq_inited;
103 static void smu_i2c_retry(unsigned long data);
106 * SMU driver low level stuff
109 static void smu_start_cmd(void)
111 unsigned long faddr, fend;
112 struct smu_cmd *cmd;
114 if (list_empty(&smu->cmd_list))
115 return;
117 /* Fetch first command in queue */
118 cmd = list_entry(smu->cmd_list.next, struct smu_cmd, link);
119 smu->cmd_cur = cmd;
120 list_del(&cmd->link);
122 DPRINTK("SMU: starting cmd %x, %d bytes data\n", cmd->cmd,
123 cmd->data_len);
124 DPRINTK("SMU: data buffer: %02x %02x %02x %02x %02x %02x %02x %02x\n",
125 ((u8 *)cmd->data_buf)[0], ((u8 *)cmd->data_buf)[1],
126 ((u8 *)cmd->data_buf)[2], ((u8 *)cmd->data_buf)[3],
127 ((u8 *)cmd->data_buf)[4], ((u8 *)cmd->data_buf)[5],
128 ((u8 *)cmd->data_buf)[6], ((u8 *)cmd->data_buf)[7]);
130 /* Fill the SMU command buffer */
131 smu->cmd_buf->cmd = cmd->cmd;
132 smu->cmd_buf->length = cmd->data_len;
133 memcpy(smu->cmd_buf->data, cmd->data_buf, cmd->data_len);
135 /* Flush command and data to RAM */
136 faddr = (unsigned long)smu->cmd_buf;
137 fend = faddr + smu->cmd_buf->length + 2;
138 flush_inval_dcache_range(faddr, fend);
141 /* We also disable NAP mode for the duration of the command
142 * on U3 based machines.
143 * This is slightly racy as it can be written back to 1 by a sysctl
144 * but that never happens in practice. There seem to be an issue with
145 * U3 based machines such as the iMac G5 where napping for the
146 * whole duration of the command prevents the SMU from fetching it
147 * from memory. This might be related to the strange i2c based
148 * mechanism the SMU uses to access memory.
150 if (smu->broken_nap)
151 powersave_nap = 0;
153 /* This isn't exactly a DMA mapping here, I suspect
154 * the SMU is actually communicating with us via i2c to the
155 * northbridge or the CPU to access RAM.
157 writel(smu->cmd_buf_abs, smu->db_buf);
159 /* Ring the SMU doorbell */
160 pmac_do_feature_call(PMAC_FTR_WRITE_GPIO, NULL, smu->doorbell, 4);
164 static irqreturn_t smu_db_intr(int irq, void *arg)
166 unsigned long flags;
167 struct smu_cmd *cmd;
168 void (*done)(struct smu_cmd *cmd, void *misc) = NULL;
169 void *misc = NULL;
170 u8 gpio;
171 int rc = 0;
173 /* SMU completed the command, well, we hope, let's make sure
174 * of it
176 spin_lock_irqsave(&smu->lock, flags);
178 gpio = pmac_do_feature_call(PMAC_FTR_READ_GPIO, NULL, smu->doorbell);
179 if ((gpio & 7) != 7) {
180 spin_unlock_irqrestore(&smu->lock, flags);
181 return IRQ_HANDLED;
184 cmd = smu->cmd_cur;
185 smu->cmd_cur = NULL;
186 if (cmd == NULL)
187 goto bail;
189 if (rc == 0) {
190 unsigned long faddr;
191 int reply_len;
192 u8 ack;
194 /* CPU might have brought back the cache line, so we need
195 * to flush again before peeking at the SMU response. We
196 * flush the entire buffer for now as we haven't read the
197 * reply length (it's only 2 cache lines anyway)
199 faddr = (unsigned long)smu->cmd_buf;
200 flush_inval_dcache_range(faddr, faddr + 256);
202 /* Now check ack */
203 ack = (~cmd->cmd) & 0xff;
204 if (ack != smu->cmd_buf->cmd) {
205 DPRINTK("SMU: incorrect ack, want %x got %x\n",
206 ack, smu->cmd_buf->cmd);
207 rc = -EIO;
209 reply_len = rc == 0 ? smu->cmd_buf->length : 0;
210 DPRINTK("SMU: reply len: %d\n", reply_len);
211 if (reply_len > cmd->reply_len) {
212 printk(KERN_WARNING "SMU: reply buffer too small,"
213 "got %d bytes for a %d bytes buffer\n",
214 reply_len, cmd->reply_len);
215 reply_len = cmd->reply_len;
217 cmd->reply_len = reply_len;
218 if (cmd->reply_buf && reply_len)
219 memcpy(cmd->reply_buf, smu->cmd_buf->data, reply_len);
222 /* Now complete the command. Write status last in order as we lost
223 * ownership of the command structure as soon as it's no longer -1
225 done = cmd->done;
226 misc = cmd->misc;
227 mb();
228 cmd->status = rc;
230 /* Re-enable NAP mode */
231 if (smu->broken_nap)
232 powersave_nap = 1;
233 bail:
234 /* Start next command if any */
235 smu_start_cmd();
236 spin_unlock_irqrestore(&smu->lock, flags);
238 /* Call command completion handler if any */
239 if (done)
240 done(cmd, misc);
242 /* It's an edge interrupt, nothing to do */
243 return IRQ_HANDLED;
247 static irqreturn_t smu_msg_intr(int irq, void *arg)
249 /* I don't quite know what to do with this one, we seem to never
250 * receive it, so I suspect we have to arm it someway in the SMU
251 * to start getting events that way.
254 printk(KERN_INFO "SMU: message interrupt !\n");
256 /* It's an edge interrupt, nothing to do */
257 return IRQ_HANDLED;
262 * Queued command management.
266 int smu_queue_cmd(struct smu_cmd *cmd)
268 unsigned long flags;
270 if (smu == NULL)
271 return -ENODEV;
272 if (cmd->data_len > SMU_MAX_DATA ||
273 cmd->reply_len > SMU_MAX_DATA)
274 return -EINVAL;
276 cmd->status = 1;
277 spin_lock_irqsave(&smu->lock, flags);
278 list_add_tail(&cmd->link, &smu->cmd_list);
279 if (smu->cmd_cur == NULL)
280 smu_start_cmd();
281 spin_unlock_irqrestore(&smu->lock, flags);
283 /* Workaround for early calls when irq isn't available */
284 if (!smu_irq_inited || smu->db_irq == NO_IRQ)
285 smu_spinwait_cmd(cmd);
287 return 0;
289 EXPORT_SYMBOL(smu_queue_cmd);
292 int smu_queue_simple(struct smu_simple_cmd *scmd, u8 command,
293 unsigned int data_len,
294 void (*done)(struct smu_cmd *cmd, void *misc),
295 void *misc, ...)
297 struct smu_cmd *cmd = &scmd->cmd;
298 va_list list;
299 int i;
301 if (data_len > sizeof(scmd->buffer))
302 return -EINVAL;
304 memset(scmd, 0, sizeof(*scmd));
305 cmd->cmd = command;
306 cmd->data_len = data_len;
307 cmd->data_buf = scmd->buffer;
308 cmd->reply_len = sizeof(scmd->buffer);
309 cmd->reply_buf = scmd->buffer;
310 cmd->done = done;
311 cmd->misc = misc;
313 va_start(list, misc);
314 for (i = 0; i < data_len; ++i)
315 scmd->buffer[i] = (u8)va_arg(list, int);
316 va_end(list);
318 return smu_queue_cmd(cmd);
320 EXPORT_SYMBOL(smu_queue_simple);
323 void smu_poll(void)
325 u8 gpio;
327 if (smu == NULL)
328 return;
330 gpio = pmac_do_feature_call(PMAC_FTR_READ_GPIO, NULL, smu->doorbell);
331 if ((gpio & 7) == 7)
332 smu_db_intr(smu->db_irq, smu);
334 EXPORT_SYMBOL(smu_poll);
337 void smu_done_complete(struct smu_cmd *cmd, void *misc)
339 struct completion *comp = misc;
341 complete(comp);
343 EXPORT_SYMBOL(smu_done_complete);
346 void smu_spinwait_cmd(struct smu_cmd *cmd)
348 while(cmd->status == 1)
349 smu_poll();
351 EXPORT_SYMBOL(smu_spinwait_cmd);
354 /* RTC low level commands */
355 static inline int bcd2hex (int n)
357 return (((n & 0xf0) >> 4) * 10) + (n & 0xf);
361 static inline int hex2bcd (int n)
363 return ((n / 10) << 4) + (n % 10);
367 static inline void smu_fill_set_rtc_cmd(struct smu_cmd_buf *cmd_buf,
368 struct rtc_time *time)
370 cmd_buf->cmd = 0x8e;
371 cmd_buf->length = 8;
372 cmd_buf->data[0] = 0x80;
373 cmd_buf->data[1] = hex2bcd(time->tm_sec);
374 cmd_buf->data[2] = hex2bcd(time->tm_min);
375 cmd_buf->data[3] = hex2bcd(time->tm_hour);
376 cmd_buf->data[4] = time->tm_wday;
377 cmd_buf->data[5] = hex2bcd(time->tm_mday);
378 cmd_buf->data[6] = hex2bcd(time->tm_mon) + 1;
379 cmd_buf->data[7] = hex2bcd(time->tm_year - 100);
383 int smu_get_rtc_time(struct rtc_time *time, int spinwait)
385 struct smu_simple_cmd cmd;
386 int rc;
388 if (smu == NULL)
389 return -ENODEV;
391 memset(time, 0, sizeof(struct rtc_time));
392 rc = smu_queue_simple(&cmd, SMU_CMD_RTC_COMMAND, 1, NULL, NULL,
393 SMU_CMD_RTC_GET_DATETIME);
394 if (rc)
395 return rc;
396 smu_spinwait_simple(&cmd);
398 time->tm_sec = bcd2hex(cmd.buffer[0]);
399 time->tm_min = bcd2hex(cmd.buffer[1]);
400 time->tm_hour = bcd2hex(cmd.buffer[2]);
401 time->tm_wday = bcd2hex(cmd.buffer[3]);
402 time->tm_mday = bcd2hex(cmd.buffer[4]);
403 time->tm_mon = bcd2hex(cmd.buffer[5]) - 1;
404 time->tm_year = bcd2hex(cmd.buffer[6]) + 100;
406 return 0;
410 int smu_set_rtc_time(struct rtc_time *time, int spinwait)
412 struct smu_simple_cmd cmd;
413 int rc;
415 if (smu == NULL)
416 return -ENODEV;
418 rc = smu_queue_simple(&cmd, SMU_CMD_RTC_COMMAND, 8, NULL, NULL,
419 SMU_CMD_RTC_SET_DATETIME,
420 hex2bcd(time->tm_sec),
421 hex2bcd(time->tm_min),
422 hex2bcd(time->tm_hour),
423 time->tm_wday,
424 hex2bcd(time->tm_mday),
425 hex2bcd(time->tm_mon) + 1,
426 hex2bcd(time->tm_year - 100));
427 if (rc)
428 return rc;
429 smu_spinwait_simple(&cmd);
431 return 0;
435 void smu_shutdown(void)
437 struct smu_simple_cmd cmd;
439 if (smu == NULL)
440 return;
442 if (smu_queue_simple(&cmd, SMU_CMD_POWER_COMMAND, 9, NULL, NULL,
443 'S', 'H', 'U', 'T', 'D', 'O', 'W', 'N', 0))
444 return;
445 smu_spinwait_simple(&cmd);
446 for (;;)
451 void smu_restart(void)
453 struct smu_simple_cmd cmd;
455 if (smu == NULL)
456 return;
458 if (smu_queue_simple(&cmd, SMU_CMD_POWER_COMMAND, 8, NULL, NULL,
459 'R', 'E', 'S', 'T', 'A', 'R', 'T', 0))
460 return;
461 smu_spinwait_simple(&cmd);
462 for (;;)
467 int smu_present(void)
469 return smu != NULL;
471 EXPORT_SYMBOL(smu_present);
474 int __init smu_init (void)
476 struct device_node *np;
477 const u32 *data;
478 int ret = 0;
480 np = of_find_node_by_type(NULL, "smu");
481 if (np == NULL)
482 return -ENODEV;
484 printk(KERN_INFO "SMU: Driver %s %s\n", VERSION, AUTHOR);
486 if (smu_cmdbuf_abs == 0) {
487 printk(KERN_ERR "SMU: Command buffer not allocated !\n");
488 ret = -EINVAL;
489 goto fail_np;
492 smu = alloc_bootmem(sizeof(struct smu_device));
494 spin_lock_init(&smu->lock);
495 INIT_LIST_HEAD(&smu->cmd_list);
496 INIT_LIST_HEAD(&smu->cmd_i2c_list);
497 smu->of_node = np;
498 smu->db_irq = NO_IRQ;
499 smu->msg_irq = NO_IRQ;
501 /* smu_cmdbuf_abs is in the low 2G of RAM, can be converted to a
502 * 32 bits value safely
504 smu->cmd_buf_abs = (u32)smu_cmdbuf_abs;
505 smu->cmd_buf = (struct smu_cmd_buf *)abs_to_virt(smu_cmdbuf_abs);
507 smu->db_node = of_find_node_by_name(NULL, "smu-doorbell");
508 if (smu->db_node == NULL) {
509 printk(KERN_ERR "SMU: Can't find doorbell GPIO !\n");
510 ret = -ENXIO;
511 goto fail_bootmem;
513 data = of_get_property(smu->db_node, "reg", NULL);
514 if (data == NULL) {
515 printk(KERN_ERR "SMU: Can't find doorbell GPIO address !\n");
516 ret = -ENXIO;
517 goto fail_db_node;
520 /* Current setup has one doorbell GPIO that does both doorbell
521 * and ack. GPIOs are at 0x50, best would be to find that out
522 * in the device-tree though.
524 smu->doorbell = *data;
525 if (smu->doorbell < 0x50)
526 smu->doorbell += 0x50;
528 /* Now look for the smu-interrupt GPIO */
529 do {
530 smu->msg_node = of_find_node_by_name(NULL, "smu-interrupt");
531 if (smu->msg_node == NULL)
532 break;
533 data = of_get_property(smu->msg_node, "reg", NULL);
534 if (data == NULL) {
535 of_node_put(smu->msg_node);
536 smu->msg_node = NULL;
537 break;
539 smu->msg = *data;
540 if (smu->msg < 0x50)
541 smu->msg += 0x50;
542 } while(0);
544 /* Doorbell buffer is currently hard-coded, I didn't find a proper
545 * device-tree entry giving the address. Best would probably to use
546 * an offset for K2 base though, but let's do it that way for now.
548 smu->db_buf = ioremap(0x8000860c, 0x1000);
549 if (smu->db_buf == NULL) {
550 printk(KERN_ERR "SMU: Can't map doorbell buffer pointer !\n");
551 ret = -ENXIO;
552 goto fail_msg_node;
555 /* U3 has an issue with NAP mode when issuing SMU commands */
556 smu->broken_nap = pmac_get_uninorth_variant() < 4;
557 if (smu->broken_nap)
558 printk(KERN_INFO "SMU: using NAP mode workaround\n");
560 sys_ctrler = SYS_CTRLER_SMU;
561 return 0;
563 fail_msg_node:
564 if (smu->msg_node)
565 of_node_put(smu->msg_node);
566 fail_db_node:
567 of_node_put(smu->db_node);
568 fail_bootmem:
569 free_bootmem((unsigned long)smu, sizeof(struct smu_device));
570 smu = NULL;
571 fail_np:
572 of_node_put(np);
573 return ret;
577 static int smu_late_init(void)
579 if (!smu)
580 return 0;
582 init_timer(&smu->i2c_timer);
583 smu->i2c_timer.function = smu_i2c_retry;
584 smu->i2c_timer.data = (unsigned long)smu;
586 if (smu->db_node) {
587 smu->db_irq = irq_of_parse_and_map(smu->db_node, 0);
588 if (smu->db_irq == NO_IRQ)
589 printk(KERN_ERR "smu: failed to map irq for node %s\n",
590 smu->db_node->full_name);
592 if (smu->msg_node) {
593 smu->msg_irq = irq_of_parse_and_map(smu->msg_node, 0);
594 if (smu->msg_irq == NO_IRQ)
595 printk(KERN_ERR "smu: failed to map irq for node %s\n",
596 smu->msg_node->full_name);
600 * Try to request the interrupts
603 if (smu->db_irq != NO_IRQ) {
604 if (request_irq(smu->db_irq, smu_db_intr,
605 IRQF_SHARED, "SMU doorbell", smu) < 0) {
606 printk(KERN_WARNING "SMU: can't "
607 "request interrupt %d\n",
608 smu->db_irq);
609 smu->db_irq = NO_IRQ;
613 if (smu->msg_irq != NO_IRQ) {
614 if (request_irq(smu->msg_irq, smu_msg_intr,
615 IRQF_SHARED, "SMU message", smu) < 0) {
616 printk(KERN_WARNING "SMU: can't "
617 "request interrupt %d\n",
618 smu->msg_irq);
619 smu->msg_irq = NO_IRQ;
623 smu_irq_inited = 1;
624 return 0;
626 /* This has to be before arch_initcall as the low i2c stuff relies on the
627 * above having been done before we reach arch_initcalls
629 core_initcall(smu_late_init);
632 * sysfs visibility
635 static void smu_expose_childs(struct work_struct *unused)
637 struct device_node *np;
639 for (np = NULL; (np = of_get_next_child(smu->of_node, np)) != NULL;)
640 if (of_device_is_compatible(np, "smu-sensors"))
641 of_platform_device_create(np, "smu-sensors",
642 &smu->of_dev->dev);
645 static DECLARE_WORK(smu_expose_childs_work, smu_expose_childs);
647 static int smu_platform_probe(struct platform_device* dev)
649 if (!smu)
650 return -ENODEV;
651 smu->of_dev = dev;
654 * Ok, we are matched, now expose all i2c busses. We have to defer
655 * that unfortunately or it would deadlock inside the device model
657 schedule_work(&smu_expose_childs_work);
659 return 0;
662 static const struct of_device_id smu_platform_match[] =
665 .type = "smu",
670 static struct platform_driver smu_of_platform_driver =
672 .driver = {
673 .name = "smu",
674 .owner = THIS_MODULE,
675 .of_match_table = smu_platform_match,
677 .probe = smu_platform_probe,
680 static int __init smu_init_sysfs(void)
683 * For now, we don't power manage machines with an SMU chip,
684 * I'm a bit too far from figuring out how that works with those
685 * new chipsets, but that will come back and bite us
687 platform_driver_register(&smu_of_platform_driver);
688 return 0;
691 device_initcall(smu_init_sysfs);
693 struct platform_device *smu_get_ofdev(void)
695 if (!smu)
696 return NULL;
697 return smu->of_dev;
700 EXPORT_SYMBOL_GPL(smu_get_ofdev);
703 * i2c interface
706 static void smu_i2c_complete_command(struct smu_i2c_cmd *cmd, int fail)
708 void (*done)(struct smu_i2c_cmd *cmd, void *misc) = cmd->done;
709 void *misc = cmd->misc;
710 unsigned long flags;
712 /* Check for read case */
713 if (!fail && cmd->read) {
714 if (cmd->pdata[0] < 1)
715 fail = 1;
716 else
717 memcpy(cmd->info.data, &cmd->pdata[1],
718 cmd->info.datalen);
721 DPRINTK("SMU: completing, success: %d\n", !fail);
723 /* Update status and mark no pending i2c command with lock
724 * held so nobody comes in while we dequeue an eventual
725 * pending next i2c command
727 spin_lock_irqsave(&smu->lock, flags);
728 smu->cmd_i2c_cur = NULL;
729 wmb();
730 cmd->status = fail ? -EIO : 0;
732 /* Is there another i2c command waiting ? */
733 if (!list_empty(&smu->cmd_i2c_list)) {
734 struct smu_i2c_cmd *newcmd;
736 /* Fetch it, new current, remove from list */
737 newcmd = list_entry(smu->cmd_i2c_list.next,
738 struct smu_i2c_cmd, link);
739 smu->cmd_i2c_cur = newcmd;
740 list_del(&cmd->link);
742 /* Queue with low level smu */
743 list_add_tail(&cmd->scmd.link, &smu->cmd_list);
744 if (smu->cmd_cur == NULL)
745 smu_start_cmd();
747 spin_unlock_irqrestore(&smu->lock, flags);
749 /* Call command completion handler if any */
750 if (done)
751 done(cmd, misc);
756 static void smu_i2c_retry(unsigned long data)
758 struct smu_i2c_cmd *cmd = smu->cmd_i2c_cur;
760 DPRINTK("SMU: i2c failure, requeuing...\n");
762 /* requeue command simply by resetting reply_len */
763 cmd->pdata[0] = 0xff;
764 cmd->scmd.reply_len = sizeof(cmd->pdata);
765 smu_queue_cmd(&cmd->scmd);
769 static void smu_i2c_low_completion(struct smu_cmd *scmd, void *misc)
771 struct smu_i2c_cmd *cmd = misc;
772 int fail = 0;
774 DPRINTK("SMU: i2c compl. stage=%d status=%x pdata[0]=%x rlen: %x\n",
775 cmd->stage, scmd->status, cmd->pdata[0], scmd->reply_len);
777 /* Check for possible status */
778 if (scmd->status < 0)
779 fail = 1;
780 else if (cmd->read) {
781 if (cmd->stage == 0)
782 fail = cmd->pdata[0] != 0;
783 else
784 fail = cmd->pdata[0] >= 0x80;
785 } else {
786 fail = cmd->pdata[0] != 0;
789 /* Handle failures by requeuing command, after 5ms interval
791 if (fail && --cmd->retries > 0) {
792 DPRINTK("SMU: i2c failure, starting timer...\n");
793 BUG_ON(cmd != smu->cmd_i2c_cur);
794 if (!smu_irq_inited) {
795 mdelay(5);
796 smu_i2c_retry(0);
797 return;
799 mod_timer(&smu->i2c_timer, jiffies + msecs_to_jiffies(5));
800 return;
803 /* If failure or stage 1, command is complete */
804 if (fail || cmd->stage != 0) {
805 smu_i2c_complete_command(cmd, fail);
806 return;
809 DPRINTK("SMU: going to stage 1\n");
811 /* Ok, initial command complete, now poll status */
812 scmd->reply_buf = cmd->pdata;
813 scmd->reply_len = sizeof(cmd->pdata);
814 scmd->data_buf = cmd->pdata;
815 scmd->data_len = 1;
816 cmd->pdata[0] = 0;
817 cmd->stage = 1;
818 cmd->retries = 20;
819 smu_queue_cmd(scmd);
823 int smu_queue_i2c(struct smu_i2c_cmd *cmd)
825 unsigned long flags;
827 if (smu == NULL)
828 return -ENODEV;
830 /* Fill most fields of scmd */
831 cmd->scmd.cmd = SMU_CMD_I2C_COMMAND;
832 cmd->scmd.done = smu_i2c_low_completion;
833 cmd->scmd.misc = cmd;
834 cmd->scmd.reply_buf = cmd->pdata;
835 cmd->scmd.reply_len = sizeof(cmd->pdata);
836 cmd->scmd.data_buf = (u8 *)(char *)&cmd->info;
837 cmd->scmd.status = 1;
838 cmd->stage = 0;
839 cmd->pdata[0] = 0xff;
840 cmd->retries = 20;
841 cmd->status = 1;
843 /* Check transfer type, sanitize some "info" fields
844 * based on transfer type and do more checking
846 cmd->info.caddr = cmd->info.devaddr;
847 cmd->read = cmd->info.devaddr & 0x01;
848 switch(cmd->info.type) {
849 case SMU_I2C_TRANSFER_SIMPLE:
850 memset(&cmd->info.sublen, 0, 4);
851 break;
852 case SMU_I2C_TRANSFER_COMBINED:
853 cmd->info.devaddr &= 0xfe;
854 case SMU_I2C_TRANSFER_STDSUB:
855 if (cmd->info.sublen > 3)
856 return -EINVAL;
857 break;
858 default:
859 return -EINVAL;
862 /* Finish setting up command based on transfer direction
864 if (cmd->read) {
865 if (cmd->info.datalen > SMU_I2C_READ_MAX)
866 return -EINVAL;
867 memset(cmd->info.data, 0xff, cmd->info.datalen);
868 cmd->scmd.data_len = 9;
869 } else {
870 if (cmd->info.datalen > SMU_I2C_WRITE_MAX)
871 return -EINVAL;
872 cmd->scmd.data_len = 9 + cmd->info.datalen;
875 DPRINTK("SMU: i2c enqueuing command\n");
876 DPRINTK("SMU: %s, len=%d bus=%x addr=%x sub0=%x type=%x\n",
877 cmd->read ? "read" : "write", cmd->info.datalen,
878 cmd->info.bus, cmd->info.caddr,
879 cmd->info.subaddr[0], cmd->info.type);
882 /* Enqueue command in i2c list, and if empty, enqueue also in
883 * main command list
885 spin_lock_irqsave(&smu->lock, flags);
886 if (smu->cmd_i2c_cur == NULL) {
887 smu->cmd_i2c_cur = cmd;
888 list_add_tail(&cmd->scmd.link, &smu->cmd_list);
889 if (smu->cmd_cur == NULL)
890 smu_start_cmd();
891 } else
892 list_add_tail(&cmd->link, &smu->cmd_i2c_list);
893 spin_unlock_irqrestore(&smu->lock, flags);
895 return 0;
899 * Handling of "partitions"
902 static int smu_read_datablock(u8 *dest, unsigned int addr, unsigned int len)
904 DECLARE_COMPLETION_ONSTACK(comp);
905 unsigned int chunk;
906 struct smu_cmd cmd;
907 int rc;
908 u8 params[8];
910 /* We currently use a chunk size of 0xe. We could check the
911 * SMU firmware version and use bigger sizes though
913 chunk = 0xe;
915 while (len) {
916 unsigned int clen = min(len, chunk);
918 cmd.cmd = SMU_CMD_MISC_ee_COMMAND;
919 cmd.data_len = 7;
920 cmd.data_buf = params;
921 cmd.reply_len = chunk;
922 cmd.reply_buf = dest;
923 cmd.done = smu_done_complete;
924 cmd.misc = &comp;
925 params[0] = SMU_CMD_MISC_ee_GET_DATABLOCK_REC;
926 params[1] = 0x4;
927 *((u32 *)&params[2]) = addr;
928 params[6] = clen;
930 rc = smu_queue_cmd(&cmd);
931 if (rc)
932 return rc;
933 wait_for_completion(&comp);
934 if (cmd.status != 0)
935 return rc;
936 if (cmd.reply_len != clen) {
937 printk(KERN_DEBUG "SMU: short read in "
938 "smu_read_datablock, got: %d, want: %d\n",
939 cmd.reply_len, clen);
940 return -EIO;
942 len -= clen;
943 addr += clen;
944 dest += clen;
946 return 0;
949 static struct smu_sdbp_header *smu_create_sdb_partition(int id)
951 DECLARE_COMPLETION_ONSTACK(comp);
952 struct smu_simple_cmd cmd;
953 unsigned int addr, len, tlen;
954 struct smu_sdbp_header *hdr;
955 struct property *prop;
957 /* First query the partition info */
958 DPRINTK("SMU: Query partition infos ... (irq=%d)\n", smu->db_irq);
959 smu_queue_simple(&cmd, SMU_CMD_PARTITION_COMMAND, 2,
960 smu_done_complete, &comp,
961 SMU_CMD_PARTITION_LATEST, id);
962 wait_for_completion(&comp);
963 DPRINTK("SMU: done, status: %d, reply_len: %d\n",
964 cmd.cmd.status, cmd.cmd.reply_len);
966 /* Partition doesn't exist (or other error) */
967 if (cmd.cmd.status != 0 || cmd.cmd.reply_len != 6)
968 return NULL;
970 /* Fetch address and length from reply */
971 addr = *((u16 *)cmd.buffer);
972 len = cmd.buffer[3] << 2;
973 /* Calucluate total length to allocate, including the 17 bytes
974 * for "sdb-partition-XX" that we append at the end of the buffer
976 tlen = sizeof(struct property) + len + 18;
978 prop = kzalloc(tlen, GFP_KERNEL);
979 if (prop == NULL)
980 return NULL;
981 hdr = (struct smu_sdbp_header *)(prop + 1);
982 prop->name = ((char *)prop) + tlen - 18;
983 sprintf(prop->name, "sdb-partition-%02x", id);
984 prop->length = len;
985 prop->value = hdr;
986 prop->next = NULL;
988 /* Read the datablock */
989 if (smu_read_datablock((u8 *)hdr, addr, len)) {
990 printk(KERN_DEBUG "SMU: datablock read failed while reading "
991 "partition %02x !\n", id);
992 goto failure;
995 /* Got it, check a few things and create the property */
996 if (hdr->id != id) {
997 printk(KERN_DEBUG "SMU: Reading partition %02x and got "
998 "%02x !\n", id, hdr->id);
999 goto failure;
1001 if (prom_add_property(smu->of_node, prop)) {
1002 printk(KERN_DEBUG "SMU: Failed creating sdb-partition-%02x "
1003 "property !\n", id);
1004 goto failure;
1007 return hdr;
1008 failure:
1009 kfree(prop);
1010 return NULL;
1013 /* Note: Only allowed to return error code in pointers (using ERR_PTR)
1014 * when interruptible is 1
1016 const struct smu_sdbp_header *__smu_get_sdb_partition(int id,
1017 unsigned int *size, int interruptible)
1019 char pname[32];
1020 const struct smu_sdbp_header *part;
1022 if (!smu)
1023 return NULL;
1025 sprintf(pname, "sdb-partition-%02x", id);
1027 DPRINTK("smu_get_sdb_partition(%02x)\n", id);
1029 if (interruptible) {
1030 int rc;
1031 rc = mutex_lock_interruptible(&smu_part_access);
1032 if (rc)
1033 return ERR_PTR(rc);
1034 } else
1035 mutex_lock(&smu_part_access);
1037 part = of_get_property(smu->of_node, pname, size);
1038 if (part == NULL) {
1039 DPRINTK("trying to extract from SMU ...\n");
1040 part = smu_create_sdb_partition(id);
1041 if (part != NULL && size)
1042 *size = part->len << 2;
1044 mutex_unlock(&smu_part_access);
1045 return part;
1048 const struct smu_sdbp_header *smu_get_sdb_partition(int id, unsigned int *size)
1050 return __smu_get_sdb_partition(id, size, 0);
1052 EXPORT_SYMBOL(smu_get_sdb_partition);
1056 * Userland driver interface
1060 static LIST_HEAD(smu_clist);
1061 static DEFINE_SPINLOCK(smu_clist_lock);
1063 enum smu_file_mode {
1064 smu_file_commands,
1065 smu_file_events,
1066 smu_file_closing
1069 struct smu_private
1071 struct list_head list;
1072 enum smu_file_mode mode;
1073 int busy;
1074 struct smu_cmd cmd;
1075 spinlock_t lock;
1076 wait_queue_head_t wait;
1077 u8 buffer[SMU_MAX_DATA];
1081 static int smu_open(struct inode *inode, struct file *file)
1083 struct smu_private *pp;
1084 unsigned long flags;
1086 pp = kzalloc(sizeof(struct smu_private), GFP_KERNEL);
1087 if (pp == 0)
1088 return -ENOMEM;
1089 spin_lock_init(&pp->lock);
1090 pp->mode = smu_file_commands;
1091 init_waitqueue_head(&pp->wait);
1093 mutex_lock(&smu_mutex);
1094 spin_lock_irqsave(&smu_clist_lock, flags);
1095 list_add(&pp->list, &smu_clist);
1096 spin_unlock_irqrestore(&smu_clist_lock, flags);
1097 file->private_data = pp;
1098 mutex_unlock(&smu_mutex);
1100 return 0;
1104 static void smu_user_cmd_done(struct smu_cmd *cmd, void *misc)
1106 struct smu_private *pp = misc;
1108 wake_up_all(&pp->wait);
1112 static ssize_t smu_write(struct file *file, const char __user *buf,
1113 size_t count, loff_t *ppos)
1115 struct smu_private *pp = file->private_data;
1116 unsigned long flags;
1117 struct smu_user_cmd_hdr hdr;
1118 int rc = 0;
1120 if (pp->busy)
1121 return -EBUSY;
1122 else if (copy_from_user(&hdr, buf, sizeof(hdr)))
1123 return -EFAULT;
1124 else if (hdr.cmdtype == SMU_CMDTYPE_WANTS_EVENTS) {
1125 pp->mode = smu_file_events;
1126 return 0;
1127 } else if (hdr.cmdtype == SMU_CMDTYPE_GET_PARTITION) {
1128 const struct smu_sdbp_header *part;
1129 part = __smu_get_sdb_partition(hdr.cmd, NULL, 1);
1130 if (part == NULL)
1131 return -EINVAL;
1132 else if (IS_ERR(part))
1133 return PTR_ERR(part);
1134 return 0;
1135 } else if (hdr.cmdtype != SMU_CMDTYPE_SMU)
1136 return -EINVAL;
1137 else if (pp->mode != smu_file_commands)
1138 return -EBADFD;
1139 else if (hdr.data_len > SMU_MAX_DATA)
1140 return -EINVAL;
1142 spin_lock_irqsave(&pp->lock, flags);
1143 if (pp->busy) {
1144 spin_unlock_irqrestore(&pp->lock, flags);
1145 return -EBUSY;
1147 pp->busy = 1;
1148 pp->cmd.status = 1;
1149 spin_unlock_irqrestore(&pp->lock, flags);
1151 if (copy_from_user(pp->buffer, buf + sizeof(hdr), hdr.data_len)) {
1152 pp->busy = 0;
1153 return -EFAULT;
1156 pp->cmd.cmd = hdr.cmd;
1157 pp->cmd.data_len = hdr.data_len;
1158 pp->cmd.reply_len = SMU_MAX_DATA;
1159 pp->cmd.data_buf = pp->buffer;
1160 pp->cmd.reply_buf = pp->buffer;
1161 pp->cmd.done = smu_user_cmd_done;
1162 pp->cmd.misc = pp;
1163 rc = smu_queue_cmd(&pp->cmd);
1164 if (rc < 0)
1165 return rc;
1166 return count;
1170 static ssize_t smu_read_command(struct file *file, struct smu_private *pp,
1171 char __user *buf, size_t count)
1173 DECLARE_WAITQUEUE(wait, current);
1174 struct smu_user_reply_hdr hdr;
1175 unsigned long flags;
1176 int size, rc = 0;
1178 if (!pp->busy)
1179 return 0;
1180 if (count < sizeof(struct smu_user_reply_hdr))
1181 return -EOVERFLOW;
1182 spin_lock_irqsave(&pp->lock, flags);
1183 if (pp->cmd.status == 1) {
1184 if (file->f_flags & O_NONBLOCK) {
1185 spin_unlock_irqrestore(&pp->lock, flags);
1186 return -EAGAIN;
1188 add_wait_queue(&pp->wait, &wait);
1189 for (;;) {
1190 set_current_state(TASK_INTERRUPTIBLE);
1191 rc = 0;
1192 if (pp->cmd.status != 1)
1193 break;
1194 rc = -ERESTARTSYS;
1195 if (signal_pending(current))
1196 break;
1197 spin_unlock_irqrestore(&pp->lock, flags);
1198 schedule();
1199 spin_lock_irqsave(&pp->lock, flags);
1201 set_current_state(TASK_RUNNING);
1202 remove_wait_queue(&pp->wait, &wait);
1204 spin_unlock_irqrestore(&pp->lock, flags);
1205 if (rc)
1206 return rc;
1207 if (pp->cmd.status != 0)
1208 pp->cmd.reply_len = 0;
1209 size = sizeof(hdr) + pp->cmd.reply_len;
1210 if (count < size)
1211 size = count;
1212 rc = size;
1213 hdr.status = pp->cmd.status;
1214 hdr.reply_len = pp->cmd.reply_len;
1215 if (copy_to_user(buf, &hdr, sizeof(hdr)))
1216 return -EFAULT;
1217 size -= sizeof(hdr);
1218 if (size && copy_to_user(buf + sizeof(hdr), pp->buffer, size))
1219 return -EFAULT;
1220 pp->busy = 0;
1222 return rc;
1226 static ssize_t smu_read_events(struct file *file, struct smu_private *pp,
1227 char __user *buf, size_t count)
1229 /* Not implemented */
1230 msleep_interruptible(1000);
1231 return 0;
1235 static ssize_t smu_read(struct file *file, char __user *buf,
1236 size_t count, loff_t *ppos)
1238 struct smu_private *pp = file->private_data;
1240 if (pp->mode == smu_file_commands)
1241 return smu_read_command(file, pp, buf, count);
1242 if (pp->mode == smu_file_events)
1243 return smu_read_events(file, pp, buf, count);
1245 return -EBADFD;
1248 static unsigned int smu_fpoll(struct file *file, poll_table *wait)
1250 struct smu_private *pp = file->private_data;
1251 unsigned int mask = 0;
1252 unsigned long flags;
1254 if (pp == 0)
1255 return 0;
1257 if (pp->mode == smu_file_commands) {
1258 poll_wait(file, &pp->wait, wait);
1260 spin_lock_irqsave(&pp->lock, flags);
1261 if (pp->busy && pp->cmd.status != 1)
1262 mask |= POLLIN;
1263 spin_unlock_irqrestore(&pp->lock, flags);
1264 } if (pp->mode == smu_file_events) {
1265 /* Not yet implemented */
1267 return mask;
1270 static int smu_release(struct inode *inode, struct file *file)
1272 struct smu_private *pp = file->private_data;
1273 unsigned long flags;
1274 unsigned int busy;
1276 if (pp == 0)
1277 return 0;
1279 file->private_data = NULL;
1281 /* Mark file as closing to avoid races with new request */
1282 spin_lock_irqsave(&pp->lock, flags);
1283 pp->mode = smu_file_closing;
1284 busy = pp->busy;
1286 /* Wait for any pending request to complete */
1287 if (busy && pp->cmd.status == 1) {
1288 DECLARE_WAITQUEUE(wait, current);
1290 add_wait_queue(&pp->wait, &wait);
1291 for (;;) {
1292 set_current_state(TASK_UNINTERRUPTIBLE);
1293 if (pp->cmd.status != 1)
1294 break;
1295 spin_unlock_irqrestore(&pp->lock, flags);
1296 schedule();
1297 spin_lock_irqsave(&pp->lock, flags);
1299 set_current_state(TASK_RUNNING);
1300 remove_wait_queue(&pp->wait, &wait);
1302 spin_unlock_irqrestore(&pp->lock, flags);
1304 spin_lock_irqsave(&smu_clist_lock, flags);
1305 list_del(&pp->list);
1306 spin_unlock_irqrestore(&smu_clist_lock, flags);
1307 kfree(pp);
1309 return 0;
1313 static const struct file_operations smu_device_fops = {
1314 .llseek = no_llseek,
1315 .read = smu_read,
1316 .write = smu_write,
1317 .poll = smu_fpoll,
1318 .open = smu_open,
1319 .release = smu_release,
1322 static struct miscdevice pmu_device = {
1323 MISC_DYNAMIC_MINOR, "smu", &smu_device_fops
1326 static int smu_device_init(void)
1328 if (!smu)
1329 return -ENODEV;
1330 if (misc_register(&pmu_device) < 0)
1331 printk(KERN_ERR "via-pmu: cannot register misc device.\n");
1332 return 0;
1334 device_initcall(smu_device_init);