linux/drivers/ieee1394/raw1394.c
<<
>>
Prefs
   1/*
   2 * IEEE 1394 for Linux
   3 *
   4 * Raw interface to the bus
   5 *
   6 * Copyright (C) 1999, 2000 Andreas E. Bombe
   7 *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
   8 *                     2002 Christian Toegel <christian.toegel@gmx.at>
   9 *
  10 * This code is licensed under the GPL.  See the file COPYING in the root
  11 * directory of the kernel sources for details.
  12 *
  13 *
  14 * Contributions:
  15 *
  16 * Manfred Weihs <weihs@ict.tuwien.ac.at>
  17 *        configuration ROM manipulation
  18 *        address range mapping
  19 *        adaptation for new (transparent) loopback mechanism
  20 *        sending of arbitrary async packets
  21 * Christian Toegel <christian.toegel@gmx.at>
  22 *        address range mapping
  23 *        lock64 request
  24 *        transmit physical packet
  25 *        busreset notification control (switch on/off)
  26 *        busreset with selection of type (short/long)
  27 *        request_reply
  28 */
  29
  30#include <linux/kernel.h>
  31#include <linux/list.h>
  32#include <linux/sched.h>
  33#include <linux/string.h>
  34#include <linux/slab.h>
  35#include <linux/fs.h>
  36#include <linux/poll.h>
  37#include <linux/module.h>
  38#include <linux/mutex.h>
  39#include <linux/init.h>
  40#include <linux/interrupt.h>
  41#include <linux/vmalloc.h>
  42#include <linux/cdev.h>
  43#include <asm/uaccess.h>
  44#include <asm/atomic.h>
  45#include <linux/compat.h>
  46
  47#include "csr1212.h"
  48#include "highlevel.h"
  49#include "hosts.h"
  50#include "ieee1394.h"
  51#include "ieee1394_core.h"
  52#include "ieee1394_hotplug.h"
  53#include "ieee1394_transactions.h"
  54#include "ieee1394_types.h"
  55#include "iso.h"
  56#include "nodemgr.h"
  57#include "raw1394.h"
  58#include "raw1394-private.h"
  59
  60#define int2ptr(x) ((void __user *)(unsigned long)x)
  61#define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
  62
  63#ifdef CONFIG_IEEE1394_VERBOSEDEBUG
  64#define RAW1394_DEBUG
  65#endif
  66
  67#ifdef RAW1394_DEBUG
  68#define DBGMSG(fmt, args...) \
  69printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
  70#else
  71#define DBGMSG(fmt, args...) do {} while (0)
  72#endif
  73
  74static LIST_HEAD(host_info_list);
  75static int host_count;
  76static DEFINE_SPINLOCK(host_info_lock);
  77static atomic_t internal_generation = ATOMIC_INIT(0);
  78
  79static atomic_t iso_buffer_size;
  80static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
  81
  82static struct hpsb_highlevel raw1394_highlevel;
  83
  84static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
  85                    u64 addr, size_t length, u16 flags);
  86static int arm_write(struct hpsb_host *host, int nodeid, int destid,
  87                     quadlet_t * data, u64 addr, size_t length, u16 flags);
  88static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
  89                    u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
  90                    u16 flags);
  91static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
  92                      u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
  93                      u16 flags);
  94static const struct hpsb_address_ops arm_ops = {
  95        .read = arm_read,
  96        .write = arm_write,
  97        .lock = arm_lock,
  98        .lock64 = arm_lock64,
  99};
 100
 101static void queue_complete_cb(struct pending_request *req);
 102
 103static struct pending_request *__alloc_pending_request(gfp_t flags)
 104{
 105        struct pending_request *req;
 106
 107        req = kzalloc(sizeof(*req), flags);
 108        if (req)
 109                INIT_LIST_HEAD(&req->list);
 110
 111        return req;
 112}
 113
 114static inline struct pending_request *alloc_pending_request(void)
 115{
 116        return __alloc_pending_request(GFP_KERNEL);
 117}
 118
 119static void free_pending_request(struct pending_request *req)
 120{
 121        if (req->ibs) {
 122                if (atomic_dec_and_test(&req->ibs->refcount)) {
 123                        atomic_sub(req->ibs->data_size, &iso_buffer_size);
 124                        kfree(req->ibs);
 125                }
 126        } else if (req->free_data) {
 127                kfree(req->data);
 128        }
 129        hpsb_free_packet(req->packet);
 130        kfree(req);
 131}
 132
 133/* fi->reqlists_lock must be taken */
 134static void __queue_complete_req(struct pending_request *req)
 135{
 136        struct file_info *fi = req->file_info;
 137
 138        list_move_tail(&req->list, &fi->req_complete);
 139        wake_up(&fi->wait_complete);
 140}
 141
 142static void queue_complete_req(struct pending_request *req)
 143{
 144        unsigned long flags;
 145        struct file_info *fi = req->file_info;
 146
 147        spin_lock_irqsave(&fi->reqlists_lock, flags);
 148        __queue_complete_req(req);
 149        spin_unlock_irqrestore(&fi->reqlists_lock, flags);
 150}
 151
 152static void queue_complete_cb(struct pending_request *req)
 153{
 154        struct hpsb_packet *packet = req->packet;
 155        int rcode = (packet->header[1] >> 12) & 0xf;
 156
 157        switch (packet->ack_code) {
 158        case ACKX_NONE:
 159        case ACKX_SEND_ERROR:
 160                req->req.error = RAW1394_ERROR_SEND_ERROR;
 161                break;
 162        case ACKX_ABORTED:
 163                req->req.error = RAW1394_ERROR_ABORTED;
 164                break;
 165        case ACKX_TIMEOUT:
 166                req->req.error = RAW1394_ERROR_TIMEOUT;
 167                break;
 168        default:
 169                req->req.error = (packet->ack_code << 16) | rcode;
 170                break;
 171        }
 172
 173        if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
 174                req->req.length = 0;
 175        }
 176
 177        if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
 178            (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
 179            (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
 180            (req->req.type == RAW1394_REQ_LOCK) ||
 181            (req->req.type == RAW1394_REQ_LOCK64))
 182                hpsb_free_tlabel(packet);
 183
 184        queue_complete_req(req);
 185}
 186
 187static void add_host(struct hpsb_host *host)
 188{
 189        struct host_info *hi;
 190        unsigned long flags;
 191
 192        hi = kmalloc(sizeof(*hi), GFP_KERNEL);
 193
 194        if (hi) {
 195                INIT_LIST_HEAD(&hi->list);
 196                hi->host = host;
 197                INIT_LIST_HEAD(&hi->file_info_list);
 198
 199                spin_lock_irqsave(&host_info_lock, flags);
 200                list_add_tail(&hi->list, &host_info_list);
 201                host_count++;
 202                spin_unlock_irqrestore(&host_info_lock, flags);
 203        }
 204
 205        atomic_inc(&internal_generation);
 206}
 207
 208static struct host_info *find_host_info(struct hpsb_host *host)
 209{
 210        struct host_info *hi;
 211
 212        list_for_each_entry(hi, &host_info_list, list)
 213            if (hi->host == host)
 214                return hi;
 215
 216        return NULL;
 217}
 218
 219static void remove_host(struct hpsb_host *host)
 220{
 221        struct host_info *hi;
 222        unsigned long flags;
 223
 224        spin_lock_irqsave(&host_info_lock, flags);
 225        hi = find_host_info(host);
 226
 227        if (hi != NULL) {
 228                list_del(&hi->list);
 229                host_count--;
 230                /*
 231                   FIXME: address ranges should be removed
 232                   and fileinfo states should be initialized
 233                   (including setting generation to
 234                   internal-generation ...)
 235                 */
 236        }
 237        spin_unlock_irqrestore(&host_info_lock, flags);
 238
 239        if (hi == NULL) {
 240                printk(KERN_ERR "raw1394: attempt to remove unknown host "
 241                       "0x%p\n", host);
 242                return;
 243        }
 244
 245        kfree(hi);
 246
 247        atomic_inc(&internal_generation);
 248}
 249
 250static void host_reset(struct hpsb_host *host)
 251{
 252        unsigned long flags;
 253        struct host_info *hi;
 254        struct file_info *fi;
 255        struct pending_request *req;
 256
 257        spin_lock_irqsave(&host_info_lock, flags);
 258        hi = find_host_info(host);
 259
 260        if (hi != NULL) {
 261                list_for_each_entry(fi, &hi->file_info_list, list) {
 262                        if (fi->notification == RAW1394_NOTIFY_ON) {
 263                                req = __alloc_pending_request(GFP_ATOMIC);
 264
 265                                if (req != NULL) {
 266                                        req->file_info = fi;
 267                                        req->req.type = RAW1394_REQ_BUS_RESET;
 268                                        req->req.generation =
 269                                            get_hpsb_generation(host);
 270                                        req->req.misc = (host->node_id << 16)
 271                                            | host->node_count;
 272                                        if (fi->protocol_version > 3) {
 273                                                req->req.misc |=
 274                                                    (NODEID_TO_NODE
 275                                                     (host->irm_id)
 276                                                     << 8);
 277                                        }
 278
 279                                        queue_complete_req(req);
 280                                }
 281                        }
 282                }
 283        }
 284        spin_unlock_irqrestore(&host_info_lock, flags);
 285}
 286
 287static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
 288                        int cts, u8 * data, size_t length)
 289{
 290        unsigned long flags;
 291        struct host_info *hi;
 292        struct file_info *fi;
 293        struct pending_request *req, *req_next;
 294        struct iso_block_store *ibs = NULL;
 295        LIST_HEAD(reqs);
 296
 297        if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
 298                HPSB_INFO("dropped fcp request");
 299                return;
 300        }
 301
 302        spin_lock_irqsave(&host_info_lock, flags);
 303        hi = find_host_info(host);
 304
 305        if (hi != NULL) {
 306                list_for_each_entry(fi, &hi->file_info_list, list) {
 307                        if (!fi->fcp_buffer)
 308                                continue;
 309
 310                        req = __alloc_pending_request(GFP_ATOMIC);
 311                        if (!req)
 312                                break;
 313
 314                        if (!ibs) {
 315                                ibs = kmalloc(sizeof(*ibs) + length,
 316                                              GFP_ATOMIC);
 317                                if (!ibs) {
 318                                        kfree(req);
 319                                        break;
 320                                }
 321
 322                                atomic_add(length, &iso_buffer_size);
 323                                atomic_set(&ibs->refcount, 0);
 324                                ibs->data_size = length;
 325                                memcpy(ibs->data, data, length);
 326                        }
 327
 328                        atomic_inc(&ibs->refcount);
 329
 330                        req->file_info = fi;
 331                        req->ibs = ibs;
 332                        req->data = ibs->data;
 333                        req->req.type = RAW1394_REQ_FCP_REQUEST;
 334                        req->req.generation = get_hpsb_generation(host);
 335                        req->req.misc = nodeid | (direction << 16);
 336                        req->req.recvb = ptr2int(fi->fcp_buffer);
 337                        req->req.length = length;
 338
 339                        list_add_tail(&req->list, &reqs);
 340                }
 341        }
 342        spin_unlock_irqrestore(&host_info_lock, flags);
 343
 344        list_for_each_entry_safe(req, req_next, &reqs, list)
 345            queue_complete_req(req);
 346}
 347
 348#ifdef CONFIG_COMPAT
 349struct compat_raw1394_req {
 350        __u32 type;
 351        __s32 error;
 352        __u32 misc;
 353
 354        __u32 generation;
 355        __u32 length;
 356
 357        __u64 address;
 358
 359        __u64 tag;
 360
 361        __u64 sendb;
 362        __u64 recvb;
 363}
 364#if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
 365__attribute__((packed))
 366#endif
 367;
 368
 369static const char __user *raw1394_compat_write(const char __user *buf)
 370{
 371        struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
 372        struct raw1394_request __user *r;
 373
 374        r = compat_alloc_user_space(sizeof(struct raw1394_request));
 375
 376#define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
 377
 378        if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
 379            C(address) ||
 380            C(tag) ||
 381            C(sendb) ||
 382            C(recvb))
 383                return (__force const char __user *)ERR_PTR(-EFAULT);
 384
 385        return (const char __user *)r;
 386}
 387#undef C
 388
 389#define P(x) __put_user(r->x, &cr->x)
 390
 391static int
 392raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
 393{
 394        struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
 395
 396        if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
 397            P(type) ||
 398            P(error) ||
 399            P(misc) ||
 400            P(generation) ||
 401            P(length) ||
 402            P(address) ||
 403            P(tag) ||
 404            P(sendb) ||
 405            P(recvb))
 406                return -EFAULT;
 407
 408        return sizeof(struct compat_raw1394_req);
 409}
 410#undef P
 411
 412#endif
 413
 414/* get next completed request  (caller must hold fi->reqlists_lock) */
 415static inline struct pending_request *__next_complete_req(struct file_info *fi)
 416{
 417        struct list_head *lh;
 418        struct pending_request *req = NULL;
 419
 420        if (!list_empty(&fi->req_complete)) {
 421                lh = fi->req_complete.next;
 422                list_del(lh);
 423                req = list_entry(lh, struct pending_request, list);
 424        }
 425        return req;
 426}
 427
 428/* atomically get next completed request */
 429static struct pending_request *next_complete_req(struct file_info *fi)
 430{
 431        unsigned long flags;
 432        struct pending_request *req;
 433
 434        spin_lock_irqsave(&fi->reqlists_lock, flags);
 435        req = __next_complete_req(fi);
 436        spin_unlock_irqrestore(&fi->reqlists_lock, flags);
 437        return req;
 438}
 439
 440static ssize_t raw1394_read(struct file *file, char __user * buffer,
 441                            size_t count, loff_t * offset_is_ignored)
 442{
 443        struct file_info *fi = (struct file_info *)file->private_data;
 444        struct pending_request *req;
 445        ssize_t ret;
 446
 447#ifdef CONFIG_COMPAT
 448        if (count == sizeof(struct compat_raw1394_req)) {
 449                /* ok */
 450        } else
 451#endif
 452        if (count != sizeof(struct raw1394_request)) {
 453                return -EINVAL;
 454        }
 455
 456        if (!access_ok(VERIFY_WRITE, buffer, count)) {
 457                return -EFAULT;
 458        }
 459
 460        if (file->f_flags & O_NONBLOCK) {
 461                if (!(req = next_complete_req(fi)))
 462                        return -EAGAIN;
 463        } else {
 464                /*
 465                 * NB: We call the macro wait_event_interruptible() with a
 466                 * condition argument with side effect.  This is only possible
 467                 * because the side effect does not occur until the condition
 468                 * became true, and wait_event_interruptible() won't evaluate
 469                 * the condition again after that.
 470                 */
 471                if (wait_event_interruptible(fi->wait_complete,
 472                                             (req = next_complete_req(fi))))
 473                        return -ERESTARTSYS;
 474        }
 475
 476        if (req->req.length) {
 477                if (copy_to_user(int2ptr(req->req.recvb), req->data,
 478                                 req->req.length)) {
 479                        req->req.error = RAW1394_ERROR_MEMFAULT;
 480                }
 481        }
 482
 483#ifdef CONFIG_COMPAT
 484        if (count == sizeof(struct compat_raw1394_req) &&
 485            sizeof(struct compat_raw1394_req) !=
 486                        sizeof(struct raw1394_request)) {
 487                ret = raw1394_compat_read(buffer, &req->req);
 488        } else
 489#endif
 490        {
 491                if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
 492                        ret = -EFAULT;
 493                        goto out;
 494                }
 495                ret = (ssize_t) sizeof(struct raw1394_request);
 496        }
 497      out:
 498        free_pending_request(req);
 499        return ret;
 500}
 501
 502static int state_opened(struct file_info *fi, struct pending_request *req)
 503{
 504        if (req->req.type == RAW1394_REQ_INITIALIZE) {
 505                switch (req->req.misc) {
 506                case RAW1394_KERNELAPI_VERSION:
 507                case 3:
 508                        fi->state = initialized;
 509                        fi->protocol_version = req->req.misc;
 510                        req->req.error = RAW1394_ERROR_NONE;
 511                        req->req.generation = atomic_read(&internal_generation);
 512                        break;
 513
 514                default:
 515                        req->req.error = RAW1394_ERROR_COMPAT;
 516                        req->req.misc = RAW1394_KERNELAPI_VERSION;
 517                }
 518        } else {
 519                req->req.error = RAW1394_ERROR_STATE_ORDER;
 520        }
 521
 522        req->req.length = 0;
 523        queue_complete_req(req);
 524        return 0;
 525}
 526
 527static int state_initialized(struct file_info *fi, struct pending_request *req)
 528{
 529        unsigned long flags;
 530        struct host_info *hi;
 531        struct raw1394_khost_list *khl;
 532
 533        if (req->req.generation != atomic_read(&internal_generation)) {
 534                req->req.error = RAW1394_ERROR_GENERATION;
 535                req->req.generation = atomic_read(&internal_generation);
 536                req->req.length = 0;
 537                queue_complete_req(req);
 538                return 0;
 539        }
 540
 541        switch (req->req.type) {
 542        case RAW1394_REQ_LIST_CARDS:
 543                spin_lock_irqsave(&host_info_lock, flags);
 544                khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
 545
 546                if (khl) {
 547                        req->req.misc = host_count;
 548                        req->data = (quadlet_t *) khl;
 549
 550                        list_for_each_entry(hi, &host_info_list, list) {
 551                                khl->nodes = hi->host->node_count;
 552                                strcpy(khl->name, hi->host->driver->name);
 553                                khl++;
 554                        }
 555                }
 556                spin_unlock_irqrestore(&host_info_lock, flags);
 557
 558                if (khl) {
 559                        req->req.error = RAW1394_ERROR_NONE;
 560                        req->req.length = min(req->req.length,
 561                                              (u32) (sizeof
 562                                                     (struct raw1394_khost_list)
 563                                                     * req->req.misc));
 564                        req->free_data = 1;
 565                } else {
 566                        return -ENOMEM;
 567                }
 568                break;
 569
 570        case RAW1394_REQ_SET_CARD:
 571                spin_lock_irqsave(&host_info_lock, flags);
 572                if (req->req.misc >= host_count) {
 573                        req->req.error = RAW1394_ERROR_INVALID_ARG;
 574                        goto out_set_card;
 575                }
 576                list_for_each_entry(hi, &host_info_list, list)
 577                        if (!req->req.misc--)
 578                                break;
 579                get_device(&hi->host->device); /* FIXME handle failure case */
 580                list_add_tail(&fi->list, &hi->file_info_list);
 581
 582                /* prevent unloading of the host's low-level driver */
 583                if (!try_module_get(hi->host->driver->owner)) {
 584                        req->req.error = RAW1394_ERROR_ABORTED;
 585                        goto out_set_card;
 586                }
 587                WARN_ON(fi->host);
 588                fi->host = hi->host;
 589                fi->state = connected;
 590
 591                req->req.error = RAW1394_ERROR_NONE;
 592                req->req.generation = get_hpsb_generation(fi->host);
 593                req->req.misc = (fi->host->node_id << 16)
 594                                | fi->host->node_count;
 595                if (fi->protocol_version > 3)
 596                        req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
 597out_set_card:
 598                spin_unlock_irqrestore(&host_info_lock, flags);
 599
 600                req->req.length = 0;
 601                break;
 602
 603        default:
 604                req->req.error = RAW1394_ERROR_STATE_ORDER;
 605                req->req.length = 0;
 606                break;
 607        }
 608
 609        queue_complete_req(req);
 610        return 0;
 611}
 612
 613static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
 614{
 615        if (req->req.misc) {
 616                if (fi->fcp_buffer) {
 617                        req->req.error = RAW1394_ERROR_ALREADY;
 618                } else {
 619                        fi->fcp_buffer = int2ptr(req->req.recvb);
 620                }
 621        } else {
 622                if (!fi->fcp_buffer) {
 623                        req->req.error = RAW1394_ERROR_ALREADY;
 624                } else {
 625                        fi->fcp_buffer = NULL;
 626                }
 627        }
 628
 629        req->req.length = 0;
 630        queue_complete_req(req);
 631}
 632
 633static int handle_async_request(struct file_info *fi,
 634                                struct pending_request *req, int node)
 635{
 636        unsigned long flags;
 637        struct hpsb_packet *packet = NULL;
 638        u64 addr = req->req.address & 0xffffffffffffULL;
 639
 640        switch (req->req.type) {
 641        case RAW1394_REQ_ASYNC_READ:
 642                DBGMSG("read_request called");
 643                packet =
 644                    hpsb_make_readpacket(fi->host, node, addr, req->req.length);
 645
 646                if (!packet)
 647                        return -ENOMEM;
 648
 649                if (req->req.length == 4)
 650                        req->data = &packet->header[3];
 651                else
 652                        req->data = packet->data;
 653
 654                break;
 655
 656        case RAW1394_REQ_ASYNC_WRITE:
 657                DBGMSG("write_request called");
 658
 659                packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
 660                                               req->req.length);
 661                if (!packet)
 662                        return -ENOMEM;
 663
 664                if (req->req.length == 4) {
 665                        if (copy_from_user
 666                            (&packet->header[3], int2ptr(req->req.sendb),
 667                             req->req.length))
 668                                req->req.error = RAW1394_ERROR_MEMFAULT;
 669                } else {
 670                        if (copy_from_user
 671                            (packet->data, int2ptr(req->req.sendb),
 672                             req->req.length))
 673                                req->req.error = RAW1394_ERROR_MEMFAULT;
 674                }
 675
 676                req->req.length = 0;
 677                break;
 678
 679        case RAW1394_REQ_ASYNC_STREAM:
 680                DBGMSG("stream_request called");
 681
 682                packet =
 683                    hpsb_make_streampacket(fi->host, NULL, req->req.length,
 684                                           node & 0x3f /*channel */ ,
 685                                           (req->req.misc >> 16) & 0x3,
 686                                           req->req.misc & 0xf);
 687                if (!packet)
 688                        return -ENOMEM;
 689
 690                if (copy_from_user(packet->data, int2ptr(req->req.sendb),
 691                                   req->req.length))
 692                        req->req.error = RAW1394_ERROR_MEMFAULT;
 693
 694                req->req.length = 0;
 695                break;
 696
 697        case RAW1394_REQ_LOCK:
 698                DBGMSG("lock_request called");
 699                if ((req->req.misc == EXTCODE_FETCH_ADD)
 700                    || (req->req.misc == EXTCODE_LITTLE_ADD)) {
 701                        if (req->req.length != 4) {
 702                                req->req.error = RAW1394_ERROR_INVALID_ARG;
 703                                break;
 704                        }
 705                } else {
 706                        if (req->req.length != 8) {
 707                                req->req.error = RAW1394_ERROR_INVALID_ARG;
 708                                break;
 709                        }
 710                }
 711
 712                packet = hpsb_make_lockpacket(fi->host, node, addr,
 713                                              req->req.misc, NULL, 0);
 714                if (!packet)
 715                        return -ENOMEM;
 716
 717                if (copy_from_user(packet->data, int2ptr(req->req.sendb),
 718                                   req->req.length)) {
 719                        req->req.error = RAW1394_ERROR_MEMFAULT;
 720                        break;
 721                }
 722
 723                req->data = packet->data;
 724                req->req.length = 4;
 725                break;
 726
 727        case RAW1394_REQ_LOCK64:
 728                DBGMSG("lock64_request called");
 729                if ((req->req.misc == EXTCODE_FETCH_ADD)
 730                    || (req->req.misc == EXTCODE_LITTLE_ADD)) {
 731                        if (req->req.length != 8) {
 732                                req->req.error = RAW1394_ERROR_INVALID_ARG;
 733                                break;
 734                        }
 735                } else {
 736                        if (req->req.length != 16) {
 737                                req->req.error = RAW1394_ERROR_INVALID_ARG;
 738                                break;
 739                        }
 740                }
 741                packet = hpsb_make_lock64packet(fi->host, node, addr,
 742                                                req->req.misc, NULL, 0);
 743                if (!packet)
 744                        return -ENOMEM;
 745
 746                if (copy_from_user(packet->data, int2ptr(req->req.sendb),
 747                                   req->req.length)) {
 748                        req->req.error = RAW1394_ERROR_MEMFAULT;
 749                        break;
 750                }
 751
 752                req->data = packet->data;
 753                req->req.length = 8;
 754                break;
 755
 756        default:
 757                req->req.error = RAW1394_ERROR_STATE_ORDER;
 758        }
 759
 760        req->packet = packet;
 761
 762        if (req->req.error) {
 763                req->req.length = 0;
 764                queue_complete_req(req);
 765                return 0;
 766        }
 767
 768        hpsb_set_packet_complete_task(packet,
 769                                      (void (*)(void *))queue_complete_cb, req);
 770
 771        spin_lock_irqsave(&fi->reqlists_lock, flags);
 772        list_add_tail(&req->list, &fi->req_pending);
 773        spin_unlock_irqrestore(&fi->reqlists_lock, flags);
 774
 775        packet->generation = req->req.generation;
 776
 777        if (hpsb_send_packet(packet) < 0) {
 778                req->req.error = RAW1394_ERROR_SEND_ERROR;
 779                req->req.length = 0;
 780                hpsb_free_tlabel(packet);
 781                queue_complete_req(req);
 782        }
 783        return 0;
 784}
 785
 786static int handle_async_send(struct file_info *fi, struct pending_request *req)
 787{
 788        unsigned long flags;
 789        struct hpsb_packet *packet;
 790        int header_length = req->req.misc & 0xffff;
 791        int expect_response = req->req.misc >> 16;
 792        size_t data_size;
 793
 794        if (header_length > req->req.length || header_length < 12 ||
 795            header_length > FIELD_SIZEOF(struct hpsb_packet, header)) {
 796                req->req.error = RAW1394_ERROR_INVALID_ARG;
 797                req->req.length = 0;
 798                queue_complete_req(req);
 799                return 0;
 800        }
 801
 802        data_size = req->req.length - header_length;
 803        packet = hpsb_alloc_packet(data_size);
 804        req->packet = packet;
 805        if (!packet)
 806                return -ENOMEM;
 807
 808        if (copy_from_user(packet->header, int2ptr(req->req.sendb),
 809                           header_length)) {
 810                req->req.error = RAW1394_ERROR_MEMFAULT;
 811                req->req.length = 0;
 812                queue_complete_req(req);
 813                return 0;
 814        }
 815
 816        if (copy_from_user
 817            (packet->data, int2ptr(req->req.sendb) + header_length,
 818             data_size)) {
 819                req->req.error = RAW1394_ERROR_MEMFAULT;
 820                req->req.length = 0;
 821                queue_complete_req(req);
 822                return 0;
 823        }
 824
 825        packet->type = hpsb_async;
 826        packet->node_id = packet->header[0] >> 16;
 827        packet->tcode = (packet->header[0] >> 4) & 0xf;
 828        packet->tlabel = (packet->header[0] >> 10) & 0x3f;
 829        packet->host = fi->host;
 830        packet->expect_response = expect_response;
 831        packet->header_size = header_length;
 832        packet->data_size = data_size;
 833
 834        req->req.length = 0;
 835        hpsb_set_packet_complete_task(packet,
 836                                      (void (*)(void *))queue_complete_cb, req);
 837
 838        spin_lock_irqsave(&fi->reqlists_lock, flags);
 839        list_add_tail(&req->list, &fi->req_pending);
 840        spin_unlock_irqrestore(&fi->reqlists_lock, flags);
 841
 842        /* Update the generation of the packet just before sending. */
 843        packet->generation = req->req.generation;
 844
 845        if (hpsb_send_packet(packet) < 0) {
 846                req->req.error = RAW1394_ERROR_SEND_ERROR;
 847                queue_complete_req(req);
 848        }
 849
 850        return 0;
 851}
 852
 853static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
 854                    u64 addr, size_t length, u16 flags)
 855{
 856        unsigned long irqflags;
 857        struct pending_request *req;
 858        struct host_info *hi;
 859        struct file_info *fi = NULL;
 860        struct list_head *entry;
 861        struct arm_addr *arm_addr = NULL;
 862        struct arm_request *arm_req = NULL;
 863        struct arm_response *arm_resp = NULL;
 864        int found = 0, size = 0, rcode = -1;
 865        struct arm_request_response *arm_req_resp = NULL;
 866
 867        DBGMSG("arm_read  called by node: %X "
 868               "addr: %4.4x %8.8x length: %Zu", nodeid,
 869               (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
 870               length);
 871        spin_lock_irqsave(&host_info_lock, irqflags);
 872        hi = find_host_info(host);      /* search address-entry */
 873        if (hi != NULL) {
 874                list_for_each_entry(fi, &hi->file_info_list, list) {
 875                        entry = fi->addr_list.next;
 876                        while (entry != &(fi->addr_list)) {
 877                                arm_addr =
 878                                    list_entry(entry, struct arm_addr,
 879                                               addr_list);
 880                                if (((arm_addr->start) <= (addr))
 881                                    && ((arm_addr->end) >= (addr + length))) {
 882                                        found = 1;
 883                                        break;
 884                                }
 885                                entry = entry->next;
 886                        }
 887                        if (found) {
 888                                break;
 889                        }
 890                }
 891        }
 892        rcode = -1;
 893        if (!found) {
 894                printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
 895                       " -> rcode_address_error\n");
 896                spin_unlock_irqrestore(&host_info_lock, irqflags);
 897                return (RCODE_ADDRESS_ERROR);
 898        } else {
 899                DBGMSG("arm_read addr_entry FOUND");
 900        }
 901        if (arm_addr->rec_length < length) {
 902                DBGMSG("arm_read blocklength too big -> rcode_data_error");
 903                rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
 904        }
 905        if (rcode == -1) {
 906                if (arm_addr->access_rights & ARM_READ) {
 907                        if (!(arm_addr->client_transactions & ARM_READ)) {
 908                                memcpy(buffer,
 909                                       (arm_addr->addr_space_buffer) + (addr -
 910                                                                        (arm_addr->
 911                                                                         start)),
 912                                       length);
 913                                DBGMSG("arm_read -> (rcode_complete)");
 914                                rcode = RCODE_COMPLETE;
 915                        }
 916                } else {
 917                        rcode = RCODE_TYPE_ERROR;       /* function not allowed */
 918                        DBGMSG("arm_read -> rcode_type_error (access denied)");
 919                }
 920        }
 921        if (arm_addr->notification_options & ARM_READ) {
 922                DBGMSG("arm_read -> entering notification-section");
 923                req = __alloc_pending_request(GFP_ATOMIC);
 924                if (!req) {
 925                        DBGMSG("arm_read -> rcode_conflict_error");
 926                        spin_unlock_irqrestore(&host_info_lock, irqflags);
 927                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
 928                                                           The request may be retried */
 929                }
 930                if (rcode == RCODE_COMPLETE) {
 931                        size =
 932                            sizeof(struct arm_request) +
 933                            sizeof(struct arm_response) +
 934                            length * sizeof(byte_t) +
 935                            sizeof(struct arm_request_response);
 936                } else {
 937                        size =
 938                            sizeof(struct arm_request) +
 939                            sizeof(struct arm_response) +
 940                            sizeof(struct arm_request_response);
 941                }
 942                req->data = kmalloc(size, GFP_ATOMIC);
 943                if (!(req->data)) {
 944                        free_pending_request(req);
 945                        DBGMSG("arm_read -> rcode_conflict_error");
 946                        spin_unlock_irqrestore(&host_info_lock, irqflags);
 947                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
 948                                                           The request may be retried */
 949                }
 950                req->free_data = 1;
 951                req->file_info = fi;
 952                req->req.type = RAW1394_REQ_ARM;
 953                req->req.generation = get_hpsb_generation(host);
 954                req->req.misc =
 955                    (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
 956                req->req.tag = arm_addr->arm_tag;
 957                req->req.recvb = arm_addr->recvb;
 958                req->req.length = size;
 959                arm_req_resp = (struct arm_request_response *)(req->data);
 960                arm_req = (struct arm_request *)((byte_t *) (req->data) +
 961                                                 (sizeof
 962                                                  (struct
 963                                                   arm_request_response)));
 964                arm_resp =
 965                    (struct arm_response *)((byte_t *) (arm_req) +
 966                                            (sizeof(struct arm_request)));
 967                arm_req->buffer = NULL;
 968                arm_resp->buffer = NULL;
 969                if (rcode == RCODE_COMPLETE) {
 970                        byte_t *buf =
 971                            (byte_t *) arm_resp + sizeof(struct arm_response);
 972                        memcpy(buf,
 973                               (arm_addr->addr_space_buffer) + (addr -
 974                                                                (arm_addr->
 975                                                                 start)),
 976                               length);
 977                        arm_resp->buffer =
 978                            int2ptr((arm_addr->recvb) +
 979                                    sizeof(struct arm_request_response) +
 980                                    sizeof(struct arm_request) +
 981                                    sizeof(struct arm_response));
 982                }
 983                arm_resp->buffer_length =
 984                    (rcode == RCODE_COMPLETE) ? length : 0;
 985                arm_resp->response_code = rcode;
 986                arm_req->buffer_length = 0;
 987                arm_req->generation = req->req.generation;
 988                arm_req->extended_transaction_code = 0;
 989                arm_req->destination_offset = addr;
 990                arm_req->source_nodeid = nodeid;
 991                arm_req->destination_nodeid = host->node_id;
 992                arm_req->tlabel = (flags >> 10) & 0x3f;
 993                arm_req->tcode = (flags >> 4) & 0x0f;
 994                arm_req_resp->request = int2ptr((arm_addr->recvb) +
 995                                                sizeof(struct
 996                                                       arm_request_response));
 997                arm_req_resp->response =
 998                    int2ptr((arm_addr->recvb) +
 999                            sizeof(struct arm_request_response) +
1000                            sizeof(struct arm_request));
1001                queue_complete_req(req);
1002        }
1003        spin_unlock_irqrestore(&host_info_lock, irqflags);
1004        return (rcode);
1005}
1006
1007static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1008                     quadlet_t * data, u64 addr, size_t length, u16 flags)
1009{
1010        unsigned long irqflags;
1011        struct pending_request *req;
1012        struct host_info *hi;
1013        struct file_info *fi = NULL;
1014        struct list_head *entry;
1015        struct arm_addr *arm_addr = NULL;
1016        struct arm_request *arm_req = NULL;
1017        struct arm_response *arm_resp = NULL;
1018        int found = 0, size = 0, rcode = -1, length_conflict = 0;
1019        struct arm_request_response *arm_req_resp = NULL;
1020
1021        DBGMSG("arm_write called by node: %X "
1022               "addr: %4.4x %8.8x length: %Zu", nodeid,
1023               (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1024               length);
1025        spin_lock_irqsave(&host_info_lock, irqflags);
1026        hi = find_host_info(host);      /* search address-entry */
1027        if (hi != NULL) {
1028                list_for_each_entry(fi, &hi->file_info_list, list) {
1029                        entry = fi->addr_list.next;
1030                        while (entry != &(fi->addr_list)) {
1031                                arm_addr =
1032                                    list_entry(entry, struct arm_addr,
1033                                               addr_list);
1034                                if (((arm_addr->start) <= (addr))
1035                                    && ((arm_addr->end) >= (addr + length))) {
1036                                        found = 1;
1037                                        break;
1038                                }
1039                                entry = entry->next;
1040                        }
1041                        if (found) {
1042                                break;
1043                        }
1044                }
1045        }
1046        rcode = -1;
1047        if (!found) {
1048                printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1049                       " -> rcode_address_error\n");
1050                spin_unlock_irqrestore(&host_info_lock, irqflags);
1051                return (RCODE_ADDRESS_ERROR);
1052        } else {
1053                DBGMSG("arm_write addr_entry FOUND");
1054        }
1055        if (arm_addr->rec_length < length) {
1056                DBGMSG("arm_write blocklength too big -> rcode_data_error");
1057                length_conflict = 1;
1058                rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1059        }
1060        if (rcode == -1) {
1061                if (arm_addr->access_rights & ARM_WRITE) {
1062                        if (!(arm_addr->client_transactions & ARM_WRITE)) {
1063                                memcpy((arm_addr->addr_space_buffer) +
1064                                       (addr - (arm_addr->start)), data,
1065                                       length);
1066                                DBGMSG("arm_write -> (rcode_complete)");
1067                                rcode = RCODE_COMPLETE;
1068                        }
1069                } else {
1070                        rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1071                        DBGMSG("arm_write -> rcode_type_error (access denied)");
1072                }
1073        }
1074        if (arm_addr->notification_options & ARM_WRITE) {
1075                DBGMSG("arm_write -> entering notification-section");
1076                req = __alloc_pending_request(GFP_ATOMIC);
1077                if (!req) {
1078                        DBGMSG("arm_write -> rcode_conflict_error");
1079                        spin_unlock_irqrestore(&host_info_lock, irqflags);
1080                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1081                                                           The request my be retried */
1082                }
1083                size =
1084                    sizeof(struct arm_request) + sizeof(struct arm_response) +
1085                    (length) * sizeof(byte_t) +
1086                    sizeof(struct arm_request_response);
1087                req->data = kmalloc(size, GFP_ATOMIC);
1088                if (!(req->data)) {
1089                        free_pending_request(req);
1090                        DBGMSG("arm_write -> rcode_conflict_error");
1091                        spin_unlock_irqrestore(&host_info_lock, irqflags);
1092                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1093                                                           The request may be retried */
1094                }
1095                req->free_data = 1;
1096                req->file_info = fi;
1097                req->req.type = RAW1394_REQ_ARM;
1098                req->req.generation = get_hpsb_generation(host);
1099                req->req.misc =
1100                    (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1101                req->req.tag = arm_addr->arm_tag;
1102                req->req.recvb = arm_addr->recvb;
1103                req->req.length = size;
1104                arm_req_resp = (struct arm_request_response *)(req->data);
1105                arm_req = (struct arm_request *)((byte_t *) (req->data) +
1106                                                 (sizeof
1107                                                  (struct
1108                                                   arm_request_response)));
1109                arm_resp =
1110                    (struct arm_response *)((byte_t *) (arm_req) +
1111                                            (sizeof(struct arm_request)));
1112                arm_resp->buffer = NULL;
1113                memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1114                       data, length);
1115                arm_req->buffer = int2ptr((arm_addr->recvb) +
1116                                          sizeof(struct arm_request_response) +
1117                                          sizeof(struct arm_request) +
1118                                          sizeof(struct arm_response));
1119                arm_req->buffer_length = length;
1120                arm_req->generation = req->req.generation;
1121                arm_req->extended_transaction_code = 0;
1122                arm_req->destination_offset = addr;
1123                arm_req->source_nodeid = nodeid;
1124                arm_req->destination_nodeid = destid;
1125                arm_req->tlabel = (flags >> 10) & 0x3f;
1126                arm_req->tcode = (flags >> 4) & 0x0f;
1127                arm_resp->buffer_length = 0;
1128                arm_resp->response_code = rcode;
1129                arm_req_resp->request = int2ptr((arm_addr->recvb) +
1130                                                sizeof(struct
1131                                                       arm_request_response));
1132                arm_req_resp->response =
1133                    int2ptr((arm_addr->recvb) +
1134                            sizeof(struct arm_request_response) +
1135                            sizeof(struct arm_request));
1136                queue_complete_req(req);
1137        }
1138        spin_unlock_irqrestore(&host_info_lock, irqflags);
1139        return (rcode);
1140}
1141
1142static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1143                    u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1144                    u16 flags)
1145{
1146        unsigned long irqflags;
1147        struct pending_request *req;
1148        struct host_info *hi;
1149        struct file_info *fi = NULL;
1150        struct list_head *entry;
1151        struct arm_addr *arm_addr = NULL;
1152        struct arm_request *arm_req = NULL;
1153        struct arm_response *arm_resp = NULL;
1154        int found = 0, size = 0, rcode = -1;
1155        quadlet_t old, new;
1156        struct arm_request_response *arm_req_resp = NULL;
1157
1158        if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1159            ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1160                DBGMSG("arm_lock  called by node: %X "
1161                       "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1162                       nodeid, (u16) ((addr >> 32) & 0xFFFF),
1163                       (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1164                       be32_to_cpu(data));
1165        } else {
1166                DBGMSG("arm_lock  called by node: %X "
1167                       "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1168                       nodeid, (u16) ((addr >> 32) & 0xFFFF),
1169                       (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1170                       be32_to_cpu(data), be32_to_cpu(arg));
1171        }
1172        spin_lock_irqsave(&host_info_lock, irqflags);
1173        hi = find_host_info(host);      /* search address-entry */
1174        if (hi != NULL) {
1175                list_for_each_entry(fi, &hi->file_info_list, list) {
1176                        entry = fi->addr_list.next;
1177                        while (entry != &(fi->addr_list)) {
1178                                arm_addr =
1179                                    list_entry(entry, struct arm_addr,
1180                                               addr_list);
1181                                if (((arm_addr->start) <= (addr))
1182                                    && ((arm_addr->end) >=
1183                                        (addr + sizeof(*store)))) {
1184                                        found = 1;
1185                                        break;
1186                                }
1187                                entry = entry->next;
1188                        }
1189                        if (found) {
1190                                break;
1191                        }
1192                }
1193        }
1194        rcode = -1;
1195        if (!found) {
1196                printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1197                       " -> rcode_address_error\n");
1198                spin_unlock_irqrestore(&host_info_lock, irqflags);
1199                return (RCODE_ADDRESS_ERROR);
1200        } else {
1201                DBGMSG("arm_lock addr_entry FOUND");
1202        }
1203        if (rcode == -1) {
1204                if (arm_addr->access_rights & ARM_LOCK) {
1205                        if (!(arm_addr->client_transactions & ARM_LOCK)) {
1206                                memcpy(&old,
1207                                       (arm_addr->addr_space_buffer) + (addr -
1208                                                                        (arm_addr->
1209                                                                         start)),
1210                                       sizeof(old));
1211                                switch (ext_tcode) {
1212                                case (EXTCODE_MASK_SWAP):
1213                                        new = data | (old & ~arg);
1214                                        break;
1215                                case (EXTCODE_COMPARE_SWAP):
1216                                        if (old == arg) {
1217                                                new = data;
1218                                        } else {
1219                                                new = old;
1220                                        }
1221                                        break;
1222                                case (EXTCODE_FETCH_ADD):
1223                                        new =
1224                                            cpu_to_be32(be32_to_cpu(data) +
1225                                                        be32_to_cpu(old));
1226                                        break;
1227                                case (EXTCODE_LITTLE_ADD):
1228                                        new =
1229                                            cpu_to_le32(le32_to_cpu(data) +
1230                                                        le32_to_cpu(old));
1231                                        break;
1232                                case (EXTCODE_BOUNDED_ADD):
1233                                        if (old != arg) {
1234                                                new =
1235                                                    cpu_to_be32(be32_to_cpu
1236                                                                (data) +
1237                                                                be32_to_cpu
1238                                                                (old));
1239                                        } else {
1240                                                new = old;
1241                                        }
1242                                        break;
1243                                case (EXTCODE_WRAP_ADD):
1244                                        if (old != arg) {
1245                                                new =
1246                                                    cpu_to_be32(be32_to_cpu
1247                                                                (data) +
1248                                                                be32_to_cpu
1249                                                                (old));
1250                                        } else {
1251                                                new = data;
1252                                        }
1253                                        break;
1254                                default:
1255                                        rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1256                                        printk(KERN_ERR
1257                                               "raw1394: arm_lock FAILED "
1258                                               "ext_tcode not allowed -> rcode_type_error\n");
1259                                        break;
1260                                }       /*switch */
1261                                if (rcode == -1) {
1262                                        DBGMSG("arm_lock -> (rcode_complete)");
1263                                        rcode = RCODE_COMPLETE;
1264                                        memcpy(store, &old, sizeof(*store));
1265                                        memcpy((arm_addr->addr_space_buffer) +
1266                                               (addr - (arm_addr->start)),
1267                                               &new, sizeof(*store));
1268                                }
1269                        }
1270                } else {
1271                        rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1272                        DBGMSG("arm_lock -> rcode_type_error (access denied)");
1273                }
1274        }
1275        if (arm_addr->notification_options & ARM_LOCK) {
1276                byte_t *buf1, *buf2;
1277                DBGMSG("arm_lock -> entering notification-section");
1278                req = __alloc_pending_request(GFP_ATOMIC);
1279                if (!req) {
1280                        DBGMSG("arm_lock -> rcode_conflict_error");
1281                        spin_unlock_irqrestore(&host_info_lock, irqflags);
1282                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1283                                                           The request may be retried */
1284                }
1285                size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1286                req->data = kmalloc(size, GFP_ATOMIC);
1287                if (!(req->data)) {
1288                        free_pending_request(req);
1289                        DBGMSG("arm_lock -> rcode_conflict_error");
1290                        spin_unlock_irqrestore(&host_info_lock, irqflags);
1291                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1292                                                           The request may be retried */
1293                }
1294                req->free_data = 1;
1295                arm_req_resp = (struct arm_request_response *)(req->data);
1296                arm_req = (struct arm_request *)((byte_t *) (req->data) +
1297                                                 (sizeof
1298                                                  (struct
1299                                                   arm_request_response)));
1300                arm_resp =
1301                    (struct arm_response *)((byte_t *) (arm_req) +
1302                                            (sizeof(struct arm_request)));
1303                buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1304                buf2 = buf1 + 2 * sizeof(*store);
1305                if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1306                    (ext_tcode == EXTCODE_LITTLE_ADD)) {
1307                        arm_req->buffer_length = sizeof(*store);
1308                        memcpy(buf1, &data, sizeof(*store));
1309
1310                } else {
1311                        arm_req->buffer_length = 2 * sizeof(*store);
1312                        memcpy(buf1, &arg, sizeof(*store));
1313                        memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1314                }
1315                if (rcode == RCODE_COMPLETE) {
1316                        arm_resp->buffer_length = sizeof(*store);
1317                        memcpy(buf2, &old, sizeof(*store));
1318                } else {
1319                        arm_resp->buffer_length = 0;
1320                }
1321                req->file_info = fi;
1322                req->req.type = RAW1394_REQ_ARM;
1323                req->req.generation = get_hpsb_generation(host);
1324                req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1325                                 (ARM_LOCK & 0xFF));
1326                req->req.tag = arm_addr->arm_tag;
1327                req->req.recvb = arm_addr->recvb;
1328                req->req.length = size;
1329                arm_req->generation = req->req.generation;
1330                arm_req->extended_transaction_code = ext_tcode;
1331                arm_req->destination_offset = addr;
1332                arm_req->source_nodeid = nodeid;
1333                arm_req->destination_nodeid = host->node_id;
1334                arm_req->tlabel = (flags >> 10) & 0x3f;
1335                arm_req->tcode = (flags >> 4) & 0x0f;
1336                arm_resp->response_code = rcode;
1337                arm_req_resp->request = int2ptr((arm_addr->recvb) +
1338                                                sizeof(struct
1339                                                       arm_request_response));
1340                arm_req_resp->response =
1341                    int2ptr((arm_addr->recvb) +
1342                            sizeof(struct arm_request_response) +
1343                            sizeof(struct arm_request));
1344                arm_req->buffer =
1345                    int2ptr((arm_addr->recvb) +
1346                            sizeof(struct arm_request_response) +
1347                            sizeof(struct arm_request) +
1348                            sizeof(struct arm_response));
1349                arm_resp->buffer =
1350                    int2ptr((arm_addr->recvb) +
1351                            sizeof(struct arm_request_response) +
1352                            sizeof(struct arm_request) +
1353                            sizeof(struct arm_response) + 2 * sizeof(*store));
1354                queue_complete_req(req);
1355        }
1356        spin_unlock_irqrestore(&host_info_lock, irqflags);
1357        return (rcode);
1358}
1359
1360static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1361                      u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1362                      u16 flags)
1363{
1364        unsigned long irqflags;
1365        struct pending_request *req;
1366        struct host_info *hi;
1367        struct file_info *fi = NULL;
1368        struct list_head *entry;
1369        struct arm_addr *arm_addr = NULL;
1370        struct arm_request *arm_req = NULL;
1371        struct arm_response *arm_resp = NULL;
1372        int found = 0, size = 0, rcode = -1;
1373        octlet_t old, new;
1374        struct arm_request_response *arm_req_resp = NULL;
1375
1376        if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1377            ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1378                DBGMSG("arm_lock64 called by node: %X "
1379                       "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1380                       nodeid, (u16) ((addr >> 32) & 0xFFFF),
1381                       (u32) (addr & 0xFFFFFFFF),
1382                       ext_tcode & 0xFF,
1383                       (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1384                       (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1385        } else {
1386                DBGMSG("arm_lock64 called by node: %X "
1387                       "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1388                       "%8.8X %8.8X ",
1389                       nodeid, (u16) ((addr >> 32) & 0xFFFF),
1390                       (u32) (addr & 0xFFFFFFFF),
1391                       ext_tcode & 0xFF,
1392                       (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1393                       (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1394                       (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1395                       (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1396        }
1397        spin_lock_irqsave(&host_info_lock, irqflags);
1398        hi = find_host_info(host);      /* search addressentry in file_info's for host */
1399        if (hi != NULL) {
1400                list_for_each_entry(fi, &hi->file_info_list, list) {
1401                        entry = fi->addr_list.next;
1402                        while (entry != &(fi->addr_list)) {
1403                                arm_addr =
1404                                    list_entry(entry, struct arm_addr,
1405                                               addr_list);
1406                                if (((arm_addr->start) <= (addr))
1407                                    && ((arm_addr->end) >=
1408                                        (addr + sizeof(*store)))) {
1409                                        found = 1;
1410                                        break;
1411                                }
1412                                entry = entry->next;
1413                        }
1414                        if (found) {
1415                                break;
1416                        }
1417                }
1418        }
1419        rcode = -1;
1420        if (!found) {
1421                printk(KERN_ERR
1422                       "raw1394: arm_lock64 FAILED addr_entry not found"
1423                       " -> rcode_address_error\n");
1424                spin_unlock_irqrestore(&host_info_lock, irqflags);
1425                return (RCODE_ADDRESS_ERROR);
1426        } else {
1427                DBGMSG("arm_lock64 addr_entry FOUND");
1428        }
1429        if (rcode == -1) {
1430                if (arm_addr->access_rights & ARM_LOCK) {
1431                        if (!(arm_addr->client_transactions & ARM_LOCK)) {
1432                                memcpy(&old,
1433                                       (arm_addr->addr_space_buffer) + (addr -
1434                                                                        (arm_addr->
1435                                                                         start)),
1436                                       sizeof(old));
1437                                switch (ext_tcode) {
1438                                case (EXTCODE_MASK_SWAP):
1439                                        new = data | (old & ~arg);
1440                                        break;
1441                                case (EXTCODE_COMPARE_SWAP):
1442                                        if (old == arg) {
1443                                                new = data;
1444                                        } else {
1445                                                new = old;
1446                                        }
1447                                        break;
1448                                case (EXTCODE_FETCH_ADD):
1449                                        new =
1450                                            cpu_to_be64(be64_to_cpu(data) +
1451                                                        be64_to_cpu(old));
1452                                        break;
1453                                case (EXTCODE_LITTLE_ADD):
1454                                        new =
1455                                            cpu_to_le64(le64_to_cpu(data) +
1456                                                        le64_to_cpu(old));
1457                                        break;
1458                                case (EXTCODE_BOUNDED_ADD):
1459                                        if (old != arg) {
1460                                                new =
1461                                                    cpu_to_be64(be64_to_cpu
1462                                                                (data) +
1463                                                                be64_to_cpu
1464                                                                (old));
1465                                        } else {
1466                                                new = old;
1467                                        }
1468                                        break;
1469                                case (EXTCODE_WRAP_ADD):
1470                                        if (old != arg) {
1471                                                new =
1472                                                    cpu_to_be64(be64_to_cpu
1473                                                                (data) +
1474                                                                be64_to_cpu
1475                                                                (old));
1476                                        } else {
1477                                                new = data;
1478                                        }
1479                                        break;
1480                                default:
1481                                        printk(KERN_ERR
1482                                               "raw1394: arm_lock64 FAILED "
1483                                               "ext_tcode not allowed -> rcode_type_error\n");
1484                                        rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1485                                        break;
1486                                }       /*switch */
1487                                if (rcode == -1) {
1488                                        DBGMSG
1489                                            ("arm_lock64 -> (rcode_complete)");
1490                                        rcode = RCODE_COMPLETE;
1491                                        memcpy(store, &old, sizeof(*store));
1492                                        memcpy((arm_addr->addr_space_buffer) +
1493                                               (addr - (arm_addr->start)),
1494                                               &new, sizeof(*store));
1495                                }
1496                        }
1497                } else {
1498                        rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1499                        DBGMSG
1500                            ("arm_lock64 -> rcode_type_error (access denied)");
1501                }
1502        }
1503        if (arm_addr->notification_options & ARM_LOCK) {
1504                byte_t *buf1, *buf2;
1505                DBGMSG("arm_lock64 -> entering notification-section");
1506                req = __alloc_pending_request(GFP_ATOMIC);
1507                if (!req) {
1508                        spin_unlock_irqrestore(&host_info_lock, irqflags);
1509                        DBGMSG("arm_lock64 -> rcode_conflict_error");
1510                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1511                                                           The request may be retried */
1512                }
1513                size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1514                req->data = kmalloc(size, GFP_ATOMIC);
1515                if (!(req->data)) {
1516                        free_pending_request(req);
1517                        spin_unlock_irqrestore(&host_info_lock, irqflags);
1518                        DBGMSG("arm_lock64 -> rcode_conflict_error");
1519                        return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1520                                                           The request may be retried */
1521                }
1522                req->free_data = 1;
1523                arm_req_resp = (struct arm_request_response *)(req->data);
1524                arm_req = (struct arm_request *)((byte_t *) (req->data) +
1525                                                 (sizeof
1526                                                  (struct
1527                                                   arm_request_response)));
1528                arm_resp =
1529                    (struct arm_response *)((byte_t *) (arm_req) +
1530                                            (sizeof(struct arm_request)));
1531                buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1532                buf2 = buf1 + 2 * sizeof(*store);
1533                if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1534                    (ext_tcode == EXTCODE_LITTLE_ADD)) {
1535                        arm_req->buffer_length = sizeof(*store);
1536                        memcpy(buf1, &data, sizeof(*store));
1537
1538                } else {
1539                        arm_req->buffer_length = 2 * sizeof(*store);
1540                        memcpy(buf1, &arg, sizeof(*store));
1541                        memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1542                }
1543                if (rcode == RCODE_COMPLETE) {
1544                        arm_resp->buffer_length = sizeof(*store);
1545                        memcpy(buf2, &old, sizeof(*store));
1546                } else {
1547                        arm_resp->buffer_length = 0;
1548                }
1549                req->file_info = fi;
1550                req->req.type = RAW1394_REQ_ARM;
1551                req->req.generation = get_hpsb_generation(host);
1552                req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1553                                 (ARM_LOCK & 0xFF));
1554                req->req.tag = arm_addr->arm_tag;
1555                req->req.recvb = arm_addr->recvb;
1556                req->req.length = size;
1557                arm_req->generation = req->req.generation;
1558                arm_req->extended_transaction_code = ext_tcode;
1559                arm_req->destination_offset = addr;
1560                arm_req->source_nodeid = nodeid;
1561                arm_req->destination_nodeid = host->node_id;
1562                arm_req->tlabel = (flags >> 10) & 0x3f;
1563                arm_req->tcode = (flags >> 4) & 0x0f;
1564                arm_resp->response_code = rcode;
1565                arm_req_resp->request = int2ptr((arm_addr->recvb) +
1566                                                sizeof(struct
1567                                                       arm_request_response));
1568                arm_req_resp->response =
1569                    int2ptr((arm_addr->recvb) +
1570                            sizeof(struct arm_request_response) +
1571                            sizeof(struct arm_request));
1572                arm_req->buffer =
1573                    int2ptr((arm_addr->recvb) +
1574                            sizeof(struct arm_request_response) +
1575                            sizeof(struct arm_request) +
1576                            sizeof(struct arm_response));
1577                arm_resp->buffer =
1578                    int2ptr((arm_addr->recvb) +
1579                            sizeof(struct arm_request_response) +
1580                            sizeof(struct arm_request) +
1581                            sizeof(struct arm_response) + 2 * sizeof(*store));
1582                queue_complete_req(req);
1583        }
1584        spin_unlock_irqrestore(&host_info_lock, irqflags);
1585        return (rcode);
1586}
1587
1588static int arm_register(struct file_info *fi, struct pending_request *req)
1589{
1590        int retval;
1591        struct arm_addr *addr;
1592        struct host_info *hi;
1593        struct file_info *fi_hlp = NULL;
1594        struct list_head *entry;
1595        struct arm_addr *arm_addr = NULL;
1596        int same_host, another_host;
1597        unsigned long flags;
1598
1599        DBGMSG("arm_register called "
1600               "addr(Offset): %8.8x %8.8x length: %u "
1601               "rights: %2.2X notify: %2.2X "
1602               "max_blk_len: %4.4X",
1603               (u32) ((req->req.address >> 32) & 0xFFFF),
1604               (u32) (req->req.address & 0xFFFFFFFF),
1605               req->req.length, ((req->req.misc >> 8) & 0xFF),
1606               (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1607        /* check addressrange */
1608        if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1609            (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1610             0)) {
1611                req->req.length = 0;
1612                return (-EINVAL);
1613        }
1614        /* addr-list-entry for fileinfo */
1615        addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1616        if (!addr) {
1617                req->req.length = 0;
1618                return (-ENOMEM);
1619        }
1620        /* allocation of addr_space_buffer */
1621        addr->addr_space_buffer = vmalloc(req->req.length);
1622        if (!(addr->addr_space_buffer)) {
1623                kfree(addr);
1624                req->req.length = 0;
1625                return (-ENOMEM);
1626        }
1627        /* initialization of addr_space_buffer */
1628        if ((req->req.sendb) == (unsigned long)NULL) {
1629                /* init: set 0 */
1630                memset(addr->addr_space_buffer, 0, req->req.length);
1631        } else {
1632                /* init: user -> kernel */
1633                if (copy_from_user
1634                    (addr->addr_space_buffer, int2ptr(req->req.sendb),
1635                     req->req.length)) {
1636                        vfree(addr->addr_space_buffer);
1637                        kfree(addr);
1638                        return (-EFAULT);
1639                }
1640        }
1641        INIT_LIST_HEAD(&addr->addr_list);
1642        addr->arm_tag = req->req.tag;
1643        addr->start = req->req.address;
1644        addr->end = req->req.address + req->req.length;
1645        addr->access_rights = (u8) (req->req.misc & 0x0F);
1646        addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1647        addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1648        addr->access_rights |= addr->client_transactions;
1649        addr->notification_options |= addr->client_transactions;
1650        addr->recvb = req->req.recvb;
1651        addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1652
1653        spin_lock_irqsave(&host_info_lock, flags);
1654        hi = find_host_info(fi->host);
1655        same_host = 0;
1656        another_host = 0;
1657        /* same host with address-entry containing same addressrange ? */
1658        list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1659                entry = fi_hlp->addr_list.next;
1660                while (entry != &(fi_hlp->addr_list)) {
1661                        arm_addr =
1662                            list_entry(entry, struct arm_addr, addr_list);
1663                        if ((arm_addr->start == addr->start)
1664                            && (arm_addr->end == addr->end)) {
1665                                DBGMSG("same host ownes same "
1666                                       "addressrange -> EALREADY");
1667                                same_host = 1;
1668                                break;
1669                        }
1670                        entry = entry->next;
1671                }
1672                if (same_host) {
1673                        break;
1674                }
1675        }
1676        if (same_host) {
1677                /* addressrange occupied by same host */
1678                spin_unlock_irqrestore(&host_info_lock, flags);
1679                vfree(addr->addr_space_buffer);
1680                kfree(addr);
1681                return (-EALREADY);
1682        }
1683        /* another host with valid address-entry containing same addressrange */
1684        list_for_each_entry(hi, &host_info_list, list) {
1685                if (hi->host != fi->host) {
1686                        list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1687                                entry = fi_hlp->addr_list.next;
1688                                while (entry != &(fi_hlp->addr_list)) {
1689                                        arm_addr =
1690                                            list_entry(entry, struct arm_addr,
1691                                                       addr_list);
1692                                        if ((arm_addr->start == addr->start)
1693                                            && (arm_addr->end == addr->end)) {
1694                                                DBGMSG
1695                                                    ("another host ownes same "
1696                                                     "addressrange");
1697                                                another_host = 1;
1698                                                break;
1699                                        }
1700                                        entry = entry->next;
1701                                }
1702                                if (another_host) {
1703                                        break;
1704                                }
1705                        }
1706                }
1707        }
1708        spin_unlock_irqrestore(&host_info_lock, flags);
1709
1710        if (another_host) {
1711                DBGMSG("another hosts entry is valid -> SUCCESS");
1712                if (copy_to_user(int2ptr(req->req.recvb),
1713                                 &addr->start, sizeof(u64))) {
1714                        printk(KERN_ERR "raw1394: arm_register failed "
1715                               " address-range-entry is invalid -> EFAULT !!!\n");
1716                        vfree(addr->addr_space_buffer);
1717                        kfree(addr);
1718                        return (-EFAULT);
1719                }
1720                free_pending_request(req);      /* immediate success or fail */
1721                /* INSERT ENTRY */
1722                spin_lock_irqsave(&host_info_lock, flags);
1723                list_add_tail(&addr->addr_list, &fi->addr_list);
1724                spin_unlock_irqrestore(&host_info_lock, flags);
1725                return 0;
1726        }
1727        retval =
1728            hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1729                                    req->req.address,
1730                                    req->req.address + req->req.length);
1731        if (retval) {
1732                /* INSERT ENTRY */
1733                spin_lock_irqsave(&host_info_lock, flags);
1734                list_add_tail(&addr->addr_list, &fi->addr_list);
1735                spin_unlock_irqrestore(&host_info_lock, flags);
1736        } else {
1737                DBGMSG("arm_register failed errno: %d \n", retval);
1738                vfree(addr->addr_space_buffer);
1739                kfree(addr);
1740                return (-EALREADY);
1741        }
1742        free_pending_request(req);      /* immediate success or fail */
1743        return 0;
1744}
1745
1746static int arm_unregister(struct file_info *fi, struct pending_request *req)
1747{
1748        int found = 0;
1749        int retval = 0;
1750        struct list_head *entry;
1751        struct arm_addr *addr = NULL;
1752        struct host_info *hi;
1753        struct file_info *fi_hlp = NULL;
1754        struct arm_addr *arm_addr = NULL;
1755        int another_host;
1756        unsigned long flags;
1757
1758        DBGMSG("arm_Unregister called addr(Offset): "
1759               "%8.8x %8.8x",
1760               (u32) ((req->req.address >> 32) & 0xFFFF),
1761               (u32) (req->req.address & 0xFFFFFFFF));
1762        spin_lock_irqsave(&host_info_lock, flags);
1763        /* get addr */
1764        entry = fi->addr_list.next;
1765        while (entry != &(fi->addr_list)) {
1766                addr = list_entry(entry, struct arm_addr, addr_list);
1767                if (addr->start == req->req.address) {
1768                        found = 1;
1769                        break;
1770                }
1771                entry = entry->next;
1772        }
1773        if (!found) {
1774                DBGMSG("arm_Unregister addr not found");
1775                spin_unlock_irqrestore(&host_info_lock, flags);
1776                return (-EINVAL);
1777        }
1778        DBGMSG("arm_Unregister addr found");
1779        another_host = 0;
1780        /* another host with valid address-entry containing
1781           same addressrange */
1782        list_for_each_entry(hi, &host_info_list, list) {
1783                if (hi->host != fi->host) {
1784                        list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1785                                entry = fi_hlp->addr_list.next;
1786                                while (entry != &(fi_hlp->addr_list)) {
1787                                        arm_addr = list_entry(entry,
1788                                                              struct arm_addr,
1789                                                              addr_list);
1790                                        if (arm_addr->start == addr->start) {
1791                                                DBGMSG("another host ownes "
1792                                                       "same addressrange");
1793                                                another_host = 1;
1794                                                break;
1795                                        }
1796                                        entry = entry->next;
1797                                }
1798                                if (another_host) {
1799                                        break;
1800                                }
1801                        }
1802                }
1803        }
1804        if (another_host) {
1805                DBGMSG("delete entry from list -> success");
1806                list_del(&addr->addr_list);
1807                spin_unlock_irqrestore(&host_info_lock, flags);
1808                vfree(addr->addr_space_buffer);
1809                kfree(addr);
1810                free_pending_request(req);      /* immediate success or fail */
1811                return 0;
1812        }
1813        retval =
1814            hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1815                                      addr->start);
1816        if (!retval) {
1817                printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1818                spin_unlock_irqrestore(&host_info_lock, flags);
1819                return (-EINVAL);
1820        }
1821        DBGMSG("delete entry from list -> success");
1822        list_del(&addr->addr_list);
1823        spin_unlock_irqrestore(&host_info_lock, flags);
1824        vfree(addr->addr_space_buffer);
1825        kfree(addr);
1826        free_pending_request(req);      /* immediate success or fail */
1827        return 0;
1828}
1829
1830/* Copy data from ARM buffer(s) to user buffer. */
1831static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1832{
1833        struct arm_addr *arm_addr = NULL;
1834        unsigned long flags;
1835        unsigned long offset;
1836
1837        struct list_head *entry;
1838
1839        DBGMSG("arm_get_buf "
1840               "addr(Offset): %04X %08X length: %u",
1841               (u32) ((req->req.address >> 32) & 0xFFFF),
1842               (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1843
1844        spin_lock_irqsave(&host_info_lock, flags);
1845        entry = fi->addr_list.next;
1846        while (entry != &(fi->addr_list)) {
1847                arm_addr = list_entry(entry, struct arm_addr, addr_list);
1848                if ((arm_addr->start <= req->req.address) &&
1849                    (arm_addr->end > req->req.address)) {
1850                        if (req->req.address + req->req.length <= arm_addr->end) {
1851                                offset = req->req.address - arm_addr->start;
1852                                spin_unlock_irqrestore(&host_info_lock, flags);
1853
1854                                DBGMSG
1855                                    ("arm_get_buf copy_to_user( %08X, %p, %u )",
1856                                     (u32) req->req.recvb,
1857                                     arm_addr->addr_space_buffer + offset,
1858                                     (u32) req->req.length);
1859                                if (copy_to_user
1860                                    (int2ptr(req->req.recvb),
1861                                     arm_addr->addr_space_buffer + offset,
1862                                     req->req.length))
1863                                        return (-EFAULT);
1864
1865                                /* We have to free the request, because we
1866                                 * queue no response, and therefore nobody
1867                                 * will free it. */
1868                                free_pending_request(req);
1869                                return 0;
1870                        } else {
1871                                DBGMSG("arm_get_buf request exceeded mapping");
1872                                spin_unlock_irqrestore(&host_info_lock, flags);
1873                                return (-EINVAL);
1874                        }
1875                }
1876                entry = entry->next;
1877        }
1878        spin_unlock_irqrestore(&host_info_lock, flags);
1879        return (-EINVAL);
1880}
1881
1882/* Copy data from user buffer to ARM buffer(s). */
1883static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1884{
1885        struct arm_addr *arm_addr = NULL;
1886        unsigned long flags;
1887        unsigned long offset;
1888
1889        struct list_head *entry;
1890
1891        DBGMSG("arm_set_buf "
1892               "addr(Offset): %04X %08X length: %u",
1893               (u32) ((req->req.address >> 32) & 0xFFFF),
1894               (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1895
1896        spin_lock_irqsave(&host_info_lock, flags);
1897        entry = fi->addr_list.next;
1898        while (entry != &(fi->addr_list)) {
1899                arm_addr = list_entry(entry, struct arm_addr, addr_list);
1900                if ((arm_addr->start <= req->req.address) &&
1901                    (arm_addr->end > req->req.address)) {
1902                        if (req->req.address + req->req.length <= arm_addr->end) {
1903                                offset = req->req.address - arm_addr->start;
1904                                spin_unlock_irqrestore(&host_info_lock, flags);
1905
1906                                DBGMSG
1907                                    ("arm_set_buf copy_from_user( %p, %08X, %u )",
1908                                     arm_addr->addr_space_buffer + offset,
1909                                     (u32) req->req.sendb,
1910                                     (u32) req->req.length);
1911                                if (copy_from_user
1912                                    (arm_addr->addr_space_buffer + offset,
1913                                     int2ptr(req->req.sendb),
1914                                     req->req.length))
1915                                        return (-EFAULT);
1916
1917                                /* We have to free the request, because we
1918                                 * queue no response, and therefore nobody
1919                                 * will free it. */
1920                                free_pending_request(req);
1921                                return 0;
1922                        } else {
1923                                DBGMSG("arm_set_buf request exceeded mapping");
1924                                spin_unlock_irqrestore(&host_info_lock, flags);
1925                                return (-EINVAL);
1926                        }
1927                }
1928                entry = entry->next;
1929        }
1930        spin_unlock_irqrestore(&host_info_lock, flags);
1931        return (-EINVAL);
1932}
1933
1934static int reset_notification(struct file_info *fi, struct pending_request *req)
1935{
1936        DBGMSG("reset_notification called - switch %s ",
1937               (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
1938        if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
1939            (req->req.misc == RAW1394_NOTIFY_ON)) {
1940                fi->notification = (u8) req->req.misc;
1941                free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1942                return 0;
1943        }
1944        /* error EINVAL (22) invalid argument */
1945        return (-EINVAL);
1946}
1947
1948static int write_phypacket(struct file_info *fi, struct pending_request *req)
1949{
1950        struct hpsb_packet *packet = NULL;
1951        int retval = 0;
1952        quadlet_t data;
1953        unsigned long flags;
1954
1955        data = be32_to_cpu((u32) req->req.sendb);
1956        DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
1957        packet = hpsb_make_phypacket(fi->host, data);
1958        if (!packet)
1959                return -ENOMEM;
1960        req->req.length = 0;
1961        req->packet = packet;
1962        hpsb_set_packet_complete_task(packet,
1963                                      (void (*)(void *))queue_complete_cb, req);
1964        spin_lock_irqsave(&fi->reqlists_lock, flags);
1965        list_add_tail(&req->list, &fi->req_pending);
1966        spin_unlock_irqrestore(&fi->reqlists_lock, flags);
1967        packet->generation = req->req.generation;
1968        retval = hpsb_send_packet(packet);
1969        DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
1970        if (retval < 0) {
1971                req->req.error = RAW1394_ERROR_SEND_ERROR;
1972                req->req.length = 0;
1973                queue_complete_req(req);
1974        }
1975        return 0;
1976}
1977
1978static int get_config_rom(struct file_info *fi, struct pending_request *req)
1979{
1980        int ret = 0;
1981        quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
1982        int status;
1983
1984        if (!data)
1985                return -ENOMEM;
1986
1987        status =
1988            csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
1989                         data, req->req.length);
1990        if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
1991                ret = -EFAULT;
1992        if (copy_to_user
1993            (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
1994             sizeof(fi->host->csr.rom->cache_head->len)))
1995                ret = -EFAULT;
1996        if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
1997                         sizeof(fi->host->csr.generation)))
1998                ret = -EFAULT;
1999        if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2000                ret = -EFAULT;
2001        kfree(data);
2002        if (ret >= 0) {
2003                free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2004        }
2005        return ret;
2006}
2007
2008static int update_config_rom(struct file_info *fi, struct pending_request *req)
2009{
2010        int ret = 0;
2011        quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2012        if (!data)
2013                return -ENOMEM;
2014        if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2015                ret = -EFAULT;
2016        } else {
2017                int status = hpsb_update_config_rom(fi->host,
2018                                                    data, req->req.length,
2019                                                    (unsigned char)req->req.
2020                                                    misc);
2021                if (copy_to_user
2022                    (int2ptr(req->req.recvb), &status, sizeof(status)))
2023                        ret = -ENOMEM;
2024        }
2025        kfree(data);
2026        if (ret >= 0) {
2027                free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2028                fi->cfgrom_upd = 1;
2029        }
2030        return ret;
2031}
2032
2033static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2034{
2035        struct csr1212_keyval *kv;
2036        struct csr1212_csr_rom_cache *cache;
2037        struct csr1212_dentry *dentry;
2038        u32 dr;
2039        int ret = 0;
2040
2041        if (req->req.misc == ~0) {
2042                if (req->req.length == 0)
2043                        return -EINVAL;
2044
2045                /* Find an unused slot */
2046                for (dr = 0;
2047                     dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2048                     dr++) ;
2049
2050                if (dr == RAW1394_MAX_USER_CSR_DIRS)
2051                        return -ENOMEM;
2052
2053                fi->csr1212_dirs[dr] =
2054                    csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2055                if (!fi->csr1212_dirs[dr])
2056                        return -ENOMEM;
2057        } else {
2058                dr = req->req.misc;
2059                if (!fi->csr1212_dirs[dr])
2060                        return -EINVAL;
2061
2062                /* Delete old stuff */
2063                for (dentry =
2064                     fi->csr1212_dirs[dr]->value.directory.dentries_head;
2065                     dentry; dentry = dentry->next) {
2066                        csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2067                                                             root_kv,
2068                                                             dentry->kv);
2069                }
2070
2071                if (req->req.length == 0) {
2072                        csr1212_release_keyval(fi->csr1212_dirs[dr]);
2073                        fi->csr1212_dirs[dr] = NULL;
2074
2075                        hpsb_update_config_rom_image(fi->host);
2076                        free_pending_request(req);
2077                        return 0;
2078                }
2079        }
2080
2081        cache = csr1212_rom_cache_malloc(0, req->req.length);
2082        if (!cache) {
2083                csr1212_release_keyval(fi->csr1212_dirs[dr]);
2084                fi->csr1212_dirs[dr] = NULL;
2085                return -ENOMEM;
2086        }
2087
2088        cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2089        if (!cache->filled_head) {
2090                csr1212_release_keyval(fi->csr1212_dirs[dr]);
2091                fi->csr1212_dirs[dr] = NULL;
2092                CSR1212_FREE(cache);
2093                return -ENOMEM;
2094        }
2095        cache->filled_tail = cache->filled_head;
2096
2097        if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2098                           req->req.length)) {
2099                csr1212_release_keyval(fi->csr1212_dirs[dr]);
2100                fi->csr1212_dirs[dr] = NULL;
2101                ret = -EFAULT;
2102        } else {
2103                cache->len = req->req.length;
2104                cache->filled_head->offset_start = 0;
2105                cache->filled_head->offset_end = cache->size - 1;
2106
2107                cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2108
2109                ret = CSR1212_SUCCESS;
2110                /* parse all the items */
2111                for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2112                     kv = kv->next) {
2113                        ret = csr1212_parse_keyval(kv, cache);
2114                }
2115
2116                /* attach top level items to the root directory */
2117                for (dentry =
2118                     fi->csr1212_dirs[dr]->value.directory.dentries_head;
2119                     ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2120                        ret =
2121                            csr1212_attach_keyval_to_directory(fi->host->csr.
2122                                                               rom->root_kv,
2123                                                               dentry->kv);
2124                }
2125
2126                if (ret == CSR1212_SUCCESS) {
2127                        ret = hpsb_update_config_rom_image(fi->host);
2128
2129                        if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2130                                                     &dr, sizeof(dr))) {
2131                                ret = -ENOMEM;
2132                        }
2133                }
2134        }
2135        kfree(cache->filled_head);
2136        CSR1212_FREE(cache);
2137
2138        if (ret >= 0) {
2139                /* we have to free the request, because we queue no response,
2140                 * and therefore nobody will free it */
2141                free_pending_request(req);
2142                return 0;
2143        } else {
2144                for (dentry =
2145                     fi->csr1212_dirs[dr]->value.directory.dentries_head;
2146                     dentry; dentry = dentry->next) {
2147                        csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2148                                                             root_kv,
2149                                                             dentry->kv);
2150                }
2151                csr1212_release_keyval(fi->csr1212_dirs[dr]);
2152                fi->csr1212_dirs[dr] = NULL;
2153                return ret;
2154        }
2155}
2156
2157static int state_connected(struct file_info *fi, struct pending_request *req)
2158{
2159        int node = req->req.address >> 48;
2160
2161        req->req.error = RAW1394_ERROR_NONE;
2162
2163        switch (req->req.type) {
2164
2165        case RAW1394_REQ_ECHO:
2166                queue_complete_req(req);
2167                return 0;
2168
2169        case RAW1394_REQ_ARM_REGISTER:
2170                return arm_register(fi, req);
2171
2172        case RAW1394_REQ_ARM_UNREGISTER:
2173                return arm_unregister(fi, req);
2174
2175        case RAW1394_REQ_ARM_SET_BUF:
2176                return arm_set_buf(fi, req);
2177
2178        case RAW1394_REQ_ARM_GET_BUF:
2179                return arm_get_buf(fi, req);
2180
2181        case RAW1394_REQ_RESET_NOTIFY:
2182                return reset_notification(fi, req);
2183
2184        case RAW1394_REQ_ISO_SEND:
2185        case RAW1394_REQ_ISO_LISTEN:
2186                printk(KERN_DEBUG "raw1394: old iso ABI has been removed\n");
2187                req->req.error = RAW1394_ERROR_COMPAT;
2188                req->req.misc = RAW1394_KERNELAPI_VERSION;
2189                queue_complete_req(req);
2190                return 0;
2191
2192        case RAW1394_REQ_FCP_LISTEN:
2193                handle_fcp_listen(fi, req);
2194                return 0;
2195
2196        case RAW1394_REQ_RESET_BUS:
2197                if (req->req.misc == RAW1394_LONG_RESET) {
2198                        DBGMSG("busreset called (type: LONG)");
2199                        hpsb_reset_bus(fi->host, LONG_RESET);
2200                        free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2201                        return 0;
2202                }
2203                if (req->req.misc == RAW1394_SHORT_RESET) {
2204                        DBGMSG("busreset called (type: SHORT)");
2205                        hpsb_reset_bus(fi->host, SHORT_RESET);
2206                        free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2207                        return 0;
2208                }
2209                /* error EINVAL (22) invalid argument */
2210                return (-EINVAL);
2211        case RAW1394_REQ_GET_ROM:
2212                return get_config_rom(fi, req);
2213
2214        case RAW1394_REQ_UPDATE_ROM:
2215                return update_config_rom(fi, req);
2216
2217        case RAW1394_REQ_MODIFY_ROM:
2218                return modify_config_rom(fi, req);
2219        }
2220
2221        if (req->req.generation != get_hpsb_generation(fi->host)) {
2222                req->req.error = RAW1394_ERROR_GENERATION;
2223                req->req.generation = get_hpsb_generation(fi->host);
2224                req->req.length = 0;
2225                queue_complete_req(req);
2226                return 0;
2227        }
2228
2229        switch (req->req.type) {
2230        case RAW1394_REQ_PHYPACKET:
2231                return write_phypacket(fi, req);
2232        case RAW1394_REQ_ASYNC_SEND:
2233                return handle_async_send(fi, req);
2234        }
2235
2236        if (req->req.length == 0) {
2237                req->req.error = RAW1394_ERROR_INVALID_ARG;
2238                queue_complete_req(req);
2239                return 0;
2240        }
2241
2242        return handle_async_request(fi, req, node);
2243}
2244
2245static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2246                             size_t count, loff_t * offset_is_ignored)
2247{
2248        struct file_info *fi = (struct file_info *)file->private_data;
2249        struct pending_request *req;
2250        ssize_t retval = -EBADFD;
2251
2252#ifdef CONFIG_COMPAT
2253        if (count == sizeof(struct compat_raw1394_req) &&
2254            sizeof(struct compat_raw1394_req) !=
2255                        sizeof(struct raw1394_request)) {
2256                buffer = raw1394_compat_write(buffer);
2257                if (IS_ERR((__force void *)buffer))
2258                        return PTR_ERR((__force void *)buffer);
2259        } else
2260#endif
2261        if (count != sizeof(struct raw1394_request)) {
2262                return -EINVAL;
2263        }
2264
2265        req = alloc_pending_request();
2266        if (req == NULL) {
2267                return -ENOMEM;
2268        }
2269        req->file_info = fi;
2270
2271        if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2272                free_pending_request(req);
2273                return -EFAULT;
2274        }
2275
2276        if (!mutex_trylock(&fi->state_mutex)) {
2277                free_pending_request(req);
2278                return -EAGAIN;
2279        }
2280
2281        switch (fi->state) {
2282        case opened:
2283                retval = state_opened(fi, req);
2284                break;
2285
2286        case initialized:
2287                retval = state_initialized(fi, req);
2288                break;
2289
2290        case connected:
2291                retval = state_connected(fi, req);
2292                break;
2293        }
2294
2295        mutex_unlock(&fi->state_mutex);
2296
2297        if (retval < 0) {
2298                free_pending_request(req);
2299        } else {
2300                BUG_ON(retval);
2301                retval = count;
2302        }
2303
2304        return retval;
2305}
2306
2307/* rawiso operations */
2308
2309/* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2310 * completion queue (reqlists_lock must be taken) */
2311static inline int __rawiso_event_in_queue(struct file_info *fi)
2312{
2313        struct pending_request *req;
2314
2315        list_for_each_entry(req, &fi->req_complete, list)
2316            if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2317                return 1;
2318
2319        return 0;
2320}
2321
2322/* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2323static void queue_rawiso_event(struct file_info *fi)
2324{
2325        unsigned long flags;
2326
2327        spin_lock_irqsave(&fi->reqlists_lock, flags);
2328
2329        /* only one ISO activity event may be in the queue */
2330        if (!__rawiso_event_in_queue(fi)) {
2331                struct pending_request *req =
2332                    __alloc_pending_request(GFP_ATOMIC);
2333
2334                if (req) {
2335                        req->file_info = fi;
2336                        req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2337                        req->req.generation = get_hpsb_generation(fi->host);
2338                        __queue_complete_req(req);
2339                } else {
2340                        /* on allocation failure, signal an overflow */
2341                        if (fi->iso_handle) {
2342                                atomic_inc(&fi->iso_handle->overflows);
2343                        }
2344                }
2345        }
2346        spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2347}
2348
2349static void rawiso_activity_cb(struct hpsb_iso *iso)
2350{
2351        unsigned long flags;
2352        struct host_info *hi;
2353        struct file_info *fi;
2354
2355        spin_lock_irqsave(&host_info_lock, flags);
2356        hi = find_host_info(iso->host);
2357
2358        if (hi != NULL) {
2359                list_for_each_entry(fi, &hi->file_info_list, list) {
2360                        if (fi->iso_handle == iso)
2361                                queue_rawiso_event(fi);
2362                }
2363        }
2364
2365        spin_unlock_irqrestore(&host_info_lock, flags);
2366}
2367
2368/* helper function - gather all the kernel iso status bits for returning to user-space */
2369static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2370                                    struct raw1394_iso_status *stat)
2371{
2372        int overflows = atomic_read(&iso->overflows);
2373        int skips = atomic_read(&iso->skips);
2374
2375        stat->config.data_buf_size = iso->buf_size;
2376        stat->config.buf_packets = iso->buf_packets;
2377        stat->config.channel = iso->channel;
2378        stat->config.speed = iso->speed;
2379        stat->config.irq_interval = iso->irq_interval;
2380        stat->n_packets = hpsb_iso_n_ready(iso);
2381        stat->overflows = ((skips & 0xFFFF) << 16) | ((overflows & 0xFFFF));
2382        stat->xmit_cycle = iso->xmit_cycle;
2383}
2384
2385static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2386{
2387        struct raw1394_iso_status stat;
2388
2389        if (!fi->host)
2390                return -EINVAL;
2391
2392        if (copy_from_user(&stat, uaddr, sizeof(stat)))
2393                return -EFAULT;
2394
2395        fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2396                                            stat.config.data_buf_size,
2397                                            stat.config.buf_packets,
2398                                            stat.config.channel,
2399                                            stat.config.speed,
2400                                            stat.config.irq_interval,
2401                                            rawiso_activity_cb);
2402        if (!fi->iso_handle)
2403                return -ENOMEM;
2404
2405        fi->iso_state = RAW1394_ISO_XMIT;
2406
2407        raw1394_iso_fill_status(fi->iso_handle, &stat);
2408        if (copy_to_user(uaddr, &stat, sizeof(stat)))
2409                return -EFAULT;
2410
2411        /* queue an event to get things started */
2412        rawiso_activity_cb(fi->iso_handle);
2413
2414        return 0;
2415}
2416
2417static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2418{
2419        struct raw1394_iso_status stat;
2420
2421        if (!fi->host)
2422                return -EINVAL;
2423
2424        if (copy_from_user(&stat, uaddr, sizeof(stat)))
2425                return -EFAULT;
2426
2427        fi->iso_handle = hpsb_iso_recv_init(fi->host,
2428                                            stat.config.data_buf_size,
2429                                            stat.config.buf_packets,
2430                                            stat.config.channel,
2431                                            stat.config.dma_mode,
2432                                            stat.config.irq_interval,
2433                                            rawiso_activity_cb);
2434        if (!fi->iso_handle)
2435                return -ENOMEM;
2436
2437        fi->iso_state = RAW1394_ISO_RECV;
2438
2439        raw1394_iso_fill_status(fi->iso_handle, &stat);
2440        if (copy_to_user(uaddr, &stat, sizeof(stat)))
2441                return -EFAULT;
2442        return 0;
2443}
2444
2445static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2446{
2447        struct raw1394_iso_status stat;
2448        struct hpsb_iso *iso = fi->iso_handle;
2449
2450        raw1394_iso_fill_status(fi->iso_handle, &stat);
2451        if (copy_to_user(uaddr, &stat, sizeof(stat)))
2452                return -EFAULT;
2453
2454        /* reset overflow counter */
2455        atomic_set(&iso->overflows, 0);
2456        /* reset skip counter */
2457        atomic_set(&iso->skips, 0);
2458
2459        return 0;
2460}
2461
2462/* copy N packet_infos out of the ringbuffer into user-supplied array */
2463static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2464{
2465        struct raw1394_iso_packets upackets;
2466        unsigned int packet = fi->iso_handle->first_packet;
2467        int i;
2468
2469        if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2470                return -EFAULT;
2471
2472        if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2473                return -EINVAL;
2474
2475        /* ensure user-supplied buffer is accessible and big enough */
2476        if (!access_ok(VERIFY_WRITE, upackets.infos,
2477                       upackets.n_packets *
2478                       sizeof(struct raw1394_iso_packet_info)))
2479                return -EFAULT;
2480
2481        /* copy the packet_infos out */
2482        for (i = 0; i < upackets.n_packets; i++) {
2483                if (__copy_to_user(&upackets.infos[i],
2484                                   &fi->iso_handle->infos[packet],
2485                                   sizeof(struct raw1394_iso_packet_info)))
2486                        return -EFAULT;
2487
2488                packet = (packet + 1) % fi->iso_handle->buf_packets;
2489        }
2490
2491        return 0;
2492}
2493
2494/* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2495static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2496{
2497        struct raw1394_iso_packets upackets;
2498        int i, rv;
2499
2500        if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2501                return -EFAULT;
2502
2503        if (upackets.n_packets >= fi->iso_handle->buf_packets)
2504                return -EINVAL;
2505
2506        if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2507                return -EAGAIN;
2508
2509        /* ensure user-supplied buffer is accessible and big enough */
2510        if (!access_ok(VERIFY_READ, upackets.infos,
2511                       upackets.n_packets *
2512                       sizeof(struct raw1394_iso_packet_info)))
2513                return -EFAULT;
2514
2515        /* copy the infos structs in and queue the packets */
2516        for (i = 0; i < upackets.n_packets; i++) {
2517                struct raw1394_iso_packet_info info;
2518
2519                if (__copy_from_user(&info, &upackets.infos[i],
2520                                     sizeof(struct raw1394_iso_packet_info)))
2521                        return -EFAULT;
2522
2523                rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2524                                                info.len, info.tag, info.sy);
2525                if (rv)
2526                        return rv;
2527        }
2528
2529        return 0;
2530}
2531
2532static void raw1394_iso_shutdown(struct file_info *fi)
2533{
2534        if (fi->iso_handle)
2535                hpsb_iso_shutdown(fi->iso_handle);
2536
2537        fi->iso_handle = NULL;
2538        fi->iso_state = RAW1394_ISO_INACTIVE;
2539}
2540
2541static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2542{
2543        struct raw1394_cycle_timer ct;
2544        int err;
2545
2546        err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2547        if (!err)
2548                if (copy_to_user(uaddr, &ct, sizeof(ct)))
2549                        err = -EFAULT;
2550        return err;
2551}
2552
2553/* mmap the rawiso xmit/recv buffer */
2554static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2555{
2556        struct file_info *fi = file->private_data;
2557        int ret;
2558
2559        if (!mutex_trylock(&fi->state_mutex))
2560                return -EAGAIN;
2561
2562        if (fi->iso_state == RAW1394_ISO_INACTIVE)
2563                ret = -EINVAL;
2564        else
2565                ret = dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2566
2567        mutex_unlock(&fi->state_mutex);
2568
2569        return ret;
2570}
2571
2572static long raw1394_ioctl_inactive(struct file_info *fi, unsigned int cmd,
2573                                   void __user *argp)
2574{
2575        switch (cmd) {
2576        case RAW1394_IOC_ISO_XMIT_INIT:
2577                return raw1394_iso_xmit_init(fi, argp);
2578        case RAW1394_IOC_ISO_RECV_INIT:
2579                return raw1394_iso_recv_init(fi, argp);
2580        default:
2581                return -EINVAL;
2582        }
2583}
2584
2585static long raw1394_ioctl_recv(struct file_info *fi, unsigned int cmd,
2586                               unsigned long arg)
2587{
2588        void __user *argp = (void __user *)arg;
2589
2590        switch (cmd) {
2591        case RAW1394_IOC_ISO_RECV_START:{
2592                        int args[3];
2593
2594                        if (copy_from_user(&args[0], argp, sizeof(args)))
2595                                return -EFAULT;
2596                        return hpsb_iso_recv_start(fi->iso_handle,
2597                                                   args[0], args[1], args[2]);
2598                }
2599        case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2600                hpsb_iso_stop(fi->iso_handle);
2601                return 0;
2602        case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2603                return hpsb_iso_recv_listen_channel(fi->iso_handle, arg);
2604        case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2605                return hpsb_iso_recv_unlisten_channel(fi->iso_handle, arg);
2606        case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2607                        u64 mask;
2608
2609                        if (copy_from_user(&mask, argp, sizeof(mask)))
2610                                return -EFAULT;
2611                        return hpsb_iso_recv_set_channel_mask(fi->iso_handle,
2612                                                              mask);
2613                }
2614        case RAW1394_IOC_ISO_GET_STATUS:
2615                return raw1394_iso_get_status(fi, argp);
2616        case RAW1394_IOC_ISO_RECV_PACKETS:
2617                return raw1394_iso_recv_packets(fi, argp);
2618        case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2619                return hpsb_iso_recv_release_packets(fi->iso_handle, arg);
2620        case RAW1394_IOC_ISO_RECV_FLUSH:
2621                return hpsb_iso_recv_flush(fi->iso_handle);
2622        case RAW1394_IOC_ISO_SHUTDOWN:
2623                raw1394_iso_shutdown(fi);
2624                return 0;
2625        case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2626                queue_rawiso_event(fi);
2627                return 0;
2628        default:
2629                return -EINVAL;
2630        }
2631}
2632
2633static long raw1394_ioctl_xmit(struct file_info *fi, unsigned int cmd,
2634                               void __user *argp)
2635{
2636        switch (cmd) {
2637        case RAW1394_IOC_ISO_XMIT_START:{
2638                        int args[2];
2639
2640                        if (copy_from_user(&args[0], argp, sizeof(args)))
2641                                return -EFAULT;
2642                        return hpsb_iso_xmit_start(fi->iso_handle,
2643                                                   args[0], args[1]);
2644                }
2645        case RAW1394_IOC_ISO_XMIT_SYNC:
2646                return hpsb_iso_xmit_sync(fi->iso_handle);
2647        case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2648                hpsb_iso_stop(fi->iso_handle);
2649                return 0;
2650        case RAW1394_IOC_ISO_GET_STATUS:
2651                return raw1394_iso_get_status(fi, argp);
2652        case RAW1394_IOC_ISO_XMIT_PACKETS:
2653                return raw1394_iso_send_packets(fi, argp);
2654        case RAW1394_IOC_ISO_SHUTDOWN:
2655                raw1394_iso_shutdown(fi);
2656                return 0;
2657        case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2658                queue_rawiso_event(fi);
2659                return 0;
2660        default:
2661                return -EINVAL;
2662        }
2663}
2664
2665/* ioctl is only used for rawiso operations */
2666static long raw1394_ioctl(struct file *file, unsigned int cmd,
2667                          unsigned long arg)
2668{
2669        struct file_info *fi = file->private_data;
2670        void __user *argp = (void __user *)arg;
2671        long ret;
2672
2673        /* state-independent commands */
2674        switch(cmd) {
2675        case RAW1394_IOC_GET_CYCLE_TIMER:
2676                return raw1394_read_cycle_timer(fi, argp);
2677        default:
2678                break;
2679        }
2680
2681        if (!mutex_trylock(&fi->state_mutex))
2682                return -EAGAIN;
2683
2684        switch (fi->iso_state) {
2685        case RAW1394_ISO_INACTIVE:
2686                ret = raw1394_ioctl_inactive(fi, cmd, argp);
2687                break;
2688        case RAW1394_ISO_RECV:
2689                ret = raw1394_ioctl_recv(fi, cmd, arg);
2690                break;
2691        case RAW1394_ISO_XMIT:
2692                ret = raw1394_ioctl_xmit(fi, cmd, argp);
2693                break;
2694        default:
2695                ret = -EINVAL;
2696                break;
2697        }
2698
2699        mutex_unlock(&fi->state_mutex);
2700
2701        return ret;
2702}
2703
2704#ifdef CONFIG_COMPAT
2705struct raw1394_iso_packets32 {
2706        __u32 n_packets;
2707        compat_uptr_t infos;
2708} __attribute__((packed));
2709
2710struct raw1394_cycle_timer32 {
2711        __u32 cycle_timer;
2712        __u64 local_time;
2713}
2714#if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
2715__attribute__((packed))
2716#endif
2717;
2718
2719#define RAW1394_IOC_ISO_RECV_PACKETS32          \
2720        _IOW ('#', 0x25, struct raw1394_iso_packets32)
2721#define RAW1394_IOC_ISO_XMIT_PACKETS32          \
2722        _IOW ('#', 0x27, struct raw1394_iso_packets32)
2723#define RAW1394_IOC_GET_CYCLE_TIMER32           \
2724        _IOR ('#', 0x30, struct raw1394_cycle_timer32)
2725
2726static long raw1394_iso_xmit_recv_packets32(struct file *file, unsigned int cmd,
2727                                          struct raw1394_iso_packets32 __user *arg)
2728{
2729        compat_uptr_t infos32;
2730        void __user *infos;
2731        long err = -EFAULT;
2732        struct raw1394_iso_packets __user *dst = compat_alloc_user_space(sizeof(struct raw1394_iso_packets));
2733
2734        if (!copy_in_user(&dst->n_packets, &arg->n_packets, sizeof arg->n_packets) &&
2735            !copy_from_user(&infos32, &arg->infos, sizeof infos32)) {
2736                infos = compat_ptr(infos32);
2737                if (!copy_to_user(&dst->infos, &infos, sizeof infos))
2738                        err = raw1394_ioctl(file, cmd, (unsigned long)dst);
2739        }
2740        return err;
2741}
2742
2743static long raw1394_read_cycle_timer32(struct file_info *fi, void __user * uaddr)
2744{
2745        struct raw1394_cycle_timer32 ct;
2746        int err;
2747
2748        err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2749        if (!err)
2750                if (copy_to_user(uaddr, &ct, sizeof(ct)))
2751                        err = -EFAULT;
2752        return err;
2753}
2754
2755static long raw1394_compat_ioctl(struct file *file,
2756                                 unsigned int cmd, unsigned long arg)
2757{
2758        struct file_info *fi = file->private_data;
2759        void __user *argp = (void __user *)arg;
2760        long err;
2761
2762        switch (cmd) {
2763        /* These requests have same format as long as 'int' has same size. */
2764        case RAW1394_IOC_ISO_RECV_INIT:
2765        case RAW1394_IOC_ISO_RECV_START:
2766        case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2767        case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2768        case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:
2769        case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2770        case RAW1394_IOC_ISO_RECV_FLUSH:
2771        case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2772        case RAW1394_IOC_ISO_XMIT_INIT:
2773        case RAW1394_IOC_ISO_XMIT_START:
2774        case RAW1394_IOC_ISO_XMIT_SYNC:
2775        case RAW1394_IOC_ISO_GET_STATUS:
2776        case RAW1394_IOC_ISO_SHUTDOWN:
2777        case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2778                err = raw1394_ioctl(file, cmd, arg);
2779                break;
2780        /* These request have different format. */
2781        case RAW1394_IOC_ISO_RECV_PACKETS32:
2782                err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_RECV_PACKETS, argp);
2783                break;
2784        case RAW1394_IOC_ISO_XMIT_PACKETS32:
2785                err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_XMIT_PACKETS, argp);
2786                break;
2787        case RAW1394_IOC_GET_CYCLE_TIMER32:
2788                err = raw1394_read_cycle_timer32(fi, argp);
2789                break;
2790        default:
2791                err = -EINVAL;
2792                break;
2793        }
2794
2795        return err;
2796}
2797#endif
2798
2799static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2800{
2801        struct file_info *fi = file->private_data;
2802        unsigned int mask = POLLOUT | POLLWRNORM;
2803        unsigned long flags;
2804
2805        poll_wait(file, &fi->wait_complete, pt);
2806
2807        spin_lock_irqsave(&fi->reqlists_lock, flags);
2808        if (!list_empty(&fi->req_complete)) {
2809                mask |= POLLIN | POLLRDNORM;
2810        }
2811        spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2812
2813        return mask;
2814}
2815
2816static int raw1394_open(struct inode *inode, struct file *file)
2817{
2818        struct file_info *fi;
2819
2820        fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2821        if (!fi)
2822                return -ENOMEM;
2823
2824        fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2825
2826        INIT_LIST_HEAD(&fi->list);
2827        mutex_init(&fi->state_mutex);
2828        fi->state = opened;
2829        INIT_LIST_HEAD(&fi->req_pending);
2830        INIT_LIST_HEAD(&fi->req_complete);
2831        spin_lock_init(&fi->reqlists_lock);
2832        init_waitqueue_head(&fi->wait_complete);
2833        INIT_LIST_HEAD(&fi->addr_list);
2834
2835        file->private_data = fi;
2836
2837        return nonseekable_open(inode, file);
2838}
2839
2840static int raw1394_release(struct inode *inode, struct file *file)
2841{
2842        struct file_info *fi = file->private_data;
2843        struct list_head *lh;
2844        struct pending_request *req;
2845        int i, fail;
2846        int retval = 0;
2847        struct list_head *entry;
2848        struct arm_addr *addr = NULL;
2849        struct host_info *hi;
2850        struct file_info *fi_hlp = NULL;
2851        struct arm_addr *arm_addr = NULL;
2852        int another_host;
2853        int csr_mod = 0;
2854        unsigned long flags;
2855
2856        if (fi->iso_state != RAW1394_ISO_INACTIVE)
2857                raw1394_iso_shutdown(fi);
2858
2859        spin_lock_irqsave(&host_info_lock, flags);
2860
2861        fail = 0;
2862        /* set address-entries invalid */
2863
2864        while (!list_empty(&fi->addr_list)) {
2865                another_host = 0;
2866                lh = fi->addr_list.next;
2867                addr = list_entry(lh, struct arm_addr, addr_list);
2868                /* another host with valid address-entry containing
2869                   same addressrange? */
2870                list_for_each_entry(hi, &host_info_list, list) {
2871                        if (hi->host != fi->host) {
2872                                list_for_each_entry(fi_hlp, &hi->file_info_list,
2873                                                    list) {
2874                                        entry = fi_hlp->addr_list.next;
2875                                        while (entry != &(fi_hlp->addr_list)) {
2876                                                arm_addr = list_entry(entry, struct
2877                                                                      arm_addr,
2878                                                                      addr_list);
2879                                                if (arm_addr->start ==
2880                                                    addr->start) {
2881                                                        DBGMSG
2882                                                            ("raw1394_release: "
2883                                                             "another host ownes "
2884                                                             "same addressrange");
2885                                                        another_host = 1;
2886                                                        break;
2887                                                }
2888                                                entry = entry->next;
2889                                        }
2890                                        if (another_host) {
2891                                                break;
2892                                        }
2893                                }
2894                        }
2895                }
2896                if (!another_host) {
2897                        DBGMSG("raw1394_release: call hpsb_arm_unregister");
2898                        retval =
2899                            hpsb_unregister_addrspace(&raw1394_highlevel,
2900                                                      fi->host, addr->start);
2901                        if (!retval) {
2902                                ++fail;
2903                                printk(KERN_ERR
2904                                       "raw1394_release arm_Unregister failed\n");
2905                        }
2906                }
2907                DBGMSG("raw1394_release: delete addr_entry from list");
2908                list_del(&addr->addr_list);
2909                vfree(addr->addr_space_buffer);
2910                kfree(addr);
2911        }                       /* while */
2912        spin_unlock_irqrestore(&host_info_lock, flags);
2913        if (fail > 0) {
2914                printk(KERN_ERR "raw1394: during addr_list-release "
2915                       "error(s) occurred \n");
2916        }
2917
2918        for (;;) {
2919                /* This locked section guarantees that neither
2920                 * complete nor pending requests exist once i!=0 */
2921                spin_lock_irqsave(&fi->reqlists_lock, flags);
2922                while ((req = __next_complete_req(fi)))
2923                        free_pending_request(req);
2924
2925                i = list_empty(&fi->req_pending);
2926                spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2927
2928                if (i)
2929                        break;
2930                /*
2931                 * Sleep until more requests can be freed.
2932                 *
2933                 * NB: We call the macro wait_event() with a condition argument
2934                 * with side effect.  This is only possible because the side
2935                 * effect does not occur until the condition became true, and
2936                 * wait_event() won't evaluate the condition again after that.
2937                 */
2938                wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2939                free_pending_request(req);
2940        }
2941
2942        /* Remove any sub-trees left by user space programs */
2943        for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2944                struct csr1212_dentry *dentry;
2945                if (!fi->csr1212_dirs[i])
2946                        continue;
2947                for (dentry =
2948                     fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2949                     dentry = dentry->next) {
2950                        csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2951                                                             root_kv,
2952                                                             dentry->kv);
2953                }
2954                csr1212_release_keyval(fi->csr1212_dirs[i]);
2955                fi->csr1212_dirs[i] = NULL;
2956                csr_mod = 1;
2957        }
2958
2959        if ((csr_mod || fi->cfgrom_upd)
2960            && hpsb_update_config_rom_image(fi->host) < 0)
2961                HPSB_ERR
2962                    ("Failed to generate Configuration ROM image for host %d",
2963                     fi->host->id);
2964
2965        if (fi->state == connected) {
2966                spin_lock_irqsave(&host_info_lock, flags);
2967                list_del(&fi->list);
2968                spin_unlock_irqrestore(&host_info_lock, flags);
2969
2970                put_device(&fi->host->device);
2971        }
2972
2973        spin_lock_irqsave(&host_info_lock, flags);
2974        if (fi->host)
2975                module_put(fi->host->driver->owner);
2976        spin_unlock_irqrestore(&host_info_lock, flags);
2977
2978        kfree(fi);
2979
2980        return 0;
2981}
2982
2983/*** HOTPLUG STUFF **********************************************************/
2984/*
2985 * Export information about protocols/devices supported by this driver.
2986 */
2987#ifdef MODULE
2988static const struct ieee1394_device_id raw1394_id_table[] = {
2989        {
2990         .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2991         .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2992         .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2993        {
2994         .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2995         .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2996         .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2997        {
2998         .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2999         .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3000         .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
3001        {
3002         .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
3003         .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
3004         .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
3005        {}
3006};
3007
3008MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
3009#endif /* MODULE */
3010
3011static struct hpsb_protocol_driver raw1394_driver = {
3012        .name = "raw1394",
3013};
3014
3015/******************************************************************************/
3016
3017static struct hpsb_highlevel raw1394_highlevel = {
3018        .name = RAW1394_DEVICE_NAME,
3019        .add_host = add_host,
3020        .remove_host = remove_host,
3021        .host_reset = host_reset,
3022        .fcp_request = fcp_request,
3023};
3024
3025static struct cdev raw1394_cdev;
3026static const struct file_operations raw1394_fops = {
3027        .owner = THIS_MODULE,
3028        .read = raw1394_read,
3029        .write = raw1394_write,
3030        .mmap = raw1394_mmap,
3031        .unlocked_ioctl = raw1394_ioctl,
3032#ifdef CONFIG_COMPAT
3033        .compat_ioctl = raw1394_compat_ioctl,
3034#endif
3035        .poll = raw1394_poll,
3036        .open = raw1394_open,
3037        .release = raw1394_release,
3038        .llseek = no_llseek,
3039};
3040
3041static int __init init_raw1394(void)
3042{
3043        int ret = 0;
3044
3045        hpsb_register_highlevel(&raw1394_highlevel);
3046
3047        if (IS_ERR
3048            (device_create(hpsb_protocol_class, NULL,
3049                           MKDEV(IEEE1394_MAJOR,
3050                                 IEEE1394_MINOR_BLOCK_RAW1394 * 16),
3051                           NULL, RAW1394_DEVICE_NAME))) {
3052                ret = -EFAULT;
3053                goto out_unreg;
3054        }
3055
3056        cdev_init(&raw1394_cdev, &raw1394_fops);
3057        raw1394_cdev.owner = THIS_MODULE;
3058        ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3059        if (ret) {
3060                HPSB_ERR("raw1394 failed to register minor device block");
3061                goto out_dev;
3062        }
3063
3064        HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3065
3066        ret = hpsb_register_protocol(&raw1394_driver);
3067        if (ret) {
3068                HPSB_ERR("raw1394: failed to register protocol");
3069                cdev_del(&raw1394_cdev);
3070                goto out_dev;
3071        }
3072
3073        goto out;
3074
3075      out_dev:
3076        device_destroy(hpsb_protocol_class,
3077                       MKDEV(IEEE1394_MAJOR,
3078                             IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3079      out_unreg:
3080        hpsb_unregister_highlevel(&raw1394_highlevel);
3081      out:
3082        return ret;
3083}
3084
3085static void __exit cleanup_raw1394(void)
3086{
3087        device_destroy(hpsb_protocol_class,
3088                       MKDEV(IEEE1394_MAJOR,
3089                             IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3090        cdev_del(&raw1394_cdev);
3091        hpsb_unregister_highlevel(&raw1394_highlevel);
3092        hpsb_unregister_protocol(&raw1394_driver);
3093}
3094
3095module_init(init_raw1394);
3096module_exit(cleanup_raw1394);
3097MODULE_LICENSE("GPL");
3098
lxr.linux.no kindly hosted by Redpill Linpro AS, provider of Linux consulting and operations services since 1995.