Avoid beyond bounds copy while caching ACL
[zen-stable.git] / drivers / macintosh / via-cuda.c
blob971bc9582a5fa488c283a686123f14de88fb51b2
1 /*
2 * Device driver for the via-cuda on Apple Powermacs.
4 * The VIA (versatile interface adapter) interfaces to the CUDA,
5 * a 6805 microprocessor core which controls the ADB (Apple Desktop
6 * Bus) which connects to the keyboard and mouse. The CUDA also
7 * controls system power and the RTC (real time clock) chip.
9 * Copyright (C) 1996 Paul Mackerras.
11 #include <stdarg.h>
12 #include <linux/types.h>
13 #include <linux/errno.h>
14 #include <linux/kernel.h>
15 #include <linux/delay.h>
16 #include <linux/adb.h>
17 #include <linux/cuda.h>
18 #include <linux/spinlock.h>
19 #include <linux/interrupt.h>
20 #ifdef CONFIG_PPC
21 #include <asm/prom.h>
22 #include <asm/machdep.h>
23 #else
24 #include <asm/macintosh.h>
25 #include <asm/macints.h>
26 #include <asm/mac_via.h>
27 #endif
28 #include <asm/io.h>
29 #include <asm/system.h>
30 #include <linux/init.h>
32 static volatile unsigned char __iomem *via;
33 static DEFINE_SPINLOCK(cuda_lock);
35 /* VIA registers - spaced 0x200 bytes apart */
36 #define RS 0x200 /* skip between registers */
37 #define B 0 /* B-side data */
38 #define A RS /* A-side data */
39 #define DIRB (2*RS) /* B-side direction (1=output) */
40 #define DIRA (3*RS) /* A-side direction (1=output) */
41 #define T1CL (4*RS) /* Timer 1 ctr/latch (low 8 bits) */
42 #define T1CH (5*RS) /* Timer 1 counter (high 8 bits) */
43 #define T1LL (6*RS) /* Timer 1 latch (low 8 bits) */
44 #define T1LH (7*RS) /* Timer 1 latch (high 8 bits) */
45 #define T2CL (8*RS) /* Timer 2 ctr/latch (low 8 bits) */
46 #define T2CH (9*RS) /* Timer 2 counter (high 8 bits) */
47 #define SR (10*RS) /* Shift register */
48 #define ACR (11*RS) /* Auxiliary control register */
49 #define PCR (12*RS) /* Peripheral control register */
50 #define IFR (13*RS) /* Interrupt flag register */
51 #define IER (14*RS) /* Interrupt enable register */
52 #define ANH (15*RS) /* A-side data, no handshake */
54 /* Bits in B data register: all active low */
55 #define TREQ 0x08 /* Transfer request (input) */
56 #define TACK 0x10 /* Transfer acknowledge (output) */
57 #define TIP 0x20 /* Transfer in progress (output) */
59 /* Bits in ACR */
60 #define SR_CTRL 0x1c /* Shift register control bits */
61 #define SR_EXT 0x0c /* Shift on external clock */
62 #define SR_OUT 0x10 /* Shift out if 1 */
64 /* Bits in IFR and IER */
65 #define IER_SET 0x80 /* set bits in IER */
66 #define IER_CLR 0 /* clear bits in IER */
67 #define SR_INT 0x04 /* Shift register full/empty */
69 static enum cuda_state {
70 idle,
71 sent_first_byte,
72 sending,
73 reading,
74 read_done,
75 awaiting_reply
76 } cuda_state;
78 static struct adb_request *current_req;
79 static struct adb_request *last_req;
80 static unsigned char cuda_rbuf[16];
81 static unsigned char *reply_ptr;
82 static int reading_reply;
83 static int data_index;
84 static int cuda_irq;
85 #ifdef CONFIG_PPC
86 static struct device_node *vias;
87 #endif
88 static int cuda_fully_inited;
90 #ifdef CONFIG_ADB
91 static int cuda_probe(void);
92 static int cuda_send_request(struct adb_request *req, int sync);
93 static int cuda_adb_autopoll(int devs);
94 static int cuda_reset_adb_bus(void);
95 #endif /* CONFIG_ADB */
97 static int cuda_init_via(void);
98 static void cuda_start(void);
99 static irqreturn_t cuda_interrupt(int irq, void *arg);
100 static void cuda_input(unsigned char *buf, int nb);
101 void cuda_poll(void);
102 static int cuda_write(struct adb_request *req);
104 int cuda_request(struct adb_request *req,
105 void (*done)(struct adb_request *), int nbytes, ...);
107 #ifdef CONFIG_ADB
108 struct adb_driver via_cuda_driver = {
109 .name = "CUDA",
110 .probe = cuda_probe,
111 .send_request = cuda_send_request,
112 .autopoll = cuda_adb_autopoll,
113 .poll = cuda_poll,
114 .reset_bus = cuda_reset_adb_bus,
116 #endif /* CONFIG_ADB */
118 #ifdef CONFIG_MAC
119 int __init find_via_cuda(void)
121 struct adb_request req;
122 int err;
124 if (macintosh_config->adb_type != MAC_ADB_CUDA)
125 return 0;
127 via = via1;
128 cuda_state = idle;
130 err = cuda_init_via();
131 if (err) {
132 printk(KERN_ERR "cuda_init_via() failed\n");
133 via = NULL;
134 return 0;
137 /* enable autopoll */
138 cuda_request(&req, NULL, 3, CUDA_PACKET, CUDA_AUTOPOLL, 1);
139 while (!req.complete)
140 cuda_poll();
142 return 1;
144 #else
145 int __init find_via_cuda(void)
147 struct adb_request req;
148 phys_addr_t taddr;
149 const u32 *reg;
150 int err;
152 if (vias != 0)
153 return 1;
154 vias = of_find_node_by_name(NULL, "via-cuda");
155 if (vias == 0)
156 return 0;
158 reg = of_get_property(vias, "reg", NULL);
159 if (reg == NULL) {
160 printk(KERN_ERR "via-cuda: No \"reg\" property !\n");
161 goto fail;
163 taddr = of_translate_address(vias, reg);
164 if (taddr == 0) {
165 printk(KERN_ERR "via-cuda: Can't translate address !\n");
166 goto fail;
168 via = ioremap(taddr, 0x2000);
169 if (via == NULL) {
170 printk(KERN_ERR "via-cuda: Can't map address !\n");
171 goto fail;
174 cuda_state = idle;
175 sys_ctrler = SYS_CTRLER_CUDA;
177 err = cuda_init_via();
178 if (err) {
179 printk(KERN_ERR "cuda_init_via() failed\n");
180 via = NULL;
181 return 0;
184 /* Clear and enable interrupts, but only on PPC. On 68K it's done */
185 /* for us by the main VIA driver in arch/m68k/mac/via.c */
187 out_8(&via[IFR], 0x7f); /* clear interrupts by writing 1s */
188 out_8(&via[IER], IER_SET|SR_INT); /* enable interrupt from SR */
190 /* enable autopoll */
191 cuda_request(&req, NULL, 3, CUDA_PACKET, CUDA_AUTOPOLL, 1);
192 while (!req.complete)
193 cuda_poll();
195 return 1;
197 fail:
198 of_node_put(vias);
199 vias = NULL;
200 return 0;
202 #endif /* !defined CONFIG_MAC */
204 static int __init via_cuda_start(void)
206 if (via == NULL)
207 return -ENODEV;
209 #ifdef CONFIG_MAC
210 cuda_irq = IRQ_MAC_ADB;
211 #else
212 cuda_irq = irq_of_parse_and_map(vias, 0);
213 if (cuda_irq == NO_IRQ) {
214 printk(KERN_ERR "via-cuda: can't map interrupts for %s\n",
215 vias->full_name);
216 return -ENODEV;
218 #endif
220 if (request_irq(cuda_irq, cuda_interrupt, 0, "ADB", cuda_interrupt)) {
221 printk(KERN_ERR "via-cuda: can't request irq %d\n", cuda_irq);
222 return -EAGAIN;
225 printk("Macintosh CUDA driver v0.5 for Unified ADB.\n");
227 cuda_fully_inited = 1;
228 return 0;
231 device_initcall(via_cuda_start);
233 #ifdef CONFIG_ADB
234 static int
235 cuda_probe(void)
237 #ifdef CONFIG_PPC
238 if (sys_ctrler != SYS_CTRLER_CUDA)
239 return -ENODEV;
240 #else
241 if (macintosh_config->adb_type != MAC_ADB_CUDA)
242 return -ENODEV;
243 #endif
244 if (via == NULL)
245 return -ENODEV;
246 return 0;
248 #endif /* CONFIG_ADB */
250 #define WAIT_FOR(cond, what) \
251 do { \
252 int x; \
253 for (x = 1000; !(cond); --x) { \
254 if (x == 0) { \
255 printk("Timeout waiting for " what "\n"); \
256 return -ENXIO; \
258 udelay(100); \
260 } while (0)
262 static int
263 cuda_init_via(void)
265 out_8(&via[DIRB], (in_8(&via[DIRB]) | TACK | TIP) & ~TREQ); /* TACK & TIP out */
266 out_8(&via[B], in_8(&via[B]) | TACK | TIP); /* negate them */
267 out_8(&via[ACR] ,(in_8(&via[ACR]) & ~SR_CTRL) | SR_EXT); /* SR data in */
268 (void)in_8(&via[SR]); /* clear any left-over data */
269 #ifdef CONFIG_PPC
270 out_8(&via[IER], 0x7f); /* disable interrupts from VIA */
271 (void)in_8(&via[IER]);
272 #else
273 out_8(&via[IER], SR_INT); /* disable SR interrupt from VIA */
274 #endif
276 /* delay 4ms and then clear any pending interrupt */
277 mdelay(4);
278 (void)in_8(&via[SR]);
279 out_8(&via[IFR], SR_INT);
281 /* sync with the CUDA - assert TACK without TIP */
282 out_8(&via[B], in_8(&via[B]) & ~TACK);
284 /* wait for the CUDA to assert TREQ in response */
285 WAIT_FOR((in_8(&via[B]) & TREQ) == 0, "CUDA response to sync");
287 /* wait for the interrupt and then clear it */
288 WAIT_FOR(in_8(&via[IFR]) & SR_INT, "CUDA response to sync (2)");
289 (void)in_8(&via[SR]);
290 out_8(&via[IFR], SR_INT);
292 /* finish the sync by negating TACK */
293 out_8(&via[B], in_8(&via[B]) | TACK);
295 /* wait for the CUDA to negate TREQ and the corresponding interrupt */
296 WAIT_FOR(in_8(&via[B]) & TREQ, "CUDA response to sync (3)");
297 WAIT_FOR(in_8(&via[IFR]) & SR_INT, "CUDA response to sync (4)");
298 (void)in_8(&via[SR]);
299 out_8(&via[IFR], SR_INT);
300 out_8(&via[B], in_8(&via[B]) | TIP); /* should be unnecessary */
302 return 0;
305 #ifdef CONFIG_ADB
306 /* Send an ADB command */
307 static int
308 cuda_send_request(struct adb_request *req, int sync)
310 int i;
312 if ((via == NULL) || !cuda_fully_inited) {
313 req->complete = 1;
314 return -ENXIO;
317 req->reply_expected = 1;
319 i = cuda_write(req);
320 if (i)
321 return i;
323 if (sync) {
324 while (!req->complete)
325 cuda_poll();
327 return 0;
331 /* Enable/disable autopolling */
332 static int
333 cuda_adb_autopoll(int devs)
335 struct adb_request req;
337 if ((via == NULL) || !cuda_fully_inited)
338 return -ENXIO;
340 cuda_request(&req, NULL, 3, CUDA_PACKET, CUDA_AUTOPOLL, (devs? 1: 0));
341 while (!req.complete)
342 cuda_poll();
343 return 0;
346 /* Reset adb bus - how do we do this?? */
347 static int
348 cuda_reset_adb_bus(void)
350 struct adb_request req;
352 if ((via == NULL) || !cuda_fully_inited)
353 return -ENXIO;
355 cuda_request(&req, NULL, 2, ADB_PACKET, 0); /* maybe? */
356 while (!req.complete)
357 cuda_poll();
358 return 0;
360 #endif /* CONFIG_ADB */
361 /* Construct and send a cuda request */
363 cuda_request(struct adb_request *req, void (*done)(struct adb_request *),
364 int nbytes, ...)
366 va_list list;
367 int i;
369 if (via == NULL) {
370 req->complete = 1;
371 return -ENXIO;
374 req->nbytes = nbytes;
375 req->done = done;
376 va_start(list, nbytes);
377 for (i = 0; i < nbytes; ++i)
378 req->data[i] = va_arg(list, int);
379 va_end(list);
380 req->reply_expected = 1;
381 return cuda_write(req);
384 static int
385 cuda_write(struct adb_request *req)
387 unsigned long flags;
389 if (req->nbytes < 2 || req->data[0] > CUDA_PACKET) {
390 req->complete = 1;
391 return -EINVAL;
393 req->next = NULL;
394 req->sent = 0;
395 req->complete = 0;
396 req->reply_len = 0;
398 spin_lock_irqsave(&cuda_lock, flags);
399 if (current_req != 0) {
400 last_req->next = req;
401 last_req = req;
402 } else {
403 current_req = req;
404 last_req = req;
405 if (cuda_state == idle)
406 cuda_start();
408 spin_unlock_irqrestore(&cuda_lock, flags);
410 return 0;
413 static void
414 cuda_start(void)
416 struct adb_request *req;
418 /* assert cuda_state == idle */
419 /* get the packet to send */
420 req = current_req;
421 if (req == 0)
422 return;
423 if ((in_8(&via[B]) & TREQ) == 0)
424 return; /* a byte is coming in from the CUDA */
426 /* set the shift register to shift out and send a byte */
427 out_8(&via[ACR], in_8(&via[ACR]) | SR_OUT);
428 out_8(&via[SR], req->data[0]);
429 out_8(&via[B], in_8(&via[B]) & ~TIP);
430 cuda_state = sent_first_byte;
433 void
434 cuda_poll(void)
436 /* cuda_interrupt only takes a normal lock, we disable
437 * interrupts here to avoid re-entering and thus deadlocking.
439 if (cuda_irq)
440 disable_irq(cuda_irq);
441 cuda_interrupt(0, NULL);
442 if (cuda_irq)
443 enable_irq(cuda_irq);
446 static irqreturn_t
447 cuda_interrupt(int irq, void *arg)
449 int status;
450 struct adb_request *req = NULL;
451 unsigned char ibuf[16];
452 int ibuf_len = 0;
453 int complete = 0;
455 spin_lock(&cuda_lock);
457 /* On powermacs, this handler is registered for the VIA IRQ. But they use
458 * just the shift register IRQ -- other VIA interrupt sources are disabled.
459 * On m68k macs, the VIA IRQ sources are dispatched individually. Unless
460 * we are polling, the shift register IRQ flag has already been cleared.
463 #ifdef CONFIG_MAC
464 if (!arg)
465 #endif
467 if ((in_8(&via[IFR]) & SR_INT) == 0) {
468 spin_unlock(&cuda_lock);
469 return IRQ_NONE;
470 } else {
471 out_8(&via[IFR], SR_INT);
475 status = (~in_8(&via[B]) & (TIP|TREQ)) | (in_8(&via[ACR]) & SR_OUT);
476 /* printk("cuda_interrupt: state=%d status=%x\n", cuda_state, status); */
477 switch (cuda_state) {
478 case idle:
479 /* CUDA has sent us the first byte of data - unsolicited */
480 if (status != TREQ)
481 printk("cuda: state=idle, status=%x\n", status);
482 (void)in_8(&via[SR]);
483 out_8(&via[B], in_8(&via[B]) & ~TIP);
484 cuda_state = reading;
485 reply_ptr = cuda_rbuf;
486 reading_reply = 0;
487 break;
489 case awaiting_reply:
490 /* CUDA has sent us the first byte of data of a reply */
491 if (status != TREQ)
492 printk("cuda: state=awaiting_reply, status=%x\n", status);
493 (void)in_8(&via[SR]);
494 out_8(&via[B], in_8(&via[B]) & ~TIP);
495 cuda_state = reading;
496 reply_ptr = current_req->reply;
497 reading_reply = 1;
498 break;
500 case sent_first_byte:
501 if (status == TREQ + TIP + SR_OUT) {
502 /* collision */
503 out_8(&via[ACR], in_8(&via[ACR]) & ~SR_OUT);
504 (void)in_8(&via[SR]);
505 out_8(&via[B], in_8(&via[B]) | TIP | TACK);
506 cuda_state = idle;
507 } else {
508 /* assert status == TIP + SR_OUT */
509 if (status != TIP + SR_OUT)
510 printk("cuda: state=sent_first_byte status=%x\n", status);
511 out_8(&via[SR], current_req->data[1]);
512 out_8(&via[B], in_8(&via[B]) ^ TACK);
513 data_index = 2;
514 cuda_state = sending;
516 break;
518 case sending:
519 req = current_req;
520 if (data_index >= req->nbytes) {
521 out_8(&via[ACR], in_8(&via[ACR]) & ~SR_OUT);
522 (void)in_8(&via[SR]);
523 out_8(&via[B], in_8(&via[B]) | TACK | TIP);
524 req->sent = 1;
525 if (req->reply_expected) {
526 cuda_state = awaiting_reply;
527 } else {
528 current_req = req->next;
529 complete = 1;
530 /* not sure about this */
531 cuda_state = idle;
532 cuda_start();
534 } else {
535 out_8(&via[SR], req->data[data_index++]);
536 out_8(&via[B], in_8(&via[B]) ^ TACK);
538 break;
540 case reading:
541 *reply_ptr++ = in_8(&via[SR]);
542 if (status == TIP) {
543 /* that's all folks */
544 out_8(&via[B], in_8(&via[B]) | TACK | TIP);
545 cuda_state = read_done;
546 } else {
547 /* assert status == TIP | TREQ */
548 if (status != TIP + TREQ)
549 printk("cuda: state=reading status=%x\n", status);
550 out_8(&via[B], in_8(&via[B]) ^ TACK);
552 break;
554 case read_done:
555 (void)in_8(&via[SR]);
556 if (reading_reply) {
557 req = current_req;
558 req->reply_len = reply_ptr - req->reply;
559 if (req->data[0] == ADB_PACKET) {
560 /* Have to adjust the reply from ADB commands */
561 if (req->reply_len <= 2 || (req->reply[1] & 2) != 0) {
562 /* the 0x2 bit indicates no response */
563 req->reply_len = 0;
564 } else {
565 /* leave just the command and result bytes in the reply */
566 req->reply_len -= 2;
567 memmove(req->reply, req->reply + 2, req->reply_len);
570 current_req = req->next;
571 complete = 1;
572 } else {
573 /* This is tricky. We must break the spinlock to call
574 * cuda_input. However, doing so means we might get
575 * re-entered from another CPU getting an interrupt
576 * or calling cuda_poll(). I ended up using the stack
577 * (it's only for 16 bytes) and moving the actual
578 * call to cuda_input to outside of the lock.
580 ibuf_len = reply_ptr - cuda_rbuf;
581 memcpy(ibuf, cuda_rbuf, ibuf_len);
583 if (status == TREQ) {
584 out_8(&via[B], in_8(&via[B]) & ~TIP);
585 cuda_state = reading;
586 reply_ptr = cuda_rbuf;
587 reading_reply = 0;
588 } else {
589 cuda_state = idle;
590 cuda_start();
592 break;
594 default:
595 printk("cuda_interrupt: unknown cuda_state %d?\n", cuda_state);
597 spin_unlock(&cuda_lock);
598 if (complete && req) {
599 void (*done)(struct adb_request *) = req->done;
600 mb();
601 req->complete = 1;
602 /* Here, we assume that if the request has a done member, the
603 * struct request will survive to setting req->complete to 1
605 if (done)
606 (*done)(req);
608 if (ibuf_len)
609 cuda_input(ibuf, ibuf_len);
610 return IRQ_HANDLED;
613 static void
614 cuda_input(unsigned char *buf, int nb)
616 int i;
618 switch (buf[0]) {
619 case ADB_PACKET:
620 #ifdef CONFIG_XMON
621 if (nb == 5 && buf[2] == 0x2c) {
622 extern int xmon_wants_key, xmon_adb_keycode;
623 if (xmon_wants_key) {
624 xmon_adb_keycode = buf[3];
625 return;
628 #endif /* CONFIG_XMON */
629 #ifdef CONFIG_ADB
630 adb_input(buf+2, nb-2, buf[1] & 0x40);
631 #endif /* CONFIG_ADB */
632 break;
634 default:
635 printk("data from cuda (%d bytes):", nb);
636 for (i = 0; i < nb; ++i)
637 printk(" %.2x", buf[i]);
638 printk("\n");