Merge git://git.kernel.org/pub/scm/linux/kernel/git/bcollins/linux1394-2.6
[linux-2.6] / drivers / ieee1394 / raw1394.c
1 /*
2  * IEEE 1394 for Linux
3  *
4  * Raw interface to the bus
5  *
6  * Copyright (C) 1999, 2000 Andreas E. Bombe
7  *               2001, 2002 Manfred Weihs <weihs@ict.tuwien.ac.at>
8  *                     2002 Christian Toegel <christian.toegel@gmx.at>
9  *
10  * This code is licensed under the GPL.  See the file COPYING in the root
11  * directory of the kernel sources for details.
12  *
13  *
14  * Contributions:
15  *
16  * Manfred Weihs <weihs@ict.tuwien.ac.at>
17  *        configuration ROM manipulation
18  *        address range mapping
19  *        adaptation for new (transparent) loopback mechanism
20  *        sending of arbitrary async packets
21  * Christian Toegel <christian.toegel@gmx.at>
22  *        address range mapping
23  *        lock64 request
24  *        transmit physical packet
25  *        busreset notification control (switch on/off)
26  *        busreset with selection of type (short/long)
27  *        request_reply
28  */
29
30 #include <linux/kernel.h>
31 #include <linux/list.h>
32 #include <linux/string.h>
33 #include <linux/slab.h>
34 #include <linux/fs.h>
35 #include <linux/poll.h>
36 #include <linux/module.h>
37 #include <linux/init.h>
38 #include <linux/smp_lock.h>
39 #include <linux/interrupt.h>
40 #include <linux/vmalloc.h>
41 #include <linux/cdev.h>
42 #include <asm/uaccess.h>
43 #include <asm/atomic.h>
44 #include <linux/compat.h>
45
46 #include "csr1212.h"
47 #include "ieee1394.h"
48 #include "ieee1394_types.h"
49 #include "ieee1394_core.h"
50 #include "nodemgr.h"
51 #include "hosts.h"
52 #include "highlevel.h"
53 #include "iso.h"
54 #include "ieee1394_transactions.h"
55 #include "raw1394.h"
56 #include "raw1394-private.h"
57
58 #define int2ptr(x) ((void __user *)(unsigned long)x)
59 #define ptr2int(x) ((u64)(unsigned long)(void __user *)x)
60
61 #ifdef CONFIG_IEEE1394_VERBOSEDEBUG
62 #define RAW1394_DEBUG
63 #endif
64
65 #ifdef RAW1394_DEBUG
66 #define DBGMSG(fmt, args...) \
67 printk(KERN_INFO "raw1394:" fmt "\n" , ## args)
68 #else
69 #define DBGMSG(fmt, args...)
70 #endif
71
72 static LIST_HEAD(host_info_list);
73 static int host_count;
74 static DEFINE_SPINLOCK(host_info_lock);
75 static atomic_t internal_generation = ATOMIC_INIT(0);
76
77 static atomic_t iso_buffer_size;
78 static const int iso_buffer_max = 4 * 1024 * 1024;      /* 4 MB */
79
80 static struct hpsb_highlevel raw1394_highlevel;
81
82 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
83                     u64 addr, size_t length, u16 flags);
84 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
85                      quadlet_t * data, u64 addr, size_t length, u16 flags);
86 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
87                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
88                     u16 flags);
89 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
90                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
91                       u16 flags);
92 static struct hpsb_address_ops arm_ops = {
93         .read = arm_read,
94         .write = arm_write,
95         .lock = arm_lock,
96         .lock64 = arm_lock64,
97 };
98
99 static void queue_complete_cb(struct pending_request *req);
100
101 static struct pending_request *__alloc_pending_request(gfp_t flags)
102 {
103         struct pending_request *req;
104
105         req = kzalloc(sizeof(*req), flags);
106         if (req)
107                 INIT_LIST_HEAD(&req->list);
108
109         return req;
110 }
111
112 static inline struct pending_request *alloc_pending_request(void)
113 {
114         return __alloc_pending_request(SLAB_KERNEL);
115 }
116
117 static void free_pending_request(struct pending_request *req)
118 {
119         if (req->ibs) {
120                 if (atomic_dec_and_test(&req->ibs->refcount)) {
121                         atomic_sub(req->ibs->data_size, &iso_buffer_size);
122                         kfree(req->ibs);
123                 }
124         } else if (req->free_data) {
125                 kfree(req->data);
126         }
127         hpsb_free_packet(req->packet);
128         kfree(req);
129 }
130
131 /* fi->reqlists_lock must be taken */
132 static void __queue_complete_req(struct pending_request *req)
133 {
134         struct file_info *fi = req->file_info;
135         list_del(&req->list);
136         list_add_tail(&req->list, &fi->req_complete);
137
138         up(&fi->complete_sem);
139         wake_up_interruptible(&fi->poll_wait_complete);
140 }
141
142 static void queue_complete_req(struct pending_request *req)
143 {
144         unsigned long flags;
145         struct file_info *fi = req->file_info;
146
147         spin_lock_irqsave(&fi->reqlists_lock, flags);
148         __queue_complete_req(req);
149         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
150 }
151
152 static void queue_complete_cb(struct pending_request *req)
153 {
154         struct hpsb_packet *packet = req->packet;
155         int rcode = (packet->header[1] >> 12) & 0xf;
156
157         switch (packet->ack_code) {
158         case ACKX_NONE:
159         case ACKX_SEND_ERROR:
160                 req->req.error = RAW1394_ERROR_SEND_ERROR;
161                 break;
162         case ACKX_ABORTED:
163                 req->req.error = RAW1394_ERROR_ABORTED;
164                 break;
165         case ACKX_TIMEOUT:
166                 req->req.error = RAW1394_ERROR_TIMEOUT;
167                 break;
168         default:
169                 req->req.error = (packet->ack_code << 16) | rcode;
170                 break;
171         }
172
173         if (!((packet->ack_code == ACK_PENDING) && (rcode == RCODE_COMPLETE))) {
174                 req->req.length = 0;
175         }
176
177         if ((req->req.type == RAW1394_REQ_ASYNC_READ) ||
178             (req->req.type == RAW1394_REQ_ASYNC_WRITE) ||
179             (req->req.type == RAW1394_REQ_ASYNC_STREAM) ||
180             (req->req.type == RAW1394_REQ_LOCK) ||
181             (req->req.type == RAW1394_REQ_LOCK64))
182                 hpsb_free_tlabel(packet);
183
184         queue_complete_req(req);
185 }
186
187 static void add_host(struct hpsb_host *host)
188 {
189         struct host_info *hi;
190         unsigned long flags;
191
192         hi = kmalloc(sizeof(*hi), GFP_KERNEL);
193
194         if (hi) {
195                 INIT_LIST_HEAD(&hi->list);
196                 hi->host = host;
197                 INIT_LIST_HEAD(&hi->file_info_list);
198
199                 spin_lock_irqsave(&host_info_lock, flags);
200                 list_add_tail(&hi->list, &host_info_list);
201                 host_count++;
202                 spin_unlock_irqrestore(&host_info_lock, flags);
203         }
204
205         atomic_inc(&internal_generation);
206 }
207
208 static struct host_info *find_host_info(struct hpsb_host *host)
209 {
210         struct host_info *hi;
211
212         list_for_each_entry(hi, &host_info_list, list)
213             if (hi->host == host)
214                 return hi;
215
216         return NULL;
217 }
218
219 static void remove_host(struct hpsb_host *host)
220 {
221         struct host_info *hi;
222         unsigned long flags;
223
224         spin_lock_irqsave(&host_info_lock, flags);
225         hi = find_host_info(host);
226
227         if (hi != NULL) {
228                 list_del(&hi->list);
229                 host_count--;
230                 /*
231                    FIXME: address ranges should be removed
232                    and fileinfo states should be initialized
233                    (including setting generation to
234                    internal-generation ...)
235                  */
236         }
237         spin_unlock_irqrestore(&host_info_lock, flags);
238
239         if (hi == NULL) {
240                 printk(KERN_ERR "raw1394: attempt to remove unknown host "
241                        "0x%p\n", host);
242                 return;
243         }
244
245         kfree(hi);
246
247         atomic_inc(&internal_generation);
248 }
249
250 static void host_reset(struct hpsb_host *host)
251 {
252         unsigned long flags;
253         struct host_info *hi;
254         struct file_info *fi;
255         struct pending_request *req;
256
257         spin_lock_irqsave(&host_info_lock, flags);
258         hi = find_host_info(host);
259
260         if (hi != NULL) {
261                 list_for_each_entry(fi, &hi->file_info_list, list) {
262                         if (fi->notification == RAW1394_NOTIFY_ON) {
263                                 req = __alloc_pending_request(SLAB_ATOMIC);
264
265                                 if (req != NULL) {
266                                         req->file_info = fi;
267                                         req->req.type = RAW1394_REQ_BUS_RESET;
268                                         req->req.generation =
269                                             get_hpsb_generation(host);
270                                         req->req.misc = (host->node_id << 16)
271                                             | host->node_count;
272                                         if (fi->protocol_version > 3) {
273                                                 req->req.misc |=
274                                                     (NODEID_TO_NODE
275                                                      (host->irm_id)
276                                                      << 8);
277                                         }
278
279                                         queue_complete_req(req);
280                                 }
281                         }
282                 }
283         }
284         spin_unlock_irqrestore(&host_info_lock, flags);
285 }
286
287 static void iso_receive(struct hpsb_host *host, int channel, quadlet_t * data,
288                         size_t length)
289 {
290         unsigned long flags;
291         struct host_info *hi;
292         struct file_info *fi;
293         struct pending_request *req, *req_next;
294         struct iso_block_store *ibs = NULL;
295         LIST_HEAD(reqs);
296
297         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
298                 HPSB_INFO("dropped iso packet");
299                 return;
300         }
301
302         spin_lock_irqsave(&host_info_lock, flags);
303         hi = find_host_info(host);
304
305         if (hi != NULL) {
306                 list_for_each_entry(fi, &hi->file_info_list, list) {
307                         if (!(fi->listen_channels & (1ULL << channel)))
308                                 continue;
309
310                         req = __alloc_pending_request(SLAB_ATOMIC);
311                         if (!req)
312                                 break;
313
314                         if (!ibs) {
315                                 ibs = kmalloc(sizeof(*ibs) + length,
316                                               SLAB_ATOMIC);
317                                 if (!ibs) {
318                                         kfree(req);
319                                         break;
320                                 }
321
322                                 atomic_add(length, &iso_buffer_size);
323                                 atomic_set(&ibs->refcount, 0);
324                                 ibs->data_size = length;
325                                 memcpy(ibs->data, data, length);
326                         }
327
328                         atomic_inc(&ibs->refcount);
329
330                         req->file_info = fi;
331                         req->ibs = ibs;
332                         req->data = ibs->data;
333                         req->req.type = RAW1394_REQ_ISO_RECEIVE;
334                         req->req.generation = get_hpsb_generation(host);
335                         req->req.misc = 0;
336                         req->req.recvb = ptr2int(fi->iso_buffer);
337                         req->req.length = min(length, fi->iso_buffer_length);
338
339                         list_add_tail(&req->list, &reqs);
340                 }
341         }
342         spin_unlock_irqrestore(&host_info_lock, flags);
343
344         list_for_each_entry_safe(req, req_next, &reqs, list)
345             queue_complete_req(req);
346 }
347
348 static void fcp_request(struct hpsb_host *host, int nodeid, int direction,
349                         int cts, u8 * data, size_t length)
350 {
351         unsigned long flags;
352         struct host_info *hi;
353         struct file_info *fi;
354         struct pending_request *req, *req_next;
355         struct iso_block_store *ibs = NULL;
356         LIST_HEAD(reqs);
357
358         if ((atomic_read(&iso_buffer_size) + length) > iso_buffer_max) {
359                 HPSB_INFO("dropped fcp request");
360                 return;
361         }
362
363         spin_lock_irqsave(&host_info_lock, flags);
364         hi = find_host_info(host);
365
366         if (hi != NULL) {
367                 list_for_each_entry(fi, &hi->file_info_list, list) {
368                         if (!fi->fcp_buffer)
369                                 continue;
370
371                         req = __alloc_pending_request(SLAB_ATOMIC);
372                         if (!req)
373                                 break;
374
375                         if (!ibs) {
376                                 ibs = kmalloc(sizeof(*ibs) + length,
377                                               SLAB_ATOMIC);
378                                 if (!ibs) {
379                                         kfree(req);
380                                         break;
381                                 }
382
383                                 atomic_add(length, &iso_buffer_size);
384                                 atomic_set(&ibs->refcount, 0);
385                                 ibs->data_size = length;
386                                 memcpy(ibs->data, data, length);
387                         }
388
389                         atomic_inc(&ibs->refcount);
390
391                         req->file_info = fi;
392                         req->ibs = ibs;
393                         req->data = ibs->data;
394                         req->req.type = RAW1394_REQ_FCP_REQUEST;
395                         req->req.generation = get_hpsb_generation(host);
396                         req->req.misc = nodeid | (direction << 16);
397                         req->req.recvb = ptr2int(fi->fcp_buffer);
398                         req->req.length = length;
399
400                         list_add_tail(&req->list, &reqs);
401                 }
402         }
403         spin_unlock_irqrestore(&host_info_lock, flags);
404
405         list_for_each_entry_safe(req, req_next, &reqs, list)
406             queue_complete_req(req);
407 }
408
409 #ifdef CONFIG_COMPAT
410 struct compat_raw1394_req {
411         __u32 type;
412         __s32 error;
413         __u32 misc;
414
415         __u32 generation;
416         __u32 length;
417
418         __u64 address;
419
420         __u64 tag;
421
422         __u64 sendb;
423         __u64 recvb;
424 } __attribute__((packed));
425
426 static const char __user *raw1394_compat_write(const char __user *buf)
427 {
428         struct compat_raw1394_req __user *cr = (typeof(cr)) buf;
429         struct raw1394_request __user *r;
430         r = compat_alloc_user_space(sizeof(struct raw1394_request));
431
432 #define C(x) __copy_in_user(&r->x, &cr->x, sizeof(r->x))
433
434         if (copy_in_user(r, cr, sizeof(struct compat_raw1394_req)) ||
435             C(address) ||
436             C(tag) ||
437             C(sendb) ||
438             C(recvb))
439                 return ERR_PTR(-EFAULT);
440         return (const char __user *)r;
441 }
442 #undef C
443
444 #define P(x) __put_user(r->x, &cr->x)
445
446 static int
447 raw1394_compat_read(const char __user *buf, struct raw1394_request *r)
448 {
449         struct compat_raw1394_req __user *cr = (typeof(cr)) r;
450         if (!access_ok(VERIFY_WRITE, cr, sizeof(struct compat_raw1394_req)) ||
451             P(type) ||
452             P(error) ||
453             P(misc) ||
454             P(generation) ||
455             P(length) ||
456             P(address) ||
457             P(tag) ||
458             P(sendb) ||
459             P(recvb))
460                 return -EFAULT;
461         return sizeof(struct compat_raw1394_req);
462 }
463 #undef P
464
465 #endif
466
467
468 static ssize_t raw1394_read(struct file *file, char __user * buffer,
469                             size_t count, loff_t * offset_is_ignored)
470 {
471         unsigned long flags;
472         struct file_info *fi = (struct file_info *)file->private_data;
473         struct list_head *lh;
474         struct pending_request *req;
475         ssize_t ret;
476
477 #ifdef CONFIG_COMPAT
478         if (count == sizeof(struct compat_raw1394_req)) {
479                 /* ok */
480         } else
481 #endif
482         if (count != sizeof(struct raw1394_request)) {
483                 return -EINVAL;
484         }
485
486         if (!access_ok(VERIFY_WRITE, buffer, count)) {
487                 return -EFAULT;
488         }
489
490         if (file->f_flags & O_NONBLOCK) {
491                 if (down_trylock(&fi->complete_sem)) {
492                         return -EAGAIN;
493                 }
494         } else {
495                 if (down_interruptible(&fi->complete_sem)) {
496                         return -ERESTARTSYS;
497                 }
498         }
499
500         spin_lock_irqsave(&fi->reqlists_lock, flags);
501         lh = fi->req_complete.next;
502         list_del(lh);
503         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
504
505         req = list_entry(lh, struct pending_request, list);
506
507         if (req->req.length) {
508                 if (copy_to_user(int2ptr(req->req.recvb), req->data,
509                                  req->req.length)) {
510                         req->req.error = RAW1394_ERROR_MEMFAULT;
511                 }
512         }
513
514 #ifdef CONFIG_COMPAT
515         if (count == sizeof(struct compat_raw1394_req) &&
516             sizeof(struct compat_raw1394_req) !=
517                         sizeof(struct raw1394_request)) {
518                 ret = raw1394_compat_read(buffer, &req->req);
519         } else
520 #endif
521         {
522                 if (copy_to_user(buffer, &req->req, sizeof(req->req))) {
523                         ret = -EFAULT;
524                         goto out;
525                 }
526                 ret = (ssize_t) sizeof(struct raw1394_request);
527         }
528       out:
529         free_pending_request(req);
530         return ret;
531 }
532
533 static int state_opened(struct file_info *fi, struct pending_request *req)
534 {
535         if (req->req.type == RAW1394_REQ_INITIALIZE) {
536                 switch (req->req.misc) {
537                 case RAW1394_KERNELAPI_VERSION:
538                 case 3:
539                         fi->state = initialized;
540                         fi->protocol_version = req->req.misc;
541                         req->req.error = RAW1394_ERROR_NONE;
542                         req->req.generation = atomic_read(&internal_generation);
543                         break;
544
545                 default:
546                         req->req.error = RAW1394_ERROR_COMPAT;
547                         req->req.misc = RAW1394_KERNELAPI_VERSION;
548                 }
549         } else {
550                 req->req.error = RAW1394_ERROR_STATE_ORDER;
551         }
552
553         req->req.length = 0;
554         queue_complete_req(req);
555         return sizeof(struct raw1394_request);
556 }
557
558 static int state_initialized(struct file_info *fi, struct pending_request *req)
559 {
560         unsigned long flags;
561         struct host_info *hi;
562         struct raw1394_khost_list *khl;
563
564         if (req->req.generation != atomic_read(&internal_generation)) {
565                 req->req.error = RAW1394_ERROR_GENERATION;
566                 req->req.generation = atomic_read(&internal_generation);
567                 req->req.length = 0;
568                 queue_complete_req(req);
569                 return sizeof(struct raw1394_request);
570         }
571
572         switch (req->req.type) {
573         case RAW1394_REQ_LIST_CARDS:
574                 spin_lock_irqsave(&host_info_lock, flags);
575                 khl = kmalloc(sizeof(*khl) * host_count, SLAB_ATOMIC);
576
577                 if (khl) {
578                         req->req.misc = host_count;
579                         req->data = (quadlet_t *) khl;
580
581                         list_for_each_entry(hi, &host_info_list, list) {
582                                 khl->nodes = hi->host->node_count;
583                                 strcpy(khl->name, hi->host->driver->name);
584                                 khl++;
585                         }
586                 }
587                 spin_unlock_irqrestore(&host_info_lock, flags);
588
589                 if (khl) {
590                         req->req.error = RAW1394_ERROR_NONE;
591                         req->req.length = min(req->req.length,
592                                               (u32) (sizeof
593                                                      (struct raw1394_khost_list)
594                                                      * req->req.misc));
595                         req->free_data = 1;
596                 } else {
597                         return -ENOMEM;
598                 }
599                 break;
600
601         case RAW1394_REQ_SET_CARD:
602                 spin_lock_irqsave(&host_info_lock, flags);
603                 if (req->req.misc < host_count) {
604                         list_for_each_entry(hi, &host_info_list, list) {
605                                 if (!req->req.misc--)
606                                         break;
607                         }
608                         get_device(&hi->host->device);  // XXX Need to handle failure case
609                         list_add_tail(&fi->list, &hi->file_info_list);
610                         fi->host = hi->host;
611                         fi->state = connected;
612
613                         req->req.error = RAW1394_ERROR_NONE;
614                         req->req.generation = get_hpsb_generation(fi->host);
615                         req->req.misc = (fi->host->node_id << 16)
616                             | fi->host->node_count;
617                         if (fi->protocol_version > 3) {
618                                 req->req.misc |=
619                                     NODEID_TO_NODE(fi->host->irm_id) << 8;
620                         }
621                 } else {
622                         req->req.error = RAW1394_ERROR_INVALID_ARG;
623                 }
624                 spin_unlock_irqrestore(&host_info_lock, flags);
625
626                 req->req.length = 0;
627                 break;
628
629         default:
630                 req->req.error = RAW1394_ERROR_STATE_ORDER;
631                 req->req.length = 0;
632                 break;
633         }
634
635         queue_complete_req(req);
636         return sizeof(struct raw1394_request);
637 }
638
639 static void handle_iso_listen(struct file_info *fi, struct pending_request *req)
640 {
641         int channel = req->req.misc;
642
643         if ((channel > 63) || (channel < -64)) {
644                 req->req.error = RAW1394_ERROR_INVALID_ARG;
645         } else if (channel >= 0) {
646                 /* allocate channel req.misc */
647                 if (fi->listen_channels & (1ULL << channel)) {
648                         req->req.error = RAW1394_ERROR_ALREADY;
649                 } else {
650                         if (hpsb_listen_channel
651                             (&raw1394_highlevel, fi->host, channel)) {
652                                 req->req.error = RAW1394_ERROR_ALREADY;
653                         } else {
654                                 fi->listen_channels |= 1ULL << channel;
655                                 fi->iso_buffer = int2ptr(req->req.recvb);
656                                 fi->iso_buffer_length = req->req.length;
657                         }
658                 }
659         } else {
660                 /* deallocate channel (one's complement neg) req.misc */
661                 channel = ~channel;
662
663                 if (fi->listen_channels & (1ULL << channel)) {
664                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host,
665                                               channel);
666                         fi->listen_channels &= ~(1ULL << channel);
667                 } else {
668                         req->req.error = RAW1394_ERROR_INVALID_ARG;
669                 }
670         }
671
672         req->req.length = 0;
673         queue_complete_req(req);
674 }
675
676 static void handle_fcp_listen(struct file_info *fi, struct pending_request *req)
677 {
678         if (req->req.misc) {
679                 if (fi->fcp_buffer) {
680                         req->req.error = RAW1394_ERROR_ALREADY;
681                 } else {
682                         fi->fcp_buffer = int2ptr(req->req.recvb);
683                 }
684         } else {
685                 if (!fi->fcp_buffer) {
686                         req->req.error = RAW1394_ERROR_ALREADY;
687                 } else {
688                         fi->fcp_buffer = NULL;
689                 }
690         }
691
692         req->req.length = 0;
693         queue_complete_req(req);
694 }
695
696 static int handle_async_request(struct file_info *fi,
697                                 struct pending_request *req, int node)
698 {
699         unsigned long flags;
700         struct hpsb_packet *packet = NULL;
701         u64 addr = req->req.address & 0xffffffffffffULL;
702
703         switch (req->req.type) {
704         case RAW1394_REQ_ASYNC_READ:
705                 DBGMSG("read_request called");
706                 packet =
707                     hpsb_make_readpacket(fi->host, node, addr, req->req.length);
708
709                 if (!packet)
710                         return -ENOMEM;
711
712                 if (req->req.length == 4)
713                         req->data = &packet->header[3];
714                 else
715                         req->data = packet->data;
716
717                 break;
718
719         case RAW1394_REQ_ASYNC_WRITE:
720                 DBGMSG("write_request called");
721
722                 packet = hpsb_make_writepacket(fi->host, node, addr, NULL,
723                                                req->req.length);
724                 if (!packet)
725                         return -ENOMEM;
726
727                 if (req->req.length == 4) {
728                         if (copy_from_user
729                             (&packet->header[3], int2ptr(req->req.sendb),
730                              req->req.length))
731                                 req->req.error = RAW1394_ERROR_MEMFAULT;
732                 } else {
733                         if (copy_from_user
734                             (packet->data, int2ptr(req->req.sendb),
735                              req->req.length))
736                                 req->req.error = RAW1394_ERROR_MEMFAULT;
737                 }
738
739                 req->req.length = 0;
740                 break;
741
742         case RAW1394_REQ_ASYNC_STREAM:
743                 DBGMSG("stream_request called");
744
745                 packet =
746                     hpsb_make_streampacket(fi->host, NULL, req->req.length,
747                                            node & 0x3f /*channel */ ,
748                                            (req->req.misc >> 16) & 0x3,
749                                            req->req.misc & 0xf);
750                 if (!packet)
751                         return -ENOMEM;
752
753                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
754                                    req->req.length))
755                         req->req.error = RAW1394_ERROR_MEMFAULT;
756
757                 req->req.length = 0;
758                 break;
759
760         case RAW1394_REQ_LOCK:
761                 DBGMSG("lock_request called");
762                 if ((req->req.misc == EXTCODE_FETCH_ADD)
763                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
764                         if (req->req.length != 4) {
765                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
766                                 break;
767                         }
768                 } else {
769                         if (req->req.length != 8) {
770                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
771                                 break;
772                         }
773                 }
774
775                 packet = hpsb_make_lockpacket(fi->host, node, addr,
776                                               req->req.misc, NULL, 0);
777                 if (!packet)
778                         return -ENOMEM;
779
780                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
781                                    req->req.length)) {
782                         req->req.error = RAW1394_ERROR_MEMFAULT;
783                         break;
784                 }
785
786                 req->data = packet->data;
787                 req->req.length = 4;
788                 break;
789
790         case RAW1394_REQ_LOCK64:
791                 DBGMSG("lock64_request called");
792                 if ((req->req.misc == EXTCODE_FETCH_ADD)
793                     || (req->req.misc == EXTCODE_LITTLE_ADD)) {
794                         if (req->req.length != 8) {
795                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
796                                 break;
797                         }
798                 } else {
799                         if (req->req.length != 16) {
800                                 req->req.error = RAW1394_ERROR_INVALID_ARG;
801                                 break;
802                         }
803                 }
804                 packet = hpsb_make_lock64packet(fi->host, node, addr,
805                                                 req->req.misc, NULL, 0);
806                 if (!packet)
807                         return -ENOMEM;
808
809                 if (copy_from_user(packet->data, int2ptr(req->req.sendb),
810                                    req->req.length)) {
811                         req->req.error = RAW1394_ERROR_MEMFAULT;
812                         break;
813                 }
814
815                 req->data = packet->data;
816                 req->req.length = 8;
817                 break;
818
819         default:
820                 req->req.error = RAW1394_ERROR_STATE_ORDER;
821         }
822
823         req->packet = packet;
824
825         if (req->req.error) {
826                 req->req.length = 0;
827                 queue_complete_req(req);
828                 return sizeof(struct raw1394_request);
829         }
830
831         hpsb_set_packet_complete_task(packet,
832                                       (void (*)(void *))queue_complete_cb, req);
833
834         spin_lock_irqsave(&fi->reqlists_lock, flags);
835         list_add_tail(&req->list, &fi->req_pending);
836         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
837
838         packet->generation = req->req.generation;
839
840         if (hpsb_send_packet(packet) < 0) {
841                 req->req.error = RAW1394_ERROR_SEND_ERROR;
842                 req->req.length = 0;
843                 hpsb_free_tlabel(packet);
844                 queue_complete_req(req);
845         }
846         return sizeof(struct raw1394_request);
847 }
848
849 static int handle_iso_send(struct file_info *fi, struct pending_request *req,
850                            int channel)
851 {
852         unsigned long flags;
853         struct hpsb_packet *packet;
854
855         packet = hpsb_make_isopacket(fi->host, req->req.length, channel & 0x3f,
856                                      (req->req.misc >> 16) & 0x3,
857                                      req->req.misc & 0xf);
858         if (!packet)
859                 return -ENOMEM;
860
861         packet->speed_code = req->req.address & 0x3;
862
863         req->packet = packet;
864
865         if (copy_from_user(packet->data, int2ptr(req->req.sendb),
866                            req->req.length)) {
867                 req->req.error = RAW1394_ERROR_MEMFAULT;
868                 req->req.length = 0;
869                 queue_complete_req(req);
870                 return sizeof(struct raw1394_request);
871         }
872
873         req->req.length = 0;
874         hpsb_set_packet_complete_task(packet,
875                                       (void (*)(void *))queue_complete_req,
876                                       req);
877
878         spin_lock_irqsave(&fi->reqlists_lock, flags);
879         list_add_tail(&req->list, &fi->req_pending);
880         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
881
882         /* Update the generation of the packet just before sending. */
883         packet->generation = req->req.generation;
884
885         if (hpsb_send_packet(packet) < 0) {
886                 req->req.error = RAW1394_ERROR_SEND_ERROR;
887                 queue_complete_req(req);
888         }
889
890         return sizeof(struct raw1394_request);
891 }
892
893 static int handle_async_send(struct file_info *fi, struct pending_request *req)
894 {
895         unsigned long flags;
896         struct hpsb_packet *packet;
897         int header_length = req->req.misc & 0xffff;
898         int expect_response = req->req.misc >> 16;
899
900         if ((header_length > req->req.length) || (header_length < 12)) {
901                 req->req.error = RAW1394_ERROR_INVALID_ARG;
902                 req->req.length = 0;
903                 queue_complete_req(req);
904                 return sizeof(struct raw1394_request);
905         }
906
907         packet = hpsb_alloc_packet(req->req.length - header_length);
908         req->packet = packet;
909         if (!packet)
910                 return -ENOMEM;
911
912         if (copy_from_user(packet->header, int2ptr(req->req.sendb),
913                            header_length)) {
914                 req->req.error = RAW1394_ERROR_MEMFAULT;
915                 req->req.length = 0;
916                 queue_complete_req(req);
917                 return sizeof(struct raw1394_request);
918         }
919
920         if (copy_from_user
921             (packet->data, int2ptr(req->req.sendb) + header_length,
922              packet->data_size)) {
923                 req->req.error = RAW1394_ERROR_MEMFAULT;
924                 req->req.length = 0;
925                 queue_complete_req(req);
926                 return sizeof(struct raw1394_request);
927         }
928
929         packet->type = hpsb_async;
930         packet->node_id = packet->header[0] >> 16;
931         packet->tcode = (packet->header[0] >> 4) & 0xf;
932         packet->tlabel = (packet->header[0] >> 10) & 0x3f;
933         packet->host = fi->host;
934         packet->expect_response = expect_response;
935         packet->header_size = header_length;
936         packet->data_size = req->req.length - header_length;
937
938         req->req.length = 0;
939         hpsb_set_packet_complete_task(packet,
940                                       (void (*)(void *))queue_complete_cb, req);
941
942         spin_lock_irqsave(&fi->reqlists_lock, flags);
943         list_add_tail(&req->list, &fi->req_pending);
944         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
945
946         /* Update the generation of the packet just before sending. */
947         packet->generation = req->req.generation;
948
949         if (hpsb_send_packet(packet) < 0) {
950                 req->req.error = RAW1394_ERROR_SEND_ERROR;
951                 queue_complete_req(req);
952         }
953
954         return sizeof(struct raw1394_request);
955 }
956
957 static int arm_read(struct hpsb_host *host, int nodeid, quadlet_t * buffer,
958                     u64 addr, size_t length, u16 flags)
959 {
960         unsigned long irqflags;
961         struct pending_request *req;
962         struct host_info *hi;
963         struct file_info *fi = NULL;
964         struct list_head *entry;
965         struct arm_addr *arm_addr = NULL;
966         struct arm_request *arm_req = NULL;
967         struct arm_response *arm_resp = NULL;
968         int found = 0, size = 0, rcode = -1;
969         struct arm_request_response *arm_req_resp = NULL;
970
971         DBGMSG("arm_read  called by node: %X"
972                "addr: %4.4x %8.8x length: %Zu", nodeid,
973                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
974                length);
975         spin_lock_irqsave(&host_info_lock, irqflags);
976         hi = find_host_info(host);      /* search address-entry */
977         if (hi != NULL) {
978                 list_for_each_entry(fi, &hi->file_info_list, list) {
979                         entry = fi->addr_list.next;
980                         while (entry != &(fi->addr_list)) {
981                                 arm_addr =
982                                     list_entry(entry, struct arm_addr,
983                                                addr_list);
984                                 if (((arm_addr->start) <= (addr))
985                                     && ((arm_addr->end) >= (addr + length))) {
986                                         found = 1;
987                                         break;
988                                 }
989                                 entry = entry->next;
990                         }
991                         if (found) {
992                                 break;
993                         }
994                 }
995         }
996         rcode = -1;
997         if (!found) {
998                 printk(KERN_ERR "raw1394: arm_read FAILED addr_entry not found"
999                        " -> rcode_address_error\n");
1000                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1001                 return (RCODE_ADDRESS_ERROR);
1002         } else {
1003                 DBGMSG("arm_read addr_entry FOUND");
1004         }
1005         if (arm_addr->rec_length < length) {
1006                 DBGMSG("arm_read blocklength too big -> rcode_data_error");
1007                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1008         }
1009         if (rcode == -1) {
1010                 if (arm_addr->access_rights & ARM_READ) {
1011                         if (!(arm_addr->client_transactions & ARM_READ)) {
1012                                 memcpy(buffer,
1013                                        (arm_addr->addr_space_buffer) + (addr -
1014                                                                         (arm_addr->
1015                                                                          start)),
1016                                        length);
1017                                 DBGMSG("arm_read -> (rcode_complete)");
1018                                 rcode = RCODE_COMPLETE;
1019                         }
1020                 } else {
1021                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1022                         DBGMSG("arm_read -> rcode_type_error (access denied)");
1023                 }
1024         }
1025         if (arm_addr->notification_options & ARM_READ) {
1026                 DBGMSG("arm_read -> entering notification-section");
1027                 req = __alloc_pending_request(SLAB_ATOMIC);
1028                 if (!req) {
1029                         DBGMSG("arm_read -> rcode_conflict_error");
1030                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1031                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1032                                                            The request may be retried */
1033                 }
1034                 if (rcode == RCODE_COMPLETE) {
1035                         size =
1036                             sizeof(struct arm_request) +
1037                             sizeof(struct arm_response) +
1038                             length * sizeof(byte_t) +
1039                             sizeof(struct arm_request_response);
1040                 } else {
1041                         size =
1042                             sizeof(struct arm_request) +
1043                             sizeof(struct arm_response) +
1044                             sizeof(struct arm_request_response);
1045                 }
1046                 req->data = kmalloc(size, SLAB_ATOMIC);
1047                 if (!(req->data)) {
1048                         free_pending_request(req);
1049                         DBGMSG("arm_read -> rcode_conflict_error");
1050                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1051                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1052                                                            The request may be retried */
1053                 }
1054                 req->free_data = 1;
1055                 req->file_info = fi;
1056                 req->req.type = RAW1394_REQ_ARM;
1057                 req->req.generation = get_hpsb_generation(host);
1058                 req->req.misc =
1059                     (((length << 16) & (0xFFFF0000)) | (ARM_READ & 0xFF));
1060                 req->req.tag = arm_addr->arm_tag;
1061                 req->req.recvb = arm_addr->recvb;
1062                 req->req.length = size;
1063                 arm_req_resp = (struct arm_request_response *)(req->data);
1064                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1065                                                  (sizeof
1066                                                   (struct
1067                                                    arm_request_response)));
1068                 arm_resp =
1069                     (struct arm_response *)((byte_t *) (arm_req) +
1070                                             (sizeof(struct arm_request)));
1071                 arm_req->buffer = NULL;
1072                 arm_resp->buffer = NULL;
1073                 if (rcode == RCODE_COMPLETE) {
1074                         byte_t *buf =
1075                             (byte_t *) arm_resp + sizeof(struct arm_response);
1076                         memcpy(buf,
1077                                (arm_addr->addr_space_buffer) + (addr -
1078                                                                 (arm_addr->
1079                                                                  start)),
1080                                length);
1081                         arm_resp->buffer =
1082                             int2ptr((arm_addr->recvb) +
1083                                     sizeof(struct arm_request_response) +
1084                                     sizeof(struct arm_request) +
1085                                     sizeof(struct arm_response));
1086                 }
1087                 arm_resp->buffer_length =
1088                     (rcode == RCODE_COMPLETE) ? length : 0;
1089                 arm_resp->response_code = rcode;
1090                 arm_req->buffer_length = 0;
1091                 arm_req->generation = req->req.generation;
1092                 arm_req->extended_transaction_code = 0;
1093                 arm_req->destination_offset = addr;
1094                 arm_req->source_nodeid = nodeid;
1095                 arm_req->destination_nodeid = host->node_id;
1096                 arm_req->tlabel = (flags >> 10) & 0x3f;
1097                 arm_req->tcode = (flags >> 4) & 0x0f;
1098                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1099                                                 sizeof(struct
1100                                                        arm_request_response));
1101                 arm_req_resp->response =
1102                     int2ptr((arm_addr->recvb) +
1103                             sizeof(struct arm_request_response) +
1104                             sizeof(struct arm_request));
1105                 queue_complete_req(req);
1106         }
1107         spin_unlock_irqrestore(&host_info_lock, irqflags);
1108         return (rcode);
1109 }
1110
1111 static int arm_write(struct hpsb_host *host, int nodeid, int destid,
1112                      quadlet_t * data, u64 addr, size_t length, u16 flags)
1113 {
1114         unsigned long irqflags;
1115         struct pending_request *req;
1116         struct host_info *hi;
1117         struct file_info *fi = NULL;
1118         struct list_head *entry;
1119         struct arm_addr *arm_addr = NULL;
1120         struct arm_request *arm_req = NULL;
1121         struct arm_response *arm_resp = NULL;
1122         int found = 0, size = 0, rcode = -1, length_conflict = 0;
1123         struct arm_request_response *arm_req_resp = NULL;
1124
1125         DBGMSG("arm_write called by node: %X"
1126                "addr: %4.4x %8.8x length: %Zu", nodeid,
1127                (u16) ((addr >> 32) & 0xFFFF), (u32) (addr & 0xFFFFFFFF),
1128                length);
1129         spin_lock_irqsave(&host_info_lock, irqflags);
1130         hi = find_host_info(host);      /* search address-entry */
1131         if (hi != NULL) {
1132                 list_for_each_entry(fi, &hi->file_info_list, list) {
1133                         entry = fi->addr_list.next;
1134                         while (entry != &(fi->addr_list)) {
1135                                 arm_addr =
1136                                     list_entry(entry, struct arm_addr,
1137                                                addr_list);
1138                                 if (((arm_addr->start) <= (addr))
1139                                     && ((arm_addr->end) >= (addr + length))) {
1140                                         found = 1;
1141                                         break;
1142                                 }
1143                                 entry = entry->next;
1144                         }
1145                         if (found) {
1146                                 break;
1147                         }
1148                 }
1149         }
1150         rcode = -1;
1151         if (!found) {
1152                 printk(KERN_ERR "raw1394: arm_write FAILED addr_entry not found"
1153                        " -> rcode_address_error\n");
1154                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1155                 return (RCODE_ADDRESS_ERROR);
1156         } else {
1157                 DBGMSG("arm_write addr_entry FOUND");
1158         }
1159         if (arm_addr->rec_length < length) {
1160                 DBGMSG("arm_write blocklength too big -> rcode_data_error");
1161                 length_conflict = 1;
1162                 rcode = RCODE_DATA_ERROR;       /* hardware error, data is unavailable */
1163         }
1164         if (rcode == -1) {
1165                 if (arm_addr->access_rights & ARM_WRITE) {
1166                         if (!(arm_addr->client_transactions & ARM_WRITE)) {
1167                                 memcpy((arm_addr->addr_space_buffer) +
1168                                        (addr - (arm_addr->start)), data,
1169                                        length);
1170                                 DBGMSG("arm_write -> (rcode_complete)");
1171                                 rcode = RCODE_COMPLETE;
1172                         }
1173                 } else {
1174                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1175                         DBGMSG("arm_write -> rcode_type_error (access denied)");
1176                 }
1177         }
1178         if (arm_addr->notification_options & ARM_WRITE) {
1179                 DBGMSG("arm_write -> entering notification-section");
1180                 req = __alloc_pending_request(SLAB_ATOMIC);
1181                 if (!req) {
1182                         DBGMSG("arm_write -> rcode_conflict_error");
1183                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1184                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1185                                                            The request my be retried */
1186                 }
1187                 size =
1188                     sizeof(struct arm_request) + sizeof(struct arm_response) +
1189                     (length) * sizeof(byte_t) +
1190                     sizeof(struct arm_request_response);
1191                 req->data = kmalloc(size, SLAB_ATOMIC);
1192                 if (!(req->data)) {
1193                         free_pending_request(req);
1194                         DBGMSG("arm_write -> rcode_conflict_error");
1195                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1196                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1197                                                            The request may be retried */
1198                 }
1199                 req->free_data = 1;
1200                 req->file_info = fi;
1201                 req->req.type = RAW1394_REQ_ARM;
1202                 req->req.generation = get_hpsb_generation(host);
1203                 req->req.misc =
1204                     (((length << 16) & (0xFFFF0000)) | (ARM_WRITE & 0xFF));
1205                 req->req.tag = arm_addr->arm_tag;
1206                 req->req.recvb = arm_addr->recvb;
1207                 req->req.length = size;
1208                 arm_req_resp = (struct arm_request_response *)(req->data);
1209                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1210                                                  (sizeof
1211                                                   (struct
1212                                                    arm_request_response)));
1213                 arm_resp =
1214                     (struct arm_response *)((byte_t *) (arm_req) +
1215                                             (sizeof(struct arm_request)));
1216                 arm_resp->buffer = NULL;
1217                 memcpy((byte_t *) arm_resp + sizeof(struct arm_response),
1218                        data, length);
1219                 arm_req->buffer = int2ptr((arm_addr->recvb) +
1220                                           sizeof(struct arm_request_response) +
1221                                           sizeof(struct arm_request) +
1222                                           sizeof(struct arm_response));
1223                 arm_req->buffer_length = length;
1224                 arm_req->generation = req->req.generation;
1225                 arm_req->extended_transaction_code = 0;
1226                 arm_req->destination_offset = addr;
1227                 arm_req->source_nodeid = nodeid;
1228                 arm_req->destination_nodeid = destid;
1229                 arm_req->tlabel = (flags >> 10) & 0x3f;
1230                 arm_req->tcode = (flags >> 4) & 0x0f;
1231                 arm_resp->buffer_length = 0;
1232                 arm_resp->response_code = rcode;
1233                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1234                                                 sizeof(struct
1235                                                        arm_request_response));
1236                 arm_req_resp->response =
1237                     int2ptr((arm_addr->recvb) +
1238                             sizeof(struct arm_request_response) +
1239                             sizeof(struct arm_request));
1240                 queue_complete_req(req);
1241         }
1242         spin_unlock_irqrestore(&host_info_lock, irqflags);
1243         return (rcode);
1244 }
1245
1246 static int arm_lock(struct hpsb_host *host, int nodeid, quadlet_t * store,
1247                     u64 addr, quadlet_t data, quadlet_t arg, int ext_tcode,
1248                     u16 flags)
1249 {
1250         unsigned long irqflags;
1251         struct pending_request *req;
1252         struct host_info *hi;
1253         struct file_info *fi = NULL;
1254         struct list_head *entry;
1255         struct arm_addr *arm_addr = NULL;
1256         struct arm_request *arm_req = NULL;
1257         struct arm_response *arm_resp = NULL;
1258         int found = 0, size = 0, rcode = -1;
1259         quadlet_t old, new;
1260         struct arm_request_response *arm_req_resp = NULL;
1261
1262         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1263             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1264                 DBGMSG("arm_lock  called by node: %X "
1265                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X",
1266                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1267                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1268                        be32_to_cpu(data));
1269         } else {
1270                 DBGMSG("arm_lock  called by node: %X "
1271                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X arg: %8.8X",
1272                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1273                        (u32) (addr & 0xFFFFFFFF), ext_tcode & 0xFF,
1274                        be32_to_cpu(data), be32_to_cpu(arg));
1275         }
1276         spin_lock_irqsave(&host_info_lock, irqflags);
1277         hi = find_host_info(host);      /* search address-entry */
1278         if (hi != NULL) {
1279                 list_for_each_entry(fi, &hi->file_info_list, list) {
1280                         entry = fi->addr_list.next;
1281                         while (entry != &(fi->addr_list)) {
1282                                 arm_addr =
1283                                     list_entry(entry, struct arm_addr,
1284                                                addr_list);
1285                                 if (((arm_addr->start) <= (addr))
1286                                     && ((arm_addr->end) >=
1287                                         (addr + sizeof(*store)))) {
1288                                         found = 1;
1289                                         break;
1290                                 }
1291                                 entry = entry->next;
1292                         }
1293                         if (found) {
1294                                 break;
1295                         }
1296                 }
1297         }
1298         rcode = -1;
1299         if (!found) {
1300                 printk(KERN_ERR "raw1394: arm_lock FAILED addr_entry not found"
1301                        " -> rcode_address_error\n");
1302                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1303                 return (RCODE_ADDRESS_ERROR);
1304         } else {
1305                 DBGMSG("arm_lock addr_entry FOUND");
1306         }
1307         if (rcode == -1) {
1308                 if (arm_addr->access_rights & ARM_LOCK) {
1309                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1310                                 memcpy(&old,
1311                                        (arm_addr->addr_space_buffer) + (addr -
1312                                                                         (arm_addr->
1313                                                                          start)),
1314                                        sizeof(old));
1315                                 switch (ext_tcode) {
1316                                 case (EXTCODE_MASK_SWAP):
1317                                         new = data | (old & ~arg);
1318                                         break;
1319                                 case (EXTCODE_COMPARE_SWAP):
1320                                         if (old == arg) {
1321                                                 new = data;
1322                                         } else {
1323                                                 new = old;
1324                                         }
1325                                         break;
1326                                 case (EXTCODE_FETCH_ADD):
1327                                         new =
1328                                             cpu_to_be32(be32_to_cpu(data) +
1329                                                         be32_to_cpu(old));
1330                                         break;
1331                                 case (EXTCODE_LITTLE_ADD):
1332                                         new =
1333                                             cpu_to_le32(le32_to_cpu(data) +
1334                                                         le32_to_cpu(old));
1335                                         break;
1336                                 case (EXTCODE_BOUNDED_ADD):
1337                                         if (old != arg) {
1338                                                 new =
1339                                                     cpu_to_be32(be32_to_cpu
1340                                                                 (data) +
1341                                                                 be32_to_cpu
1342                                                                 (old));
1343                                         } else {
1344                                                 new = old;
1345                                         }
1346                                         break;
1347                                 case (EXTCODE_WRAP_ADD):
1348                                         if (old != arg) {
1349                                                 new =
1350                                                     cpu_to_be32(be32_to_cpu
1351                                                                 (data) +
1352                                                                 be32_to_cpu
1353                                                                 (old));
1354                                         } else {
1355                                                 new = data;
1356                                         }
1357                                         break;
1358                                 default:
1359                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1360                                         printk(KERN_ERR
1361                                                "raw1394: arm_lock FAILED "
1362                                                "ext_tcode not allowed -> rcode_type_error\n");
1363                                         break;
1364                                 }       /*switch */
1365                                 if (rcode == -1) {
1366                                         DBGMSG("arm_lock -> (rcode_complete)");
1367                                         rcode = RCODE_COMPLETE;
1368                                         memcpy(store, &old, sizeof(*store));
1369                                         memcpy((arm_addr->addr_space_buffer) +
1370                                                (addr - (arm_addr->start)),
1371                                                &new, sizeof(*store));
1372                                 }
1373                         }
1374                 } else {
1375                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1376                         DBGMSG("arm_lock -> rcode_type_error (access denied)");
1377                 }
1378         }
1379         if (arm_addr->notification_options & ARM_LOCK) {
1380                 byte_t *buf1, *buf2;
1381                 DBGMSG("arm_lock -> entering notification-section");
1382                 req = __alloc_pending_request(SLAB_ATOMIC);
1383                 if (!req) {
1384                         DBGMSG("arm_lock -> rcode_conflict_error");
1385                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1386                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1387                                                            The request may be retried */
1388                 }
1389                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1390                 req->data = kmalloc(size, SLAB_ATOMIC);
1391                 if (!(req->data)) {
1392                         free_pending_request(req);
1393                         DBGMSG("arm_lock -> rcode_conflict_error");
1394                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1395                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1396                                                            The request may be retried */
1397                 }
1398                 req->free_data = 1;
1399                 arm_req_resp = (struct arm_request_response *)(req->data);
1400                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1401                                                  (sizeof
1402                                                   (struct
1403                                                    arm_request_response)));
1404                 arm_resp =
1405                     (struct arm_response *)((byte_t *) (arm_req) +
1406                                             (sizeof(struct arm_request)));
1407                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1408                 buf2 = buf1 + 2 * sizeof(*store);
1409                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1410                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1411                         arm_req->buffer_length = sizeof(*store);
1412                         memcpy(buf1, &data, sizeof(*store));
1413
1414                 } else {
1415                         arm_req->buffer_length = 2 * sizeof(*store);
1416                         memcpy(buf1, &arg, sizeof(*store));
1417                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1418                 }
1419                 if (rcode == RCODE_COMPLETE) {
1420                         arm_resp->buffer_length = sizeof(*store);
1421                         memcpy(buf2, &old, sizeof(*store));
1422                 } else {
1423                         arm_resp->buffer_length = 0;
1424                 }
1425                 req->file_info = fi;
1426                 req->req.type = RAW1394_REQ_ARM;
1427                 req->req.generation = get_hpsb_generation(host);
1428                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1429                                  (ARM_LOCK & 0xFF));
1430                 req->req.tag = arm_addr->arm_tag;
1431                 req->req.recvb = arm_addr->recvb;
1432                 req->req.length = size;
1433                 arm_req->generation = req->req.generation;
1434                 arm_req->extended_transaction_code = ext_tcode;
1435                 arm_req->destination_offset = addr;
1436                 arm_req->source_nodeid = nodeid;
1437                 arm_req->destination_nodeid = host->node_id;
1438                 arm_req->tlabel = (flags >> 10) & 0x3f;
1439                 arm_req->tcode = (flags >> 4) & 0x0f;
1440                 arm_resp->response_code = rcode;
1441                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1442                                                 sizeof(struct
1443                                                        arm_request_response));
1444                 arm_req_resp->response =
1445                     int2ptr((arm_addr->recvb) +
1446                             sizeof(struct arm_request_response) +
1447                             sizeof(struct arm_request));
1448                 arm_req->buffer =
1449                     int2ptr((arm_addr->recvb) +
1450                             sizeof(struct arm_request_response) +
1451                             sizeof(struct arm_request) +
1452                             sizeof(struct arm_response));
1453                 arm_resp->buffer =
1454                     int2ptr((arm_addr->recvb) +
1455                             sizeof(struct arm_request_response) +
1456                             sizeof(struct arm_request) +
1457                             sizeof(struct arm_response) + 2 * sizeof(*store));
1458                 queue_complete_req(req);
1459         }
1460         spin_unlock_irqrestore(&host_info_lock, irqflags);
1461         return (rcode);
1462 }
1463
1464 static int arm_lock64(struct hpsb_host *host, int nodeid, octlet_t * store,
1465                       u64 addr, octlet_t data, octlet_t arg, int ext_tcode,
1466                       u16 flags)
1467 {
1468         unsigned long irqflags;
1469         struct pending_request *req;
1470         struct host_info *hi;
1471         struct file_info *fi = NULL;
1472         struct list_head *entry;
1473         struct arm_addr *arm_addr = NULL;
1474         struct arm_request *arm_req = NULL;
1475         struct arm_response *arm_resp = NULL;
1476         int found = 0, size = 0, rcode = -1;
1477         octlet_t old, new;
1478         struct arm_request_response *arm_req_resp = NULL;
1479
1480         if (((ext_tcode & 0xFF) == EXTCODE_FETCH_ADD) ||
1481             ((ext_tcode & 0xFF) == EXTCODE_LITTLE_ADD)) {
1482                 DBGMSG("arm_lock64 called by node: %X "
1483                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X ",
1484                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1485                        (u32) (addr & 0xFFFFFFFF),
1486                        ext_tcode & 0xFF,
1487                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1488                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF));
1489         } else {
1490                 DBGMSG("arm_lock64 called by node: %X "
1491                        "addr: %4.4x %8.8x extcode: %2.2X data: %8.8X %8.8X arg: "
1492                        "%8.8X %8.8X ",
1493                        nodeid, (u16) ((addr >> 32) & 0xFFFF),
1494                        (u32) (addr & 0xFFFFFFFF),
1495                        ext_tcode & 0xFF,
1496                        (u32) ((be64_to_cpu(data) >> 32) & 0xFFFFFFFF),
1497                        (u32) (be64_to_cpu(data) & 0xFFFFFFFF),
1498                        (u32) ((be64_to_cpu(arg) >> 32) & 0xFFFFFFFF),
1499                        (u32) (be64_to_cpu(arg) & 0xFFFFFFFF));
1500         }
1501         spin_lock_irqsave(&host_info_lock, irqflags);
1502         hi = find_host_info(host);      /* search addressentry in file_info's for host */
1503         if (hi != NULL) {
1504                 list_for_each_entry(fi, &hi->file_info_list, list) {
1505                         entry = fi->addr_list.next;
1506                         while (entry != &(fi->addr_list)) {
1507                                 arm_addr =
1508                                     list_entry(entry, struct arm_addr,
1509                                                addr_list);
1510                                 if (((arm_addr->start) <= (addr))
1511                                     && ((arm_addr->end) >=
1512                                         (addr + sizeof(*store)))) {
1513                                         found = 1;
1514                                         break;
1515                                 }
1516                                 entry = entry->next;
1517                         }
1518                         if (found) {
1519                                 break;
1520                         }
1521                 }
1522         }
1523         rcode = -1;
1524         if (!found) {
1525                 printk(KERN_ERR
1526                        "raw1394: arm_lock64 FAILED addr_entry not found"
1527                        " -> rcode_address_error\n");
1528                 spin_unlock_irqrestore(&host_info_lock, irqflags);
1529                 return (RCODE_ADDRESS_ERROR);
1530         } else {
1531                 DBGMSG("arm_lock64 addr_entry FOUND");
1532         }
1533         if (rcode == -1) {
1534                 if (arm_addr->access_rights & ARM_LOCK) {
1535                         if (!(arm_addr->client_transactions & ARM_LOCK)) {
1536                                 memcpy(&old,
1537                                        (arm_addr->addr_space_buffer) + (addr -
1538                                                                         (arm_addr->
1539                                                                          start)),
1540                                        sizeof(old));
1541                                 switch (ext_tcode) {
1542                                 case (EXTCODE_MASK_SWAP):
1543                                         new = data | (old & ~arg);
1544                                         break;
1545                                 case (EXTCODE_COMPARE_SWAP):
1546                                         if (old == arg) {
1547                                                 new = data;
1548                                         } else {
1549                                                 new = old;
1550                                         }
1551                                         break;
1552                                 case (EXTCODE_FETCH_ADD):
1553                                         new =
1554                                             cpu_to_be64(be64_to_cpu(data) +
1555                                                         be64_to_cpu(old));
1556                                         break;
1557                                 case (EXTCODE_LITTLE_ADD):
1558                                         new =
1559                                             cpu_to_le64(le64_to_cpu(data) +
1560                                                         le64_to_cpu(old));
1561                                         break;
1562                                 case (EXTCODE_BOUNDED_ADD):
1563                                         if (old != arg) {
1564                                                 new =
1565                                                     cpu_to_be64(be64_to_cpu
1566                                                                 (data) +
1567                                                                 be64_to_cpu
1568                                                                 (old));
1569                                         } else {
1570                                                 new = old;
1571                                         }
1572                                         break;
1573                                 case (EXTCODE_WRAP_ADD):
1574                                         if (old != arg) {
1575                                                 new =
1576                                                     cpu_to_be64(be64_to_cpu
1577                                                                 (data) +
1578                                                                 be64_to_cpu
1579                                                                 (old));
1580                                         } else {
1581                                                 new = data;
1582                                         }
1583                                         break;
1584                                 default:
1585                                         printk(KERN_ERR
1586                                                "raw1394: arm_lock64 FAILED "
1587                                                "ext_tcode not allowed -> rcode_type_error\n");
1588                                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1589                                         break;
1590                                 }       /*switch */
1591                                 if (rcode == -1) {
1592                                         DBGMSG
1593                                             ("arm_lock64 -> (rcode_complete)");
1594                                         rcode = RCODE_COMPLETE;
1595                                         memcpy(store, &old, sizeof(*store));
1596                                         memcpy((arm_addr->addr_space_buffer) +
1597                                                (addr - (arm_addr->start)),
1598                                                &new, sizeof(*store));
1599                                 }
1600                         }
1601                 } else {
1602                         rcode = RCODE_TYPE_ERROR;       /* function not allowed */
1603                         DBGMSG
1604                             ("arm_lock64 -> rcode_type_error (access denied)");
1605                 }
1606         }
1607         if (arm_addr->notification_options & ARM_LOCK) {
1608                 byte_t *buf1, *buf2;
1609                 DBGMSG("arm_lock64 -> entering notification-section");
1610                 req = __alloc_pending_request(SLAB_ATOMIC);
1611                 if (!req) {
1612                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1613                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1614                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1615                                                            The request may be retried */
1616                 }
1617                 size = sizeof(struct arm_request) + sizeof(struct arm_response) + 3 * sizeof(*store) + sizeof(struct arm_request_response);     /* maximum */
1618                 req->data = kmalloc(size, SLAB_ATOMIC);
1619                 if (!(req->data)) {
1620                         free_pending_request(req);
1621                         spin_unlock_irqrestore(&host_info_lock, irqflags);
1622                         DBGMSG("arm_lock64 -> rcode_conflict_error");
1623                         return (RCODE_CONFLICT_ERROR);  /* A resource conflict was detected.
1624                                                            The request may be retried */
1625                 }
1626                 req->free_data = 1;
1627                 arm_req_resp = (struct arm_request_response *)(req->data);
1628                 arm_req = (struct arm_request *)((byte_t *) (req->data) +
1629                                                  (sizeof
1630                                                   (struct
1631                                                    arm_request_response)));
1632                 arm_resp =
1633                     (struct arm_response *)((byte_t *) (arm_req) +
1634                                             (sizeof(struct arm_request)));
1635                 buf1 = (byte_t *) arm_resp + sizeof(struct arm_response);
1636                 buf2 = buf1 + 2 * sizeof(*store);
1637                 if ((ext_tcode == EXTCODE_FETCH_ADD) ||
1638                     (ext_tcode == EXTCODE_LITTLE_ADD)) {
1639                         arm_req->buffer_length = sizeof(*store);
1640                         memcpy(buf1, &data, sizeof(*store));
1641
1642                 } else {
1643                         arm_req->buffer_length = 2 * sizeof(*store);
1644                         memcpy(buf1, &arg, sizeof(*store));
1645                         memcpy(buf1 + sizeof(*store), &data, sizeof(*store));
1646                 }
1647                 if (rcode == RCODE_COMPLETE) {
1648                         arm_resp->buffer_length = sizeof(*store);
1649                         memcpy(buf2, &old, sizeof(*store));
1650                 } else {
1651                         arm_resp->buffer_length = 0;
1652                 }
1653                 req->file_info = fi;
1654                 req->req.type = RAW1394_REQ_ARM;
1655                 req->req.generation = get_hpsb_generation(host);
1656                 req->req.misc = ((((sizeof(*store)) << 16) & (0xFFFF0000)) |
1657                                  (ARM_LOCK & 0xFF));
1658                 req->req.tag = arm_addr->arm_tag;
1659                 req->req.recvb = arm_addr->recvb;
1660                 req->req.length = size;
1661                 arm_req->generation = req->req.generation;
1662                 arm_req->extended_transaction_code = ext_tcode;
1663                 arm_req->destination_offset = addr;
1664                 arm_req->source_nodeid = nodeid;
1665                 arm_req->destination_nodeid = host->node_id;
1666                 arm_req->tlabel = (flags >> 10) & 0x3f;
1667                 arm_req->tcode = (flags >> 4) & 0x0f;
1668                 arm_resp->response_code = rcode;
1669                 arm_req_resp->request = int2ptr((arm_addr->recvb) +
1670                                                 sizeof(struct
1671                                                        arm_request_response));
1672                 arm_req_resp->response =
1673                     int2ptr((arm_addr->recvb) +
1674                             sizeof(struct arm_request_response) +
1675                             sizeof(struct arm_request));
1676                 arm_req->buffer =
1677                     int2ptr((arm_addr->recvb) +
1678                             sizeof(struct arm_request_response) +
1679                             sizeof(struct arm_request) +
1680                             sizeof(struct arm_response));
1681                 arm_resp->buffer =
1682                     int2ptr((arm_addr->recvb) +
1683                             sizeof(struct arm_request_response) +
1684                             sizeof(struct arm_request) +
1685                             sizeof(struct arm_response) + 2 * sizeof(*store));
1686                 queue_complete_req(req);
1687         }
1688         spin_unlock_irqrestore(&host_info_lock, irqflags);
1689         return (rcode);
1690 }
1691
1692 static int arm_register(struct file_info *fi, struct pending_request *req)
1693 {
1694         int retval;
1695         struct arm_addr *addr;
1696         struct host_info *hi;
1697         struct file_info *fi_hlp = NULL;
1698         struct list_head *entry;
1699         struct arm_addr *arm_addr = NULL;
1700         int same_host, another_host;
1701         unsigned long flags;
1702
1703         DBGMSG("arm_register called "
1704                "addr(Offset): %8.8x %8.8x length: %u "
1705                "rights: %2.2X notify: %2.2X "
1706                "max_blk_len: %4.4X",
1707                (u32) ((req->req.address >> 32) & 0xFFFF),
1708                (u32) (req->req.address & 0xFFFFFFFF),
1709                req->req.length, ((req->req.misc >> 8) & 0xFF),
1710                (req->req.misc & 0xFF), ((req->req.misc >> 16) & 0xFFFF));
1711         /* check addressrange */
1712         if ((((req->req.address) & ~(0xFFFFFFFFFFFFULL)) != 0) ||
1713             (((req->req.address + req->req.length) & ~(0xFFFFFFFFFFFFULL)) !=
1714              0)) {
1715                 req->req.length = 0;
1716                 return (-EINVAL);
1717         }
1718         /* addr-list-entry for fileinfo */
1719         addr = kmalloc(sizeof(*addr), SLAB_KERNEL);
1720         if (!addr) {
1721                 req->req.length = 0;
1722                 return (-ENOMEM);
1723         }
1724         /* allocation of addr_space_buffer */
1725         addr->addr_space_buffer = vmalloc(req->req.length);
1726         if (!(addr->addr_space_buffer)) {
1727                 kfree(addr);
1728                 req->req.length = 0;
1729                 return (-ENOMEM);
1730         }
1731         /* initialization of addr_space_buffer */
1732         if ((req->req.sendb) == (unsigned long)NULL) {
1733                 /* init: set 0 */
1734                 memset(addr->addr_space_buffer, 0, req->req.length);
1735         } else {
1736                 /* init: user -> kernel */
1737                 if (copy_from_user
1738                     (addr->addr_space_buffer, int2ptr(req->req.sendb),
1739                      req->req.length)) {
1740                         vfree(addr->addr_space_buffer);
1741                         kfree(addr);
1742                         return (-EFAULT);
1743                 }
1744         }
1745         INIT_LIST_HEAD(&addr->addr_list);
1746         addr->arm_tag = req->req.tag;
1747         addr->start = req->req.address;
1748         addr->end = req->req.address + req->req.length;
1749         addr->access_rights = (u8) (req->req.misc & 0x0F);
1750         addr->notification_options = (u8) ((req->req.misc >> 4) & 0x0F);
1751         addr->client_transactions = (u8) ((req->req.misc >> 8) & 0x0F);
1752         addr->access_rights |= addr->client_transactions;
1753         addr->notification_options |= addr->client_transactions;
1754         addr->recvb = req->req.recvb;
1755         addr->rec_length = (u16) ((req->req.misc >> 16) & 0xFFFF);
1756         spin_lock_irqsave(&host_info_lock, flags);
1757         hi = find_host_info(fi->host);
1758         same_host = 0;
1759         another_host = 0;
1760         /* same host with address-entry containing same addressrange ? */
1761         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1762                 entry = fi_hlp->addr_list.next;
1763                 while (entry != &(fi_hlp->addr_list)) {
1764                         arm_addr =
1765                             list_entry(entry, struct arm_addr, addr_list);
1766                         if ((arm_addr->start == addr->start)
1767                             && (arm_addr->end == addr->end)) {
1768                                 DBGMSG("same host ownes same "
1769                                        "addressrange -> EALREADY");
1770                                 same_host = 1;
1771                                 break;
1772                         }
1773                         entry = entry->next;
1774                 }
1775                 if (same_host) {
1776                         break;
1777                 }
1778         }
1779         if (same_host) {
1780                 /* addressrange occupied by same host */
1781                 vfree(addr->addr_space_buffer);
1782                 kfree(addr);
1783                 spin_unlock_irqrestore(&host_info_lock, flags);
1784                 return (-EALREADY);
1785         }
1786         /* another host with valid address-entry containing same addressrange */
1787         list_for_each_entry(hi, &host_info_list, list) {
1788                 if (hi->host != fi->host) {
1789                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1790                                 entry = fi_hlp->addr_list.next;
1791                                 while (entry != &(fi_hlp->addr_list)) {
1792                                         arm_addr =
1793                                             list_entry(entry, struct arm_addr,
1794                                                        addr_list);
1795                                         if ((arm_addr->start == addr->start)
1796                                             && (arm_addr->end == addr->end)) {
1797                                                 DBGMSG
1798                                                     ("another host ownes same "
1799                                                      "addressrange");
1800                                                 another_host = 1;
1801                                                 break;
1802                                         }
1803                                         entry = entry->next;
1804                                 }
1805                                 if (another_host) {
1806                                         break;
1807                                 }
1808                         }
1809                 }
1810         }
1811         if (another_host) {
1812                 DBGMSG("another hosts entry is valid -> SUCCESS");
1813                 if (copy_to_user(int2ptr(req->req.recvb),
1814                                  &addr->start, sizeof(u64))) {
1815                         printk(KERN_ERR "raw1394: arm_register failed "
1816                                " address-range-entry is invalid -> EFAULT !!!\n");
1817                         vfree(addr->addr_space_buffer);
1818                         kfree(addr);
1819                         spin_unlock_irqrestore(&host_info_lock, flags);
1820                         return (-EFAULT);
1821                 }
1822                 free_pending_request(req);      /* immediate success or fail */
1823                 /* INSERT ENTRY */
1824                 list_add_tail(&addr->addr_list, &fi->addr_list);
1825                 spin_unlock_irqrestore(&host_info_lock, flags);
1826                 return sizeof(struct raw1394_request);
1827         }
1828         retval =
1829             hpsb_register_addrspace(&raw1394_highlevel, fi->host, &arm_ops,
1830                                     req->req.address,
1831                                     req->req.address + req->req.length);
1832         if (retval) {
1833                 /* INSERT ENTRY */
1834                 list_add_tail(&addr->addr_list, &fi->addr_list);
1835         } else {
1836                 DBGMSG("arm_register failed errno: %d \n", retval);
1837                 vfree(addr->addr_space_buffer);
1838                 kfree(addr);
1839                 spin_unlock_irqrestore(&host_info_lock, flags);
1840                 return (-EALREADY);
1841         }
1842         spin_unlock_irqrestore(&host_info_lock, flags);
1843         free_pending_request(req);      /* immediate success or fail */
1844         return sizeof(struct raw1394_request);
1845 }
1846
1847 static int arm_unregister(struct file_info *fi, struct pending_request *req)
1848 {
1849         int found = 0;
1850         int retval = 0;
1851         struct list_head *entry;
1852         struct arm_addr *addr = NULL;
1853         struct host_info *hi;
1854         struct file_info *fi_hlp = NULL;
1855         struct arm_addr *arm_addr = NULL;
1856         int another_host;
1857         unsigned long flags;
1858
1859         DBGMSG("arm_Unregister called addr(Offset): "
1860                "%8.8x %8.8x",
1861                (u32) ((req->req.address >> 32) & 0xFFFF),
1862                (u32) (req->req.address & 0xFFFFFFFF));
1863         spin_lock_irqsave(&host_info_lock, flags);
1864         /* get addr */
1865         entry = fi->addr_list.next;
1866         while (entry != &(fi->addr_list)) {
1867                 addr = list_entry(entry, struct arm_addr, addr_list);
1868                 if (addr->start == req->req.address) {
1869                         found = 1;
1870                         break;
1871                 }
1872                 entry = entry->next;
1873         }
1874         if (!found) {
1875                 DBGMSG("arm_Unregister addr not found");
1876                 spin_unlock_irqrestore(&host_info_lock, flags);
1877                 return (-EINVAL);
1878         }
1879         DBGMSG("arm_Unregister addr found");
1880         another_host = 0;
1881         /* another host with valid address-entry containing
1882            same addressrange */
1883         list_for_each_entry(hi, &host_info_list, list) {
1884                 if (hi->host != fi->host) {
1885                         list_for_each_entry(fi_hlp, &hi->file_info_list, list) {
1886                                 entry = fi_hlp->addr_list.next;
1887                                 while (entry != &(fi_hlp->addr_list)) {
1888                                         arm_addr = list_entry(entry,
1889                                                               struct arm_addr,
1890                                                               addr_list);
1891                                         if (arm_addr->start == addr->start) {
1892                                                 DBGMSG("another host ownes "
1893                                                        "same addressrange");
1894                                                 another_host = 1;
1895                                                 break;
1896                                         }
1897                                         entry = entry->next;
1898                                 }
1899                                 if (another_host) {
1900                                         break;
1901                                 }
1902                         }
1903                 }
1904         }
1905         if (another_host) {
1906                 DBGMSG("delete entry from list -> success");
1907                 list_del(&addr->addr_list);
1908                 vfree(addr->addr_space_buffer);
1909                 kfree(addr);
1910                 free_pending_request(req);      /* immediate success or fail */
1911                 spin_unlock_irqrestore(&host_info_lock, flags);
1912                 return sizeof(struct raw1394_request);
1913         }
1914         retval =
1915             hpsb_unregister_addrspace(&raw1394_highlevel, fi->host,
1916                                       addr->start);
1917         if (!retval) {
1918                 printk(KERN_ERR "raw1394: arm_Unregister failed -> EINVAL\n");
1919                 spin_unlock_irqrestore(&host_info_lock, flags);
1920                 return (-EINVAL);
1921         }
1922         DBGMSG("delete entry from list -> success");
1923         list_del(&addr->addr_list);
1924         spin_unlock_irqrestore(&host_info_lock, flags);
1925         vfree(addr->addr_space_buffer);
1926         kfree(addr);
1927         free_pending_request(req);      /* immediate success or fail */
1928         return sizeof(struct raw1394_request);
1929 }
1930
1931 /* Copy data from ARM buffer(s) to user buffer. */
1932 static int arm_get_buf(struct file_info *fi, struct pending_request *req)
1933 {
1934         struct arm_addr *arm_addr = NULL;
1935         unsigned long flags;
1936         unsigned long offset;
1937
1938         struct list_head *entry;
1939
1940         DBGMSG("arm_get_buf "
1941                "addr(Offset): %04X %08X length: %u",
1942                (u32) ((req->req.address >> 32) & 0xFFFF),
1943                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
1944
1945         spin_lock_irqsave(&host_info_lock, flags);
1946         entry = fi->addr_list.next;
1947         while (entry != &(fi->addr_list)) {
1948                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
1949                 if ((arm_addr->start <= req->req.address) &&
1950                     (arm_addr->end > req->req.address)) {
1951                         if (req->req.address + req->req.length <= arm_addr->end) {
1952                                 offset = req->req.address - arm_addr->start;
1953
1954                                 DBGMSG
1955                                     ("arm_get_buf copy_to_user( %08X, %p, %u )",
1956                                      (u32) req->req.recvb,
1957                                      arm_addr->addr_space_buffer + offset,
1958                                      (u32) req->req.length);
1959
1960                                 if (copy_to_user
1961                                     (int2ptr(req->req.recvb),
1962                                      arm_addr->addr_space_buffer + offset,
1963                                      req->req.length)) {
1964                                         spin_unlock_irqrestore(&host_info_lock,
1965                                                                flags);
1966                                         return (-EFAULT);
1967                                 }
1968
1969                                 spin_unlock_irqrestore(&host_info_lock, flags);
1970                                 /* We have to free the request, because we
1971                                  * queue no response, and therefore nobody
1972                                  * will free it. */
1973                                 free_pending_request(req);
1974                                 return sizeof(struct raw1394_request);
1975                         } else {
1976                                 DBGMSG("arm_get_buf request exceeded mapping");
1977                                 spin_unlock_irqrestore(&host_info_lock, flags);
1978                                 return (-EINVAL);
1979                         }
1980                 }
1981                 entry = entry->next;
1982         }
1983         spin_unlock_irqrestore(&host_info_lock, flags);
1984         return (-EINVAL);
1985 }
1986
1987 /* Copy data from user buffer to ARM buffer(s). */
1988 static int arm_set_buf(struct file_info *fi, struct pending_request *req)
1989 {
1990         struct arm_addr *arm_addr = NULL;
1991         unsigned long flags;
1992         unsigned long offset;
1993
1994         struct list_head *entry;
1995
1996         DBGMSG("arm_set_buf "
1997                "addr(Offset): %04X %08X length: %u",
1998                (u32) ((req->req.address >> 32) & 0xFFFF),
1999                (u32) (req->req.address & 0xFFFFFFFF), (u32) req->req.length);
2000
2001         spin_lock_irqsave(&host_info_lock, flags);
2002         entry = fi->addr_list.next;
2003         while (entry != &(fi->addr_list)) {
2004                 arm_addr = list_entry(entry, struct arm_addr, addr_list);
2005                 if ((arm_addr->start <= req->req.address) &&
2006                     (arm_addr->end > req->req.address)) {
2007                         if (req->req.address + req->req.length <= arm_addr->end) {
2008                                 offset = req->req.address - arm_addr->start;
2009
2010                                 DBGMSG
2011                                     ("arm_set_buf copy_from_user( %p, %08X, %u )",
2012                                      arm_addr->addr_space_buffer + offset,
2013                                      (u32) req->req.sendb,
2014                                      (u32) req->req.length);
2015
2016                                 if (copy_from_user
2017                                     (arm_addr->addr_space_buffer + offset,
2018                                      int2ptr(req->req.sendb),
2019                                      req->req.length)) {
2020                                         spin_unlock_irqrestore(&host_info_lock,
2021                                                                flags);
2022                                         return (-EFAULT);
2023                                 }
2024
2025                                 spin_unlock_irqrestore(&host_info_lock, flags);
2026                                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2027                                 return sizeof(struct raw1394_request);
2028                         } else {
2029                                 DBGMSG("arm_set_buf request exceeded mapping");
2030                                 spin_unlock_irqrestore(&host_info_lock, flags);
2031                                 return (-EINVAL);
2032                         }
2033                 }
2034                 entry = entry->next;
2035         }
2036         spin_unlock_irqrestore(&host_info_lock, flags);
2037         return (-EINVAL);
2038 }
2039
2040 static int reset_notification(struct file_info *fi, struct pending_request *req)
2041 {
2042         DBGMSG("reset_notification called - switch %s ",
2043                (req->req.misc == RAW1394_NOTIFY_OFF) ? "OFF" : "ON");
2044         if ((req->req.misc == RAW1394_NOTIFY_OFF) ||
2045             (req->req.misc == RAW1394_NOTIFY_ON)) {
2046                 fi->notification = (u8) req->req.misc;
2047                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2048                 return sizeof(struct raw1394_request);
2049         }
2050         /* error EINVAL (22) invalid argument */
2051         return (-EINVAL);
2052 }
2053
2054 static int write_phypacket(struct file_info *fi, struct pending_request *req)
2055 {
2056         struct hpsb_packet *packet = NULL;
2057         int retval = 0;
2058         quadlet_t data;
2059         unsigned long flags;
2060
2061         data = be32_to_cpu((u32) req->req.sendb);
2062         DBGMSG("write_phypacket called - quadlet 0x%8.8x ", data);
2063         packet = hpsb_make_phypacket(fi->host, data);
2064         if (!packet)
2065                 return -ENOMEM;
2066         req->req.length = 0;
2067         req->packet = packet;
2068         hpsb_set_packet_complete_task(packet,
2069                                       (void (*)(void *))queue_complete_cb, req);
2070         spin_lock_irqsave(&fi->reqlists_lock, flags);
2071         list_add_tail(&req->list, &fi->req_pending);
2072         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2073         packet->generation = req->req.generation;
2074         retval = hpsb_send_packet(packet);
2075         DBGMSG("write_phypacket send_packet called => retval: %d ", retval);
2076         if (retval < 0) {
2077                 req->req.error = RAW1394_ERROR_SEND_ERROR;
2078                 req->req.length = 0;
2079                 queue_complete_req(req);
2080         }
2081         return sizeof(struct raw1394_request);
2082 }
2083
2084 static int get_config_rom(struct file_info *fi, struct pending_request *req)
2085 {
2086         int ret = sizeof(struct raw1394_request);
2087         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2088         int status;
2089
2090         if (!data)
2091                 return -ENOMEM;
2092
2093         status =
2094             csr1212_read(fi->host->csr.rom, CSR1212_CONFIG_ROM_SPACE_OFFSET,
2095                          data, req->req.length);
2096         if (copy_to_user(int2ptr(req->req.recvb), data, req->req.length))
2097                 ret = -EFAULT;
2098         if (copy_to_user
2099             (int2ptr(req->req.tag), &fi->host->csr.rom->cache_head->len,
2100              sizeof(fi->host->csr.rom->cache_head->len)))
2101                 ret = -EFAULT;
2102         if (copy_to_user(int2ptr(req->req.address), &fi->host->csr.generation,
2103                          sizeof(fi->host->csr.generation)))
2104                 ret = -EFAULT;
2105         if (copy_to_user(int2ptr(req->req.sendb), &status, sizeof(status)))
2106                 ret = -EFAULT;
2107         kfree(data);
2108         if (ret >= 0) {
2109                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2110         }
2111         return ret;
2112 }
2113
2114 static int update_config_rom(struct file_info *fi, struct pending_request *req)
2115 {
2116         int ret = sizeof(struct raw1394_request);
2117         quadlet_t *data = kmalloc(req->req.length, SLAB_KERNEL);
2118         if (!data)
2119                 return -ENOMEM;
2120         if (copy_from_user(data, int2ptr(req->req.sendb), req->req.length)) {
2121                 ret = -EFAULT;
2122         } else {
2123                 int status = hpsb_update_config_rom(fi->host,
2124                                                     data, req->req.length,
2125                                                     (unsigned char)req->req.
2126                                                     misc);
2127                 if (copy_to_user
2128                     (int2ptr(req->req.recvb), &status, sizeof(status)))
2129                         ret = -ENOMEM;
2130         }
2131         kfree(data);
2132         if (ret >= 0) {
2133                 free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2134                 fi->cfgrom_upd = 1;
2135         }
2136         return ret;
2137 }
2138
2139 static int modify_config_rom(struct file_info *fi, struct pending_request *req)
2140 {
2141         struct csr1212_keyval *kv;
2142         struct csr1212_csr_rom_cache *cache;
2143         struct csr1212_dentry *dentry;
2144         u32 dr;
2145         int ret = 0;
2146
2147         if (req->req.misc == ~0) {
2148                 if (req->req.length == 0)
2149                         return -EINVAL;
2150
2151                 /* Find an unused slot */
2152                 for (dr = 0;
2153                      dr < RAW1394_MAX_USER_CSR_DIRS && fi->csr1212_dirs[dr];
2154                      dr++) ;
2155
2156                 if (dr == RAW1394_MAX_USER_CSR_DIRS)
2157                         return -ENOMEM;
2158
2159                 fi->csr1212_dirs[dr] =
2160                     csr1212_new_directory(CSR1212_KV_ID_VENDOR);
2161                 if (!fi->csr1212_dirs[dr])
2162                         return -ENOMEM;
2163         } else {
2164                 dr = req->req.misc;
2165                 if (!fi->csr1212_dirs[dr])
2166                         return -EINVAL;
2167
2168                 /* Delete old stuff */
2169                 for (dentry =
2170                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2171                      dentry; dentry = dentry->next) {
2172                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2173                                                              root_kv,
2174                                                              dentry->kv);
2175                 }
2176
2177                 if (req->req.length == 0) {
2178                         csr1212_release_keyval(fi->csr1212_dirs[dr]);
2179                         fi->csr1212_dirs[dr] = NULL;
2180
2181                         hpsb_update_config_rom_image(fi->host);
2182                         free_pending_request(req);
2183                         return sizeof(struct raw1394_request);
2184                 }
2185         }
2186
2187         cache = csr1212_rom_cache_malloc(0, req->req.length);
2188         if (!cache) {
2189                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2190                 fi->csr1212_dirs[dr] = NULL;
2191                 return -ENOMEM;
2192         }
2193
2194         cache->filled_head = kmalloc(sizeof(*cache->filled_head), GFP_KERNEL);
2195         if (!cache->filled_head) {
2196                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2197                 fi->csr1212_dirs[dr] = NULL;
2198                 CSR1212_FREE(cache);
2199                 return -ENOMEM;
2200         }
2201         cache->filled_tail = cache->filled_head;
2202
2203         if (copy_from_user(cache->data, int2ptr(req->req.sendb),
2204                            req->req.length)) {
2205                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2206                 fi->csr1212_dirs[dr] = NULL;
2207                 ret = -EFAULT;
2208         } else {
2209                 cache->len = req->req.length;
2210                 cache->filled_head->offset_start = 0;
2211                 cache->filled_head->offset_end = cache->size - 1;
2212
2213                 cache->layout_head = cache->layout_tail = fi->csr1212_dirs[dr];
2214
2215                 ret = CSR1212_SUCCESS;
2216                 /* parse all the items */
2217                 for (kv = cache->layout_head; ret == CSR1212_SUCCESS && kv;
2218                      kv = kv->next) {
2219                         ret = csr1212_parse_keyval(kv, cache);
2220                 }
2221
2222                 /* attach top level items to the root directory */
2223                 for (dentry =
2224                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2225                      ret == CSR1212_SUCCESS && dentry; dentry = dentry->next) {
2226                         ret =
2227                             csr1212_attach_keyval_to_directory(fi->host->csr.
2228                                                                rom->root_kv,
2229                                                                dentry->kv);
2230                 }
2231
2232                 if (ret == CSR1212_SUCCESS) {
2233                         ret = hpsb_update_config_rom_image(fi->host);
2234
2235                         if (ret >= 0 && copy_to_user(int2ptr(req->req.recvb),
2236                                                      &dr, sizeof(dr))) {
2237                                 ret = -ENOMEM;
2238                         }
2239                 }
2240         }
2241         kfree(cache->filled_head);
2242         CSR1212_FREE(cache);
2243
2244         if (ret >= 0) {
2245                 /* we have to free the request, because we queue no response,
2246                  * and therefore nobody will free it */
2247                 free_pending_request(req);
2248                 return sizeof(struct raw1394_request);
2249         } else {
2250                 for (dentry =
2251                      fi->csr1212_dirs[dr]->value.directory.dentries_head;
2252                      dentry; dentry = dentry->next) {
2253                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2254                                                              root_kv,
2255                                                              dentry->kv);
2256                 }
2257                 csr1212_release_keyval(fi->csr1212_dirs[dr]);
2258                 fi->csr1212_dirs[dr] = NULL;
2259                 return ret;
2260         }
2261 }
2262
2263 static int state_connected(struct file_info *fi, struct pending_request *req)
2264 {
2265         int node = req->req.address >> 48;
2266
2267         req->req.error = RAW1394_ERROR_NONE;
2268
2269         switch (req->req.type) {
2270
2271         case RAW1394_REQ_ECHO:
2272                 queue_complete_req(req);
2273                 return sizeof(struct raw1394_request);
2274
2275         case RAW1394_REQ_ISO_SEND:
2276                 return handle_iso_send(fi, req, node);
2277
2278         case RAW1394_REQ_ARM_REGISTER:
2279                 return arm_register(fi, req);
2280
2281         case RAW1394_REQ_ARM_UNREGISTER:
2282                 return arm_unregister(fi, req);
2283
2284         case RAW1394_REQ_ARM_SET_BUF:
2285                 return arm_set_buf(fi, req);
2286
2287         case RAW1394_REQ_ARM_GET_BUF:
2288                 return arm_get_buf(fi, req);
2289
2290         case RAW1394_REQ_RESET_NOTIFY:
2291                 return reset_notification(fi, req);
2292
2293         case RAW1394_REQ_ISO_LISTEN:
2294                 handle_iso_listen(fi, req);
2295                 return sizeof(struct raw1394_request);
2296
2297         case RAW1394_REQ_FCP_LISTEN:
2298                 handle_fcp_listen(fi, req);
2299                 return sizeof(struct raw1394_request);
2300
2301         case RAW1394_REQ_RESET_BUS:
2302                 if (req->req.misc == RAW1394_LONG_RESET) {
2303                         DBGMSG("busreset called (type: LONG)");
2304                         hpsb_reset_bus(fi->host, LONG_RESET);
2305                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2306                         return sizeof(struct raw1394_request);
2307                 }
2308                 if (req->req.misc == RAW1394_SHORT_RESET) {
2309                         DBGMSG("busreset called (type: SHORT)");
2310                         hpsb_reset_bus(fi->host, SHORT_RESET);
2311                         free_pending_request(req);      /* we have to free the request, because we queue no response, and therefore nobody will free it */
2312                         return sizeof(struct raw1394_request);
2313                 }
2314                 /* error EINVAL (22) invalid argument */
2315                 return (-EINVAL);
2316         case RAW1394_REQ_GET_ROM:
2317                 return get_config_rom(fi, req);
2318
2319         case RAW1394_REQ_UPDATE_ROM:
2320                 return update_config_rom(fi, req);
2321
2322         case RAW1394_REQ_MODIFY_ROM:
2323                 return modify_config_rom(fi, req);
2324         }
2325
2326         if (req->req.generation != get_hpsb_generation(fi->host)) {
2327                 req->req.error = RAW1394_ERROR_GENERATION;
2328                 req->req.generation = get_hpsb_generation(fi->host);
2329                 req->req.length = 0;
2330                 queue_complete_req(req);
2331                 return sizeof(struct raw1394_request);
2332         }
2333
2334         switch (req->req.type) {
2335         case RAW1394_REQ_PHYPACKET:
2336                 return write_phypacket(fi, req);
2337         case RAW1394_REQ_ASYNC_SEND:
2338                 return handle_async_send(fi, req);
2339         }
2340
2341         if (req->req.length == 0) {
2342                 req->req.error = RAW1394_ERROR_INVALID_ARG;
2343                 queue_complete_req(req);
2344                 return sizeof(struct raw1394_request);
2345         }
2346
2347         return handle_async_request(fi, req, node);
2348 }
2349
2350 static ssize_t raw1394_write(struct file *file, const char __user * buffer,
2351                              size_t count, loff_t * offset_is_ignored)
2352 {
2353         struct file_info *fi = (struct file_info *)file->private_data;
2354         struct pending_request *req;
2355         ssize_t retval = 0;
2356
2357 #ifdef CONFIG_COMPAT
2358         if (count == sizeof(struct compat_raw1394_req) &&
2359             sizeof(struct compat_raw1394_req) !=
2360                         sizeof(struct raw1394_request)) {
2361                 buffer = raw1394_compat_write(buffer);
2362                 if (IS_ERR(buffer))
2363                         return PTR_ERR(buffer);
2364         } else
2365 #endif
2366         if (count != sizeof(struct raw1394_request)) {
2367                 return -EINVAL;
2368         }
2369
2370         req = alloc_pending_request();
2371         if (req == NULL) {
2372                 return -ENOMEM;
2373         }
2374         req->file_info = fi;
2375
2376         if (copy_from_user(&req->req, buffer, sizeof(struct raw1394_request))) {
2377                 free_pending_request(req);
2378                 return -EFAULT;
2379         }
2380
2381         switch (fi->state) {
2382         case opened:
2383                 retval = state_opened(fi, req);
2384                 break;
2385
2386         case initialized:
2387                 retval = state_initialized(fi, req);
2388                 break;
2389
2390         case connected:
2391                 retval = state_connected(fi, req);
2392                 break;
2393         }
2394
2395         if (retval < 0) {
2396                 free_pending_request(req);
2397         }
2398
2399         return retval;
2400 }
2401
2402 /* rawiso operations */
2403
2404 /* check if any RAW1394_REQ_RAWISO_ACTIVITY event is already in the
2405  * completion queue (reqlists_lock must be taken) */
2406 static inline int __rawiso_event_in_queue(struct file_info *fi)
2407 {
2408         struct pending_request *req;
2409
2410         list_for_each_entry(req, &fi->req_complete, list)
2411             if (req->req.type == RAW1394_REQ_RAWISO_ACTIVITY)
2412                 return 1;
2413
2414         return 0;
2415 }
2416
2417 /* put a RAWISO_ACTIVITY event in the queue, if one isn't there already */
2418 static void queue_rawiso_event(struct file_info *fi)
2419 {
2420         unsigned long flags;
2421
2422         spin_lock_irqsave(&fi->reqlists_lock, flags);
2423
2424         /* only one ISO activity event may be in the queue */
2425         if (!__rawiso_event_in_queue(fi)) {
2426                 struct pending_request *req =
2427                     __alloc_pending_request(SLAB_ATOMIC);
2428
2429                 if (req) {
2430                         req->file_info = fi;
2431                         req->req.type = RAW1394_REQ_RAWISO_ACTIVITY;
2432                         req->req.generation = get_hpsb_generation(fi->host);
2433                         __queue_complete_req(req);
2434                 } else {
2435                         /* on allocation failure, signal an overflow */
2436                         if (fi->iso_handle) {
2437                                 atomic_inc(&fi->iso_handle->overflows);
2438                         }
2439                 }
2440         }
2441         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2442 }
2443
2444 static void rawiso_activity_cb(struct hpsb_iso *iso)
2445 {
2446         unsigned long flags;
2447         struct host_info *hi;
2448         struct file_info *fi;
2449
2450         spin_lock_irqsave(&host_info_lock, flags);
2451         hi = find_host_info(iso->host);
2452
2453         if (hi != NULL) {
2454                 list_for_each_entry(fi, &hi->file_info_list, list) {
2455                         if (fi->iso_handle == iso)
2456                                 queue_rawiso_event(fi);
2457                 }
2458         }
2459
2460         spin_unlock_irqrestore(&host_info_lock, flags);
2461 }
2462
2463 /* helper function - gather all the kernel iso status bits for returning to user-space */
2464 static void raw1394_iso_fill_status(struct hpsb_iso *iso,
2465                                     struct raw1394_iso_status *stat)
2466 {
2467         stat->config.data_buf_size = iso->buf_size;
2468         stat->config.buf_packets = iso->buf_packets;
2469         stat->config.channel = iso->channel;
2470         stat->config.speed = iso->speed;
2471         stat->config.irq_interval = iso->irq_interval;
2472         stat->n_packets = hpsb_iso_n_ready(iso);
2473         stat->overflows = atomic_read(&iso->overflows);
2474         stat->xmit_cycle = iso->xmit_cycle;
2475 }
2476
2477 static int raw1394_iso_xmit_init(struct file_info *fi, void __user * uaddr)
2478 {
2479         struct raw1394_iso_status stat;
2480
2481         if (!fi->host)
2482                 return -EINVAL;
2483
2484         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2485                 return -EFAULT;
2486
2487         fi->iso_handle = hpsb_iso_xmit_init(fi->host,
2488                                             stat.config.data_buf_size,
2489                                             stat.config.buf_packets,
2490                                             stat.config.channel,
2491                                             stat.config.speed,
2492                                             stat.config.irq_interval,
2493                                             rawiso_activity_cb);
2494         if (!fi->iso_handle)
2495                 return -ENOMEM;
2496
2497         fi->iso_state = RAW1394_ISO_XMIT;
2498
2499         raw1394_iso_fill_status(fi->iso_handle, &stat);
2500         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2501                 return -EFAULT;
2502
2503         /* queue an event to get things started */
2504         rawiso_activity_cb(fi->iso_handle);
2505
2506         return 0;
2507 }
2508
2509 static int raw1394_iso_recv_init(struct file_info *fi, void __user * uaddr)
2510 {
2511         struct raw1394_iso_status stat;
2512
2513         if (!fi->host)
2514                 return -EINVAL;
2515
2516         if (copy_from_user(&stat, uaddr, sizeof(stat)))
2517                 return -EFAULT;
2518
2519         fi->iso_handle = hpsb_iso_recv_init(fi->host,
2520                                             stat.config.data_buf_size,
2521                                             stat.config.buf_packets,
2522                                             stat.config.channel,
2523                                             stat.config.dma_mode,
2524                                             stat.config.irq_interval,
2525                                             rawiso_activity_cb);
2526         if (!fi->iso_handle)
2527                 return -ENOMEM;
2528
2529         fi->iso_state = RAW1394_ISO_RECV;
2530
2531         raw1394_iso_fill_status(fi->iso_handle, &stat);
2532         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2533                 return -EFAULT;
2534         return 0;
2535 }
2536
2537 static int raw1394_iso_get_status(struct file_info *fi, void __user * uaddr)
2538 {
2539         struct raw1394_iso_status stat;
2540         struct hpsb_iso *iso = fi->iso_handle;
2541
2542         raw1394_iso_fill_status(fi->iso_handle, &stat);
2543         if (copy_to_user(uaddr, &stat, sizeof(stat)))
2544                 return -EFAULT;
2545
2546         /* reset overflow counter */
2547         atomic_set(&iso->overflows, 0);
2548
2549         return 0;
2550 }
2551
2552 /* copy N packet_infos out of the ringbuffer into user-supplied array */
2553 static int raw1394_iso_recv_packets(struct file_info *fi, void __user * uaddr)
2554 {
2555         struct raw1394_iso_packets upackets;
2556         unsigned int packet = fi->iso_handle->first_packet;
2557         int i;
2558
2559         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2560                 return -EFAULT;
2561
2562         if (upackets.n_packets > hpsb_iso_n_ready(fi->iso_handle))
2563                 return -EINVAL;
2564
2565         /* ensure user-supplied buffer is accessible and big enough */
2566         if (!access_ok(VERIFY_WRITE, upackets.infos,
2567                        upackets.n_packets *
2568                        sizeof(struct raw1394_iso_packet_info)))
2569                 return -EFAULT;
2570
2571         /* copy the packet_infos out */
2572         for (i = 0; i < upackets.n_packets; i++) {
2573                 if (__copy_to_user(&upackets.infos[i],
2574                                    &fi->iso_handle->infos[packet],
2575                                    sizeof(struct raw1394_iso_packet_info)))
2576                         return -EFAULT;
2577
2578                 packet = (packet + 1) % fi->iso_handle->buf_packets;
2579         }
2580
2581         return 0;
2582 }
2583
2584 /* copy N packet_infos from user to ringbuffer, and queue them for transmission */
2585 static int raw1394_iso_send_packets(struct file_info *fi, void __user * uaddr)
2586 {
2587         struct raw1394_iso_packets upackets;
2588         int i, rv;
2589
2590         if (copy_from_user(&upackets, uaddr, sizeof(upackets)))
2591                 return -EFAULT;
2592
2593         if (upackets.n_packets >= fi->iso_handle->buf_packets)
2594                 return -EINVAL;
2595
2596         if (upackets.n_packets >= hpsb_iso_n_ready(fi->iso_handle))
2597                 return -EAGAIN;
2598
2599         /* ensure user-supplied buffer is accessible and big enough */
2600         if (!access_ok(VERIFY_READ, upackets.infos,
2601                        upackets.n_packets *
2602                        sizeof(struct raw1394_iso_packet_info)))
2603                 return -EFAULT;
2604
2605         /* copy the infos structs in and queue the packets */
2606         for (i = 0; i < upackets.n_packets; i++) {
2607                 struct raw1394_iso_packet_info info;
2608
2609                 if (__copy_from_user(&info, &upackets.infos[i],
2610                                      sizeof(struct raw1394_iso_packet_info)))
2611                         return -EFAULT;
2612
2613                 rv = hpsb_iso_xmit_queue_packet(fi->iso_handle, info.offset,
2614                                                 info.len, info.tag, info.sy);
2615                 if (rv)
2616                         return rv;
2617         }
2618
2619         return 0;
2620 }
2621
2622 static void raw1394_iso_shutdown(struct file_info *fi)
2623 {
2624         if (fi->iso_handle)
2625                 hpsb_iso_shutdown(fi->iso_handle);
2626
2627         fi->iso_handle = NULL;
2628         fi->iso_state = RAW1394_ISO_INACTIVE;
2629 }
2630
2631 /* mmap the rawiso xmit/recv buffer */
2632 static int raw1394_mmap(struct file *file, struct vm_area_struct *vma)
2633 {
2634         struct file_info *fi = file->private_data;
2635
2636         if (fi->iso_state == RAW1394_ISO_INACTIVE)
2637                 return -EINVAL;
2638
2639         return dma_region_mmap(&fi->iso_handle->data_buf, file, vma);
2640 }
2641
2642 /* ioctl is only used for rawiso operations */
2643 static int raw1394_ioctl(struct inode *inode, struct file *file,
2644                          unsigned int cmd, unsigned long arg)
2645 {
2646         struct file_info *fi = file->private_data;
2647         void __user *argp = (void __user *)arg;
2648
2649         switch (fi->iso_state) {
2650         case RAW1394_ISO_INACTIVE:
2651                 switch (cmd) {
2652                 case RAW1394_IOC_ISO_XMIT_INIT:
2653                         return raw1394_iso_xmit_init(fi, argp);
2654                 case RAW1394_IOC_ISO_RECV_INIT:
2655                         return raw1394_iso_recv_init(fi, argp);
2656                 default:
2657                         break;
2658                 }
2659                 break;
2660         case RAW1394_ISO_RECV:
2661                 switch (cmd) {
2662                 case RAW1394_IOC_ISO_RECV_START:{
2663                                 /* copy args from user-space */
2664                                 int args[3];
2665                                 if (copy_from_user
2666                                     (&args[0], argp, sizeof(args)))
2667                                         return -EFAULT;
2668                                 return hpsb_iso_recv_start(fi->iso_handle,
2669                                                            args[0], args[1],
2670                                                            args[2]);
2671                         }
2672                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2673                         hpsb_iso_stop(fi->iso_handle);
2674                         return 0;
2675                 case RAW1394_IOC_ISO_RECV_LISTEN_CHANNEL:
2676                         return hpsb_iso_recv_listen_channel(fi->iso_handle,
2677                                                             arg);
2678                 case RAW1394_IOC_ISO_RECV_UNLISTEN_CHANNEL:
2679                         return hpsb_iso_recv_unlisten_channel(fi->iso_handle,
2680                                                               arg);
2681                 case RAW1394_IOC_ISO_RECV_SET_CHANNEL_MASK:{
2682                                 /* copy the u64 from user-space */
2683                                 u64 mask;
2684                                 if (copy_from_user(&mask, argp, sizeof(mask)))
2685                                         return -EFAULT;
2686                                 return hpsb_iso_recv_set_channel_mask(fi->
2687                                                                       iso_handle,
2688                                                                       mask);
2689                         }
2690                 case RAW1394_IOC_ISO_GET_STATUS:
2691                         return raw1394_iso_get_status(fi, argp);
2692                 case RAW1394_IOC_ISO_RECV_PACKETS:
2693                         return raw1394_iso_recv_packets(fi, argp);
2694                 case RAW1394_IOC_ISO_RECV_RELEASE_PACKETS:
2695                         return hpsb_iso_recv_release_packets(fi->iso_handle,
2696                                                              arg);
2697                 case RAW1394_IOC_ISO_RECV_FLUSH:
2698                         return hpsb_iso_recv_flush(fi->iso_handle);
2699                 case RAW1394_IOC_ISO_SHUTDOWN:
2700                         raw1394_iso_shutdown(fi);
2701                         return 0;
2702                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2703                         queue_rawiso_event(fi);
2704                         return 0;
2705                 }
2706                 break;
2707         case RAW1394_ISO_XMIT:
2708                 switch (cmd) {
2709                 case RAW1394_IOC_ISO_XMIT_START:{
2710                                 /* copy two ints from user-space */
2711                                 int args[2];
2712                                 if (copy_from_user
2713                                     (&args[0], argp, sizeof(args)))
2714                                         return -EFAULT;
2715                                 return hpsb_iso_xmit_start(fi->iso_handle,
2716                                                            args[0], args[1]);
2717                         }
2718                 case RAW1394_IOC_ISO_XMIT_SYNC:
2719                         return hpsb_iso_xmit_sync(fi->iso_handle);
2720                 case RAW1394_IOC_ISO_XMIT_RECV_STOP:
2721                         hpsb_iso_stop(fi->iso_handle);
2722                         return 0;
2723                 case RAW1394_IOC_ISO_GET_STATUS:
2724                         return raw1394_iso_get_status(fi, argp);
2725                 case RAW1394_IOC_ISO_XMIT_PACKETS:
2726                         return raw1394_iso_send_packets(fi, argp);
2727                 case RAW1394_IOC_ISO_SHUTDOWN:
2728                         raw1394_iso_shutdown(fi);
2729                         return 0;
2730                 case RAW1394_IOC_ISO_QUEUE_ACTIVITY:
2731                         queue_rawiso_event(fi);
2732                         return 0;
2733                 }
2734                 break;
2735         default:
2736                 break;
2737         }
2738
2739         return -EINVAL;
2740 }
2741
2742 static unsigned int raw1394_poll(struct file *file, poll_table * pt)
2743 {
2744         struct file_info *fi = file->private_data;
2745         unsigned int mask = POLLOUT | POLLWRNORM;
2746         unsigned long flags;
2747
2748         poll_wait(file, &fi->poll_wait_complete, pt);
2749
2750         spin_lock_irqsave(&fi->reqlists_lock, flags);
2751         if (!list_empty(&fi->req_complete)) {
2752                 mask |= POLLIN | POLLRDNORM;
2753         }
2754         spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2755
2756         return mask;
2757 }
2758
2759 static int raw1394_open(struct inode *inode, struct file *file)
2760 {
2761         struct file_info *fi;
2762
2763         fi = kzalloc(sizeof(*fi), SLAB_KERNEL);
2764         if (!fi)
2765                 return -ENOMEM;
2766
2767         fi->notification = (u8) RAW1394_NOTIFY_ON;      /* busreset notification */
2768
2769         INIT_LIST_HEAD(&fi->list);
2770         fi->state = opened;
2771         INIT_LIST_HEAD(&fi->req_pending);
2772         INIT_LIST_HEAD(&fi->req_complete);
2773         sema_init(&fi->complete_sem, 0);
2774         spin_lock_init(&fi->reqlists_lock);
2775         init_waitqueue_head(&fi->poll_wait_complete);
2776         INIT_LIST_HEAD(&fi->addr_list);
2777
2778         file->private_data = fi;
2779
2780         return 0;
2781 }
2782
2783 static int raw1394_release(struct inode *inode, struct file *file)
2784 {
2785         struct file_info *fi = file->private_data;
2786         struct list_head *lh;
2787         struct pending_request *req;
2788         int done = 0, i, fail = 0;
2789         int retval = 0;
2790         struct list_head *entry;
2791         struct arm_addr *addr = NULL;
2792         struct host_info *hi;
2793         struct file_info *fi_hlp = NULL;
2794         struct arm_addr *arm_addr = NULL;
2795         int another_host;
2796         int csr_mod = 0;
2797         unsigned long flags;
2798
2799         if (fi->iso_state != RAW1394_ISO_INACTIVE)
2800                 raw1394_iso_shutdown(fi);
2801
2802         for (i = 0; i < 64; i++) {
2803                 if (fi->listen_channels & (1ULL << i)) {
2804                         hpsb_unlisten_channel(&raw1394_highlevel, fi->host, i);
2805                 }
2806         }
2807
2808         spin_lock_irqsave(&host_info_lock, flags);
2809         fi->listen_channels = 0;
2810
2811         fail = 0;
2812         /* set address-entries invalid */
2813
2814         while (!list_empty(&fi->addr_list)) {
2815                 another_host = 0;
2816                 lh = fi->addr_list.next;
2817                 addr = list_entry(lh, struct arm_addr, addr_list);
2818                 /* another host with valid address-entry containing
2819                    same addressrange? */
2820                 list_for_each_entry(hi, &host_info_list, list) {
2821                         if (hi->host != fi->host) {
2822                                 list_for_each_entry(fi_hlp, &hi->file_info_list,
2823                                                     list) {
2824                                         entry = fi_hlp->addr_list.next;
2825                                         while (entry != &(fi_hlp->addr_list)) {
2826                                                 arm_addr = list_entry(entry, struct
2827                                                                       arm_addr,
2828                                                                       addr_list);
2829                                                 if (arm_addr->start ==
2830                                                     addr->start) {
2831                                                         DBGMSG
2832                                                             ("raw1394_release: "
2833                                                              "another host ownes "
2834                                                              "same addressrange");
2835                                                         another_host = 1;
2836                                                         break;
2837                                                 }
2838                                                 entry = entry->next;
2839                                         }
2840                                         if (another_host) {
2841                                                 break;
2842                                         }
2843                                 }
2844                         }
2845                 }
2846                 if (!another_host) {
2847                         DBGMSG("raw1394_release: call hpsb_arm_unregister");
2848                         retval =
2849                             hpsb_unregister_addrspace(&raw1394_highlevel,
2850                                                       fi->host, addr->start);
2851                         if (!retval) {
2852                                 ++fail;
2853                                 printk(KERN_ERR
2854                                        "raw1394_release arm_Unregister failed\n");
2855                         }
2856                 }
2857                 DBGMSG("raw1394_release: delete addr_entry from list");
2858                 list_del(&addr->addr_list);
2859                 vfree(addr->addr_space_buffer);
2860                 kfree(addr);
2861         }                       /* while */
2862         spin_unlock_irqrestore(&host_info_lock, flags);
2863         if (fail > 0) {
2864                 printk(KERN_ERR "raw1394: during addr_list-release "
2865                        "error(s) occurred \n");
2866         }
2867
2868         while (!done) {
2869                 spin_lock_irqsave(&fi->reqlists_lock, flags);
2870
2871                 while (!list_empty(&fi->req_complete)) {
2872                         lh = fi->req_complete.next;
2873                         list_del(lh);
2874
2875                         req = list_entry(lh, struct pending_request, list);
2876
2877                         free_pending_request(req);
2878                 }
2879
2880                 if (list_empty(&fi->req_pending))
2881                         done = 1;
2882
2883                 spin_unlock_irqrestore(&fi->reqlists_lock, flags);
2884
2885                 if (!done)
2886                         down_interruptible(&fi->complete_sem);
2887         }
2888
2889         /* Remove any sub-trees left by user space programs */
2890         for (i = 0; i < RAW1394_MAX_USER_CSR_DIRS; i++) {
2891                 struct csr1212_dentry *dentry;
2892                 if (!fi->csr1212_dirs[i])
2893                         continue;
2894                 for (dentry =
2895                      fi->csr1212_dirs[i]->value.directory.dentries_head; dentry;
2896                      dentry = dentry->next) {
2897                         csr1212_detach_keyval_from_directory(fi->host->csr.rom->
2898                                                              root_kv,
2899                                                              dentry->kv);
2900                 }
2901                 csr1212_release_keyval(fi->csr1212_dirs[i]);
2902                 fi->csr1212_dirs[i] = NULL;
2903                 csr_mod = 1;
2904         }
2905
2906         if ((csr_mod || fi->cfgrom_upd)
2907             && hpsb_update_config_rom_image(fi->host) < 0)
2908                 HPSB_ERR
2909                     ("Failed to generate Configuration ROM image for host %d",
2910                      fi->host->id);
2911
2912         if (fi->state == connected) {
2913                 spin_lock_irqsave(&host_info_lock, flags);
2914                 list_del(&fi->list);
2915                 spin_unlock_irqrestore(&host_info_lock, flags);
2916
2917                 put_device(&fi->host->device);
2918         }
2919
2920         kfree(fi);
2921
2922         return 0;
2923 }
2924
2925 /*** HOTPLUG STUFF **********************************************************/
2926 /*
2927  * Export information about protocols/devices supported by this driver.
2928  */
2929 static struct ieee1394_device_id raw1394_id_table[] = {
2930         {
2931          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2932          .specifier_id = AVC_UNIT_SPEC_ID_ENTRY & 0xffffff,
2933          .version = AVC_SW_VERSION_ENTRY & 0xffffff},
2934         {
2935          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2936          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2937          .version = CAMERA_SW_VERSION_ENTRY & 0xffffff},
2938         {
2939          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2940          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2941          .version = (CAMERA_SW_VERSION_ENTRY + 1) & 0xffffff},
2942         {
2943          .match_flags = IEEE1394_MATCH_SPECIFIER_ID | IEEE1394_MATCH_VERSION,
2944          .specifier_id = CAMERA_UNIT_SPEC_ID_ENTRY & 0xffffff,
2945          .version = (CAMERA_SW_VERSION_ENTRY + 2) & 0xffffff},
2946         {}
2947 };
2948
2949 MODULE_DEVICE_TABLE(ieee1394, raw1394_id_table);
2950
2951 static struct hpsb_protocol_driver raw1394_driver = {
2952         .name = "raw1394 Driver",
2953         .id_table = raw1394_id_table,
2954         .driver = {
2955                    .name = "raw1394",
2956                    .bus = &ieee1394_bus_type,
2957                    },
2958 };
2959
2960 /******************************************************************************/
2961
2962 static struct hpsb_highlevel raw1394_highlevel = {
2963         .name = RAW1394_DEVICE_NAME,
2964         .add_host = add_host,
2965         .remove_host = remove_host,
2966         .host_reset = host_reset,
2967         .iso_receive = iso_receive,
2968         .fcp_request = fcp_request,
2969 };
2970
2971 static struct cdev raw1394_cdev;
2972 static struct file_operations raw1394_fops = {
2973         .owner = THIS_MODULE,
2974         .read = raw1394_read,
2975         .write = raw1394_write,
2976         .mmap = raw1394_mmap,
2977         .ioctl = raw1394_ioctl,
2978         // .compat_ioctl = ... someone needs to do this
2979         .poll = raw1394_poll,
2980         .open = raw1394_open,
2981         .release = raw1394_release,
2982 };
2983
2984 static int __init init_raw1394(void)
2985 {
2986         int ret = 0;
2987
2988         hpsb_register_highlevel(&raw1394_highlevel);
2989
2990         if (IS_ERR
2991             (class_device_create
2992              (hpsb_protocol_class, NULL,
2993               MKDEV(IEEE1394_MAJOR, IEEE1394_MINOR_BLOCK_RAW1394 * 16), NULL,
2994               RAW1394_DEVICE_NAME))) {
2995                 ret = -EFAULT;
2996                 goto out_unreg;
2997         }
2998
2999         cdev_init(&raw1394_cdev, &raw1394_fops);
3000         raw1394_cdev.owner = THIS_MODULE;
3001         kobject_set_name(&raw1394_cdev.kobj, RAW1394_DEVICE_NAME);
3002         ret = cdev_add(&raw1394_cdev, IEEE1394_RAW1394_DEV, 1);
3003         if (ret) {
3004                 HPSB_ERR("raw1394 failed to register minor device block");
3005                 goto out_dev;
3006         }
3007
3008         HPSB_INFO("raw1394: /dev/%s device initialized", RAW1394_DEVICE_NAME);
3009
3010         ret = hpsb_register_protocol(&raw1394_driver);
3011         if (ret) {
3012                 HPSB_ERR("raw1394: failed to register protocol");
3013                 cdev_del(&raw1394_cdev);
3014                 goto out_dev;
3015         }
3016
3017         goto out;
3018
3019       out_dev:
3020         class_device_destroy(hpsb_protocol_class,
3021                              MKDEV(IEEE1394_MAJOR,
3022                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3023       out_unreg:
3024         hpsb_unregister_highlevel(&raw1394_highlevel);
3025       out:
3026         return ret;
3027 }
3028
3029 static void __exit cleanup_raw1394(void)
3030 {
3031         class_device_destroy(hpsb_protocol_class,
3032                              MKDEV(IEEE1394_MAJOR,
3033                                    IEEE1394_MINOR_BLOCK_RAW1394 * 16));
3034         cdev_del(&raw1394_cdev);
3035         hpsb_unregister_highlevel(&raw1394_highlevel);
3036         hpsb_unregister_protocol(&raw1394_driver);
3037 }
3038
3039 module_init(init_raw1394);
3040 module_exit(cleanup_raw1394);
3041 MODULE_LICENSE("GPL");