Merge branch 'upstream-linus' of master.kernel.org:/pub/scm/linux/kernel/git/jgarzik...
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/compat.h>
45
46 #include "csr1212.h"
47 #include "highlevel.h"
48 #include "hosts.h"
49 #include "ieee1394.h"
50 #include "ieee1394_core.h"
51 #include "ieee1394_hotplug.h"
52 #include "ieee1394_transactions.h"
53 #include "ieee1394_types.h"
54 #include "iso.h"
55 #include "nodemgr.h"
56 #include "raw1394.h"
57 #include "raw1394-private.h"
58
59 #define int2ptr(x) ((void __user *)(unsigned long)x)
60 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
61
62 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
63 #define RAW1394_DEBUG
64 #endif
65
66 #ifdef RAW1394_DEBUG
67 #define DBGMSG(fmt, args...) \
68 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
69 #else
70 #define DBGMSG(fmt, args...) do {} while (0)
71 #endif
72
73 static LIST_HEAD(host_info_list);
74 static int host_count;
75 static DEFINE_SPINLOCK(host_info_lock);
76 static atomic_t internal_generation = ATOMIC_INIT(0);
77
78 static atomic_t iso_buffer_size;
79 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
80
81 static struct hpsb_highlevel raw1394_highlevel;
82
83 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
84                     u64 addr, size_t length, u16 flags);
85 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
86                      quadlet_t * data, u64 addr, size_t length, u16 flags);
87 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
88                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
89                     u16 flags);
90 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
91                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
92                       u16 flags);
93 static struct hpsb_address_ops arm_ops = {
94         .read = arm_read,
95         .write = arm_write,
96         .lock = arm_lock,
97         .lock64 = arm_lock64,
98 };
99
100 static void queue_complete_cb(struct pending_request *req);
101
102 static struct pending_request *__alloc_pending_request(gfp_t flags)
103 {
104         struct pending_request *req;
105
106         req = kzalloc(sizeof(*req), flags);
107         if (req)
108                 INIT_LIST_HEAD(&req->list);
109
110         return req;
111 }
112
113 static inline struct pending_request *alloc_pending_request(void)
114 {
115         return __alloc_pending_request(GFP_KERNEL);
116 }
117
118 static void free_pending_request(struct pending_request *req)
119 {
120         if (req->ibs) {
121                 if (atomic_dec_and_test(&req->ibs->refcount)) {
122                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
123                         kfree(req->ibs);
124                 }
125         } else if (req->free_data) {
126                 kfree(req->data);
127         }
128         hpsb_free_packet(req->packet);
129         kfree(req);
130 }
131
132 /* fi->reqlists_lock must be taken */
133 static void __queue_complete_req(struct pending_request *req)
134 {
135         struct file_info *fi = req->file_info;
136
137         list_move_tail(&req->list, &fi->req_complete);
138         wake_up(&fi->wait_complete);
139 }
140
141 static void queue_complete_req(struct pending_request *req)
142 {
143         unsigned long flags;
144         struct file_info *fi = req->file_info;
145
146         spin_lock_irqsave(&fi->reqlists_lock, flags);
147         __queue_complete_req(req);
148         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
149 }
150
151 static void queue_complete_cb(struct pending_request *req)
152 {
153         struct hpsb_packet *packet = req->packet;
154         int rcode = (packet->header[1] >> 12) & 0xf;
155
156         switch (packet->ack_code) {
157         case ACKX_NONE:
158         case ACKX_SEND_ERROR:
159                 req->req.error = RAW1394_ERROR_SEND_ERROR;
160                 break;
161         case ACKX_ABORTED:
162                 req->req.error = RAW1394_ERROR_ABORTED;
163                 break;
164         case ACKX_TIMEOUT:
165                 req->req.error = RAW1394_ERROR_TIMEOUT;
166                 break;
167         default:
168                 req->req.error = (packet->ack_code << 16) | rcode;
169                 break;
170         }
171
172         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
173                 req->req.length = 0;
174         }
175
176         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
177             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
178             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
179             (req->req.type == RAW1394_REQ_LOCK) ||
180             (req->req.type == RAW1394_REQ_LOCK64))
181                 hpsb_free_tlabel(packet);
182
183         queue_complete_req(req);
184 }
185
186 static void add_host(struct hpsb_host *host)
187 {
188         struct host_info *hi;
189         unsigned long flags;
190
191         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
192
193         if (hi) {
194                 INIT_LIST_HEAD(&hi->list);
195                 hi->host = host;
196                 INIT_LIST_HEAD(&hi->file_info_list);
197
198                 spin_lock_irqsave(&host_info_lock, flags);
199                 list_add_tail(&hi->list, &host_info_list);
200                 host_count++;
201                 spin_unlock_irqrestore(&host_info_lock, flags);
202         }
203
204         atomic_inc(&internal_generation);
205 }
206
207 static struct host_info *find_host_info(struct hpsb_host *host)
208 {
209         struct host_info *hi;
210
211         list_for_each_entry(hi, &host_info_list, list)
212             if (hi->host == host)
213                 return hi;
214
215         return NULL;
216 }
217
218 static void remove_host(struct hpsb_host *host)
219 {
220         struct host_info *hi;
221         unsigned long flags;
222
223         spin_lock_irqsave(&host_info_lock, flags);
224         hi = find_host_info(host);
225
226         if (hi != NULL) {
227                 list_del(&hi->list);
228                 host_count--;
229                 /*
230                    FIXME: address ranges should be removed
231                    and fileinfo states should be initialized
232                    (including setting generation to
233                    internal-generation ...)
234                  */
235         }
236         spin_unlock_irqrestore(&host_info_lock, flags);
237
238         if (hi == NULL) {
239                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
240                        "0x%p\n", host);
241                 return;
242         }
243
244         kfree(hi);
245
246         atomic_inc(&internal_generation);
247 }
248
249 static void host_reset(struct hpsb_host *host)
250 {
251         unsigned long flags;
252         struct host_info *hi;
253         struct file_info *fi;
254         struct pending_request *req;
255
256         spin_lock_irqsave(&host_info_lock, flags);
257         hi = find_host_info(host);
258
259         if (hi != NULL) {
260                 list_for_each_entry(fi, &hi->file_info_list, list) {
261                         if (fi->notification == RAW1394_NOTIFY_ON) {
262                                 req = __alloc_pending_request(GFP_ATOMIC);
263
264                                 if (req != NULL) {
265                                         req->file_info = fi;
266                                         req->req.type = RAW1394_REQ_BUS_RESET;
267                                         req->req.generation =
268                                             get_hpsb_generation(host);
269                                         req->req.misc = (host->node_id << 16)
270                                             | host->node_count;
271                                         if (fi->protocol_version > 3) {
272                                                 req->req.misc |=
273                                                     (NODEID_TO_NODE
274                                                      (host->irm_id)
275                                                      << 8);
276                                         }
277
278                                         queue_complete_req(req);
279                                 }
280                         }
281                 }
282         }
283         spin_unlock_irqrestore(&host_info_lock, flags);
284 }
285
286 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
287                         size_t length)
288 {
289         unsigned long flags;
290         struct host_info *hi;
291         struct file_info *fi;
292         struct pending_request *req, *req_next;
293         struct iso_block_store *ibs = NULL;
294         LIST_HEAD(reqs);
295
296         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
297                 HPSB_INFO("dropped iso packet");
298                 return;
299         }
300
301         spin_lock_irqsave(&host_info_lock, flags);
302         hi = find_host_info(host);
303
304         if (hi != NULL) {
305                 list_for_each_entry(fi, &hi->file_info_list, list) {
306                         if (!(fi->listen_channels & (1ULL << channel)))
307                                 continue;
308
309                         req = __alloc_pending_request(GFP_ATOMIC);
310                         if (!req)
311                                 break;
312
313                         if (!ibs) {
314                                 ibs = kmalloc(sizeof(*ibs) + length,
315                                               GFP_ATOMIC);
316                                 if (!ibs) {
317                                         kfree(req);
318                                         break;
319                                 }
320
321                                 atomic_add(length, &iso_buffer_size);
322                                 atomic_set(&ibs->refcount, 0);
323                                 ibs->data_size = length;
324                                 memcpy(ibs->data, data, length);
325                         }
326
327                         atomic_inc(&ibs->refcount);
328
329                         req->file_info = fi;
330                         req->ibs = ibs;
331                         req->data = ibs->data;
332                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
333                         req->req.generation = get_hpsb_generation(host);
334                         req->req.misc = 0;
335                         req->req.recvb = ptr2int(fi->iso_buffer);
336                         req->req.length = min(length, fi->iso_buffer_length);
337
338                         list_add_tail(&req->list, &reqs);
339                 }
340         }
341         spin_unlock_irqrestore(&host_info_lock, flags);
342
343         list_for_each_entry_safe(req, req_next, &reqs, list)
344             queue_complete_req(req);
345 }
346
347 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
348                         int cts, u8 * data, size_t length)
349 {
350         unsigned long flags;
351         struct host_info *hi;
352         struct file_info *fi;
353         struct pending_request *req, *req_next;
354         struct iso_block_store *ibs = NULL;
355         LIST_HEAD(reqs);
356
357         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
358                 HPSB_INFO("dropped fcp request");
359                 return;
360         }
361
362         spin_lock_irqsave(&host_info_lock, flags);
363         hi = find_host_info(host);
364
365         if (hi != NULL) {
366                 list_for_each_entry(fi, &hi->file_info_list, list) {
367                         if (!fi->fcp_buffer)
368                                 continue;
369
370                         req = __alloc_pending_request(GFP_ATOMIC);
371                         if (!req)
372                                 break;
373
374                         if (!ibs) {
375                                 ibs = kmalloc(sizeof(*ibs) + length,
376                                               GFP_ATOMIC);
377                                 if (!ibs) {
378                                         kfree(req);
379                                         break;
380                                 }
381
382                                 atomic_add(length, &iso_buffer_size);
383                                 atomic_set(&ibs->refcount, 0);
384                                 ibs->data_size = length;
385                                 memcpy(ibs->data, data, length);
386                         }
387
388                         atomic_inc(&ibs->refcount);
389
390                         req->file_info = fi;
391                         req->ibs = ibs;
392                         req->data = ibs->data;
393                         req->req.type = RAW1394_REQ_FCP_REQUEST;
394                         req->req.generation = get_hpsb_generation(host);
395                         req->req.misc = nodeid | (direction << 16);
396                         req->req.recvb = ptr2int(fi->fcp_buffer);
397                         req->req.length = length;
398
399                         list_add_tail(&req->list, &reqs);
400                 }
401         }
402         spin_unlock_irqrestore(&host_info_lock, flags);
403
404         list_for_each_entry_safe(req, req_next, &reqs, list)
405             queue_complete_req(req);
406 }
407
408 #ifdef CONFIG_COMPAT
409 struct compat_raw1394_req {
410         __u32 type;
411         __s32 error;
412         __u32 misc;
413
414         __u32 generation;
415         __u32 length;
416
417         __u64 address;
418
419         __u64 tag;
420
421         __u64 sendb;
422         __u64 recvb;
423 } __attribute__((packed));
424
425 static const char __user *raw1394_compat_write(const char __user *buf)
426 {
427         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
428         struct raw1394_request __user *r;
429         r = compat_alloc_user_space(sizeof(struct raw1394_request));
430
431 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
432
433         if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
434             C(address) ||
435             C(tag) ||
436             C(sendb) ||
437             C(recvb))
438                 return ERR_PTR(-EFAULT);
439         return (const char __user *)r;
440 }
441 #undef C
442
443 #define P(x) __put_user(r->x, &cr->x)
444
445 static int
446 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
447 {
448         struct compat_raw1394_req __user *cr = (typeof(cr)) r;
449         if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
450             P(type) ||
451             P(error) ||
452             P(misc) ||
453             P(generation) ||
454             P(length) ||
455             P(address) ||
456             P(tag) ||
457             P(sendb) ||
458             P(recvb))
459                 return -EFAULT;
460         return sizeof(struct compat_raw1394_req);
461 }
462 #undef P
463
464 #endif
465
466 /* get next completed request  (caller must hold fi->reqlists_lock) */
467 static inline struct pending_request *__next_complete_req(struct file_info *fi)
468 {
469         struct list_head *lh;
470         struct pending_request *req = NULL;
471
472         if (!list_empty(&fi->req_complete)) {
473                 lh = fi->req_complete.next;
474                 list_del(lh);
475                 req = list_entry(lh, struct pending_request, list);
476         }
477         return req;
478 }
479
480 /* atomically get next completed request */
481 static struct pending_request *next_complete_req(struct file_info *fi)
482 {
483         unsigned long flags;
484         struct pending_request *req;
485
486         spin_lock_irqsave(&fi->reqlists_lock, flags);
487         req = __next_complete_req(fi);
488         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
489         return req;
490 }
491
492 static ssize_t raw1394_read(struct file *file, char __user * buffer,
493                             size_t count, loff_t * offset_is_ignored)
494 {
495         struct file_info *fi = (struct file_info *)file->private_data;
496         struct pending_request *req;
497         ssize_t ret;
498
499 #ifdef CONFIG_COMPAT
500         if (count == sizeof(struct compat_raw1394_req)) {
501                 /* ok */
502         } else
503 #endif
504         if (count != sizeof(struct raw1394_request)) {
505                 return -EINVAL;
506         }
507
508         if (!access_ok(VERIFY_WRITE, buffer, count)) {
509                 return -EFAULT;
510         }
511
512         if (file->f_flags & O_NONBLOCK) {
513                 if (!(req = next_complete_req(fi)))
514                         return -EAGAIN;
515         } else {
516                 /*
517                  * NB: We call the macro wait_event_interruptible() with a
518                  * condition argument with side effect.  This is only possible
519                  * because the side effect does not occur until the condition
520                  * became true, and wait_event_interruptible() won't evaluate
521                  * the condition again after that.
522                  */
523                 if (wait_event_interruptible(fi->wait_complete,
524                                              (req = next_complete_req(fi))))
525                         return -ERESTARTSYS;
526         }
527
528         if (req->req.length) {
529                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
530                                  req->req.length)) {
531                         req->req.error = RAW1394_ERROR_MEMFAULT;
532                 }
533         }
534
535 #ifdef CONFIG_COMPAT
536         if (count == sizeof(struct compat_raw1394_req) &&
537             sizeof(struct compat_raw1394_req) !=
538                         sizeof(struct raw1394_request)) {
539                 ret = raw1394_compat_read(buffer, &req->req);
540         } else
541 #endif
542         {
543                 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
544                         ret = -EFAULT;
545                         goto out;
546                 }
547                 ret = (ssize_t) sizeof(struct raw1394_request);
548         }
549       out:
550         free_pending_request(req);
551         return ret;
552 }
553
554 static int state_opened(struct file_info *fi, struct pending_request *req)
555 {
556         if (req->req.type == RAW1394_REQ_INITIALIZE) {
557                 switch (req->req.misc) {
558                 case RAW1394_KERNELAPI_VERSION:
559                 case 3:
560                         fi->state = initialized;
561                         fi->protocol_version = req->req.misc;
562                         req->req.error = RAW1394_ERROR_NONE;
563                         req->req.generation = atomic_read(&internal_generation);
564                         break;
565
566                 default:
567                         req->req.error = RAW1394_ERROR_COMPAT;
568                         req->req.misc = RAW1394_KERNELAPI_VERSION;
569                 }
570         } else {
571                 req->req.error = RAW1394_ERROR_STATE_ORDER;
572         }
573
574         req->req.length = 0;
575         queue_complete_req(req);
576         return sizeof(struct raw1394_request);
577 }
578
579 static int state_initialized(struct file_info *fi, struct pending_request *req)
580 {
581         unsigned long flags;
582         struct host_info *hi;
583         struct raw1394_khost_list *khl;
584
585         if (req->req.generation != atomic_read(&internal_generation)) {
586                 req->req.error = RAW1394_ERROR_GENERATION;
587                 req->req.generation = atomic_read(&internal_generation);
588                 req->req.length = 0;
589                 queue_complete_req(req);
590                 return sizeof(struct raw1394_request);
591         }
592
593         switch (req->req.type) {
594         case RAW1394_REQ_LIST_CARDS:
595                 spin_lock_irqsave(&host_info_lock, flags);
596                 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
597
598                 if (khl) {
599                         req->req.misc = host_count;
600                         req->data = (quadlet_t *) khl;
601
602                         list_for_each_entry(hi, &host_info_list, list) {
603                                 khl->nodes = hi->host->node_count;
604                                 strcpy(khl->name, hi->host->driver->name);
605                                 khl++;
606                         }
607                 }
608                 spin_unlock_irqrestore(&host_info_lock, flags);
609
610                 if (khl) {
611                         req->req.error = RAW1394_ERROR_NONE;
612                         req->req.length = min(req->req.length,
613                                               (u32) (sizeof
614                                                      (struct raw1394_khost_list)
615                                                      * req->req.misc));
616                         req->free_data = 1;
617                 } else {
618                         return -ENOMEM;
619                 }
620                 break;
621
622         case RAW1394_REQ_SET_CARD:
623                 spin_lock_irqsave(&host_info_lock, flags);
624                 if (req->req.misc < host_count) {
625                         list_for_each_entry(hi, &host_info_list, list) {
626                                 if (!req->req.misc--)
627                                         break;
628                         }
629                         get_device(&hi->host->device);  // XXX Need to handle failure case
630                         list_add_tail(&fi->list, &hi->file_info_list);
631                         fi->host = hi->host;
632                         fi->state = connected;
633
634                         req->req.error = RAW1394_ERROR_NONE;
635                         req->req.generation = get_hpsb_generation(fi->host);
636                         req->req.misc = (fi->host->node_id << 16)
637                             | fi->host->node_count;
638                         if (fi->protocol_version > 3) {
639                                 req->req.misc |=
640                                     NODEID_TO_NODE(fi->host->irm_id) << 8;
641                         }
642                 } else {
643                         req->req.error = RAW1394_ERROR_INVALID_ARG;
644                 }
645                 spin_unlock_irqrestore(&host_info_lock, flags);
646
647                 req->req.length = 0;
648                 break;
649
650         default:
651                 req->req.error = RAW1394_ERROR_STATE_ORDER;
652                 req->req.length = 0;
653                 break;
654         }
655
656         queue_complete_req(req);
657         return sizeof(struct raw1394_request);
658 }
659
660 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
661 {
662         int channel = req->req.misc;
663
664         if ((channel > 63) || (channel < -64)) {
665                 req->req.error = RAW1394_ERROR_INVALID_ARG;
666         } else if (channel >= 0) {
667                 /* allocate channel req.misc */
668                 if (fi->listen_channels & (1ULL << channel)) {
669                         req->req.error = RAW1394_ERROR_ALREADY;
670                 } else {
671                         if (hpsb_listen_channel
672                             (&raw1394_highlevel, fi->host, channel)) {
673                                 req->req.error = RAW1394_ERROR_ALREADY;
674                         } else {
675                                 fi->listen_channels |= 1ULL << channel;
676                                 fi->iso_buffer = int2ptr(req->req.recvb);
677                                 fi->iso_buffer_length = req->req.length;
678                         }
679                 }
680         } else {
681                 /* deallocate channel (one's complement neg) req.misc */
682                 channel = ~channel;
683
684                 if (fi->listen_channels & (1ULL << channel)) {
685                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
686                                               channel);
687                         fi->listen_channels &= ~(1ULL << channel);
688                 } else {
689                         req->req.error = RAW1394_ERROR_INVALID_ARG;
690                 }
691         }
692
693         req->req.length = 0;
694         queue_complete_req(req);
695 }
696
697 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
698 {
699         if (req->req.misc) {
700                 if (fi->fcp_buffer) {
701                         req->req.error = RAW1394_ERROR_ALREADY;
702                 } else {
703                         fi->fcp_buffer = int2ptr(req->req.recvb);
704                 }
705         } else {
706                 if (!fi->fcp_buffer) {
707                         req->req.error = RAW1394_ERROR_ALREADY;
708                 } else {
709                         fi->fcp_buffer = NULL;
710                 }
711         }
712
713         req->req.length = 0;
714         queue_complete_req(req);
715 }
716
717 static int handle_async_request(struct file_info *fi,
718                                 struct pending_request *req, int node)
719 {
720         unsigned long flags;
721         struct hpsb_packet *packet = NULL;
722         u64 addr = req->req.address & 0xffffffffffffULL;
723
724         switch (req->req.type) {
725         case RAW1394_REQ_ASYNC_READ:
726                 DBGMSG("read_request called");
727                 packet =
728                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
729
730                 if (!packet)
731                         return -ENOMEM;
732
733                 if (req->req.length == 4)
734                         req->data = &packet->header[3];
735                 else
736                         req->data = packet->data;
737
738                 break;
739
740         case RAW1394_REQ_ASYNC_WRITE:
741                 DBGMSG("write_request called");
742
743                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
744                                                req->req.length);
745                 if (!packet)
746                         return -ENOMEM;
747
748                 if (req->req.length == 4) {
749                         if (copy_from_user
750                             (&packet->header[3], int2ptr(req->req.sendb),
751                              req->req.length))
752                                 req->req.error = RAW1394_ERROR_MEMFAULT;
753                 } else {
754                         if (copy_from_user
755                             (packet->data, int2ptr(req->req.sendb),
756                              req->req.length))
757                                 req->req.error = RAW1394_ERROR_MEMFAULT;
758                 }
759
760                 req->req.length = 0;
761                 break;
762
763         case RAW1394_REQ_ASYNC_STREAM:
764                 DBGMSG("stream_request called");
765
766                 packet =
767                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
768                                            node & 0x3f /*channel */ ,
769                                            (req->req.misc >> 16) & 0x3,
770                                            req->req.misc & 0xf);
771                 if (!packet)
772                         return -ENOMEM;
773
774                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
775                                    req->req.length))
776                         req->req.error = RAW1394_ERROR_MEMFAULT;
777
778                 req->req.length = 0;
779                 break;
780
781         case RAW1394_REQ_LOCK:
782                 DBGMSG("lock_request called");
783                 if ((req->req.misc == EXTCODE_FETCH_ADD)
784                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
785                         if (req->req.length != 4) {
786                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
787                                 break;
788                         }
789                 } else {
790                         if (req->req.length != 8) {
791                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
792                                 break;
793                         }
794                 }
795
796                 packet = hpsb_make_lockpacket(fi->host, node, addr,
797                                               req->req.misc, NULL, 0);
798                 if (!packet)
799                         return -ENOMEM;
800
801                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
802                                    req->req.length)) {
803                         req->req.error = RAW1394_ERROR_MEMFAULT;
804                         break;
805                 }
806
807                 req->data = packet->data;
808                 req->req.length = 4;
809                 break;
810
811         case RAW1394_REQ_LOCK64:
812                 DBGMSG("lock64_request called");
813                 if ((req->req.misc == EXTCODE_FETCH_ADD)
814                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
815                         if (req->req.length != 8) {
816                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
817                                 break;
818                         }
819                 } else {
820                         if (req->req.length != 16) {
821                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
822                                 break;
823                         }
824                 }
825                 packet = hpsb_make_lock64packet(fi->host, node, addr,
826                                                 req->req.misc, NULL, 0);
827                 if (!packet)
828                         return -ENOMEM;
829
830                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
831                                    req->req.length)) {
832                         req->req.error = RAW1394_ERROR_MEMFAULT;
833                         break;
834                 }
835
836                 req->data = packet->data;
837                 req->req.length = 8;
838                 break;
839
840         default:
841                 req->req.error = RAW1394_ERROR_STATE_ORDER;
842         }
843
844         req->packet = packet;
845
846         if (req->req.error) {
847                 req->req.length = 0;
848                 queue_complete_req(req);
849                 return sizeof(struct raw1394_request);
850         }
851
852         hpsb_set_packet_complete_task(packet,
853                                       (void (*)(void *))queue_complete_cb, req);
854
855         spin_lock_irqsave(&fi->reqlists_lock, flags);
856         list_add_tail(&req->list, &fi->req_pending);
857         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
858
859         packet->generation = req->req.generation;
860
861         if (hpsb_send_packet(packet) < 0) {
862                 req->req.error = RAW1394_ERROR_SEND_ERROR;
863                 req->req.length = 0;
864                 hpsb_free_tlabel(packet);
865                 queue_complete_req(req);
866         }
867         return sizeof(struct raw1394_request);
868 }
869
870 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
871                            int channel)
872 {
873         unsigned long flags;
874         struct hpsb_packet *packet;
875
876         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
877                                      (req->req.misc >> 16) & 0x3,
878                                      req->req.misc & 0xf);
879         if (!packet)
880                 return -ENOMEM;
881
882         packet->speed_code = req->req.address & 0x3;
883
884         req->packet = packet;
885
886         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
887                            req->req.length)) {
888                 req->req.error = RAW1394_ERROR_MEMFAULT;
889                 req->req.length = 0;
890                 queue_complete_req(req);
891                 return sizeof(struct raw1394_request);
892         }
893
894         req->req.length = 0;
895         hpsb_set_packet_complete_task(packet,
896                                       (void (*)(void *))queue_complete_req,
897                                       req);
898
899         spin_lock_irqsave(&fi->reqlists_lock, flags);
900         list_add_tail(&req->list, &fi->req_pending);
901         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
902
903         /* Update the generation of the packet just before sending. */
904         packet->generation = req->req.generation;
905
906         if (hpsb_send_packet(packet) < 0) {
907                 req->req.error = RAW1394_ERROR_SEND_ERROR;
908                 queue_complete_req(req);
909         }
910
911         return sizeof(struct raw1394_request);
912 }
913
914 static int handle_async_send(struct file_info *fi, struct pending_request *req)
915 {
916         unsigned long flags;
917         struct hpsb_packet *packet;
918         int header_length = req->req.misc & 0xffff;
919         int expect_response = req->req.misc >> 16;
920
921         if ((header_length > req->req.length) || (header_length < 12)) {
922                 req->req.error = RAW1394_ERROR_INVALID_ARG;
923                 req->req.length = 0;
924                 queue_complete_req(req);
925                 return sizeof(struct raw1394_request);
926         }
927
928         packet = hpsb_alloc_packet(req->req.length - header_length);
929         req->packet = packet;
930         if (!packet)
931                 return -ENOMEM;
932
933         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
934                            header_length)) {
935                 req->req.error = RAW1394_ERROR_MEMFAULT;
936                 req->req.length = 0;
937                 queue_complete_req(req);
938                 return sizeof(struct raw1394_request);
939         }
940
941         if (copy_from_user
942             (packet->data, int2ptr(req->req.sendb) + header_length,
943              packet->data_size)) {
944                 req->req.error = RAW1394_ERROR_MEMFAULT;
945                 req->req.length = 0;
946                 queue_complete_req(req);
947                 return sizeof(struct raw1394_request);
948         }
949
950         packet->type = hpsb_async;
951         packet->node_id = packet->header[0] >> 16;
952         packet->tcode = (packet->header[0] >> 4) & 0xf;
953         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
954         packet->host = fi->host;
955         packet->expect_response = expect_response;
956         packet->header_size = header_length;
957         packet->data_size = req->req.length - header_length;
958
959         req->req.length = 0;
960         hpsb_set_packet_complete_task(packet,
961                                       (void (*)(void *))queue_complete_cb, req);
962
963         spin_lock_irqsave(&fi->reqlists_lock, flags);
964         list_add_tail(&req->list, &fi->req_pending);
965         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
966
967         /* Update the generation of the packet just before sending. */
968         packet->generation = req->req.generation;
969
970         if (hpsb_send_packet(packet) < 0) {
971                 req->req.error = RAW1394_ERROR_SEND_ERROR;
972                 queue_complete_req(req);
973         }
974
975         return sizeof(struct raw1394_request);
976 }
977
978 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
979                     u64 addr, size_t length, u16 flags)
980 {
981         unsigned long irqflags;
982         struct pending_request *req;
983         struct host_info *hi;
984         struct file_info *fi = NULL;
985         struct list_head *entry;
986         struct arm_addr *arm_addr = NULL;
987         struct arm_request *arm_req = NULL;
988         struct arm_response *arm_resp = NULL;
989         int found = 0, size = 0, rcode = -1;
990         struct arm_request_response *arm_req_resp = NULL;
991
992         DBGMSG("arm_read  called by node: %X"
993                "addr: %4.4x %8.8x length: %Zu", nodeid,
994                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
995                length);
996         spin_lock_irqsave(&host_info_lock, irqflags);
997         hi = find_host_info(host);      /* search address-entry */
998         if (hi != NULL) {
999                 list_for_each_entry(fi, &hi->file_info_list, list) {
1000                         entry = fi->addr_list.next;
1001                         while (entry != &(fi->addr_list)) {
1002                                 arm_addr =
1003                                     list_entry(entry, struct arm_addr,
1004                                                addr_list);
1005                                 if (((arm_addr->start) <= (addr))
1006                                     && ((arm_addr->end) >= (addr + length))) {
1007                                         found = 1;
1008                                         break;
1009                                 }
1010                                 entry = entry->next;
1011                         }
1012                         if (found) {
1013                                 break;
1014                         }
1015                 }
1016         }
1017         rcode = -1;
1018         if (!found) {
1019                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
1020                        " -> rcode_address_error\n");
1021                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1022                 return (RCODE_ADDRESS_ERROR);
1023         } else {
1024                 DBGMSG("arm_read addr_entry FOUND");
1025         }
1026         if (arm_addr->rec_length < length) {
1027                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
1028                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1029         }
1030         if (rcode == -1) {
1031                 if (arm_addr->access_rights & ARM_READ) {
1032                         if (!(arm_addr->client_transactions & ARM_READ)) {
1033                                 memcpy(buffer,
1034                                        (arm_addr->addr_space_buffer) + (addr -
1035                                                                         (arm_addr->
1036                                                                          start)),
1037                                        length);
1038                                 DBGMSG("arm_read -> (rcode_complete)");
1039                                 rcode = RCODE_COMPLETE;
1040                         }
1041                 } else {
1042                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1043                         DBGMSG("arm_read -> rcode_type_error (access denied)");
1044                 }
1045         }
1046         if (arm_addr->notification_options & ARM_READ) {
1047                 DBGMSG("arm_read -> entering notification-section");
1048                 req = __alloc_pending_request(GFP_ATOMIC);
1049                 if (!req) {
1050                         DBGMSG("arm_read -> rcode_conflict_error");
1051                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1052                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1053                                                            The request may be retried */
1054                 }
1055                 if (rcode == RCODE_COMPLETE) {
1056                         size =
1057                             sizeof(struct arm_request) +
1058                             sizeof(struct arm_response) +
1059                             length * sizeof(byte_t) +
1060                             sizeof(struct arm_request_response);
1061                 } else {
1062                         size =
1063                             sizeof(struct arm_request) +
1064                             sizeof(struct arm_response) +
1065                             sizeof(struct arm_request_response);
1066                 }
1067                 req->data = kmalloc(size, GFP_ATOMIC);
1068                 if (!(req->data)) {
1069                         free_pending_request(req);
1070                         DBGMSG("arm_read -> rcode_conflict_error");
1071                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1072                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1073                                                            The request may be retried */
1074                 }
1075                 req->free_data = 1;
1076                 req->file_info = fi;
1077                 req->req.type = RAW1394_REQ_ARM;
1078                 req->req.generation = get_hpsb_generation(host);
1079                 req->req.misc =
1080                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
1081                 req->req.tag = arm_addr->arm_tag;
1082                 req->req.recvb = arm_addr->recvb;
1083                 req->req.length = size;
1084                 arm_req_resp = (struct arm_request_response *)(req->data);
1085                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1086                                                  (sizeof
1087                                                   (struct
1088                                                    arm_request_response)));
1089                 arm_resp =
1090                     (struct arm_response *)((byte_t *) (arm_req) +
1091                                             (sizeof(struct arm_request)));
1092                 arm_req->buffer = NULL;
1093                 arm_resp->buffer = NULL;
1094                 if (rcode == RCODE_COMPLETE) {
1095                         byte_t *buf =
1096                             (byte_t *) arm_resp + sizeof(struct arm_response);
1097                         memcpy(buf,
1098                                (arm_addr->addr_space_buffer) + (addr -
1099                                                                 (arm_addr->
1100                                                                  start)),
1101                                length);
1102                         arm_resp->buffer =
1103                             int2ptr((arm_addr->recvb) +
1104                                     sizeof(struct arm_request_response) +
1105                                     sizeof(struct arm_request) +
1106                                     sizeof(struct arm_response));
1107                 }
1108                 arm_resp->buffer_length =
1109                     (rcode == RCODE_COMPLETE) ? length : 0;
1110                 arm_resp->response_code = rcode;
1111                 arm_req->buffer_length = 0;
1112                 arm_req->generation = req->req.generation;
1113                 arm_req->extended_transaction_code = 0;
1114                 arm_req->destination_offset = addr;
1115                 arm_req->source_nodeid = nodeid;
1116                 arm_req->destination_nodeid = host->node_id;
1117                 arm_req->tlabel = (flags >> 10) & 0x3f;
1118                 arm_req->tcode = (flags >> 4) & 0x0f;
1119                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1120                                                 sizeof(struct
1121                                                        arm_request_response));
1122                 arm_req_resp->response =
1123                     int2ptr((arm_addr->recvb) +
1124                             sizeof(struct arm_request_response) +
1125                             sizeof(struct arm_request));
1126                 queue_complete_req(req);
1127         }
1128         spin_unlock_irqrestore(&host_info_lock, irqflags);
1129         return (rcode);
1130 }
1131
1132 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1133                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1134 {
1135         unsigned long irqflags;
1136         struct pending_request *req;
1137         struct host_info *hi;
1138         struct file_info *fi = NULL;
1139         struct list_head *entry;
1140         struct arm_addr *arm_addr = NULL;
1141         struct arm_request *arm_req = NULL;
1142         struct arm_response *arm_resp = NULL;
1143         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1144         struct arm_request_response *arm_req_resp = NULL;
1145
1146         DBGMSG("arm_write called by node: %X"
1147                "addr: %4.4x %8.8x length: %Zu", nodeid,
1148                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1149                length);
1150         spin_lock_irqsave(&host_info_lock, irqflags);
1151         hi = find_host_info(host);      /* search address-entry */
1152         if (hi != NULL) {
1153                 list_for_each_entry(fi, &hi->file_info_list, list) {
1154                         entry = fi->addr_list.next;
1155                         while (entry != &(fi->addr_list)) {
1156                                 arm_addr =
1157                                     list_entry(entry, struct arm_addr,
1158                                                addr_list);
1159                                 if (((arm_addr->start) <= (addr))
1160                                     && ((arm_addr->end) >= (addr + length))) {
1161                                         found = 1;
1162                                         break;
1163                                 }
1164                                 entry = entry->next;
1165                         }
1166                         if (found) {
1167                                 break;
1168                         }
1169                 }
1170         }
1171         rcode = -1;
1172         if (!found) {
1173                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1174                        " -> rcode_address_error\n");
1175                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1176                 return (RCODE_ADDRESS_ERROR);
1177         } else {
1178                 DBGMSG("arm_write addr_entry FOUND");
1179         }
1180         if (arm_addr->rec_length < length) {
1181                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1182                 length_conflict = 1;
1183                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1184         }
1185         if (rcode == -1) {
1186                 if (arm_addr->access_rights & ARM_WRITE) {
1187                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1188                                 memcpy((arm_addr->addr_space_buffer) +
1189                                        (addr - (arm_addr->start)), data,
1190                                        length);
1191                                 DBGMSG("arm_write -> (rcode_complete)");
1192                                 rcode = RCODE_COMPLETE;
1193                         }
1194                 } else {
1195                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1196                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1197                 }
1198         }
1199         if (arm_addr->notification_options & ARM_WRITE) {
1200                 DBGMSG("arm_write -> entering notification-section");
1201                 req = __alloc_pending_request(GFP_ATOMIC);
1202                 if (!req) {
1203                         DBGMSG("arm_write -> rcode_conflict_error");
1204                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1205                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1206                                                            The request my be retried */
1207                 }
1208                 size =
1209                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1210                     (length) * sizeof(byte_t) +
1211                     sizeof(struct arm_request_response);
1212                 req->data = kmalloc(size, GFP_ATOMIC);
1213                 if (!(req->data)) {
1214                         free_pending_request(req);
1215                         DBGMSG("arm_write -> rcode_conflict_error");
1216                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1217                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1218                                                            The request may be retried */
1219                 }
1220                 req->free_data = 1;
1221                 req->file_info = fi;
1222                 req->req.type = RAW1394_REQ_ARM;
1223                 req->req.generation = get_hpsb_generation(host);
1224                 req->req.misc =
1225                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1226                 req->req.tag = arm_addr->arm_tag;
1227                 req->req.recvb = arm_addr->recvb;
1228                 req->req.length = size;
1229                 arm_req_resp = (struct arm_request_response *)(req->data);
1230                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1231                                                  (sizeof
1232                                                   (struct
1233                                                    arm_request_response)));
1234                 arm_resp =
1235                     (struct arm_response *)((byte_t *) (arm_req) +
1236                                             (sizeof(struct arm_request)));
1237                 arm_resp->buffer = NULL;
1238                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1239                        data, length);
1240                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1241                                           sizeof(struct arm_request_response) +
1242                                           sizeof(struct arm_request) +
1243                                           sizeof(struct arm_response));
1244                 arm_req->buffer_length = length;
1245                 arm_req->generation = req->req.generation;
1246                 arm_req->extended_transaction_code = 0;
1247                 arm_req->destination_offset = addr;
1248                 arm_req->source_nodeid = nodeid;
1249                 arm_req->destination_nodeid = destid;
1250                 arm_req->tlabel = (flags >> 10) & 0x3f;
1251                 arm_req->tcode = (flags >> 4) & 0x0f;
1252                 arm_resp->buffer_length = 0;
1253                 arm_resp->response_code = rcode;
1254                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1255                                                 sizeof(struct
1256                                                        arm_request_response));
1257                 arm_req_resp->response =
1258                     int2ptr((arm_addr->recvb) +
1259                             sizeof(struct arm_request_response) +
1260                             sizeof(struct arm_request));
1261                 queue_complete_req(req);
1262         }
1263         spin_unlock_irqrestore(&host_info_lock, irqflags);
1264         return (rcode);
1265 }
1266
1267 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1268                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1269                     u16 flags)
1270 {
1271         unsigned long irqflags;
1272         struct pending_request *req;
1273         struct host_info *hi;
1274         struct file_info *fi = NULL;
1275         struct list_head *entry;
1276         struct arm_addr *arm_addr = NULL;
1277         struct arm_request *arm_req = NULL;
1278         struct arm_response *arm_resp = NULL;
1279         int found = 0, size = 0, rcode = -1;
1280         quadlet_t old, new;
1281         struct arm_request_response *arm_req_resp = NULL;
1282
1283         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1284             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1285                 DBGMSG("arm_lock  called by node: %X "
1286                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1287                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1288                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1289                        be32_to_cpu(data));
1290         } else {
1291                 DBGMSG("arm_lock  called by node: %X "
1292                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1293                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1294                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1295                        be32_to_cpu(data), be32_to_cpu(arg));
1296         }
1297         spin_lock_irqsave(&host_info_lock, irqflags);
1298         hi = find_host_info(host);      /* search address-entry */
1299         if (hi != NULL) {
1300                 list_for_each_entry(fi, &hi->file_info_list, list) {
1301                         entry = fi->addr_list.next;
1302                         while (entry != &(fi->addr_list)) {
1303                                 arm_addr =
1304                                     list_entry(entry, struct arm_addr,
1305                                                addr_list);
1306                                 if (((arm_addr->start) <= (addr))
1307                                     && ((arm_addr->end) >=
1308                                         (addr + sizeof(*store)))) {
1309                                         found = 1;
1310                                         break;
1311                                 }
1312                                 entry = entry->next;
1313                         }
1314                         if (found) {
1315                                 break;
1316                         }
1317                 }
1318         }
1319         rcode = -1;
1320         if (!found) {
1321                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1322                        " -> rcode_address_error\n");
1323                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1324                 return (RCODE_ADDRESS_ERROR);
1325         } else {
1326                 DBGMSG("arm_lock addr_entry FOUND");
1327         }
1328         if (rcode == -1) {
1329                 if (arm_addr->access_rights & ARM_LOCK) {
1330                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1331                                 memcpy(&old,
1332                                        (arm_addr->addr_space_buffer) + (addr -
1333                                                                         (arm_addr->
1334                                                                          start)),
1335                                        sizeof(old));
1336                                 switch (ext_tcode) {
1337                                 case (EXTCODE_MASK_SWAP):
1338                                         new = data | (old & ~arg);
1339                                         break;
1340                                 case (EXTCODE_COMPARE_SWAP):
1341                                         if (old == arg) {
1342                                                 new = data;
1343                                         } else {
1344                                                 new = old;
1345                                         }
1346                                         break;
1347                                 case (EXTCODE_FETCH_ADD):
1348                                         new =
1349                                             cpu_to_be32(be32_to_cpu(data) +
1350                                                         be32_to_cpu(old));
1351                                         break;
1352                                 case (EXTCODE_LITTLE_ADD):
1353                                         new =
1354                                             cpu_to_le32(le32_to_cpu(data) +
1355                                                         le32_to_cpu(old));
1356                                         break;
1357                                 case (EXTCODE_BOUNDED_ADD):
1358                                         if (old != arg) {
1359                                                 new =
1360                                                     cpu_to_be32(be32_to_cpu
1361                                                                 (data) +
1362                                                                 be32_to_cpu
1363                                                                 (old));
1364                                         } else {
1365                                                 new = old;
1366                                         }
1367                                         break;
1368                                 case (EXTCODE_WRAP_ADD):
1369                                         if (old != arg) {
1370                                                 new =
1371                                                     cpu_to_be32(be32_to_cpu
1372                                                                 (data) +
1373                                                                 be32_to_cpu
1374                                                                 (old));
1375                                         } else {
1376                                                 new = data;
1377                                         }
1378                                         break;
1379                                 default:
1380                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1381                                         printk(KERN_ERR
1382                                                "raw1394: arm_lock FAILED "
1383                                                "ext_tcode not allowed -> rcode_type_error\n");
1384                                         break;
1385                                 }       /*switch */
1386                                 if (rcode == -1) {
1387                                         DBGMSG("arm_lock -> (rcode_complete)");
1388                                         rcode = RCODE_COMPLETE;
1389                                         memcpy(store, &old, sizeof(*store));
1390                                         memcpy((arm_addr->addr_space_buffer) +
1391                                                (addr - (arm_addr->start)),
1392                                                &new, sizeof(*store));
1393                                 }
1394                         }
1395                 } else {
1396                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1397                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1398                 }
1399         }
1400         if (arm_addr->notification_options & ARM_LOCK) {
1401                 byte_t *buf1, *buf2;
1402                 DBGMSG("arm_lock -> entering notification-section");
1403                 req = __alloc_pending_request(GFP_ATOMIC);
1404                 if (!req) {
1405                         DBGMSG("arm_lock -> rcode_conflict_error");
1406                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1407                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1408                                                            The request may be retried */
1409                 }
1410                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1411                 req->data = kmalloc(size, GFP_ATOMIC);
1412                 if (!(req->data)) {
1413                         free_pending_request(req);
1414                         DBGMSG("arm_lock -> rcode_conflict_error");
1415                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1416                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1417                                                            The request may be retried */
1418                 }
1419                 req->free_data = 1;
1420                 arm_req_resp = (struct arm_request_response *)(req->data);
1421                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1422                                                  (sizeof
1423                                                   (struct
1424                                                    arm_request_response)));
1425                 arm_resp =
1426                     (struct arm_response *)((byte_t *) (arm_req) +
1427                                             (sizeof(struct arm_request)));
1428                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1429                 buf2 = buf1 + 2 * sizeof(*store);
1430                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1431                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1432                         arm_req->buffer_length = sizeof(*store);
1433                         memcpy(buf1, &data, sizeof(*store));
1434
1435                 } else {
1436                         arm_req->buffer_length = 2 * sizeof(*store);
1437                         memcpy(buf1, &arg, sizeof(*store));
1438                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1439                 }
1440                 if (rcode == RCODE_COMPLETE) {
1441                         arm_resp->buffer_length = sizeof(*store);
1442                         memcpy(buf2, &old, sizeof(*store));
1443                 } else {
1444                         arm_resp->buffer_length = 0;
1445                 }
1446                 req->file_info = fi;
1447                 req->req.type = RAW1394_REQ_ARM;
1448                 req->req.generation = get_hpsb_generation(host);
1449                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1450                                  (ARM_LOCK & 0xFF));
1451                 req->req.tag = arm_addr->arm_tag;
1452                 req->req.recvb = arm_addr->recvb;
1453                 req->req.length = size;
1454                 arm_req->generation = req->req.generation;
1455                 arm_req->extended_transaction_code = ext_tcode;
1456                 arm_req->destination_offset = addr;
1457                 arm_req->source_nodeid = nodeid;
1458                 arm_req->destination_nodeid = host->node_id;
1459                 arm_req->tlabel = (flags >> 10) & 0x3f;
1460                 arm_req->tcode = (flags >> 4) & 0x0f;
1461                 arm_resp->response_code = rcode;
1462                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1463                                                 sizeof(struct
1464                                                        arm_request_response));
1465                 arm_req_resp->response =
1466                     int2ptr((arm_addr->recvb) +
1467                             sizeof(struct arm_request_response) +
1468                             sizeof(struct arm_request));
1469                 arm_req->buffer =
1470                     int2ptr((arm_addr->recvb) +
1471                             sizeof(struct arm_request_response) +
1472                             sizeof(struct arm_request) +
1473                             sizeof(struct arm_response));
1474                 arm_resp->buffer =
1475                     int2ptr((arm_addr->recvb) +
1476                             sizeof(struct arm_request_response) +
1477                             sizeof(struct arm_request) +
1478                             sizeof(struct arm_response) + 2 * sizeof(*store));
1479                 queue_complete_req(req);
1480         }
1481         spin_unlock_irqrestore(&host_info_lock, irqflags);
1482         return (rcode);
1483 }
1484
1485 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1486                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1487                       u16 flags)
1488 {
1489         unsigned long irqflags;
1490         struct pending_request *req;
1491         struct host_info *hi;
1492         struct file_info *fi = NULL;
1493         struct list_head *entry;
1494         struct arm_addr *arm_addr = NULL;
1495         struct arm_request *arm_req = NULL;
1496         struct arm_response *arm_resp = NULL;
1497         int found = 0, size = 0, rcode = -1;
1498         octlet_t old, new;
1499         struct arm_request_response *arm_req_resp = NULL;
1500
1501         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1502             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1503                 DBGMSG("arm_lock64 called by node: %X "
1504                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1505                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1506                        (u32) (addr & 0xFFFFFFFF),
1507                        ext_tcode & 0xFF,
1508                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1509                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1510         } else {
1511                 DBGMSG("arm_lock64 called by node: %X "
1512                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1513                        "%8.8X %8.8X ",
1514                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1515                        (u32) (addr & 0xFFFFFFFF),
1516                        ext_tcode & 0xFF,
1517                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1518                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1519                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1520                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1521         }
1522         spin_lock_irqsave(&host_info_lock, irqflags);
1523         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1524         if (hi != NULL) {
1525                 list_for_each_entry(fi, &hi->file_info_list, list) {
1526                         entry = fi->addr_list.next;
1527                         while (entry != &(fi->addr_list)) {
1528                                 arm_addr =
1529                                     list_entry(entry, struct arm_addr,
1530                                                addr_list);
1531                                 if (((arm_addr->start) <= (addr))
1532                                     && ((arm_addr->end) >=
1533                                         (addr + sizeof(*store)))) {
1534                                         found = 1;
1535                                         break;
1536                                 }
1537                                 entry = entry->next;
1538                         }
1539                         if (found) {
1540                                 break;
1541                         }
1542                 }
1543         }
1544         rcode = -1;
1545         if (!found) {
1546                 printk(KERN_ERR
1547                        "raw1394: arm_lock64 FAILED addr_entry not found"
1548                        " -> rcode_address_error\n");
1549                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1550                 return (RCODE_ADDRESS_ERROR);
1551         } else {
1552                 DBGMSG("arm_lock64 addr_entry FOUND");
1553         }
1554         if (rcode == -1) {
1555                 if (arm_addr->access_rights & ARM_LOCK) {
1556                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1557                                 memcpy(&old,
1558                                        (arm_addr->addr_space_buffer) + (addr -
1559                                                                         (arm_addr->
1560                                                                          start)),
1561                                        sizeof(old));
1562                                 switch (ext_tcode) {
1563                                 case (EXTCODE_MASK_SWAP):
1564                                         new = data | (old & ~arg);
1565                                         break;
1566                                 case (EXTCODE_COMPARE_SWAP):
1567                                         if (old == arg) {
1568                                                 new = data;
1569                                         } else {
1570                                                 new = old;
1571                                         }
1572                                         break;
1573                                 case (EXTCODE_FETCH_ADD):
1574                                         new =
1575                                             cpu_to_be64(be64_to_cpu(data) +
1576                                                         be64_to_cpu(old));
1577                                         break;
1578                                 case (EXTCODE_LITTLE_ADD):
1579                                         new =
1580                                             cpu_to_le64(le64_to_cpu(data) +
1581                                                         le64_to_cpu(old));
1582                                         break;
1583                                 case (EXTCODE_BOUNDED_ADD):
1584                                         if (old != arg) {
1585                                                 new =
1586                                                     cpu_to_be64(be64_to_cpu
1587                                                                 (data) +
1588                                                                 be64_to_cpu
1589                                                                 (old));
1590                                         } else {
1591                                                 new = old;
1592                                         }
1593                                         break;
1594                                 case (EXTCODE_WRAP_ADD):
1595                                         if (old != arg) {
1596                                                 new =
1597                                                     cpu_to_be64(be64_to_cpu
1598                                                                 (data) +
1599                                                                 be64_to_cpu
1600                                                                 (old));
1601                                         } else {
1602                                                 new = data;
1603                                         }
1604                                         break;
1605                                 default:
1606                                         printk(KERN_ERR
1607                                                "raw1394: arm_lock64 FAILED "
1608                                                "ext_tcode not allowed -> rcode_type_error\n");
1609                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1610                                         break;
1611                                 }       /*switch */
1612                                 if (rcode == -1) {
1613                                         DBGMSG
1614                                             ("arm_lock64 -> (rcode_complete)");
1615                                         rcode = RCODE_COMPLETE;
1616                                         memcpy(store, &old, sizeof(*store));
1617                                         memcpy((arm_addr->addr_space_buffer) +
1618                                                (addr - (arm_addr->start)),
1619                                                &new, sizeof(*store));
1620                                 }
1621                         }
1622                 } else {
1623                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1624                         DBGMSG
1625                             ("arm_lock64 -> rcode_type_error (access denied)");
1626                 }
1627         }
1628         if (arm_addr->notification_options & ARM_LOCK) {
1629                 byte_t *buf1, *buf2;
1630                 DBGMSG("arm_lock64 -> entering notification-section");
1631                 req = __alloc_pending_request(GFP_ATOMIC);
1632                 if (!req) {
1633                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1634                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1635                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1636                                                            The request may be retried */
1637                 }
1638                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1639                 req->data = kmalloc(size, GFP_ATOMIC);
1640                 if (!(req->data)) {
1641                         free_pending_request(req);
1642                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1643                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1644                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1645                                                            The request may be retried */
1646                 }
1647                 req->free_data = 1;
1648                 arm_req_resp = (struct arm_request_response *)(req->data);
1649                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1650                                                  (sizeof
1651                                                   (struct
1652                                                    arm_request_response)));
1653                 arm_resp =
1654                     (struct arm_response *)((byte_t *) (arm_req) +
1655                                             (sizeof(struct arm_request)));
1656                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1657                 buf2 = buf1 + 2 * sizeof(*store);
1658                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1659                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1660                         arm_req->buffer_length = sizeof(*store);
1661                         memcpy(buf1, &data, sizeof(*store));
1662
1663                 } else {
1664                         arm_req->buffer_length = 2 * sizeof(*store);
1665                         memcpy(buf1, &arg, sizeof(*store));
1666                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1667                 }
1668                 if (rcode == RCODE_COMPLETE) {
1669                         arm_resp->buffer_length = sizeof(*store);
1670                         memcpy(buf2, &old, sizeof(*store));
1671                 } else {
1672                         arm_resp->buffer_length = 0;
1673                 }
1674                 req->file_info = fi;
1675                 req->req.type = RAW1394_REQ_ARM;
1676                 req->req.generation = get_hpsb_generation(host);
1677                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1678                                  (ARM_LOCK & 0xFF));
1679                 req->req.tag = arm_addr->arm_tag;
1680                 req->req.recvb = arm_addr->recvb;
1681                 req->req.length = size;
1682                 arm_req->generation = req->req.generation;
1683                 arm_req->extended_transaction_code = ext_tcode;
1684                 arm_req->destination_offset = addr;
1685                 arm_req->source_nodeid = nodeid;
1686                 arm_req->destination_nodeid = host->node_id;
1687                 arm_req->tlabel = (flags >> 10) & 0x3f;
1688                 arm_req->tcode = (flags >> 4) & 0x0f;
1689                 arm_resp->response_code = rcode;
1690                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1691                                                 sizeof(struct
1692                                                        arm_request_response));
1693                 arm_req_resp->response =
1694                     int2ptr((arm_addr->recvb) +
1695                             sizeof(struct arm_request_response) +
1696                             sizeof(struct arm_request));
1697                 arm_req->buffer =
1698                     int2ptr((arm_addr->recvb) +
1699                             sizeof(struct arm_request_response) +
1700                             sizeof(struct arm_request) +
1701                             sizeof(struct arm_response));
1702                 arm_resp->buffer =
1703                     int2ptr((arm_addr->recvb) +
1704                             sizeof(struct arm_request_response) +
1705                             sizeof(struct arm_request) +
1706                             sizeof(struct arm_response) + 2 * sizeof(*store));
1707                 queue_complete_req(req);
1708         }
1709         spin_unlock_irqrestore(&host_info_lock, irqflags);
1710         return (rcode);
1711 }
1712
1713 static int arm_register(struct file_info *fi, struct pending_request *req)
1714 {
1715         int retval;
1716         struct arm_addr *addr;
1717         struct host_info *hi;
1718         struct file_info *fi_hlp = NULL;
1719         struct list_head *entry;
1720         struct arm_addr *arm_addr = NULL;
1721         int same_host, another_host;
1722         unsigned long flags;
1723
1724         DBGMSG("arm_register called "
1725                "addr(Offset): %8.8x %8.8x length: %u "
1726                "rights: %2.2X notify: %2.2X "
1727                "max_blk_len: %4.4X",
1728                (u32) ((req->req.address >> 32) & 0xFFFF),
1729                (u32) (req->req.address & 0xFFFFFFFF),
1730                req->req.length, ((req->req.misc >> 8) & 0xFF),
1731                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1732         /* check addressrange */
1733         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1734             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1735              0)) {
1736                 req->req.length = 0;
1737                 return (-EINVAL);
1738         }
1739         /* addr-list-entry for fileinfo */
1740         addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1741         if (!addr) {
1742                 req->req.length = 0;
1743                 return (-ENOMEM);
1744         }
1745         /* allocation of addr_space_buffer */
1746         addr->addr_space_buffer = vmalloc(req->req.length);
1747         if (!(addr->addr_space_buffer)) {
1748                 kfree(addr);
1749                 req->req.length = 0;
1750                 return (-ENOMEM);
1751         }
1752         /* initialization of addr_space_buffer */
1753         if ((req->req.sendb) == (unsigned long)NULL) {
1754                 /* init: set 0 */
1755                 memset(addr->addr_space_buffer, 0, req->req.length);
1756         } else {
1757                 /* init: user -> kernel */
1758                 if (copy_from_user
1759                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1760                      req->req.length)) {
1761                         vfree(addr->addr_space_buffer);
1762                         kfree(addr);
1763                         return (-EFAULT);
1764                 }
1765         }
1766         INIT_LIST_HEAD(&addr->addr_list);
1767         addr->arm_tag = req->req.tag;
1768         addr->start = req->req.address;
1769         addr->end = req->req.address + req->req.length;
1770         addr->access_rights = (u8) (req->req.misc & 0x0F);
1771         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1772         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1773         addr->access_rights |= addr->client_transactions;
1774         addr->notification_options |= addr->client_transactions;
1775         addr->recvb = req->req.recvb;
1776         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1777
1778         spin_lock_irqsave(&host_info_lock, flags);
1779         hi = find_host_info(fi->host);
1780         same_host = 0;
1781         another_host = 0;
1782         /* same host with address-entry containing same addressrange ? */
1783         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1784                 entry = fi_hlp->addr_list.next;
1785                 while (entry != &(fi_hlp->addr_list)) {
1786                         arm_addr =
1787                             list_entry(entry, struct arm_addr, addr_list);
1788                         if ((arm_addr->start == addr->start)
1789                             && (arm_addr->end == addr->end)) {
1790                                 DBGMSG("same host ownes same "
1791                                        "addressrange -> EALREADY");
1792                                 same_host = 1;
1793                                 break;
1794                         }
1795                         entry = entry->next;
1796                 }
1797                 if (same_host) {
1798                         break;
1799                 }
1800         }
1801         if (same_host) {
1802                 /* addressrange occupied by same host */
1803                 spin_unlock_irqrestore(&host_info_lock, flags);
1804                 vfree(addr->addr_space_buffer);
1805                 kfree(addr);
1806                 return (-EALREADY);
1807         }
1808         /* another host with valid address-entry containing same addressrange */
1809         list_for_each_entry(hi, &host_info_list, list) {
1810                 if (hi->host != fi->host) {
1811                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1812                                 entry = fi_hlp->addr_list.next;
1813                                 while (entry != &(fi_hlp->addr_list)) {
1814                                         arm_addr =
1815                                             list_entry(entry, struct arm_addr,
1816                                                        addr_list);
1817                                         if ((arm_addr->start == addr->start)
1818                                             && (arm_addr->end == addr->end)) {
1819                                                 DBGMSG
1820                                                     ("another host ownes same "
1821                                                      "addressrange");
1822                                                 another_host = 1;
1823                                                 break;
1824                                         }
1825                                         entry = entry->next;
1826                                 }
1827                                 if (another_host) {
1828                                         break;
1829                                 }
1830                         }
1831                 }
1832         }
1833         spin_unlock_irqrestore(&host_info_lock, flags);
1834
1835         if (another_host) {
1836                 DBGMSG("another hosts entry is valid -> SUCCESS");
1837                 if (copy_to_user(int2ptr(req->req.recvb),
1838                                  &addr->start, sizeof(u64))) {
1839                         printk(KERN_ERR "raw1394: arm_register failed "
1840                                " address-range-entry is invalid -> EFAULT !!!\n");
1841                         vfree(addr->addr_space_buffer);
1842                         kfree(addr);
1843                         return (-EFAULT);
1844                 }
1845                 free_pending_request(req);      /* immediate success or fail */
1846                 /* INSERT ENTRY */
1847                 spin_lock_irqsave(&host_info_lock, flags);
1848                 list_add_tail(&addr->addr_list, &fi->addr_list);
1849                 spin_unlock_irqrestore(&host_info_lock, flags);
1850                 return sizeof(struct raw1394_request);
1851         }
1852         retval =
1853             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1854                                     req->req.address,
1855                                     req->req.address + req->req.length);
1856         if (retval) {
1857                 /* INSERT ENTRY */
1858                 spin_lock_irqsave(&host_info_lock, flags);
1859                 list_add_tail(&addr->addr_list, &fi->addr_list);
1860                 spin_unlock_irqrestore(&host_info_lock, flags);
1861         } else {
1862                 DBGMSG("arm_register failed errno: %d \n", retval);
1863                 vfree(addr->addr_space_buffer);
1864                 kfree(addr);
1865                 return (-EALREADY);
1866         }
1867         free_pending_request(req);      /* immediate success or fail */
1868         return sizeof(struct raw1394_request);
1869 }
1870
1871 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1872 {
1873         int found = 0;
1874         int retval = 0;
1875         struct list_head *entry;
1876         struct arm_addr *addr = NULL;
1877         struct host_info *hi;
1878         struct file_info *fi_hlp = NULL;
1879         struct arm_addr *arm_addr = NULL;
1880         int another_host;
1881         unsigned long flags;
1882
1883         DBGMSG("arm_Unregister called addr(Offset): "
1884                "%8.8x %8.8x",
1885                (u32) ((req->req.address >> 32) & 0xFFFF),
1886                (u32) (req->req.address & 0xFFFFFFFF));
1887         spin_lock_irqsave(&host_info_lock, flags);
1888         /* get addr */
1889         entry = fi->addr_list.next;
1890         while (entry != &(fi->addr_list)) {
1891                 addr = list_entry(entry, struct arm_addr, addr_list);
1892                 if (addr->start == req->req.address) {
1893                         found = 1;
1894                         break;
1895                 }
1896                 entry = entry->next;
1897         }
1898         if (!found) {
1899                 DBGMSG("arm_Unregister addr not found");
1900                 spin_unlock_irqrestore(&host_info_lock, flags);
1901                 return (-EINVAL);
1902         }
1903         DBGMSG("arm_Unregister addr found");
1904         another_host = 0;
1905         /* another host with valid address-entry containing
1906            same addressrange */
1907         list_for_each_entry(hi, &host_info_list, list) {
1908                 if (hi->host != fi->host) {
1909                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1910                                 entry = fi_hlp->addr_list.next;
1911                                 while (entry != &(fi_hlp->addr_list)) {
1912                                         arm_addr = list_entry(entry,
1913                                                               struct arm_addr,
1914                                                               addr_list);
1915                                         if (arm_addr->start == addr->start) {
1916                                                 DBGMSG("another host ownes "
1917                                                        "same addressrange");
1918                                                 another_host = 1;
1919                                                 break;
1920                                         }
1921                                         entry = entry->next;
1922                                 }
1923                                 if (another_host) {
1924                                         break;
1925                                 }
1926                         }
1927                 }
1928         }
1929         if (another_host) {
1930                 DBGMSG("delete entry from list -> success");
1931                 list_del(&addr->addr_list);
1932                 spin_unlock_irqrestore(&host_info_lock, flags);
1933                 vfree(addr->addr_space_buffer);
1934                 kfree(addr);
1935                 free_pending_request(req);      /* immediate success or fail */
1936                 return sizeof(struct raw1394_request);
1937         }
1938         retval =
1939             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1940                                       addr->start);
1941         if (!retval) {
1942                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1943                 spin_unlock_irqrestore(&host_info_lock, flags);
1944                 return (-EINVAL);
1945         }
1946         DBGMSG("delete entry from list -> success");
1947         list_del(&addr->addr_list);
1948         spin_unlock_irqrestore(&host_info_lock, flags);
1949         vfree(addr->addr_space_buffer);
1950         kfree(addr);
1951         free_pending_request(req);      /* immediate success or fail */
1952         return sizeof(struct raw1394_request);
1953 }
1954
1955 /* Copy data from ARM buffer(s) to user buffer. */
1956 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1957 {
1958         struct arm_addr *arm_addr = NULL;
1959         unsigned long flags;
1960         unsigned long offset;
1961
1962         struct list_head *entry;
1963
1964         DBGMSG("arm_get_buf "
1965                "addr(Offset): %04X %08X length: %u",
1966                (u32) ((req->req.address >> 32) & 0xFFFF),
1967                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1968
1969         spin_lock_irqsave(&host_info_lock, flags);
1970         entry = fi->addr_list.next;
1971         while (entry != &(fi->addr_list)) {
1972                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1973                 if ((arm_addr->start <= req->req.address) &&
1974                     (arm_addr->end > req->req.address)) {
1975                         if (req->req.address + req->req.length <= arm_addr->end) {
1976                                 offset = req->req.address - arm_addr->start;
1977                                 spin_unlock_irqrestore(&host_info_lock, flags);
1978
1979                                 DBGMSG
1980                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1981                                      (u32) req->req.recvb,
1982                                      arm_addr->addr_space_buffer + offset,
1983                                      (u32) req->req.length);
1984                                 if (copy_to_user
1985                                     (int2ptr(req->req.recvb),
1986                                      arm_addr->addr_space_buffer + offset,
1987                                      req->req.length))
1988                                         return (-EFAULT);
1989
1990                                 /* We have to free the request, because we
1991                                  * queue no response, and therefore nobody
1992                                  * will free it. */
1993                                 free_pending_request(req);
1994                                 return sizeof(struct raw1394_request);
1995                         } else {
1996                                 DBGMSG("arm_get_buf request exceeded mapping");
1997                                 spin_unlock_irqrestore(&host_info_lock, flags);
1998                                 return (-EINVAL);
1999                         }
2000                 }
2001                 entry = entry->next;
2002         }
2003         spin_unlock_irqrestore(&host_info_lock, flags);
2004         return (-EINVAL);
2005 }
2006
2007 /* Copy data from user buffer to ARM buffer(s). */
2008 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
2009 {
2010         struct arm_addr *arm_addr = NULL;
2011         unsigned long flags;
2012         unsigned long offset;
2013
2014         struct list_head *entry;
2015
2016         DBGMSG("arm_set_buf "
2017                "addr(Offset): %04X %08X length: %u",
2018                (u32) ((req->req.address >> 32) & 0xFFFF),
2019                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
2020
2021         spin_lock_irqsave(&host_info_lock, flags);
2022         entry = fi->addr_list.next;
2023         while (entry != &(fi->addr_list)) {
2024                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
2025                 if ((arm_addr->start <= req->req.address) &&
2026                     (arm_addr->end > req->req.address)) {
2027                         if (req->req.address + req->req.length <= arm_addr->end) {
2028                                 offset = req->req.address - arm_addr->start;
2029                                 spin_unlock_irqrestore(&host_info_lock, flags);
2030
2031                                 DBGMSG
2032                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
2033                                      arm_addr->addr_space_buffer + offset,
2034                                      (u32) req->req.sendb,
2035                                      (u32) req->req.length);
2036                                 if (copy_from_user
2037                                     (arm_addr->addr_space_buffer + offset,
2038                                      int2ptr(req->req.sendb),
2039                                      req->req.length))
2040                                         return (-EFAULT);
2041
2042                                 /* We have to free the request, because we
2043                                  * queue no response, and therefore nobody
2044                                  * will free it. */
2045                                 free_pending_request(req);
2046                                 return sizeof(struct raw1394_request);
2047                         } else {
2048                                 DBGMSG("arm_set_buf request exceeded mapping");
2049                                 spin_unlock_irqrestore(&host_info_lock, flags);
2050                                 return (-EINVAL);
2051                         }
2052                 }
2053                 entry = entry->next;
2054         }
2055         spin_unlock_irqrestore(&host_info_lock, flags);
2056         return (-EINVAL);
2057 }
2058
2059 static int reset_notification(struct file_info *fi, struct pending_request *req)
2060 {
2061         DBGMSG("reset_notification called - switch %s ",
2062                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
2063         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
2064             (req->req.misc == RAW1394_NOTIFY_ON)) {
2065                 fi->notification = (u8) req->req.misc;
2066                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2067                 return sizeof(struct raw1394_request);
2068         }
2069         /* error EINVAL (22) invalid argument */
2070         return (-EINVAL);
2071 }
2072
2073 static int write_phypacket(struct file_info *fi, struct pending_request *req)
2074 {
2075         struct hpsb_packet *packet = NULL;
2076         int retval = 0;
2077         quadlet_t data;
2078         unsigned long flags;
2079
2080         data = be32_to_cpu((u32) req->req.sendb);
2081         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
2082         packet = hpsb_make_phypacket(fi->host, data);
2083         if (!packet)
2084                 return -ENOMEM;
2085         req->req.length = 0;
2086         req->packet = packet;
2087         hpsb_set_packet_complete_task(packet,
2088                                       (void (*)(void *))queue_complete_cb, req);
2089         spin_lock_irqsave(&fi->reqlists_lock, flags);
2090         list_add_tail(&req->list, &fi->req_pending);
2091         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2092         packet->generation = req->req.generation;
2093         retval = hpsb_send_packet(packet);
2094         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2095         if (retval < 0) {
2096                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2097                 req->req.length = 0;
2098                 queue_complete_req(req);
2099         }
2100         return sizeof(struct raw1394_request);
2101 }
2102
2103 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2104 {
2105         int ret = sizeof(struct raw1394_request);
2106         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2107         int status;
2108
2109         if (!data)
2110                 return -ENOMEM;
2111
2112         status =
2113             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2114                          data, req->req.length);
2115         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2116                 ret = -EFAULT;
2117         if (copy_to_user
2118             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2119              sizeof(fi->host->csr.rom->cache_head->len)))
2120                 ret = -EFAULT;
2121         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2122                          sizeof(fi->host->csr.generation)))
2123                 ret = -EFAULT;
2124         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2125                 ret = -EFAULT;
2126         kfree(data);
2127         if (ret >= 0) {
2128                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2129         }
2130         return ret;
2131 }
2132
2133 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2134 {
2135         int ret = sizeof(struct raw1394_request);
2136         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2137         if (!data)
2138                 return -ENOMEM;
2139         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2140                 ret = -EFAULT;
2141         } else {
2142                 int status = hpsb_update_config_rom(fi->host,
2143                                                     data, req->req.length,
2144                                                     (unsigned char)req->req.
2145                                                     misc);
2146                 if (copy_to_user
2147                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2148                         ret = -ENOMEM;
2149         }
2150         kfree(data);
2151         if (ret >= 0) {
2152                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2153                 fi->cfgrom_upd = 1;
2154         }
2155         return ret;
2156 }
2157
2158 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2159 {
2160         struct csr1212_keyval *kv;
2161         struct csr1212_csr_rom_cache *cache;
2162         struct csr1212_dentry *dentry;
2163         u32 dr;
2164         int ret = 0;
2165
2166         if (req->req.misc == ~0) {
2167                 if (req->req.length == 0)
2168                         return -EINVAL;
2169
2170                 /* Find an unused slot */
2171                 for (dr = 0;
2172                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2173                      dr++) ;
2174
2175                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2176                         return -ENOMEM;
2177
2178                 fi->csr1212_dirs[dr] =
2179                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2180                 if (!fi->csr1212_dirs[dr])
2181                         return -ENOMEM;
2182         } else {
2183                 dr = req->req.misc;
2184                 if (!fi->csr1212_dirs[dr])
2185                         return -EINVAL;
2186
2187                 /* Delete old stuff */
2188                 for (dentry =
2189                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2190                      dentry; dentry = dentry->next) {
2191                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2192                                                              root_kv,
2193                                                              dentry->kv);
2194                 }
2195
2196                 if (req->req.length == 0) {
2197                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2198                         fi->csr1212_dirs[dr] = NULL;
2199
2200                         hpsb_update_config_rom_image(fi->host);
2201                         free_pending_request(req);
2202                         return sizeof(struct raw1394_request);
2203                 }
2204         }
2205
2206         cache = csr1212_rom_cache_malloc(0, req->req.length);
2207         if (!cache) {
2208                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2209                 fi->csr1212_dirs[dr] = NULL;
2210                 return -ENOMEM;
2211         }
2212
2213         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2214         if (!cache->filled_head) {
2215                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2216                 fi->csr1212_dirs[dr] = NULL;
2217                 CSR1212_FREE(cache);
2218                 return -ENOMEM;
2219         }
2220         cache->filled_tail = cache->filled_head;
2221
2222         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2223                            req->req.length)) {
2224                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2225                 fi->csr1212_dirs[dr] = NULL;
2226                 ret = -EFAULT;
2227         } else {
2228                 cache->len = req->req.length;
2229                 cache->filled_head->offset_start = 0;
2230                 cache->filled_head->offset_end = cache->size - 1;
2231
2232                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2233
2234                 ret = CSR1212_SUCCESS;
2235                 /* parse all the items */
2236                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2237                      kv = kv->next) {
2238                         ret = csr1212_parse_keyval(kv, cache);
2239                 }
2240
2241                 /* attach top level items to the root directory */
2242                 for (dentry =
2243                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2244                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2245                         ret =
2246                             csr1212_attach_keyval_to_directory(fi->host->csr.
2247                                                                rom->root_kv,
2248                                                                dentry->kv);
2249                 }
2250
2251                 if (ret == CSR1212_SUCCESS) {
2252                         ret = hpsb_update_config_rom_image(fi->host);
2253
2254                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2255                                                      &dr, sizeof(dr))) {
2256                                 ret = -ENOMEM;
2257                         }
2258                 }
2259         }
2260         kfree(cache->filled_head);
2261         CSR1212_FREE(cache);
2262
2263         if (ret >= 0) {
2264                 /* we have to free the request, because we queue no response,
2265                  * and therefore nobody will free it */
2266                 free_pending_request(req);
2267                 return sizeof(struct raw1394_request);
2268         } else {
2269                 for (dentry =
2270                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2271                      dentry; dentry = dentry->next) {
2272                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2273                                                              root_kv,
2274                                                              dentry->kv);
2275                 }
2276                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2277                 fi->csr1212_dirs[dr] = NULL;
2278                 return ret;
2279         }
2280 }
2281
2282 static int state_connected(struct file_info *fi, struct pending_request *req)
2283 {
2284         int node = req->req.address >> 48;
2285
2286         req->req.error = RAW1394_ERROR_NONE;
2287
2288         switch (req->req.type) {
2289
2290         case RAW1394_REQ_ECHO:
2291                 queue_complete_req(req);
2292                 return sizeof(struct raw1394_request);
2293
2294         case RAW1394_REQ_ISO_SEND:
2295                 return handle_iso_send(fi, req, node);
2296
2297         case RAW1394_REQ_ARM_REGISTER:
2298                 return arm_register(fi, req);
2299
2300         case RAW1394_REQ_ARM_UNREGISTER:
2301                 return arm_unregister(fi, req);
2302
2303         case RAW1394_REQ_ARM_SET_BUF:
2304                 return arm_set_buf(fi, req);
2305
2306         case RAW1394_REQ_ARM_GET_BUF:
2307                 return arm_get_buf(fi, req);
2308
2309         case RAW1394_REQ_RESET_NOTIFY:
2310                 return reset_notification(fi, req);
2311
2312         case RAW1394_REQ_ISO_LISTEN:
2313                 handle_iso_listen(fi, req);
2314                 return sizeof(struct raw1394_request);
2315
2316         case RAW1394_REQ_FCP_LISTEN:
2317                 handle_fcp_listen(fi, req);
2318                 return sizeof(struct raw1394_request);
2319
2320         case RAW1394_REQ_RESET_BUS:
2321                 if (req->req.misc == RAW1394_LONG_RESET) {
2322                         DBGMSG("busreset called (type: LONG)");
2323                         hpsb_reset_bus(fi->host, LONG_RESET);
2324                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2325                         return sizeof(struct raw1394_request);
2326                 }
2327                 if (req->req.misc == RAW1394_SHORT_RESET) {
2328                         DBGMSG("busreset called (type: SHORT)");
2329                         hpsb_reset_bus(fi->host, SHORT_RESET);
2330                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2331                         return sizeof(struct raw1394_request);
2332                 }
2333                 /* error EINVAL (22) invalid argument */
2334                 return (-EINVAL);
2335         case RAW1394_REQ_GET_ROM:
2336                 return get_config_rom(fi, req);
2337
2338         case RAW1394_REQ_UPDATE_ROM:
2339                 return update_config_rom(fi, req);
2340
2341         case RAW1394_REQ_MODIFY_ROM:
2342                 return modify_config_rom(fi, req);
2343         }
2344
2345         if (req->req.generation != get_hpsb_generation(fi->host)) {
2346                 req->req.error = RAW1394_ERROR_GENERATION;
2347                 req->req.generation = get_hpsb_generation(fi->host);
2348                 req->req.length = 0;
2349                 queue_complete_req(req);
2350                 return sizeof(struct raw1394_request);
2351         }
2352
2353         switch (req->req.type) {
2354         case RAW1394_REQ_PHYPACKET:
2355                 return write_phypacket(fi, req);
2356         case RAW1394_REQ_ASYNC_SEND:
2357                 return handle_async_send(fi, req);
2358         }
2359
2360         if (req->req.length == 0) {
2361                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2362                 queue_complete_req(req);
2363                 return sizeof(struct raw1394_request);
2364         }
2365
2366         return handle_async_request(fi, req, node);
2367 }
2368
2369 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2370                              size_t count, loff_t * offset_is_ignored)
2371 {
2372         struct file_info *fi = (struct file_info *)file->private_data;
2373         struct pending_request *req;
2374         ssize_t retval = 0;
2375
2376 #ifdef CONFIG_COMPAT
2377         if (count == sizeof(struct compat_raw1394_req) &&
2378             sizeof(struct compat_raw1394_req) !=
2379                         sizeof(struct raw1394_request)) {
2380                 buffer = raw1394_compat_write(buffer);
2381                 if (IS_ERR(buffer))
2382                         return PTR_ERR(buffer);
2383         } else
2384 #endif
2385         if (count != sizeof(struct raw1394_request)) {
2386                 return -EINVAL;
2387         }
2388
2389         req = alloc_pending_request();
2390         if (req == NULL) {
2391                 return -ENOMEM;
2392         }
2393         req->file_info = fi;
2394
2395         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2396                 free_pending_request(req);
2397                 return -EFAULT;
2398         }
2399
2400         switch (fi->state) {
2401         case opened:
2402                 retval = state_opened(fi, req);
2403                 break;
2404
2405         case initialized:
2406                 retval = state_initialized(fi, req);
2407                 break;
2408
2409         case connected:
2410                 retval = state_connected(fi, req);
2411                 break;
2412         }
2413
2414         if (retval < 0) {
2415                 free_pending_request(req);
2416         }
2417
2418         return retval;
2419 }
2420
2421 /* rawiso operations */
2422
2423 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2424  * completion queue (reqlists_lock must be taken) */
2425 static inline int __rawiso_event_in_queue(struct file_info *fi)
2426 {
2427         struct pending_request *req;
2428
2429         list_for_each_entry(req, &fi->req_complete, list)
2430             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2431                 return 1;
2432
2433         return 0;
2434 }
2435
2436 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2437 static void queue_rawiso_event(struct file_info *fi)
2438 {
2439         unsigned long flags;
2440
2441         spin_lock_irqsave(&fi->reqlists_lock, flags);
2442
2443         /* only one ISO activity event may be in the queue */
2444         if (!__rawiso_event_in_queue(fi)) {
2445                 struct pending_request *req =
2446                     __alloc_pending_request(GFP_ATOMIC);
2447
2448                 if (req) {
2449                         req->file_info = fi;
2450                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2451                         req->req.generation = get_hpsb_generation(fi->host);
2452                         __queue_complete_req(req);
2453                 } else {
2454                         /* on allocation failure, signal an overflow */
2455                         if (fi->iso_handle) {
2456                                 atomic_inc(&fi->iso_handle->overflows);
2457                         }
2458                 }
2459         }
2460         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2461 }
2462
2463 static void rawiso_activity_cb(struct hpsb_iso *iso)
2464 {
2465         unsigned long flags;
2466         struct host_info *hi;
2467         struct file_info *fi;
2468
2469         spin_lock_irqsave(&host_info_lock, flags);
2470         hi = find_host_info(iso->host);
2471
2472         if (hi != NULL) {
2473                 list_for_each_entry(fi, &hi->file_info_list, list) {
2474                         if (fi->iso_handle == iso)
2475                                 queue_rawiso_event(fi);
2476                 }
2477         }
2478
2479         spin_unlock_irqrestore(&host_info_lock, flags);
2480 }
2481
2482 /* helper function - gather all the kernel iso status bits for returning to user-space */
2483 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2484                                     struct raw1394_iso_status *stat)
2485 {
2486         stat->config.data_buf_size = iso->buf_size;
2487         stat->config.buf_packets = iso->buf_packets;
2488         stat->config.channel = iso->channel;
2489         stat->config.speed = iso->speed;
2490         stat->config.irq_interval = iso->irq_interval;
2491         stat->n_packets = hpsb_iso_n_ready(iso);
2492         stat->overflows = atomic_read(&iso->overflows);
2493         stat->xmit_cycle = iso->xmit_cycle;
2494 }
2495
2496 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2497 {
2498         struct raw1394_iso_status stat;
2499
2500         if (!fi->host)
2501                 return -EINVAL;
2502
2503         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2504                 return -EFAULT;
2505
2506         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2507                                             stat.config.data_buf_size,
2508                                             stat.config.buf_packets,
2509                                             stat.config.channel,
2510                                             stat.config.speed,
2511                                             stat.config.irq_interval,
2512                                             rawiso_activity_cb);
2513         if (!fi->iso_handle)
2514                 return -ENOMEM;
2515
2516         fi->iso_state = RAW1394_ISO_XMIT;
2517
2518         raw1394_iso_fill_status(fi->iso_handle, &stat);
2519         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2520                 return -EFAULT;
2521
2522         /* queue an event to get things started */
2523         rawiso_activity_cb(fi->iso_handle);
2524
2525         return 0;
2526 }
2527
2528 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2529 {
2530         struct raw1394_iso_status stat;
2531
2532         if (!fi->host)
2533                 return -EINVAL;
2534
2535         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2536                 return -EFAULT;
2537
2538         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2539                                             stat.config.data_buf_size,
2540                                             stat.config.buf_packets,
2541                                             stat.config.channel,
2542                                             stat.config.dma_mode,
2543                                             stat.config.irq_interval,
2544                                             rawiso_activity_cb);
2545         if (!fi->iso_handle)
2546                 return -ENOMEM;
2547
2548         fi->iso_state = RAW1394_ISO_RECV;
2549
2550         raw1394_iso_fill_status(fi->iso_handle, &stat);
2551         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2552                 return -EFAULT;
2553         return 0;
2554 }
2555
2556 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2557 {
2558         struct raw1394_iso_status stat;
2559         struct hpsb_iso *iso = fi->iso_handle;
2560
2561         raw1394_iso_fill_status(fi->iso_handle, &stat);
2562         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2563                 return -EFAULT;
2564
2565         /* reset overflow counter */
2566         atomic_set(&iso->overflows, 0);
2567
2568         return 0;
2569 }
2570
2571 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2572 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2573 {
2574         struct raw1394_iso_packets upackets;
2575         unsigned int packet = fi->iso_handle->first_packet;
2576         int i;
2577
2578         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2579                 return -EFAULT;
2580
2581         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2582                 return -EINVAL;
2583
2584         /* ensure user-supplied buffer is accessible and big enough */
2585         if (!access_ok(VERIFY_WRITE, upackets.infos,
2586                        upackets.n_packets *
2587                        sizeof(struct raw1394_iso_packet_info)))
2588                 return -EFAULT;
2589
2590         /* copy the packet_infos out */
2591         for (i = 0; i < upackets.n_packets; i++) {
2592                 if (__copy_to_user(&upackets.infos[i],
2593                                    &fi->iso_handle->infos[packet],
2594                                    sizeof(struct raw1394_iso_packet_info)))
2595                         return -EFAULT;
2596
2597                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2598         }
2599
2600         return 0;
2601 }
2602
2603 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2604 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2605 {
2606         struct raw1394_iso_packets upackets;
2607         int i, rv;
2608
2609         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2610                 return -EFAULT;
2611
2612         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2613                 return -EINVAL;
2614
2615         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2616                 return -EAGAIN;
2617
2618         /* ensure user-supplied buffer is accessible and big enough */
2619         if (!access_ok(VERIFY_READ, upackets.infos,
2620                        upackets.n_packets *
2621                        sizeof(struct raw1394_iso_packet_info)))
2622                 return -EFAULT;
2623
2624         /* copy the infos structs in and queue the packets */
2625         for (i = 0; i < upackets.n_packets; i++) {
2626                 struct raw1394_iso_packet_info info;
2627
2628                 if (__copy_from_user(&info, &upackets.infos[i],
2629                                      sizeof(struct raw1394_iso_packet_info)))
2630                         return -EFAULT;
2631
2632                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2633                                                 info.len, info.tag, info.sy);
2634                 if (rv)
2635                         return rv;
2636         }
2637
2638         return 0;
2639 }
2640
2641 static void raw1394_iso_shutdown(struct file_info *fi)
2642 {
2643         if (fi->iso_handle)
2644                 hpsb_iso_shutdown(fi->iso_handle);
2645
2646         fi->iso_handle = NULL;
2647         fi->iso_state = RAW1394_ISO_INACTIVE;
2648 }
2649
2650 /* mmap the rawiso xmit/recv buffer */
2651 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2652 {
2653         struct file_info *fi = file->private_data;
2654
2655         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2656                 return -EINVAL;
2657
2658         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2659 }
2660
2661 /* ioctl is only used for rawiso operations */
2662 static int raw1394_ioctl(struct inode *inode, struct file *file,
2663                          unsigned int cmd, unsigned long arg)
2664 {
2665         struct file_info *fi = file->private_data;
2666         void __user *argp = (void __user *)arg;
2667
2668         switch (fi->iso_state) {
2669         case RAW1394_ISO_INACTIVE:
2670                 switch (cmd) {
2671                 case RAW1394_IOC_ISO_XMIT_INIT:
2672                         return raw1394_iso_xmit_init(fi, argp);
2673                 case RAW1394_IOC_ISO_RECV_INIT:
2674                         return raw1394_iso_recv_init(fi, argp);
2675                 default:
2676                         break;
2677                 }
2678                 break;
2679         case RAW1394_ISO_RECV:
2680                 switch (cmd) {
2681                 case RAW1394_IOC_ISO_RECV_START:{
2682                                 /* copy args from user-space */
2683                                 int args[3];
2684                                 if (copy_from_user
2685                                     (&args[0], argp, sizeof(args)))
2686                                         return -EFAULT;
2687                                 return hpsb_iso_recv_start(fi->iso_handle,
2688                                                            args[0], args[1],
2689                                                            args[2]);
2690                         }
2691                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2692                         hpsb_iso_stop(fi->iso_handle);
2693                         return 0;
2694                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2695                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2696                                                             arg);
2697                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2698                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2699                                                               arg);
2700                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2701                                 /* copy the u64 from user-space */
2702                                 u64 mask;
2703                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2704                                         return -EFAULT;
2705                                 return hpsb_iso_recv_set_channel_mask(fi->
2706                                                                       iso_handle,
2707                                                                       mask);
2708                         }
2709                 case RAW1394_IOC_ISO_GET_STATUS:
2710                         return raw1394_iso_get_status(fi, argp);
2711                 case RAW1394_IOC_ISO_RECV_PACKETS:
2712                         return raw1394_iso_recv_packets(fi, argp);
2713                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2714                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2715                                                              arg);
2716                 case RAW1394_IOC_ISO_RECV_FLUSH:
2717                         return hpsb_iso_recv_flush(fi->iso_handle);
2718                 case RAW1394_IOC_ISO_SHUTDOWN:
2719                         raw1394_iso_shutdown(fi);
2720                         return 0;
2721                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2722                         queue_rawiso_event(fi);
2723                         return 0;
2724                 }
2725                 break;
2726         case RAW1394_ISO_XMIT:
2727                 switch (cmd) {
2728                 case RAW1394_IOC_ISO_XMIT_START:{
2729                                 /* copy two ints from user-space */
2730                                 int args[2];
2731                                 if (copy_from_user
2732                                     (&args[0], argp, sizeof(args)))
2733                                         return -EFAULT;
2734                                 return hpsb_iso_xmit_start(fi->iso_handle,
2735                                                            args[0], args[1]);
2736                         }
2737                 case RAW1394_IOC_ISO_XMIT_SYNC:
2738                         return hpsb_iso_xmit_sync(fi->iso_handle);
2739                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2740                         hpsb_iso_stop(fi->iso_handle);
2741                         return 0;
2742                 case RAW1394_IOC_ISO_GET_STATUS:
2743                         return raw1394_iso_get_status(fi, argp);
2744                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2745                         return raw1394_iso_send_packets(fi, argp);
2746                 case RAW1394_IOC_ISO_SHUTDOWN:
2747                         raw1394_iso_shutdown(fi);
2748                         return 0;
2749                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2750                         queue_rawiso_event(fi);
2751                         return 0;
2752                 }
2753                 break;
2754         default:
2755                 break;
2756         }
2757
2758         return -EINVAL;
2759 }
2760
2761 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2762 {
2763         struct file_info *fi = file->private_data;
2764         unsigned int mask = POLLOUT | POLLWRNORM;
2765         unsigned long flags;
2766
2767         poll_wait(file, &fi->wait_complete, pt);
2768
2769         spin_lock_irqsave(&fi->reqlists_lock, flags);
2770         if (!list_empty(&fi->req_complete)) {
2771                 mask |= POLLIN | POLLRDNORM;
2772         }
2773         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2774
2775         return mask;
2776 }
2777
2778 static int raw1394_open(struct inode *inode, struct file *file)
2779 {
2780         struct file_info *fi;
2781
2782         fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2783         if (!fi)
2784                 return -ENOMEM;
2785
2786         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2787
2788         INIT_LIST_HEAD(&fi->list);
2789         fi->state = opened;
2790         INIT_LIST_HEAD(&fi->req_pending);
2791         INIT_LIST_HEAD(&fi->req_complete);
2792         spin_lock_init(&fi->reqlists_lock);
2793         init_waitqueue_head(&fi->wait_complete);
2794         INIT_LIST_HEAD(&fi->addr_list);
2795
2796         file->private_data = fi;
2797
2798         return 0;
2799 }
2800
2801 static int raw1394_release(struct inode *inode, struct file *file)
2802 {
2803         struct file_info *fi = file->private_data;
2804         struct list_head *lh;
2805         struct pending_request *req;
2806         int i, fail;
2807         int retval = 0;
2808         struct list_head *entry;
2809         struct arm_addr *addr = NULL;
2810         struct host_info *hi;
2811         struct file_info *fi_hlp = NULL;
2812         struct arm_addr *arm_addr = NULL;
2813         int another_host;
2814         int csr_mod = 0;
2815         unsigned long flags;
2816
2817         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2818                 raw1394_iso_shutdown(fi);
2819
2820         for (i = 0; i < 64; i++) {
2821                 if (fi->listen_channels & (1ULL << i)) {
2822                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2823                 }
2824         }
2825
2826         spin_lock_irqsave(&host_info_lock, flags);
2827         fi->listen_channels = 0;
2828
2829         fail = 0;
2830         /* set address-entries invalid */
2831
2832         while (!list_empty(&fi->addr_list)) {
2833                 another_host = 0;
2834                 lh = fi->addr_list.next;
2835                 addr = list_entry(lh, struct arm_addr, addr_list);
2836                 /* another host with valid address-entry containing
2837                    same addressrange? */
2838                 list_for_each_entry(hi, &host_info_list, list) {
2839                         if (hi->host != fi->host) {
2840                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2841                                                     list) {
2842                                         entry = fi_hlp->addr_list.next;
2843                                         while (entry != &(fi_hlp->addr_list)) {
2844                                                 arm_addr = list_entry(entry, struct
2845                                                                       arm_addr,
2846                                                                       addr_list);
2847                                                 if (arm_addr->start ==
2848                                                     addr->start) {
2849                                                         DBGMSG
2850                                                             ("raw1394_release: "
2851                                                              "another host ownes "
2852                                                              "same addressrange");
2853                                                         another_host = 1;
2854                                                         break;
2855                                                 }
2856                                                 entry = entry->next;
2857                                         }
2858                                         if (another_host) {
2859                                                 break;
2860                                         }
2861                                 }
2862                         }
2863                 }
2864                 if (!another_host) {
2865                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2866                         retval =
2867                             hpsb_unregister_addrspace(&raw1394_highlevel,
2868                                                       fi->host, addr->start);
2869                         if (!retval) {
2870                                 ++fail;
2871                                 printk(KERN_ERR
2872                                        "raw1394_release arm_Unregister failed\n");
2873                         }
2874                 }
2875                 DBGMSG("raw1394_release: delete addr_entry from list");
2876                 list_del(&addr->addr_list);
2877                 vfree(addr->addr_space_buffer);
2878                 kfree(addr);
2879         }                       /* while */
2880         spin_unlock_irqrestore(&host_info_lock, flags);
2881         if (fail > 0) {
2882                 printk(KERN_ERR "raw1394: during addr_list-release "
2883                        "error(s) occurred \n");
2884         }
2885
2886         for (;;) {
2887                 /* This locked section guarantees that neither
2888                  * complete nor pending requests exist once i!=0 */
2889                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2890                 while ((req = __next_complete_req(fi)))
2891                         free_pending_request(req);
2892
2893                 i = list_empty(&fi->req_pending);
2894                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2895
2896                 if (i)
2897                         break;
2898                 /*
2899                  * Sleep until more requests can be freed.
2900                  *
2901                  * NB: We call the macro wait_event() with a condition argument
2902                  * with side effect.  This is only possible because the side
2903                  * effect does not occur until the condition became true, and
2904                  * wait_event() won't evaluate the condition again after that.
2905                  */
2906                 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2907                 free_pending_request(req);
2908         }
2909
2910         /* Remove any sub-trees left by user space programs */
2911         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2912                 struct csr1212_dentry *dentry;
2913                 if (!fi->csr1212_dirs[i])
2914                         continue;
2915                 for (dentry =
2916                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2917                      dentry = dentry->next) {
2918                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2919                                                              root_kv,
2920                                                              dentry->kv);
2921                 }
2922                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2923                 fi->csr1212_dirs[i] = NULL;
2924                 csr_mod = 1;
2925         }
2926
2927         if ((csr_mod || fi->cfgrom_upd)
2928             && hpsb_update_config_rom_image(fi->host) < 0)
2929                 HPSB_ERR
2930                     ("Failed to generate Configuration ROM image for host %d",
2931                      fi->host->id);
2932
2933         if (fi->state == connected) {
2934                 spin_lock_irqsave(&host_info_lock, flags);
2935                 list_del(&fi->list);
2936                 spin_unlock_irqrestore(&host_info_lock, flags);
2937
2938                 put_device(&fi->host->device);
2939         }
2940
2941         kfree(fi);
2942
2943         return 0;
2944 }
2945
2946 /*** HOTPLUG STUFF **********************************************************/
2947 /*
2948  * Export information about protocols/devices supported by this driver.
2949  */
2950 static struct ieee1394_device_id raw1394_id_table[] = {
2951         {
2952          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2953          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2954          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2955         {
2956          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2957          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2958          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2959         {
2960          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2961          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2962          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2963         {
2964          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2965          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2966          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2967         {}
2968 };
2969
2970 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2971
2972 static struct hpsb_protocol_driver raw1394_driver = {
2973         .name = "raw1394 Driver",
2974         .id_table = raw1394_id_table,
2975         .driver = {
2976                    .name = "raw1394",
2977                    .bus = &ieee1394_bus_type,
2978                    },
2979 };
2980
2981 /******************************************************************************/
2982
2983 static struct hpsb_highlevel raw1394_highlevel = {
2984         .name = RAW1394_DEVICE_NAME,
2985         .add_host = add_host,
2986         .remove_host = remove_host,
2987         .host_reset = host_reset,
2988         .iso_receive = iso_receive,
2989         .fcp_request = fcp_request,
2990 };
2991
2992 static struct cdev raw1394_cdev;
2993 static struct file_operations raw1394_fops = {
2994         .owner = THIS_MODULE,
2995         .read = raw1394_read,
2996         .write = raw1394_write,
2997         .mmap = raw1394_mmap,
2998         .ioctl = raw1394_ioctl,
2999         // .compat_ioctl = ... someone needs to do this
3000         .poll = raw1394_poll,
3001         .open = raw1394_open,
3002         .release = raw1394_release,
3003 };
3004
3005 static int __init init_raw1394(void)
3006 {
3007         int ret = 0;
3008
3009         hpsb_register_highlevel(&raw1394_highlevel);
3010
3011         if (IS_ERR
3012             (class_device_create
3013              (hpsb_protocol_class, NULL,
3014               MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), NULL,
3015               RAW1394_DEVICE_NAME))) {
3016                 ret = -EFAULT;
3017                 goto out_unreg;
3018         }
3019
3020         cdev_init(&raw1394_cdev, &raw1394_fops);
3021         raw1394_cdev.owner = THIS_MODULE;
3022         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
3023         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3024         if (ret) {
3025                 HPSB_ERR("raw1394 failed to register minor device block");
3026                 goto out_dev;
3027         }
3028
3029         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3030
3031         ret = hpsb_register_protocol(&raw1394_driver);
3032         if (ret) {
3033                 HPSB_ERR("raw1394: failed to register protocol");
3034                 cdev_del(&raw1394_cdev);
3035                 goto out_dev;
3036         }
3037
3038         goto out;
3039
3040       out_dev:
3041         class_device_destroy(hpsb_protocol_class,
3042                              MKDEV(IEEE1394_MAJOR,
3043                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3044       out_unreg:
3045         hpsb_unregister_highlevel(&raw1394_highlevel);
3046       out:
3047         return ret;
3048 }
3049
3050 static void __exit cleanup_raw1394(void)
3051 {
3052         class_device_destroy(hpsb_protocol_class,
3053                              MKDEV(IEEE1394_MAJOR,
3054                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3055         cdev_del(&raw1394_cdev);
3056         hpsb_unregister_highlevel(&raw1394_highlevel);
3057         hpsb_unregister_protocol(&raw1394_driver);
3058 }
3059
3060 module_init(init_raw1394);
3061 module_exit(cleanup_raw1394);
3062 MODULE_LICENSE("GPL");