Merge commit 'kumar/kumar-next' into next
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/mutex.h>
38 #include <linux/init.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/compat.h>
45
46 #include "csr1212.h"
47 #include "highlevel.h"
48 #include "hosts.h"
49 #include "ieee1394.h"
50 #include "ieee1394_core.h"
51 #include "ieee1394_hotplug.h"
52 #include "ieee1394_transactions.h"
53 #include "ieee1394_types.h"
54 #include "iso.h"
55 #include "nodemgr.h"
56 #include "raw1394.h"
57 #include "raw1394-private.h"
58
59 #define int2ptr(x) ((void __user *)(unsigned long)x)
60 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
61
62 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
63 #define RAW1394_DEBUG
64 #endif
65
66 #ifdef RAW1394_DEBUG
67 #define DBGMSG(fmt, args...) \
68 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
69 #else
70 #define DBGMSG(fmt, args...) do {} while (0)
71 #endif
72
73 static LIST_HEAD(host_info_list);
74 static int host_count;
75 static DEFINE_SPINLOCK(host_info_lock);
76 static atomic_t internal_generation = ATOMIC_INIT(0);
77
78 static atomic_t iso_buffer_size;
79 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
80
81 static struct hpsb_highlevel raw1394_highlevel;
82
83 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
84                     u64 addr, size_t length, u16 flags);
85 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
86                      quadlet_t * data, u64 addr, size_t length, u16 flags);
87 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
88                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
89                     u16 flags);
90 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
91                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
92                       u16 flags);
93 const static struct hpsb_address_ops arm_ops = {
94         .read = arm_read,
95         .write = arm_write,
96         .lock = arm_lock,
97         .lock64 = arm_lock64,
98 };
99
100 static void queue_complete_cb(struct pending_request *req);
101
102 static struct pending_request *__alloc_pending_request(gfp_t flags)
103 {
104         struct pending_request *req;
105
106         req = kzalloc(sizeof(*req), flags);
107         if (req)
108                 INIT_LIST_HEAD(&req->list);
109
110         return req;
111 }
112
113 static inline struct pending_request *alloc_pending_request(void)
114 {
115         return __alloc_pending_request(GFP_KERNEL);
116 }
117
118 static void free_pending_request(struct pending_request *req)
119 {
120         if (req->ibs) {
121                 if (atomic_dec_and_test(&req->ibs->refcount)) {
122                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
123                         kfree(req->ibs);
124                 }
125         } else if (req->free_data) {
126                 kfree(req->data);
127         }
128         hpsb_free_packet(req->packet);
129         kfree(req);
130 }
131
132 /* fi->reqlists_lock must be taken */
133 static void __queue_complete_req(struct pending_request *req)
134 {
135         struct file_info *fi = req->file_info;
136
137         list_move_tail(&req->list, &fi->req_complete);
138         wake_up(&fi->wait_complete);
139 }
140
141 static void queue_complete_req(struct pending_request *req)
142 {
143         unsigned long flags;
144         struct file_info *fi = req->file_info;
145
146         spin_lock_irqsave(&fi->reqlists_lock, flags);
147         __queue_complete_req(req);
148         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
149 }
150
151 static void queue_complete_cb(struct pending_request *req)
152 {
153         struct hpsb_packet *packet = req->packet;
154         int rcode = (packet->header[1] >> 12) & 0xf;
155
156         switch (packet->ack_code) {
157         case ACKX_NONE:
158         case ACKX_SEND_ERROR:
159                 req->req.error = RAW1394_ERROR_SEND_ERROR;
160                 break;
161         case ACKX_ABORTED:
162                 req->req.error = RAW1394_ERROR_ABORTED;
163                 break;
164         case ACKX_TIMEOUT:
165                 req->req.error = RAW1394_ERROR_TIMEOUT;
166                 break;
167         default:
168                 req->req.error = (packet->ack_code << 16) | rcode;
169                 break;
170         }
171
172         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
173                 req->req.length = 0;
174         }
175
176         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
177             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
178             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
179             (req->req.type == RAW1394_REQ_LOCK) ||
180             (req->req.type == RAW1394_REQ_LOCK64))
181                 hpsb_free_tlabel(packet);
182
183         queue_complete_req(req);
184 }
185
186 static void add_host(struct hpsb_host *host)
187 {
188         struct host_info *hi;
189         unsigned long flags;
190
191         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
192
193         if (hi) {
194                 INIT_LIST_HEAD(&hi->list);
195                 hi->host = host;
196                 INIT_LIST_HEAD(&hi->file_info_list);
197
198                 spin_lock_irqsave(&host_info_lock, flags);
199                 list_add_tail(&hi->list, &host_info_list);
200                 host_count++;
201                 spin_unlock_irqrestore(&host_info_lock, flags);
202         }
203
204         atomic_inc(&internal_generation);
205 }
206
207 static struct host_info *find_host_info(struct hpsb_host *host)
208 {
209         struct host_info *hi;
210
211         list_for_each_entry(hi, &host_info_list, list)
212             if (hi->host == host)
213                 return hi;
214
215         return NULL;
216 }
217
218 static void remove_host(struct hpsb_host *host)
219 {
220         struct host_info *hi;
221         unsigned long flags;
222
223         spin_lock_irqsave(&host_info_lock, flags);
224         hi = find_host_info(host);
225
226         if (hi != NULL) {
227                 list_del(&hi->list);
228                 host_count--;
229                 /*
230                    FIXME: address ranges should be removed
231                    and fileinfo states should be initialized
232                    (including setting generation to
233                    internal-generation ...)
234                  */
235         }
236         spin_unlock_irqrestore(&host_info_lock, flags);
237
238         if (hi == NULL) {
239                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
240                        "0x%p\n", host);
241                 return;
242         }
243
244         kfree(hi);
245
246         atomic_inc(&internal_generation);
247 }
248
249 static void host_reset(struct hpsb_host *host)
250 {
251         unsigned long flags;
252         struct host_info *hi;
253         struct file_info *fi;
254         struct pending_request *req;
255
256         spin_lock_irqsave(&host_info_lock, flags);
257         hi = find_host_info(host);
258
259         if (hi != NULL) {
260                 list_for_each_entry(fi, &hi->file_info_list, list) {
261                         if (fi->notification == RAW1394_NOTIFY_ON) {
262                                 req = __alloc_pending_request(GFP_ATOMIC);
263
264                                 if (req != NULL) {
265                                         req->file_info = fi;
266                                         req->req.type = RAW1394_REQ_BUS_RESET;
267                                         req->req.generation =
268                                             get_hpsb_generation(host);
269                                         req->req.misc = (host->node_id << 16)
270                                             | host->node_count;
271                                         if (fi->protocol_version > 3) {
272                                                 req->req.misc |=
273                                                     (NODEID_TO_NODE
274                                                      (host->irm_id)
275                                                      << 8);
276                                         }
277
278                                         queue_complete_req(req);
279                                 }
280                         }
281                 }
282         }
283         spin_unlock_irqrestore(&host_info_lock, flags);
284 }
285
286 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
287                         int cts, u8 * data, size_t length)
288 {
289         unsigned long flags;
290         struct host_info *hi;
291         struct file_info *fi;
292         struct pending_request *req, *req_next;
293         struct iso_block_store *ibs = NULL;
294         LIST_HEAD(reqs);
295
296         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
297                 HPSB_INFO("dropped fcp request");
298                 return;
299         }
300
301         spin_lock_irqsave(&host_info_lock, flags);
302         hi = find_host_info(host);
303
304         if (hi != NULL) {
305                 list_for_each_entry(fi, &hi->file_info_list, list) {
306                         if (!fi->fcp_buffer)
307                                 continue;
308
309                         req = __alloc_pending_request(GFP_ATOMIC);
310                         if (!req)
311                                 break;
312
313                         if (!ibs) {
314                                 ibs = kmalloc(sizeof(*ibs) + length,
315                                               GFP_ATOMIC);
316                                 if (!ibs) {
317                                         kfree(req);
318                                         break;
319                                 }
320
321                                 atomic_add(length, &iso_buffer_size);
322                                 atomic_set(&ibs->refcount, 0);
323                                 ibs->data_size = length;
324                                 memcpy(ibs->data, data, length);
325                         }
326
327                         atomic_inc(&ibs->refcount);
328
329                         req->file_info = fi;
330                         req->ibs = ibs;
331                         req->data = ibs->data;
332                         req->req.type = RAW1394_REQ_FCP_REQUEST;
333                         req->req.generation = get_hpsb_generation(host);
334                         req->req.misc = nodeid | (direction << 16);
335                         req->req.recvb = ptr2int(fi->fcp_buffer);
336                         req->req.length = length;
337
338                         list_add_tail(&req->list, &reqs);
339                 }
340         }
341         spin_unlock_irqrestore(&host_info_lock, flags);
342
343         list_for_each_entry_safe(req, req_next, &reqs, list)
344             queue_complete_req(req);
345 }
346
347 #ifdef CONFIG_COMPAT
348 struct compat_raw1394_req {
349         __u32 type;
350         __s32 error;
351         __u32 misc;
352
353         __u32 generation;
354         __u32 length;
355
356         __u64 address;
357
358         __u64 tag;
359
360         __u64 sendb;
361         __u64 recvb;
362 }
363 #if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
364 __attribute__((packed))
365 #endif
366 ;
367
368 static const char __user *raw1394_compat_write(const char __user *buf)
369 {
370         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
371         struct raw1394_request __user *r;
372         r = compat_alloc_user_space(sizeof(struct raw1394_request));
373
374 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
375
376         if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
377             C(address) ||
378             C(tag) ||
379             C(sendb) ||
380             C(recvb))
381                 return ERR_PTR(-EFAULT);
382         return (const char __user *)r;
383 }
384 #undef C
385
386 #define P(x) __put_user(r->x, &cr->x)
387
388 static int
389 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
390 {
391         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
392         if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
393             P(type) ||
394             P(error) ||
395             P(misc) ||
396             P(generation) ||
397             P(length) ||
398             P(address) ||
399             P(tag) ||
400             P(sendb) ||
401             P(recvb))
402                 return -EFAULT;
403         return sizeof(struct compat_raw1394_req);
404 }
405 #undef P
406
407 #endif
408
409 /* get next completed request  (caller must hold fi->reqlists_lock) */
410 static inline struct pending_request *__next_complete_req(struct file_info *fi)
411 {
412         struct list_head *lh;
413         struct pending_request *req = NULL;
414
415         if (!list_empty(&fi->req_complete)) {
416                 lh = fi->req_complete.next;
417                 list_del(lh);
418                 req = list_entry(lh, struct pending_request, list);
419         }
420         return req;
421 }
422
423 /* atomically get next completed request */
424 static struct pending_request *next_complete_req(struct file_info *fi)
425 {
426         unsigned long flags;
427         struct pending_request *req;
428
429         spin_lock_irqsave(&fi->reqlists_lock, flags);
430         req = __next_complete_req(fi);
431         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
432         return req;
433 }
434
435 static ssize_t raw1394_read(struct file *file, char __user * buffer,
436                             size_t count, loff_t * offset_is_ignored)
437 {
438         struct file_info *fi = (struct file_info *)file->private_data;
439         struct pending_request *req;
440         ssize_t ret;
441
442 #ifdef CONFIG_COMPAT
443         if (count == sizeof(struct compat_raw1394_req)) {
444                 /* ok */
445         } else
446 #endif
447         if (count != sizeof(struct raw1394_request)) {
448                 return -EINVAL;
449         }
450
451         if (!access_ok(VERIFY_WRITE, buffer, count)) {
452                 return -EFAULT;
453         }
454
455         if (file->f_flags & O_NONBLOCK) {
456                 if (!(req = next_complete_req(fi)))
457                         return -EAGAIN;
458         } else {
459                 /*
460                  * NB: We call the macro wait_event_interruptible() with a
461                  * condition argument with side effect.  This is only possible
462                  * because the side effect does not occur until the condition
463                  * became true, and wait_event_interruptible() won't evaluate
464                  * the condition again after that.
465                  */
466                 if (wait_event_interruptible(fi->wait_complete,
467                                              (req = next_complete_req(fi))))
468                         return -ERESTARTSYS;
469         }
470
471         if (req->req.length) {
472                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
473                                  req->req.length)) {
474                         req->req.error = RAW1394_ERROR_MEMFAULT;
475                 }
476         }
477
478 #ifdef CONFIG_COMPAT
479         if (count == sizeof(struct compat_raw1394_req) &&
480             sizeof(struct compat_raw1394_req) !=
481                         sizeof(struct raw1394_request)) {
482                 ret = raw1394_compat_read(buffer, &req->req);
483         } else
484 #endif
485         {
486                 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
487                         ret = -EFAULT;
488                         goto out;
489                 }
490                 ret = (ssize_t) sizeof(struct raw1394_request);
491         }
492       out:
493         free_pending_request(req);
494         return ret;
495 }
496
497 static int state_opened(struct file_info *fi, struct pending_request *req)
498 {
499         if (req->req.type == RAW1394_REQ_INITIALIZE) {
500                 switch (req->req.misc) {
501                 case RAW1394_KERNELAPI_VERSION:
502                 case 3:
503                         fi->state = initialized;
504                         fi->protocol_version = req->req.misc;
505                         req->req.error = RAW1394_ERROR_NONE;
506                         req->req.generation = atomic_read(&internal_generation);
507                         break;
508
509                 default:
510                         req->req.error = RAW1394_ERROR_COMPAT;
511                         req->req.misc = RAW1394_KERNELAPI_VERSION;
512                 }
513         } else {
514                 req->req.error = RAW1394_ERROR_STATE_ORDER;
515         }
516
517         req->req.length = 0;
518         queue_complete_req(req);
519         return 0;
520 }
521
522 static int state_initialized(struct file_info *fi, struct pending_request *req)
523 {
524         unsigned long flags;
525         struct host_info *hi;
526         struct raw1394_khost_list *khl;
527
528         if (req->req.generation != atomic_read(&internal_generation)) {
529                 req->req.error = RAW1394_ERROR_GENERATION;
530                 req->req.generation = atomic_read(&internal_generation);
531                 req->req.length = 0;
532                 queue_complete_req(req);
533                 return 0;
534         }
535
536         switch (req->req.type) {
537         case RAW1394_REQ_LIST_CARDS:
538                 spin_lock_irqsave(&host_info_lock, flags);
539                 khl = kmalloc(sizeof(*khl) * host_count, GFP_ATOMIC);
540
541                 if (khl) {
542                         req->req.misc = host_count;
543                         req->data = (quadlet_t *) khl;
544
545                         list_for_each_entry(hi, &host_info_list, list) {
546                                 khl->nodes = hi->host->node_count;
547                                 strcpy(khl->name, hi->host->driver->name);
548                                 khl++;
549                         }
550                 }
551                 spin_unlock_irqrestore(&host_info_lock, flags);
552
553                 if (khl) {
554                         req->req.error = RAW1394_ERROR_NONE;
555                         req->req.length = min(req->req.length,
556                                               (u32) (sizeof
557                                                      (struct raw1394_khost_list)
558                                                      * req->req.misc));
559                         req->free_data = 1;
560                 } else {
561                         return -ENOMEM;
562                 }
563                 break;
564
565         case RAW1394_REQ_SET_CARD:
566                 spin_lock_irqsave(&host_info_lock, flags);
567                 if (req->req.misc >= host_count) {
568                         req->req.error = RAW1394_ERROR_INVALID_ARG;
569                         goto out_set_card;
570                 }
571                 list_for_each_entry(hi, &host_info_list, list)
572                         if (!req->req.misc--)
573                                 break;
574                 get_device(&hi->host->device); /* FIXME handle failure case */
575                 list_add_tail(&fi->list, &hi->file_info_list);
576
577                 /* prevent unloading of the host's low-level driver */
578                 if (!try_module_get(hi->host->driver->owner)) {
579                         req->req.error = RAW1394_ERROR_ABORTED;
580                         goto out_set_card;
581                 }
582                 WARN_ON(fi->host);
583                 fi->host = hi->host;
584                 fi->state = connected;
585
586                 req->req.error = RAW1394_ERROR_NONE;
587                 req->req.generation = get_hpsb_generation(fi->host);
588                 req->req.misc = (fi->host->node_id << 16)
589                                 | fi->host->node_count;
590                 if (fi->protocol_version > 3)
591                         req->req.misc |= NODEID_TO_NODE(fi->host->irm_id) << 8;
592 out_set_card:
593                 spin_unlock_irqrestore(&host_info_lock, flags);
594
595                 req->req.length = 0;
596                 break;
597
598         default:
599                 req->req.error = RAW1394_ERROR_STATE_ORDER;
600                 req->req.length = 0;
601                 break;
602         }
603
604         queue_complete_req(req);
605         return 0;
606 }
607
608 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
609 {
610         if (req->req.misc) {
611                 if (fi->fcp_buffer) {
612                         req->req.error = RAW1394_ERROR_ALREADY;
613                 } else {
614                         fi->fcp_buffer = int2ptr(req->req.recvb);
615                 }
616         } else {
617                 if (!fi->fcp_buffer) {
618                         req->req.error = RAW1394_ERROR_ALREADY;
619                 } else {
620                         fi->fcp_buffer = NULL;
621                 }
622         }
623
624         req->req.length = 0;
625         queue_complete_req(req);
626 }
627
628 static int handle_async_request(struct file_info *fi,
629                                 struct pending_request *req, int node)
630 {
631         unsigned long flags;
632         struct hpsb_packet *packet = NULL;
633         u64 addr = req->req.address & 0xffffffffffffULL;
634
635         switch (req->req.type) {
636         case RAW1394_REQ_ASYNC_READ:
637                 DBGMSG("read_request called");
638                 packet =
639                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
640
641                 if (!packet)
642                         return -ENOMEM;
643
644                 if (req->req.length == 4)
645                         req->data = &packet->header[3];
646                 else
647                         req->data = packet->data;
648
649                 break;
650
651         case RAW1394_REQ_ASYNC_WRITE:
652                 DBGMSG("write_request called");
653
654                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
655                                                req->req.length);
656                 if (!packet)
657                         return -ENOMEM;
658
659                 if (req->req.length == 4) {
660                         if (copy_from_user
661                             (&packet->header[3], int2ptr(req->req.sendb),
662                              req->req.length))
663                                 req->req.error = RAW1394_ERROR_MEMFAULT;
664                 } else {
665                         if (copy_from_user
666                             (packet->data, int2ptr(req->req.sendb),
667                              req->req.length))
668                                 req->req.error = RAW1394_ERROR_MEMFAULT;
669                 }
670
671                 req->req.length = 0;
672                 break;
673
674         case RAW1394_REQ_ASYNC_STREAM:
675                 DBGMSG("stream_request called");
676
677                 packet =
678                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
679                                            node & 0x3f /*channel */ ,
680                                            (req->req.misc >> 16) & 0x3,
681                                            req->req.misc & 0xf);
682                 if (!packet)
683                         return -ENOMEM;
684
685                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
686                                    req->req.length))
687                         req->req.error = RAW1394_ERROR_MEMFAULT;
688
689                 req->req.length = 0;
690                 break;
691
692         case RAW1394_REQ_LOCK:
693                 DBGMSG("lock_request called");
694                 if ((req->req.misc == EXTCODE_FETCH_ADD)
695                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
696                         if (req->req.length != 4) {
697                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
698                                 break;
699                         }
700                 } else {
701                         if (req->req.length != 8) {
702                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
703                                 break;
704                         }
705                 }
706
707                 packet = hpsb_make_lockpacket(fi->host, node, addr,
708                                               req->req.misc, NULL, 0);
709                 if (!packet)
710                         return -ENOMEM;
711
712                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
713                                    req->req.length)) {
714                         req->req.error = RAW1394_ERROR_MEMFAULT;
715                         break;
716                 }
717
718                 req->data = packet->data;
719                 req->req.length = 4;
720                 break;
721
722         case RAW1394_REQ_LOCK64:
723                 DBGMSG("lock64_request called");
724                 if ((req->req.misc == EXTCODE_FETCH_ADD)
725                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
726                         if (req->req.length != 8) {
727                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
728                                 break;
729                         }
730                 } else {
731                         if (req->req.length != 16) {
732                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
733                                 break;
734                         }
735                 }
736                 packet = hpsb_make_lock64packet(fi->host, node, addr,
737                                                 req->req.misc, NULL, 0);
738                 if (!packet)
739                         return -ENOMEM;
740
741                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
742                                    req->req.length)) {
743                         req->req.error = RAW1394_ERROR_MEMFAULT;
744                         break;
745                 }
746
747                 req->data = packet->data;
748                 req->req.length = 8;
749                 break;
750
751         default:
752                 req->req.error = RAW1394_ERROR_STATE_ORDER;
753         }
754
755         req->packet = packet;
756
757         if (req->req.error) {
758                 req->req.length = 0;
759                 queue_complete_req(req);
760                 return 0;
761         }
762
763         hpsb_set_packet_complete_task(packet,
764                                       (void (*)(void *))queue_complete_cb, req);
765
766         spin_lock_irqsave(&fi->reqlists_lock, flags);
767         list_add_tail(&req->list, &fi->req_pending);
768         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
769
770         packet->generation = req->req.generation;
771
772         if (hpsb_send_packet(packet) < 0) {
773                 req->req.error = RAW1394_ERROR_SEND_ERROR;
774                 req->req.length = 0;
775                 hpsb_free_tlabel(packet);
776                 queue_complete_req(req);
777         }
778         return 0;
779 }
780
781 static int handle_async_send(struct file_info *fi, struct pending_request *req)
782 {
783         unsigned long flags;
784         struct hpsb_packet *packet;
785         int header_length = req->req.misc & 0xffff;
786         int expect_response = req->req.misc >> 16;
787         size_t data_size;
788
789         if (header_length > req->req.length || header_length < 12 ||
790             header_length > FIELD_SIZEOF(struct hpsb_packet, header)) {
791                 req->req.error = RAW1394_ERROR_INVALID_ARG;
792                 req->req.length = 0;
793                 queue_complete_req(req);
794                 return 0;
795         }
796
797         data_size = req->req.length - header_length;
798         packet = hpsb_alloc_packet(data_size);
799         req->packet = packet;
800         if (!packet)
801                 return -ENOMEM;
802
803         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
804                            header_length)) {
805                 req->req.error = RAW1394_ERROR_MEMFAULT;
806                 req->req.length = 0;
807                 queue_complete_req(req);
808                 return 0;
809         }
810
811         if (copy_from_user
812             (packet->data, int2ptr(req->req.sendb) + header_length,
813              data_size)) {
814                 req->req.error = RAW1394_ERROR_MEMFAULT;
815                 req->req.length = 0;
816                 queue_complete_req(req);
817                 return 0;
818         }
819
820         packet->type = hpsb_async;
821         packet->node_id = packet->header[0] >> 16;
822         packet->tcode = (packet->header[0] >> 4) & 0xf;
823         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
824         packet->host = fi->host;
825         packet->expect_response = expect_response;
826         packet->header_size = header_length;
827         packet->data_size = data_size;
828
829         req->req.length = 0;
830         hpsb_set_packet_complete_task(packet,
831                                       (void (*)(void *))queue_complete_cb, req);
832
833         spin_lock_irqsave(&fi->reqlists_lock, flags);
834         list_add_tail(&req->list, &fi->req_pending);
835         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
836
837         /* Update the generation of the packet just before sending. */
838         packet->generation = req->req.generation;
839
840         if (hpsb_send_packet(packet) < 0) {
841                 req->req.error = RAW1394_ERROR_SEND_ERROR;
842                 queue_complete_req(req);
843         }
844
845         return 0;
846 }
847
848 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
849                     u64 addr, size_t length, u16 flags)
850 {
851         unsigned long irqflags;
852         struct pending_request *req;
853         struct host_info *hi;
854         struct file_info *fi = NULL;
855         struct list_head *entry;
856         struct arm_addr *arm_addr = NULL;
857         struct arm_request *arm_req = NULL;
858         struct arm_response *arm_resp = NULL;
859         int found = 0, size = 0, rcode = -1;
860         struct arm_request_response *arm_req_resp = NULL;
861
862         DBGMSG("arm_read  called by node: %X "
863                "addr: %4.4x %8.8x length: %Zu", nodeid,
864                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
865                length);
866         spin_lock_irqsave(&host_info_lock, irqflags);
867         hi = find_host_info(host);      /* search address-entry */
868         if (hi != NULL) {
869                 list_for_each_entry(fi, &hi->file_info_list, list) {
870                         entry = fi->addr_list.next;
871                         while (entry != &(fi->addr_list)) {
872                                 arm_addr =
873                                     list_entry(entry, struct arm_addr,
874                                                addr_list);
875                                 if (((arm_addr->start) <= (addr))
876                                     && ((arm_addr->end) >= (addr + length))) {
877                                         found = 1;
878                                         break;
879                                 }
880                                 entry = entry->next;
881                         }
882                         if (found) {
883                                 break;
884                         }
885                 }
886         }
887         rcode = -1;
888         if (!found) {
889                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
890                        " -> rcode_address_error\n");
891                 spin_unlock_irqrestore(&host_info_lock, irqflags);
892                 return (RCODE_ADDRESS_ERROR);
893         } else {
894                 DBGMSG("arm_read addr_entry FOUND");
895         }
896         if (arm_addr->rec_length < length) {
897                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
898                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
899         }
900         if (rcode == -1) {
901                 if (arm_addr->access_rights & ARM_READ) {
902                         if (!(arm_addr->client_transactions & ARM_READ)) {
903                                 memcpy(buffer,
904                                        (arm_addr->addr_space_buffer) + (addr -
905                                                                         (arm_addr->
906                                                                          start)),
907                                        length);
908                                 DBGMSG("arm_read -> (rcode_complete)");
909                                 rcode = RCODE_COMPLETE;
910                         }
911                 } else {
912                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
913                         DBGMSG("arm_read -> rcode_type_error (access denied)");
914                 }
915         }
916         if (arm_addr->notification_options & ARM_READ) {
917                 DBGMSG("arm_read -> entering notification-section");
918                 req = __alloc_pending_request(GFP_ATOMIC);
919                 if (!req) {
920                         DBGMSG("arm_read -> rcode_conflict_error");
921                         spin_unlock_irqrestore(&host_info_lock, irqflags);
922                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
923                                                            The request may be retried */
924                 }
925                 if (rcode == RCODE_COMPLETE) {
926                         size =
927                             sizeof(struct arm_request) +
928                             sizeof(struct arm_response) +
929                             length * sizeof(byte_t) +
930                             sizeof(struct arm_request_response);
931                 } else {
932                         size =
933                             sizeof(struct arm_request) +
934                             sizeof(struct arm_response) +
935                             sizeof(struct arm_request_response);
936                 }
937                 req->data = kmalloc(size, GFP_ATOMIC);
938                 if (!(req->data)) {
939                         free_pending_request(req);
940                         DBGMSG("arm_read -> rcode_conflict_error");
941                         spin_unlock_irqrestore(&host_info_lock, irqflags);
942                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
943                                                            The request may be retried */
944                 }
945                 req->free_data = 1;
946                 req->file_info = fi;
947                 req->req.type = RAW1394_REQ_ARM;
948                 req->req.generation = get_hpsb_generation(host);
949                 req->req.misc =
950                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
951                 req->req.tag = arm_addr->arm_tag;
952                 req->req.recvb = arm_addr->recvb;
953                 req->req.length = size;
954                 arm_req_resp = (struct arm_request_response *)(req->data);
955                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
956                                                  (sizeof
957                                                   (struct
958                                                    arm_request_response)));
959                 arm_resp =
960                     (struct arm_response *)((byte_t *) (arm_req) +
961                                             (sizeof(struct arm_request)));
962                 arm_req->buffer = NULL;
963                 arm_resp->buffer = NULL;
964                 if (rcode == RCODE_COMPLETE) {
965                         byte_t *buf =
966                             (byte_t *) arm_resp + sizeof(struct arm_response);
967                         memcpy(buf,
968                                (arm_addr->addr_space_buffer) + (addr -
969                                                                 (arm_addr->
970                                                                  start)),
971                                length);
972                         arm_resp->buffer =
973                             int2ptr((arm_addr->recvb) +
974                                     sizeof(struct arm_request_response) +
975                                     sizeof(struct arm_request) +
976                                     sizeof(struct arm_response));
977                 }
978                 arm_resp->buffer_length =
979                     (rcode == RCODE_COMPLETE) ? length : 0;
980                 arm_resp->response_code = rcode;
981                 arm_req->buffer_length = 0;
982                 arm_req->generation = req->req.generation;
983                 arm_req->extended_transaction_code = 0;
984                 arm_req->destination_offset = addr;
985                 arm_req->source_nodeid = nodeid;
986                 arm_req->destination_nodeid = host->node_id;
987                 arm_req->tlabel = (flags >> 10) & 0x3f;
988                 arm_req->tcode = (flags >> 4) & 0x0f;
989                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
990                                                 sizeof(struct
991                                                        arm_request_response));
992                 arm_req_resp->response =
993                     int2ptr((arm_addr->recvb) +
994                             sizeof(struct arm_request_response) +
995                             sizeof(struct arm_request));
996                 queue_complete_req(req);
997         }
998         spin_unlock_irqrestore(&host_info_lock, irqflags);
999         return (rcode);
1000 }
1001
1002 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1003                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1004 {
1005         unsigned long irqflags;
1006         struct pending_request *req;
1007         struct host_info *hi;
1008         struct file_info *fi = NULL;
1009         struct list_head *entry;
1010         struct arm_addr *arm_addr = NULL;
1011         struct arm_request *arm_req = NULL;
1012         struct arm_response *arm_resp = NULL;
1013         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1014         struct arm_request_response *arm_req_resp = NULL;
1015
1016         DBGMSG("arm_write called by node: %X "
1017                "addr: %4.4x %8.8x length: %Zu", nodeid,
1018                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1019                length);
1020         spin_lock_irqsave(&host_info_lock, irqflags);
1021         hi = find_host_info(host);      /* search address-entry */
1022         if (hi != NULL) {
1023                 list_for_each_entry(fi, &hi->file_info_list, list) {
1024                         entry = fi->addr_list.next;
1025                         while (entry != &(fi->addr_list)) {
1026                                 arm_addr =
1027                                     list_entry(entry, struct arm_addr,
1028                                                addr_list);
1029                                 if (((arm_addr->start) <= (addr))
1030                                     && ((arm_addr->end) >= (addr + length))) {
1031                                         found = 1;
1032                                         break;
1033                                 }
1034                                 entry = entry->next;
1035                         }
1036                         if (found) {
1037                                 break;
1038                         }
1039                 }
1040         }
1041         rcode = -1;
1042         if (!found) {
1043                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1044                        " -> rcode_address_error\n");
1045                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1046                 return (RCODE_ADDRESS_ERROR);
1047         } else {
1048                 DBGMSG("arm_write addr_entry FOUND");
1049         }
1050         if (arm_addr->rec_length < length) {
1051                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1052                 length_conflict = 1;
1053                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1054         }
1055         if (rcode == -1) {
1056                 if (arm_addr->access_rights & ARM_WRITE) {
1057                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1058                                 memcpy((arm_addr->addr_space_buffer) +
1059                                        (addr - (arm_addr->start)), data,
1060                                        length);
1061                                 DBGMSG("arm_write -> (rcode_complete)");
1062                                 rcode = RCODE_COMPLETE;
1063                         }
1064                 } else {
1065                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1066                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1067                 }
1068         }
1069         if (arm_addr->notification_options & ARM_WRITE) {
1070                 DBGMSG("arm_write -> entering notification-section");
1071                 req = __alloc_pending_request(GFP_ATOMIC);
1072                 if (!req) {
1073                         DBGMSG("arm_write -> rcode_conflict_error");
1074                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1075                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1076                                                            The request my be retried */
1077                 }
1078                 size =
1079                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1080                     (length) * sizeof(byte_t) +
1081                     sizeof(struct arm_request_response);
1082                 req->data = kmalloc(size, GFP_ATOMIC);
1083                 if (!(req->data)) {
1084                         free_pending_request(req);
1085                         DBGMSG("arm_write -> rcode_conflict_error");
1086                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1087                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1088                                                            The request may be retried */
1089                 }
1090                 req->free_data = 1;
1091                 req->file_info = fi;
1092                 req->req.type = RAW1394_REQ_ARM;
1093                 req->req.generation = get_hpsb_generation(host);
1094                 req->req.misc =
1095                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1096                 req->req.tag = arm_addr->arm_tag;
1097                 req->req.recvb = arm_addr->recvb;
1098                 req->req.length = size;
1099                 arm_req_resp = (struct arm_request_response *)(req->data);
1100                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1101                                                  (sizeof
1102                                                   (struct
1103                                                    arm_request_response)));
1104                 arm_resp =
1105                     (struct arm_response *)((byte_t *) (arm_req) +
1106                                             (sizeof(struct arm_request)));
1107                 arm_resp->buffer = NULL;
1108                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1109                        data, length);
1110                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1111                                           sizeof(struct arm_request_response) +
1112                                           sizeof(struct arm_request) +
1113                                           sizeof(struct arm_response));
1114                 arm_req->buffer_length = length;
1115                 arm_req->generation = req->req.generation;
1116                 arm_req->extended_transaction_code = 0;
1117                 arm_req->destination_offset = addr;
1118                 arm_req->source_nodeid = nodeid;
1119                 arm_req->destination_nodeid = destid;
1120                 arm_req->tlabel = (flags >> 10) & 0x3f;
1121                 arm_req->tcode = (flags >> 4) & 0x0f;
1122                 arm_resp->buffer_length = 0;
1123                 arm_resp->response_code = rcode;
1124                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1125                                                 sizeof(struct
1126                                                        arm_request_response));
1127                 arm_req_resp->response =
1128                     int2ptr((arm_addr->recvb) +
1129                             sizeof(struct arm_request_response) +
1130                             sizeof(struct arm_request));
1131                 queue_complete_req(req);
1132         }
1133         spin_unlock_irqrestore(&host_info_lock, irqflags);
1134         return (rcode);
1135 }
1136
1137 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1138                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1139                     u16 flags)
1140 {
1141         unsigned long irqflags;
1142         struct pending_request *req;
1143         struct host_info *hi;
1144         struct file_info *fi = NULL;
1145         struct list_head *entry;
1146         struct arm_addr *arm_addr = NULL;
1147         struct arm_request *arm_req = NULL;
1148         struct arm_response *arm_resp = NULL;
1149         int found = 0, size = 0, rcode = -1;
1150         quadlet_t old, new;
1151         struct arm_request_response *arm_req_resp = NULL;
1152
1153         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1154             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1155                 DBGMSG("arm_lock  called by node: %X "
1156                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1157                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1158                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1159                        be32_to_cpu(data));
1160         } else {
1161                 DBGMSG("arm_lock  called by node: %X "
1162                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1163                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1164                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1165                        be32_to_cpu(data), be32_to_cpu(arg));
1166         }
1167         spin_lock_irqsave(&host_info_lock, irqflags);
1168         hi = find_host_info(host);      /* search address-entry */
1169         if (hi != NULL) {
1170                 list_for_each_entry(fi, &hi->file_info_list, list) {
1171                         entry = fi->addr_list.next;
1172                         while (entry != &(fi->addr_list)) {
1173                                 arm_addr =
1174                                     list_entry(entry, struct arm_addr,
1175                                                addr_list);
1176                                 if (((arm_addr->start) <= (addr))
1177                                     && ((arm_addr->end) >=
1178                                         (addr + sizeof(*store)))) {
1179                                         found = 1;
1180                                         break;
1181                                 }
1182                                 entry = entry->next;
1183                         }
1184                         if (found) {
1185                                 break;
1186                         }
1187                 }
1188         }
1189         rcode = -1;
1190         if (!found) {
1191                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1192                        " -> rcode_address_error\n");
1193                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1194                 return (RCODE_ADDRESS_ERROR);
1195         } else {
1196                 DBGMSG("arm_lock addr_entry FOUND");
1197         }
1198         if (rcode == -1) {
1199                 if (arm_addr->access_rights & ARM_LOCK) {
1200                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1201                                 memcpy(&old,
1202                                        (arm_addr->addr_space_buffer) + (addr -
1203                                                                         (arm_addr->
1204                                                                          start)),
1205                                        sizeof(old));
1206                                 switch (ext_tcode) {
1207                                 case (EXTCODE_MASK_SWAP):
1208                                         new = data | (old & ~arg);
1209                                         break;
1210                                 case (EXTCODE_COMPARE_SWAP):
1211                                         if (old == arg) {
1212                                                 new = data;
1213                                         } else {
1214                                                 new = old;
1215                                         }
1216                                         break;
1217                                 case (EXTCODE_FETCH_ADD):
1218                                         new =
1219                                             cpu_to_be32(be32_to_cpu(data) +
1220                                                         be32_to_cpu(old));
1221                                         break;
1222                                 case (EXTCODE_LITTLE_ADD):
1223                                         new =
1224                                             cpu_to_le32(le32_to_cpu(data) +
1225                                                         le32_to_cpu(old));
1226                                         break;
1227                                 case (EXTCODE_BOUNDED_ADD):
1228                                         if (old != arg) {
1229                                                 new =
1230                                                     cpu_to_be32(be32_to_cpu
1231                                                                 (data) +
1232                                                                 be32_to_cpu
1233                                                                 (old));
1234                                         } else {
1235                                                 new = old;
1236                                         }
1237                                         break;
1238                                 case (EXTCODE_WRAP_ADD):
1239                                         if (old != arg) {
1240                                                 new =
1241                                                     cpu_to_be32(be32_to_cpu
1242                                                                 (data) +
1243                                                                 be32_to_cpu
1244                                                                 (old));
1245                                         } else {
1246                                                 new = data;
1247                                         }
1248                                         break;
1249                                 default:
1250                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1251                                         printk(KERN_ERR
1252                                                "raw1394: arm_lock FAILED "
1253                                                "ext_tcode not allowed -> rcode_type_error\n");
1254                                         break;
1255                                 }       /*switch */
1256                                 if (rcode == -1) {
1257                                         DBGMSG("arm_lock -> (rcode_complete)");
1258                                         rcode = RCODE_COMPLETE;
1259                                         memcpy(store, &old, sizeof(*store));
1260                                         memcpy((arm_addr->addr_space_buffer) +
1261                                                (addr - (arm_addr->start)),
1262                                                &new, sizeof(*store));
1263                                 }
1264                         }
1265                 } else {
1266                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1267                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1268                 }
1269         }
1270         if (arm_addr->notification_options & ARM_LOCK) {
1271                 byte_t *buf1, *buf2;
1272                 DBGMSG("arm_lock -> entering notification-section");
1273                 req = __alloc_pending_request(GFP_ATOMIC);
1274                 if (!req) {
1275                         DBGMSG("arm_lock -> rcode_conflict_error");
1276                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1277                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1278                                                            The request may be retried */
1279                 }
1280                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1281                 req->data = kmalloc(size, GFP_ATOMIC);
1282                 if (!(req->data)) {
1283                         free_pending_request(req);
1284                         DBGMSG("arm_lock -> rcode_conflict_error");
1285                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1286                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1287                                                            The request may be retried */
1288                 }
1289                 req->free_data = 1;
1290                 arm_req_resp = (struct arm_request_response *)(req->data);
1291                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1292                                                  (sizeof
1293                                                   (struct
1294                                                    arm_request_response)));
1295                 arm_resp =
1296                     (struct arm_response *)((byte_t *) (arm_req) +
1297                                             (sizeof(struct arm_request)));
1298                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1299                 buf2 = buf1 + 2 * sizeof(*store);
1300                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1301                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1302                         arm_req->buffer_length = sizeof(*store);
1303                         memcpy(buf1, &data, sizeof(*store));
1304
1305                 } else {
1306                         arm_req->buffer_length = 2 * sizeof(*store);
1307                         memcpy(buf1, &arg, sizeof(*store));
1308                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1309                 }
1310                 if (rcode == RCODE_COMPLETE) {
1311                         arm_resp->buffer_length = sizeof(*store);
1312                         memcpy(buf2, &old, sizeof(*store));
1313                 } else {
1314                         arm_resp->buffer_length = 0;
1315                 }
1316                 req->file_info = fi;
1317                 req->req.type = RAW1394_REQ_ARM;
1318                 req->req.generation = get_hpsb_generation(host);
1319                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1320                                  (ARM_LOCK & 0xFF));
1321                 req->req.tag = arm_addr->arm_tag;
1322                 req->req.recvb = arm_addr->recvb;
1323                 req->req.length = size;
1324                 arm_req->generation = req->req.generation;
1325                 arm_req->extended_transaction_code = ext_tcode;
1326                 arm_req->destination_offset = addr;
1327                 arm_req->source_nodeid = nodeid;
1328                 arm_req->destination_nodeid = host->node_id;
1329                 arm_req->tlabel = (flags >> 10) & 0x3f;
1330                 arm_req->tcode = (flags >> 4) & 0x0f;
1331                 arm_resp->response_code = rcode;
1332                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1333                                                 sizeof(struct
1334                                                        arm_request_response));
1335                 arm_req_resp->response =
1336                     int2ptr((arm_addr->recvb) +
1337                             sizeof(struct arm_request_response) +
1338                             sizeof(struct arm_request));
1339                 arm_req->buffer =
1340                     int2ptr((arm_addr->recvb) +
1341                             sizeof(struct arm_request_response) +
1342                             sizeof(struct arm_request) +
1343                             sizeof(struct arm_response));
1344                 arm_resp->buffer =
1345                     int2ptr((arm_addr->recvb) +
1346                             sizeof(struct arm_request_response) +
1347                             sizeof(struct arm_request) +
1348                             sizeof(struct arm_response) + 2 * sizeof(*store));
1349                 queue_complete_req(req);
1350         }
1351         spin_unlock_irqrestore(&host_info_lock, irqflags);
1352         return (rcode);
1353 }
1354
1355 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1356                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1357                       u16 flags)
1358 {
1359         unsigned long irqflags;
1360         struct pending_request *req;
1361         struct host_info *hi;
1362         struct file_info *fi = NULL;
1363         struct list_head *entry;
1364         struct arm_addr *arm_addr = NULL;
1365         struct arm_request *arm_req = NULL;
1366         struct arm_response *arm_resp = NULL;
1367         int found = 0, size = 0, rcode = -1;
1368         octlet_t old, new;
1369         struct arm_request_response *arm_req_resp = NULL;
1370
1371         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1372             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1373                 DBGMSG("arm_lock64 called by node: %X "
1374                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1375                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1376                        (u32) (addr & 0xFFFFFFFF),
1377                        ext_tcode & 0xFF,
1378                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1379                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1380         } else {
1381                 DBGMSG("arm_lock64 called by node: %X "
1382                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1383                        "%8.8X %8.8X ",
1384                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1385                        (u32) (addr & 0xFFFFFFFF),
1386                        ext_tcode & 0xFF,
1387                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1388                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1389                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1390                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1391         }
1392         spin_lock_irqsave(&host_info_lock, irqflags);
1393         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1394         if (hi != NULL) {
1395                 list_for_each_entry(fi, &hi->file_info_list, list) {
1396                         entry = fi->addr_list.next;
1397                         while (entry != &(fi->addr_list)) {
1398                                 arm_addr =
1399                                     list_entry(entry, struct arm_addr,
1400                                                addr_list);
1401                                 if (((arm_addr->start) <= (addr))
1402                                     && ((arm_addr->end) >=
1403                                         (addr + sizeof(*store)))) {
1404                                         found = 1;
1405                                         break;
1406                                 }
1407                                 entry = entry->next;
1408                         }
1409                         if (found) {
1410                                 break;
1411                         }
1412                 }
1413         }
1414         rcode = -1;
1415         if (!found) {
1416                 printk(KERN_ERR
1417                        "raw1394: arm_lock64 FAILED addr_entry not found"
1418                        " -> rcode_address_error\n");
1419                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1420                 return (RCODE_ADDRESS_ERROR);
1421         } else {
1422                 DBGMSG("arm_lock64 addr_entry FOUND");
1423         }
1424         if (rcode == -1) {
1425                 if (arm_addr->access_rights & ARM_LOCK) {
1426                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1427                                 memcpy(&old,
1428                                        (arm_addr->addr_space_buffer) + (addr -
1429                                                                         (arm_addr->
1430                                                                          start)),
1431                                        sizeof(old));
1432                                 switch (ext_tcode) {
1433                                 case (EXTCODE_MASK_SWAP):
1434                                         new = data | (old & ~arg);
1435                                         break;
1436                                 case (EXTCODE_COMPARE_SWAP):
1437                                         if (old == arg) {
1438                                                 new = data;
1439                                         } else {
1440                                                 new = old;
1441                                         }
1442                                         break;
1443                                 case (EXTCODE_FETCH_ADD):
1444                                         new =
1445                                             cpu_to_be64(be64_to_cpu(data) +
1446                                                         be64_to_cpu(old));
1447                                         break;
1448                                 case (EXTCODE_LITTLE_ADD):
1449                                         new =
1450                                             cpu_to_le64(le64_to_cpu(data) +
1451                                                         le64_to_cpu(old));
1452                                         break;
1453                                 case (EXTCODE_BOUNDED_ADD):
1454                                         if (old != arg) {
1455                                                 new =
1456                                                     cpu_to_be64(be64_to_cpu
1457                                                                 (data) +
1458                                                                 be64_to_cpu
1459                                                                 (old));
1460                                         } else {
1461                                                 new = old;
1462                                         }
1463                                         break;
1464                                 case (EXTCODE_WRAP_ADD):
1465                                         if (old != arg) {
1466                                                 new =
1467                                                     cpu_to_be64(be64_to_cpu
1468                                                                 (data) +
1469                                                                 be64_to_cpu
1470                                                                 (old));
1471                                         } else {
1472                                                 new = data;
1473                                         }
1474                                         break;
1475                                 default:
1476                                         printk(KERN_ERR
1477                                                "raw1394: arm_lock64 FAILED "
1478                                                "ext_tcode not allowed -> rcode_type_error\n");
1479                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1480                                         break;
1481                                 }       /*switch */
1482                                 if (rcode == -1) {
1483                                         DBGMSG
1484                                             ("arm_lock64 -> (rcode_complete)");
1485                                         rcode = RCODE_COMPLETE;
1486                                         memcpy(store, &old, sizeof(*store));
1487                                         memcpy((arm_addr->addr_space_buffer) +
1488                                                (addr - (arm_addr->start)),
1489                                                &new, sizeof(*store));
1490                                 }
1491                         }
1492                 } else {
1493                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1494                         DBGMSG
1495                             ("arm_lock64 -> rcode_type_error (access denied)");
1496                 }
1497         }
1498         if (arm_addr->notification_options & ARM_LOCK) {
1499                 byte_t *buf1, *buf2;
1500                 DBGMSG("arm_lock64 -> entering notification-section");
1501                 req = __alloc_pending_request(GFP_ATOMIC);
1502                 if (!req) {
1503                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1504                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1505                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1506                                                            The request may be retried */
1507                 }
1508                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1509                 req->data = kmalloc(size, GFP_ATOMIC);
1510                 if (!(req->data)) {
1511                         free_pending_request(req);
1512                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1513                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1514                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1515                                                            The request may be retried */
1516                 }
1517                 req->free_data = 1;
1518                 arm_req_resp = (struct arm_request_response *)(req->data);
1519                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1520                                                  (sizeof
1521                                                   (struct
1522                                                    arm_request_response)));
1523                 arm_resp =
1524                     (struct arm_response *)((byte_t *) (arm_req) +
1525                                             (sizeof(struct arm_request)));
1526                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1527                 buf2 = buf1 + 2 * sizeof(*store);
1528                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1529                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1530                         arm_req->buffer_length = sizeof(*store);
1531                         memcpy(buf1, &data, sizeof(*store));
1532
1533                 } else {
1534                         arm_req->buffer_length = 2 * sizeof(*store);
1535                         memcpy(buf1, &arg, sizeof(*store));
1536                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1537                 }
1538                 if (rcode == RCODE_COMPLETE) {
1539                         arm_resp->buffer_length = sizeof(*store);
1540                         memcpy(buf2, &old, sizeof(*store));
1541                 } else {
1542                         arm_resp->buffer_length = 0;
1543                 }
1544                 req->file_info = fi;
1545                 req->req.type = RAW1394_REQ_ARM;
1546                 req->req.generation = get_hpsb_generation(host);
1547                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1548                                  (ARM_LOCK & 0xFF));
1549                 req->req.tag = arm_addr->arm_tag;
1550                 req->req.recvb = arm_addr->recvb;
1551                 req->req.length = size;
1552                 arm_req->generation = req->req.generation;
1553                 arm_req->extended_transaction_code = ext_tcode;
1554                 arm_req->destination_offset = addr;
1555                 arm_req->source_nodeid = nodeid;
1556                 arm_req->destination_nodeid = host->node_id;
1557                 arm_req->tlabel = (flags >> 10) & 0x3f;
1558                 arm_req->tcode = (flags >> 4) & 0x0f;
1559                 arm_resp->response_code = rcode;
1560                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1561                                                 sizeof(struct
1562                                                        arm_request_response));
1563                 arm_req_resp->response =
1564                     int2ptr((arm_addr->recvb) +
1565                             sizeof(struct arm_request_response) +
1566                             sizeof(struct arm_request));
1567                 arm_req->buffer =
1568                     int2ptr((arm_addr->recvb) +
1569                             sizeof(struct arm_request_response) +
1570                             sizeof(struct arm_request) +
1571                             sizeof(struct arm_response));
1572                 arm_resp->buffer =
1573                     int2ptr((arm_addr->recvb) +
1574                             sizeof(struct arm_request_response) +
1575                             sizeof(struct arm_request) +
1576                             sizeof(struct arm_response) + 2 * sizeof(*store));
1577                 queue_complete_req(req);
1578         }
1579         spin_unlock_irqrestore(&host_info_lock, irqflags);
1580         return (rcode);
1581 }
1582
1583 static int arm_register(struct file_info *fi, struct pending_request *req)
1584 {
1585         int retval;
1586         struct arm_addr *addr;
1587         struct host_info *hi;
1588         struct file_info *fi_hlp = NULL;
1589         struct list_head *entry;
1590         struct arm_addr *arm_addr = NULL;
1591         int same_host, another_host;
1592         unsigned long flags;
1593
1594         DBGMSG("arm_register called "
1595                "addr(Offset): %8.8x %8.8x length: %u "
1596                "rights: %2.2X notify: %2.2X "
1597                "max_blk_len: %4.4X",
1598                (u32) ((req->req.address >> 32) & 0xFFFF),
1599                (u32) (req->req.address & 0xFFFFFFFF),
1600                req->req.length, ((req->req.misc >> 8) & 0xFF),
1601                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1602         /* check addressrange */
1603         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1604             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1605              0)) {
1606                 req->req.length = 0;
1607                 return (-EINVAL);
1608         }
1609         /* addr-list-entry for fileinfo */
1610         addr = kmalloc(sizeof(*addr), GFP_KERNEL);
1611         if (!addr) {
1612                 req->req.length = 0;
1613                 return (-ENOMEM);
1614         }
1615         /* allocation of addr_space_buffer */
1616         addr->addr_space_buffer = vmalloc(req->req.length);
1617         if (!(addr->addr_space_buffer)) {
1618                 kfree(addr);
1619                 req->req.length = 0;
1620                 return (-ENOMEM);
1621         }
1622         /* initialization of addr_space_buffer */
1623         if ((req->req.sendb) == (unsigned long)NULL) {
1624                 /* init: set 0 */
1625                 memset(addr->addr_space_buffer, 0, req->req.length);
1626         } else {
1627                 /* init: user -> kernel */
1628                 if (copy_from_user
1629                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1630                      req->req.length)) {
1631                         vfree(addr->addr_space_buffer);
1632                         kfree(addr);
1633                         return (-EFAULT);
1634                 }
1635         }
1636         INIT_LIST_HEAD(&addr->addr_list);
1637         addr->arm_tag = req->req.tag;
1638         addr->start = req->req.address;
1639         addr->end = req->req.address + req->req.length;
1640         addr->access_rights = (u8) (req->req.misc & 0x0F);
1641         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1642         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1643         addr->access_rights |= addr->client_transactions;
1644         addr->notification_options |= addr->client_transactions;
1645         addr->recvb = req->req.recvb;
1646         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1647
1648         spin_lock_irqsave(&host_info_lock, flags);
1649         hi = find_host_info(fi->host);
1650         same_host = 0;
1651         another_host = 0;
1652         /* same host with address-entry containing same addressrange ? */
1653         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1654                 entry = fi_hlp->addr_list.next;
1655                 while (entry != &(fi_hlp->addr_list)) {
1656                         arm_addr =
1657                             list_entry(entry, struct arm_addr, addr_list);
1658                         if ((arm_addr->start == addr->start)
1659                             && (arm_addr->end == addr->end)) {
1660                                 DBGMSG("same host ownes same "
1661                                        "addressrange -> EALREADY");
1662                                 same_host = 1;
1663                                 break;
1664                         }
1665                         entry = entry->next;
1666                 }
1667                 if (same_host) {
1668                         break;
1669                 }
1670         }
1671         if (same_host) {
1672                 /* addressrange occupied by same host */
1673                 spin_unlock_irqrestore(&host_info_lock, flags);
1674                 vfree(addr->addr_space_buffer);
1675                 kfree(addr);
1676                 return (-EALREADY);
1677         }
1678         /* another host with valid address-entry containing same addressrange */
1679         list_for_each_entry(hi, &host_info_list, list) {
1680                 if (hi->host != fi->host) {
1681                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1682                                 entry = fi_hlp->addr_list.next;
1683                                 while (entry != &(fi_hlp->addr_list)) {
1684                                         arm_addr =
1685                                             list_entry(entry, struct arm_addr,
1686                                                        addr_list);
1687                                         if ((arm_addr->start == addr->start)
1688                                             && (arm_addr->end == addr->end)) {
1689                                                 DBGMSG
1690                                                     ("another host ownes same "
1691                                                      "addressrange");
1692                                                 another_host = 1;
1693                                                 break;
1694                                         }
1695                                         entry = entry->next;
1696                                 }
1697                                 if (another_host) {
1698                                         break;
1699                                 }
1700                         }
1701                 }
1702         }
1703         spin_unlock_irqrestore(&host_info_lock, flags);
1704
1705         if (another_host) {
1706                 DBGMSG("another hosts entry is valid -> SUCCESS");
1707                 if (copy_to_user(int2ptr(req->req.recvb),
1708                                  &addr->start, sizeof(u64))) {
1709                         printk(KERN_ERR "raw1394: arm_register failed "
1710                                " address-range-entry is invalid -> EFAULT !!!\n");
1711                         vfree(addr->addr_space_buffer);
1712                         kfree(addr);
1713                         return (-EFAULT);
1714                 }
1715                 free_pending_request(req);      /* immediate success or fail */
1716                 /* INSERT ENTRY */
1717                 spin_lock_irqsave(&host_info_lock, flags);
1718                 list_add_tail(&addr->addr_list, &fi->addr_list);
1719                 spin_unlock_irqrestore(&host_info_lock, flags);
1720                 return 0;
1721         }
1722         retval =
1723             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1724                                     req->req.address,
1725                                     req->req.address + req->req.length);
1726         if (retval) {
1727                 /* INSERT ENTRY */
1728                 spin_lock_irqsave(&host_info_lock, flags);
1729                 list_add_tail(&addr->addr_list, &fi->addr_list);
1730                 spin_unlock_irqrestore(&host_info_lock, flags);
1731         } else {
1732                 DBGMSG("arm_register failed errno: %d \n", retval);
1733                 vfree(addr->addr_space_buffer);
1734                 kfree(addr);
1735                 return (-EALREADY);
1736         }
1737         free_pending_request(req);      /* immediate success or fail */
1738         return 0;
1739 }
1740
1741 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1742 {
1743         int found = 0;
1744         int retval = 0;
1745         struct list_head *entry;
1746         struct arm_addr *addr = NULL;
1747         struct host_info *hi;
1748         struct file_info *fi_hlp = NULL;
1749         struct arm_addr *arm_addr = NULL;
1750         int another_host;
1751         unsigned long flags;
1752
1753         DBGMSG("arm_Unregister called addr(Offset): "
1754                "%8.8x %8.8x",
1755                (u32) ((req->req.address >> 32) & 0xFFFF),
1756                (u32) (req->req.address & 0xFFFFFFFF));
1757         spin_lock_irqsave(&host_info_lock, flags);
1758         /* get addr */
1759         entry = fi->addr_list.next;
1760         while (entry != &(fi->addr_list)) {
1761                 addr = list_entry(entry, struct arm_addr, addr_list);
1762                 if (addr->start == req->req.address) {
1763                         found = 1;
1764                         break;
1765                 }
1766                 entry = entry->next;
1767         }
1768         if (!found) {
1769                 DBGMSG("arm_Unregister addr not found");
1770                 spin_unlock_irqrestore(&host_info_lock, flags);
1771                 return (-EINVAL);
1772         }
1773         DBGMSG("arm_Unregister addr found");
1774         another_host = 0;
1775         /* another host with valid address-entry containing
1776            same addressrange */
1777         list_for_each_entry(hi, &host_info_list, list) {
1778                 if (hi->host != fi->host) {
1779                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1780                                 entry = fi_hlp->addr_list.next;
1781                                 while (entry != &(fi_hlp->addr_list)) {
1782                                         arm_addr = list_entry(entry,
1783                                                               struct arm_addr,
1784                                                               addr_list);
1785                                         if (arm_addr->start == addr->start) {
1786                                                 DBGMSG("another host ownes "
1787                                                        "same addressrange");
1788                                                 another_host = 1;
1789                                                 break;
1790                                         }
1791                                         entry = entry->next;
1792                                 }
1793                                 if (another_host) {
1794                                         break;
1795                                 }
1796                         }
1797                 }
1798         }
1799         if (another_host) {
1800                 DBGMSG("delete entry from list -> success");
1801                 list_del(&addr->addr_list);
1802                 spin_unlock_irqrestore(&host_info_lock, flags);
1803                 vfree(addr->addr_space_buffer);
1804                 kfree(addr);
1805                 free_pending_request(req);      /* immediate success or fail */
1806                 return 0;
1807         }
1808         retval =
1809             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1810                                       addr->start);
1811         if (!retval) {
1812                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1813                 spin_unlock_irqrestore(&host_info_lock, flags);
1814                 return (-EINVAL);
1815         }
1816         DBGMSG("delete entry from list -> success");
1817         list_del(&addr->addr_list);
1818         spin_unlock_irqrestore(&host_info_lock, flags);
1819         vfree(addr->addr_space_buffer);
1820         kfree(addr);
1821         free_pending_request(req);      /* immediate success or fail */
1822         return 0;
1823 }
1824
1825 /* Copy data from ARM buffer(s) to user buffer. */
1826 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1827 {
1828         struct arm_addr *arm_addr = NULL;
1829         unsigned long flags;
1830         unsigned long offset;
1831
1832         struct list_head *entry;
1833
1834         DBGMSG("arm_get_buf "
1835                "addr(Offset): %04X %08X length: %u",
1836                (u32) ((req->req.address >> 32) & 0xFFFF),
1837                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1838
1839         spin_lock_irqsave(&host_info_lock, flags);
1840         entry = fi->addr_list.next;
1841         while (entry != &(fi->addr_list)) {
1842                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1843                 if ((arm_addr->start <= req->req.address) &&
1844                     (arm_addr->end > req->req.address)) {
1845                         if (req->req.address + req->req.length <= arm_addr->end) {
1846                                 offset = req->req.address - arm_addr->start;
1847                                 spin_unlock_irqrestore(&host_info_lock, flags);
1848
1849                                 DBGMSG
1850                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1851                                      (u32) req->req.recvb,
1852                                      arm_addr->addr_space_buffer + offset,
1853                                      (u32) req->req.length);
1854                                 if (copy_to_user
1855                                     (int2ptr(req->req.recvb),
1856                                      arm_addr->addr_space_buffer + offset,
1857                                      req->req.length))
1858                                         return (-EFAULT);
1859
1860                                 /* We have to free the request, because we
1861                                  * queue no response, and therefore nobody
1862                                  * will free it. */
1863                                 free_pending_request(req);
1864                                 return 0;
1865                         } else {
1866                                 DBGMSG("arm_get_buf request exceeded mapping");
1867                                 spin_unlock_irqrestore(&host_info_lock, flags);
1868                                 return (-EINVAL);
1869                         }
1870                 }
1871                 entry = entry->next;
1872         }
1873         spin_unlock_irqrestore(&host_info_lock, flags);
1874         return (-EINVAL);
1875 }
1876
1877 /* Copy data from user buffer to ARM buffer(s). */
1878 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1879 {
1880         struct arm_addr *arm_addr = NULL;
1881         unsigned long flags;
1882         unsigned long offset;
1883
1884         struct list_head *entry;
1885
1886         DBGMSG("arm_set_buf "
1887                "addr(Offset): %04X %08X length: %u",
1888                (u32) ((req->req.address >> 32) & 0xFFFF),
1889                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1890
1891         spin_lock_irqsave(&host_info_lock, flags);
1892         entry = fi->addr_list.next;
1893         while (entry != &(fi->addr_list)) {
1894                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1895                 if ((arm_addr->start <= req->req.address) &&
1896                     (arm_addr->end > req->req.address)) {
1897                         if (req->req.address + req->req.length <= arm_addr->end) {
1898                                 offset = req->req.address - arm_addr->start;
1899                                 spin_unlock_irqrestore(&host_info_lock, flags);
1900
1901                                 DBGMSG
1902                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
1903                                      arm_addr->addr_space_buffer + offset,
1904                                      (u32) req->req.sendb,
1905                                      (u32) req->req.length);
1906                                 if (copy_from_user
1907                                     (arm_addr->addr_space_buffer + offset,
1908                                      int2ptr(req->req.sendb),
1909                                      req->req.length))
1910                                         return (-EFAULT);
1911
1912                                 /* We have to free the request, because we
1913                                  * queue no response, and therefore nobody
1914                                  * will free it. */
1915                                 free_pending_request(req);
1916                                 return 0;
1917                         } else {
1918                                 DBGMSG("arm_set_buf request exceeded mapping");
1919                                 spin_unlock_irqrestore(&host_info_lock, flags);
1920                                 return (-EINVAL);
1921                         }
1922                 }
1923                 entry = entry->next;
1924         }
1925         spin_unlock_irqrestore(&host_info_lock, flags);
1926         return (-EINVAL);
1927 }
1928
1929 static int reset_notification(struct file_info *fi, struct pending_request *req)
1930 {
1931         DBGMSG("reset_notification called - switch %s ",
1932                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
1933         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
1934             (req->req.misc == RAW1394_NOTIFY_ON)) {
1935                 fi->notification = (u8) req->req.misc;
1936                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1937                 return 0;
1938         }
1939         /* error EINVAL (22) invalid argument */
1940         return (-EINVAL);
1941 }
1942
1943 static int write_phypacket(struct file_info *fi, struct pending_request *req)
1944 {
1945         struct hpsb_packet *packet = NULL;
1946         int retval = 0;
1947         quadlet_t data;
1948         unsigned long flags;
1949
1950         data = be32_to_cpu((u32) req->req.sendb);
1951         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
1952         packet = hpsb_make_phypacket(fi->host, data);
1953         if (!packet)
1954                 return -ENOMEM;
1955         req->req.length = 0;
1956         req->packet = packet;
1957         hpsb_set_packet_complete_task(packet,
1958                                       (void (*)(void *))queue_complete_cb, req);
1959         spin_lock_irqsave(&fi->reqlists_lock, flags);
1960         list_add_tail(&req->list, &fi->req_pending);
1961         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
1962         packet->generation = req->req.generation;
1963         retval = hpsb_send_packet(packet);
1964         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
1965         if (retval < 0) {
1966                 req->req.error = RAW1394_ERROR_SEND_ERROR;
1967                 req->req.length = 0;
1968                 queue_complete_req(req);
1969         }
1970         return 0;
1971 }
1972
1973 static int get_config_rom(struct file_info *fi, struct pending_request *req)
1974 {
1975         int ret = 0;
1976         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
1977         int status;
1978
1979         if (!data)
1980                 return -ENOMEM;
1981
1982         status =
1983             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
1984                          data, req->req.length);
1985         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
1986                 ret = -EFAULT;
1987         if (copy_to_user
1988             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
1989              sizeof(fi->host->csr.rom->cache_head->len)))
1990                 ret = -EFAULT;
1991         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
1992                          sizeof(fi->host->csr.generation)))
1993                 ret = -EFAULT;
1994         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
1995                 ret = -EFAULT;
1996         kfree(data);
1997         if (ret >= 0) {
1998                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
1999         }
2000         return ret;
2001 }
2002
2003 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2004 {
2005         int ret = 0;
2006         quadlet_t *data = kmalloc(req->req.length, GFP_KERNEL);
2007         if (!data)
2008                 return -ENOMEM;
2009         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2010                 ret = -EFAULT;
2011         } else {
2012                 int status = hpsb_update_config_rom(fi->host,
2013                                                     data, req->req.length,
2014                                                     (unsigned char)req->req.
2015                                                     misc);
2016                 if (copy_to_user
2017                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2018                         ret = -ENOMEM;
2019         }
2020         kfree(data);
2021         if (ret >= 0) {
2022                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2023                 fi->cfgrom_upd = 1;
2024         }
2025         return ret;
2026 }
2027
2028 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2029 {
2030         struct csr1212_keyval *kv;
2031         struct csr1212_csr_rom_cache *cache;
2032         struct csr1212_dentry *dentry;
2033         u32 dr;
2034         int ret = 0;
2035
2036         if (req->req.misc == ~0) {
2037                 if (req->req.length == 0)
2038                         return -EINVAL;
2039
2040                 /* Find an unused slot */
2041                 for (dr = 0;
2042                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2043                      dr++) ;
2044
2045                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2046                         return -ENOMEM;
2047
2048                 fi->csr1212_dirs[dr] =
2049                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2050                 if (!fi->csr1212_dirs[dr])
2051                         return -ENOMEM;
2052         } else {
2053                 dr = req->req.misc;
2054                 if (!fi->csr1212_dirs[dr])
2055                         return -EINVAL;
2056
2057                 /* Delete old stuff */
2058                 for (dentry =
2059                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2060                      dentry; dentry = dentry->next) {
2061                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2062                                                              root_kv,
2063                                                              dentry->kv);
2064                 }
2065
2066                 if (req->req.length == 0) {
2067                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2068                         fi->csr1212_dirs[dr] = NULL;
2069
2070                         hpsb_update_config_rom_image(fi->host);
2071                         free_pending_request(req);
2072                         return 0;
2073                 }
2074         }
2075
2076         cache = csr1212_rom_cache_malloc(0, req->req.length);
2077         if (!cache) {
2078                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2079                 fi->csr1212_dirs[dr] = NULL;
2080                 return -ENOMEM;
2081         }
2082
2083         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2084         if (!cache->filled_head) {
2085                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2086                 fi->csr1212_dirs[dr] = NULL;
2087                 CSR1212_FREE(cache);
2088                 return -ENOMEM;
2089         }
2090         cache->filled_tail = cache->filled_head;
2091
2092         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2093                            req->req.length)) {
2094                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2095                 fi->csr1212_dirs[dr] = NULL;
2096                 ret = -EFAULT;
2097         } else {
2098                 cache->len = req->req.length;
2099                 cache->filled_head->offset_start = 0;
2100                 cache->filled_head->offset_end = cache->size - 1;
2101
2102                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2103
2104                 ret = CSR1212_SUCCESS;
2105                 /* parse all the items */
2106                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2107                      kv = kv->next) {
2108                         ret = csr1212_parse_keyval(kv, cache);
2109                 }
2110
2111                 /* attach top level items to the root directory */
2112                 for (dentry =
2113                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2114                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2115                         ret =
2116                             csr1212_attach_keyval_to_directory(fi->host->csr.
2117                                                                rom->root_kv,
2118                                                                dentry->kv);
2119                 }
2120
2121                 if (ret == CSR1212_SUCCESS) {
2122                         ret = hpsb_update_config_rom_image(fi->host);
2123
2124                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2125                                                      &dr, sizeof(dr))) {
2126                                 ret = -ENOMEM;
2127                         }
2128                 }
2129         }
2130         kfree(cache->filled_head);
2131         CSR1212_FREE(cache);
2132
2133         if (ret >= 0) {
2134                 /* we have to free the request, because we queue no response,
2135                  * and therefore nobody will free it */
2136                 free_pending_request(req);
2137                 return 0;
2138         } else {
2139                 for (dentry =
2140                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2141                      dentry; dentry = dentry->next) {
2142                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2143                                                              root_kv,
2144                                                              dentry->kv);
2145                 }
2146                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2147                 fi->csr1212_dirs[dr] = NULL;
2148                 return ret;
2149         }
2150 }
2151
2152 static int state_connected(struct file_info *fi, struct pending_request *req)
2153 {
2154         int node = req->req.address >> 48;
2155
2156         req->req.error = RAW1394_ERROR_NONE;
2157
2158         switch (req->req.type) {
2159
2160         case RAW1394_REQ_ECHO:
2161                 queue_complete_req(req);
2162                 return 0;
2163
2164         case RAW1394_REQ_ARM_REGISTER:
2165                 return arm_register(fi, req);
2166
2167         case RAW1394_REQ_ARM_UNREGISTER:
2168                 return arm_unregister(fi, req);
2169
2170         case RAW1394_REQ_ARM_SET_BUF:
2171                 return arm_set_buf(fi, req);
2172
2173         case RAW1394_REQ_ARM_GET_BUF:
2174                 return arm_get_buf(fi, req);
2175
2176         case RAW1394_REQ_RESET_NOTIFY:
2177                 return reset_notification(fi, req);
2178
2179         case RAW1394_REQ_ISO_SEND:
2180         case RAW1394_REQ_ISO_LISTEN:
2181                 printk(KERN_DEBUG "raw1394: old iso ABI has been removed\n");
2182                 req->req.error = RAW1394_ERROR_COMPAT;
2183                 req->req.misc = RAW1394_KERNELAPI_VERSION;
2184                 queue_complete_req(req);
2185                 return 0;
2186
2187         case RAW1394_REQ_FCP_LISTEN:
2188                 handle_fcp_listen(fi, req);
2189                 return 0;
2190
2191         case RAW1394_REQ_RESET_BUS:
2192                 if (req->req.misc == RAW1394_LONG_RESET) {
2193                         DBGMSG("busreset called (type: LONG)");
2194                         hpsb_reset_bus(fi->host, LONG_RESET);
2195                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2196                         return 0;
2197                 }
2198                 if (req->req.misc == RAW1394_SHORT_RESET) {
2199                         DBGMSG("busreset called (type: SHORT)");
2200                         hpsb_reset_bus(fi->host, SHORT_RESET);
2201                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2202                         return 0;
2203                 }
2204                 /* error EINVAL (22) invalid argument */
2205                 return (-EINVAL);
2206         case RAW1394_REQ_GET_ROM:
2207                 return get_config_rom(fi, req);
2208
2209         case RAW1394_REQ_UPDATE_ROM:
2210                 return update_config_rom(fi, req);
2211
2212         case RAW1394_REQ_MODIFY_ROM:
2213                 return modify_config_rom(fi, req);
2214         }
2215
2216         if (req->req.generation != get_hpsb_generation(fi->host)) {
2217                 req->req.error = RAW1394_ERROR_GENERATION;
2218                 req->req.generation = get_hpsb_generation(fi->host);
2219                 req->req.length = 0;
2220                 queue_complete_req(req);
2221                 return 0;
2222         }
2223
2224         switch (req->req.type) {
2225         case RAW1394_REQ_PHYPACKET:
2226                 return write_phypacket(fi, req);
2227         case RAW1394_REQ_ASYNC_SEND:
2228                 return handle_async_send(fi, req);
2229         }
2230
2231         if (req->req.length == 0) {
2232                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2233                 queue_complete_req(req);
2234                 return 0;
2235         }
2236
2237         return handle_async_request(fi, req, node);
2238 }
2239
2240 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2241                              size_t count, loff_t * offset_is_ignored)
2242 {
2243         struct file_info *fi = (struct file_info *)file->private_data;
2244         struct pending_request *req;
2245         ssize_t retval = -EBADFD;
2246
2247 #ifdef CONFIG_COMPAT
2248         if (count == sizeof(struct compat_raw1394_req) &&
2249             sizeof(struct compat_raw1394_req) !=
2250                         sizeof(struct raw1394_request)) {
2251                 buffer = raw1394_compat_write(buffer);
2252                 if (IS_ERR(buffer))
2253                         return PTR_ERR(buffer);
2254         } else
2255 #endif
2256         if (count != sizeof(struct raw1394_request)) {
2257                 return -EINVAL;
2258         }
2259
2260         req = alloc_pending_request();
2261         if (req == NULL) {
2262                 return -ENOMEM;
2263         }
2264         req->file_info = fi;
2265
2266         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2267                 free_pending_request(req);
2268                 return -EFAULT;
2269         }
2270
2271         if (!mutex_trylock(&fi->state_mutex))
2272                 return -EAGAIN;
2273
2274         switch (fi->state) {
2275         case opened:
2276                 retval = state_opened(fi, req);
2277                 break;
2278
2279         case initialized:
2280                 retval = state_initialized(fi, req);
2281                 break;
2282
2283         case connected:
2284                 retval = state_connected(fi, req);
2285                 break;
2286         }
2287
2288         mutex_unlock(&fi->state_mutex);
2289
2290         if (retval < 0) {
2291                 free_pending_request(req);
2292         } else {
2293                 BUG_ON(retval);
2294                 retval = count;
2295         }
2296
2297         return retval;
2298 }
2299
2300 /* rawiso operations */
2301
2302 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2303  * completion queue (reqlists_lock must be taken) */
2304 static inline int __rawiso_event_in_queue(struct file_info *fi)
2305 {
2306         struct pending_request *req;
2307
2308         list_for_each_entry(req, &fi->req_complete, list)
2309             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2310                 return 1;
2311
2312         return 0;
2313 }
2314
2315 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2316 static void queue_rawiso_event(struct file_info *fi)
2317 {
2318         unsigned long flags;
2319
2320         spin_lock_irqsave(&fi->reqlists_lock, flags);
2321
2322         /* only one ISO activity event may be in the queue */
2323         if (!__rawiso_event_in_queue(fi)) {
2324                 struct pending_request *req =
2325                     __alloc_pending_request(GFP_ATOMIC);
2326
2327                 if (req) {
2328                         req->file_info = fi;
2329                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2330                         req->req.generation = get_hpsb_generation(fi->host);
2331                         __queue_complete_req(req);
2332                 } else {
2333                         /* on allocation failure, signal an overflow */
2334                         if (fi->iso_handle) {
2335                                 atomic_inc(&fi->iso_handle->overflows);
2336                         }
2337                 }
2338         }
2339         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2340 }
2341
2342 static void rawiso_activity_cb(struct hpsb_iso *iso)
2343 {
2344         unsigned long flags;
2345         struct host_info *hi;
2346         struct file_info *fi;
2347
2348         spin_lock_irqsave(&host_info_lock, flags);
2349         hi = find_host_info(iso->host);
2350
2351         if (hi != NULL) {
2352                 list_for_each_entry(fi, &hi->file_info_list, list) {
2353                         if (fi->iso_handle == iso)
2354                                 queue_rawiso_event(fi);
2355                 }
2356         }
2357
2358         spin_unlock_irqrestore(&host_info_lock, flags);
2359 }
2360
2361 /* helper function - gather all the kernel iso status bits for returning to user-space */
2362 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2363                                     struct raw1394_iso_status *stat)
2364 {
2365         int overflows = atomic_read(&iso->overflows);
2366         int skips = atomic_read(&iso->skips);
2367
2368         stat->config.data_buf_size = iso->buf_size;
2369         stat->config.buf_packets = iso->buf_packets;
2370         stat->config.channel = iso->channel;
2371         stat->config.speed = iso->speed;
2372         stat->config.irq_interval = iso->irq_interval;
2373         stat->n_packets = hpsb_iso_n_ready(iso);
2374         stat->overflows = ((skips & 0xFFFF) << 16) | ((overflows & 0xFFFF));
2375         stat->xmit_cycle = iso->xmit_cycle;
2376 }
2377
2378 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2379 {
2380         struct raw1394_iso_status stat;
2381
2382         if (!fi->host)
2383                 return -EINVAL;
2384
2385         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2386                 return -EFAULT;
2387
2388         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2389                                             stat.config.data_buf_size,
2390                                             stat.config.buf_packets,
2391                                             stat.config.channel,
2392                                             stat.config.speed,
2393                                             stat.config.irq_interval,
2394                                             rawiso_activity_cb);
2395         if (!fi->iso_handle)
2396                 return -ENOMEM;
2397
2398         fi->iso_state = RAW1394_ISO_XMIT;
2399
2400         raw1394_iso_fill_status(fi->iso_handle, &stat);
2401         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2402                 return -EFAULT;
2403
2404         /* queue an event to get things started */
2405         rawiso_activity_cb(fi->iso_handle);
2406
2407         return 0;
2408 }
2409
2410 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2411 {
2412         struct raw1394_iso_status stat;
2413
2414         if (!fi->host)
2415                 return -EINVAL;
2416
2417         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2418                 return -EFAULT;
2419
2420         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2421                                             stat.config.data_buf_size,
2422                                             stat.config.buf_packets,
2423                                             stat.config.channel,
2424                                             stat.config.dma_mode,
2425                                             stat.config.irq_interval,
2426                                             rawiso_activity_cb);
2427         if (!fi->iso_handle)
2428                 return -ENOMEM;
2429
2430         fi->iso_state = RAW1394_ISO_RECV;
2431
2432         raw1394_iso_fill_status(fi->iso_handle, &stat);
2433         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2434                 return -EFAULT;
2435         return 0;
2436 }
2437
2438 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2439 {
2440         struct raw1394_iso_status stat;
2441         struct hpsb_iso *iso = fi->iso_handle;
2442
2443         raw1394_iso_fill_status(fi->iso_handle, &stat);
2444         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2445                 return -EFAULT;
2446
2447         /* reset overflow counter */
2448         atomic_set(&iso->overflows, 0);
2449         /* reset skip counter */
2450         atomic_set(&iso->skips, 0);
2451
2452         return 0;
2453 }
2454
2455 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2456 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2457 {
2458         struct raw1394_iso_packets upackets;
2459         unsigned int packet = fi->iso_handle->first_packet;
2460         int i;
2461
2462         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2463                 return -EFAULT;
2464
2465         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2466                 return -EINVAL;
2467
2468         /* ensure user-supplied buffer is accessible and big enough */
2469         if (!access_ok(VERIFY_WRITE, upackets.infos,
2470                        upackets.n_packets *
2471                        sizeof(struct raw1394_iso_packet_info)))
2472                 return -EFAULT;
2473
2474         /* copy the packet_infos out */
2475         for (i = 0; i < upackets.n_packets; i++) {
2476                 if (__copy_to_user(&upackets.infos[i],
2477                                    &fi->iso_handle->infos[packet],
2478                                    sizeof(struct raw1394_iso_packet_info)))
2479                         return -EFAULT;
2480
2481                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2482         }
2483
2484         return 0;
2485 }
2486
2487 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2488 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2489 {
2490         struct raw1394_iso_packets upackets;
2491         int i, rv;
2492
2493         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2494                 return -EFAULT;
2495
2496         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2497                 return -EINVAL;
2498
2499         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2500                 return -EAGAIN;
2501
2502         /* ensure user-supplied buffer is accessible and big enough */
2503         if (!access_ok(VERIFY_READ, upackets.infos,
2504                        upackets.n_packets *
2505                        sizeof(struct raw1394_iso_packet_info)))
2506                 return -EFAULT;
2507
2508         /* copy the infos structs in and queue the packets */
2509         for (i = 0; i < upackets.n_packets; i++) {
2510                 struct raw1394_iso_packet_info info;
2511
2512                 if (__copy_from_user(&info, &upackets.infos[i],
2513                                      sizeof(struct raw1394_iso_packet_info)))
2514                         return -EFAULT;
2515
2516                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2517                                                 info.len, info.tag, info.sy);
2518                 if (rv)
2519                         return rv;
2520         }
2521
2522         return 0;
2523 }
2524
2525 static void raw1394_iso_shutdown(struct file_info *fi)
2526 {
2527         if (fi->iso_handle)
2528                 hpsb_iso_shutdown(fi->iso_handle);
2529
2530         fi->iso_handle = NULL;
2531         fi->iso_state = RAW1394_ISO_INACTIVE;
2532 }
2533
2534 static int raw1394_read_cycle_timer(struct file_info *fi, void __user * uaddr)
2535 {
2536         struct raw1394_cycle_timer ct;
2537         int err;
2538
2539         err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2540         if (!err)
2541                 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2542                         err = -EFAULT;
2543         return err;
2544 }
2545
2546 /* mmap the rawiso xmit/recv buffer */
2547 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2548 {
2549         struct file_info *fi = file->private_data;
2550         int ret;
2551
2552         if (!mutex_trylock(&fi->state_mutex))
2553                 return -EAGAIN;
2554
2555         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2556                 ret = -EINVAL;
2557         else
2558                 ret = dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2559
2560         mutex_unlock(&fi->state_mutex);
2561
2562         return ret;
2563 }
2564
2565 static long raw1394_ioctl_inactive(struct file_info *fi, unsigned int cmd,
2566                                    void __user *argp)
2567 {
2568         switch (cmd) {
2569         case RAW1394_IOC_ISO_XMIT_INIT:
2570                 return raw1394_iso_xmit_init(fi, argp);
2571         case RAW1394_IOC_ISO_RECV_INIT:
2572                 return raw1394_iso_recv_init(fi, argp);
2573         default:
2574                 return -EINVAL;
2575         }
2576 }
2577
2578 static long raw1394_ioctl_recv(struct file_info *fi, unsigned int cmd,
2579                                unsigned long arg)
2580 {
2581         void __user *argp = (void __user *)arg;
2582
2583         switch (cmd) {
2584         case RAW1394_IOC_ISO_RECV_START:{
2585                         int args[3];
2586
2587                         if (copy_from_user(&args[0], argp, sizeof(args)))
2588                                 return -EFAULT;
2589                         return hpsb_iso_recv_start(fi->iso_handle,
2590                                                    args[0], args[1], args[2]);
2591                 }
2592         case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2593                 hpsb_iso_stop(fi->iso_handle);
2594                 return 0;
2595         case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2596                 return hpsb_iso_recv_listen_channel(fi->iso_handle, arg);
2597         case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2598                 return hpsb_iso_recv_unlisten_channel(fi->iso_handle, arg);
2599         case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2600                         u64 mask;
2601
2602                         if (copy_from_user(&mask, argp, sizeof(mask)))
2603                                 return -EFAULT;
2604                         return hpsb_iso_recv_set_channel_mask(fi->iso_handle,
2605                                                               mask);
2606                 }
2607         case RAW1394_IOC_ISO_GET_STATUS:
2608                 return raw1394_iso_get_status(fi, argp);
2609         case RAW1394_IOC_ISO_RECV_PACKETS:
2610                 return raw1394_iso_recv_packets(fi, argp);
2611         case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2612                 return hpsb_iso_recv_release_packets(fi->iso_handle, arg);
2613         case RAW1394_IOC_ISO_RECV_FLUSH:
2614                 return hpsb_iso_recv_flush(fi->iso_handle);
2615         case RAW1394_IOC_ISO_SHUTDOWN:
2616                 raw1394_iso_shutdown(fi);
2617                 return 0;
2618         case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2619                 queue_rawiso_event(fi);
2620                 return 0;
2621         default:
2622                 return -EINVAL;
2623         }
2624 }
2625
2626 static long raw1394_ioctl_xmit(struct file_info *fi, unsigned int cmd,
2627                                void __user *argp)
2628 {
2629         switch (cmd) {
2630         case RAW1394_IOC_ISO_XMIT_START:{
2631                         int args[2];
2632
2633                         if (copy_from_user(&args[0], argp, sizeof(args)))
2634                                 return -EFAULT;
2635                         return hpsb_iso_xmit_start(fi->iso_handle,
2636                                                    args[0], args[1]);
2637                 }
2638         case RAW1394_IOC_ISO_XMIT_SYNC:
2639                 return hpsb_iso_xmit_sync(fi->iso_handle);
2640         case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2641                 hpsb_iso_stop(fi->iso_handle);
2642                 return 0;
2643         case RAW1394_IOC_ISO_GET_STATUS:
2644                 return raw1394_iso_get_status(fi, argp);
2645         case RAW1394_IOC_ISO_XMIT_PACKETS:
2646                 return raw1394_iso_send_packets(fi, argp);
2647         case RAW1394_IOC_ISO_SHUTDOWN:
2648                 raw1394_iso_shutdown(fi);
2649                 return 0;
2650         case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2651                 queue_rawiso_event(fi);
2652                 return 0;
2653         default:
2654                 return -EINVAL;
2655         }
2656 }
2657
2658 /* ioctl is only used for rawiso operations */
2659 static long raw1394_ioctl(struct file *file, unsigned int cmd,
2660                           unsigned long arg)
2661 {
2662         struct file_info *fi = file->private_data;
2663         void __user *argp = (void __user *)arg;
2664         long ret;
2665
2666         /* state-independent commands */
2667         switch(cmd) {
2668         case RAW1394_IOC_GET_CYCLE_TIMER:
2669                 return raw1394_read_cycle_timer(fi, argp);
2670         default:
2671                 break;
2672         }
2673
2674         if (!mutex_trylock(&fi->state_mutex))
2675                 return -EAGAIN;
2676
2677         switch (fi->iso_state) {
2678         case RAW1394_ISO_INACTIVE:
2679                 ret = raw1394_ioctl_inactive(fi, cmd, argp);
2680                 break;
2681         case RAW1394_ISO_RECV:
2682                 ret = raw1394_ioctl_recv(fi, cmd, arg);
2683                 break;
2684         case RAW1394_ISO_XMIT:
2685                 ret = raw1394_ioctl_xmit(fi, cmd, argp);
2686                 break;
2687         default:
2688                 ret = -EINVAL;
2689                 break;
2690         }
2691
2692         mutex_unlock(&fi->state_mutex);
2693
2694         return ret;
2695 }
2696
2697 #ifdef CONFIG_COMPAT
2698 struct raw1394_iso_packets32 {
2699         __u32 n_packets;
2700         compat_uptr_t infos;
2701 } __attribute__((packed));
2702
2703 struct raw1394_cycle_timer32 {
2704         __u32 cycle_timer;
2705         __u64 local_time;
2706 }
2707 #if defined(CONFIG_X86_64) || defined(CONFIG_IA64)
2708 __attribute__((packed))
2709 #endif
2710 ;
2711
2712 #define RAW1394_IOC_ISO_RECV_PACKETS32          \
2713         _IOW ('#', 0x25, struct raw1394_iso_packets32)
2714 #define RAW1394_IOC_ISO_XMIT_PACKETS32          \
2715         _IOW ('#', 0x27, struct raw1394_iso_packets32)
2716 #define RAW1394_IOC_GET_CYCLE_TIMER32           \
2717         _IOR ('#', 0x30, struct raw1394_cycle_timer32)
2718
2719 static long raw1394_iso_xmit_recv_packets32(struct file *file, unsigned int cmd,
2720                                           struct raw1394_iso_packets32 __user *arg)
2721 {
2722         compat_uptr_t infos32;
2723         void __user *infos;
2724         long err = -EFAULT;
2725         struct raw1394_iso_packets __user *dst = compat_alloc_user_space(sizeof(struct raw1394_iso_packets));
2726
2727         if (!copy_in_user(&dst->n_packets, &arg->n_packets, sizeof arg->n_packets) &&
2728             !copy_from_user(&infos32, &arg->infos, sizeof infos32)) {
2729                 infos = compat_ptr(infos32);
2730                 if (!copy_to_user(&dst->infos, &infos, sizeof infos))
2731                         err = raw1394_ioctl(file, cmd, (unsigned long)dst);
2732         }
2733         return err;
2734 }
2735
2736 static long raw1394_read_cycle_timer32(struct file_info *fi, void __user * uaddr)
2737 {
2738         struct raw1394_cycle_timer32 ct;
2739         int err;
2740
2741         err = hpsb_read_cycle_timer(fi->host, &ct.cycle_timer, &ct.local_time);
2742         if (!err)
2743                 if (copy_to_user(uaddr, &ct, sizeof(ct)))
2744                         err = -EFAULT;
2745         return err;
2746 }
2747
2748 static long raw1394_compat_ioctl(struct file *file,
2749                                  unsigned int cmd, unsigned long arg)
2750 {
2751         struct file_info *fi = file->private_data;
2752         void __user *argp = (void __user *)arg;
2753         long err;
2754
2755         switch (cmd) {
2756         /* These requests have same format as long as 'int' has same size. */
2757         case RAW1394_IOC_ISO_RECV_INIT:
2758         case RAW1394_IOC_ISO_RECV_START:
2759         case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2760         case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2761         case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:
2762         case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2763         case RAW1394_IOC_ISO_RECV_FLUSH:
2764         case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2765         case RAW1394_IOC_ISO_XMIT_INIT:
2766         case RAW1394_IOC_ISO_XMIT_START:
2767         case RAW1394_IOC_ISO_XMIT_SYNC:
2768         case RAW1394_IOC_ISO_GET_STATUS:
2769         case RAW1394_IOC_ISO_SHUTDOWN:
2770         case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2771                 err = raw1394_ioctl(file, cmd, arg);
2772                 break;
2773         /* These request have different format. */
2774         case RAW1394_IOC_ISO_RECV_PACKETS32:
2775                 err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_RECV_PACKETS, argp);
2776                 break;
2777         case RAW1394_IOC_ISO_XMIT_PACKETS32:
2778                 err = raw1394_iso_xmit_recv_packets32(file, RAW1394_IOC_ISO_XMIT_PACKETS, argp);
2779                 break;
2780         case RAW1394_IOC_GET_CYCLE_TIMER32:
2781                 err = raw1394_read_cycle_timer32(fi, argp);
2782                 break;
2783         default:
2784                 err = -EINVAL;
2785                 break;
2786         }
2787
2788         return err;
2789 }
2790 #endif
2791
2792 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2793 {
2794         struct file_info *fi = file->private_data;
2795         unsigned int mask = POLLOUT | POLLWRNORM;
2796         unsigned long flags;
2797
2798         poll_wait(file, &fi->wait_complete, pt);
2799
2800         spin_lock_irqsave(&fi->reqlists_lock, flags);
2801         if (!list_empty(&fi->req_complete)) {
2802                 mask |= POLLIN | POLLRDNORM;
2803         }
2804         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2805
2806         return mask;
2807 }
2808
2809 static int raw1394_open(struct inode *inode, struct file *file)
2810 {
2811         struct file_info *fi;
2812
2813         fi = kzalloc(sizeof(*fi), GFP_KERNEL);
2814         if (!fi)
2815                 return -ENOMEM;
2816
2817         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2818
2819         INIT_LIST_HEAD(&fi->list);
2820         mutex_init(&fi->state_mutex);
2821         fi->state = opened;
2822         INIT_LIST_HEAD(&fi->req_pending);
2823         INIT_LIST_HEAD(&fi->req_complete);
2824         spin_lock_init(&fi->reqlists_lock);
2825         init_waitqueue_head(&fi->wait_complete);
2826         INIT_LIST_HEAD(&fi->addr_list);
2827
2828         file->private_data = fi;
2829
2830         return 0;
2831 }
2832
2833 static int raw1394_release(struct inode *inode, struct file *file)
2834 {
2835         struct file_info *fi = file->private_data;
2836         struct list_head *lh;
2837         struct pending_request *req;
2838         int i, fail;
2839         int retval = 0;
2840         struct list_head *entry;
2841         struct arm_addr *addr = NULL;
2842         struct host_info *hi;
2843         struct file_info *fi_hlp = NULL;
2844         struct arm_addr *arm_addr = NULL;
2845         int another_host;
2846         int csr_mod = 0;
2847         unsigned long flags;
2848
2849         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2850                 raw1394_iso_shutdown(fi);
2851
2852         spin_lock_irqsave(&host_info_lock, flags);
2853
2854         fail = 0;
2855         /* set address-entries invalid */
2856
2857         while (!list_empty(&fi->addr_list)) {
2858                 another_host = 0;
2859                 lh = fi->addr_list.next;
2860                 addr = list_entry(lh, struct arm_addr, addr_list);
2861                 /* another host with valid address-entry containing
2862                    same addressrange? */
2863                 list_for_each_entry(hi, &host_info_list, list) {
2864                         if (hi->host != fi->host) {
2865                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2866                                                     list) {
2867                                         entry = fi_hlp->addr_list.next;
2868                                         while (entry != &(fi_hlp->addr_list)) {
2869                                                 arm_addr = list_entry(entry, struct
2870                                                                       arm_addr,
2871                                                                       addr_list);
2872                                                 if (arm_addr->start ==
2873                                                     addr->start) {
2874                                                         DBGMSG
2875                                                             ("raw1394_release: "
2876                                                              "another host ownes "
2877                                                              "same addressrange");
2878                                                         another_host = 1;
2879                                                         break;
2880                                                 }
2881                                                 entry = entry->next;
2882                                         }
2883                                         if (another_host) {
2884                                                 break;
2885                                         }
2886                                 }
2887                         }
2888                 }
2889                 if (!another_host) {
2890                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2891                         retval =
2892                             hpsb_unregister_addrspace(&raw1394_highlevel,
2893                                                       fi->host, addr->start);
2894                         if (!retval) {
2895                                 ++fail;
2896                                 printk(KERN_ERR
2897                                        "raw1394_release arm_Unregister failed\n");
2898                         }
2899                 }
2900                 DBGMSG("raw1394_release: delete addr_entry from list");
2901                 list_del(&addr->addr_list);
2902                 vfree(addr->addr_space_buffer);
2903                 kfree(addr);
2904         }                       /* while */
2905         spin_unlock_irqrestore(&host_info_lock, flags);
2906         if (fail > 0) {
2907                 printk(KERN_ERR "raw1394: during addr_list-release "
2908                        "error(s) occurred \n");
2909         }
2910
2911         for (;;) {
2912                 /* This locked section guarantees that neither
2913                  * complete nor pending requests exist once i!=0 */
2914                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2915                 while ((req = __next_complete_req(fi)))
2916                         free_pending_request(req);
2917
2918                 i = list_empty(&fi->req_pending);
2919                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2920
2921                 if (i)
2922                         break;
2923                 /*
2924                  * Sleep until more requests can be freed.
2925                  *
2926                  * NB: We call the macro wait_event() with a condition argument
2927                  * with side effect.  This is only possible because the side
2928                  * effect does not occur until the condition became true, and
2929                  * wait_event() won't evaluate the condition again after that.
2930                  */
2931                 wait_event(fi->wait_complete, (req = next_complete_req(fi)));
2932                 free_pending_request(req);
2933         }
2934
2935         /* Remove any sub-trees left by user space programs */
2936         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2937                 struct csr1212_dentry *dentry;
2938                 if (!fi->csr1212_dirs[i])
2939                         continue;
2940                 for (dentry =
2941                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2942                      dentry = dentry->next) {
2943                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2944                                                              root_kv,
2945                                                              dentry->kv);
2946                 }
2947                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2948                 fi->csr1212_dirs[i] = NULL;
2949                 csr_mod = 1;
2950         }
2951
2952         if ((csr_mod || fi->cfgrom_upd)
2953             && hpsb_update_config_rom_image(fi->host) < 0)
2954                 HPSB_ERR
2955                     ("Failed to generate Configuration ROM image for host %d",
2956                      fi->host->id);
2957
2958         if (fi->state == connected) {
2959                 spin_lock_irqsave(&host_info_lock, flags);
2960                 list_del(&fi->list);
2961                 spin_unlock_irqrestore(&host_info_lock, flags);
2962
2963                 put_device(&fi->host->device);
2964         }
2965
2966         spin_lock_irqsave(&host_info_lock, flags);
2967         if (fi->host)
2968                 module_put(fi->host->driver->owner);
2969         spin_unlock_irqrestore(&host_info_lock, flags);
2970
2971         kfree(fi);
2972
2973         return 0;
2974 }
2975
2976 /*** HOTPLUG STUFF **********************************************************/
2977 /*
2978  * Export information about protocols/devices supported by this driver.
2979  */
2980 #ifdef MODULE
2981 static struct ieee1394_device_id raw1394_id_table[] = {
2982         {
2983          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2984          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2985          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2986         {
2987          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2988          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2989          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2990         {
2991          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2992          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2993          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2994         {
2995          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2996          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2997          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2998         {}
2999 };
3000
3001 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
3002 #endif /* MODULE */
3003
3004 static struct hpsb_protocol_driver raw1394_driver = {
3005         .name = "raw1394",
3006 };
3007
3008 /******************************************************************************/
3009
3010 static struct hpsb_highlevel raw1394_highlevel = {
3011         .name = RAW1394_DEVICE_NAME,
3012         .add_host = add_host,
3013         .remove_host = remove_host,
3014         .host_reset = host_reset,
3015         .fcp_request = fcp_request,
3016 };
3017
3018 static struct cdev raw1394_cdev;
3019 static const struct file_operations raw1394_fops = {
3020         .owner = THIS_MODULE,
3021         .read = raw1394_read,
3022         .write = raw1394_write,
3023         .mmap = raw1394_mmap,
3024         .unlocked_ioctl = raw1394_ioctl,
3025 #ifdef CONFIG_COMPAT
3026         .compat_ioctl = raw1394_compat_ioctl,
3027 #endif
3028         .poll = raw1394_poll,
3029         .open = raw1394_open,
3030         .release = raw1394_release,
3031 };
3032
3033 static int __init init_raw1394(void)
3034 {
3035         int ret = 0;
3036
3037         hpsb_register_highlevel(&raw1394_highlevel);
3038
3039         if (IS_ERR
3040             (device_create(hpsb_protocol_class, NULL,
3041                            MKDEV(IEEE1394_MAJOR,
3042                                  IEEE1394_MINOR_BLOCK_RAW1394 * 16),
3043                            NULL, RAW1394_DEVICE_NAME))) {
3044                 ret = -EFAULT;
3045                 goto out_unreg;
3046         }
3047
3048         cdev_init(&raw1394_cdev, &raw1394_fops);
3049         raw1394_cdev.owner = THIS_MODULE;
3050         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3051         if (ret) {
3052                 HPSB_ERR("raw1394 failed to register minor device block");
3053                 goto out_dev;
3054         }
3055
3056         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3057
3058         ret = hpsb_register_protocol(&raw1394_driver);
3059         if (ret) {
3060                 HPSB_ERR("raw1394: failed to register protocol");
3061                 cdev_del(&raw1394_cdev);
3062                 goto out_dev;
3063         }
3064
3065         goto out;
3066
3067       out_dev:
3068         device_destroy(hpsb_protocol_class,
3069                        MKDEV(IEEE1394_MAJOR,
3070                              IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3071       out_unreg:
3072         hpsb_unregister_highlevel(&raw1394_highlevel);
3073       out:
3074         return ret;
3075 }
3076
3077 static void __exit cleanup_raw1394(void)
3078 {
3079         device_destroy(hpsb_protocol_class,
3080                        MKDEV(IEEE1394_MAJOR,
3081                              IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3082         cdev_del(&raw1394_cdev);
3083         hpsb_unregister_highlevel(&raw1394_highlevel);
3084         hpsb_unregister_protocol(&raw1394_driver);
3085 }
3086
3087 module_init(init_raw1394);
3088 module_exit(cleanup_raw1394);
3089 MODULE_LICENSE("GPL");